From 311199f316d1704a5c9f709f1ff47982d3f9fb8c Mon Sep 17 00:00:00 2001 From: Donatas Abraitis Date: Sat, 21 Dec 2024 17:03:14 +0200 Subject: [PATCH 1/2] bgpd: Fix `enforce-first-as` per peer-group removal If we do `no neighbor PG enforce-first-as`, it wasn't working because the flag was inherited incorrectly for the members of the peer-group. Fixes: 322462920e2a2c8b73191c6eb5157d64cf4a593e ("bgpd: Enable enforce-first-as by default") Closes: https://github.com/FRRouting/frr/issues/17702 Signed-off-by: Donatas Abraitis (cherry picked from commit b6dcf618777bb7a11176617d647e16ab64f49b7b) --- bgpd/bgp_vty.c | 6 +++++- bgpd/bgpd.c | 9 +++++++-- 2 files changed, 12 insertions(+), 3 deletions(-) diff --git a/bgpd/bgp_vty.c b/bgpd/bgp_vty.c index 8e29e90c7d91..27f50a885497 100644 --- a/bgpd/bgp_vty.c +++ b/bgpd/bgp_vty.c @@ -18634,7 +18634,11 @@ static void bgp_config_write_peer_global(struct vty *vty, struct bgp *bgp, /* enforce-first-as */ if (CHECK_FLAG(bgp->flags, BGP_FLAG_ENFORCE_FIRST_AS)) { - if (!peergroup_flag_check(peer, PEER_FLAG_ENFORCE_FIRST_AS)) + /* The `no` form is printed because by default this enforcing + * is enabled, thus we need to print it inverted. + * See peer_new(). + */ + if (peergroup_flag_check(peer, PEER_FLAG_ENFORCE_FIRST_AS)) vty_out(vty, " no neighbor %s enforce-first-as\n", addr); } else { if (peergroup_flag_check(peer, PEER_FLAG_ENFORCE_FIRST_AS)) diff --git a/bgpd/bgpd.c b/bgpd/bgpd.c index c53f4965cc93..1a9fb2ef6330 100644 --- a/bgpd/bgpd.c +++ b/bgpd/bgpd.c @@ -1568,8 +1568,13 @@ struct peer *peer_new(struct bgp *bgp) SET_FLAG(peer->sflags, PEER_STATUS_CAPABILITY_OPEN); - if (CHECK_FLAG(bgp->flags, BGP_FLAG_ENFORCE_FIRST_AS)) - peer_flag_set(peer, PEER_FLAG_ENFORCE_FIRST_AS); + /* By default this is enabled, thus we need to mark it as + * inverted in order to display correctly in the configuration. + */ + if (CHECK_FLAG(bgp->flags, BGP_FLAG_ENFORCE_FIRST_AS)) { + SET_FLAG(peer->flags_invert, PEER_FLAG_ENFORCE_FIRST_AS); + SET_FLAG(peer->flags, PEER_FLAG_ENFORCE_FIRST_AS); + } if (CHECK_FLAG(bgp->flags, BGP_FLAG_SOFT_VERSION_CAPABILITY)) peer_flag_set(peer, PEER_FLAG_CAPABILITY_SOFT_VERSION); From ffc4829bed507eb151adfc4055bbb5fa43725746 Mon Sep 17 00:00:00 2001 From: Donatas Abraitis Date: Sat, 21 Dec 2024 17:08:01 +0200 Subject: [PATCH 2/2] tests: Check if enforce-first-as is working with peer-groups Signed-off-by: Donatas Abraitis (cherry picked from commit 9047ce6d9c70256158450a2d03f263fca50a74ae) # Conflicts: # tests/topotests/bgp_route_server_client/r1/bgpd.conf --- tests/topotests/bgp_route_server_client/r1/bgpd.conf | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/tests/topotests/bgp_route_server_client/r1/bgpd.conf b/tests/topotests/bgp_route_server_client/r1/bgpd.conf index e464e6c50b88..59d9716f4247 100644 --- a/tests/topotests/bgp_route_server_client/r1/bgpd.conf +++ b/tests/topotests/bgp_route_server_client/r1/bgpd.conf @@ -2,10 +2,19 @@ router bgp 65001 bgp router-id 10.10.10.1 no bgp ebgp-requires-policy +<<<<<<< HEAD no bgp enforce-first-as neighbor 2001:db8:1::1 remote-as external neighbor 2001:db8:1::1 timers 3 10 neighbor 2001:db8:1::1 timers connect 5 +======= + neighbor pg peer-group + neighbor pg remote-as external + neighbor pg timers 1 3 + neighbor pg timers connect 1 + no neighbor pg enforce-first-as + neighbor 2001:db8:1::1 peer-group pg +>>>>>>> 9047ce6d9 (tests: Check if enforce-first-as is working with peer-groups) address-family ipv6 unicast redistribute connected neighbor 2001:db8:1::1 activate