aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorsem <sem@FreeBSD.org>2011-04-02 01:47:00 +0800
committersem <sem@FreeBSD.org>2011-04-02 01:47:00 +0800
commitd7a5c41e6c91cb69f3077bddaed716da9b755acb (patch)
treee9d133d0401a84c299964792f4ccd7217f040e06
parent92eccaa68c6a681e3ffd2f4c75cd516feb9b5438 (diff)
downloadfreebsd-ports-gnome-d7a5c41e6c91cb69f3077bddaed716da9b755acb.tar.gz
freebsd-ports-gnome-d7a5c41e6c91cb69f3077bddaed716da9b755acb.tar.zst
freebsd-ports-gnome-d7a5c41e6c91cb69f3077bddaed716da9b755acb.zip
- security patches for CVE-2010-1674, CVE-2010-1645.
Approved by: maintainer
-rw-r--r--net/quagga/Makefile2
-rw-r--r--net/quagga/files/patch-CVE-2010-167467
-rw-r--r--net/quagga/files/patch-CVE-2010-16751296
3 files changed, 1364 insertions, 1 deletions
diff --git a/net/quagga/Makefile b/net/quagga/Makefile
index e98bb55d5d75..7ad09e4ba56f 100644
--- a/net/quagga/Makefile
+++ b/net/quagga/Makefile
@@ -7,7 +7,7 @@
PORTNAME= quagga
PORTVERSION= 0.99.17
-PORTREVISION= 5
+PORTREVISION= 6
CATEGORIES= net ipv6
MASTER_SITES= http://quagga.net/download/ \
http://www.ru.quagga.net/download/ \
diff --git a/net/quagga/files/patch-CVE-2010-1674 b/net/quagga/files/patch-CVE-2010-1674
new file mode 100644
index 000000000000..6ff20eff5485
--- /dev/null
+++ b/net/quagga/files/patch-CVE-2010-1674
@@ -0,0 +1,67 @@
+commit ca0f29480d22837f99b9ac42cf64a8d656bfcac5
+Author: Paul Jakma <paul@quagga.net>
+Date: Sun Dec 5 17:17:26 2010 +0000
+
+ bgpd/security: CVE-2010-1674 Fix crash due to extended-community parser error
+
+ * bgp_attr.c: (bgp_attr_ext_communities) Certain extended-community attrs
+ can leave attr->flag indicating ext-community is present, even though no
+ extended-community object has been attached to the attr structure. Thus a
+ null-pointer dereference can occur later.
+ (bgp_attr_community) No bug fixed here, but tidy up flow so it has same
+ form as previous.
+
+ Problem and fix thanks to anonymous reporter.
+
+diff --git a/bgpd/bgp_attr.c b/bgpd/bgp_attr.c
+index ae0dc88..c6fd3a5 100644
+--- bgpd/bgp_attr.c
++++ bgpd/bgp_attr.c
+@@ -1235,13 +1235,16 @@ bgp_attr_community (struct peer *peer, bgp_size_t length,
+ attr->community = NULL;
+ return 0;
+ }
+- else
+- {
+- attr->community =
+- community_parse ((u_int32_t *)stream_pnt (peer->ibuf), length);
+- stream_forward_getp (peer->ibuf, length);
+- }
++
++ attr->community =
++ community_parse ((u_int32_t *)stream_pnt (peer->ibuf), length);
++
++ /* XXX: fix community_parse to use stream API and remove this */
++ stream_forward_getp (peer->ibuf, length);
+
++ if (!attr->community)
++ return -1;
++
+ attr->flag |= ATTR_FLAG_BIT (BGP_ATTR_COMMUNITIES);
+
+ return 0;
+@@ -1478,13 +1481,18 @@ bgp_attr_ext_communities (struct peer *peer, bgp_size_t length,
+ {
+ if (attr->extra)
+ attr->extra->ecommunity = NULL;
++ /* Empty extcomm doesn't seem to be invalid per se */
++ return 0;
+ }
+- else
+- {
+- (bgp_attr_extra_get (attr))->ecommunity =
+- ecommunity_parse ((u_int8_t *)stream_pnt (peer->ibuf), length);
+- stream_forward_getp (peer->ibuf, length);
+- }
++
++ (bgp_attr_extra_get (attr))->ecommunity =
++ ecommunity_parse ((u_int8_t *)stream_pnt (peer->ibuf), length);
++ /* XXX: fix ecommunity_parse to use stream API */
++ stream_forward_getp (peer->ibuf, length);
++
++ if (!attr->extra->ecommunity)
++ return -1;
++
+ attr->flag |= ATTR_FLAG_BIT (BGP_ATTR_EXT_COMMUNITIES);
+
+ return 0;
diff --git a/net/quagga/files/patch-CVE-2010-1675 b/net/quagga/files/patch-CVE-2010-1675
new file mode 100644
index 000000000000..7e55d3a60274
--- /dev/null
+++ b/net/quagga/files/patch-CVE-2010-1675
@@ -0,0 +1,1296 @@
+commit 4fbe0484edc47f10852da879125c30504b4f69ad
+Author: Paul Jakma <paul@quagga.net>
+Date: Sun Dec 5 20:28:02 2010 +0000
+
+ bgpd: Remove AS Path limit/TTL functionality
+
+ * draft-ietf-idr-as-pathlimit doesn't seem to have gone anywhere, and its
+ author does not think it will make progress in IDR. Remove all support
+ introduced for it, but leave stubs for the commands to avoid breaking
+ any configurations.
+
+ Basically reverts cecab5e9725792e60a5e4b473e238a14cd85815d.
+
+diff --git a/bgpd/bgp_attr.c b/bgpd/bgp_attr.c
+index c6fd3a5..aa6fa61 100644
+--- bgpd/bgp_attr.c
++++ bgpd/bgp_attr.c
+@@ -359,11 +359,6 @@ attrhash_key_make (void *p)
+ key += attr->nexthop.s_addr;
+ key += attr->med;
+ key += attr->local_pref;
+- if (attr->pathlimit.as)
+- {
+- key += attr->pathlimit.ttl;
+- key += attr->pathlimit.as;
+- }
+
+ if (attr->extra)
+ {
+@@ -415,9 +410,7 @@ attrhash_cmp (const void *p1, const void *p2)
+ && attr1->aspath == attr2->aspath
+ && attr1->community == attr2->community
+ && attr1->med == attr2->med
+- && attr1->local_pref == attr2->local_pref
+- && attr1->pathlimit.ttl == attr2->pathlimit.ttl
+- && attr1->pathlimit.as == attr2->pathlimit.as)
++ && attr1->local_pref == attr2->local_pref)
+ {
+ const struct attr_extra *ae1 = attr1->extra;
+ const struct attr_extra *ae2 = attr2->extra;
+@@ -704,43 +697,6 @@ bgp_attr_flush (struct attr *attr)
+ }
+ }
+
+-/* Parse AS_PATHLIMIT attribute in an UPDATE */
+-static int
+-bgp_attr_aspathlimit (struct peer *peer, bgp_size_t length,
+- struct attr *attr, u_char flag, u_char *startp)
+-{
+- bgp_size_t total;
+-
+- total = length + (CHECK_FLAG (flag, BGP_ATTR_FLAG_EXTLEN) ? 4 : 3);
+-
+- if (!CHECK_FLAG(flag, BGP_ATTR_FLAG_TRANS)
+- || !CHECK_FLAG(flag, BGP_ATTR_FLAG_OPTIONAL))
+- {
+- zlog (peer->log, LOG_ERR,
+- "AS-Pathlimit attribute flag isn't transitive %d", flag);
+- bgp_notify_send_with_data (peer,
+- BGP_NOTIFY_UPDATE_ERR,
+- BGP_NOTIFY_UPDATE_ATTR_FLAG_ERR,
+- startp, total);
+- return -1;
+- }
+-
+- if (length != 5)
+- {
+- zlog (peer->log, LOG_ERR,
+- "AS-Pathlimit length, %u, is not 5", length);
+- bgp_notify_send_with_data (peer,
+- BGP_NOTIFY_UPDATE_ERR,
+- BGP_NOTIFY_UPDATE_ATTR_FLAG_ERR,
+- startp, total);
+- return -1;
+- }
+-
+- attr->pathlimit.ttl = stream_getc (BGP_INPUT(peer));
+- attr->pathlimit.as = stream_getl (BGP_INPUT(peer));
+- attr->flag |= ATTR_FLAG_BIT (BGP_ATTR_AS_PATHLIMIT);
+- return 0;
+-}
+ /* Get origin attribute of the update message. */
+ static int
+ bgp_attr_origin (struct peer *peer, bgp_size_t length,
+@@ -1717,9 +1673,6 @@ bgp_attr_parse (struct peer *peer, struct attr *attr, bgp_size_t size,
+ case BGP_ATTR_EXT_COMMUNITIES:
+ ret = bgp_attr_ext_communities (peer, length, attr, flag);
+ break;
+- case BGP_ATTR_AS_PATHLIMIT:
+- ret = bgp_attr_aspathlimit (peer, length, attr, flag, startp);
+- break;
+ default:
+ ret = bgp_attr_unknown (peer, attr, flag, type, length, startp);
+ break;
+@@ -2274,24 +2227,6 @@ bgp_packet_attribute (struct bgp *bgp, struct peer *peer,
+ stream_put_ipv4 (s, attr->extra->aggregator_addr.s_addr);
+ }
+
+- /* AS-Pathlimit */
+- if (attr->pathlimit.ttl)
+- {
+- u_int32_t as = attr->pathlimit.as;
+-
+- /* should already have been done in announce_check(),
+- * but just in case..
+- */
+- if (!as)
+- as = peer->local_as;
+-
+- stream_putc (s, BGP_ATTR_FLAG_OPTIONAL|BGP_ATTR_FLAG_TRANS);
+- stream_putc (s, BGP_ATTR_AS_PATHLIMIT);
+- stream_putc (s, 5);
+- stream_putc (s, attr->pathlimit.ttl);
+- stream_putl (s, as);
+- }
+-
+ /* Unknown transit attribute. */
+ if (attr->extra && attr->extra->transit)
+ stream_put (s, attr->extra->transit->val, attr->extra->transit->length);
+@@ -2503,16 +2438,6 @@ bgp_dump_routes_attr (struct stream *s, struct attr *attr,
+ }
+ #endif /* HAVE_IPV6 */
+
+- /* AS-Pathlimit */
+- if (attr->flag & ATTR_FLAG_BIT (BGP_ATTR_AS_PATHLIMIT))
+- {
+- stream_putc (s, BGP_ATTR_FLAG_OPTIONAL|BGP_ATTR_FLAG_TRANS);
+- stream_putc (s, BGP_ATTR_AS_PATHLIMIT);
+- stream_putc (s, 5);
+- stream_putc (s, attr->pathlimit.ttl);
+- stream_putl (s, attr->pathlimit.as);
+- }
+-
+ /* Return total size of attribute. */
+ len = stream_get_endp (s) - cp - 2;
+ stream_putw_at (s, cp, len);
+diff --git a/bgpd/bgp_attr.h b/bgpd/bgp_attr.h
+index ed8753b..af9dcf5 100644
+--- bgpd/bgp_attr.h
++++ bgpd/bgp_attr.h
+@@ -110,12 +110,6 @@ struct attr
+ u_int32_t med;
+ u_int32_t local_pref;
+
+- /* AS-Pathlimit */
+- struct {
+- u_int32_t as;
+- u_char ttl;
+- } pathlimit;
+-
+ /* Path origin attribute */
+ u_char origin;
+ };
+diff --git a/bgpd/bgp_route.c b/bgpd/bgp_route.c
+index 1cfc451..75a59cb 100644
+--- bgpd/bgp_route.c
++++ bgpd/bgp_route.c
+@@ -910,19 +910,6 @@ bgp_announce_check (struct bgp_info *ri, struct peer *peer, struct prefix *p,
+ }
+ }
+
+- /* AS-Pathlimit check */
+- if (ri->attr->pathlimit.ttl && peer_sort (peer) == BGP_PEER_EBGP)
+- /* Our ASN has not yet been pre-pended, that's done in packet_attribute
+- * on output. Hence the test here is for >=.
+- */
+- if (aspath_count_hops (ri->attr->aspath) >= ri->attr->pathlimit.ttl)
+- {
+- if (BGP_DEBUG (filter, FILTER))
+- zlog_info ("%s [Update:SEND] suppressed, AS-Pathlimit TTL %u exceeded",
+- peer->host, ri->attr->pathlimit.ttl);
+- return 0;
+- }
+-
+ /* For modify attribute, copy it to temporary structure. */
+ bgp_attr_dup (attr, ri->attr);
+
+@@ -1027,39 +1014,6 @@ bgp_announce_check (struct bgp_info *ri, struct peer *peer, struct prefix *p,
+ }
+ #endif /* HAVE_IPV6 */
+
+- /* AS-Pathlimit: Check ASN for private/confed */
+- if (attr->pathlimit.ttl)
+- {
+- /* locally originated update */
+- if (!attr->pathlimit.as)
+- attr->pathlimit.as = peer->local_as;
+-
+- /* if the AS_PATHLIMIT attribute is attached to a prefix by a
+- member of a confederation, then when the prefix is advertised outside
+- of the confederation boundary, then the AS number of the
+- confederation member inside of the AS_PATHLIMIT attribute should be
+- replaced by the confederation's AS number. */
+- if (peer_sort (from) == BGP_PEER_CONFED
+- && peer_sort (peer) != BGP_PEER_CONFED)
+- attr->pathlimit.as = peer->local_as;
+-
+- /* Private ASN should be updated whenever announcement leaves
+- * private space. This is deliberately done after simple confed
+- * based update..
+- */
+- if (attr->pathlimit.as >= BGP_PRIVATE_AS_MIN
+- && attr->pathlimit.as <= BGP_PRIVATE_AS_MAX)
+- {
+- if (peer->local_as < BGP_PRIVATE_AS_MIN
+- || peer->local_as > BGP_PRIVATE_AS_MAX)
+- attr->pathlimit.as = peer->local_as;
+- /* Ours is private, try using theirs.. */
+- else if (peer->as < BGP_PRIVATE_AS_MIN
+- || peer->local_as > BGP_PRIVATE_AS_MAX)
+- attr->pathlimit.as = peer->as;
+- }
+- }
+-
+ /* If this is EBGP peer and remove-private-AS is set. */
+ if (peer_sort (peer) == BGP_PEER_EBGP
+ && peer_af_flag_check (peer, afi, safi, PEER_FLAG_REMOVE_PRIVATE_AS)
+@@ -3239,14 +3193,6 @@ bgp_static_update_rsclient (struct peer *rsclient, struct prefix *p,
+ attr.med = bgp_static->igpmetric;
+ attr.flag |= ATTR_FLAG_BIT (BGP_ATTR_MULTI_EXIT_DISC);
+
+- if (bgp_static->ttl)
+- {
+- attr.flag |= ATTR_FLAG_BIT (BGP_ATTR_AS_PATHLIMIT);
+- attr.flag |= ATTR_FLAG_BIT (BGP_ATTR_ATOMIC_AGGREGATE);
+- attr.pathlimit.as = 0;
+- attr.pathlimit.ttl = bgp_static->ttl;
+- }
+-
+ if (bgp_static->atomic)
+ attr.flag |= ATTR_FLAG_BIT (BGP_ATTR_ATOMIC_AGGREGATE);
+
+@@ -3395,14 +3341,6 @@ bgp_static_update_main (struct bgp *bgp, struct prefix *p,
+ attr.med = bgp_static->igpmetric;
+ attr.flag |= ATTR_FLAG_BIT (BGP_ATTR_MULTI_EXIT_DISC);
+
+- if (bgp_static->ttl)
+- {
+- attr.flag |= ATTR_FLAG_BIT (BGP_ATTR_AS_PATHLIMIT);
+- attr.flag |= ATTR_FLAG_BIT (BGP_ATTR_ATOMIC_AGGREGATE);
+- attr.pathlimit.as = 0;
+- attr.pathlimit.ttl = bgp_static->ttl;
+- }
+-
+ if (bgp_static->atomic)
+ attr.flag |= ATTR_FLAG_BIT (BGP_ATTR_ATOMIC_AGGREGATE);
+
+@@ -3626,44 +3564,17 @@ bgp_static_withdraw_vpnv4 (struct bgp *bgp, struct prefix *p, afi_t afi,
+ bgp_unlock_node (rn);
+ }
+
+-static void
+-bgp_pathlimit_update_parents (struct bgp *bgp, struct bgp_node *rn,
+- int ttl_edge)
+-{
+- struct bgp_node *parent = rn;
+- struct bgp_static *sp;
+-
+- /* Existing static changed TTL, search parents and adjust their atomic */
+- while ((parent = parent->parent))
+- if ((sp = parent->info))
+- {
+- int sp_level = (sp->atomic ? 1 : 0);
+- ttl_edge ? sp->atomic++ : sp->atomic--;
+-
+- /* did we change state of parent whether atomic is set or not? */
+- if (sp_level != (sp->atomic ? 1 : 0))
+- {
+- bgp_static_update (bgp, &parent->p, sp,
+- rn->table->afi, rn->table->safi);
+- }
+- }
+-}
+-
+ /* Configure static BGP network. When user don't run zebra, static
+ route should be installed as valid. */
+ static int
+ bgp_static_set (struct vty *vty, struct bgp *bgp, const char *ip_str,
+- u_int16_t afi, u_char safi, const char *rmap, int backdoor,
+- u_char ttl)
++ u_int16_t afi, u_char safi, const char *rmap, int backdoor)
+ {
+ int ret;
+ struct prefix p;
+ struct bgp_static *bgp_static;
+ struct bgp_node *rn;
+ u_char need_update = 0;
+- u_char ttl_change = 0;
+- u_char ttl_edge = (ttl ? 1 : 0);
+- u_char new = 0;
+
+ /* Convert IP prefix string to struct prefix. */
+ ret = str2prefix (ip_str, &p);
+@@ -3692,21 +3603,10 @@ bgp_static_set (struct vty *vty, struct bgp *bgp, const char *ip_str,
+ bgp_static = rn->info;
+
+ /* Check previous routes are installed into BGP. */
+- if (bgp_static->valid)
+- {
+- if (bgp_static->backdoor != backdoor
+- || bgp_static->ttl != ttl)
+- need_update = 1;
+- }
++ if (bgp_static->valid && bgp_static->backdoor != backdoor)
++ need_update = 1;
+
+- /* need to catch TTL set/unset transitions for handling of
+- * ATOMIC_AGGREGATE
+- */
+- if ((bgp_static->ttl ? 1 : 0) != ttl_edge)
+- ttl_change = 1;
+-
+ bgp_static->backdoor = backdoor;
+- bgp_static->ttl = ttl;
+
+ if (rmap)
+ {
+@@ -3733,9 +3633,6 @@ bgp_static_set (struct vty *vty, struct bgp *bgp, const char *ip_str,
+ bgp_static->valid = 0;
+ bgp_static->igpmetric = 0;
+ bgp_static->igpnexthop.s_addr = 0;
+- bgp_static->ttl = ttl;
+- ttl_change = ttl_edge;
+- new = 1;
+
+ if (rmap)
+ {
+@@ -3747,39 +3644,6 @@ bgp_static_set (struct vty *vty, struct bgp *bgp, const char *ip_str,
+ rn->info = bgp_static;
+ }
+
+- /* ".. sites that choose to advertise the
+- * AS_PATHLIMIT path attribute SHOULD advertise the ATOMIC_AGGREGATE on
+- * all less specific covering prefixes as well as the more specific
+- * prefixes."
+- *
+- * So:
+- * Prefix that has just had pathlimit set/unset:
+- * - Must bump ATOMIC refcount on all parents.
+- *
+- * To catch less specific prefixes:
+- * - Must search children for ones with TTL, bump atomic refcount
+- * (we dont care if we're deleting a less specific prefix..)
+- */
+- if (ttl_change)
+- {
+- /* Existing static changed TTL, search parents and adjust their atomic */
+- bgp_pathlimit_update_parents (bgp, rn, ttl_edge);
+- }
+-
+- if (new)
+- {
+- struct bgp_node *child;
+- struct bgp_static *sc;
+-
+- /* New static, search children and bump this statics atomic.. */
+- child = bgp_lock_node (rn); /* route_next_until unlocks it.. */
+- while ((child = bgp_route_next_until (child, rn)))
+- {
+- if ((sc = child->info) && sc->ttl)
+- bgp_static->atomic++;
+- }
+- }
+-
+ /* If BGP scan is not enabled, we should install this route here. */
+ if (! bgp_flag_check (bgp, BGP_FLAG_IMPORT_CHECK))
+ {
+@@ -3833,9 +3697,6 @@ bgp_static_unset (struct vty *vty, struct bgp *bgp, const char *ip_str,
+
+ bgp_static = rn->info;
+
+- /* decrement atomic in parents, see bgp_static_set */
+- bgp_pathlimit_update_parents (bgp, rn, 0);
+-
+ /* Update BGP RIB. */
+ if (! bgp_static->backdoor)
+ bgp_static_withdraw (bgp, &p, afi, safi);
+@@ -4032,23 +3893,10 @@ DEFUN (bgp_network,
+ "Specify a network to announce via BGP\n"
+ "IP prefix <network>/<length>, e.g., 35.0.0.0/8\n")
+ {
+- u_char ttl = 0;
+-
+- if (argc == 2)
+- VTY_GET_INTEGER_RANGE ("Pathlimit TTL", ttl, argv[1], 1, 255);
+-
+ return bgp_static_set (vty, vty->index, argv[0],
+- AFI_IP, bgp_node_safi (vty), NULL, 0, ttl);
++ AFI_IP, bgp_node_safi (vty), NULL, 0);
+ }
+
+-ALIAS (bgp_network,
+- bgp_network_ttl_cmd,
+- "network A.B.C.D/M pathlimit <0-255>",
+- "Specify a network to announce via BGP\n"
+- "IP prefix <network>/<length>, e.g., 35.0.0.0/8\n"
+- "AS-Path hopcount limit attribute\n"
+- "AS-Pathlimit TTL, in number of AS-Path hops\n")
+-
+ DEFUN (bgp_network_route_map,
+ bgp_network_route_map_cmd,
+ "network A.B.C.D/M route-map WORD",
+@@ -4058,7 +3906,7 @@ DEFUN (bgp_network_route_map,
+ "Name of the route map\n")
+ {
+ return bgp_static_set (vty, vty->index, argv[0],
+- AFI_IP, bgp_node_safi (vty), argv[1], 0, 0);
++ AFI_IP, bgp_node_safi (vty), argv[1], 0);
+ }
+
+ DEFUN (bgp_network_backdoor,
+@@ -4068,24 +3916,10 @@ DEFUN (bgp_network_backdoor,
+ "IP prefix <network>/<length>, e.g., 35.0.0.0/8\n"
+ "Specify a BGP backdoor route\n")
+ {
+- u_char ttl = 0;
+-
+- if (argc == 2)
+- VTY_GET_INTEGER_RANGE ("Pathlimit TTL", ttl, argv[1], 1, 255);
+-
+ return bgp_static_set (vty, vty->index, argv[0], AFI_IP, SAFI_UNICAST,
+- NULL, 1, ttl);
++ NULL, 1);
+ }
+
+-ALIAS (bgp_network_backdoor,
+- bgp_network_backdoor_ttl_cmd,
+- "network A.B.C.D/M backdoor pathlimit <0-255>",
+- "Specify a network to announce via BGP\n"
+- "IP prefix <network>/<length>, e.g., 35.0.0.0/8\n"
+- "Specify a BGP backdoor route\n"
+- "AS-Path hopcount limit attribute\n"
+- "AS-Pathlimit TTL, in number of AS-Path hops\n")
+-
+ DEFUN (bgp_network_mask,
+ bgp_network_mask_cmd,
+ "network A.B.C.D mask A.B.C.D",
+@@ -4096,10 +3930,6 @@ DEFUN (bgp_network_mask,
+ {
+ int ret;
+ char prefix_str[BUFSIZ];
+- u_char ttl = 0;
+-
+- if (argc == 3)
+- VTY_GET_INTEGER_RANGE ("Pathlimit TTL", ttl, argv[2], 1, 255);
+
+ ret = netmask_str2prefix_str (argv[0], argv[1], prefix_str);
+ if (! ret)
+@@ -4109,19 +3939,9 @@ DEFUN (bgp_network_mask,
+ }
+
+ return bgp_static_set (vty, vty->index, prefix_str,
+- AFI_IP, bgp_node_safi (vty), NULL, 0, ttl);
++ AFI_IP, bgp_node_safi (vty), NULL, 0);
+ }
+
+-ALIAS (bgp_network_mask,
+- bgp_network_mask_ttl_cmd,
+- "network A.B.C.D mask A.B.C.D pathlimit <0-255>",
+- "Specify a network to announce via BGP\n"
+- "Network number\n"
+- "Network mask\n"
+- "Network mask\n"
+- "AS-Path hopcount limit attribute\n"
+- "AS-Pathlimit TTL, in number of AS-Path hops\n")
+-
+ DEFUN (bgp_network_mask_route_map,
+ bgp_network_mask_route_map_cmd,
+ "network A.B.C.D mask A.B.C.D route-map WORD",
+@@ -4143,7 +3963,7 @@ DEFUN (bgp_network_mask_route_map,
+ }
+
+ return bgp_static_set (vty, vty->index, prefix_str,
+- AFI_IP, bgp_node_safi (vty), argv[2], 0, 0);
++ AFI_IP, bgp_node_safi (vty), argv[2], 0);
+ }
+
+ DEFUN (bgp_network_mask_backdoor,
+@@ -4157,11 +3977,7 @@ DEFUN (bgp_network_mask_backdoor,
+ {
+ int ret;
+ char prefix_str[BUFSIZ];
+- u_char ttl = 0;
+
+- if (argc == 3)
+- VTY_GET_INTEGER_RANGE ("Pathlimit TTL", ttl, argv[2], 1, 255);
+-
+ ret = netmask_str2prefix_str (argv[0], argv[1], prefix_str);
+ if (! ret)
+ {
+@@ -4170,20 +3986,9 @@ DEFUN (bgp_network_mask_backdoor,
+ }
+
+ return bgp_static_set (vty, vty->index, prefix_str, AFI_IP, SAFI_UNICAST,
+- NULL, 1, ttl);
++ NULL, 1);
+ }
+
+-ALIAS (bgp_network_mask_backdoor,
+- bgp_network_mask_backdoor_ttl_cmd,
+- "network A.B.C.D mask A.B.C.D backdoor pathlimit <0-255>",
+- "Specify a network to announce via BGP\n"
+- "Network number\n"
+- "Network mask\n"
+- "Network mask\n"
+- "Specify a BGP backdoor route\n"
+- "AS-Path hopcount limit attribute\n"
+- "AS-Pathlimit TTL, in number of AS-Path hops\n")
+-
+ DEFUN (bgp_network_mask_natural,
+ bgp_network_mask_natural_cmd,
+ "network A.B.C.D",
+@@ -4192,10 +3997,6 @@ DEFUN (bgp_network_mask_natural,
+ {
+ int ret;
+ char prefix_str[BUFSIZ];
+- u_char ttl = 0;
+-
+- if (argc == 2)
+- VTY_GET_INTEGER_RANGE ("Pathlimit TTL", ttl, argv[1], 1, 255);
+
+ ret = netmask_str2prefix_str (argv[0], NULL, prefix_str);
+ if (! ret)
+@@ -4205,17 +4006,9 @@ DEFUN (bgp_network_mask_natural,
+ }
+
+ return bgp_static_set (vty, vty->index, prefix_str,
+- AFI_IP, bgp_node_safi (vty), NULL, 0, ttl);
++ AFI_IP, bgp_node_safi (vty), NULL, 0);
+ }
+
+-ALIAS (bgp_network_mask_natural,
+- bgp_network_mask_natural_ttl_cmd,
+- "network A.B.C.D pathlimit <0-255>",
+- "Specify a network to announce via BGP\n"
+- "Network number\n"
+- "AS-Path hopcount limit attribute\n"
+- "AS-Pathlimit TTL, in number of AS-Path hops\n")
+-
+ DEFUN (bgp_network_mask_natural_route_map,
+ bgp_network_mask_natural_route_map_cmd,
+ "network A.B.C.D route-map WORD",
+@@ -4235,7 +4028,7 @@ DEFUN (bgp_network_mask_natural_route_map,
+ }
+
+ return bgp_static_set (vty, vty->index, prefix_str,
+- AFI_IP, bgp_node_safi (vty), argv[1], 0, 0);
++ AFI_IP, bgp_node_safi (vty), argv[1], 0);
+ }
+
+ DEFUN (bgp_network_mask_natural_backdoor,
+@@ -4247,10 +4040,6 @@ DEFUN (bgp_network_mask_natural_backdoor,
+ {
+ int ret;
+ char prefix_str[BUFSIZ];
+- u_char ttl = 0;
+-
+- if (argc == 2)
+- VTY_GET_INTEGER_RANGE ("Pathlimit TTL", ttl, argv[1], 1, 255);
+
+ ret = netmask_str2prefix_str (argv[0], NULL, prefix_str);
+ if (! ret)
+@@ -4260,18 +4049,9 @@ DEFUN (bgp_network_mask_natural_backdoor,
+ }
+
+ return bgp_static_set (vty, vty->index, prefix_str, AFI_IP, SAFI_UNICAST,
+- NULL, 1, ttl);
++ NULL, 1);
+ }
+
+-ALIAS (bgp_network_mask_natural_backdoor,
+- bgp_network_mask_natural_backdoor_ttl_cmd,
+- "network A.B.C.D backdoor pathlimit (1-255>",
+- "Specify a network to announce via BGP\n"
+- "Network number\n"
+- "Specify a BGP backdoor route\n"
+- "AS-Path hopcount limit attribute\n"
+- "AS-Pathlimit TTL, in number of AS-Path hops\n")
+-
+ DEFUN (no_bgp_network,
+ no_bgp_network_cmd,
+ "no network A.B.C.D/M",
+@@ -4284,15 +4064,6 @@ DEFUN (no_bgp_network,
+ }
+
+ ALIAS (no_bgp_network,
+- no_bgp_network_ttl_cmd,
+- "no network A.B.C.D/M pathlimit <0-255>",
+- NO_STR
+- "Specify a network to announce via BGP\n"
+- "IP prefix <network>/<length>, e.g., 35.0.0.0/8\n"
+- "AS-Path hopcount limit attribute\n"
+- "AS-Pathlimit TTL, in number of AS-Path hops\n")
+-
+-ALIAS (no_bgp_network,
+ no_bgp_network_route_map_cmd,
+ "no network A.B.C.D/M route-map WORD",
+ NO_STR
+@@ -4309,16 +4080,6 @@ ALIAS (no_bgp_network,
+ "IP prefix <network>/<length>, e.g., 35.0.0.0/8\n"
+ "Specify a BGP backdoor route\n")
+
+-ALIAS (no_bgp_network,
+- no_bgp_network_backdoor_ttl_cmd,
+- "no network A.B.C.D/M backdoor pathlimit <0-255>",
+- NO_STR
+- "Specify a network to announce via BGP\n"
+- "IP prefix <network>/<length>, e.g., 35.0.0.0/8\n"
+- "Specify a BGP backdoor route\n"
+- "AS-Path hopcount limit attribute\n"
+- "AS-Pathlimit TTL, in number of AS-Path hops\n")
+-
+ DEFUN (no_bgp_network_mask,
+ no_bgp_network_mask_cmd,
+ "no network A.B.C.D mask A.B.C.D",
+@@ -4342,17 +4103,6 @@ DEFUN (no_bgp_network_mask,
+ bgp_node_safi (vty));
+ }
+
+-ALIAS (no_bgp_network,
+- no_bgp_network_mask_ttl_cmd,
+- "no network A.B.C.D mask A.B.C.D pathlimit <0-255>",
+- NO_STR
+- "Specify a network to announce via BGP\n"
+- "Network number\n"
+- "Network mask\n"
+- "Network mask\n"
+- "AS-Path hopcount limit attribute\n"
+- "AS-Pathlimit TTL, in number of AS-Path hops\n")
+-
+ ALIAS (no_bgp_network_mask,
+ no_bgp_network_mask_route_map_cmd,
+ "no network A.B.C.D mask A.B.C.D route-map WORD",
+@@ -4374,18 +4124,6 @@ ALIAS (no_bgp_network_mask,
+ "Network mask\n"
+ "Specify a BGP backdoor route\n")
+
+-ALIAS (no_bgp_network_mask,
+- no_bgp_network_mask_backdoor_ttl_cmd,
+- "no network A.B.C.D mask A.B.C.D backdoor pathlimit <0-255>",
+- NO_STR
+- "Specify a network to announce via BGP\n"
+- "Network number\n"
+- "Network mask\n"
+- "Network mask\n"
+- "Specify a BGP backdoor route\n"
+- "AS-Path hopcount limit attribute\n"
+- "AS-Pathlimit TTL, in number of AS-Path hops\n")
+-
+ DEFUN (no_bgp_network_mask_natural,
+ no_bgp_network_mask_natural_cmd,
+ "no network A.B.C.D",
+@@ -4424,25 +4162,6 @@ ALIAS (no_bgp_network_mask_natural,
+ "Network number\n"
+ "Specify a BGP backdoor route\n")
+
+-ALIAS (no_bgp_network_mask_natural,
+- no_bgp_network_mask_natural_ttl_cmd,
+- "no network A.B.C.D pathlimit <0-255>",
+- NO_STR
+- "Specify a network to announce via BGP\n"
+- "Network number\n"
+- "AS-Path hopcount limit attribute\n"
+- "AS-Pathlimit TTL, in number of AS-Path hops\n")
+-
+-ALIAS (no_bgp_network_mask_natural,
+- no_bgp_network_mask_natural_backdoor_ttl_cmd,
+- "no network A.B.C.D backdoor pathlimit <0-255>",
+- NO_STR
+- "Specify a network to announce via BGP\n"
+- "Network number\n"
+- "Specify a BGP backdoor route\n"
+- "AS-Path hopcount limit attribute\n"
+- "AS-Pathlimit TTL, in number of AS-Path hops\n")
+-
+ #ifdef HAVE_IPV6
+ DEFUN (ipv6_bgp_network,
+ ipv6_bgp_network_cmd,
+@@ -4450,23 +4169,10 @@ DEFUN (ipv6_bgp_network,
+ "Specify a network to announce via BGP\n"
+ "IPv6 prefix <network>/<length>\n")
+ {
+- u_char ttl = 0;
+-
+- if (argc == 2)
+- VTY_GET_INTEGER_RANGE ("Pathlimit TTL", ttl, argv[1], 1, 255);
+-
+ return bgp_static_set (vty, vty->index, argv[0], AFI_IP6, SAFI_UNICAST,
+- NULL, 0, ttl);
++ NULL, 0);
+ }
+
+-ALIAS (ipv6_bgp_network,
+- ipv6_bgp_network_ttl_cmd,
+- "network X:X::X:X/M pathlimit <0-255>",
+- "Specify a network to announce via BGP\n"
+- "IPv6 prefix <network>/<length>\n"
+- "AS-Path hopcount limit attribute\n"
+- "AS-Pathlimit TTL, in number of AS-Path hops\n")
+-
+ DEFUN (ipv6_bgp_network_route_map,
+ ipv6_bgp_network_route_map_cmd,
+ "network X:X::X:X/M route-map WORD",
+@@ -4476,7 +4182,7 @@ DEFUN (ipv6_bgp_network_route_map,
+ "Name of the route map\n")
+ {
+ return bgp_static_set (vty, vty->index, argv[0], AFI_IP6,
+- bgp_node_safi (vty), argv[1], 0, 0);
++ bgp_node_safi (vty), argv[1], 0);
+ }
+
+ DEFUN (no_ipv6_bgp_network,
+@@ -4498,15 +4204,6 @@ ALIAS (no_ipv6_bgp_network,
+ "Route-map to modify the attributes\n"
+ "Name of the route map\n")
+
+-ALIAS (no_ipv6_bgp_network,
+- no_ipv6_bgp_network_ttl_cmd,
+- "no network X:X::X:X/M pathlimit <0-255>",
+- NO_STR
+- "Specify a network to announce via BGP\n"
+- "IPv6 prefix <network>/<length>\n"
+- "AS-Path hopcount limit attribute\n"
+- "AS-Pathlimit TTL, in number of AS-Path hops\n")
+-
+ ALIAS (ipv6_bgp_network,
+ old_ipv6_bgp_network_cmd,
+ "ipv6 bgp network X:X::X:X/M",
+@@ -4524,6 +4221,127 @@ ALIAS (no_ipv6_bgp_network,
+ "Specify a network to announce via BGP\n"
+ "IPv6 prefix <network>/<length>, e.g., 3ffe::/16\n")
+ #endif /* HAVE_IPV6 */
++
++/* stubs for removed AS-Pathlimit commands, kept for config compatibility */
++ALIAS_DEPRECATED (bgp_network,
++ bgp_network_ttl_cmd,
++ "network A.B.C.D/M pathlimit <0-255>",
++ "Specify a network to announce via BGP\n"
++ "IP prefix <network>/<length>, e.g., 35.0.0.0/8\n"
++ "AS-Path hopcount limit attribute\n"
++ "AS-Pathlimit TTL, in number of AS-Path hops\n")
++ALIAS_DEPRECATED (bgp_network_backdoor,
++ bgp_network_backdoor_ttl_cmd,
++ "network A.B.C.D/M backdoor pathlimit <0-255>",
++ "Specify a network to announce via BGP\n"
++ "IP prefix <network>/<length>, e.g., 35.0.0.0/8\n"
++ "Specify a BGP backdoor route\n"
++ "AS-Path hopcount limit attribute\n"
++ "AS-Pathlimit TTL, in number of AS-Path hops\n")
++ALIAS_DEPRECATED (bgp_network_mask,
++ bgp_network_mask_ttl_cmd,
++ "network A.B.C.D mask A.B.C.D pathlimit <0-255>",
++ "Specify a network to announce via BGP\n"
++ "Network number\n"
++ "Network mask\n"
++ "Network mask\n"
++ "AS-Path hopcount limit attribute\n"
++ "AS-Pathlimit TTL, in number of AS-Path hops\n")
++ALIAS_DEPRECATED (bgp_network_mask_backdoor,
++ bgp_network_mask_backdoor_ttl_cmd,
++ "network A.B.C.D mask A.B.C.D backdoor pathlimit <0-255>",
++ "Specify a network to announce via BGP\n"
++ "Network number\n"
++ "Network mask\n"
++ "Network mask\n"
++ "Specify a BGP backdoor route\n"
++ "AS-Path hopcount limit attribute\n"
++ "AS-Pathlimit TTL, in number of AS-Path hops\n")
++ALIAS_DEPRECATED (bgp_network_mask_natural,
++ bgp_network_mask_natural_ttl_cmd,
++ "network A.B.C.D pathlimit <0-255>",
++ "Specify a network to announce via BGP\n"
++ "Network number\n"
++ "AS-Path hopcount limit attribute\n"
++ "AS-Pathlimit TTL, in number of AS-Path hops\n")
++ALIAS_DEPRECATED (bgp_network_mask_natural_backdoor,
++ bgp_network_mask_natural_backdoor_ttl_cmd,
++ "network A.B.C.D backdoor pathlimit (1-255>",
++ "Specify a network to announce via BGP\n"
++ "Network number\n"
++ "Specify a BGP backdoor route\n"
++ "AS-Path hopcount limit attribute\n"
++ "AS-Pathlimit TTL, in number of AS-Path hops\n")
++ALIAS_DEPRECATED (no_bgp_network,
++ no_bgp_network_ttl_cmd,
++ "no network A.B.C.D/M pathlimit <0-255>",
++ NO_STR
++ "Specify a network to announce via BGP\n"
++ "IP prefix <network>/<length>, e.g., 35.0.0.0/8\n"
++ "AS-Path hopcount limit attribute\n"
++ "AS-Pathlimit TTL, in number of AS-Path hops\n")
++ALIAS_DEPRECATED (no_bgp_network,
++ no_bgp_network_backdoor_ttl_cmd,
++ "no network A.B.C.D/M backdoor pathlimit <0-255>",
++ NO_STR
++ "Specify a network to announce via BGP\n"
++ "IP prefix <network>/<length>, e.g., 35.0.0.0/8\n"
++ "Specify a BGP backdoor route\n"
++ "AS-Path hopcount limit attribute\n"
++ "AS-Pathlimit TTL, in number of AS-Path hops\n")
++ALIAS_DEPRECATED (no_bgp_network,
++ no_bgp_network_mask_ttl_cmd,
++ "no network A.B.C.D mask A.B.C.D pathlimit <0-255>",
++ NO_STR
++ "Specify a network to announce via BGP\n"
++ "Network number\n"
++ "Network mask\n"
++ "Network mask\n"
++ "AS-Path hopcount limit attribute\n"
++ "AS-Pathlimit TTL, in number of AS-Path hops\n")
++ALIAS_DEPRECATED (no_bgp_network_mask,
++ no_bgp_network_mask_backdoor_ttl_cmd,
++ "no network A.B.C.D mask A.B.C.D backdoor pathlimit <0-255>",
++ NO_STR
++ "Specify a network to announce via BGP\n"
++ "Network number\n"
++ "Network mask\n"
++ "Network mask\n"
++ "Specify a BGP backdoor route\n"
++ "AS-Path hopcount limit attribute\n"
++ "AS-Pathlimit TTL, in number of AS-Path hops\n")
++ALIAS_DEPRECATED (no_bgp_network_mask_natural,
++ no_bgp_network_mask_natural_ttl_cmd,
++ "no network A.B.C.D pathlimit <0-255>",
++ NO_STR
++ "Specify a network to announce via BGP\n"
++ "Network number\n"
++ "AS-Path hopcount limit attribute\n"
++ "AS-Pathlimit TTL, in number of AS-Path hops\n")
++ALIAS_DEPRECATED (no_bgp_network_mask_natural,
++ no_bgp_network_mask_natural_backdoor_ttl_cmd,
++ "no network A.B.C.D backdoor pathlimit <0-255>",
++ NO_STR
++ "Specify a network to announce via BGP\n"
++ "Network number\n"
++ "Specify a BGP backdoor route\n"
++ "AS-Path hopcount limit attribute\n"
++ "AS-Pathlimit TTL, in number of AS-Path hops\n")
++ALIAS_DEPRECATED (ipv6_bgp_network,
++ ipv6_bgp_network_ttl_cmd,
++ "network X:X::X:X/M pathlimit <0-255>",
++ "Specify a network to announce via BGP\n"
++ "IPv6 prefix <network>/<length>\n"
++ "AS-Path hopcount limit attribute\n"
++ "AS-Pathlimit TTL, in number of AS-Path hops\n")
++ALIAS_DEPRECATED (no_ipv6_bgp_network,
++ no_ipv6_bgp_network_ttl_cmd,
++ "no network X:X::X:X/M pathlimit <0-255>",
++ NO_STR
++ "Specify a network to announce via BGP\n"
++ "IPv6 prefix <network>/<length>\n"
++ "AS-Path hopcount limit attribute\n"
++ "AS-Pathlimit TTL, in number of AS-Path hops\n")
+
+ /* Aggreagete address:
+
+@@ -6130,17 +5948,6 @@ route_vty_out_detail (struct vty *vty, struct bgp *bgp, struct prefix *p,
+ vty_out (vty, "%s", VTY_NEWLINE);
+ }
+
+- /* 7: AS Pathlimit */
+- if (attr->flag & ATTR_FLAG_BIT(BGP_ATTR_AS_PATHLIMIT))
+- {
+-
+- vty_out (vty, " AS-Pathlimit: %u",
+- attr->pathlimit.ttl);
+- if (attr->pathlimit.as)
+- vty_out (vty, " (%u)", attr->pathlimit.as);
+- vty_out (vty, "%s", VTY_NEWLINE);
+- }
+-
+ if (binfo->extra && binfo->extra->damp_info)
+ bgp_damp_info_vty (vty, binfo);
+
+@@ -11548,8 +11355,6 @@ bgp_config_write_network (struct vty *vty, struct bgp *bgp,
+ {
+ if (bgp_static->backdoor)
+ vty_out (vty, " backdoor");
+- if (bgp_static->ttl)
+- vty_out (vty, " pathlimit %u", bgp_static->ttl);
+ }
+
+ vty_out (vty, "%s", VTY_NEWLINE);
+@@ -11638,12 +11443,6 @@ bgp_route_init (void)
+ install_element (BGP_NODE, &bgp_network_backdoor_cmd);
+ install_element (BGP_NODE, &bgp_network_mask_backdoor_cmd);
+ install_element (BGP_NODE, &bgp_network_mask_natural_backdoor_cmd);
+- install_element (BGP_NODE, &bgp_network_ttl_cmd);
+- install_element (BGP_NODE, &bgp_network_mask_ttl_cmd);
+- install_element (BGP_NODE, &bgp_network_mask_natural_ttl_cmd);
+- install_element (BGP_NODE, &bgp_network_backdoor_ttl_cmd);
+- install_element (BGP_NODE, &bgp_network_mask_backdoor_ttl_cmd);
+- install_element (BGP_NODE, &bgp_network_mask_natural_backdoor_ttl_cmd);
+ install_element (BGP_NODE, &no_bgp_network_cmd);
+ install_element (BGP_NODE, &no_bgp_network_mask_cmd);
+ install_element (BGP_NODE, &no_bgp_network_mask_natural_cmd);
+@@ -11653,12 +11452,6 @@ bgp_route_init (void)
+ install_element (BGP_NODE, &no_bgp_network_backdoor_cmd);
+ install_element (BGP_NODE, &no_bgp_network_mask_backdoor_cmd);
+ install_element (BGP_NODE, &no_bgp_network_mask_natural_backdoor_cmd);
+- install_element (BGP_NODE, &no_bgp_network_ttl_cmd);
+- install_element (BGP_NODE, &no_bgp_network_mask_ttl_cmd);
+- install_element (BGP_NODE, &no_bgp_network_mask_natural_ttl_cmd);
+- install_element (BGP_NODE, &no_bgp_network_backdoor_ttl_cmd);
+- install_element (BGP_NODE, &no_bgp_network_mask_backdoor_ttl_cmd);
+- install_element (BGP_NODE, &no_bgp_network_mask_natural_backdoor_ttl_cmd);
+
+ install_element (BGP_NODE, &aggregate_address_cmd);
+ install_element (BGP_NODE, &aggregate_address_mask_cmd);
+@@ -11688,23 +11481,13 @@ bgp_route_init (void)
+ install_element (BGP_IPV4_NODE, &bgp_network_route_map_cmd);
+ install_element (BGP_IPV4_NODE, &bgp_network_mask_route_map_cmd);
+ install_element (BGP_IPV4_NODE, &bgp_network_mask_natural_route_map_cmd);
+- install_element (BGP_IPV4_NODE, &bgp_network_ttl_cmd);
+- install_element (BGP_IPV4_NODE, &bgp_network_mask_ttl_cmd);
+- install_element (BGP_IPV4_NODE, &bgp_network_mask_natural_ttl_cmd);
+- install_element (BGP_IPV4_NODE, &bgp_network_backdoor_ttl_cmd);
+- install_element (BGP_IPV4_NODE, &bgp_network_mask_backdoor_ttl_cmd);
+- install_element (BGP_IPV4_NODE, &bgp_network_mask_natural_backdoor_ttl_cmd); install_element (BGP_IPV4_NODE, &no_bgp_network_cmd);
++ install_element (BGP_IPV4_NODE, &no_bgp_network_cmd);
+ install_element (BGP_IPV4_NODE, &no_bgp_network_mask_cmd);
+ install_element (BGP_IPV4_NODE, &no_bgp_network_mask_natural_cmd);
+ install_element (BGP_IPV4_NODE, &no_bgp_network_route_map_cmd);
+ install_element (BGP_IPV4_NODE, &no_bgp_network_mask_route_map_cmd);
+ install_element (BGP_IPV4_NODE, &no_bgp_network_mask_natural_route_map_cmd);
+- install_element (BGP_IPV4_NODE, &no_bgp_network_ttl_cmd);
+- install_element (BGP_IPV4_NODE, &no_bgp_network_mask_ttl_cmd);
+- install_element (BGP_IPV4_NODE, &no_bgp_network_mask_natural_ttl_cmd);
+- install_element (BGP_IPV4_NODE, &no_bgp_network_backdoor_ttl_cmd);
+- install_element (BGP_IPV4_NODE, &no_bgp_network_mask_backdoor_ttl_cmd);
+- install_element (BGP_IPV4_NODE, &no_bgp_network_mask_natural_backdoor_ttl_cmd); install_element (BGP_IPV4_NODE, &no_bgp_network_cmd);
++
+ install_element (BGP_IPV4_NODE, &aggregate_address_cmd);
+ install_element (BGP_IPV4_NODE, &aggregate_address_mask_cmd);
+ install_element (BGP_IPV4_NODE, &aggregate_address_summary_only_cmd);
+@@ -11733,24 +11516,12 @@ bgp_route_init (void)
+ install_element (BGP_IPV4M_NODE, &bgp_network_route_map_cmd);
+ install_element (BGP_IPV4M_NODE, &bgp_network_mask_route_map_cmd);
+ install_element (BGP_IPV4M_NODE, &bgp_network_mask_natural_route_map_cmd);
+- install_element (BGP_IPV4M_NODE, &bgp_network_ttl_cmd);
+- install_element (BGP_IPV4M_NODE, &bgp_network_mask_ttl_cmd);
+- install_element (BGP_IPV4M_NODE, &bgp_network_mask_natural_ttl_cmd);
+- install_element (BGP_IPV4M_NODE, &bgp_network_backdoor_ttl_cmd);
+- install_element (BGP_IPV4M_NODE, &bgp_network_mask_backdoor_ttl_cmd);
+- install_element (BGP_IPV4M_NODE, &bgp_network_mask_natural_backdoor_ttl_cmd); install_element (BGP_IPV4_NODE, &no_bgp_network_cmd);
+ install_element (BGP_IPV4M_NODE, &no_bgp_network_cmd);
+ install_element (BGP_IPV4M_NODE, &no_bgp_network_mask_cmd);
+ install_element (BGP_IPV4M_NODE, &no_bgp_network_mask_natural_cmd);
+ install_element (BGP_IPV4M_NODE, &no_bgp_network_route_map_cmd);
+ install_element (BGP_IPV4M_NODE, &no_bgp_network_mask_route_map_cmd);
+ install_element (BGP_IPV4M_NODE, &no_bgp_network_mask_natural_route_map_cmd);
+- install_element (BGP_IPV4M_NODE, &no_bgp_network_ttl_cmd);
+- install_element (BGP_IPV4M_NODE, &no_bgp_network_mask_ttl_cmd);
+- install_element (BGP_IPV4M_NODE, &no_bgp_network_mask_natural_ttl_cmd);
+- install_element (BGP_IPV4M_NODE, &no_bgp_network_backdoor_ttl_cmd);
+- install_element (BGP_IPV4M_NODE, &no_bgp_network_mask_backdoor_ttl_cmd);
+- install_element (BGP_IPV4M_NODE, &no_bgp_network_mask_natural_backdoor_ttl_cmd); install_element (BGP_IPV4_NODE, &no_bgp_network_cmd);
+ install_element (BGP_IPV4M_NODE, &aggregate_address_cmd);
+ install_element (BGP_IPV4M_NODE, &aggregate_address_mask_cmd);
+ install_element (BGP_IPV4M_NODE, &aggregate_address_summary_only_cmd);
+@@ -11971,10 +11742,8 @@ bgp_route_init (void)
+ /* New config IPv6 BGP commands. */
+ install_element (BGP_IPV6_NODE, &ipv6_bgp_network_cmd);
+ install_element (BGP_IPV6_NODE, &ipv6_bgp_network_route_map_cmd);
+- install_element (BGP_IPV6_NODE, &ipv6_bgp_network_ttl_cmd);
+ install_element (BGP_IPV6_NODE, &no_ipv6_bgp_network_cmd);
+ install_element (BGP_IPV6_NODE, &no_ipv6_bgp_network_route_map_cmd);
+- install_element (BGP_IPV6_NODE, &no_ipv6_bgp_network_ttl_cmd);
+
+ install_element (BGP_IPV6_NODE, &ipv6_aggregate_address_cmd);
+ install_element (BGP_IPV6_NODE, &ipv6_aggregate_address_summary_only_cmd);
+@@ -12293,6 +12062,52 @@ bgp_route_init (void)
+ install_element (BGP_IPV4_NODE, &bgp_damp_set3_cmd);
+ install_element (BGP_IPV4_NODE, &bgp_damp_unset_cmd);
+ install_element (BGP_IPV4_NODE, &bgp_damp_unset2_cmd);
++
++ /* Deprecated AS-Pathlimit commands */
++ install_element (BGP_NODE, &bgp_network_ttl_cmd);
++ install_element (BGP_NODE, &bgp_network_mask_ttl_cmd);
++ install_element (BGP_NODE, &bgp_network_mask_natural_ttl_cmd);
++ install_element (BGP_NODE, &bgp_network_backdoor_ttl_cmd);
++ install_element (BGP_NODE, &bgp_network_mask_backdoor_ttl_cmd);
++ install_element (BGP_NODE, &bgp_network_mask_natural_backdoor_ttl_cmd);
++
++ install_element (BGP_NODE, &no_bgp_network_ttl_cmd);
++ install_element (BGP_NODE, &no_bgp_network_mask_ttl_cmd);
++ install_element (BGP_NODE, &no_bgp_network_mask_natural_ttl_cmd);
++ install_element (BGP_NODE, &no_bgp_network_backdoor_ttl_cmd);
++ install_element (BGP_NODE, &no_bgp_network_mask_backdoor_ttl_cmd);
++ install_element (BGP_NODE, &no_bgp_network_mask_natural_backdoor_ttl_cmd);
++
++ install_element (BGP_IPV4_NODE, &bgp_network_ttl_cmd);
++ install_element (BGP_IPV4_NODE, &bgp_network_mask_ttl_cmd);
++ install_element (BGP_IPV4_NODE, &bgp_network_mask_natural_ttl_cmd);
++ install_element (BGP_IPV4_NODE, &bgp_network_backdoor_ttl_cmd);
++ install_element (BGP_IPV4_NODE, &bgp_network_mask_backdoor_ttl_cmd);
++ install_element (BGP_IPV4_NODE, &bgp_network_mask_natural_backdoor_ttl_cmd);
++
++ install_element (BGP_IPV4_NODE, &no_bgp_network_ttl_cmd);
++ install_element (BGP_IPV4_NODE, &no_bgp_network_mask_ttl_cmd);
++ install_element (BGP_IPV4_NODE, &no_bgp_network_mask_natural_ttl_cmd);
++ install_element (BGP_IPV4_NODE, &no_bgp_network_backdoor_ttl_cmd);
++ install_element (BGP_IPV4_NODE, &no_bgp_network_mask_backdoor_ttl_cmd);
++ install_element (BGP_IPV4_NODE, &no_bgp_network_mask_natural_backdoor_ttl_cmd);
++
++ install_element (BGP_IPV4M_NODE, &bgp_network_ttl_cmd);
++ install_element (BGP_IPV4M_NODE, &bgp_network_mask_ttl_cmd);
++ install_element (BGP_IPV4M_NODE, &bgp_network_mask_natural_ttl_cmd);
++ install_element (BGP_IPV4M_NODE, &bgp_network_backdoor_ttl_cmd);
++ install_element (BGP_IPV4M_NODE, &bgp_network_mask_backdoor_ttl_cmd);
++ install_element (BGP_IPV4M_NODE, &bgp_network_mask_natural_backdoor_ttl_cmd);
++
++ install_element (BGP_IPV4M_NODE, &no_bgp_network_ttl_cmd);
++ install_element (BGP_IPV4M_NODE, &no_bgp_network_mask_ttl_cmd);
++ install_element (BGP_IPV4M_NODE, &no_bgp_network_mask_natural_ttl_cmd);
++ install_element (BGP_IPV4M_NODE, &no_bgp_network_backdoor_ttl_cmd);
++ install_element (BGP_IPV4M_NODE, &no_bgp_network_mask_backdoor_ttl_cmd);
++ install_element (BGP_IPV4M_NODE, &no_bgp_network_mask_natural_backdoor_ttl_cmd);
++
++ install_element (BGP_IPV6_NODE, &ipv6_bgp_network_ttl_cmd);
++ install_element (BGP_IPV6_NODE, &no_ipv6_bgp_network_ttl_cmd);
+ }
+
+ void
+diff --git a/bgpd/bgp_route.h b/bgpd/bgp_route.h
+index 5eed348..3e52859 100644
+--- bgpd/bgp_route.h
++++ bgpd/bgp_route.h
+@@ -116,9 +116,6 @@ struct bgp_static
+
+ /* MPLS label. */
+ u_char tag[3];
+-
+- /* AS-Pathlimit TTL */
+- u_char ttl;
+ };
+
+ /* Flags which indicate a route is unuseable in some form */
+diff --git a/bgpd/bgp_routemap.c b/bgpd/bgp_routemap.c
+index aa7dbce..81ff48d 100644
+--- bgpd/bgp_routemap.c
++++ bgpd/bgp_routemap.c
+@@ -92,107 +92,15 @@ o Cisco route-map
+ origin : Done
+ tag : (This will not be implemented by bgpd)
+ weight : Done
+- pathlimit : Done
+
+ o Local extention
+
+ set ipv6 next-hop global: Done
+ set ipv6 next-hop local : Done
+- set pathlimit ttl : Done
+ set as-path exclude : Done
+- match pathlimit as : Done
+
+ */
+
+-/* Compiles either AS or TTL argument. It is amused the VTY code
+- * has already range-checked the values to be suitable as TTL or ASN
+- */
+-static void *
+-route_pathlimit_compile (const char *arg)
+-{
+- unsigned long tmp;
+- u_int32_t *val;
+- char *endptr = NULL;
+-
+- /* TTL or AS value shoud be integer. */
+- if (! all_digit (arg))
+- return NULL;
+-
+- tmp = strtoul (arg, &endptr, 10);
+- if (*endptr != '\0' || tmp == ULONG_MAX || tmp > UINT32_MAX)
+- return NULL;
+-
+- if (!(val = XMALLOC (MTYPE_ROUTE_MAP_COMPILED, sizeof (u_int32_t))))
+- return NULL;
+-
+- *val = tmp;
+-
+- return val;
+-}
+-
+-static void
+-route_pathlimit_free (void *rule)
+-{
+- XFREE (MTYPE_ROUTE_MAP_COMPILED, rule);
+-}
+-
+-static route_map_result_t
+-route_match_pathlimit_as (void *rule, struct prefix *prefix, route_map_object_t type,
+- void *object)
+-{
+- struct bgp_info *info = object;
+- struct attr *attr = info->attr;
+- uint32_t as = *(uint32_t *)rule;
+-
+- if (type != RMAP_BGP)
+- return RMAP_NOMATCH;
+-
+- if (!attr->pathlimit.as)
+- return RMAP_NOMATCH;
+-
+- if (as == attr->pathlimit.as)
+- return RMAP_MATCH;
+-
+- return RMAP_NOMATCH;
+-}
+-
+-/* 'match pathlimit as' */
+-struct route_map_rule_cmd route_match_pathlimit_as_cmd =
+-{
+- "pathlimit as",
+- route_match_pathlimit_as,
+- route_pathlimit_compile,
+- route_pathlimit_free
+-};
+-
+-/* Set pathlimit TTL. */
+-static route_map_result_t
+-route_set_pathlimit_ttl (void *rule, struct prefix *prefix,
+- route_map_object_t type, void *object)
+-{
+- struct bgp_info *info = object;
+- struct attr *attr = info->attr;
+- u_char ttl = *(uint32_t *)rule;
+-
+- if (type == RMAP_BGP)
+- {
+- attr->flag |= ATTR_FLAG_BIT (BGP_ATTR_AS_PATHLIMIT);
+- attr->pathlimit.ttl = ttl;
+- attr->pathlimit.as = 0;
+- }
+-
+- return RMAP_OKAY;
+-}
+-
+-/* Set local preference rule structure. */
+-struct route_map_rule_cmd route_set_pathlimit_ttl_cmd =
+-{
+- "pathlimit ttl",
+- route_set_pathlimit_ttl,
+- route_pathlimit_compile,
+- route_pathlimit_free,
+-};
+-
+ /* 'match peer (A.B.C.D|X:X::X:X)' */
+
+ /* Compares the peer specified in the 'match peer' clause with the peer
+@@ -3743,17 +3651,17 @@ ALIAS (no_set_originator_id,
+ "BGP originator ID attribute\n"
+ "IP address of originator\n")
+
+-DEFUN (set_pathlimit_ttl,
++DEFUN_DEPRECATED (set_pathlimit_ttl,
+ set_pathlimit_ttl_cmd,
+ "set pathlimit ttl <1-255>",
+ SET_STR
+ "BGP AS-Pathlimit attribute\n"
+ "Set AS-Path Hop-count TTL\n")
+ {
+- return bgp_route_set_add (vty, vty->index, "pathlimit ttl", argv[0]);
++ return CMD_SUCCESS;
+ }
+
+-DEFUN (no_set_pathlimit_ttl,
++DEFUN_DEPRECATED (no_set_pathlimit_ttl,
+ no_set_pathlimit_ttl_cmd,
+ "no set pathlimit ttl",
+ NO_STR
+@@ -3761,10 +3669,7 @@ DEFUN (no_set_pathlimit_ttl,
+ "BGP AS-Pathlimit attribute\n"
+ "Set AS-Path Hop-count TTL\n")
+ {
+- if (argc == 0)
+- return bgp_route_set_delete (vty, vty->index, "pathlimit ttl", NULL);
+-
+- return bgp_route_set_delete (vty, vty->index, "pathlimit ttl", argv[0]);
++ return CMD_SUCCESS;
+ }
+
+ ALIAS (no_set_pathlimit_ttl,
+@@ -3775,17 +3680,17 @@ ALIAS (no_set_pathlimit_ttl,
+ "BGP AS-Pathlimit attribute\n"
+ "Set AS-Path Hop-count TTL\n")
+
+-DEFUN (match_pathlimit_as,
++DEFUN_DEPRECATED (match_pathlimit_as,
+ match_pathlimit_as_cmd,
+ "match pathlimit as <1-65535>",
+ MATCH_STR
+ "BGP AS-Pathlimit attribute\n"
+ "Match Pathlimit AS number\n")
+ {
+- return bgp_route_match_add (vty, vty->index, "pathlimit as", argv[0]);
++ return CMD_SUCCESS;
+ }
+
+-DEFUN (no_match_pathlimit_as,
++DEFUN_DEPRECATED (no_match_pathlimit_as,
+ no_match_pathlimit_as_cmd,
+ "no match pathlimit as",
+ NO_STR
+@@ -3793,10 +3698,7 @@ DEFUN (no_match_pathlimit_as,
+ "BGP AS-Pathlimit attribute\n"
+ "Match Pathlimit AS number\n")
+ {
+- if (argc == 0)
+- return bgp_route_match_delete (vty, vty->index, "pathlimit as", NULL);
+-
+- return bgp_route_match_delete (vty, vty->index, "pathlimit as", argv[0]);
++ return CMD_SUCCESS;
+ }
+
+ ALIAS (no_match_pathlimit_as,
+@@ -3959,10 +3861,9 @@ bgp_route_map_init (void)
+ install_element (RMAP_NODE, &no_set_ipv6_nexthop_local_val_cmd);
+ #endif /* HAVE_IPV6 */
+
+- /* AS-Pathlimit */
+- route_map_install_match (&route_match_pathlimit_as_cmd);
+- route_map_install_set (&route_set_pathlimit_ttl_cmd);
+-
++ /* AS-Pathlimit: functionality removed, commands kept for
++ * compatibility.
++ */
+ install_element (RMAP_NODE, &set_pathlimit_ttl_cmd);
+ install_element (RMAP_NODE, &no_set_pathlimit_ttl_cmd);
+ install_element (RMAP_NODE, &no_set_pathlimit_ttl_val_cmd);
+diff --git a/doc/bgpd.texi b/doc/bgpd.texi
+index 40156b7..e746330 100644
+--- doc/bgpd.texi
++++ doc/bgpd.texi
+@@ -149,29 +149,6 @@ routes if they aren't present in their IGP routing tables; @code{bgpd}
+ doesn't care about IGP routes when announcing its routes.
+ @end deffn
+
+-@deffn {BGP} {network @var{A.B.C.D/M} pathlimit <0-255>} {}
+-This command configures a route to be originated into BGP, just as with the
+-previous command, but additionally sets an AS-Pathlimit TTL to be advertised
+-on the route. See draft-ietf-idr-as-pathlimit.
+-
+-Specifying a TTL of 0 can be used to remove pathlimit from a previously
+-configured network statement.
+-
+-Note that when advertising prefixes with AS-Pathlimit set, all less-specific
+-prefixes advertised SHOULD also have the Atomic-Aggregate attribute set.
+-Failure to do so increases the risks of accidental routing loops occuring.
+-
+-This implementation will try to automatically set Atomic-Aggregate as
+-appropriate on any less-specific prefixes originated by the same speaker,
+-however it will not (and often can not) do so where @b{other} speakers in
+-the AS are originating more specifics.
+-
+-Hence the system administrator must take care to ensure that all
+-less-specific prefixes originated carry atomic-aggregate as appropriate, by
+-manually configuring speakers originating less-specifics to set
+-Atomic-Aggregate on those advertisements!
+-@end deffn
+-
+ @deffn {BGP} {no network @var{A.B.C.D/M}} {}
+ @end deffn
+
+diff --git a/doc/routemap.texi b/doc/routemap.texi
+index 9ac001c..db3e72d 100644
+--- doc/routemap.texi
++++ doc/routemap.texi
+@@ -155,10 +155,6 @@ Matches the specified @var{metric}.
+ Matches the specified @var{community_list}
+ @end deffn
+
+-@deffn {Route-map Command} {match pathlimit as @var{ASN}} {}
+-Matches the specified AS-Pathlimit @var{ASN}.
+-@end deffn
+-
+ @node Route Map Set Command
+ @section Route Map Set Command
+
+@@ -194,16 +190,6 @@ Set the BGP-4+ global IPv6 nexthop address.
+ Set the BGP-4+ link local IPv6 nexthop address.
+ @end deffn
+
+-@deffn {Route-map Command} {set pathlimit ttl @var{ttl}} {}
+-Sets the specified AS-Pathlimit @var{ttl} on the route. This will also cause
+-the AS to be set to the local AS.
+-
+-Note that the AS-Pathlimit RFC specifies that speakers advertising this
+-attribute should set Atomic-aggregate on all less specific routes. Setting
+-AS-Pathlimit by route-map does not do this, the user must do so themselves,
+-as they wish.
+-@end deffn
+-
+ @node Route Map Call Command
+ @section Route Map Call Command
+