Release 1.12

* fixed - mikrotik routerosv7 output

* fixed - mikrotik routerosv7 output

---------

Co-authored-by: dkayza-xxx <darshan@darshankowlaser.com>

.github/images/alpine.Dockerfile

@@ -0,0 +1,17 @@
+ARG image=alpine:latest
+FROM $image
+
+# Install dependencies
+RUN apk upgrade
+RUN apk add autoconf automake file gcc gzip libtool make musl-dev
+
+# Add source code
+ADD . /src
+WORKDIR /src
+
+# Run steps
+RUN ./bootstrap
+RUN ./configure
+RUN make
+RUN make check
+RUN make distcheck

.github/images/alpine:3.19.Dockerfile

@@ -0,0 +1 @@
+alpine.Dockerfile

.github/images/alpine:3.Dockerfile

@@ -0,0 +1,24 @@
+# to build the image locally tagged with the short commit hash:
+# docker build -t bgpq4:$(git rev-parse --short HEAD) -f .github/images/alpine:3.Dockerfile .
+ARG IMAGE=alpine:3
+FROM $IMAGE as builder
+
+# Install dependencies
+RUN apk upgrade
+RUN apk add autoconf automake file gcc gzip libtool make musl-dev
+
+# Add source code
+ADD . /src
+WORKDIR /src
+
+# Run steps
+RUN ./bootstrap
+RUN ./configure
+RUN make
+RUN make check
+RUN make distcheck
+
+FROM alpine:3
+COPY --from=builder /src/bgpq4 /bgp/
+WORKDIR /bgp
+ENTRYPOINT [ "./bgpq4" ]

.github/images/alpine:edge.Dockerfile

@@ -0,0 +1 @@
+alpine.Dockerfile

.github/images/centos.Dockerfile

@@ -1,10 +1,9 @@
-ARG image=centos:8
-FROM $image
+ARG image=centos/centos:latest
+FROM quay.io/$image
 
 # Install dependencies
 RUN yum update -y
-RUN yum groupinstall -y 'Development Tools'
-RUN yum install -y autoconf automake findutils libtool
+RUN yum install -y autoconf automake gcc libtool make diffutils file gzip
 
 # Add source code
 ADD . /src
@@ -16,4 +15,3 @@ RUN ./configure
 RUN make
 RUN make check
 RUN make distcheck
-

.github/images/centos/centos:7.Dockerfile

@@ -0,0 +1 @@
+../centos.Dockerfile

.github/images/centos/centos:stream8.Dockerfile

@@ -0,0 +1 @@
+../centos.Dockerfile

.github/images/centos/centos:stream9.Dockerfile

@@ -0,0 +1 @@
+../centos.Dockerfile

.github/images/centos:7.Dockerfile

@@ -1 +0,0 @@
-centos.Dockerfile

.github/images/centos:8.Dockerfile

@@ -1 +0,0 @@
-centos.Dockerfile

.github/images/debian:trixie.Dockerfile

@@ -0,0 +1 @@
+debian.Dockerfile

.github/images/fedora/fedora:38.Dockerfile

@@ -0,0 +1 @@
+../centos.Dockerfile

.github/images/fedora/fedora:39.Dockerfile

@@ -0,0 +1 @@
+../centos.Dockerfile

.github/images/fedora/fedora:40.Dockerfile

@@ -0,0 +1 @@
+../centos.Dockerfile

.github/images/fedora:30.Dockerfile

@@ -1 +0,0 @@
-centos.Dockerfile

.github/images/fedora:31.Dockerfile

@@ -1 +0,0 @@
-centos.Dockerfile

.github/images/rockylinux/rockylinux:8.Dockerfile

@@ -0,0 +1 @@
+../centos.Dockerfile

.github/images/rockylinux/rockylinux:9.Dockerfile

@@ -0,0 +1 @@
+../centos.Dockerfile

.github/images/ubuntu:focal.Dockerfile

@@ -0,0 +1 @@
+debian.Dockerfile

.github/images/ubuntu:jammy.Dockerfile

@@ -0,0 +1 @@
+debian.Dockerfile

.github/workflows/build-container.yml

@@ -0,0 +1,64 @@
+name: Container build
+"on":
+  push:
+    tags:
+      - "*" # Push events to any tag
+    branches:
+      - "main"
+
+  workflow_dispatch:
+    inputs:
+      tag:
+        description: "Container tag to use for the build"
+        required: true
+        default: "test"
+
+jobs:
+  test:
+    uses: ./.github/workflows/unit-tests.yml
+
+  build:
+    name: Build container
+    runs-on: ubuntu-22.04
+    needs: test
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - # Add support for more platforms with QEMU
+        # https://github.com/docker/setup-qemu-action
+        name: Set up QEMU
+        uses: docker/setup-qemu-action@v2
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+
+      - name: Docker meta
+        id: meta
+        uses: docker/metadata-action@v4
+        with:
+          images: ghcr.io/${{ github.repository_owner }}/bgpq4
+          tags: |
+            # pick up tag provided from workflow_dispatch user's input
+            type=raw,value=${{ inputs.tag }}
+            type=ref,event=tag
+            type=ref,event=branch
+            # git short commit
+            type=sha
+
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v2
+        with:
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Build and push
+        uses: docker/build-push-action@v4
+        with:
+          file: .github/images/alpine:3.Dockerfile
+          context: .
+          platforms: linux/amd64,linux/arm64
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}

.github/workflows/build.yml

@@ -1,12 +1,18 @@
-name: Build and test (single linux distro)
+name: Build and test (latest Ubuntu/macOS)
 
 on: [push, pull_request]
 
 jobs:
   build:
-    runs-on: ubuntu-latest
+    runs-on: ${{ matrix.os }}
+    strategy:
+      matrix:
+        os: [ubuntu-latest, macos-latest]
     steps:
-    - uses: actions/checkout@v1
+    - uses: actions/checkout@v3
+    - name: install macOS autogen prerequisites
+      run: brew install autoconf automake libtool
+      if: runner.os == 'macOS'
     - name: bootstrap
       run: ./bootstrap
     - name: configure
@@ -17,4 +23,5 @@ jobs:
       run: make check
     - name: make distcheck
       run: make distcheck
+      if: runner.os == 'Linux'
 

.github/workflows/codeql-analysis.yml

@@ -0,0 +1,38 @@
+name: CodeQL analysis
+
+on:
+  push:
+  pull_request:
+  schedule:
+    # build the main branch every Tuesday morning
+    - cron: '15 6 * * 2'
+  workflow_dispatch:
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+    strategy:
+      fail-fast: false
+      matrix:
+        language: [ 'cpp' ]
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v3
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@v2
+      with:
+        languages: ${{ matrix.language }}
+    - name: Build Application using script
+      run: |
+        ./bootstrap
+        ./configure
+        make
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@v2
+      with:
+        category: "/language:${{matrix.language}}"

.github/workflows/matrixbuild.yml

@@ -9,15 +9,27 @@ jobs:
       fail-fast: false
       matrix:
         dockerenv:
+          - debian:trixie
+          - debian:bookworm
+          - debian:bullseye
           - debian:buster
-          - debian:stretch
+          - ubuntu:jammy
+          - ubuntu:focal
           - ubuntu:bionic
-          - ubuntu:xenial
-          - centos:8
-          - centos:7
-          - fedora:31
-          - fedora:30
+          - fedora/fedora:40
+          - fedora/fedora:39
+          - fedora/fedora:38
+          - centos/centos:stream9
+          - centos/centos:stream8
+          - centos/centos:7
+          - rockylinux/rockylinux:9
+          - rockylinux/rockylinux:8
+          - alpine:edge
+          - alpine:3.19
     steps:
-    - uses: actions/checkout@v1
+    - uses: actions/checkout@v3
+    - name: Work around Docker BuildKit regression
+      # https://github.com/moby/buildkit/issues/2119: `DOCKER_BUILDKIT=1 docker build` fails if Dockerfile is a symlink
+      run: cp --remove-destination $(readlink -f .github/images/${{matrix.dockerenv}}.Dockerfile) .github/images/${{matrix.dockerenv}}.Dockerfile
     - name: Run build on ${{matrix.dockerenv}}
       run: docker build . --file .github/images/${{matrix.dockerenv}}.Dockerfile --build-arg image=${{matrix.dockerenv}}

.github/workflows/unit-tests.yml

@@ -0,0 +1,37 @@
+name: basic unit tests
+
+on:
+  pull_request:
+    types:
+      - opened
+      - edited
+      - reopened
+      - ready_for_review
+      - synchronize
+  workflow_call:
+
+jobs:
+  output-unit-tests:
+    name: output unit tests
+    runs-on: ubuntu-22.04
+    steps:
+      - name: clone repo
+        uses: actions/checkout@v3
+      - name: install pre-reqs
+        run: |
+          sudo apt-get update
+          DEBIAN_FRONTEND=noninteractive sudo apt-get -y --no-install-recommends install autoconf automake libtool make
+      - name: build bgpq4
+        run: |
+          ./bootstrap
+          ./configure
+          make
+          ./bgpq4 -v
+      - name: generate output
+        run: ./tests/generate_outputs.sh ./bgpq4 /tmp
+      - name: check output
+        run: >
+          for file in tests/reference/*.txt;
+          do
+            echo "$(sha256sum "${file}" | awk '{print $1}') /tmp/$(basename "${file}")" | sha256sum --check;
+          done

CHANGES

@@ -1,3 +1,29 @@
+1.12 (2024-02-12)
+    - Fix a bug in the mikrotik printer
+
+1.11 (2023-06-20)
+    - disallow AS 23456 as origin (can be bypassed via -p)
+
+1.10 (2023-06-03)
+    - Add support for Nokia SR Linux IP prefix lists / ACL filters
+    - Accept -3 as a no-op for bgpq3 compatibility
+
+1.9 (2023-03-05)
+    - Bugfix for -S problem (bgpq4#83) by James Bensley
+
+1.8 (2023-01-20)
+    - Downgrade 'key not found' to DEBUG level to reduce noise
+    - Re-introduce -p for private ASN support option
+
+1.7 (2022-11-03)
+    - Support SOURCE:: syntax (contributed by James Bensley)
+
+1.6 (2022-09-07)
+    - Fix a bug in address prefix range parsing
+
+1.5 (2022-07-25)
+    - Add support for the new Junos as-path-origins feature
+
 1.4 (2021-08-20)
     - Fix BIRD aspath output
 

README.md

@@ -11,8 +11,9 @@
 \[**-f** *asn* |
 **-F** *fmt* |
 **-G** *asn*
+**-H** *asn*
 **-t**]
-\[**-46ABbDdJjNnsXU**]
+\[**-46ABbDdJjNnpsXU**]
 \[**-a** *asn*]
 \[**-r** *len*]
 \[**-R** *len*]
@@ -26,10 +27,10 @@
 
 The
 **bgpq4**
-utility used to generate configurations (prefix-lists, extended
-access-lists, policy-statement terms and as-path lists) based on RADB data.
+utility is used to generate configurations (prefix-lists, extended
+access-lists, policy-statement terms and as-path lists) based on IRR data.
 
-The options are as follows:
+It's options are as follows:
 
 **-4**
 
@@ -82,6 +83,10 @@ The options are as follows:
 
 > generate output as-path access-list.
 
+**-H** *number*
+
+> generate output as-list for JunOS 21.3R1+ `as-path-origin` filter (JunOS only)
+
 **-h** *host\[:port]*
 
 > host running IRRD database (default: rr.ntt.net).
@@ -96,7 +101,11 @@ The options are as follows:
 
 **-K**
 
-> generate config for Mikrotik (default: Cisco).
+> generate config for Mikrotik ROSv6 (default: Cisco).
+
+**-K7**
+
+> generate config for Mikrotik ROSv7 (default: Cisco).
 
 **-l** *name*
 
@@ -119,17 +128,18 @@ The options are as follows:
 
 > generate config for Nokia SR OS MD-CLI (Cisco IOS by default)
 
+**-n2**
+
+> generate config for Nokia SR Linux (Cisco IOS by default)
+
 **-N**
 
 > generate config for Nokia SR OS classic CLI (Cisco IOS by default).
 
 **-p**
 
-> accept routes registered for private ASNs (default: disabled)
-
-**-P**
-
-> generate prefix-list (default, backward compatibility).
+> emit prefixes where the origin ASN is in the private ASN range
+> (disabled by default).
 
 **-r** *len*
 
@@ -145,7 +155,7 @@ The options are as follows:
 
 **-S** *sources*
 
-> use specified sources only (recommended: RADB,RIPE,APNIC).
+> use specified sources only (recommended: RPKI,AFRINIC,ARIN,APNIC,LACNIC,RIPE).
 
 **-t**
 
@@ -157,12 +167,16 @@ The options are as follows:
 
 **-W** *len*
 
-> generate as-path strings of no more than len items (use 0 for inifinity).
+> generate as-path strings of no more than len items (use 0 for infinity).
 
 **-U**
 
 > generate config for Huawei devices (Cisco IOS by default)
 
+**-u**
+
+> generate output in Huawei XPL format.
+
 **-X**
 
 > generate config for Cisco IOS XR devices (plain IOS by default).
@@ -333,28 +347,70 @@ be in one line (sometimes it makes sense):
 
 # NOTES ON SOURCES
 
-By default
-*bgpq4*
-trusts to data from all databases mirrored into NTT's IRR service.
-Unfortunately, not all these databases are equal in how much can we
-trust their data.
+By default *bgpq4* trusts data from all databases mirrored into NTT's IRR service.
+Unfortunately, not all these databases are equal in how much can we trust their
+data.
 RIR maintained databases (AFRINIC, ARIN, APNIC, LACNIC and RIPE)
-shall be trusted more than the others because they are indeed have the
-knowledge about which address space allocated to this or that ASn,
-other databases lack this knowledge and can (and, actually, do) contain
-some stale data: noone but RIRs care to remove outdated route-objects
-when address space revoked from one ASn and allocated to another.
-In order to keep their filters both compact and actual,
-*bgpq4 users*
-are encouraged to use '-S' flag to limit database sources to only
-ones they trust.
+shall be trusted more than the others because they have the knowledge about
+which address space is allocated to each ASN, other databases lack this
+knowledge and can (and actually do) contain some stale data: nobody but RIRs
+care to remove outdated route-objects when address space is revoked from one
+ASN and allocated to another. In order to keep their filters both compact and
+current, *bgpq4 users* are encouraged to use one of two method to limit
+database sources to only ones they trust.
+
+One option is to use the '-S' flag. This limits all queries to a specific data
+source. For example, the following command tells IIRd to only use data from
+the RIPE RIR DB to build the prefix list for the AS-SET:
+
+	$./bgpq4 -S RIPE AS-VOSTRON
+	no ip prefix-list NN
+	ip prefix-list NN permit 89.21.224.0/19
+	ip prefix-list NN permit 134.0.64.0/21
+
+Be aware though, than an AS-SET may contain members from other data sources.
+In this case IRRd won't respond to the bgpq4 query will all the prefixes in the
+AS-SET tree. Make sure to use the '-S' flag with all the data sources required
+for the AS-SET being expanded:
+
+	$./bgpq4 -S RIPE,ARIN AS-VOSTRON
+	no ip prefix-list NN
+	ip prefix-list NN permit 89.21.224.0/19
+	ip prefix-list NN permit 134.0.64.0/21
+	ip prefix-list NN permit 208.86.232.0/24
+	ip prefix-list NN permit 208.86.233.0/24
+	ip prefix-list NN permit 208.86.234.0/24
+	ip prefix-list NN permit 208.86.235.0/24
+
+The other option is to specify a source for an AS-SET or Route Set using the
+"::" notation. When bgpq4 detects this, it will look for "::" in the specified
+AS-SET or RS on the CLI, and in all members of the AS-SET/RS, and for each
+member with a data source specified in "::" format, it will set the IRRd data
+source to the given value, query the AS-SET/RS, then reset the data sources back
+ to the default list for the next object in the tree.
+
+	$./bgpq4 RIPE::AS-VOSTRON
+	no ip prefix-list NN
+	ip prefix-list NN permit 89.21.224.0/19
+	ip prefix-list NN permit 134.0.64.0/21
+	ip prefix-list NN permit 208.86.232.0/22
+	ip prefix-list NN permit 208.86.232.0/24
+	ip prefix-list NN permit 208.86.233.0/24
+	ip prefix-list NN permit 208.86.234.0/24
+	ip prefix-list NN permit 208.86.235.0/24
+
+In comparison to the '-S' flag, this method return all the prefixes under the
+AS-SET, but the root of the tree "AS-VOSTRON" was queries from RIPE only. None
+of the member objects used the "::" notation so they were queries from the
+default source list (which is all sources).
+
 
 General recommendations:
 
 Use minimal set of RIR databases (only those in which you and your
 customers have registered route-objects).
 
-Avoid using ARIN-NONAUTH and RIPE-NONAUTH as trusted source: these records
+Avoid using ARIN-NONAUTH and RIPE-NONAUTH as trusted sources: these records
 were created in database but for address space allocated to different RIR,
 so the NONAUTH databases have no chance to confirm validity of this route
 object.
@@ -371,6 +427,9 @@ object.
 	ip prefix-list NN permit 45.65.184.0/22
 	[...]
 
+When known, use the "::" notation to speicy the authortative data source for
+an AS-SET or RS instead of the -S flag.
+
 # PERFORMANCE
 
 To improve \`bgpq4\` performance when expanding extra-large AS-SETs you
@@ -392,6 +451,31 @@ Linux can be tuned in the following way:
 
 	sysctl -w net.ipv4.tcp_wmem="4096 65536 2097152"
 
+# CONTAINER IMAGE
+
+A multi-arch (linux/amd64 and linux/arm64) container image is built automatically for all tagged releases and `main` branch. The image is based on Alpine Linux and is available on [GitHub Container Registry](https://github.com/bgp/bgpq4/pkgs/container/bgpq4).
+
+Using the image is as simple as:
+
+	```
+	docker run --rm ghcr.io/bgp/bgpq4:latest -Jl eltel AS20597
+	policy-options {
+		replace:
+		prefix-list eltel {
+			81.9.0.0/20;
+			81.9.32.0/20;
+			81.9.96.0/20;
+			81.222.128.0/20;
+			81.222.160.0/20;
+			81.222.192.0/18;
+			85.249.8.0/21;
+			85.249.224.0/19;
+			89.112.0.0/17;
+			217.170.64.0/19;
+		}
+		}
+	```
+
 # BUILDING
 
 This project uses autotools. If you are building from the repository,
@@ -421,9 +505,15 @@ In order to create a distribution archive, run:
 When everything is OK,
 **bgpq4**
 generates access-list to standard output and exits with status == 0.
-In case of errors they are printed to stderr and program exits with
+In case of errors they are printed to stderr and the program exits with
 non-zero status.
 
+# TESTS
+
+The [tests/](tests/) folder contains reference output data in [text files](tests/reference/). The [generate_outputs.sh](tests/generate_outputs.sh) script is used in the [Github workflow](.github/workflows/unit-tests.yml) to generate the same output data, using the latest commit, and compare the output data to the stored "known-good" reference data, and check there are no changes.
+
+To update the reference data (i.e. if the bgpq4 output is modified), simply run the script again (`./tests/generate_outputs.sh ./bgpq4 tests/reference`) and commit the changes.
+
 # AUTHORS
 
 Alexandre Snarskii, Christian David, Claudio Jeker, Job Snijders,

VERSION

@@ -1 +1 @@
-1.4
+1.12

bgpq4.8

@@ -37,9 +37,10 @@
 .Fl f Ar asn |
 .Fl F Ar fmt |
 .Fl G Ar asn
+.Fl H Ar asn
 .Fl t
 .Oc
-.Op Fl 46ABbDdJjNnsXU
+.Op Fl 46ABbDdJjNnpsXU
 .Op Fl a Ar asn
 .Op Fl r Ar len
 .Op Fl R Ar len
@@ -52,7 +53,7 @@
 The
 .Nm
 utility used to generate configurations (prefix-lists, extended
-access-lists, policy-statement terms and as-path lists) based on RADB data.
+access-lists, policy-statement terms and as-path lists) based on IRR data.
 .Pp
 The options are as follows:
 .Bl -tag -width Ds
@@ -83,6 +84,10 @@ generate input as-path access-list.
 generate output in user-defined format.
 .It Fl G Ar number
 generate output as-path access-list.
+.It Fl H Ar number
+generate output as-list for
+.Em as-path-origin
+filter (JunOS 21.3R1+)
 .It Fl h Ar host[:port]
 host running IRRD database (default: rr.ntt.net).
 .It Fl J
@@ -90,7 +95,9 @@ generate config for Juniper (default: Cisco).
 .It Fl j
 generate output in JSON format (default: Cisco).
 .It Fl K
-generate config for Mikrotik (default: Cisco).
+generate config for Mikrotik ROSv6 (default: Cisco).
+.It Fl K7
+generate config for Mikrotik ROSv7 (default: Cisco).
 .It Fl l Ar name
 name of generated entry.
 .It Fl L Ar limit
@@ -102,12 +109,13 @@ maximum prefix-length of accepted prefixes (default: 32 for IPv4 and
 extra match conditions for Juniper route-filters.
 .It Fl n
 generate config for Nokia SR OS MD-CLI (Cisco IOS by default)
+.It Fl n2
+generate config for Nokia SR Linux (Cisco IOS by default)
 .It Fl N
 generate config for Nokia SR OS classic CLI (Cisco IOS by default).
 .It Fl p
-accept routes registered for private ASNs (default: disabled)
-.It Fl P
-generate prefix-list (default, backward compatibility).
+emit prefixes where the origin ASN is 23456 or in the private ASN range
+(disabled by default).
 .It Fl r Ar len
 allow more specific routes starting with specified masklen too.
 .It Fl R Ar len
@@ -115,15 +123,17 @@ allow more specific routes up to specified masklen too.
 .It Fl s
 generate sequence numbers in IOS-style prefix-lists.
 .It Fl S Ar sources
-use specified sources only (recommended: RADB,RIPE,APNIC).
+use specified sources only (recommended: RPKI,AFRINIC,APNIC,ARIN,LACNIC,RIPE).
 .It Fl t
 generate as-sets for OpenBGPd, BIRD and JSON formats.
 .It Fl T
 disable pipelining (not recommended).
-.It Fl W Ar len
-generate as-path strings of no more than len items (use 0 for inifinity).
 .It Fl U
 generate config for Huawei devices (Cisco IOS by default)
+.It Fl u
+generate config for Huawei devices in XPL format (Cisco IOS by default)
+.It Fl W Ar len
+generate as-path strings of no more than len items (use 0 for infinity).
 .It Fl X
 generate config for Cisco IOS XR devices (plain IOS by default).
 .It Fl z
@@ -275,9 +285,9 @@ new line
 tabulation
 .El
 .Pp
-Please note that no new lines inserted automatically after each sentence,
-you have to add them into format string manually, elsewhere output will
-be in one line (sometimes it makes sense):
+Please note that no new lines are inserted automatically after each sentence.
+You have to add them into format string manually, otherwise the output will
+be in one single line (sometimes it makes sense):
 .nf
 .Bd -literal
 $ bgpq4 -6F "%n/%l; " as-eltel
@@ -287,29 +297,29 @@ $ bgpq4 -6F "%n/%l; " as-eltel
 .Sh NOTES ON SOURCES
 By default
 .Em bgpq4
-trusts to data from all databases mirrored into NTT's IRR service.
-Unfortunately, not all these databases are equal in how much can we
+trusts data from all the databases mirrored into NTT's IRR service.
+Unfortunately, not all these databases are equal in how much we can
 trust their data.
 RIR maintained databases (AFRINIC, ARIN, APNIC, LACNIC and RIPE)
-shall be trusted more than the others because they are indeed have the
-knowledge about which address space allocated to this or that ASn,
-other databases lack this knowledge and can (and, actually, do) contain
-some stale data: noone but RIRs care to remove outdated route-objects
-when address space revoked from one ASn and allocated to another.
+shall be trusted more than the others because they have the
+knowledge about who the rightful holders of resources are, while
+other databases lack this knowledge and can (and, actually do) contain 
+stale data: no one but the RIRs care to remove outdated route-objects
+when address space is de-allocated or transferred.
 In order to keep their filters both compact and actual,
 .Em bgpq4 users
 are encouraged to use '-S' flag to limit database sources to only
-ones they trust.
+the ones they trust.
 .Pp
 General recommendations:
 .Pp
-Use minimal set of RIR databases (only those in which you and your
+Use a minimal set of RIR databases (only those in which you and your
 customers have registered route-objects).
 .Pp
-Avoid using ARIN-NONAUTH and RIPE-NONAUTH as trusted source: these records
-were created in database but for address space allocated to different RIR,
-so the NONAUTH databases have no chance to confirm validity of this route
-object.
+Avoid using ARIN-NONAUTH and RIPE-NONAUTH as trusted sources: these records
+were created in the database, but for address space allocated to different RIRs,
+so the NONAUTH databases have no chance to confirm validity of the route
+objects they contain.
 .Bd -literal
 $ bgpq4 -S RIPE,RADB as-space
 no ip prefix-list NN
@@ -322,6 +332,7 @@ ip prefix-list NN permit 45.4.132.0/22
 ip prefix-list NN permit 45.6.128.0/22
 ip prefix-list NN permit 45.65.184.0/22
 [...]
+.Ed
 .Sh PERFORMANCE
 To improve `bgpq4` performance when expanding extra-large AS-SETs you
 shall tune OS settings to enlarge TCP send buffer.

bootstrap

@@ -5,7 +5,7 @@
 
 bsd_environment() {
 	# Based on https://github.com/rvm/rvm/blob/59fe3b39f0fb5ae01ed5b9aa187201080815ac16/scripts/functions/build_config_system#L123
-	if [[  -z "${AUTOCONF_VERSION:-}" ]]
+	if [ -z "${AUTOCONF_VERSION}" ]
 	then
 		export AUTOCONF_VERSION
 		AUTOCONF_VERSION="$(
@@ -17,7 +17,7 @@ bsd_environment() {
 		echo "Using autoconf version: $AUTOCONF_VERSION"
 	fi
 
-	if [[  -z "${AUTOMAKE_VERSION:-}" ]]
+	if [ -z "${AUTOMAKE_VERSION}" ]
 	then
 		export AUTOMAKE_VERSION
 		# FreeBSD might have automake-wrapper

expander.c

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2019-2021 Job Snijders <job@sobornost.net>
+ * Copyright (c) 2019-2022 Job Snijders <job@sobornost.net>
  * Copyright (c) 2018 Peter Schoenmaker <pds@ntt.net>
  * Copyright (c) 2007-2019 Alexandre Snarskii <snar@snar.spb.ru>
  * All rights reserved.
@@ -86,6 +86,7 @@ bgpq_expander_init(struct bgpq_expander *b, int af)
 
 	b->family = af;
 	b->sources = "";
+	b->usesource = 0;
 	b->name = "NN";
 	b->aswidth = 8;
 	b->identify = 1;
@@ -152,7 +153,7 @@ bgpq_expander_add_already(struct bgpq_expander *b, char *rs)
 	lkey.text = rs;
 
 	if (RB_FIND(tentree, &b->already, &lkey))
-		return 1;
+		return 0;
 
 	le = sx_tentry_new(rs);
 
@@ -169,7 +170,7 @@ bgpq_expander_add_stop(struct bgpq_expander *b, char *rs)
 	lkey.text = rs;
 
 	if (RB_FIND(tentree, &b->stoplist, &lkey))
-		return 1;
+		return 0;
 
 	le = sx_tentry_new(rs);
 
@@ -182,7 +183,7 @@ int
 bgpq_expander_add_as(struct bgpq_expander *b, char *as)
 {
 	char			*eoa;
-	uint32_t	 	 asno = 0;
+	uint32_t		 asno = 0;
 	struct asn_entry	*asne;
 
 	if (!b || !as)
@@ -190,14 +191,16 @@ bgpq_expander_add_as(struct bgpq_expander *b, char *as)
 
 	asno = strtoul(as + 2, &eoa, 10);
 	if (eoa && *eoa != 0) {
-		sx_report(SX_ERROR,"Invalid symbol in AS number: '%c' in %s\n",
+		sx_report(SX_ERROR, "Invalid symbol in AS number: '%c' in %s\n",
 		    *eoa, as);
 		return 0;
 	}
 
-	if (!expand_special_asn &&
-	    ((asno  >= 4200000000ul) || (asno >= 64496 && asno <= 65551)))
+	if (!expand_special_asn && (asno == 23456 || asno >= 4200000000ul
+	    || (asno >= 64496 && asno <= 65551))) {
+		sx_report(SX_ERROR, "Invalid AS number: %u\n", asno);
 		return 0;
+	}
 
 	if ((asne = malloc(sizeof(struct asn_entry))) == NULL)
 		err(1, NULL);
@@ -229,7 +232,7 @@ bgpq_expander_add_prefix(struct bgpq_expander *b, char *prefix)
 	sx_radix_tree_insert(b->tree, p);
 
         if (p)
-		sx_prefix_destroy(p);
+		sx_prefix_free(p);
 
 	return 1;
 }
@@ -240,6 +243,63 @@ bgpq_expander_add_prefix_range(struct bgpq_expander *b, char *prefix)
 	return sx_prefix_range_parse(b->tree, b->family, b->maxlen, prefix);
 }
 
+char *
+bgpq_get_asset(char *object) {
+	char *d, *asset;
+
+	d = strstr(object, "::");
+	if (d)
+		d += 2;
+	else
+		d = object;
+
+	if ((asset = calloc(1, 256)) == NULL)
+		err(1, NULL);
+
+	memcpy(asset, d, strlen(object) - (d - object));
+
+	return asset;
+}
+
+char *
+bgpq_get_rset(char *object) {
+	char *d, *rset;
+
+	d = strstr(object, "::");
+
+	if (d)
+		d += 2;
+	else
+		d = object;
+
+	if ((rset = calloc(1, 256)) == NULL)
+		err(1, NULL);
+
+	memcpy(rset, d, strlen(object) - (d - object));
+
+	return rset;
+}
+
+char *
+bgpq_get_source(char *object) {
+	char 		*d;
+	char 		*source;
+	unsigned int	 slen;
+
+	d = strstr(object, "::");
+
+	if (d) {
+		if ((source = calloc(1, 256)) == NULL)
+			err(1, NULL);
+
+		slen = d - object;
+		memcpy(source, object, slen);
+		return source;
+	}
+
+	return NULL;
+}
+
 static int
 bgpq_expanded_macro(char *as, struct bgpq_expander *ex,
     struct request *req)
@@ -249,11 +309,13 @@ bgpq_expanded_macro(char *as, struct bgpq_expander *ex,
 	return 1;
 }
 
-struct request *bgpq_pipeline(struct bgpq_expander *b,
+struct request *
+bgpq_pipeline(struct bgpq_expander *b,
     int (*callback)(char *, struct bgpq_expander *b, struct request *req),
     void *udata, char *fmt, ...);
 
-int bgpq_expand_irrd(struct bgpq_expander *b,
+int
+bgpq_expand_irrd(struct bgpq_expander *b,
     int (*callback)(char*, struct bgpq_expander *b, struct request *req),
     void *udata, char *fmt, ...);
 
@@ -261,6 +323,9 @@ static int
 bgpq_expanded_macro_limit(char *as, struct bgpq_expander *b,
     struct request *req)
 {
+	char		*source;
+	struct request	*req1;
+
 	if (!strncasecmp(as, "AS-", 3) || strchr(as, '-') || strchr(as, ':')) {
 		struct sx_tentry tkey = { .text = as };
 
@@ -281,20 +346,41 @@ bgpq_expanded_macro_limit(char *as, struct bgpq_expander *b,
 		    req->depth + 1 < b->maxdepth)) {
 			bgpq_expander_add_already(b, as);
 			if (pipelining) {
-				struct request *req1 = bgpq_pipeline(b,
-				    bgpq_expanded_macro_limit, NULL, "!i%s\n",
-				        as);
+				if (b->usesource) {
+					source = bgpq_get_source(as);
+					if (source) {
+						bgpq_pipeline(b, NULL, NULL,
+						    "!s%s\n", source);
+						free(source);
+					} else {
+						bgpq_pipeline(b, NULL, NULL,
+						    "!s%s\n", b->defaultsources);
+					}
+				}
+
+				req1 = bgpq_pipeline(b, bgpq_expanded_macro_limit,
+				    NULL, "!i%s\n", bgpq_get_asset(as));
 				req1->depth = req->depth + 1;
 			} else {
+				if (b->usesource) {
+					source = bgpq_get_source(as);
+					if (source) {
+						bgpq_expand_irrd(b, NULL, NULL,
+						    "!s%s\n", source);
+						free(source);
+					} else {
+						bgpq_expand_irrd(b, NULL, NULL,
+						    "!s%s\n", b->defaultsources);
+					}
+				}
 				b->cdepth++;
 				bgpq_expand_irrd(b, bgpq_expanded_macro_limit,
-				    NULL, "!i%s\n", as);
+				    NULL, "!i%s\n", bgpq_get_asset(as));
 				b->cdepth--;
 			}
 		} else {
 			SX_DEBUG(debug_expander > 2, "ignoring %s at depth %i\n",
-			    as,
-			    b->cdepth ? (b->cdepth + 1) : (req->depth + 1));
+			    as, b->cdepth ? (b->cdepth + 1) : (req->depth + 1));
 		}
 	} else if (!strncasecmp(as, "AS", 2)) {
 		struct sx_tentry tkey = { .text = as };
@@ -350,13 +436,88 @@ bgpq_expanded_v6prefix(char *prefix, struct bgpq_expander *ex,
 	return 1;
 }
 
-int bgpq_pipeline_dequeue(int fd, struct bgpq_expander *b);
+static char *
+bgpq_get_irrd_sources(int fd)
+{
+	char			*query, *response, *sources, *start, *end;
+	const unsigned int	 rsize = 256;
+	unsigned int		 slen;
+	int			 ret, qlen;
+
+	query = "!s-lc\n";
+	qlen = strlen(query);
+
+	if ((response = calloc(1, rsize)) == NULL)
+		err(1, NULL);
+	if ((sources = calloc(1, rsize)) == NULL)
+		err(1, NULL);
+
+	SX_DEBUG(debug_expander, "Requesting source list %s", query);
+	if ((ret = write(fd, query, strlen(query))) != qlen) {
+		sx_report(SX_ERROR, "Partial write of query to "
+			"IRRd: %i bytes, %s\n", ret, strerror(errno));
+		close(fd);
+		free(sources);
+		free(response);
+		exit(1);
+	}
+
+	if (0 < read(fd, response, rsize)) {
+		SX_DEBUG(debug_expander, "Got answer %s", response);
+		if (*(response + strlen(response) - 2) != 'C') {
+			sx_report(SX_ERROR, "Invalid response "
+				"'%s': %s\n", response, query);
+			close(fd);
+			free(sources);
+			free(response);
+			exit(1);
+		}
+	} else {
+		sx_report(SX_ERROR, "failed to read sources\n");
+		close(fd);
+		free(sources);
+		free(response);
+		exit(1);
+	}
+
+	start = strchr(response, '\n');
+	if (start) {
+		start += 1;
+		end = strchr(start, '\n');
+		if (!end) {
+			sx_report(SX_ERROR, "No 2nd newline in response '%s': %s\n",
+				response, query);
+			close(fd);
+			free(sources);
+			free(response);
+			exit(1);
+		}
+		slen = end - start;
+		if (slen > rsize)
+			memcpy(sources, start, rsize - 1);
+		else
+			memcpy(sources, start, slen);
+	} else {
+		sx_report(SX_ERROR, "No 1st newline in response '%s': %s\n",
+			response, query);
+		close(fd);
+		free(sources);
+		free(response);
+		exit(1);
+	}
+
+	free(response);
+	return sources;
+}
 
 static struct request *
 request_alloc(char *request, int (*callback)(char *, struct bgpq_expander *,
     struct request *), void *udata)
 {
-	struct request *bp = malloc(sizeof(struct request));
+	struct request *bp;
+
+	if ((bp = malloc(sizeof(struct request))) == NULL)
+		err(1, NULL);
 
 	if (!bp)
 		return NULL;
@@ -385,9 +546,9 @@ bgpq_pipeline(struct bgpq_expander *b,
     int (*callback)(char *, struct bgpq_expander *, struct request *),
     void *udata, char *fmt, ...)
 {
-	char			 request[128];
+	struct request		*bp = NULL;
+	char			 request[256];
 	int			 ret;
-	struct request	*bp = NULL;
 	va_list			 ap;
 
 	va_start(ap, fmt);
@@ -402,7 +563,6 @@ bgpq_pipeline(struct bgpq_expander *b,
 		sx_report(SX_FATAL,"Unable to allocate %lu bytes: %s\n",
 		    (unsigned long)sizeof(struct request),
 		    strerror(errno));
-		exit(1);
 	}
 
 	if (STAILQ_EMPTY(&b->wq)) {
@@ -415,12 +575,14 @@ bgpq_pipeline(struct bgpq_expander *b,
 			sx_report(SX_FATAL, "Error writing request: %s\n",
 			    strerror(errno));
 		}
+
 		bp->offset=ret;
-		if (ret == bp->size) {
+
+		if (ret == bp->size)
 			STAILQ_INSERT_TAIL(&b->rq, bp, next);
-		} else {
+		else
 			STAILQ_INSERT_TAIL(&b->wq, bp, next);
-		}
+
 	} else
 		STAILQ_INSERT_TAIL(&b->wq, bp, next);
 
@@ -528,6 +690,7 @@ bgpq_read(struct bgpq_expander *b)
 {
 	static char response[256];
 	static int off = 0;
+	int rval = 1;
 
 	if (!STAILQ_EMPTY(&b->wq))
 		bgpq_write(b);
@@ -568,10 +731,8 @@ have:
 			unsigned long 	 togot = strtoul(response + 1, &eon, 10);
 			char 		*recvbuffer = malloc(togot + 2);
 
-			if (!recvbuffer) {
-				sx_report(SX_FATAL, "error allocating %lu "
-				    "bytes: %s\n", togot + 2, strerror(errno));
-			}
+			if (recvbuffer == NULL)
+				err(1, NULL);
 
 			memset(recvbuffer, 0, togot + 2);
 
@@ -666,7 +827,7 @@ have3:
 					c[spn] = 0;
 				if (c[0] == 0)
 					break;
-				req->callback(c, b, req);
+				if (!req->callback(c, b, req)) rval = 0;
 				c += spn + 1;
 			}
 			assert(c == recvbuffer + togot);
@@ -674,24 +835,26 @@ have3:
 			free(recvbuffer);
 		} else if (response[0] == 'C') {
 			/* No data */
-			SX_DEBUG(debug_expander,"No data expanding %s\n",
+			SX_DEBUG(debug_expander,"No data expanding %s",
 			    req->request);
 			if (b->validate_asns)
 				bgpq_expander_invalidate_asn(b, req->request);
 		} else if (response[0] == 'D') {
-			/* .... */
-			SX_DEBUG(debug_expander,"Key not found expanding %s\n",
+			SX_DEBUG(debug_expander, "Key not found expanding %s",
 			    req->request);
 			if (b->validate_asns)
 				bgpq_expander_invalidate_asn(b, req->request);
+			rval = 0;
 		} else if (response[0] == 'E') {
-			sx_report(SX_ERROR, "Multiple keys expanding %s: %s\n",
+			sx_report(SX_ERROR, "Multiple keys expanding %s: %s",
 			    req->request, response);
+			rval = 0;
 		} else if ( response[0] == 'F') {
-			sx_report(SX_ERROR, "Error expanding %s: %s\n",
+			sx_report(SX_ERROR, "Error expanding %s: %s",
 			    req->request, response);
+			rval = 0;
 		} else {
-			sx_report(SX_ERROR,"Wrong reply: %s to %s\n", response,
+			sx_report(SX_ERROR,"Wrong reply: %s to %s", response,
 			    req->request);
 			exit(1);
 		}
@@ -708,7 +871,7 @@ have3:
 		request_free(req);
 	}
 
-	return 0;
+	return rval;
 }
 
 int
@@ -716,11 +879,12 @@ bgpq_expand_irrd(struct bgpq_expander *b,
     int (*callback)(char *, struct bgpq_expander *, struct request *),
     void *udata, char *fmt, ...)
 {
-	char			 request[128], response[128];
+	char			 request[256], response[256];
 	va_list			 ap;
 	ssize_t			 ret;
 	int			 off = 0;
 	struct request	*req;
+	int rval = 1;
 
 	va_start(ap, fmt);
 	vsnprintf(request, sizeof(request), fmt, ap);
@@ -730,8 +894,12 @@ bgpq_expand_irrd(struct bgpq_expander *b,
 
 	SX_DEBUG(debug_expander, "expander sending: %s", request);
 
-	if ((ret = write(b->fd, request, strlen(request)) == 0) || ret == -1)
-		err(1, "write");
+	if ((ret = write(b->fd, request, strlen(request)) == 0) || ret == -1) {
+		sx_report(SX_ERROR,
+			"Partial write of request to IRRd: %li bytes, %s\n",
+			ret, strerror(errno));
+		exit(1);
+	}
 
 	memset(response, 0, sizeof(response));
 
@@ -743,7 +911,6 @@ repeat:
 		exit(1);
 	} else if (ret == 0) {
 		sx_report(SX_FATAL, "EOF reading IRRd\n");
-		exit(1);
 	}
 
 	off += ret;
@@ -808,10 +975,8 @@ reread2:
 		if (ret < 0) {
 			sx_report(SX_FATAL, "error reading IRRd: %s\n",
 			    strerror(errno));
-			exit(1);
 		} else if (ret == 0) {
 			sx_report(SX_FATAL, "eof reading IRRd\n");
-			exit(1);
 		}
 		off += ret;
 
@@ -831,7 +996,7 @@ have3:
 			if (c[0] == 0)
 				break;
 			if (callback)
-				callback(c, b, req);
+				if (!callback(c, b, req)) rval = 0;
 			c += spn + 1;
 		}
 		memset(recvbuffer, 0, togot + 2);
@@ -841,30 +1006,36 @@ have3:
 		if (b->validate_asns)
 			bgpq_expander_invalidate_asn(b, request);
 	} else if (response[0] == 'D') {
-		/* ... */
+		SX_DEBUG(debug_expander, "Key not found expanding %s",
+			req->request);
 		if (b->validate_asns)
 			bgpq_expander_invalidate_asn(b, request);
+		rval = 0;
 	} else if (response[0] == 'E') {
 		/* XXXXXX */
 	} else if (response[0] == 'F') {
-		/* XXXXXX */
+		sx_report(SX_ERROR, "Error expanding %s: %s",
+			request, response);
+		rval = 0;
 	} else {
-		sx_report(SX_ERROR,"Wrong reply: %s\n", response);
-		exit(0);
+		sx_report(SX_ERROR,"Wrong reply: %s", response);
+		exit(1);
 	}
 	request_free(req);
 
-	return 0;
+	return rval;
 }
 
 int
 bgpq_expand(struct bgpq_expander *b)
 {
-	int			 fd = -1, err, ret, aquery = 0;
+	char			*source;
 	struct slentry		*mc;
 	struct addrinfo 	 hints, *res = NULL, *rp;
 	struct linger		 sl;
 	struct asn_entry	*asne;
+	int			 fd = -1, err, ret, aquery = 0;
+	int			 slen;
 
 	sl.l_onoff = 1;
 	sl.l_linger = 5;
@@ -931,6 +1102,7 @@ bgpq_expand(struct bgpq_expander *b)
 	if ((ret = write(fd, "!!\n", 3)) != 3) {
 		sx_report(SX_ERROR, "Partial write of multiple command mode "
 		    "to IRRd: %i bytes, %s\n", ret, strerror(errno));
+		close(fd);
 		exit(1);
 	}
 
@@ -944,6 +1116,7 @@ bgpq_expand(struct bgpq_expander *b)
 				sx_report(SX_ERROR, "Partial write of "
 				    "identifier to IRRd: %i bytes, %s\n",
 				    ret, strerror(errno));
+				close(fd);
 				exit(1);
 			}
 			memset(ident, 0, sizeof(ident));
@@ -951,10 +1124,12 @@ bgpq_expand(struct bgpq_expander *b)
 				SX_DEBUG(debug_expander, "Got answer %s", ident);
 			} else {
 				sx_report(SX_ERROR, "ident, failed read from IRRd\n");
+				close(fd);
 				exit(1);
 			}
 		} else {
 			sx_report(SX_ERROR, "snprintf(ident) failed\n");
+			close(fd);
 			exit(1);
 		}
 	}
@@ -967,6 +1142,7 @@ bgpq_expand(struct bgpq_expander *b)
 		if ((ret = write(fd, "!a\n", 3)) != 3) {
 			sx_report(SX_ERROR, "Partial write of '!a' test query "
 			    "to IRRd: %i bytes, %s\n", ret, strerror(errno));
+			close(fd);
 			exit(1);
 		}
 		memset(aret, 0, sizeof(aret));
@@ -979,14 +1155,27 @@ bgpq_expand(struct bgpq_expander *b)
 			}
 		} else {
 			sx_report(SX_ERROR, "A query test failed read from IRRd\n");
+			close(fd);
 			exit(1);
 		}
 	}
 
 	if (b->sources && b->sources[0] != 0) {
-		int slen = strlen(b->sources) + 4;
-		if (slen < 128)
-			slen = 128;
+		b->defaultsources = strdup(b->sources);
+	} else if (b->usesource) {
+		if (b->sources && b->sources[0] != 0) {
+			b->defaultsources = strdup(b->sources);
+		} else {
+			b->defaultsources = bgpq_get_irrd_sources(b->fd);
+		}
+	} else {
+		b->defaultsources = bgpq_get_irrd_sources(b->fd);
+	}
+
+	if (b->sources && b->sources[0] != 0) {
+		slen = strlen(b->sources) + 4;
+		if (slen < 256)
+			slen = 256;
 		char sources[slen];
 		slen = snprintf(sources, sizeof(sources), "!s%s\n", b->sources);
 		if (slen > 0) {
@@ -994,6 +1183,7 @@ bgpq_expand(struct bgpq_expander *b)
 			if ((ret = write(fd, sources, slen)) != slen) {
 				sx_report(SX_ERROR, "Partial write of sources to "
 				    "IRRd: %i bytes, %s\n", ret, strerror(errno));
+				close(fd);
 				exit(1);
 			}
 			memset(sources, 0, sizeof(sources));
@@ -1002,14 +1192,17 @@ bgpq_expand(struct bgpq_expander *b)
 				if (sources[0] != 'C') {
 					sx_report(SX_ERROR, "Invalid source(s) "
 					    "'%s': %s\n", b->sources, sources);
+					close(fd);
 					exit(1);
 				}
 			} else {
 				sx_report(SX_ERROR, "failed to read sources\n");
+				close(fd);
 				exit(1);
 			}
 		} else {
 			sx_report(SX_ERROR, "snprintf(sources) failed\n");
+			close(fd);
 			exit(1);
 		}
 	}
@@ -1019,25 +1212,57 @@ bgpq_expand(struct bgpq_expander *b)
 
 	STAILQ_FOREACH(mc, &b->macroses, entry) {
 		if (!b->maxdepth && RB_EMPTY(&b->stoplist)) {
-			if (aquery)
+			if (b->usesource) {
+				source = bgpq_get_source(mc->text);
+				if (source){
+					if (pipelining){
+						bgpq_pipeline(b, NULL, NULL, "!s%s\n", source);
+						bgpq_pipeline(b, bgpq_expanded_macro_limit, b,
+							"!i%s\n", bgpq_get_asset(mc->text));
+					} else {
+						bgpq_expand_irrd(b, NULL, NULL, "!s%s\n", source);
+						bgpq_expand_irrd(b, bgpq_expanded_macro_limit,
+							b, "!i%s\n", bgpq_get_asset(mc->text));
+					}
+					free(source);
+				} else {
+					if (pipelining){
+						bgpq_pipeline(b, NULL, NULL, "!s%s\n",
+							b->defaultsources);
+						bgpq_pipeline(b, bgpq_expanded_macro_limit, b,
+							"!i%s\n", bgpq_get_asset(mc->text));
+					} else {
+						bgpq_expand_irrd(b, NULL, NULL, "!s%s\n",
+							b->defaultsources);
+						bgpq_expand_irrd(b, bgpq_expanded_macro_limit, b,
+							"!i%s\n", bgpq_get_asset(mc->text));
+					}
+				}
+			} else if (aquery)
 				bgpq_expand_irrd(b, bgpq_expanded_prefix, b,
 				    "!a%s%s\n",
 				    b->family == AF_INET ? "4" : "6",
-				    mc->text);
+				    bgpq_get_asset(mc->text));
 			else
 				bgpq_expand_irrd(b, bgpq_expanded_macro, b,
-				    "!i%s,1\n", mc->text);
+				    "!i%s,1\n", bgpq_get_asset(mc->text));
 		} else {
-			bgpq_expander_add_already(b, mc->text);
+			bgpq_expander_add_already(b, bgpq_get_asset(mc->text));
 			if (pipelining)
 				bgpq_pipeline(b, bgpq_expanded_macro_limit,
-				    NULL, "!i%s\n", mc->text);
+				    NULL, "!i%s\n", bgpq_get_asset(mc->text));
 			else
 				bgpq_expand_irrd(b, bgpq_expanded_macro_limit,
-				    NULL, "!i%s\n", mc->text);
+				    NULL, "!i%s\n", bgpq_get_asset(mc->text));
 		}
 	}
 
+	if (pipelining){
+		bgpq_pipeline(b, NULL, NULL, "!s%s\n", b->defaultsources);
+	} else {
+		bgpq_expand_irrd(b, NULL, NULL, "!s%s\n", b->defaultsources);
+	}
+
 	if (pipelining) {
 		if (!STAILQ_EMPTY(&b->wq))
 			bgpq_write(b);
@@ -1047,12 +1272,70 @@ bgpq_expand(struct bgpq_expander *b)
 
 	if (b->generation >= T_PREFIXLIST || b->validate_asns) {
 		STAILQ_FOREACH(mc, &b->rsets, entry) {
-			if (b->family == AF_INET)
-				bgpq_expand_irrd(b, bgpq_expanded_prefix,
-				    NULL, "!i%s,1\n", mc->text);
-			else
-				bgpq_expand_irrd(b, bgpq_expanded_v6prefix,
-				    NULL, "!i%s,1\n", mc->text);
+			if (b->usesource) {
+				source = bgpq_get_source(mc->text);
+				if (source){
+					if (pipelining){
+						printf("Checking %s\n", bgpq_get_rset(mc->text));
+						bgpq_pipeline(b, NULL, NULL, "!s%s\n", source);
+						if (b->family == AF_INET)
+							bgpq_pipeline(b, bgpq_expanded_prefix,
+				    			NULL, "!i%s\n", bgpq_get_rset(mc->text));
+						else
+							bgpq_pipeline(b, bgpq_expanded_v6prefix,
+								NULL, "!i%s\n", bgpq_get_rset(mc->text));
+					} else {
+						bgpq_expand_irrd(b, NULL, NULL, "!s%s\n", source);
+						if (b->family == AF_INET)
+							bgpq_expand_irrd(b, bgpq_expanded_prefix,
+				    			NULL, "!i%s\n", bgpq_get_rset(mc->text));
+						else
+							bgpq_expand_irrd(b, bgpq_expanded_v6prefix,
+								NULL, "!i%s\n", bgpq_get_rset(mc->text));
+					}
+					free(source);
+				} else {
+					if (pipelining){
+						bgpq_pipeline(b, NULL, NULL, "!s%s\n",
+							b->defaultsources);
+						if (b->family == AF_INET)
+							bgpq_pipeline(b, bgpq_expanded_prefix,
+								NULL, "!i%s\n", bgpq_get_rset(mc->text));
+						else
+							bgpq_pipeline(b, bgpq_expanded_v6prefix,
+								NULL, "!i%s\n", bgpq_get_rset(mc->text));
+					} else {
+						bgpq_expand_irrd(b, NULL, NULL, "!s%s\n",
+							b->defaultsources);
+						if (b->family == AF_INET)
+							bgpq_expand_irrd(b, bgpq_expanded_prefix,
+								NULL, "!i%s\n", bgpq_get_rset(mc->text));
+						else
+							bgpq_expand_irrd(b, bgpq_expanded_v6prefix,
+								NULL, "!i%s\n", bgpq_get_rset(mc->text));
+					}
+				}
+			} else {
+				if (pipelining){
+					bgpq_pipeline(b, NULL, NULL, "!s%s\n",
+						b->defaultsources);
+					if (b->family == AF_INET)
+						bgpq_pipeline(b, bgpq_expanded_prefix,
+							NULL, "!i%s,1\n", bgpq_get_rset(mc->text));
+					else
+						bgpq_pipeline(b, bgpq_expanded_v6prefix,
+							NULL, "!i%s,1\n", bgpq_get_rset(mc->text));
+				} else {
+					bgpq_expand_irrd(b, NULL, NULL, "!s%s\n",
+						b->defaultsources);
+					if (b->family == AF_INET)
+						bgpq_expand_irrd(b, bgpq_expanded_prefix,
+							NULL, "!i%s,1\n", bgpq_get_rset(mc->text));
+					else
+						bgpq_expand_irrd(b, bgpq_expanded_v6prefix,
+							NULL, "!i%s,1\n", bgpq_get_rset(mc->text));
+				}
+			}
 		}
 
 		RB_FOREACH(asne, asn_tree, &b->asnlist) {
@@ -1093,14 +1376,16 @@ bgpq_expand(struct bgpq_expander *b)
 		fl &= ~O_NONBLOCK;
 		fcntl(fd, F_SETFL, fl);
 	}
+
 	close(fd);
+	free(b->defaultsources);
 
 	return 1;
 }
 
 void
-sx_radix_node_freeall(struct sx_radix_node *n) {
-
+sx_radix_node_freeall(struct sx_radix_node *n)
+{
 	if (n->l != NULL)
 		sx_radix_node_freeall(n->l);
 
@@ -1113,26 +1398,29 @@ sx_radix_node_freeall(struct sx_radix_node *n) {
 	if (n->payload)
 		free(n->payload);
 
-	sx_prefix_destroy(n->prefix);
+	sx_prefix_free(n->prefix);
 
 	free(n);
 }
 
 void
-sx_radix_tree_freeall(struct sx_radix_tree *t) {
-
+sx_radix_tree_freeall(struct sx_radix_tree *t)
+{
 	if (t->head != NULL)
 		sx_radix_node_freeall(t->head);
 
 	free(t);
 }
 
+/* XXX: needs cleaning up / figuring out */
 void
-bgpq_prequest_freeall(struct bgpq_prequest *bpr) {
+bgpq_prequest_freeall(struct bgpq_prequest *bpr)
+{
 }
 
 void
-expander_freeall(struct bgpq_expander *expander) {
+expander_freeall(struct bgpq_expander *expander)
+{
 	struct sx_tentry	*var, *nxt;
 	struct asn_entry	*asne, *asne_next;
 

extern.h

@@ -58,15 +58,19 @@ typedef enum {
 	V_FORMAT,
 	V_NOKIA,
 	V_HUAWEI,
-	V_MIKROTIK,
+	V_HUAWEI_XPL,
+	V_MIKROTIK6,
+	V_MIKROTIK7,
 	V_NOKIA_MD,
-	V_ARISTA
+	V_ARISTA,
+	V_NOKIA_SRL,
 } bgpq_vendor_t;
 
 typedef enum {
 	T_NONE = 0,
 	T_ASPATH,
 	T_OASPATH,
+	T_ASLIST,
 	T_ASSET,
 	T_PREFIXLIST,	
 	T_EACL,
@@ -89,6 +93,8 @@ struct bgpq_expander {
 	struct sx_radix_tree	 	*tree;
 	int			 	 family;
 	char				*sources;
+	char				*defaultsources;
+	unsigned int			 usesource;
 	uint32_t		 	 asnumber;
 	int			 	 aswidth;
 	char				*name;
@@ -124,6 +130,10 @@ int bgpq_expander_add_prefix(struct bgpq_expander *b, char *prefix);
 int bgpq_expander_add_prefix_range(struct bgpq_expander *b, char *prefix);
 int bgpq_expander_add_stop(struct bgpq_expander *b, char *object);
 
+char* bgpq_get_asset(char *object);
+char* bgpq_get_rset(char *object);
+char* bgpq_get_source(char *object);
+
 int bgpq_expand(struct bgpq_expander *b);
 
 void bgpq4_print_prefixlist(FILE *f, struct bgpq_expander *b);
@@ -131,6 +141,7 @@ void bgpq4_print_eacl(FILE *f, struct bgpq_expander *b);
 void bgpq4_print_aspath(FILE *f, struct bgpq_expander *b);
 void bgpq4_print_asset(FILE *f, struct bgpq_expander *b);
 void bgpq4_print_oaspath(FILE *f, struct bgpq_expander *b);
+void bgpq4_print_aslist(FILE *f, struct bgpq_expander *b);
 void bgpq4_print_route_filter_list(FILE *f, struct bgpq_expander *b);
 
 void sx_radix_node_freeall(struct sx_radix_node *n);

main.c

@@ -31,8 +31,6 @@
 
 #include <sys/types.h>
 #include <sys/socket.h>
-#include <netinet/in.h>
-#include <arpa/inet.h>
 
 #include <ctype.h>
 #include <stdio.h>
@@ -52,19 +50,22 @@ extern int expand_special_asn;
 static int
 usage(int ecode)
 {
-	printf("\nUsage: bgpq4 [-h host[:port]] [-S sources] [-E|G <num>"
-	    "|f <num>|t] [-46ABbdJjKNnwXz] [-R len] <OBJECTS> ... "
+	printf("\nUsage: bgpq4 [-h host[:port]] [-S sources] [-E|G|H <num>"
+	    "|f <num>|t] [-46ABbdJjKNnpwXz] [-R len] <OBJECTS> ... "
 	    "[EXCEPT <OBJECTS> ...]\n");
 	printf("\nVendor targets:\n");
 	printf(" no option : Cisco IOS Classic (default)\n");
 	printf(" -X        : Cisco IOS XR\n");
 	printf(" -U        : Huawei\n");
+	printf(" -u        : Huawei XPL\n");
 	printf(" -j        : JSON\n");
 	printf(" -J        : Juniper Junos\n");
-	printf(" -K        : MikroTik RouterOS\n");
+	printf(" -K        : MikroTik RouterOSv6\n");
+	printf(" -K7       : MikroTik RouterOSv7\n");
 	printf(" -b        : NIC.CZ BIRD\n");
 	printf(" -N        : Nokia SR OS (Classic CLI)\n");
 	printf(" -n        : Nokia SR OS (MD-CLI)\n");
+	printf(" -n2       : Nokia SR Linux\n");
 	printf(" -B        : OpenBSD OpenBGPD\n");
 	printf(" -e        : Arista EOS\n");
 	printf(" -F fmt    : User defined format (example: '-F %%n/%%l')\n");
@@ -81,6 +82,7 @@ usage(int ecode)
 		"registered routes\n");
 
 	printf("\nOutput modifiers:\n");
+	printf(" -3        : assume that your device is asn32-safe (default)\n");
 	printf(" -A        : try to aggregate prefix-lists/route-filters\n");
 	printf(" -E        : generate extended access-list (Cisco), "
 	    "route-filter (Juniper)\n"
@@ -88,16 +90,18 @@ usage(int ecode)
 	    "(OpenBGPD)\n");
 	printf(" -f number : generate input as-path access-list\n");
 	printf(" -G number : generate output as-path access-list\n");
+	printf(" -H number : generate origin as-lists (JunOS only)\n");
 	printf(" -M match  : extra match conditions for JunOS route-filters\n");
 	printf(" -l name   : use specified name for generated access/prefix/.."
 		" list\n");
+	printf(" -p        : allow special ASNs like 23456 or in the private range");
 	printf(" -R len    : allow more specific routes up to specified masklen\n");
 	printf(" -r len    : allow more specific routes from masklen specified\n");
 	printf(" -s        : generate sequence numbers in prefix-lists (IOS only)\n");
 	printf(" -t        : generate as-sets for OpenBGPD (OpenBGPD 6.4+), BIRD "
 		"and JSON formats\n");
 	printf(" -z        : generate route-filter-list (Junos only)\n");
-	printf(" -W len    : specify max-entries on as-path line (use 0 for "
+	printf(" -W len    : specify max-entries on as-path/as-list line (use 0 for "
 		"infinity)\n");
 
 	printf("\nUtility operations:\n");
@@ -133,9 +137,9 @@ static void
 vendor_exclusive(void)
 {
 	fprintf(stderr, "-b (BIRD), -B (OpenBGPD), -F (formatted), -J (Junos),"
-	    " -j (JSON), -N (Nokia SR OS Classic), -n (Nokia SR OS MD-CLI),"
-	    " -U (Huawei), -e (Arista) and -X (IOS XR) options are mutually"
-	    " exclusive\n");
+	    " -j (JSON), -K[7] (Microtik ROS), -N (Nokia SR OS Classic),"
+	    " -n (Nokia SR OS MD-CLI), -U (Huawei), -u (Huawei XPL),"
+	    "-e (Arista) and -X (IOS XR) options are mutually exclusive\n");
 	exit(1);
 }
 
@@ -190,156 +194,170 @@ main(int argc, char* argv[])
 		exit(1);
 	}
 #endif
-	
+
 	bgpq_expander_init(&expander, af);
 
 	if (getenv("IRRD_SOURCES"))
 		expander.sources=getenv("IRRD_SOURCES");
 
 	while ((c = getopt(argc, argv,
-	    "346a:AbBdDEeF:S:jJKf:l:L:m:M:NnW:pr:R:G:tTh:UwXsvz"))
-	    !=EOF) {
+	    "23467a:AbBdDEeF:S:jJKf:l:L:m:M:NnpW:r:R:G:H:tTh:UuwXsvz")) != EOF) {
 	switch (c) {
-        case '3':
-            /*
-             * No-op, left for backwards compatibility with bgpq3
-             */
-            break;
-		case '4':
-			/* do nothing, expander already configured for IPv4 */
-			if (expander.family == AF_INET6) {
-				sx_report(SX_FATAL, "-4 and -6 are mutually "
-				    "exclusive\n");
-				exit(1);
+	case '2':
+		if (expander.vendor != V_NOKIA_MD) {
+			sx_report(SX_FATAL, "'2' can only be used after -n\n");
+			exit(1);
+		}
+		expander.vendor = V_NOKIA_SRL;
+		break;
+	case '3':
+		/* do nothing, 32-bit ASN support is assumed */
+		break;
+	case '4':
+		/* do nothing, expander already configured for IPv4 */
+		if (expander.family == AF_INET6) {
+			sx_report(SX_FATAL, "-4 and -6 are mutually "
+			    "exclusive\n");
+			exit(1);
+		}
+		selectedipv4 = 1;
+		break;
+	case '6':
+		if (selectedipv4) {
+			sx_report(SX_FATAL, "-4 and -6 are mutually "
+			    "exclusive\n");
+			exit(1);
+		}
+		af = AF_INET6;
+		expander.family = AF_INET6;
+		expander.tree->family = AF_INET6;
+		break;
+	case '7':
+		if (expander.vendor != V_MIKROTIK6) {
+			sx_report(SX_FATAL, "'7' can only be used after -K\n");
+			exit(1);
+		}
+		expander.vendor = V_MIKROTIK7;
+		break;
+	case 'a':
+		parseasnumber(&expander, optarg);
+		break;
+	case 'A':
+		if (aggregate)
+			debug_aggregation++;
+		aggregate = 1;
+		break;
+	case 'b':
+		if (expander.vendor)
+			vendor_exclusive();
+		expander.vendor = V_BIRD;
+		break;
+	case 'B':
+		if (expander.vendor)
+			vendor_exclusive();
+		expander.vendor = V_OPENBGPD;
+		break;
+	case 'd':
+		debug_expander++;
+		break;
+	case 'E':
+		if (expander.generation)
+			exclusive();
+		expander.generation = T_EACL;
+		break;
+	case 'e':
+		if (expander.vendor)
+			vendor_exclusive();
+		expander.vendor = V_ARISTA;
+		expander.sequence = 1;
+		break;
+	case 'F':
+		if (expander.vendor)
+			exclusive();
+		expander.vendor = V_FORMAT;
+		expander.format = optarg;
+		break;
+	case 'f':
+		if (expander.generation)
+			exclusive();
+		expander.generation = T_ASPATH;
+		parseasnumber(&expander, optarg);
+		break;
+	case 'G':
+		if (expander.generation)
+			exclusive();
+		expander.generation = T_OASPATH;
+		parseasnumber(&expander, optarg);
+		break;
+	case 'H':
+		if (expander.generation)
+			exclusive();
+		expander.generation = T_ASLIST;
+		parseasnumber(&expander, optarg);
+		break;
+	case 'h':
+		{
+			char *d = strchr(optarg, ':');
+			expander.server = optarg;
+			if (d) {
+				*d = 0;
+				expander.port = d + 1;
 			}
-			selectedipv4=1;
-			break;
-		case '6':
-			if (selectedipv4) {
-				sx_report(SX_FATAL, "-4 and -6 are mutually "
-				    "exclusive\n");
-				exit(1);
-			}
-			af = AF_INET6;
-			expander.family = AF_INET6;
-			expander.tree->family = AF_INET6;
-			break;
-		case 'a':
-			parseasnumber(&expander, optarg);
-			break;
-		case 'A':
-			if (aggregate)
-				debug_aggregation++;
-			aggregate = 1;
-			break;
-		case 'b':
-			if (expander.vendor)
-				vendor_exclusive();
-			expander.vendor = V_BIRD;
-			break;
-		case 'B':
-			if (expander.vendor)
-				vendor_exclusive();
-			expander.vendor = V_OPENBGPD;
-			break;
-		case 'd':
-			debug_expander++;
-			break;
-		case 'E':
-			if (expander.generation)
-				exclusive();
-			expander.generation = T_EACL;
-			break;
-		case 'e':
-			if (expander.vendor)
-				vendor_exclusive();
-			expander.vendor = V_ARISTA;
-			expander.sequence = 1;
-			break;
-		case 'F':
-			if (expander.vendor)
-				exclusive();
-			expander.vendor = V_FORMAT;
-			expander.format = optarg;
-			break;
-		case 'f':
-			if (expander.generation)
-				exclusive();
-			expander.generation = T_ASPATH;
-			parseasnumber(&expander, optarg);
-			break;
-		case 'G':
-			if (expander.generation)
-				exclusive();
-			expander.generation = T_OASPATH;
-			parseasnumber(&expander, optarg);
-			break;
-		case 'h':
-			{
-				char* d = strchr(optarg, ':');
-				expander.server = optarg;
-				if (d) {
-					*d = 0;
-					expander.port = d + 1;
-				}
-			}
-			break;
-		case 'J':
-			if (expander.vendor)
-				vendor_exclusive();
-			expander.vendor = V_JUNIPER;
-			break;
-		case 'j':
-			if (expander.vendor)
-				vendor_exclusive();
-			expander.vendor = V_JSON;
-			break;
-		case 'K':
-			if (expander.vendor)
-				vendor_exclusive();
-			expander.vendor = V_MIKROTIK;
-			break;
-		case 'p':
-			expand_special_asn = 1;
-			break;
-		case 'r':
-			refineLow = strtoul(optarg, NULL, 10);
-			if (!refineLow) {
-				sx_report(SX_FATAL, "Invalid refineLow value:"
-				    " %s\n", optarg);
-				exit(1);
-			}
-			break;
-		case 'R':
-			refine = strtoul(optarg, NULL, 10);
-			if (!refine) {
-				sx_report(SX_FATAL,"Invalid refine length:"
-				    " %s\n", optarg);
-				exit(1);
-			}
-			break;
-		case 'l':
-			expander.name = optarg;
-			break;
-		case 'L':
-			expander.maxdepth = strtol(optarg, NULL, 10);
-			if (expander.maxdepth < 1) {
-				sx_report(SX_FATAL, "Invalid maximum recursion"
-				    " (-L): %s\n", optarg);
-				exit(1);
-			}
-			break;
-		case 'm':
-			maxlen=strtoul(optarg, NULL, 10);
-			if (!maxlen) {
-				sx_report(SX_FATAL, "Invalid maxlen (-m): %s\n",
-				    optarg);
-				exit(1);
-			}
-			break;
-		case 'M':
-			{
-			char *mc, *md;
+		}
+		break;
+	case 'J':
+		if (expander.vendor)
+			vendor_exclusive();
+		expander.vendor = V_JUNIPER;
+		break;
+	case 'j':
+		if (expander.vendor)
+			vendor_exclusive();
+		expander.vendor = V_JSON;
+		break;
+	case 'K':
+		if (expander.vendor)
+			vendor_exclusive();
+		expander.vendor = V_MIKROTIK6;
+		break;
+	case 'r':
+		refineLow = strtoul(optarg, NULL, 10);
+		if (!refineLow) {
+			sx_report(SX_FATAL, "Invalid refineLow value:"
+			    " %s\n", optarg);
+			exit(1);
+		}
+		break;
+	case 'R':
+		refine = strtoul(optarg, NULL, 10);
+		if (!refine) {
+			sx_report(SX_FATAL,"Invalid refine length:"
+			    " %s\n", optarg);
+			exit(1);
+		}
+		break;
+	case 'l':
+		expander.name = optarg;
+		break;
+	case 'L':
+		expander.maxdepth = strtol(optarg, NULL, 10);
+		if (expander.maxdepth < 1) {
+			sx_report(SX_FATAL, "Invalid maximum recursion"
+			    " (-L): %s\n", optarg);
+			exit(1);
+		}
+		break;
+	case 'm':
+		maxlen=strtoul(optarg, NULL, 10);
+		if (!maxlen) {
+			sx_report(SX_FATAL, "Invalid maxlen (-m): %s\n",
+			    optarg);
+			exit(1);
+		}
+		break;
+	case 'M':
+		{
+			char	*mc, *md;
 			expander.match = strdup(optarg);
 			mc = md = expander.match;
 			while (*mc) {
@@ -377,64 +395,71 @@ main(int argc, char* argv[])
 				}
 			}
 			*md = 0;
-			}
-			break;
-		case 'N':
-			if (expander.vendor)
-				vendor_exclusive();
-			expander.vendor = V_NOKIA;
-			break;
-		case 'n':
-			if (expander.vendor)
-				vendor_exclusive();
-			expander.vendor = V_NOKIA_MD;
-			break;
-		case 't':
-			if (expander.generation)
-				exclusive();
-			expander.generation = T_ASSET;
-			break;
-		case 'T':
-			pipelining = 0;
-			break;
-		case 's':
-			expander.sequence = 1;
-			break;
-		case 'S':
-			expander.sources = optarg;
-			break;
-		case 'U':
-			if (expander.vendor)
-				exclusive();
-			expander.vendor = V_HUAWEI;
-			break;
-		case 'W':
-			expander.aswidth = atoi(optarg);
-			if (expander.aswidth < 0) {
-				sx_report(SX_FATAL,"Invalid as-width: %s\n",
-				    optarg);
-				exit(1);
-			}
-			widthSet = 1;
-			break;
-		case 'w':
-			expander.validate_asns = 1;
-			break;
-		case 'X':
-			if (expander.vendor)
-				vendor_exclusive();
-			expander.vendor = V_CISCO_XR;
-			break;
-		case 'v':
-			version();
-			break;
-		case 'z':
-			if (expander.generation)
-				exclusive();
-			expander.generation = T_ROUTE_FILTER_LIST;
-			break;
-		default:
-			usage(1);
+		}
+		break;
+	case 'N':
+		if (expander.vendor)
+			vendor_exclusive();
+		expander.vendor = V_NOKIA;
+		break;
+	case 'n':
+		if (expander.vendor)
+			vendor_exclusive();
+		expander.vendor = V_NOKIA_MD;
+		break;
+	case 'p':
+		expand_special_asn = 1;
+		break;
+	case 't':
+		if (expander.generation)
+			exclusive();
+		expander.generation = T_ASSET;
+		break;
+	case 'T':
+		pipelining = 0;
+		break;
+	case 's':
+		expander.sequence = 1;
+		break;
+	case 'S':
+		expander.sources = optarg;
+		break;
+	case 'U':
+		if (expander.vendor)
+			exclusive();
+		expander.vendor = V_HUAWEI;
+		break;
+	case 'u':
+		if (expander.vendor)
+			exclusive();
+		expander.vendor = V_HUAWEI_XPL;
+		break;
+	case 'W':
+		expander.aswidth = atoi(optarg);
+		if (expander.aswidth < 0) {
+			sx_report(SX_FATAL,"Invalid as-width: %s\n", optarg);
+			exit(1);
+		}
+		widthSet = 1;
+		break;
+	case 'w':
+		expander.validate_asns = 1;
+		break;
+	case 'X':
+		if (expander.vendor)
+			vendor_exclusive();
+		expander.vendor = V_CISCO_XR;
+		break;
+	case 'v':
+		version();
+		break;
+	case 'z':
+		if (expander.generation)
+			exclusive();
+		expander.generation = T_ROUTE_FILTER_LIST;
+		break;
+	default:
+		usage(1);
 	}
 	}
 
@@ -447,7 +472,8 @@ main(int argc, char* argv[])
 			switch (vendor) {
 			case V_ARISTA:
 			case V_CISCO:
-			case V_MIKROTIK:
+			case V_MIKROTIK6:
+			case V_MIKROTIK7:
 				expander.aswidth = 4;
 				break;
 			case V_CISCO_XR:
@@ -456,6 +482,7 @@ main(int argc, char* argv[])
 			case V_JUNIPER:
 			case V_NOKIA:
 			case V_NOKIA_MD:
+			case V_NOKIA_SRL:
 				expander.aswidth = 8;
 				break;
 			case V_BIRD:
@@ -475,6 +502,14 @@ main(int argc, char* argv[])
 			case V_JUNIPER:
 			case V_NOKIA:
 			case V_NOKIA_MD:
+			case V_NOKIA_SRL:
+				expander.aswidth = 8;
+				break;
+			}
+		} else if (expander.generation == T_ASLIST) {
+			int vendor = expander.vendor;
+			switch (vendor) {
+			case V_JUNIPER:
 				expander.aswidth = 8;
 				break;
 			}
@@ -540,7 +575,7 @@ main(int argc, char* argv[])
 	}
 
 	if (aggregate
-	    && (expander.vendor == V_NOKIA_MD || expander.vendor == V_NOKIA)
+	    && (expander.vendor == V_NOKIA_MD || expander.vendor == V_NOKIA || expander.vendor == V_NOKIA_SRL)
 	    && expander.generation != T_PREFIXLIST) {
 		sx_report(SX_FATAL, "Sorry, aggregation (-A) is not supported with "
 		    "ip-prefix-lists (-E) on Nokia.\n");
@@ -548,7 +583,7 @@ main(int argc, char* argv[])
 	}
 
 	if (refine
-	    && (expander.vendor == V_NOKIA_MD || expander.vendor == V_NOKIA)
+	    && (expander.vendor == V_NOKIA_MD || expander.vendor == V_NOKIA || expander.vendor == V_NOKIA_SRL)
 	    && expander.generation != T_PREFIXLIST) {
 		sx_report(SX_FATAL, "Sorry, more-specifics (-R) is not supported with "
 		    "ip-prefix-lists (-E) on Nokia.\n");
@@ -556,7 +591,7 @@ main(int argc, char* argv[])
 	}
 
 	if (refineLow
-	     && (expander.vendor == V_NOKIA_MD || expander.vendor == V_NOKIA)
+	     && (expander.vendor == V_NOKIA_MD || expander.vendor == V_NOKIA || expander.vendor == V_NOKIA_SRL)
 	     && expander.generation != T_PREFIXLIST) {
 		sx_report(SX_FATAL, "Sorry, more-specifics (-r) is not supported with "
 		    "ip-prefix-lists (-E) on Nokia.\n");
@@ -663,14 +698,18 @@ main(int argc, char* argv[])
 		    "only with Juniper route-filters\n");
 	}
 
-	if ((expander.generation == T_ASPATH || expander.generation == T_OASPATH)
+	if ((expander.generation == T_ASPATH
+	    || expander.generation == T_OASPATH
+	    || expander.generation == T_ASLIST)
 	    && af != AF_INET && !expander.validate_asns) {
-		sx_report(SX_FATAL, "Sorry, -6 makes no sense with as-path (-f/-G) "
+		sx_report(SX_FATAL, "Sorry, -6 makes no sense with as-path (-f/-G) or as-list (-H) "
 		    "generation\n");
 	}
 
-	if (expander.validate_asns && expander.generation != T_ASPATH
-	    && expander.generation != T_OASPATH) {
+	if (expander.validate_asns
+	    && expander.generation != T_ASPATH
+	    && expander.generation != T_OASPATH
+	    && expander.generation != T_ASLIST) {
 		sx_report(SX_FATAL, "Sorry, -w makes sense only for as-path "
 		    "(-f/-G) generation\n");
 	}
@@ -679,17 +718,23 @@ main(int argc, char* argv[])
 		usage(1);
 
 	while (argv[0]) {
+		char *obj = argv[0];
+		char *delim = strstr(argv[0], "::");
+		if (delim) {
+			expander.usesource = 1;
+			obj = delim + 2;
+		}
 		if (!strcmp(argv[0], "EXCEPT")) {
 			exceptmode = 1;
 		} else if (exceptmode) {
 			bgpq_expander_add_stop(&expander, argv[0]);
-		} else if (!strncasecmp(argv[0], "AS-", 3)) {
+		} else if (!strncasecmp(obj, "AS-", 3)) {
 			bgpq_expander_add_asset(&expander, argv[0]);
-		} else if (!strncasecmp(argv[0], "RS-", 3)) {
+		} else if (!strncasecmp(obj, "RS-", 3)) {
 			bgpq_expander_add_rset(&expander, argv[0]);
-		} else if (!strncasecmp(argv[0], "AS", 2)) {
+		} else if (!strncasecmp(obj, "AS", 2)) {
 			char *ec;
-			if ((ec = strchr(argv[0], ':'))) {
+			if ((ec = strchr(obj, ':'))) {
 				if (!strncasecmp(ec + 1, "AS-", 3)) {
 					bgpq_expander_add_asset(&expander, argv[0]);
 				} else if (!strncasecmp(ec + 1, "RS-", 3)) {
@@ -733,7 +778,7 @@ main(int argc, char* argv[])
 
 	switch (expander.generation) {
 		case T_NONE:
-			sx_report(SX_FATAL,"Unreachable point... call snar\n");
+			sx_report(SX_FATAL,"Unreachable point");
 			exit(1);
 		case T_ASPATH:
 			bgpq4_print_aspath(stdout, &expander);
@@ -741,6 +786,9 @@ main(int argc, char* argv[])
 		case T_OASPATH:
 			bgpq4_print_oaspath(stdout, &expander);
 			break;
+		case T_ASLIST:
+			bgpq4_print_aslist(stdout, &expander);
+			break;
 		case T_ASSET:
 			bgpq4_print_asset(stdout, &expander);
 			break;

printer.c

@@ -40,6 +40,13 @@
 
 extern int debug_expander;
 
+#define max(a,b)             \
+({                           \
+    __typeof__ (a) _a = (a); \
+    __typeof__ (b) _b = (b); \
+    _a > _b ? _a : _b;       \
+})
+
 static void 
 bgpq4_print_cisco_aspath(FILE *f, struct bgpq_expander *b)
 {
@@ -274,6 +281,45 @@ bgpq4_print_juniper_oaspath(FILE *f, struct bgpq_expander *b)
 	fprintf(f, " }\n}\n");
 }
 
+static void
+bgpq4_print_juniper_aslist(FILE *f, struct bgpq_expander *b)
+{
+	int			 nc = 0, lineNo = 0;
+	struct asn_entry	*asne, find, *res;
+
+	fprintf(f,"policy-options {\nreplace:\n as-list-group %s {\n",
+	    b->name);
+
+	find.asn = b->asnumber;
+	if ((res = RB_FIND(asn_tree, &b->asnlist, &find)) != NULL) {
+		fprintf(f, "  as-list a0 members %u;\n", res->asn);
+		RB_REMOVE(asn_tree, &b->asnlist, res);
+		lineNo++;
+	}
+
+	RB_FOREACH(asne, asn_tree, &b->asnlist) {
+		if (!nc) {
+			fprintf(f, "  as-list a%u members [ %u",
+			    lineNo, asne->asn);
+		} else {
+			fprintf(f," %u", asne->asn);
+		}
+
+		nc++;
+
+		if (nc == b->aswidth) {
+			fprintf(f, " ];\n");
+			nc = 0;
+			lineNo++;
+		}
+	}
+
+	if (nc)
+		fprintf(f, " ];\n");
+
+	fprintf(f, " }\n}\n");
+}
+
 static void
 bgpq4_print_openbgpd_oaspath(FILE *f, struct bgpq_expander *b)
 {
@@ -406,6 +452,43 @@ bgpq4_print_huawei_aspath(FILE *f, struct bgpq_expander *b)
 		fprintf(f, ")$\n");
 }
 
+static void
+bgpq4_print_huawei_xpl_aspath(FILE *f, struct bgpq_expander *b)
+{
+	int 			 nc = 0, comma = 1;
+	struct asn_entry	*asne, find, *res;
+
+	fprintf(f, "xpl as-path-list %s", b->name);
+
+	find.asn = b->asnumber;
+	if ((res = RB_FIND(asn_tree, &b->asnlist, &find)) != NULL) {
+		fprintf(f, "\n  regular ^%u(_%u)*$", res->asn, res->asn);
+		RB_REMOVE(asn_tree, &b->asnlist, res);
+	}
+
+	RB_FOREACH(asne, asn_tree, &b->asnlist) {
+		if (!nc) {
+			fprintf(f, "%s\n  regular ^%u(_[0-9]+)*_(%u",
+			    comma ? "," : "",
+			    b->asnumber,
+			    asne->asn);
+			comma = 1;
+		} else
+			fprintf(f, "|%u", asne->asn);
+
+		nc++;
+		if (nc == b->aswidth) {
+			fprintf(f, ")$");
+			nc = 0;
+		}
+	}
+
+	if (nc)
+		fprintf(f, ")$");
+
+	fprintf(f, "\nend-list\n");
+}
+
 static void
 bgpq4_print_huawei_oaspath(FILE *f, struct bgpq_expander *b)
 {
@@ -445,6 +528,42 @@ bgpq4_print_huawei_oaspath(FILE *f, struct bgpq_expander *b)
 		fprintf(f, ")$\n");
 }
 
+static void
+bgpq4_print_huawei_xpl_oaspath(FILE *f, struct bgpq_expander *b)
+{
+	int 			 nc = 0, comma = 0;
+	struct asn_entry	*asne, find, *res;
+
+	fprintf(f, "xpl as-path-list %s", b->name);
+
+	find.asn = b->asnumber;
+	if ((res = RB_FIND(asn_tree, &b->asnlist, &find)) != NULL) {
+		fprintf(f, "\n  regular ^(_%u)*$", res->asn);
+		RB_REMOVE(asn_tree, &b->asnlist, res);
+		comma = 1;
+	}
+
+	RB_FOREACH(asne, asn_tree, &b->asnlist) {
+		if (!nc) {
+			fprintf(f,"%s\n  regular ^(_[0-9]+)*_(%u",
+			    comma ? "," : "", asne->asn);
+			comma = 1;
+		} else
+			fprintf(f,"|%u",asne->asn);
+
+		nc++;
+		if (nc == b->aswidth) {
+			fprintf(f,")$");
+			nc = 0;
+		}
+	}
+
+	if (nc)
+		fprintf(f,")$");
+
+	fprintf(f,"\nend-list\n");
+}
+
 static void
 bgpq4_print_nokia_oaspath(FILE *f, struct bgpq_expander *b)
 {
@@ -664,7 +783,7 @@ bgpq4_print_bird_aspath(FILE* f, struct bgpq_expander* b)
 			nc = 0;
 	}
 
-	fprintf(f, "];\n");
+	fprintf(f, "\n];\n");
 }
 
 static void
@@ -763,6 +882,9 @@ bgpq4_print_aspath(FILE *f, struct bgpq_expander *b)
 	case V_HUAWEI:
 		bgpq4_print_huawei_aspath(f, b);
 		break;
+	case V_HUAWEI_XPL:
+		bgpq4_print_huawei_xpl_aspath(f, b);
+		break;
 	default:
 		sx_report(SX_FATAL,"Unknown vendor %i\n", b->vendor);
 	}
@@ -794,6 +916,21 @@ bgpq4_print_oaspath(FILE *f, struct bgpq_expander *b)
 	case V_HUAWEI:
 		bgpq4_print_huawei_oaspath(f, b);
 		break;
+	case V_HUAWEI_XPL:
+		bgpq4_print_huawei_xpl_oaspath(f, b);
+		break;
+	default:
+		sx_report(SX_FATAL,"Unknown vendor %i\n", b->vendor);
+	}
+}
+
+void
+bgpq4_print_aslist(FILE *f, struct bgpq_expander *b)
+{
+	switch (b->vendor) {
+	case V_JUNIPER:
+		bgpq4_print_juniper_aslist(f, b);
+		break;
 	default:
 		sx_report(SX_FATAL,"Unknown vendor %i\n", b->vendor);
 	}
@@ -973,6 +1110,43 @@ checkSon:
 		bgpq4_print_hprefix(n->son, ff);
 }
 
+static void
+bgpq4_print_hprefixxpl(struct sx_radix_node* n, void* ff)
+{
+	char prefix[128];
+	FILE* f = (FILE*)ff;
+
+	if (!f)
+		f = stdout;
+
+	if (n->isGlue)
+		goto checkSon;
+
+	sx_prefix_snprintf_sep(n->prefix, prefix, sizeof(prefix), " ");
+
+	if (n->isAggregate) {
+		if (n->aggregateLow>n->prefix->masklen) {
+			fprintf(f,"%s %s ge %u le %u",
+			    needscomma ? ",\n " : " ",
+			    prefix, n->aggregateLow, n->aggregateHi);
+		} else {
+			fprintf(f,"%s %s le %u",
+			    needscomma ? ",\n " : " ",
+			    prefix, n->aggregateHi);
+		}
+	} else {
+		fprintf(f, "%s %s",
+		    needscomma ? ",\n " : " ",
+		    prefix);
+	}
+
+	needscomma = 1;
+
+checkSon:
+	if (n->son)
+		bgpq4_print_hprefixxpl(n->son, ff);
+}
+
 static void
 bgpq4_print_eprefix(struct sx_radix_node *n, void *ff)
 {
@@ -1070,11 +1244,11 @@ bgpq4_print_ceacl(struct sx_radix_node *n, void *ff)
 		wildmask.s_addr = htonl(wildmask.s_addr);
 
 		if (wildaddr.s_addr) {
-			fprintf(f, "permit ip %s ",
+			fprintf(f, " permit ip %s ",
 			    inet_ntoa(n->prefix->addr.addr));
 			fprintf(f, "%s ", inet_ntoa(wildaddr));
 		} else {
-			fprintf(f, "permit ip host %s ",
+			fprintf(f, " permit ip host %s ",
 			    inet_ntoa(n->prefix->addr.addr));
 		}
 
@@ -1085,7 +1259,7 @@ bgpq4_print_ceacl(struct sx_radix_node *n, void *ff)
 			fprintf(f, "host %s\n", inet_ntoa(mask));
 		}
 	} else {
-		fprintf(f, "permit ip host %s host %s\n", prefix,
+		fprintf(f, " permit ip host %s host %s\n", prefix,
 		    inet_ntoa(netmask));
 	}
 
@@ -1203,6 +1377,60 @@ checkSon:
 
 }
 
+static void
+bgpq4_print_nokia_srl_prefix(struct sx_radix_node *n, void *ff)
+{
+	char 	 prefix[128];
+	FILE	*f = (FILE*)ff;
+
+	if (n->isGlue)
+		goto checkSon;
+
+	if (!f)
+		f = stdout;
+
+	sx_prefix_snprintf(n->prefix, prefix, sizeof(prefix));
+
+	if (!n->isAggregate) {
+		fprintf(f, "    prefix %s mask-length-range exact { }\n", prefix);
+	} else {
+		fprintf(f, "    prefix %s mask-length-range %u..%u { }\n", prefix, 
+		  max(n->aggregateLow,n->prefix->masklen), n->aggregateHi);
+	}
+
+checkSon:
+	if (n->son)
+		bgpq4_print_nokia_srl_prefix(n->son, ff);
+}
+
+typedef struct {
+	FILE *f;
+	int seq;
+} NOKIA_SRL_IPFILTER_PARAMS;
+
+static void
+bgpq4_print_nokia_srl_ipfilter(struct sx_radix_node *n, void *ff)
+{
+	char 	 prefix[128];
+	NOKIA_SRL_IPFILTER_PARAMS *params = (NOKIA_SRL_IPFILTER_PARAMS*) ff;
+
+	if (n->isGlue)
+		goto checkSon;
+
+	if (!params->f)
+		params->f = stdout;
+
+	sx_prefix_snprintf(n->prefix, prefix, sizeof(prefix));
+
+	fprintf(params->f, " entry %d {\n  action { accept { } }\n  match { source-ip { prefix %s } } }\n", params->seq, prefix);
+	params->seq += 10;
+
+checkSon:
+	if (n->son) {
+		bgpq4_print_nokia_srl_ipfilter(n->son, ff);
+	}
+}
+
 static void
 bgpq4_print_juniper_prefixlist(FILE *f, struct bgpq_expander *b)
 {
@@ -1369,6 +1597,18 @@ bgpq4_print_huawei_prefixlist(FILE *f, struct bgpq_expander *b)
 	}
 }
 
+static void
+bgpq4_print_huawei_xpl_prefixlist(FILE* f, struct bgpq_expander* b)
+{
+	bname = b->name ? b->name : "NN";
+
+	fprintf(f, "no xpl %s-prefix-list %s\nxpl %s-prefix-list %s\n", b->family==AF_INET ? "ip" : "ipv6", bname, b->family==AF_INET ? "ip" : "ipv6", bname);
+
+	sx_radix_tree_foreach(b->tree, bgpq4_print_hprefixxpl, f);
+
+	fprintf(f, "\nend-list\n");
+}
+
 static void
 bgpq4_print_arista_prefixlist(FILE *f, struct bgpq_expander *b)
 {
@@ -1538,7 +1778,46 @@ bgpq4_print_nokia_md_ipprefixlist(FILE *f, struct bgpq_expander *b)
 }
 
 static void
-bgpq4_print_kprefix(struct sx_radix_node *n, void *ff)
+bgpq4_print_nokia_srl_prefixset(FILE *f, struct bgpq_expander *b)
+{
+	bname = b->name ? b->name : "NN";
+
+	fprintf(f, "/routing-policy\ndelete prefix-set \"%s\"\n",
+	    bname);
+
+	fprintf(f, "prefix-set \"%s\" {\n", bname);
+
+	if (!sx_radix_tree_empty(b->tree)) {
+		sx_radix_tree_foreach(b->tree, bgpq4_print_nokia_srl_prefix, f);
+	}
+
+	fprintf(f,"}\n");
+}
+
+static void
+bgpq4_print_nokia_srl_aclipfilter(FILE *f, struct bgpq_expander *b)
+{
+	bname = b->name ? b->name : "NN";
+
+	fprintf(f,"/acl \ndelete ipv%c-filter \"%s\"\n",
+	    b->tree->family == AF_INET ? '4' : '6', bname);
+
+	fprintf(f,"ipv%c-filter \"%s\" {\n",
+	    b->tree->family == AF_INET ? '4' : '6', bname);
+
+	if (!sx_radix_tree_empty(b->tree)) {
+		NOKIA_SRL_IPFILTER_PARAMS params = { f, 10 };
+		sx_radix_tree_foreach(b->tree, bgpq4_print_nokia_srl_ipfilter, &params);
+	} else {
+		fprintf(f,"# generated ipv%c-filter '%s' is empty\n",
+		    b->tree->family == AF_INET ? '4' : '6', bname);
+	}
+
+	fprintf(f,"}\n");
+}
+
+static void
+bgpq4_print_k6prefix(struct sx_radix_node *n, void *ff)
 {
 	char	 prefix[128];
 	FILE	*f = (FILE*)ff;
@@ -1566,16 +1845,52 @@ bgpq4_print_kprefix(struct sx_radix_node *n, void *ff)
 
 checkSon:
 	if (n->son)
-		bgpq4_print_kprefix(n->son, ff);
+		bgpq4_print_k6prefix(n->son, ff);
+}
+
+static void
+bgpq4_print_k7prefix(struct sx_radix_node *n, void *ff)
+{
+	char	 prefix[128];
+	FILE	*f = (FILE*)ff;
+
+	if (!f)
+		f = stdout;
+
+	if (n->isGlue)
+		goto checkSon;
+
+	sx_prefix_snprintf_sep(n->prefix, prefix, sizeof(prefix), "/");
+
+	if (n->isAggregate)
+		fprintf(f,"/routing filter rule add chain=\""
+		    "%s-%s\"  rule=\"if (dst in %s && dst-len in %d-%d) {accept}\"\n",
+		    bname ? bname : "NN",
+		    n->prefix->family == AF_INET ? "V4" : "V6",
+		    prefix, n->aggregateLow, n->aggregateHi);
+	else
+		fprintf(f,"/routing filter rule add chain=\""
+		    "%s-%s\" rule=\"if (dst==%s) {accept}\"\n",
+		    bname ? bname : "NN",
+		    n->prefix->family == AF_INET ? "V4" : "V6",
+		    prefix);
+
+checkSon:
+	if (n->son)
+		bgpq4_print_k7prefix(n->son, ff);
 }
 
 static void
 bgpq4_print_mikrotik_prefixlist(FILE *f, struct bgpq_expander *b)
 {
 	bname = b->name ? b->name : "NN";
+	void *cbfunc = bgpq4_print_k6prefix;
+
+	if (b->vendor == V_MIKROTIK7)
+		cbfunc = bgpq4_print_k7prefix;
 
 	if (!sx_radix_tree_empty(b->tree)) {
-		sx_radix_tree_foreach(b->tree, bgpq4_print_kprefix, f);
+		sx_radix_tree_foreach(b->tree, cbfunc, f);
 	} else {
 		fprintf(f, "# generated prefix-list %s is empty\n", bname);
 	}
@@ -1612,10 +1927,17 @@ bgpq4_print_prefixlist(FILE *f, struct bgpq_expander *b)
 	case V_NOKIA_MD:
 		bgpq4_print_nokia_md_ipprefixlist(f, b);
 		break;
+	case V_NOKIA_SRL:
+		bgpq4_print_nokia_srl_prefixset(f, b);
+		break;
 	case V_HUAWEI:
 		bgpq4_print_huawei_prefixlist(f, b);
 		break;
-	case V_MIKROTIK:
+	case V_HUAWEI_XPL:
+		bgpq4_print_huawei_xpl_prefixlist(f, b);
+		break;
+	case V_MIKROTIK6:
+	case V_MIKROTIK7:
 		bgpq4_print_mikrotik_prefixlist(f, b);
 		break;
 	case V_ARISTA:
@@ -1632,6 +1954,7 @@ bgpq4_print_eacl(FILE *f, struct bgpq_expander *b)
 		bgpq4_print_juniper_routefilter(f, b);
 		break;
 	case V_CISCO:
+	case V_ARISTA:
 		bgpq4_print_cisco_eacl(f, b);
 		break;
 	case V_OPENBGPD:
@@ -1643,8 +1966,8 @@ bgpq4_print_eacl(FILE *f, struct bgpq_expander *b)
 	case V_NOKIA_MD:
 		bgpq4_print_nokia_md_prefixlist(f, b);
 		break;
-	case V_ARISTA:
-		bgpq4_print_cisco_eacl(f, b);
+	case V_NOKIA_SRL:
+		bgpq4_print_nokia_srl_aclipfilter(f, b);
 		break;
 	default:
 		sx_report(SX_FATAL, "unreachable point\n");

sx_prefix.c

@@ -26,6 +26,7 @@
  */
 
 #include <ctype.h>
+#include <err.h>
 #include <errno.h>
 #include <stdio.h>
 #include <stdlib.h>
@@ -38,13 +39,13 @@
 int debug_aggregation = 0;
 extern int debug_expander;
 
-struct sx_prefix*
+struct sx_prefix *
 sx_prefix_alloc(struct sx_prefix *p)
 {
-	struct sx_prefix *sp = malloc(sizeof(struct sx_prefix));
+	struct sx_prefix *sp;
 
-	if (!sp)
-		return NULL;
+	if ((sp = malloc(sizeof(struct sx_prefix))) == NULL)
+		err(1, NULL);
 
 	if (p)
 		memcpy(sp, p, sizeof(struct sx_prefix));
@@ -55,7 +56,7 @@ sx_prefix_alloc(struct sx_prefix *p)
 }
 
 void
-sx_prefix_destroy(struct sx_prefix *p)
+sx_prefix_free(struct sx_prefix *p)
 {
 	if (p)
 		free(p);
@@ -64,15 +65,16 @@ sx_prefix_destroy(struct sx_prefix *p)
 void
 sx_radix_node_destroy(struct sx_radix_node *n)
 {
-	if (n) {
-		if (n->payload)
-			free(n->payload);
+	if (!n)
+		return;
 
-    		if (n->prefix)
-			free(n->prefix);
+	if (n->payload)
+		free(n->payload);
 
-    		free(n);
-	}
+	if (n->prefix)
+		free(n->prefix);
+
+	free(n);
 }
 
 void
@@ -140,7 +142,7 @@ sx_prefix_parse(struct sx_prefix *p, int af, char *text)
 	c = strchr(mtext,'/');
 
 	if (c) {
-		char* eod;
+		char *eod;
 		*c = 0;
 		masklen = strtol(c + 1, &eod, 10);
 		if (eod && eod[0] && !isspace(eod[0])) {
@@ -257,25 +259,19 @@ sx_prefix_setbit(struct sx_prefix *p, int n)
 
 
 static int
-sx_radix_tree_insert_specifics(struct sx_radix_tree *t, struct sx_prefix *p,
+sx_radix_tree_insert_specifics(struct sx_radix_tree *t, struct sx_prefix p,
     unsigned min, unsigned max)
 {
-	struct sx_prefix *np;
-	np = sx_prefix_alloc(p);
+	if (p.masklen >= min)
+		sx_radix_tree_insert(t, &p);
 
-	if (np->masklen >= min) {
-		struct sx_radix_node *nn = sx_radix_tree_insert(t, np);
-		sx_prefix_destroy(np);
-		np = nn->prefix;
-	}
-
-	if (np->masklen + 1 > max)
+	if (p.masklen + 1 > max)
 		return 1;
 
-	np->masklen += 1;
-	sx_radix_tree_insert_specifics(t, np, min, max);
-	sx_prefix_setbit(np, np->masklen);
-	sx_radix_tree_insert_specifics(t, np, min, max);
+	p.masklen += 1;
+	sx_radix_tree_insert_specifics(t, p, min, max);
+	sx_prefix_setbit(&p, p.masklen);
+	sx_radix_tree_insert_specifics(t, p, min, max);
 
 	return 1;
 }
@@ -284,18 +280,16 @@ int
 sx_prefix_range_parse(struct sx_radix_tree *tree, int af, unsigned int maxlen,
     char *text)
 {
-	char			*d = strchr(text, '^');
-	struct sx_prefix	*p;
+	struct sx_prefix	 p;
 	unsigned long		 min, max = 0;
-
-	p = sx_prefix_alloc(NULL);
+	char			*d = strchr(text, '^');
 
 	if (!d || !d[1])
 		return 0;
 
 	*d = 0;
 
-	if (!sx_prefix_parse(p, 0, text)) {
+	if (!sx_prefix_parse(&p, 0, text)) {
 		sx_report(SX_ERROR, "Unable to parse prefix %s^%s\n", text,
 		    d + 1);
 		return 0;
@@ -303,23 +297,23 @@ sx_prefix_range_parse(struct sx_radix_tree *tree, int af, unsigned int maxlen,
 
 	*d = '^';
 
-	if (af && p->family != af) {
+	if (af && p.family != af) {
 		sx_report(SX_ERROR, "Ignoring prefix %s, wrong af %i\n", text,
-		    p->family);
+		    p.family);
 		return 0;
 	}
 
-	if (maxlen && p->masklen > maxlen) {
+	if (maxlen && p.masklen > maxlen) {
 		SX_DEBUG(debug_expander, "Ignoring prefix %s, masklen %i > max"
-		    " masklen %u\n", text, p->masklen, maxlen);
+		    " masklen %u\n", text, p.masklen, maxlen);
 		return 0;
 	}
 
 	if (d[1] == '-') {
-		min = p->masklen + 1;
+		min = p.masklen + 1;
 		max = maxlen;
 	} else if (d[1] == '+') {
-		min = p->masklen;
+		min = p.masklen;
 		max = maxlen;
 	} else if (isdigit(d[1])) {
 		char *dm = NULL;
@@ -336,9 +330,9 @@ sx_prefix_range_parse(struct sx_radix_tree *tree, int af, unsigned int maxlen,
 		return 0;
 	}
 
-	if (min < p->masklen) {
+	if (min < p.masklen) {
 		sx_report(SX_ERROR, "Invalid prefix-range %s: min %lu < "
-		    "masklen %u\n", text, min, p->masklen);
+		    "masklen %u\n", text, min, p.masklen);
 		return 0;
 	}
 
@@ -377,7 +371,7 @@ sx_prefix_new(int af, char *text)
 		return NULL;
 
 	if (!sx_prefix_parse(p, af, text)) {
-		sx_prefix_destroy(p);
+		sx_prefix_free(p);
 		return NULL;
 	}
 
@@ -519,13 +513,13 @@ sx_prefix_jsnprintf(struct sx_prefix *p, char *rbuffer, int srb)
 	return snprintf(rbuffer, srb, "%s\\/%i", buffer, p->masklen);
 }
 
-struct sx_radix_tree*
+struct sx_radix_tree *
 sx_radix_tree_new(int af)
 {
-	struct sx_radix_tree *rt = malloc(sizeof(struct sx_radix_tree));
+	struct sx_radix_tree *rt;
 
-	if (!rt)
-		return NULL;
+	if ((rt = malloc(sizeof(struct sx_radix_tree))) == NULL)
+		err(1, NULL);
 
 	memset(rt, 0, sizeof(struct sx_radix_tree));
 	rt->family = af;
@@ -539,13 +533,13 @@ sx_radix_tree_empty(struct sx_radix_tree *t)
 	return t->head == NULL;
 }
 
-struct sx_radix_node*
+struct sx_radix_node *
 sx_radix_node_new(struct sx_prefix *prefix)
 {
-	struct sx_radix_node *rn = malloc(sizeof(struct sx_radix_node));
+	struct sx_radix_node *rn;
 
-	if (!rn)
-		return NULL;
+	if ((rn = malloc(sizeof(struct sx_radix_node))) == NULL)
+		err(1, NULL);
 
 	memset(rn, 0, sizeof(struct sx_radix_node));
 
@@ -582,7 +576,7 @@ sx_prefix_eqbits(struct sx_prefix *a, struct sx_prefix *b)
 	return b->masklen;
 }
 
-struct sx_prefix*
+struct sx_prefix *
 sx_prefix_overlay(struct sx_prefix *p, int n)
 {
 	struct sx_prefix *sp = sx_prefix_alloc(p);
@@ -668,7 +662,7 @@ next:
 }
 	
 			
-struct sx_radix_node*
+struct sx_radix_node *
 sx_radix_tree_lookup(struct sx_radix_tree *tree, struct sx_prefix *prefix)
 {
 	unsigned int 		 eb;
@@ -725,18 +719,18 @@ next:
 		char pbuffer[128], cbuffer[128];
 		sx_prefix_snprintf(prefix, pbuffer, sizeof(pbuffer));
 		sx_prefix_snprintf(chead->prefix, cbuffer, sizeof(cbuffer));
-		printf("Unreachible point... eb=%i, prefix=%s, chead=%s\n",
+		printf("Unreachable point... eb=%i, prefix=%s, chead=%s\n",
 		    eb, pbuffer, cbuffer);
 		abort();
 	}
 }
 
 
-struct sx_radix_node*
+struct sx_radix_node *
 sx_radix_tree_insert(struct sx_radix_tree *tree, struct sx_prefix *prefix)
 {
-	unsigned int		 eb;
-	struct sx_radix_node	**candidate=NULL, *chead;
+	unsigned int eb;
+	struct sx_radix_node *chead, **candidate = NULL;
 
 	if (!tree || !prefix)
 		return NULL;
@@ -752,7 +746,7 @@ sx_radix_tree_insert(struct sx_radix_tree *tree, struct sx_prefix *prefix)
 	candidate = &tree->head;
 	chead = tree->head;
 
-next:
+ next:
 	eb = sx_prefix_eqbits(prefix, chead->prefix);
 	if (eb < prefix->masklen && eb < chead->prefix->masklen) {
 		struct sx_prefix *neoRoot = sx_prefix_alloc(prefix);
@@ -761,7 +755,7 @@ next:
 		neoRoot->masklen = eb;
 		sx_prefix_adjust_masklen(neoRoot);
 		rn=sx_radix_node_new(neoRoot);
-                sx_prefix_destroy(neoRoot);
+                sx_prefix_free(neoRoot);
                 neoRoot = rn->prefix;
 		if (!rn) {
 			sx_report(SX_ERROR,"Unable to create node: %s\n",
@@ -785,11 +779,10 @@ next:
 		return ret;
 	} else if (eb == prefix->masklen && eb < chead->prefix->masklen) {
 		struct sx_radix_node *ret = sx_radix_node_new(prefix);
-		if (sx_prefix_isbitset(chead->prefix, eb + 1)) {
+		if (sx_prefix_isbitset(chead->prefix, eb + 1))
 			ret->r = chead;
-		} else {
+		else
 			ret->l = chead;
-		}
 		ret->parent = chead->parent;
 		chead->parent = ret;
 		*candidate = ret;
@@ -826,7 +819,7 @@ next:
 		char pbuffer[128], cbuffer[128];
 		sx_prefix_snprintf(prefix, pbuffer, sizeof(pbuffer));
 		sx_prefix_snprintf(chead->prefix, cbuffer, sizeof(cbuffer));
-		printf("Unreachible point... eb=%i, prefix=%s, chead=%s\n", eb,
+		printf("Unreachable point... eb=%i, prefix=%s, chead=%s\n", eb,
 		    pbuffer, cbuffer);
 		abort();
 	}
@@ -848,7 +841,7 @@ sx_radix_node_fprintf(struct sx_radix_node *node, void *udata)
 
 int
 sx_radix_node_foreach(struct sx_radix_node *node,
-    void (*func)(struct sx_radix_node*, void*), void *udata)
+    void (*func)(struct sx_radix_node *, void *), void *udata)
 {
 	func(node, udata);
 
@@ -1055,7 +1048,7 @@ sx_radix_tree_aggregate(struct sx_radix_tree *tree)
 static void
 setGlueUpTo(struct sx_radix_node *node, void *udata)
 {
-	unsigned refine = *(unsigned*)udata;
+	unsigned refine = *(unsigned *)udata;
 
 	if (node && node->prefix->masklen <= refine)
 		node->isGlue = 1;
@@ -1115,7 +1108,7 @@ sx_radix_tree_refine(struct sx_radix_tree *tree, unsigned refine)
 static void
 setGlueFrom(struct sx_radix_node *node, void *udata)
 {
-	unsigned refine = *(unsigned*)udata;
+	unsigned refine = *(unsigned *)udata;
 
 	if (node && node->prefix->masklen <= refine)
 		node->isGlue = 1;

sx_prefix.h

@@ -68,7 +68,7 @@ struct sx_radix_node *sx_radix_tree_lookup_exact(struct sx_radix_tree *tree,
 	struct sx_prefix *prefix);
 
 struct sx_prefix *sx_prefix_alloc(struct sx_prefix *p);
-void sx_prefix_destroy(struct sx_prefix *p);
+void sx_prefix_free(struct sx_prefix *p);
 void sx_radix_node_destroy(struct sx_radix_node *p);
 void sx_prefix_adjust_masklen(struct sx_prefix *p);
 struct sx_prefix *sx_prefix_new(int af, char *text);

tests/generate_outputs.sh

@@ -0,0 +1,90 @@
+#!/bin/bash
+
+set -e
+
+if [ $# -ne 2 ]
+then
+    echo "Usage: pass the following arguments in order:"
+    echo ""
+    echo "path to bgpq4 binary"
+    echo "output directory path"
+    echo ""
+    echo "${0} ./bgpq4 /tmp"
+    exit 1
+fi
+
+BGPQ4_PATH="${1}"
+TEST_ASN="112"
+TEST_AS_SET="AS-AS112"
+OUT_DIR="${2}"
+
+if [ ! -f "${BGPQ4_PATH}" ]
+then
+    echo "File ${BGPQ4_PATH} does't exist"
+    exit 1
+fi
+
+if [ ! -e "${OUT_DIR}" ]
+then
+    echo "Output directory ${OUT_DIR} does't exist"
+    exit 1
+fi
+
+# Test the IPv4 output formatting for each supported NOS:
+"${BGPQ4_PATH}" -4 -b "AS${TEST_ASN}" > "${OUT_DIR}/bird--4.txt"
+"${BGPQ4_PATH}" -4 -e "AS${TEST_ASN}" > "${OUT_DIR}/eos--4.txt"
+"${BGPQ4_PATH}" -4 -F '%n/%l ' "AS${TEST_ASN}" > "${OUT_DIR}/formated--4.txt"
+"${BGPQ4_PATH}" -4 -U "AS${TEST_ASN}" > "${OUT_DIR}/huawei--4.txt"
+"${BGPQ4_PATH}" -4 -u "AS${TEST_ASN}" > "${OUT_DIR}/huawei-xpl--4.txt"
+"${BGPQ4_PATH}" -4 "AS${TEST_ASN}" > "${OUT_DIR}/ios--4.txt"
+"${BGPQ4_PATH}" -4 -X "AS${TEST_ASN}" > "${OUT_DIR}/ios-xr--4.txt"
+"${BGPQ4_PATH}" -4 -j "AS${TEST_ASN}" > "${OUT_DIR}/json--4.txt"
+"${BGPQ4_PATH}" -4 -J "AS${TEST_ASN}" > "${OUT_DIR}/junos--4.txt"
+"${BGPQ4_PATH}" -4 -B "AS${TEST_ASN}" > "${OUT_DIR}/openbgpd--4.txt"
+"${BGPQ4_PATH}" -4 -K "AS${TEST_ASN}" > "${OUT_DIR}/routeros6--4.txt"
+"${BGPQ4_PATH}" -4 -K7 "AS${TEST_ASN}" > "${OUT_DIR}/routeros7--4.txt"
+"${BGPQ4_PATH}" -4 -N "AS${TEST_ASN}" > "${OUT_DIR}/sros--4.txt"
+"${BGPQ4_PATH}" -4 -n "AS${TEST_ASN}" > "${OUT_DIR}/sros-mdcli--4.txt"
+"${BGPQ4_PATH}" -4 -n2 "AS${TEST_ASN}" > "${OUT_DIR}/srlinux--4.txt"
+
+# Test the IPv6 prefix-list output formatting for each supported NOS:
+"${BGPQ4_PATH}" -6 -b "AS${TEST_ASN}" > "${OUT_DIR}/bird--6.txt"
+"${BGPQ4_PATH}" -6 -e "AS${TEST_ASN}" > "${OUT_DIR}/eos--6.txt"
+"${BGPQ4_PATH}" -6 -F '%n/%l ' "AS${TEST_ASN}" > "${OUT_DIR}/formated--6.txt"
+"${BGPQ4_PATH}" -6 -U "AS${TEST_ASN}" > "${OUT_DIR}/huawei--6.txt"
+"${BGPQ4_PATH}" -6 -u "AS${TEST_ASN}" > "${OUT_DIR}/huawei-xpl--6.txt"
+"${BGPQ4_PATH}" -6 "AS${TEST_ASN}" > "${OUT_DIR}/ios--6.txt"
+"${BGPQ4_PATH}" -6 -X "AS${TEST_ASN}" > "${OUT_DIR}/ios-xr--6.txt"
+"${BGPQ4_PATH}" -6 -j "AS${TEST_ASN}" > "${OUT_DIR}/json--6.txt"
+"${BGPQ4_PATH}" -6 -J "AS${TEST_ASN}" > "${OUT_DIR}/junos--6.txt"
+"${BGPQ4_PATH}" -6 -B "AS${TEST_ASN}" > "${OUT_DIR}/openbgpd--6.txt"
+"${BGPQ4_PATH}" -6 -K "AS${TEST_ASN}" > "${OUT_DIR}/routeros6--6.txt"
+"${BGPQ4_PATH}" -6 -K7 "AS${TEST_ASN}" > "${OUT_DIR}/routeros7--6.txt"
+"${BGPQ4_PATH}" -6 -N "AS${TEST_ASN}" > "${OUT_DIR}/sros--6.txt"
+"${BGPQ4_PATH}" -6 -n "AS${TEST_ASN}" > "${OUT_DIR}/sros-mdcli--6.txt"
+"${BGPQ4_PATH}" -6 -n2 "AS${TEST_ASN}" > "${OUT_DIR}/srlinux--6.txt"
+
+# Test the AS path list output formatting for each supported NOS:
+"${BGPQ4_PATH}" "${TEST_AS_SET}" -f "${TEST_ASN}" -b > "${OUT_DIR}/bird--asp.txt"
+# "${BGPQ4_PATH}" "${TEST_AS_SET}" -f "${TEST_ASN}" -e > "${OUT_DIR}/eos--asp.txt" # Not supported
+"${BGPQ4_PATH}" "${TEST_AS_SET}" -f "${TEST_ASN}" -U > "${OUT_DIR}/huawei--asp.txt"
+"${BGPQ4_PATH}" "${TEST_AS_SET}" -f "${TEST_ASN}" -u > "${OUT_DIR}/huawei-xpl--asp.txt"
+"${BGPQ4_PATH}" "${TEST_AS_SET}" -f "${TEST_ASN}" > "${OUT_DIR}/ios--asp.txt"
+"${BGPQ4_PATH}" "${TEST_AS_SET}" -f "${TEST_ASN}" -X > "${OUT_DIR}/ios-xr--asp.txt"
+"${BGPQ4_PATH}" "${TEST_AS_SET}" -f "${TEST_ASN}" -j > "${OUT_DIR}/json--asp.txt"
+"${BGPQ4_PATH}" "${TEST_AS_SET}" -f "${TEST_ASN}" -J > "${OUT_DIR}/junos--asp.txt"
+"${BGPQ4_PATH}" "${TEST_AS_SET}" -f "${TEST_ASN}" -B > "${OUT_DIR}/openbgpd--asp.txt"
+# "${BGPQ4_PATH}" "${TEST_AS_SET}" -f "${TEST_ASN}" -K > "${OUT_DIR}/routeros6--asp.txt" # Not supported
+# "${BGPQ4_PATH}" "${TEST_AS_SET}" -f "${TEST_ASN}" -K7 > "${OUT_DIR}/routeros7--asp.txt" # Not supported
+"${BGPQ4_PATH}" "${TEST_AS_SET}" -f "${TEST_ASN}" -N > "${OUT_DIR}/sros--asp.txt"
+"${BGPQ4_PATH}" "${TEST_AS_SET}" -f "${TEST_ASN}" -n > "${OUT_DIR}/sros-mdcli--asp.txt"
+
+# Test IRR source scopes
+# Limit ASN to valid source:
+"${BGPQ4_PATH}" "AS${TEST_ASN}" -S RIPE-NONAUTH > "${OUT_DIR}/as112-ripe-nonauth.txt"
+# Limit ASN to invalid sources:
+"${BGPQ4_PATH}" "AS${TEST_ASN}" -S APNIC,AFRINIC > "${OUT_DIR}/as112-apnic.txt"
+# Limit AS-SET using IRR prefix notation to valid source:
+"${BGPQ4_PATH}" "RIPE::${TEST_AS_SET}" > "${OUT_DIR}/as-as112-ripe-notation.txt"
+# Limit AS-SET using IRR prefix notation to invalid source:
+"${BGPQ4_PATH}" "APNIC::${TEST_AS_SET}" > "${OUT_DIR}/as-as112-apnic-notation.txt"

tests/reference/as-as112-apnic-notation.txt

@@ -0,0 +1,3 @@
+no ip prefix-list NN
+! generated prefix-list NN is empty
+ip prefix-list NN deny 0.0.0.0/0

tests/reference/as-as112-ripe-notation.txt

@@ -0,0 +1,3 @@
+no ip prefix-list NN
+ip prefix-list NN permit 192.31.196.0/24
+ip prefix-list NN permit 192.175.48.0/24

tests/reference/as112-apnic.txt

@@ -0,0 +1,3 @@
+no ip prefix-list NN
+! generated prefix-list NN is empty
+ip prefix-list NN deny 0.0.0.0/0

tests/reference/as112-ripe-nonauth.txt

@@ -0,0 +1,3 @@
+no ip prefix-list NN
+ip prefix-list NN permit 192.31.196.0/24
+ip prefix-list NN permit 192.175.48.0/24

tests/reference/bird--4.txt

@@ -0,0 +1,4 @@
+NN = [
+    192.31.196.0/24,
+    192.175.48.0/24
+];

tests/reference/bird--6.txt

@@ -0,0 +1,4 @@
+NN = [
+    2001:4:112::/48,
+    2620:4f:8000::/48
+];

tests/reference/bird--asp.txt

@@ -0,0 +1,3 @@
+NN = [
+    112
+];

tests/reference/eos--4.txt

@@ -0,0 +1,4 @@
+no ip prefix-list NN
+ip prefix-list NN
+    seq 1 permit 192.31.196.0/24
+    seq 2 permit 192.175.48.0/24

tests/reference/eos--6.txt

@@ -0,0 +1,4 @@
+no ipv6 prefix-list NN
+ipv6 prefix-list NN
+    seq 1 permit 2001:4:112::/48
+    seq 2 permit 2620:4f:8000::/48

tests/reference/formated--4.txt

@@ -0,0 +1 @@
+192.31.196.0/24 192.175.48.0/24 

tests/reference/formated--6.txt

@@ -0,0 +1 @@
+2001:4:112::/48 2620:4f:8000::/48 

tests/reference/huawei--4.txt

@@ -0,0 +1,3 @@
+undo ip ip-prefix NN
+ip ip-prefix NN permit 192.31.196.0 24
+ip ip-prefix NN permit 192.175.48.0 24

tests/reference/huawei--6.txt

@@ -0,0 +1,3 @@
+undo ip ipv6-prefix NN
+ip ipv6-prefix NN permit 2001:4:112:: 48
+ip ipv6-prefix NN permit 2620:4f:8000:: 48

tests/reference/huawei--asp.txt

@@ -0,0 +1,2 @@
+undo ip as-path-filter NN
+ip as-path-filter NN permit ^112(_112)*$

tests/reference/huawei-xpl--4.txt

@@ -0,0 +1,5 @@
+no xpl ip-prefix-list NN
+xpl ip-prefix-list NN
+  192.31.196.0 24,
+  192.175.48.0 24
+end-list

tests/reference/huawei-xpl--6.txt

@@ -0,0 +1,5 @@
+no xpl ipv6-prefix-list NN
+xpl ipv6-prefix-list NN
+  2001:4:112:: 48,
+  2620:4f:8000:: 48
+end-list

tests/reference/huawei-xpl--asp.txt

@@ -0,0 +1,3 @@
+xpl as-path-list NN
+  regular ^112(_112)*$
+end-list

tests/reference/ios--4.txt

@@ -0,0 +1,3 @@
+no ip prefix-list NN
+ip prefix-list NN permit 192.31.196.0/24
+ip prefix-list NN permit 192.175.48.0/24

tests/reference/ios--6.txt

@@ -0,0 +1,3 @@
+no ipv6 prefix-list NN
+ipv6 prefix-list NN permit 2001:4:112::/48
+ipv6 prefix-list NN permit 2620:4f:8000::/48

tests/reference/ios--asp.txt

@@ -0,0 +1,2 @@
+no ip as-path access-list NN
+ip as-path access-list NN permit ^112(_112)*$

tests/reference/ios-xr--4.txt

@@ -0,0 +1,5 @@
+no prefix-set NN
+prefix-set NN
+ 192.31.196.0/24,
+ 192.175.48.0/24
+end-set

tests/reference/ios-xr--6.txt

@@ -0,0 +1,5 @@
+no prefix-set NN
+prefix-set NN
+ 2001:4:112::/48,
+ 2620:4f:8000::/48
+end-set

tests/reference/ios-xr--asp.txt

@@ -0,0 +1,3 @@
+as-path-set NN
+  ios-regex '^112(_112)*$'
+end-set

tests/reference/json--4.txt

@@ -0,0 +1,4 @@
+{ "NN": [
+    { "prefix": "192.31.196.0\/24", "exact": true },
+    { "prefix": "192.175.48.0\/24", "exact": true }
+] }

tests/reference/json--6.txt

@@ -0,0 +1,4 @@
+{ "NN": [
+    { "prefix": "2001:4:112::\/48", "exact": true },
+    { "prefix": "2620:4f:8000::\/48", "exact": true }
+] }

tests/reference/json--asp.txt

@@ -0,0 +1,3 @@
+{"NN": [
+  112
+]}

tests/reference/junos--4.txt

@@ -0,0 +1,7 @@
+policy-options {
+replace:
+ prefix-list NN {
+    192.31.196.0/24;
+    192.175.48.0/24;
+ }
+}

tests/reference/junos--6.txt

@@ -0,0 +1,7 @@
+policy-options {
+replace:
+ prefix-list NN {
+    2001:4:112::/48;
+    2620:4f:8000::/48;
+ }
+}

tests/reference/junos--asp.txt

@@ -0,0 +1,6 @@
+policy-options {
+replace:
+ as-path-group NN {
+  as-path a0 "^112(112)*$";
+ }
+}

tests/reference/openbgpd--4.txt

@@ -0,0 +1,4 @@
+prefix { 
+	192.31.196.0/24
+	192.175.48.0/24
+	}

tests/reference/openbgpd--6.txt

@@ -0,0 +1,4 @@
+prefix { 
+	2001:4:112::/48
+	2620:4f:8000::/48
+	}

tests/reference/openbgpd--asp.txt

@@ -0,0 +1 @@
+allow from AS 112 AS 112

tests/reference/routeros6--4.txt

@@ -0,0 +1,2 @@
+/routing filter add action=accept chain="NN-V4" prefix=192.31.196.0/24
+/routing filter add action=accept chain="NN-V4" prefix=192.175.48.0/24

tests/reference/routeros6--6.txt

@@ -0,0 +1,2 @@
+/routing filter add action=accept chain="NN-V6" prefix=2001:4:112::/48
+/routing filter add action=accept chain="NN-V6" prefix=2620:4f:8000::/48

tests/reference/routeros7--4.txt

@@ -0,0 +1,2 @@
+/routing filter rule add chain="NN-V4" rule="if (dst==192.31.196.0/24) {accept}"
+/routing filter rule add chain="NN-V4" rule="if (dst==192.175.48.0/24) {accept}"

tests/reference/routeros7--6.txt

@@ -0,0 +1,2 @@
+/routing filter rule add chain="NN-V6" rule="if (dst==2001:4:112::/48) {accept}"
+/routing filter rule add chain="NN-V6" rule="if (dst==2620:4f:8000::/48) {accept}"

tests/reference/srlinux--4.txt

@@ -0,0 +1,6 @@
+/routing-policy
+delete prefix-set "NN"
+prefix-set "NN" {
+    prefix 192.31.196.0/24 mask-length-range exact { }
+    prefix 192.175.48.0/24 mask-length-range exact { }
+}

tests/reference/srlinux--6.txt

@@ -0,0 +1,6 @@
+/routing-policy
+delete prefix-set "NN"
+prefix-set "NN" {
+    prefix 2001:4:112::/48 mask-length-range exact { }
+    prefix 2620:4f:8000::/48 mask-length-range exact { }
+}

tests/reference/sros--4.txt

@@ -0,0 +1,8 @@
+configure router policy-options
+begin
+no prefix-list "NN"
+prefix-list "NN"
+    prefix 192.31.196.0/24 exact
+    prefix 192.175.48.0/24 exact
+exit
+commit

tests/reference/sros--6.txt

@@ -0,0 +1,8 @@
+configure router policy-options
+begin
+no prefix-list "NN"
+prefix-list "NN"
+    prefix 2001:4:112::/48 exact
+    prefix 2620:4f:8000::/48 exact
+exit
+commit

tests/reference/sros--asp.txt

@@ -0,0 +1,7 @@
+configure router policy-options
+begin
+no as-path-group "NN"
+as-path-group "NN"
+  entry 1 expression "112+"
+exit
+commit

tests/reference/sros-mdcli--4.txt

@@ -0,0 +1,8 @@
+/configure policy-options
+delete prefix-list "NN"
+prefix-list "NN" {
+    prefix 192.31.196.0/24 type exact {
+    }
+    prefix 192.175.48.0/24 type exact {
+    }
+}

tests/reference/sros-mdcli--6.txt

@@ -0,0 +1,8 @@
+/configure policy-options
+delete prefix-list "NN"
+prefix-list "NN" {
+    prefix 2001:4:112::/48 type exact {
+    }
+    prefix 2620:4f:8000::/48 type exact {
+    }
+}

tests/reference/sros-mdcli--asp.txt

@@ -0,0 +1,7 @@
+/configure policy-options
+delete as-path-group "NN"
+as-path-group "NN" {
+  entry 1 {
+    expression "112+"
+  }
+}