Re: OpenBGPd: expand rib list (updated for r1.295)
Also looks good to me, OK
On 2017 Jan 20 (Fri) at 21:19:22 +0100 (+0100), Denis Fondras wrote:
:Hello,
:
:Here is a patch to expand RIB names in rules. When playing with multi-RIBs, it
:allows to simplify ruleset.
:
: Ex :
:# cat /etc/bgpd.conf
:[...]
:peer_ribs = "{ m1, m2, m3 }"
:deny rib m2 from any
:allow rib $peer_ribs from any prefix { 2001:db8:1::/48, 2001:db8:2::/48 }
:
:# bgpd -dnv
:[...]
:deny rib m2 from any
:allow rib m3 from any prefix 2001:db8:2::/48
:allow rib m3 from any prefix 2001:db8:1::/48
:allow rib m2 from any prefix 2001:db8:2::/48
:allow rib m2 from any prefix 2001:db8:1::/48
:allow rib m1 from any prefix 2001:db8:2::/48
:allow rib m1 from any prefix 2001:db8:1::/48
:
:
:Index: parse.y
:===
:RCS file: /cvs/src/usr.sbin/bgpd/parse.y,v
:retrieving revision 1.295
:diff -u -p -r1.295 parse.y
:--- parse.y18 Jan 2017 04:28:45 - 1.295
:+++ parse.y20 Jan 2017 20:15:20 -
:@@ -91,6 +91,11 @@ static struct filter_rule *curpeer_filte
: static struct filter_rule *curgroup_filter[2];
: static u_int32_t id;
:
:+struct filter_rib_l {
:+ struct filter_rib_l *next;
:+ char name[PEER_DESCR_LEN];
:+};
:+
: struct filter_peers_l {
: struct filter_peers_l *next;
: struct filter_peers p;
:@@ -128,8 +133,9 @@ struct rde_rib *find_rib(char *);
: intget_id(struct peer *);
: intmerge_prefixspec(struct filter_prefix_l *,
: struct filter_prefixlen *);
:-intexpand_rule(struct filter_rule *, struct filter_peers_l *,
:- struct filter_match_l *, struct filter_set_head *);
:+intexpand_rule(struct filter_rule *, struct filter_rib_l *,
:+ struct filter_peers_l *, struct filter_match_l *,
:+ struct filter_set_head *);
: intstr2key(char *, char *, size_t);
: intneighbor_consistent(struct peer *);
: intmerge_filterset(struct filter_set_head *, struct filter_set *);
:@@ -153,6 +159,7 @@ typedef struct {
: char*string;
: struct bgpd_addr addr;
: u_int8_t u8;
:+ struct filter_rib_l *filter_rib;
: struct filter_peers_l *filter_peers;
: struct filter_match_lfilter_match;
: struct filter_prefix_l *filter_prefix;
:@@ -203,10 +210,11 @@ typedef struct {
: %type asnumber as4number as4number_any optnumber
: %type espah family restart origincode nettype
: %type yesno inout restricted
:-%type string filter_rib
:+%type string
: %type address
: %type prefix addrspec
: %type action quick direction delete
:+%type filter_rib_h filter_rib_l filter_rib
: %type filter_peer filter_peer_l filter_peer_h
: %type filter_match filter_elm filter_match_h
: %typefilter_as filter_as_l filter_as_h
:@@ -1469,9 +1477,10 @@ encspec : /* nada */{
: }
: ;
:
:-filterrule: action quick filter_rib direction filter_peer_h
filter_match_h filter_set
:+filterrule: action quick filter_rib_h direction filter_peer_h
filter_match_h filter_set
: {
: struct filter_rule r;
:+ struct filter_rib_l *rb, *rbnext;
:
: bzero(, sizeof(r));
: r.action = $1;
:@@ -1481,25 +1490,15 @@ filterrule : action quick filter_rib dir
: if (r.dir != DIR_IN) {
: yyerror("rib only allowed on \"from\" "
: "rules.");
:- free($3);
:- YYERROR;
:- }
:- if (!find_rib($3)) {
:- yyerror("rib \"%s\" does not exist.",
:- $3);
:- free($3);
:- YYERROR;
:- }
:- if (strlcpy(r.rib, $3, sizeof(r.rib)) >=
:- sizeof(r.rib)) {
:- yyerror("rib name \"%s\" too long: "
:- "max %zu", $3, sizeof(r.rib) - 1);
:- free($3);
:+
:+ for (rb = $3; rb != NULL; rb = rbnext) {
:+ rbnext = rb->next;
:+ free(rb);
:+ }
: YYERROR;
:
OpenBGPd: expand rib list (updated for r1.295)
Hello,
Here is a patch to expand RIB names in rules. When playing with multi-RIBs, it
allows to simplify ruleset.
Ex :
# cat /etc/bgpd.conf
[...]
peer_ribs = "{ m1, m2, m3 }"
deny rib m2 from any
allow rib $peer_ribs from any prefix { 2001:db8:1::/48, 2001:db8:2::/48 }
# bgpd -dnv
[...]
deny rib m2 from any
allow rib m3 from any prefix 2001:db8:2::/48
allow rib m3 from any prefix 2001:db8:1::/48
allow rib m2 from any prefix 2001:db8:2::/48
allow rib m2 from any prefix 2001:db8:1::/48
allow rib m1 from any prefix 2001:db8:2::/48
allow rib m1 from any prefix 2001:db8:1::/48
Index: parse.y
===
RCS file: /cvs/src/usr.sbin/bgpd/parse.y,v
retrieving revision 1.295
diff -u -p -r1.295 parse.y
--- parse.y 18 Jan 2017 04:28:45 - 1.295
+++ parse.y 20 Jan 2017 20:15:20 -
@@ -91,6 +91,11 @@ static struct filter_rule*curpeer_filte
static struct filter_rule *curgroup_filter[2];
static u_int32_tid;
+struct filter_rib_l {
+ struct filter_rib_l *next;
+ char name[PEER_DESCR_LEN];
+};
+
struct filter_peers_l {
struct filter_peers_l *next;
struct filter_peers p;
@@ -128,8 +133,9 @@ struct rde_rib *find_rib(char *);
int get_id(struct peer *);
int merge_prefixspec(struct filter_prefix_l *,
struct filter_prefixlen *);
-int expand_rule(struct filter_rule *, struct filter_peers_l *,
- struct filter_match_l *, struct filter_set_head *);
+int expand_rule(struct filter_rule *, struct filter_rib_l *,
+ struct filter_peers_l *, struct filter_match_l *,
+ struct filter_set_head *);
int str2key(char *, char *, size_t);
int neighbor_consistent(struct peer *);
int merge_filterset(struct filter_set_head *, struct filter_set *);
@@ -153,6 +159,7 @@ typedef struct {
char*string;
struct bgpd_addr addr;
u_int8_t u8;
+ struct filter_rib_l *filter_rib;
struct filter_peers_l *filter_peers;
struct filter_match_lfilter_match;
struct filter_prefix_l *filter_prefix;
@@ -203,10 +210,11 @@ typedef struct {
%typeasnumber as4number as4number_any optnumber
%typeespah family restart origincode nettype
%typeyesno inout restricted
-%typestring filter_rib
+%typestring
%type address
%typeprefix addrspec
%typeaction quick direction delete
+%typefilter_rib_h filter_rib_l filter_rib
%type filter_peer filter_peer_l filter_peer_h
%type filter_match filter_elm filter_match_h
%type filter_as filter_as_l filter_as_h
@@ -1469,9 +1477,10 @@ encspec : /* nada */{
}
;
-filterrule : action quick filter_rib direction filter_peer_h
filter_match_h filter_set
+filterrule : action quick filter_rib_h direction filter_peer_h
filter_match_h filter_set
{
struct filter_rule r;
+ struct filter_rib_l *rb, *rbnext;
bzero(, sizeof(r));
r.action = $1;
@@ -1481,25 +1490,15 @@ filterrule : action quick filter_rib dir
if (r.dir != DIR_IN) {
yyerror("rib only allowed on \"from\" "
"rules.");
- free($3);
- YYERROR;
- }
- if (!find_rib($3)) {
- yyerror("rib \"%s\" does not exist.",
- $3);
- free($3);
- YYERROR;
- }
- if (strlcpy(r.rib, $3, sizeof(r.rib)) >=
- sizeof(r.rib)) {
- yyerror("rib name \"%s\" too long: "
- "max %zu", $3, sizeof(r.rib) - 1);
- free($3);
+
+ for (rb = $3; rb != NULL; rb = rbnext) {
+ rbnext = rb->next;
+ free(rb);
+ }
YYERROR;
}
- free($3);
}
- if (expand_rule(, $5, &$6, $7) ==
OpenBGPd: expand rib list
Hello,
Here is a patch to expand RIB names in rules. When playing with multi-RIBs, it
allows to simplify ruleset.
Ex :
# cat /etc/bgpd.conf
[...]
peer_ribs = "{ m1, m2, m3 }"
deny rib m2 from any
allow rib $peer_ribs from any prefix { 2001:db8:1::/48, 2001:db8:2::/48 }
# bgpd -dnv
[...]
deny rib m2 from any
allow rib m3 from any prefix 2001:db8:2::/48
allow rib m3 from any prefix 2001:db8:1::/48
allow rib m2 from any prefix 2001:db8:2::/48
allow rib m2 from any prefix 2001:db8:1::/48
allow rib m1 from any prefix 2001:db8:2::/48
allow rib m1 from any prefix 2001:db8:1::/48
Index: parse.y
===
RCS file: /cvs/src/usr.sbin/bgpd/parse.y,v
retrieving revision 1.293
diff -u -p -r1.293 parse.y
--- parse.y 5 Jan 2017 13:53:09 - 1.293
+++ parse.y 7 Jan 2017 12:34:08 -
@@ -91,6 +91,11 @@ static struct filter_rule*curpeer_filte
static struct filter_rule *curgroup_filter[2];
static u_int32_tid;
+struct filter_rib_l {
+ struct filter_rib_l *next;
+ char name[PEER_DESCR_LEN];
+};
+
struct filter_peers_l {
struct filter_peers_l *next;
struct filter_peers p;
@@ -128,8 +133,9 @@ struct rde_rib *find_rib(char *);
int get_id(struct peer *);
int merge_prefixspec(struct filter_prefix_l *,
struct filter_prefixlen *);
-int expand_rule(struct filter_rule *, struct filter_peers_l *,
- struct filter_match_l *, struct filter_set_head *);
+int expand_rule(struct filter_rule *, struct filter_rib_l *,
+ struct filter_peers_l *, struct filter_match_l *,
+ struct filter_set_head *);
int str2key(char *, char *, size_t);
int neighbor_consistent(struct peer *);
int merge_filterset(struct filter_set_head *, struct filter_set *);
@@ -153,6 +159,7 @@ typedef struct {
char*string;
struct bgpd_addr addr;
u_int8_t u8;
+ struct filter_rib_l *filter_rib;
struct filter_peers_l *filter_peers;
struct filter_match_lfilter_match;
struct filter_prefix_l *filter_prefix;
@@ -203,10 +210,11 @@ typedef struct {
%typeasnumber as4number as4number_any optnumber
%typeespah family restart origincode nettype
%typeyesno inout restricted
-%typestring filter_rib
+%typestring
%type address
%typeprefix addrspec
%typeaction quick direction delete
+%typefilter_rib_h filter_rib_l filter_rib
%type filter_peer filter_peer_l filter_peer_h
%type filter_match filter_elm filter_match_h
%type filter_as filter_as_l filter_as_h
@@ -1458,9 +1466,10 @@ encspec : /* nada */{
}
;
-filterrule : action quick filter_rib direction filter_peer_h
filter_match_h filter_set
+filterrule : action quick filter_rib_h direction filter_peer_h
filter_match_h filter_set
{
struct filter_rule r;
+ struct filter_rib_l *rb, *rbnext;
bzero(, sizeof(r));
r.action = $1;
@@ -1470,25 +1479,15 @@ filterrule : action quick filter_rib dir
if (r.dir != DIR_IN) {
yyerror("rib only allowed on \"from\" "
"rules.");
- free($3);
- YYERROR;
- }
- if (!find_rib($3)) {
- yyerror("rib \"%s\" does not exist.",
- $3);
- free($3);
- YYERROR;
- }
- if (strlcpy(r.rib, $3, sizeof(r.rib)) >=
- sizeof(r.rib)) {
- yyerror("rib name \"%s\" too long: "
- "max %zu", $3, sizeof(r.rib) - 1);
- free($3);
+
+ for (rb = $3; rb != NULL; rb = rbnext) {
+ rbnext = rb->next;
+ free(rb);
+ }
YYERROR;
}
- free($3);
}
- if (expand_rule(, $5, &$6, $7) ==
