From: Donatas Abraitis Date: Sat, 21 Dec 2024 15:03:14 +0000 (+0200) Subject: bgpd: Fix `enforce-first-as` per peer-group removal X-Git-Tag: docker/10.0.3~1^2 X-Git-Url: https://git.puffer.fish/?a=commitdiff_plain;h=327d08bebbc001e4cff0e22cf362f05e86b3ba3e;p=matthieu%2Ffrr.git bgpd: Fix `enforce-first-as` per peer-group removal If we do `no neighbor PG enforce-first-as`, it wasn't working because the flag was inherited incorrectly for the members of the peer-group. Fixes: 322462920e2a2c8b73191c6eb5157d64cf4a593e ("bgpd: Enable enforce-first-as by default") Closes: https://github.com/FRRouting/frr/issues/17702 Signed-off-by: Donatas Abraitis --- diff --git a/bgpd/bgp_vty.c b/bgpd/bgp_vty.c index 97ca5622b9..8e27da54d8 100644 --- a/bgpd/bgp_vty.c +++ b/bgpd/bgp_vty.c @@ -18201,7 +18201,11 @@ static void bgp_config_write_peer_global(struct vty *vty, struct bgp *bgp, /* enforce-first-as */ if (CHECK_FLAG(bgp->flags, BGP_FLAG_ENFORCE_FIRST_AS)) { - if (!peergroup_flag_check(peer, PEER_FLAG_ENFORCE_FIRST_AS)) + /* The `no` form is printed because by default this enforcing + * is enabled, thus we need to print it inverted. + * See peer_new(). + */ + if (peergroup_flag_check(peer, PEER_FLAG_ENFORCE_FIRST_AS)) vty_out(vty, " no neighbor %s enforce-first-as\n", addr); } else { if (peergroup_flag_check(peer, PEER_FLAG_ENFORCE_FIRST_AS)) diff --git a/bgpd/bgpd.c b/bgpd/bgpd.c index 69312f69cb..8352a9b631 100644 --- a/bgpd/bgpd.c +++ b/bgpd/bgpd.c @@ -1564,8 +1564,13 @@ struct peer *peer_new(struct bgp *bgp) SET_FLAG(peer->sflags, PEER_STATUS_CAPABILITY_OPEN); - if (CHECK_FLAG(bgp->flags, BGP_FLAG_ENFORCE_FIRST_AS)) - peer_flag_set(peer, PEER_FLAG_ENFORCE_FIRST_AS); + /* By default this is enabled, thus we need to mark it as + * inverted in order to display correctly in the configuration. + */ + if (CHECK_FLAG(bgp->flags, BGP_FLAG_ENFORCE_FIRST_AS)) { + SET_FLAG(peer->flags_invert, PEER_FLAG_ENFORCE_FIRST_AS); + SET_FLAG(peer->flags, PEER_FLAG_ENFORCE_FIRST_AS); + } if (CHECK_FLAG(bgp->flags, BGP_FLAG_SOFT_VERSION_CAPABILITY)) peer_flag_set(peer, PEER_FLAG_CAPABILITY_SOFT_VERSION);