[mirror_frr.git] / bgpd / bgp_flowspec_vty.c

/* BGP FlowSpec VTY
 * Copyright (C) 2018 6WIND
 *
 * FRRouting is free software; you can redistribute it and/or modify it
 * under the terms of the GNU General Public License as published by the
 * Free Software Foundation; either version 2, or (at your option) any
 * later version.
 *
 * FRRouting is distributed in the hope that it will be useful, but
 * WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 * General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License along
 * with this program; see the file COPYING; if not, write to the Free Software
 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
 */

#include <zebra.h>
#include "command.h"

#include "bgpd/bgpd.h"
#include "bgpd/bgp_table.h"
#include "bgpd/bgp_attr.h"
#include "bgpd/bgp_ecommunity.h"
#include "bgpd/bgp_vty.h"
#include "bgpd/bgp_route.h"
#include "bgpd/bgp_aspath.h"
#include "bgpd/bgp_flowspec.h"
#include "bgpd/bgp_flowspec_util.h"
#include "bgpd/bgp_flowspec_private.h"
#include "bgpd/bgp_debug.h"
#include "bgpd/bgp_pbr.h"

/* Local Structures and variables declarations
 * This code block hosts the struct declared that host the flowspec rules
 * as well as some structure used to convert to stringx
 */

static const struct message bgp_flowspec_display_large[] = {
	{FLOWSPEC_DEST_PREFIX, "Destination Address"},
	{FLOWSPEC_SRC_PREFIX, "Source Address"},
	{FLOWSPEC_IP_PROTOCOL, "IP Protocol"},
	{FLOWSPEC_PORT, "Port"},
	{FLOWSPEC_DEST_PORT, "Destination Port"},
	{FLOWSPEC_SRC_PORT, "Source Port"},
	{FLOWSPEC_ICMP_TYPE, "ICMP Type"},
	{FLOWSPEC_ICMP_CODE, "ICMP Code"},
	{FLOWSPEC_TCP_FLAGS, "TCP Flags"},
	{FLOWSPEC_PKT_LEN, "Packet Length"},
	{FLOWSPEC_DSCP, "DSCP field"},
	{FLOWSPEC_FRAGMENT, "Packet Fragment"},
	{FLOWSPEC_FLOW_LABEL, "Packet Flow Label"},
	{0}
};

static const struct message bgp_flowspec_display_min[] = {
	{FLOWSPEC_DEST_PREFIX, "to"},
	{FLOWSPEC_SRC_PREFIX, "from"},
	{FLOWSPEC_IP_PROTOCOL, "proto"},
	{FLOWSPEC_PORT, "port"},
	{FLOWSPEC_DEST_PORT, "dstp"},
	{FLOWSPEC_SRC_PORT, "srcp"},
	{FLOWSPEC_ICMP_TYPE, "type"},
	{FLOWSPEC_ICMP_CODE, "code"},
	{FLOWSPEC_TCP_FLAGS, "tcp"},
	{FLOWSPEC_PKT_LEN, "pktlen"},
	{FLOWSPEC_DSCP, "dscp"},
	{FLOWSPEC_FRAGMENT, "pktfrag"},
	{FLOWSPEC_FLOW_LABEL, "flwlbl"},
	{0}
};

#define	FS_STRING_UPDATE(count, ptr, format, remaining_len) do {	\
		int _len_written;					\
									\
		if (((format) == NLRI_STRING_FORMAT_DEBUG) && (count)) {\
			_len_written = snprintf((ptr), (remaining_len),	\
						", ");			\
			(remaining_len) -= _len_written;		\
			(ptr) += _len_written;				\
		} else if (((format) == NLRI_STRING_FORMAT_MIN) 	\
			   && (count)) {				\
			_len_written = snprintf((ptr), (remaining_len),	\
						" ");			\
			(remaining_len) -= _len_written;		\
			(ptr) += _len_written;				\
		}							\
		count++;						\
	} while (0)

/* Parse FLOWSPEC NLRI
 * passed return_string string has assumed length
 * BGP_FLOWSPEC_STRING_DISPLAY_MAX
 */
void bgp_fs_nlri_get_string(unsigned char *nlri_content, size_t len,
			    char *return_string, int format,
			    json_object *json_path,
			    afi_t afi)
{
	uint32_t offset = 0;
	int type;
	int ret = 0, error = 0;
	char *ptr = return_string;
	char local_string[BGP_FLOWSPEC_STRING_DISPLAY_MAX];
	int count = 0;
	char extra[2] = "";
	char pre_extra[2] = "";
	const struct message *bgp_flowspec_display;
	enum bgp_flowspec_util_nlri_t type_util;
	int len_string = BGP_FLOWSPEC_STRING_DISPLAY_MAX;
	int len_written;

	if (format == NLRI_STRING_FORMAT_LARGE) {
		snprintf(pre_extra, sizeof(pre_extra), "\t");
		snprintf(extra, sizeof(extra), "\n");
		bgp_flowspec_display = bgp_flowspec_display_large;
	} else
		bgp_flowspec_display = bgp_flowspec_display_min;
	/* if needed. type_util can be set to other values */
	type_util = BGP_FLOWSPEC_RETURN_STRING;
	error = 0;
	while (offset < len-1 && error >= 0) {
		type = nlri_content[offset];
		offset++;
		switch (type) {
		case FLOWSPEC_DEST_PREFIX:
		case FLOWSPEC_SRC_PREFIX:
			ret = bgp_flowspec_ip_address(
						type_util,
						nlri_content+offset,
						len - offset,
						local_string, &error,
						afi, NULL);
			if (ret <= 0)
				break;
			if (json_path) {
				json_object_string_add(json_path,
				     lookup_msg(bgp_flowspec_display, type, ""),
				     local_string);
				break;
			}
			FS_STRING_UPDATE(count, ptr, format, len_string);
			len_written = snprintf(ptr, len_string, "%s%s %s%s",
					pre_extra,
					lookup_msg(bgp_flowspec_display,
						   type, ""),
					local_string, extra);
			len_string -= len_written;
			ptr += len_written;
			break;
		case FLOWSPEC_FLOW_LABEL:
		case FLOWSPEC_IP_PROTOCOL:
		case FLOWSPEC_PORT:
		case FLOWSPEC_DEST_PORT:
		case FLOWSPEC_SRC_PORT:
		case FLOWSPEC_ICMP_TYPE:
		case FLOWSPEC_ICMP_CODE:
			ret = bgp_flowspec_op_decode(type_util,
						     nlri_content+offset,
						     len - offset,
						     local_string, &error);
			if (ret <= 0)
				break;
			if (json_path) {
				json_object_string_add(json_path,
				     lookup_msg(bgp_flowspec_display, type, ""),
				     local_string);
				break;
			}
			FS_STRING_UPDATE(count, ptr, format, len_string);
			len_written = snprintf(ptr, len_string, "%s%s %s%s",
					pre_extra,
					lookup_msg(bgp_flowspec_display,
					type, ""),
				     local_string, extra);
			len_string -= len_written;
			ptr += len_written;
			break;
		case FLOWSPEC_TCP_FLAGS:
			ret = bgp_flowspec_bitmask_decode(
					      type_util,
					      nlri_content+offset,
					      len - offset,
					      local_string, &error);
			if (ret <= 0)
				break;
			if (json_path) {
				json_object_string_add(json_path,
				     lookup_msg(bgp_flowspec_display,
						type, ""),
				     local_string);
				break;
			}
			FS_STRING_UPDATE(count, ptr, format, len_string);
			len_written = snprintf(ptr, len_string, "%s%s %s%s",
					pre_extra,
					lookup_msg(bgp_flowspec_display,
						   type, ""),
					local_string, extra);
			len_string -= len_written;
			ptr += len_written;
			break;
		case FLOWSPEC_PKT_LEN:
		case FLOWSPEC_DSCP:
			ret = bgp_flowspec_op_decode(
						type_util,
						nlri_content + offset,
						len - offset, local_string,
						&error);
			if (ret <= 0)
				break;
			if (json_path) {
				json_object_string_add(json_path,
				    lookup_msg(bgp_flowspec_display, type, ""),
				    local_string);
				break;
			}
			FS_STRING_UPDATE(count, ptr, format, len_string);
			len_written = snprintf(ptr, len_string, "%s%s %s%s",
					pre_extra,
					lookup_msg(bgp_flowspec_display,
					type, ""),
				     local_string, extra);
			len_string -= len_written;
			ptr += len_written;
			break;
		case FLOWSPEC_FRAGMENT:
			ret = bgp_flowspec_bitmask_decode(
					      type_util,
					      nlri_content+offset,
					      len - offset,
					      local_string, &error);
			if (ret <= 0)
				break;
			if (json_path) {
				json_object_string_add(json_path,
				    lookup_msg(bgp_flowspec_display,
					       type, ""),
				    local_string);
				break;
			}
			FS_STRING_UPDATE(count, ptr, format, len_string);
			len_written = snprintf(ptr, len_string, "%s%s %s%s",
					pre_extra,
					lookup_msg(bgp_flowspec_display,
					type, ""),
					local_string, extra);
			len_string -= len_written;
			ptr += len_written;
			break;
		default:
			error = -1;
			break;
		}
		offset += ret;
	}
}

void route_vty_out_flowspec(struct vty *vty, const struct prefix *p,
			    struct bgp_path_info *path, int display,
			    json_object *json_paths)
{
	struct attr *attr;
	char return_string[BGP_FLOWSPEC_STRING_DISPLAY_MAX];
	char *s = NULL, *s2 = NULL;
	json_object *json_nlri_path = NULL;
	json_object *json_ecom_path = NULL;
	json_object *json_time_path = NULL;
	char timebuf[BGP_UPTIME_LEN];
	struct bgp_dest *dest = NULL;

	if (path)
		dest = path->net;
	if (dest)
		bgp_dest_get_bgp_table_info(dest);
	/* Print prefix */
	if (p != NULL) {
		if (p->family != AF_FLOWSPEC)
			return;
		if (json_paths) {
			if (display == NLRI_STRING_FORMAT_JSON)
				json_nlri_path = json_object_new_object();
			else
				json_nlri_path = json_paths;
		}
		if (display == NLRI_STRING_FORMAT_LARGE && path)
			vty_out(vty, "BGP flowspec entry: (flags 0x%x)\n",
				path->flags);
		bgp_fs_nlri_get_string((unsigned char *)
				       p->u.prefix_flowspec.ptr,
				       p->u.prefix_flowspec.prefixlen,
				       return_string,
				       display,
				       json_nlri_path,
				       family2afi(p->u.prefix_flowspec
						  .family));
		if (display == NLRI_STRING_FORMAT_LARGE)
			vty_out(vty, "%s", return_string);
		else if (display == NLRI_STRING_FORMAT_DEBUG)
			vty_out(vty, "%s", return_string);
		else if (display == NLRI_STRING_FORMAT_MIN)
			vty_out(vty, " %-30s", return_string);
		else if (json_paths && display == NLRI_STRING_FORMAT_JSON)
			json_object_array_add(json_paths, json_nlri_path);
	}
	if (!path)
		return;
	if (path->attr &&
	    (path->attr->ecommunity || path->attr->ipv6_ecommunity)) {
		/* Print attribute */
		attr = path->attr;
		if (attr->ecommunity)
			s = ecommunity_ecom2str(attr->ecommunity,
						ECOMMUNITY_FORMAT_ROUTE_MAP, 0);
		if (attr->ipv6_ecommunity)
			s2 = ecommunity_ecom2str(attr->ipv6_ecommunity,
						ECOMMUNITY_FORMAT_ROUTE_MAP, 0);
		if (!s && !s2)
			return;
		if (display == NLRI_STRING_FORMAT_LARGE)
			vty_out(vty, "\t%s%s%s\n", s ? s : "",
				s2 && s ? " " : "", s2 ? s2 : "");
		else if (display == NLRI_STRING_FORMAT_MIN)
			vty_out(vty, "%s%s", s ? s : "", s2 ? s2 : "");
		else if (json_paths) {
			json_ecom_path = json_object_new_object();
			if (s)
				json_object_string_add(json_ecom_path,
						       "ecomlist", s);
			if (s2)
				json_object_string_add(json_ecom_path,
						       "ecom6list", s2);
			if (display == NLRI_STRING_FORMAT_JSON)
				json_object_array_add(json_paths,
						      json_ecom_path);
		}
		if (display == NLRI_STRING_FORMAT_LARGE) {
			char local_buff[INET6_ADDRSTRLEN];

			local_buff[0] = '\0';
			if (p->u.prefix_flowspec.family == AF_INET &&
			    attr->nexthop.s_addr != 0)
				inet_ntop(AF_INET,
					  &attr->nexthop.s_addr,
					  local_buff,
					  INET6_ADDRSTRLEN);
			else if (p->u.prefix_flowspec.family == AF_INET6 &&
				 attr->mp_nexthop_len != 0 &&
				 attr->mp_nexthop_len != BGP_ATTR_NHLEN_IPV4 &&
				 attr->mp_nexthop_len != BGP_ATTR_NHLEN_VPNV4)
				inet_ntop(AF_INET6,
					  &attr->mp_nexthop_global,
					  local_buff,
					  INET6_ADDRSTRLEN);
			if (local_buff[0] != '\0')
				vty_out(vty, "\tNLRI NH %s\n",
					local_buff);
		}
		XFREE(MTYPE_ECOMMUNITY_STR, s);
	}
	peer_uptime(path->uptime, timebuf, BGP_UPTIME_LEN, 0, NULL);
	if (display == NLRI_STRING_FORMAT_LARGE) {
		vty_out(vty, "\treceived for %8s\n", timebuf);
	} else if (json_paths) {
		json_time_path = json_object_new_object();
		json_object_string_add(json_time_path,
				       "time", timebuf);
		if (display == NLRI_STRING_FORMAT_JSON)
			json_object_array_add(json_paths, json_time_path);
	}
	if (display == NLRI_STRING_FORMAT_LARGE) {
		struct bgp_path_info_extra *extra =
			bgp_path_info_extra_get(path);
		bool list_began = false;

		if (extra->bgp_fs_pbr && listcount(extra->bgp_fs_pbr)) {
			struct listnode *node;
			struct bgp_pbr_match_entry *bpme;
			struct bgp_pbr_match *bpm;
			struct list *list_bpm;

			list_bpm = list_new();
			vty_out(vty, "\tinstalled in PBR");
			for (ALL_LIST_ELEMENTS_RO(extra->bgp_fs_pbr,
						  node, bpme)) {
				bpm = bpme->backpointer;
				if (listnode_lookup(list_bpm, bpm))
					continue;
				listnode_add(list_bpm, bpm);
				if (!list_began) {
					vty_out(vty, " (");
					list_began = true;
				} else
					vty_out(vty, ", ");
				vty_out(vty, "%s", bpm->ipset_name);
			}
			list_delete(&list_bpm);
		}
		if (extra->bgp_fs_iprule && listcount(extra->bgp_fs_iprule)) {
			struct listnode *node;
			struct bgp_pbr_rule *bpr;

			if (!list_began)
				vty_out(vty, "\tinstalled in PBR");
			for (ALL_LIST_ELEMENTS_RO(extra->bgp_fs_iprule,
						  node, bpr)) {
				if (!bpr->action)
					continue;
				if (!list_began) {
					vty_out(vty, " (");
					list_began = true;
				} else
					vty_out(vty, ", ");
				vty_out(vty, "-ipv4-rule %d action lookup %u-",
					bpr->priority,
					bpr->action->table_id);
			}
		}
		if (list_began)
			vty_out(vty, ")\n");
		else
			vty_out(vty, "\tnot installed in PBR\n");
	}
}

int bgp_show_table_flowspec(struct vty *vty, struct bgp *bgp, afi_t afi,
			    struct bgp_table *table, enum bgp_show_type type,
			    void *output_arg, bool use_json, int is_last,
			    unsigned long *output_cum, unsigned long *total_cum)
{
	struct bgp_path_info *pi;
	struct bgp_dest *dest;
	unsigned long total_count = 0;
	json_object *json_paths = NULL;
	int display = NLRI_STRING_FORMAT_LARGE;

	if (type != bgp_show_type_detail)
		return CMD_SUCCESS;

	for (dest = bgp_table_top(table); dest; dest = bgp_route_next(dest)) {
		pi = bgp_dest_get_bgp_path_info(dest);
		if (pi == NULL)
			continue;
		if (use_json) {
			json_paths = json_object_new_array();
			display = NLRI_STRING_FORMAT_JSON;
		}
		for (; pi; pi = pi->next) {
			total_count++;
			route_vty_out_flowspec(vty, bgp_dest_get_prefix(dest),
					       pi, display, json_paths);
		}
		if (use_json) {
			vty_out(vty, "%s\n",
				json_object_to_json_string_ext(
						json_paths,
						JSON_C_TO_STRING_PRETTY));
			json_object_free(json_paths);
			json_paths = NULL;
		}
	}
	if (total_count && !use_json)
		vty_out(vty,
			"\nDisplayed  %ld flowspec entries\n",
			total_count);
	return CMD_SUCCESS;
}

DEFUN (debug_bgp_flowspec,
       debug_bgp_flowspec_cmd,
       "debug bgp flowspec",
       DEBUG_STR
       BGP_STR
       "BGP allow flowspec debugging entries\n")
{
	if (vty->node == CONFIG_NODE)
		DEBUG_ON(flowspec, FLOWSPEC);
	else {
		TERM_DEBUG_ON(flowspec, FLOWSPEC);
		vty_out(vty, "BGP flowspec debugging is on\n");
	}
	return CMD_SUCCESS;
}

DEFUN (no_debug_bgp_flowspec,
       no_debug_bgp_flowspec_cmd,
       "no debug bgp flowspec",
       NO_STR
       DEBUG_STR
       BGP_STR
       "BGP allow flowspec debugging entries\n")
{
	if (vty->node == CONFIG_NODE)
		DEBUG_OFF(flowspec, FLOWSPEC);
	else {
		TERM_DEBUG_OFF(flowspec, FLOWSPEC);
		vty_out(vty, "BGP flowspec debugging is off\n");
	}
	return CMD_SUCCESS;
}

int bgp_fs_config_write_pbr(struct vty *vty, struct bgp *bgp,
			    afi_t afi, safi_t safi)
{
	struct bgp_pbr_interface *pbr_if;
	bool declare_node = false;
	struct bgp_pbr_config *bgp_pbr_cfg = bgp->bgp_pbr_cfg;
	struct bgp_pbr_interface_head *head;
	bool bgp_pbr_interface_any;

	if (!bgp_pbr_cfg || safi != SAFI_FLOWSPEC)
		return 0;
	if (afi == AFI_IP) {
		head = &(bgp_pbr_cfg->ifaces_by_name_ipv4);
		bgp_pbr_interface_any = bgp_pbr_cfg->pbr_interface_any_ipv4;
	} else if (afi == AFI_IP6) {
		head = &(bgp_pbr_cfg->ifaces_by_name_ipv6);
		bgp_pbr_interface_any = bgp_pbr_cfg->pbr_interface_any_ipv6;
	} else {
		return 0;
	}
	if (!RB_EMPTY(bgp_pbr_interface_head, head) ||
	     !bgp_pbr_interface_any)
		declare_node = true;
	RB_FOREACH (pbr_if, bgp_pbr_interface_head, head) {
		vty_out(vty, "  local-install %s\n", pbr_if->name);
	}
	return declare_node ? 1 : 0;
}

static int bgp_fs_local_install_interface(struct bgp *bgp,
					  const char *no, const char *ifname,
					  afi_t afi)
{
	struct bgp_pbr_interface *pbr_if;
	struct bgp_pbr_config *bgp_pbr_cfg = bgp->bgp_pbr_cfg;
	struct bgp_pbr_interface_head *head;
	bool *bgp_pbr_interface_any;

	if (!bgp_pbr_cfg)
		return CMD_SUCCESS;
	if (afi == AFI_IP) {
		head = &(bgp_pbr_cfg->ifaces_by_name_ipv4);
		bgp_pbr_interface_any = &(bgp_pbr_cfg->pbr_interface_any_ipv4);
	} else {
		head = &(bgp_pbr_cfg->ifaces_by_name_ipv6);
		bgp_pbr_interface_any = &(bgp_pbr_cfg->pbr_interface_any_ipv6);
	}
	if (no) {
		if (!ifname) {
			if (*bgp_pbr_interface_any) {
				*bgp_pbr_interface_any = false;
				/* remove all other interface list */
				bgp_pbr_reset(bgp, afi);
			}
			return CMD_SUCCESS;
		}
		pbr_if = bgp_pbr_interface_lookup(ifname, head);
		if (!pbr_if)
			return CMD_SUCCESS;
		RB_REMOVE(bgp_pbr_interface_head, head, pbr_if);
		return CMD_SUCCESS;
	}
	if (ifname) {
		pbr_if = bgp_pbr_interface_lookup(ifname, head);
		if (pbr_if)
			return CMD_SUCCESS;
		pbr_if = XCALLOC(MTYPE_TMP,
				 sizeof(struct bgp_pbr_interface));
		strlcpy(pbr_if->name, ifname, INTERFACE_NAMSIZ);
		RB_INSERT(bgp_pbr_interface_head, head, pbr_if);
		*bgp_pbr_interface_any = false;
	} else {
		/* set to default */
		if (!*bgp_pbr_interface_any) {
			/* remove all other interface list
			 */
			bgp_pbr_reset(bgp, afi);
			*bgp_pbr_interface_any = true;
		}
	}
	return CMD_SUCCESS;
}

DEFUN (bgp_fs_local_install_ifname,
	bgp_fs_local_install_ifname_cmd,
	"[no] local-install INTERFACE",
	NO_STR
	"Apply local policy routing\n"
	"Interface name\n")
{
	struct bgp *bgp = VTY_GET_CONTEXT(bgp);
	int idx = 0;
	const char *no = strmatch(argv[0]->text, "no") ? "no" : NULL;
	char *ifname = argv_find(argv, argc, "INTERFACE", &idx) ?
		argv[idx]->arg : NULL;

	return bgp_fs_local_install_interface(bgp, no, ifname,
					      bgp_node_afi(vty));
}

extern int bgp_flowspec_display_match_per_ip(afi_t afi, struct bgp_table *rib,
					     struct prefix *match,
					     int prefix_check, struct vty *vty,
					     bool use_json,
					     json_object *json_paths)
{
	struct bgp_dest *dest;
	const struct prefix *prefix;
	int display = 0;

	for (dest = bgp_table_top(rib); dest; dest = bgp_route_next(dest)) {
		prefix = bgp_dest_get_prefix(dest);

		if (prefix->family != AF_FLOWSPEC)
			continue;

		if (bgp_flowspec_contains_prefix(prefix, match, prefix_check)) {
			route_vty_out_flowspec(
				vty, prefix, bgp_dest_get_bgp_path_info(dest),
				use_json ? NLRI_STRING_FORMAT_JSON
					 : NLRI_STRING_FORMAT_LARGE,
				json_paths);
			display++;
		}
	}
	return display;
}

void bgp_flowspec_vty_init(void)
{
	install_element(ENABLE_NODE, &debug_bgp_flowspec_cmd);
	install_element(CONFIG_NODE, &debug_bgp_flowspec_cmd);
	install_element(ENABLE_NODE, &no_debug_bgp_flowspec_cmd);
	install_element(CONFIG_NODE, &no_debug_bgp_flowspec_cmd);
	install_element(BGP_FLOWSPECV4_NODE, &bgp_fs_local_install_ifname_cmd);
	install_element(BGP_FLOWSPECV6_NODE, &bgp_fs_local_install_ifname_cmd);
}
Commit	Line	Data
dba3c1d3 PG	1	/* BGP FlowSpec VTY
	2	* Copyright (C) 2018 6WIND
	3	*
	4	* FRRouting is free software; you can redistribute it and/or modify it
	5	* under the terms of the GNU General Public License as published by the
	6	* Free Software Foundation; either version 2, or (at your option) any
	7	* later version.
	8	*
	9	* FRRouting is distributed in the hope that it will be useful, but
	10	* WITHOUT ANY WARRANTY; without even the implied warranty of
	11	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	12	* General Public License for more details.
	13	*
	14	* You should have received a copy of the GNU General Public License along
	15	* with this program; see the file COPYING; if not, write to the Free Software
	16	* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
	17	*/
	18
	19	#include <zebra.h>
	20	#include "command.h"
	21
	22	#include "bgpd/bgpd.h"
	23	#include "bgpd/bgp_table.h"
	24	#include "bgpd/bgp_attr.h"
	25	#include "bgpd/bgp_ecommunity.h"
	26	#include "bgpd/bgp_vty.h"
	27	#include "bgpd/bgp_route.h"
	28	#include "bgpd/bgp_aspath.h"
	29	#include "bgpd/bgp_flowspec.h"
	30	#include "bgpd/bgp_flowspec_util.h"
	31	#include "bgpd/bgp_flowspec_private.h"
268e1b9b	32	#include "bgpd/bgp_debug.h"
b588b642	33	#include "bgpd/bgp_pbr.h"
dba3c1d3 PG	34
	35	/* Local Structures and variables declarations
	36	* This code block hosts the struct declared that host the flowspec rules
	37	* as well as some structure used to convert to stringx
	38	*/
	39
	40	static const struct message bgp_flowspec_display_large[] = {
	41	{FLOWSPEC_DEST_PREFIX, "Destination Address"},
	42	{FLOWSPEC_SRC_PREFIX, "Source Address"},
	43	{FLOWSPEC_IP_PROTOCOL, "IP Protocol"},
	44	{FLOWSPEC_PORT, "Port"},
	45	{FLOWSPEC_DEST_PORT, "Destination Port"},
	46	{FLOWSPEC_SRC_PORT, "Source Port"},
	47	{FLOWSPEC_ICMP_TYPE, "ICMP Type"},
	48	{FLOWSPEC_ICMP_CODE, "ICMP Code"},
	49	{FLOWSPEC_TCP_FLAGS, "TCP Flags"},
	50	{FLOWSPEC_PKT_LEN, "Packet Length"},
	51	{FLOWSPEC_DSCP, "DSCP field"},
	52	{FLOWSPEC_FRAGMENT, "Packet Fragment"},
40881800	53	{FLOWSPEC_FLOW_LABEL, "Packet Flow Label"},
dba3c1d3 PG	54	{0}
	55	};
	56
	57	static const struct message bgp_flowspec_display_min[] = {
	58	{FLOWSPEC_DEST_PREFIX, "to"},
	59	{FLOWSPEC_SRC_PREFIX, "from"},
	60	{FLOWSPEC_IP_PROTOCOL, "proto"},
	61	{FLOWSPEC_PORT, "port"},
	62	{FLOWSPEC_DEST_PORT, "dstp"},
	63	{FLOWSPEC_SRC_PORT, "srcp"},
	64	{FLOWSPEC_ICMP_TYPE, "type"},
	65	{FLOWSPEC_ICMP_CODE, "code"},
01ffd28b	66	{FLOWSPEC_TCP_FLAGS, "tcp"},
dba3c1d3 PG	67	{FLOWSPEC_PKT_LEN, "pktlen"},
	68	{FLOWSPEC_DSCP, "dscp"},
	69	{FLOWSPEC_FRAGMENT, "pktfrag"},
40881800	70	{FLOWSPEC_FLOW_LABEL, "flwlbl"},
dba3c1d3 PG	71	{0}
	72	};
	73
362a06e3 PG	74	#define FS_STRING_UPDATE(count, ptr, format, remaining_len) do { \
	75	int _len_written; \
	76	\
	77	if (((format) == NLRI_STRING_FORMAT_DEBUG) && (count)) {\
	78	_len_written = snprintf((ptr), (remaining_len), \
	79	", "); \
	80	(remaining_len) -= _len_written; \
	81	(ptr) += _len_written; \
	82	} else if (((format) == NLRI_STRING_FORMAT_MIN) \
	83	&& (count)) { \
	84	_len_written = snprintf((ptr), (remaining_len), \
	85	" "); \
	86	(remaining_len) -= _len_written; \
	87	(ptr) += _len_written; \
	88	} \
	89	count++; \
dba3c1d3 PG	90	} while (0)
dba3c1d3 PG	91
362a06e3 PG	92	/* Parse FLOWSPEC NLRI
	93	* passed return_string string has assumed length
	94	* BGP_FLOWSPEC_STRING_DISPLAY_MAX
	95	*/
dba3c1d3	96	void bgp_fs_nlri_get_string(unsigned char *nlri_content, size_t len,
d33fc23b	97	char *return_string, int format,
1840384b PG	98	json_object *json_path,
1840384b PG	99	afi_t afi)
dba3c1d3 PG	100	{
	101	uint32_t offset = 0;
	102	int type;
	103	int ret = 0, error = 0;
	104	char *ptr = return_string;
	105	char local_string[BGP_FLOWSPEC_STRING_DISPLAY_MAX];
	106	int count = 0;
	107	char extra[2] = "";
	108	char pre_extra[2] = "";
	109	const struct message *bgp_flowspec_display;
d33fc23b	110	enum bgp_flowspec_util_nlri_t type_util;
362a06e3 PG	111	int len_string = BGP_FLOWSPEC_STRING_DISPLAY_MAX;
362a06e3 PG	112	int len_written;
dba3c1d3 PG	113
	114	if (format == NLRI_STRING_FORMAT_LARGE) {
	115	snprintf(pre_extra, sizeof(pre_extra), "\t");
	116	snprintf(extra, sizeof(extra), "\n");
	117	bgp_flowspec_display = bgp_flowspec_display_large;
	118	} else
	119	bgp_flowspec_display = bgp_flowspec_display_min;
d33fc23b PG	120	/* if needed. type_util can be set to other values */
d33fc23b PG	121	type_util = BGP_FLOWSPEC_RETURN_STRING;
dba3c1d3 PG	122	error = 0;
	123	while (offset < len-1 && error >= 0) {
	124	type = nlri_content[offset];
	125	offset++;
	126	switch (type) {
	127	case FLOWSPEC_DEST_PREFIX:
	128	case FLOWSPEC_SRC_PREFIX:
	129	ret = bgp_flowspec_ip_address(
d33fc23b	130	type_util,
dba3c1d3 PG	131	nlri_content+offset,
dba3c1d3 PG	132	len - offset,
1840384b	133	local_string, &error,
9cec4121	134	afi, NULL);
dba3c1d3 PG	135	if (ret <= 0)
dba3c1d3 PG	136	break;
d33fc23b PG	137	if (json_path) {
	138	json_object_string_add(json_path,
	139	lookup_msg(bgp_flowspec_display, type, ""),
	140	local_string);
	141	break;
	142	}
362a06e3 PG	143	FS_STRING_UPDATE(count, ptr, format, len_string);
	144	len_written = snprintf(ptr, len_string, "%s%s %s%s",
	145	pre_extra,
	146	lookup_msg(bgp_flowspec_display,
	147	type, ""),
	148	local_string, extra);
	149	len_string -= len_written;
	150	ptr += len_written;
dba3c1d3	151	break;
40881800	152	case FLOWSPEC_FLOW_LABEL:
dba3c1d3 PG	153	case FLOWSPEC_IP_PROTOCOL:
	154	case FLOWSPEC_PORT:
	155	case FLOWSPEC_DEST_PORT:
	156	case FLOWSPEC_SRC_PORT:
	157	case FLOWSPEC_ICMP_TYPE:
	158	case FLOWSPEC_ICMP_CODE:
d33fc23b	159	ret = bgp_flowspec_op_decode(type_util,
dba3c1d3 PG	160	nlri_content+offset,
	161	len - offset,
	162	local_string, &error);
	163	if (ret <= 0)
	164	break;
d33fc23b PG	165	if (json_path) {
	166	json_object_string_add(json_path,
	167	lookup_msg(bgp_flowspec_display, type, ""),
	168	local_string);
	169	break;
	170	}
362a06e3 PG	171	FS_STRING_UPDATE(count, ptr, format, len_string);
	172	len_written = snprintf(ptr, len_string, "%s%s %s%s",
	173	pre_extra,
	174	lookup_msg(bgp_flowspec_display,
	175	type, ""),
dba3c1d3	176	local_string, extra);
362a06e3 PG	177	len_string -= len_written;
362a06e3 PG	178	ptr += len_written;
dba3c1d3 PG	179	break;
dba3c1d3 PG	180	case FLOWSPEC_TCP_FLAGS:
588ec356	181	ret = bgp_flowspec_bitmask_decode(
d33fc23b	182	type_util,
dba3c1d3 PG	183	nlri_content+offset,
	184	len - offset,
	185	local_string, &error);
	186	if (ret <= 0)
	187	break;
d33fc23b PG	188	if (json_path) {
d33fc23b PG	189	json_object_string_add(json_path,
362a06e3 PG	190	lookup_msg(bgp_flowspec_display,
362a06e3 PG	191	type, ""),
d33fc23b PG	192	local_string);
	193	break;
	194	}
362a06e3 PG	195	FS_STRING_UPDATE(count, ptr, format, len_string);
	196	len_written = snprintf(ptr, len_string, "%s%s %s%s",
	197	pre_extra,
	198	lookup_msg(bgp_flowspec_display,
	199	type, ""),
	200	local_string, extra);
	201	len_string -= len_written;
	202	ptr += len_written;
dba3c1d3 PG	203	break;
	204	case FLOWSPEC_PKT_LEN:
	205	case FLOWSPEC_DSCP:
	206	ret = bgp_flowspec_op_decode(
d33fc23b	207	type_util,
dba3c1d3 PG	208	nlri_content + offset,
	209	len - offset, local_string,
	210	&error);
	211	if (ret <= 0)
	212	break;
d33fc23b PG	213	if (json_path) {
	214	json_object_string_add(json_path,
	215	lookup_msg(bgp_flowspec_display, type, ""),
	216	local_string);
	217	break;
	218	}
362a06e3 PG	219	FS_STRING_UPDATE(count, ptr, format, len_string);
	220	len_written = snprintf(ptr, len_string, "%s%s %s%s",
	221	pre_extra,
	222	lookup_msg(bgp_flowspec_display,
	223	type, ""),
dba3c1d3	224	local_string, extra);
362a06e3 PG	225	len_string -= len_written;
362a06e3 PG	226	ptr += len_written;
dba3c1d3 PG	227	break;
dba3c1d3 PG	228	case FLOWSPEC_FRAGMENT:
588ec356 PG	229	ret = bgp_flowspec_bitmask_decode(
	230	type_util,
	231	nlri_content+offset,
	232	len - offset,
	233	local_string, &error);
dba3c1d3 PG	234	if (ret <= 0)
dba3c1d3 PG	235	break;
d33fc23b PG	236	if (json_path) {
	237	json_object_string_add(json_path,
	238	lookup_msg(bgp_flowspec_display,
	239	type, ""),
	240	local_string);
	241	break;
	242	}
362a06e3 PG	243	FS_STRING_UPDATE(count, ptr, format, len_string);
	244	len_written = snprintf(ptr, len_string, "%s%s %s%s",
	245	pre_extra,
	246	lookup_msg(bgp_flowspec_display,
	247	type, ""),
	248	local_string, extra);
	249	len_string -= len_written;
	250	ptr += len_written;
dba3c1d3 PG	251	break;
	252	default:
	253	error = -1;
	254	break;
	255	}
	256	offset += ret;
	257	}
	258	}
	259
bd494ec5	260	void route_vty_out_flowspec(struct vty vty, const struct prefix p,
9b6d8fcf	261	struct bgp_path_info *path, int display,
4b7e6066	262	json_object *json_paths)
dba3c1d3 PG	263	{
	264	struct attr *attr;
	265	char return_string[BGP_FLOWSPEC_STRING_DISPLAY_MAX];
9a659715	266	char s = NULL, s2 = NULL;
d33fc23b PG	267	json_object *json_nlri_path = NULL;
	268	json_object *json_ecom_path = NULL;
	269	json_object *json_time_path = NULL;
	270	char timebuf[BGP_UPTIME_LEN];
1840384b	271	struct bgp_dest *dest = NULL;
dba3c1d3	272
1840384b PG	273	if (path)
	274	dest = path->net;
	275	if (dest)
	276	bgp_dest_get_bgp_table_info(dest);
dba3c1d3 PG	277	/* Print prefix */
	278	if (p != NULL) {
	279	if (p->family != AF_FLOWSPEC)
	280	return;
d33fc23b PG	281	if (json_paths) {
	282	if (display == NLRI_STRING_FORMAT_JSON)
	283	json_nlri_path = json_object_new_object();
	284	else
	285	json_nlri_path = json_paths;
	286	}
9b6d8fcf	287	if (display == NLRI_STRING_FORMAT_LARGE && path)
dba3c1d3	288	vty_out(vty, "BGP flowspec entry: (flags 0x%x)\n",
9b6d8fcf	289	path->flags);
dba3c1d3 PG	290	bgp_fs_nlri_get_string((unsigned char *)
	291	p->u.prefix_flowspec.ptr,
	292	p->u.prefix_flowspec.prefixlen,
	293	return_string,
d33fc23b	294	display,
1840384b PG	295	json_nlri_path,
	296	family2afi(p->u.prefix_flowspec
	297	.family));
dba3c1d3 PG	298	if (display == NLRI_STRING_FORMAT_LARGE)
	299	vty_out(vty, "%s", return_string);
	300	else if (display == NLRI_STRING_FORMAT_DEBUG)
	301	vty_out(vty, "%s", return_string);
d33fc23b	302	else if (display == NLRI_STRING_FORMAT_MIN)
dba3c1d3	303	vty_out(vty, " %-30s", return_string);
d33fc23b PG	304	else if (json_paths && display == NLRI_STRING_FORMAT_JSON)
d33fc23b PG	305	json_object_array_add(json_paths, json_nlri_path);
dba3c1d3	306	}
9b6d8fcf	307	if (!path)
dba3c1d3	308	return;
9a659715 PG	309	if (path->attr &&
9a659715 PG	310	(path->attr->ecommunity \|\| path->attr->ipv6_ecommunity)) {
dba3c1d3	311	/* Print attribute */
9b6d8fcf	312	attr = path->attr;
9a659715 PG	313	if (attr->ecommunity)
	314	s = ecommunity_ecom2str(attr->ecommunity,
	315	ECOMMUNITY_FORMAT_ROUTE_MAP, 0);
	316	if (attr->ipv6_ecommunity)
	317	s2 = ecommunity_ecom2str(attr->ipv6_ecommunity,
	318	ECOMMUNITY_FORMAT_ROUTE_MAP, 0);
	319	if (!s && !s2)
dba3c1d3 PG	320	return;
dba3c1d3 PG	321	if (display == NLRI_STRING_FORMAT_LARGE)
9a659715 PG	322	vty_out(vty, "\t%s%s%s\n", s ? s : "",
9a659715 PG	323	s2 && s ? " " : "", s2 ? s2 : "");
d33fc23b	324	else if (display == NLRI_STRING_FORMAT_MIN)
9a659715	325	vty_out(vty, "%s%s", s ? s : "", s2 ? s2 : "");
d33fc23b PG	326	else if (json_paths) {
d33fc23b PG	327	json_ecom_path = json_object_new_object();
9a659715 PG	328	if (s)
	329	json_object_string_add(json_ecom_path,
	330	"ecomlist", s);
	331	if (s2)
	332	json_object_string_add(json_ecom_path,
	333	"ecom6list", s2);
d33fc23b PG	334	if (display == NLRI_STRING_FORMAT_JSON)
	335	json_object_array_add(json_paths,
	336	json_ecom_path);
	337	}
f01e580f PG	338	if (display == NLRI_STRING_FORMAT_LARGE) {
	339	char local_buff[INET6_ADDRSTRLEN];
	340
	341	local_buff[0] = '\0';
	342	if (p->u.prefix_flowspec.family == AF_INET &&
	343	attr->nexthop.s_addr != 0)
	344	inet_ntop(AF_INET,
	345	&attr->nexthop.s_addr,
	346	local_buff,
	347	INET6_ADDRSTRLEN);
	348	else if (p->u.prefix_flowspec.family == AF_INET6 &&
	349	attr->mp_nexthop_len != 0 &&
	350	attr->mp_nexthop_len != BGP_ATTR_NHLEN_IPV4 &&
	351	attr->mp_nexthop_len != BGP_ATTR_NHLEN_VPNV4)
	352	inet_ntop(AF_INET6,
	353	&attr->mp_nexthop_global,
	354	local_buff,
	355	INET6_ADDRSTRLEN);
	356	if (local_buff[0] != '\0')
	357	vty_out(vty, "\tNLRI NH %s\n",
	358	local_buff);
	359	}
dba3c1d3 PG	360	XFREE(MTYPE_ECOMMUNITY_STR, s);
dba3c1d3 PG	361	}
9b6d8fcf	362	peer_uptime(path->uptime, timebuf, BGP_UPTIME_LEN, 0, NULL);
b588b642 PG	363	if (display == NLRI_STRING_FORMAT_LARGE) {
	364	vty_out(vty, "\treceived for %8s\n", timebuf);
	365	} else if (json_paths) {
d33fc23b PG	366	json_time_path = json_object_new_object();
	367	json_object_string_add(json_time_path,
	368	"time", timebuf);
	369	if (display == NLRI_STRING_FORMAT_JSON)
	370	json_object_array_add(json_paths, json_time_path);
dba3c1d3	371	}
b588b642	372	if (display == NLRI_STRING_FORMAT_LARGE) {
18ee8310	373	struct bgp_path_info_extra *extra =
9b6d8fcf	374	bgp_path_info_extra_get(path);
3e3708cb	375	bool list_began = false;
dba3c1d3	376
3e3708cb	377	if (extra->bgp_fs_pbr && listcount(extra->bgp_fs_pbr)) {
c26edcda	378	struct listnode *node;
b588b642 PG	379	struct bgp_pbr_match_entry *bpme;
b588b642 PG	380	struct bgp_pbr_match *bpm;
c26edcda	381	struct list *list_bpm;
b588b642	382
c26edcda	383	list_bpm = list_new();
ce3c0614	384	vty_out(vty, "\tinstalled in PBR");
c26edcda PG	385	for (ALL_LIST_ELEMENTS_RO(extra->bgp_fs_pbr,
	386	node, bpme)) {
	387	bpm = bpme->backpointer;
	388	if (listnode_lookup(list_bpm, bpm))
	389	continue;
	390	listnode_add(list_bpm, bpm);
503d1ec6	391	if (!list_began) {
c26edcda	392	vty_out(vty, " (");
503d1ec6 PG	393	list_began = true;
503d1ec6 PG	394	} else
c26edcda PG	395	vty_out(vty, ", ");
c26edcda PG	396	vty_out(vty, "%s", bpm->ipset_name);
c26edcda	397	}
3e3708cb PG	398	list_delete(&list_bpm);
	399	}
	400	if (extra->bgp_fs_iprule && listcount(extra->bgp_fs_iprule)) {
	401	struct listnode *node;
	402	struct bgp_pbr_rule *bpr;
	403
	404	if (!list_began)
	405	vty_out(vty, "\tinstalled in PBR");
ce3c0614 PG	406	for (ALL_LIST_ELEMENTS_RO(extra->bgp_fs_iprule,
	407	node, bpr)) {
	408	if (!bpr->action)
	409	continue;
	410	if (!list_began) {
	411	vty_out(vty, " (");
	412	list_began = true;
	413	} else
	414	vty_out(vty, ", ");
	415	vty_out(vty, "-ipv4-rule %d action lookup %u-",
	416	bpr->priority,
	417	bpr->action->table_id);
	418	}
3e3708cb	419	}
026b0e3b PG	420	if (list_began)
	421	vty_out(vty, ")\n");
	422	else
b588b642 PG	423	vty_out(vty, "\tnot installed in PBR\n");
b588b642 PG	424	}
dba3c1d3 PG	425	}
	426
	427	int bgp_show_table_flowspec(struct vty vty, struct bgp bgp, afi_t afi,
	428	struct bgp_table *table, enum bgp_show_type type,
088f1098 DS	429	void *output_arg, bool use_json, int is_last,
088f1098 DS	430	unsigned long output_cum, unsigned long total_cum)
dba3c1d3	431	{
40381db7	432	struct bgp_path_info *pi;
9bcb3eef	433	struct bgp_dest *dest;
dba3c1d3 PG	434	unsigned long total_count = 0;
dba3c1d3 PG	435	json_object *json_paths = NULL;
d33fc23b	436	int display = NLRI_STRING_FORMAT_LARGE;
dba3c1d3 PG	437
	438	if (type != bgp_show_type_detail)
	439	return CMD_SUCCESS;
	440
9bcb3eef DS	441	for (dest = bgp_table_top(table); dest; dest = bgp_route_next(dest)) {
9bcb3eef DS	442	pi = bgp_dest_get_bgp_path_info(dest);
6f94b685	443	if (pi == NULL)
dba3c1d3	444	continue;
d33fc23b PG	445	if (use_json) {
	446	json_paths = json_object_new_array();
	447	display = NLRI_STRING_FORMAT_JSON;
	448	}
6f94b685	449	for (; pi; pi = pi->next) {
dba3c1d3	450	total_count++;
9bcb3eef DS	451	route_vty_out_flowspec(vty, bgp_dest_get_prefix(dest),
9bcb3eef DS	452	pi, display, json_paths);
dba3c1d3	453	}
d33fc23b PG	454	if (use_json) {
	455	vty_out(vty, "%s\n",
	456	json_object_to_json_string_ext(
	457	json_paths,
	458	JSON_C_TO_STRING_PRETTY));
	459	json_object_free(json_paths);
	460	json_paths = NULL;
	461	}
dba3c1d3	462	}
d33fc23b	463	if (total_count && !use_json)
dba3c1d3 PG	464	vty_out(vty,
	465	"\nDisplayed %ld flowspec entries\n",
	466	total_count);
	467	return CMD_SUCCESS;
	468	}
	469
268e1b9b PG	470	DEFUN (debug_bgp_flowspec,
	471	debug_bgp_flowspec_cmd,
	472	"debug bgp flowspec",
	473	DEBUG_STR
	474	BGP_STR
	475	"BGP allow flowspec debugging entries\n")
	476	{
	477	if (vty->node == CONFIG_NODE)
	478	DEBUG_ON(flowspec, FLOWSPEC);
	479	else {
	480	TERM_DEBUG_ON(flowspec, FLOWSPEC);
	481	vty_out(vty, "BGP flowspec debugging is on\n");
	482	}
	483	return CMD_SUCCESS;
	484	}
	485
	486	DEFUN (no_debug_bgp_flowspec,
	487	no_debug_bgp_flowspec_cmd,
	488	"no debug bgp flowspec",
	489	NO_STR
	490	DEBUG_STR
	491	BGP_STR
	492	"BGP allow flowspec debugging entries\n")
	493	{
	494	if (vty->node == CONFIG_NODE)
	495	DEBUG_OFF(flowspec, FLOWSPEC);
	496	else {
	497	TERM_DEBUG_OFF(flowspec, FLOWSPEC);
	498	vty_out(vty, "BGP flowspec debugging is off\n");
	499	}
	500	return CMD_SUCCESS;
	501	}
	502
4762c213 PG	503	int bgp_fs_config_write_pbr(struct vty vty, struct bgp bgp,
	504	afi_t afi, safi_t safi)
	505	{
	506	struct bgp_pbr_interface *pbr_if;
	507	bool declare_node = false;
	508	struct bgp_pbr_config *bgp_pbr_cfg = bgp->bgp_pbr_cfg;
	509	struct bgp_pbr_interface_head *head;
	510	bool bgp_pbr_interface_any;
	511
8f242187	512	if (!bgp_pbr_cfg \|\| safi != SAFI_FLOWSPEC)
4762c213	513	return 0;
8f242187 PG	514	if (afi == AFI_IP) {
	515	head = &(bgp_pbr_cfg->ifaces_by_name_ipv4);
	516	bgp_pbr_interface_any = bgp_pbr_cfg->pbr_interface_any_ipv4;
	517	} else if (afi == AFI_IP6) {
	518	head = &(bgp_pbr_cfg->ifaces_by_name_ipv6);
	519	bgp_pbr_interface_any = bgp_pbr_cfg->pbr_interface_any_ipv6;
	520	} else {
	521	return 0;
	522	}
4762c213 PG	523	if (!RB_EMPTY(bgp_pbr_interface_head, head) \|\|
	524	!bgp_pbr_interface_any)
	525	declare_node = true;
	526	RB_FOREACH (pbr_if, bgp_pbr_interface_head, head) {
	527	vty_out(vty, " local-install %s\n", pbr_if->name);
	528	}
4762c213 PG	529	return declare_node ? 1 : 0;
	530	}
	531
	532	static int bgp_fs_local_install_interface(struct bgp *bgp,
8f242187 PG	533	const char no, const char ifname,
8f242187 PG	534	afi_t afi)
4762c213 PG	535	{
	536	struct bgp_pbr_interface *pbr_if;
	537	struct bgp_pbr_config *bgp_pbr_cfg = bgp->bgp_pbr_cfg;
	538	struct bgp_pbr_interface_head *head;
	539	bool *bgp_pbr_interface_any;
	540
	541	if (!bgp_pbr_cfg)
	542	return CMD_SUCCESS;
8f242187 PG	543	if (afi == AFI_IP) {
	544	head = &(bgp_pbr_cfg->ifaces_by_name_ipv4);
	545	bgp_pbr_interface_any = &(bgp_pbr_cfg->pbr_interface_any_ipv4);
	546	} else {
	547	head = &(bgp_pbr_cfg->ifaces_by_name_ipv6);
	548	bgp_pbr_interface_any = &(bgp_pbr_cfg->pbr_interface_any_ipv6);
	549	}
4762c213 PG	550	if (no) {
	551	if (!ifname) {
	552	if (*bgp_pbr_interface_any) {
	553	*bgp_pbr_interface_any = false;
	554	/* remove all other interface list */
8f242187	555	bgp_pbr_reset(bgp, afi);
4762c213 PG	556	}
	557	return CMD_SUCCESS;
	558	}
	559	pbr_if = bgp_pbr_interface_lookup(ifname, head);
	560	if (!pbr_if)
	561	return CMD_SUCCESS;
	562	RB_REMOVE(bgp_pbr_interface_head, head, pbr_if);
	563	return CMD_SUCCESS;
	564	}
	565	if (ifname) {
	566	pbr_if = bgp_pbr_interface_lookup(ifname, head);
	567	if (pbr_if)
	568	return CMD_SUCCESS;
	569	pbr_if = XCALLOC(MTYPE_TMP,
	570	sizeof(struct bgp_pbr_interface));
	571	strlcpy(pbr_if->name, ifname, INTERFACE_NAMSIZ);
	572	RB_INSERT(bgp_pbr_interface_head, head, pbr_if);
	573	*bgp_pbr_interface_any = false;
	574	} else {
	575	/* set to default */
	576	if (!*bgp_pbr_interface_any) {
	577	/* remove all other interface list
	578	*/
8f242187	579	bgp_pbr_reset(bgp, afi);
4762c213 PG	580	*bgp_pbr_interface_any = true;
	581	}
	582	}
	583	return CMD_SUCCESS;
	584	}
	585
	586	DEFUN (bgp_fs_local_install_ifname,
	587	bgp_fs_local_install_ifname_cmd,
	588	"[no] local-install INTERFACE",
	589	NO_STR
	590	"Apply local policy routing\n"
	591	"Interface name\n")
	592	{
	593	struct bgp *bgp = VTY_GET_CONTEXT(bgp);
	594	int idx = 0;
36de6e0e	595	const char *no = strmatch(argv[0]->text, "no") ? "no" : NULL;
4762c213 PG	596	char *ifname = argv_find(argv, argc, "INTERFACE", &idx) ?
	597	argv[idx]->arg : NULL;
	598
8f242187 PG	599	return bgp_fs_local_install_interface(bgp, no, ifname,
8f242187 PG	600	bgp_node_afi(vty));
4762c213 PG	601	}
4762c213 PG	602
088f1098 DS	603	extern int bgp_flowspec_display_match_per_ip(afi_t afi, struct bgp_table *rib,
	604	struct prefix *match,
	605	int prefix_check, struct vty *vty,
	606	bool use_json,
	607	json_object *json_paths)
63a0b7a9	608	{
9bcb3eef	609	struct bgp_dest *dest;
b54892e0	610	const struct prefix *prefix;
63a0b7a9 PG	611	int display = 0;
63a0b7a9 PG	612
9bcb3eef DS	613	for (dest = bgp_table_top(rib); dest; dest = bgp_route_next(dest)) {
9bcb3eef DS	614	prefix = bgp_dest_get_prefix(dest);
63a0b7a9 PG	615
	616	if (prefix->family != AF_FLOWSPEC)
	617	continue;
	618
	619	if (bgp_flowspec_contains_prefix(prefix, match, prefix_check)) {
6f94b685	620	route_vty_out_flowspec(
9bcb3eef	621	vty, prefix, bgp_dest_get_bgp_path_info(dest),
6f94b685 DS	622	use_json ? NLRI_STRING_FORMAT_JSON
	623	: NLRI_STRING_FORMAT_LARGE,
	624	json_paths);
63a0b7a9 PG	625	display++;
	626	}
	627	}
	628	return display;
	629	}
	630
dba3c1d3 PG	631	void bgp_flowspec_vty_init(void)
dba3c1d3 PG	632	{
268e1b9b PG	633	install_element(ENABLE_NODE, &debug_bgp_flowspec_cmd);
	634	install_element(CONFIG_NODE, &debug_bgp_flowspec_cmd);
	635	install_element(ENABLE_NODE, &no_debug_bgp_flowspec_cmd);
	636	install_element(CONFIG_NODE, &no_debug_bgp_flowspec_cmd);
4762c213	637	install_element(BGP_FLOWSPECV4_NODE, &bgp_fs_local_install_ifname_cmd);
8f242187	638	install_element(BGP_FLOWSPECV6_NODE, &bgp_fs_local_install_ifname_cmd);
dba3c1d3	639	}