bgpd: Fix `enforce-first-as` per peer-group removal

If we do `no neighbor PG enforce-first-as`, it wasn't working because the flag
was inherited incorrectly for the members of the peer-group.

Fixes: 322462920e2a2c8b73191c6eb5157d64cf4a593e ("bgpd: Enable enforce-first-as by default")
Closes: https://github.com/FRRouting/frr/issues/17702
Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>

diff --git a/bgpd/bgp_vty.c b/bgpd/bgp_vty.c
index 97ca5622b935810819cecf88439bf44ba646d328..8e27da54d8bc0cc6adc201693b63bead80b23712 100644 (file)
--- a/bgpd/bgp_vty.c
+++ b/bgpd/bgp_vty.c
@@ -18201,7 +18201,11 @@ static void bgp_config_write_peer_global(struct vty *vty, struct bgp *bgp,
 
        /* enforce-first-as */
        if (CHECK_FLAG(bgp->flags, BGP_FLAG_ENFORCE_FIRST_AS)) {
-               if (!peergroup_flag_check(peer, PEER_FLAG_ENFORCE_FIRST_AS))
+               /* The `no` form is printed because by default this enforcing
+                * is enabled, thus we need to print it inverted.
+                * See peer_new().
+                */
+               if (peergroup_flag_check(peer, PEER_FLAG_ENFORCE_FIRST_AS))
                        vty_out(vty, " no neighbor %s enforce-first-as\n", addr);
        } else {
                if (peergroup_flag_check(peer, PEER_FLAG_ENFORCE_FIRST_AS))

diff --git a/bgpd/bgpd.c b/bgpd/bgpd.c
index 69312f69cb08f56d9ac479c9fa2df385c2ebf89b..8352a9b631c91af3d4151edd43bc5cda00002bdc 100644 (file)
--- a/bgpd/bgpd.c
+++ b/bgpd/bgpd.c
@@ -1564,8 +1564,13 @@ struct peer *peer_new(struct bgp *bgp)
 
        SET_FLAG(peer->sflags, PEER_STATUS_CAPABILITY_OPEN);
 
-       if (CHECK_FLAG(bgp->flags, BGP_FLAG_ENFORCE_FIRST_AS))
-               peer_flag_set(peer, PEER_FLAG_ENFORCE_FIRST_AS);
+       /* By default this is enabled, thus we need to mark it as
+        * inverted in order to display correctly in the configuration.
+        */
+       if (CHECK_FLAG(bgp->flags, BGP_FLAG_ENFORCE_FIRST_AS)) {
+               SET_FLAG(peer->flags_invert, PEER_FLAG_ENFORCE_FIRST_AS);
+               SET_FLAG(peer->flags, PEER_FLAG_ENFORCE_FIRST_AS);
+       }
 
        if (CHECK_FLAG(bgp->flags, BGP_FLAG_SOFT_VERSION_CAPABILITY))
                peer_flag_set(peer, PEER_FLAG_CAPABILITY_SOFT_VERSION);