bgpd: Allow specification of AS 0 for rpki commands

RFC-7607 specifically calls out the allowed usage of AS 0 to signal that the a particular address is not in use and should be guarded against. Add the ability to specify this special AS in the rpki commands. eva# show rpki as-number 0 RPKI/RTR prefix table Prefix Prefix Length Origin-AS 2.57.180.0 22 - 24 0 2.58.144.0 22 - 22 0 2.59.116.0 24 - 24 0 4.42.228.0 22 - 22 0 5.57.80.0 22 - 22 0 <snip> 2a13:df87:b400:: 38 - 38 0 2a13:df84:: 32 - 32 0 2630:: 16 - 16 0 Number of IPv4 Prefixes: 1166 Number of IPv6 Prefixes: 617 eva# show rpki prefix 2630::/16 0 Prefix Prefix Length Origin-AS 2630:: 16 - 16 0 eva# Fixes: #15778 Signed-off-by: Donald Sharp <[email protected]>
FRRouting · Apr 17, 2024 · cfee4e3 · cfee4e3
1 parent 5ef6a2b
commit cfee4e3
Show file tree

Hide file tree

Showing 2 changed files with 25 additions and 8 deletions.
diff --git a/bgpd/bgp_rpki.c b/bgpd/bgp_rpki.c
@@ -2088,16 +2088,18 @@ DEFPY (show_rpki_prefix_table,
 
 DEFPY (show_rpki_as_number,
        show_rpki_as_number_cmd,
-       "show rpki as-number ASNUM$by_asn [vrf NAME$vrfname] [json$uj]",
+       "show rpki as-number <0$zero|ASNUM$by_asn> [vrf NAME$vrfname] [json$uj]",
        SHOW_STR
        RPKI_OUTPUT_STRING
        "Lookup by ASN in prefix table\n"
+       "AS Number of 0, see RFC-7607\n"
        "AS Number\n"
        VRF_CMD_HELP_STR
        JSON_STR)
 {
 	struct json_object *json = NULL;
 	struct rpki_vrf *rpki_vrf;
+	as_t as;
 
 	if (uj)
 		json = json_object_new_object();
@@ -2118,18 +2120,24 @@ DEFPY (show_rpki_as_number,
 		return CMD_WARNING;
 	}
 
-	print_prefix_table_by_asn(vty, by_asn, rpki_vrf, json);
+	if (zero)
+		as = 0;
+	else
+		as = by_asn;
+
+	print_prefix_table_by_asn(vty, as, rpki_vrf, json);
 	return CMD_SUCCESS;
 }
 
 DEFPY (show_rpki_prefix,
        show_rpki_prefix_cmd,
-       "show rpki prefix <A.B.C.D/M|X:X::X:X/M> [ASNUM$asn] [vrf NAME$vrfname] [json$uj]",
+       "show rpki prefix <A.B.C.D/M|X:X::X:X/M> [0$zero|ASNUM$asn] [vrf NAME$vrfname] [json$uj]",
        SHOW_STR
        RPKI_OUTPUT_STRING
        "Lookup IP prefix and optionally ASN in prefix table\n"
        "IPv4 prefix\n"
        "IPv6 prefix\n"
+       "AS Number of 0, see RFC-7607\n"
        "AS Number\n"
        VRF_CMD_HELP_STR
        JSON_STR)
@@ -2138,6 +2146,7 @@ DEFPY (show_rpki_prefix,
 	json_object *json_records = NULL;
 	enum asnotation_mode asnotation;
 	struct rpki_vrf *rpki_vrf;
+	as_t as;
 
 	if (uj)
 		json = json_object_new_object();
@@ -2153,6 +2162,11 @@ DEFPY (show_rpki_prefix,
 		return CMD_WARNING;
 	}
 
+	if (zero)
+		as = 0;
+	else
+		as = asn;
+
 	struct lrtr_ip_addr addr;
 	char addr_str[INET6_ADDRSTRLEN];
 	size_t addr_len = strchr(prefix_str, '/') - prefix_str;
@@ -2174,7 +2188,7 @@ DEFPY (show_rpki_prefix,
 	enum pfxv_state result;
 
 	if (pfx_table_validate_r(rpki_vrf->rtr_config->pfx_table, &matches,
-				 &match_count, asn, &addr, prefix->prefixlen,
+				 &match_count, as, &addr, prefix->prefixlen,
 				 &result) != PFX_SUCCESS) {
 		if (json) {
 			json_object_string_add(json, "error", "Prefix lookup failed.");
@@ -2198,7 +2212,7 @@ DEFPY (show_rpki_prefix,
 		const struct pfx_record *record = &matches[i];
 
 		if (record->max_len >= prefix->prefixlen &&
-		    ((asn != 0 && (uint32_t)asn == record->asn) || asn == 0)) {
+		    ((as != 0 && (uint32_t)as == record->asn) || asn == 0)) {
 			print_record(&matches[i], vty, json_records,
 				     asnotation);
 		}

diff --git a/doc/user/rpki.rst b/doc/user/rpki.rst
@@ -215,15 +215,18 @@ Displaying RPKI
 
    Display RPKI configuration state including timers values.
 
-.. clicmd:: show rpki prefix <A.B.C.D/M|X:X::X:X/M> [(1-4294967295)] [vrf NAME] [json]
+.. clicmd:: show rpki prefix <A.B.C.D/M|X:X::X:X/M> [ASN] [vrf NAME] [json]
 
    Display validated prefixes received from the cache servers filtered
-   by the specified prefix.
+   by the specified prefix.  The AS number space has been increased
+   to allow the choice of using AS 0 because RFC-7607 specifically
+   calls out the usage of 0 in a special case.
 
 .. clicmd:: show rpki as-number ASN [vrf NAME] [json]
 
    Display validated prefixes received from the cache servers filtered
-   by ASN.
+   by ASN.  The usage of AS 0 is allowed because RFC-76067 specifically
+   calls out the usage of 0 in a special case.
 
 .. clicmd:: show rpki prefix-table [vrf NAME] [json]