From 56d2bbb9d7e9182b171966dff5e67958ab9d9b91 Mon Sep 17 00:00:00 2001 From: snar Date: Thu, 25 Dec 2008 17:17:05 +0000 Subject: [PATCH] ok, 0.1.8 is here. --- CHANGES | 9 ++++ bgpq3.8 | 29 +++++++----- bgpq3.c | 17 +++++-- bgpq3.h | 2 +- bgpq3_printer.c | 118 ++++++++++++++++++++++++++++++++---------------- configure | 18 ++++---- configure.in | 2 +- 7 files changed, 131 insertions(+), 64 deletions(-) diff --git a/CHANGES b/CHANGES index 88fbfbf..4bcf3ff 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,12 @@ +0.1.8 (2008-12-25) + - new flag -D for Cisco asdot notation. Cisco behaviour is a bit + strange for me, but, well, that's their decision: +When the asdot format is enabled as the default, any regular expressions +to match 4-byte autonomous system numbers must be written using the asdot +format, or else the regular expression match will fail. + (c) http://www.cisco.com/en/US/docs/ios/12_0s/release/ntes/120SNEWF.html + #wp3521658 (note the URL wrap). + 0.1.7 (2008-12-19): - man page. Finally :) - option -h now means not help, but now it can be used to point to diff --git a/bgpq3.8 b/bgpq3.8 index fb65267..c1f8de2 100644 --- a/bgpq3.8 +++ b/bgpq3.8 @@ -21,7 +21,7 @@ .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. -.\" "$Id: bgpq3.8,v 1.3 2008/12/19 17:58:31 snar Exp $ +.\" "$Id: bgpq3.8,v 1.4 2008/12/25 17:17:05 snar Exp $ .\" .Dd Oct 27, 2008 .Dt BGPQ3 8 @@ -38,7 +38,7 @@ .Fl f Ar asn | .Fl G Ar asn .Oc -.Op Fl 36A +.Op Fl 36ADd .Op Fl R Ar len .Ar OBJECTS .Op "..." @@ -55,9 +55,12 @@ assume that your device is asn32-safe. .It Fl 6 generate IPv6 prefix/access-lists (IPv4 by default). .It Fl A -try to aggregate prefix-lists as much as possible (Cisco only). +try to aggregate prefix-lists as much as possible (Cisco prefix-lists and +Juniper route-filters only supported). .It Fl d enable some debugging output. +.It Fl D +use asdot notation for Cisco as-path access-lists. .It Fl E generate extended access-list (Cisco) or policy-statement term using route-filters (Juniper). @@ -109,7 +112,7 @@ replace: } .RE .fi -.Lp +.Pp For Cisco we can use aggregation (-A) flag to make this prefix-filter more compact: .nf @@ -131,7 +134,7 @@ ip prefix-list eltel permit 217.170.64.0/19 ge 20 le 20 .fi - you see, prefixes 89.112.32.0/19 and 89.112.64.0/19 now aggregated into single entry 89.112.0.0/18 ge 19 le 19. -.Lp +.Pp Well, for Juniper we can generate even more interesting policy-options, using -M , -R and hierarchical names: .nf @@ -161,7 +164,7 @@ replace: .fi generated policy-option term now allows all specifics for eltel networks if they match with special community 'blackhole'. -.Lp +.Pp Of course, this version supports IPv6 (-6): .nf .RS @@ -172,8 +175,10 @@ ipv6 prefix-list as-retn-6 permit 2001:7fb:fe01::/48 [....] .RE .fi -and initial support for ASN 32 is also here (however, now only for -Juniper JunOS 9.1+ - Cisco IOS is not (as of yet) supports it): +and initial support for ASN 32 is also here (for a limited subset +of router's OS'es: if you run JunOS it MUST be 9.1 or higher, +Cisco IOS has even more restrictive list of IOS'es - ASN32 supported +only on GSR/PRP and only in IOS 12.0(32)S12): .nf .RS ~>bgpq3 -J3f 112 AS-SPACENET @@ -189,8 +194,8 @@ replace: .RE .fi see AS196611 in the end of the list ? That's AS3.3 in 'asplain' notation. -.Lp -For Cisco and old versions of JunOS you should not use switch -3, +.Pp +For non-ASN32 capable routers you should not use switch -3, and the result will be next: .nf .RS @@ -204,7 +209,7 @@ ip as-path access-list NN permit ^112(_[0-9]+)*_(25152|31529|34127|34906)$ ip as-path access-list NN permit ^112(_[0-9]+)*_(35052|41720|43628|44450)$ .RE .fi -.Lp +.Pp AS196611 is no more in the list, however, AS23456 (transition AS) would be added to list if it were not present. .Sh DIAGNOSTICS @@ -219,5 +224,7 @@ Routing Arbiter project .Sy http://www.ietf.org/internet-drafts/ .Sy draft-michaelson-4byte-as-representation-05.txt for information on 'asdot' and 'asplain' notations. +.Sy http://www.cisco.com/en/US/docs/ios/12_0s/release/ntes/120SNEWF.html#wp3521658 +for information on Cisco implementation of ASN32. .Sh AUTHOR .An Alexandre Snarskii Aq snar@snar.spb.ru diff --git a/bgpq3.c b/bgpq3.c index 51ca27d..efc8ac7 100644 --- a/bgpq3.c +++ b/bgpq3.c @@ -24,12 +24,13 @@ int usage(int ecode) { printf("\nUsage: bgpq3 [-h host] [-S sources] [-P|E|G |f ]" - " [-36A] [-R len] ...\n"); + " [-36ADd] [-R len] ...\n"); printf(" -3 : assume that your device is asn32-safe\n"); printf(" -6 : generate IPv6 prefix-lists (IPv4 by default)\n"); - printf(" -A : try to aggregate prefix-lists as much as possible" - " (Cisco only)\n"); + printf(" -A : try to aggregate Cisco prefix-lists or Juniper " + "route-filters\n as much as possible\n"); printf(" -d : generate some debugging output\n"); + printf(" -D : use asdot notation in as-path\n"); printf(" -E : generate extended access-list(Cisco) or " "route-filter(Juniper)\n"); printf(" -f number : generate input as-path access-list\n"); @@ -105,7 +106,7 @@ main(int argc, char* argv[]) bgpq_expander_init(&expander,af); expander.sources=getenv("IRRD_SOURCES"); - while((c=getopt(argc,argv,"36AdES:Jf:l:M:W:PR:G:Th:"))!=EOF) { + while((c=getopt(argc,argv,"36AdDES:Jf:l:M:W:PR:G:Th:"))!=EOF) { switch(c) { case '3': expander.asn32=1; @@ -120,6 +121,8 @@ main(int argc, char* argv[]) break; case 'd': debug_expander++; break; + case 'D': expander.asdot=1; + break; case 'E': if(expander.generation) exclusive(); expander.generation=T_EACL; break; @@ -217,10 +220,16 @@ main(int argc, char* argv[]) expander.generation=T_PREFIXLIST; }; + /* if(expander.vendor==V_CISCO && expander.asn32 && expander.generation=65536) { expander.asnumber=23456; diff --git a/bgpq3.h b/bgpq3.h index 40e30e3..f2ee0a4 100644 --- a/bgpq3.h +++ b/bgpq3.h @@ -30,7 +30,7 @@ struct bgpq_expander { struct sx_slentry* rsets; int family; char* sources; - int asnumber, aswidth; + int asnumber, aswidth, asdot; char* name; bgpq_vendor_t vendor; bgpq_gen_t generation; diff --git a/bgpq3_printer.c b/bgpq3_printer.c index ad9463d..133ed37 100644 --- a/bgpq3_printer.c +++ b/bgpq3_printer.c @@ -17,27 +17,49 @@ int bgpq3_print_cisco_aspath(FILE* f, struct bgpq_expander* b) { - int nc=0, i, j; + int nc=0, i, j, k; fprintf(f,"no ip as-path access-list %s\n", b->name?b->name:"NN"); - if(b->asn32s[0][b->asnumber/8]&(0x80>>(b->asnumber%8))) { - fprintf(f,"ip as-path access-list %s permit ^%i(_%i)*$\n", - b->name?b->name:"NN",b->asnumber,b->asnumber); + if(b->asn32s[b->asnumber/65536] && + b->asn32s[b->asnumber/65536][(b->asnumber%65536)/8]& + (0x80>>(b->asnumber%8))) { + if(b->asdot && b->asnumber>65535) { + fprintf(f,"ip as-path access-list %s permit ^%i.%i(_%i.%i)*$\n", + b->name?b->name:"NN",b->asnumber/65536,b->asnumber%65536, + b->asnumber/65536,b->asnumber%65536); + } else { + fprintf(f,"ip as-path access-list %s permit ^%i(_%i)*$\n", + b->name?b->name:"NN",b->asnumber,b->asnumber); + }; }; - for(i=0;i<8192;i++) { - for(j=0;j<8;j++) { - if(b->asn32s[0][i]&(0x80>>j)) { - if(i*8+j==b->asnumber) continue; - if(!nc) { - fprintf(f,"ip as-path access-list %s permit" - " ^%i(_[0-9]+)*_(%i", b->name?b->name:"NN", - b->asnumber,i*8+j); - } else { - fprintf(f,"|%i",i*8+j); - } - nc++; - if(nc==b->aswidth) { - fprintf(f,")$\n"); - nc=0; + for(k=0;k<65536;k++) { + if(!b->asn32s[k]) continue; + + for(i=0;i<8192;i++) { + for(j=0;j<8;j++) { + if(b->asn32s[k][i]&(0x80>>j)) { + if(k*65536+i*8+j==b->asnumber) continue; + if(!nc) { + if(b->asdot && k>0) { + fprintf(f,"ip as-path access-list %s permit" + " ^%i(_[0-9]+)*_(%i.%i", b->name?b->name:"NN", + b->asnumber,k,i*8+j); + } else { + fprintf(f,"ip as-path access-list %s permit" + " ^%i(_[0-9]+)*_(%i", b->name?b->name:"NN", + b->asnumber,k*65536+i*8+j); + }; + } else { + if(b->asdot && k>0) { + fprintf(f,"|%i.%i",k,i*8+j); + } else { + fprintf(f,"|%i",k*65536+i*8+j); + }; + } + nc++; + if(nc==b->aswidth) { + fprintf(f,")$\n"); + nc=0; + }; }; }; }; @@ -48,27 +70,47 @@ bgpq3_print_cisco_aspath(FILE* f, struct bgpq_expander* b) int bgpq3_print_cisco_oaspath(FILE* f, struct bgpq_expander* b) { - int nc=0, i, j; + int nc=0, i, j, k; fprintf(f,"no ip as-path access-list %s\n", b->name?b->name:"NN"); - if(b->asn32s[0][b->asnumber/8]&(0x80>>(b->asnumber%8))) { - fprintf(f,"ip as-path access-list %s permit ^(_%i)*$\n", - b->name?b->name:"NN",b->asnumber); + if(b->asn32s[b->asnumber/65536] && + b->asn32s[b->asnumber/65536][(b->asnumber%65536)/8]& + (0x80>>(b->asnumber%8))) { + if(b->asdot && b->asnumber>65535) { + fprintf(f,"ip as-path access-list %s permit ^(_%i.%i)*$\n", + b->name?b->name:"NN",b->asnumber/65536,b->asnumber%65536); + } else { + fprintf(f,"ip as-path access-list %s permit ^(_%i)*$\n", + b->name?b->name:"NN",b->asnumber); + }; }; - for(i=0;i<8192;i++) { - for(j=0;j<8;j++) { - if(b->asn32s[0][i]&(0x80>>j)) { - if(i*8+j==b->asnumber) continue; - if(!nc) { - fprintf(f,"ip as-path access-list %s permit" - " ^(_[0-9]+)*_(%i", b->name?b->name:"NN", - i*8+j); - } else { - fprintf(f,"|%i",i*8+j); - } - nc++; - if(nc==b->aswidth) { - fprintf(f,")$\n"); - nc=0; + for(k=0;k<65536;k++) { + if(!b->asn32s[k]) continue; + for(i=0;i<8192;i++) { + for(j=0;j<8;j++) { + if(b->asn32s[k][i]&(0x80>>j)) { + if(k*65536+i*8+j==b->asnumber) continue; + if(!nc) { + if(b->asdot && k>0) { + fprintf(f,"ip as-path access-list %s permit" + " ^(_[0-9]+)*_(%i.%i", b->name?b->name:"NN", + k,i*8+j); + } else { + fprintf(f,"ip as-path access-list %s permit" + " ^(_[0-9]+)*_(%i", b->name?b->name:"NN", + k*65536+i*8+j); + }; + } else { + if(b->asdot && k>0) { + fprintf(f,"|%i.%i",k,i*8+j); + } else { + fprintf(f,"|%i",k*65536+i*8+j); + }; + } + nc++; + if(nc==b->aswidth) { + fprintf(f,")$\n"); + nc=0; + }; }; }; }; diff --git a/configure b/configure index ab74380..06946c5 100755 --- a/configure +++ b/configure @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.62 for bgpq3 0.1.7. +# Generated by GNU Autoconf 2.62 for bgpq3 0.1.8. # # Report bugs to . # @@ -596,8 +596,8 @@ SHELL=${CONFIG_SHELL-/bin/sh} # Identity of this package. PACKAGE_NAME='bgpq3' PACKAGE_TARNAME='bgpq3' -PACKAGE_VERSION='0.1.7' -PACKAGE_STRING='bgpq3 0.1.7' +PACKAGE_VERSION='0.1.8' +PACKAGE_STRING='bgpq3 0.1.8' PACKAGE_BUGREPORT='snar@paranoia.ru' ac_subst_vars='SHELL @@ -1213,7 +1213,7 @@ if test "$ac_init_help" = "long"; then # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures bgpq3 0.1.7 to adapt to many kinds of systems. +\`configure' configures bgpq3 0.1.8 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1274,7 +1274,7 @@ fi if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of bgpq3 0.1.7:";; + short | recursive ) echo "Configuration of bgpq3 0.1.8:";; esac cat <<\_ACEOF @@ -1353,7 +1353,7 @@ fi test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -bgpq3 configure 0.1.7 +bgpq3 configure 0.1.8 generated by GNU Autoconf 2.62 Copyright (C) 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001, @@ -1367,7 +1367,7 @@ cat >config.log <<_ACEOF This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by bgpq3 $as_me 0.1.7, which was +It was created by bgpq3 $as_me 0.1.8, which was generated by GNU Autoconf 2.62. Invocation command line was $ $0 $@ @@ -3465,7 +3465,7 @@ exec 6>&1 # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by bgpq3 $as_me 0.1.7, which was +This file was extended by bgpq3 $as_me 0.1.8, which was generated by GNU Autoconf 2.62. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -3514,7 +3514,7 @@ Report bugs to ." _ACEOF cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_version="\\ -bgpq3 config.status 0.1.7 +bgpq3 config.status 0.1.8 configured by $0, generated by GNU Autoconf 2.62, with options \\"`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`\\" diff --git a/configure.in b/configure.in index ae569e2..43b3d3e 100644 --- a/configure.in +++ b/configure.in @@ -1,4 +1,4 @@ -AC_INIT(bgpq3,0.1.7,snar@paranoia.ru) +AC_INIT(bgpq3,0.1.8,snar@paranoia.ru) AC_CONFIG_HEADER(config.h) AC_PROG_CC AC_PROG_INSTALL