summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorCheeze_It <none@none.com>2020-11-04 12:25:53 -0700
committerCheeze_It <none@none.com>2020-11-04 12:25:53 -0700
commite1174ad59d396d6e96fcbeb7b90bc5a164e3ad5c (patch)
treebec417b789d2e88cb1891f9cdb748979448b1961
parent620271eca13b3535472243f98bca766ed6ec19ed (diff)
downloadvyos-1x-e1174ad59d396d6e96fcbeb7b90bc5a164e3ad5c.tar.gz
vyos-1x-e1174ad59d396d6e96fcbeb7b90bc5a164e3ad5c.zip
mpls-conf: T915: Add TTL security for static LDP neighbors
The commit has to do with the addition of TTL security for LDP neighbors. The code was 90% done by Viascheslav. I modified it a little bit to get it to properly work. We added more parameters to the neighbors dynamic loop. Once this is merged then we should be able to add more for the dynamic neighbor statements. The way that this works is to have either TTL disabled, or to add the amount of hops accepted for the neighbor.
-rw-r--r--data/templates/frr/ldpd.frr.tmpl14
-rw-r--r--interface-definitions/protocols-mpls.xml.in16
-rwxr-xr-xsrc/conf_mode/protocols_mpls.py6
3 files changed, 34 insertions, 2 deletions
diff --git a/data/templates/frr/ldpd.frr.tmpl b/data/templates/frr/ldpd.frr.tmpl
index 81a992165..3cdce8c70 100644
--- a/data/templates/frr/ldpd.frr.tmpl
+++ b/data/templates/frr/ldpd.frr.tmpl
@@ -9,9 +9,23 @@ router-id {{ router_id }}
{% endif -%}
{% for neighbor_id in old_ldp.neighbors -%}
no neighbor {{neighbor_id}} password {{old_ldp.neighbors[neighbor_id].password}}
+{% if 'ttl_security' is defined -%}
+{% if 'disable' in old_ldp.neighbors[neighbor_id].ttl_security %}
+no neighbor {{neighbor_id}} ttl-security disable
+{% else -%}
+no neighbor {{neighbor_id}} ttl-security hops {{old_ldp.neighbors[neighbor_id].ttl_security}}
+{% endif -%}
+{% endif -%}
{% endfor -%}
{% for neighbor_id in ldp.neighbors -%}
neighbor {{neighbor_id}} password {{ldp.neighbors[neighbor_id].password}}
+{% if 'ttl_security' is defined -%}
+{% if 'disable' in ldp.neighbors[neighbor_id].ttl_security %}
+neighbor {{neighbor_id}} ttl-security disable
+{% else -%}
+neighbor {{neighbor_id}} ttl-security hops {{ldp.neighbors[neighbor_id].ttl_security}}
+{% endif -%}
+{% endif -%}
{% endfor -%}
!
address-family ipv4
diff --git a/interface-definitions/protocols-mpls.xml.in b/interface-definitions/protocols-mpls.xml.in
index 94ece8d45..38c553489 100644
--- a/interface-definitions/protocols-mpls.xml.in
+++ b/interface-definitions/protocols-mpls.xml.in
@@ -43,6 +43,22 @@
<help>Peer password</help>
</properties>
</leafNode>
+ <leafNode name="ttl-security">
+ <properties>
+ <help>Neighbor TTL security</help>
+ <completionHelp>
+ <list>disable</list>
+ </completionHelp>
+ <valueHelp>
+ <format>&lt;1-254&gt;</format>
+ <description>TTL</description>
+ </valueHelp>
+ <valueHelp>
+ <format>disable</format>
+ <description>Disable neighbor TTL security</description>
+ </valueHelp>
+ </properties>
+ </leafNode>
</children>
</tagNode>
<node name="discovery">
diff --git a/src/conf_mode/protocols_mpls.py b/src/conf_mode/protocols_mpls.py
index d2ff0a2ea..d90c208ad 100755
--- a/src/conf_mode/protocols_mpls.py
+++ b/src/conf_mode/protocols_mpls.py
@@ -161,14 +161,16 @@ def get_config(config=None):
for neighbor in conf.list_effective_nodes('neighbor'):
mpls_conf['old_ldp']['neighbors'].update({
neighbor : {
- 'password' : conf.return_effective_value('neighbor {0} password'.format(neighbor))
+ 'password' : conf.return_effective_value('neighbor {0} password'.format(neighbor), default=''),
+ 'ttl_security' : conf.return_effective_value('neighbor {0} ttl-security'.format(neighbor), default=''),
}
})
for neighbor in conf.list_nodes('neighbor'):
mpls_conf['ldp']['neighbors'].update({
neighbor : {
- 'password' : conf.return_value('neighbor {0} password'.format(neighbor))
+ 'password' : conf.return_value('neighbor {0} password'.format(neighbor), default=''),
+ 'ttl_security' : conf.return_value('neighbor {0} ttl-security'.format(neighbor), default=''),
}
})