Release 1.14

Nagle's algorithm probably serves no purpose with whois queries
often being tiny.

.github/images/centos.Dockerfile

@@ -2,8 +2,8 @@ ARG image=centos/centos:latest
 FROM quay.io/$image
 
 # Install dependencies
-RUN yum update -y
-RUN yum install -y autoconf automake gcc libtool make diffutils file gzip
+RUN if command -v yum > /dev/null; then dnf=yum; fi; ${dnf:-dnf} update -y
+RUN if command -v yum > /dev/null; then dnf=yum; fi; ${dnf:-dnf} install -y autoconf automake gcc libtool make diffutils file gzip
 
 # Add source code
 ADD . /src

.github/images/debian:trixie.Dockerfile

@@ -0,0 +1 @@
+debian.Dockerfile

.github/workflows/build-container.yml

@@ -24,19 +24,19 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - # Add support for more platforms with QEMU
         # https://github.com/docker/setup-qemu-action
         name: Set up QEMU
-        uses: docker/setup-qemu-action@v2
+        uses: docker/setup-qemu-action@v3
 
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v2
+        uses: docker/setup-buildx-action@v3
 
       - name: Docker meta
         id: meta
-        uses: docker/metadata-action@v4
+        uses: docker/metadata-action@v5
         with:
           images: ghcr.io/${{ github.repository_owner }}/bgpq4
           tags: |
@@ -48,17 +48,18 @@ jobs:
             type=sha
 
       - name: Login to GitHub Container Registry
-        uses: docker/login-action@v2
+        if: github.repository_owner == 'bgp'
+        uses: docker/login-action@v3
         with:
           registry: ghcr.io
           username: ${{ github.repository_owner }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Build and push
-        uses: docker/build-push-action@v4
+        uses: docker/build-push-action@v5
         with:
           file: .github/images/alpine:3.Dockerfile
           context: .
           platforms: linux/amd64,linux/arm64
-          push: true
+          push: ${{ github.repository_owner == 'bgp' }}
           tags: ${{ steps.meta.outputs.tags }}

.github/workflows/build.yml

@@ -9,7 +9,7 @@ jobs:
       matrix:
         os: [ubuntu-latest, macos-latest]
     steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
     - name: install macOS autogen prerequisites
       run: brew install autoconf automake libtool
       if: runner.os == 'macOS'

.github/workflows/codeql-analysis.yml

@@ -22,9 +22,9 @@ jobs:
         language: [ 'cpp' ]
     steps:
     - name: Checkout repository
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@v2
+      uses: github/codeql-action/init@v3
       with:
         languages: ${{ matrix.language }}
     - name: Build Application using script
@@ -33,6 +33,6 @@ jobs:
         ./configure
         make
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v2
+      uses: github/codeql-action/analyze@v3
       with:
         category: "/language:${{matrix.language}}"

.github/workflows/matrixbuild.yml

@@ -9,23 +9,27 @@ jobs:
       fail-fast: false
       matrix:
         dockerenv:
+          - debian:trixie
           - debian:bookworm
           - debian:bullseye
           - debian:buster
           - ubuntu:jammy
           - ubuntu:focal
           - ubuntu:bionic
+          - fedora/fedora:40
+          - fedora/fedora:39
           - fedora/fedora:38
-          - fedora/fedora:37
-          - fedora/fedora:36
           - centos/centos:stream9
           - centos/centos:stream8
           - centos/centos:7
           - rockylinux/rockylinux:9
           - rockylinux/rockylinux:8
           - alpine:edge
-          - alpine:3.17
+          - alpine:3.19
     steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
+    - name: Work around Docker BuildKit regression
+      # https://github.com/moby/buildkit/issues/2119: `DOCKER_BUILDKIT=1 docker build` fails if Dockerfile is a symlink
+      run: cp --remove-destination $(readlink -f .github/images/${{matrix.dockerenv}}.Dockerfile) .github/images/${{matrix.dockerenv}}.Dockerfile
     - name: Run build on ${{matrix.dockerenv}}
       run: docker build . --file .github/images/${{matrix.dockerenv}}.Dockerfile --build-arg image=${{matrix.dockerenv}}

.github/workflows/unit-tests.yml

@@ -16,7 +16,7 @@ jobs:
     runs-on: ubuntu-22.04
     steps:
       - name: clone repo
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
       - name: install pre-reqs
         run: |
           sudo apt-get update

CHANGES

@@ -1,3 +1,20 @@
+1.14 (2024-05-14)
+    - Small performance gain: set TCP_NODELAY on the socket
+
+1.13 (2024-05-01)
+    - Fixed a bug for Mac users by removing sx_maxsockbuf()
+    - Fixed a comma printing bug in IOS XR as-path-set output
+
+1.12 (2024-02-12)
+    - Fix a bug in the mikrotik printer
+
+1.11 (2023-06-20)
+    - disallow AS 23456 as origin (can be bypassed via -p)
+
+1.10 (2023-06-03)
+    - Add support for Nokia SR Linux IP prefix lists / ACL filters
+    - Accept -3 as a no-op for bgpq3 compatibility
+
 1.9 (2023-03-05)
     - Bugfix for -S problem (bgpq4#83) by James Bensley
 

Makefile.am

@@ -17,7 +17,6 @@ bgpq4_LDADD += $(top_builddir)/compat/libcompat.la
 endif
 
 bgpq4_SOURCES=main.c extern.h printer.c expander.c \
-    sx_maxsockbuf.c \
     sx_prefix.c sx_prefix.h \
     sx_report.c sx_report.h \
     sx_slentry.c
@@ -33,3 +32,12 @@ MAINTAINERCLEANFILES=configure aclocal.m4 compile \
 
 maintainer-clean-local:
 	-rm -rf m4 autom4te.cache
+
+check:
+	./bgpq4 -v
+	@echo
+	-if [ -s /etc/resolv.conf ]; then \
+		./bgpq4 -ddd -6 AS15562:AS-SNIJDERS ; \
+	else \
+		echo "No or empty /etc/resolv.conf, skipping online test"; \
+	fi

README.md

@@ -1,3 +1,9 @@
+[![CI](https://github.com/bgp/bgpq4/actions/workflows/unit-tests.yml/badge.svg)](https://github.com/bgp/bgpq4/actions/workflows/unit-tests.yml)
+
+<a href="https://repology.org/project/bgpq4/versions">
+    <img src="https://repology.org/badge/vertical-allrepos/bgpq4.svg" alt="Packaging status" align="right">
+</a>
+
 # NAME
 
 **bgpq4** - bgp filtering automation tool
@@ -128,6 +134,10 @@ It's options are as follows:
 
 > generate config for Nokia SR OS MD-CLI (Cisco IOS by default)
 
+**-n2**
+
+> generate config for Nokia SR Linux (Cisco IOS by default)
+
 **-N**
 
 > generate config for Nokia SR OS classic CLI (Cisco IOS by default).

VERSION

@@ -1 +1 @@
-1.9
+1.14

bgpq4.8

@@ -114,7 +114,8 @@ generate config for Nokia SR Linux (Cisco IOS by default)
 .It Fl N
 generate config for Nokia SR OS classic CLI (Cisco IOS by default).
 .It Fl p
-emit prefixes where the origin ASN is in the private ASN range (disabled by default).
+emit prefixes where the origin ASN is 23456 or in the private ASN range
+(disabled by default).
 .It Fl r Ar len
 allow more specific routes starting with specified masklen too.
 .It Fl R Ar len

configure.ac

@@ -13,7 +13,7 @@
 # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 
-AC_INIT([bgpq4], m4_esyscmd([tr -d '\n' < VERSION]), job@sobornost.net)
+AC_INIT([bgpq4], m4_esyscmd([tr -d '\n' < VERSION]), [job@sobornost.net])
 
 AC_CANONICAL_HOST
 AM_INIT_AUTOMAKE([subdir-objects foreign])
@@ -56,9 +56,8 @@ AM_CONDITIONAL([HOST_NETBSD],  [test x$HOST_OS = xnetbsd])
 AM_CONDITIONAL([HOST_SOLARIS], [test x$HOST_OS = xsolaris])
 
 AC_PROG_CC
-AC_PROG_CC_STDC
 AM_PROG_CC_C_O
-AC_PROG_LIBTOOL
+LT_INIT
 AC_PROG_INSTALL
 
 AC_ARG_ENABLE(warnings,

expander.c

@@ -29,6 +29,7 @@
 #include <sys/types.h>
 #include <sys/socket.h>
 #include <sys/select.h>
+#include <netinet/tcp.h>
 
 #include <assert.h>
 #include <ctype.h>
@@ -183,7 +184,7 @@ int
 bgpq_expander_add_as(struct bgpq_expander *b, char *as)
 {
 	char			*eoa;
-	uint32_t	 	 asno = 0;
+	uint32_t		 asno = 0;
 	struct asn_entry	*asne;
 
 	if (!b || !as)
@@ -191,14 +192,14 @@ bgpq_expander_add_as(struct bgpq_expander *b, char *as)
 
 	asno = strtoul(as + 2, &eoa, 10);
 	if (eoa && *eoa != 0) {
-		sx_report(SX_ERROR,"Invalid symbol in AS number: '%c' in %s\n",
+		sx_report(SX_ERROR, "Invalid symbol in AS number: '%c' in %s\n",
 		    *eoa, as);
 		return 0;
 	}
 
-	if (!expand_special_asn &&
-	    (asno >= 4200000000ul || (asno >= 64496 && asno <= 65551))) {
-		sx_report(SX_ERROR,"Invalid AS number: %u\n", asno);
+	if (!expand_special_asn && (asno == 23456 || asno >= 4200000000ul
+	    || (asno >= 64496 && asno <= 65551))) {
+		sx_report(SX_ERROR, "Invalid AS number: %u\n", asno);
 		return 0;
 	}
 
@@ -1034,7 +1035,7 @@ bgpq_expand(struct bgpq_expander *b)
 	struct addrinfo 	 hints, *res = NULL, *rp;
 	struct linger		 sl;
 	struct asn_entry	*asne;
-	int			 fd = -1, err, ret, aquery = 0;
+	int			 fd = -1, err, ret, aquery = 0, nodelay = 1;
 	int			 slen;
 
 	sl.l_onoff = 1;
@@ -1074,15 +1075,12 @@ bgpq_expand(struct bgpq_expander *b)
 			fd = -1;
 			continue;
 		}
-		err = sx_maxsockbuf(fd, SO_SNDBUF);
-		if (err > 0) {
-			SX_DEBUG(debug_expander, "Acquired sendbuf of %i "
-			    "bytes\n", err);
-		} else {
-			close(fd);
-			fd = -1;
-			continue;
-		}
+
+		if (setsockopt(fd, IPPROTO_TCP, TCP_NODELAY, &nodelay,
+		    sizeof(nodelay)) == -1)
+			SX_DEBUG(debug_expander, "Unable to set TCP_NODELAY on"
+			    " socket: %s\n", strerror(errno));
+
 		break;
 	}
 

extern.h

@@ -149,9 +149,6 @@ void sx_radix_tree_freeall(struct sx_radix_tree *t);
 void bgpq_prequest_freeall(struct bgpq_prequest *bpr);
 void expander_freeall(struct bgpq_expander *expander);
 
-/* s - number of opened socket, dir is either SO_SNDBUF or SO_RCVBUF */
-int sx_maxsockbuf(int s, int dir);
-
 #ifndef HAVE_STRLCPY
 size_t strlcpy(char *dst, const char *src, size_t size);
 #endif

main.c

@@ -94,6 +94,7 @@ usage(int ecode)
 	printf(" -M match  : extra match conditions for JunOS route-filters\n");
 	printf(" -l name   : use specified name for generated access/prefix/.."
 		" list\n");
+	printf(" -p        : allow special ASNs like 23456 or in the private range\n");
 	printf(" -R len    : allow more specific routes up to specified masklen\n");
 	printf(" -r len    : allow more specific routes from masklen specified\n");
 	printf(" -s        : generate sequence numbers in prefix-lists (IOS only)\n");

printer.c

@@ -89,7 +89,7 @@ bgpq4_print_cisco_aspath(FILE *f, struct bgpq_expander *b)
 static void
 bgpq4_print_cisco_xr_aspath(FILE *f, struct bgpq_expander *b)
 {
-	int 			 nc = 0, comma = 1;
+	int 			 nc = 0, comma = 0;
 	struct asn_entry	*asne, find, *res;
 
 	fprintf(f, "as-path-set %s", b->name);
@@ -98,6 +98,7 @@ bgpq4_print_cisco_xr_aspath(FILE *f, struct bgpq_expander *b)
 	if ((res = RB_FIND(asn_tree, &b->asnlist, &find)) != NULL) {
 		fprintf(f, "\n  ios-regex '^%u(_%u)*$'", res->asn, res->asn);
 		RB_REMOVE(asn_tree, &b->asnlist, res);
+		comma = 1;
 	}
 
 	RB_FOREACH(asne, asn_tree, &b->asnlist) {
@@ -1870,7 +1871,7 @@ bgpq4_print_k7prefix(struct sx_radix_node *n, void *ff)
 		    prefix, n->aggregateLow, n->aggregateHi);
 	else
 		fprintf(f,"/routing filter rule add chain=\""
-		    "%s-%s\" rule=\"if (dst=%s) {accept}\"\n",
+		    "%s-%s\" rule=\"if (dst==%s) {accept}\"\n",
 		    bname ? bname : "NN",
 		    n->prefix->family == AF_INET ? "V4" : "V6",
 		    prefix);

sx_maxsockbuf.c

@@ -1,117 +0,0 @@
-/*
- * Copyright (c) 2019-2020 Job Snijders <job@sobornost.net>
- * Copyright (c) 2007-2019 Alexandre Snarskii <snar@snar.spb.ru>
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include <sys/types.h>
-#include <sys/socket.h>
-#include <netinet/in.h>
-#include <arpa/inet.h>
-
-#include <errno.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <unistd.h>
-
-#include "extern.h"
-#include "sx_report.h"
-
-int
-sx_maxsockbuf(int s, int dir)
-{
-	int		optval = 0, voptval;
-	int		hiconf = -1, loconf = -1;
-	unsigned int	voptlen;
-	int		phase = 0, iterations = 0;
-
-	if (s < 0) {
-		sx_report(SX_FATAL,"Unable to maximize sockbuf on invalid "
-		    "socket %i\n", s);
-		exit(1);
-	}
-
-	voptlen = sizeof(optval);
-
-	if (getsockopt(s, SOL_SOCKET, dir, (void*)&optval, &voptlen) == -1) {
-		sx_report(SX_ERROR,"initial getsockopt failed: %s\n",
-		    strerror(errno));
-		return -1;
-	}
-
-	for (;;) {
-		iterations++;
-
-		if (phase == 0)
-			optval <<= 1;
-		else {
-			if (optval == (hiconf + loconf) / 2)
-				break;
-			optval = (hiconf + loconf) / 2;
-		}
-
-		if (setsockopt(s, SOL_SOCKET, dir, (void*)&optval,
-		    sizeof(optval)) == -1) {
-
-			if (phase == 0)
-				phase = 1;
-
-			hiconf = optval;
-
-			continue;
-		} else {
-			loconf = optval;
-		}
-
-		voptlen = sizeof(voptval);
-
-		if (getsockopt(s, SOL_SOCKET, dir, (void*)&voptval,
-		    &voptlen) == -1) {
-			sx_report(SX_ERROR,"getsockopt failed: %s\n",
-			    strerror(errno));
-			return -1;
-		} else if (voptval < optval) {
-			if (phase == 0) {
-				phase = 1;
-				optval >>= 1;
-				continue;
-			} else if (phase == 1) {
-				phase = 2;
-				optval -= 2048;
-				continue;
-			} else
-				break;
-		}
-	}
-
-	voptlen = sizeof(voptval);
-	if (getsockopt(s, SOL_SOCKET, dir, (void*)&voptval,
-	    &voptlen) == -1) {
-		sx_report(SX_ERROR,"getsockopt(final stage) failed: %s\n",
-		    strerror(errno));
-		return -1;
-	} else
-		return voptval;
-}

tests/reference/routeros7--4.txt

@@ -1,2 +1,2 @@
-/routing filter rule add chain="NN-V4" rule="if (dst=192.31.196.0/24) {accept}"
-/routing filter rule add chain="NN-V4" rule="if (dst=192.175.48.0/24) {accept}"
+/routing filter rule add chain="NN-V4" rule="if (dst==192.31.196.0/24) {accept}"
+/routing filter rule add chain="NN-V4" rule="if (dst==192.175.48.0/24) {accept}"

tests/reference/routeros7--6.txt

@@ -1,2 +1,2 @@
-/routing filter rule add chain="NN-V6" rule="if (dst=2001:4:112::/48) {accept}"
-/routing filter rule add chain="NN-V6" rule="if (dst=2620:4f:8000::/48) {accept}"
+/routing filter rule add chain="NN-V6" rule="if (dst==2001:4:112::/48) {accept}"
+/routing filter rule add chain="NN-V6" rule="if (dst==2620:4f:8000::/48) {accept}"