diff options
| -rw-r--r-- | bgpd/bgp_route.c | 5 | ||||
| -rw-r--r-- | bgpd/bgp_vty.c | 29 | ||||
| -rw-r--r-- | bgpd/bgpd.c | 1 | ||||
| -rw-r--r-- | bgpd/bgpd.h | 6 |
4 files changed, 23 insertions, 18 deletions
diff --git a/bgpd/bgp_route.c b/bgpd/bgp_route.c index 1d8be6496d..8b5f64153e 100644 --- a/bgpd/bgp_route.c +++ b/bgpd/bgp_route.c @@ -1925,8 +1925,7 @@ bool subgroup_announce_check(struct bgp_node *rn, struct bgp_path_info *pi, * benefit from consistent behavior across different BGP * implementations. */ - if (peer->bgp->ebgp_requires_policy - == DEFAULT_EBGP_POLICY_ENABLED) + if (CHECK_FLAG(bgp->flags, BGP_FLAG_EBGP_REQUIRES_POLICY)) if (!bgp_outbound_policy_exists(peer, filter)) return false; @@ -3413,7 +3412,7 @@ int bgp_update(struct peer *peer, const struct prefix *p, uint32_t addpath_id, * benefit from consistent behavior across different BGP * implementations. */ - if (peer->bgp->ebgp_requires_policy == DEFAULT_EBGP_POLICY_ENABLED) + if (CHECK_FLAG(bgp->flags, BGP_FLAG_EBGP_REQUIRES_POLICY)) if (!bgp_inbound_policy_exists(peer, &peer->filter[afi][safi])) { reason = "inbound policy missing"; diff --git a/bgpd/bgp_vty.c b/bgpd/bgp_vty.c index 8f06fdf86c..f5a648b50e 100644 --- a/bgpd/bgp_vty.c +++ b/bgpd/bgp_vty.c @@ -100,6 +100,11 @@ FRR_CFG_DEFAULT_ULONG(BGP_KEEPALIVE, { .val_ulong = 3, .match_profile = "datacenter", }, { .val_ulong = 60 }, ) +FRR_CFG_DEFAULT_BOOL(BGP_EBGP_REQUIRES_POLICY, + { .val_bool = false, .match_profile = "datacenter", }, + { .val_bool = false, .match_version = "< 7.4", }, + { .val_bool = true }, +) DEFINE_HOOK(bgp_inst_config_write, (struct bgp *bgp, struct vty *vty), @@ -417,6 +422,8 @@ int bgp_get_vty(struct bgp **bgp, as_t *as, const char *name, SET_FLAG((*bgp)->flags, BGP_FLAG_LOG_NEIGHBOR_CHANGES); if (DFLT_BGP_DETERMINISTIC_MED) SET_FLAG((*bgp)->flags, BGP_FLAG_DETERMINISTIC_MED); + if (DFLT_BGP_EBGP_REQUIRES_POLICY) + SET_FLAG((*bgp)->flags, BGP_FLAG_EBGP_REQUIRES_POLICY); ret = BGP_SUCCESS; } @@ -2036,7 +2043,7 @@ DEFUN(bgp_ebgp_requires_policy, bgp_ebgp_requires_policy_cmd, "Require in and out policy for eBGP peers (RFC8212)\n") { VTY_DECLVAR_CONTEXT(bgp, bgp); - bgp->ebgp_requires_policy = DEFAULT_EBGP_POLICY_ENABLED; + SET_FLAG(bgp->flags, BGP_FLAG_EBGP_REQUIRES_POLICY); return CMD_SUCCESS; } @@ -2047,7 +2054,7 @@ DEFUN(no_bgp_ebgp_requires_policy, no_bgp_ebgp_requires_policy_cmd, "Require in and out policy for eBGP peers (RFC8212)\n") { VTY_DECLVAR_CONTEXT(bgp, bgp); - bgp->ebgp_requires_policy = DEFAULT_EBGP_POLICY_DISABLED; + UNSET_FLAG(bgp->flags, BGP_FLAG_EBGP_REQUIRES_POLICY); return CMD_SUCCESS; } @@ -10149,14 +10156,14 @@ static void bgp_show_peer_afi(struct vty *vty, struct peer *p, afi_t afi, filter->map[RMAP_OUT].name); /* ebgp-requires-policy (inbound) */ - if (p->bgp->ebgp_requires_policy == DEFAULT_EBGP_POLICY_ENABLED + if (CHECK_FLAG(p->bgp->flags, BGP_FLAG_EBGP_REQUIRES_POLICY) && !bgp_inbound_policy_exists(p, filter)) json_object_string_add( json_addr, "inboundEbgpRequiresPolicy", "Inbound updates discarded due to missing policy"); /* ebgp-requires-policy (outbound) */ - if (p->bgp->ebgp_requires_policy == DEFAULT_EBGP_POLICY_ENABLED + if (CHECK_FLAG(p->bgp->flags, BGP_FLAG_EBGP_REQUIRES_POLICY) && (!bgp_outbound_policy_exists(p, filter))) json_object_string_add( json_addr, "outboundEbgpRequiresPolicy", @@ -10445,13 +10452,13 @@ static void bgp_show_peer_afi(struct vty *vty, struct peer *p, afi_t afi, filter->map[RMAP_OUT].name); /* ebgp-requires-policy (inbound) */ - if (p->bgp->ebgp_requires_policy == DEFAULT_EBGP_POLICY_ENABLED + if (CHECK_FLAG(p->bgp->flags, BGP_FLAG_EBGP_REQUIRES_POLICY) && !bgp_inbound_policy_exists(p, filter)) vty_out(vty, " Inbound updates discarded due to missing policy\n"); /* ebgp-requires-policy (outbound) */ - if (p->bgp->ebgp_requires_policy == DEFAULT_EBGP_POLICY_ENABLED + if (CHECK_FLAG(p->bgp->flags, BGP_FLAG_EBGP_REQUIRES_POLICY) && !bgp_outbound_policy_exists(p, filter)) vty_out(vty, " Outbound updates discarded due to missing policy\n"); @@ -15066,9 +15073,13 @@ int bgp_config_write(struct vty *vty) vty_out(vty, " bgp always-compare-med\n"); /* RFC8212 default eBGP policy. */ - if (bgp->ebgp_requires_policy - == DEFAULT_EBGP_POLICY_ENABLED) - vty_out(vty, " bgp ebgp-requires-policy\n"); + if (!!CHECK_FLAG(bgp->flags, BGP_FLAG_EBGP_REQUIRES_POLICY) + != SAVE_BGP_EBGP_REQUIRES_POLICY) + vty_out(vty, " %sbgp ebgp-requires-policy\n", + CHECK_FLAG(bgp->flags, + BGP_FLAG_EBGP_REQUIRES_POLICY) + ? "" + : "no "); /* draft-ietf-idr-deprecate-as-set-confed-set */ if (bgp->reject_as_sets == BGP_REJECT_AS_SETS_ENABLED) diff --git a/bgpd/bgpd.c b/bgpd/bgpd.c index dedd0ed3b1..c1b0d74aba 100644 --- a/bgpd/bgpd.c +++ b/bgpd/bgpd.c @@ -2972,7 +2972,6 @@ static struct bgp *bgp_create(as_t *as, const char *name, bgp->dynamic_neighbors_count = 0; bgp->lb_ref_bw = BGP_LINK_BW_REF_BW; bgp->lb_handling = BGP_LINK_BW_ECMP; - bgp->ebgp_requires_policy = DEFAULT_EBGP_POLICY_DISABLED; bgp->reject_as_sets = BGP_REJECT_AS_SETS_DISABLED; bgp_addpath_init_bgp_data(&bgp->tx_addpath); diff --git a/bgpd/bgpd.h b/bgpd/bgpd.h index f6f9687783..afd4a85d20 100644 --- a/bgpd/bgpd.h +++ b/bgpd/bgpd.h @@ -446,6 +446,7 @@ struct bgp { #define BGP_FLAG_DELETE_IN_PROGRESS (1 << 22) #define BGP_FLAG_SELECT_DEFER_DISABLE (1 << 23) #define BGP_FLAG_GR_DISABLE_EOR (1 << 24) +#define BGP_FLAG_EBGP_REQUIRES_POLICY (1 << 25) enum global_mode GLOBAL_GR_FSM[BGP_GLOBAL_GR_MODE] [BGP_GLOBAL_GR_EVENT_CMD]; @@ -593,11 +594,6 @@ struct bgp { /* EVPN enable - advertise local VNIs and their MACs etc. */ int advertise_all_vni; - /* RFC 8212 - prevent route leaks. */ - int ebgp_requires_policy; -#define DEFAULT_EBGP_POLICY_DISABLED 0 -#define DEFAULT_EBGP_POLICY_ENABLED 1 - /* draft-ietf-idr-deprecate-as-set-confed-set * Reject aspaths with AS_SET and/or AS_CONFED_SET. */ |