]>
Commit | Line | Data |
---|---|---|
dabecd7c MR |
1 | /* |
2 | * BGP RPKI | |
3 | * Copyright (C) 2013 Michael Mester (m.mester@fu-berlin.de), for FU Berlin | |
996c9314 LB |
4 | * Copyright (C) 2014-2017 Andreas Reuter (andreas.reuter@fu-berlin.de), for FU |
5 | * Berlin | |
6 | * Copyright (C) 2016-2017 Colin Sames (colin.sames@haw-hamburg.de), for HAW | |
7 | * Hamburg | |
e4234602 MR |
8 | * Copyright (C) 2017-2018 Marcel Röthke (marcel.roethke@haw-hamburg.de), |
9 | * for HAW Hamburg | |
dabecd7c MR |
10 | * |
11 | * This file is part of FRRouting. | |
12 | * | |
13 | * This program is free software; you can redistribute it and/or modify it | |
14 | * under the terms of the GNU General Public License as published by the Free | |
15 | * Software Foundation; either version 2 of the License, or (at your option) | |
16 | * any later version. | |
17 | * | |
18 | * This program is distributed in the hope that it will be useful, but WITHOUT | |
19 | * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or | |
20 | * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for | |
21 | * more details. | |
22 | * | |
23 | * You should have received a copy of the GNU General Public License along | |
24 | * with this program; see the file COPYING; if not, write to the Free Software | |
25 | * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA | |
26 | */ | |
27 | ||
45c0beda AK |
28 | /* If rtrlib compiled with ssh support, don`t fail build */ |
29 | #define LIBSSH_LEGACY_0_4 | |
30 | ||
dabecd7c MR |
31 | #include <zebra.h> |
32 | #include <pthread.h> | |
33 | #include <time.h> | |
34 | #include <stdbool.h> | |
35 | #include <stdlib.h> | |
36 | #include "prefix.h" | |
37 | #include "log.h" | |
38 | #include "command.h" | |
39 | #include "linklist.h" | |
40 | #include "memory.h" | |
41 | #include "thread.h" | |
42 | #include "filter.h" | |
43 | #include "bgpd/bgpd.h" | |
44 | #include "bgpd/bgp_table.h" | |
45 | #include "bgp_advertise.h" | |
46 | #include "bgpd/bgp_debug.h" | |
47 | #include "bgpd/bgp_attr.h" | |
48 | #include "bgpd/bgp_aspath.h" | |
49 | #include "bgpd/bgp_route.h" | |
fdeb5a81 | 50 | #include "bgpd/bgp_rpki.h" |
0d951156 | 51 | #include "northbound_cli.h" |
fdeb5a81 | 52 | |
4ce82676 | 53 | #include "lib/network.h" |
1dacdd8b | 54 | #include "lib/thread.h" |
dabecd7c | 55 | #include "rtrlib/rtrlib.h" |
dabecd7c MR |
56 | #include "hook.h" |
57 | #include "libfrr.h" | |
09781197 | 58 | #include "lib/version.h" |
dabecd7c | 59 | |
2e4c2296 | 60 | #include "bgpd/bgp_rpki_clippy.c" |
dabecd7c | 61 | |
bf8d3d6a DL |
62 | DEFINE_MTYPE_STATIC(BGPD, BGP_RPKI_CACHE, "BGP RPKI Cache server"); |
63 | DEFINE_MTYPE_STATIC(BGPD, BGP_RPKI_CACHE_GROUP, "BGP RPKI Cache server group"); | |
94ff78a7 | 64 | DEFINE_MTYPE_STATIC(BGPD, BGP_RPKI_RTRLIB, "BGP RPKI RTRLib"); |
7651f277 | 65 | DEFINE_MTYPE_STATIC(BGPD, BGP_RPKI_REVALIDATE, "BGP RPKI Revalidation"); |
dabecd7c | 66 | |
dabecd7c MR |
67 | #define POLLING_PERIOD_DEFAULT 3600 |
68 | #define EXPIRE_INTERVAL_DEFAULT 7200 | |
69 | #define RETRY_INTERVAL_DEFAULT 600 | |
1b2095d1 | 70 | #define BGP_RPKI_CACHE_SERVER_SYNC_RETRY_TIMEOUT 3 |
dabecd7c | 71 | |
d67485c6 DA |
72 | static struct thread *t_rpki_sync; |
73 | ||
dabecd7c MR |
74 | #define RPKI_DEBUG(...) \ |
75 | if (rpki_debug) { \ | |
76 | zlog_debug("RPKI: " __VA_ARGS__); \ | |
77 | } | |
78 | ||
79 | #define RPKI_OUTPUT_STRING "Control rpki specific settings\n" | |
80 | ||
81 | struct cache { | |
996c9314 LB |
82 | enum { TCP, SSH } type; |
83 | struct tr_socket *tr_socket; | |
84 | union { | |
dabecd7c MR |
85 | struct tr_tcp_config *tcp_config; |
86 | struct tr_ssh_config *ssh_config; | |
996c9314 LB |
87 | } tr_config; |
88 | struct rtr_socket *rtr_socket; | |
89 | uint8_t preference; | |
dabecd7c MR |
90 | }; |
91 | ||
92 | enum return_values { SUCCESS = 0, ERROR = -1 }; | |
93 | ||
94 | struct rpki_for_each_record_arg { | |
95 | struct vty *vty; | |
96 | unsigned int *prefix_amount; | |
02334bb2 | 97 | as_t as; |
dff41cc8 | 98 | json_object *json; |
dabecd7c MR |
99 | }; |
100 | ||
101 | static int start(void); | |
102 | static void stop(void); | |
103 | static int reset(bool force); | |
104 | static struct rtr_mgr_group *get_connected_group(void); | |
dff41cc8 | 105 | static void print_prefix_table(struct vty *vty, json_object *json); |
dabecd7c MR |
106 | static void install_cli_commands(void); |
107 | static int config_write(struct vty *vty); | |
791ded4a | 108 | static int config_on_exit(struct vty *vty); |
dabecd7c MR |
109 | static void free_cache(struct cache *cache); |
110 | static struct rtr_mgr_group *get_groups(void); | |
111 | #if defined(FOUND_SSH) | |
996c9314 LB |
112 | static int add_ssh_cache(const char *host, const unsigned int port, |
113 | const char *username, const char *client_privkey_path, | |
dabecd7c | 114 | const char *server_pubkey_path, |
7253a7bc | 115 | const uint8_t preference, const char *bindaddr); |
dabecd7c MR |
116 | #endif |
117 | static struct rtr_socket *create_rtr_socket(struct tr_socket *tr_socket); | |
118 | static struct cache *find_cache(const uint8_t preference); | |
8156765a | 119 | static void rpki_delete_all_cache_nodes(void); |
996c9314 | 120 | static int add_tcp_cache(const char *host, const char *port, |
7253a7bc | 121 | const uint8_t preference, const char *bindaddr); |
dff41cc8 DA |
122 | static void print_record(const struct pfx_record *record, struct vty *vty, |
123 | json_object *json); | |
d67485c6 | 124 | static bool is_synchronized(void); |
0e3d96bf DA |
125 | static bool is_running(void); |
126 | static bool is_stopping(void); | |
dabecd7c | 127 | static void route_match_free(void *rule); |
b68885f9 LK |
128 | static enum route_map_cmd_result_t route_match(void *rule, |
129 | const struct prefix *prefix, | |
1782514f | 130 | |
b68885f9 | 131 | void *object); |
dabecd7c | 132 | static void *route_match_compile(const char *arg); |
9bcb3eef | 133 | static void revalidate_bgp_node(struct bgp_dest *dest, afi_t afi, safi_t safi); |
4ce82676 | 134 | static void revalidate_all_routes(void); |
dabecd7c MR |
135 | |
136 | static struct rtr_mgr_config *rtr_config; | |
137 | static struct list *cache_list; | |
0e3d96bf DA |
138 | static bool rtr_is_running; |
139 | static bool rtr_is_stopping; | |
d67485c6 | 140 | static bool rtr_is_synced; |
4ce82676 | 141 | static _Atomic int rtr_update_overflow; |
0e3d96bf | 142 | static bool rpki_debug; |
dabecd7c MR |
143 | static unsigned int polling_period; |
144 | static unsigned int expire_interval; | |
145 | static unsigned int retry_interval; | |
1dacdd8b MR |
146 | static int rpki_sync_socket_rtr; |
147 | static int rpki_sync_socket_bgpd; | |
dabecd7c | 148 | |
62b346ee | 149 | static struct cmd_node rpki_node = { |
f4b8291f | 150 | .name = "rpki", |
62b346ee | 151 | .node = RPKI_NODE, |
24389580 | 152 | .parent_node = CONFIG_NODE, |
62b346ee | 153 | .prompt = "%s(config-rpki)# ", |
612c2c15 | 154 | .config_write = config_write, |
791ded4a | 155 | .node_exit = config_on_exit, |
62b346ee | 156 | }; |
364deb04 | 157 | static const struct route_map_rule_cmd route_match_rpki_cmd = { |
996c9314 | 158 | "rpki", route_match, route_match_compile, route_match_free}; |
dabecd7c MR |
159 | |
160 | static void *malloc_wrapper(size_t size) | |
161 | { | |
94ff78a7 | 162 | return XMALLOC(MTYPE_BGP_RPKI_RTRLIB, size); |
dabecd7c MR |
163 | } |
164 | ||
165 | static void *realloc_wrapper(void *ptr, size_t size) | |
166 | { | |
94ff78a7 | 167 | return XREALLOC(MTYPE_BGP_RPKI_RTRLIB, ptr, size); |
dabecd7c MR |
168 | } |
169 | ||
170 | static void free_wrapper(void *ptr) | |
171 | { | |
94ff78a7 | 172 | XFREE(MTYPE_BGP_RPKI_RTRLIB, ptr); |
dabecd7c MR |
173 | } |
174 | ||
92110aab MR |
175 | static void init_tr_socket(struct cache *cache) |
176 | { | |
177 | if (cache->type == TCP) | |
178 | tr_tcp_init(cache->tr_config.tcp_config, | |
179 | cache->tr_socket); | |
180 | #if defined(FOUND_SSH) | |
181 | else | |
182 | tr_ssh_init(cache->tr_config.ssh_config, | |
183 | cache->tr_socket); | |
184 | #endif | |
185 | } | |
186 | ||
187 | static void free_tr_socket(struct cache *cache) | |
188 | { | |
189 | if (cache->type == TCP) | |
190 | tr_tcp_init(cache->tr_config.tcp_config, | |
191 | cache->tr_socket); | |
192 | #if defined(FOUND_SSH) | |
193 | else | |
194 | tr_ssh_init(cache->tr_config.ssh_config, | |
195 | cache->tr_socket); | |
196 | #endif | |
197 | } | |
198 | ||
dabecd7c | 199 | static int rpki_validate_prefix(struct peer *peer, struct attr *attr, |
898c4e66 | 200 | const struct prefix *prefix); |
dabecd7c | 201 | |
1dacdd8b MR |
202 | static void ipv6_addr_to_network_byte_order(const uint32_t *src, uint32_t *dest) |
203 | { | |
204 | int i; | |
205 | ||
206 | for (i = 0; i < 4; i++) | |
207 | dest[i] = htonl(src[i]); | |
208 | } | |
209 | ||
e4234602 MR |
210 | static void ipv6_addr_to_host_byte_order(const uint32_t *src, uint32_t *dest) |
211 | { | |
212 | int i; | |
213 | ||
214 | for (i = 0; i < 4; i++) | |
215 | dest[i] = ntohl(src[i]); | |
216 | } | |
217 | ||
b68885f9 LK |
218 | static enum route_map_cmd_result_t route_match(void *rule, |
219 | const struct prefix *prefix, | |
b68885f9 | 220 | void *object) |
dabecd7c MR |
221 | { |
222 | int *rpki_status = rule; | |
9b6d8fcf | 223 | struct bgp_path_info *path; |
dabecd7c | 224 | |
1782514f | 225 | path = object; |
dabecd7c | 226 | |
1782514f DS |
227 | if (rpki_validate_prefix(path->peer, path->attr, prefix) |
228 | == *rpki_status) { | |
229 | return RMAP_MATCH; | |
dabecd7c | 230 | } |
1782514f | 231 | |
dabecd7c MR |
232 | return RMAP_NOMATCH; |
233 | } | |
234 | ||
235 | static void *route_match_compile(const char *arg) | |
236 | { | |
237 | int *rpki_status; | |
238 | ||
0b2c4b35 | 239 | rpki_status = XMALLOC(MTYPE_ROUTE_MAP_COMPILED, sizeof(int)); |
dabecd7c MR |
240 | |
241 | if (strcmp(arg, "valid") == 0) | |
242 | *rpki_status = RPKI_VALID; | |
243 | else if (strcmp(arg, "invalid") == 0) | |
244 | *rpki_status = RPKI_INVALID; | |
245 | else | |
246 | *rpki_status = RPKI_NOTFOUND; | |
247 | ||
248 | return rpki_status; | |
249 | } | |
250 | ||
251 | static void route_match_free(void *rule) | |
252 | { | |
253 | XFREE(MTYPE_ROUTE_MAP_COMPILED, rule); | |
254 | } | |
255 | ||
256 | static struct rtr_socket *create_rtr_socket(struct tr_socket *tr_socket) | |
257 | { | |
258 | struct rtr_socket *rtr_socket = | |
259 | XMALLOC(MTYPE_BGP_RPKI_CACHE, sizeof(struct rtr_socket)); | |
260 | rtr_socket->tr_socket = tr_socket; | |
261 | return rtr_socket; | |
262 | } | |
263 | ||
264 | static struct cache *find_cache(const uint8_t preference) | |
265 | { | |
266 | struct listnode *cache_node; | |
267 | struct cache *cache; | |
268 | ||
269 | for (ALL_LIST_ELEMENTS_RO(cache_list, cache_node, cache)) { | |
270 | if (cache->preference == preference) | |
271 | return cache; | |
272 | } | |
273 | return NULL; | |
274 | } | |
275 | ||
8156765a DA |
276 | static void rpki_delete_all_cache_nodes(void) |
277 | { | |
278 | struct listnode *cache_node, *cache_next; | |
279 | struct cache *cache; | |
280 | ||
281 | for (ALL_LIST_ELEMENTS(cache_list, cache_node, cache_next, cache)) { | |
282 | rtr_mgr_remove_group(rtr_config, cache->preference); | |
283 | listnode_delete(cache_list, cache); | |
284 | } | |
285 | } | |
286 | ||
dff41cc8 DA |
287 | static void print_record(const struct pfx_record *record, struct vty *vty, |
288 | json_object *json) | |
dabecd7c MR |
289 | { |
290 | char ip[INET6_ADDRSTRLEN]; | |
dff41cc8 | 291 | json_object *json_record = NULL; |
5d799192 MR |
292 | |
293 | lrtr_ip_addr_to_str(&record->prefix, ip, sizeof(ip)); | |
dff41cc8 DA |
294 | |
295 | if (!json) { | |
296 | vty_out(vty, "%-40s %3u - %3u %10u\n", ip, record->min_len, | |
297 | record->max_len, record->asn); | |
298 | } else { | |
299 | json_record = json_object_new_object(); | |
300 | json_object_string_add(json_record, "prefix", ip); | |
301 | json_object_int_add(json_record, "prefixLenMin", | |
302 | record->min_len); | |
303 | json_object_int_add(json_record, "prefixLenMax", | |
304 | record->max_len); | |
305 | json_object_int_add(json_record, "asn", record->asn); | |
306 | json_object_array_add(json, json_record); | |
307 | } | |
5d799192 MR |
308 | } |
309 | ||
02334bb2 DA |
310 | static void print_record_by_asn(const struct pfx_record *record, void *data) |
311 | { | |
312 | struct rpki_for_each_record_arg *arg = data; | |
313 | struct vty *vty = arg->vty; | |
314 | ||
315 | if (record->asn == arg->as) { | |
316 | (*arg->prefix_amount)++; | |
dff41cc8 | 317 | print_record(record, vty, arg->json); |
02334bb2 DA |
318 | } |
319 | } | |
320 | ||
5d799192 MR |
321 | static void print_record_cb(const struct pfx_record *record, void *data) |
322 | { | |
dabecd7c MR |
323 | struct rpki_for_each_record_arg *arg = data; |
324 | struct vty *vty = arg->vty; | |
325 | ||
a220aec6 | 326 | (*arg->prefix_amount)++; |
dabecd7c | 327 | |
dff41cc8 | 328 | print_record(record, vty, arg->json); |
dabecd7c MR |
329 | } |
330 | ||
331 | static struct rtr_mgr_group *get_groups(void) | |
332 | { | |
333 | struct listnode *cache_node; | |
334 | struct rtr_mgr_group *rtr_mgr_groups; | |
335 | struct cache *cache; | |
336 | ||
337 | int group_count = listcount(cache_list); | |
338 | ||
339 | if (group_count == 0) | |
340 | return NULL; | |
341 | ||
342 | rtr_mgr_groups = XMALLOC(MTYPE_BGP_RPKI_CACHE_GROUP, | |
343 | group_count * sizeof(struct rtr_mgr_group)); | |
344 | ||
345 | size_t i = 0; | |
346 | ||
347 | for (ALL_LIST_ELEMENTS_RO(cache_list, cache_node, cache)) { | |
348 | rtr_mgr_groups[i].sockets = &cache->rtr_socket; | |
349 | rtr_mgr_groups[i].sockets_len = 1; | |
350 | rtr_mgr_groups[i].preference = cache->preference; | |
351 | ||
92110aab | 352 | init_tr_socket(cache); |
dabecd7c MR |
353 | |
354 | i++; | |
355 | } | |
356 | ||
357 | return rtr_mgr_groups; | |
358 | } | |
359 | ||
d67485c6 | 360 | inline bool is_synchronized(void) |
dabecd7c | 361 | { |
d67485c6 | 362 | return rtr_is_synced; |
dabecd7c MR |
363 | } |
364 | ||
0e3d96bf | 365 | inline bool is_running(void) |
dabecd7c MR |
366 | { |
367 | return rtr_is_running; | |
368 | } | |
369 | ||
0e3d96bf | 370 | inline bool is_stopping(void) |
9ca44fc8 DA |
371 | { |
372 | return rtr_is_stopping; | |
373 | } | |
374 | ||
fc15f734 DS |
375 | static void pfx_record_to_prefix(struct pfx_record *record, |
376 | struct prefix *prefix) | |
1dacdd8b | 377 | { |
1dacdd8b MR |
378 | prefix->prefixlen = record->min_len; |
379 | ||
380 | if (record->prefix.ver == LRTR_IPV4) { | |
381 | prefix->family = AF_INET; | |
382 | prefix->u.prefix4.s_addr = htonl(record->prefix.u.addr4.addr); | |
383 | } else { | |
384 | prefix->family = AF_INET6; | |
385 | ipv6_addr_to_network_byte_order(record->prefix.u.addr6.addr, | |
386 | prefix->u.prefix6.s6_addr32); | |
387 | } | |
1dacdd8b MR |
388 | } |
389 | ||
7f1f9314 DS |
390 | struct rpki_revalidate_prefix { |
391 | struct bgp *bgp; | |
392 | struct prefix prefix; | |
393 | afi_t afi; | |
394 | safi_t safi; | |
395 | }; | |
396 | ||
397 | static void rpki_revalidate_prefix(struct thread *thread) | |
398 | { | |
399 | struct rpki_revalidate_prefix *rrp = THREAD_ARG(thread); | |
400 | struct bgp_dest *match, *node; | |
401 | ||
402 | match = bgp_table_subtree_lookup(rrp->bgp->rib[rrp->afi][rrp->safi], | |
403 | &rrp->prefix); | |
404 | node = match; | |
405 | ||
406 | while (node) { | |
407 | if (bgp_dest_has_bgp_path_info_data(node)) { | |
408 | revalidate_bgp_node(node, rrp->afi, rrp->safi); | |
409 | } | |
410 | ||
411 | node = bgp_route_next_until(node, match); | |
412 | } | |
413 | ||
414 | if (match) | |
415 | bgp_dest_unlock_node(match); | |
416 | ||
417 | XFREE(MTYPE_BGP_RPKI_REVALIDATE, rrp); | |
418 | } | |
419 | ||
cc9f21da | 420 | static void bgpd_sync_callback(struct thread *thread) |
1dacdd8b MR |
421 | { |
422 | struct bgp *bgp; | |
423 | struct listnode *node; | |
fc15f734 | 424 | struct prefix prefix; |
1dacdd8b MR |
425 | struct pfx_record rec; |
426 | ||
d2e3f8a2 DA |
427 | thread_add_read(bm->master, bgpd_sync_callback, NULL, |
428 | rpki_sync_socket_bgpd, NULL); | |
4ce82676 MR |
429 | |
430 | if (atomic_load_explicit(&rtr_update_overflow, memory_order_seq_cst)) { | |
d2e3f8a2 DA |
431 | while (read(rpki_sync_socket_bgpd, &rec, |
432 | sizeof(struct pfx_record)) != -1) | |
4ce82676 MR |
433 | ; |
434 | ||
435 | atomic_store_explicit(&rtr_update_overflow, 0, | |
436 | memory_order_seq_cst); | |
437 | revalidate_all_routes(); | |
cc9f21da | 438 | return; |
4ce82676 MR |
439 | } |
440 | ||
d2e3f8a2 DA |
441 | int retval = |
442 | read(rpki_sync_socket_bgpd, &rec, sizeof(struct pfx_record)); | |
3b128228 | 443 | if (retval != sizeof(struct pfx_record)) { |
d2e3f8a2 | 444 | RPKI_DEBUG("Could not read from rpki_sync_socket_bgpd"); |
cc9f21da | 445 | return; |
38775a3c | 446 | } |
fc15f734 | 447 | pfx_record_to_prefix(&rec, &prefix); |
1dacdd8b MR |
448 | |
449 | afi_t afi = (rec.prefix.ver == LRTR_IPV4) ? AFI_IP : AFI_IP6; | |
450 | ||
451 | for (ALL_LIST_ELEMENTS_RO(bm->bgp, node, bgp)) { | |
35a1e798 | 452 | safi_t safi; |
1dacdd8b | 453 | |
35a1e798 | 454 | for (safi = SAFI_UNICAST; safi < SAFI_MAX; safi++) { |
7e7f61ed | 455 | struct bgp_table *table = bgp->rib[afi][safi]; |
7f1f9314 | 456 | struct rpki_revalidate_prefix *rrp; |
7e7f61ed DA |
457 | |
458 | if (!table) | |
35a1e798 | 459 | continue; |
31a2af32 | 460 | |
7f1f9314 DS |
461 | rrp = XCALLOC(MTYPE_BGP_RPKI_REVALIDATE, sizeof(*rrp)); |
462 | rrp->bgp = bgp; | |
463 | rrp->prefix = prefix; | |
464 | rrp->afi = afi; | |
465 | rrp->safi = safi; | |
466 | thread_add_event(bm->master, rpki_revalidate_prefix, | |
467 | rrp, 0, &bgp->t_revalidate[afi][safi]); | |
1dacdd8b MR |
468 | } |
469 | } | |
1dacdd8b MR |
470 | } |
471 | ||
9bcb3eef | 472 | static void revalidate_bgp_node(struct bgp_dest *bgp_dest, afi_t afi, |
1dacdd8b MR |
473 | safi_t safi) |
474 | { | |
475 | struct bgp_adj_in *ain; | |
476 | ||
9bcb3eef | 477 | for (ain = bgp_dest->adj_in; ain; ain = ain->next) { |
2b964e86 | 478 | struct bgp_path_info *path = |
9bcb3eef | 479 | bgp_dest_get_bgp_path_info(bgp_dest); |
1dacdd8b MR |
480 | mpls_label_t *label = NULL; |
481 | uint32_t num_labels = 0; | |
482 | ||
9b6d8fcf DS |
483 | if (path && path->extra) { |
484 | label = path->extra->label; | |
485 | num_labels = path->extra->num_labels; | |
1dacdd8b | 486 | } |
73261b47 | 487 | (void)bgp_update(ain->peer, bgp_dest_get_prefix(bgp_dest), |
b54892e0 DS |
488 | ain->addpath_rx_id, ain->attr, afi, safi, |
489 | ZEBRA_ROUTE_BGP, BGP_ROUTE_NORMAL, NULL, label, | |
490 | num_labels, 1, NULL); | |
1dacdd8b MR |
491 | } |
492 | } | |
493 | ||
7651f277 DS |
494 | /* |
495 | * The act of a soft reconfig in revalidation is really expensive | |
496 | * coupled with the fact that the download of a full rpki state | |
497 | * from a rpki server can be expensive, let's break up the revalidation | |
498 | * to a point in time in the future to allow other bgp events | |
499 | * to take place too. | |
500 | */ | |
501 | struct rpki_revalidate_peer { | |
502 | afi_t afi; | |
503 | safi_t safi; | |
504 | struct peer *peer; | |
505 | }; | |
506 | ||
507 | static void bgp_rpki_revalidate_peer(struct thread *thread) | |
508 | { | |
509 | struct rpki_revalidate_peer *rvp = THREAD_ARG(thread); | |
510 | ||
511 | /* | |
512 | * Here's the expensive bit of gnomish deviousness | |
513 | */ | |
514 | bgp_soft_reconfig_in(rvp->peer, rvp->afi, rvp->safi); | |
515 | ||
516 | XFREE(MTYPE_BGP_RPKI_REVALIDATE, rvp); | |
517 | } | |
518 | ||
1dacdd8b MR |
519 | static void revalidate_all_routes(void) |
520 | { | |
521 | struct bgp *bgp; | |
522 | struct listnode *node; | |
1dacdd8b MR |
523 | |
524 | for (ALL_LIST_ELEMENTS_RO(bm->bgp, node, bgp)) { | |
31a2af32 MR |
525 | struct peer *peer; |
526 | struct listnode *peer_listnode; | |
1dacdd8b | 527 | |
31a2af32 | 528 | for (ALL_LIST_ELEMENTS_RO(bgp->peer, peer_listnode, peer)) { |
8fb15d02 DS |
529 | afi_t afi; |
530 | safi_t safi; | |
31a2af32 | 531 | |
8fb15d02 | 532 | FOREACH_AFI_SAFI (afi, safi) { |
7651f277 DS |
533 | struct rpki_revalidate_peer *rvp; |
534 | ||
802ca11f | 535 | if (!bgp->rib[afi][safi]) |
8fb15d02 | 536 | continue; |
d2e3f8a2 | 537 | |
89c73443 DS |
538 | if (!peer_established(peer)) |
539 | continue; | |
7651f277 DS |
540 | |
541 | rvp = XCALLOC(MTYPE_BGP_RPKI_REVALIDATE, | |
542 | sizeof(*rvp)); | |
543 | rvp->peer = peer; | |
544 | rvp->afi = afi; | |
545 | rvp->safi = safi; | |
546 | ||
547 | thread_add_event( | |
548 | bm->master, bgp_rpki_revalidate_peer, | |
549 | rvp, 0, | |
550 | &peer->t_revalidate_all[afi][safi]); | |
1dacdd8b MR |
551 | } |
552 | } | |
553 | } | |
554 | } | |
555 | ||
556 | static void rpki_update_cb_sync_rtr(struct pfx_table *p __attribute__((unused)), | |
557 | const struct pfx_record rec, | |
558 | const bool added __attribute__((unused))) | |
559 | { | |
9ca44fc8 DA |
560 | if (is_stopping() || |
561 | atomic_load_explicit(&rtr_update_overflow, memory_order_seq_cst)) | |
1dacdd8b MR |
562 | return; |
563 | ||
564 | int retval = | |
565 | write(rpki_sync_socket_rtr, &rec, sizeof(struct pfx_record)); | |
4ce82676 MR |
566 | if (retval == -1 && (errno == EAGAIN || errno == EWOULDBLOCK)) |
567 | atomic_store_explicit(&rtr_update_overflow, 1, | |
568 | memory_order_seq_cst); | |
569 | ||
570 | else if (retval != sizeof(struct pfx_record)) | |
1dacdd8b MR |
571 | RPKI_DEBUG("Could not write to rpki_sync_socket_rtr"); |
572 | } | |
573 | ||
574 | static void rpki_init_sync_socket(void) | |
575 | { | |
576 | int fds[2]; | |
4ce82676 | 577 | const char *msg; |
1dacdd8b MR |
578 | |
579 | RPKI_DEBUG("initializing sync socket"); | |
580 | if (socketpair(PF_LOCAL, SOCK_DGRAM, 0, fds) != 0) { | |
4ce82676 MR |
581 | msg = "could not open rpki sync socketpair"; |
582 | goto err; | |
1dacdd8b MR |
583 | } |
584 | rpki_sync_socket_rtr = fds[0]; | |
585 | rpki_sync_socket_bgpd = fds[1]; | |
4ce82676 MR |
586 | |
587 | if (set_nonblocking(rpki_sync_socket_rtr) != 0) { | |
588 | msg = "could not set rpki_sync_socket_rtr to non blocking"; | |
589 | goto err; | |
590 | } | |
591 | ||
592 | if (set_nonblocking(rpki_sync_socket_bgpd) != 0) { | |
593 | msg = "could not set rpki_sync_socket_bgpd to non blocking"; | |
594 | goto err; | |
595 | } | |
596 | ||
d2e3f8a2 | 597 | |
1dacdd8b | 598 | thread_add_read(bm->master, bgpd_sync_callback, NULL, |
d2e3f8a2 | 599 | rpki_sync_socket_bgpd, NULL); |
4ce82676 MR |
600 | |
601 | return; | |
602 | ||
603 | err: | |
604 | zlog_err("RPKI: %s", msg); | |
605 | abort(); | |
606 | ||
1dacdd8b MR |
607 | } |
608 | ||
dabecd7c MR |
609 | static int bgp_rpki_init(struct thread_master *master) |
610 | { | |
0e3d96bf DA |
611 | rpki_debug = false; |
612 | rtr_is_running = false; | |
613 | rtr_is_stopping = false; | |
d67485c6 | 614 | rtr_is_synced = false; |
dabecd7c MR |
615 | |
616 | cache_list = list_new(); | |
996c9314 | 617 | cache_list->del = (void (*)(void *)) & free_cache; |
dabecd7c MR |
618 | |
619 | polling_period = POLLING_PERIOD_DEFAULT; | |
620 | expire_interval = EXPIRE_INTERVAL_DEFAULT; | |
621 | retry_interval = RETRY_INTERVAL_DEFAULT; | |
dabecd7c | 622 | install_cli_commands(); |
1dacdd8b | 623 | rpki_init_sync_socket(); |
dabecd7c MR |
624 | return 0; |
625 | } | |
626 | ||
627 | static int bgp_rpki_fini(void) | |
628 | { | |
629 | stop(); | |
6a154c88 | 630 | list_delete(&cache_list); |
dabecd7c | 631 | |
1dacdd8b MR |
632 | close(rpki_sync_socket_rtr); |
633 | close(rpki_sync_socket_bgpd); | |
634 | ||
dabecd7c MR |
635 | return 0; |
636 | } | |
637 | ||
638 | static int bgp_rpki_module_init(void) | |
639 | { | |
996c9314 | 640 | lrtr_set_alloc_functions(malloc_wrapper, realloc_wrapper, free_wrapper); |
dabecd7c | 641 | |
b5b99af8 | 642 | hook_register(bgp_rpki_prefix_status, rpki_validate_prefix); |
dabecd7c | 643 | hook_register(frr_late_init, bgp_rpki_init); |
f714e57a | 644 | hook_register(frr_early_fini, bgp_rpki_fini); |
dabecd7c MR |
645 | |
646 | return 0; | |
647 | } | |
648 | ||
d67485c6 | 649 | static void sync_expired(struct thread *thread) |
1b2095d1 DA |
650 | { |
651 | if (!rtr_mgr_conf_in_sync(rtr_config)) { | |
d67485c6 DA |
652 | RPKI_DEBUG("rtr_mgr is not synced, retrying."); |
653 | thread_add_timer(bm->master, sync_expired, NULL, | |
1b2095d1 | 654 | BGP_RPKI_CACHE_SERVER_SYNC_RETRY_TIMEOUT, |
d67485c6 | 655 | &t_rpki_sync); |
1b2095d1 DA |
656 | return; |
657 | } | |
658 | ||
d67485c6 DA |
659 | RPKI_DEBUG("rtr_mgr sync is done."); |
660 | ||
661 | rtr_is_synced = true; | |
1b2095d1 DA |
662 | } |
663 | ||
dabecd7c MR |
664 | static int start(void) |
665 | { | |
dabecd7c MR |
666 | int ret; |
667 | ||
0e3d96bf | 668 | rtr_is_stopping = false; |
d67485c6 | 669 | rtr_is_synced = false; |
4ce82676 | 670 | rtr_update_overflow = 0; |
1dacdd8b | 671 | |
dabecd7c MR |
672 | if (list_isempty(cache_list)) { |
673 | RPKI_DEBUG( | |
674 | "No caches were found in config. Prefix validation is off."); | |
675 | return ERROR; | |
676 | } | |
677 | RPKI_DEBUG("Init rtr_mgr."); | |
678 | int groups_len = listcount(cache_list); | |
679 | struct rtr_mgr_group *groups = get_groups(); | |
680 | ||
1dacdd8b | 681 | RPKI_DEBUG("Polling period: %d", polling_period); |
dabecd7c | 682 | ret = rtr_mgr_init(&rtr_config, groups, groups_len, polling_period, |
1dacdd8b | 683 | expire_interval, retry_interval, |
d2e3f8a2 | 684 | rpki_update_cb_sync_rtr, NULL, NULL, NULL); |
dabecd7c MR |
685 | if (ret == RTR_ERROR) { |
686 | RPKI_DEBUG("Init rtr_mgr failed."); | |
687 | return ERROR; | |
688 | } | |
689 | ||
690 | RPKI_DEBUG("Starting rtr_mgr."); | |
691 | ret = rtr_mgr_start(rtr_config); | |
692 | if (ret == RTR_ERROR) { | |
693 | RPKI_DEBUG("Starting rtr_mgr failed."); | |
694 | rtr_mgr_free(rtr_config); | |
695 | return ERROR; | |
696 | } | |
1b2095d1 | 697 | |
d67485c6 | 698 | thread_add_timer(bm->master, sync_expired, NULL, 0, &t_rpki_sync); |
dabecd7c MR |
699 | |
700 | XFREE(MTYPE_BGP_RPKI_CACHE_GROUP, groups); | |
701 | ||
0e3d96bf | 702 | rtr_is_running = true; |
d67485c6 | 703 | |
dabecd7c MR |
704 | return SUCCESS; |
705 | } | |
706 | ||
707 | static void stop(void) | |
708 | { | |
0e3d96bf | 709 | rtr_is_stopping = true; |
01fcc189 | 710 | if (is_running()) { |
d67485c6 | 711 | THREAD_OFF(t_rpki_sync); |
dabecd7c MR |
712 | rtr_mgr_stop(rtr_config); |
713 | rtr_mgr_free(rtr_config); | |
0e3d96bf | 714 | rtr_is_running = false; |
dabecd7c MR |
715 | } |
716 | } | |
717 | ||
718 | static int reset(bool force) | |
719 | { | |
01fcc189 | 720 | if (is_running() && !force) |
dabecd7c MR |
721 | return SUCCESS; |
722 | ||
723 | RPKI_DEBUG("Resetting RPKI Session"); | |
724 | stop(); | |
725 | return start(); | |
726 | } | |
727 | ||
728 | static struct rtr_mgr_group *get_connected_group(void) | |
729 | { | |
18b91526 | 730 | if (!cache_list || list_isempty(cache_list)) |
dabecd7c MR |
731 | return NULL; |
732 | ||
733 | return rtr_mgr_get_first_group(rtr_config); | |
734 | } | |
735 | ||
dff41cc8 DA |
736 | static void print_prefix_table_by_asn(struct vty *vty, as_t as, |
737 | json_object *json) | |
02334bb2 DA |
738 | { |
739 | unsigned int number_of_ipv4_prefixes = 0; | |
740 | unsigned int number_of_ipv6_prefixes = 0; | |
741 | struct rtr_mgr_group *group = get_connected_group(); | |
742 | struct rpki_for_each_record_arg arg; | |
dff41cc8 | 743 | json_object *json_records = NULL; |
02334bb2 DA |
744 | |
745 | arg.vty = vty; | |
746 | arg.as = as; | |
dff41cc8 | 747 | arg.json = NULL; |
02334bb2 DA |
748 | |
749 | if (!group) { | |
dff41cc8 DA |
750 | if (!json) |
751 | vty_out(vty, "Cannot find a connected group.\n"); | |
02334bb2 DA |
752 | return; |
753 | } | |
754 | ||
755 | struct pfx_table *pfx_table = group->sockets[0]->pfx_table; | |
756 | ||
dff41cc8 DA |
757 | if (!json) { |
758 | vty_out(vty, "RPKI/RTR prefix table\n"); | |
759 | vty_out(vty, "%-40s %s %s\n", "Prefix", "Prefix Length", | |
760 | "Origin-AS"); | |
761 | } else { | |
762 | json_records = json_object_new_array(); | |
763 | json_object_object_add(json, "prefixes", json_records); | |
764 | arg.json = json_records; | |
765 | } | |
02334bb2 DA |
766 | |
767 | arg.prefix_amount = &number_of_ipv4_prefixes; | |
768 | pfx_table_for_each_ipv4_record(pfx_table, print_record_by_asn, &arg); | |
769 | ||
770 | arg.prefix_amount = &number_of_ipv6_prefixes; | |
771 | pfx_table_for_each_ipv6_record(pfx_table, print_record_by_asn, &arg); | |
772 | ||
dff41cc8 DA |
773 | if (!json) { |
774 | vty_out(vty, "Number of IPv4 Prefixes: %u\n", | |
775 | number_of_ipv4_prefixes); | |
776 | vty_out(vty, "Number of IPv6 Prefixes: %u\n", | |
777 | number_of_ipv6_prefixes); | |
778 | } else { | |
779 | json_object_int_add(json, "ipv4PrefixCount", | |
780 | number_of_ipv4_prefixes); | |
781 | json_object_int_add(json, "ipv6PrefixCount", | |
782 | number_of_ipv6_prefixes); | |
783 | } | |
784 | ||
785 | if (json) | |
786 | vty_json(vty, json); | |
02334bb2 DA |
787 | } |
788 | ||
dff41cc8 | 789 | static void print_prefix_table(struct vty *vty, json_object *json) |
dabecd7c MR |
790 | { |
791 | struct rpki_for_each_record_arg arg; | |
792 | ||
793 | unsigned int number_of_ipv4_prefixes = 0; | |
794 | unsigned int number_of_ipv6_prefixes = 0; | |
795 | struct rtr_mgr_group *group = get_connected_group(); | |
dff41cc8 | 796 | json_object *json_records = NULL; |
dabecd7c MR |
797 | |
798 | arg.vty = vty; | |
dff41cc8 | 799 | arg.json = NULL; |
dabecd7c | 800 | |
dff41cc8 DA |
801 | if (!group) { |
802 | if (!json) | |
803 | vty_out(vty, "Cannot find a connected group.\n"); | |
dabecd7c | 804 | return; |
dff41cc8 | 805 | } |
dabecd7c MR |
806 | |
807 | struct pfx_table *pfx_table = group->sockets[0]->pfx_table; | |
808 | ||
dff41cc8 DA |
809 | if (!json) { |
810 | vty_out(vty, "RPKI/RTR prefix table\n"); | |
811 | vty_out(vty, "%-40s %s %s\n", "Prefix", "Prefix Length", | |
812 | "Origin-AS"); | |
813 | } else { | |
814 | json_records = json_object_new_array(); | |
815 | json_object_object_add(json, "prefixes", json_records); | |
816 | arg.json = json_records; | |
817 | } | |
dabecd7c MR |
818 | |
819 | arg.prefix_amount = &number_of_ipv4_prefixes; | |
5d799192 | 820 | pfx_table_for_each_ipv4_record(pfx_table, print_record_cb, &arg); |
dabecd7c MR |
821 | |
822 | arg.prefix_amount = &number_of_ipv6_prefixes; | |
5d799192 | 823 | pfx_table_for_each_ipv6_record(pfx_table, print_record_cb, &arg); |
dabecd7c | 824 | |
dff41cc8 DA |
825 | if (!json) { |
826 | vty_out(vty, "Number of IPv4 Prefixes: %u\n", | |
827 | number_of_ipv4_prefixes); | |
828 | vty_out(vty, "Number of IPv6 Prefixes: %u\n", | |
829 | number_of_ipv6_prefixes); | |
830 | } else { | |
831 | json_object_int_add(json, "ipv4PrefixCount", | |
832 | number_of_ipv4_prefixes); | |
833 | json_object_int_add(json, "ipv6PrefixCount", | |
834 | number_of_ipv6_prefixes); | |
835 | } | |
836 | ||
837 | if (json) | |
838 | vty_json(vty, json); | |
dabecd7c MR |
839 | } |
840 | ||
841 | static int rpki_validate_prefix(struct peer *peer, struct attr *attr, | |
898c4e66 | 842 | const struct prefix *prefix) |
dabecd7c MR |
843 | { |
844 | struct assegment *as_segment; | |
845 | as_t as_number = 0; | |
846 | struct lrtr_ip_addr ip_addr_prefix; | |
847 | enum pfxv_state result; | |
dabecd7c MR |
848 | |
849 | if (!is_synchronized()) | |
e1a05dd4 | 850 | return RPKI_NOT_BEING_USED; |
dabecd7c MR |
851 | |
852 | // No aspath means route comes from iBGP | |
853 | if (!attr->aspath || !attr->aspath->segments) { | |
854 | // Set own as number | |
855 | as_number = peer->bgp->as; | |
856 | } else { | |
857 | as_segment = attr->aspath->segments; | |
858 | // Find last AsSegment | |
859 | while (as_segment->next) | |
860 | as_segment = as_segment->next; | |
861 | ||
862 | if (as_segment->type == AS_SEQUENCE) { | |
863 | // Get rightmost asn | |
864 | as_number = as_segment->as[as_segment->length - 1]; | |
996c9314 LB |
865 | } else if (as_segment->type == AS_CONFED_SEQUENCE |
866 | || as_segment->type == AS_CONFED_SET) { | |
dabecd7c MR |
867 | // Set own as number |
868 | as_number = peer->bgp->as; | |
869 | } else { | |
870 | // RFC says: "Take distinguished value NONE as asn" | |
871 | // which means state is unknown | |
872 | return RPKI_NOTFOUND; | |
873 | } | |
874 | } | |
875 | ||
876 | // Get the prefix in requested format | |
877 | switch (prefix->family) { | |
878 | case AF_INET: | |
879 | ip_addr_prefix.ver = LRTR_IPV4; | |
880 | ip_addr_prefix.u.addr4.addr = ntohl(prefix->u.prefix4.s_addr); | |
881 | break; | |
882 | ||
dabecd7c MR |
883 | case AF_INET6: |
884 | ip_addr_prefix.ver = LRTR_IPV6; | |
885 | ipv6_addr_to_host_byte_order(prefix->u.prefix6.s6_addr32, | |
886 | ip_addr_prefix.u.addr6.addr); | |
887 | break; | |
dabecd7c MR |
888 | |
889 | default: | |
e1a05dd4 | 890 | return RPKI_NOT_BEING_USED; |
dabecd7c MR |
891 | } |
892 | ||
893 | // Do the actual validation | |
894 | rtr_mgr_validate(rtr_config, as_number, &ip_addr_prefix, | |
895 | prefix->prefixlen, &result); | |
896 | ||
897 | // Print Debug output | |
dabecd7c MR |
898 | switch (result) { |
899 | case BGP_PFXV_STATE_VALID: | |
900 | RPKI_DEBUG( | |
2dbe669b DA |
901 | "Validating Prefix %pFX from asn %u Result: VALID", |
902 | prefix, as_number); | |
dabecd7c MR |
903 | return RPKI_VALID; |
904 | case BGP_PFXV_STATE_NOT_FOUND: | |
905 | RPKI_DEBUG( | |
2dbe669b DA |
906 | "Validating Prefix %pFX from asn %u Result: NOT FOUND", |
907 | prefix, as_number); | |
dabecd7c MR |
908 | return RPKI_NOTFOUND; |
909 | case BGP_PFXV_STATE_INVALID: | |
910 | RPKI_DEBUG( | |
2dbe669b DA |
911 | "Validating Prefix %pFX from asn %u Result: INVALID", |
912 | prefix, as_number); | |
dabecd7c MR |
913 | return RPKI_INVALID; |
914 | default: | |
915 | RPKI_DEBUG( | |
2dbe669b DA |
916 | "Validating Prefix %pFX from asn %u Result: CANNOT VALIDATE", |
917 | prefix, as_number); | |
dabecd7c MR |
918 | break; |
919 | } | |
e1a05dd4 | 920 | return RPKI_NOT_BEING_USED; |
dabecd7c MR |
921 | } |
922 | ||
923 | static int add_cache(struct cache *cache) | |
924 | { | |
925 | uint8_t preference = cache->preference; | |
926 | struct rtr_mgr_group group; | |
927 | ||
928 | group.preference = preference; | |
929 | group.sockets_len = 1; | |
930 | group.sockets = &cache->rtr_socket; | |
931 | ||
01fcc189 | 932 | if (is_running()) { |
92110aab MR |
933 | init_tr_socket(cache); |
934 | ||
935 | if (rtr_mgr_add_group(rtr_config, &group) != RTR_SUCCESS) { | |
936 | free_tr_socket(cache); | |
937 | return ERROR; | |
938 | } | |
dabecd7c MR |
939 | } |
940 | ||
6893064b MR |
941 | listnode_add(cache_list, cache); |
942 | ||
dabecd7c MR |
943 | return SUCCESS; |
944 | } | |
945 | ||
996c9314 | 946 | static int add_tcp_cache(const char *host, const char *port, |
7253a7bc | 947 | const uint8_t preference, const char *bindaddr) |
dabecd7c MR |
948 | { |
949 | struct rtr_socket *rtr_socket; | |
950 | struct tr_tcp_config *tcp_config = | |
a633498e | 951 | XCALLOC(MTYPE_BGP_RPKI_CACHE, sizeof(struct tr_tcp_config)); |
dabecd7c MR |
952 | struct tr_socket *tr_socket = |
953 | XMALLOC(MTYPE_BGP_RPKI_CACHE, sizeof(struct tr_socket)); | |
954 | struct cache *cache = | |
955 | XMALLOC(MTYPE_BGP_RPKI_CACHE, sizeof(struct cache)); | |
956 | ||
957 | tcp_config->host = XSTRDUP(MTYPE_BGP_RPKI_CACHE, host); | |
958 | tcp_config->port = XSTRDUP(MTYPE_BGP_RPKI_CACHE, port); | |
7253a7bc PG |
959 | if (bindaddr) |
960 | tcp_config->bindaddr = XSTRDUP(MTYPE_BGP_RPKI_CACHE, bindaddr); | |
961 | else | |
962 | tcp_config->bindaddr = NULL; | |
dabecd7c MR |
963 | |
964 | rtr_socket = create_rtr_socket(tr_socket); | |
965 | ||
966 | cache->type = TCP; | |
967 | cache->tr_socket = tr_socket; | |
968 | cache->tr_config.tcp_config = tcp_config; | |
969 | cache->rtr_socket = rtr_socket; | |
970 | cache->preference = preference; | |
971 | ||
6893064b MR |
972 | int ret = add_cache(cache); |
973 | if (ret != SUCCESS) { | |
974 | free_cache(cache); | |
975 | } | |
976 | ||
977 | return ret; | |
dabecd7c MR |
978 | } |
979 | ||
980 | #if defined(FOUND_SSH) | |
996c9314 LB |
981 | static int add_ssh_cache(const char *host, const unsigned int port, |
982 | const char *username, const char *client_privkey_path, | |
dabecd7c | 983 | const char *server_pubkey_path, |
7253a7bc | 984 | const uint8_t preference, const char *bindaddr) |
dabecd7c MR |
985 | { |
986 | struct tr_ssh_config *ssh_config = | |
a633498e | 987 | XCALLOC(MTYPE_BGP_RPKI_CACHE, sizeof(struct tr_ssh_config)); |
dabecd7c MR |
988 | struct cache *cache = |
989 | XMALLOC(MTYPE_BGP_RPKI_CACHE, sizeof(struct cache)); | |
990 | struct tr_socket *tr_socket = | |
991 | XMALLOC(MTYPE_BGP_RPKI_CACHE, sizeof(struct tr_socket)); | |
992 | struct rtr_socket *rtr_socket; | |
993 | ||
994 | ssh_config->port = port; | |
995 | ssh_config->host = XSTRDUP(MTYPE_BGP_RPKI_CACHE, host); | |
7253a7bc PG |
996 | if (bindaddr) |
997 | ssh_config->bindaddr = XSTRDUP(MTYPE_BGP_RPKI_CACHE, bindaddr); | |
998 | else | |
999 | ssh_config->bindaddr = NULL; | |
dabecd7c MR |
1000 | |
1001 | ssh_config->username = XSTRDUP(MTYPE_BGP_RPKI_CACHE, username); | |
996c9314 LB |
1002 | ssh_config->client_privkey_path = |
1003 | XSTRDUP(MTYPE_BGP_RPKI_CACHE, client_privkey_path); | |
dabecd7c MR |
1004 | ssh_config->server_hostkey_path = |
1005 | XSTRDUP(MTYPE_BGP_RPKI_CACHE, server_pubkey_path); | |
1006 | ||
1007 | rtr_socket = create_rtr_socket(tr_socket); | |
1008 | ||
1009 | cache->type = SSH; | |
1010 | cache->tr_socket = tr_socket; | |
1011 | cache->tr_config.ssh_config = ssh_config; | |
1012 | cache->rtr_socket = rtr_socket; | |
1013 | cache->preference = preference; | |
1014 | ||
6893064b MR |
1015 | int ret = add_cache(cache); |
1016 | if (ret != SUCCESS) { | |
1017 | free_cache(cache); | |
1018 | } | |
1019 | ||
1020 | return ret; | |
dabecd7c MR |
1021 | } |
1022 | #endif | |
1023 | ||
1024 | static void free_cache(struct cache *cache) | |
1025 | { | |
1026 | if (cache->type == TCP) { | |
996c9314 LB |
1027 | XFREE(MTYPE_BGP_RPKI_CACHE, cache->tr_config.tcp_config->host); |
1028 | XFREE(MTYPE_BGP_RPKI_CACHE, cache->tr_config.tcp_config->port); | |
c41a3cc5 DA |
1029 | XFREE(MTYPE_BGP_RPKI_CACHE, |
1030 | cache->tr_config.tcp_config->bindaddr); | |
dabecd7c MR |
1031 | XFREE(MTYPE_BGP_RPKI_CACHE, cache->tr_config.tcp_config); |
1032 | } | |
1033 | #if defined(FOUND_SSH) | |
1034 | else { | |
996c9314 | 1035 | XFREE(MTYPE_BGP_RPKI_CACHE, cache->tr_config.ssh_config->host); |
dabecd7c MR |
1036 | XFREE(MTYPE_BGP_RPKI_CACHE, |
1037 | cache->tr_config.ssh_config->username); | |
1038 | XFREE(MTYPE_BGP_RPKI_CACHE, | |
1039 | cache->tr_config.ssh_config->client_privkey_path); | |
1040 | XFREE(MTYPE_BGP_RPKI_CACHE, | |
1041 | cache->tr_config.ssh_config->server_hostkey_path); | |
c41a3cc5 DA |
1042 | XFREE(MTYPE_BGP_RPKI_CACHE, |
1043 | cache->tr_config.ssh_config->bindaddr); | |
dabecd7c MR |
1044 | XFREE(MTYPE_BGP_RPKI_CACHE, cache->tr_config.ssh_config); |
1045 | } | |
1046 | #endif | |
1047 | XFREE(MTYPE_BGP_RPKI_CACHE, cache->tr_socket); | |
1048 | XFREE(MTYPE_BGP_RPKI_CACHE, cache->rtr_socket); | |
1049 | XFREE(MTYPE_BGP_RPKI_CACHE, cache); | |
1050 | } | |
1051 | ||
1052 | static int config_write(struct vty *vty) | |
1053 | { | |
1054 | struct listnode *cache_node; | |
1055 | struct cache *cache; | |
1056 | ||
708b8053 DS |
1057 | if (rpki_debug) |
1058 | vty_out(vty, "debug rpki\n"); | |
1059 | ||
1060 | vty_out(vty, "!\n"); | |
1061 | vty_out(vty, "rpki\n"); | |
9a651153 | 1062 | |
8f401cda DA |
1063 | if (polling_period != POLLING_PERIOD_DEFAULT) |
1064 | vty_out(vty, " rpki polling_period %d\n", polling_period); | |
9a651153 DS |
1065 | if (retry_interval != RETRY_INTERVAL_DEFAULT) |
1066 | vty_out(vty, " rpki retry_interval %d\n", retry_interval); | |
1067 | if (expire_interval != EXPIRE_INTERVAL_DEFAULT) | |
1068 | vty_out(vty, " rpki expire_interval %d\n", expire_interval); | |
1069 | ||
708b8053 DS |
1070 | for (ALL_LIST_ELEMENTS_RO(cache_list, cache_node, cache)) { |
1071 | switch (cache->type) { | |
1072 | struct tr_tcp_config *tcp_config; | |
acd4a9f4 | 1073 | #if defined(FOUND_SSH) |
708b8053 | 1074 | struct tr_ssh_config *ssh_config; |
acd4a9f4 | 1075 | #endif |
708b8053 DS |
1076 | case TCP: |
1077 | tcp_config = cache->tr_config.tcp_config; | |
484fc374 | 1078 | vty_out(vty, " rpki cache %s %s ", tcp_config->host, |
708b8053 | 1079 | tcp_config->port); |
484fc374 IR |
1080 | if (tcp_config->bindaddr) |
1081 | vty_out(vty, "source %s ", | |
1082 | tcp_config->bindaddr); | |
708b8053 | 1083 | break; |
dabecd7c | 1084 | #if defined(FOUND_SSH) |
708b8053 DS |
1085 | case SSH: |
1086 | ssh_config = cache->tr_config.ssh_config; | |
484fc374 IR |
1087 | vty_out(vty, " rpki cache %s %u %s %s %s ", |
1088 | ssh_config->host, ssh_config->port, | |
1089 | ssh_config->username, | |
708b8053 DS |
1090 | ssh_config->client_privkey_path, |
1091 | ssh_config->server_hostkey_path != NULL | |
1092 | ? ssh_config->server_hostkey_path | |
1093 | : " "); | |
484fc374 IR |
1094 | if (ssh_config->bindaddr) |
1095 | vty_out(vty, "source %s ", | |
1096 | ssh_config->bindaddr); | |
708b8053 | 1097 | break; |
dabecd7c | 1098 | #endif |
708b8053 DS |
1099 | default: |
1100 | break; | |
dabecd7c | 1101 | } |
708b8053 DS |
1102 | |
1103 | vty_out(vty, "preference %hhu\n", cache->preference); | |
dabecd7c | 1104 | } |
07679ad9 | 1105 | vty_out(vty, "exit\n"); |
708b8053 DS |
1106 | |
1107 | return 1; | |
dabecd7c MR |
1108 | } |
1109 | ||
1110 | DEFUN_NOSH (rpki, | |
1111 | rpki_cmd, | |
1112 | "rpki", | |
1113 | "Enable rpki and enter rpki configuration mode\n") | |
1114 | { | |
1115 | vty->node = RPKI_NODE; | |
1116 | return CMD_SUCCESS; | |
1117 | } | |
1118 | ||
8156765a DA |
1119 | DEFPY (no_rpki, |
1120 | no_rpki_cmd, | |
1121 | "no rpki", | |
1122 | NO_STR | |
1123 | "Enable rpki and enter rpki configuration mode\n") | |
1124 | { | |
1125 | rpki_delete_all_cache_nodes(); | |
1126 | stop(); | |
1127 | return CMD_SUCCESS; | |
1128 | } | |
1129 | ||
dabecd7c MR |
1130 | DEFUN (bgp_rpki_start, |
1131 | bgp_rpki_start_cmd, | |
1132 | "rpki start", | |
1133 | RPKI_OUTPUT_STRING | |
1134 | "start rpki support\n") | |
1135 | { | |
1136 | if (listcount(cache_list) == 0) | |
996c9314 LB |
1137 | vty_out(vty, |
1138 | "Could not start rpki because no caches are configured\n"); | |
dabecd7c MR |
1139 | |
1140 | if (!is_running()) { | |
1141 | if (start() == ERROR) { | |
1142 | RPKI_DEBUG("RPKI failed to start"); | |
1143 | return CMD_WARNING; | |
1144 | } | |
1145 | } | |
1146 | return CMD_SUCCESS; | |
1147 | } | |
1148 | ||
1149 | DEFUN (bgp_rpki_stop, | |
1150 | bgp_rpki_stop_cmd, | |
1151 | "rpki stop", | |
1152 | RPKI_OUTPUT_STRING | |
1153 | "start rpki support\n") | |
1154 | { | |
1155 | if (is_running()) | |
1156 | stop(); | |
1157 | ||
1158 | return CMD_SUCCESS; | |
1159 | } | |
1160 | ||
1161 | DEFPY (rpki_polling_period, | |
1162 | rpki_polling_period_cmd, | |
1163 | "rpki polling_period (1-86400)$pp", | |
1164 | RPKI_OUTPUT_STRING | |
1165 | "Set polling period\n" | |
1166 | "Polling period value\n") | |
1167 | { | |
1168 | polling_period = pp; | |
1169 | return CMD_SUCCESS; | |
1170 | } | |
1171 | ||
1172 | DEFUN (no_rpki_polling_period, | |
1173 | no_rpki_polling_period_cmd, | |
e9f709e5 | 1174 | "no rpki polling_period [(1-86400)]", |
dabecd7c MR |
1175 | NO_STR |
1176 | RPKI_OUTPUT_STRING | |
e9f709e5 DS |
1177 | "Set polling period back to default\n" |
1178 | "Polling period value\n") | |
dabecd7c MR |
1179 | { |
1180 | polling_period = POLLING_PERIOD_DEFAULT; | |
1181 | return CMD_SUCCESS; | |
1182 | } | |
1183 | ||
1184 | DEFPY (rpki_expire_interval, | |
1185 | rpki_expire_interval_cmd, | |
1186 | "rpki expire_interval (600-172800)$tmp", | |
1187 | RPKI_OUTPUT_STRING | |
1188 | "Set expire interval\n" | |
1189 | "Expire interval value\n") | |
1190 | { | |
6f577f58 | 1191 | if ((unsigned int)tmp >= polling_period) { |
dabecd7c MR |
1192 | expire_interval = tmp; |
1193 | return CMD_SUCCESS; | |
1194 | } | |
1195 | ||
1196 | vty_out(vty, "%% Expiry interval must be polling period or larger\n"); | |
1197 | return CMD_WARNING_CONFIG_FAILED; | |
1198 | } | |
1199 | ||
1200 | DEFUN (no_rpki_expire_interval, | |
1201 | no_rpki_expire_interval_cmd, | |
e9f709e5 | 1202 | "no rpki expire_interval [(600-172800)]", |
dabecd7c MR |
1203 | NO_STR |
1204 | RPKI_OUTPUT_STRING | |
e9f709e5 DS |
1205 | "Set expire interval back to default\n" |
1206 | "Expire interval value\n") | |
dabecd7c MR |
1207 | { |
1208 | expire_interval = polling_period * 2; | |
1209 | return CMD_SUCCESS; | |
1210 | } | |
1211 | ||
1212 | DEFPY (rpki_retry_interval, | |
1213 | rpki_retry_interval_cmd, | |
1214 | "rpki retry_interval (1-7200)$tmp", | |
1215 | RPKI_OUTPUT_STRING | |
1216 | "Set retry interval\n" | |
1217 | "retry interval value\n") | |
1218 | { | |
1219 | retry_interval = tmp; | |
1220 | return CMD_SUCCESS; | |
1221 | } | |
1222 | ||
1223 | DEFUN (no_rpki_retry_interval, | |
1224 | no_rpki_retry_interval_cmd, | |
e9f709e5 | 1225 | "no rpki retry_interval [(1-7200)]", |
dabecd7c MR |
1226 | NO_STR |
1227 | RPKI_OUTPUT_STRING | |
e9f709e5 DS |
1228 | "Set retry interval back to default\n" |
1229 | "retry interval value\n") | |
dabecd7c MR |
1230 | { |
1231 | retry_interval = RETRY_INTERVAL_DEFAULT; | |
1232 | return CMD_SUCCESS; | |
1233 | } | |
1234 | ||
7253a7bc | 1235 | DEFPY(rpki_cache, rpki_cache_cmd, |
2a5f5ec0 | 1236 | "rpki cache <A.B.C.D|WORD> <TCPPORT|(1-65535)$sshport SSH_UNAME SSH_PRIVKEY [SERVER_PUBKEY]> [source <A.B.C.D>$bindaddr] preference (1-255)", |
7253a7bc PG |
1237 | RPKI_OUTPUT_STRING |
1238 | "Install a cache server to current group\n" | |
2a5f5ec0 DA |
1239 | "IP address of cache server\n" |
1240 | "Hostname of cache server\n" | |
7253a7bc PG |
1241 | "TCP port number\n" |
1242 | "SSH port number\n" | |
1243 | "SSH user name\n" | |
1244 | "Path to own SSH private key\n" | |
7253a7bc | 1245 | "Path to Public key of cache server\n" |
484fc374 IR |
1246 | "Configure source IP address of RPKI connection\n" |
1247 | "Define a Source IP Address\n" | |
7253a7bc PG |
1248 | "Preference of the cache server\n" |
1249 | "Preference value\n") | |
dabecd7c | 1250 | { |
3f54c705 | 1251 | int return_value; |
a2ed7b2b MR |
1252 | struct listnode *cache_node; |
1253 | struct cache *current_cache; | |
1254 | ||
1255 | for (ALL_LIST_ELEMENTS_RO(cache_list, cache_node, current_cache)) { | |
1256 | if (current_cache->preference == preference) { | |
1257 | vty_out(vty, | |
1258 | "Cache with preference %ld is already configured\n", | |
1259 | preference); | |
1260 | return CMD_WARNING; | |
1261 | } | |
1262 | } | |
1263 | ||
dabecd7c MR |
1264 | |
1265 | // use ssh connection | |
1266 | if (ssh_uname) { | |
1267 | #if defined(FOUND_SSH) | |
2a5f5ec0 DA |
1268 | return_value = |
1269 | add_ssh_cache(cache, sshport, ssh_uname, ssh_privkey, | |
1270 | server_pubkey, preference, bindaddr_str); | |
dabecd7c | 1271 | #else |
3f54c705 | 1272 | return_value = SUCCESS; |
dabecd7c | 1273 | vty_out(vty, |
3efd0893 | 1274 | "ssh sockets are not supported. Please recompile rtrlib and frr with ssh support. If you want to use it\n"); |
dabecd7c MR |
1275 | #endif |
1276 | } else { // use tcp connection | |
7253a7bc PG |
1277 | return_value = |
1278 | add_tcp_cache(cache, tcpport, preference, bindaddr_str); | |
dabecd7c MR |
1279 | } |
1280 | ||
1281 | if (return_value == ERROR) { | |
1282 | vty_out(vty, "Could not create new rpki cache\n"); | |
1283 | return CMD_WARNING; | |
1284 | } | |
1285 | ||
1286 | return CMD_SUCCESS; | |
1287 | } | |
1288 | ||
1289 | DEFPY (no_rpki_cache, | |
1290 | no_rpki_cache_cmd, | |
2a5f5ec0 | 1291 | "no rpki cache <A.B.C.D|WORD> <TCPPORT|(1-65535)$sshport SSH_UNAME SSH_PRIVKEY [SERVER_PUBKEY]> [source <A.B.C.D>$bindaddr] preference (1-255)", |
dabecd7c MR |
1292 | NO_STR |
1293 | RPKI_OUTPUT_STRING | |
cc22635a | 1294 | "Install a cache server to current group\n" |
2a5f5ec0 DA |
1295 | "IP address of cache server\n" |
1296 | "Hostname of cache server\n" | |
dabecd7c MR |
1297 | "TCP port number\n" |
1298 | "SSH port number\n" | |
cc22635a DA |
1299 | "SSH user name\n" |
1300 | "Path to own SSH private key\n" | |
cc22635a DA |
1301 | "Path to Public key of cache server\n" |
1302 | "Configure source IP address of RPKI connection\n" | |
1303 | "Define a Source IP Address\n" | |
dabecd7c MR |
1304 | "Preference of the cache server\n" |
1305 | "Preference value\n") | |
1306 | { | |
1307 | struct cache *cache_p = find_cache(preference); | |
1308 | ||
222487fe | 1309 | if (!cache_p) { |
11423e50 DA |
1310 | vty_out(vty, "Could not find cache with preference %ld\n", |
1311 | preference); | |
dabecd7c MR |
1312 | return CMD_WARNING; |
1313 | } | |
1314 | ||
01fcc189 | 1315 | if (is_running() && listcount(cache_list) == 1) { |
8add1719 | 1316 | stop(); |
01fcc189 | 1317 | } else if (is_running()) { |
dabecd7c | 1318 | if (rtr_mgr_remove_group(rtr_config, preference) == RTR_ERROR) { |
11423e50 DA |
1319 | vty_out(vty, |
1320 | "Could not remove cache with preference %ld\n", | |
1321 | preference); | |
dabecd7c MR |
1322 | return CMD_WARNING; |
1323 | } | |
1324 | } | |
1325 | ||
1326 | listnode_delete(cache_list, cache_p); | |
1327 | free_cache(cache_p); | |
1328 | ||
1329 | return CMD_SUCCESS; | |
1330 | } | |
1331 | ||
dff41cc8 | 1332 | DEFPY (show_rpki_prefix_table, |
dabecd7c | 1333 | show_rpki_prefix_table_cmd, |
dff41cc8 | 1334 | "show rpki prefix-table [json$uj]", |
dabecd7c MR |
1335 | SHOW_STR |
1336 | RPKI_OUTPUT_STRING | |
dff41cc8 DA |
1337 | "Show validated prefixes which were received from RPKI Cache\n" |
1338 | JSON_STR) | |
dabecd7c | 1339 | { |
dff41cc8 DA |
1340 | struct json_object *json = NULL; |
1341 | ||
1342 | if (!is_synchronized()) { | |
1343 | if (!uj) | |
1344 | vty_out(vty, "No connection to RPKI cache server.\n"); | |
1345 | return CMD_WARNING; | |
1346 | } | |
1347 | ||
1348 | if (uj) | |
1349 | json = json_object_new_object(); | |
dabecd7c | 1350 | |
dff41cc8 | 1351 | print_prefix_table(vty, json); |
dabecd7c MR |
1352 | return CMD_SUCCESS; |
1353 | } | |
1354 | ||
dff41cc8 DA |
1355 | DEFPY (show_rpki_as_number, |
1356 | show_rpki_as_number_cmd, | |
1357 | "show rpki as-number (1-4294967295)$by_asn [json$uj]", | |
1358 | SHOW_STR | |
1359 | RPKI_OUTPUT_STRING | |
1360 | "Lookup by ASN in prefix table\n" | |
1361 | "AS Number\n" | |
1362 | JSON_STR) | |
02334bb2 | 1363 | { |
dff41cc8 DA |
1364 | struct json_object *json = NULL; |
1365 | ||
02334bb2 | 1366 | if (!is_synchronized()) { |
dff41cc8 DA |
1367 | if (!uj) |
1368 | vty_out(vty, "No Connection to RPKI cache server.\n"); | |
02334bb2 DA |
1369 | return CMD_WARNING; |
1370 | } | |
1371 | ||
dff41cc8 DA |
1372 | if (uj) |
1373 | json = json_object_new_object(); | |
1374 | ||
1375 | print_prefix_table_by_asn(vty, by_asn, json); | |
02334bb2 DA |
1376 | return CMD_SUCCESS; |
1377 | } | |
1378 | ||
5d799192 MR |
1379 | DEFPY (show_rpki_prefix, |
1380 | show_rpki_prefix_cmd, | |
dff41cc8 | 1381 | "show rpki prefix <A.B.C.D/M|X:X::X:X/M> [(1-4294967295)$asn] [json$uj]", |
5d799192 MR |
1382 | SHOW_STR |
1383 | RPKI_OUTPUT_STRING | |
1384 | "Lookup IP prefix and optionally ASN in prefix table\n" | |
1385 | "IPv4 prefix\n" | |
1386 | "IPv6 prefix\n" | |
dff41cc8 DA |
1387 | "AS Number\n" |
1388 | JSON_STR) | |
5d799192 | 1389 | { |
dff41cc8 DA |
1390 | json_object *json = NULL; |
1391 | json_object *json_records = NULL; | |
5d799192 MR |
1392 | |
1393 | if (!is_synchronized()) { | |
dff41cc8 DA |
1394 | if (!uj) |
1395 | vty_out(vty, "No Connection to RPKI cache server.\n"); | |
5d799192 MR |
1396 | return CMD_WARNING; |
1397 | } | |
1398 | ||
1399 | struct lrtr_ip_addr addr; | |
1400 | char addr_str[INET6_ADDRSTRLEN]; | |
1401 | size_t addr_len = strchr(prefix_str, '/') - prefix_str; | |
1402 | ||
1403 | memset(addr_str, 0, sizeof(addr_str)); | |
1404 | memcpy(addr_str, prefix_str, addr_len); | |
1405 | ||
1406 | if (lrtr_ip_str_to_addr(addr_str, &addr) != 0) { | |
dff41cc8 DA |
1407 | if (!json) |
1408 | vty_out(vty, "Invalid IP prefix\n"); | |
5d799192 MR |
1409 | return CMD_WARNING; |
1410 | } | |
1411 | ||
1412 | struct pfx_record *matches = NULL; | |
1413 | unsigned int match_count = 0; | |
1414 | enum pfxv_state result; | |
1415 | ||
1416 | if (pfx_table_validate_r(rtr_config->pfx_table, &matches, &match_count, | |
1417 | asn, &addr, prefix->prefixlen, &result) | |
1418 | != PFX_SUCCESS) { | |
dff41cc8 DA |
1419 | if (!json) |
1420 | vty_out(vty, "Prefix lookup failed\n"); | |
5d799192 MR |
1421 | return CMD_WARNING; |
1422 | } | |
1423 | ||
dff41cc8 DA |
1424 | if (uj) |
1425 | json = json_object_new_object(); | |
1426 | ||
1427 | if (!json) { | |
1428 | vty_out(vty, "%-40s %s %s\n", "Prefix", "Prefix Length", | |
1429 | "Origin-AS"); | |
1430 | } else { | |
1431 | json_records = json_object_new_array(); | |
1432 | json_object_object_add(json, "prefixes", json_records); | |
1433 | } | |
1434 | ||
5d799192 MR |
1435 | for (size_t i = 0; i < match_count; ++i) { |
1436 | const struct pfx_record *record = &matches[i]; | |
1437 | ||
1438 | if (record->max_len >= prefix->prefixlen | |
c17140fd DS |
1439 | && ((asn != 0 && (uint32_t)asn == record->asn) |
1440 | || asn == 0)) { | |
dff41cc8 | 1441 | print_record(&matches[i], vty, json_records); |
5d799192 MR |
1442 | } |
1443 | } | |
1444 | ||
dff41cc8 DA |
1445 | if (json) |
1446 | vty_json(vty, json); | |
1447 | ||
5d799192 MR |
1448 | return CMD_SUCCESS; |
1449 | } | |
1450 | ||
cc4d121f | 1451 | DEFPY (show_rpki_cache_server, |
dabecd7c | 1452 | show_rpki_cache_server_cmd, |
cc4d121f | 1453 | "show rpki cache-server [json$uj]", |
dabecd7c MR |
1454 | SHOW_STR |
1455 | RPKI_OUTPUT_STRING | |
cc4d121f DA |
1456 | "Show configured cache server\n" |
1457 | JSON_STR) | |
dabecd7c | 1458 | { |
cc4d121f DA |
1459 | struct json_object *json = NULL; |
1460 | struct json_object *json_server = NULL; | |
1461 | struct json_object *json_servers = NULL; | |
dabecd7c MR |
1462 | struct listnode *cache_node; |
1463 | struct cache *cache; | |
1464 | ||
cc4d121f DA |
1465 | if (uj) { |
1466 | json = json_object_new_object(); | |
1467 | json_servers = json_object_new_array(); | |
1468 | json_object_object_add(json, "servers", json_servers); | |
1469 | } | |
1470 | ||
dabecd7c | 1471 | for (ALL_LIST_ELEMENTS_RO(cache_list, cache_node, cache)) { |
745ae9c0 | 1472 | if (cache->type == TCP) { |
cc4d121f | 1473 | if (!json) { |
77be6d6a DA |
1474 | vty_out(vty, |
1475 | "host: %s port: %s, preference: %hhu\n", | |
cc4d121f | 1476 | cache->tr_config.tcp_config->host, |
77be6d6a DA |
1477 | cache->tr_config.tcp_config->port, |
1478 | cache->preference); | |
cc4d121f DA |
1479 | } else { |
1480 | json_server = json_object_new_object(); | |
1481 | json_object_string_add(json_server, "mode", | |
1482 | "tcp"); | |
1483 | json_object_string_add( | |
1484 | json_server, "host", | |
1485 | cache->tr_config.tcp_config->host); | |
1486 | json_object_string_add( | |
1487 | json_server, "port", | |
1488 | cache->tr_config.tcp_config->port); | |
77be6d6a DA |
1489 | json_object_int_add(json_server, "preference", |
1490 | cache->preference); | |
cc4d121f DA |
1491 | json_object_array_add(json_servers, |
1492 | json_server); | |
1493 | } | |
745ae9c0 | 1494 | |
fef6fafa | 1495 | #if defined(FOUND_SSH) |
745ae9c0 | 1496 | } else if (cache->type == SSH) { |
cc4d121f DA |
1497 | if (!json) { |
1498 | vty_out(vty, | |
77be6d6a | 1499 | "host: %s port: %d username: %s server_hostkey_path: %s client_privkey_path: %s, preference: %hhu\n", |
cc4d121f DA |
1500 | cache->tr_config.ssh_config->host, |
1501 | cache->tr_config.ssh_config->port, | |
1502 | cache->tr_config.ssh_config->username, | |
1503 | cache->tr_config.ssh_config | |
1504 | ->server_hostkey_path, | |
1505 | cache->tr_config.ssh_config | |
77be6d6a DA |
1506 | ->client_privkey_path, |
1507 | cache->preference); | |
cc4d121f DA |
1508 | } else { |
1509 | json_server = json_object_new_object(); | |
1510 | json_object_string_add(json_server, "mode", | |
1511 | "ssh"); | |
1512 | json_object_string_add( | |
1513 | json_server, "host", | |
1514 | cache->tr_config.ssh_config->host); | |
1515 | json_object_int_add( | |
1516 | json_server, "port", | |
1517 | cache->tr_config.ssh_config->port); | |
1518 | json_object_string_add( | |
1519 | json_server, "username", | |
1520 | cache->tr_config.ssh_config->username); | |
1521 | json_object_string_add( | |
1522 | json_server, "serverHostkeyPath", | |
1523 | cache->tr_config.ssh_config | |
1524 | ->server_hostkey_path); | |
1525 | json_object_string_add( | |
1526 | json_server, "clientPrivkeyPath", | |
1527 | cache->tr_config.ssh_config | |
1528 | ->client_privkey_path); | |
77be6d6a DA |
1529 | json_object_int_add(json_server, "preference", |
1530 | cache->preference); | |
cc4d121f DA |
1531 | json_object_array_add(json_servers, |
1532 | json_server); | |
1533 | } | |
fef6fafa | 1534 | #endif |
745ae9c0 | 1535 | } |
dabecd7c MR |
1536 | } |
1537 | ||
cc4d121f DA |
1538 | if (json) |
1539 | vty_json(vty, json); | |
1540 | ||
dabecd7c MR |
1541 | return CMD_SUCCESS; |
1542 | } | |
1543 | ||
ae872c2f | 1544 | DEFPY (show_rpki_cache_connection, |
dabecd7c | 1545 | show_rpki_cache_connection_cmd, |
ae872c2f | 1546 | "show rpki cache-connection [json$uj]", |
dabecd7c MR |
1547 | SHOW_STR |
1548 | RPKI_OUTPUT_STRING | |
ae872c2f DA |
1549 | "Show to which RPKI Cache Servers we have a connection\n" |
1550 | JSON_STR) | |
dabecd7c | 1551 | { |
ae872c2f DA |
1552 | struct json_object *json = NULL; |
1553 | struct json_object *json_conn = NULL; | |
1554 | struct json_object *json_conns = NULL; | |
1555 | struct listnode *cache_node; | |
1556 | struct cache *cache; | |
1557 | struct rtr_mgr_group *group; | |
1558 | ||
1559 | if (uj) | |
1560 | json = json_object_new_object(); | |
1561 | ||
708b8053 | 1562 | if (!is_synchronized()) { |
ae872c2f DA |
1563 | if (!json) |
1564 | vty_out(vty, "No connection to RPKI cache server.\n"); | |
1565 | else | |
1566 | vty_json(vty, json); | |
708b8053 DS |
1567 | |
1568 | return CMD_SUCCESS; | |
1569 | } | |
1570 | ||
ae872c2f | 1571 | group = get_connected_group(); |
708b8053 | 1572 | if (!group) { |
ae872c2f DA |
1573 | if (!json) |
1574 | vty_out(vty, "Cannot find a connected group.\n"); | |
1575 | else | |
1576 | vty_json(vty, json); | |
1577 | ||
708b8053 DS |
1578 | return CMD_SUCCESS; |
1579 | } | |
ae872c2f DA |
1580 | |
1581 | if (!json) { | |
1582 | vty_out(vty, "Connected to group %d\n", group->preference); | |
1583 | } else { | |
1584 | json_conns = json_object_new_array(); | |
1585 | json_object_int_add(json, "connectedGroup", group->preference); | |
1586 | json_object_object_add(json, "connections", json_conns); | |
1587 | } | |
1588 | ||
708b8053 | 1589 | for (ALL_LIST_ELEMENTS_RO(cache_list, cache_node, cache)) { |
c1a68b62 | 1590 | struct tr_tcp_config *tcp_config; |
acd4a9f4 | 1591 | #if defined(FOUND_SSH) |
c1a68b62 | 1592 | struct tr_ssh_config *ssh_config; |
acd4a9f4 | 1593 | #endif |
c1a68b62 DA |
1594 | switch (cache->type) { |
1595 | case TCP: | |
1596 | tcp_config = cache->tr_config.tcp_config; | |
ae872c2f DA |
1597 | |
1598 | if (!json) { | |
1599 | vty_out(vty, | |
1600 | "rpki tcp cache %s %s pref %hhu%s\n", | |
1601 | tcp_config->host, tcp_config->port, | |
1602 | cache->preference, | |
1603 | cache->rtr_socket->state == | |
1604 | RTR_ESTABLISHED | |
1605 | ? " (connected)" | |
1606 | : ""); | |
1607 | } else { | |
1608 | json_conn = json_object_new_object(); | |
1609 | json_object_string_add(json_conn, "mode", | |
1610 | "tcp"); | |
1611 | json_object_string_add(json_conn, "host", | |
1612 | tcp_config->host); | |
1613 | json_object_string_add(json_conn, "port", | |
1614 | tcp_config->port); | |
1615 | json_object_int_add(json_conn, "preference", | |
1616 | cache->preference); | |
1617 | json_object_string_add( | |
1618 | json_conn, "state", | |
1619 | cache->rtr_socket->state == | |
1620 | RTR_ESTABLISHED | |
1621 | ? "connected" | |
1622 | : "disconnected"); | |
1623 | json_object_array_add(json_conns, json_conn); | |
1624 | } | |
c1a68b62 | 1625 | break; |
dabecd7c | 1626 | #if defined(FOUND_SSH) |
c1a68b62 DA |
1627 | case SSH: |
1628 | ssh_config = cache->tr_config.ssh_config; | |
ae872c2f DA |
1629 | |
1630 | if (!json) { | |
1631 | vty_out(vty, | |
1632 | "rpki ssh cache %s %u pref %hhu%s\n", | |
1633 | ssh_config->host, ssh_config->port, | |
1634 | cache->preference, | |
1635 | cache->rtr_socket->state == | |
1636 | RTR_ESTABLISHED | |
1637 | ? " (connected)" | |
1638 | : ""); | |
1639 | } else { | |
1640 | json_conn = json_object_new_object(); | |
1641 | json_object_string_add(json_conn, "mode", | |
1642 | "ssh"); | |
1643 | json_object_string_add(json_conn, "host", | |
1644 | ssh_config->host); | |
4d4b9dc1 DA |
1645 | json_object_int_add(json_conn, "port", |
1646 | ssh_config->port); | |
ae872c2f DA |
1647 | json_object_int_add(json_conn, "preference", |
1648 | cache->preference); | |
1649 | json_object_string_add( | |
1650 | json_conn, "state", | |
1651 | cache->rtr_socket->state == | |
1652 | RTR_ESTABLISHED | |
1653 | ? "connected" | |
1654 | : "disconnected"); | |
1655 | json_object_array_add(json_conns, json_conn); | |
1656 | } | |
c1a68b62 | 1657 | break; |
dabecd7c | 1658 | #endif |
c1a68b62 DA |
1659 | default: |
1660 | break; | |
dabecd7c | 1661 | } |
dabecd7c MR |
1662 | } |
1663 | ||
ae872c2f DA |
1664 | if (json) |
1665 | vty_json(vty, json); | |
1666 | ||
dabecd7c MR |
1667 | return CMD_SUCCESS; |
1668 | } | |
1669 | ||
791ded4a | 1670 | static int config_on_exit(struct vty *vty) |
dabecd7c | 1671 | { |
61a484a9 | 1672 | reset(false); |
791ded4a | 1673 | return 1; |
dabecd7c MR |
1674 | } |
1675 | ||
1676 | DEFUN (rpki_reset, | |
1677 | rpki_reset_cmd, | |
1678 | "rpki reset", | |
1679 | RPKI_OUTPUT_STRING | |
1680 | "reset rpki\n") | |
1681 | { | |
1682 | return reset(true) == SUCCESS ? CMD_SUCCESS : CMD_WARNING; | |
1683 | } | |
1684 | ||
1685 | DEFUN (debug_rpki, | |
1686 | debug_rpki_cmd, | |
1687 | "debug rpki", | |
1688 | DEBUG_STR | |
08f9cfb8 | 1689 | "Enable debugging for rpki\n") |
dabecd7c | 1690 | { |
0e3d96bf | 1691 | rpki_debug = true; |
dabecd7c MR |
1692 | return CMD_SUCCESS; |
1693 | } | |
1694 | ||
1695 | DEFUN (no_debug_rpki, | |
1696 | no_debug_rpki_cmd, | |
1697 | "no debug rpki", | |
1698 | NO_STR | |
1699 | DEBUG_STR | |
08f9cfb8 | 1700 | "Disable debugging for rpki\n") |
dabecd7c | 1701 | { |
0e3d96bf | 1702 | rpki_debug = false; |
dabecd7c MR |
1703 | return CMD_SUCCESS; |
1704 | } | |
1705 | ||
48cb7ea9 | 1706 | DEFUN_YANG (match_rpki, |
dabecd7c MR |
1707 | match_rpki_cmd, |
1708 | "match rpki <valid|invalid|notfound>", | |
1709 | MATCH_STR | |
1710 | RPKI_OUTPUT_STRING | |
1711 | "Valid prefix\n" | |
1712 | "Invalid prefix\n" | |
1713 | "Prefix not found\n") | |
1714 | { | |
48cb7ea9 SP |
1715 | const char *xpath = |
1716 | "./match-condition[condition='frr-bgp-route-map:rpki']"; | |
1717 | char xpath_value[XPATH_MAXLEN]; | |
69337c34 | 1718 | |
48cb7ea9 SP |
1719 | nb_cli_enqueue_change(vty, xpath, NB_OP_CREATE, NULL); |
1720 | snprintf(xpath_value, sizeof(xpath_value), | |
1721 | "%s/rmap-match-condition/frr-bgp-route-map:rpki", xpath); | |
1722 | nb_cli_enqueue_change(vty, xpath_value, NB_OP_MODIFY, argv[2]->arg); | |
1723 | ||
1724 | return nb_cli_apply_changes(vty, NULL); | |
dabecd7c MR |
1725 | } |
1726 | ||
48cb7ea9 | 1727 | DEFUN_YANG (no_match_rpki, |
dabecd7c MR |
1728 | no_match_rpki_cmd, |
1729 | "no match rpki <valid|invalid|notfound>", | |
1730 | NO_STR | |
1731 | MATCH_STR | |
1732 | RPKI_OUTPUT_STRING | |
1733 | "Valid prefix\n" | |
1734 | "Invalid prefix\n" | |
1735 | "Prefix not found\n") | |
1736 | { | |
48cb7ea9 SP |
1737 | const char *xpath = |
1738 | "./match-condition[condition='frr-bgp-route-map:rpki']"; | |
dabecd7c | 1739 | |
87c3ed1b | 1740 | nb_cli_enqueue_change(vty, xpath, NB_OP_DESTROY, NULL); |
48cb7ea9 | 1741 | return nb_cli_apply_changes(vty, NULL); |
dabecd7c MR |
1742 | } |
1743 | ||
dabecd7c MR |
1744 | static void install_cli_commands(void) |
1745 | { | |
996c9314 | 1746 | // TODO: make config write work |
612c2c15 | 1747 | install_node(&rpki_node); |
dabecd7c | 1748 | install_default(RPKI_NODE); |
dabecd7c | 1749 | install_element(CONFIG_NODE, &rpki_cmd); |
9593708d | 1750 | install_element(ENABLE_NODE, &rpki_cmd); |
8156765a DA |
1751 | install_element(CONFIG_NODE, &no_rpki_cmd); |
1752 | ||
dabecd7c MR |
1753 | |
1754 | install_element(ENABLE_NODE, &bgp_rpki_start_cmd); | |
1755 | install_element(ENABLE_NODE, &bgp_rpki_stop_cmd); | |
1756 | ||
1757 | /* Install rpki reset command */ | |
8f14ae47 | 1758 | install_element(ENABLE_NODE, &rpki_reset_cmd); |
dabecd7c MR |
1759 | install_element(RPKI_NODE, &rpki_reset_cmd); |
1760 | ||
1761 | /* Install rpki polling period commands */ | |
1762 | install_element(RPKI_NODE, &rpki_polling_period_cmd); | |
1763 | install_element(RPKI_NODE, &no_rpki_polling_period_cmd); | |
1764 | ||
1765 | /* Install rpki expire interval commands */ | |
1766 | install_element(RPKI_NODE, &rpki_expire_interval_cmd); | |
1767 | install_element(RPKI_NODE, &no_rpki_expire_interval_cmd); | |
1768 | ||
1769 | /* Install rpki retry interval commands */ | |
1770 | install_element(RPKI_NODE, &rpki_retry_interval_cmd); | |
1771 | install_element(RPKI_NODE, &no_rpki_retry_interval_cmd); | |
1772 | ||
dabecd7c MR |
1773 | /* Install rpki cache commands */ |
1774 | install_element(RPKI_NODE, &rpki_cache_cmd); | |
1775 | install_element(RPKI_NODE, &no_rpki_cache_cmd); | |
1776 | ||
1777 | /* Install show commands */ | |
9593708d | 1778 | install_element(VIEW_NODE, &show_rpki_prefix_table_cmd); |
1779 | install_element(VIEW_NODE, &show_rpki_cache_connection_cmd); | |
1780 | install_element(VIEW_NODE, &show_rpki_cache_server_cmd); | |
1781 | install_element(VIEW_NODE, &show_rpki_prefix_cmd); | |
02334bb2 | 1782 | install_element(VIEW_NODE, &show_rpki_as_number_cmd); |
dabecd7c MR |
1783 | |
1784 | /* Install debug commands */ | |
1785 | install_element(CONFIG_NODE, &debug_rpki_cmd); | |
1786 | install_element(ENABLE_NODE, &debug_rpki_cmd); | |
1787 | install_element(CONFIG_NODE, &no_debug_rpki_cmd); | |
1788 | install_element(ENABLE_NODE, &no_debug_rpki_cmd); | |
1789 | ||
1790 | /* Install route match */ | |
1791 | route_map_install_match(&route_match_rpki_cmd); | |
1792 | install_element(RMAP_NODE, &match_rpki_cmd); | |
1793 | install_element(RMAP_NODE, &no_match_rpki_cmd); | |
1794 | } | |
1795 | ||
1796 | FRR_MODULE_SETUP(.name = "bgpd_rpki", .version = "0.3.6", | |
1797 | .description = "Enable RPKI support for FRR.", | |
80413c20 DL |
1798 | .init = bgp_rpki_module_init, |
1799 | ); |