From 03de0b8c25b1ebd95a1ada574f7b288e671d1205 Mon Sep 17 00:00:00 2001 From: Henning Brauer Date: Tue, 6 Mar 2007 16:52:49 +0000 Subject: allow filtering on peer-as (leftmost AS in path), ok claudio --- usr.sbin/bgpd/bgpd.conf.5 | 4 +++- usr.sbin/bgpd/bgpd.h | 3 ++- usr.sbin/bgpd/parse.y | 6 ++++-- usr.sbin/bgpd/printconf.c | 4 +++- usr.sbin/bgpd/rde_attr.c | 16 ++++++++++++---- 5 files changed, 24 insertions(+), 9 deletions(-) diff --git a/usr.sbin/bgpd/bgpd.conf.5 b/usr.sbin/bgpd/bgpd.conf.5 index c662a987dfb..87ce323d369 100644 --- a/usr.sbin/bgpd/bgpd.conf.5 +++ b/usr.sbin/bgpd/bgpd.conf.5 @@ -1,4 +1,4 @@ -.\" $OpenBSD: bgpd.conf.5,v 1.82 2007/03/04 17:41:40 henning Exp $ +.\" $OpenBSD: bgpd.conf.5,v 1.83 2007/03/06 16:52:48 henning Exp $ .\" .\" Copyright (c) 2004 Claudio Jeker .\" Copyright (c) 2003, 2004 Henning Brauer @@ -800,6 +800,8 @@ is one of the following operators: .Bl -tag -width transmit-as -compact .It Ic AS (any part) +.It Ic peer-as +(leftmost AS number) .It Ic source-as (rightmost AS number) .It Ic transit-as diff --git a/usr.sbin/bgpd/bgpd.h b/usr.sbin/bgpd/bgpd.h index c00aae0377f..7851e448ae9 100644 --- a/usr.sbin/bgpd/bgpd.h +++ b/usr.sbin/bgpd/bgpd.h @@ -1,4 +1,4 @@ -/* $OpenBSD: bgpd.h,v 1.211 2007/01/26 17:40:49 claudio Exp $ */ +/* $OpenBSD: bgpd.h,v 1.212 2007/03/06 16:52:48 henning Exp $ */ /* * Copyright (c) 2003, 2004 Henning Brauer @@ -524,6 +524,7 @@ enum as_spec { AS_ALL, AS_SOURCE, AS_TRANSIT, + AS_PEER, AS_EMPTY }; diff --git a/usr.sbin/bgpd/parse.y b/usr.sbin/bgpd/parse.y index 74c3ebaee02..2816f6657c9 100644 --- a/usr.sbin/bgpd/parse.y +++ b/usr.sbin/bgpd/parse.y @@ -1,4 +1,4 @@ -/* $OpenBSD: parse.y,v 1.200 2007/02/22 08:34:18 henning Exp $ */ +/* $OpenBSD: parse.y,v 1.201 2007/03/06 16:52:48 henning Exp $ */ /* * Copyright (c) 2002, 2003, 2004 Henning Brauer @@ -163,7 +163,7 @@ typedef struct { %token QUICK %token FROM TO ANY %token CONNECTED STATIC -%token PREFIX PREFIXLEN SOURCEAS TRANSITAS COMMUNITY DELETE +%token PREFIX PREFIXLEN SOURCEAS TRANSITAS PEERAS COMMUNITY DELETE %token SET LOCALPREF MED METRIC NEXTHOP REJECT BLACKHOLE NOMODIFY SELF %token PREPEND_SELF PREPEND_PEER PFTABLE WEIGHT RTLABEL %token ERROR INCLUDE @@ -1293,6 +1293,7 @@ prefixlenop : unaryop number { filter_as_type : AS { $$ = AS_ALL; } | SOURCEAS { $$ = AS_SOURCE; } | TRANSITAS { $$ = AS_TRANSIT; } + | PEERAS { $$ = AS_PEER; } ; filter_set : /* empty */ { $$ = NULL; } @@ -1660,6 +1661,7 @@ lookup(char *s) { "out", OUT}, { "passive", PASSIVE}, { "password", PASSWORD}, + { "peer-as", PEERAS}, { "pftable", PFTABLE}, { "prefix", PREFIX}, { "prefixlen", PREFIXLEN}, diff --git a/usr.sbin/bgpd/printconf.c b/usr.sbin/bgpd/printconf.c index 19d22539b5b..f335c7a6322 100644 --- a/usr.sbin/bgpd/printconf.c +++ b/usr.sbin/bgpd/printconf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: printconf.c,v 1.59 2006/12/05 12:08:13 henning Exp $ */ +/* $OpenBSD: printconf.c,v 1.60 2007/03/06 16:52:48 henning Exp $ */ /* * Copyright (c) 2003, 2004 Henning Brauer @@ -467,6 +467,8 @@ print_rule(struct peer *peer_l, struct filter_rule *r) printf("source-as %u ", r->match.as.as); else if (r->match.as.type == AS_TRANSIT) printf("transit-as %u ", r->match.as.as); + else if (r->match.as.type == AS_PEER) + printf("peer-as %u ", r->match.as.as); else printf("unfluffy-as %u ", r->match.as.as); } diff --git a/usr.sbin/bgpd/rde_attr.c b/usr.sbin/bgpd/rde_attr.c index 290e29dcb79..eaf692f5a9a 100644 --- a/usr.sbin/bgpd/rde_attr.c +++ b/usr.sbin/bgpd/rde_attr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: rde_attr.c,v 1.69 2007/02/22 08:34:18 henning Exp $ */ +/* $OpenBSD: rde_attr.c,v 1.70 2007/03/06 16:52:48 henning Exp $ */ /* * Copyright (c) 2004 Claudio Jeker @@ -671,7 +671,7 @@ int aspath_match(struct aspath *a, enum as_spec type, u_int16_t as) { u_int8_t *seg; - int final; + int final, first; u_int16_t len, seg_size; u_int8_t i, seg_type, seg_len; @@ -683,6 +683,7 @@ aspath_match(struct aspath *a, enum as_spec type, u_int16_t as) } final = 0; + first = 1; seg = a->data; for (len = a->len; len > 0; len -= seg_size, seg += seg_size) { seg_type = seg[0]; @@ -695,9 +696,14 @@ aspath_match(struct aspath *a, enum as_spec type, u_int16_t as) /* not yet in the final segment */ continue; - for (i = 0; i < seg_len; i++) + for (i = 0; i < seg_len; i++) { if (as == aspath_extract(seg, i)) { - if (final && i + 1 >= seg_len) + if (type == AS_PEER) { + if (first) + return (1); + else + return (0); + } else if (final && i + 1 >= seg_len) /* the final (rightmost) as */ if (type == AS_TRANSIT) return (0); @@ -706,6 +712,8 @@ aspath_match(struct aspath *a, enum as_spec type, u_int16_t as) else if (type != AS_SOURCE) return (1); } + first = 0; + } } return (0); } -- cgit v1.2.3