bgpd: "neigbor <interface> ttl-security hops" should reject a hops value greater...

      "neighbor <interface> disable-connected-check" should not be allowed by the parser

Made changes to not allow hops greater than 1 and disable-connected check for neighbor <interface>

Ticket: CM-5536 CM-5537
Reviewed By: CCR-4865
Testing Done: Manual

diff --git a/bgpd/bgp_vty.c b/bgpd/bgp_vty.c
index bef95981a0105f09819755773c3d851ca3d490ec..f1c30c23f0a57ec9af56e20d224d771a8ce92b6f 100644 (file)
--- a/bgpd/bgp_vty.c
+++ b/bgpd/bgp_vty.c
@@ -3404,6 +3404,16 @@ peer_flag_modify_vty (struct vty *vty, const char *ip_str,
   if (! peer)
     return CMD_WARNING;
 
+  /*
+   * If 'neighbor <interface>', then this is for directly connected peers,
+   * we should not accept disable-connected-check.
+   */
+  if (peer->conf_if && (flag == PEER_FLAG_DISABLE_CONNECTED_CHECK)) {
+    vty_out (vty, "%s is directly connected peer, cannot accept disable-"
+                  "connected-check%s", ip_str, VTY_NEWLINE);
+    return CMD_WARNING;
+  }
+
   if (set)
     ret = peer_flag_set (peer, flag);
   else
@@ -5754,6 +5764,16 @@ DEFUN (neighbor_ttl_security,
     
   VTY_GET_INTEGER_RANGE ("", gtsm_hops, argv[1], 1, 254);
 
+  /*
+   * If 'neighbor swpX', then this is for directly connected peers,
+   * we should not accept a ttl-security hops value greater than 1.
+   */
+  if (peer->conf_if && (gtsm_hops > 1)) {
+    vty_out (vty, "%s is directly connected peer, hops cannot exceed 1%s",
+                  argv[0], VTY_NEWLINE);
+    return CMD_WARNING;
+  }
+
   return bgp_vty_return (vty, peer_ttl_security_hops_set (peer, gtsm_hops));
 }