]>
Commit | Line | Data |
---|---|---|
1 | /* | |
2 | * BGP RPKI | |
3 | * Copyright (C) 2013 Michael Mester (m.mester@fu-berlin.de), for FU Berlin | |
4 | * Copyright (C) 2014-2017 Andreas Reuter (andreas.reuter@fu-berlin.de), for FU | |
5 | * Berlin | |
6 | * Copyright (C) 2016-2017 Colin Sames (colin.sames@haw-hamburg.de), for HAW | |
7 | * Hamburg | |
8 | * Copyright (C) 2017-2018 Marcel Röthke (marcel.roethke@haw-hamburg.de), | |
9 | * for HAW Hamburg | |
10 | * | |
11 | * This file is part of FRRouting. | |
12 | * | |
13 | * This program is free software; you can redistribute it and/or modify it | |
14 | * under the terms of the GNU General Public License as published by the Free | |
15 | * Software Foundation; either version 2 of the License, or (at your option) | |
16 | * any later version. | |
17 | * | |
18 | * This program is distributed in the hope that it will be useful, but WITHOUT | |
19 | * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or | |
20 | * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for | |
21 | * more details. | |
22 | * | |
23 | * You should have received a copy of the GNU General Public License along | |
24 | * with this program; see the file COPYING; if not, write to the Free Software | |
25 | * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA | |
26 | */ | |
27 | ||
28 | /* If rtrlib compiled with ssh support, don`t fail build */ | |
29 | #define LIBSSH_LEGACY_0_4 | |
30 | ||
31 | #include <zebra.h> | |
32 | #include <pthread.h> | |
33 | #include <time.h> | |
34 | #include <stdbool.h> | |
35 | #include <stdlib.h> | |
36 | #include "prefix.h" | |
37 | #include "log.h" | |
38 | #include "command.h" | |
39 | #include "linklist.h" | |
40 | #include "memory.h" | |
41 | #include "thread.h" | |
42 | #include "filter.h" | |
43 | #include "bgpd/bgpd.h" | |
44 | #include "bgpd/bgp_table.h" | |
45 | #include "bgp_advertise.h" | |
46 | #include "bgpd/bgp_debug.h" | |
47 | #include "bgpd/bgp_attr.h" | |
48 | #include "bgpd/bgp_aspath.h" | |
49 | #include "bgpd/bgp_route.h" | |
50 | #include "bgpd/bgp_rpki.h" | |
51 | #include "northbound_cli.h" | |
52 | ||
53 | #include "lib/network.h" | |
54 | #include "lib/thread.h" | |
55 | #ifndef VTYSH_EXTRACT_PL | |
56 | #include "rtrlib/rtrlib.h" | |
57 | #endif | |
58 | #include "hook.h" | |
59 | #include "libfrr.h" | |
60 | #include "lib/version.h" | |
61 | ||
62 | #ifndef VTYSH_EXTRACT_PL | |
63 | #include "bgpd/bgp_rpki_clippy.c" | |
64 | #endif | |
65 | ||
66 | DEFINE_MTYPE_STATIC(BGPD, BGP_RPKI_CACHE, "BGP RPKI Cache server"); | |
67 | DEFINE_MTYPE_STATIC(BGPD, BGP_RPKI_CACHE_GROUP, "BGP RPKI Cache server group"); | |
68 | DEFINE_MTYPE_STATIC(BGPD, BGP_RPKI_RTRLIB, "BGP RPKI RTRLib"); | |
69 | ||
70 | #define POLLING_PERIOD_DEFAULT 3600 | |
71 | #define EXPIRE_INTERVAL_DEFAULT 7200 | |
72 | #define RETRY_INTERVAL_DEFAULT 600 | |
73 | #define BGP_RPKI_CACHE_SERVER_SYNC_RETRY_TIMEOUT 3 | |
74 | ||
75 | static struct thread *t_rpki_sync; | |
76 | ||
77 | #define RPKI_DEBUG(...) \ | |
78 | if (rpki_debug) { \ | |
79 | zlog_debug("RPKI: " __VA_ARGS__); \ | |
80 | } | |
81 | ||
82 | #define RPKI_OUTPUT_STRING "Control rpki specific settings\n" | |
83 | ||
84 | struct cache { | |
85 | enum { TCP, SSH } type; | |
86 | struct tr_socket *tr_socket; | |
87 | union { | |
88 | struct tr_tcp_config *tcp_config; | |
89 | struct tr_ssh_config *ssh_config; | |
90 | } tr_config; | |
91 | struct rtr_socket *rtr_socket; | |
92 | uint8_t preference; | |
93 | }; | |
94 | ||
95 | enum return_values { SUCCESS = 0, ERROR = -1 }; | |
96 | ||
97 | struct rpki_for_each_record_arg { | |
98 | struct vty *vty; | |
99 | unsigned int *prefix_amount; | |
100 | as_t as; | |
101 | json_object *json; | |
102 | }; | |
103 | ||
104 | static int start(void); | |
105 | static void stop(void); | |
106 | static int reset(bool force); | |
107 | static struct rtr_mgr_group *get_connected_group(void); | |
108 | static void print_prefix_table(struct vty *vty, json_object *json); | |
109 | static void install_cli_commands(void); | |
110 | static int config_write(struct vty *vty); | |
111 | static int config_on_exit(struct vty *vty); | |
112 | static void free_cache(struct cache *cache); | |
113 | static struct rtr_mgr_group *get_groups(void); | |
114 | #if defined(FOUND_SSH) | |
115 | static int add_ssh_cache(const char *host, const unsigned int port, | |
116 | const char *username, const char *client_privkey_path, | |
117 | const char *client_pubkey_path, | |
118 | const char *server_pubkey_path, | |
119 | const uint8_t preference, const char *bindaddr); | |
120 | #endif | |
121 | static struct rtr_socket *create_rtr_socket(struct tr_socket *tr_socket); | |
122 | static struct cache *find_cache(const uint8_t preference); | |
123 | static void rpki_delete_all_cache_nodes(void); | |
124 | static int add_tcp_cache(const char *host, const char *port, | |
125 | const uint8_t preference, const char *bindaddr); | |
126 | static void print_record(const struct pfx_record *record, struct vty *vty, | |
127 | json_object *json); | |
128 | static bool is_synchronized(void); | |
129 | static bool is_running(void); | |
130 | static bool is_stopping(void); | |
131 | static void route_match_free(void *rule); | |
132 | static enum route_map_cmd_result_t route_match(void *rule, | |
133 | const struct prefix *prefix, | |
134 | ||
135 | void *object); | |
136 | static void *route_match_compile(const char *arg); | |
137 | static void revalidate_bgp_node(struct bgp_dest *dest, afi_t afi, safi_t safi); | |
138 | static void revalidate_all_routes(void); | |
139 | ||
140 | static struct rtr_mgr_config *rtr_config; | |
141 | static struct list *cache_list; | |
142 | static bool rtr_is_running; | |
143 | static bool rtr_is_stopping; | |
144 | static bool rtr_is_synced; | |
145 | static _Atomic int rtr_update_overflow; | |
146 | static bool rpki_debug; | |
147 | static unsigned int polling_period; | |
148 | static unsigned int expire_interval; | |
149 | static unsigned int retry_interval; | |
150 | static int rpki_sync_socket_rtr; | |
151 | static int rpki_sync_socket_bgpd; | |
152 | ||
153 | static struct cmd_node rpki_node = { | |
154 | .name = "rpki", | |
155 | .node = RPKI_NODE, | |
156 | .parent_node = CONFIG_NODE, | |
157 | .prompt = "%s(config-rpki)# ", | |
158 | .config_write = config_write, | |
159 | .node_exit = config_on_exit, | |
160 | }; | |
161 | static const struct route_map_rule_cmd route_match_rpki_cmd = { | |
162 | "rpki", route_match, route_match_compile, route_match_free}; | |
163 | ||
164 | static void *malloc_wrapper(size_t size) | |
165 | { | |
166 | return XMALLOC(MTYPE_BGP_RPKI_RTRLIB, size); | |
167 | } | |
168 | ||
169 | static void *realloc_wrapper(void *ptr, size_t size) | |
170 | { | |
171 | return XREALLOC(MTYPE_BGP_RPKI_RTRLIB, ptr, size); | |
172 | } | |
173 | ||
174 | static void free_wrapper(void *ptr) | |
175 | { | |
176 | XFREE(MTYPE_BGP_RPKI_RTRLIB, ptr); | |
177 | } | |
178 | ||
179 | static void init_tr_socket(struct cache *cache) | |
180 | { | |
181 | if (cache->type == TCP) | |
182 | tr_tcp_init(cache->tr_config.tcp_config, | |
183 | cache->tr_socket); | |
184 | #if defined(FOUND_SSH) | |
185 | else | |
186 | tr_ssh_init(cache->tr_config.ssh_config, | |
187 | cache->tr_socket); | |
188 | #endif | |
189 | } | |
190 | ||
191 | static void free_tr_socket(struct cache *cache) | |
192 | { | |
193 | if (cache->type == TCP) | |
194 | tr_tcp_init(cache->tr_config.tcp_config, | |
195 | cache->tr_socket); | |
196 | #if defined(FOUND_SSH) | |
197 | else | |
198 | tr_ssh_init(cache->tr_config.ssh_config, | |
199 | cache->tr_socket); | |
200 | #endif | |
201 | } | |
202 | ||
203 | static int rpki_validate_prefix(struct peer *peer, struct attr *attr, | |
204 | const struct prefix *prefix); | |
205 | ||
206 | static void ipv6_addr_to_network_byte_order(const uint32_t *src, uint32_t *dest) | |
207 | { | |
208 | int i; | |
209 | ||
210 | for (i = 0; i < 4; i++) | |
211 | dest[i] = htonl(src[i]); | |
212 | } | |
213 | ||
214 | static void ipv6_addr_to_host_byte_order(const uint32_t *src, uint32_t *dest) | |
215 | { | |
216 | int i; | |
217 | ||
218 | for (i = 0; i < 4; i++) | |
219 | dest[i] = ntohl(src[i]); | |
220 | } | |
221 | ||
222 | static enum route_map_cmd_result_t route_match(void *rule, | |
223 | const struct prefix *prefix, | |
224 | void *object) | |
225 | { | |
226 | int *rpki_status = rule; | |
227 | struct bgp_path_info *path; | |
228 | ||
229 | path = object; | |
230 | ||
231 | if (rpki_validate_prefix(path->peer, path->attr, prefix) | |
232 | == *rpki_status) { | |
233 | return RMAP_MATCH; | |
234 | } | |
235 | ||
236 | return RMAP_NOMATCH; | |
237 | } | |
238 | ||
239 | static void *route_match_compile(const char *arg) | |
240 | { | |
241 | int *rpki_status; | |
242 | ||
243 | rpki_status = XMALLOC(MTYPE_ROUTE_MAP_COMPILED, sizeof(int)); | |
244 | ||
245 | if (strcmp(arg, "valid") == 0) | |
246 | *rpki_status = RPKI_VALID; | |
247 | else if (strcmp(arg, "invalid") == 0) | |
248 | *rpki_status = RPKI_INVALID; | |
249 | else | |
250 | *rpki_status = RPKI_NOTFOUND; | |
251 | ||
252 | return rpki_status; | |
253 | } | |
254 | ||
255 | static void route_match_free(void *rule) | |
256 | { | |
257 | XFREE(MTYPE_ROUTE_MAP_COMPILED, rule); | |
258 | } | |
259 | ||
260 | static struct rtr_socket *create_rtr_socket(struct tr_socket *tr_socket) | |
261 | { | |
262 | struct rtr_socket *rtr_socket = | |
263 | XMALLOC(MTYPE_BGP_RPKI_CACHE, sizeof(struct rtr_socket)); | |
264 | rtr_socket->tr_socket = tr_socket; | |
265 | return rtr_socket; | |
266 | } | |
267 | ||
268 | static struct cache *find_cache(const uint8_t preference) | |
269 | { | |
270 | struct listnode *cache_node; | |
271 | struct cache *cache; | |
272 | ||
273 | for (ALL_LIST_ELEMENTS_RO(cache_list, cache_node, cache)) { | |
274 | if (cache->preference == preference) | |
275 | return cache; | |
276 | } | |
277 | return NULL; | |
278 | } | |
279 | ||
280 | static void rpki_delete_all_cache_nodes(void) | |
281 | { | |
282 | struct listnode *cache_node, *cache_next; | |
283 | struct cache *cache; | |
284 | ||
285 | for (ALL_LIST_ELEMENTS(cache_list, cache_node, cache_next, cache)) { | |
286 | rtr_mgr_remove_group(rtr_config, cache->preference); | |
287 | listnode_delete(cache_list, cache); | |
288 | } | |
289 | } | |
290 | ||
291 | static void print_record(const struct pfx_record *record, struct vty *vty, | |
292 | json_object *json) | |
293 | { | |
294 | char ip[INET6_ADDRSTRLEN]; | |
295 | json_object *json_record = NULL; | |
296 | ||
297 | lrtr_ip_addr_to_str(&record->prefix, ip, sizeof(ip)); | |
298 | ||
299 | if (!json) { | |
300 | vty_out(vty, "%-40s %3u - %3u %10u\n", ip, record->min_len, | |
301 | record->max_len, record->asn); | |
302 | } else { | |
303 | json_record = json_object_new_object(); | |
304 | json_object_string_add(json_record, "prefix", ip); | |
305 | json_object_int_add(json_record, "prefixLenMin", | |
306 | record->min_len); | |
307 | json_object_int_add(json_record, "prefixLenMax", | |
308 | record->max_len); | |
309 | json_object_int_add(json_record, "asn", record->asn); | |
310 | json_object_array_add(json, json_record); | |
311 | } | |
312 | } | |
313 | ||
314 | static void print_record_by_asn(const struct pfx_record *record, void *data) | |
315 | { | |
316 | struct rpki_for_each_record_arg *arg = data; | |
317 | struct vty *vty = arg->vty; | |
318 | ||
319 | if (record->asn == arg->as) { | |
320 | (*arg->prefix_amount)++; | |
321 | print_record(record, vty, arg->json); | |
322 | } | |
323 | } | |
324 | ||
325 | static void print_record_cb(const struct pfx_record *record, void *data) | |
326 | { | |
327 | struct rpki_for_each_record_arg *arg = data; | |
328 | struct vty *vty = arg->vty; | |
329 | ||
330 | (*arg->prefix_amount)++; | |
331 | ||
332 | print_record(record, vty, arg->json); | |
333 | } | |
334 | ||
335 | static struct rtr_mgr_group *get_groups(void) | |
336 | { | |
337 | struct listnode *cache_node; | |
338 | struct rtr_mgr_group *rtr_mgr_groups; | |
339 | struct cache *cache; | |
340 | ||
341 | int group_count = listcount(cache_list); | |
342 | ||
343 | if (group_count == 0) | |
344 | return NULL; | |
345 | ||
346 | rtr_mgr_groups = XMALLOC(MTYPE_BGP_RPKI_CACHE_GROUP, | |
347 | group_count * sizeof(struct rtr_mgr_group)); | |
348 | ||
349 | size_t i = 0; | |
350 | ||
351 | for (ALL_LIST_ELEMENTS_RO(cache_list, cache_node, cache)) { | |
352 | rtr_mgr_groups[i].sockets = &cache->rtr_socket; | |
353 | rtr_mgr_groups[i].sockets_len = 1; | |
354 | rtr_mgr_groups[i].preference = cache->preference; | |
355 | ||
356 | init_tr_socket(cache); | |
357 | ||
358 | i++; | |
359 | } | |
360 | ||
361 | return rtr_mgr_groups; | |
362 | } | |
363 | ||
364 | inline bool is_synchronized(void) | |
365 | { | |
366 | return rtr_is_synced; | |
367 | } | |
368 | ||
369 | inline bool is_running(void) | |
370 | { | |
371 | return rtr_is_running; | |
372 | } | |
373 | ||
374 | inline bool is_stopping(void) | |
375 | { | |
376 | return rtr_is_stopping; | |
377 | } | |
378 | ||
379 | static struct prefix *pfx_record_to_prefix(struct pfx_record *record) | |
380 | { | |
381 | struct prefix *prefix = prefix_new(); | |
382 | ||
383 | prefix->prefixlen = record->min_len; | |
384 | ||
385 | if (record->prefix.ver == LRTR_IPV4) { | |
386 | prefix->family = AF_INET; | |
387 | prefix->u.prefix4.s_addr = htonl(record->prefix.u.addr4.addr); | |
388 | } else { | |
389 | prefix->family = AF_INET6; | |
390 | ipv6_addr_to_network_byte_order(record->prefix.u.addr6.addr, | |
391 | prefix->u.prefix6.s6_addr32); | |
392 | } | |
393 | ||
394 | return prefix; | |
395 | } | |
396 | ||
397 | static void bgpd_sync_callback(struct thread *thread) | |
398 | { | |
399 | struct bgp *bgp; | |
400 | struct listnode *node; | |
401 | struct prefix *prefix; | |
402 | struct pfx_record rec; | |
403 | ||
404 | thread_add_read(bm->master, bgpd_sync_callback, NULL, | |
405 | rpki_sync_socket_bgpd, NULL); | |
406 | ||
407 | if (atomic_load_explicit(&rtr_update_overflow, memory_order_seq_cst)) { | |
408 | while (read(rpki_sync_socket_bgpd, &rec, | |
409 | sizeof(struct pfx_record)) != -1) | |
410 | ; | |
411 | ||
412 | atomic_store_explicit(&rtr_update_overflow, 0, | |
413 | memory_order_seq_cst); | |
414 | revalidate_all_routes(); | |
415 | return; | |
416 | } | |
417 | ||
418 | int retval = | |
419 | read(rpki_sync_socket_bgpd, &rec, sizeof(struct pfx_record)); | |
420 | if (retval != sizeof(struct pfx_record)) { | |
421 | RPKI_DEBUG("Could not read from rpki_sync_socket_bgpd"); | |
422 | return; | |
423 | } | |
424 | prefix = pfx_record_to_prefix(&rec); | |
425 | ||
426 | afi_t afi = (rec.prefix.ver == LRTR_IPV4) ? AFI_IP : AFI_IP6; | |
427 | ||
428 | for (ALL_LIST_ELEMENTS_RO(bm->bgp, node, bgp)) { | |
429 | safi_t safi; | |
430 | ||
431 | for (safi = SAFI_UNICAST; safi < SAFI_MAX; safi++) { | |
432 | if (!bgp->rib[afi][safi]) | |
433 | continue; | |
434 | ||
435 | struct bgp_dest *match; | |
436 | struct bgp_dest *node; | |
437 | ||
438 | match = bgp_table_subtree_lookup(bgp->rib[afi][safi], | |
439 | prefix); | |
440 | node = match; | |
441 | ||
442 | while (node) { | |
443 | if (bgp_dest_has_bgp_path_info_data(node)) { | |
444 | revalidate_bgp_node(node, afi, safi); | |
445 | } | |
446 | ||
447 | node = bgp_route_next_until(node, match); | |
448 | } | |
449 | } | |
450 | } | |
451 | ||
452 | prefix_free(&prefix); | |
453 | } | |
454 | ||
455 | static void revalidate_bgp_node(struct bgp_dest *bgp_dest, afi_t afi, | |
456 | safi_t safi) | |
457 | { | |
458 | struct bgp_adj_in *ain; | |
459 | ||
460 | for (ain = bgp_dest->adj_in; ain; ain = ain->next) { | |
461 | struct bgp_path_info *path = | |
462 | bgp_dest_get_bgp_path_info(bgp_dest); | |
463 | mpls_label_t *label = NULL; | |
464 | uint32_t num_labels = 0; | |
465 | ||
466 | if (path && path->extra) { | |
467 | label = path->extra->label; | |
468 | num_labels = path->extra->num_labels; | |
469 | } | |
470 | (void)bgp_update(ain->peer, bgp_dest_get_prefix(bgp_dest), | |
471 | ain->addpath_rx_id, ain->attr, afi, safi, | |
472 | ZEBRA_ROUTE_BGP, BGP_ROUTE_NORMAL, NULL, label, | |
473 | num_labels, 1, NULL); | |
474 | } | |
475 | } | |
476 | ||
477 | static void revalidate_all_routes(void) | |
478 | { | |
479 | struct bgp *bgp; | |
480 | struct listnode *node; | |
481 | ||
482 | for (ALL_LIST_ELEMENTS_RO(bm->bgp, node, bgp)) { | |
483 | struct peer *peer; | |
484 | struct listnode *peer_listnode; | |
485 | ||
486 | for (ALL_LIST_ELEMENTS_RO(bgp->peer, peer_listnode, peer)) { | |
487 | ||
488 | for (size_t i = 0; i < 2; i++) { | |
489 | safi_t safi; | |
490 | afi_t afi = (i == 0) ? AFI_IP : AFI_IP6; | |
491 | ||
492 | for (safi = SAFI_UNICAST; safi < SAFI_MAX; | |
493 | safi++) { | |
494 | if (!peer->bgp->rib[afi][safi]) | |
495 | continue; | |
496 | ||
497 | bgp_soft_reconfig_in(peer, afi, safi); | |
498 | } | |
499 | } | |
500 | } | |
501 | } | |
502 | } | |
503 | ||
504 | static void rpki_update_cb_sync_rtr(struct pfx_table *p __attribute__((unused)), | |
505 | const struct pfx_record rec, | |
506 | const bool added __attribute__((unused))) | |
507 | { | |
508 | if (is_stopping() || | |
509 | atomic_load_explicit(&rtr_update_overflow, memory_order_seq_cst)) | |
510 | return; | |
511 | ||
512 | int retval = | |
513 | write(rpki_sync_socket_rtr, &rec, sizeof(struct pfx_record)); | |
514 | if (retval == -1 && (errno == EAGAIN || errno == EWOULDBLOCK)) | |
515 | atomic_store_explicit(&rtr_update_overflow, 1, | |
516 | memory_order_seq_cst); | |
517 | ||
518 | else if (retval != sizeof(struct pfx_record)) | |
519 | RPKI_DEBUG("Could not write to rpki_sync_socket_rtr"); | |
520 | } | |
521 | ||
522 | static void rpki_init_sync_socket(void) | |
523 | { | |
524 | int fds[2]; | |
525 | const char *msg; | |
526 | ||
527 | RPKI_DEBUG("initializing sync socket"); | |
528 | if (socketpair(PF_LOCAL, SOCK_DGRAM, 0, fds) != 0) { | |
529 | msg = "could not open rpki sync socketpair"; | |
530 | goto err; | |
531 | } | |
532 | rpki_sync_socket_rtr = fds[0]; | |
533 | rpki_sync_socket_bgpd = fds[1]; | |
534 | ||
535 | if (set_nonblocking(rpki_sync_socket_rtr) != 0) { | |
536 | msg = "could not set rpki_sync_socket_rtr to non blocking"; | |
537 | goto err; | |
538 | } | |
539 | ||
540 | if (set_nonblocking(rpki_sync_socket_bgpd) != 0) { | |
541 | msg = "could not set rpki_sync_socket_bgpd to non blocking"; | |
542 | goto err; | |
543 | } | |
544 | ||
545 | ||
546 | thread_add_read(bm->master, bgpd_sync_callback, NULL, | |
547 | rpki_sync_socket_bgpd, NULL); | |
548 | ||
549 | return; | |
550 | ||
551 | err: | |
552 | zlog_err("RPKI: %s", msg); | |
553 | abort(); | |
554 | ||
555 | } | |
556 | ||
557 | static int bgp_rpki_init(struct thread_master *master) | |
558 | { | |
559 | rpki_debug = false; | |
560 | rtr_is_running = false; | |
561 | rtr_is_stopping = false; | |
562 | rtr_is_synced = false; | |
563 | ||
564 | cache_list = list_new(); | |
565 | cache_list->del = (void (*)(void *)) & free_cache; | |
566 | ||
567 | polling_period = POLLING_PERIOD_DEFAULT; | |
568 | expire_interval = EXPIRE_INTERVAL_DEFAULT; | |
569 | retry_interval = RETRY_INTERVAL_DEFAULT; | |
570 | install_cli_commands(); | |
571 | rpki_init_sync_socket(); | |
572 | return 0; | |
573 | } | |
574 | ||
575 | static int bgp_rpki_fini(void) | |
576 | { | |
577 | stop(); | |
578 | list_delete(&cache_list); | |
579 | ||
580 | close(rpki_sync_socket_rtr); | |
581 | close(rpki_sync_socket_bgpd); | |
582 | ||
583 | return 0; | |
584 | } | |
585 | ||
586 | static int bgp_rpki_module_init(void) | |
587 | { | |
588 | lrtr_set_alloc_functions(malloc_wrapper, realloc_wrapper, free_wrapper); | |
589 | ||
590 | hook_register(bgp_rpki_prefix_status, rpki_validate_prefix); | |
591 | hook_register(frr_late_init, bgp_rpki_init); | |
592 | hook_register(frr_early_fini, &bgp_rpki_fini); | |
593 | ||
594 | return 0; | |
595 | } | |
596 | ||
597 | static void sync_expired(struct thread *thread) | |
598 | { | |
599 | if (!rtr_mgr_conf_in_sync(rtr_config)) { | |
600 | RPKI_DEBUG("rtr_mgr is not synced, retrying."); | |
601 | thread_add_timer(bm->master, sync_expired, NULL, | |
602 | BGP_RPKI_CACHE_SERVER_SYNC_RETRY_TIMEOUT, | |
603 | &t_rpki_sync); | |
604 | return; | |
605 | } | |
606 | ||
607 | RPKI_DEBUG("rtr_mgr sync is done."); | |
608 | ||
609 | rtr_is_synced = true; | |
610 | } | |
611 | ||
612 | static int start(void) | |
613 | { | |
614 | int ret; | |
615 | ||
616 | rtr_is_stopping = false; | |
617 | rtr_is_synced = false; | |
618 | rtr_update_overflow = 0; | |
619 | ||
620 | if (list_isempty(cache_list)) { | |
621 | RPKI_DEBUG( | |
622 | "No caches were found in config. Prefix validation is off."); | |
623 | return ERROR; | |
624 | } | |
625 | RPKI_DEBUG("Init rtr_mgr."); | |
626 | int groups_len = listcount(cache_list); | |
627 | struct rtr_mgr_group *groups = get_groups(); | |
628 | ||
629 | RPKI_DEBUG("Polling period: %d", polling_period); | |
630 | ret = rtr_mgr_init(&rtr_config, groups, groups_len, polling_period, | |
631 | expire_interval, retry_interval, | |
632 | rpki_update_cb_sync_rtr, NULL, NULL, NULL); | |
633 | if (ret == RTR_ERROR) { | |
634 | RPKI_DEBUG("Init rtr_mgr failed."); | |
635 | return ERROR; | |
636 | } | |
637 | ||
638 | RPKI_DEBUG("Starting rtr_mgr."); | |
639 | ret = rtr_mgr_start(rtr_config); | |
640 | if (ret == RTR_ERROR) { | |
641 | RPKI_DEBUG("Starting rtr_mgr failed."); | |
642 | rtr_mgr_free(rtr_config); | |
643 | return ERROR; | |
644 | } | |
645 | ||
646 | thread_add_timer(bm->master, sync_expired, NULL, 0, &t_rpki_sync); | |
647 | ||
648 | XFREE(MTYPE_BGP_RPKI_CACHE_GROUP, groups); | |
649 | ||
650 | rtr_is_running = true; | |
651 | ||
652 | return SUCCESS; | |
653 | } | |
654 | ||
655 | static void stop(void) | |
656 | { | |
657 | rtr_is_stopping = true; | |
658 | if (is_running()) { | |
659 | THREAD_OFF(t_rpki_sync); | |
660 | rtr_mgr_stop(rtr_config); | |
661 | rtr_mgr_free(rtr_config); | |
662 | rtr_is_running = false; | |
663 | } | |
664 | } | |
665 | ||
666 | static int reset(bool force) | |
667 | { | |
668 | if (is_running() && !force) | |
669 | return SUCCESS; | |
670 | ||
671 | RPKI_DEBUG("Resetting RPKI Session"); | |
672 | stop(); | |
673 | return start(); | |
674 | } | |
675 | ||
676 | static struct rtr_mgr_group *get_connected_group(void) | |
677 | { | |
678 | if (!cache_list || list_isempty(cache_list)) | |
679 | return NULL; | |
680 | ||
681 | return rtr_mgr_get_first_group(rtr_config); | |
682 | } | |
683 | ||
684 | static void print_prefix_table_by_asn(struct vty *vty, as_t as, | |
685 | json_object *json) | |
686 | { | |
687 | unsigned int number_of_ipv4_prefixes = 0; | |
688 | unsigned int number_of_ipv6_prefixes = 0; | |
689 | struct rtr_mgr_group *group = get_connected_group(); | |
690 | struct rpki_for_each_record_arg arg; | |
691 | json_object *json_records = NULL; | |
692 | ||
693 | arg.vty = vty; | |
694 | arg.as = as; | |
695 | arg.json = NULL; | |
696 | ||
697 | if (!group) { | |
698 | if (!json) | |
699 | vty_out(vty, "Cannot find a connected group.\n"); | |
700 | return; | |
701 | } | |
702 | ||
703 | struct pfx_table *pfx_table = group->sockets[0]->pfx_table; | |
704 | ||
705 | if (!json) { | |
706 | vty_out(vty, "RPKI/RTR prefix table\n"); | |
707 | vty_out(vty, "%-40s %s %s\n", "Prefix", "Prefix Length", | |
708 | "Origin-AS"); | |
709 | } else { | |
710 | json_records = json_object_new_array(); | |
711 | json_object_object_add(json, "prefixes", json_records); | |
712 | arg.json = json_records; | |
713 | } | |
714 | ||
715 | arg.prefix_amount = &number_of_ipv4_prefixes; | |
716 | pfx_table_for_each_ipv4_record(pfx_table, print_record_by_asn, &arg); | |
717 | ||
718 | arg.prefix_amount = &number_of_ipv6_prefixes; | |
719 | pfx_table_for_each_ipv6_record(pfx_table, print_record_by_asn, &arg); | |
720 | ||
721 | if (!json) { | |
722 | vty_out(vty, "Number of IPv4 Prefixes: %u\n", | |
723 | number_of_ipv4_prefixes); | |
724 | vty_out(vty, "Number of IPv6 Prefixes: %u\n", | |
725 | number_of_ipv6_prefixes); | |
726 | } else { | |
727 | json_object_int_add(json, "ipv4PrefixCount", | |
728 | number_of_ipv4_prefixes); | |
729 | json_object_int_add(json, "ipv6PrefixCount", | |
730 | number_of_ipv6_prefixes); | |
731 | } | |
732 | ||
733 | if (json) | |
734 | vty_json(vty, json); | |
735 | } | |
736 | ||
737 | static void print_prefix_table(struct vty *vty, json_object *json) | |
738 | { | |
739 | struct rpki_for_each_record_arg arg; | |
740 | ||
741 | unsigned int number_of_ipv4_prefixes = 0; | |
742 | unsigned int number_of_ipv6_prefixes = 0; | |
743 | struct rtr_mgr_group *group = get_connected_group(); | |
744 | json_object *json_records = NULL; | |
745 | ||
746 | arg.vty = vty; | |
747 | arg.json = NULL; | |
748 | ||
749 | if (!group) { | |
750 | if (!json) | |
751 | vty_out(vty, "Cannot find a connected group.\n"); | |
752 | return; | |
753 | } | |
754 | ||
755 | struct pfx_table *pfx_table = group->sockets[0]->pfx_table; | |
756 | ||
757 | if (!json) { | |
758 | vty_out(vty, "RPKI/RTR prefix table\n"); | |
759 | vty_out(vty, "%-40s %s %s\n", "Prefix", "Prefix Length", | |
760 | "Origin-AS"); | |
761 | } else { | |
762 | json_records = json_object_new_array(); | |
763 | json_object_object_add(json, "prefixes", json_records); | |
764 | arg.json = json_records; | |
765 | } | |
766 | ||
767 | arg.prefix_amount = &number_of_ipv4_prefixes; | |
768 | pfx_table_for_each_ipv4_record(pfx_table, print_record_cb, &arg); | |
769 | ||
770 | arg.prefix_amount = &number_of_ipv6_prefixes; | |
771 | pfx_table_for_each_ipv6_record(pfx_table, print_record_cb, &arg); | |
772 | ||
773 | if (!json) { | |
774 | vty_out(vty, "Number of IPv4 Prefixes: %u\n", | |
775 | number_of_ipv4_prefixes); | |
776 | vty_out(vty, "Number of IPv6 Prefixes: %u\n", | |
777 | number_of_ipv6_prefixes); | |
778 | } else { | |
779 | json_object_int_add(json, "ipv4PrefixCount", | |
780 | number_of_ipv4_prefixes); | |
781 | json_object_int_add(json, "ipv6PrefixCount", | |
782 | number_of_ipv6_prefixes); | |
783 | } | |
784 | ||
785 | if (json) | |
786 | vty_json(vty, json); | |
787 | } | |
788 | ||
789 | static int rpki_validate_prefix(struct peer *peer, struct attr *attr, | |
790 | const struct prefix *prefix) | |
791 | { | |
792 | struct assegment *as_segment; | |
793 | as_t as_number = 0; | |
794 | struct lrtr_ip_addr ip_addr_prefix; | |
795 | enum pfxv_state result; | |
796 | ||
797 | if (!is_synchronized()) | |
798 | return RPKI_NOT_BEING_USED; | |
799 | ||
800 | // No aspath means route comes from iBGP | |
801 | if (!attr->aspath || !attr->aspath->segments) { | |
802 | // Set own as number | |
803 | as_number = peer->bgp->as; | |
804 | } else { | |
805 | as_segment = attr->aspath->segments; | |
806 | // Find last AsSegment | |
807 | while (as_segment->next) | |
808 | as_segment = as_segment->next; | |
809 | ||
810 | if (as_segment->type == AS_SEQUENCE) { | |
811 | // Get rightmost asn | |
812 | as_number = as_segment->as[as_segment->length - 1]; | |
813 | } else if (as_segment->type == AS_CONFED_SEQUENCE | |
814 | || as_segment->type == AS_CONFED_SET) { | |
815 | // Set own as number | |
816 | as_number = peer->bgp->as; | |
817 | } else { | |
818 | // RFC says: "Take distinguished value NONE as asn" | |
819 | // which means state is unknown | |
820 | return RPKI_NOTFOUND; | |
821 | } | |
822 | } | |
823 | ||
824 | // Get the prefix in requested format | |
825 | switch (prefix->family) { | |
826 | case AF_INET: | |
827 | ip_addr_prefix.ver = LRTR_IPV4; | |
828 | ip_addr_prefix.u.addr4.addr = ntohl(prefix->u.prefix4.s_addr); | |
829 | break; | |
830 | ||
831 | case AF_INET6: | |
832 | ip_addr_prefix.ver = LRTR_IPV6; | |
833 | ipv6_addr_to_host_byte_order(prefix->u.prefix6.s6_addr32, | |
834 | ip_addr_prefix.u.addr6.addr); | |
835 | break; | |
836 | ||
837 | default: | |
838 | return RPKI_NOT_BEING_USED; | |
839 | } | |
840 | ||
841 | // Do the actual validation | |
842 | rtr_mgr_validate(rtr_config, as_number, &ip_addr_prefix, | |
843 | prefix->prefixlen, &result); | |
844 | ||
845 | // Print Debug output | |
846 | switch (result) { | |
847 | case BGP_PFXV_STATE_VALID: | |
848 | RPKI_DEBUG( | |
849 | "Validating Prefix %pFX from asn %u Result: VALID", | |
850 | prefix, as_number); | |
851 | return RPKI_VALID; | |
852 | case BGP_PFXV_STATE_NOT_FOUND: | |
853 | RPKI_DEBUG( | |
854 | "Validating Prefix %pFX from asn %u Result: NOT FOUND", | |
855 | prefix, as_number); | |
856 | return RPKI_NOTFOUND; | |
857 | case BGP_PFXV_STATE_INVALID: | |
858 | RPKI_DEBUG( | |
859 | "Validating Prefix %pFX from asn %u Result: INVALID", | |
860 | prefix, as_number); | |
861 | return RPKI_INVALID; | |
862 | default: | |
863 | RPKI_DEBUG( | |
864 | "Validating Prefix %pFX from asn %u Result: CANNOT VALIDATE", | |
865 | prefix, as_number); | |
866 | break; | |
867 | } | |
868 | return RPKI_NOT_BEING_USED; | |
869 | } | |
870 | ||
871 | static int add_cache(struct cache *cache) | |
872 | { | |
873 | uint8_t preference = cache->preference; | |
874 | struct rtr_mgr_group group; | |
875 | ||
876 | group.preference = preference; | |
877 | group.sockets_len = 1; | |
878 | group.sockets = &cache->rtr_socket; | |
879 | ||
880 | if (is_running()) { | |
881 | init_tr_socket(cache); | |
882 | ||
883 | if (rtr_mgr_add_group(rtr_config, &group) != RTR_SUCCESS) { | |
884 | free_tr_socket(cache); | |
885 | return ERROR; | |
886 | } | |
887 | } | |
888 | ||
889 | listnode_add(cache_list, cache); | |
890 | ||
891 | return SUCCESS; | |
892 | } | |
893 | ||
894 | static int add_tcp_cache(const char *host, const char *port, | |
895 | const uint8_t preference, const char *bindaddr) | |
896 | { | |
897 | struct rtr_socket *rtr_socket; | |
898 | struct tr_tcp_config *tcp_config = | |
899 | XCALLOC(MTYPE_BGP_RPKI_CACHE, sizeof(struct tr_tcp_config)); | |
900 | struct tr_socket *tr_socket = | |
901 | XMALLOC(MTYPE_BGP_RPKI_CACHE, sizeof(struct tr_socket)); | |
902 | struct cache *cache = | |
903 | XMALLOC(MTYPE_BGP_RPKI_CACHE, sizeof(struct cache)); | |
904 | ||
905 | tcp_config->host = XSTRDUP(MTYPE_BGP_RPKI_CACHE, host); | |
906 | tcp_config->port = XSTRDUP(MTYPE_BGP_RPKI_CACHE, port); | |
907 | if (bindaddr) | |
908 | tcp_config->bindaddr = XSTRDUP(MTYPE_BGP_RPKI_CACHE, bindaddr); | |
909 | else | |
910 | tcp_config->bindaddr = NULL; | |
911 | ||
912 | rtr_socket = create_rtr_socket(tr_socket); | |
913 | ||
914 | cache->type = TCP; | |
915 | cache->tr_socket = tr_socket; | |
916 | cache->tr_config.tcp_config = tcp_config; | |
917 | cache->rtr_socket = rtr_socket; | |
918 | cache->preference = preference; | |
919 | ||
920 | int ret = add_cache(cache); | |
921 | if (ret != SUCCESS) { | |
922 | free_cache(cache); | |
923 | } | |
924 | ||
925 | return ret; | |
926 | } | |
927 | ||
928 | #if defined(FOUND_SSH) | |
929 | static int add_ssh_cache(const char *host, const unsigned int port, | |
930 | const char *username, const char *client_privkey_path, | |
931 | const char *client_pubkey_path, | |
932 | const char *server_pubkey_path, | |
933 | const uint8_t preference, const char *bindaddr) | |
934 | { | |
935 | struct tr_ssh_config *ssh_config = | |
936 | XCALLOC(MTYPE_BGP_RPKI_CACHE, sizeof(struct tr_ssh_config)); | |
937 | struct cache *cache = | |
938 | XMALLOC(MTYPE_BGP_RPKI_CACHE, sizeof(struct cache)); | |
939 | struct tr_socket *tr_socket = | |
940 | XMALLOC(MTYPE_BGP_RPKI_CACHE, sizeof(struct tr_socket)); | |
941 | struct rtr_socket *rtr_socket; | |
942 | ||
943 | ssh_config->port = port; | |
944 | ssh_config->host = XSTRDUP(MTYPE_BGP_RPKI_CACHE, host); | |
945 | if (bindaddr) | |
946 | ssh_config->bindaddr = XSTRDUP(MTYPE_BGP_RPKI_CACHE, bindaddr); | |
947 | else | |
948 | ssh_config->bindaddr = NULL; | |
949 | ||
950 | ssh_config->username = XSTRDUP(MTYPE_BGP_RPKI_CACHE, username); | |
951 | ssh_config->client_privkey_path = | |
952 | XSTRDUP(MTYPE_BGP_RPKI_CACHE, client_privkey_path); | |
953 | ssh_config->server_hostkey_path = | |
954 | XSTRDUP(MTYPE_BGP_RPKI_CACHE, server_pubkey_path); | |
955 | ||
956 | rtr_socket = create_rtr_socket(tr_socket); | |
957 | ||
958 | cache->type = SSH; | |
959 | cache->tr_socket = tr_socket; | |
960 | cache->tr_config.ssh_config = ssh_config; | |
961 | cache->rtr_socket = rtr_socket; | |
962 | cache->preference = preference; | |
963 | ||
964 | int ret = add_cache(cache); | |
965 | if (ret != SUCCESS) { | |
966 | free_cache(cache); | |
967 | } | |
968 | ||
969 | return ret; | |
970 | } | |
971 | #endif | |
972 | ||
973 | static void free_cache(struct cache *cache) | |
974 | { | |
975 | if (cache->type == TCP) { | |
976 | XFREE(MTYPE_BGP_RPKI_CACHE, cache->tr_config.tcp_config->host); | |
977 | XFREE(MTYPE_BGP_RPKI_CACHE, cache->tr_config.tcp_config->port); | |
978 | XFREE(MTYPE_BGP_RPKI_CACHE, | |
979 | cache->tr_config.tcp_config->bindaddr); | |
980 | XFREE(MTYPE_BGP_RPKI_CACHE, cache->tr_config.tcp_config); | |
981 | } | |
982 | #if defined(FOUND_SSH) | |
983 | else { | |
984 | XFREE(MTYPE_BGP_RPKI_CACHE, cache->tr_config.ssh_config->host); | |
985 | XFREE(MTYPE_BGP_RPKI_CACHE, | |
986 | cache->tr_config.ssh_config->username); | |
987 | XFREE(MTYPE_BGP_RPKI_CACHE, | |
988 | cache->tr_config.ssh_config->client_privkey_path); | |
989 | XFREE(MTYPE_BGP_RPKI_CACHE, | |
990 | cache->tr_config.ssh_config->server_hostkey_path); | |
991 | XFREE(MTYPE_BGP_RPKI_CACHE, | |
992 | cache->tr_config.ssh_config->bindaddr); | |
993 | XFREE(MTYPE_BGP_RPKI_CACHE, cache->tr_config.ssh_config); | |
994 | } | |
995 | #endif | |
996 | XFREE(MTYPE_BGP_RPKI_CACHE, cache->tr_socket); | |
997 | XFREE(MTYPE_BGP_RPKI_CACHE, cache->rtr_socket); | |
998 | XFREE(MTYPE_BGP_RPKI_CACHE, cache); | |
999 | } | |
1000 | ||
1001 | static int config_write(struct vty *vty) | |
1002 | { | |
1003 | struct listnode *cache_node; | |
1004 | struct cache *cache; | |
1005 | ||
1006 | if (!listcount(cache_list)) | |
1007 | return 0; | |
1008 | ||
1009 | if (rpki_debug) | |
1010 | vty_out(vty, "debug rpki\n"); | |
1011 | ||
1012 | vty_out(vty, "!\n"); | |
1013 | vty_out(vty, "rpki\n"); | |
1014 | vty_out(vty, " rpki polling_period %d\n", polling_period); | |
1015 | ||
1016 | if (retry_interval != RETRY_INTERVAL_DEFAULT) | |
1017 | vty_out(vty, " rpki retry_interval %d\n", retry_interval); | |
1018 | if (expire_interval != EXPIRE_INTERVAL_DEFAULT) | |
1019 | vty_out(vty, " rpki expire_interval %d\n", expire_interval); | |
1020 | ||
1021 | for (ALL_LIST_ELEMENTS_RO(cache_list, cache_node, cache)) { | |
1022 | switch (cache->type) { | |
1023 | struct tr_tcp_config *tcp_config; | |
1024 | #if defined(FOUND_SSH) | |
1025 | struct tr_ssh_config *ssh_config; | |
1026 | #endif | |
1027 | case TCP: | |
1028 | tcp_config = cache->tr_config.tcp_config; | |
1029 | vty_out(vty, " rpki cache %s %s ", tcp_config->host, | |
1030 | tcp_config->port); | |
1031 | if (tcp_config->bindaddr) | |
1032 | vty_out(vty, "source %s ", | |
1033 | tcp_config->bindaddr); | |
1034 | break; | |
1035 | #if defined(FOUND_SSH) | |
1036 | case SSH: | |
1037 | ssh_config = cache->tr_config.ssh_config; | |
1038 | vty_out(vty, " rpki cache %s %u %s %s %s ", | |
1039 | ssh_config->host, ssh_config->port, | |
1040 | ssh_config->username, | |
1041 | ssh_config->client_privkey_path, | |
1042 | ssh_config->server_hostkey_path != NULL | |
1043 | ? ssh_config->server_hostkey_path | |
1044 | : " "); | |
1045 | if (ssh_config->bindaddr) | |
1046 | vty_out(vty, "source %s ", | |
1047 | ssh_config->bindaddr); | |
1048 | break; | |
1049 | #endif | |
1050 | default: | |
1051 | break; | |
1052 | } | |
1053 | ||
1054 | vty_out(vty, "preference %hhu\n", cache->preference); | |
1055 | } | |
1056 | vty_out(vty, "exit\n"); | |
1057 | ||
1058 | return 1; | |
1059 | } | |
1060 | ||
1061 | DEFUN_NOSH (rpki, | |
1062 | rpki_cmd, | |
1063 | "rpki", | |
1064 | "Enable rpki and enter rpki configuration mode\n") | |
1065 | { | |
1066 | vty->node = RPKI_NODE; | |
1067 | return CMD_SUCCESS; | |
1068 | } | |
1069 | ||
1070 | DEFPY (no_rpki, | |
1071 | no_rpki_cmd, | |
1072 | "no rpki", | |
1073 | NO_STR | |
1074 | "Enable rpki and enter rpki configuration mode\n") | |
1075 | { | |
1076 | rpki_delete_all_cache_nodes(); | |
1077 | stop(); | |
1078 | return CMD_SUCCESS; | |
1079 | } | |
1080 | ||
1081 | DEFUN (bgp_rpki_start, | |
1082 | bgp_rpki_start_cmd, | |
1083 | "rpki start", | |
1084 | RPKI_OUTPUT_STRING | |
1085 | "start rpki support\n") | |
1086 | { | |
1087 | if (listcount(cache_list) == 0) | |
1088 | vty_out(vty, | |
1089 | "Could not start rpki because no caches are configured\n"); | |
1090 | ||
1091 | if (!is_running()) { | |
1092 | if (start() == ERROR) { | |
1093 | RPKI_DEBUG("RPKI failed to start"); | |
1094 | return CMD_WARNING; | |
1095 | } | |
1096 | } | |
1097 | return CMD_SUCCESS; | |
1098 | } | |
1099 | ||
1100 | DEFUN (bgp_rpki_stop, | |
1101 | bgp_rpki_stop_cmd, | |
1102 | "rpki stop", | |
1103 | RPKI_OUTPUT_STRING | |
1104 | "start rpki support\n") | |
1105 | { | |
1106 | if (is_running()) | |
1107 | stop(); | |
1108 | ||
1109 | return CMD_SUCCESS; | |
1110 | } | |
1111 | ||
1112 | DEFPY (rpki_polling_period, | |
1113 | rpki_polling_period_cmd, | |
1114 | "rpki polling_period (1-86400)$pp", | |
1115 | RPKI_OUTPUT_STRING | |
1116 | "Set polling period\n" | |
1117 | "Polling period value\n") | |
1118 | { | |
1119 | polling_period = pp; | |
1120 | return CMD_SUCCESS; | |
1121 | } | |
1122 | ||
1123 | DEFUN (no_rpki_polling_period, | |
1124 | no_rpki_polling_period_cmd, | |
1125 | "no rpki polling_period [(1-86400)]", | |
1126 | NO_STR | |
1127 | RPKI_OUTPUT_STRING | |
1128 | "Set polling period back to default\n" | |
1129 | "Polling period value\n") | |
1130 | { | |
1131 | polling_period = POLLING_PERIOD_DEFAULT; | |
1132 | return CMD_SUCCESS; | |
1133 | } | |
1134 | ||
1135 | DEFPY (rpki_expire_interval, | |
1136 | rpki_expire_interval_cmd, | |
1137 | "rpki expire_interval (600-172800)$tmp", | |
1138 | RPKI_OUTPUT_STRING | |
1139 | "Set expire interval\n" | |
1140 | "Expire interval value\n") | |
1141 | { | |
1142 | if ((unsigned int)tmp >= polling_period) { | |
1143 | expire_interval = tmp; | |
1144 | return CMD_SUCCESS; | |
1145 | } | |
1146 | ||
1147 | vty_out(vty, "%% Expiry interval must be polling period or larger\n"); | |
1148 | return CMD_WARNING_CONFIG_FAILED; | |
1149 | } | |
1150 | ||
1151 | DEFUN (no_rpki_expire_interval, | |
1152 | no_rpki_expire_interval_cmd, | |
1153 | "no rpki expire_interval [(600-172800)]", | |
1154 | NO_STR | |
1155 | RPKI_OUTPUT_STRING | |
1156 | "Set expire interval back to default\n" | |
1157 | "Expire interval value\n") | |
1158 | { | |
1159 | expire_interval = polling_period * 2; | |
1160 | return CMD_SUCCESS; | |
1161 | } | |
1162 | ||
1163 | DEFPY (rpki_retry_interval, | |
1164 | rpki_retry_interval_cmd, | |
1165 | "rpki retry_interval (1-7200)$tmp", | |
1166 | RPKI_OUTPUT_STRING | |
1167 | "Set retry interval\n" | |
1168 | "retry interval value\n") | |
1169 | { | |
1170 | retry_interval = tmp; | |
1171 | return CMD_SUCCESS; | |
1172 | } | |
1173 | ||
1174 | DEFUN (no_rpki_retry_interval, | |
1175 | no_rpki_retry_interval_cmd, | |
1176 | "no rpki retry_interval [(1-7200)]", | |
1177 | NO_STR | |
1178 | RPKI_OUTPUT_STRING | |
1179 | "Set retry interval back to default\n" | |
1180 | "retry interval value\n") | |
1181 | { | |
1182 | retry_interval = RETRY_INTERVAL_DEFAULT; | |
1183 | return CMD_SUCCESS; | |
1184 | } | |
1185 | ||
1186 | DEFPY(rpki_cache, rpki_cache_cmd, | |
1187 | "rpki cache <A.B.C.D|WORD> <TCPPORT|(1-65535)$sshport SSH_UNAME SSH_PRIVKEY SSH_PUBKEY [SERVER_PUBKEY]> [source <A.B.C.D>$bindaddr] preference (1-255)", | |
1188 | RPKI_OUTPUT_STRING | |
1189 | "Install a cache server to current group\n" | |
1190 | "IP address of cache server\n Hostname of cache server\n" | |
1191 | "TCP port number\n" | |
1192 | "SSH port number\n" | |
1193 | "SSH user name\n" | |
1194 | "Path to own SSH private key\n" | |
1195 | "Path to own SSH public key\n" | |
1196 | "Path to Public key of cache server\n" | |
1197 | "Configure source IP address of RPKI connection\n" | |
1198 | "Define a Source IP Address\n" | |
1199 | "Preference of the cache server\n" | |
1200 | "Preference value\n") | |
1201 | { | |
1202 | int return_value; | |
1203 | struct listnode *cache_node; | |
1204 | struct cache *current_cache; | |
1205 | ||
1206 | for (ALL_LIST_ELEMENTS_RO(cache_list, cache_node, current_cache)) { | |
1207 | if (current_cache->preference == preference) { | |
1208 | vty_out(vty, | |
1209 | "Cache with preference %ld is already configured\n", | |
1210 | preference); | |
1211 | return CMD_WARNING; | |
1212 | } | |
1213 | } | |
1214 | ||
1215 | ||
1216 | // use ssh connection | |
1217 | if (ssh_uname) { | |
1218 | #if defined(FOUND_SSH) | |
1219 | return_value = add_ssh_cache( | |
1220 | cache, sshport, ssh_uname, ssh_privkey, ssh_pubkey, | |
1221 | server_pubkey, preference, bindaddr_str); | |
1222 | #else | |
1223 | return_value = SUCCESS; | |
1224 | vty_out(vty, | |
1225 | "ssh sockets are not supported. Please recompile rtrlib and frr with ssh support. If you want to use it\n"); | |
1226 | #endif | |
1227 | } else { // use tcp connection | |
1228 | return_value = | |
1229 | add_tcp_cache(cache, tcpport, preference, bindaddr_str); | |
1230 | } | |
1231 | ||
1232 | if (return_value == ERROR) { | |
1233 | vty_out(vty, "Could not create new rpki cache\n"); | |
1234 | return CMD_WARNING; | |
1235 | } | |
1236 | ||
1237 | return CMD_SUCCESS; | |
1238 | } | |
1239 | ||
1240 | DEFPY (no_rpki_cache, | |
1241 | no_rpki_cache_cmd, | |
1242 | "no rpki cache <A.B.C.D|WORD> <TCPPORT|(1-65535)$sshport SSH_UNAME SSH_PRIVKEY SSH_PUBKEY [SERVER_PUBKEY]> [source <A.B.C.D>$bindaddr] preference (1-255)", | |
1243 | NO_STR | |
1244 | RPKI_OUTPUT_STRING | |
1245 | "Install a cache server to current group\n" | |
1246 | "IP address of cache server\n Hostname of cache server\n" | |
1247 | "TCP port number\n" | |
1248 | "SSH port number\n" | |
1249 | "SSH user name\n" | |
1250 | "Path to own SSH private key\n" | |
1251 | "Path to own SSH public key\n" | |
1252 | "Path to Public key of cache server\n" | |
1253 | "Configure source IP address of RPKI connection\n" | |
1254 | "Define a Source IP Address\n" | |
1255 | "Preference of the cache server\n" | |
1256 | "Preference value\n") | |
1257 | { | |
1258 | struct cache *cache_p = find_cache(preference); | |
1259 | ||
1260 | if (!cache_p) { | |
1261 | vty_out(vty, "Could not find cache %ld\n", preference); | |
1262 | return CMD_WARNING; | |
1263 | } | |
1264 | ||
1265 | if (is_running() && listcount(cache_list) == 1) { | |
1266 | stop(); | |
1267 | } else if (is_running()) { | |
1268 | if (rtr_mgr_remove_group(rtr_config, preference) == RTR_ERROR) { | |
1269 | vty_out(vty, "Could not remove cache %ld", preference); | |
1270 | ||
1271 | vty_out(vty, "\n"); | |
1272 | return CMD_WARNING; | |
1273 | } | |
1274 | } | |
1275 | ||
1276 | listnode_delete(cache_list, cache_p); | |
1277 | free_cache(cache_p); | |
1278 | ||
1279 | return CMD_SUCCESS; | |
1280 | } | |
1281 | ||
1282 | DEFPY (show_rpki_prefix_table, | |
1283 | show_rpki_prefix_table_cmd, | |
1284 | "show rpki prefix-table [json$uj]", | |
1285 | SHOW_STR | |
1286 | RPKI_OUTPUT_STRING | |
1287 | "Show validated prefixes which were received from RPKI Cache\n" | |
1288 | JSON_STR) | |
1289 | { | |
1290 | struct json_object *json = NULL; | |
1291 | ||
1292 | if (!is_synchronized()) { | |
1293 | if (!uj) | |
1294 | vty_out(vty, "No connection to RPKI cache server.\n"); | |
1295 | return CMD_WARNING; | |
1296 | } | |
1297 | ||
1298 | if (uj) | |
1299 | json = json_object_new_object(); | |
1300 | ||
1301 | print_prefix_table(vty, json); | |
1302 | return CMD_SUCCESS; | |
1303 | } | |
1304 | ||
1305 | DEFPY (show_rpki_as_number, | |
1306 | show_rpki_as_number_cmd, | |
1307 | "show rpki as-number (1-4294967295)$by_asn [json$uj]", | |
1308 | SHOW_STR | |
1309 | RPKI_OUTPUT_STRING | |
1310 | "Lookup by ASN in prefix table\n" | |
1311 | "AS Number\n" | |
1312 | JSON_STR) | |
1313 | { | |
1314 | struct json_object *json = NULL; | |
1315 | ||
1316 | if (!is_synchronized()) { | |
1317 | if (!uj) | |
1318 | vty_out(vty, "No Connection to RPKI cache server.\n"); | |
1319 | return CMD_WARNING; | |
1320 | } | |
1321 | ||
1322 | if (uj) | |
1323 | json = json_object_new_object(); | |
1324 | ||
1325 | print_prefix_table_by_asn(vty, by_asn, json); | |
1326 | return CMD_SUCCESS; | |
1327 | } | |
1328 | ||
1329 | DEFPY (show_rpki_prefix, | |
1330 | show_rpki_prefix_cmd, | |
1331 | "show rpki prefix <A.B.C.D/M|X:X::X:X/M> [(1-4294967295)$asn] [json$uj]", | |
1332 | SHOW_STR | |
1333 | RPKI_OUTPUT_STRING | |
1334 | "Lookup IP prefix and optionally ASN in prefix table\n" | |
1335 | "IPv4 prefix\n" | |
1336 | "IPv6 prefix\n" | |
1337 | "AS Number\n" | |
1338 | JSON_STR) | |
1339 | { | |
1340 | json_object *json = NULL; | |
1341 | json_object *json_records = NULL; | |
1342 | ||
1343 | if (!is_synchronized()) { | |
1344 | if (!uj) | |
1345 | vty_out(vty, "No Connection to RPKI cache server.\n"); | |
1346 | return CMD_WARNING; | |
1347 | } | |
1348 | ||
1349 | struct lrtr_ip_addr addr; | |
1350 | char addr_str[INET6_ADDRSTRLEN]; | |
1351 | size_t addr_len = strchr(prefix_str, '/') - prefix_str; | |
1352 | ||
1353 | memset(addr_str, 0, sizeof(addr_str)); | |
1354 | memcpy(addr_str, prefix_str, addr_len); | |
1355 | ||
1356 | if (lrtr_ip_str_to_addr(addr_str, &addr) != 0) { | |
1357 | if (!json) | |
1358 | vty_out(vty, "Invalid IP prefix\n"); | |
1359 | return CMD_WARNING; | |
1360 | } | |
1361 | ||
1362 | struct pfx_record *matches = NULL; | |
1363 | unsigned int match_count = 0; | |
1364 | enum pfxv_state result; | |
1365 | ||
1366 | if (pfx_table_validate_r(rtr_config->pfx_table, &matches, &match_count, | |
1367 | asn, &addr, prefix->prefixlen, &result) | |
1368 | != PFX_SUCCESS) { | |
1369 | if (!json) | |
1370 | vty_out(vty, "Prefix lookup failed\n"); | |
1371 | return CMD_WARNING; | |
1372 | } | |
1373 | ||
1374 | if (uj) | |
1375 | json = json_object_new_object(); | |
1376 | ||
1377 | if (!json) { | |
1378 | vty_out(vty, "%-40s %s %s\n", "Prefix", "Prefix Length", | |
1379 | "Origin-AS"); | |
1380 | } else { | |
1381 | json_records = json_object_new_array(); | |
1382 | json_object_object_add(json, "prefixes", json_records); | |
1383 | } | |
1384 | ||
1385 | for (size_t i = 0; i < match_count; ++i) { | |
1386 | const struct pfx_record *record = &matches[i]; | |
1387 | ||
1388 | if (record->max_len >= prefix->prefixlen | |
1389 | && ((asn != 0 && (uint32_t)asn == record->asn) | |
1390 | || asn == 0)) { | |
1391 | print_record(&matches[i], vty, json_records); | |
1392 | } | |
1393 | } | |
1394 | ||
1395 | if (json) | |
1396 | vty_json(vty, json); | |
1397 | ||
1398 | return CMD_SUCCESS; | |
1399 | } | |
1400 | ||
1401 | DEFPY (show_rpki_cache_server, | |
1402 | show_rpki_cache_server_cmd, | |
1403 | "show rpki cache-server [json$uj]", | |
1404 | SHOW_STR | |
1405 | RPKI_OUTPUT_STRING | |
1406 | "Show configured cache server\n" | |
1407 | JSON_STR) | |
1408 | { | |
1409 | struct json_object *json = NULL; | |
1410 | struct json_object *json_server = NULL; | |
1411 | struct json_object *json_servers = NULL; | |
1412 | struct listnode *cache_node; | |
1413 | struct cache *cache; | |
1414 | ||
1415 | if (uj) { | |
1416 | json = json_object_new_object(); | |
1417 | json_servers = json_object_new_array(); | |
1418 | json_object_object_add(json, "servers", json_servers); | |
1419 | } | |
1420 | ||
1421 | for (ALL_LIST_ELEMENTS_RO(cache_list, cache_node, cache)) { | |
1422 | if (cache->type == TCP) { | |
1423 | if (!json) { | |
1424 | vty_out(vty, "host: %s port: %s\n", | |
1425 | cache->tr_config.tcp_config->host, | |
1426 | cache->tr_config.tcp_config->port); | |
1427 | } else { | |
1428 | json_server = json_object_new_object(); | |
1429 | json_object_string_add(json_server, "mode", | |
1430 | "tcp"); | |
1431 | json_object_string_add( | |
1432 | json_server, "host", | |
1433 | cache->tr_config.tcp_config->host); | |
1434 | json_object_string_add( | |
1435 | json_server, "port", | |
1436 | cache->tr_config.tcp_config->port); | |
1437 | json_object_array_add(json_servers, | |
1438 | json_server); | |
1439 | } | |
1440 | ||
1441 | #if defined(FOUND_SSH) | |
1442 | } else if (cache->type == SSH) { | |
1443 | if (!json) { | |
1444 | vty_out(vty, | |
1445 | "host: %s port: %d username: %s server_hostkey_path: %s client_privkey_path: %s\n", | |
1446 | cache->tr_config.ssh_config->host, | |
1447 | cache->tr_config.ssh_config->port, | |
1448 | cache->tr_config.ssh_config->username, | |
1449 | cache->tr_config.ssh_config | |
1450 | ->server_hostkey_path, | |
1451 | cache->tr_config.ssh_config | |
1452 | ->client_privkey_path); | |
1453 | } else { | |
1454 | json_server = json_object_new_object(); | |
1455 | json_object_string_add(json_server, "mode", | |
1456 | "ssh"); | |
1457 | json_object_string_add( | |
1458 | json_server, "host", | |
1459 | cache->tr_config.ssh_config->host); | |
1460 | json_object_int_add( | |
1461 | json_server, "port", | |
1462 | cache->tr_config.ssh_config->port); | |
1463 | json_object_string_add( | |
1464 | json_server, "username", | |
1465 | cache->tr_config.ssh_config->username); | |
1466 | json_object_string_add( | |
1467 | json_server, "serverHostkeyPath", | |
1468 | cache->tr_config.ssh_config | |
1469 | ->server_hostkey_path); | |
1470 | json_object_string_add( | |
1471 | json_server, "clientPrivkeyPath", | |
1472 | cache->tr_config.ssh_config | |
1473 | ->client_privkey_path); | |
1474 | json_object_array_add(json_servers, | |
1475 | json_server); | |
1476 | } | |
1477 | #endif | |
1478 | } | |
1479 | } | |
1480 | ||
1481 | if (json) | |
1482 | vty_json(vty, json); | |
1483 | ||
1484 | return CMD_SUCCESS; | |
1485 | } | |
1486 | ||
1487 | DEFPY (show_rpki_cache_connection, | |
1488 | show_rpki_cache_connection_cmd, | |
1489 | "show rpki cache-connection [json$uj]", | |
1490 | SHOW_STR | |
1491 | RPKI_OUTPUT_STRING | |
1492 | "Show to which RPKI Cache Servers we have a connection\n" | |
1493 | JSON_STR) | |
1494 | { | |
1495 | struct json_object *json = NULL; | |
1496 | struct json_object *json_conn = NULL; | |
1497 | struct json_object *json_conns = NULL; | |
1498 | struct listnode *cache_node; | |
1499 | struct cache *cache; | |
1500 | struct rtr_mgr_group *group; | |
1501 | ||
1502 | if (uj) | |
1503 | json = json_object_new_object(); | |
1504 | ||
1505 | if (!is_synchronized()) { | |
1506 | if (!json) | |
1507 | vty_out(vty, "No connection to RPKI cache server.\n"); | |
1508 | else | |
1509 | vty_json(vty, json); | |
1510 | ||
1511 | return CMD_SUCCESS; | |
1512 | } | |
1513 | ||
1514 | group = get_connected_group(); | |
1515 | if (!group) { | |
1516 | if (!json) | |
1517 | vty_out(vty, "Cannot find a connected group.\n"); | |
1518 | else | |
1519 | vty_json(vty, json); | |
1520 | ||
1521 | return CMD_SUCCESS; | |
1522 | } | |
1523 | ||
1524 | if (!json) { | |
1525 | vty_out(vty, "Connected to group %d\n", group->preference); | |
1526 | } else { | |
1527 | json_conns = json_object_new_array(); | |
1528 | json_object_int_add(json, "connectedGroup", group->preference); | |
1529 | json_object_object_add(json, "connections", json_conns); | |
1530 | } | |
1531 | ||
1532 | for (ALL_LIST_ELEMENTS_RO(cache_list, cache_node, cache)) { | |
1533 | struct tr_tcp_config *tcp_config; | |
1534 | #if defined(FOUND_SSH) | |
1535 | struct tr_ssh_config *ssh_config; | |
1536 | #endif | |
1537 | switch (cache->type) { | |
1538 | case TCP: | |
1539 | tcp_config = cache->tr_config.tcp_config; | |
1540 | ||
1541 | if (!json) { | |
1542 | vty_out(vty, | |
1543 | "rpki tcp cache %s %s pref %hhu%s\n", | |
1544 | tcp_config->host, tcp_config->port, | |
1545 | cache->preference, | |
1546 | cache->rtr_socket->state == | |
1547 | RTR_ESTABLISHED | |
1548 | ? " (connected)" | |
1549 | : ""); | |
1550 | } else { | |
1551 | json_conn = json_object_new_object(); | |
1552 | json_object_string_add(json_conn, "mode", | |
1553 | "tcp"); | |
1554 | json_object_string_add(json_conn, "host", | |
1555 | tcp_config->host); | |
1556 | json_object_string_add(json_conn, "port", | |
1557 | tcp_config->port); | |
1558 | json_object_int_add(json_conn, "preference", | |
1559 | cache->preference); | |
1560 | json_object_string_add( | |
1561 | json_conn, "state", | |
1562 | cache->rtr_socket->state == | |
1563 | RTR_ESTABLISHED | |
1564 | ? "connected" | |
1565 | : "disconnected"); | |
1566 | json_object_array_add(json_conns, json_conn); | |
1567 | } | |
1568 | break; | |
1569 | #if defined(FOUND_SSH) | |
1570 | case SSH: | |
1571 | ssh_config = cache->tr_config.ssh_config; | |
1572 | ||
1573 | if (!json) { | |
1574 | vty_out(vty, | |
1575 | "rpki ssh cache %s %u pref %hhu%s\n", | |
1576 | ssh_config->host, ssh_config->port, | |
1577 | cache->preference, | |
1578 | cache->rtr_socket->state == | |
1579 | RTR_ESTABLISHED | |
1580 | ? " (connected)" | |
1581 | : ""); | |
1582 | } else { | |
1583 | json_conn = json_object_new_object(); | |
1584 | json_object_string_add(json_conn, "mode", | |
1585 | "ssh"); | |
1586 | json_object_string_add(json_conn, "host", | |
1587 | ssh_config->host); | |
1588 | json_object_int_add(json_conn, "port", | |
1589 | ssh_config->port); | |
1590 | json_object_int_add(json_conn, "preference", | |
1591 | cache->preference); | |
1592 | json_object_string_add( | |
1593 | json_conn, "state", | |
1594 | cache->rtr_socket->state == | |
1595 | RTR_ESTABLISHED | |
1596 | ? "connected" | |
1597 | : "disconnected"); | |
1598 | json_object_array_add(json_conns, json_conn); | |
1599 | } | |
1600 | break; | |
1601 | #endif | |
1602 | default: | |
1603 | break; | |
1604 | } | |
1605 | } | |
1606 | ||
1607 | if (json) | |
1608 | vty_json(vty, json); | |
1609 | ||
1610 | return CMD_SUCCESS; | |
1611 | } | |
1612 | ||
1613 | static int config_on_exit(struct vty *vty) | |
1614 | { | |
1615 | reset(false); | |
1616 | return 1; | |
1617 | } | |
1618 | ||
1619 | DEFUN (rpki_reset, | |
1620 | rpki_reset_cmd, | |
1621 | "rpki reset", | |
1622 | RPKI_OUTPUT_STRING | |
1623 | "reset rpki\n") | |
1624 | { | |
1625 | return reset(true) == SUCCESS ? CMD_SUCCESS : CMD_WARNING; | |
1626 | } | |
1627 | ||
1628 | DEFUN (debug_rpki, | |
1629 | debug_rpki_cmd, | |
1630 | "debug rpki", | |
1631 | DEBUG_STR | |
1632 | "Enable debugging for rpki\n") | |
1633 | { | |
1634 | rpki_debug = true; | |
1635 | return CMD_SUCCESS; | |
1636 | } | |
1637 | ||
1638 | DEFUN (no_debug_rpki, | |
1639 | no_debug_rpki_cmd, | |
1640 | "no debug rpki", | |
1641 | NO_STR | |
1642 | DEBUG_STR | |
1643 | "Disable debugging for rpki\n") | |
1644 | { | |
1645 | rpki_debug = false; | |
1646 | return CMD_SUCCESS; | |
1647 | } | |
1648 | ||
1649 | DEFUN_YANG (match_rpki, | |
1650 | match_rpki_cmd, | |
1651 | "match rpki <valid|invalid|notfound>", | |
1652 | MATCH_STR | |
1653 | RPKI_OUTPUT_STRING | |
1654 | "Valid prefix\n" | |
1655 | "Invalid prefix\n" | |
1656 | "Prefix not found\n") | |
1657 | { | |
1658 | const char *xpath = | |
1659 | "./match-condition[condition='frr-bgp-route-map:rpki']"; | |
1660 | char xpath_value[XPATH_MAXLEN]; | |
1661 | ||
1662 | nb_cli_enqueue_change(vty, xpath, NB_OP_CREATE, NULL); | |
1663 | snprintf(xpath_value, sizeof(xpath_value), | |
1664 | "%s/rmap-match-condition/frr-bgp-route-map:rpki", xpath); | |
1665 | nb_cli_enqueue_change(vty, xpath_value, NB_OP_MODIFY, argv[2]->arg); | |
1666 | ||
1667 | return nb_cli_apply_changes(vty, NULL); | |
1668 | } | |
1669 | ||
1670 | DEFUN_YANG (no_match_rpki, | |
1671 | no_match_rpki_cmd, | |
1672 | "no match rpki <valid|invalid|notfound>", | |
1673 | NO_STR | |
1674 | MATCH_STR | |
1675 | RPKI_OUTPUT_STRING | |
1676 | "Valid prefix\n" | |
1677 | "Invalid prefix\n" | |
1678 | "Prefix not found\n") | |
1679 | { | |
1680 | const char *xpath = | |
1681 | "./match-condition[condition='frr-bgp-route-map:rpki']"; | |
1682 | ||
1683 | nb_cli_enqueue_change(vty, xpath, NB_OP_CREATE, NULL); | |
1684 | return nb_cli_apply_changes(vty, NULL); | |
1685 | } | |
1686 | ||
1687 | static void install_cli_commands(void) | |
1688 | { | |
1689 | // TODO: make config write work | |
1690 | install_node(&rpki_node); | |
1691 | install_default(RPKI_NODE); | |
1692 | install_element(CONFIG_NODE, &rpki_cmd); | |
1693 | install_element(ENABLE_NODE, &rpki_cmd); | |
1694 | install_element(CONFIG_NODE, &no_rpki_cmd); | |
1695 | ||
1696 | ||
1697 | install_element(ENABLE_NODE, &bgp_rpki_start_cmd); | |
1698 | install_element(ENABLE_NODE, &bgp_rpki_stop_cmd); | |
1699 | ||
1700 | /* Install rpki reset command */ | |
1701 | install_element(ENABLE_NODE, &rpki_reset_cmd); | |
1702 | install_element(RPKI_NODE, &rpki_reset_cmd); | |
1703 | ||
1704 | /* Install rpki polling period commands */ | |
1705 | install_element(RPKI_NODE, &rpki_polling_period_cmd); | |
1706 | install_element(RPKI_NODE, &no_rpki_polling_period_cmd); | |
1707 | ||
1708 | /* Install rpki expire interval commands */ | |
1709 | install_element(RPKI_NODE, &rpki_expire_interval_cmd); | |
1710 | install_element(RPKI_NODE, &no_rpki_expire_interval_cmd); | |
1711 | ||
1712 | /* Install rpki retry interval commands */ | |
1713 | install_element(RPKI_NODE, &rpki_retry_interval_cmd); | |
1714 | install_element(RPKI_NODE, &no_rpki_retry_interval_cmd); | |
1715 | ||
1716 | /* Install rpki cache commands */ | |
1717 | install_element(RPKI_NODE, &rpki_cache_cmd); | |
1718 | install_element(RPKI_NODE, &no_rpki_cache_cmd); | |
1719 | ||
1720 | /* Install show commands */ | |
1721 | install_element(VIEW_NODE, &show_rpki_prefix_table_cmd); | |
1722 | install_element(VIEW_NODE, &show_rpki_cache_connection_cmd); | |
1723 | install_element(VIEW_NODE, &show_rpki_cache_server_cmd); | |
1724 | install_element(VIEW_NODE, &show_rpki_prefix_cmd); | |
1725 | install_element(VIEW_NODE, &show_rpki_as_number_cmd); | |
1726 | ||
1727 | /* Install debug commands */ | |
1728 | install_element(CONFIG_NODE, &debug_rpki_cmd); | |
1729 | install_element(ENABLE_NODE, &debug_rpki_cmd); | |
1730 | install_element(CONFIG_NODE, &no_debug_rpki_cmd); | |
1731 | install_element(ENABLE_NODE, &no_debug_rpki_cmd); | |
1732 | ||
1733 | /* Install route match */ | |
1734 | route_map_install_match(&route_match_rpki_cmd); | |
1735 | install_element(RMAP_NODE, &match_rpki_cmd); | |
1736 | install_element(RMAP_NODE, &no_match_rpki_cmd); | |
1737 | } | |
1738 | ||
1739 | FRR_MODULE_SETUP(.name = "bgpd_rpki", .version = "0.3.6", | |
1740 | .description = "Enable RPKI support for FRR.", | |
1741 | .init = bgp_rpki_module_init, | |
1742 | ); |