diff options
author | Stephen Hemminger <stephen.hemminger@vyatta.com> | 2010-05-17 15:02:54 -0700 |
---|---|---|
committer | Stephen Hemminger <stephen.hemminger@vyatta.com> | 2010-05-17 16:47:04 -0700 |
commit | e4bdb07be73465df0ff3cd01efb4e27e4e9c8c64 (patch) | |
tree | e71542780ddfed4d8cacb43fe76e4e95ed7a8e4a | |
parent | 6950793fedd832ccfb8fda0a35214ffec2a352f9 (diff) | |
download | vyatta-cfg-quagga-e4bdb07be73465df0ff3cd01efb4e27e4e9c8c64.tar.gz vyatta-cfg-quagga-e4bdb07be73465df0ff3cd01efb4e27e4e9c8c64.zip |
Add support for TTL security hops
Bug 4937
Integrate CLI support for TTL hop count security
-rwxr-xr-x | scripts/bgp/vyatta-bgp.pl | 18 | ||||
-rw-r--r-- | templates/protocols/bgp/node.tag/neighbor/node.tag/ttl-security/hops/node.def | 6 |
2 files changed, 23 insertions, 1 deletions
diff --git a/scripts/bgp/vyatta-bgp.pl b/scripts/bgp/vyatta-bgp.pl index 1743e3e4..bdb31f56 100755 --- a/scripts/bgp/vyatta-bgp.pl +++ b/scripts/bgp/vyatta-bgp.pl @@ -129,6 +129,8 @@ my %qcom = ( "protocols bgp var neighbor var distribute-list export" => "router bgp #3 ; neighbor #5 distribute-list #8 out", "protocols bgp var neighbor var distribute-list import" => "router bgp #3 ; neighbor #5 distribute-list #8 in", "protocols bgp var neighbor var ebgp-multihop" => "router bgp #3 ; neighbor #5 ebgp-multihop #7", + "protocols bgp var neighbor var ttl-security" => undef, + "protocols bgp var neighbor var ttl-security hops" => "router bgp #3 ; neighbor #5 ttl-security hops #8", "protocols bgp var neighbor var filter-list" => undef, "protocols bgp var neighbor var filter-list export" => "router bgp #3 ; neighbor #5 filter-list #8 out", "protocols bgp var neighbor var filter-list import" => "router bgp #3 ; neighbor #5 filter-list #8 in", @@ -387,6 +389,8 @@ my %qcomdel = ( "protocols bgp var neighbor var distribute-list export" => "router bgp #3 ; no neighbor #5 distribute-list #8 out", "protocols bgp var neighbor var distribute-list import" => "router bgp #3 ; no neighbor #5 distribute-list #8 in", "protocols bgp var neighbor var ebgp-multihop" => "router bgp #3 ; no neighbor #5 ebgp-multihop", + "protocols bgp var neighbor var ttl-security" => undef, + "protocols bgp var neighbor var ttl-security hops" => "router bgp #3 ; no neighbor #5 ttl-security hops", "protocols bgp var neighbor var filter-list" => undef, "protocols bgp var neighbor var filter-list export" => "router bgp #3 ; no neighbor #5 filter-list #8 out", "protocols bgp var neighbor var filter-list import" => "router bgp #3 ; no neighbor #5 filter-list #8 in", @@ -649,7 +653,14 @@ sub check_neighbor_as { my $config = new Vyatta::Config; $config->setLevel("protocols bgp $as neighbor $neighbor"); my $remoteas = $config->returnValue("remote-as"); - return if defined $remoteas; + my $ttlsecurity = $config->returnValue("ttl-security hops"); + + if ($remoteas) { + my $ebgp = $config->returnValue("ebgp-multihops"); + die "protocols bgp $as neighbor $neighbor: cannot configure both ttl-security hops and ebgp-multihop\n" + if (defined($ttlsecurity) && defined($ebgp)); + return; + } my $peergroup = $config->returnValue("peer-group"); die "protocols bgp $as neighbor $neighbor: must define a remote-as or peer-group\n" @@ -658,6 +669,11 @@ sub check_neighbor_as { my $peergroupas = $config->returnValue(" .. .. peer-group $peergroup remote-as"); die "protocols bgp $as neighbor $neighbor: must define a remote-as in neighbor or peer-group $peergroup\n" unless $peergroupas; + + my $peerebgp = $config->returnValue(".. .. peer-group $peergroup ebgp-multihop"); + + die "protocols bgp $as neighbor $neighbor: cannot configure both ttl-security hops and ebgp-multihop (peer $peergroup)\n" + if (defined($ttlsecurity) && defined($peerebgp)) } # make sure peer-group has a remote-as diff --git a/templates/protocols/bgp/node.tag/neighbor/node.tag/ttl-security/hops/node.def b/templates/protocols/bgp/node.tag/neighbor/node.tag/ttl-security/hops/node.def new file mode 100644 index 00000000..468ebbb1 --- /dev/null +++ b/templates/protocols/bgp/node.tag/neighbor/node.tag/ttl-security/hops/node.def @@ -0,0 +1,6 @@ +type: u32 +help: Set number of the maximum number of hops to the BGP peer +comp_help: possible completions: + <1-254> number of hops +commit:expression: exec "/opt/vyatta/sbin/vyatta-bgp.pl --check-as --as $VAR(../../../@) --neighbor $VAR(../../@)" +syntax:expression: $VAR(@) >=1 && $VAR(@) <= 254; "ttl-security hops must be between 1 and 254" |