lib, vtysh: Add `allow-reserved-ranges` global command

It will be used to allow/deny using IPv4 reserved ranges (Class E) for Zebra
(configuring interface address) or BGP (allow next-hop to be from this range).

Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>

diff --git a/lib/command.c b/lib/command.c
index cbecc815741e3e94bb4cd39f3be3407aaddcb813..a23afb1e43863e15ff36c50a1d866ff1e69ca0f5 100644 (file)
--- a/lib/command.c
+++ b/lib/command.c
@@ -121,6 +121,11 @@ const char *cmd_version_get(void)
        return host.version;
 }
 
+bool cmd_allow_reserved_ranges_get(void)
+{
+       return host.allow_reserved_ranges;
+}
+
 static int root_on_exit(struct vty *vty);
 
 /* Standard command node structures. */
@@ -454,6 +459,9 @@ static int config_write_host(struct vty *vty)
        if (name && name[0] != '\0')
                vty_out(vty, "domainname %s\n", name);
 
+       if (cmd_allow_reserved_ranges_get())
+               vty_out(vty, "allow-reserved-ranges\n");
+
        /* The following are all configuration commands that are not sent to
         * watchfrr.  For instance watchfrr is hardcoded to log to syslog so
         * we would always display 'log syslog informational' in the config
@@ -2294,6 +2302,21 @@ DEFUN (no_banner_motd,
        return CMD_SUCCESS;
 }
 
+DEFUN(allow_reserved_ranges, allow_reserved_ranges_cmd, "allow-reserved-ranges",
+      "Allow using IPv4 (Class E) reserved IP space\n")
+{
+       host.allow_reserved_ranges = true;
+       return CMD_SUCCESS;
+}
+
+DEFUN(no_allow_reserved_ranges, no_allow_reserved_ranges_cmd,
+      "no allow-reserved-ranges",
+      NO_STR "Allow using IPv4 (Class E) reserved IP space\n")
+{
+       host.allow_reserved_ranges = false;
+       return CMD_SUCCESS;
+}
+
 int cmd_find_cmds(struct vty *vty, struct cmd_token **argv, int argc)
 {
        const struct cmd_node *node;
@@ -2483,6 +2506,7 @@ void cmd_init(int terminal)
        host.lines = -1;
        cmd_banner_motd_line(FRR_DEFAULT_MOTD);
        host.motdfile = NULL;
+       host.allow_reserved_ranges = false;
 
        /* Install top nodes. */
        install_node(&view_node);
@@ -2552,6 +2576,8 @@ void cmd_init(int terminal)
                install_element(CONFIG_NODE, &no_banner_motd_cmd);
                install_element(CONFIG_NODE, &service_terminal_length_cmd);
                install_element(CONFIG_NODE, &no_service_terminal_length_cmd);
+               install_element(CONFIG_NODE, &allow_reserved_ranges_cmd);
+               install_element(CONFIG_NODE, &no_allow_reserved_ranges_cmd);
 
                log_cmd_init();
                vrf_install_commands();

diff --git a/lib/command.h b/lib/command.h
index 7363ed84c888c29d95a0a77c5d4c15156415d846..70e52708a741ee0ac5def20e7d8d94af64fe1f12 100644 (file)
--- a/lib/command.h
+++ b/lib/command.h
@@ -84,6 +84,9 @@ struct host {
        /* Banner configuration. */
        char *motd;
        char *motdfile;
+
+       /* Allow using IPv4 (Class E) reserved IP space */
+       bool allow_reserved_ranges;
 };
 
 /* List of CLI nodes. Please remember to update the name array in command.c. */
@@ -614,6 +617,7 @@ extern const char *cmd_domainname_get(void);
 extern const char *cmd_system_get(void);
 extern const char *cmd_release_get(void);
 extern const char *cmd_version_get(void);
+extern bool cmd_allow_reserved_ranges_get(void);
 
 /* NOT safe for general use; call this only if DEV_BUILD! */
 extern void grammar_sandbox_init(void);

diff --git a/vtysh/vtysh.c b/vtysh/vtysh.c
index a52bd7b116b36ca79c2e93825d7106dc3ad7a77f..21bd2f48832517327756611b8eb7ee7061975f89 100644 (file)
--- a/vtysh/vtysh.c
+++ b/vtysh/vtysh.c
@@ -3140,6 +3140,20 @@ DEFUN(vtysh_debug_uid_backtrace,
        return err;
 }
 
+DEFUNSH(VTYSH_ALL, vtysh_allow_reserved_ranges, vtysh_allow_reserved_ranges_cmd,
+       "allow-reserved-ranges",
+       "Allow using IPv4 (Class E) reserved IP space\n")
+{
+       return CMD_SUCCESS;
+}
+
+DEFUNSH(VTYSH_ALL, no_vtysh_allow_reserved_ranges,
+       no_vtysh_allow_reserved_ranges_cmd, "no allow-reserved-ranges",
+       NO_STR "Allow using IPv4 (Class E) reserved IP space\n")
+{
+       return CMD_SUCCESS;
+}
+
 DEFUNSH(VTYSH_ALL, vtysh_service_password_encrypt,
        vtysh_service_password_encrypt_cmd, "service password-encryption",
        "Set up miscellaneous service\n"
@@ -4902,6 +4916,9 @@ void vtysh_init_vty(void)
        install_element(CONFIG_NODE, &vtysh_service_password_encrypt_cmd);
        install_element(CONFIG_NODE, &no_vtysh_service_password_encrypt_cmd);
 
+       install_element(CONFIG_NODE, &vtysh_allow_reserved_ranges_cmd);
+       install_element(CONFIG_NODE, &no_vtysh_allow_reserved_ranges_cmd);
+
        install_element(CONFIG_NODE, &vtysh_password_cmd);
        install_element(CONFIG_NODE, &no_vtysh_password_cmd);
        install_element(CONFIG_NODE, &vtysh_enable_password_cmd);

diff --git a/vtysh/vtysh_config.c b/vtysh/vtysh_config.c
index 3bd5489eefa45d08710074b9b36cce986a32197b..a7ec2a93c2d56f3ad9636157044ce81d08d7107f 100644 (file)
--- a/vtysh/vtysh_config.c
+++ b/vtysh/vtysh_config.c
@@ -478,14 +478,18 @@ void vtysh_config_parse_line(void *arg, const char *line)
                else if (strncmp(line, "rpki", strlen("rpki")) == 0)
                        config = config_get(RPKI_NODE, line);
                else {
-                       if (strncmp(line, "log", strlen("log")) == 0
-                           || strncmp(line, "hostname", strlen("hostname")) == 0
-                           || strncmp(line, "domainname", strlen("domainname")) == 0
-                           || strncmp(line, "frr", strlen("frr")) == 0
-                           || strncmp(line, "agentx", strlen("agentx")) == 0
-                           || strncmp(line, "no log", strlen("no log")) == 0
-                           || strncmp(line, "no ip prefix-list", strlen("no ip prefix-list")) == 0
-                           || strncmp(line, "no ipv6 prefix-list", strlen("no ipv6 prefix-list")) == 0)
+                       if (strncmp(line, "log", strlen("log")) == 0 ||
+                           strncmp(line, "hostname", strlen("hostname")) ==
+                                   0 ||
+                           strncmp(line, "domainname", strlen("domainname")) ==
+                                   0 ||
+                           strncmp(line, "frr", strlen("frr")) == 0 ||
+                           strncmp(line, "agentx", strlen("agentx")) == 0 ||
+                           strncmp(line, "no log", strlen("no log")) == 0 ||
+                           strncmp(line, "no ip prefix-list",
+                                   strlen("no ip prefix-list")) == 0 ||
+                           strncmp(line, "no ipv6 prefix-list",
+                                   strlen("no ipv6 prefix-list")) == 0)
                                config_add_line_uniq(config_top, line);
                        else
                                config_add_line(config_top, line);