lib, vtysh: Add allow-reserved-ranges global command

It will be used to allow/deny using IPv4 reserved ranges (Class E) for Zebra (configuring interface address) or BGP (allow next-hop to be from this range). Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
2025-08-07 19:10:35 +00:00 · 2022-07-01 23:24:52 +03:00 · 2022-07-01 23:24:52 +03:00 · ac156aecb5
commit ac156aecb5
parent a28af47280
4 changed files with 59 additions and 8 deletions
--- a/lib/command.c
+++ b/lib/command.c
@ -121,6 +121,11 @@ const char *cmd_version_get(void)
 	return host.version;
 }
 bool cmd_allow_reserved_ranges_get(void)
 {
 	return host.allow_reserved_ranges;
 }
 static int root_on_exit(struct vty *vty);
 /* Standard command node structures. */
@ -454,6 +459,9 @@ static int config_write_host(struct vty *vty)
 	if (name && name[0] != '\0')
 		vty_out(vty, "domainname %s\n", name);
 	if (cmd_allow_reserved_ranges_get())
 		vty_out(vty, "allow-reserved-ranges\n");
 	/* The following are all configuration commands that are not sent to
 	 * watchfrr.  For instance watchfrr is hardcoded to log to syslog so
 	 * we would always display 'log syslog informational' in the config
@ -2294,6 +2302,21 @@ DEFUN (no_banner_motd,
 	return CMD_SUCCESS;
 }
 DEFUN(allow_reserved_ranges, allow_reserved_ranges_cmd, "allow-reserved-ranges",
      "Allow using IPv4 (Class E) reserved IP space\n")
 {
 	host.allow_reserved_ranges = true;
 	return CMD_SUCCESS;
 }
 DEFUN(no_allow_reserved_ranges, no_allow_reserved_ranges_cmd,
      "no allow-reserved-ranges",
      NO_STR "Allow using IPv4 (Class E) reserved IP space\n")
 {
 	host.allow_reserved_ranges = false;
 	return CMD_SUCCESS;
 }
 int cmd_find_cmds(struct vty *vty, struct cmd_token **argv, int argc)
 {
 	const struct cmd_node *node;
@ -2483,6 +2506,7 @@ void cmd_init(int terminal)
 	host.lines = -1;
 	cmd_banner_motd_line(FRR_DEFAULT_MOTD);
 	host.motdfile = NULL;
 	host.allow_reserved_ranges = false;
 	/* Install top nodes. */
 	install_node(&view_node);
@ -2552,6 +2576,8 @@ void cmd_init(int terminal)
 		install_element(CONFIG_NODE, &no_banner_motd_cmd);
 		install_element(CONFIG_NODE, &service_terminal_length_cmd);
 		install_element(CONFIG_NODE, &no_service_terminal_length_cmd);
 		install_element(CONFIG_NODE, &allow_reserved_ranges_cmd);
 		install_element(CONFIG_NODE, &no_allow_reserved_ranges_cmd);
 		log_cmd_init();
 		vrf_install_commands();
--- a/lib/command.h
+++ b/lib/command.h
@ -84,6 +84,9 @@ struct host {
 	/* Banner configuration. */
 	char *motd;
 	char *motdfile;
 	/* Allow using IPv4 (Class E) reserved IP space */
 	bool allow_reserved_ranges;
 };
 /* List of CLI nodes. Please remember to update the name array in command.c. */
@ -614,6 +617,7 @@ extern const char *cmd_domainname_get(void);
 extern const char *cmd_system_get(void);
 extern const char *cmd_release_get(void);
 extern const char *cmd_version_get(void);
 extern bool cmd_allow_reserved_ranges_get(void);
 /* NOT safe for general use; call this only if DEV_BUILD! */
 extern void grammar_sandbox_init(void);
--- a/vtysh/vtysh.c
+++ b/vtysh/vtysh.c
@ -3140,6 +3140,20 @@ DEFUN(vtysh_debug_uid_backtrace,
 	return err;
 }
 DEFUNSH(VTYSH_ALL, vtysh_allow_reserved_ranges, vtysh_allow_reserved_ranges_cmd,
 	"allow-reserved-ranges",
 	"Allow using IPv4 (Class E) reserved IP space\n")
 {
 	return CMD_SUCCESS;
 }
 DEFUNSH(VTYSH_ALL, no_vtysh_allow_reserved_ranges,
 	no_vtysh_allow_reserved_ranges_cmd, "no allow-reserved-ranges",
 	NO_STR "Allow using IPv4 (Class E) reserved IP space\n")
 {
 	return CMD_SUCCESS;
 }
 DEFUNSH(VTYSH_ALL, vtysh_service_password_encrypt,
 	vtysh_service_password_encrypt_cmd, "service password-encryption",
 	"Set up miscellaneous service\n"
@ -4902,6 +4916,9 @@ void vtysh_init_vty(void)
 	install_element(CONFIG_NODE, &vtysh_service_password_encrypt_cmd);
 	install_element(CONFIG_NODE, &no_vtysh_service_password_encrypt_cmd);
 	install_element(CONFIG_NODE, &vtysh_allow_reserved_ranges_cmd);
 	install_element(CONFIG_NODE, &no_vtysh_allow_reserved_ranges_cmd);
 	install_element(CONFIG_NODE, &vtysh_password_cmd);
 	install_element(CONFIG_NODE, &no_vtysh_password_cmd);
 	install_element(CONFIG_NODE, &vtysh_enable_password_cmd);
--- a/vtysh/vtysh_config.c
+++ b/vtysh/vtysh_config.c
@ -478,14 +478,18 @@ void vtysh_config_parse_line(void *arg, const char *line)
 		else if (strncmp(line, "rpki", strlen("rpki")) == 0)
 			config = config_get(RPKI_NODE, line);
 		else {
-			if (strncmp(line, "log", strlen("log")) == 0
+			if (strncmp(line, "log", strlen("log")) == 0 ||
-			    || strncmp(line, "hostname", strlen("hostname")) == 0
+			    strncmp(line, "hostname", strlen("hostname")) ==
-			    || strncmp(line, "domainname", strlen("domainname")) == 0
+				    0 ||
-			    || strncmp(line, "frr", strlen("frr")) == 0
+			    strncmp(line, "domainname", strlen("domainname")) ==
-			    || strncmp(line, "agentx", strlen("agentx")) == 0
+				    0 ||
-			    || strncmp(line, "no log", strlen("no log")) == 0
+			    strncmp(line, "frr", strlen("frr")) == 0 ||
-			    || strncmp(line, "no ip prefix-list", strlen("no ip prefix-list")) == 0
+			    strncmp(line, "agentx", strlen("agentx")) == 0 ||
-			    || strncmp(line, "no ipv6 prefix-list", strlen("no ipv6 prefix-list")) == 0)
+			    strncmp(line, "no log", strlen("no log")) == 0 ||
 			    strncmp(line, "no ip prefix-list",
 				    strlen("no ip prefix-list")) == 0 ||
 			    strncmp(line, "no ipv6 prefix-list",
 				    strlen("no ipv6 prefix-list")) == 0)
 				config_add_line_uniq(config_top, line);
 			else
 				config_add_line(config_top, line);