diff options
| author |   claudio <claudio@openbsd.org> | 2019-06-25 07:44:20 +0000 |
|---|---|---|
| committer | claudio <claudio@openbsd.org> | 2019-06-25 07:44:20 +0000 |
| commit | d18aa00ce7198e1827f76ac0e637411523ea435d (patch) | |
| tree | fdd31e8aec15476a1725422df57d9da62e01e575 | |
| parent | Since the recent recursion fix in rtable_walk(), deleting an interface (diff) | |
| download | wireguard-openbsd-d18aa00ce7198e1827f76ac0e637411523ea435d.tar.xz wireguard-openbsd-d18aa00ce7198e1827f76ac0e637411523ea435d.zip | |
Remove irrfilter from bgpctl. The current code is not very useful.
Trying to parse RPSL has shown to be impossible. For now tools like
bgpq3 (in ports) can be used to generate AS and prefix sets based on
IRR data.
OK job@ deraadt@ sthen@ benno@
| -rw-r--r-- | usr.sbin/bgpctl/Makefile | 6 | ||||
| -rw-r--r-- | usr.sbin/bgpctl/bgpctl.8 | 31 | ||||
| -rw-r--r-- | usr.sbin/bgpctl/bgpctl.c | 10 | ||||
| -rw-r--r-- | usr.sbin/bgpctl/irr_asset.c | 291 | ||||
| -rw-r--r-- | usr.sbin/bgpctl/irr_output.c | 246 | ||||
| -rw-r--r-- | usr.sbin/bgpctl/irr_parser.c | 423 | ||||
| -rw-r--r-- | usr.sbin/bgpctl/irr_prefix.c | 289 | ||||
| -rw-r--r-- | usr.sbin/bgpctl/irrfilter.c | 55 | ||||
| -rw-r--r-- | usr.sbin/bgpctl/irrfilter.h | 111 | ||||
| -rw-r--r-- | usr.sbin/bgpctl/parser.c | 73 | ||||
| -rw-r--r-- | usr.sbin/bgpctl/parser.h | 4 | ||||
| -rw-r--r-- | usr.sbin/bgpctl/whois.c | 149 |
12 files changed, 7 insertions, 1681 deletions
diff --git a/usr.sbin/bgpctl/Makefile b/usr.sbin/bgpctl/Makefile index e58551cf86f..272a56d8f82 100644 --- a/usr.sbin/bgpctl/Makefile +++ b/usr.sbin/bgpctl/Makefile @@ -1,11 +1,9 @@ -# $OpenBSD: Makefile,v 1.14 2018/07/13 15:02:40 jsg Exp $ +# $OpenBSD: Makefile,v 1.15 2019/06/25 07:44:20 claudio Exp $ .PATH: ${.CURDIR}/../bgpd PROG= bgpctl -SRCS= bgpctl.c parser.c util.c -SRCS+= irrfilter.c whois.c irr_asset.c irr_prefix.c irr_output.c -SRCS+= irr_parser.c mrtparser.c +SRCS= bgpctl.c parser.c mrtparser.c util.c CFLAGS+= -Wall CFLAGS+= -Wstrict-prototypes -Wmissing-prototypes CFLAGS+= -Wmissing-declarations diff --git a/usr.sbin/bgpctl/bgpctl.8 b/usr.sbin/bgpctl/bgpctl.8 index 2c0688610cc..254cb2fefe4 100644 --- a/usr.sbin/bgpctl/bgpctl.8 +++ b/usr.sbin/bgpctl/bgpctl.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: bgpctl.8,v 1.87 2019/05/31 10:48:40 sthen Exp $ +.\" $OpenBSD: bgpctl.8,v 1.88 2019/06/25 07:44:20 claudio Exp $ .\" .\" Copyright (c) 2003 Henning Brauer <henning@openbsd.org> .\" @@ -14,7 +14,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: May 31 2019 $ +.Dd $Mdocdate: June 25 2019 $ .Dt BGPCTL 8 .Os .Sh NAME @@ -76,31 +76,6 @@ a.k.a. the kernel routing table. .Xc Remove the learned routes from the specified Forwarding Information Base a.k.a. the kernel routing table. -.It Xo -.Cm irrfilter -.Op Ar options -.Ar as -.Op Ar arguments -.Xc -Get the -.Em aut-num -object from the -.Em Internet Routing Registry -and generate bgpd filters from the policy specified therein. -The aut-num object as well as the associated as-set and route objects -have to be in RPSL format. -.Pp -The options are as follows: -.Bl -tag -width Ds -.It Fl o Ar directory -Use -.Ar directory -to write the filter files to. -.It Fl 4 -Fetch only IPv4 prefixes from the registry. -.It Fl 6 -Fetch only IPv6 prefixes from the registry. -.El .It Cm log brief Disable verbose debug logging. .It Cm log verbose @@ -489,5 +464,3 @@ The .Nm program first appeared in .Ox 3.5 . -irrfilter mode was added in -.Ox 4.1 . diff --git a/usr.sbin/bgpctl/bgpctl.c b/usr.sbin/bgpctl/bgpctl.c index 7f800c8a4de..f8837c7a188 100644 --- a/usr.sbin/bgpctl/bgpctl.c +++ b/usr.sbin/bgpctl/bgpctl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bgpctl.c,v 1.240 2019/06/17 13:46:33 claudio Exp $ */ +/* $OpenBSD: bgpctl.c,v 1.241 2019/06/25 07:44:20 claudio Exp $ */ /* * Copyright (c) 2003 Henning Brauer <henning@openbsd.org> @@ -39,7 +39,6 @@ #include "session.h" #include "rde.h" #include "parser.h" -#include "irrfilter.h" #include "mrtparser.h" enum neighbor_views { @@ -161,11 +160,6 @@ main(int argc, char *argv[]) strlcpy(neighbor.shutcomm, res->shutcomm, sizeof(neighbor.shutcomm)); switch (res->action) { - case IRRFILTER: - if (!(res->flags & (F_IPV4|F_IPV6))) - res->flags |= (F_IPV4|F_IPV6); - irr_main(res->as.as_min, res->flags, res->irr_outdir); - break; case SHOW_MRT: if (pledge("stdio", NULL) == -1) err(1, "pledge"); @@ -217,7 +211,6 @@ main(int argc, char *argv[]) switch (res->action) { case NONE: - case IRRFILTER: case SHOW_MRT: usage(); /* NOTREACHED */ @@ -479,7 +472,6 @@ main(int argc, char *argv[]) case NETWORK_FLUSH: case NETWORK_BULK_ADD: case NETWORK_BULK_REMOVE: - case IRRFILTER: case LOG_VERBOSE: case LOG_BRIEF: case SHOW_MRT: diff --git a/usr.sbin/bgpctl/irr_asset.c b/usr.sbin/bgpctl/irr_asset.c deleted file mode 100644 index af8de33cade..00000000000 --- a/usr.sbin/bgpctl/irr_asset.c +++ /dev/null @@ -1,291 +0,0 @@ -/* $OpenBSD: irr_asset.c,v 1.12 2018/09/17 13:35:36 claudio Exp $ */ - -/* - * Copyright (c) 2007 Henning Brauer <henning@openbsd.org> - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF MIND, USE, DATA OR PROFITS, WHETHER IN - * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT - * OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#include <sys/types.h> -#include <err.h> -#include <stdio.h> -#include <stdlib.h> -#include <string.h> -#include <unistd.h> -#include <ctype.h> - -#include "irrfilter.h" - -int as_set_compare(struct irr_as_set *, struct irr_as_set *); -struct irr_as_set *as_set_find(char *); - -RB_HEAD(as_set_h, irr_as_set) as_set_h; -RB_PROTOTYPE(as_set_h, irr_as_set, entry, as_set_compare) -RB_GENERATE(as_set_h, irr_as_set, entry, as_set_compare) - -enum obj_type { - T_UNKNOWN, - T_ASSET, - T_AUTNUM -}; - -struct irr_as_set *curass; - -struct irr_as_set *asset_get(char *); -enum obj_type asset_membertype(char *); -void asset_resolve(struct irr_as_set *); -int asset_merge(struct irr_as_set *, struct irr_as_set *); -int asset_add_as(struct irr_as_set *, char *); -int asset_add_asset(struct irr_as_set *, char *); - -struct irr_as_set * -asset_expand(char *s) -{ - struct irr_as_set *ass; - char *name; - size_t i; - - if ((name = calloc(1, strlen(s) + 1)) == NULL) - err(1, "asset_expand calloc"); - for (i = 0; i < strlen(s); i++) - name[i] = toupper((unsigned char)s[i]); - - ass = asset_get(name); - asset_resolve(ass); - - free(name); - return (ass); -} - -struct irr_as_set * -asset_get(char *name) -{ - struct irr_as_set *ass, *mas; - u_int i; - - /* - * the caching prevents the endless recursion. - * MUST have the RB_INSERT before calling self again. - */ - - /* cached? then things are easy */ - if ((ass = as_set_find(name)) != NULL) - return ass; - - if ((ass = calloc(1, sizeof(*ass))) == NULL) - err(1, "expand_as_set calloc"); - if ((ass->name = strdup(name)) == NULL) - err(1, "expand_as_set strdup"); - RB_INSERT(as_set_h, &as_set_h, ass); - - switch (asset_membertype(name)) { - case T_ASSET: - /* as-set */ - if (irrverbose >= 3) { - fprintf(stdout, "query AS-SET %s... ", name); - fflush(stdout); - } - curass = ass; - if (whois(name, QTYPE_ASSET) == -1) - errx(1, "whois error, asset_get %s", name); - curass = NULL; - if (irrverbose >= 3) - fprintf(stdout, "done\n"); - break; - case T_AUTNUM: - /* - * make a dummy as-set with the AS both as name - * and its only member - */ - asset_add_as(ass, name); - return (ass); - default: - fprintf(stderr, "asset_get: %s: unknown object type\n", name); - break; - } - - - for (i = 0; i < ass->n_members; i++) { - mas = asset_get(ass->members[i]); - if (mas->n_members == 0 && mas->n_as == 0) - fprintf(stderr, "%s: can't resolve member %s\n", - name, ass->members[i]); - else - asset_add_asset(ass, ass->members[i]); - } - - return (ass); -} - -enum obj_type -asset_membertype(char *name) -{ - char *s; - - if (!strncmp(name, "AS-", 3)) - return (T_ASSET); - - if ((s = strchr(name, ':')) != NULL) { - /* this must be an as-set. one component has to start w/ AS- */ - for (s = name; s != NULL; s = strchr(s, ':')) - if (!strncmp(++s, "AS-", 3)) - return (T_ASSET); - return (T_UNKNOWN); - } - - /* neither plain nor hierachical set definition, might be aut-num */ - if (!strncmp(name, "AS", 2) && strlen(name) > 2 && - isdigit((unsigned char)name[2])) - return (T_AUTNUM); - - return (T_UNKNOWN); -} - -void -asset_resolve(struct irr_as_set *ass) -{ - struct irr_as_set *mas; - u_int i; - - /* - * traverse all as_set members and fold their - * members as into this as_set. - * ass->n_as_set is a moving target, it grows - * as member as-sets' member as-sets are beeing - * added. - * remove processed member as-sets (all!) only - * after we are done, they're needed for dupe - * detection - */ - - for (i = 0; i < ass->n_as_set; i++) { - if ((mas = as_set_find(ass->as_set[i])) == NULL) - errx(1, "asset_get %s: %s unresolved?!?", - ass->name, ass->as_set[i]); - if (asset_merge(ass, mas) == -1) - errx(1, "asset_merge failed"); - } - - for (i = 0; i < ass->n_as_set; i++) { - free(ass->as_set[i]); - ass->as_set[i] = NULL; - } - free(ass->as_set); - ass->as_set = NULL; - ass->n_as_set = 0; -} - -int -asset_merge(struct irr_as_set *ass, struct irr_as_set *mas) -{ - u_int i, j; - - /* merge ASes from the member into the parent */ - for (i = 0; i < mas->n_as; i++) { - for (j = 0; j < ass->n_as && strcmp(ass->as[j], - mas->as[i]); j++) - ; /* nothing */ - if (j == ass->n_as) - if (asset_add_as(ass, mas->as[i]) == -1) - return (-1); - } - - /* merge as-set members from the member into the parent */ - for (i = 0; i < mas->n_as_set; i++) { - if (!strcmp(ass->name, mas->as_set[i])) /* skip self! */ - continue; - for (j = 0; j < ass->n_as_set && strcmp(ass->as_set[j], - mas->as_set[i]); j++) - ; /* nothing */ - if (j == ass->n_as_set) - if (asset_add_asset(ass, mas->as_set[i]) == -1) - return (-1); - } - - return (0); -} - -int -asset_addmember(char *s) -{ - void *p; - char *as; - size_t i; - - /* convert to uppercase on the fly */ - if ((as = calloc(1, strlen(s) + 1)) == NULL) - err(1, "asset_addmember strdup"); - for (i = 0; i < strlen(s); i++) - as[i] = toupper((unsigned char)s[i]); - - if ((p = reallocarray(curass->members, - curass->n_members + 1, sizeof(char *))) == NULL) - err(1, "asset_addmember strdup"); - curass->members = p; - curass->n_members++; - curass->members[curass->n_members - 1] = as; - - return (0); -} - -int -asset_add_as(struct irr_as_set *ass, char *s) -{ - void *p; - - if ((p = reallocarray(ass->as, - ass->n_as + 1, sizeof(char *))) == NULL) - err(1, "asset_add_as strdup"); - ass->as = p; - ass->n_as++; - - if ((ass->as[ass->n_as - 1] = - strdup(s)) == NULL) - err(1, "asset_add_as strdup"); - - return (0); -} - -int -asset_add_asset(struct irr_as_set *ass, char *s) -{ - void *p; - - if ((p = reallocarray(ass->as_set, - ass->n_as_set + 1, sizeof(char *))) == NULL) - err(1, "asset_add_asset strdup"); - ass->as_set = p; - ass->n_as_set++; - - if ((ass->as_set[ass->n_as_set - 1] = - strdup(s)) == NULL) - err(1, "asset_add_asset strdup"); - - return (0); -} - -/* RB helpers */ -int -as_set_compare(struct irr_as_set *a, struct irr_as_set *b) -{ - return (strcmp(a->name, b->name)); -} - -struct irr_as_set * -as_set_find(char *name) -{ - struct irr_as_set s; - - s.name = name; - return (RB_FIND(as_set_h, &as_set_h, &s)); -} diff --git a/usr.sbin/bgpctl/irr_output.c b/usr.sbin/bgpctl/irr_output.c deleted file mode 100644 index a588670082e..00000000000 --- a/usr.sbin/bgpctl/irr_output.c +++ /dev/null @@ -1,246 +0,0 @@ -/* $OpenBSD: irr_output.c,v 1.21 2018/09/17 13:35:36 claudio Exp $ */ - -/* - * Copyright (c) 2007 Henning Brauer <henning@openbsd.org> - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF MIND, USE, DATA OR PROFITS, WHETHER IN - * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT - * OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#include <sys/types.h> -#include <sys/stat.h> -#include <err.h> -#include <stdio.h> -#include <stdlib.h> -#include <string.h> -#include <unistd.h> -#include <fcntl.h> -#include <ctype.h> -#include <netdb.h> -#include <netinet/in.h> -#include <arpa/inet.h> - -#include "bgpd.h" -#include "irrfilter.h" - -int process_policies(FILE *, struct policy_head *); -void policy_prettyprint(FILE *, struct policy_item *); -void policy_torule(FILE *, struct policy_item *); -char *action_torule(char *); -void print_rule(FILE *, struct policy_item *, char *, struct irr_prefix *); - -#define allowed_in_address(x) \ - (isalnum((unsigned char)x) || x == '.' || x == ':' || x == '-') - -int -write_filters(char *outpath) -{ - struct router *r; - char *fn; - int fd, ret = 0; - u_int i; - FILE *fh; - - while ((r = TAILQ_FIRST(&router_head)) != NULL) { - TAILQ_REMOVE(&router_head, r, entry); - - if (r->address != NULL && r->address[0] != '\0') { - for (i = 0; i < strlen(r->address); i++) - if (!allowed_in_address(r->address[i])) - errx(1, "router address \"%s\" contains" - " illegal character \"%c\"", - r->address, r->address[i]); - if (asprintf(&fn, "%s/bgpd-%s.filter", - outpath, r->address) == -1) - err(1, "write_filters asprintf"); - } else - if (asprintf(&fn, "%s/bgpd.filter", - outpath) == -1) - err(1, "write_filters asprintf"); - - fd = open(fn, O_RDWR|O_CREAT|O_EXCL, S_IRUSR|S_IWUSR); - if (fd == -1) - err(1, "error opening %s", fn); - if ((fh = fdopen(fd, "w")) == NULL) - err(1, "fdopen %s", fn); - - if (process_policies(fh, &r->policy_h) == -1) - ret = -1; - - fclose(fh); - close(fd); - free(fn); - free(r->address); - free(r); - } - - return (ret); -} - -int -process_policies(FILE *fh, struct policy_head *head) -{ - struct policy_item *pi; - - while ((pi = TAILQ_FIRST(head)) != NULL) { - TAILQ_REMOVE(head, pi, entry); - - policy_prettyprint(fh, pi); - policy_torule(fh, pi); - fflush(fh); - - free(pi->peer_addr); - free(pi->action); - free(pi->filter); - free(pi); - } - - return (0); -} - -void -policy_prettyprint(FILE *fh, struct policy_item *pi) -{ - if (pi->dir == IMPORT) - fprintf(fh, "# import: from "); - else - fprintf(fh, "# export: to "); - fprintf(fh, "AS%u ", pi->peer_as); - if (pi->peer_addr) - fprintf(fh, "%s ", pi->peer_addr); - if (pi->action) - fprintf(fh, "action %s ", pi->action); - fprintf(fh, "%s %s\n", pi->dir == IMPORT ? "accept" : "announce", - pi->filter); -} - -void -policy_torule(FILE *fh, struct policy_item *pi) -{ - struct irr_as_set *ass; - struct prefix_set *pfxs; - char *srcas; - u_int i, j; - - if (pi->filter == NULL || !strcasecmp(pi->filter, "any")) - print_rule(fh, pi, NULL, NULL); - else { - ass = asset_expand(pi->filter); - - for (i = 0; i < ass->n_as; i++) { - pfxs = prefixset_get(ass->as[i]); - - /* ass->as[i] format and len have been checked before */ - if (strlen(ass->as[i]) < 3) - errx(1, "%s not AS...", ass->as[i]); - srcas = ass->as[i] + 2; - for (j = 0; j < pfxs->prefixcnt; j++) - print_rule(fh, pi, srcas, pfxs->prefix[j]); - } - } -} - -/* XXX should really be parsed earlier! */ -char * -action_torule(char *s) -{ - int cnt = 0; - char *key, *val, *pre, *tmp; - static char abuf[8192]; - char ebuf[2048]; - - if ((tmp = strdup(s)) == NULL) - err(1, NULL); - abuf[0] = '\0'; - while ((val = strsep(&tmp, ";")) != NULL && *val) { - key = strsep(&val, "="); - if (key == NULL || val == NULL) - err(1, "format error in action spec\n"); - - EATWS(key); - EATWS(val); - - if (cnt++ == 0) - pre = " set {"; - else - pre = ","; - - if (!strcmp(key, "pref")) - snprintf(ebuf, sizeof(ebuf), - "%s localpref %s", pre, val); - else if (!strcmp(key, "med")) - snprintf(ebuf, sizeof(ebuf), - "%s med %s", pre, val); - else - warnx("unknown action key \"%s\"", key); - - strlcat(abuf, ebuf, sizeof(abuf)); - } - if (cnt > 0) - strlcat(abuf, " }", sizeof(abuf)); - - free(tmp); - return (abuf); -} - -void -print_rule(FILE *fh, struct policy_item *pi, char *sourceas, - struct irr_prefix *prefix) -{ - char peer[PEER_DESCR_LEN]; - char *action = ""; - char *dir; - char *srcas[2] = { "", "" }; - char pbuf[8 + NI_MAXHOST + 4 + 14 + 3]; - size_t offset; - - if (pi->dir == IMPORT) - dir = "from"; - else - dir = "to"; - - if (pi->peer_addr) - snprintf(peer, PEER_DESCR_LEN, "%s", pi->peer_addr); - else - snprintf(peer, PEER_DESCR_LEN, "AS %s", log_as(pi->peer_as)); - - if (pi->action) - action = action_torule(pi->action); - - pbuf[0] = '\0'; - if (prefix != NULL) { - strlcpy(pbuf, " prefix ", sizeof(pbuf)); - offset = strlen(pbuf); - if (inet_ntop(prefix->af, &prefix->addr, pbuf + offset, - sizeof(pbuf) - offset) == NULL) - err(1, "print_rule inet_ntop"); - offset = strlen(pbuf); - if (snprintf(pbuf + offset, sizeof(pbuf) - offset, - "/%u", prefix->len) == -1) - err(1, "print_rule snprintf"); - - if (prefix->maxlen > prefix->len) { - offset = strlen(pbuf); - if (snprintf(pbuf + offset, sizeof(pbuf) - offset, - " prefixlen <= %u", prefix->maxlen) == -1) - err(1, "print_rule snprintf"); - } - - if (pi->dir == IMPORT) { - srcas[0] = " source-as "; - srcas[1] = sourceas; - } - } - - fprintf(fh, "allow quick %s %s%s%s%s%s\n", dir, peer, - srcas[0], srcas[1], pbuf, action); -} diff --git a/usr.sbin/bgpctl/irr_parser.c b/usr.sbin/bgpctl/irr_parser.c deleted file mode 100644 index bd415a79dfe..00000000000 --- a/usr.sbin/bgpctl/irr_parser.c +++ /dev/null @@ -1,423 +0,0 @@ -/* $OpenBSD: irr_parser.c,v 1.15 2019/04/10 15:23:27 claudio Exp $ */ - -/* - * Copyright (c) 2007 Henning Brauer <henning@openbsd.org> - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF MIND, USE, DATA OR PROFITS, WHETHER IN - * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT - * OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#include <sys/types.h> -#include <ctype.h> -#include <err.h> -#include <stdio.h> -#include <stdlib.h> -#include <string.h> -#include <unistd.h> -#include <limits.h> - -#include "irrfilter.h" - -#define PARSEBUF_INCREMENT 4096 - -int lineno; -char *parsebuf = NULL; -size_t parsebuflen = 0; - -void grow_parsebuf(void); -char *irr_getln(FILE *f); -int parse_policy(char *, char *); -int policy_additem(char *, struct policy_item *); -int parse_asset(char *, char *); -int parse_route(char *, char *); - -/* - * parse_response() return values: - * -1 error - * 0 object not found - * >0 number of lines matched plus 1 - */ -int -parse_response(FILE *f, enum qtype qtype) -{ - char *key, *val; - int cnt, n; - - lineno = 1; - cnt = 1; - while ((val = irr_getln(f)) != NULL) { - if (!strncmp(val, "%ERROR:101:", 11)) /* no entries found */ - return (0); - - if (val[0] == '%') { - warnx("message from whois server: %s", val); - return (-1); - } - - key = strsep(&val, ":"); - if (val == NULL) { - warnx("%u: %s", lineno, key); - warnx("no \":\" found!"); - return (-1); - } - EATWS(val); - - switch (qtype) { - case QTYPE_OWNAS: - if ((n = parse_policy(key, val)) == -1) - return (-1); - break; - case QTYPE_ASSET: - if ((n = parse_asset(key, val)) == -1) - return (-1); - break; - case QTYPE_ROUTE: - case QTYPE_ROUTE6: - if ((n = parse_route(key, val)) == -1) - return (-1); - break; - default: - err(1, "king bula suffers from dementia"); - } - cnt += n; - } - - return (cnt); -} - -void -grow_parsebuf(void) -{ - char *p; - size_t newlen; - - newlen = parsebuflen + PARSEBUF_INCREMENT; - if ((p = realloc(parsebuf, newlen)) == NULL) - err(1, "grow_parsebuf realloc"); - parsebuf = p; - parsebuflen = newlen; - - if (0) - fprintf(stderr, "parsebuf now %zu bytes\n", parsebuflen); -} - -char * -irr_getln(FILE *f) -{ - int c, next, last; - char *p; - - if (parsebuf == NULL) - grow_parsebuf(); - p = parsebuf; - last = -1; - - do { - c = getc(f); - - if (p == parsebuf) { /* beginning of new line */ - if (c == '%') { - next = getc(f); - switch (next) { - case ' ': /* comment. skip over */ - while ((c = getc(f)) != '\n' && - c != EOF) - ; /* nothing */ - break; - case '\n': - case EOF: - c = next; - break; - default: - ungetc(next, f); - break; - } - } - } - - if (c == '#') /* skip until \n */ - while ((c = getc(f)) != '\n' && c != EOF) - ; /* nothing */ - - if (c == '\n') { - lineno++; - next = getc(f); - if (next == '+') /* continuation, skip the + */ - c = getc(f); - else if (ISWS(next)) /* continuation */ - c = next; - else - ungetc(next, f); - } - - - if (c == '\n' || c == EOF) { - if (c == EOF) - if (ferror(f)) - err(1, "ferror"); - if (p > parsebuf) { - *p = '\0'; - return (parsebuf); - } - } else { - if (!(ISWS(c) && ISWS(last))) { - if (p + 1 >= parsebuf + parsebuflen - 1) { - size_t offset; - - offset = p - parsebuf; - grow_parsebuf(); - p = parsebuf + offset; - } - if (ISWS(c)) /* equal opportunity whitespace */ - *p++ = ' '; - else - *p++ = (char)c; - } - last = c; - } - } while (c != EOF); - - return (NULL); -} - -/* - * parse the policy from an aut-num object - */ - -enum policy_parser_st { - PO_NONE, - PO_PEER_KEY, - PO_PEER_AS, - PO_PEER_ADDR, - PO_RTR_KEY, - PO_RTR_ADDR, - PO_ACTION_KEY, - PO_ACTION_SPEC, - PO_FILTER_KEY, - PO_FILTER_SPEC -}; - -int -parse_policy(char *key, char *val) -{ - struct policy_item *pi; - enum pdir dir; - enum policy_parser_st st = PO_NONE, nextst; - char *tok, *router = "", *p; - - if (!strcmp(key, "import")) - dir = IMPORT; - else if (!strcmp(key, "export")) - dir = EXPORT; - else /* ignore! */ - return (0); - - if (dir == EXPORT && (irrflags & F_IMPORTONLY)) - return (0); - - if ((pi = calloc(1, sizeof(*pi))) == NULL) - err(1, "parse_policy calloc"); - pi->dir = dir; - - while ((tok = strsep(&val, " ")) != NULL) { - nextst = PO_NONE; - if (dir == IMPORT) { - if (!strcasecmp(tok, "from")) - nextst = PO_PEER_KEY; - else if (!strcasecmp(tok, "at")) - nextst = PO_RTR_KEY; - else if (!strcasecmp(tok, "action")) - nextst = PO_ACTION_KEY; - else if (!strcasecmp(tok, "accept")) - nextst = PO_FILTER_KEY; - } else if (dir == EXPORT) { - if (!strcasecmp(tok, "to")) - nextst = PO_PEER_KEY; - else if (!strcasecmp(tok, "at")) - nextst = PO_RTR_KEY; - else if (!strcasecmp(tok, "action")) - nextst = PO_ACTION_KEY; - else if (!strcasecmp(tok, "announce")) - nextst = PO_FILTER_KEY; - } - - if (nextst == PO_FILTER_KEY) /* rest is filter spec */ - if ((pi->filter = strdup(val)) == NULL) - err(1, NULL); - - if (nextst == PO_ACTION_KEY) { - /* action list. ends after last ; */ - p = strrchr(val, ';'); - if (p == NULL || !ISWS(*++p)) - errx(1, "syntax error in action spec"); - *p = '\0'; - if ((pi->action = strdup(val)) == NULL) - err(1, NULL); - val = ++p; - while (ISWS(*p)) - p++; - } - - switch (st) { - case PO_NONE: - if (nextst != PO_PEER_KEY) - goto ppoerr; - st = nextst; - break; - case PO_PEER_KEY: - if (pi->peer_as == 0) { - const char *errstr; - - if (nextst != PO_NONE) - goto ppoerr; - if (strlen(tok) < 3 || - strncasecmp(tok, "AS", 2) || - !isdigit((unsigned char)tok[2])) - errx(1, "peering spec \"%s\": format " - "error, AS expected", tok); - pi->peer_as = strtonum(tok + 2, 1, UINT_MAX, - &errstr); - if (errstr) - errx(1, "peering spec \"%s\": format " - "error: %s", tok, errstr); - } else { - switch (nextst) { - case PO_NONE: - if (!strcasecmp(tok, "and") || - !strcasecmp(tok, "or") || - !strcasecmp(tok, "not")) - fprintf(stderr, "compound " - "peering statements are " - "not supported"); - else /* peer address */ - if ((pi->peer_addr = - strdup(tok)) == NULL) - err(1, NULL); - break; - case PO_RTR_KEY: - case PO_ACTION_KEY: - case PO_FILTER_KEY: - st = nextst; - break; - default: - goto ppoerr; - } - } - break; - case PO_PEER_AS: - case PO_PEER_ADDR: - err(1, "state error"); - break; - case PO_RTR_KEY: - if (nextst != PO_NONE) - goto ppoerr; - /* rtr address */ - if ((router = strdup(tok)) == NULL) - err(1, NULL); - st = PO_RTR_ADDR; - break; - case PO_RTR_ADDR: - if (nextst != PO_ACTION_KEY && - nextst != PO_FILTER_KEY) - goto ppoerr; - st = nextst; - break; - case PO_ACTION_KEY: - /* already handled, next must be FILTER_KEY */ - if (nextst != PO_FILTER_KEY) - goto ppoerr; - st = nextst; - break; - case PO_FILTER_KEY: - /* already handled */ - break; - case PO_ACTION_SPEC: - case PO_FILTER_SPEC: - err(1, "state error"); - break; - } - } - - if (st != PO_FILTER_KEY) - err(1, "state error"); - - if (policy_additem(router, pi) == -1) - return (-1); - - return (1); - -ppoerr: - free(pi); - fprintf(stderr, "%u: parse error\n", lineno); - return (-1); -} - -int -policy_additem(char *router, struct policy_item *pi) -{ - struct router *r; - - for (r = TAILQ_FIRST(&router_head); r != NULL && - strcmp(r->address, router); r = TAILQ_NEXT(r, entry)) - ; /* nothing */ - - if (r == NULL) { - if ((r = calloc(1, sizeof(*r))) == NULL || - (r->address = strdup(router)) == NULL) - err(1, NULL); - TAILQ_INIT(&r->policy_h); - TAILQ_INSERT_TAIL(&router_head, r, entry); - } - - TAILQ_INSERT_TAIL(&r->policy_h, pi, entry); - - return (0); -} - -/* - * parse as-set: get members - */ - -int -parse_asset(char *key, char *val) -{ - char *tok; - - if (strcmp(key, "members")) /* ignore everything else */ - return (0); - - while ((tok = strsep(&val, ",")) != NULL) { - EATWS(tok); - if (tok[0] != '\0') - asset_addmember(tok); - } - - return (1); -} - -/* - * parse route obj: just get the prefix - */ -int -parse_route(char *key, char *val) -{ - if (strcmp(key, "route") && strcmp(key, "route6")) - /* ignore everything else */ - return (0); - - /* route is single-value, but seen trailing , and \r in the wild */ - if (strlen(val) > 0 && (val[strlen(val) - 1] == ',' || - val[strlen(val) - 1] == '\r')) - val[strlen(val) - 1] = '\0'; - - return (prefixset_addmember(val)); -} diff --git a/usr.sbin/bgpctl/irr_prefix.c b/usr.sbin/bgpctl/irr_prefix.c deleted file mode 100644 index 34e973bc5bf..00000000000 --- a/usr.sbin/bgpctl/irr_prefix.c +++ /dev/null @@ -1,289 +0,0 @@ -/* $OpenBSD: irr_prefix.c,v 1.21 2015/10/05 14:18:33 deraadt Exp $ */ - -/* - * Copyright (c) 2007 Henning Brauer <henning@openbsd.org> - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF MIND, USE, DATA OR PROFITS, WHETHER IN - * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT - * OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#include <sys/types.h> -#include <err.h> -#include <errno.h> -#include <stdio.h> -#include <stdlib.h> -#include <string.h> -#include <unistd.h> -#include <netinet/in.h> -#include <arpa/inet.h> - -#include "irrfilter.h" -#include "bgpd.h" - -void prefixset_aggregate(struct prefix_set *); -int prefix_aggregate(struct irr_prefix *, const struct irr_prefix *); -int irr_prefix_cmp(const void *, const void *); -int prefix_set_compare(struct prefix_set *, struct prefix_set *); -struct prefix_set - *prefix_set_find(char *); - -RB_HEAD(prefix_set_h, prefix_set) prefix_set_h; -RB_PROTOTYPE(prefix_set_h, prefix_set, entry, prefix_set_compare) -RB_GENERATE(prefix_set_h, prefix_set, entry, prefix_set_compare) - -struct prefix_set *curpfxs = NULL; - -struct prefix_set * -prefixset_get(char *as) -{ - struct prefix_set *pfxs; - - if ((pfxs = prefix_set_find(as)) != NULL) - return (pfxs); - - /* nothing found, resolve and store */ - if ((pfxs = calloc(1, sizeof(*pfxs))) == NULL) - err(1, "get_prefixset calloc"); - if ((pfxs->as = strdup(as)) == NULL) - err(1, "get_prefixset strdup"); - RB_INSERT(prefix_set_h, &prefix_set_h, pfxs); - - if (irrverbose >= 3) { - fprintf(stdout, "query routes for %s... ", as); - fflush(stdout); - } - curpfxs = pfxs; - if ((irrflags & F_IPV4) && whois(as, QTYPE_ROUTE) == -1) - errx(1, "whois error, prefixset_get %s", as); - if ((irrflags & F_IPV6) && whois(as, QTYPE_ROUTE6) == -1) - errx(1, "whois error, prefixset_get %s", as); - if (whois(as, QTYPE_ROUTE6) == -1) - errx(1, "whois error, prefixset_get %s", as); - curpfxs = NULL; - if (irrverbose >= 3) - fprintf(stdout, "done\n"); - - prefixset_aggregate(pfxs); - - return (pfxs); -} - -int -prefixset_addmember(char *s) -{ - void *p; - u_int i; - struct irr_prefix *pfx; - int len, ret; - char *slash; - const char *errstr; - - if ((slash = strchr(s, '/')) == NULL) { - fprintf(stderr, "%s: prefix %s does not have the len " - "specified, ignoring\n", curpfxs->as, s); - return (0); - } - - if ((pfx = calloc(1, sizeof(*pfx))) == NULL) - err(1, "prefixset_addmember calloc"); - - if ((len = inet_net_pton(AF_INET, s, &pfx->addr.in, - sizeof(pfx->addr.in))) != -1) { - pfx->af = AF_INET; - } else { - len = strtonum(slash + 1, 0, 128, &errstr); - if (errstr) - errx(1, "prefixset_addmember %s prefix %s: prefixlen " - "is %s", curpfxs->as, s, errstr); - *slash = '\0'; - - if ((ret = inet_pton(AF_INET6, s, &pfx->addr.in6)) == -1) - err(1, "prefixset_addmember %s prefix \"%s\"", - curpfxs->as, s); - else if (ret == 0) { - fprintf(stderr, "prefixset_addmember %s prefix \"%s\": " - "No matching address family found", curpfxs->as, s); - free(pfx); - return (0); - } - pfx->af = AF_INET6; - } - pfx->len = pfx->maxlen = len; - - /* yes, there are dupes... e. g. from multiple sources */ - for (i = 0; i < curpfxs->prefixcnt; i++) - if (irr_prefix_cmp(&curpfxs->prefix[i], &pfx) == 0) { - free(pfx); - return (0); - } - - if ((p = reallocarray(curpfxs->prefix, - curpfxs->prefixcnt + 1, sizeof(void *))) == NULL) - err(1, "prefixset_addmember realloc"); - curpfxs->prefix = p; - curpfxs->prefixcnt++; - curpfxs->prefix[curpfxs->prefixcnt - 1] = pfx; - - return (1); -} - -void -prefixset_aggregate(struct prefix_set *pfxs) -{ - u_int i, cnt, newcnt; - int res; - struct irr_prefix *cur, *last; - void *p; - - qsort(pfxs->prefix, pfxs->prefixcnt, sizeof(void *), irr_prefix_cmp); - - cnt = pfxs->prefixcnt; - do { - last = cur = NULL; - for (i = 0, newcnt = 0; i < cnt; i++) { - cur = pfxs->prefix[i]; - if (last != NULL && last->af == cur->af) { - if (cur->af == AF_INET) - res = prefix_aggregate(last, cur); - else - res = 0; - - if (res == 1) { /* cur is covered by last */ - if (cur->len > last->maxlen) - last->maxlen = cur->len; - free(pfxs->prefix[i]); - pfxs->prefix[i] = cur = NULL; - } - } - - if (cur != NULL) { - pfxs->prefix[newcnt++] = cur; - last = cur; - } - } - cnt = newcnt; - } while (newcnt < i); - - if (newcnt == pfxs->prefixcnt) - return; - - if (irrverbose >= 2) - printf("%s: prefix aggregation: %u -> %u\n", - pfxs->as, pfxs->prefixcnt, newcnt); - - if ((p = reallocarray(pfxs->prefix, newcnt, sizeof(void *))) == NULL) - err(1, "prefixset_aggregate realloc"); - pfxs->prefix = p; - pfxs->prefixcnt = newcnt; -} - -int -prefix_aggregate(struct irr_prefix *a, const struct irr_prefix *b) -{ - in_addr_t mask; - struct in6_addr ma; - struct in6_addr mb; - - if (a->len == 0) - return (1); - - if (a->af != b->af) - /* We cannot aggregate addresses of different families. */ - return (0); - - if (a->af == AF_INET) { - mask = htonl(prefixlen2mask(a->len)); - if ((a->addr.in.s_addr & mask) == (b->addr.in.s_addr & mask)) - return (1); - } else if (a->af == AF_INET6) { - inet6applymask(&ma, &a->addr.in6, a->len); - inet6applymask(&mb, &b->addr.in6, a->len); - if (IN6_ARE_ADDR_EQUAL(&ma, &mb)) - return (1); - } - - /* see whether we can fold them in one */ - if (a->len == b->len && a->len > 1) { - if (a->af == AF_INET) { - mask = htonl(prefixlen2mask(a->len - 1)); - if ((a->addr.in.s_addr & mask) == - (b->addr.in.s_addr & mask)) { - a->len--; - a->addr.in.s_addr &= mask; - return (1); - } - } else if (a->af == AF_INET6) { - inet6applymask(&ma, &a->addr.in6, a->len - 1); - inet6applymask(&mb, &b->addr.in6, a->len - 1); - - if (IN6_ARE_ADDR_EQUAL(&ma, &mb)) { - a->len--; - memcpy(&a->addr.in6, &ma, sizeof(ma)); - return (1); - } - } - } - - return (0); -} - -int -irr_prefix_cmp(const void *a, const void *b) -{ - const struct irr_prefix *pa; - const struct irr_prefix *pb; - int r; - - pa = *((const struct irr_prefix * const *)a); - pb = *((const struct irr_prefix * const *)b); - - if ((r = pa->af - pb->af) != 0) - return (r); - - if (pa->af == AF_INET) { - if (ntohl(pa->addr.in.s_addr) < - ntohl(pb->addr.in.s_addr)) - return (-1); - if (ntohl(pa->addr.in.s_addr) > - ntohl(pb->addr.in.s_addr)) - return (1); - } else if (pa->af == AF_INET6) { - for (r = 0; r < 16; r++) { - if (pa->addr.in6.s6_addr[r] < pb->addr.in6.s6_addr[r]) - return (-1); - if (pa->addr.in6.s6_addr[r] > pb->addr.in6.s6_addr[r]) - return (1); - } - } else - errx(1, "irr_prefix_cmp unknown af %u", pa->af); - - if ((r = pa->len - pb->len) != 0) - return (r); - - return (0); -} - -/* RB helpers */ -int -prefix_set_compare(struct prefix_set *a, struct prefix_set *b) -{ - return (strcmp(a->as, b->as)); -} - -struct prefix_set * -prefix_set_find(char *as) -{ - struct prefix_set s; - - s.as = as; - return (RB_FIND(prefix_set_h, &prefix_set_h, &s)); -} diff --git a/usr.sbin/bgpctl/irrfilter.c b/usr.sbin/bgpctl/irrfilter.c deleted file mode 100644 index 550d692eed2..00000000000 --- a/usr.sbin/bgpctl/irrfilter.c +++ /dev/null @@ -1,55 +0,0 @@ -/* $OpenBSD: irrfilter.c,v 1.6 2015/11/01 21:20:46 benno Exp $ */ - -/* - * Copyright (c) 2007 Henning Brauer <henning@openbsd.org> - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF MIND, USE, DATA OR PROFITS, WHETHER IN - * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT - * OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#include <sys/types.h> -#include <err.h> -#include <stdio.h> -#include <stdlib.h> -#include <string.h> -#include <unistd.h> - -#include "irrfilter.h" - -__dead void -irr_main(u_int32_t AS, int flags, char *outdir) -{ - char *query; - int r; - - if (pledge("stdio rpath wpath cpath inet dns", NULL) == -1) - err(1, "pledge"); - - fprintf(stderr, "irrfilter for: %u, writing to %s\n", AS, outdir); - - irrflags = flags; - irrverbose = 0; - TAILQ_INIT(&router_head); - - /* send query for own AS, parse policy */ - if (asprintf(&query, "AS%u", AS) == -1) - err(1, "parse_policy asprintf"); - if ((r = whois(query, QTYPE_OWNAS)) == -1) - exit(1); - if (r == 0) - errx(1, "aut-num object %s not found", query); - free(query); - - write_filters(outdir); - - exit(0); -} diff --git a/usr.sbin/bgpctl/irrfilter.h b/usr.sbin/bgpctl/irrfilter.h deleted file mode 100644 index ccd6f7a3560..00000000000 --- a/usr.sbin/bgpctl/irrfilter.h +++ /dev/null @@ -1,111 +0,0 @@ -/* $OpenBSD: irrfilter.h,v 1.10 2018/09/17 13:35:36 claudio Exp $ */ - -/* - * Copyright (c) 2007 Henning Brauer <henning@openbsd.org> - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF MIND, USE, DATA OR PROFITS, WHETHER IN - * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT - * OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#include <sys/queue.h> -#include <sys/tree.h> -#include <netinet/in.h> - -#define F_IMPORTONLY 0x01 /* skip export: items */ -#define F_IPV4 0x02 /* use IPv4 items */ -#define F_IPV6 0x04 /* use IPv6 items */ - -int irrflags; -int irrverbose; - -enum pdir { - PDIR_NONE, - IMPORT, - EXPORT -}; - -struct policy_item { - TAILQ_ENTRY(policy_item) entry; - char *peer_addr; - char *action; - char *filter; - enum pdir dir; - u_int32_t peer_as; -}; - -TAILQ_HEAD(policy_head, policy_item); - -struct router { - TAILQ_ENTRY(router) entry; - char *address; - struct policy_head policy_h; -}; - -TAILQ_HEAD(router_head, router) router_head; - -/* keep qtype and qtype_objs in whois.c in sync! */ -enum qtype { - QTYPE_NONE, - QTYPE_OWNAS, - QTYPE_ASSET, - QTYPE_ROUTE, - QTYPE_ROUTE6 -}; - -struct irr_as_set { - RB_ENTRY(irr_as_set) entry; - char *name; - char **members; /* direct members */ - char **as_set; /* members as-set */ - char **as; /* members aut-num */ - u_int n_members; - u_int n_as_set; - u_int n_as; -}; - -struct irr_prefix { - union { - struct in_addr in; - struct in6_addr in6; - } addr; - sa_family_t af; - u_int8_t len; - u_int8_t maxlen; -}; - -struct prefix_set { - RB_ENTRY(prefix_set) entry; - char *as; - struct irr_prefix **prefix; - u_int prefixcnt; -}; - -/* eat trailing and leading whitespace */ -#define ISWS(x) (x == ' ' || x == '\t') -#define EATWS(s) \ - do { \ - char *ps; \ - while (ISWS(*s)) \ - s++; \ - ps = s + strlen(s) - 1; \ - while (ps && ps >= s && ISWS(*ps)) \ - *ps-- = '\0'; \ - } while (0); - -__dead void irr_main(u_int32_t, int, char *); -int whois(const char *, enum qtype); -int parse_response(FILE *, enum qtype); -int write_filters(char *); -struct irr_as_set *asset_expand(char *); -int asset_addmember(char *); -struct prefix_set *prefixset_get(char *); -int prefixset_addmember(char *); diff --git a/usr.sbin/bgpctl/parser.c b/usr.sbin/bgpctl/parser.c index e081bb19089..5e56ed2722d 100644 --- a/usr.sbin/bgpctl/parser.c +++ b/usr.sbin/bgpctl/parser.c @@ -1,4 +1,4 @@ -/* $OpenBSD: parser.c,v 1.96 2019/06/17 13:46:33 claudio Exp $ */ +/* $OpenBSD: parser.c,v 1.97 2019/06/25 07:44:20 claudio Exp $ */ /* * Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org> @@ -32,7 +32,6 @@ #include <unistd.h> #include "parser.h" -#include "irrfilter.h" enum token_type { NOTOKEN, @@ -61,17 +60,11 @@ enum token_type { WEIGHT, RD, FAMILY, - GETOPT, RTABLE, FILENAME, BULK }; -enum getopts { - GETOPT_NONE, - GETOPT_IRRFILTER -}; - struct token { enum token_type type; const char *keyword; @@ -118,8 +111,6 @@ static const struct token t_pftable[]; static const struct token t_prepnbr[]; static const struct token t_prepself[]; static const struct token t_weight[]; -static const struct token t_irrfilter[]; -static const struct token t_irrfilter_opts[]; static const struct token t_log[]; static const struct token t_fib_table[]; static const struct token t_show_fib_table[]; @@ -130,7 +121,6 @@ static const struct token t_main[] = { { KEYWORD, "fib", FIB, t_fib}, { KEYWORD, "neighbor", NEIGHBOR, t_neighbor}, { KEYWORD, "network", NONE, t_network}, - { KEYWORD, "irrfilter", IRRFILTER, t_irrfilter}, { KEYWORD, "log", NONE, t_log}, { ENDTOKEN, "", NONE, NULL} }; @@ -469,18 +459,6 @@ static const struct token t_weight[] = { { ENDTOKEN, "", NONE, NULL} }; -static const struct token t_irrfilter[] = { - { GETOPT, "", GETOPT_IRRFILTER, t_irrfilter}, - { ASNUM, "", NONE, t_irrfilter_opts}, - { ENDTOKEN, "", NONE, NULL} -}; - -static const struct token t_irrfilter_opts[] = { - { NOTOKEN, "", NONE, NULL}, - { FLAG, "importonly", F_IMPORTONLY, t_irrfilter_opts}, - { ENDTOKEN, "", NONE, NULL} -}; - static const struct token t_log[] = { { KEYWORD, "verbose", LOG_VERBOSE, NULL}, { KEYWORD, "brief", LOG_BRIEF, NULL}, @@ -509,7 +487,6 @@ int parse_number(const char *, struct parse_result *, enum token_type); void parsecommunity(struct community *c, int type, char *s); void parseextcommunity(struct community *c, const char *t, char *s); int parse_nexthop(const char *, struct parse_result *); -int bgpctl_getopt(int *, char **[], int); struct parse_result * parse(int argc, char *argv[]) @@ -520,10 +497,6 @@ parse(int argc, char *argv[]) bzero(&res, sizeof(res)); res.rtableid = getrtable(); TAILQ_INIT(&res.set); - if ((res.irr_outdir = getcwd(NULL, 0)) == NULL) { - fprintf(stderr, "getcwd failed: %s\n", strerror(errno)); - return (NULL); - } while (argc >= 0) { if ((match = match_token(&argc, &argv, table)) == NULL) { @@ -799,12 +772,6 @@ match_token(int *argc, char **argv[], const struct token table[]) t = &table[i]; } break; - case GETOPT: - if (bgpctl_getopt(argc, argv, table[i].value)) { - match++; - t = &table[i]; - } - break; case FILENAME: if (word != NULL && wordlen > 0) { if ((res.mrtfd = open(word, O_RDONLY)) == -1) { @@ -911,9 +878,6 @@ show_valid_args(const struct token table[]) case FAMILY: fprintf(stderr, " [ inet | inet6 | IPv4 | IPv6 | VPNv4 ]\n"); break; - case GETOPT: - fprintf(stderr, " <options>\n"); - break; case FILENAME: fprintf(stderr, " <filename>\n"); break; @@ -1421,38 +1385,3 @@ parse_nexthop(const char *word, struct parse_result *r) TAILQ_INSERT_TAIL(&r->set, fs, entry); return (1); } - -int -bgpctl_getopt(int *argc, char **argv[], int type) -{ - int ch; - - optind = optreset = 1; - while ((ch = getopt((*argc) + 1, (*argv) - 1, "46o:")) != -1) { - switch (ch) { - case '4': - res.flags = (res.flags | F_IPV4) & ~F_IPV6; - break; - case '6': - res.flags = (res.flags | F_IPV6) & ~F_IPV4; - break; - case 'o': - res.irr_outdir = optarg; - break; - default: - usage(); - /* NOTREACHED */ - } - } - - if (optind > 1) { - (*argc) -= (optind - 1); - (*argv) += (optind - 1); - - /* need to move one backwards as calling code moves forward */ - (*argc)++; - (*argv)--; - return (1); - } else - return (0); -} diff --git a/usr.sbin/bgpctl/parser.h b/usr.sbin/bgpctl/parser.h index bfafb336405..47e0eeba0d2 100644 --- a/usr.sbin/bgpctl/parser.h +++ b/usr.sbin/bgpctl/parser.h @@ -1,4 +1,4 @@ -/* $OpenBSD: parser.h,v 1.36 2019/06/17 11:03:07 claudio Exp $ */ +/* $OpenBSD: parser.h,v 1.37 2019/06/25 07:44:20 claudio Exp $ */ /* * Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org> @@ -52,7 +52,6 @@ enum actions { NETWORK_FLUSH, NETWORK_SHOW, NETWORK_MRT, - IRRFILTER, NETWORK_BULK_ADD, NETWORK_BULK_REMOVE }; @@ -66,7 +65,6 @@ struct parse_result { char peerdesc[PEER_DESCR_LEN]; char rib[PEER_DESCR_LEN]; char shutcomm[SHUT_COMM_LEN]; - char *irr_outdir; const char *ext_comm_subtype; u_int64_t rd; int flags; diff --git a/usr.sbin/bgpctl/whois.c b/usr.sbin/bgpctl/whois.c deleted file mode 100644 index 1128768f327..00000000000 --- a/usr.sbin/bgpctl/whois.c +++ /dev/null @@ -1,149 +0,0 @@ -/* $OpenBSD: whois.c,v 1.5 2013/10/27 18:49:25 guenther Exp $ */ - -/* - * Copyright (c) 2007 Henning Brauer <henning@openbsd.org> - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF MIND, USE, DATA OR PROFITS, WHETHER IN - * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT - * OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -/* - * Copyright (c) 1980, 1993 - * The Regents of the University of California. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include <sys/types.h> -#include <sys/socket.h> - -#include <netinet/in.h> -#include <arpa/inet.h> -#include <netdb.h> - -#include <ctype.h> -#include <err.h> -#include <errno.h> -#include <stdio.h> -#include <stdlib.h> -#include <string.h> -#include <unistd.h> - -#include "irrfilter.h" - -#define WHOIS_STDOPTS "-r -a" - -char *qtype_opts[] = { - "", - "-T aut-num", - "-K -T as-set", - "-K -T route -i origin", - "-K -T route6 -i origin" -}; - -char *server = "whois.radb.net"; -char *port = "whois"; - -int -whois(const char *query, enum qtype qtype) -{ - FILE *sfw, *sfr; - int s, r = -1, error = 0, attempt, ret; - struct addrinfo hints, *res, *ai; - const char *reason = NULL; - - memset(&hints, 0, sizeof(hints)); - hints.ai_flags = 0; - hints.ai_family = AF_UNSPEC; - hints.ai_socktype = SOCK_STREAM; - error = getaddrinfo(server, port, &hints, &res); - if (error) { - if (error == EAI_SERVICE) - warnx("%s: bad port", port); - else - warnx("%s: %s", server, gai_strerror(error)); - return (1); - } - - for (s = -1, ai = res; ai != NULL; ai = ai->ai_next) { - attempt = 0; - do { - attempt++; - if (s != -1) - close(s); - s = socket(ai->ai_family, ai->ai_socktype, - ai->ai_protocol); - if (s == -1) { - error = errno; - reason = "socket"; - } else - r = connect(s, ai->ai_addr, ai->ai_addrlen); - } while (r == -1 && errno == ETIMEDOUT && attempt <= 3); - - if (r == -1) { - error = errno; - reason = "connect"; - close(s); - s = -1; - continue; - } - if (s != -1) - break; /*okay*/ - } - freeaddrinfo(res); - - if (s == -1) { - if (reason) { - errno = error; - warn("%s: %s", server, reason); - } else - warn("unknown error in connection attempt"); - return (1); - } - - sfr = fdopen(s, "r"); - sfw = fdopen(s, "w"); - if (sfr == NULL || sfw == NULL) - err(1, "fdopen"); - fprintf(sfw, "%s %s %s\r\n", WHOIS_STDOPTS, qtype_opts[qtype], query); - fflush(sfw); - - if ((ret = parse_response(sfr, qtype)) == -1) - warnx("parse error, query=\"%s %s\"", qtype_opts[qtype], query); - - fclose(sfw); - fclose(sfr); - close(s); - return (ret); -} |