diff options
| -rw-r--r-- | usr.sbin/rpki-client/Makefile | 5 | ||||
| -rw-r--r-- | usr.sbin/rpki-client/extern.h | 4 | ||||
| -rw-r--r-- | usr.sbin/rpki-client/main.c | 46 | ||||
| -rw-r--r-- | usr.sbin/rpki-client/output-bird.c | 39 | ||||
| -rw-r--r-- | usr.sbin/rpki-client/output-csv.c | 37 | ||||
| -rw-r--r-- | usr.sbin/rpki-client/rpki-client.8 | 21 |
6 files changed, 137 insertions, 15 deletions
diff --git a/usr.sbin/rpki-client/Makefile b/usr.sbin/rpki-client/Makefile index 21f252a6494..d3994672154 100644 --- a/usr.sbin/rpki-client/Makefile +++ b/usr.sbin/rpki-client/Makefile @@ -1,8 +1,9 @@ -# $OpenBSD: Makefile,v 1.8 2019/10/08 10:04:36 claudio Exp $ +# $OpenBSD: Makefile,v 1.9 2019/10/16 17:43:29 claudio Exp $ PROG= rpki-client SRCS= as.c cert.c cms.c crl.c io.c ip.c log.c main.c mft.c \ - output-bgpd.c output-json.c roa.c rsync.c tal.c validate.c x509.c + output-bgpd.c output-bird.c output-csv.c output-json.c \ + roa.c rsync.c tal.c validate.c x509.c MAN= rpki-client.8 LDADD= /usr/local/lib/eopenssl/libcrypto.a diff --git a/usr.sbin/rpki-client/extern.h b/usr.sbin/rpki-client/extern.h index 01675bc339e..95bfdf43b0d 100644 --- a/usr.sbin/rpki-client/extern.h +++ b/usr.sbin/rpki-client/extern.h @@ -1,4 +1,4 @@ -/* $OpenBSD: extern.h,v 1.8 2019/10/08 10:04:36 claudio Exp $ */ +/* $OpenBSD: extern.h,v 1.9 2019/10/16 17:43:29 claudio Exp $ */ /* * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv> * @@ -325,6 +325,8 @@ int x509_get_ski_aki(X509 *, const char *, char **, char **); /* Output! */ void output_bgpd(FILE *, struct vrp_tree *); +void output_bird(FILE *, struct vrp_tree *, const char *); +void output_csv(FILE *, struct vrp_tree *); void output_json(FILE *, struct vrp_tree *); #endif /* ! EXTERN_H */ diff --git a/usr.sbin/rpki-client/main.c b/usr.sbin/rpki-client/main.c index c35facdbc5e..1aa60c756a9 100644 --- a/usr.sbin/rpki-client/main.c +++ b/usr.sbin/rpki-client/main.c @@ -1,4 +1,4 @@ -/* $OpenBSD: main.c,v 1.18 2019/10/08 10:04:36 claudio Exp $ */ +/* $OpenBSD: main.c,v 1.19 2019/10/16 17:43:29 claudio Exp $ */ /* * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv> * @@ -126,6 +126,13 @@ static void proc_rsync(const char *, const char *, int, int) static void logx(const char *fmt, ...) __attribute__((format(printf, 1, 2))); +enum output_fmt { + BGPD, + BIRD, + CSV, + JSON +}; + int verbose; /* @@ -1320,7 +1327,7 @@ main(int argc, char *argv[]) { int rc = 0, c, proc, st, rsync, fl = SOCK_STREAM | SOCK_CLOEXEC, noop = 0, - force = 0, norev = 0, jsonout = 0; + force = 0, norev = 0; size_t i, j, eid = 1, outsz = 0, talsz = 0; pid_t procpid, rsyncpid; int fd[2]; @@ -1333,17 +1340,25 @@ main(int argc, char *argv[]) const char *rsync_prog = "openrsync"; const char *bind_addr = NULL; const char *tals[TALSZ_MAX]; + const char *tablename = "roa"; FILE *output = NULL; struct vrp_tree v = RB_INITIALIZER(&v); + enum output_fmt outfmt = BGPD; if (pledge("stdio rpath wpath cpath proc exec unveil", NULL) == -1) err(EXIT_FAILURE, "pledge"); - while ((c = getopt(argc, argv, "b:e:fjnrt:v")) != -1) + while ((c = getopt(argc, argv, "b:Bce:fjnrt:T:v")) != -1) switch (c) { case 'b': bind_addr = optarg; break; + case 'B': + outfmt = BIRD; + break; + case 'c': + outfmt = CSV; + break; case 'e': rsync_prog = optarg; break; @@ -1351,7 +1366,7 @@ main(int argc, char *argv[]) force = 1; break; case 'j': - jsonout = 1; + outfmt = JSON; break; case 'n': noop = 1; @@ -1365,6 +1380,9 @@ main(int argc, char *argv[]) "too many tal files specified"); tals[talsz++] = optarg; break; + case 'T': + tablename = optarg; + break; case 'v': verbose++; break; @@ -1548,10 +1566,20 @@ main(int argc, char *argv[]) rc = 0; } - if (jsonout) - output_json(output, &v); - else + switch (outfmt) { + case BGPD: output_bgpd(output, &v); + break; + case BIRD: + output_bird(output, &v, tablename); + break; + case CSV: + output_csv(output, &v); + break; + case JSON: + output_json(output, &v); + break; + } logx("Route Origin Authorizations: %zu (%zu failed parse, %zu invalid)", stats.roas, stats.roas_fail, stats.roas_invalid); @@ -1580,7 +1608,7 @@ main(int argc, char *argv[]) usage: fprintf(stderr, - "usage: rpki-client [-fnqrv] [-b bind_addr] [-e rsync_prog] " - "[-t tal] output\n"); + "usage: rpki-client [-Bfjnqrv] [-b bind_addr] [-e rsync_prog] " + "[-t tal] [-T name] output\n"); return EXIT_FAILURE; } diff --git a/usr.sbin/rpki-client/output-bird.c b/usr.sbin/rpki-client/output-bird.c new file mode 100644 index 00000000000..4dcc7b17f71 --- /dev/null +++ b/usr.sbin/rpki-client/output-bird.c @@ -0,0 +1,39 @@ +/* $OpenBSD: output-bird.c,v 1.1 2019/10/16 17:43:29 claudio Exp $ */ +/* + * Copyright (c) 2019 Claudio Jeker <claudio@openbsd.org> + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include <stdlib.h> +#include <openssl/ssl.h> + +#include "extern.h" + +void +output_bird(FILE *out, struct vrp_tree *vrps, const char *tablename) +{ + char buf[64]; + struct vrp *v; + int first = 1; + + fprintf(out, "roa table %s {\n", tablename); + + RB_FOREACH(v, vrp_tree, vrps) { + ip_addr_print(&v->addr, v->afi, buf, sizeof(buf)); + fprintf(out, "\troa %s max %u as %u;\n", buf, v->maxlength, + v->asid); + } + + fprintf(out, "}\n"); +} diff --git a/usr.sbin/rpki-client/output-csv.c b/usr.sbin/rpki-client/output-csv.c new file mode 100644 index 00000000000..0740289ec03 --- /dev/null +++ b/usr.sbin/rpki-client/output-csv.c @@ -0,0 +1,37 @@ +/* $OpenBSD: output-csv.c,v 1.1 2019/10/16 17:43:29 claudio Exp $ */ +/* + * Copyright (c) 2019 Claudio Jeker <claudio@openbsd.org> + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include <stdlib.h> +#include <openssl/ssl.h> + +#include "extern.h" + +void +output_csv(FILE *out, struct vrp_tree *vrps) +{ + char buf[64]; + struct vrp *v; + int first = 1; + + fprintf(out, "ASN,IP Prefix,Max Length,Trust Anchor\n"); + + RB_FOREACH(v, vrp_tree, vrps) { + ip_addr_print(&v->addr, v->afi, buf, sizeof(buf)); + fprintf(out, "AS%u,%s,%u,%s\n", v->asid, buf, v->maxlength, + v->tal); + } +} diff --git a/usr.sbin/rpki-client/rpki-client.8 b/usr.sbin/rpki-client/rpki-client.8 index 887478f22ab..1f7bc04d016 100644 --- a/usr.sbin/rpki-client/rpki-client.8 +++ b/usr.sbin/rpki-client/rpki-client.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: rpki-client.8,v 1.5 2019/08/20 16:02:57 claudio Exp $ +.\" $OpenBSD: rpki-client.8,v 1.6 2019/10/16 17:43:29 claudio Exp $ .\" .\" Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv> .\" @@ -14,7 +14,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: August 20 2019 $ +.Dd $Mdocdate: October 16 2019 $ .Dt RPKI-CLIENT 8 .Os .Sh NAME @@ -24,10 +24,11 @@ for Origin Validation. .Sh SYNOPSIS .Nm -.Op Fl fnrv +.Op Fl Bcfjnqrv .Op Fl b Ar bind_addr .Op Fl e Ar rsync_prog .Op Fl t Ar tal +.Op Fl T Ar table .Ar output .Sh DESCRIPTION The @@ -44,6 +45,12 @@ Its arguments are as follows: Tell the rsync client to use the specified .Ar bind_addr as the source address for connections. +.It Fl B +Format the output suitable for the BIRD internet routing daemon. +.It Fl c +Format the output as comma-separated values of the prefix in slash notation, +the maximum prefix length, the autonomous system number, and an abbreviation +for the trust anchor the entry is derived from. .It Fl e Ar rsync_prog Use .Ar rsync_prog @@ -59,6 +66,9 @@ flags and connect with rsync-protocol locations. .It Fl f Accept out-of-date manifests. This will still report if a manifest has expired. +.It Fl j +Format the output as JSON object. This format is identical to that +produced by the RIPE NCC RPKI Validator and NLnet Labs routinator. .It Fl n Assume that all requested repositories exist: don't update. .It Fl r @@ -71,6 +81,10 @@ By default .Nm will load all TAL files in .Pa /etc/rpki . +.It Fl T Ar name +For BIRD output use +.Ar name +as roa table name instead of the default 'roa'. .It Fl v Specified once, prints information about status. Twice, prints each filename as it's processed. @@ -82,6 +96,7 @@ will write the to. .El .Pp +By default .Nm produces a list of unique .Li roa-set |