From 60fb7bb1025d25606efc00b4f3f9505e17efe1e0 Mon Sep 17 00:00:00 2001 From: Stephen Hemminger Date: Fri, 21 May 2010 17:19:28 -0700 Subject: Use net_set to avoid using sudo --- scripts/vyatta-link-detect | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/scripts/vyatta-link-detect b/scripts/vyatta-link-detect index 9dc17e05..078053cc 100755 --- a/scripts/vyatta-link-detect +++ b/scripts/vyatta-link-detect @@ -17,16 +17,15 @@ fi # 0 - always receive # 1 - ignore receive if admin_down # 2 - ignore receive if admin_down or link down -set-sysctl () { - sudo sh -c "echo $2 >/proc/sys/net/ipv4/conf/$1/link_filter" -# sudo sh -c "echo $2 >/proc/sys/net/ipv6/conf/$1/link_filter" +set_linkfilter () { + net_set /proc/sys/net/ipv4/conf/$1/link_filter=$2 } case $2 in -on) set-sysctl $1 2 +on) set_linkfilter $1 2 exec vtysh -c "configure terminal" -c "interface $1" \ -c "link-detect" ;; -off) set-sysctl $1 1 +off) set_linkfilter $1 1 exec vtysh -c "configure terminal" -c "interface $1" \ -c "no link-detect" ;; *) usage;; -- cgit v1.2.3 From d1627b367e30988d26b7e393600149750534aaf6 Mon Sep 17 00:00:00 2001 From: Stephen Hemminger Date: Fri, 21 May 2010 17:20:25 -0700 Subject: No longer need sudo for arp Have capability do that. --- templates/protocols/static/arp/node.def | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/templates/protocols/static/arp/node.def b/templates/protocols/static/arp/node.def index 0174b24c..8bf88225 100644 --- a/templates/protocols/static/arp/node.def +++ b/templates/protocols/static/arp/node.def @@ -36,8 +36,8 @@ end: ipaddr=$VAR(@) hwaddr=$VAR(hwaddr/@) - sudo arp -d $ipaddr > /dev/null + arp -d $ipaddr > /dev/null if [ -n "$hwaddr" ]; then - sudo arp -s $ipaddr $hwaddr + arp -s $ipaddr $hwaddr fi exit 0 -- cgit v1.2.3 From 6cfb22fef8cd535657abab13c4a0e34763498fa4 Mon Sep 17 00:00:00 2001 From: Stephen Hemminger Date: Fri, 9 Jul 2010 17:43:36 -0700 Subject: Add ttl-security option to peer-group Add ttl-security value as peer-group option. Also validate the range of ttl-security setting. --- scripts/bgp/vyatta-bgp.pl | 4 ++++ .../bgp/node.tag/neighbor/node.tag/ttl-security/node.def | 5 +++++ .../bgp/node.tag/peer-group/node.tag/ttl-security/node.def | 8 ++++++++ 3 files changed, 17 insertions(+) create mode 100644 templates/protocols/bgp/node.tag/peer-group/node.tag/ttl-security/node.def diff --git a/scripts/bgp/vyatta-bgp.pl b/scripts/bgp/vyatta-bgp.pl index b2119dbc..849b4284 100755 --- a/scripts/bgp/vyatta-bgp.pl +++ b/scripts/bgp/vyatta-bgp.pl @@ -1009,6 +1009,10 @@ my %qcom = ( set => 'router bgp #3 ; neighbor #5 timers connect #8', del => 'router bgp #3 ; no neighbor #5 timers connect #8', }, + 'protocols bgp var peer-group var ttl-security hops' => { + set => 'router bgp #3 ; neighbor #5 ttl-security hops #8', + del => 'router bgp #3 ; no neighbor #5 ttl-security hops #8', + }, 'protocols bgp var peer-group var unsuppress-map' => { set => 'router bgp #3 ; neighbor #5 unsuppress-map #7', del => 'router bgp #3 ; no neighbor #5 unsuppress-map #7', diff --git a/templates/protocols/bgp/node.tag/neighbor/node.tag/ttl-security/node.def b/templates/protocols/bgp/node.tag/neighbor/node.tag/ttl-security/node.def index 05be9f5b..f8127f10 100644 --- a/templates/protocols/bgp/node.tag/neighbor/node.tag/ttl-security/node.def +++ b/templates/protocols/bgp/node.tag/neighbor/node.tag/ttl-security/node.def @@ -1,2 +1,7 @@ +type: u32 help: Set ttl security mechanism for this BGP peer +comp_help: possible completions: + <1-254> maximum number of hops that separate two peers +syntax:expression: $VAR(@) >=1 && $VAR(@) <= 254 ; \ + "ttl-security must be between 1 and 254" commit:expression: exec "/opt/vyatta/sbin/vyatta_quagga_utils.pl --not-exists \"protocols bgp $VAR(../../@) neighbor $VAR(../@) ebgp-multihop\" "; "protocols bgp $VAR(../../@) neighbor $VAR(../@) ttl-security: you can't set both ebgp-multihop and ttl-security" diff --git a/templates/protocols/bgp/node.tag/peer-group/node.tag/ttl-security/node.def b/templates/protocols/bgp/node.tag/peer-group/node.tag/ttl-security/node.def new file mode 100644 index 00000000..bf7c0f39 --- /dev/null +++ b/templates/protocols/bgp/node.tag/peer-group/node.tag/ttl-security/node.def @@ -0,0 +1,8 @@ +type: u32 +help: Set ttl security mechanism for this peer-group +comp_help: possible completions: + <1-254> maximum number of hops that separate two peers +syntax:expression: $VAR(@) >=1 && $VAR(@) <= 254 ; \ + "ttl-security must be between 1 and 254" + +commit:expression: exec "/opt/vyatta/sbin/vyatta_quagga_utils.pl --not-exists \"protocols bgp $VAR(../../@) neighbor $VAR(../@) ebgp-multihop\" "; "protocols bgp $VAR(../../@) neighbor $VAR(../@) ttl-security: you can't set both ebgp-multihop and ttl-security" -- cgit v1.2.3 From a7420c98d251fab1631e24a2281dcc9284c876c1 Mon Sep 17 00:00:00 2001 From: Stephen Hemminger Date: Fri, 9 Jul 2010 17:46:08 -0700 Subject: 0.18.82 --- debian/changelog | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/debian/changelog b/debian/changelog index b714d39f..e2f126b6 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,17 @@ +vyatta-cfg-quagga (0.18.82) unstable; urgency=low + + [ Stephen Hemminger ] + * Use net_set to avoid using sudo + * No longer need sudo for arp + + [ An-Cheng Huang ] + * remove leftover script as discussed + + [ Stephen Hemminger ] + * Add ttl-security option to peer-group + + -- Stephen Hemminger Fri, 09 Jul 2010 17:46:08 -0700 + vyatta-cfg-quagga (0.18.81) unstable; urgency=low * fix for bug 5713 -- cgit v1.2.3 From aff955e6de3ccc0dd85acebeb970e88a05e68f26 Mon Sep 17 00:00:00 2001 From: Stephen Hemminger Date: Fri, 9 Jul 2010 17:47:08 -0700 Subject: Fix email address causing debian warnings lintian does not like it @roatan as email address. --- debian/changelog | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/debian/changelog b/debian/changelog index e2f126b6..2594dae9 100644 --- a/debian/changelog +++ b/debian/changelog @@ -16,7 +16,7 @@ vyatta-cfg-quagga (0.18.81) unstable; urgency=low * fix for bug 5713 - -- Robert Bays Mon, 21 Jun 2010 10:58:55 -0700 + -- Robert Bays Mon, 21 Jun 2010 10:58:55 -0700 vyatta-cfg-quagga (0.18.80) unstable; urgency=low @@ -32,13 +32,13 @@ vyatta-cfg-quagga (0.18.79) unstable; urgency=low * fix for bug 874: allow setting administrative distance - -- Robert Bays Tue, 08 Jun 2010 12:33:11 -0700 + -- Robert Bays Tue, 08 Jun 2010 12:33:11 -0700 vyatta-cfg-quagga (0.18.78) unstable; urgency=low * fix aggregate-address command - -- Robert Bays Mon, 07 Jun 2010 15:56:21 -0700 + -- Robert Bays Mon, 07 Jun 2010 15:56:21 -0700 vyatta-cfg-quagga (0.18.77) unstable; urgency=low @@ -50,19 +50,19 @@ vyatta-cfg-quagga (0.18.77) unstable; urgency=low * clean up potential unitialized var reference * fix stupid var def mistake - -- Robert Bays Fri, 04 Jun 2010 16:59:51 -0700 + -- Robert Bays Fri, 04 Jun 2010 16:59:51 -0700 vyatta-cfg-quagga (0.18.76) unstable; urgency=low * fix for bug 5653 - -- Robert Bays Wed, 02 Jun 2010 17:15:41 -0700 + -- Robert Bays Wed, 02 Jun 2010 17:15:41 -0700 vyatta-cfg-quagga (0.18.75) unstable; urgency=low * re-add the disable-send-comunity node to peer-groups - -- Robert Bays Tue, 25 May 2010 16:26:01 -0700 + -- Robert Bays Tue, 25 May 2010 16:26:01 -0700 vyatta-cfg-quagga (0.18.74) unstable; urgency=low @@ -74,7 +74,7 @@ vyatta-cfg-quagga (0.18.74) unstable; urgency=low * change the system call in _sendQuaggaCommand(). with the selective noerr fixed, - -- Robert Bays Sun, 23 May 2010 01:00:39 -0700 + -- Robert Bays Sun, 23 May 2010 01:00:39 -0700 vyatta-cfg-quagga (0.18.73) unstable; urgency=low -- cgit v1.2.3 From 4630f414eccc37ba621a6f3d2e22b632072c85f0 Mon Sep 17 00:00:00 2001 From: Stephen Hemminger Date: Fri, 9 Jul 2010 18:02:24 -0700 Subject: Revert "Use net_set to avoid using sudo" This reverts commit 60fb7bb1025d25606efc00b4f3f9505e17efe1e0. net_set is not tested yet. --- scripts/vyatta-link-detect | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/scripts/vyatta-link-detect b/scripts/vyatta-link-detect index 078053cc..9dc17e05 100755 --- a/scripts/vyatta-link-detect +++ b/scripts/vyatta-link-detect @@ -17,15 +17,16 @@ fi # 0 - always receive # 1 - ignore receive if admin_down # 2 - ignore receive if admin_down or link down -set_linkfilter () { - net_set /proc/sys/net/ipv4/conf/$1/link_filter=$2 +set-sysctl () { + sudo sh -c "echo $2 >/proc/sys/net/ipv4/conf/$1/link_filter" +# sudo sh -c "echo $2 >/proc/sys/net/ipv6/conf/$1/link_filter" } case $2 in -on) set_linkfilter $1 2 +on) set-sysctl $1 2 exec vtysh -c "configure terminal" -c "interface $1" \ -c "link-detect" ;; -off) set_linkfilter $1 1 +off) set-sysctl $1 1 exec vtysh -c "configure terminal" -c "interface $1" \ -c "no link-detect" ;; *) usage;; -- cgit v1.2.3 From a04cd0d0ea838e72aa73389eef18ed9aa3246cb8 Mon Sep 17 00:00:00 2001 From: Stephen Hemminger Date: Fri, 9 Jul 2010 18:04:42 -0700 Subject: Need full path to arp command If not using sudo, then need full path to arp. --- templates/protocols/static/arp/node.def | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/templates/protocols/static/arp/node.def b/templates/protocols/static/arp/node.def index 8bf88225..a7905c57 100644 --- a/templates/protocols/static/arp/node.def +++ b/templates/protocols/static/arp/node.def @@ -35,9 +35,8 @@ comp_help: Possible completions: end: ipaddr=$VAR(@) hwaddr=$VAR(hwaddr/@) - - arp -d $ipaddr > /dev/null + /usr/sbin/arp -d $ipaddr > /dev/null if [ -n "$hwaddr" ]; then - arp -s $ipaddr $hwaddr + /usr/sbin/arp -s $ipaddr $hwaddr fi exit 0 -- cgit v1.2.3 From 6833e3541ce45fa75ea320d68175b7cd6baed396 Mon Sep 17 00:00:00 2001 From: Stephen Hemminger Date: Fri, 9 Jul 2010 18:13:05 -0700 Subject: Fix bogus ospf wireless vif nodes was generating interfaces/wireless/vif instead of interfaces/wireless/node.tag/vif --- gen-interface-templates.pl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gen-interface-templates.pl b/gen-interface-templates.pl index fedd4c63..3b2e39ab 100755 --- a/gen-interface-templates.pl +++ b/gen-interface-templates.pl @@ -35,7 +35,7 @@ my %interface_hash = ( 'ethernet/node.tag/vif/node.tag' => '$VAR(../@).$VAR(@)', 'ethernet/node.tag/vif/node.tag/pppoe/node.tag' => 'pppoe$VAR(@)', 'wireless/node.tag' => '$VAR(@)', - 'wireless/vif/node.tag' => '$VAR(../@).$VAR(@)', + 'wireless/node.tag/vif/node.tag' => '$VAR(../@).$VAR(@)', 'pseudo-ethernet/node.tag' => '$VAR(@)', # 'pseudo-ethernet/node.tag/vif/node.tag' => '$VAR(../@).$VAR(@)', 'bonding/node.tag' => '$VAR(@)', -- cgit v1.2.3 From f9adbe8e73aad0bb4fcd52b720bd77082c04854e Mon Sep 17 00:00:00 2001 From: Stephen Hemminger Date: Fri, 9 Jul 2010 18:14:26 -0700 Subject: 0.18.83 --- debian/changelog | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/debian/changelog b/debian/changelog index 2594dae9..b1d4d4c5 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,12 @@ +vyatta-cfg-quagga (0.18.83) unstable; urgency=low + + * Fix email address causing debian warnings + * Revert "Use net_set to avoid using sudo" + * Need full path to arp command + * Fix bogus ospf wireless vif nodes + + -- Stephen Hemminger Fri, 09 Jul 2010 18:14:26 -0700 + vyatta-cfg-quagga (0.18.82) unstable; urgency=low [ Stephen Hemminger ] -- cgit v1.2.3