3 * Copyright (C) 2013 Michael Mester (m.mester@fu-berlin.de), for FU Berlin
4 * Copyright (C) 2014-2017 Andreas Reuter (andreas.reuter@fu-berlin.de), for FU Berlin
5 * Copyright (C) 2016-2017 Colin Sames (colin.sames@haw-hamburg.de), for HAW Hamburg
6 * Copyright (C) 2017 Marcel Röthke (marcel.roethke@haw-hamburg.de), for HAW Hamburg
8 * This file is part of FRRouting.
10 * This program is free software; you can redistribute it and/or modify it
11 * under the terms of the GNU General Public License as published by the Free
12 * Software Foundation; either version 2 of the License, or (at your option)
15 * This program is distributed in the hope that it will be useful, but WITHOUT
16 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
17 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
20 * You should have received a copy of the GNU General Public License along
21 * with this program; see the file COPYING; if not, write to the Free Software
22 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
37 #include "bgpd/bgpd.h"
38 #include "bgpd/bgp_table.h"
39 #include "bgp_advertise.h"
40 #include "bgpd/bgp_debug.h"
41 #include "bgpd/bgp_attr.h"
42 #include "bgpd/bgp_aspath.h"
43 #include "bgpd/bgp_route.h"
44 #include "rtrlib/rtrlib.h"
45 #include "rtrlib/rtr_mgr.h"
46 #include "rtrlib/lib/ip.h"
47 #include "rtrlib/transport/tcp/tcp_transport.h"
48 #if defined(FOUND_SSH)
49 #include "rtrlib/transport/ssh/ssh_transport.h"
55 #include "bgp_rpki_clippy.c"
57 DEFINE_MTYPE_STATIC(BGPD
, BGP_RPKI_CACHE
, "BGP RPKI Cache server")
58 DEFINE_MTYPE_STATIC(BGPD
, BGP_RPKI_CACHE_GROUP
, "BGP RPKI Cache server group")
61 #define RPKI_NOTFOUND 2
62 #define RPKI_INVALID 3
64 #define POLLING_PERIOD_DEFAULT 3600
65 #define EXPIRE_INTERVAL_DEFAULT 7200
66 #define RETRY_INTERVAL_DEFAULT 600
67 #define TIMEOUT_DEFAULT 600
68 #define INITIAL_SYNCHRONISATION_TIMEOUT_DEFAULT 30
70 #define RPKI_DEBUG(...) \
72 zlog_debug("RPKI: " __VA_ARGS__); \
75 #define RPKI_OUTPUT_STRING "Control rpki specific settings\n"
78 enum { TCP
, SSH
} type
;
79 struct tr_socket
*tr_socket
;
81 struct tr_tcp_config
*tcp_config
;
82 struct tr_ssh_config
*ssh_config
;
84 struct rtr_socket
*rtr_socket
;
88 enum return_values
{ SUCCESS
= 0, ERROR
= -1 };
90 struct rpki_for_each_record_arg
{
92 unsigned int *prefix_amount
;
95 static int start(void);
96 static void stop(void);
97 static int reset(bool force
);
98 static struct rtr_mgr_group
*get_connected_group(void);
99 static void print_prefix_table(struct vty
*vty
);
100 static void install_cli_commands(void);
101 static int config_write(struct vty
*vty
);
102 static void overwrite_exit_commands(void);
103 static void free_cache(struct cache
*cache
);
104 static struct rtr_mgr_group
*get_groups(void);
105 #if defined(FOUND_SSH)
106 static int add_ssh_cache(const char *host
,
107 const unsigned int port
,
108 const char *username
,
109 const char *client_privkey_path
,
110 const char *client_pubkey_path
,
111 const char *server_pubkey_path
,
112 const uint8_t preference
);
114 static struct rtr_socket
*create_rtr_socket(struct tr_socket
*tr_socket
);
115 static struct cache
*find_cache(const uint8_t preference
);
116 static int add_tcp_cache(const char *host
,
118 const uint8_t preference
);
119 static void print_record(const struct pfx_record
*record
, void *data
);
120 static int is_synchronized(void);
121 static int is_running(void);
122 static void route_match_free(void *rule
);
123 static route_map_result_t
route_match(void *rule
,
124 struct prefix
*prefix
,
125 route_map_object_t type
,
127 static void *route_match_compile(const char *arg
);
129 static struct rtr_mgr_config
*rtr_config
;
130 static struct list
*cache_list
;
131 static int rtr_is_running
;
132 static int rpki_debug
;
133 static unsigned int polling_period
;
134 static unsigned int expire_interval
;
135 static unsigned int retry_interval
;
136 static unsigned int timeout
;
137 static unsigned int initial_synchronisation_timeout
;
139 static struct cmd_node rpki_node
= {RPKI_NODE
, "%s(config-rpki)# ", 1};
140 static struct route_map_rule_cmd route_match_rpki_cmd
= {"rpki", route_match
,
144 static void *malloc_wrapper(size_t size
)
146 return XMALLOC(MTYPE_BGP_RPKI_CACHE
, size
);
149 static void *realloc_wrapper(void *ptr
, size_t size
)
151 return XREALLOC(MTYPE_BGP_RPKI_CACHE
, ptr
, size
);
154 static void free_wrapper(void *ptr
)
156 XFREE(MTYPE_BGP_RPKI_CACHE
, ptr
);
159 static int rpki_validate_prefix(struct peer
*peer
, struct attr
*attr
,
160 struct prefix
*prefix
);
162 static route_map_result_t
route_match(void *rule
, struct prefix
*prefix
,
163 route_map_object_t type
,
166 int *rpki_status
= rule
;
167 struct bgp_info
*bgp_info
;
169 if (type
== RMAP_BGP
) {
172 if (rpki_validate_prefix(bgp_info
->peer
, bgp_info
->attr
, prefix
)
180 static void *route_match_compile(const char *arg
)
184 rpki_status
= XMALLOC(MTYPE_ROUTE_MAP_COMPILED
, sizeof(u_char
));
186 if (strcmp(arg
, "valid") == 0)
187 *rpki_status
= RPKI_VALID
;
188 else if (strcmp(arg
, "invalid") == 0)
189 *rpki_status
= RPKI_INVALID
;
191 *rpki_status
= RPKI_NOTFOUND
;
196 static void route_match_free(void *rule
)
198 XFREE(MTYPE_ROUTE_MAP_COMPILED
, rule
);
201 static struct rtr_socket
*create_rtr_socket(struct tr_socket
*tr_socket
)
203 struct rtr_socket
*rtr_socket
=
204 XMALLOC(MTYPE_BGP_RPKI_CACHE
, sizeof(struct rtr_socket
));
205 rtr_socket
->tr_socket
= tr_socket
;
209 static struct cache
*find_cache(const uint8_t preference
)
211 struct listnode
*cache_node
;
214 for (ALL_LIST_ELEMENTS_RO(cache_list
, cache_node
, cache
)) {
215 if (cache
->preference
== preference
)
221 static void print_record(const struct pfx_record
*record
, void *data
)
223 char ip
[INET6_ADDRSTRLEN
];
224 struct rpki_for_each_record_arg
*arg
= data
;
225 struct vty
*vty
= arg
->vty
;
227 (*arg
->prefix_amount
)++;
229 lrtr_ip_addr_to_str(&record
->prefix
, ip
, sizeof(ip
));
230 vty_out(vty
, "%-40s %3u - %3u %10u\n", ip
, record
->min_len
,
231 record
->max_len
, record
->asn
);
234 static struct rtr_mgr_group
*get_groups(void)
236 struct listnode
*cache_node
;
237 struct rtr_mgr_group
*rtr_mgr_groups
;
240 int group_count
= listcount(cache_list
);
242 if (group_count
== 0)
245 rtr_mgr_groups
= XMALLOC(MTYPE_BGP_RPKI_CACHE_GROUP
,
246 group_count
* sizeof(struct rtr_mgr_group
));
250 for (ALL_LIST_ELEMENTS_RO(cache_list
, cache_node
, cache
)) {
251 rtr_mgr_groups
[i
].sockets
= &cache
->rtr_socket
;
252 rtr_mgr_groups
[i
].sockets_len
= 1;
253 rtr_mgr_groups
[i
].preference
= cache
->preference
;
255 if (cache
->type
== TCP
)
256 tr_tcp_init(cache
->tr_config
.tcp_config
,
258 #if defined(FOUND_SSH)
260 tr_ssh_init(cache
->tr_config
.ssh_config
,
267 return rtr_mgr_groups
;
270 inline int is_synchronized(void)
272 return rtr_is_running
&& rtr_mgr_conf_in_sync(rtr_config
);
275 inline int is_running(void)
277 return rtr_is_running
;
280 static int bgp_rpki_init(struct thread_master
*master
)
285 cache_list
= list_new();
286 cache_list
->del
= (void (*)(void *)) &free_cache
;
288 polling_period
= POLLING_PERIOD_DEFAULT
;
289 expire_interval
= EXPIRE_INTERVAL_DEFAULT
;
290 retry_interval
= RETRY_INTERVAL_DEFAULT
;
291 timeout
= TIMEOUT_DEFAULT
;
292 initial_synchronisation_timeout
=
293 INITIAL_SYNCHRONISATION_TIMEOUT_DEFAULT
;
294 install_cli_commands();
298 static int bgp_rpki_fini(void)
301 list_delete_and_null(&cache_list
);
306 static int bgp_rpki_module_init(void)
308 lrtr_set_alloc_functions(malloc_wrapper
,
312 hook_register(frr_late_init
, bgp_rpki_init
);
313 hook_register(frr_early_fini
, &bgp_rpki_fini
);
318 static int start(void)
320 unsigned int waiting_time
= 0;
323 if (list_isempty(cache_list
)) {
325 "No caches were found in config. Prefix validation is off.");
328 RPKI_DEBUG("Init rtr_mgr.");
329 int groups_len
= listcount(cache_list
);
330 struct rtr_mgr_group
*groups
= get_groups();
332 ret
= rtr_mgr_init(&rtr_config
, groups
, groups_len
, polling_period
,
333 expire_interval
, retry_interval
,
334 NULL
, NULL
, NULL
, NULL
);
335 if (ret
== RTR_ERROR
) {
336 RPKI_DEBUG("Init rtr_mgr failed.");
340 RPKI_DEBUG("Starting rtr_mgr.");
341 ret
= rtr_mgr_start(rtr_config
);
342 if (ret
== RTR_ERROR
) {
343 RPKI_DEBUG("Starting rtr_mgr failed.");
344 rtr_mgr_free(rtr_config
);
348 RPKI_DEBUG("Waiting for rtr connection to synchronize.");
349 while (waiting_time
++ <= initial_synchronisation_timeout
) {
350 if (rtr_mgr_conf_in_sync(rtr_config
))
355 if (rtr_mgr_conf_in_sync(rtr_config
)) {
356 RPKI_DEBUG("Got synchronisation with at least one RPKI cache!");
359 "Timeout expired! Proceeding without RPKI validation data.");
362 XFREE(MTYPE_BGP_RPKI_CACHE_GROUP
, groups
);
367 static void stop(void)
369 if (rtr_is_running
) {
370 rtr_mgr_stop(rtr_config
);
371 rtr_mgr_free(rtr_config
);
376 static int reset(bool force
)
378 if (rtr_is_running
&& !force
)
381 RPKI_DEBUG("Resetting RPKI Session");
386 static struct rtr_mgr_group
*get_connected_group(void)
388 if (list_isempty(cache_list
))
391 return rtr_mgr_get_first_group(rtr_config
);
394 static void print_prefix_table(struct vty
*vty
)
396 struct rpki_for_each_record_arg arg
;
398 unsigned int number_of_ipv4_prefixes
= 0;
399 unsigned int number_of_ipv6_prefixes
= 0;
400 struct rtr_mgr_group
*group
= get_connected_group();
407 struct pfx_table
*pfx_table
= group
->sockets
[0]->pfx_table
;
409 vty_out(vty
, "RPKI/RTR prefix table\n");
410 vty_out(vty
, "%-40s %s %s\n", "Prefix", "Prefix Length", "Origin-AS");
412 arg
.prefix_amount
= &number_of_ipv4_prefixes
;
413 pfx_table_for_each_ipv4_record(pfx_table
, print_record
, &arg
);
415 arg
.prefix_amount
= &number_of_ipv6_prefixes
;
416 pfx_table_for_each_ipv6_record(pfx_table
, print_record
, &arg
);
418 vty_out(vty
, "Number of IPv4 Prefixes: %u\n", number_of_ipv4_prefixes
);
419 vty_out(vty
, "Number of IPv6 Prefixes: %u\n", number_of_ipv6_prefixes
);
422 static int rpki_validate_prefix(struct peer
*peer
, struct attr
*attr
,
423 struct prefix
*prefix
)
425 struct assegment
*as_segment
;
427 struct lrtr_ip_addr ip_addr_prefix
;
428 enum pfxv_state result
;
430 const char *prefix_string
;
432 if (!is_synchronized())
435 // No aspath means route comes from iBGP
436 if (!attr
->aspath
|| !attr
->aspath
->segments
) {
438 as_number
= peer
->bgp
->as
;
440 as_segment
= attr
->aspath
->segments
;
441 // Find last AsSegment
442 while (as_segment
->next
)
443 as_segment
= as_segment
->next
;
445 if (as_segment
->type
== AS_SEQUENCE
) {
447 as_number
= as_segment
->as
[as_segment
->length
- 1];
448 } else if (as_segment
->type
== AS_CONFED_SEQUENCE
||
449 as_segment
->type
== AS_CONFED_SET
) {
451 as_number
= peer
->bgp
->as
;
453 // RFC says: "Take distinguished value NONE as asn"
454 // which means state is unknown
455 return RPKI_NOTFOUND
;
459 // Get the prefix in requested format
460 switch (prefix
->family
) {
462 ip_addr_prefix
.ver
= LRTR_IPV4
;
463 ip_addr_prefix
.u
.addr4
.addr
= ntohl(prefix
->u
.prefix4
.s_addr
);
468 ip_addr_prefix
.ver
= LRTR_IPV6
;
469 ipv6_addr_to_host_byte_order(prefix
->u
.prefix6
.s6_addr32
,
470 ip_addr_prefix
.u
.addr6
.addr
);
472 #endif /* HAVE_IPV6 */
478 // Do the actual validation
479 rtr_mgr_validate(rtr_config
, as_number
, &ip_addr_prefix
,
480 prefix
->prefixlen
, &result
);
482 // Print Debug output
484 inet_ntop(prefix
->family
, &prefix
->u
.prefix
, buf
, BUFSIZ
);
486 case BGP_PFXV_STATE_VALID
:
488 "Validating Prefix %s/%hhu from asn %u Result: VALID",
489 prefix_string
, prefix
->prefixlen
, as_number
);
491 case BGP_PFXV_STATE_NOT_FOUND
:
493 "Validating Prefix %s/%hhu from asn %u Result: NOT FOUND",
494 prefix_string
, prefix
->prefixlen
, as_number
);
495 return RPKI_NOTFOUND
;
496 case BGP_PFXV_STATE_INVALID
:
498 "Validating Prefix %s/%hhu from asn %u Result: INVALID",
499 prefix_string
, prefix
->prefixlen
, as_number
);
503 "Validating Prefix %s/%hhu from asn %u Result: CANNOT VALIDATE",
504 prefix_string
, prefix
->prefixlen
, as_number
);
510 static int add_cache(struct cache
*cache
)
512 uint8_t preference
= cache
->preference
;
513 struct rtr_mgr_group group
;
515 group
.preference
= preference
;
516 group
.sockets_len
= 1;
517 group
.sockets
= &cache
->rtr_socket
;
519 listnode_add(cache_list
, cache
);
521 if (rtr_is_running
&&
522 rtr_mgr_add_group(rtr_config
, &group
) != RTR_SUCCESS
) {
529 static int add_tcp_cache(const char *host
,
531 const uint8_t preference
)
533 struct rtr_socket
*rtr_socket
;
534 struct tr_tcp_config
*tcp_config
=
535 XMALLOC(MTYPE_BGP_RPKI_CACHE
, sizeof(struct tr_tcp_config
));
536 struct tr_socket
*tr_socket
=
537 XMALLOC(MTYPE_BGP_RPKI_CACHE
, sizeof(struct tr_socket
));
538 struct cache
*cache
=
539 XMALLOC(MTYPE_BGP_RPKI_CACHE
, sizeof(struct cache
));
541 tcp_config
->host
= XSTRDUP(MTYPE_BGP_RPKI_CACHE
, host
);
542 tcp_config
->port
= XSTRDUP(MTYPE_BGP_RPKI_CACHE
, port
);
543 tcp_config
->bindaddr
= NULL
;
545 rtr_socket
= create_rtr_socket(tr_socket
);
548 cache
->tr_socket
= tr_socket
;
549 cache
->tr_config
.tcp_config
= tcp_config
;
550 cache
->rtr_socket
= rtr_socket
;
551 cache
->preference
= preference
;
553 return add_cache(cache
);
556 #if defined(FOUND_SSH)
557 static int add_ssh_cache(const char *host
,
558 const unsigned int port
,
559 const char *username
,
560 const char *client_privkey_path
,
561 const char *client_pubkey_path
,
562 const char *server_pubkey_path
,
563 const uint8_t preference
)
565 struct tr_ssh_config
*ssh_config
=
566 XMALLOC(MTYPE_BGP_RPKI_CACHE
, sizeof(struct tr_ssh_config
));
567 struct cache
*cache
=
568 XMALLOC(MTYPE_BGP_RPKI_CACHE
, sizeof(struct cache
));
569 struct tr_socket
*tr_socket
=
570 XMALLOC(MTYPE_BGP_RPKI_CACHE
, sizeof(struct tr_socket
));
571 struct rtr_socket
*rtr_socket
;
573 ssh_config
->port
= port
;
574 ssh_config
->host
= XSTRDUP(MTYPE_BGP_RPKI_CACHE
, host
);
575 ssh_config
->bindaddr
= NULL
;
577 ssh_config
->username
= XSTRDUP(MTYPE_BGP_RPKI_CACHE
, username
);
578 ssh_config
->client_privkey_path
= XSTRDUP(
579 MTYPE_BGP_RPKI_CACHE
, client_privkey_path
);
580 ssh_config
->server_hostkey_path
=
581 XSTRDUP(MTYPE_BGP_RPKI_CACHE
, server_pubkey_path
);
583 rtr_socket
= create_rtr_socket(tr_socket
);
586 cache
->tr_socket
= tr_socket
;
587 cache
->tr_config
.ssh_config
= ssh_config
;
588 cache
->rtr_socket
= rtr_socket
;
589 cache
->preference
= preference
;
591 return add_cache(cache
);
595 static void free_cache(struct cache
*cache
)
597 if (cache
->type
== TCP
) {
598 XFREE(MTYPE_BGP_RPKI_CACHE
,
599 cache
->tr_config
.tcp_config
->host
);
600 XFREE(MTYPE_BGP_RPKI_CACHE
,
601 cache
->tr_config
.tcp_config
->port
);
602 XFREE(MTYPE_BGP_RPKI_CACHE
, cache
->tr_config
.tcp_config
);
604 #if defined(FOUND_SSH)
606 XFREE(MTYPE_BGP_RPKI_CACHE
,
607 cache
->tr_config
.ssh_config
->host
);
608 XFREE(MTYPE_BGP_RPKI_CACHE
,
609 cache
->tr_config
.ssh_config
->username
);
610 XFREE(MTYPE_BGP_RPKI_CACHE
,
611 cache
->tr_config
.ssh_config
->client_privkey_path
);
612 XFREE(MTYPE_BGP_RPKI_CACHE
,
613 cache
->tr_config
.ssh_config
->server_hostkey_path
);
614 XFREE(MTYPE_BGP_RPKI_CACHE
, cache
->tr_config
.ssh_config
);
617 XFREE(MTYPE_BGP_RPKI_CACHE
, cache
->tr_socket
);
618 XFREE(MTYPE_BGP_RPKI_CACHE
, cache
->rtr_socket
);
619 XFREE(MTYPE_BGP_RPKI_CACHE
, cache
);
622 static int config_write(struct vty
*vty
)
624 struct listnode
*cache_node
;
627 if (listcount(cache_list
)) {
629 vty_out(vty
, "debug rpki\n");
632 vty_out(vty
, "rpki\n");
633 vty_out(vty
, " rpki polling_period %d\n", polling_period
);
634 vty_out(vty
, " rpki timeout %d\n", timeout
);
635 vty_out(vty
, " rpki initial-synchronisation-timeout %d\n",
636 initial_synchronisation_timeout
);
637 for (ALL_LIST_ELEMENTS_RO(cache_list
, cache_node
, cache
)) {
638 switch (cache
->type
) {
639 struct tr_tcp_config
*tcp_config
;
640 #if defined(FOUND_SSH)
641 struct tr_ssh_config
*ssh_config
;
644 tcp_config
= cache
->tr_config
.tcp_config
;
646 " rpki cache %s %s ",
650 #if defined(FOUND_SSH)
652 ssh_config
= cache
->tr_config
.ssh_config
;
654 " rpki cache %s %u %s %s %s ",
657 ssh_config
->username
,
658 ssh_config
->client_privkey_path
,
659 ssh_config
->server_hostkey_path
662 ->server_hostkey_path
670 vty_out(vty
, "preference %hhu\n", cache
->preference
);
672 vty_out(vty
, " exit\n");
682 "Enable rpki and enter rpki configuration mode\n")
684 vty
->node
= RPKI_NODE
;
688 DEFUN (bgp_rpki_start
,
692 "start rpki support\n")
694 if (listcount(cache_list
) == 0)
695 vty_out(vty
, "Could not start rpki because no caches are configured\n");
698 if (start() == ERROR
) {
699 RPKI_DEBUG("RPKI failed to start");
706 DEFUN (bgp_rpki_stop
,
710 "start rpki support\n")
718 DEFPY (rpki_polling_period
,
719 rpki_polling_period_cmd
,
720 "rpki polling_period (1-86400)$pp",
722 "Set polling period\n"
723 "Polling period value\n")
729 DEFUN (no_rpki_polling_period
,
730 no_rpki_polling_period_cmd
,
731 "no rpki polling_period",
734 "Set polling period back to default\n")
736 polling_period
= POLLING_PERIOD_DEFAULT
;
740 DEFPY (rpki_expire_interval
,
741 rpki_expire_interval_cmd
,
742 "rpki expire_interval (600-172800)$tmp",
744 "Set expire interval\n"
745 "Expire interval value\n")
747 if (tmp
>= polling_period
) {
748 expire_interval
= tmp
;
752 vty_out(vty
, "%% Expiry interval must be polling period or larger\n");
753 return CMD_WARNING_CONFIG_FAILED
;
756 DEFUN (no_rpki_expire_interval
,
757 no_rpki_expire_interval_cmd
,
758 "no rpki expire_interval",
761 "Set expire interval back to default\n")
763 expire_interval
= polling_period
* 2;
767 DEFPY (rpki_retry_interval
,
768 rpki_retry_interval_cmd
,
769 "rpki retry_interval (1-7200)$tmp",
771 "Set retry interval\n"
772 "retry interval value\n")
774 retry_interval
= tmp
;
778 DEFUN (no_rpki_retry_interval
,
779 no_rpki_retry_interval_cmd
,
780 "no rpki retry_interval",
783 "Set retry interval back to default\n")
785 retry_interval
= RETRY_INTERVAL_DEFAULT
;
791 "rpki timeout (1-4294967295)$to_arg",
800 DEFUN (no_rpki_timeout
,
805 "Set timeout back to default\n")
807 timeout
= TIMEOUT_DEFAULT
;
811 DEFPY (rpki_synchronisation_timeout
,
812 rpki_synchronisation_timeout_cmd
,
813 "rpki initial-synchronisation-timeout (1-4294967295)$ito_arg",
815 "Set a timeout for the initial synchronisation of prefix validation data\n"
818 initial_synchronisation_timeout
= ito_arg
;
822 DEFUN (no_rpki_synchronisation_timeout
,
823 no_rpki_synchronisation_timeout_cmd
,
824 "no rpki initial-synchronisation-timeout",
827 "Set the initial synchronisation timeout back to default (30 sec.)\n")
829 initial_synchronisation_timeout
=
830 INITIAL_SYNCHRONISATION_TIMEOUT_DEFAULT
;
836 "rpki cache <A.B.C.D|WORD>"
837 "<TCPPORT|(1-65535)$sshport SSH_UNAME SSH_PRIVKEY SSH_PUBKEY [SERVER_PUBKEY]> "
838 "preference (1-255)",
840 "Install a cache server to current group\n"
841 "IP address of cache server\n Hostname of cache server\n"
845 "Path to own SSH private key\n"
846 "Path to own SSH public key\n"
847 "Path to Public key of cache server\n"
848 "Preference of the cache server\n"
849 "Preference value\n")
851 int return_value
= SUCCESS
;
853 // use ssh connection
855 #if defined(FOUND_SSH)
856 return_value
= add_ssh_cache(
857 cache
, sshport
, ssh_uname
, ssh_privkey
, ssh_pubkey
,
858 server_pubkey
, preference
);
861 "ssh sockets are not supported. "
862 "Please recompile rtrlib and frr with ssh support. "
863 "If you want to use it");
865 } else { // use tcp connection
866 return_value
= add_tcp_cache(cache
, tcpport
, preference
);
869 if (return_value
== ERROR
) {
870 vty_out(vty
, "Could not create new rpki cache\n");
877 DEFPY (no_rpki_cache
,
879 "no rpki cache <A.B.C.D|WORD> <TCPPORT|(1-65535)$sshport> preference (1-255)$preference",
882 "Remove a cache server\n"
883 "IP address of cache server\n Hostname of cache server\n"
886 "Preference of the cache server\n"
887 "Preference value\n")
889 struct cache
*cache_p
= find_cache(preference
);
892 vty_out(vty
, "Could not find cache %ld\n", preference
);
896 if (rtr_is_running
) {
897 if (rtr_mgr_remove_group(rtr_config
, preference
) == RTR_ERROR
) {
898 vty_out(vty
, "Could not remove cache %ld", preference
);
899 if (listcount(cache_list
) == 1)
900 vty_out(vty
, " because it is the last cache");
907 listnode_delete(cache_list
, cache_p
);
913 DEFUN (show_rpki_prefix_table
,
914 show_rpki_prefix_table_cmd
,
915 "show rpki prefix-table",
918 "Show validated prefixes which were received from RPKI Cache\n")
920 struct listnode
*cache_node
;
923 for (ALL_LIST_ELEMENTS_RO(cache_list
, cache_node
, cache
)) {
925 "host: %s port: %s\n",
926 cache
->tr_config
.tcp_config
->host
,
927 cache
->tr_config
.tcp_config
->port
);
929 if (is_synchronized())
930 print_prefix_table(vty
);
932 vty_out(vty
, "No connection to RPKI cache server.\n");
937 DEFUN (show_rpki_cache_server
,
938 show_rpki_cache_server_cmd
,
939 "show rpki cache-server",
942 "SHOW configured cache server\n")
944 struct listnode
*cache_node
;
947 for (ALL_LIST_ELEMENTS_RO(cache_list
, cache_node
, cache
)) {
949 "host: %s port: %s\n",
950 cache
->tr_config
.tcp_config
->host
,
951 cache
->tr_config
.tcp_config
->port
);
957 DEFUN (show_rpki_cache_connection
,
958 show_rpki_cache_connection_cmd
,
959 "show rpki cache-connection",
962 "Show to which RPKI Cache Servers we have a connection\n")
964 if (is_synchronized()) {
965 struct listnode
*cache_node
;
967 struct rtr_mgr_group
*group
= get_connected_group();
970 vty_out(vty
, "Cannot find a connected group.\n");
973 vty_out(vty
, "Connected to group %d\n", group
->preference
);
974 for (ALL_LIST_ELEMENTS_RO(cache_list
, cache_node
,
976 if (cache
->preference
== group
->preference
) {
977 struct tr_tcp_config
*tcp_config
;
978 #if defined(FOUND_SSH)
979 struct tr_ssh_config
*ssh_config
;
982 switch (cache
->type
) {
988 "rpki tcp cache %s %s pref %hhu\n",
994 #if defined(FOUND_SSH)
1000 "rpki ssh cache %s %u pref %hhu\n",
1013 vty_out(vty
, "No connection to RPKI cache server.\n");
1019 DEFUN_NOSH (rpki_exit
,
1022 "Exit rpki configuration and restart rpki session\n")
1024 int ret
= reset(false);
1026 vty
->node
= CONFIG_NODE
;
1027 return ret
== SUCCESS
? CMD_SUCCESS
: CMD_WARNING
;
1030 DEFUN_NOSH (rpki_quit
,
1033 "Exit rpki configuration mode\n")
1035 return rpki_exit(self
, vty
, argc
, argv
);
1038 DEFUN_NOSH (rpki_end
,
1041 "End rpki configuration, restart rpki session and change to enable mode.\n")
1043 int ret
= reset(false);
1045 vty_config_unlock(vty
);
1046 vty
->node
= ENABLE_NODE
;
1047 return ret
== SUCCESS
? CMD_SUCCESS
: CMD_WARNING
;
1056 return reset(true) == SUCCESS
? CMD_SUCCESS
: CMD_WARNING
;
1063 "Enable debugging for rpki\n")
1069 DEFUN (no_debug_rpki
,
1074 "Disable debugging for rpki\n")
1082 "match rpki <valid|invalid|notfound>",
1087 "Prefix not found\n")
1089 VTY_DECLVAR_CONTEXT(route_map_index
, index
);
1092 ret
= route_map_add_match(index
, "rpki", argv
[2]->arg
);
1095 case RMAP_RULE_MISSING
:
1096 vty_out(vty
, "%% BGP Can't find rule.\n");
1097 return CMD_WARNING_CONFIG_FAILED
;
1098 case RMAP_COMPILE_ERROR
:
1099 vty_out(vty
, "%% BGP Argument is malformed.\n");
1100 return CMD_WARNING_CONFIG_FAILED
;
1106 DEFUN (no_match_rpki
,
1108 "no match rpki <valid|invalid|notfound>",
1114 "Prefix not found\n")
1116 VTY_DECLVAR_CONTEXT(route_map_index
, index
);
1119 ret
= route_map_delete_match(index
, "rpki", argv
[3]->arg
);
1122 case RMAP_RULE_MISSING
:
1123 vty_out(vty
, "%% BGP Can't find rule.\n");
1125 case RMAP_COMPILE_ERROR
:
1126 vty_out(vty
, "%% BGP Argument is malformed.\n");
1129 return CMD_WARNING_CONFIG_FAILED
;
1135 static void overwrite_exit_commands(void)
1138 vector cmd_vector
= rpki_node
.cmd_vector
;
1140 for (i
= 0; i
< cmd_vector
->active
; ++i
) {
1141 struct cmd_element
*cmd
= vector_lookup(cmd_vector
, i
);
1143 if (strcmp(cmd
->string
, "exit") == 0 ||
1144 strcmp(cmd
->string
, "quit") == 0 ||
1145 strcmp(cmd
->string
, "end") == 0) {
1146 uninstall_element(RPKI_NODE
, cmd
);
1150 install_element(RPKI_NODE
, &rpki_exit_cmd
);
1151 install_element(RPKI_NODE
, &rpki_quit_cmd
);
1152 install_element(RPKI_NODE
, &rpki_end_cmd
);
1155 static void install_cli_commands(void)
1157 //TODO: make config write work
1158 install_node(&rpki_node
, &config_write
);
1159 install_default(RPKI_NODE
);
1160 overwrite_exit_commands();
1161 install_element(CONFIG_NODE
, &rpki_cmd
);
1162 install_element(VIEW_NODE
, &rpki_cmd
);
1164 install_element(ENABLE_NODE
, &bgp_rpki_start_cmd
);
1165 install_element(ENABLE_NODE
, &bgp_rpki_stop_cmd
);
1167 /* Install rpki reset command */
1168 install_element(RPKI_NODE
, &rpki_reset_cmd
);
1170 /* Install rpki polling period commands */
1171 install_element(RPKI_NODE
, &rpki_polling_period_cmd
);
1172 install_element(RPKI_NODE
, &no_rpki_polling_period_cmd
);
1174 /* Install rpki expire interval commands */
1175 install_element(RPKI_NODE
, &rpki_expire_interval_cmd
);
1176 install_element(RPKI_NODE
, &no_rpki_expire_interval_cmd
);
1178 /* Install rpki retry interval commands */
1179 install_element(RPKI_NODE
, &rpki_retry_interval_cmd
);
1180 install_element(RPKI_NODE
, &no_rpki_retry_interval_cmd
);
1182 /* Install rpki timeout commands */
1183 install_element(RPKI_NODE
, &rpki_timeout_cmd
);
1184 install_element(RPKI_NODE
, &no_rpki_timeout_cmd
);
1186 /* Install rpki synchronisation timeout commands */
1187 install_element(RPKI_NODE
, &rpki_synchronisation_timeout_cmd
);
1188 install_element(RPKI_NODE
, &no_rpki_synchronisation_timeout_cmd
);
1190 /* Install rpki cache commands */
1191 install_element(RPKI_NODE
, &rpki_cache_cmd
);
1192 install_element(RPKI_NODE
, &no_rpki_cache_cmd
);
1194 /* Install show commands */
1195 install_element(ENABLE_NODE
, &show_rpki_prefix_table_cmd
);
1196 install_element(ENABLE_NODE
, &show_rpki_cache_connection_cmd
);
1197 install_element(ENABLE_NODE
, &show_rpki_cache_server_cmd
);
1199 /* Install debug commands */
1200 install_element(CONFIG_NODE
, &debug_rpki_cmd
);
1201 install_element(ENABLE_NODE
, &debug_rpki_cmd
);
1202 install_element(CONFIG_NODE
, &no_debug_rpki_cmd
);
1203 install_element(ENABLE_NODE
, &no_debug_rpki_cmd
);
1205 /* Install route match */
1206 route_map_install_match(&route_match_rpki_cmd
);
1207 install_element(RMAP_NODE
, &match_rpki_cmd
);
1208 install_element(RMAP_NODE
, &no_match_rpki_cmd
);
1211 FRR_MODULE_SETUP(.name
= "bgpd_rpki", .version
= "0.3.6",
1212 .description
= "Enable RPKI support for FRR.",
1213 .init
= bgp_rpki_module_init
)