|
 |
133c55 |
From 8a66632391db5f5181a4afef6aae41f48bee7fdb Mon Sep 17 00:00:00 2001
|
|
|
133c55 |
From: Donald Sharp <sharpd@nvidia.com>
|
|
|
133c55 |
Date: Fri, 15 Jan 2021 08:14:49 -0500
|
|
|
133c55 |
Subject: [PATCH] bgpd: Allow peer-groups to have `ttl-security hops`
|
|
|
133c55 |
configured
|
|
|
133c55 |
|
|
|
133c55 |
The command `neighbor PGROUP ttl-security hops X` was being
|
|
|
133c55 |
accepted but ignored. Allow it to be stored. I am still
|
|
|
133c55 |
not sure that this is applied correctly, but that is another
|
|
|
133c55 |
problem.
|
|
|
133c55 |
|
|
|
133c55 |
Fixes: #7848
|
|
|
133c55 |
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
|
|
|
133c55 |
---
|
|
|
133c55 |
bgpd/bgpd.c | 8 +++++---
|
|
|
133c55 |
1 file changed, 5 insertions(+), 3 deletions(-)
|
|
|
133c55 |
|
|
|
133c55 |
diff --git a/bgpd/bgpd.c b/bgpd/bgpd.c
|
|
|
133c55 |
index 9297ec4711c..4ebd3da0620 100644
|
|
|
133c55 |
--- a/bgpd/bgpd.c
|
|
|
133c55 |
+++ b/bgpd/bgpd.c
|
|
|
133c55 |
@@ -7150,6 +7150,7 @@ int is_ebgp_multihop_configured(struct peer *peer)
|
|
|
133c55 |
int peer_ttl_security_hops_set(struct peer *peer, int gtsm_hops)
|
|
|
133c55 |
{
|
|
|
133c55 |
struct peer_group *group;
|
|
|
133c55 |
+ struct peer *gpeer;
|
|
|
133c55 |
struct listnode *node, *nnode;
|
|
|
133c55 |
int ret;
|
|
|
133c55 |
|
|
|
133c55 |
@@ -7186,9 +7187,10 @@ int peer_ttl_security_hops_set(struct peer *peer, int gtsm_hops)
|
|
|
133c55 |
return ret;
|
|
|
133c55 |
} else {
|
|
|
133c55 |
group = peer->group;
|
|
|
133c55 |
+ group->conf->gtsm_hops = gtsm_hops;
|
|
|
133c55 |
for (ALL_LIST_ELEMENTS(group->peer, node, nnode,
|
|
|
133c55 |
- peer)) {
|
|
|
133c55 |
- peer->gtsm_hops = group->conf->gtsm_hops;
|
|
|
133c55 |
+ gpeer)) {
|
|
|
133c55 |
+ gpeer->gtsm_hops = group->conf->gtsm_hops;
|
|
|
133c55 |
|
|
|
133c55 |
/* Calling ebgp multihop also resets the
|
|
|
133c55 |
* session.
|
|
|
133c55 |
@@ -7198,7 +7200,7 @@ int peer_ttl_security_hops_set(struct peer *peer, int gtsm_hops)
|
|
|
133c55 |
* value is
|
|
|
133c55 |
* irrelevant.
|
|
|
133c55 |
*/
|
|
|
133c55 |
- peer_ebgp_multihop_set(peer, MAXTTL);
|
|
|
133c55 |
+ peer_ebgp_multihop_set(gpeer, MAXTTL);
|
|
|
133c55 |
}
|
|
|
133c55 |
}
|
|
|
133c55 |
} else {
|
|
|
133c55 |
@@ -7219,9 +7221,10 @@ int peer_ttl_security_hops_set(struct peer *peer, int gtsm_hops)
|
|
|
133c55 |
MAXTTL + 1 - gtsm_hops);
|
|
|
133c55 |
} else {
|
|
|
133c55 |
group = peer->group;
|
|
|
133c55 |
+ group->conf->gtsm_hops = gtsm_hops;
|
|
|
133c55 |
for (ALL_LIST_ELEMENTS(group->peer, node, nnode,
|
|
|
133c55 |
- peer)) {
|
|
|
133c55 |
- peer->gtsm_hops = group->conf->gtsm_hops;
|
|
|
133c55 |
+ gpeer)) {
|
|
|
133c55 |
+ gpeer->gtsm_hops = group->conf->gtsm_hops;
|
|
|
133c55 |
|
|
|
133c55 |
/* Change setting of existing peer
|
|
|
133c55 |
* established then change value (may break
|
|
|
133c55 |
@@ -7231,17 +7234,18 @@ int peer_ttl_security_hops_set(struct peer *peer, int gtsm_hops)
|
|
|
133c55 |
* no session then do nothing (will get
|
|
|
133c55 |
* handled by next connection)
|
|
|
133c55 |
*/
|
|
|
133c55 |
- if (peer->fd >= 0
|
|
|
133c55 |
- && peer->gtsm_hops
|
|
|
133c55 |
+ if (gpeer->fd >= 0
|
|
|
133c55 |
+ && gpeer->gtsm_hops
|
|
|
133c55 |
!= BGP_GTSM_HOPS_DISABLED)
|
|
|
133c55 |
sockopt_minttl(
|
|
|
133c55 |
- peer->su.sa.sa_family, peer->fd,
|
|
|
133c55 |
- MAXTTL + 1 - peer->gtsm_hops);
|
|
|
133c55 |
- if ((peer->status < Established)
|
|
|
133c55 |
- && peer->doppelganger
|
|
|
133c55 |
- && (peer->doppelganger->fd >= 0))
|
|
|
133c55 |
- sockopt_minttl(peer->su.sa.sa_family,
|
|
|
133c55 |
- peer->doppelganger->fd,
|
|
|
133c55 |
+ gpeer->su.sa.sa_family,
|
|
|
133c55 |
+ gpeer->fd,
|
|
|
133c55 |
+ MAXTTL + 1 - gpeer->gtsm_hops);
|
|
|
133c55 |
+ if ((gpeer->status < Established)
|
|
|
133c55 |
+ && gpeer->doppelganger
|
|
|
133c55 |
+ && (gpeer->doppelganger->fd >= 0))
|
|
|
133c55 |
+ sockopt_minttl(gpeer->su.sa.sa_family,
|
|
|
133c55 |
+ gpeer->doppelganger->fd,
|
|
|
133c55 |
MAXTTL + 1 - gtsm_hops);
|
|
|
133c55 |
}
|
|
|
133c55 |
}
|