diff options
| author | Paul Jakma <paul.jakma@sun.com> | 2008-08-23 14:27:06 +0100 |
|---|---|---|
| committer | Paul Jakma <paul@quagga.net> | 2008-08-23 14:27:06 +0100 |
| commit | 62687ff1cd3d4460cdbd4b0fbf1e3298fe277ad2 (patch) | |
| tree | 6bea5c1cf07d9d702c95fabe356fcec418b91398 /bgpd/bgp_route.c | |
| parent | b38309a4ee831a440ef78f8a27db584f2f8e8276 (diff) | |
[vty] Add support for a 'restricted mode' with anonymous vty connections
* lib/command.h: Add a RESTRICTED_NODE, intended for use with
anonymous, 'no login' vtys, to provide a subset of 'view' mode
commands.
* lib/command.c: Add RESTRICTED_NODE bits, nothing special, just
following VIEW_NODE.
* lib/vty.c: (vty_auth) enable authentication should fall back to
restricted/view node as appropriate.
(vty_create) init vty's to restricted/view node as appropriate,
for the 'no login' case.
(vty_{no_,}restricted_mode_cmd) config commands to enable
'anonymous restricted' in vty configuration.
(vty_config_write) 'anonymous restricted' config.
(vty_init) Install some commands to restricted mode, and the
'anonymous restricted' config commands into VTY_NODE.
* bgpd/*.c: Install some of the safe(r) BGP commands into
'restricted mode', i.e. lookup commands of non-sensitive data.
Useful with looking-glass route-servers.
Diffstat (limited to 'bgpd/bgp_route.c')
| -rw-r--r-- | bgpd/bgp_route.c | 65 |
1 files changed, 65 insertions, 0 deletions
diff --git a/bgpd/bgp_route.c b/bgpd/bgp_route.c index 4a642e34..9ff64654 100644 --- a/bgpd/bgp_route.c +++ b/bgpd/bgp_route.c @@ -11787,6 +11787,37 @@ bgp_route_init () install_element (VIEW_NODE, &show_ip_bgp_view_rsclient_cmd); install_element (VIEW_NODE, &show_ip_bgp_view_rsclient_route_cmd); install_element (VIEW_NODE, &show_ip_bgp_view_rsclient_prefix_cmd); + + /* Restricted node: VIEW_NODE - (set of dangerous commands) */ + install_element (RESTRICTED_NODE, &show_ip_bgp_route_cmd); + install_element (RESTRICTED_NODE, &show_ip_bgp_ipv4_route_cmd); + install_element (RESTRICTED_NODE, &show_ip_bgp_vpnv4_rd_route_cmd); + install_element (RESTRICTED_NODE, &show_ip_bgp_prefix_cmd); + install_element (RESTRICTED_NODE, &show_ip_bgp_ipv4_prefix_cmd); + install_element (RESTRICTED_NODE, &show_ip_bgp_vpnv4_all_prefix_cmd); + install_element (RESTRICTED_NODE, &show_ip_bgp_vpnv4_rd_prefix_cmd); + install_element (RESTRICTED_NODE, &show_ip_bgp_view_route_cmd); + install_element (RESTRICTED_NODE, &show_ip_bgp_view_prefix_cmd); + install_element (RESTRICTED_NODE, &show_ip_bgp_community_cmd); + install_element (RESTRICTED_NODE, &show_ip_bgp_community2_cmd); + install_element (RESTRICTED_NODE, &show_ip_bgp_community3_cmd); + install_element (RESTRICTED_NODE, &show_ip_bgp_community4_cmd); + install_element (RESTRICTED_NODE, &show_ip_bgp_ipv4_community_cmd); + install_element (RESTRICTED_NODE, &show_ip_bgp_ipv4_community2_cmd); + install_element (RESTRICTED_NODE, &show_ip_bgp_ipv4_community3_cmd); + install_element (RESTRICTED_NODE, &show_ip_bgp_ipv4_community4_cmd); + install_element (RESTRICTED_NODE, &show_ip_bgp_community_exact_cmd); + install_element (RESTRICTED_NODE, &show_ip_bgp_community2_exact_cmd); + install_element (RESTRICTED_NODE, &show_ip_bgp_community3_exact_cmd); + install_element (RESTRICTED_NODE, &show_ip_bgp_community4_exact_cmd); + install_element (RESTRICTED_NODE, &show_ip_bgp_ipv4_community_exact_cmd); + install_element (RESTRICTED_NODE, &show_ip_bgp_ipv4_community2_exact_cmd); + install_element (RESTRICTED_NODE, &show_ip_bgp_ipv4_community3_exact_cmd); + install_element (RESTRICTED_NODE, &show_ip_bgp_ipv4_community4_exact_cmd); + install_element (RESTRICTED_NODE, &show_ip_bgp_rsclient_route_cmd); + install_element (RESTRICTED_NODE, &show_ip_bgp_rsclient_prefix_cmd); + install_element (RESTRICTED_NODE, &show_ip_bgp_view_rsclient_route_cmd); + install_element (RESTRICTED_NODE, &show_ip_bgp_view_rsclient_prefix_cmd); install_element (ENABLE_NODE, &show_ip_bgp_cmd); install_element (ENABLE_NODE, &show_ip_bgp_ipv4_cmd); @@ -11971,6 +12002,40 @@ bgp_route_init () install_element (VIEW_NODE, &show_bgp_view_rsclient_cmd); install_element (VIEW_NODE, &show_bgp_view_rsclient_route_cmd); install_element (VIEW_NODE, &show_bgp_view_rsclient_prefix_cmd); + + /* Restricted: + * VIEW_NODE - (set of dangerous commands) - (commands dependent on prev) + */ + install_element (RESTRICTED_NODE, &show_bgp_route_cmd); + install_element (RESTRICTED_NODE, &show_bgp_ipv6_route_cmd); + install_element (RESTRICTED_NODE, &show_bgp_prefix_cmd); + install_element (RESTRICTED_NODE, &show_bgp_ipv6_prefix_cmd); + install_element (RESTRICTED_NODE, &show_bgp_community_cmd); + install_element (RESTRICTED_NODE, &show_bgp_ipv6_community_cmd); + install_element (RESTRICTED_NODE, &show_bgp_community2_cmd); + install_element (RESTRICTED_NODE, &show_bgp_ipv6_community2_cmd); + install_element (RESTRICTED_NODE, &show_bgp_community3_cmd); + install_element (RESTRICTED_NODE, &show_bgp_ipv6_community3_cmd); + install_element (RESTRICTED_NODE, &show_bgp_community4_cmd); + install_element (RESTRICTED_NODE, &show_bgp_ipv6_community4_cmd); + install_element (RESTRICTED_NODE, &show_bgp_community_exact_cmd); + install_element (RESTRICTED_NODE, &show_bgp_ipv6_community_exact_cmd); + install_element (RESTRICTED_NODE, &show_bgp_community2_exact_cmd); + install_element (RESTRICTED_NODE, &show_bgp_ipv6_community2_exact_cmd); + install_element (RESTRICTED_NODE, &show_bgp_community3_exact_cmd); + install_element (RESTRICTED_NODE, &show_bgp_ipv6_community3_exact_cmd); + install_element (RESTRICTED_NODE, &show_bgp_community4_exact_cmd); + install_element (RESTRICTED_NODE, &show_bgp_ipv6_community4_exact_cmd); + install_element (RESTRICTED_NODE, &show_bgp_rsclient_route_cmd); + install_element (RESTRICTED_NODE, &show_bgp_rsclient_prefix_cmd); + install_element (RESTRICTED_NODE, &show_bgp_view_route_cmd); + install_element (RESTRICTED_NODE, &show_bgp_view_ipv6_route_cmd); + install_element (RESTRICTED_NODE, &show_bgp_view_prefix_cmd); + install_element (RESTRICTED_NODE, &show_bgp_view_ipv6_prefix_cmd); + install_element (RESTRICTED_NODE, &show_bgp_view_neighbor_received_prefix_filter_cmd); + install_element (RESTRICTED_NODE, &show_bgp_view_ipv6_neighbor_received_prefix_filter_cmd); + install_element (RESTRICTED_NODE, &show_bgp_view_rsclient_route_cmd); + install_element (RESTRICTED_NODE, &show_bgp_view_rsclient_prefix_cmd); install_element (ENABLE_NODE, &show_bgp_cmd); install_element (ENABLE_NODE, &show_bgp_ipv6_cmd); |