bgpd: Allow specification of AS 0 for rpki commands

RFC-7607 specifically calls out the allowed usage
of AS 0 to signal that the a particular address is
not in use and should be guarded against.  Add
the ability to specify this special AS in the rpki
commands.

eva# show rpki  as-number 0
RPKI/RTR prefix table
Prefix                                   Prefix Length  Origin-AS
2.57.180.0                                  22 -  24   0
2.58.144.0                                  22 -  22   0
2.59.116.0                                  24 -  24   0
4.42.228.0                                  22 -  22   0
5.57.80.0                                   22 -  22   0
<snip>
2a13:df87:b400::                            38 -  38   0
2a13:df84::                                 32 -  32   0
2630::                                      16 -  16   0
Number of IPv4 Prefixes: 1166
Number of IPv6 Prefixes: 617

eva# show rpki prefix 2630::/16 0
Prefix                                   Prefix Length  Origin-AS
2630::                                      16 -  16   0
eva#

Fixes: #15778
Signed-off-by: Donald Sharp <sharpd@nvidia.com>

diff --git a/bgpd/bgp_rpki.c b/bgpd/bgp_rpki.c
index 56b0263bf691047a073c7bf0d45dfc038d4eb50a..67f59edb93077e1af9178e2447d8c70b784bdc04 100644 (file)
--- a/bgpd/bgp_rpki.c
+++ b/bgpd/bgp_rpki.c
@@ -2088,16 +2088,18 @@ DEFPY (show_rpki_prefix_table,
 
 DEFPY (show_rpki_as_number,
        show_rpki_as_number_cmd,
-       "show rpki as-number ASNUM$by_asn [vrf NAME$vrfname] [json$uj]",
+       "show rpki as-number <0$zero|ASNUM$by_asn> [vrf NAME$vrfname] [json$uj]",
        SHOW_STR
        RPKI_OUTPUT_STRING
        "Lookup by ASN in prefix table\n"
+       "AS Number of 0, see RFC-7607\n"
        "AS Number\n"
        VRF_CMD_HELP_STR
        JSON_STR)
 {
        struct json_object *json = NULL;
        struct rpki_vrf *rpki_vrf;
+       as_t as;
 
        if (uj)
                json = json_object_new_object();
@@ -2118,18 +2120,24 @@ DEFPY (show_rpki_as_number,
                return CMD_WARNING;
        }
 
-       print_prefix_table_by_asn(vty, by_asn, rpki_vrf, json);
+       if (zero)
+               as = 0;
+       else
+               as = by_asn;
+
+       print_prefix_table_by_asn(vty, as, rpki_vrf, json);
        return CMD_SUCCESS;
 }
 
 DEFPY (show_rpki_prefix,
        show_rpki_prefix_cmd,
-       "show rpki prefix <A.B.C.D/M|X:X::X:X/M> [ASNUM$asn] [vrf NAME$vrfname] [json$uj]",
+       "show rpki prefix <A.B.C.D/M|X:X::X:X/M> [0$zero|ASNUM$asn] [vrf NAME$vrfname] [json$uj]",
        SHOW_STR
        RPKI_OUTPUT_STRING
        "Lookup IP prefix and optionally ASN in prefix table\n"
        "IPv4 prefix\n"
        "IPv6 prefix\n"
+       "AS Number of 0, see RFC-7607\n"
        "AS Number\n"
        VRF_CMD_HELP_STR
        JSON_STR)
@@ -2138,6 +2146,7 @@ DEFPY (show_rpki_prefix,
        json_object *json_records = NULL;
        enum asnotation_mode asnotation;
        struct rpki_vrf *rpki_vrf;
+       as_t as;
 
        if (uj)
                json = json_object_new_object();
@@ -2153,6 +2162,11 @@ DEFPY (show_rpki_prefix,
                return CMD_WARNING;
        }
 
+       if (zero)
+               as = 0;
+       else
+               as = asn;
+
        struct lrtr_ip_addr addr;
        char addr_str[INET6_ADDRSTRLEN];
        size_t addr_len = strchr(prefix_str, '/') - prefix_str;
@@ -2174,7 +2188,7 @@ DEFPY (show_rpki_prefix,
        enum pfxv_state result;
 
        if (pfx_table_validate_r(rpki_vrf->rtr_config->pfx_table, &matches,
-                                &match_count, asn, &addr, prefix->prefixlen,
+                                &match_count, as, &addr, prefix->prefixlen,
                                 &result) != PFX_SUCCESS) {
                if (json) {
                        json_object_string_add(json, "error", "Prefix lookup failed.");
@@ -2198,7 +2212,7 @@ DEFPY (show_rpki_prefix,
                const struct pfx_record *record = &matches[i];
 
                if (record->max_len >= prefix->prefixlen &&
-                   ((asn != 0 && (uint32_t)asn == record->asn) || asn == 0)) {
+                   ((as != 0 && (uint32_t)as == record->asn) || asn == 0)) {
                        print_record(&matches[i], vty, json_records,
                                     asnotation);
                }

diff --git a/doc/user/rpki.rst b/doc/user/rpki.rst
index 76910ee7b9bf4ef9bd245f4253973e06951ae282..fe9e407ca9c0fbd5c2d9ee4dff8b5b089d356818 100644 (file)
--- a/doc/user/rpki.rst
+++ b/doc/user/rpki.rst
@@ -215,15 +215,18 @@ Displaying RPKI
 
    Display RPKI configuration state including timers values.
 
-.. clicmd:: show rpki prefix <A.B.C.D/M|X:X::X:X/M> [(1-4294967295)] [vrf NAME] [json]
+.. clicmd:: show rpki prefix <A.B.C.D/M|X:X::X:X/M> [ASN] [vrf NAME] [json]
 
    Display validated prefixes received from the cache servers filtered
-   by the specified prefix.
+   by the specified prefix.  The AS number space has been increased
+   to allow the choice of using AS 0 because RFC-7607 specifically
+   calls out the usage of 0 in a special case.
 
 .. clicmd:: show rpki as-number ASN [vrf NAME] [json]
 
    Display validated prefixes received from the cache servers filtered
-   by ASN.
+   by ASN.  The usage of AS 0 is allowed because RFC-76067 specifically
+   calls out the usage of 0 in a special case.
 
 .. clicmd:: show rpki prefix-table [vrf NAME] [json]