proxmox-mirrors/mirror_frr
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_frr synced 2025-08-06 04:36:45 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

BGP: peer-group restrictions should be relaxed, update-groups determine outbound policy anyway

Browse Source 
Signed-off-by: Daniel Walton <dwalton@cumulusnetworks.com>
Reviewed-by:   Vivek Venkataraman <vivek@cumulusnetworks.com>

Ticket: CM-7933
This commit is contained in:
Daniel Walton 2015-10-28 01:54:48 +00:00
parent a9019bda5c
commit 88b8ed8dec
6 changed files with 162 additions and 232 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
bgpd/bgp_route.c
View File

@ -1136,12 +1136,16 @@ bgp_peer_remove_private_as(struct bgp *bgp, afi_t afi, safi_t safi,
struct peer *peer, struct attr *attr)
{
if (peer->sort == BGP_PEER_EBGP &&
peer_af_flag_check (peer, afi, safi, PEER_FLAG_REMOVE_PRIVATE_AS))
(peer_af_flag_check (peer, afi, safi, PEER_FLAG_REMOVE_PRIVATE_AS_ALL_REPLACE) ||
peer_af_flag_check (peer, afi, safi, PEER_FLAG_REMOVE_PRIVATE_AS_REPLACE) ||
peer_af_flag_check (peer, afi, safi, PEER_FLAG_REMOVE_PRIVATE_AS_ALL) ||
peer_af_flag_check (peer, afi, safi, PEER_FLAG_REMOVE_PRIVATE_AS)))
{
// Take action on the entire aspath
if (peer_af_flag_check (peer, afi, safi, PEER_FLAG_REMOVE_PRIVATE_AS_ALL))
if (peer_af_flag_check (peer, afi, safi, PEER_FLAG_REMOVE_PRIVATE_AS_ALL_REPLACE) ||
peer_af_flag_check (peer, afi, safi, PEER_FLAG_REMOVE_PRIVATE_AS_ALL))
{
if (peer_af_flag_check (peer, afi, safi, PEER_FLAG_REMOVE_PRIVATE_AS_REPLACE))
if (peer_af_flag_check (peer, afi, safi, PEER_FLAG_REMOVE_PRIVATE_AS_ALL_REPLACE))
attr->aspath = aspath_replace_private_asns (attr->aspath, bgp->as);
// The entire aspath consists of private ASNs so create an empty aspath
@ -1500,7 +1504,8 @@ subgroup_announce_check (struct bgp_info *ri, struct update_subgroup *subgrp,
!CHECK_FLAG (peer->af_flags[afi][safi], PEER_FLAG_NEXTHOP_UNCHANGED))
{
/* We can reset the nexthop, if setting (or forcing) it to 'self' */
if (CHECK_FLAG (peer->af_flags[afi][safi], PEER_FLAG_NEXTHOP_SELF))
if (CHECK_FLAG (peer->af_flags[afi][safi], PEER_FLAG_NEXTHOP_SELF) ||
CHECK_FLAG (peer->af_flags[afi][safi], PEER_FLAG_FORCE_NEXTHOP_SELF))
{
if (!reflect ||
CHECK_FLAG (peer->af_flags[afi][safi],

3
bgpd/bgp_updgrp.c
View File

@ -1719,9 +1719,6 @@ update_group_adjust_soloness (struct peer *peer, int set)
struct peer_group *group;
struct listnode *node, *nnode;
if (peer_group_active (peer))
return BGP_ERR_INVALID_FOR_PEER_GROUP_MEMBER;
if (!CHECK_FLAG (peer->sflags, PEER_STATUS_GROUP))
{
peer_lonesoul_or_not (peer, set);

1
bgpd/bgp_updgrp.h
View File

@ -48,6 +48,7 @@
PEER_FLAG_REMOVE_PRIVATE_AS | \
PEER_FLAG_REMOVE_PRIVATE_AS_ALL | \
PEER_FLAG_REMOVE_PRIVATE_AS_REPLACE | \
PEER_FLAG_REMOVE_PRIVATE_AS_ALL_REPLACE | \
PEER_FLAG_AS_OVERRIDE)
#define PEER_UPDGRP_CAP_FLAGS (PEER_CAP_AS4_RCV)

72
bgpd/bgp_vty.c
View File

@ -210,15 +210,9 @@ bgp_vty_return (struct vty *vty, int ret)
case BGP_ERR_PEER_INACTIVE:
str = "Activate the neighbor for the address family first";
break;
case BGP_ERR_INVALID_FOR_PEER_GROUP_MEMBER:
str = "Invalid command for a peer-group member";
break;
case BGP_ERR_PEER_GROUP_SHUTDOWN:
str = "Peer-group has been shutdown. Activate the peer-group first";
break;
case BGP_ERR_PEER_GROUP_HAS_THE_FLAG:
str = "This peer is a peer-group member. Please change peer-group configuration";
break;
case BGP_ERR_PEER_FLAG_CONFLICT:
str = "Can't set override-capability and strict-capability-match at the same time";
break;
@ -3399,8 +3393,7 @@ DEFUN (neighbor_nexthop_self_force,
{
return peer_af_flag_set_vty (vty, argv[0], bgp_node_afi (vty),
bgp_node_safi (vty),
(PEER_FLAG_FORCE_NEXTHOP_SELF |
PEER_FLAG_NEXTHOP_SELF));
PEER_FLAG_FORCE_NEXTHOP_SELF);
}
DEFUN (no_neighbor_nexthop_self,
@ -3413,11 +3406,10 @@ DEFUN (no_neighbor_nexthop_self,
{
return peer_af_flag_unset_vty (vty, argv[0], bgp_node_afi (vty),
bgp_node_safi (vty),
(PEER_FLAG_NEXTHOP_SELF |
PEER_FLAG_FORCE_NEXTHOP_SELF));
PEER_FLAG_NEXTHOP_SELF);
}
ALIAS (no_neighbor_nexthop_self,
DEFUN (no_neighbor_nexthop_self_force,
no_neighbor_nexthop_self_force_cmd,
NO_NEIGHBOR_CMD2 "next-hop-self force",
NO_STR
@ -3425,6 +3417,11 @@ ALIAS (no_neighbor_nexthop_self,
NEIGHBOR_ADDR_STR2
"Disable the next hop calculation for this neighbor\n"
"Set the next hop to self for reflected routes\n")
{
return peer_af_flag_unset_vty (vty, argv[0], bgp_node_afi (vty),
bgp_node_safi (vty),
PEER_FLAG_FORCE_NEXTHOP_SELF);
}
/* neighbor as-override */
DEFUN (neighbor_as_override,
@ -3460,10 +3457,6 @@ DEFUN (neighbor_remove_private_as,
NEIGHBOR_ADDR_STR2
"Remove private ASNs in outbound updates\n")
{
peer_af_flag_unset_vty (vty, argv[0], bgp_node_afi (vty),
bgp_node_safi (vty),
PEER_FLAG_REMOVE_PRIVATE_AS_ALL|
PEER_FLAG_REMOVE_PRIVATE_AS_REPLACE);
return peer_af_flag_set_vty (vty, argv[0], bgp_node_afi (vty),
bgp_node_safi (vty),
PEER_FLAG_REMOVE_PRIVATE_AS);
@ -3477,12 +3470,8 @@ DEFUN (neighbor_remove_private_as_all,
"Remove private ASNs in outbound updates\n"
"Apply to all AS numbers")
{
peer_af_flag_unset_vty (vty, argv[0], bgp_node_afi (vty),
bgp_node_safi (vty),
PEER_FLAG_REMOVE_PRIVATE_AS_REPLACE);
return peer_af_flag_set_vty (vty, argv[0], bgp_node_afi (vty),
bgp_node_safi (vty),
PEER_FLAG_REMOVE_PRIVATE_AS|
PEER_FLAG_REMOVE_PRIVATE_AS_ALL);
}
@ -3494,12 +3483,8 @@ DEFUN (neighbor_remove_private_as_replace_as,
"Remove private ASNs in outbound updates\n"
"Replace private ASNs with our ASN in outbound updates\n")
{
peer_af_flag_unset_vty (vty, argv[0], bgp_node_afi (vty),
bgp_node_safi (vty),
PEER_FLAG_REMOVE_PRIVATE_AS_ALL);
return peer_af_flag_set_vty (vty, argv[0], bgp_node_afi (vty),
bgp_node_safi (vty),
PEER_FLAG_REMOVE_PRIVATE_AS|
PEER_FLAG_REMOVE_PRIVATE_AS_REPLACE);
}
@ -3514,9 +3499,7 @@ DEFUN (neighbor_remove_private_as_all_replace_as,
{
return peer_af_flag_set_vty (vty, argv[0], bgp_node_afi (vty),
bgp_node_safi (vty),
PEER_FLAG_REMOVE_PRIVATE_AS|
PEER_FLAG_REMOVE_PRIVATE_AS_ALL|
PEER_FLAG_REMOVE_PRIVATE_AS_REPLACE);
PEER_FLAG_REMOVE_PRIVATE_AS_ALL_REPLACE);
}
DEFUN (no_neighbor_remove_private_as,
@ -3529,12 +3512,10 @@ DEFUN (no_neighbor_remove_private_as,
{
return peer_af_flag_unset_vty (vty, argv[0], bgp_node_afi (vty),
bgp_node_safi (vty),
PEER_FLAG_REMOVE_PRIVATE_AS|
PEER_FLAG_REMOVE_PRIVATE_AS_ALL|
PEER_FLAG_REMOVE_PRIVATE_AS_REPLACE);
PEER_FLAG_REMOVE_PRIVATE_AS);
}
ALIAS (no_neighbor_remove_private_as,
DEFUN (no_neighbor_remove_private_as_all,
no_neighbor_remove_private_as_all_cmd,
NO_NEIGHBOR_CMD2 "remove-private-AS all",
NO_STR
@ -3542,8 +3523,13 @@ ALIAS (no_neighbor_remove_private_as,
NEIGHBOR_ADDR_STR2
"Remove private ASNs in outbound updates\n"
"Apply to all AS numbers")
{
return peer_af_flag_unset_vty (vty, argv[0], bgp_node_afi (vty),
bgp_node_safi (vty),
PEER_FLAG_REMOVE_PRIVATE_AS_ALL);
}
ALIAS (no_neighbor_remove_private_as,
DEFUN (no_neighbor_remove_private_as_replace_as,
no_neighbor_remove_private_as_replace_as_cmd,
NO_NEIGHBOR_CMD2 "remove-private-AS replace-AS",
NO_STR
@ -3551,8 +3537,13 @@ ALIAS (no_neighbor_remove_private_as,
NEIGHBOR_ADDR_STR2
"Remove private ASNs in outbound updates\n"
"Replace private ASNs with our ASN in outbound updates\n")
{
return peer_af_flag_unset_vty (vty, argv[0], bgp_node_afi (vty),
bgp_node_safi (vty),
PEER_FLAG_REMOVE_PRIVATE_AS_REPLACE);
}
ALIAS (no_neighbor_remove_private_as,
DEFUN (no_neighbor_remove_private_as_all_replace_as,
no_neighbor_remove_private_as_all_replace_as_cmd,
NO_NEIGHBOR_CMD2 "remove-private-AS all replace-AS",
NO_STR
@ -3561,6 +3552,11 @@ ALIAS (no_neighbor_remove_private_as,
"Remove private ASNs in outbound updates\n"
"Apply to all AS numbers"
"Replace private ASNs with our ASN in outbound updates\n")
{
return peer_af_flag_unset_vty (vty, argv[0], bgp_node_afi (vty),
bgp_node_safi (vty),
PEER_FLAG_REMOVE_PRIVATE_AS_ALL_REPLACE);
}
/* neighbor send-community. */
@ -9153,8 +9149,12 @@ bgp_show_peer_afi (struct vty *vty, struct peer *p, afi_t afi, safi_t safi,
if (CHECK_FLAG (p->af_flags[afi][safi], PEER_FLAG_SOFT_RECONFIG))
json_object_boolean_true_add(json_addr, "inboundSoftConfigPermit");
if (CHECK_FLAG (p->af_flags[afi][safi], PEER_FLAG_REMOVE_PRIVATE_AS_REPLACE))
if (CHECK_FLAG (p->af_flags[afi][safi], PEER_FLAG_REMOVE_PRIVATE_AS_ALL_REPLACE))
json_object_boolean_true_add(json_addr, "privateAsNumsAllReplacedInUpdatesToNbr");
else if (CHECK_FLAG (p->af_flags[afi][safi], PEER_FLAG_REMOVE_PRIVATE_AS_REPLACE))
json_object_boolean_true_add(json_addr, "privateAsNumsReplacedInUpdatesToNbr");
else if (CHECK_FLAG (p->af_flags[afi][safi], PEER_FLAG_REMOVE_PRIVATE_AS_ALL))
json_object_boolean_true_add(json_addr, "privateAsNumsAllRemovedInUpdatesToNbr");
else if (CHECK_FLAG (p->af_flags[afi][safi], PEER_FLAG_REMOVE_PRIVATE_AS))
json_object_boolean_true_add(json_addr, "privateAsNumsRemovedInUpdatesToNbr");
@ -9336,8 +9336,12 @@ bgp_show_peer_afi (struct vty *vty, struct peer *p, afi_t afi, safi_t safi,
if (CHECK_FLAG (p->af_flags[afi][safi], PEER_FLAG_SOFT_RECONFIG))
vty_out (vty, " Inbound soft reconfiguration allowed%s", VTY_NEWLINE);
if (CHECK_FLAG (p->af_flags[afi][safi], PEER_FLAG_REMOVE_PRIVATE_AS_REPLACE))
if (CHECK_FLAG (p->af_flags[afi][safi], PEER_FLAG_REMOVE_PRIVATE_AS_ALL_REPLACE))
vty_out (vty, " Private AS numbers (all) replaced in updates to this neighbor%s", VTY_NEWLINE);
else if (CHECK_FLAG (p->af_flags[afi][safi], PEER_FLAG_REMOVE_PRIVATE_AS_REPLACE))
vty_out (vty, " Private AS numbers replaced in updates to this neighbor%s", VTY_NEWLINE);
else if (CHECK_FLAG (p->af_flags[afi][safi], PEER_FLAG_REMOVE_PRIVATE_AS_ALL))
vty_out (vty, " Private AS numbers (all) removed in updates to this neighbor%s", VTY_NEWLINE);
else if (CHECK_FLAG (p->af_flags[afi][safi], PEER_FLAG_REMOVE_PRIVATE_AS))
vty_out (vty, " Private AS numbers removed in updates to this neighbor%s", VTY_NEWLINE);

260
bgpd/bgpd.c
View File

@ -722,6 +722,35 @@ peer_af_flag_check (struct peer *peer, afi_t afi, safi_t safi, u_int32_t flag)
return CHECK_FLAG (peer->af_flags[afi][safi], flag);
}
/* Return true if flag is set for the peer but not the peer-group */
static int
peergroup_af_flag_check (struct peer *peer, afi_t afi, safi_t safi, u_int32_t flag)
{
struct peer *g_peer = NULL;
if (peer_af_flag_check (peer, afi, safi, flag))
{
if (peer_group_active (peer))
{
g_peer = peer->group->conf;
/* If this flag is not set for the peer's peer-group then return true */
if (!peer->af_group[afi][safi] || !peer_af_flag_check (g_peer, afi, safi, flag))
{
return 1;
}
}
/* peer is not in a peer-group but the flag is set to return true */
else
{
return 1;
}
}
return 0;
}
/* Reset all address family specific configuration. */
static void
peer_af_flag_reset (struct peer *peer, afi_t afi, safi_t safi)
@ -3448,6 +3477,7 @@ static const struct peer_flag_action peer_af_flag_action_list[] =
{ PEER_FLAG_NEXTHOP_LOCAL_UNCHANGED, 0, peer_change_reset_out },
{ PEER_FLAG_FORCE_NEXTHOP_SELF, 1, peer_change_reset_out },
{ PEER_FLAG_AS_OVERRIDE, 1, peer_change_reset_out },
{ PEER_FLAG_REMOVE_PRIVATE_AS_ALL_REPLACE,1, peer_change_reset_out },
{ 0, 0, 0 }
};
@ -3570,10 +3600,6 @@ peer_flag_modify (struct peer *peer, u_int32_t flag, int set)
if (! found)
return BGP_ERR_INVALID_FLAG;
/* Not for peer-group member. */
if (action.not_for_member && peer_group_active (peer))
return BGP_ERR_INVALID_FOR_PEER_GROUP_MEMBER;
/* When unset the peer-group member's flag we have to check
peer-group configuration. */
if (! set && peer_group_active (peer))
@ -3581,8 +3607,6 @@ peer_flag_modify (struct peer *peer, u_int32_t flag, int set)
{
if (flag == PEER_FLAG_SHUTDOWN)
return BGP_ERR_PEER_GROUP_SHUTDOWN;
else
return BGP_ERR_PEER_GROUP_HAS_THE_FLAG;
}
/* Flag conflict check. */
@ -3646,14 +3670,6 @@ peer_flag_unset (struct peer *peer, u_int32_t flag)
return peer_flag_modify (peer, flag, 0);
}
static int
peer_is_group_member (struct peer *peer, afi_t afi, safi_t safi)
{
if (peer->af_group[afi][safi])
return 1;
return 0;
}
static int
peer_af_flag_modify (struct peer *peer, afi_t afi, safi_t safi, u_int32_t flag,
int set)
@ -3677,10 +3693,6 @@ peer_af_flag_modify (struct peer *peer, afi_t afi, safi_t safi, u_int32_t flag,
if (! peer->afc[afi][safi])
return BGP_ERR_PEER_INACTIVE;
/* Not for peer-group member. */
if (action.not_for_member && peer_is_group_member (peer, afi, safi))
return BGP_ERR_INVALID_FOR_PEER_GROUP_MEMBER;
/* Spcecial check for reflector client. */
if (flag & PEER_FLAG_REFLECTOR_CLIENT
&& peer_sort (peer) != BGP_PEER_IBGP)
@ -3696,12 +3708,6 @@ peer_af_flag_modify (struct peer *peer, afi_t afi, safi_t safi, u_int32_t flag,
&& peer_sort (peer) == BGP_PEER_IBGP)
return BGP_ERR_AS_OVERRIDE;
/* When unset the peer-group member's flag we have to check
peer-group configuration. */
if (! set && peer->af_group[afi][safi])
if (CHECK_FLAG (peer->group->conf->af_flags[afi][safi], flag))
return BGP_ERR_PEER_GROUP_HAS_THE_FLAG;
/* When current flag configuration is same as requested one. */
if (! CHECK_FLAG (peer->sflags, PEER_STATUS_GROUP))
{
@ -4166,10 +4172,6 @@ peer_default_originate_set (struct peer *peer, afi_t afi, safi_t safi,
if (! peer->afc[afi][safi])
return BGP_ERR_PEER_INACTIVE;
/* Default originate can't be used for peer group memeber. */
if (peer_is_group_member (peer, afi, safi))
return BGP_ERR_INVALID_FOR_PEER_GROUP_MEMBER;
if (! CHECK_FLAG (peer->af_flags[afi][safi], PEER_FLAG_DEFAULT_ORIGINATE)
|| (rmap && ! peer->default_rmap[afi][safi].name)
|| (rmap && strcmp (rmap, peer->default_rmap[afi][safi].name) != 0))
@ -4228,10 +4230,6 @@ peer_default_originate_unset (struct peer *peer, afi_t afi, safi_t safi)
if (! peer->afc[afi][safi])
return BGP_ERR_PEER_INACTIVE;
/* Default originate can't be used for peer group memeber. */
if (peer_is_group_member (peer, afi, safi))
return BGP_ERR_INVALID_FOR_PEER_GROUP_MEMBER;
if (CHECK_FLAG (peer->af_flags[afi][safi], PEER_FLAG_DEFAULT_ORIGINATE))
{
UNSET_FLAG (peer->af_flags[afi][safi], PEER_FLAG_DEFAULT_ORIGINATE);
@ -4339,10 +4337,6 @@ peer_timers_set (struct peer *peer, u_int32_t keepalive, u_int32_t holdtime)
struct peer_group *group;
struct listnode *node, *nnode;
/* Not for peer group memeber. */
if (peer_group_active (peer))
return BGP_ERR_INVALID_FOR_PEER_GROUP_MEMBER;
/* keepalive value check. */
if (keepalive > 65535)
return BGP_ERR_INVALID_VALUE;
@ -4380,9 +4374,6 @@ peer_timers_unset (struct peer *peer)
struct peer_group *group;
struct listnode *node, *nnode;
if (peer_group_active (peer))
return BGP_ERR_INVALID_FOR_PEER_GROUP_MEMBER;
/* Clear configuration. */
UNSET_FLAG (peer->config, PEER_CONFIG_TIMER);
peer->keepalive = 0;
@ -4409,9 +4400,6 @@ peer_timers_connect_set (struct peer *peer, u_int32_t connect)
struct peer_group *group;
struct listnode *node, *nnode;
if (peer_group_active (peer))
return BGP_ERR_INVALID_FOR_PEER_GROUP_MEMBER;
if (connect > 65535)
return BGP_ERR_INVALID_VALUE;
@ -4442,9 +4430,6 @@ peer_timers_connect_unset (struct peer *peer)
struct peer_group *group;
struct listnode *node, *nnode;
if (peer_group_active (peer))
return BGP_ERR_INVALID_FOR_PEER_GROUP_MEMBER;
/* Clear configuration. */
UNSET_FLAG (peer->config, PEER_CONFIG_CONNECT);
peer->connect = 0;
@ -4472,9 +4457,6 @@ peer_advertise_interval_set (struct peer *peer, u_int32_t routeadv)
struct peer_group *group;
struct listnode *node, *nnode;
if (peer_group_active (peer))
return BGP_ERR_INVALID_FOR_PEER_GROUP_MEMBER;
if (routeadv > 600)
return BGP_ERR_INVALID_VALUE;
@ -4510,9 +4492,6 @@ peer_advertise_interval_unset (struct peer *peer)
struct peer_group *group;
struct listnode *node, *nnode;
if (peer_group_active (peer))
return BGP_ERR_INVALID_FOR_PEER_GROUP_MEMBER;
UNSET_FLAG (peer->config, PEER_CONFIG_ROUTEADV);
peer->routeadv = 0;
@ -4640,9 +4619,6 @@ peer_local_as_set (struct peer *peer, as_t as, int no_prepend, int replace_as)
if (bgp->as == as)
return BGP_ERR_CANNOT_HAVE_LOCAL_AS_SAME_AS;
if (peer_group_active (peer))
return BGP_ERR_INVALID_FOR_PEER_GROUP_MEMBER;
if (peer->as == as)
return BGP_ERR_CANNOT_HAVE_LOCAL_AS_SAME_AS_REMOTE_AS;
@ -4710,9 +4686,6 @@ peer_local_as_unset (struct peer *peer)
struct peer_group *group;
struct listnode *node, *nnode;
if (peer_group_active (peer))
return BGP_ERR_INVALID_FOR_PEER_GROUP_MEMBER;
if (! peer->change_local_as)
return 0;
@ -4822,11 +4795,6 @@ peer_password_unset (struct peer *peer)
if (!CHECK_FLAG (peer->sflags, PEER_STATUS_GROUP))
{
if (peer_group_active (peer)
&& peer->group->conf->password
&& strcmp (peer->group->conf->password, peer->password) == 0)
return BGP_ERR_PEER_GROUP_HAS_THE_FLAG;
if (BGP_IS_VALID_STATE_FOR_NOTIF(peer->status))
bgp_notify_send (peer, BGP_NOTIFY_CEASE, BGP_NOTIFY_CEASE_CONFIG_CHANGE);
else
@ -4909,9 +4877,6 @@ peer_distribute_set (struct peer *peer, afi_t afi, safi_t safi, int direct,
if (direct != FILTER_IN && direct != FILTER_OUT)
return BGP_ERR_INVALID_VALUE;
if (direct == FILTER_OUT && peer_is_group_member (peer, afi, safi))
return BGP_ERR_INVALID_FOR_PEER_GROUP_MEMBER;
filter = &peer->filter[afi][safi];
if (filter->plist[direct].name)
@ -4962,9 +4927,6 @@ peer_distribute_unset (struct peer *peer, afi_t afi, safi_t safi, int direct)
if (direct != FILTER_IN && direct != FILTER_OUT)
return BGP_ERR_INVALID_VALUE;
if (direct == FILTER_OUT && peer_is_group_member (peer, afi, safi))
return BGP_ERR_INVALID_FOR_PEER_GROUP_MEMBER;
filter = &peer->filter[afi][safi];
/* apply peer-group filter */
@ -5086,9 +5048,6 @@ peer_prefix_list_set (struct peer *peer, afi_t afi, safi_t safi, int direct,
if (direct != FILTER_IN && direct != FILTER_OUT)
return BGP_ERR_INVALID_VALUE;
if (direct == FILTER_OUT && peer_is_group_member (peer, afi, safi))
return BGP_ERR_INVALID_FOR_PEER_GROUP_MEMBER;
filter = &peer->filter[afi][safi];
if (filter->dlist[direct].name)
@ -5138,9 +5097,6 @@ peer_prefix_list_unset (struct peer *peer, afi_t afi, safi_t safi, int direct)
if (direct != FILTER_IN && direct != FILTER_OUT)
return BGP_ERR_INVALID_VALUE;
if (direct == FILTER_OUT && peer_is_group_member (peer, afi, safi))
return BGP_ERR_INVALID_FOR_PEER_GROUP_MEMBER;
filter = &peer->filter[afi][safi];
/* apply peer-group filter */
@ -5265,9 +5221,6 @@ peer_aslist_set (struct peer *peer, afi_t afi, safi_t safi, int direct,
if (direct != FILTER_IN && direct != FILTER_OUT)
return BGP_ERR_INVALID_VALUE;
if (direct == FILTER_OUT && peer_is_group_member (peer, afi, safi))
return BGP_ERR_INVALID_FOR_PEER_GROUP_MEMBER;
filter = &peer->filter[afi][safi];
if (filter->aslist[direct].name)
@ -5314,9 +5267,6 @@ peer_aslist_unset (struct peer *peer,afi_t afi, safi_t safi, int direct)
if (direct != FILTER_IN && direct != FILTER_OUT)
return BGP_ERR_INVALID_VALUE;
if (direct == FILTER_OUT && peer_is_group_member (peer, afi, safi))
return BGP_ERR_INVALID_FOR_PEER_GROUP_MEMBER;
filter = &peer->filter[afi][safi];
/* apply peer-group filter */
@ -5452,10 +5402,6 @@ peer_route_map_set (struct peer *peer, afi_t afi, safi_t safi, int direct,
direct != RMAP_IMPORT && direct != RMAP_EXPORT)
return BGP_ERR_INVALID_VALUE;
if ( (direct == RMAP_OUT || direct == RMAP_IMPORT)
&& peer_is_group_member (peer, afi, safi))
return BGP_ERR_INVALID_FOR_PEER_GROUP_MEMBER;
filter = &peer->filter[afi][safi];
if (filter->map[direct].name)
@ -5505,10 +5451,6 @@ peer_route_map_unset (struct peer *peer, afi_t afi, safi_t safi, int direct)
direct != RMAP_IMPORT && direct != RMAP_EXPORT)
return BGP_ERR_INVALID_VALUE;
if ( (direct == RMAP_OUT || direct == RMAP_IMPORT)
&& peer_is_group_member (peer, afi, safi))
return BGP_ERR_INVALID_FOR_PEER_GROUP_MEMBER;
filter = &peer->filter[afi][safi];
/* apply peer-group filter */
@ -5570,9 +5512,6 @@ peer_unsuppress_map_set (struct peer *peer, afi_t afi, safi_t safi,
if (! peer->afc[afi][safi])
return BGP_ERR_PEER_INACTIVE;
if (peer_is_group_member (peer, afi, safi))
return BGP_ERR_INVALID_FOR_PEER_GROUP_MEMBER;
filter = &peer->filter[afi][safi];
if (filter->usmap.name)
@ -5615,9 +5554,6 @@ peer_unsuppress_map_unset (struct peer *peer, afi_t afi, safi_t safi)
if (! peer->afc[afi][safi])
return BGP_ERR_PEER_INACTIVE;
if (peer_is_group_member (peer, afi, safi))
return BGP_ERR_INVALID_FOR_PEER_GROUP_MEMBER;
filter = &peer->filter[afi][safi];
if (filter->usmap.name)
@ -6549,16 +6485,15 @@ bgp_config_write_peer_af (struct vty *vty, struct bgp *bgp,
vty_out (vty, " neighbor %s activate%s", addr, VTY_NEWLINE);
/* ORF capability. */
if (CHECK_FLAG (peer->af_flags[afi][safi], PEER_FLAG_ORF_PREFIX_SM)
|| CHECK_FLAG (peer->af_flags[afi][safi], PEER_FLAG_ORF_PREFIX_RM))
if (! peer->af_group[afi][safi])
if (peergroup_af_flag_check (peer, afi, safi, PEER_FLAG_ORF_PREFIX_SM) ||
peergroup_af_flag_check (peer, afi, safi, PEER_FLAG_ORF_PREFIX_RM))
{
vty_out (vty, " neighbor %s capability orf prefix-list", addr);
if (CHECK_FLAG (peer->af_flags[afi][safi], PEER_FLAG_ORF_PREFIX_SM)
&& CHECK_FLAG (peer->af_flags[afi][safi], PEER_FLAG_ORF_PREFIX_RM))
if (peergroup_af_flag_check (peer, afi, safi, PEER_FLAG_ORF_PREFIX_SM) &&
peergroup_af_flag_check (peer, afi, safi, PEER_FLAG_ORF_PREFIX_RM))
vty_out (vty, " both");
else if (CHECK_FLAG (peer->af_flags[afi][safi], PEER_FLAG_ORF_PREFIX_SM))
else if (peergroup_af_flag_check (peer, afi, safi, PEER_FLAG_ORF_PREFIX_SM))
vty_out (vty, " send");
else
vty_out (vty, " receive");
@ -6566,85 +6501,77 @@ bgp_config_write_peer_af (struct vty *vty, struct bgp *bgp,
}
/* Route reflector client. */
if (peer_af_flag_check (peer, afi, safi, PEER_FLAG_REFLECTOR_CLIENT)
&& ! peer->af_group[afi][safi])
vty_out (vty, " neighbor %s route-reflector-client%s", addr,
VTY_NEWLINE);
if (peergroup_af_flag_check (peer, afi, safi, PEER_FLAG_REFLECTOR_CLIENT))
vty_out (vty, " neighbor %s route-reflector-client%s", addr, VTY_NEWLINE);
/* Nexthop self. */
if (peer_af_flag_check (peer, afi, safi, PEER_FLAG_FORCE_NEXTHOP_SELF)
&& ! peer->af_group[afi][safi])
vty_out (vty, " neighbor %s next-hop-self force%s",
addr, VTY_NEWLINE);
else if (peer_af_flag_check (peer, afi, safi, PEER_FLAG_NEXTHOP_SELF)
&& ! peer->af_group[afi][safi])
/* next-hop-self force */
if (peergroup_af_flag_check (peer, afi, safi, PEER_FLAG_FORCE_NEXTHOP_SELF))
vty_out (vty, " neighbor %s next-hop-self force%s", addr, VTY_NEWLINE);
/* next-hop-self */
if (peergroup_af_flag_check (peer, afi, safi, PEER_FLAG_NEXTHOP_SELF))
vty_out (vty, " neighbor %s next-hop-self%s", addr, VTY_NEWLINE);
/* remove-private-AS */
if (peer_af_flag_check (peer, afi, safi, PEER_FLAG_REMOVE_PRIVATE_AS) && !peer->af_group[afi][safi])
{
if (peer_af_flag_check (peer, afi, safi, PEER_FLAG_REMOVE_PRIVATE_AS_ALL) &&
peer_af_flag_check (peer, afi, safi, PEER_FLAG_REMOVE_PRIVATE_AS_REPLACE))
vty_out (vty, " neighbor %s remove-private-AS all replace-AS%s", addr, VTY_NEWLINE);
if (peergroup_af_flag_check (peer, afi, safi, PEER_FLAG_REMOVE_PRIVATE_AS_ALL_REPLACE))
vty_out (vty, " neighbor %s remove-private-AS all replace-AS%s", addr, VTY_NEWLINE);
else if (peer_af_flag_check (peer, afi, safi, PEER_FLAG_REMOVE_PRIVATE_AS_REPLACE))
vty_out (vty, " neighbor %s remove-private-AS replace-AS%s", addr, VTY_NEWLINE);
else if (peergroup_af_flag_check (peer, afi, safi, PEER_FLAG_REMOVE_PRIVATE_AS_REPLACE))
vty_out (vty, " neighbor %s remove-private-AS replace-AS%s", addr, VTY_NEWLINE);
else if (peer_af_flag_check (peer, afi, safi, PEER_FLAG_REMOVE_PRIVATE_AS_ALL))
vty_out (vty, " neighbor %s remove-private-AS all%s", addr, VTY_NEWLINE);
else if (peergroup_af_flag_check (peer, afi, safi, PEER_FLAG_REMOVE_PRIVATE_AS_ALL))
vty_out (vty, " neighbor %s remove-private-AS all%s", addr, VTY_NEWLINE);
else
vty_out (vty, " neighbor %s remove-private-AS%s", addr, VTY_NEWLINE);
}
else if (peergroup_af_flag_check (peer, afi, safi, PEER_FLAG_REMOVE_PRIVATE_AS))
vty_out (vty, " neighbor %s remove-private-AS%s", addr, VTY_NEWLINE);
/* as-override */
if (peer_af_flag_check (peer, afi, safi, PEER_FLAG_AS_OVERRIDE) &&
!peer->af_group[afi][safi])
if (peergroup_af_flag_check (peer, afi, safi, PEER_FLAG_AS_OVERRIDE))
vty_out (vty, " neighbor %s as-override%s", addr, VTY_NEWLINE);
/* send-community print. */
if (! peer->af_group[afi][safi])
if (bgp_option_check (BGP_OPT_CONFIG_CISCO))
{
if (bgp_option_check (BGP_OPT_CONFIG_CISCO))
{
if (peer_af_flag_check (peer, afi, safi, PEER_FLAG_SEND_COMMUNITY)
&& peer_af_flag_check (peer, afi, safi, PEER_FLAG_SEND_EXT_COMMUNITY))
vty_out (vty, " neighbor %s send-community both%s", addr, VTY_NEWLINE);
else if (peer_af_flag_check (peer, afi, safi, PEER_FLAG_SEND_EXT_COMMUNITY))
vty_out (vty, " neighbor %s send-community extended%s",
addr, VTY_NEWLINE);
else if (peer_af_flag_check (peer, afi, safi, PEER_FLAG_SEND_COMMUNITY))
vty_out (vty, " neighbor %s send-community%s", addr, VTY_NEWLINE);
}
else
{
if (! peer_af_flag_check (peer, afi, safi, PEER_FLAG_SEND_COMMUNITY)
&& ! peer_af_flag_check (peer, afi, safi, PEER_FLAG_SEND_EXT_COMMUNITY))
vty_out (vty, " no neighbor %s send-community both%s",
addr, VTY_NEWLINE);
else if (! peer_af_flag_check (peer, afi, safi, PEER_FLAG_SEND_EXT_COMMUNITY))
vty_out (vty, " no neighbor %s send-community extended%s",
addr, VTY_NEWLINE);
else if (! peer_af_flag_check (peer, afi, safi, PEER_FLAG_SEND_COMMUNITY))
vty_out (vty, " no neighbor %s send-community%s",
addr, VTY_NEWLINE);
}
if (peergroup_af_flag_check (peer, afi, safi, PEER_FLAG_SEND_COMMUNITY)
&& peergroup_af_flag_check (peer, afi, safi, PEER_FLAG_SEND_EXT_COMMUNITY))
vty_out (vty, " neighbor %s send-community both%s", addr, VTY_NEWLINE);
else if (peergroup_af_flag_check (peer, afi, safi, PEER_FLAG_SEND_EXT_COMMUNITY))
vty_out (vty, " neighbor %s send-community extended%s",
addr, VTY_NEWLINE);
else if (peergroup_af_flag_check (peer, afi, safi, PEER_FLAG_SEND_COMMUNITY))
vty_out (vty, " neighbor %s send-community%s", addr, VTY_NEWLINE);
}
else
{
if (!peer_af_flag_check (peer, afi, safi, PEER_FLAG_SEND_COMMUNITY) &&
peer_af_flag_check (g_peer, afi, safi, PEER_FLAG_SEND_COMMUNITY) &&
!peer_af_flag_check (peer, afi, safi, PEER_FLAG_SEND_EXT_COMMUNITY) &&
peer_af_flag_check (g_peer, afi, safi, PEER_FLAG_SEND_EXT_COMMUNITY))
vty_out (vty, " no neighbor %s send-community both%s", addr, VTY_NEWLINE);
else if (!peer_af_flag_check (peer, afi, safi, PEER_FLAG_SEND_EXT_COMMUNITY) &&
peer_af_flag_check (g_peer, afi, safi, PEER_FLAG_SEND_EXT_COMMUNITY))
vty_out (vty, " no neighbor %s send-community extended%s", addr, VTY_NEWLINE);
else if (!peer_af_flag_check (peer, afi, safi, PEER_FLAG_SEND_COMMUNITY) &&
peer_af_flag_check (g_peer, afi, safi, PEER_FLAG_SEND_COMMUNITY))
vty_out (vty, " no neighbor %s send-community%s", addr, VTY_NEWLINE);
}
/* Default information */
if (peer_af_flag_check (peer, afi, safi, PEER_FLAG_DEFAULT_ORIGINATE)
&& ! peer->af_group[afi][safi])
if (peergroup_af_flag_check (peer, afi, safi, PEER_FLAG_DEFAULT_ORIGINATE) ||
(g_peer &&
((peer->default_rmap[afi][safi].name && !g_peer->default_rmap[afi][safi].name) ||
(!peer->default_rmap[afi][safi].name && g_peer->default_rmap[afi][safi].name) ||
(peer->default_rmap[afi][safi].name &&
strcmp(peer->default_rmap[afi][safi].name, g_peer->default_rmap[afi][safi].name)))))
{
vty_out (vty, " neighbor %s default-originate", addr);
if (peer->default_rmap[afi][safi].name)
vty_out (vty, " route-map %s", peer->default_rmap[afi][safi].name);
vty_out (vty, " route-map %s", peer->default_rmap[afi][safi].name);
vty_out (vty, "%s", VTY_NEWLINE);
}
/* Soft reconfiguration inbound. */
if (CHECK_FLAG (peer->af_flags[afi][safi], PEER_FLAG_SOFT_RECONFIG))
if (! peer->af_group[afi][safi] ||
! CHECK_FLAG (g_peer->af_flags[afi][safi], PEER_FLAG_SOFT_RECONFIG))
if (peergroup_af_flag_check (peer, afi, safi, PEER_FLAG_SOFT_RECONFIG))
vty_out (vty, " neighbor %s soft-reconfiguration inbound%s", addr,
VTY_NEWLINE);
@ -6667,13 +6594,11 @@ bgp_config_write_peer_af (struct vty *vty, struct bgp *bgp,
}
/* Route server client. */
if (CHECK_FLAG (peer->af_flags[afi][safi], PEER_FLAG_RSERVER_CLIENT)
&& ! peer->af_group[afi][safi])
if (peergroup_af_flag_check (peer, afi, safi, PEER_FLAG_RSERVER_CLIENT))
vty_out (vty, " neighbor %s route-server-client%s", addr, VTY_NEWLINE);
/* Nexthop-local unchanged. */
if (CHECK_FLAG (peer->af_flags[afi][safi], PEER_FLAG_NEXTHOP_LOCAL_UNCHANGED)
&& ! peer->af_group[afi][safi])
if (peergroup_af_flag_check (peer, afi, safi, PEER_FLAG_NEXTHOP_LOCAL_UNCHANGED))
vty_out (vty, " neighbor %s nexthop-local unchanged%s", addr, VTY_NEWLINE);
/* Allow AS in. */
@ -6693,22 +6618,21 @@ bgp_config_write_peer_af (struct vty *vty, struct bgp *bgp,
bgp_config_write_filter (vty, peer, afi, safi);
/* atribute-unchanged. */
if ((CHECK_FLAG (peer->af_flags[afi][safi], PEER_FLAG_AS_PATH_UNCHANGED)
if (CHECK_FLAG (peer->af_flags[afi][safi], PEER_FLAG_AS_PATH_UNCHANGED)
|| CHECK_FLAG (peer->af_flags[afi][safi], PEER_FLAG_NEXTHOP_UNCHANGED)
|| CHECK_FLAG (peer->af_flags[afi][safi], PEER_FLAG_MED_UNCHANGED))
&& ! peer->af_group[afi][safi])
{
if (CHECK_FLAG (peer->af_flags[afi][safi], PEER_FLAG_AS_PATH_UNCHANGED)
&& CHECK_FLAG (peer->af_flags[afi][safi], PEER_FLAG_NEXTHOP_UNCHANGED)
&& CHECK_FLAG (peer->af_flags[afi][safi], PEER_FLAG_MED_UNCHANGED))
if (peergroup_af_flag_check (peer, afi, safi, PEER_FLAG_AS_PATH_UNCHANGED)
&& peergroup_af_flag_check (peer, afi, safi, PEER_FLAG_NEXTHOP_UNCHANGED)
&& peergroup_af_flag_check (peer, afi, safi, PEER_FLAG_MED_UNCHANGED))
vty_out (vty, " neighbor %s attribute-unchanged%s", addr, VTY_NEWLINE);
else
vty_out (vty, " neighbor %s attribute-unchanged%s%s%s%s", addr,
(CHECK_FLAG (peer->af_flags[afi][safi], PEER_FLAG_AS_PATH_UNCHANGED)) ?
peergroup_af_flag_check (peer, afi, safi, PEER_FLAG_AS_PATH_UNCHANGED) ?
" as-path" : "",
(CHECK_FLAG (peer->af_flags[afi][safi], PEER_FLAG_NEXTHOP_UNCHANGED)) ?
peergroup_af_flag_check (peer, afi, safi, PEER_FLAG_NEXTHOP_UNCHANGED) ?
" next-hop" : "",
(CHECK_FLAG (peer->af_flags[afi][safi], PEER_FLAG_MED_UNCHANGED)) ?
peergroup_af_flag_check (peer, afi, safi, PEER_FLAG_MED_UNCHANGED) ?
" med" : "", VTY_NEWLINE);
}
}

45
bgpd/bgpd.h
View File

@ -647,6 +647,7 @@ struct peer
#define PEER_FLAG_REMOVE_PRIVATE_AS_ALL (1 << 18) /* remove-private-as all */
#define PEER_FLAG_REMOVE_PRIVATE_AS_REPLACE (1 << 19) /* remove-private-as replace-as */
#define PEER_FLAG_AS_OVERRIDE (1 << 20) /* as-override */
#define PEER_FLAG_REMOVE_PRIVATE_AS_ALL_REPLACE (1 << 21) /* remove-private-as all replace-as */
/* MD5 password */
char *password;
@ -1069,29 +1070,27 @@ enum bgp_clear_type
#define BGP_ERR_MULTIPLE_INSTANCE_NOT_SET -14
#define BGP_ERR_AS_MISMATCH -15
#define BGP_ERR_PEER_INACTIVE -16
#define BGP_ERR_INVALID_FOR_PEER_GROUP_MEMBER -17
#define BGP_ERR_PEER_GROUP_HAS_THE_FLAG -18
#define BGP_ERR_PEER_FLAG_CONFLICT -19
#define BGP_ERR_PEER_GROUP_SHUTDOWN -20
#define BGP_ERR_PEER_FILTER_CONFLICT -21
#define BGP_ERR_NOT_INTERNAL_PEER -22
#define BGP_ERR_REMOVE_PRIVATE_AS -23
#define BGP_ERR_AF_UNCONFIGURED -24
#define BGP_ERR_SOFT_RECONFIG_UNCONFIGURED -25
#define BGP_ERR_INSTANCE_MISMATCH -26
#define BGP_ERR_LOCAL_AS_ALLOWED_ONLY_FOR_EBGP -27
#define BGP_ERR_CANNOT_HAVE_LOCAL_AS_SAME_AS -28
#define BGP_ERR_TCPSIG_FAILED -29
#define BGP_ERR_NO_EBGP_MULTIHOP_WITH_TTLHACK -30
#define BGP_ERR_NO_IBGP_WITH_TTLHACK -31
#define BGP_ERR_NO_INTERFACE_CONFIG -32
#define BGP_ERR_CANNOT_HAVE_LOCAL_AS_SAME_AS_REMOTE_AS -33
#define BGP_ERR_AS_OVERRIDE -34
#define BGP_ERR_INVALID_DYNAMIC_NEIGHBORS_LIMIT -35
#define BGP_ERR_DYNAMIC_NEIGHBORS_RANGE_EXISTS -36
#define BGP_ERR_DYNAMIC_NEIGHBORS_RANGE_NOT_FOUND -37
#define BGP_ERR_INVALID_FOR_DYNAMIC_PEER -38
#define BGP_ERR_MAX -39
#define BGP_ERR_PEER_FLAG_CONFLICT -17
#define BGP_ERR_PEER_GROUP_SHUTDOWN -18
#define BGP_ERR_PEER_FILTER_CONFLICT -19
#define BGP_ERR_NOT_INTERNAL_PEER -20
#define BGP_ERR_REMOVE_PRIVATE_AS -21
#define BGP_ERR_AF_UNCONFIGURED -22
#define BGP_ERR_SOFT_RECONFIG_UNCONFIGURED -23
#define BGP_ERR_INSTANCE_MISMATCH -24
#define BGP_ERR_LOCAL_AS_ALLOWED_ONLY_FOR_EBGP -25
#define BGP_ERR_CANNOT_HAVE_LOCAL_AS_SAME_AS -26
#define BGP_ERR_TCPSIG_FAILED -27
#define BGP_ERR_NO_EBGP_MULTIHOP_WITH_TTLHACK -28
#define BGP_ERR_NO_IBGP_WITH_TTLHACK -29
#define BGP_ERR_NO_INTERFACE_CONFIG -30
#define BGP_ERR_CANNOT_HAVE_LOCAL_AS_SAME_AS_REMOTE_AS -31
#define BGP_ERR_AS_OVERRIDE -32
#define BGP_ERR_INVALID_DYNAMIC_NEIGHBORS_LIMIT -33
#define BGP_ERR_DYNAMIC_NEIGHBORS_RANGE_EXISTS -34
#define BGP_ERR_DYNAMIC_NEIGHBORS_RANGE_NOT_FOUND -35
#define BGP_ERR_INVALID_FOR_DYNAMIC_PEER -36
#define BGP_ERR_MAX -37
/*
* Enumeration of different policy kinds a peer can be configured with.