diff options
| -rw-r--r-- | usr.sbin/bgpd/bgpd.conf.5 | 16 | ||||
| -rw-r--r-- | usr.sbin/bgpd/bgpd.h | 3 | ||||
| -rw-r--r-- | usr.sbin/bgpd/parse.y | 10 | ||||
| -rw-r--r-- | usr.sbin/bgpd/printconf.c | 6 | ||||
| -rw-r--r-- | usr.sbin/bgpd/rde.c | 3 |
5 files changed, 33 insertions, 5 deletions
diff --git a/usr.sbin/bgpd/bgpd.conf.5 b/usr.sbin/bgpd/bgpd.conf.5 index 953ae15c6d1..2baaf5e3897 100644 --- a/usr.sbin/bgpd/bgpd.conf.5 +++ b/usr.sbin/bgpd/bgpd.conf.5 @@ -1,4 +1,4 @@ -.\" $OpenBSD: bgpd.conf.5,v 1.154 2017/05/27 10:33:15 phessler Exp $ +.\" $OpenBSD: bgpd.conf.5,v 1.155 2017/05/27 18:12:23 phessler Exp $ .\" .\" Copyright (c) 2004 Claudio Jeker <claudio@openbsd.org> .\" Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org> @@ -767,6 +767,20 @@ section in .Sx GLOBAL CONFIGURATION . .Pp .It Xo +.Ic enforce local-as +.Pq Ic yes Ns | Ns Ic no +.Xc +If set to +.Ic no , +.Em AS paths +will not be checked for AS loop detection. +This feature is similar to allowas-in in some other BGP implementations. +Since there is no AS path loop check, this feature is dangerous, and +requires you to add filters to prevent receiving your own prefixes. +The default value is +.Ic yes . +.Pp +.It Xo .Ic enforce neighbor-as .Pq Ic yes Ns | Ns Ic no .Xc diff --git a/usr.sbin/bgpd/bgpd.h b/usr.sbin/bgpd/bgpd.h index 303e18173b3..5f404bdd0c4 100644 --- a/usr.sbin/bgpd/bgpd.h +++ b/usr.sbin/bgpd/bgpd.h @@ -1,4 +1,4 @@ -/* $OpenBSD: bgpd.h,v 1.303 2017/05/27 12:09:27 phessler Exp $ */ +/* $OpenBSD: bgpd.h,v 1.304 2017/05/27 18:12:23 phessler Exp $ */ /* * Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org> @@ -309,6 +309,7 @@ struct peer_config { u_int32_t max_prefix; enum announce_type announce_type; enum enforce_as enforce_as; + enum enforce_as enforce_local_as; enum reconf_action reconf_action; u_int16_t max_prefix_restart; u_int16_t holdtime; diff --git a/usr.sbin/bgpd/parse.y b/usr.sbin/bgpd/parse.y index 0b8bea69e66..ad567092cc1 100644 --- a/usr.sbin/bgpd/parse.y +++ b/usr.sbin/bgpd/parse.y @@ -1,4 +1,4 @@ -/* $OpenBSD: parse.y,v 1.304 2017/05/27 18:04:07 benno Exp $ */ +/* $OpenBSD: parse.y,v 1.305 2017/05/27 18:12:23 phessler Exp $ */ /* * Copyright (c) 2002, 2003, 2004 Henning Brauer <henning@openbsd.org> @@ -1190,6 +1190,12 @@ peeropts : REMOTEAS as4number { else curpeer->conf.enforce_as = ENFORCE_AS_OFF; } + | ENFORCE LOCALAS yesno { + if ($3) + curpeer->conf.enforce_local_as = ENFORCE_AS_ON; + else + curpeer->conf.enforce_local_as = ENFORCE_AS_OFF; + } | MAXPREFIX NUMBER restart { if ($2 < 0 || $2 > UINT_MAX) { yyerror("bad maximum number of prefixes"); @@ -3697,6 +3703,8 @@ neighbor_consistent(struct peer *p) if (p->conf.enforce_as == ENFORCE_AS_UNDEF) p->conf.enforce_as = p->conf.ebgp ? ENFORCE_AS_ON : ENFORCE_AS_OFF; + if (p->conf.enforce_local_as == ENFORCE_AS_UNDEF) + p->conf.enforce_local_as = ENFORCE_AS_ON; /* EBGP neighbors are not allowed in route reflector clusters */ if (p->conf.reflector_client && p->conf.ebgp) { diff --git a/usr.sbin/bgpd/printconf.c b/usr.sbin/bgpd/printconf.c index 30cb76545db..9e5710a1362 100644 --- a/usr.sbin/bgpd/printconf.c +++ b/usr.sbin/bgpd/printconf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: printconf.c,v 1.102 2017/05/27 10:33:15 phessler Exp $ */ +/* $OpenBSD: printconf.c,v 1.103 2017/05/27 18:12:23 phessler Exp $ */ /* * Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org> @@ -470,6 +470,10 @@ print_peer(struct peer_config *p, struct bgpd_config *conf, const char *c) printf("%s\tenforce neighbor-as yes\n", c); else printf("%s\tenforce neighbor-as no\n", c); + if (p->enforce_local_as == ENFORCE_AS_ON) + printf("%s\tenforce local-as yes\n", c); + else + printf("%s\tenforce local-as no\n", c); if (p->reflector_client) { if (conf->clusterid == 0) printf("%s\troute-reflector\n", c); diff --git a/usr.sbin/bgpd/rde.c b/usr.sbin/bgpd/rde.c index 6eb27eef66a..b6b4c764ab4 100644 --- a/usr.sbin/bgpd/rde.c +++ b/usr.sbin/bgpd/rde.c @@ -1,4 +1,4 @@ -/* $OpenBSD: rde.c,v 1.362 2017/05/27 10:33:15 phessler Exp $ */ +/* $OpenBSD: rde.c,v 1.363 2017/05/27 18:12:23 phessler Exp $ */ /* * Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org> @@ -1104,6 +1104,7 @@ rde_update_dispatch(struct imsg *imsg) /* aspath needs to be loop free nota bene this is not a hard error */ if (peer->conf.ebgp && + peer->conf.enforce_local_as == ENFORCE_AS_ON && !aspath_loopfree(asp->aspath, peer->conf.local_as)) asp->flags |= F_ATTR_LOOP; |