From: Sid Khot <sidkhot@cumulusnetworks.com>
Date: Sat, 2 Jul 2016 00:06:43 +0000 (-0700)
Subject: bgpd: "neigbor <interface> ttl-security hops" should reject a hops value greater... 
X-Git-Tag: frr-2.0-rc1~486
X-Git-Url: https://git.puffer.fish/?a=commitdiff_plain;h=8cdabf90ad370f469e2ea27cb340ec5dfe325b65;p=matthieu%2Ffrr.git

bgpd: "neigbor <interface> ttl-security hops" should reject a hops value greater than 1
      "neighbor <interface> disable-connected-check" should not be allowed by the parser

Made changes to not allow hops greater than 1 and disable-connected check for neighbor <interface>

Ticket: CM-5536 CM-5537
Reviewed By: CCR-4865
Testing Done: Manual
---

diff --git a/bgpd/bgp_vty.c b/bgpd/bgp_vty.c
index bef95981a0..f1c30c23f0 100644
--- a/bgpd/bgp_vty.c
+++ b/bgpd/bgp_vty.c
@@ -3404,6 +3404,16 @@ peer_flag_modify_vty (struct vty *vty, const char *ip_str,
   if (! peer)
     return CMD_WARNING;
 
+  /*
+   * If 'neighbor <interface>', then this is for directly connected peers,
+   * we should not accept disable-connected-check.
+   */
+  if (peer->conf_if && (flag == PEER_FLAG_DISABLE_CONNECTED_CHECK)) {
+    vty_out (vty, "%s is directly connected peer, cannot accept disable-"
+                  "connected-check%s", ip_str, VTY_NEWLINE);
+    return CMD_WARNING;
+  }
+
   if (set)
     ret = peer_flag_set (peer, flag);
   else
@@ -5754,6 +5764,16 @@ DEFUN (neighbor_ttl_security,
     
   VTY_GET_INTEGER_RANGE ("", gtsm_hops, argv[1], 1, 254);
 
+  /*
+   * If 'neighbor swpX', then this is for directly connected peers,
+   * we should not accept a ttl-security hops value greater than 1.
+   */
+  if (peer->conf_if && (gtsm_hops > 1)) {
+    vty_out (vty, "%s is directly connected peer, hops cannot exceed 1%s",
+                  argv[0], VTY_NEWLINE);
+    return CMD_WARNING;
+  }
+
   return bgp_vty_return (vty, peer_ttl_security_hops_set (peer, gtsm_hops));
 }