Remove extraneous space in Arista prefixlist (#124)

* Remove extraneous space in Arista prefixlist

When diffing config generated with bgpq4 with config exported from an Arista device, many lines are returned as changed. This is because prefixlist on Arista device use 3 spaces and bgpq4 uses 4 spaces.

* Update eos--4.txt

* Update eos--6.txt

.github/images/centos.Dockerfile

@@ -2,8 +2,8 @@ ARG image=centos/centos:latest
 FROM quay.io/$image
 
 # Install dependencies
-RUN yum update -y
-RUN yum install -y autoconf automake gcc libtool make diffutils file gzip
+RUN dnf -y update
+RUN dnf -y install autoconf automake gcc libtool make diffutils file gzip
 
 # Add source code
 ADD . /src

.github/images/fedora/fedora:37.Dockerfile

@@ -1 +0,0 @@
-../centos.Dockerfile

.github/images/fedora/fedora:38.Dockerfile

@@ -1 +0,0 @@
-../centos.Dockerfile

.github/images/fedora/fedora:42.Dockerfile

@@ -0,0 +1,17 @@
+ARG image=centos/centos:latest
+FROM quay.io/$image
+
+# Install dependencies
+RUN dnf -y update
+RUN dnf -y install autoconf automake gcc libtool make diffutils file gzip awk
+
+# Add source code
+ADD . /src
+WORKDIR /src
+
+# Run steps
+RUN ./bootstrap
+RUN ./configure
+RUN make
+RUN make check
+RUN make distcheck

.github/workflows/build-container.yml

@@ -19,24 +19,24 @@ jobs:
 
   build:
     name: Build container
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
     needs: test
 
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - # Add support for more platforms with QEMU
         # https://github.com/docker/setup-qemu-action
         name: Set up QEMU
-        uses: docker/setup-qemu-action@v2
+        uses: docker/setup-qemu-action@v3
 
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v2
+        uses: docker/setup-buildx-action@v3
 
       - name: Docker meta
         id: meta
-        uses: docker/metadata-action@v4
+        uses: docker/metadata-action@v5
         with:
           images: ghcr.io/${{ github.repository_owner }}/bgpq4
           tags: |
@@ -48,17 +48,18 @@ jobs:
             type=sha
 
       - name: Login to GitHub Container Registry
-        uses: docker/login-action@v2
+        if: github.repository_owner == 'bgp'
+        uses: docker/login-action@v3
         with:
           registry: ghcr.io
           username: ${{ github.repository_owner }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Build and push
-        uses: docker/build-push-action@v4
+        uses: docker/build-push-action@v6
         with:
           file: .github/images/alpine:3.Dockerfile
           context: .
           platforms: linux/amd64,linux/arm64
-          push: true
+          push: ${{ github.repository_owner == 'bgp' }}
           tags: ${{ steps.meta.outputs.tags }}

.github/workflows/build.yml

@@ -9,7 +9,7 @@ jobs:
       matrix:
         os: [ubuntu-latest, macos-latest]
     steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
     - name: install macOS autogen prerequisites
       run: brew install autoconf automake libtool
       if: runner.os == 'macOS'

.github/workflows/codeql-analysis.yml

@@ -22,9 +22,9 @@ jobs:
         language: [ 'cpp' ]
     steps:
     - name: Checkout repository
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@v2
+      uses: github/codeql-action/init@v3
       with:
         languages: ${{ matrix.language }}
     - name: Build Application using script
@@ -33,6 +33,6 @@ jobs:
         ./configure
         make
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v2
+      uses: github/codeql-action/analyze@v3
       with:
         category: "/language:${{matrix.language}}"

.github/workflows/matrixbuild.yml

@@ -9,23 +9,25 @@ jobs:
       fail-fast: false
       matrix:
         dockerenv:
+          - debian:trixie
           - debian:bookworm
           - debian:bullseye
-          - debian:buster
+          - ubuntu:noble
           - ubuntu:jammy
           - ubuntu:focal
-          - ubuntu:bionic
-          - fedora/fedora:38
-          - fedora/fedora:37
-          - fedora/fedora:36
+          - fedora/fedora:42
+          - fedora/fedora:41
+          - fedora/fedora:40
+          - centos/centos:stream10
           - centos/centos:stream9
-          - centos/centos:stream8
-          - centos/centos:7
           - rockylinux/rockylinux:9
           - rockylinux/rockylinux:8
           - alpine:edge
-          - alpine:3.17
+          - alpine:3.21
     steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
+    - name: Work around Docker BuildKit regression
+      # https://github.com/moby/buildkit/issues/2119: `DOCKER_BUILDKIT=1 docker build` fails if Dockerfile is a symlink
+      run: [ -L .github/images/${{matrix.dockerenv}}.Dockerfile ] && cp --remove-destination $(readlink -f .github/images/${{matrix.dockerenv}}.Dockerfile) .github/images/${{matrix.dockerenv}}.Dockerfile
     - name: Run build on ${{matrix.dockerenv}}
       run: docker build . --file .github/images/${{matrix.dockerenv}}.Dockerfile --build-arg image=${{matrix.dockerenv}}

.github/workflows/unit-tests.yml

@@ -8,15 +8,18 @@ on:
       - reopened
       - ready_for_review
       - synchronize
+  push:
+    branches:
+      - main
   workflow_call:
 
 jobs:
   output-unit-tests:
     name: output unit tests
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
     steps:
       - name: clone repo
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
       - name: install pre-reqs
         run: |
           sudo apt-get update

CHANGES

@@ -1,3 +1,23 @@
+1.15 (2024-05-15)
+    - Apologies, debug code slipped into the last release
+
+1.14 (2024-05-14)
+    - Small performance gain: set TCP_NODELAY on the socket
+
+1.13 (2024-05-01)
+    - Fixed a bug for Mac users by removing sx_maxsockbuf()
+    - Fixed a comma printing bug in IOS XR as-path-set output
+
+1.12 (2024-02-12)
+    - Fix a bug in the mikrotik printer
+
+1.11 (2023-06-20)
+    - disallow AS 23456 as origin (can be bypassed via -p)
+
+1.10 (2023-06-03)
+    - Add support for Nokia SR Linux IP prefix lists / ACL filters
+    - Accept -3 as a no-op for bgpq3 compatibility
+
 1.9 (2023-03-05)
     - Bugfix for -S problem (bgpq4#83) by James Bensley
 

Makefile.am

@@ -17,7 +17,6 @@ bgpq4_LDADD += $(top_builddir)/compat/libcompat.la
 endif
 
 bgpq4_SOURCES=main.c extern.h printer.c expander.c \
-    sx_maxsockbuf.c \
     sx_prefix.c sx_prefix.h \
     sx_report.c sx_report.h \
     sx_slentry.c
@@ -33,3 +32,12 @@ MAINTAINERCLEANFILES=configure aclocal.m4 compile \
 
 maintainer-clean-local:
 	-rm -rf m4 autom4te.cache
+
+check:
+	./bgpq4 -v
+	@echo
+	-if [ -s /etc/resolv.conf ]; then \
+		./bgpq4 -ddd -6 AS15562:AS-SNIJDERS ; \
+	else \
+		echo "No or empty /etc/resolv.conf, skipping online test"; \
+	fi

README.md

@@ -1,3 +1,9 @@
+[![CI](https://github.com/bgp/bgpq4/actions/workflows/unit-tests.yml/badge.svg)](https://github.com/bgp/bgpq4/actions/workflows/unit-tests.yml)
+
+<a href="https://repology.org/project/bgpq4/versions">
+    <img src="https://repology.org/badge/vertical-allrepos/bgpq4.svg" alt="Packaging status" align="right">
+</a>
+
 # NAME
 
 **bgpq4** - bgp filtering automation tool
@@ -128,6 +134,10 @@ It's options are as follows:
 
 > generate config for Nokia SR OS MD-CLI (Cisco IOS by default)
 
+**-n2**
+
+> generate config for Nokia SR Linux (Cisco IOS by default)
+
 **-N**
 
 > generate config for Nokia SR OS classic CLI (Cisco IOS by default).

VERSION

@@ -1 +1 @@
-1.9
+1.15

bgpq4.8

@@ -114,7 +114,8 @@ generate config for Nokia SR Linux (Cisco IOS by default)
 .It Fl N
 generate config for Nokia SR OS classic CLI (Cisco IOS by default).
 .It Fl p
-emit prefixes where the origin ASN is in the private ASN range (disabled by default).
+emit prefixes where the origin ASN is 23456 or in the private ASN range
+(disabled by default).
 .It Fl r Ar len
 allow more specific routes starting with specified masklen too.
 .It Fl R Ar len

configure.ac

@@ -13,7 +13,7 @@
 # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 
-AC_INIT([bgpq4], m4_esyscmd([tr -d '\n' < VERSION]), job@sobornost.net)
+AC_INIT([bgpq4], m4_esyscmd([tr -d '\n' < VERSION]), [job@sobornost.net])
 
 AC_CANONICAL_HOST
 AM_INIT_AUTOMAKE([subdir-objects foreign])
@@ -56,9 +56,8 @@ AM_CONDITIONAL([HOST_NETBSD],  [test x$HOST_OS = xnetbsd])
 AM_CONDITIONAL([HOST_SOLARIS], [test x$HOST_OS = xsolaris])
 
 AC_PROG_CC
-AC_PROG_CC_STDC
 AM_PROG_CC_C_O
-AC_PROG_LIBTOOL
+LT_INIT
 AC_PROG_INSTALL
 
 AC_ARG_ENABLE(warnings,

expander.c

@@ -29,6 +29,7 @@
 #include <sys/types.h>
 #include <sys/socket.h>
 #include <sys/select.h>
+#include <netinet/tcp.h>
 
 #include <assert.h>
 #include <ctype.h>
@@ -183,7 +184,7 @@ int
 bgpq_expander_add_as(struct bgpq_expander *b, char *as)
 {
 	char			*eoa;
-	uint32_t	 	 asno = 0;
+	uint32_t		 asno = 0;
 	struct asn_entry	*asne;
 
 	if (!b || !as)
@@ -191,14 +192,14 @@ bgpq_expander_add_as(struct bgpq_expander *b, char *as)
 
 	asno = strtoul(as + 2, &eoa, 10);
 	if (eoa && *eoa != 0) {
-		sx_report(SX_ERROR,"Invalid symbol in AS number: '%c' in %s\n",
+		sx_report(SX_ERROR, "Invalid symbol in AS number: '%c' in %s\n",
 		    *eoa, as);
 		return 0;
 	}
 
-	if (!expand_special_asn &&
-	    (asno >= 4200000000ul || (asno >= 64496 && asno <= 65551))) {
-		sx_report(SX_ERROR,"Invalid AS number: %u\n", asno);
+	if (!expand_special_asn && (asno == 23456 || asno >= 4200000000ul
+	    || (asno >= 64496 && asno <= 65551))) {
+		sx_report(SX_ERROR, "Invalid AS number: %u\n", asno);
 		return 0;
 	}
 
@@ -1034,7 +1035,7 @@ bgpq_expand(struct bgpq_expander *b)
 	struct addrinfo 	 hints, *res = NULL, *rp;
 	struct linger		 sl;
 	struct asn_entry	*asne;
-	int			 fd = -1, err, ret, aquery = 0;
+	int			 fd = -1, err, ret, aquery = 0, nodelay = 1;
 	int			 slen;
 
 	sl.l_onoff = 1;
@@ -1074,15 +1075,12 @@ bgpq_expand(struct bgpq_expander *b)
 			fd = -1;
 			continue;
 		}
-		err = sx_maxsockbuf(fd, SO_SNDBUF);
-		if (err > 0) {
-			SX_DEBUG(debug_expander, "Acquired sendbuf of %i "
-			    "bytes\n", err);
-		} else {
-			close(fd);
-			fd = -1;
-			continue;
-		}
+
+		if (setsockopt(fd, IPPROTO_TCP, TCP_NODELAY, &nodelay,
+		    sizeof(nodelay)) == -1)
+			SX_DEBUG(debug_expander, "Unable to set TCP_NODELAY on"
+			    " socket: %s\n", strerror(errno));
+
 		break;
 	}
 

extern.h

@@ -149,9 +149,6 @@ void sx_radix_tree_freeall(struct sx_radix_tree *t);
 void bgpq_prequest_freeall(struct bgpq_prequest *bpr);
 void expander_freeall(struct bgpq_expander *expander);
 
-/* s - number of opened socket, dir is either SO_SNDBUF or SO_RCVBUF */
-int sx_maxsockbuf(int s, int dir);
-
 #ifndef HAVE_STRLCPY
 size_t strlcpy(char *dst, const char *src, size_t size);
 #endif

main.c

@@ -94,6 +94,7 @@ usage(int ecode)
 	printf(" -M match  : extra match conditions for JunOS route-filters\n");
 	printf(" -l name   : use specified name for generated access/prefix/.."
 		" list\n");
+	printf(" -p        : allow special ASNs like 23456 or in the private range\n");
 	printf(" -R len    : allow more specific routes up to specified masklen\n");
 	printf(" -r len    : allow more specific routes from masklen specified\n");
 	printf(" -s        : generate sequence numbers in prefix-lists (IOS only)\n");
@@ -603,6 +604,14 @@ main(int argc, char* argv[])
 		exit(1);
 	}
 
+	if (expander.vendor == V_ARISTA
+	    && expander.generation == T_EACL
+	    && expander.family == AF_INET6) {
+		sx_report(SX_FATAL, "Sorry, extended access-lists is not compatible "
+		    "with Arista EOS and IPv6\n");
+		exit(1);
+	}
+	
 	if (expander.sequence
 	    && (expander.vendor != V_CISCO && expander.vendor != V_ARISTA)) {
 		sx_report(SX_FATAL, "Sorry, prefix-lists sequencing (-s) supported"

printer.c

@@ -89,7 +89,7 @@ bgpq4_print_cisco_aspath(FILE *f, struct bgpq_expander *b)
 static void
 bgpq4_print_cisco_xr_aspath(FILE *f, struct bgpq_expander *b)
 {
-	int 			 nc = 0, comma = 1;
+	int 			 nc = 0, comma = 0;
 	struct asn_entry	*asne, find, *res;
 
 	fprintf(f, "as-path-set %s", b->name);
@@ -98,6 +98,7 @@ bgpq4_print_cisco_xr_aspath(FILE *f, struct bgpq_expander *b)
 	if ((res = RB_FIND(asn_tree, &b->asnlist, &find)) != NULL) {
 		fprintf(f, "\n  ios-regex '^%u(_%u)*$'", res->asn, res->asn);
 		RB_REMOVE(asn_tree, &b->asnlist, res);
+		comma = 1;
 	}
 
 	RB_FOREACH(asne, asn_tree, &b->asnlist) {
@@ -299,12 +300,15 @@ bgpq4_print_juniper_aslist(FILE *f, struct bgpq_expander *b)
 
 	RB_FOREACH(asne, asn_tree, &b->asnlist) {
 		if (!nc) {
-			fprintf(f, "  as-list a%u members [ %u",
-			    lineNo, asne->asn);
-		} else {
-			fprintf(f," %u", asne->asn);
+			fprintf(f, "  as-list a%u members [",
+			    lineNo);
 		}
 
+		// Filter out AS 0
+		// "error: RPD Policy: Invalid AS 0"
+		if (asne->asn != 0)
+			fprintf(f," %u", asne->asn);
+
 		nc++;
 
 		if (nc == b->aswidth) {
@@ -1161,7 +1165,7 @@ bgpq4_print_eprefix(struct sx_radix_node *n, void *ff)
 
 	sx_prefix_snprintf(n->prefix, prefix, sizeof(prefix));
 
-	snprintf(seqno, sizeof(seqno), " seq %i", seq++);
+	snprintf(seqno, sizeof(seqno), "seq %i", seq++);
 
 	if (n->isAggregate) {
 		if (n->aggregateLow > n->prefix->masklen) {
@@ -1864,13 +1868,13 @@ bgpq4_print_k7prefix(struct sx_radix_node *n, void *ff)
 
 	if (n->isAggregate)
 		fprintf(f,"/routing filter rule add chain=\""
-		    "%s-%s\"  rule=\"if (dst in %s && dst-len in %d-%d) {accept}\"\n",
+		    "%s-%s\" rule=\"if (dst in %s && dst-len in %d-%d) {accept}\"\n",
 		    bname ? bname : "NN",
 		    n->prefix->family == AF_INET ? "V4" : "V6",
 		    prefix, n->aggregateLow, n->aggregateHi);
 	else
 		fprintf(f,"/routing filter rule add chain=\""
-		    "%s-%s\" rule=\"if (dst=%s) {accept}\"\n",
+		    "%s-%s\" rule=\"if (dst==%s) {accept}\"\n",
 		    bname ? bname : "NN",
 		    n->prefix->family == AF_INET ? "V4" : "V6",
 		    prefix);

sx_maxsockbuf.c

@@ -1,117 +0,0 @@
-/*
- * Copyright (c) 2019-2020 Job Snijders <job@sobornost.net>
- * Copyright (c) 2007-2019 Alexandre Snarskii <snar@snar.spb.ru>
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include <sys/types.h>
-#include <sys/socket.h>
-#include <netinet/in.h>
-#include <arpa/inet.h>
-
-#include <errno.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <unistd.h>
-
-#include "extern.h"
-#include "sx_report.h"
-
-int
-sx_maxsockbuf(int s, int dir)
-{
-	int		optval = 0, voptval;
-	int		hiconf = -1, loconf = -1;
-	unsigned int	voptlen;
-	int		phase = 0, iterations = 0;
-
-	if (s < 0) {
-		sx_report(SX_FATAL,"Unable to maximize sockbuf on invalid "
-		    "socket %i\n", s);
-		exit(1);
-	}
-
-	voptlen = sizeof(optval);
-
-	if (getsockopt(s, SOL_SOCKET, dir, (void*)&optval, &voptlen) == -1) {
-		sx_report(SX_ERROR,"initial getsockopt failed: %s\n",
-		    strerror(errno));
-		return -1;
-	}
-
-	for (;;) {
-		iterations++;
-
-		if (phase == 0)
-			optval <<= 1;
-		else {
-			if (optval == (hiconf + loconf) / 2)
-				break;
-			optval = (hiconf + loconf) / 2;
-		}
-
-		if (setsockopt(s, SOL_SOCKET, dir, (void*)&optval,
-		    sizeof(optval)) == -1) {
-
-			if (phase == 0)
-				phase = 1;
-
-			hiconf = optval;
-
-			continue;
-		} else {
-			loconf = optval;
-		}
-
-		voptlen = sizeof(voptval);
-
-		if (getsockopt(s, SOL_SOCKET, dir, (void*)&voptval,
-		    &voptlen) == -1) {
-			sx_report(SX_ERROR,"getsockopt failed: %s\n",
-			    strerror(errno));
-			return -1;
-		} else if (voptval < optval) {
-			if (phase == 0) {
-				phase = 1;
-				optval >>= 1;
-				continue;
-			} else if (phase == 1) {
-				phase = 2;
-				optval -= 2048;
-				continue;
-			} else
-				break;
-		}
-	}
-
-	voptlen = sizeof(voptval);
-	if (getsockopt(s, SOL_SOCKET, dir, (void*)&voptval,
-	    &voptlen) == -1) {
-		sx_report(SX_ERROR,"getsockopt(final stage) failed: %s\n",
-		    strerror(errno));
-		return -1;
-	} else
-		return voptval;
-}

tests/reference/eos--4.txt

@@ -1,4 +1,4 @@
 no ip prefix-list NN
 ip prefix-list NN
-    seq 1 permit 192.31.196.0/24
-    seq 2 permit 192.175.48.0/24
+   seq 1 permit 192.31.196.0/24
+   seq 2 permit 192.175.48.0/24

tests/reference/eos--6.txt

@@ -1,4 +1,4 @@
 no ipv6 prefix-list NN
 ipv6 prefix-list NN
-    seq 1 permit 2001:4:112::/48
-    seq 2 permit 2620:4f:8000::/48
+   seq 1 permit 2001:4:112::/48
+   seq 2 permit 2620:4f:8000::/48

tests/reference/routeros7--4.txt

@@ -1,2 +1,2 @@
-/routing filter rule add chain="NN-V4" rule="if (dst=192.31.196.0/24) {accept}"
-/routing filter rule add chain="NN-V4" rule="if (dst=192.175.48.0/24) {accept}"
+/routing filter rule add chain="NN-V4" rule="if (dst==192.31.196.0/24) {accept}"
+/routing filter rule add chain="NN-V4" rule="if (dst==192.175.48.0/24) {accept}"

tests/reference/routeros7--6.txt

@@ -1,2 +1,2 @@
-/routing filter rule add chain="NN-V6" rule="if (dst=2001:4:112::/48) {accept}"
-/routing filter rule add chain="NN-V6" rule="if (dst=2620:4f:8000::/48) {accept}"
+/routing filter rule add chain="NN-V6" rule="if (dst==2001:4:112::/48) {accept}"
+/routing filter rule add chain="NN-V6" rule="if (dst==2620:4f:8000::/48) {accept}"