diff options
| author | Cheeze_It <none@none.com> | 2020-11-04 12:25:53 -0700 |
|---|---|---|
| committer | Cheeze_It <none@none.com> | 2020-11-04 12:25:53 -0700 |
| commit | e1174ad59d396d6e96fcbeb7b90bc5a164e3ad5c (patch) | |
| tree | bec417b789d2e88cb1891f9cdb748979448b1961 | |
| parent | 620271eca13b3535472243f98bca766ed6ec19ed (diff) | |
| download | vyos-1x-e1174ad59d396d6e96fcbeb7b90bc5a164e3ad5c.tar.gz vyos-1x-e1174ad59d396d6e96fcbeb7b90bc5a164e3ad5c.zip | |
mpls-conf: T915: Add TTL security for static LDP neighbors
The commit has to do with the addition of TTL security for LDP neighbors. The code was 90% done by Viascheslav. I modified it a little bit to get it to properly work.
We added more parameters to the neighbors dynamic loop. Once this is merged then we should be able to add more for the dynamic neighbor statements.
The way that this works is to have either TTL disabled, or to add the amount of hops accepted for the neighbor.
| -rw-r--r-- | data/templates/frr/ldpd.frr.tmpl | 14 | ||||
| -rw-r--r-- | interface-definitions/protocols-mpls.xml.in | 16 | ||||
| -rwxr-xr-x | src/conf_mode/protocols_mpls.py | 6 |
3 files changed, 34 insertions, 2 deletions
diff --git a/data/templates/frr/ldpd.frr.tmpl b/data/templates/frr/ldpd.frr.tmpl index 81a992165..3cdce8c70 100644 --- a/data/templates/frr/ldpd.frr.tmpl +++ b/data/templates/frr/ldpd.frr.tmpl @@ -9,9 +9,23 @@ router-id {{ router_id }} {% endif -%} {% for neighbor_id in old_ldp.neighbors -%} no neighbor {{neighbor_id}} password {{old_ldp.neighbors[neighbor_id].password}} +{% if 'ttl_security' is defined -%} +{% if 'disable' in old_ldp.neighbors[neighbor_id].ttl_security %} +no neighbor {{neighbor_id}} ttl-security disable +{% else -%} +no neighbor {{neighbor_id}} ttl-security hops {{old_ldp.neighbors[neighbor_id].ttl_security}} +{% endif -%} +{% endif -%} {% endfor -%} {% for neighbor_id in ldp.neighbors -%} neighbor {{neighbor_id}} password {{ldp.neighbors[neighbor_id].password}} +{% if 'ttl_security' is defined -%} +{% if 'disable' in ldp.neighbors[neighbor_id].ttl_security %} +neighbor {{neighbor_id}} ttl-security disable +{% else -%} +neighbor {{neighbor_id}} ttl-security hops {{ldp.neighbors[neighbor_id].ttl_security}} +{% endif -%} +{% endif -%} {% endfor -%} ! address-family ipv4 diff --git a/interface-definitions/protocols-mpls.xml.in b/interface-definitions/protocols-mpls.xml.in index 94ece8d45..38c553489 100644 --- a/interface-definitions/protocols-mpls.xml.in +++ b/interface-definitions/protocols-mpls.xml.in @@ -43,6 +43,22 @@ <help>Peer password</help> </properties> </leafNode> + <leafNode name="ttl-security"> + <properties> + <help>Neighbor TTL security</help> + <completionHelp> + <list>disable</list> + </completionHelp> + <valueHelp> + <format><1-254></format> + <description>TTL</description> + </valueHelp> + <valueHelp> + <format>disable</format> + <description>Disable neighbor TTL security</description> + </valueHelp> + </properties> + </leafNode> </children> </tagNode> <node name="discovery"> diff --git a/src/conf_mode/protocols_mpls.py b/src/conf_mode/protocols_mpls.py index d2ff0a2ea..d90c208ad 100755 --- a/src/conf_mode/protocols_mpls.py +++ b/src/conf_mode/protocols_mpls.py @@ -161,14 +161,16 @@ def get_config(config=None): for neighbor in conf.list_effective_nodes('neighbor'): mpls_conf['old_ldp']['neighbors'].update({ neighbor : { - 'password' : conf.return_effective_value('neighbor {0} password'.format(neighbor)) + 'password' : conf.return_effective_value('neighbor {0} password'.format(neighbor), default=''), + 'ttl_security' : conf.return_effective_value('neighbor {0} ttl-security'.format(neighbor), default=''), } }) for neighbor in conf.list_nodes('neighbor'): mpls_conf['ldp']['neighbors'].update({ neighbor : { - 'password' : conf.return_value('neighbor {0} password'.format(neighbor)) + 'password' : conf.return_value('neighbor {0} password'.format(neighbor), default=''), + 'ttl_security' : conf.return_value('neighbor {0} ttl-security'.format(neighbor), default=''), } }) |