diff options
| -rwxr-xr-x | scripts/bgp/vyatta-bgp.pl | 18 | ||||
| -rw-r--r-- | templates/protocols/bgp/node.tag/neighbor/node.tag/ttl-security/hops/node.def | 6 |
2 files changed, 23 insertions, 1 deletions
diff --git a/scripts/bgp/vyatta-bgp.pl b/scripts/bgp/vyatta-bgp.pl index 1743e3e4..bdb31f56 100755 --- a/scripts/bgp/vyatta-bgp.pl +++ b/scripts/bgp/vyatta-bgp.pl @@ -129,6 +129,8 @@ my %qcom = ( "protocols bgp var neighbor var distribute-list export" => "router bgp #3 ; neighbor #5 distribute-list #8 out", "protocols bgp var neighbor var distribute-list import" => "router bgp #3 ; neighbor #5 distribute-list #8 in", "protocols bgp var neighbor var ebgp-multihop" => "router bgp #3 ; neighbor #5 ebgp-multihop #7", + "protocols bgp var neighbor var ttl-security" => undef, + "protocols bgp var neighbor var ttl-security hops" => "router bgp #3 ; neighbor #5 ttl-security hops #8", "protocols bgp var neighbor var filter-list" => undef, "protocols bgp var neighbor var filter-list export" => "router bgp #3 ; neighbor #5 filter-list #8 out", "protocols bgp var neighbor var filter-list import" => "router bgp #3 ; neighbor #5 filter-list #8 in", @@ -387,6 +389,8 @@ my %qcomdel = ( "protocols bgp var neighbor var distribute-list export" => "router bgp #3 ; no neighbor #5 distribute-list #8 out", "protocols bgp var neighbor var distribute-list import" => "router bgp #3 ; no neighbor #5 distribute-list #8 in", "protocols bgp var neighbor var ebgp-multihop" => "router bgp #3 ; no neighbor #5 ebgp-multihop", + "protocols bgp var neighbor var ttl-security" => undef, + "protocols bgp var neighbor var ttl-security hops" => "router bgp #3 ; no neighbor #5 ttl-security hops", "protocols bgp var neighbor var filter-list" => undef, "protocols bgp var neighbor var filter-list export" => "router bgp #3 ; no neighbor #5 filter-list #8 out", "protocols bgp var neighbor var filter-list import" => "router bgp #3 ; no neighbor #5 filter-list #8 in", @@ -649,7 +653,14 @@ sub check_neighbor_as { my $config = new Vyatta::Config; $config->setLevel("protocols bgp $as neighbor $neighbor"); my $remoteas = $config->returnValue("remote-as"); - return if defined $remoteas; + my $ttlsecurity = $config->returnValue("ttl-security hops"); + + if ($remoteas) { + my $ebgp = $config->returnValue("ebgp-multihops"); + die "protocols bgp $as neighbor $neighbor: cannot configure both ttl-security hops and ebgp-multihop\n" + if (defined($ttlsecurity) && defined($ebgp)); + return; + } my $peergroup = $config->returnValue("peer-group"); die "protocols bgp $as neighbor $neighbor: must define a remote-as or peer-group\n" @@ -658,6 +669,11 @@ sub check_neighbor_as { my $peergroupas = $config->returnValue(" .. .. peer-group $peergroup remote-as"); die "protocols bgp $as neighbor $neighbor: must define a remote-as in neighbor or peer-group $peergroup\n" unless $peergroupas; + + my $peerebgp = $config->returnValue(".. .. peer-group $peergroup ebgp-multihop"); + + die "protocols bgp $as neighbor $neighbor: cannot configure both ttl-security hops and ebgp-multihop (peer $peergroup)\n" + if (defined($ttlsecurity) && defined($peerebgp)) } # make sure peer-group has a remote-as diff --git a/templates/protocols/bgp/node.tag/neighbor/node.tag/ttl-security/hops/node.def b/templates/protocols/bgp/node.tag/neighbor/node.tag/ttl-security/hops/node.def new file mode 100644 index 00000000..468ebbb1 --- /dev/null +++ b/templates/protocols/bgp/node.tag/neighbor/node.tag/ttl-security/hops/node.def @@ -0,0 +1,6 @@ +type: u32 +help: Set number of the maximum number of hops to the BGP peer +comp_help: possible completions: + <1-254> number of hops +commit:expression: exec "/opt/vyatta/sbin/vyatta-bgp.pl --check-as --as $VAR(../../../@) --neighbor $VAR(../../@)" +syntax:expression: $VAR(@) >=1 && $VAR(@) <= 254; "ttl-security hops must be between 1 and 254" |