summaryrefslogtreecommitdiff
path: root/bgpd
diff options
context:
space:
mode:
authorStephen Hemminger <shemminger@vyatta.com>2011-03-24 17:30:21 +0000
committerPaul Jakma <paul@quagga.net>2011-03-28 11:27:41 +0100
commitf5a4827db60545309d0ee378b85acac56cf7837a (patch)
treea28de765a209f772d1b95b78a357ddf17318844a /bgpd
parentd876bdf4a84f40ac3f9bec8d5040858b3725db3e (diff)
bgpd: refine the setting up of GTSM
* bgpd.h: Add error code for setting GTSM on iBGP * bgpd.c: (peer_ttl_security_hops_set) use previous error code and signal incompatibility of GTSM+iBGP to vty. Consider the session state when setting GTSM, and reset Open/Active peers to let them pick up new TTL from start.
Diffstat (limited to 'bgpd')
-rw-r--r--bgpd/bgp_vty.c17
-rw-r--r--bgpd/bgpd.c21
-rw-r--r--bgpd/bgpd.h3
3 files changed, 33 insertions, 8 deletions
diff --git a/bgpd/bgp_vty.c b/bgpd/bgp_vty.c
index d93c5d36..e7e7dba1 100644
--- a/bgpd/bgp_vty.c
+++ b/bgpd/bgp_vty.c
@@ -216,6 +216,9 @@ bgp_vty_return (struct vty *vty, int ret)
case BGP_ERR_NO_EBGP_MULTIHOP_WITH_TTLHACK:
str = "ebgp-multihop and ttl-security cannot be configured together";
break;
+ case BGP_ERR_NO_IBGP_WITH_TTLHACK:
+ str = "ttl-security only allowed for EBGP peers";
+ break;
}
if (str)
{
@@ -7643,10 +7646,16 @@ bgp_show_peer (struct vty *vty, struct peer *p)
p->host, VTY_NEWLINE);
}
- /* EBGP Multihop */
- if (peer_sort (p) != BGP_PEER_IBGP && p->ttl > 1)
- vty_out (vty, " External BGP neighbor may be up to %d hops away.%s",
- p->ttl, VTY_NEWLINE);
+ /* EBGP Multihop and GTSM */
+ if (peer_sort (p) != BGP_PEER_IBGP)
+ {
+ if (p->gtsm_hops > 0)
+ vty_out (vty, " External BGP neighbor may be up to %d hops away.%s",
+ p->gtsm_hops, VTY_NEWLINE);
+ else if (p->ttl > 1)
+ vty_out (vty, " External BGP neighbor may be up to %d hops away.%s",
+ p->ttl, VTY_NEWLINE);
+ }
/* Local address. */
if (p->su_local)
diff --git a/bgpd/bgpd.c b/bgpd/bgpd.c
index 5a412f23..ee0cc5da 100644
--- a/bgpd/bgpd.c
+++ b/bgpd/bgpd.c
@@ -4376,7 +4376,7 @@ peer_ttl_security_hops_set (struct peer *peer, int gtsm_hops)
zlog_debug ("peer_ttl_security_hops_set: set gtsm_hops to %d for %s", gtsm_hops, peer->host);
if (peer_sort (peer) == BGP_PEER_IBGP)
- return 0;
+ return BGP_ERR_NO_IBGP_WITH_TTLHACK;
/* We cannot configure ttl-security hops when ebgp-multihop is already
set. For non peer-groups, the check is simple. For peer-groups, it's
@@ -4430,8 +4430,23 @@ peer_ttl_security_hops_set (struct peer *peer, int gtsm_hops)
peer->gtsm_hops = group->conf->gtsm_hops;
- if (peer->fd >= 0 && peer->gtsm_hops != 0)
- sockopt_minttl (peer->su.sa.sa_family, peer->fd, MAXTTL + 1 - peer->gtsm_hops);
+ /* Change setting of existing peer
+ * established then change value (may break connectivity)
+ * not established yet (teardown session and restart)
+ * no session then do nothing (will get handled by next connection)
+ */
+ if (peer->status == Established)
+ {
+ if (peer->fd >= 0 && peer->gtsm_hops != 0)
+ sockopt_minttl (peer->su.sa.sa_family, peer->fd,
+ MAXTTL + 1 - peer->gtsm_hops);
+ }
+ else if (peer->status < Established)
+ {
+ if (BGP_DEBUG (events, EVENTS))
+ zlog_debug ("%s Min-ttl changed", peer->host);
+ BGP_EVENT_ADD (peer, BGP_Stop);
+ }
}
}
diff --git a/bgpd/bgpd.h b/bgpd/bgpd.h
index 39cdf8eb..4da19e71 100644
--- a/bgpd/bgpd.h
+++ b/bgpd/bgpd.h
@@ -802,7 +802,8 @@ enum bgp_clear_type
#define BGP_ERR_CANNOT_HAVE_LOCAL_AS_SAME_AS -28
#define BGP_ERR_TCPSIG_FAILED -29
#define BGP_ERR_NO_EBGP_MULTIHOP_WITH_TTLHACK -30
-#define BGP_ERR_MAX -31
+#define BGP_ERR_NO_IBGP_WITH_TTLHACK -31
+#define BGP_ERR_MAX -32
extern struct bgp_master *bm;