diff options
| -rw-r--r-- | bgpd/bgp_fsm.c | 2 | ||||
| -rw-r--r-- | bgpd/bgp_vty.c | 13 | ||||
| -rw-r--r-- | bgpd/bgp_zebra.c | 7 | ||||
| -rw-r--r-- | bgpd/bgpd.c | 21 | ||||
| -rw-r--r-- | bgpd/bgpd.h | 4 | ||||
| -rw-r--r-- | doc/user/bgp.rst | 10 |
6 files changed, 37 insertions, 20 deletions
diff --git a/bgpd/bgp_fsm.c b/bgpd/bgp_fsm.c index 66cde7b3a2..e0a9e3e4f0 100644 --- a/bgpd/bgp_fsm.c +++ b/bgpd/bgp_fsm.c @@ -1995,7 +1995,7 @@ void bgp_fsm_event_update(struct peer *peer, int valid) case OpenSent: case OpenConfirm: case Established: - if (!valid && (peer->gtsm_hops == 1)) + if (!valid && (peer->gtsm_hops == BGP_GTSM_HOPS_CONNECTED)) BGP_EVENT_ADD(peer, TCP_fatal_error); case Clearing: case Deleted: diff --git a/bgpd/bgp_vty.c b/bgpd/bgp_vty.c index 1389f05857..f57f0036d7 100644 --- a/bgpd/bgp_vty.c +++ b/bgpd/bgp_vty.c @@ -6901,7 +6901,7 @@ DEFUN (neighbor_ttl_security, * If 'neighbor swpX', then this is for directly connected peers, * we should not accept a ttl-security hops value greater than 1. */ - if (peer->conf_if && (gtsm_hops > 1)) { + if (peer->conf_if && (gtsm_hops > BGP_GTSM_HOPS_CONNECTED)) { vty_out(vty, "%s is directly connected peer, hops cannot exceed 1\n", argv[idx_peer]->arg); @@ -11939,7 +11939,7 @@ static void bgp_show_peer(struct vty *vty, struct peer *p, bool use_json, /* EBGP Multihop and GTSM */ if (p->sort != BGP_PEER_IBGP) { if (use_json) { - if (p->gtsm_hops > 0) + if (p->gtsm_hops > BGP_GTSM_HOPS_DISABLED) json_object_int_add(json_neigh, "externalBgpNbrMaxHopsAway", p->gtsm_hops); @@ -11948,7 +11948,7 @@ static void bgp_show_peer(struct vty *vty, struct peer *p, bool use_json, "externalBgpNbrMaxHopsAway", p->ttl); } else { - if (p->gtsm_hops > 0) + if (p->gtsm_hops > BGP_GTSM_HOPS_DISABLED) vty_out(vty, " External BGP neighbor may be up to %d hops away.\n", p->gtsm_hops); @@ -11958,7 +11958,7 @@ static void bgp_show_peer(struct vty *vty, struct peer *p, bool use_json, p->ttl); } } else { - if (p->gtsm_hops > 0) { + if (p->gtsm_hops > BGP_GTSM_HOPS_DISABLED) { if (use_json) json_object_int_add(json_neigh, "internalBgpNbrMaxHopsAway", @@ -14450,7 +14450,8 @@ static void bgp_config_write_peer_global(struct vty *vty, struct bgp *bgp, /* ebgp-multihop */ if (peer->sort != BGP_PEER_IBGP && peer->ttl != BGP_DEFAULT_TTL - && !(peer->gtsm_hops != 0 && peer->ttl == MAXTTL)) { + && !(peer->gtsm_hops != BGP_GTSM_HOPS_DISABLED + && peer->ttl == MAXTTL)) { if (!peer_group_active(peer) || g_peer->ttl != peer->ttl) { vty_out(vty, " neighbor %s ebgp-multihop %d\n", addr, peer->ttl); @@ -14458,7 +14459,7 @@ static void bgp_config_write_peer_global(struct vty *vty, struct bgp *bgp, } /* ttl-security hops */ - if (peer->gtsm_hops != 0) { + if (peer->gtsm_hops != BGP_GTSM_HOPS_DISABLED) { if (!peer_group_active(peer) || g_peer->gtsm_hops != peer->gtsm_hops) { vty_out(vty, " neighbor %s ttl-security hops %d\n", diff --git a/bgpd/bgp_zebra.c b/bgpd/bgp_zebra.c index 068b6794e7..bb718c355f 100644 --- a/bgpd/bgp_zebra.c +++ b/bgpd/bgp_zebra.c @@ -279,13 +279,13 @@ static int bgp_ifp_down(struct interface *ifp) * tracked (directly connected) IBGP peers. */ if ((peer->ttl != BGP_DEFAULT_TTL) - && (peer->gtsm_hops != 1) + && (peer->gtsm_hops != BGP_GTSM_HOPS_CONNECTED) && (!peer->bfd_info || bgp_bfd_is_peer_multihop(peer))) #else /* Take down directly connected EBGP peers */ if ((peer->ttl != BGP_DEFAULT_TTL) - && (peer->gtsm_hops != 1)) + && (peer->gtsm_hops != BGP_GTSM_HOPS_CONNECTED)) #endif continue; @@ -451,7 +451,8 @@ static int bgp_interface_vrf_update(ZAPI_CALLBACK_ARGS) if (!CHECK_FLAG(bgp->flags, BGP_FLAG_NO_FAST_EXT_FAILOVER)) { for (ALL_LIST_ELEMENTS(bgp->peer, node, nnode, peer)) { if ((peer->ttl != BGP_DEFAULT_TTL) - && (peer->gtsm_hops != 1)) + && (peer->gtsm_hops + != BGP_GTSM_HOPS_CONNECTED)) continue; if (ifp == peer->nexthop.ifp) diff --git a/bgpd/bgpd.c b/bgpd/bgpd.c index fa64420cfd..34581b66fc 100644 --- a/bgpd/bgpd.c +++ b/bgpd/bgpd.c @@ -2417,7 +2417,7 @@ struct peer_group *peer_group_get(struct bgp *bgp, const char *name) group->conf->group = group; group->conf->as = 0; group->conf->ttl = BGP_DEFAULT_TTL; - group->conf->gtsm_hops = 0; + group->conf->gtsm_hops = BGP_GTSM_HOPS_DISABLED; group->conf->v_routeadv = BGP_DEFAULT_EBGP_ROUTEADV; SET_FLAG(group->conf->sflags, PEER_STATUS_GROUP); listnode_add_sort(bgp->group, group); @@ -4321,7 +4321,7 @@ int peer_ebgp_multihop_set(struct peer *peer, int ttl) if (ttl != MAXTTL) { if (CHECK_FLAG(peer->sflags, PEER_STATUS_GROUP)) { group = peer->group; - if (group->conf->gtsm_hops != 0) + if (group->conf->gtsm_hops != BGP_GTSM_HOPS_DISABLED) return BGP_ERR_NO_EBGP_MULTIHOP_WITH_TTLHACK; for (ALL_LIST_ELEMENTS(group->peer, node, nnode, @@ -4329,11 +4329,11 @@ int peer_ebgp_multihop_set(struct peer *peer, int ttl) if (peer1->sort == BGP_PEER_IBGP) continue; - if (peer1->gtsm_hops != 0) + if (peer1->gtsm_hops != BGP_GTSM_HOPS_DISABLED) return BGP_ERR_NO_EBGP_MULTIHOP_WITH_TTLHACK; } } else { - if (peer->gtsm_hops != 0) + if (peer->gtsm_hops != BGP_GTSM_HOPS_DISABLED) return BGP_ERR_NO_EBGP_MULTIHOP_WITH_TTLHACK; } } @@ -4374,7 +4374,7 @@ int peer_ebgp_multihop_unset(struct peer *peer) if (peer->sort == BGP_PEER_IBGP) return 0; - if (peer->gtsm_hops != 0 && peer->ttl != MAXTTL) + if (peer->gtsm_hops != BGP_GTSM_HOPS_DISABLED && peer->ttl != MAXTTL) return BGP_ERR_NO_EBGP_MULTIHOP_WITH_TTLHACK; if (peer_group_active(peer)) @@ -6567,7 +6567,8 @@ int peer_ttl_security_hops_set(struct peer *peer, int gtsm_hops) mess of this configuration parameter, and OpenBGPD got it right. */ - if ((peer->gtsm_hops == 0) && (peer->sort != BGP_PEER_IBGP)) { + if ((peer->gtsm_hops == BGP_GTSM_HOPS_DISABLED) + && (peer->sort != BGP_PEER_IBGP)) { if (is_ebgp_multihop_configured(peer)) return BGP_ERR_NO_EBGP_MULTIHOP_WITH_TTLHACK; @@ -6630,7 +6631,9 @@ int peer_ttl_security_hops_set(struct peer *peer, int gtsm_hops) * no session then do nothing (will get * handled by next connection) */ - if (peer->fd >= 0 && peer->gtsm_hops != 0) + if (peer->fd >= 0 + && peer->gtsm_hops + != BGP_GTSM_HOPS_DISABLED) sockopt_minttl( peer->su.sa.sa_family, peer->fd, MAXTTL + 1 - peer->gtsm_hops); @@ -6661,7 +6664,7 @@ int peer_ttl_security_hops_unset(struct peer *peer) if (peer_group_active(peer)) peer->gtsm_hops = peer->group->conf->gtsm_hops; else - peer->gtsm_hops = 0; + peer->gtsm_hops = BGP_GTSM_HOPS_DISABLED; if (!CHECK_FLAG(peer->sflags, PEER_STATUS_GROUP)) { /* Invoking ebgp_multihop_set will set the TTL back to the @@ -6684,7 +6687,7 @@ int peer_ttl_security_hops_unset(struct peer *peer) } else { group = peer->group; for (ALL_LIST_ELEMENTS(group->peer, node, nnode, peer)) { - peer->gtsm_hops = 0; + peer->gtsm_hops = BGP_GTSM_HOPS_DISABLED; if (peer->sort == BGP_PEER_EBGP) ret = peer_ebgp_multihop_unset(peer); else { diff --git a/bgpd/bgpd.h b/bgpd/bgpd.h index e6a7c4b7f9..548dfe4683 100644 --- a/bgpd/bgpd.h +++ b/bgpd/bgpd.h @@ -723,7 +723,9 @@ struct bgp_nexthop { #define RMAP_OUT 1 #define RMAP_MAX 2 -#define BGP_DEFAULT_TTL 1 +#define BGP_DEFAULT_TTL 1 +#define BGP_GTSM_HOPS_DISABLED 0 +#define BGP_GTSM_HOPS_CONNECTED 1 #include "filter.h" diff --git a/doc/user/bgp.rst b/doc/user/bgp.rst index 81b4e34647..bacb69b815 100644 --- a/doc/user/bgp.rst +++ b/doc/user/bgp.rst @@ -424,6 +424,16 @@ Reject routes with AS_SET or AS_CONFED_SET types This command enables rejection of incoming and outgoing routes having AS_SET or AS_CONFED_SET type. +Disable checking if nexthop is connected on EBGP sessions +--------------------------------------------------------- + +.. index:: [no] bgp disable-ebgp-connected-route-check +.. clicmd:: [no] bgp disable-ebgp-connected-route-check + + This command is used to disable the connection verification process for EBGP peering sessions + that are reachable by a single hop but are configured on a loopback interface or otherwise + configured with a non-directly connected IP address. + .. _bgp-route-flap-dampening: Route Flap Dampening |