From 16c926c85dc49ae7d39b4f6b2194cb08b65daf7b Mon Sep 17 00:00:00 2001 From: saravanank Date: Thu, 2 May 2019 08:04:47 -0700 Subject: [PATCH] pimd: interface commands to enable/disable bsm processing (intf)ip pim bsm - to enable bsm processing on the interface (intf)no ip pim bsm - to disable bsm processing on the interface (intf)ip pim unicast-bsm - to enable ucast bsm processing on the interface (intf)no ip pim unicast-bsm - to disable ucast bsm processing on the interface Note: bsm processing and ucast bsm processing is enabled by default on a pim interface. The CLI is implemented as a security feature as recommended by RFC 5059 Signed-off-by: Saravanan K --- pimd/pim_bsm.c | 15 +++++++- pimd/pim_bsm.h | 2 +- pimd/pim_cmd.c | 93 ++++++++++++++++++++++++++++++++++++++++++++++++++ pimd/pim_vty.c | 9 +++++ 4 files changed, 117 insertions(+), 2 deletions(-) diff --git a/pimd/pim_bsm.c b/pimd/pim_bsm.c index 52331625af..b1548af136 100644 --- a/pimd/pim_bsm.c +++ b/pimd/pim_bsm.c @@ -22,7 +22,6 @@ #include "if.h" #include "pimd.h" #include "pim_iface.h" -#include "pim_cmd.h" #include "pim_instance.h" #include "pim_rpf.h" #include "pim_hello.h" @@ -36,6 +35,20 @@ static void pim_bs_timer_start(struct bsm_scope *scope, int bs_timeout); static int pim_on_bs_timer(struct thread *t); static void pim_bs_timer_stop(struct bsm_scope *scope); +/* pim_bsm_write_config - Write the interface pim bsm configuration.*/ +void +pim_bsm_write_config(struct vty *vty, struct interface *ifp) +{ + struct pim_interface *pim_ifp = ifp->info; + + if (pim_ifp) { + if (!pim_ifp->bsm_enable) + vty_out(vty, " no ip pim bsm\n"); + if (!pim_ifp->ucast_bsm_accept) + vty_out(vty, " no ip pim unicast-bsm\n"); + } +} + static void pim_free_bsgrp_data(struct bsgrp_node * bsgrp_node) { if (bsgrp_node->bsrp_list) diff --git a/pimd/pim_bsm.h b/pimd/pim_bsm.h index 1ab50c8b22..68e9ecdb75 100644 --- a/pimd/pim_bsm.h +++ b/pimd/pim_bsm.h @@ -187,5 +187,5 @@ struct bsmmsg_rpinfo { /* API */ void pim_bsm_proc_init(struct pim_instance *pim); void pim_bsm_proc_free(struct pim_instance *pim); - +void pim_bsm_write_config(struct vty *vty, struct interface *ifp); #endif diff --git a/pimd/pim_cmd.c b/pimd/pim_cmd.c index 4c9053a206..26796d14c0 100644 --- a/pimd/pim_cmd.c +++ b/pimd/pim_cmd.c @@ -7755,6 +7755,94 @@ DEFUN (no_ip_pim_bfd, return CMD_SUCCESS; } +DEFUN (ip_pim_bsm, + ip_pim_bsm_cmd, + "ip pim bsm", + IP_STR + PIM_STR + "Enables BSM support on the interface\n") +{ + VTY_DECLVAR_CONTEXT(interface, ifp); + struct pim_interface *pim_ifp = ifp->info; + + if (!pim_ifp) { + if (!pim_cmd_interface_add(ifp)) { + vty_out(vty, "Could not enable PIM SM on interface\n"); + return CMD_WARNING; + } + } + + pim_ifp = ifp->info; + pim_ifp->bsm_enable = true; + + return CMD_SUCCESS; +} + +DEFUN (no_ip_pim_bsm, + no_ip_pim_bsm_cmd, + "no ip pim bsm", + NO_STR + IP_STR + PIM_STR + "Disables BSM support\n") +{ + VTY_DECLVAR_CONTEXT(interface, ifp); + struct pim_interface *pim_ifp = ifp->info; + + if (!pim_ifp) { + vty_out(vty, "Pim not enabled on this interface\n"); + return CMD_WARNING; + } + + pim_ifp->bsm_enable = false; + + return CMD_SUCCESS; +} + +DEFUN (ip_pim_ucast_bsm, + ip_pim_ucast_bsm_cmd, + "ip pim unicast-bsm", + IP_STR + PIM_STR + "Accept/Send unicast BSM on the interface\n") +{ + VTY_DECLVAR_CONTEXT(interface, ifp); + struct pim_interface *pim_ifp = ifp->info; + + if (!pim_ifp) { + if (!pim_cmd_interface_add(ifp)) { + vty_out(vty, "Could not enable PIM SM on interface\n"); + return CMD_WARNING; + } + } + + pim_ifp = ifp->info; + pim_ifp->ucast_bsm_accept = true; + + return CMD_SUCCESS; +} + +DEFUN (no_ip_pim_ucast_bsm, + no_ip_pim_ucast_bsm_cmd, + "no ip pim unicast-bsm", + NO_STR + IP_STR + PIM_STR + "Block send/receive unicast BSM on this interface\n") +{ + VTY_DECLVAR_CONTEXT(interface, ifp); + struct pim_interface *pim_ifp = ifp->info; + + if (!pim_ifp) { + vty_out(vty, "Pim not enabled on this interface\n"); + return CMD_WARNING; + } + + pim_ifp->ucast_bsm_accept = false; + + return CMD_SUCCESS; +} + #if HAVE_BFDD > 0 DEFUN_HIDDEN( #else @@ -9487,6 +9575,11 @@ void pim_cmd_init(void) install_element(VIEW_NODE, &show_ip_pim_vxlan_sg_work_cmd); install_element(INTERFACE_NODE, &interface_pim_use_source_cmd); install_element(INTERFACE_NODE, &interface_no_pim_use_source_cmd); + /* Install BSM command */ + install_element(INTERFACE_NODE, &ip_pim_bsm_cmd); + install_element(INTERFACE_NODE, &no_ip_pim_bsm_cmd); + install_element(INTERFACE_NODE, &ip_pim_ucast_bsm_cmd); + install_element(INTERFACE_NODE, &no_ip_pim_ucast_bsm_cmd); /* Install BFD command */ install_element(INTERFACE_NODE, &ip_pim_bfd_cmd); install_element(INTERFACE_NODE, &ip_pim_bfd_param_cmd); diff --git a/pimd/pim_vty.c b/pimd/pim_vty.c index 2654ebc588..8d40f85132 100644 --- a/pimd/pim_vty.c +++ b/pimd/pim_vty.c @@ -39,6 +39,7 @@ #include "pim_msdp.h" #include "pim_ssm.h" #include "pim_bfd.h" +#include "pim_bsm.h" #include "pim_vxlan.h" int pim_debug_config_write(struct vty *vty) @@ -120,6 +121,11 @@ int pim_debug_config_write(struct vty *vty) ++writes; } + if (PIM_DEBUG_BSM) { + vty_out(vty, "debug pim bsm\n"); + ++writes; + } + if (PIM_DEBUG_VXLAN) { vty_out(vty, "debug pim vxlan\n"); ++writes; @@ -383,7 +389,10 @@ int pim_interface_config_write(struct vty *vty) writes += pim_static_write_mroute(pim, vty, ifp); + pim_bsm_write_config(vty, ifp); + ++writes; pim_bfd_write_config(vty, ifp); + ++writes; } vty_endframe(vty, "!\n"); ++writes; -- 2.39.5