From f5a4827db60545309d0ee378b85acac56cf7837a Mon Sep 17 00:00:00 2001 From: Stephen Hemminger Date: Thu, 24 Mar 2011 17:30:21 +0000 Subject: bgpd: refine the setting up of GTSM * bgpd.h: Add error code for setting GTSM on iBGP * bgpd.c: (peer_ttl_security_hops_set) use previous error code and signal incompatibility of GTSM+iBGP to vty. Consider the session state when setting GTSM, and reset Open/Active peers to let them pick up new TTL from start. --- bgpd/bgp_vty.c | 17 +++++++++++++---- bgpd/bgpd.c | 21 ++++++++++++++++++--- bgpd/bgpd.h | 3 ++- 3 files changed, 33 insertions(+), 8 deletions(-) (limited to 'bgpd') diff --git a/bgpd/bgp_vty.c b/bgpd/bgp_vty.c index d93c5d36..e7e7dba1 100644 --- a/bgpd/bgp_vty.c +++ b/bgpd/bgp_vty.c @@ -216,6 +216,9 @@ bgp_vty_return (struct vty *vty, int ret) case BGP_ERR_NO_EBGP_MULTIHOP_WITH_TTLHACK: str = "ebgp-multihop and ttl-security cannot be configured together"; break; + case BGP_ERR_NO_IBGP_WITH_TTLHACK: + str = "ttl-security only allowed for EBGP peers"; + break; } if (str) { @@ -7643,10 +7646,16 @@ bgp_show_peer (struct vty *vty, struct peer *p) p->host, VTY_NEWLINE); } - /* EBGP Multihop */ - if (peer_sort (p) != BGP_PEER_IBGP && p->ttl > 1) - vty_out (vty, " External BGP neighbor may be up to %d hops away.%s", - p->ttl, VTY_NEWLINE); + /* EBGP Multihop and GTSM */ + if (peer_sort (p) != BGP_PEER_IBGP) + { + if (p->gtsm_hops > 0) + vty_out (vty, " External BGP neighbor may be up to %d hops away.%s", + p->gtsm_hops, VTY_NEWLINE); + else if (p->ttl > 1) + vty_out (vty, " External BGP neighbor may be up to %d hops away.%s", + p->ttl, VTY_NEWLINE); + } /* Local address. */ if (p->su_local) diff --git a/bgpd/bgpd.c b/bgpd/bgpd.c index 5a412f23..ee0cc5da 100644 --- a/bgpd/bgpd.c +++ b/bgpd/bgpd.c @@ -4376,7 +4376,7 @@ peer_ttl_security_hops_set (struct peer *peer, int gtsm_hops) zlog_debug ("peer_ttl_security_hops_set: set gtsm_hops to %d for %s", gtsm_hops, peer->host); if (peer_sort (peer) == BGP_PEER_IBGP) - return 0; + return BGP_ERR_NO_IBGP_WITH_TTLHACK; /* We cannot configure ttl-security hops when ebgp-multihop is already set. For non peer-groups, the check is simple. For peer-groups, it's @@ -4430,8 +4430,23 @@ peer_ttl_security_hops_set (struct peer *peer, int gtsm_hops) peer->gtsm_hops = group->conf->gtsm_hops; - if (peer->fd >= 0 && peer->gtsm_hops != 0) - sockopt_minttl (peer->su.sa.sa_family, peer->fd, MAXTTL + 1 - peer->gtsm_hops); + /* Change setting of existing peer + * established then change value (may break connectivity) + * not established yet (teardown session and restart) + * no session then do nothing (will get handled by next connection) + */ + if (peer->status == Established) + { + if (peer->fd >= 0 && peer->gtsm_hops != 0) + sockopt_minttl (peer->su.sa.sa_family, peer->fd, + MAXTTL + 1 - peer->gtsm_hops); + } + else if (peer->status < Established) + { + if (BGP_DEBUG (events, EVENTS)) + zlog_debug ("%s Min-ttl changed", peer->host); + BGP_EVENT_ADD (peer, BGP_Stop); + } } } diff --git a/bgpd/bgpd.h b/bgpd/bgpd.h index 39cdf8eb..4da19e71 100644 --- a/bgpd/bgpd.h +++ b/bgpd/bgpd.h @@ -802,7 +802,8 @@ enum bgp_clear_type #define BGP_ERR_CANNOT_HAVE_LOCAL_AS_SAME_AS -28 #define BGP_ERR_TCPSIG_FAILED -29 #define BGP_ERR_NO_EBGP_MULTIHOP_WITH_TTLHACK -30 -#define BGP_ERR_MAX -31 +#define BGP_ERR_NO_IBGP_WITH_TTLHACK -31 +#define BGP_ERR_MAX -32 extern struct bgp_master *bm; -- cgit v1.2.1