From bb8c0be811b76c6ab88d9ab6f84dfd86fefb3dbb Mon Sep 17 00:00:00 2001
From: Claudio Jeker <claudio@cvs.openbsd.org>
Date: Tue, 13 Nov 2012 09:47:21 +0000
Subject: Allow filtering based on the NEXTHOP attribute. This allows to build
 rules like: allow from any nexthop neighbor (to allow only prefixes that use
 the routers IP address as nexthop). Lots of testing, input and OK florian@

---
 usr.sbin/bgpd/parse.y | 22 +++++++++++++++++++++-
 1 file changed, 21 insertions(+), 1 deletion(-)

(limited to 'usr.sbin/bgpd/parse.y')

diff --git a/usr.sbin/bgpd/parse.y b/usr.sbin/bgpd/parse.y
index 1099ef26833..460f016201a 100644
--- a/usr.sbin/bgpd/parse.y
+++ b/usr.sbin/bgpd/parse.y
@@ -1,4 +1,4 @@
-/*	$OpenBSD: parse.y,v 1.264 2012/09/23 09:39:17 claudio Exp $ */
+/*	$OpenBSD: parse.y,v 1.265 2012/11/13 09:47:20 claudio Exp $ */
 
 /*
  * Copyright (c) 2002, 2003, 2004 Henning Brauer <henning@openbsd.org>
@@ -1700,6 +1700,26 @@ filter_elm	: filter_prefix_h	{
 			}
 			fmopts.aid = AID_INET6;
 		}
+		| NEXTHOP address 	{
+			if (fmopts.m.nexthop.flags) {
+				yyerror("nexthop already specified");
+				YYERROR;
+			}
+			if (fmopts.aid && fmopts.aid != $2.aid) {
+				yyerror("nexthop address family doesn't match "
+				    "rule address family");
+				YYERROR;
+			}
+			fmopts.m.nexthop.addr = $2;
+			fmopts.m.nexthop.flags = FILTER_NEXTHOP_ADDR;
+		}
+		| NEXTHOP NEIGHBOR 	{
+			if (fmopts.m.nexthop.flags) {
+				yyerror("nexthop already specified");
+				YYERROR;
+			}
+			fmopts.m.nexthop.flags = FILTER_NEXTHOP_NEIGHBOR;
+		}
 		;
 
 prefixlenop	: unaryop NUMBER		{
-- 
cgit v1.2.3