From 60fb7bb1025d25606efc00b4f3f9505e17efe1e0 Mon Sep 17 00:00:00 2001
From: Stephen Hemminger <stephen.hemminger@vyatta.com>
Date: Fri, 21 May 2010 17:19:28 -0700
Subject: Use net_set to avoid using sudo

---
 scripts/vyatta-link-detect | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

(limited to 'scripts')

diff --git a/scripts/vyatta-link-detect b/scripts/vyatta-link-detect
index 9dc17e05..078053cc 100755
--- a/scripts/vyatta-link-detect
+++ b/scripts/vyatta-link-detect
@@ -17,16 +17,15 @@ fi
 #   0 - always receive
 #   1 - ignore receive if admin_down
 #   2 - ignore receive if admin_down or link down
-set-sysctl () {
-    sudo sh -c "echo $2 >/proc/sys/net/ipv4/conf/$1/link_filter"
-#   sudo sh -c "echo $2 >/proc/sys/net/ipv6/conf/$1/link_filter"
+set_linkfilter () {
+    net_set /proc/sys/net/ipv4/conf/$1/link_filter=$2
 }
 
 case $2 in
-on)	set-sysctl $1 2
+on)	set_linkfilter $1 2
 	exec vtysh -c "configure terminal" -c "interface $1" \
 	    -c "link-detect" ;;
-off)    set-sysctl $1 1
+off)    set_linkfilter $1 1
 	exec vtysh -c "configure terminal" -c "interface $1" \
 	    -c "no link-detect" ;;
 *)	usage;;
-- 
cgit v1.2.3


From 6cfb22fef8cd535657abab13c4a0e34763498fa4 Mon Sep 17 00:00:00 2001
From: Stephen Hemminger <stephen.hemminger@vyatta.com>
Date: Fri, 9 Jul 2010 17:43:36 -0700
Subject: Add ttl-security option to peer-group

Add ttl-security value as peer-group option.
Also validate the range of ttl-security setting.
---
 scripts/bgp/vyatta-bgp.pl                                         | 4 ++++
 .../bgp/node.tag/neighbor/node.tag/ttl-security/node.def          | 5 +++++
 .../bgp/node.tag/peer-group/node.tag/ttl-security/node.def        | 8 ++++++++
 3 files changed, 17 insertions(+)
 create mode 100644 templates/protocols/bgp/node.tag/peer-group/node.tag/ttl-security/node.def

(limited to 'scripts')

diff --git a/scripts/bgp/vyatta-bgp.pl b/scripts/bgp/vyatta-bgp.pl
index b2119dbc..849b4284 100755
--- a/scripts/bgp/vyatta-bgp.pl
+++ b/scripts/bgp/vyatta-bgp.pl
@@ -1009,6 +1009,10 @@ my %qcom = (
       set => 'router bgp #3 ; neighbor #5 timers connect #8',
       del => 'router bgp #3 ; no neighbor #5 timers connect #8',
   },
+  'protocols bgp var peer-group var ttl-security hops' => {
+      set => 'router bgp #3 ; neighbor #5 ttl-security hops #8',
+      del => 'router bgp #3 ; no neighbor #5 ttl-security hops #8',
+  },
   'protocols bgp var peer-group var unsuppress-map' => {
       set => 'router bgp #3 ; neighbor #5 unsuppress-map #7',
       del => 'router bgp #3 ; no neighbor #5 unsuppress-map #7',
diff --git a/templates/protocols/bgp/node.tag/neighbor/node.tag/ttl-security/node.def b/templates/protocols/bgp/node.tag/neighbor/node.tag/ttl-security/node.def
index 05be9f5b..f8127f10 100644
--- a/templates/protocols/bgp/node.tag/neighbor/node.tag/ttl-security/node.def
+++ b/templates/protocols/bgp/node.tag/neighbor/node.tag/ttl-security/node.def
@@ -1,2 +1,7 @@
+type: u32
 help: Set ttl security mechanism for this BGP peer
+comp_help: possible completions:
+  <1-254>   maximum number of hops that separate two peers
+syntax:expression: $VAR(@) >=1 && $VAR(@) <= 254 ; \
+    "ttl-security must be between 1 and 254"
 commit:expression: exec "/opt/vyatta/sbin/vyatta_quagga_utils.pl --not-exists \"protocols bgp $VAR(../../@) neighbor $VAR(../@) ebgp-multihop\" "; "protocols bgp $VAR(../../@) neighbor $VAR(../@) ttl-security: you can't set both ebgp-multihop and ttl-security"
diff --git a/templates/protocols/bgp/node.tag/peer-group/node.tag/ttl-security/node.def b/templates/protocols/bgp/node.tag/peer-group/node.tag/ttl-security/node.def
new file mode 100644
index 00000000..bf7c0f39
--- /dev/null
+++ b/templates/protocols/bgp/node.tag/peer-group/node.tag/ttl-security/node.def
@@ -0,0 +1,8 @@
+type: u32
+help: Set ttl security mechanism for this peer-group
+comp_help: possible completions:
+  <1-254>   maximum number of hops that separate two peers
+syntax:expression: $VAR(@) >=1 && $VAR(@) <= 254 ; \
+    "ttl-security must be between 1 and 254"
+
+commit:expression: exec "/opt/vyatta/sbin/vyatta_quagga_utils.pl --not-exists \"protocols bgp $VAR(../../@) neighbor $VAR(../@) ebgp-multihop\" "; "protocols bgp $VAR(../../@) neighbor $VAR(../@) ttl-security: you can't set both ebgp-multihop and ttl-security"
-- 
cgit v1.2.3


From 4630f414eccc37ba621a6f3d2e22b632072c85f0 Mon Sep 17 00:00:00 2001
From: Stephen Hemminger <stephen.hemminger@vyatta.com>
Date: Fri, 9 Jul 2010 18:02:24 -0700
Subject: Revert "Use net_set to avoid using sudo"

This reverts commit 60fb7bb1025d25606efc00b4f3f9505e17efe1e0.

net_set is not tested yet.
---
 scripts/vyatta-link-detect | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

(limited to 'scripts')

diff --git a/scripts/vyatta-link-detect b/scripts/vyatta-link-detect
index 078053cc..9dc17e05 100755
--- a/scripts/vyatta-link-detect
+++ b/scripts/vyatta-link-detect
@@ -17,15 +17,16 @@ fi
 #   0 - always receive
 #   1 - ignore receive if admin_down
 #   2 - ignore receive if admin_down or link down
-set_linkfilter () {
-    net_set /proc/sys/net/ipv4/conf/$1/link_filter=$2
+set-sysctl () {
+    sudo sh -c "echo $2 >/proc/sys/net/ipv4/conf/$1/link_filter"
+#   sudo sh -c "echo $2 >/proc/sys/net/ipv6/conf/$1/link_filter"
 }
 
 case $2 in
-on)	set_linkfilter $1 2
+on)	set-sysctl $1 2
 	exec vtysh -c "configure terminal" -c "interface $1" \
 	    -c "link-detect" ;;
-off)    set_linkfilter $1 1
+off)    set-sysctl $1 1
 	exec vtysh -c "configure terminal" -c "interface $1" \
 	    -c "no link-detect" ;;
 *)	usage;;
-- 
cgit v1.2.3