summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorStephen Hemminger <stephen.hemminger@vyatta.com>2010-05-17 15:02:54 -0700
committerStephen Hemminger <stephen.hemminger@vyatta.com>2010-05-17 16:47:04 -0700
commite4bdb07be73465df0ff3cd01efb4e27e4e9c8c64 (patch)
treee71542780ddfed4d8cacb43fe76e4e95ed7a8e4a
parent6950793fedd832ccfb8fda0a35214ffec2a352f9 (diff)
downloadvyatta-cfg-quagga-e4bdb07be73465df0ff3cd01efb4e27e4e9c8c64.tar.gz
vyatta-cfg-quagga-e4bdb07be73465df0ff3cd01efb4e27e4e9c8c64.zip
Add support for TTL security hops
Bug 4937 Integrate CLI support for TTL hop count security
-rwxr-xr-xscripts/bgp/vyatta-bgp.pl18
-rw-r--r--templates/protocols/bgp/node.tag/neighbor/node.tag/ttl-security/hops/node.def6
2 files changed, 23 insertions, 1 deletions
diff --git a/scripts/bgp/vyatta-bgp.pl b/scripts/bgp/vyatta-bgp.pl
index 1743e3e4..bdb31f56 100755
--- a/scripts/bgp/vyatta-bgp.pl
+++ b/scripts/bgp/vyatta-bgp.pl
@@ -129,6 +129,8 @@ my %qcom = (
"protocols bgp var neighbor var distribute-list export" => "router bgp #3 ; neighbor #5 distribute-list #8 out",
"protocols bgp var neighbor var distribute-list import" => "router bgp #3 ; neighbor #5 distribute-list #8 in",
"protocols bgp var neighbor var ebgp-multihop" => "router bgp #3 ; neighbor #5 ebgp-multihop #7",
+ "protocols bgp var neighbor var ttl-security" => undef,
+ "protocols bgp var neighbor var ttl-security hops" => "router bgp #3 ; neighbor #5 ttl-security hops #8",
"protocols bgp var neighbor var filter-list" => undef,
"protocols bgp var neighbor var filter-list export" => "router bgp #3 ; neighbor #5 filter-list #8 out",
"protocols bgp var neighbor var filter-list import" => "router bgp #3 ; neighbor #5 filter-list #8 in",
@@ -387,6 +389,8 @@ my %qcomdel = (
"protocols bgp var neighbor var distribute-list export" => "router bgp #3 ; no neighbor #5 distribute-list #8 out",
"protocols bgp var neighbor var distribute-list import" => "router bgp #3 ; no neighbor #5 distribute-list #8 in",
"protocols bgp var neighbor var ebgp-multihop" => "router bgp #3 ; no neighbor #5 ebgp-multihop",
+ "protocols bgp var neighbor var ttl-security" => undef,
+ "protocols bgp var neighbor var ttl-security hops" => "router bgp #3 ; no neighbor #5 ttl-security hops",
"protocols bgp var neighbor var filter-list" => undef,
"protocols bgp var neighbor var filter-list export" => "router bgp #3 ; no neighbor #5 filter-list #8 out",
"protocols bgp var neighbor var filter-list import" => "router bgp #3 ; no neighbor #5 filter-list #8 in",
@@ -649,7 +653,14 @@ sub check_neighbor_as {
my $config = new Vyatta::Config;
$config->setLevel("protocols bgp $as neighbor $neighbor");
my $remoteas = $config->returnValue("remote-as");
- return if defined $remoteas;
+ my $ttlsecurity = $config->returnValue("ttl-security hops");
+
+ if ($remoteas) {
+ my $ebgp = $config->returnValue("ebgp-multihops");
+ die "protocols bgp $as neighbor $neighbor: cannot configure both ttl-security hops and ebgp-multihop\n"
+ if (defined($ttlsecurity) && defined($ebgp));
+ return;
+ }
my $peergroup = $config->returnValue("peer-group");
die "protocols bgp $as neighbor $neighbor: must define a remote-as or peer-group\n"
@@ -658,6 +669,11 @@ sub check_neighbor_as {
my $peergroupas = $config->returnValue(" .. .. peer-group $peergroup remote-as");
die "protocols bgp $as neighbor $neighbor: must define a remote-as in neighbor or peer-group $peergroup\n"
unless $peergroupas;
+
+ my $peerebgp = $config->returnValue(".. .. peer-group $peergroup ebgp-multihop");
+
+ die "protocols bgp $as neighbor $neighbor: cannot configure both ttl-security hops and ebgp-multihop (peer $peergroup)\n"
+ if (defined($ttlsecurity) && defined($peerebgp))
}
# make sure peer-group has a remote-as
diff --git a/templates/protocols/bgp/node.tag/neighbor/node.tag/ttl-security/hops/node.def b/templates/protocols/bgp/node.tag/neighbor/node.tag/ttl-security/hops/node.def
new file mode 100644
index 00000000..468ebbb1
--- /dev/null
+++ b/templates/protocols/bgp/node.tag/neighbor/node.tag/ttl-security/hops/node.def
@@ -0,0 +1,6 @@
+type: u32
+help: Set number of the maximum number of hops to the BGP peer
+comp_help: possible completions:
+ <1-254> number of hops
+commit:expression: exec "/opt/vyatta/sbin/vyatta-bgp.pl --check-as --as $VAR(../../../@) --neighbor $VAR(../../@)"
+syntax:expression: $VAR(@) >=1 && $VAR(@) <= 254; "ttl-security hops must be between 1 and 254"