bgpd: misc RPKI fixes #15051
Closed
bgpd: misc RPKI fixes #15051
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
"show rpki XX json" should not return a void output because json.loads()
considers it to be an incorrect JSON.
> >>> json.loads("")
> Traceback (most recent call last):
> File "<stdin>", line 1, in <module>
> File "/usr/lib/python3.9/json/__init__.py", line 346, in loads
> return _default_decoder.decode(s)
> File "/usr/lib/python3.9/json/decoder.py", line 337, in decode
> obj, end = self.raw_decode(s, idx=_w(s, 0).end())
> File "/usr/lib/python3.9/json/decoder.py", line 355, in raw_decode
> raise JSONDecodeError("Expecting value", s, err.value) from None
> json.decoder.JSONDecodeError: Expecting value: line 1 column 1 (char 0)
> >>> json.loads("{}")
> {}
Return "{}" instead in such a case.
Link: FRRouting#15034
Fixes: dff41cc ("bgpd: Add JSON output for `show rpki prefix` and other show commands")
Signed-off-by: Louis Scalbert <[email protected]>
Fix RPKI module compilation when rtrlib is compiled without SSH support,
ie. with cmake option:
> -D RTRLIB_TRANSPORT_SSH=No
> bgpd/bgp_rpki.c: In function ‘config_write’:
> bgpd/bgp_rpki.c:1062:3: error: enumeration value ‘SSH’ not handled in switch [-Werror=switch-enum]
> 1062 | switch (cache->type) {
> | ^~~~~~
> bgpd/bgp_rpki.c: In function ‘show_rpki_cache_connection_magic’:
> bgpd/bgp_rpki.c:1598:3: error: enumeration value ‘SSH’ not handled in switch [-Werror=switch-enum]
> 1598 | switch (cache->type) {
> | ^~~~~~
> cc1: all warnings being treated as errors
Signed-off-by: Louis Scalbert <[email protected]>
Add bgp_rpki_topo1 topotest to validate the RPKI feature. Use a RTR RPKI server from the above link. Link: FRRouting#15034 Link: https://raw.githubusercontent.com/SmartValidator/rtr-python/368a4e268aaae0de7d88d0c34665315661851d40/rtrd.py Signed-off-by: Louis Scalbert <[email protected]>
Load r2 rpki configuration at bgpd startup. Set retry interval to 5s instead of the 600s value so rtrlib retries to re-connect every 5s if the network is not ready. Signed-off-by: Louis Scalbert <[email protected]>
rtrd must resent all the cache after receiving a "reset query". However, it is not done because the last_serial is not reset before reaching the get_announcements4() method. Reset last_serial to allow cache resent. Link: https://www.rfc-editor.org/rfc/rfc8210.html#page-12 Signed-off-by: Louis Scalbert <[email protected]>
Add tests to bgp_rpki_topo1: - removing and re-adding a RPKI cache server. - test RPKI validity in BGP table - test application of route-map with "match rpki valid" Signed-off-by: Louis Scalbert <[email protected]>
Fix a crash when re-adding a rpki server: > r2# sh run bgpd > [...] > rpki > rpki retry_interval 5 > rpki cache 192.0.2.1 15432 preference 1 > exit > [...] > r2# conf t > r2(config)# rpki > r2(config-rpki)# no rpki cache 192.0.2.1 15432 preference 1 > r2(config-rpki)# do show rpki cache-connection > Cannot find a connected group. > r2(config-rpki)# rpki cache 192.0.2.1 15432 preference 1 > r2(config-rpki)# do show rpki cache-connection > vtysh: error reading from bgpd: Resource temporarily unavailable (11)Warning: closing connection to bgpd because of an I/O error! > #0 raise (sig=<optimized out>) at ../sysdeps/unix/sysv/linux/raise.c:50 > #1 0x00007f3fd2d16e57 in core_handler (signo=11, siginfo=0x7ffffd5931b0, context=0x7ffffd593080) at lib/sigevent.c:246 > #2 <signal handler called> > #3 0x00007f3fd26926b4 in tommy_list_head (list=0x2e322e302e323931) at /home/lscalber/git/rtrlib/./third-party/tommyds/tommylist.h:125 > FRRouting#4 0x00007f3fd2693812 in rtr_mgr_get_first_group (config=0x55fbf31d7f00) at /home/lscalber/git/rtrlib/rtrlib/rtr_mgr.c:409 > FRRouting#5 0x00007f3fd2ebef59 in get_connected_group () at bgpd/bgp_rpki.c:718 > FRRouting#6 0x00007f3fd2ec0b39 in show_rpki_cache_connection_magic (self=0x7f3fd2ec69c0 <show_rpki_cache_connection_cmd>, vty=0x55fbf31f9ef0, argc=3, argv=0x55fbf31f99d0, uj=0x0) > # at bgpd/bgp_rpki.c:1575 > FRRouting#7 0x00007f3fd2ebd4da in show_rpki_cache_connection (self=0x7f3fd2ec69c0 <show_rpki_cache_connection_cmd>, vty=0x55fbf31f9ef0, argc=3, argv=0x55fbf31f99d0) at ./bgpd/bgp_rpki_clippy.c:648 > FRRouting#8 0x00007f3fd2c8a142 in cmd_execute_command_real (vline=0x55fbf31f9990, vty=0x55fbf31f9ef0, cmd=0x0, up_level=0) at lib/command.c:978 > FRRouting#9 0x00007f3fd2c8a25c in cmd_execute_command (vline=0x55fbf31e5260, vty=0x55fbf31f9ef0, cmd=0x0, vtysh=0) at lib/command.c:1028 > FRRouting#10 0x00007f3fd2c8a7f1 in cmd_execute (vty=0x55fbf31f9ef0, cmd=0x55fbf3200680 "do show rpki cache-connection ", matched=0x0, vtysh=0) at lib/command.c:1203 > FRRouting#11 0x00007f3fd2d36548 in vty_command (vty=0x55fbf31f9ef0, buf=0x55fbf3200680 "do show rpki cache-connection ") at lib/vty.c:594 > FRRouting#12 0x00007f3fd2d382e1 in vty_execute (vty=0x55fbf31f9ef0) at lib/vty.c:1357 > FRRouting#13 0x00007f3fd2d3a519 in vtysh_read (thread=0x7ffffd5963c0) at lib/vty.c:2365 > FRRouting#14 0x00007f3fd2d2faf6 in event_call (thread=0x7ffffd5963c0) at lib/event.c:1974 > FRRouting#15 0x00007f3fd2cc238e in frr_run (master=0x55fbf2a0cd60) at lib/libfrr.c:1214 > FRRouting#16 0x000055fbf073de40 in main (argc=9, argv=0x7ffffd596618) at bgpd/bgp_main.c:510 Signed-off-by: Louis Scalbert <[email protected]>
RPKI configuration is not totally flushed when doing "no rpki". Timers remains to default values. > r2# sh run bgpd > [...] > rpki > rpki retry_interval 5 > rpki cache 192.0.2.1 15432 preference 1 > exit > [...] > r2# conf t > r2(config)# no rpki > r2(config)# do sh run > [...] > rpki > rpki retry_interval 5 > exit Reset the timers after doing "no rpki" Signed-off-by: Louis Scalbert <[email protected]>
remove double spaces when doing show running-config. Signed-off-by: Philippe Guibert <[email protected]> Signed-off-by: Louis Scalbert <[email protected]>
"show run" displays the default RPKI timers when at least one cache server is configured. Only display the RPKI timers that differs from the default values. Signed-off-by: Philippe Guibert <[email protected]> Signed-off-by: Louis Scalbert <[email protected]>
louis-6wind
force-pushed
the
fix-rpki
branch
from
1400c10 to
0e4450a
Compare
ton31337
requested changes
Dec 21, 2023
| @@ -1684,6 +1691,46 @@ DEFPY (show_rpki_cache_connection, | |||
| return CMD_SUCCESS; | |||
| } | |||
|
|
|||
| DEFPY(show_rpki_configuration, show_rpki_configuration_cmd, | |||
There was a problem hiding this comment.
Documentation is missing for this new CLI.
Add documentation about the new "show rpki configuration" command. Signed-off-by: Louis Scalbert <[email protected]>
when a plugin is attached, some debugs may be attached to that plugin. For that, add one hook that is interacting with vty: a boolean indicates what the usage is for: either for impacting the 'show running-config', or for impacting the 'show debugging' command. Signed-off-by: Philippe Guibert <[email protected]> Signed-off-by: Louis Scalbert <[email protected]>
Only include "debug rpki" in "show run" if it was requested from the configure mode but not it was from the enabled mode. Signed-off-by: Philippe Guibert <[email protected]> Signed-off-by: Louis Scalbert <[email protected]>
louis-6wind
force-pushed
the
fix-rpki
branch
from
0e4450a to
a4c54dd
Compare
| if (!uj) | ||
| if (uj) | ||
| vty_json(vty, json); | ||
| else | ||
| vty_out(vty, "No Connection to RPKI cache server.\n"); | ||
| return CMD_WARNING; |
There was a problem hiding this comment.
is it possible to encapsulate error message in a json attribute ?
There was a problem hiding this comment.
Good point @pguibert6WIND, we might do this for all warning/error handling. Would be useful.
|
Merged in #15034 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
misc RPKI fixes