diff options
| author | Christian Poessinger <christian@poessinger.com> | 2020-11-04 20:35:44 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2020-11-04 20:35:44 +0100 |
| commit | 84c7ed21629db338b207dfb11320b49fffda3b3d (patch) | |
| tree | c35d9ce74f8c6acbc673b006e56ad6e3fa3967f4 | |
| parent | cb544fc3e372448e3ed098f09add767d6f449b47 (diff) | |
| parent | e1174ad59d396d6e96fcbeb7b90bc5a164e3ad5c (diff) | |
| download | vyos-1x-84c7ed21629db338b207dfb11320b49fffda3b3d.tar.gz vyos-1x-84c7ed21629db338b207dfb11320b49fffda3b3d.zip | |
Merge pull request #595 from Cheeze-It/current
mpls-conf: T915: Add TTL security for static LDP neighbors
| -rw-r--r-- | data/templates/frr/ldpd.frr.tmpl | 14 | ||||
| -rw-r--r-- | interface-definitions/protocols-mpls.xml.in | 16 | ||||
| -rwxr-xr-x | src/conf_mode/protocols_mpls.py | 6 |
3 files changed, 34 insertions, 2 deletions
diff --git a/data/templates/frr/ldpd.frr.tmpl b/data/templates/frr/ldpd.frr.tmpl index 81a992165..3cdce8c70 100644 --- a/data/templates/frr/ldpd.frr.tmpl +++ b/data/templates/frr/ldpd.frr.tmpl @@ -9,9 +9,23 @@ router-id {{ router_id }} {% endif -%} {% for neighbor_id in old_ldp.neighbors -%} no neighbor {{neighbor_id}} password {{old_ldp.neighbors[neighbor_id].password}} +{% if 'ttl_security' is defined -%} +{% if 'disable' in old_ldp.neighbors[neighbor_id].ttl_security %} +no neighbor {{neighbor_id}} ttl-security disable +{% else -%} +no neighbor {{neighbor_id}} ttl-security hops {{old_ldp.neighbors[neighbor_id].ttl_security}} +{% endif -%} +{% endif -%} {% endfor -%} {% for neighbor_id in ldp.neighbors -%} neighbor {{neighbor_id}} password {{ldp.neighbors[neighbor_id].password}} +{% if 'ttl_security' is defined -%} +{% if 'disable' in ldp.neighbors[neighbor_id].ttl_security %} +neighbor {{neighbor_id}} ttl-security disable +{% else -%} +neighbor {{neighbor_id}} ttl-security hops {{ldp.neighbors[neighbor_id].ttl_security}} +{% endif -%} +{% endif -%} {% endfor -%} ! address-family ipv4 diff --git a/interface-definitions/protocols-mpls.xml.in b/interface-definitions/protocols-mpls.xml.in index 94ece8d45..38c553489 100644 --- a/interface-definitions/protocols-mpls.xml.in +++ b/interface-definitions/protocols-mpls.xml.in @@ -43,6 +43,22 @@ <help>Peer password</help> </properties> </leafNode> + <leafNode name="ttl-security"> + <properties> + <help>Neighbor TTL security</help> + <completionHelp> + <list>disable</list> + </completionHelp> + <valueHelp> + <format><1-254></format> + <description>TTL</description> + </valueHelp> + <valueHelp> + <format>disable</format> + <description>Disable neighbor TTL security</description> + </valueHelp> + </properties> + </leafNode> </children> </tagNode> <node name="discovery"> diff --git a/src/conf_mode/protocols_mpls.py b/src/conf_mode/protocols_mpls.py index d2ff0a2ea..d90c208ad 100755 --- a/src/conf_mode/protocols_mpls.py +++ b/src/conf_mode/protocols_mpls.py @@ -161,14 +161,16 @@ def get_config(config=None): for neighbor in conf.list_effective_nodes('neighbor'): mpls_conf['old_ldp']['neighbors'].update({ neighbor : { - 'password' : conf.return_effective_value('neighbor {0} password'.format(neighbor)) + 'password' : conf.return_effective_value('neighbor {0} password'.format(neighbor), default=''), + 'ttl_security' : conf.return_effective_value('neighbor {0} ttl-security'.format(neighbor), default=''), } }) for neighbor in conf.list_nodes('neighbor'): mpls_conf['ldp']['neighbors'].update({ neighbor : { - 'password' : conf.return_value('neighbor {0} password'.format(neighbor)) + 'password' : conf.return_value('neighbor {0} password'.format(neighbor), default=''), + 'ttl_security' : conf.return_value('neighbor {0} ttl-security'.format(neighbor), default=''), } }) |