diff options
9 files changed, 133 insertions, 30 deletions
diff --git a/scripts/bgp/vyatta-bgp.pl b/scripts/bgp/vyatta-bgp.pl index d572c0ba..2a3ca514 100755 --- a/scripts/bgp/vyatta-bgp.pl +++ b/scripts/bgp/vyatta-bgp.pl @@ -204,6 +204,7 @@ my %qcom = ( 'protocols bgp var neighbor var' => { set => undef, del => 'router bgp #3 ; no neighbor #5', + noerr => 'del', }, 'protocols bgp var neighbor var address-family' => { set => undef, @@ -499,8 +500,28 @@ my %qcom = ( del => 'router bgp #3 ; no neighbor #5 remote-as #7', }, 'protocols bgp var neighbor var interface' => { - set => 'router bgp #3 ; neighbor #5 interface #7', - del => 'router bgp #3 ; no neighbor #5 interface #7', + set => undef, + del => undef, + }, + 'protocols bgp var neighbor var interface peer-group' => { + set => 'router bgp #3 ; neighbor #5 interface peer-group #8', + del => 'router bgp #3 ; no neighbor #5 interface peer-group #8', + }, + 'protocols bgp var neighbor var interface remote-as' => { + set => 'router bgp #3 ; neighbor #5 interface remote-as #8', + del => 'router bgp #3 ; no neighbor #5 interface remote-as #8', + }, + 'protocols bgp var neighbor var interface v6only' => { + set => undef, + del => undef, + }, + 'protocols bgp var neighbor var interface v6only peer-group' => { + set => 'router bgp #3 ; neighbor #5 interface v6only peer-group #9', + del => 'router bgp #3 ; no neighbor #5 interface v6only peer-group #9', + }, + 'protocols bgp var neighbor var interface v6only remote-as' => { + set => 'router bgp #3 ; neighbor #5 interface v6only remote-as #9', + del => 'router bgp #3 ; no neighbor #5 interface v6only remote-as #9', }, 'protocols bgp var neighbor var disable-capability-negotiation' => { set => 'router bgp #3 ; neighbor #5 dont-capability-negotiate', @@ -1126,7 +1147,7 @@ if ( ! -e "/usr/sbin/zebra" ) { } my ( $pg, $as, $neighbor ); -my ( $main, $peername, $isneighbor, $checkpeergroups, $checkpeergroups6, $checksource, +my ( $main, $peername, $isneighbor, $checkpeergroups, $checkpeergroups6, $checksource, $isiBGPpeer, $wasiBGPpeer, $confedibgpasn, $listpeergroups, $checkremoteas); GetOptions( @@ -1174,6 +1195,10 @@ sub list_peer_groups { sub check_neighbor_ip { my $neighbor = shift; + if ($neighbor =~ /^(\w+)$/) { + exit 0; + } + die "Can't set neighbor address to local system IP.\n" if (is_local_address($neighbor)); @@ -1202,17 +1227,18 @@ sub check_remote_as { if ($remote_as =~ /^(\d+)$/) { if ( $remote_as >= 1 && $remote_as <= 4294967294) { - exit 0; - } - die "remote-as must be between 1 and 4294967294 or external or internal"; + exit 0; + } + die "remote-as must be between 1 and 4294967294 or external or internal"; } if ( $remote_as eq "external" || $remote_as eq "internal") { - exit 0; + exit 0; } - die "remote-as must be between 1 and 4294967294 or external or internal"; + die "remote-as must be between 1 and 4294967294 or external or internal"; } + # Make sure we aren't deleteing a peer-group that has # neighbors configured to it sub check_for_peer_groups6 { @@ -1263,6 +1289,10 @@ sub check_for_peer_groups { foreach my $node (@neighbors) { my $peergroup = $config->returnValue("$node peer-group"); if ((defined $peergroup) && ($peergroup eq $pg)) { push @peers, $node; } + $peergroup = $config->returnValue("$node interface peer-group"); + if ((defined $peergroup) && ($peergroup eq $pg)) { push @peers, $node; } + $peergroup = $config->returnValue("$node interface v6only peer-group"); + if ((defined $peergroup) && ($peergroup eq $pg)) { push @peers, $node; } } # if we found peers in the previous statements @@ -1408,8 +1438,20 @@ sub check_neighbor_parameters my @neighbors = $config->listNodes("$as neighbor"); foreach my $neighbor (@neighbors) { my $pgmembership = $config->returnValue("$as neighbor $neighbor peer-group"); + if ( ! defined $pgmembership ) { + my $pgmembership = $config->returnValue("$as neighbor $neighbor іnterface peer-group"); + } + if ( ! defined $pgmembership ) { + my $pgmembership = $config->returnValue("$as neighbor $neighbor іnterface v6only peer-group"); + } if ( (defined $pgmembership) && ("$pgmembership" eq "$peergroup") ) { my $remoteas = $config->returnValue("$as neighbor $neighbor remote-as"); + if ( ! defined $remoteas) { + my $remoteas = $config->returnValue("$as neighbor $neighbor іnterface remote-as"); + } + if ( ! defined $remoteas ) { + my $remoteas = $config->returnValue("$as neighbor $neighbor іnterface v6only remote-as"); + } if (! defined $remoteas) { die "[ protocols bgp $as peer-group $neighbor ]\n can't delete the remote-as in peer-group without setting remote-as in member neighbors\n" } @@ -1427,8 +1469,20 @@ sub check_neighbor_parameters my @neighbors = $config->listNodes("$as neighbor"); foreach my $neighbor (@neighbors) { my $pgmembership = $config->returnValue("$as neighbor $neighbor peer-group"); + if ( ! defined $pgmembership ) { + my $pgmembership = $config->returnValue("$as neighbor $neighbor іnterface peer-group"); + } + if ( ! defined $pgmembership ) { + my $pgmembership = $config->returnValue("$as neighbor $neighbor іnterface v6only peer-group"); + } if ((defined $pgmembership) && ("$pgmembership" eq "$peergroup")) { my $remoteas = $config->returnValue("$as neighbor $neighbor remote-as"); + if ( ! defined $remoteas) { + my $remoteas = $config->returnValue("$as neighbor $neighbor іnterface remote-as"); + } + if ( ! defined $remoteas ) { + my $remoteas = $config->returnValue("$as neighbor $neighbor іnterface v6only remote-as"); + } if (defined $remoteas && defined $pgremoteas) { die "[ protocols bgp $as peer-group $neighbor ]\n must not define remote-as in both neighbor and peer-group\n" } @@ -1456,23 +1510,36 @@ sub check_neighbor_parameters # remote-as checks: Make sure the neighbor has a remote-as defined locally or in the peer-group my ($remoteas, $peergroup, $peergroupas, $peergroup6, $peergroup6as); $remoteas = $config->returnValue("$as neighbor $neighbor remote-as"); - if ($config->exists("$as neighbor $neighbor peer-group")) { - if ($config->exists("$as parameters default no-ipv4-unicast")) { + if (! defined($remoteas)) { + $remoteas = $config->returnValue("$as neighbor $neighbor interface remote-as"); + } + if (! defined($remoteas)) { + $remoteas = $config->returnValue("$as neighbor $neighbor interface v6only remote-as"); + } + if ($config->exists("$as neighbor $neighbor peer-group") || + $config->exists("$as neighbor $neighbor interface peer-group") || + $config->exists("$as neighbor $neighbor interface v6only peer-group")) { + if ($config->exists("$as parameters default no-ipv4-unicast") && $config->exists("$as neighbor $neighbor peer-group")) { die "[ protocols bgp $as neighbor $neighbor ]\n peer-group defined but ipv4-unicast is disabled\n"; } - $peergroup = $config->returnValue("$as neighbor $neighbor peer-group"); + $peergroup = $config->returnValue("$as neighbor $neighbor peer-group"); + if (! defined($peergroup)) { + $peergroup = $config->returnValue("$as neighbor $neighbor interface peer-group"); + } + if (! defined($peergroup)) { + $peergroup = $config->returnValue("$as neighbor $neighbor interface v6only peer-group"); + } if ($config->exists("$as peer-group $peergroup remote-as")) { - $peergroupas = $config->returnValue("$as peer-group $peergroup remote-as"); + $peergroupas = $config->returnValue("$as peer-group $peergroup remote-as"); } } if ($config->exists("$as neighbor $neighbor address-family ipv6-unicast peer-group")) { - $peergroup6 = $config->returnValue("$as neighbor $neighbor address-family ipv6-unicast peer-group"); + $peergroup6 = $config->returnValue("$as neighbor $neighbor address-family ipv6-unicast peer-group"); if ($config->exists("$as peer-group $peergroup6 remote-as") && $config->exists("$as peer-group $peergroup6 address-family ipv6-unicast")) { - $peergroup6as = $config->returnValue("$as peer-group $peergroup6 remote-as"); + $peergroup6as = $config->returnValue("$as peer-group $peergroup6 remote-as"); } - } - + } die "[ protocols bgp $as neighbor $neighbor ]\n must set remote-as or peer-group with remote-as defined\n" if ((!defined($remoteas) && !defined($peergroupas)) && !$config->exists("$as parameters default no-ipv4-unicast")); @@ -1524,7 +1591,15 @@ sub confed_iBGP_ASN { my @neighbors = $config->listOrigNodes('neighbor'); foreach my $neighbor (@neighbors) { my $remoteas = $config->returnValue("neighbor $neighbor remote-as"); - if ("$testas" eq "$remoteas") { + if (("$testas" eq "$remoteas") || ("$testas" eq "internal")) { + exit 1; + } + $remoteas = $config->returnValue("neighbor $neighbor interface remote-as"); + if (("$testas" eq "$remoteas") || ("$testas" eq "internal")) { + exit 1; + } + $remoteas = $config->returnValue("neighbor $neighbor interface v6only remote-as"); + if (("$testas" eq "$remoteas") || ("$testas" eq "internal")) { exit 1; } } @@ -1647,14 +1722,16 @@ sub main 'address-family ipv6-unicast unsuppress-map'); # notice the extra space in the level string. keeps the parent from being deleted. - $qconfig->deleteConfigTreeRecursive('protocols bgp var neighbor var ', undef, \@ordered) || die "exiting $?\n"; - $qconfig->deleteConfigTreeRecursive('protocols bgp var peer-group var ', undef, \@ordered) || die "exiting $?\n"; + $qconfig->deleteConfigTreeRecursive('protocols bgp var neighbor var', undef, \@ordered) || die "exiting $?\n"; + $qconfig->deleteConfigTreeRecursive('protocols bgp var peer-group var', undef, \@ordered) || die "exiting $?\n"; $qconfig->deleteConfigTreeRecursive('protocols bgp') || die "exiting $?\n"; ## sets with priority $qconfig->setConfigTreeRecursive('protocols bgp var parameters') || die "exiting $?\n"; $qconfig->setConfigTreeRecursive('protocols bgp var peer-group', undef, \@ordered) || die "exiting $?\n"; $qconfig->setConfigTreeRecursive('protocols bgp var neighbor var remote-as', undef, \@ordered) || die "exiting $?\n"; + $qconfig->setConfigTreeRecursive('protocols bgp var neighbor var interface', undef, \@ordered) + || die "exiting $?\n"; $qconfig->setConfigTreeRecursive('protocols bgp var neighbor var address-family ipv6-unicast peer-group' , undef, \@ordered) || die "exiting $?\n"; $qconfig->setConfigTreeRecursive('protocols bgp var neighbor var address-family ipv6-unicast' diff --git a/templates/protocols/bgp/node.tag/neighbor/node.def b/templates/protocols/bgp/node.tag/neighbor/node.def index a41fc20d..c2a810e4 100644 --- a/templates/protocols/bgp/node.tag/neighbor/node.def +++ b/templates/protocols/bgp/node.tag/neighbor/node.def @@ -1,8 +1,9 @@ tag: -type: ipv4, ipv6 +type: txt help: BGP neighbor -val_help: ipv4; BGP neighbor IP address -val_help: ipv6; BGP neighbor IPv6 address +val_help: txt; BGP neighbor IP address +val_help: txt; BGP neighbor IPv6 address +val_help: txt; Interface name syntax:expression: exec "/opt/vyatta/sbin/vyatta-bgp.pl \ - --check-neighbor-ip --neighbor $VAR(@)" + --check-neighbor-ip --neighbor $VAR(@)" diff --git a/templates/protocols/bgp/node.tag/neighbor/node.tag/interface/node.def b/templates/protocols/bgp/node.tag/neighbor/node.tag/interface/node.def index 4f49f816..41ecd0d7 100644 --- a/templates/protocols/bgp/node.tag/neighbor/node.tag/interface/node.def +++ b/templates/protocols/bgp/node.tag/neighbor/node.tag/interface/node.def @@ -1,2 +1 @@ -type: txt -help: Network interface to use for the BGP session +help: interface parameters diff --git a/templates/protocols/bgp/node.tag/neighbor/node.tag/interface/peer-group/node.def b/templates/protocols/bgp/node.tag/neighbor/node.tag/interface/peer-group/node.def new file mode 100644 index 00000000..cbad3a03 --- /dev/null +++ b/templates/protocols/bgp/node.tag/neighbor/node.tag/interface/peer-group/node.def @@ -0,0 +1,6 @@ +type: txt +help: peer group for this peer +allowed: local -a params + params=$( /opt/vyatta/sbin/vyatta-bgp.pl --list-peer-groups --as $VAR(../../../@) ) + echo -n ${params[@]##*/} +commit:expression: exec "/opt/vyatta/sbin/vyatta_quagga_utils.pl --exists \"protocols bgp $VAR(../../../@) peer-group $VAR(@)\" "; "protocols bgp $VAR(../../../@) peer-group $VAR(@) doesn't exist" diff --git a/templates/protocols/bgp/node.tag/neighbor/node.tag/interface/remote-as/node.def b/templates/protocols/bgp/node.tag/neighbor/node.tag/interface/remote-as/node.def new file mode 100644 index 00000000..61cd13a0 --- /dev/null +++ b/templates/protocols/bgp/node.tag/neighbor/node.tag/interface/remote-as/node.def @@ -0,0 +1,6 @@ +type: txt +help: Neighbor BGP AS number [REQUIRED] +val_help: txt: 1-4294967294; Neighbor AS number +val_help: txt: external; except that if the peers ASN is different than mine +val_help: txt: internal; except that if the peers ASN is the same as mine +syntax:expression: exec "/opt/vyatta/sbin/vyatta-bgp.pl --check-remote-as $VAR(@)" diff --git a/templates/protocols/bgp/node.tag/neighbor/node.tag/interface/v6only/node.def b/templates/protocols/bgp/node.tag/neighbor/node.tag/interface/v6only/node.def new file mode 100644 index 00000000..0c454278 --- /dev/null +++ b/templates/protocols/bgp/node.tag/neighbor/node.tag/interface/v6only/node.def @@ -0,0 +1 @@ +help: Enable BGP with v6 link-local only diff --git a/templates/protocols/bgp/node.tag/neighbor/node.tag/interface/v6only/peer-group/node.def b/templates/protocols/bgp/node.tag/neighbor/node.tag/interface/v6only/peer-group/node.def new file mode 100644 index 00000000..5a5257e2 --- /dev/null +++ b/templates/protocols/bgp/node.tag/neighbor/node.tag/interface/v6only/peer-group/node.def @@ -0,0 +1,6 @@ +type: txt +help: peer group for this peer +allowed: local -a params + params=$( /opt/vyatta/sbin/vyatta-bgp.pl --list-peer-groups --as $VAR(../../../../@) ) + echo -n ${params[@]##*/} +commit:expression: exec "/opt/vyatta/sbin/vyatta_quagga_utils.pl --exists \"protocols bgp $VAR(../../../../@) peer-group $VAR(@)\" "; "protocols bgp $VAR(../../../../@) peer-group $VAR(@) doesn't exist" diff --git a/templates/protocols/bgp/node.tag/neighbor/node.tag/interface/v6only/remote-as/node.def b/templates/protocols/bgp/node.tag/neighbor/node.tag/interface/v6only/remote-as/node.def new file mode 100644 index 00000000..61cd13a0 --- /dev/null +++ b/templates/protocols/bgp/node.tag/neighbor/node.tag/interface/v6only/remote-as/node.def @@ -0,0 +1,6 @@ +type: txt +help: Neighbor BGP AS number [REQUIRED] +val_help: txt: 1-4294967294; Neighbor AS number +val_help: txt: external; except that if the peers ASN is different than mine +val_help: txt: internal; except that if the peers ASN is the same as mine +syntax:expression: exec "/opt/vyatta/sbin/vyatta-bgp.pl --check-remote-as $VAR(@)" diff --git a/templates/protocols/bgp/node.tag/peer-group/node.tag/remote-as/node.def b/templates/protocols/bgp/node.tag/peer-group/node.tag/remote-as/node.def index ab3913c7..61cd13a0 100644 --- a/templates/protocols/bgp/node.tag/peer-group/node.tag/remote-as/node.def +++ b/templates/protocols/bgp/node.tag/peer-group/node.tag/remote-as/node.def @@ -1,5 +1,6 @@ -type: u32 -help: Peer-group BGP AS number [REQUIRED] -val_help: u32:1-4294967294; AS number -syntax:expression: $VAR(@) >= 1 && $VAR(@) <= 4294967294; \ - "remote-as must be between 1 and 4294967294" +type: txt +help: Neighbor BGP AS number [REQUIRED] +val_help: txt: 1-4294967294; Neighbor AS number +val_help: txt: external; except that if the peers ASN is different than mine +val_help: txt: internal; except that if the peers ASN is the same as mine +syntax:expression: exec "/opt/vyatta/sbin/vyatta-bgp.pl --check-remote-as $VAR(@)" |