summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rwxr-xr-xscripts/bgp/vyatta-bgp.pl97
-rw-r--r--templates/protocols/bgp/node.tag/neighbor/node.def4
-rw-r--r--templates/protocols/bgp/node.tag/neighbor/node.tag/advertisement-interval/node.def2
-rw-r--r--templates/protocols/bgp/node.tag/neighbor/node.tag/allowas-in/node.def2
-rw-r--r--templates/protocols/bgp/node.tag/neighbor/node.tag/allowas-in/number/node.def2
-rw-r--r--templates/protocols/bgp/node.tag/neighbor/node.tag/attribute-unchanged/as-path/node.def1
-rw-r--r--templates/protocols/bgp/node.tag/neighbor/node.tag/attribute-unchanged/med/node.def1
-rw-r--r--templates/protocols/bgp/node.tag/neighbor/node.tag/attribute-unchanged/next-hop/node.def1
-rw-r--r--templates/protocols/bgp/node.tag/neighbor/node.tag/attribute-unchanged/node.def3
-rw-r--r--templates/protocols/bgp/node.tag/neighbor/node.tag/capability/dynamic/node.def2
-rw-r--r--templates/protocols/bgp/node.tag/neighbor/node.tag/capability/orf/prefix-list/receive/node.def3
-rw-r--r--templates/protocols/bgp/node.tag/neighbor/node.tag/capability/orf/prefix-list/send/node.def3
-rw-r--r--templates/protocols/bgp/node.tag/neighbor/node.tag/default-originate/node.def3
-rw-r--r--templates/protocols/bgp/node.tag/neighbor/node.tag/default-originate/route-map/node.def1
-rw-r--r--templates/protocols/bgp/node.tag/neighbor/node.tag/disable-connected-check/node.def2
-rw-r--r--templates/protocols/bgp/node.tag/neighbor/node.tag/distribute-list/in/node.def3
-rw-r--r--templates/protocols/bgp/node.tag/neighbor/node.tag/distribute-list/node.def1
-rw-r--r--templates/protocols/bgp/node.tag/neighbor/node.tag/distribute-list/out/node.def3
-rw-r--r--templates/protocols/bgp/node.tag/neighbor/node.tag/dont-capability-negotiate/node.def2
-rw-r--r--templates/protocols/bgp/node.tag/neighbor/node.tag/ebgp-multihop/node.def2
-rw-r--r--templates/protocols/bgp/node.tag/neighbor/node.tag/enforce-multihop/node.def2
-rw-r--r--templates/protocols/bgp/node.tag/neighbor/node.tag/filter-list/in/node.def3
-rw-r--r--templates/protocols/bgp/node.tag/neighbor/node.tag/filter-list/node.def1
-rw-r--r--templates/protocols/bgp/node.tag/neighbor/node.tag/filter-list/out/node.def3
-rw-r--r--templates/protocols/bgp/node.tag/neighbor/node.tag/interface/node.def2
-rw-r--r--templates/protocols/bgp/node.tag/neighbor/node.tag/local-as/local-as/node.def3
-rw-r--r--templates/protocols/bgp/node.tag/neighbor/node.tag/local-as/no-prepend/node.def1
-rw-r--r--templates/protocols/bgp/node.tag/neighbor/node.tag/local-as/node.def3
-rw-r--r--templates/protocols/bgp/node.tag/neighbor/node.tag/maximum-prefix/node.def2
-rw-r--r--templates/protocols/bgp/node.tag/neighbor/node.tag/nexthop-self/node.def3
-rw-r--r--templates/protocols/bgp/node.tag/neighbor/node.tag/no-activate/node.def2
-rw-r--r--templates/protocols/bgp/node.tag/neighbor/node.tag/no-send-community/extended/node.def3
-rw-r--r--templates/protocols/bgp/node.tag/neighbor/node.tag/no-send-community/node.def1
-rw-r--r--templates/protocols/bgp/node.tag/neighbor/node.tag/no-send-community/standard/node.def2
-rw-r--r--templates/protocols/bgp/node.tag/neighbor/node.tag/override-capability/node.def3
-rw-r--r--templates/protocols/bgp/node.tag/neighbor/node.tag/passive/node.def2
-rw-r--r--templates/protocols/bgp/node.tag/neighbor/node.tag/password/node.def2
-rw-r--r--templates/protocols/bgp/node.tag/neighbor/node.tag/peer-group/node.def10
-rw-r--r--templates/protocols/bgp/node.tag/neighbor/node.tag/port/node.def2
-rw-r--r--templates/protocols/bgp/node.tag/neighbor/node.tag/prefix-list/in/node.def3
-rw-r--r--templates/protocols/bgp/node.tag/neighbor/node.tag/prefix-list/node.def1
-rw-r--r--templates/protocols/bgp/node.tag/neighbor/node.tag/prefix-list/out/node.def3
-rw-r--r--templates/protocols/bgp/node.tag/neighbor/node.tag/remove-private-as/node.def3
-rw-r--r--templates/protocols/bgp/node.tag/neighbor/node.tag/route-map/export/node.def3
-rw-r--r--templates/protocols/bgp/node.tag/neighbor/node.tag/route-map/import/node.def3
-rw-r--r--templates/protocols/bgp/node.tag/neighbor/node.tag/route-map/node.def1
-rw-r--r--templates/protocols/bgp/node.tag/neighbor/node.tag/route-reflector-client/node.def3
-rw-r--r--templates/protocols/bgp/node.tag/neighbor/node.tag/route-server-client/node.def3
-rw-r--r--templates/protocols/bgp/node.tag/neighbor/node.tag/shutdown/node.def2
-rw-r--r--templates/protocols/bgp/node.tag/neighbor/node.tag/soft-reconfiguration/inbound/node.def2
-rw-r--r--templates/protocols/bgp/node.tag/neighbor/node.tag/soft-reconfiguration/node.def1
-rw-r--r--templates/protocols/bgp/node.tag/neighbor/node.tag/strict-capability-match/node.def3
-rw-r--r--templates/protocols/bgp/node.tag/neighbor/node.tag/timers/connect/node.def1
-rw-r--r--templates/protocols/bgp/node.tag/neighbor/node.tag/timers/holdtime/node.def1
-rw-r--r--templates/protocols/bgp/node.tag/neighbor/node.tag/timers/keepalive/node.def1
-rw-r--r--templates/protocols/bgp/node.tag/neighbor/node.tag/timers/node.def3
-rw-r--r--templates/protocols/bgp/node.tag/neighbor/node.tag/unsuppress-map/node.def3
-rw-r--r--templates/protocols/bgp/node.tag/neighbor/node.tag/update-source/node.def2
-rw-r--r--templates/protocols/bgp/node.tag/neighbor/node.tag/weight/node.def2
59 files changed, 165 insertions, 67 deletions
diff --git a/scripts/bgp/vyatta-bgp.pl b/scripts/bgp/vyatta-bgp.pl
index d20ad8fa..059ce1a5 100755
--- a/scripts/bgp/vyatta-bgp.pl
+++ b/scripts/bgp/vyatta-bgp.pl
@@ -1,15 +1,33 @@
#!/usr/bin/perl
use lib "/opt/vyatta/share/perl5/";
+use VyattaConfig;
use VyattaMisc;
use Getopt::Long;
GetOptions("check-peer-name=s" => \$peername,
+ "check-as" => \$checkas,
+ "check-peer-groups" => \$checkpeergroups,
+ "peergroup=s" => \$pg,
+ "as=s" => \$as,
+ "neighbor=s" => \$neighbor,
);
-if (defined $peername) { check_peer_name($peername); }
+if (defined $peername) { check_peer_name($peername); }
+elsif (defined $checkpeergroups &&
+ defined $pg &&
+ defined $as) { check_for_peer_groups($pg, $as); }
+elsif (defined $neighbor &&
+ defined $as &&
+ defined $checkas &&
+ defined $pg) { check_as($pg, $neighbor, $as); }
+elsif (defined $neighbor &&
+ defined $as &&
+ defined $checkas) { check_as(-1, $neighbor, $as); }
+
exit 0;
+# Make sure the neighbor is a proper IP or name
sub check_peer_name() {
my $neighbor = shift;
@@ -18,5 +36,80 @@ sub check_peer_name() {
print "malformed neighbor address $neighbor\n";
exit 1;
}
- exit 0;
+}
+
+# Make sure we aren't deleteing a peer-group that has
+# neighbors configured to us it
+sub check_for_peer_groups() {
+ my $config = new VyattaConfig;
+ my $pg = shift;
+ my $as = shift;
+ my $node = $pg;
+ my @peers, @neighbors;
+
+ # short circuit if the neighbor is an IP rather than name
+ $node =~ s/\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}//;
+ if ($node eq "") { return; }
+
+ # get the list of neighbors and see if they have a peer-group set
+ $config->setLevel("protocols bgp $as neighbor");
+ my @neighbors = $config->listNodes();
+
+ foreach $node (@neighbors) {
+ my $peergroup = $config->returnValue("$node peer-group");
+ if ($peergroup eq $pg) { push @peers, $node; }
+ }
+
+ # if we found peers in the previous statements
+ # notify an return errors
+ if (@peers) {
+ foreach $node (@peers) {
+ print "neighbor $node uses peer-group $pg\n";
+ }
+
+ print "please delete these peers before removing the peer-group\n";
+ exit 1;
+ }
+
+ return;
+}
+
+# make sure nodes are either in a peer group of have
+# a remote AS assigned to them.
+sub check_as() {
+ my $pg = shift;
+ my $neighbor = shift;
+ my $as = shift;
+ my $config = new VyattaConfig;
+ my $pgtest = $neighbor;
+
+ # if this is peer-group then short circuit this
+ $pgtest =~ s/\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}//;
+ if ($pgtest ne "") { return; }
+
+ $config->setLevel("protocols bgp $as neighbor $neighbor");
+ $remoteas = $config->returnValue("remote-as");
+
+ if (! defined $remoteas) {
+ if ($pg > 0) {
+ $peergroup = 1;
+ $peergroupas = 1;
+ }
+ else {
+ $peergroup = $config->returnValue("peer-group");
+ $peergroupas = $config->returnValue(" .. $peergroup remote-as");
+ }
+
+ if (! defined $peergroup) {
+ print "You must define a remote-as or peer-group for neighbor $neighbor before commiting\n";
+ exit 1;
+ }
+
+ if (! defined $peergroupas) {
+ print "You must define a remote-as in neighbor $neighbor or peer-group $peergroup before commiting\n";
+ exit 1;
+ }
+ }
+
+ return;
}
diff --git a/templates/protocols/bgp/node.tag/neighbor/node.def b/templates/protocols/bgp/node.tag/neighbor/node.def
index b3f2eb82..a655ae93 100644
--- a/templates/protocols/bgp/node.tag/neighbor/node.def
+++ b/templates/protocols/bgp/node.tag/neighbor/node.def
@@ -2,8 +2,8 @@ tag:
type: txt
help: "Specify neighbor router"
syntax: exec "/opt/vyatta/sbin/vyatta-bgp.pl --check-peer-name $(@)"
-# if this neighbor has a text name it is a peer group. setup the peer-group option
update: "if [ -n \"`echo $(@) | sed 's/[0-9]\\{1,3\\}.[0-9]\\{1,3\\}.[0-9]\\{1,3\\}.[0-9]\\{1,3\\}//'`\" ]; then \
/usr/bin/vtysh -c \"configure terminal\" -c\"router bgp $(../@)\" -c\"neighbor $(@) peer-group\" ; \
fi ; "
-delete: "/usr/bin/vtysh -c \"configure terminal\" -c\"router bgp $(../@)\" -c\"no neighbor $(@) \" "
+delete: "/opt/vyatta/sbin/vyatta-bgp.pl --check-peer-groups --peergroup $(@) --as $(../@); \
+ /usr/bin/vtysh -c \"configure terminal\" -c\"router bgp $(../@)\" -c\"no neighbor $(@) \" "
diff --git a/templates/protocols/bgp/node.tag/neighbor/node.tag/advertisement-interval/node.def b/templates/protocols/bgp/node.tag/neighbor/node.tag/advertisement-interval/node.def
index 9ae0051d..89406145 100644
--- a/templates/protocols/bgp/node.tag/neighbor/node.tag/advertisement-interval/node.def
+++ b/templates/protocols/bgp/node.tag/neighbor/node.tag/advertisement-interval/node.def
@@ -1,7 +1,7 @@
type: u32
help: "Minimum interval between sending BGP routing updates"
syntax: $(@) >= 0 && $(@) <= 600; "remote-as must be between 0 and 600"
-commit: ($(../peer-group/) != "") || ($(../remote-as/) != ""); "remote-as or peer-group must be specified first"
+commit: exec "/opt/vyatta/sbin/vyatta-bgp.pl --check-as --as $(../../@) --neighbor $(../@)"
update: "if [ -n \"$(../remote-as/@)\" ]; then \
peer=\"remote-as $(../remote-as/@)\"; \
else \
diff --git a/templates/protocols/bgp/node.tag/neighbor/node.tag/allowas-in/node.def b/templates/protocols/bgp/node.tag/neighbor/node.tag/allowas-in/node.def
index a1cebf2e..e8cb6c9e 100644
--- a/templates/protocols/bgp/node.tag/neighbor/node.tag/allowas-in/node.def
+++ b/templates/protocols/bgp/node.tag/neighbor/node.tag/allowas-in/node.def
@@ -1,5 +1,5 @@
help: "Accept as-path with my AS present in it."
-commit: ($(../peer-group/@) != "") || ($(../remote-as/@) != ""); "remote-as or peer-group must be specified before commit"
+commit: exec "/opt/vyatta/sbin/vyatta-bgp.pl --check-as --as $(../../@) --neighbor $(../@)"
delete: "touch /tmp/bgp-neighbor-$(../@)-allowas-in.\\$PPID"
end: "/usr/bin/vtysh -c \"configure terminal\" -c \"router bgp $(../../@)\" \
-c \"no neighbor $(../@) allowas-in \"; \
diff --git a/templates/protocols/bgp/node.tag/neighbor/node.tag/allowas-in/number/node.def b/templates/protocols/bgp/node.tag/neighbor/node.tag/allowas-in/number/node.def
index e3a85be5..468dfa3c 100644
--- a/templates/protocols/bgp/node.tag/neighbor/node.tag/allowas-in/number/node.def
+++ b/templates/protocols/bgp/node.tag/neighbor/node.tag/allowas-in/number/node.def
@@ -1,4 +1,4 @@
type: u32
help: "Number of occurrences of AS number"
syntax: $(@) >= 1 && $(@) <= 10; "allowas-in number must be between 1 and 10"
-commit: ($(../../peer-group/) != "") || ($(../../remote-as/) != ""); "remote-as or peer-group must be specified before commit"
+commit: exec "/opt/vyatta/sbin/vyatta-bgp.pl --check-as --as $(../../../@) --neighbor $(../../@)"
diff --git a/templates/protocols/bgp/node.tag/neighbor/node.tag/attribute-unchanged/as-path/node.def b/templates/protocols/bgp/node.tag/neighbor/node.tag/attribute-unchanged/as-path/node.def
index b7238bea..a004417e 100644
--- a/templates/protocols/bgp/node.tag/neighbor/node.tag/attribute-unchanged/as-path/node.def
+++ b/templates/protocols/bgp/node.tag/neighbor/node.tag/attribute-unchanged/as-path/node.def
@@ -1,2 +1 @@
help: "AS path attribute"
-commit: ($(../../peer-group/) != "") || ($(../../remote-as/) != ""); "remote-as or peer-group must be specified before commit"
diff --git a/templates/protocols/bgp/node.tag/neighbor/node.tag/attribute-unchanged/med/node.def b/templates/protocols/bgp/node.tag/neighbor/node.tag/attribute-unchanged/med/node.def
index b770c14b..ad1fd4f3 100644
--- a/templates/protocols/bgp/node.tag/neighbor/node.tag/attribute-unchanged/med/node.def
+++ b/templates/protocols/bgp/node.tag/neighbor/node.tag/attribute-unchanged/med/node.def
@@ -1,2 +1 @@
help: "Multi-exit discriminator attribute"
-commit: ($(../../peer-group/) != "") || ($(../../remote-as/) != ""); "remote-as or peer-group must be specified before commit"
diff --git a/templates/protocols/bgp/node.tag/neighbor/node.tag/attribute-unchanged/next-hop/node.def b/templates/protocols/bgp/node.tag/neighbor/node.tag/attribute-unchanged/next-hop/node.def
index f5a908a3..13cba663 100644
--- a/templates/protocols/bgp/node.tag/neighbor/node.tag/attribute-unchanged/next-hop/node.def
+++ b/templates/protocols/bgp/node.tag/neighbor/node.tag/attribute-unchanged/next-hop/node.def
@@ -1,2 +1 @@
help: "Nexthop attribute"
-commit: ($(../../peer-group/) != "") || ($(../../remote-as/) != ""); "remote-as or peer-group must be specified before commit"
diff --git a/templates/protocols/bgp/node.tag/neighbor/node.tag/attribute-unchanged/node.def b/templates/protocols/bgp/node.tag/neighbor/node.tag/attribute-unchanged/node.def
index c1cf0737..8dd65018 100644
--- a/templates/protocols/bgp/node.tag/neighbor/node.tag/attribute-unchanged/node.def
+++ b/templates/protocols/bgp/node.tag/neighbor/node.tag/attribute-unchanged/node.def
@@ -1,5 +1,6 @@
help: "BGP attribute is propagated unchanged to this neighbor"
-commit: ($(../peer-group/) != "") || ($(../remote-as/) != ""); "remote-as or peer-group must be specified before commit"
+commit: exec "/opt/vyatta/sbin/vyatta-bgp.pl --check-as --as $(../../@) --neighbor $(../@)"
+commit: $(../peer-group/) == ""; "You can't set attribute-unchanged for neighbor $(../@) in peer-group $(../peer-group/@)"
delete: "touch /tmp/bgp-neighbor-$(../@)-attribute-unchanged.\\$PPID"
end: "/usr/bin/vtysh -c \"configure terminal\" -c \"router bgp $(../../@)\" \
-c \"no neighbor $(../@) attribute-unchanged \"; \
diff --git a/templates/protocols/bgp/node.tag/neighbor/node.tag/capability/dynamic/node.def b/templates/protocols/bgp/node.tag/neighbor/node.tag/capability/dynamic/node.def
index 49afb733..0e354176 100644
--- a/templates/protocols/bgp/node.tag/neighbor/node.tag/capability/dynamic/node.def
+++ b/templates/protocols/bgp/node.tag/neighbor/node.tag/capability/dynamic/node.def
@@ -1,5 +1,5 @@
help: "Advertise dynamic capability to this neighbor"
-commit: ($(../../peer-group/) != "") || ($(../../remote-as/) != ""); "remote-as or peer-group must be specified before commit"
+commit: exec "/opt/vyatta/sbin/vyatta-bgp.pl --check-as --as $(../../../@) --neighbor $(../../@)"
update: "if [ -n \"$(../../remote-as/@)\" ]; then \
peer=\"remote-as $(../../remote-as/@)\"; \
else \
diff --git a/templates/protocols/bgp/node.tag/neighbor/node.tag/capability/orf/prefix-list/receive/node.def b/templates/protocols/bgp/node.tag/neighbor/node.tag/capability/orf/prefix-list/receive/node.def
index 41b24925..89b4cd60 100644
--- a/templates/protocols/bgp/node.tag/neighbor/node.tag/capability/orf/prefix-list/receive/node.def
+++ b/templates/protocols/bgp/node.tag/neighbor/node.tag/capability/orf/prefix-list/receive/node.def
@@ -1,5 +1,6 @@
help: "Capability to RECEIVE the ORF to this neighbor"
-commit: ($(../../../../peer-group/) != "") || ($(../../../../remote-as/) != ""); "remote-as or peer-group must be specified before commit"
+commit: exec "/opt/vyatta/sbin/vyatta-bgp.pl --check-as --as $(../../../../../@) --neighbor $(../../../../@)"
+commit: $(../../../../peer-group/) == ""; "You can't set orf capability receive for neighbor $(../../../../@) in peer-group $(../../../../peer-group/@)"
update: "if [ -n \"$(../../../../remote-as/@)\" ]; then \
peer=\"remote-as $(../../../../remote-as/@)\"; \
else \
diff --git a/templates/protocols/bgp/node.tag/neighbor/node.tag/capability/orf/prefix-list/send/node.def b/templates/protocols/bgp/node.tag/neighbor/node.tag/capability/orf/prefix-list/send/node.def
index 99ee3e9d..e26917ac 100644
--- a/templates/protocols/bgp/node.tag/neighbor/node.tag/capability/orf/prefix-list/send/node.def
+++ b/templates/protocols/bgp/node.tag/neighbor/node.tag/capability/orf/prefix-list/send/node.def
@@ -1,5 +1,6 @@
help: "Capability to SEND the ORF to this neighbor"
-commit: ($(../../../../peer-group/) != "") || ($(../../../../remote-as/) != ""); "remote-as or peer-group must be specified before commit"
+commit: exec "/opt/vyatta/sbin/vyatta-bgp.pl --check-as --as $(../../../../../@) --neighbor $(../../../../@)"
+commit: $(../../../../peer-group/) == ""; "You can't set capability orf send for neighbor $(../../../../@) in peer-group $(../../../../peer-group/@)"
update: "if [ -n \"$(../../../../remote-as/@)\" ]; then \
peer=\"remote-as $(../../../../remote-as/@)\"; \
else \
diff --git a/templates/protocols/bgp/node.tag/neighbor/node.tag/default-originate/node.def b/templates/protocols/bgp/node.tag/neighbor/node.tag/default-originate/node.def
index a1eb6bfb..b781dcaf 100644
--- a/templates/protocols/bgp/node.tag/neighbor/node.tag/default-originate/node.def
+++ b/templates/protocols/bgp/node.tag/neighbor/node.tag/default-originate/node.def
@@ -1,5 +1,6 @@
help: "Originate default route to this neighbor"
-commit: ($(../peer-group/) != "") || ($(../remote-as/) != ""); "remote-as or peer-group must be specified before commit"
+commit: exec "/opt/vyatta/sbin/vyatta-bgp.pl --check-as --as $(../../@) --neighbor $(../@)"
+commit: $(../peer-group/) == ""; "You can't set default-originate for neighbor $(../@) in peer-group $(../peer-group/@)"
delete: "touch /tmp/bgp-neighbor-$(../@)-default-originate.\\$PPID"
end: "/usr/bin/vtysh -c \"configure terminal\" -c \"router bgp $(../../@)\" \
-c \"no neighbor $(../@) default-originate \"; \
diff --git a/templates/protocols/bgp/node.tag/neighbor/node.tag/default-originate/route-map/node.def b/templates/protocols/bgp/node.tag/neighbor/node.tag/default-originate/route-map/node.def
index ae918ddc..8c437d12 100644
--- a/templates/protocols/bgp/node.tag/neighbor/node.tag/default-originate/route-map/node.def
+++ b/templates/protocols/bgp/node.tag/neighbor/node.tag/default-originate/route-map/node.def
@@ -1,3 +1,4 @@
type: txt
help: "Route-map to specify criteria to originate default"
commit: exec "/opt/vyatta/sbin/vyatta_quagga_utils.pl --exists \"policy route-map $(@)\" " "; "route-map $(@) doesn't exist"
+commit: $(../../peer-group/) == ""; "You can't set a default-originate route-map for neighbor $(../../@) in peer-group $(../../peer-group/@)"
diff --git a/templates/protocols/bgp/node.tag/neighbor/node.tag/disable-connected-check/node.def b/templates/protocols/bgp/node.tag/neighbor/node.tag/disable-connected-check/node.def
index 3b862fc2..8a7199f3 100644
--- a/templates/protocols/bgp/node.tag/neighbor/node.tag/disable-connected-check/node.def
+++ b/templates/protocols/bgp/node.tag/neighbor/node.tag/disable-connected-check/node.def
@@ -1,5 +1,5 @@
help: "One hop distant EBGP peer using loopback address"
-commit: ($(../peer-group/) != "") || ($(../remote-as/) != ""); "remote-as or peer-group must be specified before commit"
+commit: exec "/opt/vyatta/sbin/vyatta-bgp.pl --check-as --as $(../../@) --neighbor $(../@)"
update: "if [ -n \"$(../remote-as/@)\" ]; then \
peer=\"remote-as $(../remote-as/@)\"; \
else \
diff --git a/templates/protocols/bgp/node.tag/neighbor/node.tag/distribute-list/in/node.def b/templates/protocols/bgp/node.tag/neighbor/node.tag/distribute-list/in/node.def
index f12c5a0f..32f406c5 100644
--- a/templates/protocols/bgp/node.tag/neighbor/node.tag/distribute-list/in/node.def
+++ b/templates/protocols/bgp/node.tag/neighbor/node.tag/distribute-list/in/node.def
@@ -1,6 +1,7 @@
type: u32
help: "Filter incoming updates"
-commit: ($(../../peer-group/) != "") || ($(../../remote-as/) != ""); "remote-as or peer-group must be specified before commit"
+commit: exec "/opt/vyatta/sbin/vyatta-bgp.pl --check-as --as $(../../../@) --neighbor $(../../@)"
+commit: $(../../peer-group/) == ""; "You can't set a distribute-list for neighbor $(../../@) in peer-group $(../../peer-group/@)"
commit: exec "/opt/vyatta/sbin/vyatta_quagga_utils.pl --exists \"policy access-list $(@)\" ";"access-list $(@) doesn't exist"
update: "if [ -n \"$(../../remote-as/@)\" ]; then \
peer=\"remote-as $(../../remote-as/@)\"; \
diff --git a/templates/protocols/bgp/node.tag/neighbor/node.tag/distribute-list/node.def b/templates/protocols/bgp/node.tag/neighbor/node.tag/distribute-list/node.def
index 0c3731c0..8e96b2b5 100644
--- a/templates/protocols/bgp/node.tag/neighbor/node.tag/distribute-list/node.def
+++ b/templates/protocols/bgp/node.tag/neighbor/node.tag/distribute-list/node.def
@@ -1,2 +1 @@
help: "Filter updates to/from this neighbor"
-commit: ($(../peer-group/@) != "") || ($(../remote-as/@) != ""); "remote-as or peer-group must be specified before commit"
diff --git a/templates/protocols/bgp/node.tag/neighbor/node.tag/distribute-list/out/node.def b/templates/protocols/bgp/node.tag/neighbor/node.tag/distribute-list/out/node.def
index ed6ce2d1..7d70fae2 100644
--- a/templates/protocols/bgp/node.tag/neighbor/node.tag/distribute-list/out/node.def
+++ b/templates/protocols/bgp/node.tag/neighbor/node.tag/distribute-list/out/node.def
@@ -1,6 +1,7 @@
type: u32
help: "Filter outgoing updates"
-commit: ($(../../peer-group/) != "") || ($(../../remote-as/) != ""); "remote-as or peer-group must be specified before commit"
+commit: exec "/opt/vyatta/sbin/vyatta-bgp.pl --check-as --as $(../../../@) --neighbor $(../../@)"
+commit: $(../../peer-group/) == ""; "You can't set a distribute-list for neighbor $(../../@) in peer-group $(../../peer-group/@)"
commit: exec "/opt/vyatta/sbin/vyatta_quagga_utils.pl --exists \"policy access-list $(@)\" ";"access-list $(@) doesn't exist"
update: "if [ -n \"$(../../remote-as/@)\" ]; then \
peer=\"remote-as $(../../remote-as/@)\"; \
diff --git a/templates/protocols/bgp/node.tag/neighbor/node.tag/dont-capability-negotiate/node.def b/templates/protocols/bgp/node.tag/neighbor/node.tag/dont-capability-negotiate/node.def
index c0bd172b..6dc7c734 100644
--- a/templates/protocols/bgp/node.tag/neighbor/node.tag/dont-capability-negotiate/node.def
+++ b/templates/protocols/bgp/node.tag/neighbor/node.tag/dont-capability-negotiate/node.def
@@ -1,5 +1,5 @@
help: "Do not perform capability negotiation"
-commit: ($(../peer-group/) != "") || ($(../remote-as/) != ""); "remote-as or peer-group must be specified before commit"
+commit: exec "/opt/vyatta/sbin/vyatta-bgp.pl --check-as --as $(../../@) --neighbor $(../@)"
update: "if [ -n \"$(../remote-as/@)\" ]; then \
peer=\"remote-as $(../remote-as/@)\"; \
else \
diff --git a/templates/protocols/bgp/node.tag/neighbor/node.tag/ebgp-multihop/node.def b/templates/protocols/bgp/node.tag/neighbor/node.tag/ebgp-multihop/node.def
index 0d639210..eef363b5 100644
--- a/templates/protocols/bgp/node.tag/neighbor/node.tag/ebgp-multihop/node.def
+++ b/templates/protocols/bgp/node.tag/neighbor/node.tag/ebgp-multihop/node.def
@@ -1,6 +1,6 @@
type: u32
help: "Allow EBGP neighbors not on directly connected networks"
-commit: ($(../peer-group/) != "") || ($(../remote-as/) != ""); "remote-as or peer-group must be specified before commit"
+commit: exec "/opt/vyatta/sbin/vyatta-bgp.pl --check-as --as $(../../@) --neighbor $(../@)"
syntax: $(@) >=1 && $(@) <= 255; "ebgp-multihop must be between 1 and 255"
update: "if [ -n \"$(../remote-as/@)\" ]; then \
peer=\"remote-as $(../remote-as/@)\"; \
diff --git a/templates/protocols/bgp/node.tag/neighbor/node.tag/enforce-multihop/node.def b/templates/protocols/bgp/node.tag/neighbor/node.tag/enforce-multihop/node.def
index 78d7f28e..5c4fd5a2 100644
--- a/templates/protocols/bgp/node.tag/neighbor/node.tag/enforce-multihop/node.def
+++ b/templates/protocols/bgp/node.tag/neighbor/node.tag/enforce-multihop/node.def
@@ -1,5 +1,5 @@
help: "Enforce EBGP neighbors perform multihop"
-commit: ($(../peer-group/) != "") || ($(../remote-as/) != ""); "remote-as or peer-group must be specified before commit"
+commit: exec "/opt/vyatta/sbin/vyatta-bgp.pl --check-as --as $(../../@) --neighbor $(../@)"
update: "if [ -n \"$(../remote-as/@)\" ]; then \
peer=\"remote-as $(../remote-as/@)\"; \
else \
diff --git a/templates/protocols/bgp/node.tag/neighbor/node.tag/filter-list/in/node.def b/templates/protocols/bgp/node.tag/neighbor/node.tag/filter-list/in/node.def
index c2ef75b6..44618b3b 100644
--- a/templates/protocols/bgp/node.tag/neighbor/node.tag/filter-list/in/node.def
+++ b/templates/protocols/bgp/node.tag/neighbor/node.tag/filter-list/in/node.def
@@ -1,6 +1,7 @@
type: txt
help: "Filter incoming updates based on AS path"
-commit: ($(../../peer-group/) != "") || ($(../../remote-as/) != ""); "remote-as or peer-group must be specified before commit"
+commit: exec "/opt/vyatta/sbin/vyatta-bgp.pl --check-as --as $(../../../@) --neighbor $(../../@)"
+commit: $(../../peer-group/) == ""; "You can't set a filter-list for neighbor $(../../@) in peer-group $(../../peer-group/@)"
commit: exec "/opt/vyatta/sbin/vyatta_quagga_utils.pl --exists \"policy as-path-list $(@)\" ";"as-path-list $(@) doesn't exist"
update: "if [ -n \"$(../../remote-as/@)\" ]; then \
peer=\"remote-as $(../../remote-as/@)\"; \
diff --git a/templates/protocols/bgp/node.tag/neighbor/node.tag/filter-list/node.def b/templates/protocols/bgp/node.tag/neighbor/node.tag/filter-list/node.def
index 788b4f1d..648a1783 100644
--- a/templates/protocols/bgp/node.tag/neighbor/node.tag/filter-list/node.def
+++ b/templates/protocols/bgp/node.tag/neighbor/node.tag/filter-list/node.def
@@ -1,2 +1 @@
help: "Establish BGP filters"
-commit: ($(../peer-group/) != "") || ($(../remote-as/) != ""); "remote-as or peer-group must be specified before commit"
diff --git a/templates/protocols/bgp/node.tag/neighbor/node.tag/filter-list/out/node.def b/templates/protocols/bgp/node.tag/neighbor/node.tag/filter-list/out/node.def
index 7b6678f9..07945538 100644
--- a/templates/protocols/bgp/node.tag/neighbor/node.tag/filter-list/out/node.def
+++ b/templates/protocols/bgp/node.tag/neighbor/node.tag/filter-list/out/node.def
@@ -1,6 +1,7 @@
type: txt
help: "Filter outgoing updates"
-commit: ($(../../peer-group/) != "") || ($(../../remote-as/) != ""); "remote-as or peer-group must be specified before commit"
+commit: exec "/opt/vyatta/sbin/vyatta-bgp.pl --check-as --as $(../../../@) --neighbor $(../../@)"
+commit: $(../../peer-group/) == ""; "You can't set a filter-list for neighbor $(../../@) in peer-group $(../../peer-group/@)"
commit: exec "/opt/vyatta/sbin/vyatta_quagga_utils.pl --exists \"policy as-path-list $(@)\" ";"as-path-list $(@) doesn't exist"
update: "if [ -n \"$(../../remote-as/@)\" ]; then \
peer=\"remote-as $(../../remote-as/@)\"; \
diff --git a/templates/protocols/bgp/node.tag/neighbor/node.tag/interface/node.def b/templates/protocols/bgp/node.tag/neighbor/node.tag/interface/node.def
index 8e13afda..29ec3a17 100644
--- a/templates/protocols/bgp/node.tag/neighbor/node.tag/interface/node.def
+++ b/templates/protocols/bgp/node.tag/neighbor/node.tag/interface/node.def
@@ -1,6 +1,6 @@
type: txt
help: "Interface name"
-commit: ($(../peer-group/) != "") || ($(../remote-as/) != ""); "remote-as or peer-group must be specified before commit"
+commit: exec "/opt/vyatta/sbin/vyatta-bgp.pl --check-as --as $(../../@) --neighbor $(../@)"
syntax: exec " \
if [ -z \"`ip addr | grep $(@) `\" ]; then \
echo $(@) doesn\\'t exist on this system ; \
diff --git a/templates/protocols/bgp/node.tag/neighbor/node.tag/local-as/local-as/node.def b/templates/protocols/bgp/node.tag/neighbor/node.tag/local-as/local-as/node.def
index 64f46365..cdf0775f 100644
--- a/templates/protocols/bgp/node.tag/neighbor/node.tag/local-as/local-as/node.def
+++ b/templates/protocols/bgp/node.tag/neighbor/node.tag/local-as/local-as/node.def
@@ -1,5 +1,6 @@
type: u32
help: "Local AS number"
-commit: ($(../../peer-group/) != "") || ($(../../remote-as/) != ""); "remote-as or peer-group must be specified before commit"
+commit: exec "/opt/vyatta/sbin/vyatta-bgp.pl --check-as --as $(../../../@) --neighbor $(../../@)"
+commit: $(../peer-group/) == ""; "You can't set a local-as for neighbor $(../@) in peer-group $(../peer-group/@)"
syntax: $(@) >=1 && $(@) <= 65535; "local-as must be between 1 and 65535"
syntax: $(@) != $(../../../@); "Cannot have local-as same as BGP AS number"
diff --git a/templates/protocols/bgp/node.tag/neighbor/node.tag/local-as/no-prepend/node.def b/templates/protocols/bgp/node.tag/neighbor/node.tag/local-as/no-prepend/node.def
index 3d540eb0..99b52bdd 100644
--- a/templates/protocols/bgp/node.tag/neighbor/node.tag/local-as/no-prepend/node.def
+++ b/templates/protocols/bgp/node.tag/neighbor/node.tag/local-as/no-prepend/node.def
@@ -1,2 +1 @@
help: "Do not prepend local-as to updates from EBGP peers"
-commit: ($(../../peer-group/) != "") || ($(../../remote-as/) != ""); "remote-as or peer-group must be specified before commit"
diff --git a/templates/protocols/bgp/node.tag/neighbor/node.tag/local-as/node.def b/templates/protocols/bgp/node.tag/neighbor/node.tag/local-as/node.def
index 4dbc9486..7330c76e 100644
--- a/templates/protocols/bgp/node.tag/neighbor/node.tag/local-as/node.def
+++ b/templates/protocols/bgp/node.tag/neighbor/node.tag/local-as/node.def
@@ -1,5 +1,6 @@
help: "Specify a local-as number"
-commit: ($(../peer-group/) != "") || ($(../remote-as/) != ""); "remote-as or peer-group must be specified before commit"
+commit: exec "/opt/vyatta/sbin/vyatta-bgp.pl --check-as --as $(../../@) --neighbor $(../@)"
+commit: $(../peer-group/) == ""; "You can't set a local-as for neighbor $(../../@) in peer-group $(../../peer-group/@)"
delete: "touch /tmp/bgp-neighbor-$(../@)-local-as.\\$PPID"
end: "/usr/bin/vtysh -c \"configure terminal\" -c \"router bgp $(../../@)\" \
-c \"no neighbor $(../@) local-as \"; \
diff --git a/templates/protocols/bgp/node.tag/neighbor/node.tag/maximum-prefix/node.def b/templates/protocols/bgp/node.tag/neighbor/node.tag/maximum-prefix/node.def
index 438b562c..a412da4e 100644
--- a/templates/protocols/bgp/node.tag/neighbor/node.tag/maximum-prefix/node.def
+++ b/templates/protocols/bgp/node.tag/neighbor/node.tag/maximum-prefix/node.def
@@ -1,6 +1,6 @@
type: u32
help: "Maximum number of prefixes to accept from this neighbor"
-commit: ($(../peer-group/) != "") || ($(../remote-as/) != ""); "remote-as or peer-group must be specified before commit"
+commit: exec "/opt/vyatta/sbin/vyatta-bgp.pl --check-as --as $(../../@) --neighbor $(../@)"
update: "if [ -n \"$(../remote-as/@)\" ]; then \
peer=\"remote-as $(../remote-as/@)\"; \
else \
diff --git a/templates/protocols/bgp/node.tag/neighbor/node.tag/nexthop-self/node.def b/templates/protocols/bgp/node.tag/neighbor/node.tag/nexthop-self/node.def
index ae986b8e..9e1aa94a 100644
--- a/templates/protocols/bgp/node.tag/neighbor/node.tag/nexthop-self/node.def
+++ b/templates/protocols/bgp/node.tag/neighbor/node.tag/nexthop-self/node.def
@@ -1,5 +1,6 @@
help: "Disable the next hop calculation for this neighbor"
-commit: ($(../peer-group/) != "") || ($(../remote-as/) != ""); "remote-as or peer-group must be specified before commit"
+commit: exec "/opt/vyatta/sbin/vyatta-bgp.pl --check-as --as $(../../@) --neighbor $(../@)"
+commit: $(../peer-group/) == ""; "You can't set next-hop-self for neighbor $(../@) in peer-group $(../peer-group/@)"
update: "if [ -n \"$(../remote-as/@)\" ]; then \
peer=\"remote-as $(../remote-as/@)\"; \
else \
diff --git a/templates/protocols/bgp/node.tag/neighbor/node.tag/no-activate/node.def b/templates/protocols/bgp/node.tag/neighbor/node.tag/no-activate/node.def
index 6525b28d..6f203b5a 100644
--- a/templates/protocols/bgp/node.tag/neighbor/node.tag/no-activate/node.def
+++ b/templates/protocols/bgp/node.tag/neighbor/node.tag/no-activate/node.def
@@ -1,5 +1,5 @@
help: "Disable the Address Family for this Neighbor"
-commit: ($(../peer-group/) != "") || ($(../remote-as/) != ""); "remote-as or peer-group must be specified before commit"
+commit: exec "/opt/vyatta/sbin/vyatta-bgp.pl --check-as --as $(../../@) --neighbor $(../@)"
update: "if [ -n \"$(../remote-as/@)\" ]; then \
peer=\"remote-as $(../remote-as/@)\"; \
else \
diff --git a/templates/protocols/bgp/node.tag/neighbor/node.tag/no-send-community/extended/node.def b/templates/protocols/bgp/node.tag/neighbor/node.tag/no-send-community/extended/node.def
index bf3ca2a5..98c1b64a 100644
--- a/templates/protocols/bgp/node.tag/neighbor/node.tag/no-send-community/extended/node.def
+++ b/templates/protocols/bgp/node.tag/neighbor/node.tag/no-send-community/extended/node.def
@@ -1,5 +1,6 @@
help: "Do not send extended community attributes"
-commit: ($(../../peer-group/) != "") || ($(../../remote-as/) != ""); "remote-as or peer-group must be specified before commit"
+commit: exec "/opt/vyatta/sbin/vyatta-bgp.pl --check-as --as $(../../../@) --neighbor $(../../@)"
+commit: $(../../peer-group/) == ""; "You can't set no-send-community for neighbor $(../../@) in peer-group $(../../peer-group/@)"
update: "if [ -n \"$(../../remote-as/@)\" ]; then \
peer=\"remote-as $(../../remote-as/@)\"; \
else \
diff --git a/templates/protocols/bgp/node.tag/neighbor/node.tag/no-send-community/node.def b/templates/protocols/bgp/node.tag/neighbor/node.tag/no-send-community/node.def
index 5dc502b5..6251cb84 100644
--- a/templates/protocols/bgp/node.tag/neighbor/node.tag/no-send-community/node.def
+++ b/templates/protocols/bgp/node.tag/neighbor/node.tag/no-send-community/node.def
@@ -1,3 +1,2 @@
help: "Do not send community attributes to this neighbor"
-commit: ($(../peer-group/) != "") || ($(../remote-as/) != ""); "remote-as or peer-group must be specified before commit"
commit: ($(./extended/) != "") || ($(./standard/) != ""); "You must specify the type of community."
diff --git a/templates/protocols/bgp/node.tag/neighbor/node.tag/no-send-community/standard/node.def b/templates/protocols/bgp/node.tag/neighbor/node.tag/no-send-community/standard/node.def
index 5422c97c..60787ebb 100644
--- a/templates/protocols/bgp/node.tag/neighbor/node.tag/no-send-community/standard/node.def
+++ b/templates/protocols/bgp/node.tag/neighbor/node.tag/no-send-community/standard/node.def
@@ -1,5 +1,5 @@
help: "Do not send standard community attributes"
-commit: ($(../../peer-group/) != "") || ($(../../remote-as/) != ""); "remote-as or peer-group must be specified before commit"
+commit: exec "/opt/vyatta/sbin/vyatta-bgp.pl --check-as --as $(../../../@) --neighbor $(../../@)"
update: "if [ -n \"$(../../remote-as/@)\" ]; then \
peer=\"remote-as $(../../remote-as/@)\"; \
else \
diff --git a/templates/protocols/bgp/node.tag/neighbor/node.tag/override-capability/node.def b/templates/protocols/bgp/node.tag/neighbor/node.tag/override-capability/node.def
index e7ad91c2..34615d31 100644
--- a/templates/protocols/bgp/node.tag/neighbor/node.tag/override-capability/node.def
+++ b/templates/protocols/bgp/node.tag/neighbor/node.tag/override-capability/node.def
@@ -1,5 +1,6 @@
help: "Override capability negotiation result"
-commit: ($(../peer-group/) != "") || ($(../remote-as/) != ""); "remote-as or peer-group must be specified before commit"
+commit: exec "/opt/vyatta/sbin/vyatta-bgp.pl --check-as --as $(../../@) --neighbor $(../@)"
+commit: $(../strict-capability/) == ""; "You can't set strict-capability and override-capability for neighbor $(../@)"
update: "if [ -n \"$(../remote-as/@)\" ]; then \
peer=\"remote-as $(../remote-as/@)\"; \
else \
diff --git a/templates/protocols/bgp/node.tag/neighbor/node.tag/passive/node.def b/templates/protocols/bgp/node.tag/neighbor/node.tag/passive/node.def
index e9019f61..33a13007 100644
--- a/templates/protocols/bgp/node.tag/neighbor/node.tag/passive/node.def
+++ b/templates/protocols/bgp/node.tag/neighbor/node.tag/passive/node.def
@@ -1,5 +1,5 @@
help: "Don't send open messages to this neighbor"
-commit: ($(../peer-group/) != "") || ($(../remote-as/) != ""); "remote-as or peer-group must be specified before commit"
+commit: exec "/opt/vyatta/sbin/vyatta-bgp.pl --check-as --as $(../../@) --neighbor $(../@)"
update: "if [ -n \"$(../remote-as/@)\" ]; then \
peer=\"remote-as $(../remote-as/@)\"; \
else \
diff --git a/templates/protocols/bgp/node.tag/neighbor/node.tag/password/node.def b/templates/protocols/bgp/node.tag/neighbor/node.tag/password/node.def
index 7ac547a5..a5a6931c 100644
--- a/templates/protocols/bgp/node.tag/neighbor/node.tag/password/node.def
+++ b/templates/protocols/bgp/node.tag/neighbor/node.tag/password/node.def
@@ -1,6 +1,6 @@
type: txt
help: "Specify BGP neighbor password"
-commit: ($(../peer-group/) != "") || ($(../remote-as/) != ""); "remote-as or peer-group must be specified before commit"
+commit: exec "/opt/vyatta/sbin/vyatta-bgp.pl --check-as --as $(../../@) --neighbor $(../@)"
update: "if [ -n \"$(../remote-as/@)\" ]; then \
peer=\"remote-as $(../remote-as/@)\"; \
else \
diff --git a/templates/protocols/bgp/node.tag/neighbor/node.tag/peer-group/node.def b/templates/protocols/bgp/node.tag/neighbor/node.tag/peer-group/node.def
index 24162911..fab209fe 100644
--- a/templates/protocols/bgp/node.tag/neighbor/node.tag/peer-group/node.def
+++ b/templates/protocols/bgp/node.tag/neighbor/node.tag/peer-group/node.def
@@ -1,17 +1,11 @@
type: txt
help: "Member of the peer-group"
-syntax: $(../remote-as/) == ""; "remote-as must not be defined if putting this neighbor in a peer group"
syntax: exec "if [ -n \"`echo $(../@) | sed 's/[0-9]\\{1,3\\}.[0-9]\\{1,3\\}.[0-9]\\{1,3\\}.[0-9]\\{1,3\\}//'`\" ]; then \
exit 1; \
fi; "; "peer-group token may not be specified for a peer-group"
+commit: exec "/opt/vyatta/sbin/vyatta-bgp.pl --check-as --peergroup=$(@) --as $(../../@) --neighbor $(../@)"
commit: exec "/opt/vyatta/sbin/vyatta_quagga_utils.pl --exists \"protocols bgp $(../../@) neighbor $(@)\" "; "peer-group $(@) doesn't exist"
-update: "if [ -n \"$(../remote-as/@)\" ]; then \
- peer=\"remote-as $(../remote-as/@)\"; \
- else \
- peer=\"peer-group $(../peer-group/@)\"; \
- fi; \
- /usr/bin/vtysh -c \"configure terminal\" -c \"router bgp $(../../@)\" \
- -c \"neighbor $(../@) \\$peer\" \
+update: "/usr/bin/vtysh -c \"configure terminal\" -c \"router bgp $(../../@)\" \
-c \"neighbor $(../@) peer-group $(@)\" "
delete: "/usr/bin/vtysh -c \"configure terminal\" -c \"router bgp $(../../@)\" \
-c \"no neighbor $(../@) peer-group $(@)\" "
diff --git a/templates/protocols/bgp/node.tag/neighbor/node.tag/port/node.def b/templates/protocols/bgp/node.tag/neighbor/node.tag/port/node.def
index 34c62264..5ea945f6 100644
--- a/templates/protocols/bgp/node.tag/neighbor/node.tag/port/node.def
+++ b/templates/protocols/bgp/node.tag/neighbor/node.tag/port/node.def
@@ -1,7 +1,7 @@
type: u32
help: "Neighbor's BGP port"
syntax: $(@) >= 1 && $(@) <= 65535; "remote-as must be between 1 and 65535"
-commit: ($(../peer-group/) != "") || ($(../remote-as/) != ""); "remote-as or peer-group must be specified before commit"
+commit: exec "/opt/vyatta/sbin/vyatta-bgp.pl --check-as --as $(../../@) --neighbor $(../@)"
update: "if [ -n \"$(../remote-as/@)\" ]; then \
peer=\"remote-as $(../remote-as/@)\"; \
else \
diff --git a/templates/protocols/bgp/node.tag/neighbor/node.tag/prefix-list/in/node.def b/templates/protocols/bgp/node.tag/neighbor/node.tag/prefix-list/in/node.def
index 508df816..1d320e55 100644
--- a/templates/protocols/bgp/node.tag/neighbor/node.tag/prefix-list/in/node.def
+++ b/templates/protocols/bgp/node.tag/neighbor/node.tag/prefix-list/in/node.def
@@ -1,6 +1,7 @@
type: txt
help: "Filter incoming updates"
-commit: ($(../../peer-group/) != "") || ($(../../remote-as/) != ""); "remote-as or peer-group must be specified first"
+commit: exec "/opt/vyatta/sbin/vyatta-bgp.pl --check-as --as $(../../../@) --neighbor $(../../@)"
+commit: $(../../peer-group/) == ""; "You can't set a prefix-list for neighbor $(../../@) in peer-group $(../../peer-group/@)"
commit: exec "/opt/vyatta/sbin/vyatta_quagga_utils.pl --exists \"policy prefix-list $(@)\" ";"prefix-list $(@) doesn't exist"
update: "if [ -n \"$(../../remote-as/@)\" ]; then \
peer=\"remote-as $(../../remote-as/@)\"; \
diff --git a/templates/protocols/bgp/node.tag/neighbor/node.tag/prefix-list/node.def b/templates/protocols/bgp/node.tag/neighbor/node.tag/prefix-list/node.def
index 2ecfea03..8e96b2b5 100644
--- a/templates/protocols/bgp/node.tag/neighbor/node.tag/prefix-list/node.def
+++ b/templates/protocols/bgp/node.tag/neighbor/node.tag/prefix-list/node.def
@@ -1,2 +1 @@
help: "Filter updates to/from this neighbor"
-commit: ($(../peer-group/) != "") || ($(../remote-as/) != ""); "remote-as or peer-group must be specified before commit"
diff --git a/templates/protocols/bgp/node.tag/neighbor/node.tag/prefix-list/out/node.def b/templates/protocols/bgp/node.tag/neighbor/node.tag/prefix-list/out/node.def
index c3a0ba71..c2277ea9 100644
--- a/templates/protocols/bgp/node.tag/neighbor/node.tag/prefix-list/out/node.def
+++ b/templates/protocols/bgp/node.tag/neighbor/node.tag/prefix-list/out/node.def
@@ -1,6 +1,7 @@
type: txt
help: "Filter outgoing updates"
-commit: ($(../../peer-group/) != "") || ($(../../remote-as/) != ""); "remote-as or peer-group must be specified first"
+commit: exec "/opt/vyatta/sbin/vyatta-bgp.pl --check-as --as $(../../../@) --neighbor $(../../@)"
+commit: $(../../peer-group/) == ""; "You can't set a prefix-list for neighbor $(../../@) in peer-group $(../../peer-group/@)"
commit: exec "/opt/vyatta/sbin/vyatta_quagga_utils.pl --exists \"policy prefix-list $(@)\" ";"prefix-list $(@) doesn't exist"
update: "if [ -n \"$(../../remote-as/@)\" ]; then \
peer=\"remote-as $(../../remote-as/@)\"; \
diff --git a/templates/protocols/bgp/node.tag/neighbor/node.tag/remove-private-as/node.def b/templates/protocols/bgp/node.tag/neighbor/node.tag/remove-private-as/node.def
index db27b183..0189f477 100644
--- a/templates/protocols/bgp/node.tag/neighbor/node.tag/remove-private-as/node.def
+++ b/templates/protocols/bgp/node.tag/neighbor/node.tag/remove-private-as/node.def
@@ -1,5 +1,6 @@
help: "Remove private AS number from outbound updates"
-commit: ($(../peer-group/) != "") || ($(../remote-as/) != ""); "remote-as or peer-group must be specified before commit"
+commit: exec "/opt/vyatta/sbin/vyatta-bgp.pl --check-as --as $(../../@) --neighbor $(../@)"
+commit: $(../peer-group/) == ""; "You can't set a remove-private-as for neighbor $(../@) in peer-group $(../peer-group/@)"
update: "if [ -n \"$(../remote-as/@)\" ]; then \
peer=\"remote-as $(../remote-as/@)\"; \
else \
diff --git a/templates/protocols/bgp/node.tag/neighbor/node.tag/route-map/export/node.def b/templates/protocols/bgp/node.tag/neighbor/node.tag/route-map/export/node.def
index d904726e..913dc1cf 100644
--- a/templates/protocols/bgp/node.tag/neighbor/node.tag/route-map/export/node.def
+++ b/templates/protocols/bgp/node.tag/neighbor/node.tag/route-map/export/node.def
@@ -1,6 +1,7 @@
type: txt
help: "Route-map to apply to incoming updates"
-commit: ($(../../peer-group/) != "") || ($(../../remote-as/) != ""); "remote-as or peer-group must be specified before commit"
+commit: exec "/opt/vyatta/sbin/vyatta-bgp.pl --check-as --as $(../../../@) --neighbor $(../../@)"
+commit: $(../../peer-group/) == ""; "You can't set a route-map for neighbor $(../../@) in peer-group $(../../peer-group/@)"
commit: exec "/opt/vyatta/sbin/vyatta_quagga_utils.pl --exists \"policy route-map $(@)\" ";"route-map $(@) doesn't exist"
update: "if [ -n \"$(../../remote-as/@)\" ]; then \
peer=\"remote-as $(../../remote-as/@)\"; \
diff --git a/templates/protocols/bgp/node.tag/neighbor/node.tag/route-map/import/node.def b/templates/protocols/bgp/node.tag/neighbor/node.tag/route-map/import/node.def
index d904726e..913dc1cf 100644
--- a/templates/protocols/bgp/node.tag/neighbor/node.tag/route-map/import/node.def
+++ b/templates/protocols/bgp/node.tag/neighbor/node.tag/route-map/import/node.def
@@ -1,6 +1,7 @@
type: txt
help: "Route-map to apply to incoming updates"
-commit: ($(../../peer-group/) != "") || ($(../../remote-as/) != ""); "remote-as or peer-group must be specified before commit"
+commit: exec "/opt/vyatta/sbin/vyatta-bgp.pl --check-as --as $(../../../@) --neighbor $(../../@)"
+commit: $(../../peer-group/) == ""; "You can't set a route-map for neighbor $(../../@) in peer-group $(../../peer-group/@)"
commit: exec "/opt/vyatta/sbin/vyatta_quagga_utils.pl --exists \"policy route-map $(@)\" ";"route-map $(@) doesn't exist"
update: "if [ -n \"$(../../remote-as/@)\" ]; then \
peer=\"remote-as $(../../remote-as/@)\"; \
diff --git a/templates/protocols/bgp/node.tag/neighbor/node.tag/route-map/node.def b/templates/protocols/bgp/node.tag/neighbor/node.tag/route-map/node.def
index dc87e574..db8271a6 100644
--- a/templates/protocols/bgp/node.tag/neighbor/node.tag/route-map/node.def
+++ b/templates/protocols/bgp/node.tag/neighbor/node.tag/route-map/node.def
@@ -1,2 +1 @@
help: "Route-map to apply on updates to/from this neighbor"
-commit: ($(../peer-group/) != "") || ($(../remote-as/) != ""); "remote-as or peer-group must be specified before commit"
diff --git a/templates/protocols/bgp/node.tag/neighbor/node.tag/route-reflector-client/node.def b/templates/protocols/bgp/node.tag/neighbor/node.tag/route-reflector-client/node.def
index 3e5d92fc..22a8c4ce 100644
--- a/templates/protocols/bgp/node.tag/neighbor/node.tag/route-reflector-client/node.def
+++ b/templates/protocols/bgp/node.tag/neighbor/node.tag/route-reflector-client/node.def
@@ -1,5 +1,6 @@
help: "Configure a neighbor as Route Reflector client"
-commit: ($(../peer-group/) != "") || ($(../remote-as/) != ""); "remote-as or peer-group must be specified before commit"
+commit: exec "/opt/vyatta/sbin/vyatta-bgp.pl --check-as --as $(../../@) --neighbor $(../@)"
+commit: $(../peer-group/) == ""; "You can't set route-reflector-client for neighbor $(../@) in peer-group $(../peer-group/@)"
commit: $(../../@) == $(../remote-as/@); "remote-as must equal local-as to be a route-reflector client"
update: "if [ -n \"$(../remote-as/@)\" ]; then \
peer=\"remote-as $(../remote-as/@)\"; \
diff --git a/templates/protocols/bgp/node.tag/neighbor/node.tag/route-server-client/node.def b/templates/protocols/bgp/node.tag/neighbor/node.tag/route-server-client/node.def
index cf759e9f..3770f479 100644
--- a/templates/protocols/bgp/node.tag/neighbor/node.tag/route-server-client/node.def
+++ b/templates/protocols/bgp/node.tag/neighbor/node.tag/route-server-client/node.def
@@ -1,5 +1,6 @@
help: "Configure a neighbor as Route Server client"
-commit: ($(../peer-group/) != "") || ($(../remote-as/) != ""); "remote-as or peer-group must be specified before commit"
+commit: exec "/opt/vyatta/sbin/vyatta-bgp.pl --check-as --as $(../../@) --neighbor $(../@)"
+commit: $(../peer-group/) == ""; "You can't set route-server-client for neighbor $(../@) in peer-group $(../peer-group/@)"
update: "if [ -n \"$(../remote-as/@)\" ]; then \
peer=\"remote-as $(../remote-as/@)\"; \
else \
diff --git a/templates/protocols/bgp/node.tag/neighbor/node.tag/shutdown/node.def b/templates/protocols/bgp/node.tag/neighbor/node.tag/shutdown/node.def
index 173c44a3..12665c17 100644
--- a/templates/protocols/bgp/node.tag/neighbor/node.tag/shutdown/node.def
+++ b/templates/protocols/bgp/node.tag/neighbor/node.tag/shutdown/node.def
@@ -1,5 +1,5 @@
help: "Administratively shut down this neighbor"
-commit: ($(../peer-group/) != "") || ($(../remote-as/) != ""); "remote-as or peer-group must be specified before commit"
+commit: exec "/opt/vyatta/sbin/vyatta-bgp.pl --check-as --as $(../../@) --neighbor $(../@)"
update: "if [ -n \"$(../remote-as/@)\" ]; then \
peer=\"remote-as $(../remote-as/@)\"; \
else \
diff --git a/templates/protocols/bgp/node.tag/neighbor/node.tag/soft-reconfiguration/inbound/node.def b/templates/protocols/bgp/node.tag/neighbor/node.tag/soft-reconfiguration/inbound/node.def
index 3e56b2f3..b4c0da6b 100644
--- a/templates/protocols/bgp/node.tag/neighbor/node.tag/soft-reconfiguration/inbound/node.def
+++ b/templates/protocols/bgp/node.tag/neighbor/node.tag/soft-reconfiguration/inbound/node.def
@@ -1,5 +1,5 @@
help: "Allow inbound soft reconfiguration for this neighbor"
-commit: ($(../../peer-group/) != "") || ($(../../remote-as/) != ""); "remote-as or peer-group must be specified before commit"
+commit: exec "/opt/vyatta/sbin/vyatta-bgp.pl --check-as --as $(../../@) --neighbor $(../@)"
update: "if [ -n \"$(../../remote-as/@)\" ]; then \
peer=\"remote-as $(../../remote-as/@)\"; \
else \
diff --git a/templates/protocols/bgp/node.tag/neighbor/node.tag/soft-reconfiguration/node.def b/templates/protocols/bgp/node.tag/neighbor/node.tag/soft-reconfiguration/node.def
index facd4713..e2400e17 100644
--- a/templates/protocols/bgp/node.tag/neighbor/node.tag/soft-reconfiguration/node.def
+++ b/templates/protocols/bgp/node.tag/neighbor/node.tag/soft-reconfiguration/node.def
@@ -1,3 +1,2 @@
help: "Per neighbor soft reconfiguration"
-commit: ($(../peer-group/) != "") || ($(../remote-as/) != ""); "remote-as or peer-group must be specified before commit"
commit: $(./inbound/@) != ""; "You must specify the type of soft-reconfiguration"
diff --git a/templates/protocols/bgp/node.tag/neighbor/node.tag/strict-capability-match/node.def b/templates/protocols/bgp/node.tag/neighbor/node.tag/strict-capability-match/node.def
index 3bf24ba5..cdacff33 100644
--- a/templates/protocols/bgp/node.tag/neighbor/node.tag/strict-capability-match/node.def
+++ b/templates/protocols/bgp/node.tag/neighbor/node.tag/strict-capability-match/node.def
@@ -1,5 +1,6 @@
help: "Strict capability negotiation match"
-commit: ($(../peer-group/) != "") || ($(../remote-as/) != ""); "remote-as or peer-group must be specified before commit"
+commit: exec "/opt/vyatta/sbin/vyatta-bgp.pl --check-as --as $(../../@) --neighbor $(../@)"
+commit: $(../override-capability/) == ""; "You can't set strict-capability and override-capability for neighbor $(../@)"
update: "if [ -n \"$(../remote-as/@)\" ]; then \
peer=\"remote-as $(../remote-as/@)\"; \
else \
diff --git a/templates/protocols/bgp/node.tag/neighbor/node.tag/timers/connect/node.def b/templates/protocols/bgp/node.tag/neighbor/node.tag/timers/connect/node.def
index a5df6f79..badde464 100644
--- a/templates/protocols/bgp/node.tag/neighbor/node.tag/timers/connect/node.def
+++ b/templates/protocols/bgp/node.tag/neighbor/node.tag/timers/connect/node.def
@@ -1,4 +1,3 @@
type: u32
help: "BGP connect timer"
syntax: $(@) >=0 && $(@) <= 65535; "BGP connect timer must be between 0 and 65535"
-commit: ($(../../peer-group/) != "") || ($(../../remote-as/) != ""); "remote-as or peer-group must be specified before commit"
diff --git a/templates/protocols/bgp/node.tag/neighbor/node.tag/timers/holdtime/node.def b/templates/protocols/bgp/node.tag/neighbor/node.tag/timers/holdtime/node.def
index bc689e27..b7da119e 100644
--- a/templates/protocols/bgp/node.tag/neighbor/node.tag/timers/holdtime/node.def
+++ b/templates/protocols/bgp/node.tag/neighbor/node.tag/timers/holdtime/node.def
@@ -1,4 +1,3 @@
type: u32
help: "Holdtime interval"
syntax: $(@) == 0 || ($(@) >= 4 && $(@) <= 65535); "Holdtime interval must be 0 or between 4 and 65535"
-commit: ($(../../peer-group/) != "") || ($(../../remote-as/) != ""); "remote-as or peer-group must be specified before commit"
diff --git a/templates/protocols/bgp/node.tag/neighbor/node.tag/timers/keepalive/node.def b/templates/protocols/bgp/node.tag/neighbor/node.tag/timers/keepalive/node.def
index 4f3d0087..59067fdc 100644
--- a/templates/protocols/bgp/node.tag/neighbor/node.tag/timers/keepalive/node.def
+++ b/templates/protocols/bgp/node.tag/neighbor/node.tag/timers/keepalive/node.def
@@ -1,4 +1,3 @@
type: u32
help: "Keepalive interval"
syntax: $(@) >= 1 && $(@) <= 65535; "Keepalive interval must be between 1 and 65535"
-commit: ($(../../peer-group/) != "") || ($(../../remote-as/) != ""); "remote-as or peer-group must be specified before commit"
diff --git a/templates/protocols/bgp/node.tag/neighbor/node.tag/timers/node.def b/templates/protocols/bgp/node.tag/neighbor/node.tag/timers/node.def
index 15521ae7..63ac6219 100644
--- a/templates/protocols/bgp/node.tag/neighbor/node.tag/timers/node.def
+++ b/templates/protocols/bgp/node.tag/neighbor/node.tag/timers/node.def
@@ -1,5 +1,6 @@
help: "BGP per neighbor timers"
-commit: ($(../peer-group/) != "") || ($(../remote-as/) != ""); "remote-as or peer-group must be specified before commit"
+commit: exec "/opt/vyatta/sbin/vyatta-bgp.pl --check-as --as $(../../@) --neighbor $(../@)"
+commit: $(../peer-group/) == ""; "You can't set timers for neighbor $(../@) in peer-group $(../peer-group/@)"
delete: "touch /tmp/bgp-neighbor-$(../@)-timers.\\$PPID"
end: "/usr/bin/vtysh -c \"configure terminal\" -c \"router bgp $(../../@)\" \
-c \"no neighbor $(../@) timers \"; \
diff --git a/templates/protocols/bgp/node.tag/neighbor/node.tag/unsuppress-map/node.def b/templates/protocols/bgp/node.tag/neighbor/node.tag/unsuppress-map/node.def
index a23afb3c..7ab36809 100644
--- a/templates/protocols/bgp/node.tag/neighbor/node.tag/unsuppress-map/node.def
+++ b/templates/protocols/bgp/node.tag/neighbor/node.tag/unsuppress-map/node.def
@@ -1,6 +1,7 @@
type: txt
help: "Route-map to selectively unsuppress suppressed routes"
-commit: ($(../peer-group/) != "") || ($(../remote-as/) != ""); "remote-as or peer-group must be specified before commit"
+commit: exec "/opt/vyatta/sbin/vyatta-bgp.pl --check-as --as $(../../@) --neighbor $(../@)"
+commit: $(../peer-group/) == ""; "You can't set an unsuppress-map for neighbor $(../@) in peer-group $(../peer-group/@)"
commit: exec "/opt/vyatta/sbin/vyatta_quagga_utils.pl --exists \"policy route-map $(@)\" ";"route-map $(@) doesn't exist"
update: "if [ -n \"$(../remote-as/@)\" ]; then \
peer=\"remote-as $(../remote-as/@)\"; \
diff --git a/templates/protocols/bgp/node.tag/neighbor/node.tag/update-source/node.def b/templates/protocols/bgp/node.tag/neighbor/node.tag/update-source/node.def
index bd01a2fd..95f565f1 100644
--- a/templates/protocols/bgp/node.tag/neighbor/node.tag/update-source/node.def
+++ b/templates/protocols/bgp/node.tag/neighbor/node.tag/update-source/node.def
@@ -5,7 +5,7 @@ syntax: exec " \
echo $(@) doesn\\'t exist on this system ; \
exit 1 ; \
fi ; "
-commit: ($(../peer-group/) != "") || ($(../remote-as/) != ""); "remote-as or peer-group must be specified before commit"
+commit: exec "/opt/vyatta/sbin/vyatta-bgp.pl --check-as --as $(../../@) --neighbor $(../@)"
update: "if [ -n \"$(../remote-as/@)\" ]; then \
peer=\"remote-as $(../remote-as/@)\"; \
else \
diff --git a/templates/protocols/bgp/node.tag/neighbor/node.tag/weight/node.def b/templates/protocols/bgp/node.tag/neighbor/node.tag/weight/node.def
index a368bad5..980e6cfc 100644
--- a/templates/protocols/bgp/node.tag/neighbor/node.tag/weight/node.def
+++ b/templates/protocols/bgp/node.tag/neighbor/node.tag/weight/node.def
@@ -1,7 +1,7 @@
type: u32
help: "Set default weight for routes from this neighbor"
syntax: $(@) >= 1 && $(@) <= 65535; "weight must be between 1 and 65535"
-commit: ($(../peer-group/) != "") || ($(../remote-as/) != ""); "remote-as or peer-group must be specified before commit"
+commit: exec "/opt/vyatta/sbin/vyatta-bgp.pl --check-as --as $(../../@) --neighbor $(../@)"
update: "if [ -n \"$(../remote-as/@)\" ]; then \
peer=\"remote-as $(../remote-as/@)\"; \
else \