From 8cc6359fdc849def02716cc473662a4e616e97e9 Mon Sep 17 00:00:00 2001
From: Donatas Abraitis <donatas@opensourcerouting.org>
Date: Tue, 19 Nov 2024 16:25:12 +0200
Subject: [PATCH] bgpd: Disable sending ROV extended community by default

https://datatracker.ietf.org/doc/html/rfc8097 defines ROV extended community,
but https://datatracker.ietf.org/doc/draft-ietf-sidrops-avoid-rpki-state-in-bgp
is against sending it by default even for iBGP peers.

Let's do this practice and reverse it.

Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
---
 bgpd/bgp_vty.c                              |  4 +---
 bgpd/bgpd.c                                 | 10 ++--------
 doc/user/bgp.rst                            |  2 +-
 tests/topotests/bgp_rpki_topo1/r2/bgpd.conf |  1 +
 4 files changed, 5 insertions(+), 12 deletions(-)

diff --git a/bgpd/bgp_vty.c b/bgpd/bgp_vty.c
index f4426a5a681d..cba1cdaf1a91 100644
--- a/bgpd/bgp_vty.c
+++ b/bgpd/bgp_vty.c
@@ -19132,9 +19132,7 @@ static void bgp_config_write_peer_af(struct vty *vty, struct bgp *bgp,
 
 		if (peergroup_af_flag_check(peer, afi, safi,
 					    PEER_FLAG_SEND_EXT_COMMUNITY_RPKI))
-			vty_out(vty,
-				"  no neighbor %s send-community extended rpki\n",
-				addr);
+			vty_out(vty, "  neighbor %s send-community extended rpki\n", addr);
 	}
 
 	/* Default information */
diff --git a/bgpd/bgpd.c b/bgpd/bgpd.c
index aa2bd5c3719c..01a12337eaaf 100644
--- a/bgpd/bgpd.c
+++ b/bgpd/bgpd.c
@@ -1565,19 +1565,13 @@ struct peer *peer_new(struct bgp *bgp)
 	/* Set default flags. */
 	FOREACH_AFI_SAFI (afi, safi) {
 		SET_FLAG(peer->af_flags[afi][safi], PEER_FLAG_SEND_COMMUNITY);
-		SET_FLAG(peer->af_flags[afi][safi],
-			 PEER_FLAG_SEND_EXT_COMMUNITY);
-		SET_FLAG(peer->af_flags[afi][safi],
-			 PEER_FLAG_SEND_EXT_COMMUNITY_RPKI);
+		SET_FLAG(peer->af_flags[afi][safi], PEER_FLAG_SEND_EXT_COMMUNITY);
 		SET_FLAG(peer->af_flags[afi][safi],
 			 PEER_FLAG_SEND_LARGE_COMMUNITY);
 
 		SET_FLAG(peer->af_flags_invert[afi][safi],
 			 PEER_FLAG_SEND_COMMUNITY);
-		SET_FLAG(peer->af_flags_invert[afi][safi],
-			 PEER_FLAG_SEND_EXT_COMMUNITY);
-		SET_FLAG(peer->af_flags_invert[afi][safi],
-			 PEER_FLAG_SEND_EXT_COMMUNITY_RPKI);
+		SET_FLAG(peer->af_flags_invert[afi][safi], PEER_FLAG_SEND_EXT_COMMUNITY);
 		SET_FLAG(peer->af_flags_invert[afi][safi],
 			 PEER_FLAG_SEND_LARGE_COMMUNITY);
 		peer->addpath_type[afi][safi] = BGP_ADDPATH_NONE;
diff --git a/doc/user/bgp.rst b/doc/user/bgp.rst
index 0c7fcecb9b96..c0db7f2b875f 100644
--- a/doc/user/bgp.rst
+++ b/doc/user/bgp.rst
@@ -1803,7 +1803,7 @@ Configuring Peers
    Send the extended RPKI communities to the peer. RPKI extended community
    can be send only to iBGP and eBGP-OAD peers.
 
-   Default: enabled.
+   Default: disabled.
 
 .. clicmd:: neighbor PEER weight WEIGHT
 
diff --git a/tests/topotests/bgp_rpki_topo1/r2/bgpd.conf b/tests/topotests/bgp_rpki_topo1/r2/bgpd.conf
index 4de177dc2586..e5dc7f65f93b 100644
--- a/tests/topotests/bgp_rpki_topo1/r2/bgpd.conf
+++ b/tests/topotests/bgp_rpki_topo1/r2/bgpd.conf
@@ -9,6 +9,7 @@ router bgp 65002
  neighbor 192.168.4.4 timers connect 1
  address-family ipv4 unicast
   neighbor 192.168.4.4 next-hop-self
+  neighbor 192.168.4.4 send-community extended rpki
  exit-address-family
 !
 router bgp 65002 vrf vrf10