[quagga-dev 11574] Re: [quagga-users 13801] Filtering prefixes in ripngd

John Fraizer john at op-sec.us
Fri Oct 10 21:08:27 BST 2014


David Dahlberg noted that the distribute-list commands were missing from
VTYSH under the RIP and RIPNG nodes.

This afternoon, I took a few minutes and wrote a patch to add
distribute-list and distribute-list prefix commands to VTYSH for both RIP
and RIPNG nodes.


I'm now able to do the following from within VTYSH:

Devel.NextGen.RO2#
Devel.NextGen.RO2# conf t
Devel.NextGen.RO2(config)# router rip
Devel.NextGen.RO2(config-router)# distribute-list TEST in
Devel.NextGen.RO2(config-router)# distribute-list TEST out
Devel.NextGen.RO2(config-router)# distribute-list prefix TEST2 in
Devel.NextGen.RO2(config-router)# distribute-list prefix TEST2 out
Devel.NextGen.RO2(config-router)# router ripng
Devel.NextGen.RO2(config-router)# distribute-list TEST3 in
Devel.NextGen.RO2(config-router)# distribute-list TEST3 out
Devel.NextGen.RO2(config-router)# distribute-list prefix TEST4 in
Devel.NextGen.RO2(config-router)# distribute-list prefix TEST4 out
Devel.NextGen.RO2(config-router)# ^Z
Devel.NextGen.RO2# sh running-config
Building configuration...

Current configuration:
!
<snip>
!
router rip
 distribute-list TEST in
 distribute-list TEST out
 distribute-list prefix TEST2 in
 distribute-list prefix TEST2 out
!
router ripng
 distribute-list TEST3 in
 distribute-list TEST3 out
 distribute-list prefix TEST4 in
 distribute-list prefix TEST4 out
!
<snip>
!
end
Devel.NextGen.RO2#
Devel.NextGen.RO2# conf t
Devel.NextGen.RO2(config)# router rip
Devel.NextGen.RO2(config-router)# no distribute-list TEST in
Devel.NextGen.RO2(config-router)# no distribute-list TEST out
Devel.NextGen.RO2(config-router)# no distribute-list prefix TEST2 in
Devel.NextGen.RO2(config-router)# no distribute-list prefix TEST2 out
Devel.NextGen.RO2(config-router)# router ripng
Devel.NextGen.RO2(config-router)# no distribute-list TEST3 in
Devel.NextGen.RO2(config-router)# no distribute-list TEST3 out
Devel.NextGen.RO2(config-router)# no distribute-list prefix TEST4 in
Devel.NextGen.RO2(config-router)# no distribute-list prefix TEST4 out
Devel.NextGen.RO2(config-router)# ^Z
Devel.NextGen.RO2# sh running-config
Building configuration...

Current configuration:
!
<snip>
!
router rip
!
router ripng
!




This patch applies cleanly against quagga-0.99.23.1:

---BEGIN PATCH---

*** quagga-0.99.23.1/vtysh/vtysh_cmd.c.orig     Tue Oct  10 16:00:38 2014
--- quagga-0.99.23.1/vtysh/vtysh_cmd.c  Tue Oct  10 16:00:53 2014
***************
*** 1,9 ****
--- 1,73 ----
  #include <zebra.h>
  #include "command.h"
  #include "vtysh.h"

+ /* Begin Add distribute-list and distribute-list prefix commands to RIPD
and RIPNGD */
+ /* John Fraizer <john at op-sec.us> */
+ DEFSH (VTYSH_RIPD, ripd_distribute_list_all_cmd_vtysh,
+       "distribute-list WORD (in|out)",
+       "Filter networks in routing updates\n"
+       "Access-list name\n"
+       "Filter incoming routing updates\n"
+       "Filter outgoing routing updates\n")
+
+ DEFSH (VTYSH_RIPD, ripd_no_distribute_list_all_cmd_vtysh,
+       "no distribute-list WORD (in|out)",
+       NO_STR
+       "Filter networks in routing updates\n"
+       "Access-list name\n"
+       "Filter incoming routing updates\n"
+       "Filter outgoing routing updates\n")
+
+ DEFSH (VTYSH_RIPD, ripd_distribute_list_prefix_all_cmd_vtysh,
+       "distribute-list prefix WORD (in|out)",
+       "Filter prefixes in routing updates\n"
+       "Name of an IP prefix-list\n"
+       "Filter incoming routing updates\n"
+       "Filter outgoing routing updates\n")
+
+ DEFSH (VTYSH_RIPD, ripd_no_distribute_list_prefix_all_cmd_vtysh,
+       "no distribute-list prefix WORD (in|out)",
+       NO_STR
+       "Filter prefixes in routing updates\n"
+       "Name of an IP prefix-list\n"
+       "Filter incoming routing updates\n"
+       "Filter outgoing routing updates\n")
+
+ DEFSH (VTYSH_RIPNGD, ripngd_distribute_list_all_cmd_vtysh,
+       "distribute-list WORD (in|out)",
+       "Filter networks in routing updates\n"
+       "Access-list name\n"
+       "Filter incoming routing updates\n"
+       "Filter outgoing routing updates\n")
+
+ DEFSH (VTYSH_RIPNGD, ripngd_no_distribute_list_all_cmd_vtysh,
+       "no distribute-list WORD (in|out)",
+       NO_STR
+       "Filter networks in routing updates\n"
+       "Access-list name\n"
+       "Filter incoming routing updates\n"
+       "Filter outgoing routing updates\n")
+
+ DEFSH (VTYSH_RIPNGD, ripngd_distribute_list_prefix_all_cmd_vtysh,
+       "distribute-list prefix WORD (in|out)",
+       "Filter prefixes in routing updates\n"
+       "Name of an IP prefix-list\n"
+       "Filter incoming routing updates\n"
+       "Filter outgoing routing updates\n")
+
+ DEFSH (VTYSH_RIPNGD, ripngd_no_distribute_list_prefix_all_cmd_vtysh,
+       "no distribute-list prefix WORD (in|out)",
+       NO_STR
+       "Filter prefixes in routing updates\n"
+       "Name of an IP prefix-list\n"
+       "Filter incoming routing updates\n"
+       "Filter outgoing routing updates\n")
+
+ /* End Add distribute-list and distribute-list prefix commands to RIPD
and RIPNGD */
+
  DEFSH (VTYSH_BGPD, show_ip_bgp_neighbors_peer_cmd_vtysh,
         "show ip bgp neighbors (A.B.C.D|X:X::X:X)",
         "Show running system information\n"
         "IP information\n"
         "BGP information\n"
***************
*** 17072,17081 ****
--- 17136,17156 ----
         "Holdtime\n")

  void
  vtysh_init_cmd ()
  {
+ /* Begin Add distribute-list and distribute-list prefix commands to RIPD
and RIPNGD */
+ /* John Fraizer <john at op-sec.us> */
+   install_element (RIP_NODE, &ripd_distribute_list_all_cmd_vtysh);
+   install_element (RIP_NODE, &ripd_no_distribute_list_all_cmd_vtysh);
+   install_element (RIPNG_NODE, &ripngd_distribute_list_all_cmd_vtysh);
+   install_element (RIPNG_NODE, &ripngd_no_distribute_list_all_cmd_vtysh);
+   install_element (RIP_NODE, &ripd_distribute_list_prefix_all_cmd_vtysh);
+   install_element (RIP_NODE,
&ripd_no_distribute_list_prefix_all_cmd_vtysh);
+   install_element (RIPNG_NODE,
&ripngd_distribute_list_prefix_all_cmd_vtysh);
+   install_element (RIPNG_NODE,
&ripngd_no_distribute_list_prefix_all_cmd_vtysh);
+ /* End Add distribute-list and distribute-list prefix commands to RIPD
and RIPNGD */
    install_element (VIEW_NODE, &show_bgp_ipv6_community4_cmd_vtysh);
    install_element (ENABLE_NODE, &show_ipv6_mbgp_summary_cmd_vtysh);
    install_element (RMAP_NODE, &match_ipv6_next_hop_cmd_vtysh);
    install_element (CONFIG_NODE, &debug_zebra_packet_cmd_vtysh);
    install_element (INTERFACE_NODE,
&no_isis_hello_interval_l2_arg_cmd_vtysh);

---END PATCH---


I'll try to make it a point to add any other commands I note missing from
VTYSH as I find them.


--
John Fraizer
LinkedIn profile: http://www.linkedin.com/in/johnfraizer/



On Fri, Oct 10, 2014 at 12:51 PM, John Fraizer <john at op-sec.us> wrote:

> It seems that the distribute-list command for ripng isn't available if
> you're accessing ripng via VTYSH rather than directly to the ripng vty.
>
> I've noticed several things daemons that don't have their complete command
> sets available via VTYSH.   We need to fix that. ;-)
>
>
> I can use it in the direct ripng VTY though with both access-lists and
> prefix-lists with the desired results.  Both of the configurations below
> only allow redistribution of dead:beef::/128.
>
> Using an access-list:
>
> !
> router ripng
>  network eth1.100
>  redistribute connected
>  distribute-list TEST out
> !
> ipv6 access-list TEST permit dead:beef::50/128
> ipv6 access-list TEST deny any
> !
>
>
> Or, if you want to use a prefix-list instead:
>
> !
> router ripng
>  network eth1.100
>  redistribute connected
>  distribute-list prefix TEST out
> !
> ipv6 prefix-list TEST seq 10 permit dead:beef::50/128
> ipv6 prefix-list TEST seq 20 deny any
> !
>
>
>
> --
> John Fraizer
> LinkedIn profile: http://www.linkedin.com/in/johnfraizer/
>
>
>
> On Fri, Oct 10, 2014 at 5:55 AM, Dahlberg, David <
> david.dahlberg at fkie.fraunhofer.de> wrote:
>
>> Hi *,
>>
>> may somebody please help me out on how to filter prefixes in the ripngd?
>>
>> Accoding to the documentation and sample configs, this should be done
>> with "router ripng/distribute-list". Unfortunately the deamon does not
>> except this.
>>
>> What ripngd accepts is "route-map". This OTOH is pretty useless for
>> daemons other than bgpd. Especially "match ipv6" seems not to be usable
>> with the ripngd. Any suggestions?
>>
>> Cheers,
>>
>>         David
>>
>> --
>> David Dahlberg
>>
>> Fraunhofer FKIE, Dept. Communication Systems (KOM) | Tel:
>> +49-228-9435-845
>> Fraunhoferstr. 20, 53343 Wachtberg, Germany        | Fax: +49-228-856277
>> _______________________________________________
>> Quagga-users mailing list
>> Quagga-users at lists.quagga.net
>> https://lists.quagga.net/mailman/listinfo/quagga-users
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.quagga.net/pipermail/quagga-dev/attachments/20141010/a2ff604a/attachment-0001.html>


More information about the Quagga-dev mailing list