-.\" $OpenBSD: bgpd.conf.5,v 1.229 2023/01/20 15:41:33 claudio Exp $
+.\" $OpenBSD: bgpd.conf.5,v 1.230 2023/01/24 14:13:11 claudio Exp $
.\"
.\" Copyright (c) 2004 Claudio Jeker <claudio@openbsd.org>
.\" Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org>
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
-.Dd $Mdocdate: January 20 2023 $
+.Dd $Mdocdate: January 24 2023 $
.Dt BGPD.CONF 5
.Os
.Sh NAME
.Ed
.Pp
.It Xo
+.Ic avs
+.Pq Ic valid | unknown | invalid
+.Xc
+This rule applies only to
+.Em UPDATES
+where the ASPA Validation State (AVS) matches.
+.Pp
+.It Xo
.Ic community
.Ar as-number Ns Li \&: Ns Ar local
.Xc
-/* $OpenBSD: bgpd.h,v 1.459 2023/01/24 11:28:41 claudio Exp $ */
+/* $OpenBSD: bgpd.h,v 1.460 2023/01/24 14:13:11 claudio Exp $ */
/*
* Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org>
#define F_CTL_OVS_NOTFOUND 0x200000
#define F_CTL_NEIGHBORS 0x400000 /* only used by bgpctl */
#define F_CTL_HAS_PATHID 0x800000 /* only set on requests */
+#define F_CTL_AVS_VALID 0x1000000
+#define F_CTL_AVS_INVALID 0x2000000
+#define F_CTL_AVS_UNKNOWN 0x4000000
#define CTASSERT(x) extern char _ctassert[(x) ? 1 : -1 ] \
__attribute__((__unused__))
struct rde_prefixset *ps;
};
-struct filter_ovs {
+struct filter_vs {
uint8_t validity;
uint8_t is_set;
};
struct community community[MAX_COMM_MATCH];
struct filter_prefixset prefixset;
struct filter_originset originset;
- struct filter_ovs ovs;
+ struct filter_vs ovs;
+ struct filter_vs avs;
int maxcomm;
int maxextcomm;
int maxlargecomm;
-/* $OpenBSD: parse.y,v 1.439 2023/01/20 15:41:33 claudio Exp $ */
+/* $OpenBSD: parse.y,v 1.440 2023/01/24 14:13:11 claudio Exp $ */
/*
* Copyright (c) 2002, 2003, 2004 Henning Brauer <henning@openbsd.org>
%token COMMUNITY EXTCOMMUNITY LARGECOMMUNITY DELETE
%token MAXCOMMUNITIES MAXEXTCOMMUNITIES MAXLARGECOMMUNITIES
%token PREFIX PREFIXLEN PREFIXSET
-%token ASPASET ROASET ORIGINSET OVS EXPIRES
+%token ASPASET ROASET ORIGINSET OVS AVS EXPIRES
%token ASSET SOURCEAS TRANSITAS PEERAS PROVIDERAS CUSTOMERAS MAXASLEN MAXASSEQ
%token SET LOCALPREF MED METRIC NEXTHOP REJECT BLACKHOLE NOMODIFY SELF
%token PREPEND_SELF PREPEND_PEER PFTABLE WEIGHT RTLABEL ORIGIN PRIORITY
%token <v.number> NUMBER
%type <v.number> asnumber as4number as4number_any optnumber
%type <v.number> espah family safi restart origincode nettype
-%type <v.number> yesno inout restricted validity expires enforce
+%type <v.number> yesno inout restricted expires enforce
+%type <v.number> validity aspa_validity
%type <v.number> addpathextra addpathmax
%type <v.string> string
%type <v.addr> address
fmopts.m.ovs.validity = $2;
fmopts.m.ovs.is_set = 1;
}
+ | AVS aspa_validity {
+ if (fmopts.m.avs.is_set) {
+ yyerror("avs filter already specified");
+ YYERROR;
+ }
+ fmopts.m.avs.validity = $2;
+ fmopts.m.avs.is_set = 1;
+ }
;
prefixlenop : /* empty */ { memset(&$$, 0, sizeof($$)); }
else if (!strcmp($1, "valid"))
$$ = ROA_VALID;
else {
- yyerror("unknown validity \"%s\"", $1);
+ yyerror("unknown roa validity \"%s\"", $1);
+ free($1);
+ YYERROR;
+ }
+ free($1);
+ };
+
+aspa_validity : STRING {
+ if (!strcmp($1, "unknown"))
+ $$ = ASPA_UNKNOWN;
+ else if (!strcmp($1, "invalid"))
+ $$ = ASPA_INVALID;
+ else if (!strcmp($1, "valid"))
+ $$ = ASPA_VALID;
+ else {
+ yyerror("unknown aspa validity \"%s\"", $1);
free($1);
YYERROR;
}
{ "as-override", ASOVERRIDE},
{ "as-set", ASSET },
{ "aspa-set", ASPASET},
+ { "avs", AVS},
{ "blackhole", BLACKHOLE},
{ "capabilities", CAPABILITIES},
{ "community", COMMUNITY},
-/* $OpenBSD: printconf.c,v 1.162 2023/01/20 15:41:33 claudio Exp $ */
+/* $OpenBSD: printconf.c,v 1.163 2023/01/24 14:13:12 claudio Exp $ */
/*
* Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org>
}
}
+ if (r->match.avs.is_set) {
+ switch (r->match.avs.validity) {
+ case ASPA_VALID:
+ printf("avs valid ");
+ break;
+ case ASPA_INVALID:
+ printf("avs invalid ");
+ break;
+ case ASPA_UNKNOWN:
+ printf("avs unknown ");
+ break;
+ default:
+ printf("avs ??? %d ??? ", r->match.avs.validity);
+ }
+ }
+
if (r->match.prefix.addr.aid != AID_UNSPEC) {
printf("prefix ");
print_prefix(&r->match.prefix);
-/* $OpenBSD: rde.c,v 1.590 2023/01/24 11:28:41 claudio Exp $ */
+/* $OpenBSD: rde.c,v 1.591 2023/01/24 14:13:12 claudio Exp $ */
/*
* Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org>
static void network_flush_upcall(struct rib_entry *, void *);
void rde_shutdown(void);
-int ovs_match(struct prefix *, uint32_t);
+static int ovs_match(struct prefix *, uint32_t);
+static int avs_match(struct prefix *, uint32_t);
static struct imsgbuf *ibuf_se;
static struct imsgbuf *ibuf_se_ctl;
}
if (!ovs_match(p, req->flags))
return;
+ if (!avs_match(p, req->flags))
+ return;
rde_dump_rib_as(p, asp, req->pid, req->flags, adjout);
}
return (r & ROA_MASK);
}
-int
+static int
ovs_match(struct prefix *p, uint32_t flag)
{
if (flag & (F_CTL_OVS_VALID|F_CTL_OVS_INVALID|F_CTL_OVS_NOTFOUND)) {
return 1;
}
+
+static int
+avs_match(struct prefix *p, uint32_t flag)
+{
+ if (flag & (F_CTL_AVS_VALID|F_CTL_AVS_INVALID|F_CTL_AVS_UNKNOWN)) {
+ switch (prefix_aspa_vstate(p) & ASPA_MASK) {
+ case ASPA_VALID:
+ if (!(flag & F_CTL_AVS_VALID))
+ return 0;
+ break;
+ case ASPA_INVALID:
+ if (!(flag & F_CTL_AVS_INVALID))
+ return 0;
+ break;
+ case ASPA_UNKNOWN:
+ if (!(flag & F_CTL_AVS_UNKNOWN))
+ return 0;
+ break;
+ default:
+ break;
+ }
+ }
+
+ return 1;
+}
-/* $OpenBSD: rde_filter.c,v 1.132 2023/01/24 11:28:41 claudio Exp $ */
+/* $OpenBSD: rde_filter.c,v 1.133 2023/01/24 14:13:12 claudio Exp $ */
/*
* Copyright (c) 2004 Claudio Jeker <claudio@openbsd.org>
return (0);
}
+ if (f->match.avs.is_set) {
+ if (((state->vstate >> 4) & ASPA_MASK) != f->match.avs.validity)
+ return (0);
+ }
+
if (asp != NULL && f->match.as.type != AS_UNDEF) {
if (aspath_match(asp->aspath, &f->match.as,
peer->conf.remote_as) == 0)
projects / openbsd / commitdiff