bgpd: Display RPKI validation state if we have it

When dumping data about prefixes in bgp. Let's dump the rpki validation state as well: Output if rpki is turned on: janelle# show rpki prefix 2003::/19 Prefix Prefix Length Origin-AS 2003:: 19 - 19 3320 janelle# show bgp ipv6 uni 2003::/19 BGP routing table entry for 2003::/19 Paths: (1 available, best #1, table default) Not advertised to any peer 15096 6939 3320 ::ffff:4113:867a from 65.19.134.122 (193.72.216.231) (fe80::e063:daff:fe79:1dab) (used) Origin IGP, valid, external, best (First path received), validation-state: valid Last update: Sat Mar 6 09:20:51 2021 janelle# show rpki prefix 8.8.8.0/24 Prefix Prefix Length Origin-AS janelle# show bgp ipv4 uni 8.8.8.0/24 BGP routing table entry for 8.8.8.0/24 Paths: (1 available, best #1, table default) Advertised to non peer-group peers: 100.99.229.142 15096 6939 15169 65.19.134.122 from 65.19.134.122 (193.72.216.231) Origin IGP, valid, external, best (First path received), validation-state: not found Last update: Sat Mar 6 09:21:25 2021 Example output when rpki is not configured: eva# show bgp ipv4 uni 8.8.8.0/24 BGP routing table entry for 8.8.8.0/24 Paths: (1 available, best #1, table default) Advertised to non peer-group peers: janelle(192.168.161.137) 64539 15096 6939 15169 192.168.161.137(janelle) from janelle(192.168.161.137) (192.168.44.1) Origin IGP, valid, external, bestpath-from-AS 64539, best (First path received) Last update: Sat Mar 6 09:33:51 2021 Signed-off-by: Donald Sharp <sharpd@nvidia.com>
sworleys · Mar 7, 2021 · b5b99af · b5b99af
1 parent 130daf2
commit b5b99af
Show file tree

Hide file tree

Showing 3 changed files with 41 additions and 0 deletions.
diff --git a/bgpd/bgp_route.c b/bgpd/bgp_route.c
@@ -97,6 +97,11 @@ DEFINE_HOOK(bgp_snmp_update_stats,
 	    (struct bgp_node *rn, struct bgp_path_info *pi, bool added),
 	    (rn, pi, added))
 
+DEFINE_HOOK(bgp_rpki_prefix_status,
+	    (struct peer *peer, struct attr *attr,
+	     const struct prefix *prefix),
+	    (peer, attr, prefix))
+
 /* Extern from bgp_dump.c */
 extern const char *bgp_origin_str[];
 extern const char *bgp_origin_long_str[];
@@ -7554,6 +7559,21 @@ static const char *bgp_origin2str(uint8_t origin)
 	return "n/a";
 }
 
+static const char *bgp_rpki_validation2str(int v_state)
+{
+	switch (v_state) {
+	case 1:
+		return "valid";
+	case 2:
+		return "not found";
+	case 3:
+		return "invalid";
+	default:
+		break;
+	}
+	return "ERROR";
+}
+
 int bgp_aggregate_unset(struct bgp *bgp, struct prefix *prefix, afi_t afi,
 			safi_t safi, char *errmsg, size_t errmsg_len)
 {
@@ -9568,6 +9588,7 @@ void route_vty_out_detail(struct vty *vty, struct bgp *bgp,
 	int i;
 	char *nexthop_hostname =
 		bgp_nexthop_hostname(path->peer, path->nexthop);
+	int rpki_validation_state = 0;
 
 	if (json_paths) {
 		json_path = json_object_new_object();
@@ -10166,6 +10187,20 @@ void route_vty_out_detail(struct vty *vty, struct bgp *bgp,
 		}
 	}
 
+	const struct prefix *p = bgp_dest_get_prefix(bn);
+	if (p->family == AF_INET || p->family == AF_INET6)
+		rpki_validation_state = hook_call(bgp_rpki_prefix_status,
+						  path->peer, path->attr, p);
+	if (rpki_validation_state) {
+		if (json_paths)
+			json_object_string_add(
+				json_path, "rpkiValidationState",
+				bgp_rpki_validation2str(rpki_validation_state));
+		else
+			vty_out(vty, ", validation-state: %s",
+				bgp_rpki_validation2str(rpki_validation_state));
+	}
+
 	if (json_bestpath)
 		json_object_object_add(json_path, "bestpath", json_bestpath);
 

diff --git a/bgpd/bgp_rpki.c b/bgpd/bgp_rpki.c
@@ -562,6 +562,7 @@ static int bgp_rpki_module_init(void)
 {
 	lrtr_set_alloc_functions(malloc_wrapper, realloc_wrapper, free_wrapper);
 
+	hook_register(bgp_rpki_prefix_status, rpki_validate_prefix);
 	hook_register(frr_late_init, bgp_rpki_init);
 	hook_register(frr_early_fini, &bgp_rpki_fini);
 

diff --git a/bgpd/bgpd.h b/bgpd/bgpd.h
@@ -2371,6 +2371,11 @@ DECLARE_HOOK(bgp_snmp_update_last_changed, (struct bgp *bgp), (bgp))
 DECLARE_HOOK(bgp_snmp_update_stats,
 	     (struct bgp_node *rn, struct bgp_path_info *pi, bool added),
 	     (rn, pi, added))
+DECLARE_HOOK(bgp_rpki_prefix_status,
+	     (struct peer * peer, struct attr *attr,
+	      const struct prefix *prefix),
+	     (peer, attr, prefix))
+
 void peer_nsf_stop(struct peer *peer);
 
 #endif /* _QUAGGA_BGPD_H */