Document the aspa-set table. While there remove the superfluous 'allow'

keyword.
OK tb@

diff --git a/usr.sbin/bgpd/bgpd.conf.5 b/usr.sbin/bgpd/bgpd.conf.5
index edd429a..dd0656b 100644 (file)
--- a/usr.sbin/bgpd/bgpd.conf.5
+++ b/usr.sbin/bgpd/bgpd.conf.5
@@ -1,4 +1,4 @@
-.\" $OpenBSD: bgpd.conf.5,v 1.228 2023/01/04 14:33:30 claudio Exp $
+.\" $OpenBSD: bgpd.conf.5,v 1.229 2023/01/20 15:41:33 claudio Exp $
 .\"
 .\" Copyright (c) 2004 Claudio Jeker <claudio@openbsd.org>
 .\" Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org>
@@ -16,7 +16,7 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.Dd $Mdocdate: January 4 2023 $
+.Dd $Mdocdate: January 20 2023 $
 .Dt BGPD.CONF 5
 .Os
 .Sh NAME
@@ -426,12 +426,16 @@ may be defined, against which
 will validate the origin of each prefix.
 The
 .Ic roa-set
-is merged with the tables received via
+and the
+.Ic aspa-set
+are merged with the corresponding tables received via
 .Ic rtr
 sessions.
 .Pp
 A set definition can span multiple lines, and an optional comma is allowed
 between elements.
+The same set can be defined more than once, in this case the definitions are
+merged into one common set.
 .Pp
 .Bl -tag -width Ds -compact
 .It Xo
@@ -445,6 +449,30 @@ stores AS numbers, and can be used with the AS specific parameter in
 rules.
 .Pp
 .It Xo
+.Ic aspa-set
+.Ic { Ic customer-as Ar as-number
+.Op Ic expires Ar seconds
+.Ic provider-as Ic { Ar as-number
+.Op Ic inet Ns | Ns Ic inet6
+.Ic ... Ic } ... Ic }
+.Xc
+The
+.Ic aspa-set
+holds a collection of
+.Em Validated ASPA Payloads Pq VAPs .
+Each as AS_PATH received from an eBGP peer is checked against the
+.Ic aspa-set ,
+and the ASPA Validation State (AVS) is set.
+.Ic expires
+can be set to the seconds since Epoch until when this VAP is valid.
+.Bd -literal -offset indent
+roa-set {
+       customer-as 64511 provider-as { 64496 65496 }
+       customer-as 64496 provider-as { 65496 64544 }
+}
+.Ed
+.Pp
+.It Xo
 .Ic origin-set Ar name
 .Ic { Ar address Ns Li / Ns Ar len Ic maxlen Ar mlen Ic source-as Ar asn ... Ic }
 .Xc

diff --git a/usr.sbin/bgpd/parse.y b/usr.sbin/bgpd/parse.y
index 5d3d002..5c96dab 100644 (file)
--- a/usr.sbin/bgpd/parse.y
+++ b/usr.sbin/bgpd/parse.y
@@ -1,4 +1,4 @@
-/*     $OpenBSD: parse.y,v 1.438 2023/01/04 14:33:30 claudio Exp $ */
+/*     $OpenBSD: parse.y,v 1.439 2023/01/20 15:41:33 claudio Exp $ */
 
 /*
  * Copyright (c) 2002, 2003, 2004 Henning Brauer <henning@openbsd.org>
@@ -636,11 +636,11 @@ aspa_tas  : as4number_any {
                        $$->aid = AID_UNSPEC;
                        $$->num = 1;
                }
-               | as4number_any ALLOW family {
+               | as4number_any family {
                        if (($$ = calloc(1, sizeof(*$$))) == NULL)
                                fatal(NULL);
                        $$->as = $1;
-                       $$->aid = $3;
+                       $$->aid = $2;
                        $$->num = 1;
                }
                ;

diff --git a/usr.sbin/bgpd/printconf.c b/usr.sbin/bgpd/printconf.c
index cdb408f..cfa2bda 100644 (file)
--- a/usr.sbin/bgpd/printconf.c
+++ b/usr.sbin/bgpd/printconf.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: printconf.c,v 1.161 2023/01/04 14:33:30 claudio Exp $ */
+/*     $OpenBSD: printconf.c,v 1.162 2023/01/20 15:41:33 claudio Exp $ */
 
 /*
  * Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org>
@@ -609,9 +609,8 @@ print_aspa(struct aspa_tree *a)
                printf(" provider-as { ");
                for (i = 0; i < aspa->num; i++) {
                        printf("%s ", log_as(aspa->tas[i]));
-                       if (aspa->tas_aid != NULL &&
-                           aspa->tas_aid[i] != AID_UNSPEC)
-                               printf("allow %s ", print_af(aspa->tas_aid[i]));
+                       if (aspa->tas_aid[i] != AID_UNSPEC)
+                               printf("%s ", print_af(aspa->tas_aid[i]));
                }
                printf("}");
        }