diff options
| author | Peter Hessler <phessler@cvs.openbsd.org> | 2017-05-27 18:12:24 +0000 |
|---|---|---|
| committer | Peter Hessler <phessler@cvs.openbsd.org> | 2017-05-27 18:12:24 +0000 |
| commit | 6ff61c9bfeece5819b9b6f4caf295807db3ac60a (patch) | |
| tree | 3c0cd01ff3caa330c8c8ecbf8b2a34a2e7ae92c2 /usr.sbin | |
| parent | 02d06da67fdf4780fbdca08b9a3135ef42d8cbe4 (diff) | |
Allow an administrator to disable the bgp loop detection algorithm,
which is useful in very limited situations.
Angry dragons and grues will hunt for you, if you use it.
OK claudio@ sthen@ benno@
Diffstat (limited to 'usr.sbin')
| -rw-r--r-- | usr.sbin/bgpd/bgpd.conf.5 | 16 | ||||
| -rw-r--r-- | usr.sbin/bgpd/bgpd.h | 3 | ||||
| -rw-r--r-- | usr.sbin/bgpd/parse.y | 10 | ||||
| -rw-r--r-- | usr.sbin/bgpd/printconf.c | 6 | ||||
| -rw-r--r-- | usr.sbin/bgpd/rde.c | 3 |
5 files changed, 33 insertions, 5 deletions
diff --git a/usr.sbin/bgpd/bgpd.conf.5 b/usr.sbin/bgpd/bgpd.conf.5 index 953ae15c6d1..2baaf5e3897 100644 --- a/usr.sbin/bgpd/bgpd.conf.5 +++ b/usr.sbin/bgpd/bgpd.conf.5 @@ -1,4 +1,4 @@ -.\" $OpenBSD: bgpd.conf.5,v 1.154 2017/05/27 10:33:15 phessler Exp $ +.\" $OpenBSD: bgpd.conf.5,v 1.155 2017/05/27 18:12:23 phessler Exp $ .\" .\" Copyright (c) 2004 Claudio Jeker <claudio@openbsd.org> .\" Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org> @@ -767,6 +767,20 @@ section in .Sx GLOBAL CONFIGURATION . .Pp .It Xo +.Ic enforce local-as +.Pq Ic yes Ns | Ns Ic no +.Xc +If set to +.Ic no , +.Em AS paths +will not be checked for AS loop detection. +This feature is similar to allowas-in in some other BGP implementations. +Since there is no AS path loop check, this feature is dangerous, and +requires you to add filters to prevent receiving your own prefixes. +The default value is +.Ic yes . +.Pp +.It Xo .Ic enforce neighbor-as .Pq Ic yes Ns | Ns Ic no .Xc diff --git a/usr.sbin/bgpd/bgpd.h b/usr.sbin/bgpd/bgpd.h index 303e18173b3..5f404bdd0c4 100644 --- a/usr.sbin/bgpd/bgpd.h +++ b/usr.sbin/bgpd/bgpd.h @@ -1,4 +1,4 @@ -/* $OpenBSD: bgpd.h,v 1.303 2017/05/27 12:09:27 phessler Exp $ */ +/* $OpenBSD: bgpd.h,v 1.304 2017/05/27 18:12:23 phessler Exp $ */ /* * Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org> @@ -309,6 +309,7 @@ struct peer_config { u_int32_t max_prefix; enum announce_type announce_type; enum enforce_as enforce_as; + enum enforce_as enforce_local_as; enum reconf_action reconf_action; u_int16_t max_prefix_restart; u_int16_t holdtime; diff --git a/usr.sbin/bgpd/parse.y b/usr.sbin/bgpd/parse.y index 0b8bea69e66..ad567092cc1 100644 --- a/usr.sbin/bgpd/parse.y +++ b/usr.sbin/bgpd/parse.y @@ -1,4 +1,4 @@ -/* $OpenBSD: parse.y,v 1.304 2017/05/27 18:04:07 benno Exp $ */ +/* $OpenBSD: parse.y,v 1.305 2017/05/27 18:12:23 phessler Exp $ */ /* * Copyright (c) 2002, 2003, 2004 Henning Brauer <henning@openbsd.org> @@ -1190,6 +1190,12 @@ peeropts : REMOTEAS as4number { else curpeer->conf.enforce_as = ENFORCE_AS_OFF; } + | ENFORCE LOCALAS yesno { + if ($3) + curpeer->conf.enforce_local_as = ENFORCE_AS_ON; + else + curpeer->conf.enforce_local_as = ENFORCE_AS_OFF; + } | MAXPREFIX NUMBER restart { if ($2 < 0 || $2 > UINT_MAX) { yyerror("bad maximum number of prefixes"); @@ -3697,6 +3703,8 @@ neighbor_consistent(struct peer *p) if (p->conf.enforce_as == ENFORCE_AS_UNDEF) p->conf.enforce_as = p->conf.ebgp ? ENFORCE_AS_ON : ENFORCE_AS_OFF; + if (p->conf.enforce_local_as == ENFORCE_AS_UNDEF) + p->conf.enforce_local_as = ENFORCE_AS_ON; /* EBGP neighbors are not allowed in route reflector clusters */ if (p->conf.reflector_client && p->conf.ebgp) { diff --git a/usr.sbin/bgpd/printconf.c b/usr.sbin/bgpd/printconf.c index 30cb76545db..9e5710a1362 100644 --- a/usr.sbin/bgpd/printconf.c +++ b/usr.sbin/bgpd/printconf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: printconf.c,v 1.102 2017/05/27 10:33:15 phessler Exp $ */ +/* $OpenBSD: printconf.c,v 1.103 2017/05/27 18:12:23 phessler Exp $ */ /* * Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org> @@ -470,6 +470,10 @@ print_peer(struct peer_config *p, struct bgpd_config *conf, const char *c) printf("%s\tenforce neighbor-as yes\n", c); else printf("%s\tenforce neighbor-as no\n", c); + if (p->enforce_local_as == ENFORCE_AS_ON) + printf("%s\tenforce local-as yes\n", c); + else + printf("%s\tenforce local-as no\n", c); if (p->reflector_client) { if (conf->clusterid == 0) printf("%s\troute-reflector\n", c); diff --git a/usr.sbin/bgpd/rde.c b/usr.sbin/bgpd/rde.c index 6eb27eef66a..b6b4c764ab4 100644 --- a/usr.sbin/bgpd/rde.c +++ b/usr.sbin/bgpd/rde.c @@ -1,4 +1,4 @@ -/* $OpenBSD: rde.c,v 1.362 2017/05/27 10:33:15 phessler Exp $ */ +/* $OpenBSD: rde.c,v 1.363 2017/05/27 18:12:23 phessler Exp $ */ /* * Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org> @@ -1104,6 +1104,7 @@ rde_update_dispatch(struct imsg *imsg) /* aspath needs to be loop free nota bene this is not a hard error */ if (peer->conf.ebgp && + peer->conf.enforce_local_as == ENFORCE_AS_ON && !aspath_loopfree(asp->aspath, peer->conf.local_as)) asp->flags |= F_ATTR_LOOP; |