Blame SOURCES/0009-bgp-ttl-security.patch

2b9283
From 8a66632391db5f5181a4afef6aae41f48bee7fdb Mon Sep 17 00:00:00 2001
2b9283
From: Donald Sharp <sharpd@nvidia.com>
2b9283
Date: Fri, 15 Jan 2021 08:14:49 -0500
2b9283
Subject: [PATCH] bgpd: Allow peer-groups to have `ttl-security hops`
2b9283
 configured
2b9283
2b9283
The command `neighbor PGROUP ttl-security hops X` was being
2b9283
accepted but ignored.  Allow it to be stored.  I am still
2b9283
not sure that this is applied correctly, but that is another
2b9283
problem.
2b9283
2b9283
Fixes: #7848
2b9283
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
2b9283
---
2b9283
 bgpd/bgpd.c | 8 +++++---
2b9283
 1 file changed, 5 insertions(+), 3 deletions(-)
2b9283
2b9283
diff --git a/bgpd/bgpd.c b/bgpd/bgpd.c
2b9283
index 9297ec4711c..4ebd3da0620 100644
2b9283
--- a/bgpd/bgpd.c
2b9283
+++ b/bgpd/bgpd.c
2b9283
@@ -7150,6 +7150,7 @@ int is_ebgp_multihop_configured(struct peer *peer)
2b9283
 int peer_ttl_security_hops_set(struct peer *peer, int gtsm_hops)
2b9283
 {
2b9283
 	struct peer_group *group;
2b9283
+	struct peer *gpeer;
2b9283
 	struct listnode *node, *nnode;
2b9283
 	int ret;
2b9283
 
2b9283
@@ -7186,9 +7187,10 @@ int peer_ttl_security_hops_set(struct peer *peer, int gtsm_hops)
2b9283
 				return ret;
2b9283
 		} else {
2b9283
 			group = peer->group;
2b9283
+			group->conf->gtsm_hops = gtsm_hops;
2b9283
 			for (ALL_LIST_ELEMENTS(group->peer, node, nnode,
2b9283
-					       peer)) {
2b9283
-				peer->gtsm_hops = group->conf->gtsm_hops;
2b9283
+					       gpeer)) {
2b9283
+				gpeer->gtsm_hops = group->conf->gtsm_hops;
2b9283
 
2b9283
 				/* Calling ebgp multihop also resets the
2b9283
 				 * session.
2b9283
@@ -7198,7 +7200,7 @@ int peer_ttl_security_hops_set(struct peer *peer, int gtsm_hops)
2b9283
 				 * value is
2b9283
 				 * irrelevant.
2b9283
 				 */
2b9283
-				peer_ebgp_multihop_set(peer, MAXTTL);
2b9283
+				peer_ebgp_multihop_set(gpeer, MAXTTL);
2b9283
 			}
2b9283
 		}
2b9283
 	} else {
2b9283
@@ -7219,9 +7221,10 @@ int peer_ttl_security_hops_set(struct peer *peer, int gtsm_hops)
2b9283
 					       MAXTTL + 1 - gtsm_hops);
2b9283
 		} else {
2b9283
 			group = peer->group;
2b9283
+			group->conf->gtsm_hops = gtsm_hops;
2b9283
 			for (ALL_LIST_ELEMENTS(group->peer, node, nnode,
2b9283
-					       peer)) {
2b9283
-				peer->gtsm_hops = group->conf->gtsm_hops;
2b9283
+					       gpeer)) {
2b9283
+				gpeer->gtsm_hops = group->conf->gtsm_hops;
2b9283
 
2b9283
 				/* Change setting of existing peer
2b9283
 				 *   established then change value (may break
2b9283
@@ -7231,17 +7234,18 @@ int peer_ttl_security_hops_set(struct peer *peer, int gtsm_hops)
2b9283
 				 *   no session then do nothing (will get
2b9283
 				 * handled by next connection)
2b9283
 				 */
2b9283
-				if (peer->fd >= 0
2b9283
-				    && peer->gtsm_hops
2b9283
+				if (gpeer->fd >= 0
2b9283
+				    && gpeer->gtsm_hops
2b9283
 					       != BGP_GTSM_HOPS_DISABLED)
2b9283
 					sockopt_minttl(
2b9283
-						peer->su.sa.sa_family, peer->fd,
2b9283
-						MAXTTL + 1 - peer->gtsm_hops);
2b9283
-				if ((peer->status < Established)
2b9283
-				    && peer->doppelganger
2b9283
-				    && (peer->doppelganger->fd >= 0))
2b9283
-					sockopt_minttl(peer->su.sa.sa_family,
2b9283
-						       peer->doppelganger->fd,
2b9283
+						gpeer->su.sa.sa_family,
2b9283
+						gpeer->fd,
2b9283
+						MAXTTL + 1 - gpeer->gtsm_hops);
2b9283
+				if ((gpeer->status < Established)
2b9283
+				    && gpeer->doppelganger
2b9283
+				    && (gpeer->doppelganger->fd >= 0))
2b9283
+					sockopt_minttl(gpeer->su.sa.sa_family,
2b9283
+						       gpeer->doppelganger->fd,
2b9283
 						       MAXTTL + 1 - gtsm_hops);
2b9283
 			}
2b9283
 		}