Add Roto files to DEB/RPM packages in /etc/rotonda/filters/ dir (reso…

…lves #46) (#51) * Move integration test .roto script files to a new test-data/ directory. * Remove unused .roto files. * Package .roto scripts for installation under /etc/rotonda/filters/. * Mark roto filter files as config files to resolve lintian error `file-in-etc-not-marked-as-conffile`. * Test more aspects of the built packages. * More synchronization of the systemd and non-systemd rotonda.conf file variants. * Use an RFC 6996 private use ASN as the default example value, not an actual ASN.
NLnetLabs · Nov 1, 2023 · 99374ae · 99374ae
1 parent 3d49b4e
commit 99374ae
Show file tree

Hide file tree

Showing 10 changed files with 100 additions and 70 deletions.
diff --git a/Cargo.toml b/Cargo.toml
@@ -96,12 +96,22 @@ assets = [
     ["target/release/rotonda", "usr/bin/", "755"],
     ["README.md", "usr/share/doc/rotonda/", "644"],
     ["doc/rotonda.1", "usr/share/man/man1/rotonda.1", "644"],
-    ["etc/rotonda.conf.system-service", "etc/rotonda/rotonda.conf", "644"]
+    ["etc/rotonda.conf.system-service", "etc/rotonda/rotonda.conf", "644"],
+    ["etc/bgp-in-filter.roto", "etc/rotonda/filters/bgp-in-filter.roto", "644"],
+    ["etc/bmp-in-filter.roto", "etc/rotonda/filters/bmp-in-filter.roto", "644"],
+    ["etc/rib-in-post-filter.roto", "etc/rotonda/filters/rib-in-post-filter.roto", "644"],
+    ["etc/rib-in-pre-filter.roto", "etc/rotonda/filters/rib-in-pre-filter.roto", "644"]
 ]
 maintainer-scripts = "pkg/debian"
 changelog = "target/debian/changelog" # this will be generated by the pkg workflow
 copyright = "Copyright (c) 2023, NLnet Labs. All rights reserved."
-conf-files = ["/etc/rotonda/rotonda.conf"]
+conf-files = [
+    "/etc/rotonda/rotonda.conf",
+    "/etc/rotonda/filters/bgp-in-filter.roto",
+    "/etc/rotonda/filters/bmp-in-filter.roto",
+    "/etc/rotonda/filters/rib-in-post-filter.roto",
+    "/etc/rotonda/filters/rib-in-pre-filter.roto"
+]
 systemd-units = { unit-name = "rotonda", unit-scripts = "pkg/common", enable = false }
 
 [package.metadata.deb.variants.minimal]
@@ -115,7 +125,11 @@ assets = [
     { source = "target/release/rotonda", dest = "/usr/bin/rotonda", mode = "755" },
     { source = "target/rpm/rotonda.service", dest = "/lib/systemd/system/rotonda.service", mode = "644" },
     { source = "doc/rotonda.1", dest = "/usr/share/man/man1/rotonda.1", mode = "644", doc = true },
-    { source = "etc/rotonda.conf.system-service", dest = "/etc/rotonda/rotonda.conf", mode = "644", config = true }
+    { source = "etc/rotonda.conf.system-service", dest = "/etc/rotonda/rotonda.conf", mode = "644", config = true },
+    { source = "etc/bgp-in-filter.roto", dest = "/etc/rotonda/filters/bgp-in-filter.roto", mode = "644", config = true },
+    { source = "etc/bmp-in-filter.roto", dest = "/etc/rotonda/filters/bmp-in-filter.roto", mode = "644", config = true },
+    { source = "etc/rib-in-post-filter.roto", dest = "/etc/rotonda/filters/rib-in-post-filter.roto", mode = "644", config = true },
+    { source = "etc/rib-in-pre-filter.roto", dest = "/etc/rotonda/filters/rib-in-pre-filter.roto", mode = "644", config = true }
 ]
 # These get set using cargo-generate-rpm --set-metadata at package build time.
 #post_install_script = ...

diff --git a/etc/bgp-in-post-filter.roto b/etc/bgp-in-post-filter.roto
diff --git a/etc/bmp-in-post-filter.roto b/etc/bmp-in-post-filter.roto
diff --git a/etc/filter.roto b/etc/filter.roto
diff --git a/etc/rotonda.conf b/etc/rotonda.conf
@@ -807,18 +807,18 @@ log_target = "stderr"      # "stderr", "file" or "syslog"
 log_facility = "daemon"    # used if log_target is "syslog"
 log_file = "./rotonda.log" # used if log_target is "file"
 
-roto_scripts_path = "etc/" # Optional path to a directory from which any .roto
-                           # files present will be loaded into Rotonda. Filter
-                           # names used below refer to blocks in the .roto
-                           # files loaded from this directory.
+# Optional path to a directory from which any .roto files present will be
+# loaded into Rotonda. Filter names used below refer to blocks in the .roto
+# files loaded from this directory.
+roto_scripts_path = "etc/"
 
 http_listen = ["127.0.0.1:8080"]
 
 [units.bgp-in]
 type = "bgp-tcp-in"
 listen = "0.0.0.0:11179"       # TODO: When we can drop privileges make this 179
-my_asn = 211321                # Stichting NLnet Labs
-my_bgp_id = [185, 49, 141, 18] # rusty.nlnetlabs.nl 185.49.141.18
+my_asn = 64512                 # Tip: edit me, or comment this unit out
+my_bgp_id = [0, 0, 0, 0]       # Tip: edit me, or comment this unit out
 filter_name = "bgp-in-filter"
 
 [units.bmp-in]

diff --git a/etc/rotonda.conf.system-service b/etc/rotonda.conf.system-service
@@ -806,11 +806,10 @@ log_level = "info"         # "error", "warn", "info", "debug" or "trace"
 log_target = "syslog"      # "stderr", "file" or "syslog"
 log_facility = "daemon"    # used if log_target is "syslog"
 
-roto_scripts_path = "/etc/rotonda/" # Optional path to a directory from which
-                                    # any .roto files present will be loaded
-                                    # into Rotonda. Filter names used below
-                                    # refer to blocks in the .roto files
-                                    # loaded from this directory.
+# Optional path to a directory from which any .roto files present will be
+# loaded into Rotonda. Filter names used below refer to blocks in the .roto
+# files loaded from this directory.
+roto_scripts_path = "/etc/rotonda/filters/"
 
 http_listen = ["127.0.0.1:8080"]
 

diff --git a/pkg/test-scripts/test-rotonda.sh b/pkg/test-scripts/test-rotonda.sh
@@ -5,10 +5,13 @@ set -x
 
 case $1 in
   post-install)
-    echo -e "\ROTONDA VERSION:"
+    echo -e "\nROTONDA VERSION:"
     VER=$(rotonda --version)
     echo $VER
 
+    echo -e "\nROTONDA CONF DIR:"
+    ls -lR /etc/rotonda/
+
     echo -e "\nROTONDA CONF:"
     cat /etc/rotonda/rotonda.conf
 
@@ -17,11 +20,17 @@ case $1 in
 
     echo -e "\nROTONDA MAN PAGE (first 20 lines only):"
     man -P cat rotonda | head -n 20 || true
+
+    echo -e "\nROTONDA MVP CONFIG DUMP:"
+    rotonda --print-config-and-exit
     ;;
 
   post-upgrade)
     echo -e "\nROTONDA VERSION:"
     rotonda --version
+
+    echo -e "\nROTONDA CONF DIR:"
+    ls -lR /etc/rotonda/
 
     echo -e "\nROTONDA CONF:"
     cat /etc/rotonda/rotonda.conf
@@ -31,5 +40,8 @@ case $1 in
 
     echo -e "\nROTONDA MAN PAGE (first 20 lines only):"
     man -P cat rotonda | head -n 20 || true
+
+    echo -e "\nROTONDA MVP CONFIG DUMP:"
+    rotonda --print-config-and-exit
     ;;
 esac
diff --git a/src/main.rs b/src/main.rs
@@ -214,7 +214,7 @@ mod tests {
         Config::init().unwrap();
 
         let base_config_toml = r#"
-        roto_scripts_path = "etc/"
+        roto_scripts_path = "test-data/"
 
         http_listen = "127.0.0.1:8080"
         log_target = "stderr"

diff --git a/src/mvp.rs b/src/mvp.rs
@@ -238,11 +238,7 @@ mod tests {
         let mut manager = Manager::default();
 
         // when the expected roto scripts exist in the mock filesystem
-        let readable_paths: [(PathBuf, String); 5] = [
-            (
-                "etc/filter.roto".into(),
-                include_str!("../etc/filter.roto").into(),
-            ),
+        let readable_paths: [(PathBuf, String); 4] = [
             (
                 "etc/bgp-in-filter.roto".into(),
                 include_str!("../etc/bgp-in-filter.roto").into(),

diff --git a/test-data/integration-test.roto b/test-data/integration-test.roto
@@ -0,0 +1,58 @@
+filter-map my-module {
+    define {
+        rx_tx bgp_msg: BgpUpdateMessage;
+    }
+
+    term afi-safi-unicast {
+        match {
+            bgp_msg.nlris.afi != IPV4;
+        }
+    }
+
+    action send-message {
+        asn-encounter-report.send({
+            name: "local-broker", // this name can be used by a target to select only messages intended for it
+            topic: "testing",
+            message: String.format("🤭 I encountered {}", "1818")
+        });
+    }
+
+    apply {
+        filter match afi-safi-unicast matching {
+            send-message;
+        };
+    }
+}
+
+filter bmp-in-filter {
+    // Uncomment to use ASN filtering
+    define {
+        rx msg: BmpMessage;
+        filtered_asn = 65000;
+    }
+
+    term has_asn {
+    // Compare the ASN for BMP message types that have a Per Peer Header.
+    // Other message types not mentioned here lack the Per Peer Header and so
+    // do not have a matching ASN and are treated as such. 
+       match msg with {
+           PeerDownNotification(pd_msg) -> pd_msg.per_peer_header.asn == filtered_asn,
+           PeerUpNotification(pu_msg) -> pu_msg.per_peer_header.asn == filtered_asn,
+           RouteMonitoring(rm_msg) -> rm_msg.per_peer_header.asn == filtered_asn,
+           StatisticsReport(sr_msg) -> sr_msg.per_peer_header.asn == filtered_asn,
+       }
+    }
+
+    apply {
+        filter match has_asn matching {
+            return reject;
+        };
+        accept;
+    }
+}
+
+output-stream asn-encounter-report contains Message {
+    name: String, // this is the name of the target that should consume this message
+    topic: String, // the meaning of this is target type specific
+    message: String // this can be one or many fields of any type?
+}