From 2131d5cf652b6e05aceb7fe5406fb7698db9e21e Mon Sep 17 00:00:00 2001
From: Lou Berger <lberger@labn.net>
Date: Mon, 9 Oct 2017 09:45:17 -0400
Subject: [PATCH] bgpd: only allow unicast|multicast SAFIs in VRF/View (i.e.,
 non-core) BGP instances

Signed-off-by: Lou Berger <lberger@labn.net>
---
 bgpd/bgp_vty.c | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/bgpd/bgp_vty.c b/bgpd/bgp_vty.c
index 355d1037b8..37ab294c60 100644
--- a/bgpd/bgp_vty.c
+++ b/bgpd/bgp_vty.c
@@ -6045,7 +6045,13 @@ DEFUN_NOSH (address_family_ipv4_safi,
 {
 
 	if (argc == 3) {
+		VTY_DECLVAR_CONTEXT(bgp, bgp);
 		safi_t safi = bgp_vty_safi_from_str(argv[2]->text);
+		if (bgp->inst_type != BGP_INSTANCE_TYPE_DEFAULT &&
+		    safi != SAFI_UNICAST && safi != SAFI_MULTICAST) {
+			vty_out(vty, "Only Unicast and Multicast SAFIs supported in non-core instances.\n");
+			return CMD_WARNING_CONFIG_FAILED;
+		}
 		vty->node = bgp_node_type(AFI_IP, safi);
 	} else
 		vty->node = BGP_IPV4_NODE;
@@ -6061,7 +6067,13 @@ DEFUN_NOSH (address_family_ipv6_safi,
        BGP_SAFI_WITH_LABEL_HELP_STR)
 {
 	if (argc == 3) {
+		VTY_DECLVAR_CONTEXT(bgp, bgp);
 		safi_t safi = bgp_vty_safi_from_str(argv[2]->text);
+		if (bgp->inst_type != BGP_INSTANCE_TYPE_DEFAULT &&
+		    safi != SAFI_UNICAST && safi != SAFI_MULTICAST) {
+			vty_out(vty, "Only Unicast and Multicast SAFIs supported in non-core instances.\n");
+			return CMD_WARNING_CONFIG_FAILED;
+		}
 		vty->node = bgp_node_type(AFI_IP6, safi);
 	} else
 		vty->node = BGP_IPV6_NODE;
@@ -6100,6 +6112,11 @@ DEFUN_NOSH (address_family_evpn,
        "Address Family\n"
        "Address Family modifier\n")
 {
+	VTY_DECLVAR_CONTEXT(bgp, bgp);
+	if (bgp->inst_type != BGP_INSTANCE_TYPE_DEFAULT) {
+		vty_out(vty, "Only Unicast and Multicast SAFIs supported in non-core instances.\n");
+		return CMD_WARNING_CONFIG_FAILED;
+	}
 	vty->node = BGP_EVPN_NODE;
 	return CMD_SUCCESS;
 }
-- 
2.39.5