From ac156aecb5f292f565ccd0aeafade4cc0cad6028 Mon Sep 17 00:00:00 2001 From: Donatas Abraitis Date: Fri, 1 Jul 2022 23:24:52 +0300 Subject: [PATCH] lib, vtysh: Add `allow-reserved-ranges` global command It will be used to allow/deny using IPv4 reserved ranges (Class E) for Zebra (configuring interface address) or BGP (allow next-hop to be from this range). Signed-off-by: Donatas Abraitis --- lib/command.c | 26 ++++++++++++++++++++++++++ lib/command.h | 4 ++++ vtysh/vtysh.c | 17 +++++++++++++++++ vtysh/vtysh_config.c | 20 ++++++++++++-------- 4 files changed, 59 insertions(+), 8 deletions(-) diff --git a/lib/command.c b/lib/command.c index cbecc81574..a23afb1e43 100644 --- a/lib/command.c +++ b/lib/command.c @@ -121,6 +121,11 @@ const char *cmd_version_get(void) return host.version; } +bool cmd_allow_reserved_ranges_get(void) +{ + return host.allow_reserved_ranges; +} + static int root_on_exit(struct vty *vty); /* Standard command node structures. */ @@ -454,6 +459,9 @@ static int config_write_host(struct vty *vty) if (name && name[0] != '\0') vty_out(vty, "domainname %s\n", name); + if (cmd_allow_reserved_ranges_get()) + vty_out(vty, "allow-reserved-ranges\n"); + /* The following are all configuration commands that are not sent to * watchfrr. For instance watchfrr is hardcoded to log to syslog so * we would always display 'log syslog informational' in the config @@ -2294,6 +2302,21 @@ DEFUN (no_banner_motd, return CMD_SUCCESS; } +DEFUN(allow_reserved_ranges, allow_reserved_ranges_cmd, "allow-reserved-ranges", + "Allow using IPv4 (Class E) reserved IP space\n") +{ + host.allow_reserved_ranges = true; + return CMD_SUCCESS; +} + +DEFUN(no_allow_reserved_ranges, no_allow_reserved_ranges_cmd, + "no allow-reserved-ranges", + NO_STR "Allow using IPv4 (Class E) reserved IP space\n") +{ + host.allow_reserved_ranges = false; + return CMD_SUCCESS; +} + int cmd_find_cmds(struct vty *vty, struct cmd_token **argv, int argc) { const struct cmd_node *node; @@ -2483,6 +2506,7 @@ void cmd_init(int terminal) host.lines = -1; cmd_banner_motd_line(FRR_DEFAULT_MOTD); host.motdfile = NULL; + host.allow_reserved_ranges = false; /* Install top nodes. */ install_node(&view_node); @@ -2552,6 +2576,8 @@ void cmd_init(int terminal) install_element(CONFIG_NODE, &no_banner_motd_cmd); install_element(CONFIG_NODE, &service_terminal_length_cmd); install_element(CONFIG_NODE, &no_service_terminal_length_cmd); + install_element(CONFIG_NODE, &allow_reserved_ranges_cmd); + install_element(CONFIG_NODE, &no_allow_reserved_ranges_cmd); log_cmd_init(); vrf_install_commands(); diff --git a/lib/command.h b/lib/command.h index 7363ed84c8..70e52708a7 100644 --- a/lib/command.h +++ b/lib/command.h @@ -84,6 +84,9 @@ struct host { /* Banner configuration. */ char *motd; char *motdfile; + + /* Allow using IPv4 (Class E) reserved IP space */ + bool allow_reserved_ranges; }; /* List of CLI nodes. Please remember to update the name array in command.c. */ @@ -614,6 +617,7 @@ extern const char *cmd_domainname_get(void); extern const char *cmd_system_get(void); extern const char *cmd_release_get(void); extern const char *cmd_version_get(void); +extern bool cmd_allow_reserved_ranges_get(void); /* NOT safe for general use; call this only if DEV_BUILD! */ extern void grammar_sandbox_init(void); diff --git a/vtysh/vtysh.c b/vtysh/vtysh.c index a52bd7b116..21bd2f4883 100644 --- a/vtysh/vtysh.c +++ b/vtysh/vtysh.c @@ -3140,6 +3140,20 @@ DEFUN(vtysh_debug_uid_backtrace, return err; } +DEFUNSH(VTYSH_ALL, vtysh_allow_reserved_ranges, vtysh_allow_reserved_ranges_cmd, + "allow-reserved-ranges", + "Allow using IPv4 (Class E) reserved IP space\n") +{ + return CMD_SUCCESS; +} + +DEFUNSH(VTYSH_ALL, no_vtysh_allow_reserved_ranges, + no_vtysh_allow_reserved_ranges_cmd, "no allow-reserved-ranges", + NO_STR "Allow using IPv4 (Class E) reserved IP space\n") +{ + return CMD_SUCCESS; +} + DEFUNSH(VTYSH_ALL, vtysh_service_password_encrypt, vtysh_service_password_encrypt_cmd, "service password-encryption", "Set up miscellaneous service\n" @@ -4902,6 +4916,9 @@ void vtysh_init_vty(void) install_element(CONFIG_NODE, &vtysh_service_password_encrypt_cmd); install_element(CONFIG_NODE, &no_vtysh_service_password_encrypt_cmd); + install_element(CONFIG_NODE, &vtysh_allow_reserved_ranges_cmd); + install_element(CONFIG_NODE, &no_vtysh_allow_reserved_ranges_cmd); + install_element(CONFIG_NODE, &vtysh_password_cmd); install_element(CONFIG_NODE, &no_vtysh_password_cmd); install_element(CONFIG_NODE, &vtysh_enable_password_cmd); diff --git a/vtysh/vtysh_config.c b/vtysh/vtysh_config.c index 3bd5489eef..a7ec2a93c2 100644 --- a/vtysh/vtysh_config.c +++ b/vtysh/vtysh_config.c @@ -478,14 +478,18 @@ void vtysh_config_parse_line(void *arg, const char *line) else if (strncmp(line, "rpki", strlen("rpki")) == 0) config = config_get(RPKI_NODE, line); else { - if (strncmp(line, "log", strlen("log")) == 0 - || strncmp(line, "hostname", strlen("hostname")) == 0 - || strncmp(line, "domainname", strlen("domainname")) == 0 - || strncmp(line, "frr", strlen("frr")) == 0 - || strncmp(line, "agentx", strlen("agentx")) == 0 - || strncmp(line, "no log", strlen("no log")) == 0 - || strncmp(line, "no ip prefix-list", strlen("no ip prefix-list")) == 0 - || strncmp(line, "no ipv6 prefix-list", strlen("no ipv6 prefix-list")) == 0) + if (strncmp(line, "log", strlen("log")) == 0 || + strncmp(line, "hostname", strlen("hostname")) == + 0 || + strncmp(line, "domainname", strlen("domainname")) == + 0 || + strncmp(line, "frr", strlen("frr")) == 0 || + strncmp(line, "agentx", strlen("agentx")) == 0 || + strncmp(line, "no log", strlen("no log")) == 0 || + strncmp(line, "no ip prefix-list", + strlen("no ip prefix-list")) == 0 || + strncmp(line, "no ipv6 prefix-list", + strlen("no ipv6 prefix-list")) == 0) config_add_line_uniq(config_top, line); else config_add_line(config_top, line); -- 2.39.5