Allow neighbor-as in AS filter statements like:

match from any source-as neighbor-as set localpref 1000
OK henning@

4 files changed, 32 insertions, 14 deletions

diff --git a/usr.sbin/bgpd/bgpd.conf.5 b/usr.sbin/bgpd/bgpd.conf.5
index 8114b853152..8022ec631a0 100644
--- a/usr.sbin/bgpd/bgpd.conf.5
+++ b/usr.sbin/bgpd/bgpd.conf.5
@@ -1,4 +1,4 @@
-.\" $OpenBSD: bgpd.conf.5,v 1.104 2010/03/05 15:25:00 claudio Exp $
+.\" $OpenBSD: bgpd.conf.5,v 1.105 2010/04/28 13:07:48 claudio Exp $
 .\"
 .\" Copyright (c) 2004 Claudio Jeker <claudio@openbsd.org>
 .\" Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org>
@@ -16,7 +16,7 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.Dd $Mdocdate: March 5 2010 $
+.Dd $Mdocdate: April 28 2010 $
 .Dt BGPD.CONF 5
 .Os
 .Sh NAME
@@ -883,6 +883,10 @@ is matched against a part of the
 .Em AS path
 specified by the
 .Ar as-type .
+.Ar as-number
+may be set to
+.Ic neighbor-as ,
+which is expanded to the current neighbor remote AS number.
 .Ar as-type
 is one of the following operators:
 .Pp
diff --git a/usr.sbin/bgpd/bgpd.h b/usr.sbin/bgpd/bgpd.h
index f4b21de52d5..6c6d87e3c28 100644
--- a/usr.sbin/bgpd/bgpd.h
+++ b/usr.sbin/bgpd/bgpd.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: bgpd.h,v 1.256 2010/04/13 09:09:48 claudio Exp $ */
+/*	$OpenBSD: bgpd.h,v 1.257 2010/04/28 13:07:48 claudio Exp $ */
 
 /*
  * Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org>
@@ -551,10 +551,13 @@ enum as_spec {
 };
 
 struct filter_as {
-	enum as_spec	type;
 	u_int32_t	as;
+	u_int16_t	flags;
+	enum as_spec	type;
 };
 
+#define AS_FLAG_NEIGHBORAS	0x01
+
 struct filter_community {
 	int			as;
 	int			type;
diff --git a/usr.sbin/bgpd/parse.y b/usr.sbin/bgpd/parse.y
index 1d9c7ee23c0..966aa7c1e57 100644
--- a/usr.sbin/bgpd/parse.y
+++ b/usr.sbin/bgpd/parse.y
@@ -1,4 +1,4 @@
-/*	$OpenBSD: parse.y,v 1.251 2010/04/26 08:46:31 claudio Exp $ */
+/*	$OpenBSD: parse.y,v 1.252 2010/04/28 13:07:48 claudio Exp $ */
 
 /*
  * Copyright (c) 2002, 2003, 2004 Henning Brauer <henning@openbsd.org>
@@ -1402,6 +1402,12 @@ filter_as	: as4number		{
 				fatal(NULL);
 			$$->a.as = $1;
 		}
+		| NEIGHBORAS		{
+			if (($$ = calloc(1, sizeof(struct filter_as_l))) ==
+			    NULL)
+				fatal(NULL);
+			$$->a.flags = AS_FLAG_NEIGHBORAS;
+		}
 		;
 
 filter_match_h	: /* empty */			{
diff --git a/usr.sbin/bgpd/rde_filter.c b/usr.sbin/bgpd/rde_filter.c
index 994e4d15b5d..7ce990812a3 100644
--- a/usr.sbin/bgpd/rde_filter.c
+++ b/usr.sbin/bgpd/rde_filter.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: rde_filter.c,v 1.62 2010/03/05 15:25:00 claudio Exp $ */
+/*	$OpenBSD: rde_filter.c,v 1.63 2010/04/28 13:07:48 claudio Exp $ */
 
 /*
  * Copyright (c) 2004 Claudio Jeker <claudio@openbsd.org>
@@ -269,22 +269,27 @@ int
 rde_filter_match(struct filter_rule *f, struct rde_aspath *asp,
     struct bgpd_addr *prefix, u_int8_t plen, struct rde_peer *peer)
 {
-	int	as, type;
-
-	if (asp != NULL && f->match.as.type != AS_NONE)
-		if (aspath_match(asp->aspath, f->match.as.type,
-		    f->match.as.as) == 0)
+	u_int32_t	pas;
+	int		cas, type;
+
+	if (asp != NULL && f->match.as.type != AS_NONE) {
+		if (f->match.as.flags & AS_FLAG_NEIGHBORAS)
+			pas = peer->conf.remote_as;
+		else
+			pas = f->match.as.as;
+		if (aspath_match(asp->aspath, f->match.as.type, pas) == 0)
 			return (0);
+	}
 
 	if (asp != NULL && f->match.community.as != COMMUNITY_UNSET) {
 		switch (f->match.community.as) {
 		case COMMUNITY_ERROR:
 			fatalx("rde_apply_set bad community string");
 		case COMMUNITY_NEIGHBOR_AS:
-			as = peer->conf.remote_as;
+			cas = peer->conf.remote_as;
 			break;
 		default:
-			as = f->match.community.as;
+			cas = f->match.community.as;
 			break;
 		}
 
@@ -299,7 +304,7 @@ rde_filter_match(struct filter_rule *f, struct rde_aspath *asp,
 			break;
 		}
 
-		if (community_match(asp, as, type) == 0)
+		if (community_match(asp, cas, type) == 0)
 			return (0);
 	}
 	if (asp != NULL &&