diff options
author | sem <sem@FreeBSD.org> | 2011-04-02 01:47:00 +0800 |
---|---|---|
committer | sem <sem@FreeBSD.org> | 2011-04-02 01:47:00 +0800 |
commit | d7a5c41e6c91cb69f3077bddaed716da9b755acb (patch) | |
tree | e9d133d0401a84c299964792f4ccd7217f040e06 | |
parent | 92eccaa68c6a681e3ffd2f4c75cd516feb9b5438 (diff) | |
download | freebsd-ports-gnome-d7a5c41e6c91cb69f3077bddaed716da9b755acb.tar.gz freebsd-ports-gnome-d7a5c41e6c91cb69f3077bddaed716da9b755acb.tar.zst freebsd-ports-gnome-d7a5c41e6c91cb69f3077bddaed716da9b755acb.zip |
- security patches for CVE-2010-1674, CVE-2010-1645.
Approved by: maintainer
-rw-r--r-- | net/quagga/Makefile | 2 | ||||
-rw-r--r-- | net/quagga/files/patch-CVE-2010-1674 | 67 | ||||
-rw-r--r-- | net/quagga/files/patch-CVE-2010-1675 | 1296 |
3 files changed, 1364 insertions, 1 deletions
diff --git a/net/quagga/Makefile b/net/quagga/Makefile index e98bb55d5d75..7ad09e4ba56f 100644 --- a/net/quagga/Makefile +++ b/net/quagga/Makefile @@ -7,7 +7,7 @@ PORTNAME= quagga PORTVERSION= 0.99.17 -PORTREVISION= 5 +PORTREVISION= 6 CATEGORIES= net ipv6 MASTER_SITES= http://quagga.net/download/ \ http://www.ru.quagga.net/download/ \ diff --git a/net/quagga/files/patch-CVE-2010-1674 b/net/quagga/files/patch-CVE-2010-1674 new file mode 100644 index 000000000000..6ff20eff5485 --- /dev/null +++ b/net/quagga/files/patch-CVE-2010-1674 @@ -0,0 +1,67 @@ +commit ca0f29480d22837f99b9ac42cf64a8d656bfcac5 +Author: Paul Jakma <paul@quagga.net> +Date: Sun Dec 5 17:17:26 2010 +0000 + + bgpd/security: CVE-2010-1674 Fix crash due to extended-community parser error + + * bgp_attr.c: (bgp_attr_ext_communities) Certain extended-community attrs + can leave attr->flag indicating ext-community is present, even though no + extended-community object has been attached to the attr structure. Thus a + null-pointer dereference can occur later. + (bgp_attr_community) No bug fixed here, but tidy up flow so it has same + form as previous. + + Problem and fix thanks to anonymous reporter. + +diff --git a/bgpd/bgp_attr.c b/bgpd/bgp_attr.c +index ae0dc88..c6fd3a5 100644 +--- bgpd/bgp_attr.c ++++ bgpd/bgp_attr.c +@@ -1235,13 +1235,16 @@ bgp_attr_community (struct peer *peer, bgp_size_t length, + attr->community = NULL; + return 0; + } +- else +- { +- attr->community = +- community_parse ((u_int32_t *)stream_pnt (peer->ibuf), length); +- stream_forward_getp (peer->ibuf, length); +- } ++ ++ attr->community = ++ community_parse ((u_int32_t *)stream_pnt (peer->ibuf), length); ++ ++ /* XXX: fix community_parse to use stream API and remove this */ ++ stream_forward_getp (peer->ibuf, length); + ++ if (!attr->community) ++ return -1; ++ + attr->flag |= ATTR_FLAG_BIT (BGP_ATTR_COMMUNITIES); + + return 0; +@@ -1478,13 +1481,18 @@ bgp_attr_ext_communities (struct peer *peer, bgp_size_t length, + { + if (attr->extra) + attr->extra->ecommunity = NULL; ++ /* Empty extcomm doesn't seem to be invalid per se */ ++ return 0; + } +- else +- { +- (bgp_attr_extra_get (attr))->ecommunity = +- ecommunity_parse ((u_int8_t *)stream_pnt (peer->ibuf), length); +- stream_forward_getp (peer->ibuf, length); +- } ++ ++ (bgp_attr_extra_get (attr))->ecommunity = ++ ecommunity_parse ((u_int8_t *)stream_pnt (peer->ibuf), length); ++ /* XXX: fix ecommunity_parse to use stream API */ ++ stream_forward_getp (peer->ibuf, length); ++ ++ if (!attr->extra->ecommunity) ++ return -1; ++ + attr->flag |= ATTR_FLAG_BIT (BGP_ATTR_EXT_COMMUNITIES); + + return 0; diff --git a/net/quagga/files/patch-CVE-2010-1675 b/net/quagga/files/patch-CVE-2010-1675 new file mode 100644 index 000000000000..7e55d3a60274 --- /dev/null +++ b/net/quagga/files/patch-CVE-2010-1675 @@ -0,0 +1,1296 @@ +commit 4fbe0484edc47f10852da879125c30504b4f69ad +Author: Paul Jakma <paul@quagga.net> +Date: Sun Dec 5 20:28:02 2010 +0000 + + bgpd: Remove AS Path limit/TTL functionality + + * draft-ietf-idr-as-pathlimit doesn't seem to have gone anywhere, and its + author does not think it will make progress in IDR. Remove all support + introduced for it, but leave stubs for the commands to avoid breaking + any configurations. + + Basically reverts cecab5e9725792e60a5e4b473e238a14cd85815d. + +diff --git a/bgpd/bgp_attr.c b/bgpd/bgp_attr.c +index c6fd3a5..aa6fa61 100644 +--- bgpd/bgp_attr.c ++++ bgpd/bgp_attr.c +@@ -359,11 +359,6 @@ attrhash_key_make (void *p) + key += attr->nexthop.s_addr; + key += attr->med; + key += attr->local_pref; +- if (attr->pathlimit.as) +- { +- key += attr->pathlimit.ttl; +- key += attr->pathlimit.as; +- } + + if (attr->extra) + { +@@ -415,9 +410,7 @@ attrhash_cmp (const void *p1, const void *p2) + && attr1->aspath == attr2->aspath + && attr1->community == attr2->community + && attr1->med == attr2->med +- && attr1->local_pref == attr2->local_pref +- && attr1->pathlimit.ttl == attr2->pathlimit.ttl +- && attr1->pathlimit.as == attr2->pathlimit.as) ++ && attr1->local_pref == attr2->local_pref) + { + const struct attr_extra *ae1 = attr1->extra; + const struct attr_extra *ae2 = attr2->extra; +@@ -704,43 +697,6 @@ bgp_attr_flush (struct attr *attr) + } + } + +-/* Parse AS_PATHLIMIT attribute in an UPDATE */ +-static int +-bgp_attr_aspathlimit (struct peer *peer, bgp_size_t length, +- struct attr *attr, u_char flag, u_char *startp) +-{ +- bgp_size_t total; +- +- total = length + (CHECK_FLAG (flag, BGP_ATTR_FLAG_EXTLEN) ? 4 : 3); +- +- if (!CHECK_FLAG(flag, BGP_ATTR_FLAG_TRANS) +- || !CHECK_FLAG(flag, BGP_ATTR_FLAG_OPTIONAL)) +- { +- zlog (peer->log, LOG_ERR, +- "AS-Pathlimit attribute flag isn't transitive %d", flag); +- bgp_notify_send_with_data (peer, +- BGP_NOTIFY_UPDATE_ERR, +- BGP_NOTIFY_UPDATE_ATTR_FLAG_ERR, +- startp, total); +- return -1; +- } +- +- if (length != 5) +- { +- zlog (peer->log, LOG_ERR, +- "AS-Pathlimit length, %u, is not 5", length); +- bgp_notify_send_with_data (peer, +- BGP_NOTIFY_UPDATE_ERR, +- BGP_NOTIFY_UPDATE_ATTR_FLAG_ERR, +- startp, total); +- return -1; +- } +- +- attr->pathlimit.ttl = stream_getc (BGP_INPUT(peer)); +- attr->pathlimit.as = stream_getl (BGP_INPUT(peer)); +- attr->flag |= ATTR_FLAG_BIT (BGP_ATTR_AS_PATHLIMIT); +- return 0; +-} + /* Get origin attribute of the update message. */ + static int + bgp_attr_origin (struct peer *peer, bgp_size_t length, +@@ -1717,9 +1673,6 @@ bgp_attr_parse (struct peer *peer, struct attr *attr, bgp_size_t size, + case BGP_ATTR_EXT_COMMUNITIES: + ret = bgp_attr_ext_communities (peer, length, attr, flag); + break; +- case BGP_ATTR_AS_PATHLIMIT: +- ret = bgp_attr_aspathlimit (peer, length, attr, flag, startp); +- break; + default: + ret = bgp_attr_unknown (peer, attr, flag, type, length, startp); + break; +@@ -2274,24 +2227,6 @@ bgp_packet_attribute (struct bgp *bgp, struct peer *peer, + stream_put_ipv4 (s, attr->extra->aggregator_addr.s_addr); + } + +- /* AS-Pathlimit */ +- if (attr->pathlimit.ttl) +- { +- u_int32_t as = attr->pathlimit.as; +- +- /* should already have been done in announce_check(), +- * but just in case.. +- */ +- if (!as) +- as = peer->local_as; +- +- stream_putc (s, BGP_ATTR_FLAG_OPTIONAL|BGP_ATTR_FLAG_TRANS); +- stream_putc (s, BGP_ATTR_AS_PATHLIMIT); +- stream_putc (s, 5); +- stream_putc (s, attr->pathlimit.ttl); +- stream_putl (s, as); +- } +- + /* Unknown transit attribute. */ + if (attr->extra && attr->extra->transit) + stream_put (s, attr->extra->transit->val, attr->extra->transit->length); +@@ -2503,16 +2438,6 @@ bgp_dump_routes_attr (struct stream *s, struct attr *attr, + } + #endif /* HAVE_IPV6 */ + +- /* AS-Pathlimit */ +- if (attr->flag & ATTR_FLAG_BIT (BGP_ATTR_AS_PATHLIMIT)) +- { +- stream_putc (s, BGP_ATTR_FLAG_OPTIONAL|BGP_ATTR_FLAG_TRANS); +- stream_putc (s, BGP_ATTR_AS_PATHLIMIT); +- stream_putc (s, 5); +- stream_putc (s, attr->pathlimit.ttl); +- stream_putl (s, attr->pathlimit.as); +- } +- + /* Return total size of attribute. */ + len = stream_get_endp (s) - cp - 2; + stream_putw_at (s, cp, len); +diff --git a/bgpd/bgp_attr.h b/bgpd/bgp_attr.h +index ed8753b..af9dcf5 100644 +--- bgpd/bgp_attr.h ++++ bgpd/bgp_attr.h +@@ -110,12 +110,6 @@ struct attr + u_int32_t med; + u_int32_t local_pref; + +- /* AS-Pathlimit */ +- struct { +- u_int32_t as; +- u_char ttl; +- } pathlimit; +- + /* Path origin attribute */ + u_char origin; + }; +diff --git a/bgpd/bgp_route.c b/bgpd/bgp_route.c +index 1cfc451..75a59cb 100644 +--- bgpd/bgp_route.c ++++ bgpd/bgp_route.c +@@ -910,19 +910,6 @@ bgp_announce_check (struct bgp_info *ri, struct peer *peer, struct prefix *p, + } + } + +- /* AS-Pathlimit check */ +- if (ri->attr->pathlimit.ttl && peer_sort (peer) == BGP_PEER_EBGP) +- /* Our ASN has not yet been pre-pended, that's done in packet_attribute +- * on output. Hence the test here is for >=. +- */ +- if (aspath_count_hops (ri->attr->aspath) >= ri->attr->pathlimit.ttl) +- { +- if (BGP_DEBUG (filter, FILTER)) +- zlog_info ("%s [Update:SEND] suppressed, AS-Pathlimit TTL %u exceeded", +- peer->host, ri->attr->pathlimit.ttl); +- return 0; +- } +- + /* For modify attribute, copy it to temporary structure. */ + bgp_attr_dup (attr, ri->attr); + +@@ -1027,39 +1014,6 @@ bgp_announce_check (struct bgp_info *ri, struct peer *peer, struct prefix *p, + } + #endif /* HAVE_IPV6 */ + +- /* AS-Pathlimit: Check ASN for private/confed */ +- if (attr->pathlimit.ttl) +- { +- /* locally originated update */ +- if (!attr->pathlimit.as) +- attr->pathlimit.as = peer->local_as; +- +- /* if the AS_PATHLIMIT attribute is attached to a prefix by a +- member of a confederation, then when the prefix is advertised outside +- of the confederation boundary, then the AS number of the +- confederation member inside of the AS_PATHLIMIT attribute should be +- replaced by the confederation's AS number. */ +- if (peer_sort (from) == BGP_PEER_CONFED +- && peer_sort (peer) != BGP_PEER_CONFED) +- attr->pathlimit.as = peer->local_as; +- +- /* Private ASN should be updated whenever announcement leaves +- * private space. This is deliberately done after simple confed +- * based update.. +- */ +- if (attr->pathlimit.as >= BGP_PRIVATE_AS_MIN +- && attr->pathlimit.as <= BGP_PRIVATE_AS_MAX) +- { +- if (peer->local_as < BGP_PRIVATE_AS_MIN +- || peer->local_as > BGP_PRIVATE_AS_MAX) +- attr->pathlimit.as = peer->local_as; +- /* Ours is private, try using theirs.. */ +- else if (peer->as < BGP_PRIVATE_AS_MIN +- || peer->local_as > BGP_PRIVATE_AS_MAX) +- attr->pathlimit.as = peer->as; +- } +- } +- + /* If this is EBGP peer and remove-private-AS is set. */ + if (peer_sort (peer) == BGP_PEER_EBGP + && peer_af_flag_check (peer, afi, safi, PEER_FLAG_REMOVE_PRIVATE_AS) +@@ -3239,14 +3193,6 @@ bgp_static_update_rsclient (struct peer *rsclient, struct prefix *p, + attr.med = bgp_static->igpmetric; + attr.flag |= ATTR_FLAG_BIT (BGP_ATTR_MULTI_EXIT_DISC); + +- if (bgp_static->ttl) +- { +- attr.flag |= ATTR_FLAG_BIT (BGP_ATTR_AS_PATHLIMIT); +- attr.flag |= ATTR_FLAG_BIT (BGP_ATTR_ATOMIC_AGGREGATE); +- attr.pathlimit.as = 0; +- attr.pathlimit.ttl = bgp_static->ttl; +- } +- + if (bgp_static->atomic) + attr.flag |= ATTR_FLAG_BIT (BGP_ATTR_ATOMIC_AGGREGATE); + +@@ -3395,14 +3341,6 @@ bgp_static_update_main (struct bgp *bgp, struct prefix *p, + attr.med = bgp_static->igpmetric; + attr.flag |= ATTR_FLAG_BIT (BGP_ATTR_MULTI_EXIT_DISC); + +- if (bgp_static->ttl) +- { +- attr.flag |= ATTR_FLAG_BIT (BGP_ATTR_AS_PATHLIMIT); +- attr.flag |= ATTR_FLAG_BIT (BGP_ATTR_ATOMIC_AGGREGATE); +- attr.pathlimit.as = 0; +- attr.pathlimit.ttl = bgp_static->ttl; +- } +- + if (bgp_static->atomic) + attr.flag |= ATTR_FLAG_BIT (BGP_ATTR_ATOMIC_AGGREGATE); + +@@ -3626,44 +3564,17 @@ bgp_static_withdraw_vpnv4 (struct bgp *bgp, struct prefix *p, afi_t afi, + bgp_unlock_node (rn); + } + +-static void +-bgp_pathlimit_update_parents (struct bgp *bgp, struct bgp_node *rn, +- int ttl_edge) +-{ +- struct bgp_node *parent = rn; +- struct bgp_static *sp; +- +- /* Existing static changed TTL, search parents and adjust their atomic */ +- while ((parent = parent->parent)) +- if ((sp = parent->info)) +- { +- int sp_level = (sp->atomic ? 1 : 0); +- ttl_edge ? sp->atomic++ : sp->atomic--; +- +- /* did we change state of parent whether atomic is set or not? */ +- if (sp_level != (sp->atomic ? 1 : 0)) +- { +- bgp_static_update (bgp, &parent->p, sp, +- rn->table->afi, rn->table->safi); +- } +- } +-} +- + /* Configure static BGP network. When user don't run zebra, static + route should be installed as valid. */ + static int + bgp_static_set (struct vty *vty, struct bgp *bgp, const char *ip_str, +- u_int16_t afi, u_char safi, const char *rmap, int backdoor, +- u_char ttl) ++ u_int16_t afi, u_char safi, const char *rmap, int backdoor) + { + int ret; + struct prefix p; + struct bgp_static *bgp_static; + struct bgp_node *rn; + u_char need_update = 0; +- u_char ttl_change = 0; +- u_char ttl_edge = (ttl ? 1 : 0); +- u_char new = 0; + + /* Convert IP prefix string to struct prefix. */ + ret = str2prefix (ip_str, &p); +@@ -3692,21 +3603,10 @@ bgp_static_set (struct vty *vty, struct bgp *bgp, const char *ip_str, + bgp_static = rn->info; + + /* Check previous routes are installed into BGP. */ +- if (bgp_static->valid) +- { +- if (bgp_static->backdoor != backdoor +- || bgp_static->ttl != ttl) +- need_update = 1; +- } ++ if (bgp_static->valid && bgp_static->backdoor != backdoor) ++ need_update = 1; + +- /* need to catch TTL set/unset transitions for handling of +- * ATOMIC_AGGREGATE +- */ +- if ((bgp_static->ttl ? 1 : 0) != ttl_edge) +- ttl_change = 1; +- + bgp_static->backdoor = backdoor; +- bgp_static->ttl = ttl; + + if (rmap) + { +@@ -3733,9 +3633,6 @@ bgp_static_set (struct vty *vty, struct bgp *bgp, const char *ip_str, + bgp_static->valid = 0; + bgp_static->igpmetric = 0; + bgp_static->igpnexthop.s_addr = 0; +- bgp_static->ttl = ttl; +- ttl_change = ttl_edge; +- new = 1; + + if (rmap) + { +@@ -3747,39 +3644,6 @@ bgp_static_set (struct vty *vty, struct bgp *bgp, const char *ip_str, + rn->info = bgp_static; + } + +- /* ".. sites that choose to advertise the +- * AS_PATHLIMIT path attribute SHOULD advertise the ATOMIC_AGGREGATE on +- * all less specific covering prefixes as well as the more specific +- * prefixes." +- * +- * So: +- * Prefix that has just had pathlimit set/unset: +- * - Must bump ATOMIC refcount on all parents. +- * +- * To catch less specific prefixes: +- * - Must search children for ones with TTL, bump atomic refcount +- * (we dont care if we're deleting a less specific prefix..) +- */ +- if (ttl_change) +- { +- /* Existing static changed TTL, search parents and adjust their atomic */ +- bgp_pathlimit_update_parents (bgp, rn, ttl_edge); +- } +- +- if (new) +- { +- struct bgp_node *child; +- struct bgp_static *sc; +- +- /* New static, search children and bump this statics atomic.. */ +- child = bgp_lock_node (rn); /* route_next_until unlocks it.. */ +- while ((child = bgp_route_next_until (child, rn))) +- { +- if ((sc = child->info) && sc->ttl) +- bgp_static->atomic++; +- } +- } +- + /* If BGP scan is not enabled, we should install this route here. */ + if (! bgp_flag_check (bgp, BGP_FLAG_IMPORT_CHECK)) + { +@@ -3833,9 +3697,6 @@ bgp_static_unset (struct vty *vty, struct bgp *bgp, const char *ip_str, + + bgp_static = rn->info; + +- /* decrement atomic in parents, see bgp_static_set */ +- bgp_pathlimit_update_parents (bgp, rn, 0); +- + /* Update BGP RIB. */ + if (! bgp_static->backdoor) + bgp_static_withdraw (bgp, &p, afi, safi); +@@ -4032,23 +3893,10 @@ DEFUN (bgp_network, + "Specify a network to announce via BGP\n" + "IP prefix <network>/<length>, e.g., 35.0.0.0/8\n") + { +- u_char ttl = 0; +- +- if (argc == 2) +- VTY_GET_INTEGER_RANGE ("Pathlimit TTL", ttl, argv[1], 1, 255); +- + return bgp_static_set (vty, vty->index, argv[0], +- AFI_IP, bgp_node_safi (vty), NULL, 0, ttl); ++ AFI_IP, bgp_node_safi (vty), NULL, 0); + } + +-ALIAS (bgp_network, +- bgp_network_ttl_cmd, +- "network A.B.C.D/M pathlimit <0-255>", +- "Specify a network to announce via BGP\n" +- "IP prefix <network>/<length>, e.g., 35.0.0.0/8\n" +- "AS-Path hopcount limit attribute\n" +- "AS-Pathlimit TTL, in number of AS-Path hops\n") +- + DEFUN (bgp_network_route_map, + bgp_network_route_map_cmd, + "network A.B.C.D/M route-map WORD", +@@ -4058,7 +3906,7 @@ DEFUN (bgp_network_route_map, + "Name of the route map\n") + { + return bgp_static_set (vty, vty->index, argv[0], +- AFI_IP, bgp_node_safi (vty), argv[1], 0, 0); ++ AFI_IP, bgp_node_safi (vty), argv[1], 0); + } + + DEFUN (bgp_network_backdoor, +@@ -4068,24 +3916,10 @@ DEFUN (bgp_network_backdoor, + "IP prefix <network>/<length>, e.g., 35.0.0.0/8\n" + "Specify a BGP backdoor route\n") + { +- u_char ttl = 0; +- +- if (argc == 2) +- VTY_GET_INTEGER_RANGE ("Pathlimit TTL", ttl, argv[1], 1, 255); +- + return bgp_static_set (vty, vty->index, argv[0], AFI_IP, SAFI_UNICAST, +- NULL, 1, ttl); ++ NULL, 1); + } + +-ALIAS (bgp_network_backdoor, +- bgp_network_backdoor_ttl_cmd, +- "network A.B.C.D/M backdoor pathlimit <0-255>", +- "Specify a network to announce via BGP\n" +- "IP prefix <network>/<length>, e.g., 35.0.0.0/8\n" +- "Specify a BGP backdoor route\n" +- "AS-Path hopcount limit attribute\n" +- "AS-Pathlimit TTL, in number of AS-Path hops\n") +- + DEFUN (bgp_network_mask, + bgp_network_mask_cmd, + "network A.B.C.D mask A.B.C.D", +@@ -4096,10 +3930,6 @@ DEFUN (bgp_network_mask, + { + int ret; + char prefix_str[BUFSIZ]; +- u_char ttl = 0; +- +- if (argc == 3) +- VTY_GET_INTEGER_RANGE ("Pathlimit TTL", ttl, argv[2], 1, 255); + + ret = netmask_str2prefix_str (argv[0], argv[1], prefix_str); + if (! ret) +@@ -4109,19 +3939,9 @@ DEFUN (bgp_network_mask, + } + + return bgp_static_set (vty, vty->index, prefix_str, +- AFI_IP, bgp_node_safi (vty), NULL, 0, ttl); ++ AFI_IP, bgp_node_safi (vty), NULL, 0); + } + +-ALIAS (bgp_network_mask, +- bgp_network_mask_ttl_cmd, +- "network A.B.C.D mask A.B.C.D pathlimit <0-255>", +- "Specify a network to announce via BGP\n" +- "Network number\n" +- "Network mask\n" +- "Network mask\n" +- "AS-Path hopcount limit attribute\n" +- "AS-Pathlimit TTL, in number of AS-Path hops\n") +- + DEFUN (bgp_network_mask_route_map, + bgp_network_mask_route_map_cmd, + "network A.B.C.D mask A.B.C.D route-map WORD", +@@ -4143,7 +3963,7 @@ DEFUN (bgp_network_mask_route_map, + } + + return bgp_static_set (vty, vty->index, prefix_str, +- AFI_IP, bgp_node_safi (vty), argv[2], 0, 0); ++ AFI_IP, bgp_node_safi (vty), argv[2], 0); + } + + DEFUN (bgp_network_mask_backdoor, +@@ -4157,11 +3977,7 @@ DEFUN (bgp_network_mask_backdoor, + { + int ret; + char prefix_str[BUFSIZ]; +- u_char ttl = 0; + +- if (argc == 3) +- VTY_GET_INTEGER_RANGE ("Pathlimit TTL", ttl, argv[2], 1, 255); +- + ret = netmask_str2prefix_str (argv[0], argv[1], prefix_str); + if (! ret) + { +@@ -4170,20 +3986,9 @@ DEFUN (bgp_network_mask_backdoor, + } + + return bgp_static_set (vty, vty->index, prefix_str, AFI_IP, SAFI_UNICAST, +- NULL, 1, ttl); ++ NULL, 1); + } + +-ALIAS (bgp_network_mask_backdoor, +- bgp_network_mask_backdoor_ttl_cmd, +- "network A.B.C.D mask A.B.C.D backdoor pathlimit <0-255>", +- "Specify a network to announce via BGP\n" +- "Network number\n" +- "Network mask\n" +- "Network mask\n" +- "Specify a BGP backdoor route\n" +- "AS-Path hopcount limit attribute\n" +- "AS-Pathlimit TTL, in number of AS-Path hops\n") +- + DEFUN (bgp_network_mask_natural, + bgp_network_mask_natural_cmd, + "network A.B.C.D", +@@ -4192,10 +3997,6 @@ DEFUN (bgp_network_mask_natural, + { + int ret; + char prefix_str[BUFSIZ]; +- u_char ttl = 0; +- +- if (argc == 2) +- VTY_GET_INTEGER_RANGE ("Pathlimit TTL", ttl, argv[1], 1, 255); + + ret = netmask_str2prefix_str (argv[0], NULL, prefix_str); + if (! ret) +@@ -4205,17 +4006,9 @@ DEFUN (bgp_network_mask_natural, + } + + return bgp_static_set (vty, vty->index, prefix_str, +- AFI_IP, bgp_node_safi (vty), NULL, 0, ttl); ++ AFI_IP, bgp_node_safi (vty), NULL, 0); + } + +-ALIAS (bgp_network_mask_natural, +- bgp_network_mask_natural_ttl_cmd, +- "network A.B.C.D pathlimit <0-255>", +- "Specify a network to announce via BGP\n" +- "Network number\n" +- "AS-Path hopcount limit attribute\n" +- "AS-Pathlimit TTL, in number of AS-Path hops\n") +- + DEFUN (bgp_network_mask_natural_route_map, + bgp_network_mask_natural_route_map_cmd, + "network A.B.C.D route-map WORD", +@@ -4235,7 +4028,7 @@ DEFUN (bgp_network_mask_natural_route_map, + } + + return bgp_static_set (vty, vty->index, prefix_str, +- AFI_IP, bgp_node_safi (vty), argv[1], 0, 0); ++ AFI_IP, bgp_node_safi (vty), argv[1], 0); + } + + DEFUN (bgp_network_mask_natural_backdoor, +@@ -4247,10 +4040,6 @@ DEFUN (bgp_network_mask_natural_backdoor, + { + int ret; + char prefix_str[BUFSIZ]; +- u_char ttl = 0; +- +- if (argc == 2) +- VTY_GET_INTEGER_RANGE ("Pathlimit TTL", ttl, argv[1], 1, 255); + + ret = netmask_str2prefix_str (argv[0], NULL, prefix_str); + if (! ret) +@@ -4260,18 +4049,9 @@ DEFUN (bgp_network_mask_natural_backdoor, + } + + return bgp_static_set (vty, vty->index, prefix_str, AFI_IP, SAFI_UNICAST, +- NULL, 1, ttl); ++ NULL, 1); + } + +-ALIAS (bgp_network_mask_natural_backdoor, +- bgp_network_mask_natural_backdoor_ttl_cmd, +- "network A.B.C.D backdoor pathlimit (1-255>", +- "Specify a network to announce via BGP\n" +- "Network number\n" +- "Specify a BGP backdoor route\n" +- "AS-Path hopcount limit attribute\n" +- "AS-Pathlimit TTL, in number of AS-Path hops\n") +- + DEFUN (no_bgp_network, + no_bgp_network_cmd, + "no network A.B.C.D/M", +@@ -4284,15 +4064,6 @@ DEFUN (no_bgp_network, + } + + ALIAS (no_bgp_network, +- no_bgp_network_ttl_cmd, +- "no network A.B.C.D/M pathlimit <0-255>", +- NO_STR +- "Specify a network to announce via BGP\n" +- "IP prefix <network>/<length>, e.g., 35.0.0.0/8\n" +- "AS-Path hopcount limit attribute\n" +- "AS-Pathlimit TTL, in number of AS-Path hops\n") +- +-ALIAS (no_bgp_network, + no_bgp_network_route_map_cmd, + "no network A.B.C.D/M route-map WORD", + NO_STR +@@ -4309,16 +4080,6 @@ ALIAS (no_bgp_network, + "IP prefix <network>/<length>, e.g., 35.0.0.0/8\n" + "Specify a BGP backdoor route\n") + +-ALIAS (no_bgp_network, +- no_bgp_network_backdoor_ttl_cmd, +- "no network A.B.C.D/M backdoor pathlimit <0-255>", +- NO_STR +- "Specify a network to announce via BGP\n" +- "IP prefix <network>/<length>, e.g., 35.0.0.0/8\n" +- "Specify a BGP backdoor route\n" +- "AS-Path hopcount limit attribute\n" +- "AS-Pathlimit TTL, in number of AS-Path hops\n") +- + DEFUN (no_bgp_network_mask, + no_bgp_network_mask_cmd, + "no network A.B.C.D mask A.B.C.D", +@@ -4342,17 +4103,6 @@ DEFUN (no_bgp_network_mask, + bgp_node_safi (vty)); + } + +-ALIAS (no_bgp_network, +- no_bgp_network_mask_ttl_cmd, +- "no network A.B.C.D mask A.B.C.D pathlimit <0-255>", +- NO_STR +- "Specify a network to announce via BGP\n" +- "Network number\n" +- "Network mask\n" +- "Network mask\n" +- "AS-Path hopcount limit attribute\n" +- "AS-Pathlimit TTL, in number of AS-Path hops\n") +- + ALIAS (no_bgp_network_mask, + no_bgp_network_mask_route_map_cmd, + "no network A.B.C.D mask A.B.C.D route-map WORD", +@@ -4374,18 +4124,6 @@ ALIAS (no_bgp_network_mask, + "Network mask\n" + "Specify a BGP backdoor route\n") + +-ALIAS (no_bgp_network_mask, +- no_bgp_network_mask_backdoor_ttl_cmd, +- "no network A.B.C.D mask A.B.C.D backdoor pathlimit <0-255>", +- NO_STR +- "Specify a network to announce via BGP\n" +- "Network number\n" +- "Network mask\n" +- "Network mask\n" +- "Specify a BGP backdoor route\n" +- "AS-Path hopcount limit attribute\n" +- "AS-Pathlimit TTL, in number of AS-Path hops\n") +- + DEFUN (no_bgp_network_mask_natural, + no_bgp_network_mask_natural_cmd, + "no network A.B.C.D", +@@ -4424,25 +4162,6 @@ ALIAS (no_bgp_network_mask_natural, + "Network number\n" + "Specify a BGP backdoor route\n") + +-ALIAS (no_bgp_network_mask_natural, +- no_bgp_network_mask_natural_ttl_cmd, +- "no network A.B.C.D pathlimit <0-255>", +- NO_STR +- "Specify a network to announce via BGP\n" +- "Network number\n" +- "AS-Path hopcount limit attribute\n" +- "AS-Pathlimit TTL, in number of AS-Path hops\n") +- +-ALIAS (no_bgp_network_mask_natural, +- no_bgp_network_mask_natural_backdoor_ttl_cmd, +- "no network A.B.C.D backdoor pathlimit <0-255>", +- NO_STR +- "Specify a network to announce via BGP\n" +- "Network number\n" +- "Specify a BGP backdoor route\n" +- "AS-Path hopcount limit attribute\n" +- "AS-Pathlimit TTL, in number of AS-Path hops\n") +- + #ifdef HAVE_IPV6 + DEFUN (ipv6_bgp_network, + ipv6_bgp_network_cmd, +@@ -4450,23 +4169,10 @@ DEFUN (ipv6_bgp_network, + "Specify a network to announce via BGP\n" + "IPv6 prefix <network>/<length>\n") + { +- u_char ttl = 0; +- +- if (argc == 2) +- VTY_GET_INTEGER_RANGE ("Pathlimit TTL", ttl, argv[1], 1, 255); +- + return bgp_static_set (vty, vty->index, argv[0], AFI_IP6, SAFI_UNICAST, +- NULL, 0, ttl); ++ NULL, 0); + } + +-ALIAS (ipv6_bgp_network, +- ipv6_bgp_network_ttl_cmd, +- "network X:X::X:X/M pathlimit <0-255>", +- "Specify a network to announce via BGP\n" +- "IPv6 prefix <network>/<length>\n" +- "AS-Path hopcount limit attribute\n" +- "AS-Pathlimit TTL, in number of AS-Path hops\n") +- + DEFUN (ipv6_bgp_network_route_map, + ipv6_bgp_network_route_map_cmd, + "network X:X::X:X/M route-map WORD", +@@ -4476,7 +4182,7 @@ DEFUN (ipv6_bgp_network_route_map, + "Name of the route map\n") + { + return bgp_static_set (vty, vty->index, argv[0], AFI_IP6, +- bgp_node_safi (vty), argv[1], 0, 0); ++ bgp_node_safi (vty), argv[1], 0); + } + + DEFUN (no_ipv6_bgp_network, +@@ -4498,15 +4204,6 @@ ALIAS (no_ipv6_bgp_network, + "Route-map to modify the attributes\n" + "Name of the route map\n") + +-ALIAS (no_ipv6_bgp_network, +- no_ipv6_bgp_network_ttl_cmd, +- "no network X:X::X:X/M pathlimit <0-255>", +- NO_STR +- "Specify a network to announce via BGP\n" +- "IPv6 prefix <network>/<length>\n" +- "AS-Path hopcount limit attribute\n" +- "AS-Pathlimit TTL, in number of AS-Path hops\n") +- + ALIAS (ipv6_bgp_network, + old_ipv6_bgp_network_cmd, + "ipv6 bgp network X:X::X:X/M", +@@ -4524,6 +4221,127 @@ ALIAS (no_ipv6_bgp_network, + "Specify a network to announce via BGP\n" + "IPv6 prefix <network>/<length>, e.g., 3ffe::/16\n") + #endif /* HAVE_IPV6 */ ++ ++/* stubs for removed AS-Pathlimit commands, kept for config compatibility */ ++ALIAS_DEPRECATED (bgp_network, ++ bgp_network_ttl_cmd, ++ "network A.B.C.D/M pathlimit <0-255>", ++ "Specify a network to announce via BGP\n" ++ "IP prefix <network>/<length>, e.g., 35.0.0.0/8\n" ++ "AS-Path hopcount limit attribute\n" ++ "AS-Pathlimit TTL, in number of AS-Path hops\n") ++ALIAS_DEPRECATED (bgp_network_backdoor, ++ bgp_network_backdoor_ttl_cmd, ++ "network A.B.C.D/M backdoor pathlimit <0-255>", ++ "Specify a network to announce via BGP\n" ++ "IP prefix <network>/<length>, e.g., 35.0.0.0/8\n" ++ "Specify a BGP backdoor route\n" ++ "AS-Path hopcount limit attribute\n" ++ "AS-Pathlimit TTL, in number of AS-Path hops\n") ++ALIAS_DEPRECATED (bgp_network_mask, ++ bgp_network_mask_ttl_cmd, ++ "network A.B.C.D mask A.B.C.D pathlimit <0-255>", ++ "Specify a network to announce via BGP\n" ++ "Network number\n" ++ "Network mask\n" ++ "Network mask\n" ++ "AS-Path hopcount limit attribute\n" ++ "AS-Pathlimit TTL, in number of AS-Path hops\n") ++ALIAS_DEPRECATED (bgp_network_mask_backdoor, ++ bgp_network_mask_backdoor_ttl_cmd, ++ "network A.B.C.D mask A.B.C.D backdoor pathlimit <0-255>", ++ "Specify a network to announce via BGP\n" ++ "Network number\n" ++ "Network mask\n" ++ "Network mask\n" ++ "Specify a BGP backdoor route\n" ++ "AS-Path hopcount limit attribute\n" ++ "AS-Pathlimit TTL, in number of AS-Path hops\n") ++ALIAS_DEPRECATED (bgp_network_mask_natural, ++ bgp_network_mask_natural_ttl_cmd, ++ "network A.B.C.D pathlimit <0-255>", ++ "Specify a network to announce via BGP\n" ++ "Network number\n" ++ "AS-Path hopcount limit attribute\n" ++ "AS-Pathlimit TTL, in number of AS-Path hops\n") ++ALIAS_DEPRECATED (bgp_network_mask_natural_backdoor, ++ bgp_network_mask_natural_backdoor_ttl_cmd, ++ "network A.B.C.D backdoor pathlimit (1-255>", ++ "Specify a network to announce via BGP\n" ++ "Network number\n" ++ "Specify a BGP backdoor route\n" ++ "AS-Path hopcount limit attribute\n" ++ "AS-Pathlimit TTL, in number of AS-Path hops\n") ++ALIAS_DEPRECATED (no_bgp_network, ++ no_bgp_network_ttl_cmd, ++ "no network A.B.C.D/M pathlimit <0-255>", ++ NO_STR ++ "Specify a network to announce via BGP\n" ++ "IP prefix <network>/<length>, e.g., 35.0.0.0/8\n" ++ "AS-Path hopcount limit attribute\n" ++ "AS-Pathlimit TTL, in number of AS-Path hops\n") ++ALIAS_DEPRECATED (no_bgp_network, ++ no_bgp_network_backdoor_ttl_cmd, ++ "no network A.B.C.D/M backdoor pathlimit <0-255>", ++ NO_STR ++ "Specify a network to announce via BGP\n" ++ "IP prefix <network>/<length>, e.g., 35.0.0.0/8\n" ++ "Specify a BGP backdoor route\n" ++ "AS-Path hopcount limit attribute\n" ++ "AS-Pathlimit TTL, in number of AS-Path hops\n") ++ALIAS_DEPRECATED (no_bgp_network, ++ no_bgp_network_mask_ttl_cmd, ++ "no network A.B.C.D mask A.B.C.D pathlimit <0-255>", ++ NO_STR ++ "Specify a network to announce via BGP\n" ++ "Network number\n" ++ "Network mask\n" ++ "Network mask\n" ++ "AS-Path hopcount limit attribute\n" ++ "AS-Pathlimit TTL, in number of AS-Path hops\n") ++ALIAS_DEPRECATED (no_bgp_network_mask, ++ no_bgp_network_mask_backdoor_ttl_cmd, ++ "no network A.B.C.D mask A.B.C.D backdoor pathlimit <0-255>", ++ NO_STR ++ "Specify a network to announce via BGP\n" ++ "Network number\n" ++ "Network mask\n" ++ "Network mask\n" ++ "Specify a BGP backdoor route\n" ++ "AS-Path hopcount limit attribute\n" ++ "AS-Pathlimit TTL, in number of AS-Path hops\n") ++ALIAS_DEPRECATED (no_bgp_network_mask_natural, ++ no_bgp_network_mask_natural_ttl_cmd, ++ "no network A.B.C.D pathlimit <0-255>", ++ NO_STR ++ "Specify a network to announce via BGP\n" ++ "Network number\n" ++ "AS-Path hopcount limit attribute\n" ++ "AS-Pathlimit TTL, in number of AS-Path hops\n") ++ALIAS_DEPRECATED (no_bgp_network_mask_natural, ++ no_bgp_network_mask_natural_backdoor_ttl_cmd, ++ "no network A.B.C.D backdoor pathlimit <0-255>", ++ NO_STR ++ "Specify a network to announce via BGP\n" ++ "Network number\n" ++ "Specify a BGP backdoor route\n" ++ "AS-Path hopcount limit attribute\n" ++ "AS-Pathlimit TTL, in number of AS-Path hops\n") ++ALIAS_DEPRECATED (ipv6_bgp_network, ++ ipv6_bgp_network_ttl_cmd, ++ "network X:X::X:X/M pathlimit <0-255>", ++ "Specify a network to announce via BGP\n" ++ "IPv6 prefix <network>/<length>\n" ++ "AS-Path hopcount limit attribute\n" ++ "AS-Pathlimit TTL, in number of AS-Path hops\n") ++ALIAS_DEPRECATED (no_ipv6_bgp_network, ++ no_ipv6_bgp_network_ttl_cmd, ++ "no network X:X::X:X/M pathlimit <0-255>", ++ NO_STR ++ "Specify a network to announce via BGP\n" ++ "IPv6 prefix <network>/<length>\n" ++ "AS-Path hopcount limit attribute\n" ++ "AS-Pathlimit TTL, in number of AS-Path hops\n") + + /* Aggreagete address: + +@@ -6130,17 +5948,6 @@ route_vty_out_detail (struct vty *vty, struct bgp *bgp, struct prefix *p, + vty_out (vty, "%s", VTY_NEWLINE); + } + +- /* 7: AS Pathlimit */ +- if (attr->flag & ATTR_FLAG_BIT(BGP_ATTR_AS_PATHLIMIT)) +- { +- +- vty_out (vty, " AS-Pathlimit: %u", +- attr->pathlimit.ttl); +- if (attr->pathlimit.as) +- vty_out (vty, " (%u)", attr->pathlimit.as); +- vty_out (vty, "%s", VTY_NEWLINE); +- } +- + if (binfo->extra && binfo->extra->damp_info) + bgp_damp_info_vty (vty, binfo); + +@@ -11548,8 +11355,6 @@ bgp_config_write_network (struct vty *vty, struct bgp *bgp, + { + if (bgp_static->backdoor) + vty_out (vty, " backdoor"); +- if (bgp_static->ttl) +- vty_out (vty, " pathlimit %u", bgp_static->ttl); + } + + vty_out (vty, "%s", VTY_NEWLINE); +@@ -11638,12 +11443,6 @@ bgp_route_init (void) + install_element (BGP_NODE, &bgp_network_backdoor_cmd); + install_element (BGP_NODE, &bgp_network_mask_backdoor_cmd); + install_element (BGP_NODE, &bgp_network_mask_natural_backdoor_cmd); +- install_element (BGP_NODE, &bgp_network_ttl_cmd); +- install_element (BGP_NODE, &bgp_network_mask_ttl_cmd); +- install_element (BGP_NODE, &bgp_network_mask_natural_ttl_cmd); +- install_element (BGP_NODE, &bgp_network_backdoor_ttl_cmd); +- install_element (BGP_NODE, &bgp_network_mask_backdoor_ttl_cmd); +- install_element (BGP_NODE, &bgp_network_mask_natural_backdoor_ttl_cmd); + install_element (BGP_NODE, &no_bgp_network_cmd); + install_element (BGP_NODE, &no_bgp_network_mask_cmd); + install_element (BGP_NODE, &no_bgp_network_mask_natural_cmd); +@@ -11653,12 +11452,6 @@ bgp_route_init (void) + install_element (BGP_NODE, &no_bgp_network_backdoor_cmd); + install_element (BGP_NODE, &no_bgp_network_mask_backdoor_cmd); + install_element (BGP_NODE, &no_bgp_network_mask_natural_backdoor_cmd); +- install_element (BGP_NODE, &no_bgp_network_ttl_cmd); +- install_element (BGP_NODE, &no_bgp_network_mask_ttl_cmd); +- install_element (BGP_NODE, &no_bgp_network_mask_natural_ttl_cmd); +- install_element (BGP_NODE, &no_bgp_network_backdoor_ttl_cmd); +- install_element (BGP_NODE, &no_bgp_network_mask_backdoor_ttl_cmd); +- install_element (BGP_NODE, &no_bgp_network_mask_natural_backdoor_ttl_cmd); + + install_element (BGP_NODE, &aggregate_address_cmd); + install_element (BGP_NODE, &aggregate_address_mask_cmd); +@@ -11688,23 +11481,13 @@ bgp_route_init (void) + install_element (BGP_IPV4_NODE, &bgp_network_route_map_cmd); + install_element (BGP_IPV4_NODE, &bgp_network_mask_route_map_cmd); + install_element (BGP_IPV4_NODE, &bgp_network_mask_natural_route_map_cmd); +- install_element (BGP_IPV4_NODE, &bgp_network_ttl_cmd); +- install_element (BGP_IPV4_NODE, &bgp_network_mask_ttl_cmd); +- install_element (BGP_IPV4_NODE, &bgp_network_mask_natural_ttl_cmd); +- install_element (BGP_IPV4_NODE, &bgp_network_backdoor_ttl_cmd); +- install_element (BGP_IPV4_NODE, &bgp_network_mask_backdoor_ttl_cmd); +- install_element (BGP_IPV4_NODE, &bgp_network_mask_natural_backdoor_ttl_cmd); install_element (BGP_IPV4_NODE, &no_bgp_network_cmd); ++ install_element (BGP_IPV4_NODE, &no_bgp_network_cmd); + install_element (BGP_IPV4_NODE, &no_bgp_network_mask_cmd); + install_element (BGP_IPV4_NODE, &no_bgp_network_mask_natural_cmd); + install_element (BGP_IPV4_NODE, &no_bgp_network_route_map_cmd); + install_element (BGP_IPV4_NODE, &no_bgp_network_mask_route_map_cmd); + install_element (BGP_IPV4_NODE, &no_bgp_network_mask_natural_route_map_cmd); +- install_element (BGP_IPV4_NODE, &no_bgp_network_ttl_cmd); +- install_element (BGP_IPV4_NODE, &no_bgp_network_mask_ttl_cmd); +- install_element (BGP_IPV4_NODE, &no_bgp_network_mask_natural_ttl_cmd); +- install_element (BGP_IPV4_NODE, &no_bgp_network_backdoor_ttl_cmd); +- install_element (BGP_IPV4_NODE, &no_bgp_network_mask_backdoor_ttl_cmd); +- install_element (BGP_IPV4_NODE, &no_bgp_network_mask_natural_backdoor_ttl_cmd); install_element (BGP_IPV4_NODE, &no_bgp_network_cmd); ++ + install_element (BGP_IPV4_NODE, &aggregate_address_cmd); + install_element (BGP_IPV4_NODE, &aggregate_address_mask_cmd); + install_element (BGP_IPV4_NODE, &aggregate_address_summary_only_cmd); +@@ -11733,24 +11516,12 @@ bgp_route_init (void) + install_element (BGP_IPV4M_NODE, &bgp_network_route_map_cmd); + install_element (BGP_IPV4M_NODE, &bgp_network_mask_route_map_cmd); + install_element (BGP_IPV4M_NODE, &bgp_network_mask_natural_route_map_cmd); +- install_element (BGP_IPV4M_NODE, &bgp_network_ttl_cmd); +- install_element (BGP_IPV4M_NODE, &bgp_network_mask_ttl_cmd); +- install_element (BGP_IPV4M_NODE, &bgp_network_mask_natural_ttl_cmd); +- install_element (BGP_IPV4M_NODE, &bgp_network_backdoor_ttl_cmd); +- install_element (BGP_IPV4M_NODE, &bgp_network_mask_backdoor_ttl_cmd); +- install_element (BGP_IPV4M_NODE, &bgp_network_mask_natural_backdoor_ttl_cmd); install_element (BGP_IPV4_NODE, &no_bgp_network_cmd); + install_element (BGP_IPV4M_NODE, &no_bgp_network_cmd); + install_element (BGP_IPV4M_NODE, &no_bgp_network_mask_cmd); + install_element (BGP_IPV4M_NODE, &no_bgp_network_mask_natural_cmd); + install_element (BGP_IPV4M_NODE, &no_bgp_network_route_map_cmd); + install_element (BGP_IPV4M_NODE, &no_bgp_network_mask_route_map_cmd); + install_element (BGP_IPV4M_NODE, &no_bgp_network_mask_natural_route_map_cmd); +- install_element (BGP_IPV4M_NODE, &no_bgp_network_ttl_cmd); +- install_element (BGP_IPV4M_NODE, &no_bgp_network_mask_ttl_cmd); +- install_element (BGP_IPV4M_NODE, &no_bgp_network_mask_natural_ttl_cmd); +- install_element (BGP_IPV4M_NODE, &no_bgp_network_backdoor_ttl_cmd); +- install_element (BGP_IPV4M_NODE, &no_bgp_network_mask_backdoor_ttl_cmd); +- install_element (BGP_IPV4M_NODE, &no_bgp_network_mask_natural_backdoor_ttl_cmd); install_element (BGP_IPV4_NODE, &no_bgp_network_cmd); + install_element (BGP_IPV4M_NODE, &aggregate_address_cmd); + install_element (BGP_IPV4M_NODE, &aggregate_address_mask_cmd); + install_element (BGP_IPV4M_NODE, &aggregate_address_summary_only_cmd); +@@ -11971,10 +11742,8 @@ bgp_route_init (void) + /* New config IPv6 BGP commands. */ + install_element (BGP_IPV6_NODE, &ipv6_bgp_network_cmd); + install_element (BGP_IPV6_NODE, &ipv6_bgp_network_route_map_cmd); +- install_element (BGP_IPV6_NODE, &ipv6_bgp_network_ttl_cmd); + install_element (BGP_IPV6_NODE, &no_ipv6_bgp_network_cmd); + install_element (BGP_IPV6_NODE, &no_ipv6_bgp_network_route_map_cmd); +- install_element (BGP_IPV6_NODE, &no_ipv6_bgp_network_ttl_cmd); + + install_element (BGP_IPV6_NODE, &ipv6_aggregate_address_cmd); + install_element (BGP_IPV6_NODE, &ipv6_aggregate_address_summary_only_cmd); +@@ -12293,6 +12062,52 @@ bgp_route_init (void) + install_element (BGP_IPV4_NODE, &bgp_damp_set3_cmd); + install_element (BGP_IPV4_NODE, &bgp_damp_unset_cmd); + install_element (BGP_IPV4_NODE, &bgp_damp_unset2_cmd); ++ ++ /* Deprecated AS-Pathlimit commands */ ++ install_element (BGP_NODE, &bgp_network_ttl_cmd); ++ install_element (BGP_NODE, &bgp_network_mask_ttl_cmd); ++ install_element (BGP_NODE, &bgp_network_mask_natural_ttl_cmd); ++ install_element (BGP_NODE, &bgp_network_backdoor_ttl_cmd); ++ install_element (BGP_NODE, &bgp_network_mask_backdoor_ttl_cmd); ++ install_element (BGP_NODE, &bgp_network_mask_natural_backdoor_ttl_cmd); ++ ++ install_element (BGP_NODE, &no_bgp_network_ttl_cmd); ++ install_element (BGP_NODE, &no_bgp_network_mask_ttl_cmd); ++ install_element (BGP_NODE, &no_bgp_network_mask_natural_ttl_cmd); ++ install_element (BGP_NODE, &no_bgp_network_backdoor_ttl_cmd); ++ install_element (BGP_NODE, &no_bgp_network_mask_backdoor_ttl_cmd); ++ install_element (BGP_NODE, &no_bgp_network_mask_natural_backdoor_ttl_cmd); ++ ++ install_element (BGP_IPV4_NODE, &bgp_network_ttl_cmd); ++ install_element (BGP_IPV4_NODE, &bgp_network_mask_ttl_cmd); ++ install_element (BGP_IPV4_NODE, &bgp_network_mask_natural_ttl_cmd); ++ install_element (BGP_IPV4_NODE, &bgp_network_backdoor_ttl_cmd); ++ install_element (BGP_IPV4_NODE, &bgp_network_mask_backdoor_ttl_cmd); ++ install_element (BGP_IPV4_NODE, &bgp_network_mask_natural_backdoor_ttl_cmd); ++ ++ install_element (BGP_IPV4_NODE, &no_bgp_network_ttl_cmd); ++ install_element (BGP_IPV4_NODE, &no_bgp_network_mask_ttl_cmd); ++ install_element (BGP_IPV4_NODE, &no_bgp_network_mask_natural_ttl_cmd); ++ install_element (BGP_IPV4_NODE, &no_bgp_network_backdoor_ttl_cmd); ++ install_element (BGP_IPV4_NODE, &no_bgp_network_mask_backdoor_ttl_cmd); ++ install_element (BGP_IPV4_NODE, &no_bgp_network_mask_natural_backdoor_ttl_cmd); ++ ++ install_element (BGP_IPV4M_NODE, &bgp_network_ttl_cmd); ++ install_element (BGP_IPV4M_NODE, &bgp_network_mask_ttl_cmd); ++ install_element (BGP_IPV4M_NODE, &bgp_network_mask_natural_ttl_cmd); ++ install_element (BGP_IPV4M_NODE, &bgp_network_backdoor_ttl_cmd); ++ install_element (BGP_IPV4M_NODE, &bgp_network_mask_backdoor_ttl_cmd); ++ install_element (BGP_IPV4M_NODE, &bgp_network_mask_natural_backdoor_ttl_cmd); ++ ++ install_element (BGP_IPV4M_NODE, &no_bgp_network_ttl_cmd); ++ install_element (BGP_IPV4M_NODE, &no_bgp_network_mask_ttl_cmd); ++ install_element (BGP_IPV4M_NODE, &no_bgp_network_mask_natural_ttl_cmd); ++ install_element (BGP_IPV4M_NODE, &no_bgp_network_backdoor_ttl_cmd); ++ install_element (BGP_IPV4M_NODE, &no_bgp_network_mask_backdoor_ttl_cmd); ++ install_element (BGP_IPV4M_NODE, &no_bgp_network_mask_natural_backdoor_ttl_cmd); ++ ++ install_element (BGP_IPV6_NODE, &ipv6_bgp_network_ttl_cmd); ++ install_element (BGP_IPV6_NODE, &no_ipv6_bgp_network_ttl_cmd); + } + + void +diff --git a/bgpd/bgp_route.h b/bgpd/bgp_route.h +index 5eed348..3e52859 100644 +--- bgpd/bgp_route.h ++++ bgpd/bgp_route.h +@@ -116,9 +116,6 @@ struct bgp_static + + /* MPLS label. */ + u_char tag[3]; +- +- /* AS-Pathlimit TTL */ +- u_char ttl; + }; + + /* Flags which indicate a route is unuseable in some form */ +diff --git a/bgpd/bgp_routemap.c b/bgpd/bgp_routemap.c +index aa7dbce..81ff48d 100644 +--- bgpd/bgp_routemap.c ++++ bgpd/bgp_routemap.c +@@ -92,107 +92,15 @@ o Cisco route-map + origin : Done + tag : (This will not be implemented by bgpd) + weight : Done +- pathlimit : Done + + o Local extention + + set ipv6 next-hop global: Done + set ipv6 next-hop local : Done +- set pathlimit ttl : Done + set as-path exclude : Done +- match pathlimit as : Done + + */ + +-/* Compiles either AS or TTL argument. It is amused the VTY code +- * has already range-checked the values to be suitable as TTL or ASN +- */ +-static void * +-route_pathlimit_compile (const char *arg) +-{ +- unsigned long tmp; +- u_int32_t *val; +- char *endptr = NULL; +- +- /* TTL or AS value shoud be integer. */ +- if (! all_digit (arg)) +- return NULL; +- +- tmp = strtoul (arg, &endptr, 10); +- if (*endptr != '\0' || tmp == ULONG_MAX || tmp > UINT32_MAX) +- return NULL; +- +- if (!(val = XMALLOC (MTYPE_ROUTE_MAP_COMPILED, sizeof (u_int32_t)))) +- return NULL; +- +- *val = tmp; +- +- return val; +-} +- +-static void +-route_pathlimit_free (void *rule) +-{ +- XFREE (MTYPE_ROUTE_MAP_COMPILED, rule); +-} +- +-static route_map_result_t +-route_match_pathlimit_as (void *rule, struct prefix *prefix, route_map_object_t type, +- void *object) +-{ +- struct bgp_info *info = object; +- struct attr *attr = info->attr; +- uint32_t as = *(uint32_t *)rule; +- +- if (type != RMAP_BGP) +- return RMAP_NOMATCH; +- +- if (!attr->pathlimit.as) +- return RMAP_NOMATCH; +- +- if (as == attr->pathlimit.as) +- return RMAP_MATCH; +- +- return RMAP_NOMATCH; +-} +- +-/* 'match pathlimit as' */ +-struct route_map_rule_cmd route_match_pathlimit_as_cmd = +-{ +- "pathlimit as", +- route_match_pathlimit_as, +- route_pathlimit_compile, +- route_pathlimit_free +-}; +- +-/* Set pathlimit TTL. */ +-static route_map_result_t +-route_set_pathlimit_ttl (void *rule, struct prefix *prefix, +- route_map_object_t type, void *object) +-{ +- struct bgp_info *info = object; +- struct attr *attr = info->attr; +- u_char ttl = *(uint32_t *)rule; +- +- if (type == RMAP_BGP) +- { +- attr->flag |= ATTR_FLAG_BIT (BGP_ATTR_AS_PATHLIMIT); +- attr->pathlimit.ttl = ttl; +- attr->pathlimit.as = 0; +- } +- +- return RMAP_OKAY; +-} +- +-/* Set local preference rule structure. */ +-struct route_map_rule_cmd route_set_pathlimit_ttl_cmd = +-{ +- "pathlimit ttl", +- route_set_pathlimit_ttl, +- route_pathlimit_compile, +- route_pathlimit_free, +-}; +- + /* 'match peer (A.B.C.D|X:X::X:X)' */ + + /* Compares the peer specified in the 'match peer' clause with the peer +@@ -3743,17 +3651,17 @@ ALIAS (no_set_originator_id, + "BGP originator ID attribute\n" + "IP address of originator\n") + +-DEFUN (set_pathlimit_ttl, ++DEFUN_DEPRECATED (set_pathlimit_ttl, + set_pathlimit_ttl_cmd, + "set pathlimit ttl <1-255>", + SET_STR + "BGP AS-Pathlimit attribute\n" + "Set AS-Path Hop-count TTL\n") + { +- return bgp_route_set_add (vty, vty->index, "pathlimit ttl", argv[0]); ++ return CMD_SUCCESS; + } + +-DEFUN (no_set_pathlimit_ttl, ++DEFUN_DEPRECATED (no_set_pathlimit_ttl, + no_set_pathlimit_ttl_cmd, + "no set pathlimit ttl", + NO_STR +@@ -3761,10 +3669,7 @@ DEFUN (no_set_pathlimit_ttl, + "BGP AS-Pathlimit attribute\n" + "Set AS-Path Hop-count TTL\n") + { +- if (argc == 0) +- return bgp_route_set_delete (vty, vty->index, "pathlimit ttl", NULL); +- +- return bgp_route_set_delete (vty, vty->index, "pathlimit ttl", argv[0]); ++ return CMD_SUCCESS; + } + + ALIAS (no_set_pathlimit_ttl, +@@ -3775,17 +3680,17 @@ ALIAS (no_set_pathlimit_ttl, + "BGP AS-Pathlimit attribute\n" + "Set AS-Path Hop-count TTL\n") + +-DEFUN (match_pathlimit_as, ++DEFUN_DEPRECATED (match_pathlimit_as, + match_pathlimit_as_cmd, + "match pathlimit as <1-65535>", + MATCH_STR + "BGP AS-Pathlimit attribute\n" + "Match Pathlimit AS number\n") + { +- return bgp_route_match_add (vty, vty->index, "pathlimit as", argv[0]); ++ return CMD_SUCCESS; + } + +-DEFUN (no_match_pathlimit_as, ++DEFUN_DEPRECATED (no_match_pathlimit_as, + no_match_pathlimit_as_cmd, + "no match pathlimit as", + NO_STR +@@ -3793,10 +3698,7 @@ DEFUN (no_match_pathlimit_as, + "BGP AS-Pathlimit attribute\n" + "Match Pathlimit AS number\n") + { +- if (argc == 0) +- return bgp_route_match_delete (vty, vty->index, "pathlimit as", NULL); +- +- return bgp_route_match_delete (vty, vty->index, "pathlimit as", argv[0]); ++ return CMD_SUCCESS; + } + + ALIAS (no_match_pathlimit_as, +@@ -3959,10 +3861,9 @@ bgp_route_map_init (void) + install_element (RMAP_NODE, &no_set_ipv6_nexthop_local_val_cmd); + #endif /* HAVE_IPV6 */ + +- /* AS-Pathlimit */ +- route_map_install_match (&route_match_pathlimit_as_cmd); +- route_map_install_set (&route_set_pathlimit_ttl_cmd); +- ++ /* AS-Pathlimit: functionality removed, commands kept for ++ * compatibility. ++ */ + install_element (RMAP_NODE, &set_pathlimit_ttl_cmd); + install_element (RMAP_NODE, &no_set_pathlimit_ttl_cmd); + install_element (RMAP_NODE, &no_set_pathlimit_ttl_val_cmd); +diff --git a/doc/bgpd.texi b/doc/bgpd.texi +index 40156b7..e746330 100644 +--- doc/bgpd.texi ++++ doc/bgpd.texi +@@ -149,29 +149,6 @@ routes if they aren't present in their IGP routing tables; @code{bgpd} + doesn't care about IGP routes when announcing its routes. + @end deffn + +-@deffn {BGP} {network @var{A.B.C.D/M} pathlimit <0-255>} {} +-This command configures a route to be originated into BGP, just as with the +-previous command, but additionally sets an AS-Pathlimit TTL to be advertised +-on the route. See draft-ietf-idr-as-pathlimit. +- +-Specifying a TTL of 0 can be used to remove pathlimit from a previously +-configured network statement. +- +-Note that when advertising prefixes with AS-Pathlimit set, all less-specific +-prefixes advertised SHOULD also have the Atomic-Aggregate attribute set. +-Failure to do so increases the risks of accidental routing loops occuring. +- +-This implementation will try to automatically set Atomic-Aggregate as +-appropriate on any less-specific prefixes originated by the same speaker, +-however it will not (and often can not) do so where @b{other} speakers in +-the AS are originating more specifics. +- +-Hence the system administrator must take care to ensure that all +-less-specific prefixes originated carry atomic-aggregate as appropriate, by +-manually configuring speakers originating less-specifics to set +-Atomic-Aggregate on those advertisements! +-@end deffn +- + @deffn {BGP} {no network @var{A.B.C.D/M}} {} + @end deffn + +diff --git a/doc/routemap.texi b/doc/routemap.texi +index 9ac001c..db3e72d 100644 +--- doc/routemap.texi ++++ doc/routemap.texi +@@ -155,10 +155,6 @@ Matches the specified @var{metric}. + Matches the specified @var{community_list} + @end deffn + +-@deffn {Route-map Command} {match pathlimit as @var{ASN}} {} +-Matches the specified AS-Pathlimit @var{ASN}. +-@end deffn +- + @node Route Map Set Command + @section Route Map Set Command + +@@ -194,16 +190,6 @@ Set the BGP-4+ global IPv6 nexthop address. + Set the BGP-4+ link local IPv6 nexthop address. + @end deffn + +-@deffn {Route-map Command} {set pathlimit ttl @var{ttl}} {} +-Sets the specified AS-Pathlimit @var{ttl} on the route. This will also cause +-the AS to be set to the local AS. +- +-Note that the AS-Pathlimit RFC specifies that speakers advertising this +-attribute should set Atomic-aggregate on all less specific routes. Setting +-AS-Pathlimit by route-map does not do this, the user must do so themselves, +-as they wish. +-@end deffn +- + @node Route Map Call Command + @section Route Map Call Command + |