From bed52a360fef02f4a1573299fe8a4b059b59f831 Mon Sep 17 00:00:00 2001
From: Christian Poessinger <christian@poessinger.com>
Date: Sat, 10 Apr 2021 22:12:10 +0200
Subject: bgp: T3460: add verify() steps for local-as override

It is only possible to set one local-as override per BGP neighbor/peer-group.
In addition to this, the override AS number is not allowed to be the same as
the one from the global BGP process.

If this would still be the case frr-reload would error out:
 > frr-reload output: 184 % Cannot have local-as same as BGP AS number
---
 src/conf_mode/protocols_bgp.py | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/src/conf_mode/protocols_bgp.py b/src/conf_mode/protocols_bgp.py
index a76aec30b..262bb4711 100755
--- a/src/conf_mode/protocols_bgp.py
+++ b/src/conf_mode/protocols_bgp.py
@@ -115,6 +115,16 @@ def verify(bgp):
                     raise ConfigError(f'Specified peer-group "{peer_group}" for '\
                                       f'neighbor "{neighbor}" does not exist!')
 
+            if 'local_as' in peer_config:
+                if len(peer_config['local_as']) > 1:
+                    raise ConfigError('Only one local-as number may be specified!')
+
+                # Neighbor local-as override can not be the same as the local-as
+                # we use for this BGP instane!
+                asn = list(peer_config['local_as'].keys())[0]
+                if asn == bgp['local_as']:
+                    raise ConfigError('Cannot have local-as same as BGP AS number')
+
             # ttl-security and ebgp-multihop can't be used in the same configration
             if 'ebgp_multihop' in peer_config and 'ttl_security' in peer_config:
                 raise ConfigError('You can\'t set both ebgp-multihop and ttl-security hops')
-- 
cgit v1.2.3