Hi,
Following the previous email, here is a patch to bgpctl(8).
It adds two commands :
- show validator
- show rib roa-state [valid|invalid|not-found]
Here is the result of each command :
# bgpctl show validator
id address:port pref v4 v6
0 [2a02:cdc5:9715:0:185:5:200:241]:8282 128 36655 5837
# bgpctl show rib roa-state invalid
flags: * = Valid, > = Selected, I = via IBGP, A = Announced, S = Stale
v = ROA valid, i = ROA invalid, n = ROA not found
origin: i = IGP, e = EGP, ? = Incomplete
flags destination gateway lpref med aspath origin
i*> 185.22.130.0/24 192.168.10.21 50 0 60983 i
i*> 2001:7c8::/32 2a00:6060:1::10:21 50 0 60983 i
# bgpctl show rib detail roa-state not-found
BGP routing table entry for 2001:db8:b000::/48
60983
Nexthop 2a00:6060:1::10:21 (via 2a00:6060:1::10:21) from 2a00:6060:1::10:21
(192.168.10.21)
Origin IGP, metric 0, localpref 100, weight 0, external, valid, best,
roa-notfound
Last update: 00:00:38 ago
Index: bgpctl.8
===================================================================
RCS file: /cvs/src/usr.sbin/bgpctl/bgpctl.8,v
retrieving revision 1.77
diff -u -p -r1.77 bgpctl.8
--- bgpctl.8 29 May 2017 21:27:36 -0000 1.77
+++ bgpctl.8 26 Aug 2017 19:20:00 -0000
@@ -353,6 +353,11 @@ Show only entries from the specified RIB
Show all entries with
.Ar as
anywhere but rightmost.
+.It Xo
+.Ic Cm roa-state
+.Pq Ic valid Ns | Ns Ic invalid Ns | Ns Ic not-found
+.Xc
+Show only routes with specified RPKI-ROA status.
.El
.Pp
Additionally, the following
@@ -418,6 +423,8 @@ Show a list of all neighbors, including
in a terse format.
.It Cm show tables
Show a list of all currently loaded fib routing tables.
+.It Cm show validator
+Show a list of all RPKI-ROA cache validators.
.El
.Sh FILES
.Bl -tag -width "/var/run/bgpd.sockXXX" -compact
Index: bgpctl.c
===================================================================
RCS file: /cvs/src/usr.sbin/bgpctl/bgpctl.c,v
retrieving revision 1.199
diff -u -p -r1.199 bgpctl.c
--- bgpctl.c 10 Aug 2017 14:22:59 -0000 1.199
+++ bgpctl.c 26 Aug 2017 19:20:01 -0000
@@ -39,6 +39,7 @@
#include "bgpd.h"
#include "session.h"
#include "rde.h"
+#include "roa.h"
#include "parser.h"
#include "irrfilter.h"
#include "mrtparser.h"
@@ -69,11 +70,13 @@ int show_fib_msg(struct imsg *);
void show_nexthop_head(void);
int show_nexthop_msg(struct imsg *);
void show_interface_head(void);
+void show_validator_head(void);
uint64_t ift2ifm(uint8_t);
const char * get_media_descr(uint64_t);
const char * get_linkstate(uint8_t, int);
const char * get_baudrate(u_int64_t, char *);
int show_interface_msg(struct imsg *);
+int show_validator_msg(struct imsg *);
void show_rib_summary_head(void);
void print_prefix(struct bgpd_addr *, u_int8_t, u_int8_t);
const char * print_origin(u_int8_t, int);
@@ -232,6 +235,10 @@ main(int argc, char *argv[])
imsg_compose(ibuf, IMSG_CTL_SHOW_INTERFACE, 0, 0, -1, NULL, 0);
show_interface_head();
break;
+ case SHOW_VALIDATOR:
+ imsg_compose(ibuf, IMSG_CTL_SHOW_VALIDATOR, 0, 0, -1, NULL, 0);
+ show_validator_head();
+ break;
case SHOW_NEIGHBOR:
case SHOW_NEIGHBOR_TIMERS:
case SHOW_NEIGHBOR_TERSE:
@@ -460,6 +467,9 @@ main(int argc, char *argv[])
case SHOW_INTERFACE:
done = show_interface_msg(&imsg);
break;
+ case SHOW_VALIDATOR:
+ done = show_validator_msg(&imsg);
+ break;
case SHOW_NEIGHBOR:
done = show_neighbor_msg(&imsg, NV_DEFAULT);
break;
@@ -947,7 +957,7 @@ show_fib_head(void)
"* = valid, B = BGP, C = Connected, S = Static, D = Dynamic\n");
printf(" "
"N = BGP Nexthop reachable via this route R = redistributed\n");
- printf(" r = reject route, b = blackhole route\n\n");
+ printf(" r = reject route, b = blackhole route\n");
printf("flags prio destination gateway\n");
}
@@ -1141,6 +1151,42 @@ show_interface_head(void)
"Link state");
}
+void
+show_validator_head(void)
+{
+ printf("%s %s %s %s %s\n", "id", "address:port",
+ "pref", "v4", "v6");
+}
+
+int
+show_validator_msg(struct imsg *imsg)
+{
+ struct validator *v;
+
+ switch (imsg->hdr.type) {
+ case IMSG_CTL_SHOW_VALIDATOR:
+ v = imsg->data;
+ printf("%d ", v->id);
+ if (v->remote_addr.aid == AID_INET)
+ printf("%s:%d ", log_addr(&v->remote_addr), v->port);
+ else if (v->remote_addr.aid == AID_INET6)
+ printf("[%s]:%d ", log_addr(&v->remote_addr), v->port);
+ else
+ printf("???");
+ printf("%d ", v->preference);
+ printf("%d ", v->prefixes.v4count);
+ printf("%lld ", v->prefixes.v6count);
+ printf("\n");
+ break;
+ case IMSG_CTL_END:
+ return (1);
+ break;
+ default:
+ break;
+ }
+ return (0);
+}
+
const struct if_status_description
if_status_descriptions[] = LINK_STATE_DESCRIPTIONS;
const struct ifmedia_description
@@ -1247,8 +1293,9 @@ show_rib_summary_head(void)
{
printf("flags: * = Valid, > = Selected, I = via IBGP, A = Announced, "
"S = Stale\n");
+ printf(" v = ROA valid, i = ROA invalid, n = ROA not found\n");
printf("origin: i = IGP, e = EGP, ? = Incomplete\n\n");
- printf("%-5s %-20s %-15s %5s %5s %s\n", "flags", "destination",
+ printf("%-6s %-20s %-15s %5s %5s %s\n", "flags", "destination",
"gateway", "lpref", "med", "aspath origin");
}
@@ -1282,10 +1329,16 @@ print_origin(u_int8_t origin, int sum)
void
print_flags(u_int8_t flags, int sum)
{
- char flagstr[5];
+ char flagstr[6];
char *p = flagstr;
if (sum) {
+ if (flags & F_PREF_ROAVALID)
+ *p++ = 'v';
+ else if (flags & F_PREF_ROAINVALID)
+ *p++ = 'i';
+ else /* state not found */
+ *p++ = 'n';
if (flags & F_PREF_ANNOUNCE)
*p++ = 'A';
if (flags & F_PREF_INTERNAL)
@@ -1297,7 +1350,7 @@ print_flags(u_int8_t flags, int sum)
if (flags & F_PREF_ACTIVE)
*p++ = '>';
*p = '\0';
- printf("%-5s ", flagstr);
+ printf("%-6s ", flagstr);
} else {
if (flags & F_PREF_INTERNAL)
printf("internal");
@@ -1311,6 +1364,12 @@ print_flags(u_int8_t flags, int sum)
printf(", best");
if (flags & F_PREF_ANNOUNCE)
printf(", announced");
+ if (flags & F_PREF_ROAVALID)
+ printf(", roa-valid");
+ else if (flags & F_PREF_ROAINVALID)
+ printf(", roa-invalid");
+ else /* state not found */
+ printf(", roa-notfound");
}
}
Index: parser.c
===================================================================
RCS file: /cvs/src/usr.sbin/bgpctl/parser.c,v
retrieving revision 1.80
diff -u -p -r1.80 parser.c
--- parser.c 10 Aug 2017 14:12:34 -0000 1.80
+++ parser.c 26 Aug 2017 19:20:01 -0000
@@ -119,6 +119,7 @@ static const struct token t_irrfilter_op
static const struct token t_log[];
static const struct token t_fib_table[];
static const struct token t_show_fib_table[];
+static const struct token t_show_roastate[];
static const struct token t_main[] = {
{ KEYWORD, "reload", RELOAD, NULL},
@@ -143,6 +144,7 @@ static const struct token t_show[] = {
{ KEYWORD, "ip", NONE, t_show_ip},
{ KEYWORD, "summary", SHOW_SUMMARY, t_show_summary},
{ KEYWORD, "mrt", SHOW_MRT, t_show_mrt},
+ { KEYWORD, "validator", SHOW_VALIDATOR, NULL},
{ ENDTOKEN, "", NONE, NULL}
};
@@ -183,11 +185,18 @@ static const struct token t_show_rib[] =
{ KEYWORD, "table", NONE, t_show_rib_rib},
{ KEYWORD, "summary", SHOW_SUMMARY, t_show_summary},
{ KEYWORD, "memory", SHOW_RIB_MEM, NULL},
+ { KEYWORD, "roa-state", NONE, t_show_roastate},
{ FAMILY, "", NONE, t_show_rib},
{ PREFIX, "", NONE, t_show_prefix},
{ ENDTOKEN, "", NONE, NULL}
};
+static const struct token t_show_roastate[] = {
+ { FLAG, "invalid", F_ROA_INVALID, t_show_rib},
+ { FLAG, "not-found", F_ROA_NOTFOUND, t_show_rib},
+ { FLAG, "valid", F_ROA_VALID, t_show_rib},
+ { ENDTOKEN, "", NONE, NULL}
+};
static const struct token t_show_mrt[] = {
{ NOTOKEN, "", NONE, NULL},
Index: parser.h
===================================================================
RCS file: /cvs/src/usr.sbin/bgpctl/parser.h,v
retrieving revision 1.30
diff -u -p -r1.30 parser.h
--- parser.h 10 Aug 2017 14:12:34 -0000 1.30
+++ parser.h 26 Aug 2017 19:20:01 -0000
@@ -35,6 +35,7 @@ enum actions {
SHOW_RIB_MEM,
SHOW_NEXTHOP,
SHOW_INTERFACE,
+ SHOW_VALIDATOR,
RELOAD,
FIB,
FIB_COUPLE,
