Allow us to receive our own AS paths from a neighbor.
Like several of the related diffs, this also invites dragons and grues
into your network.
Probably needs the most love in the man page, as usual ;).
OK?
Index: bgpd.conf.5
===================================================================
RCS file: /cvs/openbsd/src/usr.sbin/bgpd/bgpd.conf.5,v
retrieving revision 1.154
diff -u -p -u -p -r1.154 bgpd.conf.5
--- bgpd.conf.5 27 May 2017 10:33:15 -0000 1.154
+++ bgpd.conf.5 27 May 2017 12:49:42 -0000
@@ -767,6 +767,19 @@ section in
.Sx GLOBAL CONFIGURATION .
.Pp
.It Xo
+.Ic enforce local-as
+.Pq Ic yes Ns | Ns Ic no
+.Xc
+If set to
+.Ic no ,
+.Em AS paths
+will not be checked for AS loop detection.
+Since there is no AS path loop check, this option is dangerous, and
+requires you to add filters to prevent receiving your own prefixes.
+The default value is
+.Ic yes .
+.Pp
+.It Xo
.Ic enforce neighbor-as
.Pq Ic yes Ns | Ns Ic no
.Xc
Index: bgpd.h
===================================================================
RCS file: /cvs/openbsd/src/usr.sbin/bgpd/bgpd.h,v
retrieving revision 1.303
diff -u -p -u -p -r1.303 bgpd.h
--- bgpd.h 27 May 2017 12:09:27 -0000 1.303
+++ bgpd.h 27 May 2017 12:34:57 -0000
@@ -309,6 +309,7 @@ struct peer_config {
u_int32_t max_prefix;
enum announce_type announce_type;
enum enforce_as enforce_as;
+ enum enforce_as enforce_local_as;
enum reconf_action reconf_action;
u_int16_t max_prefix_restart;
u_int16_t holdtime;
Index: parse.y
===================================================================
RCS file: /cvs/openbsd/src/usr.sbin/bgpd/parse.y,v
retrieving revision 1.303
diff -u -p -u -p -r1.303 parse.y
--- parse.y 27 May 2017 10:33:15 -0000 1.303
+++ parse.y 27 May 2017 12:35:33 -0000
@@ -1183,6 +1183,12 @@ peeropts : REMOTEAS as4number {
else
curpeer->conf.enforce_as = ENFORCE_AS_OFF;
}
+ | ENFORCE LOCALAS yesno {
+ if ($3)
+ curpeer->conf.enforce_local_as = ENFORCE_AS_ON;
+ else
+ curpeer->conf.enforce_local_as = ENFORCE_AS_OFF;
+ }
| MAXPREFIX NUMBER restart {
if ($2 < 0 || $2 > UINT_MAX) {
yyerror("bad maximum number of prefixes");
@@ -3690,6 +3696,8 @@ neighbor_consistent(struct peer *p)
if (p->conf.enforce_as == ENFORCE_AS_UNDEF)
p->conf.enforce_as = p->conf.ebgp ?
ENFORCE_AS_ON : ENFORCE_AS_OFF;
+ if (p->conf.enforce_local_as == ENFORCE_AS_UNDEF)
+ p->conf.enforce_local_as = ENFORCE_AS_ON;
/* EBGP neighbors are not allowed in route reflector clusters */
if (p->conf.reflector_client && p->conf.ebgp) {
Index: printconf.c
===================================================================
RCS file: /cvs/openbsd/src/usr.sbin/bgpd/printconf.c,v
retrieving revision 1.102
diff -u -p -u -p -r1.102 printconf.c
--- printconf.c 27 May 2017 10:33:15 -0000 1.102
+++ printconf.c 27 May 2017 12:38:13 -0000
@@ -470,6 +470,10 @@ print_peer(struct peer_config *p, struct
printf("%s\tenforce neighbor-as yes\n", c);
else
printf("%s\tenforce neighbor-as no\n", c);
+ if (p->enforce_local_as == ENFORCE_AS_ON)
+ printf("%s\tenforce local-as yes\n", c);
+ else
+ printf("%s\tenforce local-as no\n", c);
if (p->reflector_client) {
if (conf->clusterid == 0)
printf("%s\troute-reflector\n", c);
Index: rde.c
===================================================================
RCS file: /cvs/openbsd/src/usr.sbin/bgpd/rde.c,v
retrieving revision 1.362
diff -u -p -u -p -r1.362 rde.c
--- rde.c 27 May 2017 10:33:15 -0000 1.362
+++ rde.c 27 May 2017 12:41:06 -0000
@@ -1104,6 +1104,7 @@ rde_update_dispatch(struct imsg *imsg)
/* aspath needs to be loop free nota bene this is not a hard error */
if (peer->conf.ebgp &&
+ peer->conf.enforce_local_as == ENFORCE_AS_ON &&
!aspath_loopfree(asp->aspath, peer->conf.local_as))
asp->flags |= F_ATTR_LOOP;
--
The porcupine with the sharpest quills gets stuck on a tree more often.
