This is in preparation for introducing as-sets (a fast lookup table for
when you want to make sure that your peering partner is realy only passing
you traffic he should).
To make as-set possible lets do some cleanup beforehands. This mainly
removes one element from the filter_as struct, uses as_min for unary
operations and changes the way we pass the and check the neighbor-as.
as_compare() and aspath_match() now take the neighbor-as as last argument
and will match against it if AS_FLAG_NEIGHBORAS is set. Simplifies the
rde_filter_match() a fair bit.
OK?
--
:wq Claudio
? obj
Index: bgpd.h
===================================================================
RCS file: /cvs/src/usr.sbin/bgpd/bgpd.h,v
retrieving revision 1.330
diff -u -p -r1.330 bgpd.h
--- bgpd.h 9 Aug 2018 21:12:33 -0000 1.330
+++ bgpd.h 27 Aug 2018 10:03:55 -0000
@@ -647,7 +647,6 @@ enum aslen_spec {
};
struct filter_as {
- u_int32_t as;
u_int16_t flags;
enum as_spec type;
u_int8_t op;
Index: parse.y
===================================================================
RCS file: /cvs/src/usr.sbin/bgpd/parse.y,v
retrieving revision 1.330
diff -u -p -r1.330 parse.y
--- parse.y 27 Aug 2018 09:49:00 -0000 1.330
+++ parse.y 27 Aug 2018 10:03:56 -0000
@@ -1902,7 +1902,7 @@ filter_as : as4number_any {
if (($$ = calloc(1, sizeof(struct filter_as_l))) ==
NULL)
fatal(NULL);
- $$->a.as = $1;
+ $$->a.as_min = $1;
$$->a.op = OP_EQ;
}
| NEIGHBORAS {
@@ -1916,7 +1916,7 @@ filter_as : as4number_any {
NULL)
fatal(NULL);
$$->a.op = $1;
- $$->a.as = $2;
+ $$->a.as_min = $2;
}
| as4number_any binaryop as4number_any {
if (($$ = calloc(1, sizeof(struct filter_as_l))) ==
Index: printconf.c
===================================================================
RCS file: /cvs/src/usr.sbin/bgpd/printconf.c,v
retrieving revision 1.109
diff -u -p -r1.109 printconf.c
--- printconf.c 11 Jul 2018 14:08:46 -0000 1.109
+++ printconf.c 27 Aug 2018 10:03:56 -0000
@@ -619,10 +619,10 @@ void print_as(struct filter_rule *r)
printf("%s ", log_as(r->match.as.as_max));
break;
case OP_NE:
- printf("!= %s ", log_as(r->match.as.as));
+ printf("!= %s ", log_as(r->match.as.as_min));
break;
default:
- printf("%s ", log_as(r->match.as.as));
+ printf("%s ", log_as(r->match.as.as_min));
break;
}
}
Index: rde.c
===================================================================
RCS file: /cvs/src/usr.sbin/bgpd/rde.c,v
retrieving revision 1.414
diff -u -p -r1.414 rde.c
--- rde.c 9 Aug 2018 12:54:06 -0000 1.414
+++ rde.c 27 Aug 2018 10:03:57 -0000
@@ -2149,7 +2149,7 @@ rde_dump_filter(struct prefix *p, struct
return;
if (req->type == IMSG_CTL_SHOW_RIB_AS &&
!aspath_match(asp->aspath->data, asp->aspath->len,
- &req->as, req->as.as))
+ &req->as, 0))
return;
if (req->type == IMSG_CTL_SHOW_RIB_COMMUNITY &&
!community_match(asp, req->community.as,
@@ -3769,5 +3769,4 @@ rde_mark_prefixsets_dirty(struct prefixs
}
}
}
- return;
}
Index: rde_filter.c
===================================================================
RCS file: /cvs/src/usr.sbin/bgpd/rde_filter.c,v
retrieving revision 1.99
diff -u -p -r1.99 rde_filter.c
--- rde_filter.c 3 Aug 2018 16:31:22 -0000 1.99
+++ rde_filter.c 27 Aug 2018 10:03:57 -0000
@@ -340,7 +340,6 @@ int
rde_filter_match(struct filter_rule *f, struct rde_peer *peer,
struct filterstate *state, struct prefix *p)
{
- u_int32_t pas;
int cas, type;
int64_t las, ld1, ld2;
struct prefixset_item *psi;
@@ -349,20 +348,16 @@ rde_filter_match(struct filter_rule *f,
if (state != NULL)
asp = &state->aspath;
- if (asp != NULL && f->match.as.type != AS_NONE) {
- if (f->match.as.flags & AS_FLAG_NEIGHBORAS)
- pas = peer->conf.remote_as;
- else
- pas = f->match.as.as;
- if (aspath_match(asp->aspath->data, asp->aspath->len,
- &f->match.as, pas) == 0)
- return (0);
- }
-
if (f->peer.ebgp && !peer->conf.ebgp)
return (0);
if (f->peer.ibgp && peer->conf.ebgp)
return (0);
+
+ if (asp != NULL && f->match.as.type != AS_NONE) {
+ if (aspath_match(asp->aspath->data, asp->aspath->len,
+ &f->match.as, peer->conf.remote_as) == 0)
+ return (0);
+ }
if (asp != NULL && f->match.aslen.type != ASLEN_NONE)
if (aspath_lenmatch(asp->aspath, f->match.aslen.type,
Index: util.c
===================================================================
RCS file: /cvs/src/usr.sbin/bgpd/util.c,v
retrieving revision 1.30
diff -u -p -r1.30 util.c
--- util.c 10 Aug 2018 11:13:01 -0000 1.30
+++ util.c 27 Aug 2018 10:03:57 -0000
@@ -313,22 +313,40 @@ aspath_strlen(void *data, u_int16_t len)
}
static int
-as_compare(struct filter_as *f, u_int32_t as, u_int32_t match)
+as_compare(struct filter_as *f, u_int32_t as, u_int32_t neighas)
{
- if ((f->op == OP_NONE || f->op == OP_EQ) && as == match)
- return (1);
- else if (f->op == OP_NE && as != match)
- return (1);
- else if (f->op == OP_RANGE && as >= f->as_min && as <= f->as_max)
- return (1);
- else if (f->op == OP_XRANGE && (as < f->as_min || as > f->as_max))
- return (1);
+ u_int32_t match;
+
+ if (f->flags & AS_FLAG_NEIGHBORAS)
+ match = neighas;
+ else
+ match = f->as_min;
+
+ switch (f->op) {
+ case OP_NONE:
+ case OP_EQ:
+ if (as == match)
+ return (1);
+ break;
+ case OP_NE:
+ if (as != match)
+ return (1);
+ break;
+ case OP_RANGE:
+ if (as >= f->as_min && as <= f->as_max)
+ return (1);
+ break;
+ case OP_XRANGE:
+ if (as < f->as_min || as > f->as_max)
+ return (1);
+ break;
+ }
return (0);
}
/* we need to be able to search more than one as */
int
-aspath_match(void *data, u_int16_t len, struct filter_as *f, u_int32_t match)
+aspath_match(void *data, u_int16_t len, struct filter_as *f, u_int32_t neighas)
{
u_int8_t *seg;
int final;
@@ -348,7 +366,7 @@ aspath_match(void *data, u_int16_t len,
/* just check the leftmost AS */
if (f->type == AS_PEER && len >= 6) {
as = aspath_extract(seg, 0);
- if (as_compare(f, as, match))
+ if (as_compare(f, as, neighas))
return (1);
else
return (0);
@@ -372,7 +390,7 @@ aspath_match(void *data, u_int16_t len,
/* not yet in the final segment */
if (!final)
continue;
- if (as_compare(f, as, match))
+ if (as_compare(f, as, neighas))
return (1);
else
return (0);
@@ -386,7 +404,7 @@ aspath_match(void *data, u_int16_t len,
if (final && i == seg_len - 1 && f->type == AS_TRANSIT)
return (0);
as = aspath_extract(seg, i);
- if (as_compare(f, as, match))
+ if (as_compare(f, as, neighas))
return (1);
}
}
