diff options
| author | Claudio Jeker <claudio@cvs.openbsd.org> | 2023-01-20 15:41:34 +0000 |
|---|---|---|
| committer | Claudio Jeker <claudio@cvs.openbsd.org> | 2023-01-20 15:41:34 +0000 |
| commit | 92c342646135c001c7932d0f9df86f1da955e2f4 (patch) | |
| tree | 50c90eb4db3dda22e208871e5370f8cfc62284d8 | |
| parent | 50a8b587d001b38fd289132e948b4ddd8af100e2 (diff) | |
Document the aspa-set table. While there remove the superfluous 'allow'
keyword.
OK tb@
| -rw-r--r-- | usr.sbin/bgpd/bgpd.conf.5 | 34 | ||||
| -rw-r--r-- | usr.sbin/bgpd/parse.y | 6 | ||||
| -rw-r--r-- | usr.sbin/bgpd/printconf.c | 7 |
3 files changed, 37 insertions, 10 deletions
diff --git a/usr.sbin/bgpd/bgpd.conf.5 b/usr.sbin/bgpd/bgpd.conf.5 index edd429a6862..dd0656b665b 100644 --- a/usr.sbin/bgpd/bgpd.conf.5 +++ b/usr.sbin/bgpd/bgpd.conf.5 @@ -1,4 +1,4 @@ -.\" $OpenBSD: bgpd.conf.5,v 1.228 2023/01/04 14:33:30 claudio Exp $ +.\" $OpenBSD: bgpd.conf.5,v 1.229 2023/01/20 15:41:33 claudio Exp $ .\" .\" Copyright (c) 2004 Claudio Jeker <claudio@openbsd.org> .\" Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org> @@ -16,7 +16,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: January 4 2023 $ +.Dd $Mdocdate: January 20 2023 $ .Dt BGPD.CONF 5 .Os .Sh NAME @@ -426,12 +426,16 @@ may be defined, against which will validate the origin of each prefix. The .Ic roa-set -is merged with the tables received via +and the +.Ic aspa-set +are merged with the corresponding tables received via .Ic rtr sessions. .Pp A set definition can span multiple lines, and an optional comma is allowed between elements. +The same set can be defined more than once, in this case the definitions are +merged into one common set. .Pp .Bl -tag -width Ds -compact .It Xo @@ -445,6 +449,30 @@ stores AS numbers, and can be used with the AS specific parameter in rules. .Pp .It Xo +.Ic aspa-set +.Ic { Ic customer-as Ar as-number +.Op Ic expires Ar seconds +.Ic provider-as Ic { Ar as-number +.Op Ic inet Ns | Ns Ic inet6 +.Ic ... Ic } ... Ic } +.Xc +The +.Ic aspa-set +holds a collection of +.Em Validated ASPA Payloads Pq VAPs . +Each as AS_PATH received from an eBGP peer is checked against the +.Ic aspa-set , +and the ASPA Validation State (AVS) is set. +.Ic expires +can be set to the seconds since Epoch until when this VAP is valid. +.Bd -literal -offset indent +roa-set { + customer-as 64511 provider-as { 64496 65496 } + customer-as 64496 provider-as { 65496 64544 } +} +.Ed +.Pp +.It Xo .Ic origin-set Ar name .Ic { Ar address Ns Li / Ns Ar len Ic maxlen Ar mlen Ic source-as Ar asn ... Ic } .Xc diff --git a/usr.sbin/bgpd/parse.y b/usr.sbin/bgpd/parse.y index 5d3d002e885..5c96dabfc37 100644 --- a/usr.sbin/bgpd/parse.y +++ b/usr.sbin/bgpd/parse.y @@ -1,4 +1,4 @@ -/* $OpenBSD: parse.y,v 1.438 2023/01/04 14:33:30 claudio Exp $ */ +/* $OpenBSD: parse.y,v 1.439 2023/01/20 15:41:33 claudio Exp $ */ /* * Copyright (c) 2002, 2003, 2004 Henning Brauer <henning@openbsd.org> @@ -636,11 +636,11 @@ aspa_tas : as4number_any { $$->aid = AID_UNSPEC; $$->num = 1; } - | as4number_any ALLOW family { + | as4number_any family { if (($$ = calloc(1, sizeof(*$$))) == NULL) fatal(NULL); $$->as = $1; - $$->aid = $3; + $$->aid = $2; $$->num = 1; } ; diff --git a/usr.sbin/bgpd/printconf.c b/usr.sbin/bgpd/printconf.c index cdb408f5934..cfa2bda4947 100644 --- a/usr.sbin/bgpd/printconf.c +++ b/usr.sbin/bgpd/printconf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: printconf.c,v 1.161 2023/01/04 14:33:30 claudio Exp $ */ +/* $OpenBSD: printconf.c,v 1.162 2023/01/20 15:41:33 claudio Exp $ */ /* * Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org> @@ -609,9 +609,8 @@ print_aspa(struct aspa_tree *a) printf(" provider-as { "); for (i = 0; i < aspa->num; i++) { printf("%s ", log_as(aspa->tas[i])); - if (aspa->tas_aid != NULL && - aspa->tas_aid[i] != AID_UNSPEC) - printf("allow %s ", print_af(aspa->tas_aid[i])); + if (aspa->tas_aid[i] != AID_UNSPEC) + printf("%s ", print_af(aspa->tas_aid[i])); } printf("}"); } |