diff options
3 files changed, 22 insertions, 12 deletions
diff --git a/scripts/bgp/vyatta-bgp.pl b/scripts/bgp/vyatta-bgp.pl index 3337d227..daf5b360 100755 --- a/scripts/bgp/vyatta-bgp.pl +++ b/scripts/bgp/vyatta-bgp.pl @@ -1216,6 +1216,17 @@ sub check_for_peer_groups { } } + +# check that both ttl-security and ebgpmultihops aren't both defined +sub check_ttl_conflict { + my ($config, $path) = @_; + + my $ebgphops = $config->returnValue("$path ebgp-multihop"); + my $ttlsecurity = $config->returnValue("$path ttl-security hops"); + die "protocols bgp $path: can not define both ebgp-mulithop and ttl-security hops\n" + if (defined($ebgphops) && defined($ttlsecurity)); +} + # check that changed neighbors have a remote-as or peer-group defined sub check_remote_as { my $config = new Vyatta::Config; @@ -1226,9 +1237,11 @@ sub check_remote_as { # check remote-as if neighbors have been changed my @neighbors = $config->listNodes("$as neighbor"); foreach my $neighbor (@neighbors) { - if ($config->isChanged("$as neighbor $neighbor")) { - my $remoteas = $config->returnValue("$as neighbor $neighbor remote-as"); + next unless $config->isChanged("$as neighbor $neighbor"); + + check_ttl_conflict($config, "$as neighbor $neighbor"); + my $remoteas = $config->returnValue("$as neighbor $neighbor remote-as"); my ($peergroup, $peergroupas); if ($config->exists("$as neighbor $neighbor peer-group")) { $peergroup = $config->returnValue("$as neighbor $neighbor peer-group"); @@ -1249,13 +1262,15 @@ sub check_remote_as { die "protocols bgp $as neighbor $neighbor: must define a remote-as in neighbor or peer-group $peergroup\n" unless $peergroupas; - } + } # check remote-as if peer-groups have been changed my @peergroups = $config->listNodes("$as peer-group"); foreach my $peergroup (@peergroups) { - if ($config->isChanged("$as peer-group $peergroup")) { + next unless $config->isChanged("$as peer-group $peergroup"); + + check_ttl_security($config, "$as peer-group $peergroup"); # if we delete the remote-as in the pg, make sure all neighbors have a remote-as defined if ($config->isDeleted("$as peer-group $peergroup remote-as")) { @@ -1284,10 +1299,11 @@ sub check_remote_as { } } } - } } + } # end foreach my $peergroup + } } diff --git a/templates/protocols/bgp/node.tag/neighbor/node.tag/ebgp-multihop/node.def b/templates/protocols/bgp/node.tag/neighbor/node.tag/ebgp-multihop/node.def index 2cfa6fe6..8a89fc4c 100644 --- a/templates/protocols/bgp/node.tag/neighbor/node.tag/ebgp-multihop/node.def +++ b/templates/protocols/bgp/node.tag/neighbor/node.tag/ebgp-multihop/node.def @@ -3,4 +3,3 @@ help: Allow this EBGP neighbor to not be on a directly connected network comp_help: possible completions: <1-255> number of hops syntax:expression: $VAR(@) >=1 && $VAR(@) <= 255; "ebgp-multihop must be between 1 and 255" -commit:expression: exec "/opt/vyatta/sbin/vyatta_quagga_utils.pl --not-exists \"protocols bgp $VAR(../../@) neighbor $VAR(../@) ttl-security\" "; "protocols bgp $VAR(../../@) neighbor $VAR(../@) ebgp-multihop: you can't set both ebgp-multihop and ttl-security" diff --git a/templates/protocols/bgp/node.tag/neighbor/node.tag/ttl-security/node.def b/templates/protocols/bgp/node.tag/neighbor/node.tag/ttl-security/node.def index f8127f10..4ac20c35 100644 --- a/templates/protocols/bgp/node.tag/neighbor/node.tag/ttl-security/node.def +++ b/templates/protocols/bgp/node.tag/neighbor/node.tag/ttl-security/node.def @@ -1,7 +1,2 @@ -type: u32 help: Set ttl security mechanism for this BGP peer -comp_help: possible completions: - <1-254> maximum number of hops that separate two peers -syntax:expression: $VAR(@) >=1 && $VAR(@) <= 254 ; \ - "ttl-security must be between 1 and 254" -commit:expression: exec "/opt/vyatta/sbin/vyatta_quagga_utils.pl --not-exists \"protocols bgp $VAR(../../@) neighbor $VAR(../@) ebgp-multihop\" "; "protocols bgp $VAR(../../@) neighbor $VAR(../@) ttl-security: you can't set both ebgp-multihop and ttl-security" + |