3 * Copyright (C) 2013 Michael Mester (m.mester@fu-berlin.de), for FU Berlin
4 * Copyright (C) 2014-2017 Andreas Reuter (andreas.reuter@fu-berlin.de), for FU
6 * Copyright (C) 2016-2017 Colin Sames (colin.sames@haw-hamburg.de), for HAW
8 * Copyright (C) 2017-2018 Marcel Röthke (marcel.roethke@haw-hamburg.de),
11 * This file is part of FRRouting.
13 * This program is free software; you can redistribute it and/or modify it
14 * under the terms of the GNU General Public License as published by the Free
15 * Software Foundation; either version 2 of the License, or (at your option)
18 * This program is distributed in the hope that it will be useful, but WITHOUT
19 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
20 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
23 * You should have received a copy of the GNU General Public License along
24 * with this program; see the file COPYING; if not, write to the Free Software
25 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
28 /* If rtrlib compiled with ssh support, don`t fail build */
29 #define LIBSSH_LEGACY_0_4
43 #include "bgpd/bgpd.h"
44 #include "bgpd/bgp_table.h"
45 #include "bgp_advertise.h"
46 #include "bgpd/bgp_debug.h"
47 #include "bgpd/bgp_attr.h"
48 #include "bgpd/bgp_aspath.h"
49 #include "bgpd/bgp_route.h"
50 #include "rtrlib/rtrlib.h"
51 #include "rtrlib/rtr_mgr.h"
52 #include "rtrlib/lib/ip.h"
53 #include "rtrlib/transport/tcp/tcp_transport.h"
54 #if defined(FOUND_SSH)
55 #include "rtrlib/transport/ssh/ssh_transport.h"
61 #ifndef VTYSH_EXTRACT_PL
62 #include "bgpd/bgp_rpki_clippy.c"
65 DEFINE_MTYPE_STATIC(BGPD
, BGP_RPKI_CACHE
, "BGP RPKI Cache server")
66 DEFINE_MTYPE_STATIC(BGPD
, BGP_RPKI_CACHE_GROUP
, "BGP RPKI Cache server group")
69 #define RPKI_NOTFOUND 2
70 #define RPKI_INVALID 3
72 #define POLLING_PERIOD_DEFAULT 3600
73 #define EXPIRE_INTERVAL_DEFAULT 7200
74 #define RETRY_INTERVAL_DEFAULT 600
75 #define TIMEOUT_DEFAULT 600
76 #define INITIAL_SYNCHRONISATION_TIMEOUT_DEFAULT 30
78 #define RPKI_DEBUG(...) \
80 zlog_debug("RPKI: " __VA_ARGS__); \
83 #define RPKI_OUTPUT_STRING "Control rpki specific settings\n"
86 enum { TCP
, SSH
} type
;
87 struct tr_socket
*tr_socket
;
89 struct tr_tcp_config
*tcp_config
;
90 struct tr_ssh_config
*ssh_config
;
92 struct rtr_socket
*rtr_socket
;
96 enum return_values
{ SUCCESS
= 0, ERROR
= -1 };
98 struct rpki_for_each_record_arg
{
100 unsigned int *prefix_amount
;
103 static int start(void);
104 static void stop(void);
105 static int reset(bool force
);
106 static struct rtr_mgr_group
*get_connected_group(void);
107 static void print_prefix_table(struct vty
*vty
);
108 static void install_cli_commands(void);
109 static int config_write(struct vty
*vty
);
110 static void overwrite_exit_commands(void);
111 static void free_cache(struct cache
*cache
);
112 static struct rtr_mgr_group
*get_groups(void);
113 #if defined(FOUND_SSH)
114 static int add_ssh_cache(const char *host
, const unsigned int port
,
115 const char *username
, const char *client_privkey_path
,
116 const char *client_pubkey_path
,
117 const char *server_pubkey_path
,
118 const uint8_t preference
);
120 static struct rtr_socket
*create_rtr_socket(struct tr_socket
*tr_socket
);
121 static struct cache
*find_cache(const uint8_t preference
);
122 static int add_tcp_cache(const char *host
, const char *port
,
123 const uint8_t preference
);
124 static void print_record(const struct pfx_record
*record
, void *data
);
125 static int is_synchronized(void);
126 static int is_running(void);
127 static void route_match_free(void *rule
);
128 static route_map_result_t
route_match(void *rule
, struct prefix
*prefix
,
129 route_map_object_t type
, void *object
);
130 static void *route_match_compile(const char *arg
);
132 static struct rtr_mgr_config
*rtr_config
;
133 static struct list
*cache_list
;
134 static int rtr_is_running
;
135 static int rpki_debug
;
136 static unsigned int polling_period
;
137 static unsigned int expire_interval
;
138 static unsigned int retry_interval
;
139 static unsigned int timeout
;
140 static unsigned int initial_synchronisation_timeout
;
142 static struct cmd_node rpki_node
= {RPKI_NODE
, "%s(config-rpki)# ", 1};
143 static struct route_map_rule_cmd route_match_rpki_cmd
= {
144 "rpki", route_match
, route_match_compile
, route_match_free
};
146 static void *malloc_wrapper(size_t size
)
148 return XMALLOC(MTYPE_BGP_RPKI_CACHE
, size
);
151 static void *realloc_wrapper(void *ptr
, size_t size
)
153 return XREALLOC(MTYPE_BGP_RPKI_CACHE
, ptr
, size
);
156 static void free_wrapper(void *ptr
)
158 XFREE(MTYPE_BGP_RPKI_CACHE
, ptr
);
161 static void init_tr_socket(struct cache
*cache
)
163 if (cache
->type
== TCP
)
164 tr_tcp_init(cache
->tr_config
.tcp_config
,
166 #if defined(FOUND_SSH)
168 tr_ssh_init(cache
->tr_config
.ssh_config
,
173 static void free_tr_socket(struct cache
*cache
)
175 if (cache
->type
== TCP
)
176 tr_tcp_init(cache
->tr_config
.tcp_config
,
178 #if defined(FOUND_SSH)
180 tr_ssh_init(cache
->tr_config
.ssh_config
,
185 static int rpki_validate_prefix(struct peer
*peer
, struct attr
*attr
,
186 struct prefix
*prefix
);
188 static void ipv6_addr_to_host_byte_order(const uint32_t *src
, uint32_t *dest
)
192 for (i
= 0; i
< 4; i
++)
193 dest
[i
] = ntohl(src
[i
]);
196 static route_map_result_t
route_match(void *rule
, struct prefix
*prefix
,
197 route_map_object_t type
, void *object
)
199 int *rpki_status
= rule
;
200 struct bgp_info
*bgp_info
;
202 if (type
== RMAP_BGP
) {
205 if (rpki_validate_prefix(bgp_info
->peer
, bgp_info
->attr
, prefix
)
213 static void *route_match_compile(const char *arg
)
217 rpki_status
= XMALLOC(MTYPE_ROUTE_MAP_COMPILED
, sizeof(uint8_t));
219 if (strcmp(arg
, "valid") == 0)
220 *rpki_status
= RPKI_VALID
;
221 else if (strcmp(arg
, "invalid") == 0)
222 *rpki_status
= RPKI_INVALID
;
224 *rpki_status
= RPKI_NOTFOUND
;
229 static void route_match_free(void *rule
)
231 XFREE(MTYPE_ROUTE_MAP_COMPILED
, rule
);
234 static struct rtr_socket
*create_rtr_socket(struct tr_socket
*tr_socket
)
236 struct rtr_socket
*rtr_socket
=
237 XMALLOC(MTYPE_BGP_RPKI_CACHE
, sizeof(struct rtr_socket
));
238 rtr_socket
->tr_socket
= tr_socket
;
242 static struct cache
*find_cache(const uint8_t preference
)
244 struct listnode
*cache_node
;
247 for (ALL_LIST_ELEMENTS_RO(cache_list
, cache_node
, cache
)) {
248 if (cache
->preference
== preference
)
254 static void print_record(const struct pfx_record
*record
, void *data
)
256 char ip
[INET6_ADDRSTRLEN
];
257 struct rpki_for_each_record_arg
*arg
= data
;
258 struct vty
*vty
= arg
->vty
;
260 (*arg
->prefix_amount
)++;
262 lrtr_ip_addr_to_str(&record
->prefix
, ip
, sizeof(ip
));
263 vty_out(vty
, "%-40s %3u - %3u %10u\n", ip
, record
->min_len
,
264 record
->max_len
, record
->asn
);
267 static struct rtr_mgr_group
*get_groups(void)
269 struct listnode
*cache_node
;
270 struct rtr_mgr_group
*rtr_mgr_groups
;
273 int group_count
= listcount(cache_list
);
275 if (group_count
== 0)
278 rtr_mgr_groups
= XMALLOC(MTYPE_BGP_RPKI_CACHE_GROUP
,
279 group_count
* sizeof(struct rtr_mgr_group
));
283 for (ALL_LIST_ELEMENTS_RO(cache_list
, cache_node
, cache
)) {
284 rtr_mgr_groups
[i
].sockets
= &cache
->rtr_socket
;
285 rtr_mgr_groups
[i
].sockets_len
= 1;
286 rtr_mgr_groups
[i
].preference
= cache
->preference
;
288 init_tr_socket(cache
);
293 return rtr_mgr_groups
;
296 inline int is_synchronized(void)
298 return rtr_is_running
&& rtr_mgr_conf_in_sync(rtr_config
);
301 inline int is_running(void)
303 return rtr_is_running
;
306 static int bgp_rpki_init(struct thread_master
*master
)
311 cache_list
= list_new();
312 cache_list
->del
= (void (*)(void *)) & free_cache
;
314 polling_period
= POLLING_PERIOD_DEFAULT
;
315 expire_interval
= EXPIRE_INTERVAL_DEFAULT
;
316 retry_interval
= RETRY_INTERVAL_DEFAULT
;
317 timeout
= TIMEOUT_DEFAULT
;
318 initial_synchronisation_timeout
=
319 INITIAL_SYNCHRONISATION_TIMEOUT_DEFAULT
;
320 install_cli_commands();
324 static int bgp_rpki_fini(void)
327 list_delete_and_null(&cache_list
);
332 static int bgp_rpki_module_init(void)
334 lrtr_set_alloc_functions(malloc_wrapper
, realloc_wrapper
, free_wrapper
);
336 hook_register(frr_late_init
, bgp_rpki_init
);
337 hook_register(frr_early_fini
, &bgp_rpki_fini
);
342 static int start(void)
344 unsigned int waiting_time
= 0;
347 if (list_isempty(cache_list
)) {
349 "No caches were found in config. Prefix validation is off.");
352 RPKI_DEBUG("Init rtr_mgr.");
353 int groups_len
= listcount(cache_list
);
354 struct rtr_mgr_group
*groups
= get_groups();
356 ret
= rtr_mgr_init(&rtr_config
, groups
, groups_len
, polling_period
,
357 expire_interval
, retry_interval
, NULL
, NULL
, NULL
,
359 if (ret
== RTR_ERROR
) {
360 RPKI_DEBUG("Init rtr_mgr failed.");
364 RPKI_DEBUG("Starting rtr_mgr.");
365 ret
= rtr_mgr_start(rtr_config
);
366 if (ret
== RTR_ERROR
) {
367 RPKI_DEBUG("Starting rtr_mgr failed.");
368 rtr_mgr_free(rtr_config
);
372 RPKI_DEBUG("Waiting for rtr connection to synchronize.");
373 while (waiting_time
++ <= initial_synchronisation_timeout
) {
374 if (rtr_mgr_conf_in_sync(rtr_config
))
379 if (rtr_mgr_conf_in_sync(rtr_config
)) {
380 RPKI_DEBUG("Got synchronisation with at least one RPKI cache!");
383 "Timeout expired! Proceeding without RPKI validation data.");
386 XFREE(MTYPE_BGP_RPKI_CACHE_GROUP
, groups
);
391 static void stop(void)
393 if (rtr_is_running
) {
394 rtr_mgr_stop(rtr_config
);
395 rtr_mgr_free(rtr_config
);
400 static int reset(bool force
)
402 if (rtr_is_running
&& !force
)
405 RPKI_DEBUG("Resetting RPKI Session");
410 static struct rtr_mgr_group
*get_connected_group(void)
412 if (!cache_list
|| list_isempty(cache_list
))
415 return rtr_mgr_get_first_group(rtr_config
);
418 static void print_prefix_table(struct vty
*vty
)
420 struct rpki_for_each_record_arg arg
;
422 unsigned int number_of_ipv4_prefixes
= 0;
423 unsigned int number_of_ipv6_prefixes
= 0;
424 struct rtr_mgr_group
*group
= get_connected_group();
431 struct pfx_table
*pfx_table
= group
->sockets
[0]->pfx_table
;
433 vty_out(vty
, "RPKI/RTR prefix table\n");
434 vty_out(vty
, "%-40s %s %s\n", "Prefix", "Prefix Length", "Origin-AS");
436 arg
.prefix_amount
= &number_of_ipv4_prefixes
;
437 pfx_table_for_each_ipv4_record(pfx_table
, print_record
, &arg
);
439 arg
.prefix_amount
= &number_of_ipv6_prefixes
;
440 pfx_table_for_each_ipv6_record(pfx_table
, print_record
, &arg
);
442 vty_out(vty
, "Number of IPv4 Prefixes: %u\n", number_of_ipv4_prefixes
);
443 vty_out(vty
, "Number of IPv6 Prefixes: %u\n", number_of_ipv6_prefixes
);
446 static int rpki_validate_prefix(struct peer
*peer
, struct attr
*attr
,
447 struct prefix
*prefix
)
449 struct assegment
*as_segment
;
451 struct lrtr_ip_addr ip_addr_prefix
;
452 enum pfxv_state result
;
454 const char *prefix_string
;
456 if (!is_synchronized())
459 // No aspath means route comes from iBGP
460 if (!attr
->aspath
|| !attr
->aspath
->segments
) {
462 as_number
= peer
->bgp
->as
;
464 as_segment
= attr
->aspath
->segments
;
465 // Find last AsSegment
466 while (as_segment
->next
)
467 as_segment
= as_segment
->next
;
469 if (as_segment
->type
== AS_SEQUENCE
) {
471 as_number
= as_segment
->as
[as_segment
->length
- 1];
472 } else if (as_segment
->type
== AS_CONFED_SEQUENCE
473 || as_segment
->type
== AS_CONFED_SET
) {
475 as_number
= peer
->bgp
->as
;
477 // RFC says: "Take distinguished value NONE as asn"
478 // which means state is unknown
479 return RPKI_NOTFOUND
;
483 // Get the prefix in requested format
484 switch (prefix
->family
) {
486 ip_addr_prefix
.ver
= LRTR_IPV4
;
487 ip_addr_prefix
.u
.addr4
.addr
= ntohl(prefix
->u
.prefix4
.s_addr
);
491 ip_addr_prefix
.ver
= LRTR_IPV6
;
492 ipv6_addr_to_host_byte_order(prefix
->u
.prefix6
.s6_addr32
,
493 ip_addr_prefix
.u
.addr6
.addr
);
500 // Do the actual validation
501 rtr_mgr_validate(rtr_config
, as_number
, &ip_addr_prefix
,
502 prefix
->prefixlen
, &result
);
504 // Print Debug output
506 inet_ntop(prefix
->family
, &prefix
->u
.prefix
, buf
, BUFSIZ
);
508 case BGP_PFXV_STATE_VALID
:
510 "Validating Prefix %s/%hhu from asn %u Result: VALID",
511 prefix_string
, prefix
->prefixlen
, as_number
);
513 case BGP_PFXV_STATE_NOT_FOUND
:
515 "Validating Prefix %s/%hhu from asn %u Result: NOT FOUND",
516 prefix_string
, prefix
->prefixlen
, as_number
);
517 return RPKI_NOTFOUND
;
518 case BGP_PFXV_STATE_INVALID
:
520 "Validating Prefix %s/%hhu from asn %u Result: INVALID",
521 prefix_string
, prefix
->prefixlen
, as_number
);
525 "Validating Prefix %s/%hhu from asn %u Result: CANNOT VALIDATE",
526 prefix_string
, prefix
->prefixlen
, as_number
);
532 static int add_cache(struct cache
*cache
)
534 uint8_t preference
= cache
->preference
;
535 struct rtr_mgr_group group
;
537 group
.preference
= preference
;
538 group
.sockets_len
= 1;
539 group
.sockets
= &cache
->rtr_socket
;
541 listnode_add(cache_list
, cache
);
543 if (rtr_is_running
) {
544 init_tr_socket(cache
);
546 if (rtr_mgr_add_group(rtr_config
, &group
) != RTR_SUCCESS
) {
547 free_tr_socket(cache
);
555 static int add_tcp_cache(const char *host
, const char *port
,
556 const uint8_t preference
)
558 struct rtr_socket
*rtr_socket
;
559 struct tr_tcp_config
*tcp_config
=
560 XMALLOC(MTYPE_BGP_RPKI_CACHE
, sizeof(struct tr_tcp_config
));
561 struct tr_socket
*tr_socket
=
562 XMALLOC(MTYPE_BGP_RPKI_CACHE
, sizeof(struct tr_socket
));
563 struct cache
*cache
=
564 XMALLOC(MTYPE_BGP_RPKI_CACHE
, sizeof(struct cache
));
566 tcp_config
->host
= XSTRDUP(MTYPE_BGP_RPKI_CACHE
, host
);
567 tcp_config
->port
= XSTRDUP(MTYPE_BGP_RPKI_CACHE
, port
);
568 tcp_config
->bindaddr
= NULL
;
570 rtr_socket
= create_rtr_socket(tr_socket
);
573 cache
->tr_socket
= tr_socket
;
574 cache
->tr_config
.tcp_config
= tcp_config
;
575 cache
->rtr_socket
= rtr_socket
;
576 cache
->preference
= preference
;
578 return add_cache(cache
);
581 #if defined(FOUND_SSH)
582 static int add_ssh_cache(const char *host
, const unsigned int port
,
583 const char *username
, const char *client_privkey_path
,
584 const char *client_pubkey_path
,
585 const char *server_pubkey_path
,
586 const uint8_t preference
)
588 struct tr_ssh_config
*ssh_config
=
589 XMALLOC(MTYPE_BGP_RPKI_CACHE
, sizeof(struct tr_ssh_config
));
590 struct cache
*cache
=
591 XMALLOC(MTYPE_BGP_RPKI_CACHE
, sizeof(struct cache
));
592 struct tr_socket
*tr_socket
=
593 XMALLOC(MTYPE_BGP_RPKI_CACHE
, sizeof(struct tr_socket
));
594 struct rtr_socket
*rtr_socket
;
596 ssh_config
->port
= port
;
597 ssh_config
->host
= XSTRDUP(MTYPE_BGP_RPKI_CACHE
, host
);
598 ssh_config
->bindaddr
= NULL
;
600 ssh_config
->username
= XSTRDUP(MTYPE_BGP_RPKI_CACHE
, username
);
601 ssh_config
->client_privkey_path
=
602 XSTRDUP(MTYPE_BGP_RPKI_CACHE
, client_privkey_path
);
603 ssh_config
->server_hostkey_path
=
604 XSTRDUP(MTYPE_BGP_RPKI_CACHE
, server_pubkey_path
);
606 rtr_socket
= create_rtr_socket(tr_socket
);
609 cache
->tr_socket
= tr_socket
;
610 cache
->tr_config
.ssh_config
= ssh_config
;
611 cache
->rtr_socket
= rtr_socket
;
612 cache
->preference
= preference
;
614 return add_cache(cache
);
618 static void free_cache(struct cache
*cache
)
620 if (cache
->type
== TCP
) {
621 XFREE(MTYPE_BGP_RPKI_CACHE
, cache
->tr_config
.tcp_config
->host
);
622 XFREE(MTYPE_BGP_RPKI_CACHE
, cache
->tr_config
.tcp_config
->port
);
623 XFREE(MTYPE_BGP_RPKI_CACHE
, cache
->tr_config
.tcp_config
);
625 #if defined(FOUND_SSH)
627 XFREE(MTYPE_BGP_RPKI_CACHE
, cache
->tr_config
.ssh_config
->host
);
628 XFREE(MTYPE_BGP_RPKI_CACHE
,
629 cache
->tr_config
.ssh_config
->username
);
630 XFREE(MTYPE_BGP_RPKI_CACHE
,
631 cache
->tr_config
.ssh_config
->client_privkey_path
);
632 XFREE(MTYPE_BGP_RPKI_CACHE
,
633 cache
->tr_config
.ssh_config
->server_hostkey_path
);
634 XFREE(MTYPE_BGP_RPKI_CACHE
, cache
->tr_config
.ssh_config
);
637 XFREE(MTYPE_BGP_RPKI_CACHE
, cache
->tr_socket
);
638 XFREE(MTYPE_BGP_RPKI_CACHE
, cache
->rtr_socket
);
639 XFREE(MTYPE_BGP_RPKI_CACHE
, cache
);
642 static int config_write(struct vty
*vty
)
644 struct listnode
*cache_node
;
647 if (listcount(cache_list
)) {
649 vty_out(vty
, "debug rpki\n");
652 vty_out(vty
, "rpki\n");
653 vty_out(vty
, " rpki polling_period %d\n", polling_period
);
654 vty_out(vty
, " rpki timeout %d\n", timeout
);
655 vty_out(vty
, " rpki initial-synchronisation-timeout %d\n",
656 initial_synchronisation_timeout
);
657 for (ALL_LIST_ELEMENTS_RO(cache_list
, cache_node
, cache
)) {
658 switch (cache
->type
) {
659 struct tr_tcp_config
*tcp_config
;
660 #if defined(FOUND_SSH)
661 struct tr_ssh_config
*ssh_config
;
664 tcp_config
= cache
->tr_config
.tcp_config
;
665 vty_out(vty
, " rpki cache %s %s ",
666 tcp_config
->host
, tcp_config
->port
);
668 #if defined(FOUND_SSH)
670 ssh_config
= cache
->tr_config
.ssh_config
;
671 vty_out(vty
, " rpki cache %s %u %s %s %s ",
672 ssh_config
->host
, ssh_config
->port
,
673 ssh_config
->username
,
674 ssh_config
->client_privkey_path
,
675 ssh_config
->server_hostkey_path
!= NULL
677 ->server_hostkey_path
685 vty_out(vty
, "preference %hhu\n", cache
->preference
);
687 vty_out(vty
, " exit\n");
697 "Enable rpki and enter rpki configuration mode\n")
699 vty
->node
= RPKI_NODE
;
703 DEFUN (bgp_rpki_start
,
707 "start rpki support\n")
709 if (listcount(cache_list
) == 0)
711 "Could not start rpki because no caches are configured\n");
714 if (start() == ERROR
) {
715 RPKI_DEBUG("RPKI failed to start");
722 DEFUN (bgp_rpki_stop
,
726 "start rpki support\n")
734 DEFPY (rpki_polling_period
,
735 rpki_polling_period_cmd
,
736 "rpki polling_period (1-86400)$pp",
738 "Set polling period\n"
739 "Polling period value\n")
745 DEFUN (no_rpki_polling_period
,
746 no_rpki_polling_period_cmd
,
747 "no rpki polling_period",
750 "Set polling period back to default\n")
752 polling_period
= POLLING_PERIOD_DEFAULT
;
756 DEFPY (rpki_expire_interval
,
757 rpki_expire_interval_cmd
,
758 "rpki expire_interval (600-172800)$tmp",
760 "Set expire interval\n"
761 "Expire interval value\n")
763 if ((unsigned int)tmp
>= polling_period
) {
764 expire_interval
= tmp
;
768 vty_out(vty
, "%% Expiry interval must be polling period or larger\n");
769 return CMD_WARNING_CONFIG_FAILED
;
772 DEFUN (no_rpki_expire_interval
,
773 no_rpki_expire_interval_cmd
,
774 "no rpki expire_interval",
777 "Set expire interval back to default\n")
779 expire_interval
= polling_period
* 2;
783 DEFPY (rpki_retry_interval
,
784 rpki_retry_interval_cmd
,
785 "rpki retry_interval (1-7200)$tmp",
787 "Set retry interval\n"
788 "retry interval value\n")
790 retry_interval
= tmp
;
794 DEFUN (no_rpki_retry_interval
,
795 no_rpki_retry_interval_cmd
,
796 "no rpki retry_interval",
799 "Set retry interval back to default\n")
801 retry_interval
= RETRY_INTERVAL_DEFAULT
;
807 "rpki timeout (1-4294967295)$to_arg",
816 DEFUN (no_rpki_timeout
,
821 "Set timeout back to default\n")
823 timeout
= TIMEOUT_DEFAULT
;
827 DEFPY (rpki_synchronisation_timeout
,
828 rpki_synchronisation_timeout_cmd
,
829 "rpki initial-synchronisation-timeout (1-4294967295)$ito_arg",
831 "Set a timeout for the initial synchronisation of prefix validation data\n"
834 initial_synchronisation_timeout
= ito_arg
;
838 DEFUN (no_rpki_synchronisation_timeout
,
839 no_rpki_synchronisation_timeout_cmd
,
840 "no rpki initial-synchronisation-timeout",
843 "Set the initial synchronisation timeout back to default (30 sec.)\n")
845 initial_synchronisation_timeout
=
846 INITIAL_SYNCHRONISATION_TIMEOUT_DEFAULT
;
852 "rpki cache <A.B.C.D|WORD>"
853 "<TCPPORT|(1-65535)$sshport SSH_UNAME SSH_PRIVKEY SSH_PUBKEY [SERVER_PUBKEY]> "
854 "preference (1-255)",
856 "Install a cache server to current group\n"
857 "IP address of cache server\n Hostname of cache server\n"
861 "Path to own SSH private key\n"
862 "Path to own SSH public key\n"
863 "Path to Public key of cache server\n"
864 "Preference of the cache server\n"
865 "Preference value\n")
869 // use ssh connection
871 #if defined(FOUND_SSH)
873 add_ssh_cache(cache
, sshport
, ssh_uname
, ssh_privkey
,
874 ssh_pubkey
, server_pubkey
, preference
);
876 return_value
= SUCCESS
;
878 "ssh sockets are not supported. "
879 "Please recompile rtrlib and frr with ssh support. "
880 "If you want to use it");
882 } else { // use tcp connection
883 return_value
= add_tcp_cache(cache
, tcpport
, preference
);
886 if (return_value
== ERROR
) {
887 vty_out(vty
, "Could not create new rpki cache\n");
894 DEFPY (no_rpki_cache
,
896 "no rpki cache <A.B.C.D|WORD> <TCPPORT|(1-65535)$sshport> preference (1-255)$preference",
899 "Remove a cache server\n"
900 "IP address of cache server\n Hostname of cache server\n"
903 "Preference of the cache server\n"
904 "Preference value\n")
906 struct cache
*cache_p
= find_cache(preference
);
909 vty_out(vty
, "Could not find cache %ld\n", preference
);
913 if (rtr_is_running
) {
914 if (rtr_mgr_remove_group(rtr_config
, preference
) == RTR_ERROR
) {
915 vty_out(vty
, "Could not remove cache %ld", preference
);
916 if (listcount(cache_list
) == 1)
917 vty_out(vty
, " because it is the last cache");
924 listnode_delete(cache_list
, cache_p
);
930 DEFUN (show_rpki_prefix_table
,
931 show_rpki_prefix_table_cmd
,
932 "show rpki prefix-table",
935 "Show validated prefixes which were received from RPKI Cache\n")
937 struct listnode
*cache_node
;
940 for (ALL_LIST_ELEMENTS_RO(cache_list
, cache_node
, cache
)) {
941 vty_out(vty
, "host: %s port: %s\n",
942 cache
->tr_config
.tcp_config
->host
,
943 cache
->tr_config
.tcp_config
->port
);
945 if (is_synchronized())
946 print_prefix_table(vty
);
948 vty_out(vty
, "No connection to RPKI cache server.\n");
953 DEFUN (show_rpki_cache_server
,
954 show_rpki_cache_server_cmd
,
955 "show rpki cache-server",
958 "SHOW configured cache server\n")
960 struct listnode
*cache_node
;
963 for (ALL_LIST_ELEMENTS_RO(cache_list
, cache_node
, cache
)) {
964 vty_out(vty
, "host: %s port: %s\n",
965 cache
->tr_config
.tcp_config
->host
,
966 cache
->tr_config
.tcp_config
->port
);
972 DEFUN (show_rpki_cache_connection
,
973 show_rpki_cache_connection_cmd
,
974 "show rpki cache-connection",
977 "Show to which RPKI Cache Servers we have a connection\n")
979 if (is_synchronized()) {
980 struct listnode
*cache_node
;
982 struct rtr_mgr_group
*group
= get_connected_group();
985 vty_out(vty
, "Cannot find a connected group.\n");
988 vty_out(vty
, "Connected to group %d\n", group
->preference
);
989 for (ALL_LIST_ELEMENTS_RO(cache_list
, cache_node
, cache
)) {
990 if (cache
->preference
== group
->preference
) {
991 struct tr_tcp_config
*tcp_config
;
992 #if defined(FOUND_SSH)
993 struct tr_ssh_config
*ssh_config
;
996 switch (cache
->type
) {
999 cache
->tr_config
.tcp_config
;
1001 "rpki tcp cache %s %s pref %hhu\n",
1007 #if defined(FOUND_SSH)
1010 cache
->tr_config
.ssh_config
;
1012 "rpki ssh cache %s %u pref %hhu\n",
1025 vty_out(vty
, "No connection to RPKI cache server.\n");
1031 DEFUN_NOSH (rpki_exit
,
1034 "Exit rpki configuration and restart rpki session\n")
1036 int ret
= reset(false);
1038 vty
->node
= CONFIG_NODE
;
1039 return ret
== SUCCESS
? CMD_SUCCESS
: CMD_WARNING
;
1042 DEFUN_NOSH (rpki_quit
,
1045 "Exit rpki configuration mode\n")
1047 return rpki_exit(self
, vty
, argc
, argv
);
1050 DEFUN_NOSH (rpki_end
,
1053 "End rpki configuration, restart rpki session and change to enable mode.\n")
1055 int ret
= reset(false);
1057 vty_config_unlock(vty
);
1058 vty
->node
= ENABLE_NODE
;
1059 return ret
== SUCCESS
? CMD_SUCCESS
: CMD_WARNING
;
1068 return reset(true) == SUCCESS
? CMD_SUCCESS
: CMD_WARNING
;
1075 "Enable debugging for rpki\n")
1081 DEFUN (no_debug_rpki
,
1086 "Disable debugging for rpki\n")
1094 "match rpki <valid|invalid|notfound>",
1099 "Prefix not found\n")
1101 VTY_DECLVAR_CONTEXT(route_map_index
, index
);
1104 ret
= route_map_add_match(index
, "rpki", argv
[2]->arg
);
1107 case RMAP_RULE_MISSING
:
1108 vty_out(vty
, "%% BGP Can't find rule.\n");
1109 return CMD_WARNING_CONFIG_FAILED
;
1110 case RMAP_COMPILE_ERROR
:
1111 vty_out(vty
, "%% BGP Argument is malformed.\n");
1112 return CMD_WARNING_CONFIG_FAILED
;
1118 DEFUN (no_match_rpki
,
1120 "no match rpki <valid|invalid|notfound>",
1126 "Prefix not found\n")
1128 VTY_DECLVAR_CONTEXT(route_map_index
, index
);
1131 ret
= route_map_delete_match(index
, "rpki", argv
[3]->arg
);
1134 case RMAP_RULE_MISSING
:
1135 vty_out(vty
, "%% BGP Can't find rule.\n");
1137 case RMAP_COMPILE_ERROR
:
1138 vty_out(vty
, "%% BGP Argument is malformed.\n");
1141 return CMD_WARNING_CONFIG_FAILED
;
1147 static void overwrite_exit_commands(void)
1150 vector cmd_vector
= rpki_node
.cmd_vector
;
1152 for (i
= 0; i
< cmd_vector
->active
; ++i
) {
1153 struct cmd_element
*cmd
= vector_lookup(cmd_vector
, i
);
1155 if (strcmp(cmd
->string
, "exit") == 0
1156 || strcmp(cmd
->string
, "quit") == 0
1157 || strcmp(cmd
->string
, "end") == 0) {
1158 uninstall_element(RPKI_NODE
, cmd
);
1162 install_element(RPKI_NODE
, &rpki_exit_cmd
);
1163 install_element(RPKI_NODE
, &rpki_quit_cmd
);
1164 install_element(RPKI_NODE
, &rpki_end_cmd
);
1167 static void install_cli_commands(void)
1169 // TODO: make config write work
1170 install_node(&rpki_node
, &config_write
);
1171 install_default(RPKI_NODE
);
1172 overwrite_exit_commands();
1173 install_element(CONFIG_NODE
, &rpki_cmd
);
1174 install_element(VIEW_NODE
, &rpki_cmd
);
1176 install_element(ENABLE_NODE
, &bgp_rpki_start_cmd
);
1177 install_element(ENABLE_NODE
, &bgp_rpki_stop_cmd
);
1179 /* Install rpki reset command */
1180 install_element(RPKI_NODE
, &rpki_reset_cmd
);
1182 /* Install rpki polling period commands */
1183 install_element(RPKI_NODE
, &rpki_polling_period_cmd
);
1184 install_element(RPKI_NODE
, &no_rpki_polling_period_cmd
);
1186 /* Install rpki expire interval commands */
1187 install_element(RPKI_NODE
, &rpki_expire_interval_cmd
);
1188 install_element(RPKI_NODE
, &no_rpki_expire_interval_cmd
);
1190 /* Install rpki retry interval commands */
1191 install_element(RPKI_NODE
, &rpki_retry_interval_cmd
);
1192 install_element(RPKI_NODE
, &no_rpki_retry_interval_cmd
);
1194 /* Install rpki timeout commands */
1195 install_element(RPKI_NODE
, &rpki_timeout_cmd
);
1196 install_element(RPKI_NODE
, &no_rpki_timeout_cmd
);
1198 /* Install rpki synchronisation timeout commands */
1199 install_element(RPKI_NODE
, &rpki_synchronisation_timeout_cmd
);
1200 install_element(RPKI_NODE
, &no_rpki_synchronisation_timeout_cmd
);
1202 /* Install rpki cache commands */
1203 install_element(RPKI_NODE
, &rpki_cache_cmd
);
1204 install_element(RPKI_NODE
, &no_rpki_cache_cmd
);
1206 /* Install show commands */
1207 install_element(ENABLE_NODE
, &show_rpki_prefix_table_cmd
);
1208 install_element(ENABLE_NODE
, &show_rpki_cache_connection_cmd
);
1209 install_element(ENABLE_NODE
, &show_rpki_cache_server_cmd
);
1211 /* Install debug commands */
1212 install_element(CONFIG_NODE
, &debug_rpki_cmd
);
1213 install_element(ENABLE_NODE
, &debug_rpki_cmd
);
1214 install_element(CONFIG_NODE
, &no_debug_rpki_cmd
);
1215 install_element(ENABLE_NODE
, &no_debug_rpki_cmd
);
1217 /* Install route match */
1218 route_map_install_match(&route_match_rpki_cmd
);
1219 install_element(RMAP_NODE
, &match_rpki_cmd
);
1220 install_element(RMAP_NODE
, &no_match_rpki_cmd
);
1223 FRR_MODULE_SETUP(.name
= "bgpd_rpki", .version
= "0.3.6",
1224 .description
= "Enable RPKI support for FRR.",
1225 .init
= bgp_rpki_module_init
)