config: Add parameters for TTL Security

Signed-off-by: IWASE Yusuke <iwase.yusuke0@gmail.com>

3 files changed, 116 insertions, 0 deletions

diff --git a/config/bgp_configs.go b/config/bgp_configs.go
index f5329096..a76708b6 100644
--- a/config/bgp_configs.go
+++ b/config/bgp_configs.go
@@ -1565,6 +1565,8 @@ type PeerGroup struct {
 	UseMultiplePaths UseMultiplePaths `mapstructure:"use-multiple-paths" json:"use-multiple-paths,omitempty"`
 	// original -> gobgp:route-server
 	RouteServer RouteServer `mapstructure:"route-server" json:"route-server,omitempty"`
+	// original -> gobgp:ttl-security
+	TtlSecurity TtlSecurity `mapstructure:"ttl-security" json:"ttl-security,omitempty"`
 }
 
 func (lhs *PeerGroup) Equal(rhs *PeerGroup) bool {
@@ -1626,6 +1628,58 @@ func (lhs *PeerGroup) Equal(rhs *PeerGroup) bool {
 	if !lhs.RouteServer.Equal(&(rhs.RouteServer)) {
 		return false
 	}
+	if !lhs.TtlSecurity.Equal(&(rhs.TtlSecurity)) {
+		return false
+	}
+	return true
+}
+
+//struct for container gobgp:state
+type TtlSecurityState struct {
+	// original -> gobgp:enabled
+	//gobgp:enabled's original type is boolean
+	Enabled bool `mapstructure:"enabled" json:"enabled,omitempty"`
+	// original -> gobgp:ttl-min
+	TtlMin uint8 `mapstructure:"ttl-min" json:"ttl-min,omitempty"`
+}
+
+//struct for container gobgp:config
+type TtlSecurityConfig struct {
+	// original -> gobgp:enabled
+	//gobgp:enabled's original type is boolean
+	Enabled bool `mapstructure:"enabled" json:"enabled,omitempty"`
+	// original -> gobgp:ttl-min
+	TtlMin uint8 `mapstructure:"ttl-min" json:"ttl-min,omitempty"`
+}
+
+func (lhs *TtlSecurityConfig) Equal(rhs *TtlSecurityConfig) bool {
+	if lhs == nil || rhs == nil {
+		return false
+	}
+	if lhs.Enabled != rhs.Enabled {
+		return false
+	}
+	if lhs.TtlMin != rhs.TtlMin {
+		return false
+	}
+	return true
+}
+
+//struct for container gobgp:ttl-security
+type TtlSecurity struct {
+	// original -> gobgp:ttl-security-config
+	Config TtlSecurityConfig `mapstructure:"config" json:"config,omitempty"`
+	// original -> gobgp:ttl-security-state
+	State TtlSecurityState `mapstructure:"state" json:"state,omitempty"`
+}
+
+func (lhs *TtlSecurity) Equal(rhs *TtlSecurity) bool {
+	if lhs == nil || rhs == nil {
+		return false
+	}
+	if !lhs.Config.Equal(&(rhs.Config)) {
+		return false
+	}
 	return true
 }
 
@@ -2521,6 +2575,8 @@ type Neighbor struct {
 	UseMultiplePaths UseMultiplePaths `mapstructure:"use-multiple-paths" json:"use-multiple-paths,omitempty"`
 	// original -> gobgp:route-server
 	RouteServer RouteServer `mapstructure:"route-server" json:"route-server,omitempty"`
+	// original -> gobgp:ttl-security
+	TtlSecurity TtlSecurity `mapstructure:"ttl-security" json:"ttl-security,omitempty"`
 }
 
 func (lhs *Neighbor) Equal(rhs *Neighbor) bool {
@@ -2582,6 +2638,9 @@ func (lhs *Neighbor) Equal(rhs *Neighbor) bool {
 	if !lhs.RouteServer.Equal(&(rhs.RouteServer)) {
 		return false
 	}
+	if !lhs.TtlSecurity.Equal(&(rhs.TtlSecurity)) {
+		return false
+	}
 	return true
 }
 
diff --git a/config/default.go b/config/default.go
index 8f1cd908..81ffe00f 100644
--- a/config/default.go
+++ b/config/default.go
@@ -232,6 +232,11 @@ func setDefaultNeighborConfigValuesWithViper(v *viper.Viper, n *Neighbor, asn ui
 			n.GracefulRestart.Config.DeferralTime = uint16(360)
 		}
 	}
+
+	if n.EbgpMultihop.Config.Enabled && n.TtlSecurity.Config.Enabled {
+		return fmt.Errorf("ebgp-multihop and ttl-security are mututally exclusive")
+	}
+
 	return nil
 }
 
@@ -424,6 +429,7 @@ func OverwriteNeighborConfigWithPeerGroup(c *Neighbor, pg *PeerGroup) error {
 	overwriteConfig(&c.ApplyPolicy.Config, &pg.ApplyPolicy.Config, "neighbor.apply-policy.config", v)
 	overwriteConfig(&c.UseMultiplePaths.Config, &pg.UseMultiplePaths.Config, "neighbor.use-multiple-paths.config", v)
 	overwriteConfig(&c.RouteServer.Config, &pg.RouteServer.Config, "neighbor.route-server.config", v)
+	overwriteConfig(&c.TtlSecurity.Config, &pg.TtlSecurity.Config, "neighbor.ttl-security.config", v)
 
 	if !v.IsSet("neighbor.afi-safis") {
 		c.AfiSafis = pg.AfiSafis
diff --git a/tools/pyang_plugins/gobgp.yang b/tools/pyang_plugins/gobgp.yang
index 0d8025e6..434d4164 100644
--- a/tools/pyang_plugins/gobgp.yang
+++ b/tools/pyang_plugins/gobgp.yang
@@ -653,6 +653,47 @@ module gobgp {
       }
   }
 
+  grouping gobgp-ttl-security-config {
+    description
+      "Configuration parameters for TTL Security";
+
+    leaf enabled {
+      type boolean;
+      default "false";
+      description
+        "Enable features for TTL Security";
+    }
+
+    leaf ttl-min {
+      type uint8;
+      description
+        "Reference to the port of the BMP server";
+    }
+  }
+
+  grouping gobgp-ttl-security-config-set {
+    description
+      "set of configurations for Generalized TTL Security Mechanism (GTSM)";
+
+    container ttl-security {
+      description
+        "Configure TTL Security feature";
+
+      container config {
+        description
+          "Configuration parameters for TTL Security";
+        uses gobgp-ttl-security-config;
+      }
+
+      container state {
+        config false;
+        description
+          "State information for TTL Security";
+        uses gobgp-ttl-security-config;
+      }
+    }
+  }
+
   // augment statements
   augment "/bgp:bgp/bgp:neighbors/bgp:neighbor/bgp:state/bgp:messages/bgp:sent" {
     description "additional counters";
@@ -825,6 +866,16 @@ module gobgp {
     uses gobgp-route-server-config-set;
   }
 
+  augment "/bgp:bgp/bgp:peer-groups/bgp:peer-group" {
+    description "TTL Security configuration for peer-group";
+    uses gobgp-ttl-security-config-set;
+  }
+
+  augment "/bgp:bgp/bgp:neighbors/bgp:neighbor" {
+    description "TTL Security configuration for neighbor";
+    uses gobgp-ttl-security-config-set;
+   }
+
   augment "/bgp:bgp/bgp:global/bgp:apply-policy/bgp:config" {
     description "addtional policy";
     uses gobgp-in-policy;