Merge pull request #9397 from tkms1122/master

bgpd: minimum-holdtime knob to prevent session establishment with BGP peer with low holdtime.

4 files changed, 56 insertions, 0 deletions

diff --git a/bgpd/bgp_packet.c b/bgpd/bgp_packet.c
index 3c01c3b48..783115baa 100644
--- a/bgpd/bgp_packet.c
+++ b/bgpd/bgp_packet.c
@@ -1353,6 +1353,16 @@ static int bgp_open_receive(struct peer *peer, bgp_size_t size)
 		return BGP_Stop;
 	}
 
+	/* Send notification message when Hold Time received in the OPEN message
+	 * is smaller than configured minimum Hold Time. */
+	if (holdtime < peer->bgp->default_min_holdtime
+	    && peer->bgp->default_min_holdtime != 0) {
+		bgp_notify_send_with_data(peer, BGP_NOTIFY_OPEN_ERR,
+					  BGP_NOTIFY_OPEN_UNACEP_HOLDTIME,
+					  (uint8_t *)holdtime_ptr, 2);
+		return BGP_Stop;
+	}
+
 	/* From the rfc: A reasonable maximum time between KEEPALIVE messages
 	   would be one third of the Hold Time interval.  KEEPALIVE messages
 	   MUST NOT be sent more frequently than one per second.  An
diff --git a/bgpd/bgp_vty.c b/bgpd/bgp_vty.c
index 5a782bc2e..dcf0fe846 100644
--- a/bgpd/bgp_vty.c
+++ b/bgpd/bgp_vty.c
@@ -2332,6 +2332,38 @@ DEFUN (no_bgp_timers,
 	return CMD_SUCCESS;
 }
 
+/* BGP minimum holdtime.  */
+
+DEFUN(bgp_minimum_holdtime, bgp_minimum_holdtime_cmd,
+      "bgp minimum-holdtime (1-65535)",
+      "BGP specific commands\n"
+      "BGP minimum holdtime\n"
+      "Seconds\n")
+{
+	VTY_DECLVAR_CONTEXT(bgp, bgp);
+	int idx_number = 2;
+	unsigned long min_holdtime;
+
+	min_holdtime = strtoul(argv[idx_number]->arg, NULL, 10);
+
+	bgp->default_min_holdtime = min_holdtime;
+
+	return CMD_SUCCESS;
+}
+
+DEFUN(no_bgp_minimum_holdtime, no_bgp_minimum_holdtime_cmd,
+      "no bgp minimum-holdtime [(1-65535)]",
+      NO_STR
+      "BGP specific commands\n"
+      "BGP minimum holdtime\n"
+      "Seconds\n")
+{
+	VTY_DECLVAR_CONTEXT(bgp, bgp);
+
+	bgp->default_min_holdtime = 0;
+
+	return CMD_SUCCESS;
+}
 
 DEFUN (bgp_client_to_client_reflection,
        bgp_client_to_client_reflection_cmd,
@@ -17125,6 +17157,12 @@ int bgp_config_write(struct vty *vty)
 			vty_out(vty, " timers bgp %u %u\n",
 				bgp->default_keepalive, bgp->default_holdtime);
 
+		/* BGP minimum holdtime configuration. */
+		if (bgp->default_min_holdtime != SAVE_BGP_HOLDTIME
+		    && bgp->default_min_holdtime != 0)
+			vty_out(vty, " bgp minimum-holdtime %u\n",
+				bgp->default_min_holdtime);
+
 		/* Conditional advertisement timer configuration */
 		if (bgp->condition_check_period
 		    != DEFAULT_CONDITIONAL_ROUTES_POLL_TIME)
@@ -17521,6 +17559,10 @@ void bgp_vty_init(void)
 	install_element(BGP_NODE, &bgp_timers_cmd);
 	install_element(BGP_NODE, &no_bgp_timers_cmd);
 
+	/* "minimum-holdtime" commands. */
+	install_element(BGP_NODE, &bgp_minimum_holdtime_cmd);
+	install_element(BGP_NODE, &no_bgp_minimum_holdtime_cmd);
+
 	/* route-map delay-timer commands - per instance for backwards compat.
 	 */
 	install_element(BGP_NODE, &bgp_set_route_map_delay_timer_cmd);
diff --git a/bgpd/bgpd.c b/bgpd/bgpd.c
index 591fc1214..3d10771bc 100644
--- a/bgpd/bgpd.c
+++ b/bgpd/bgpd.c
@@ -3154,6 +3154,7 @@ static struct bgp *bgp_create(as_t *as, const char *name,
 	bgp->default_subgroup_pkt_queue_max =
 		BGP_DEFAULT_SUBGROUP_PKT_QUEUE_MAX;
 	bgp_timers_unset(bgp);
+	bgp->default_min_holdtime = 0;
 	bgp->restart_time = BGP_DEFAULT_RESTART_TIME;
 	bgp->stalepath_time = BGP_DEFAULT_STALEPATH_TIME;
 	bgp->select_defer_time = BGP_DEFAULT_SELECT_DEFERRAL_TIME;
diff --git a/bgpd/bgpd.h b/bgpd/bgpd.h
index d39743a15..62782f604 100644
--- a/bgpd/bgpd.h
+++ b/bgpd/bgpd.h
@@ -602,6 +602,9 @@ struct bgp {
 	uint32_t default_connect_retry;
 	uint32_t default_delayopen;
 
+	/* BGP minimum holdtime.  */
+	uint16_t default_min_holdtime;
+
 	/* BGP graceful restart */
 	uint32_t restart_time;
 	uint32_t stalepath_time;