summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristian Poessinger <christian@poessinger.com>2020-11-04 20:35:44 +0100
committerGitHub <noreply@github.com>2020-11-04 20:35:44 +0100
commit84c7ed21629db338b207dfb11320b49fffda3b3d (patch)
treec35d9ce74f8c6acbc673b006e56ad6e3fa3967f4
parentcb544fc3e372448e3ed098f09add767d6f449b47 (diff)
parente1174ad59d396d6e96fcbeb7b90bc5a164e3ad5c (diff)
downloadvyos-1x-84c7ed21629db338b207dfb11320b49fffda3b3d.tar.gz
vyos-1x-84c7ed21629db338b207dfb11320b49fffda3b3d.zip
Merge pull request #595 from Cheeze-It/current
mpls-conf: T915: Add TTL security for static LDP neighbors
-rw-r--r--data/templates/frr/ldpd.frr.tmpl14
-rw-r--r--interface-definitions/protocols-mpls.xml.in16
-rwxr-xr-xsrc/conf_mode/protocols_mpls.py6
3 files changed, 34 insertions, 2 deletions
diff --git a/data/templates/frr/ldpd.frr.tmpl b/data/templates/frr/ldpd.frr.tmpl
index 81a992165..3cdce8c70 100644
--- a/data/templates/frr/ldpd.frr.tmpl
+++ b/data/templates/frr/ldpd.frr.tmpl
@@ -9,9 +9,23 @@ router-id {{ router_id }}
{% endif -%}
{% for neighbor_id in old_ldp.neighbors -%}
no neighbor {{neighbor_id}} password {{old_ldp.neighbors[neighbor_id].password}}
+{% if 'ttl_security' is defined -%}
+{% if 'disable' in old_ldp.neighbors[neighbor_id].ttl_security %}
+no neighbor {{neighbor_id}} ttl-security disable
+{% else -%}
+no neighbor {{neighbor_id}} ttl-security hops {{old_ldp.neighbors[neighbor_id].ttl_security}}
+{% endif -%}
+{% endif -%}
{% endfor -%}
{% for neighbor_id in ldp.neighbors -%}
neighbor {{neighbor_id}} password {{ldp.neighbors[neighbor_id].password}}
+{% if 'ttl_security' is defined -%}
+{% if 'disable' in ldp.neighbors[neighbor_id].ttl_security %}
+neighbor {{neighbor_id}} ttl-security disable
+{% else -%}
+neighbor {{neighbor_id}} ttl-security hops {{ldp.neighbors[neighbor_id].ttl_security}}
+{% endif -%}
+{% endif -%}
{% endfor -%}
!
address-family ipv4
diff --git a/interface-definitions/protocols-mpls.xml.in b/interface-definitions/protocols-mpls.xml.in
index 94ece8d45..38c553489 100644
--- a/interface-definitions/protocols-mpls.xml.in
+++ b/interface-definitions/protocols-mpls.xml.in
@@ -43,6 +43,22 @@
<help>Peer password</help>
</properties>
</leafNode>
+ <leafNode name="ttl-security">
+ <properties>
+ <help>Neighbor TTL security</help>
+ <completionHelp>
+ <list>disable</list>
+ </completionHelp>
+ <valueHelp>
+ <format>&lt;1-254&gt;</format>
+ <description>TTL</description>
+ </valueHelp>
+ <valueHelp>
+ <format>disable</format>
+ <description>Disable neighbor TTL security</description>
+ </valueHelp>
+ </properties>
+ </leafNode>
</children>
</tagNode>
<node name="discovery">
diff --git a/src/conf_mode/protocols_mpls.py b/src/conf_mode/protocols_mpls.py
index d2ff0a2ea..d90c208ad 100755
--- a/src/conf_mode/protocols_mpls.py
+++ b/src/conf_mode/protocols_mpls.py
@@ -161,14 +161,16 @@ def get_config(config=None):
for neighbor in conf.list_effective_nodes('neighbor'):
mpls_conf['old_ldp']['neighbors'].update({
neighbor : {
- 'password' : conf.return_effective_value('neighbor {0} password'.format(neighbor))
+ 'password' : conf.return_effective_value('neighbor {0} password'.format(neighbor), default=''),
+ 'ttl_security' : conf.return_effective_value('neighbor {0} ttl-security'.format(neighbor), default=''),
}
})
for neighbor in conf.list_nodes('neighbor'):
mpls_conf['ldp']['neighbors'].update({
neighbor : {
- 'password' : conf.return_value('neighbor {0} password'.format(neighbor))
+ 'password' : conf.return_value('neighbor {0} password'.format(neighbor), default=''),
+ 'ttl_security' : conf.return_value('neighbor {0} ttl-security'.format(neighbor), default=''),
}
})