diff options
| author | Claudio Jeker <claudio@cvs.openbsd.org> | 2005-03-11 12:54:21 +0000 |
|---|---|---|
| committer | Claudio Jeker <claudio@cvs.openbsd.org> | 2005-03-11 12:54:21 +0000 |
| commit | 9cf558b328c8aee614395d1731b9dafa0d2ca9bb (patch) | |
| tree | 49978b6b33a570b0469b0743bc607e86d0b2a162 /usr.sbin | |
| parent | e45069d653342d4463f4f43fcc2fd66dbc4d4c31 (diff) | |
Finally commit the transparent-as and nexthop no-modify stuff I wrote on the
way to FOSDEM. With transparent-as set to ye bgpd will not prepend his own
AS for sent updates. NB the neighbor needs to set "enforce neighbor-as no"
or it will not like the received AS paths. With set nexthop no-modify bgpd
will change the nexthop as done normaly.
OK henning@ man page update with help of jmc@
Diffstat (limited to 'usr.sbin')
| -rw-r--r-- | usr.sbin/bgpd/bgpd.conf.5 | 24 | ||||
| -rw-r--r-- | usr.sbin/bgpd/bgpd.h | 4 | ||||
| -rw-r--r-- | usr.sbin/bgpd/parse.y | 21 | ||||
| -rw-r--r-- | usr.sbin/bgpd/printconf.c | 8 | ||||
| -rw-r--r-- | usr.sbin/bgpd/rde.h | 27 | ||||
| -rw-r--r-- | usr.sbin/bgpd/rde_filter.c | 11 | ||||
| -rw-r--r-- | usr.sbin/bgpd/rde_rib.c | 6 | ||||
| -rw-r--r-- | usr.sbin/bgpd/rde_update.c | 17 |
8 files changed, 88 insertions, 30 deletions
diff --git a/usr.sbin/bgpd/bgpd.conf.5 b/usr.sbin/bgpd/bgpd.conf.5 index 053669f3ce2..16c3dde98ba 100644 --- a/usr.sbin/bgpd/bgpd.conf.5 +++ b/usr.sbin/bgpd/bgpd.conf.5 @@ -1,4 +1,4 @@ -.\" $OpenBSD: bgpd.conf.5,v 1.42 2004/12/31 10:47:37 jaredy Exp $ +.\" $OpenBSD: bgpd.conf.5,v 1.43 2005/03/11 12:54:19 claudio Exp $ .\" .\" Copyright (c) 2004 Claudio Jeker <claudio@openbsd.org> .\" Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org> @@ -254,6 +254,17 @@ router-id 10.0.0.1 .Pp If not given, the BGP ID is determined as the biggest IP address assigned to the local machine. +.Pp +.It Xo +.Ic transparent-as +.Pq Ic yes Ns \&| Ns Ic no +.Xc +If set to +.Ic yes , +.Em AS paths +to EBGP neighbors are not prepended with their own AS. +The default is +.Ic no . .El .Sh NEIGHBORS AND GROUPS .Xr bgpd 8 @@ -809,13 +820,18 @@ AS path attribute. .Pp .It Xo .Ic nexthop -.Po Ar address Ns \&| Ns -.Ic blackhole Ns \&| Ns Ic reject Pc +.Sm off +.Po Ar address \*(Ba +.Ic blackhole \*(Ba +.Ic reject \*(Ba +.Ic no-modify Pc +.Sm on .Xc Set the .Em NEXTHOP AS path attribute -to a different nexthop address, or use blackhole or reject routes. +to a different nexthop address, use blackhole or reject routes, +or do not modify it. .Bd -literal -offset indent set nexthop 192.168.0.1 set nexthop blackhole diff --git a/usr.sbin/bgpd/bgpd.h b/usr.sbin/bgpd/bgpd.h index 77b623e6d6b..5633c3aa05a 100644 --- a/usr.sbin/bgpd/bgpd.h +++ b/usr.sbin/bgpd/bgpd.h @@ -1,4 +1,4 @@ -/* $OpenBSD: bgpd.h,v 1.155 2005/02/01 21:36:01 henning Exp $ */ +/* $OpenBSD: bgpd.h,v 1.156 2005/03/11 12:54:19 claudio Exp $ */ /* * Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org> @@ -53,6 +53,7 @@ #define BGPD_FLAG_REFLECTOR 0x0004 #define BGPD_FLAG_DECISION_MASK 0x0f00 #define BGPD_FLAG_DECISION_ROUTEAGE 0x0100 +#define BGPD_FLAG_DECISION_TRANS_AS 0x0200 #define BGPD_LOG_UPDATES 0x0001 @@ -544,6 +545,7 @@ enum action_types { ACTION_SET_NEXTHOP, ACTION_SET_NEXTHOP_REJECT, ACTION_SET_NEXTHOP_BLACKHOLE, + ACTION_SET_NEXTHOP_NOMODIFY, ACTION_SET_COMMUNITY, /* ACTION_SCRUB_COMMUNITY, */ ACTION_PFTABLE diff --git a/usr.sbin/bgpd/parse.y b/usr.sbin/bgpd/parse.y index 9fb235eb863..d75ef81f06d 100644 --- a/usr.sbin/bgpd/parse.y +++ b/usr.sbin/bgpd/parse.y @@ -1,4 +1,4 @@ -/* $OpenBSD: parse.y,v 1.149 2004/12/23 16:09:26 henning Exp $ */ +/* $OpenBSD: parse.y,v 1.150 2005/03/11 12:54:19 claudio Exp $ */ /* * Copyright (c) 2002, 2003, 2004 Henning Brauer <henning@openbsd.org> @@ -145,13 +145,13 @@ typedef struct { %token REMOTEAS DESCR LOCALADDR MULTIHOP PASSIVE MAXPREFIX ANNOUNCE %token ENFORCE NEIGHBORAS CAPABILITIES REFLECTOR DEPEND %token DUMP IN OUT -%token LOG ROUTECOLL +%token LOG ROUTECOLL TRANSPARENT %token TCP MD5SIG PASSWORD KEY %token ALLOW DENY MATCH %token QUICK %token FROM TO ANY %token PREFIX PREFIXLEN SOURCEAS TRANSITAS COMMUNITY -%token SET LOCALPREF MED METRIC NEXTHOP REJECT BLACKHOLE +%token SET LOCALPREF MED METRIC NEXTHOP REJECT BLACKHOLE NOMODIFY %token PREPEND_SELF PREPEND_PEER PFTABLE %token ERROR %token IPSEC ESP AH SPI IKE @@ -307,6 +307,12 @@ conf_main : AS asnumber { else conf->flags &= ~BGPD_FLAG_NO_EVALUATE; } + | TRANSPARENT yesno { + if ($2 == 1) + conf->flags |= BGPD_FLAG_DECISION_TRANS_AS; + else + conf->flags &= ~BGPD_FLAG_DECISION_TRANS_AS; + } | LOG string { if (!strcmp($2, "updates")) conf->log |= BGPD_LOG_UPDATES; @@ -1157,6 +1163,11 @@ filter_set_opt : LOCALPREF number { fatal(NULL); $$->type = ACTION_SET_NEXTHOP_REJECT; } + | NEXTHOP NOMODIFY { + if (($$ = calloc(1, sizeof(struct filter_set))) == NULL) + fatal(NULL); + $$->type = ACTION_SET_NEXTHOP_NOMODIFY; + } | PREPEND_SELF number { if (($$ = calloc(1, sizeof(struct filter_set))) == NULL) fatal(NULL); @@ -1323,6 +1334,7 @@ lookup(char *s) { "neighbor-as", NEIGHBORAS}, { "network", NETWORK}, { "nexthop", NEXTHOP}, + { "no-modify", NOMODIFY}, { "on", ON}, { "out", OUT}, { "passive", PASSIVE}, @@ -1344,7 +1356,8 @@ lookup(char *s) { "spi", SPI}, { "tcp", TCP}, { "to", TO}, - { "transit-as", TRANSITAS} + { "transit-as", TRANSITAS}, + { "transparent-as", TRANSPARENT} }; const struct keywords *p; diff --git a/usr.sbin/bgpd/printconf.c b/usr.sbin/bgpd/printconf.c index 7672002984c..f2901b3b287 100644 --- a/usr.sbin/bgpd/printconf.c +++ b/usr.sbin/bgpd/printconf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: printconf.c,v 1.35 2004/11/23 13:07:01 claudio Exp $ */ +/* $OpenBSD: printconf.c,v 1.36 2005/03/11 12:54:19 claudio Exp $ */ /* * Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org> @@ -98,6 +98,9 @@ print_set(struct filter_set_head *set) case ACTION_SET_NEXTHOP_BLACKHOLE: printf("nexthop blackhole "); break; + case ACTION_SET_NEXTHOP_NOMODIFY: + printf("nexthop no-modify "); + break; case ACTION_SET_PREPEND_SELF: printf("prepend-self %u ", s->action.prepend); break; @@ -141,6 +144,9 @@ print_mainconf(struct bgpd_config *conf) if (conf->flags & BGPD_FLAG_DECISION_ROUTEAGE) printf("rde route-age evaluate\n"); + if (conf->flags & BGPD_FLAG_DECISION_TRANS_AS) + printf("transparent-as yes\n"); + if (conf->log & BGPD_LOG_UPDATES) printf("log updates\n"); diff --git a/usr.sbin/bgpd/rde.h b/usr.sbin/bgpd/rde.h index 827e8c7966e..c61a6523c7b 100644 --- a/usr.sbin/bgpd/rde.h +++ b/usr.sbin/bgpd/rde.h @@ -1,4 +1,4 @@ -/* $OpenBSD: rde.h,v 1.62 2004/12/23 15:08:43 henning Exp $ */ +/* $OpenBSD: rde.h,v 1.63 2005/03/11 12:54:20 claudio Exp $ */ /* * Copyright (c) 2003, 2004 Claudio Jeker <claudio@openbsd.org> and @@ -131,18 +131,19 @@ struct path_table { LIST_HEAD(prefix_head, prefix); -#define F_ATTR_ORIGIN 0x001 -#define F_ATTR_ASPATH 0x002 -#define F_ATTR_NEXTHOP 0x004 -#define F_ATTR_LOCALPREF 0x008 -#define F_ATTR_MED 0x010 -#define F_ATTR_MED_ANNOUNCE 0x020 -#define F_ATTR_MP_REACH 0x040 -#define F_ATTR_MP_UNREACH 0x080 -#define F_PREFIX_ANNOUNCED 0x100 -#define F_NEXTHOP_REJECT 0x200 -#define F_NEXTHOP_BLACKHOLE 0x400 -#define F_ATTR_LINKED 0x800 +#define F_ATTR_ORIGIN 0x0001 +#define F_ATTR_ASPATH 0x0002 +#define F_ATTR_NEXTHOP 0x0004 +#define F_ATTR_LOCALPREF 0x0008 +#define F_ATTR_MED 0x0010 +#define F_ATTR_MED_ANNOUNCE 0x0020 +#define F_ATTR_MP_REACH 0x0040 +#define F_ATTR_MP_UNREACH 0x0080 +#define F_PREFIX_ANNOUNCED 0x0100 +#define F_NEXTHOP_REJECT 0x0200 +#define F_NEXTHOP_BLACKHOLE 0x0400 +#define F_NEXTHOP_NOMODIFY 0x0800 +#define F_ATTR_LINKED 0x1000 #define ORIGIN_IGP 0 #define ORIGIN_EGP 1 diff --git a/usr.sbin/bgpd/rde_filter.c b/usr.sbin/bgpd/rde_filter.c index 819dc6117de..00f17db9798 100644 --- a/usr.sbin/bgpd/rde_filter.c +++ b/usr.sbin/bgpd/rde_filter.c @@ -1,4 +1,4 @@ -/* $OpenBSD: rde_filter.c,v 1.24 2005/02/24 17:14:53 claudio Exp $ */ +/* $OpenBSD: rde_filter.c,v 1.25 2005/03/11 12:54:20 claudio Exp $ */ /* * Copyright (c) 2004 Claudio Jeker <claudio@openbsd.org> @@ -85,10 +85,11 @@ rde_apply_set(struct rde_aspath *asp, struct filter_set_head *sh, SIMPLEQ_FOREACH(set, sh, entry) { /* * default outgoing overrides are only allowed to - * set prepend-self + * set prepend-self and set nexthop no-modify */ if (dir == DIR_DEFAULT_OUT && - set->type != ACTION_SET_PREPEND_SELF) + set->type != ACTION_SET_PREPEND_SELF && + set->type != ACTION_SET_NEXTHOP_NOMODIFY) continue; switch (set->type) { @@ -119,6 +120,10 @@ rde_apply_set(struct rde_aspath *asp, struct filter_set_head *sh, case ACTION_SET_NEXTHOP: case ACTION_SET_NEXTHOP_REJECT: case ACTION_SET_NEXTHOP_BLACKHOLE: + case ACTION_SET_NEXTHOP_NOMODIFY: + if (set->type == ACTION_SET_NEXTHOP_NOMODIFY && + dir == DIR_DEFAULT_IN) + break; nexthop_modify(asp, &set->action.nexthop, set->type, af); break; diff --git a/usr.sbin/bgpd/rde_rib.c b/usr.sbin/bgpd/rde_rib.c index 5e9dbc4830f..ea3295164d2 100644 --- a/usr.sbin/bgpd/rde_rib.c +++ b/usr.sbin/bgpd/rde_rib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: rde_rib.c,v 1.63 2004/11/23 13:07:01 claudio Exp $ */ +/* $OpenBSD: rde_rib.c,v 1.64 2005/03/11 12:54:20 claudio Exp $ */ /* * Copyright (c) 2003, 2004 Claudio Jeker <claudio@openbsd.org> @@ -762,6 +762,10 @@ nexthop_modify(struct rde_aspath *asp, struct bgpd_addr *nexthop, asp->flags |= F_NEXTHOP_BLACKHOLE; return; } + if (type == ACTION_SET_NEXTHOP_NOMODIFY) { + asp->flags |= F_NEXTHOP_NOMODIFY; + return; + } if (af != nexthop->af) return; diff --git a/usr.sbin/bgpd/rde_update.c b/usr.sbin/bgpd/rde_update.c index 1533196be94..5fd755b298e 100644 --- a/usr.sbin/bgpd/rde_update.c +++ b/usr.sbin/bgpd/rde_update.c @@ -1,4 +1,4 @@ -/* $OpenBSD: rde_update.c,v 1.34 2005/02/07 05:51:52 david Exp $ */ +/* $OpenBSD: rde_update.c,v 1.35 2005/03/11 12:54:20 claudio Exp $ */ /* * Copyright (c) 2004 Claudio Jeker <claudio@openbsd.org> @@ -580,7 +580,12 @@ up_generate_attr(struct rde_peer *peer, struct update_attr *upa, wlen += r; len -= r; /* aspath */ - path = aspath_prepend(a->aspath, rde_local_as(), peer->conf.ebgp); + if (!peer->conf.ebgp || + rde_decisionflags() & BGPD_FLAG_DECISION_TRANS_AS) + path = aspath_prepend(a->aspath, rde_local_as(), 0); + else + path = aspath_prepend(a->aspath, rde_local_as(), 1); + if ((r = attr_write(up_attr_buf + wlen, len, ATTR_WELL_KNOWN, ATTR_ASPATH, path->data, path->len)) == -1) return (-1); @@ -588,7 +593,13 @@ up_generate_attr(struct rde_peer *peer, struct update_attr *upa, wlen += r; len -= r; /* nexthop, already network byte order */ - if (peer->conf.ebgp == 0) { + if (a->flags & F_NEXTHOP_NOMODIFY) { + /* no modify flag set */ + if (a->nexthop == NULL) + nexthop = peer->local_v4_addr.v4.s_addr; + else + nexthop = a->nexthop->exit_nexthop.v4.s_addr; + } else if (!peer->conf.ebgp) { /* * If directly connected use peer->local_v4_addr * this is only true for announced networks. |