Release 1.9

* Fix issue bgp#83 - fix regression bug which ignored -S CLI option (#1)

* Fix issue #83 - fix regression bug which ignored -S CLI option, introduced by commit 08b81f7d19
---------

Co-authored-by: James Bensley <jwbensley@gmail.com>

* Fix off-by-one error

* Swap strlcpy for strdup

---------

Co-authored-by: James Bensley <jwbensley@gmail.com>

.github/images/centos.Dockerfile

@@ -3,7 +3,7 @@ FROM quay.io/$image
 
 # Install dependencies
 RUN yum update -y
-RUN yum install -y autoconf automake gcc libtool make diffutils file
+RUN yum install -y autoconf automake gcc libtool make diffutils file gzip
 
 # Add source code
 ADD . /src

.github/workflows/build.yml

@@ -6,7 +6,7 @@ jobs:
   build:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v1
+    - uses: actions/checkout@v3
     - name: bootstrap
       run: ./bootstrap
     - name: configure

.github/workflows/codeql-analysis.yml

@@ -0,0 +1,38 @@
+name: CodeQL analysis
+
+on:
+  push:
+  pull_request:
+  schedule:
+    # build the main branch every Tuesday morning
+    - cron: '15 6 * * 2'
+  workflow_dispatch:
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+    strategy:
+      fail-fast: false
+      matrix:
+        language: [ 'cpp' ]
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v3
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@v2
+      with:
+        languages: ${{ matrix.language }}
+    - name: Build Application using script
+      run: |
+        ./bootstrap
+        ./configure
+        make
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@v2
+      with:
+        category: "/language:${{matrix.language}}"

.github/workflows/matrixbuild.yml

@@ -15,17 +15,17 @@ jobs:
           - ubuntu:jammy
           - ubuntu:focal
           - ubuntu:bionic
+          - fedora/fedora:38
           - fedora/fedora:37
           - fedora/fedora:36
-          - fedora/fedora:35
           - centos/centos:stream9
           - centos/centos:stream8
           - centos/centos:7
           - rockylinux/rockylinux:9
           - rockylinux/rockylinux:8
           - alpine:edge
-          - alpine:3.16
+          - alpine:3.17
     steps:
-    - uses: actions/checkout@v1
+    - uses: actions/checkout@v3
     - name: Run build on ${{matrix.dockerenv}}
       run: docker build . --file .github/images/${{matrix.dockerenv}}.Dockerfile --build-arg image=${{matrix.dockerenv}}

CHANGES

@@ -1,3 +1,10 @@
+1.9 (2023-03-05)
+    - Bugfix for -S problem (bgpq4#83) by James Bensley
+
+1.8 (2023-01-20)
+    - Downgrade 'key not found' to DEBUG level to reduce noise
+    - Re-introduce -p for private ASN support option
+
 1.7 (2022-11-03)
     - Support SOURCE:: syntax (contributed by James Bensley)
 

README.md

@@ -13,7 +13,7 @@
 **-G** *asn*
 **-H** *asn*
 **-t**]
-\[**-46ABbDdJjNnsXU**]
+\[**-46ABbDdJjNnpsXU**]
 \[**-a** *asn*]
 \[**-r** *len*]
 \[**-R** *len*]
@@ -101,7 +101,11 @@ It's options are as follows:
 
 **-K**
 
-> generate config for Mikrotik (default: Cisco).
+> generate config for Mikrotik ROSv6 (default: Cisco).
+
+**-K7**
+
+> generate config for Mikrotik ROSv7 (default: Cisco).
 
 **-l** *name*
 
@@ -130,11 +134,8 @@ It's options are as follows:
 
 **-p**
 
-> accept routes registered for private ASNs (default: disabled)
-
-**-P**
-
-> generate prefix-list (default, backward compatibility).
+> emit prefixes where the origin ASN is in the private ASN range
+> (disabled by default).
 
 **-r** *len*
 
@@ -343,19 +344,19 @@ be in one line (sometimes it makes sense):
 # NOTES ON SOURCES
 
 By default *bgpq4* trusts data from all databases mirrored into NTT's IRR service.
-Unfortunately, not all these databases are equal in how much can we trust their 
+Unfortunately, not all these databases are equal in how much can we trust their
 data.
 RIR maintained databases (AFRINIC, ARIN, APNIC, LACNIC and RIPE)
-shall be trusted more than the others because they have the knowledge about 
-which address space is allocated to each ASN, other databases lack this 
-knowledge and can (and actually do) contain some stale data: nobody but RIRs 
-care to remove outdated route-objects when address space is revoked from one 
-ASN and allocated to another. In order to keep their filters both compact and 
-current, *bgpq4 users* are encouraged to use one of two method to limit 
+shall be trusted more than the others because they have the knowledge about
+which address space is allocated to each ASN, other databases lack this
+knowledge and can (and actually do) contain some stale data: nobody but RIRs
+care to remove outdated route-objects when address space is revoked from one
+ASN and allocated to another. In order to keep their filters both compact and
+current, *bgpq4 users* are encouraged to use one of two method to limit
 database sources to only ones they trust.
 
-One option is to use the '-S' flag. This limits all queries to a specific data 
-source. For example, the following command tells IIRd to only use data from 
+One option is to use the '-S' flag. This limits all queries to a specific data
+source. For example, the following command tells IIRd to only use data from
 the RIPE RIR DB to build the prefix list for the AS-SET:
 
 	$./bgpq4 -S RIPE AS-VOSTRON
@@ -364,8 +365,8 @@ the RIPE RIR DB to build the prefix list for the AS-SET:
 	ip prefix-list NN permit 134.0.64.0/21
 
 Be aware though, than an AS-SET may contain members from other data sources.
-In this case IRRd won't respond to the bgpq4 query will all the prefixes in the 
-AS-SET tree. Make sure to use the '-S' flag with all the data sources required 
+In this case IRRd won't respond to the bgpq4 query will all the prefixes in the
+AS-SET tree. Make sure to use the '-S' flag with all the data sources required
 for the AS-SET being expanded:
 
 	$./bgpq4 -S RIPE,ARIN AS-VOSTRON
@@ -377,10 +378,10 @@ for the AS-SET being expanded:
 	ip prefix-list NN permit 208.86.234.0/24
 	ip prefix-list NN permit 208.86.235.0/24
 
-The other option is to specify a source for an AS-SET or Route Set using the 
-"::" notation. When bgpq4 detects this, it will look for "::" in the specified 
-AS-SET or RS on the CLI, and in all members of the AS-SET/RS, and for each 
-member with a data source specified in "::" format, it will set the IRRd data 
+The other option is to specify a source for an AS-SET or Route Set using the
+"::" notation. When bgpq4 detects this, it will look for "::" in the specified
+AS-SET or RS on the CLI, and in all members of the AS-SET/RS, and for each
+member with a data source specified in "::" format, it will set the IRRd data
 source to the given value, query the AS-SET/RS, then reset the data sources back
  to the default list for the next object in the tree.
 
@@ -394,9 +395,9 @@ source to the given value, query the AS-SET/RS, then reset the data sources back
 	ip prefix-list NN permit 208.86.234.0/24
 	ip prefix-list NN permit 208.86.235.0/24
 
-In comparison to the '-S' flag, this method return all the prefixes under the 
-AS-SET, but the root of the tree "AS-VOSTRON" was queries from RIPE only. None 
-of the member objects used the "::" notation so they were queries from the 
+In comparison to the '-S' flag, this method return all the prefixes under the
+AS-SET, but the root of the tree "AS-VOSTRON" was queries from RIPE only. None
+of the member objects used the "::" notation so they were queries from the
 default source list (which is all sources).
 
 
@@ -422,7 +423,7 @@ object.
 	ip prefix-list NN permit 45.65.184.0/22
 	[...]
 
-When known, use the "::" notation to speicy the authortative data source for 
+When known, use the "::" notation to speicy the authortative data source for
 an AS-SET or RS instead of the -S flag.
 
 # PERFORMANCE

VERSION

@@ -1 +1 @@
-1.7
+1.9

bgpq4.8

@@ -40,7 +40,7 @@
 .Fl H Ar asn
 .Fl t
 .Oc
-.Op Fl 46ABbDdJjNnsXU
+.Op Fl 46ABbDdJjNnpsXU
 .Op Fl a Ar asn
 .Op Fl r Ar len
 .Op Fl R Ar len
@@ -95,7 +95,9 @@ generate config for Juniper (default: Cisco).
 .It Fl j
 generate output in JSON format (default: Cisco).
 .It Fl K
-generate config for Mikrotik (default: Cisco).
+generate config for Mikrotik ROSv6 (default: Cisco).
+.It Fl K7
+generate config for Mikrotik ROSv7 (default: Cisco).
 .It Fl l Ar name
 name of generated entry.
 .It Fl L Ar limit
@@ -110,9 +112,7 @@ generate config for Nokia SR OS MD-CLI (Cisco IOS by default)
 .It Fl N
 generate config for Nokia SR OS classic CLI (Cisco IOS by default).
 .It Fl p
-accept routes registered for private ASNs (default: disabled)
-.It Fl P
-generate prefix-list (default, backward compatibility).
+emit prefixes where the origin ASN is in the private ASN range (disabled by default).
 .It Fl r Ar len
 allow more specific routes starting with specified masklen too.
 .It Fl R Ar len
@@ -130,7 +130,7 @@ generate config for Huawei devices (Cisco IOS by default)
 .It Fl u
 generate config for Huawei devices in XPL format (Cisco IOS by default)
 .It Fl W Ar len
-generate as-path strings of no more than len items (use 0 for inifinity).
+generate as-path strings of no more than len items (use 0 for infinity).
 .It Fl X
 generate config for Cisco IOS XR devices (plain IOS by default).
 .It Fl z

expander.c

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2019-2021 Job Snijders <job@sobornost.net>
+ * Copyright (c) 2019-2022 Job Snijders <job@sobornost.net>
  * Copyright (c) 2018 Peter Schoenmaker <pds@ntt.net>
  * Copyright (c) 2007-2019 Alexandre Snarskii <snar@snar.spb.ru>
  * All rights reserved.
@@ -197,13 +197,13 @@ bgpq_expander_add_as(struct bgpq_expander *b, char *as)
 	}
 
 	if (!expand_special_asn &&
-	    ((asno  >= 4200000000ul) || (asno >= 64496 && asno <= 65551))) {
+	    (asno >= 4200000000ul || (asno >= 64496 && asno <= 65551))) {
 		sx_report(SX_ERROR,"Invalid AS number: %u\n", asno);
 		return 0;
 	}
 
 	if ((asne = malloc(sizeof(struct asn_entry))) == NULL)
-		sx_report(SX_FATAL, "malloc failed for asn\n");
+		err(1, NULL);
 
 	asne->asn = asno;
 	RB_INSERT(asn_tree, &b->asnlist, asne);
@@ -243,46 +243,60 @@ bgpq_expander_add_prefix_range(struct bgpq_expander *b, char *prefix)
 	return sx_prefix_range_parse(b->tree, b->family, b->maxlen, prefix);
 }
 
-char*
-bgpq_get_asset(char *object){
-	char *asset, *d;
+char *
+bgpq_get_asset(char *object) {
+	char *d, *asset;
 
 	d = strstr(object, "::");
-	if (d){
+	if (d)
 		d += 2;
-	} else {
+	else
 		d = object;
-	}
 
 	if ((asset = calloc(1, 256)) == NULL)
-		sx_report(SX_FATAL, "calloc failed for asset\n");
+		err(1, NULL);
+
 	memcpy(asset, d, strlen(object) - (d - object));
+
 	return asset;
 }
 
-char*
-bgpq_get_rset(char *object){
-	char *d = strstr(object, "::");
-	if (d){
-		d += 2;
-	} else {
-		d = object;
-	}
+char *
+bgpq_get_rset(char *object) {
+	char *d, *rset;
+
+	d = strstr(object, "::");
+
+	if (d)
+		d += 2;
+	else
+		d = object;
+
+	if ((rset = calloc(1, 256)) == NULL)
+		err(1, NULL);
 
-	char *rset = (char*)calloc(1, 256);
 	memcpy(rset, d, strlen(object) - (d - object));
+
 	return rset;
 }
 
-char*
-bgpq_get_source(char *object){
-	char *d = strstr(object, "::");
-	if (d){
-		char *source = (char*)calloc(1, 256);
-		unsigned int slen = d - object;
+char *
+bgpq_get_source(char *object) {
+	char 		*d;
+	char 		*source;
+	unsigned int	 slen;
+
+	d = strstr(object, "::");
+
+	if (d) {
+		if ((source = calloc(1, 256)) == NULL)
+			err(1, NULL);
+
+		slen = d - object;
 		memcpy(source, object, slen);
 		return source;
 	}
+
 	return NULL;
 }
 
@@ -295,11 +309,13 @@ bgpq_expanded_macro(char *as, struct bgpq_expander *ex,
 	return 1;
 }
 
-struct request *bgpq_pipeline(struct bgpq_expander *b,
+struct request *
+bgpq_pipeline(struct bgpq_expander *b,
     int (*callback)(char *, struct bgpq_expander *b, struct request *req),
     void *udata, char *fmt, ...);
 
-int bgpq_expand_irrd(struct bgpq_expander *b,
+int
+bgpq_expand_irrd(struct bgpq_expander *b,
     int (*callback)(char*, struct bgpq_expander *b, struct request *req),
     void *udata, char *fmt, ...);
 
@@ -307,9 +323,11 @@ static int
 bgpq_expanded_macro_limit(char *as, struct bgpq_expander *b,
     struct request *req)
 {
+	char		*source;
+	struct request	*req1;
+
 	if (!strncasecmp(as, "AS-", 3) || strchr(as, '-') || strchr(as, ':')) {
 		struct sx_tentry tkey = { .text = as };
-		char *source;
 
 		if (RB_FIND(tentree, &b->already, &tkey)) {
 			SX_DEBUG(debug_expander > 2, "%s is already expanding, "
@@ -330,29 +348,29 @@ bgpq_expanded_macro_limit(char *as, struct bgpq_expander *b,
 			if (pipelining) {
 				if (b->usesource) {
 					source = bgpq_get_source(as);
-					if (source){
-						bgpq_pipeline(b, NULL, NULL, "!s%s\n", source);
+					if (source) {
+						bgpq_pipeline(b, NULL, NULL,
+						    "!s%s\n", source);
 						free(source);
 					} else {
-						bgpq_pipeline(
-							b, NULL, NULL, "!s%s\n", b->defaultsources
-						);
+						bgpq_pipeline(b, NULL, NULL,
+						    "!s%s\n", b->defaultsources);
 					}
 				}
-				struct request *req1 = bgpq_pipeline(b,
-				    bgpq_expanded_macro_limit, NULL, "!i%s\n",
-				        bgpq_get_asset(as));
+
+				req1 = bgpq_pipeline(b, bgpq_expanded_macro_limit,
+				    NULL, "!i%s\n", bgpq_get_asset(as));
 				req1->depth = req->depth + 1;
 			} else {
 				if (b->usesource) {
 					source = bgpq_get_source(as);
 					if (source) {
-						bgpq_expand_irrd(b, NULL, NULL, "!s%s\n", source);
+						bgpq_expand_irrd(b, NULL, NULL,
+						    "!s%s\n", source);
 						free(source);
 					} else {
-						bgpq_expand_irrd(
-							b, NULL, NULL, "!s%s\n", b->defaultsources
-						);
+						bgpq_expand_irrd(b, NULL, NULL,
+						    "!s%s\n", b->defaultsources);
 					}
 				}
 				b->cdepth++;
@@ -362,8 +380,7 @@ bgpq_expanded_macro_limit(char *as, struct bgpq_expander *b,
 			}
 		} else {
 			SX_DEBUG(debug_expander > 2, "ignoring %s at depth %i\n",
-			    as,
-			    b->cdepth ? (b->cdepth + 1) : (req->depth + 1));
+			    as, b->cdepth ? (b->cdepth + 1) : (req->depth + 1));
 		}
 	} else if (!strncasecmp(as, "AS", 2)) {
 		struct sx_tentry tkey = { .text = as };
@@ -419,14 +436,21 @@ bgpq_expanded_v6prefix(char *prefix, struct bgpq_expander *ex,
 	return 1;
 }
 
-static char*
-bgpq_get_irrd_sources(int fd) {
-	int ret;
-	char *query = "!s-lc\n";
-	int qlen = strlen(query);
-	const unsigned int rsize = 256;
-	char *response = (char*)calloc(1, rsize);
-	char *sources = (char*)calloc(1, rsize);
+static char *
+bgpq_get_irrd_sources(int fd)
+{
+	char			*query, *response, *sources, *start, *end;
+	const unsigned int	 rsize = 256;
+	unsigned int		 slen;
+	int			 ret, qlen;
+
+	query = "!s-lc\n";
+	qlen = strlen(query);
+
+	if ((response = calloc(1, rsize)) == NULL)
+		err(1, NULL);
+	if ((sources = calloc(1, rsize)) == NULL)
+		err(1, NULL);
 
 	SX_DEBUG(debug_expander, "Requesting source list %s", query);
 	if ((ret = write(fd, query, strlen(query))) != qlen) {
@@ -456,10 +480,10 @@ bgpq_get_irrd_sources(int fd) {
 		exit(1);
 	}
 
-	char *start = strchr(response, '\n');
-	if (start){
+	start = strchr(response, '\n');
+	if (start) {
 		start += 1;
-		char *end = strchr(start, '\n');
+		end = strchr(start, '\n');
 		if (!end) {
 			sx_report(SX_ERROR, "No 2nd newline in response '%s': %s\n",
 				response, query);
@@ -468,12 +492,11 @@ bgpq_get_irrd_sources(int fd) {
 			free(response);
 			exit(1);
 		}
-		unsigned int slen = end - start;
-		if (slen > rsize) {
-			memcpy(sources, start, rsize-1);
-		} else {
+		slen = end - start;
+		if (slen > rsize)
+			memcpy(sources, start, rsize - 1);
+		else
 			memcpy(sources, start, slen);
-		}
 	} else {
 		sx_report(SX_ERROR, "No 1st newline in response '%s': %s\n",
 			response, query);
@@ -482,17 +505,19 @@ bgpq_get_irrd_sources(int fd) {
 		free(response);
 		exit(1);
 	}
+
 	free(response);
 	return sources;
 }
 
-int bgpq_pipeline_dequeue(int fd, struct bgpq_expander *b);
-
 static struct request *
 request_alloc(char *request, int (*callback)(char *, struct bgpq_expander *,
     struct request *), void *udata)
 {
-	struct request *bp = malloc(sizeof(struct request));
+	struct request *bp;
+
+	if ((bp = malloc(sizeof(struct request))) == NULL)
+		err(1, NULL);
 
 	if (!bp)
 		return NULL;
@@ -521,9 +546,9 @@ bgpq_pipeline(struct bgpq_expander *b,
     int (*callback)(char *, struct bgpq_expander *, struct request *),
     void *udata, char *fmt, ...)
 {
+	struct request		*bp = NULL;
 	char			 request[256];
 	int			 ret;
-	struct request	*bp = NULL;
 	va_list			 ap;
 
 	va_start(ap, fmt);
@@ -550,12 +575,14 @@ bgpq_pipeline(struct bgpq_expander *b,
 			sx_report(SX_FATAL, "Error writing request: %s\n",
 			    strerror(errno));
 		}
+
 		bp->offset=ret;
-		if (ret == bp->size) {
+
+		if (ret == bp->size)
 			STAILQ_INSERT_TAIL(&b->rq, bp, next);
-		} else {
+		else
 			STAILQ_INSERT_TAIL(&b->wq, bp, next);
-		}
+
 	} else
 		STAILQ_INSERT_TAIL(&b->wq, bp, next);
 
@@ -704,10 +731,8 @@ have:
 			unsigned long 	 togot = strtoul(response + 1, &eon, 10);
 			char 		*recvbuffer = malloc(togot + 2);
 
-			if (!recvbuffer) {
-				sx_report(SX_FATAL, "error allocating %lu "
-				    "bytes: %s\n", togot + 2, strerror(errno));
-			}
+			if (recvbuffer == NULL)
+				err(1, NULL);
 
 			memset(recvbuffer, 0, togot + 2);
 
@@ -815,7 +840,7 @@ have3:
 			if (b->validate_asns)
 				bgpq_expander_invalidate_asn(b, req->request);
 		} else if (response[0] == 'D') {
-			sx_report(SX_ERROR, "Key not found expanding %s",
+			SX_DEBUG(debug_expander, "Key not found expanding %s",
 			    req->request);
 			if (b->validate_asns)
 				bgpq_expander_invalidate_asn(b, req->request);
@@ -981,7 +1006,7 @@ have3:
 		if (b->validate_asns)
 			bgpq_expander_invalidate_asn(b, request);
 	} else if (response[0] == 'D') {
-		sx_report(SX_ERROR, "Key not found expanding %s",
+		SX_DEBUG(debug_expander, "Key not found expanding %s",
 			req->request);
 		if (b->validate_asns)
 			bgpq_expander_invalidate_asn(b, request);
@@ -1004,11 +1029,13 @@ have3:
 int
 bgpq_expand(struct bgpq_expander *b)
 {
-	int			 fd = -1, err, ret, aquery = 0;
+	char			*source;
 	struct slentry		*mc;
 	struct addrinfo 	 hints, *res = NULL, *rp;
 	struct linger		 sl;
 	struct asn_entry	*asne;
+	int			 fd = -1, err, ret, aquery = 0;
+	int			 slen;
 
 	sl.l_onoff = 1;
 	sl.l_linger = 5;
@@ -1133,10 +1160,11 @@ bgpq_expand(struct bgpq_expander *b)
 		}
 	}
 
-	if (b->usesource) {
+	if (b->sources && b->sources[0] != 0) {
+		b->defaultsources = strdup(b->sources);
+	} else if (b->usesource) {
 		if (b->sources && b->sources[0] != 0) {
-			b->defaultsources = (char*)calloc(1, strlen(b->sources));
-			strcpy(b->defaultsources, b->sources);
+			b->defaultsources = strdup(b->sources);
 		} else {
 			b->defaultsources = bgpq_get_irrd_sources(b->fd);
 		}
@@ -1145,7 +1173,7 @@ bgpq_expand(struct bgpq_expander *b)
 	}
 
 	if (b->sources && b->sources[0] != 0) {
-		int slen = strlen(b->sources) + 4;
+		slen = strlen(b->sources) + 4;
 		if (slen < 256)
 			slen = 256;
 		char sources[slen];
@@ -1185,7 +1213,7 @@ bgpq_expand(struct bgpq_expander *b)
 	STAILQ_FOREACH(mc, &b->macroses, entry) {
 		if (!b->maxdepth && RB_EMPTY(&b->stoplist)) {
 			if (b->usesource) {
-				char *source = bgpq_get_source(mc->text);
+				source = bgpq_get_source(mc->text);
 				if (source){
 					if (pipelining){
 						bgpq_pipeline(b, NULL, NULL, "!s%s\n", source);
@@ -1245,7 +1273,7 @@ bgpq_expand(struct bgpq_expander *b)
 	if (b->generation >= T_PREFIXLIST || b->validate_asns) {
 		STAILQ_FOREACH(mc, &b->rsets, entry) {
 			if (b->usesource) {
-				char *source = bgpq_get_source(mc->text);
+				source = bgpq_get_source(mc->text);
 				if (source){
 					if (pipelining){
 						printf("Checking %s\n", bgpq_get_rset(mc->text));
@@ -1348,6 +1376,7 @@ bgpq_expand(struct bgpq_expander *b)
 		fl &= ~O_NONBLOCK;
 		fcntl(fd, F_SETFL, fl);
 	}
+
 	close(fd);
 	free(b->defaultsources);
 
@@ -1355,8 +1384,8 @@ bgpq_expand(struct bgpq_expander *b)
 }
 
 void
-sx_radix_node_freeall(struct sx_radix_node *n) {
-
+sx_radix_node_freeall(struct sx_radix_node *n)
+{
 	if (n->l != NULL)
 		sx_radix_node_freeall(n->l);
 
@@ -1375,20 +1404,23 @@ sx_radix_node_freeall(struct sx_radix_node *n) {
 }
 
 void
-sx_radix_tree_freeall(struct sx_radix_tree *t) {
-
+sx_radix_tree_freeall(struct sx_radix_tree *t)
+{
 	if (t->head != NULL)
 		sx_radix_node_freeall(t->head);
 
 	free(t);
 }
 
+/* XXX: needs cleaning up / figuring out */
 void
-bgpq_prequest_freeall(struct bgpq_prequest *bpr) {
+bgpq_prequest_freeall(struct bgpq_prequest *bpr)
+{
 }
 
 void
-expander_freeall(struct bgpq_expander *expander) {
+expander_freeall(struct bgpq_expander *expander)
+{
 	struct sx_tentry	*var, *nxt;
 	struct asn_entry	*asne, *asne_next;
 

extern.h

@@ -59,7 +59,8 @@ typedef enum {
 	V_NOKIA,
 	V_HUAWEI,
 	V_HUAWEI_XPL,
-	V_MIKROTIK,
+	V_MIKROTIK6,
+	V_MIKROTIK7,
 	V_NOKIA_MD,
 	V_ARISTA
 } bgpq_vendor_t;

main.c

@@ -51,7 +51,7 @@ static int
 usage(int ecode)
 {
 	printf("\nUsage: bgpq4 [-h host[:port]] [-S sources] [-E|G|H <num>"
-	    "|f <num>|t] [-46ABbdJjKNnwXz] [-R len] <OBJECTS> ... "
+	    "|f <num>|t] [-46ABbdJjKNnpwXz] [-R len] <OBJECTS> ... "
 	    "[EXCEPT <OBJECTS> ...]\n");
 	printf("\nVendor targets:\n");
 	printf(" no option : Cisco IOS Classic (default)\n");
@@ -60,7 +60,8 @@ usage(int ecode)
 	printf(" -u        : Huawei XPL\n");
 	printf(" -j        : JSON\n");
 	printf(" -J        : Juniper Junos\n");
-	printf(" -K        : MikroTik RouterOS\n");
+	printf(" -K        : MikroTik RouterOSv6\n");
+	printf(" -K7       : MikroTik RouterOSv7\n");
 	printf(" -b        : NIC.CZ BIRD\n");
 	printf(" -N        : Nokia SR OS (Classic CLI)\n");
 	printf(" -n        : Nokia SR OS (MD-CLI)\n");
@@ -133,9 +134,9 @@ static void
 vendor_exclusive(void)
 {
 	fprintf(stderr, "-b (BIRD), -B (OpenBGPD), -F (formatted), -J (Junos),"
-	    " -j (JSON), -N (Nokia SR OS Classic), -n (Nokia SR OS MD-CLI),"
-	    " -U (Huawei), -u (Huawei XPL), -e (Arista) and -X (IOS XR) options "
-	    " are mutually exclusive\n");
+	    " -j (JSON), -K[7] (Microtik ROS), -N (Nokia SR OS Classic),"
+	    " -n (Nokia SR OS MD-CLI), -U (Huawei), -u (Huawei XPL),"
+	    "-e (Arista) and -X (IOS XR) options are mutually exclusive\n");
 	exit(1);
 }
 
@@ -197,7 +198,7 @@ main(int argc, char* argv[])
 		expander.sources=getenv("IRRD_SOURCES");
 
 	while ((c = getopt(argc, argv,
-	    "46a:AbBdDEeF:S:jJKf:l:L:m:M:NnW:pr:R:G:H:tTh:UuwXsvz")) != EOF) {
+	    "467a:AbBdDEeF:S:jJKf:l:L:m:M:NnpW:r:R:G:H:tTh:UuwXsvz")) != EOF) {
 	switch (c) {
 	case '4':
 		/* do nothing, expander already configured for IPv4 */
@@ -218,6 +219,13 @@ main(int argc, char* argv[])
 		expander.family = AF_INET6;
 		expander.tree->family = AF_INET6;
 		break;
+	case '7':
+		if (expander.vendor != V_MIKROTIK6) {
+			sx_report(SX_FATAL, "'7' can only be used after -K\n");
+			exit(1);
+		}
+		expander.vendor = V_MIKROTIK7;
+		break;
 	case 'a':
 		parseasnumber(&expander, optarg);
 		break;
@@ -297,10 +305,7 @@ main(int argc, char* argv[])
 	case 'K':
 		if (expander.vendor)
 			vendor_exclusive();
-		expander.vendor = V_MIKROTIK;
-		break;
-	case 'p':
-		expand_special_asn = 1;
+		expander.vendor = V_MIKROTIK6;
 		break;
 	case 'r':
 		refineLow = strtoul(optarg, NULL, 10);
@@ -389,6 +394,9 @@ main(int argc, char* argv[])
 			vendor_exclusive();
 		expander.vendor = V_NOKIA_MD;
 		break;
+	case 'p':
+		expand_special_asn = 1;
+		break;
 	case 't':
 		if (expander.generation)
 			exclusive();
@@ -451,7 +459,8 @@ main(int argc, char* argv[])
 			switch (vendor) {
 			case V_ARISTA:
 			case V_CISCO:
-			case V_MIKROTIK:
+			case V_MIKROTIK6:
+			case V_MIKROTIK7:
 				expander.aswidth = 4;
 				break;
 			case V_CISCO_XR:

printer.c

@@ -1717,7 +1717,7 @@ bgpq4_print_nokia_md_ipprefixlist(FILE *f, struct bgpq_expander *b)
 }
 
 static void
-bgpq4_print_kprefix(struct sx_radix_node *n, void *ff)
+bgpq4_print_k6prefix(struct sx_radix_node *n, void *ff)
 {
 	char	 prefix[128];
 	FILE	*f = (FILE*)ff;
@@ -1745,16 +1745,52 @@ bgpq4_print_kprefix(struct sx_radix_node *n, void *ff)
 
 checkSon:
 	if (n->son)
-		bgpq4_print_kprefix(n->son, ff);
+		bgpq4_print_k6prefix(n->son, ff);
+}
+
+static void
+bgpq4_print_k7prefix(struct sx_radix_node *n, void *ff)
+{
+	char	 prefix[128];
+	FILE	*f = (FILE*)ff;
+
+	if (!f)
+		f = stdout;
+
+	if (n->isGlue)
+		goto checkSon;
+
+	sx_prefix_snprintf_sep(n->prefix, prefix, sizeof(prefix), "/");
+
+	if (n->isAggregate)
+		fprintf(f,"/routing filter rule add chain=\""
+		    "%s-%s\"  rule=\"if (dst in %s && dst-len in %d-%d) {accept}\"\n",
+		    bname ? bname : "NN",
+		    n->prefix->family == AF_INET ? "V4" : "V6",
+		    prefix, n->aggregateLow, n->aggregateHi);
+	else
+		fprintf(f,"/routing filter rule add chain=\""
+		    "%s-%s\" rule=\"if (dst=%s) {accept}\"\n",
+		    bname ? bname : "NN",
+		    n->prefix->family == AF_INET ? "V4" : "V6",
+		    prefix);
+
+checkSon:
+	if (n->son)
+		bgpq4_print_k7prefix(n->son, ff);
 }
 
 static void
 bgpq4_print_mikrotik_prefixlist(FILE *f, struct bgpq_expander *b)
 {
 	bname = b->name ? b->name : "NN";
+	void *cbfunc = bgpq4_print_k6prefix;
+
+	if (b->vendor == V_MIKROTIK7)
+		cbfunc = bgpq4_print_k7prefix;
 
 	if (!sx_radix_tree_empty(b->tree)) {
-		sx_radix_tree_foreach(b->tree, bgpq4_print_kprefix, f);
+		sx_radix_tree_foreach(b->tree, cbfunc, f);
 	} else {
 		fprintf(f, "# generated prefix-list %s is empty\n", bname);
 	}
@@ -1797,7 +1833,8 @@ bgpq4_print_prefixlist(FILE *f, struct bgpq_expander *b)
 	case V_HUAWEI_XPL:
 		bgpq4_print_huawei_xpl_prefixlist(f, b);
 		break;
-	case V_MIKROTIK:
+	case V_MIKROTIK6:
+	case V_MIKROTIK7:
 		bgpq4_print_mikrotik_prefixlist(f, b);
 		break;
 	case V_ARISTA: