Download raw body.
bgpd: allow equalityop matching for neighbor-as
Putting the code on par with what the man-page implies, this will allow using an equalityop to match neighbor-as.
Rules such as `deny from any transit-as != neighbor-as` thus become feasible.
On the other side `as_compare` in `rde_attr.c` already checks for the operations against a unified variable containing the neighbor at the time.
Please note that the code is untested at time of writing as I do not currently have a development environment for OpenBSD, but the change itself seemed trivial enough to throw it out there in case anyone can test this before I get around to do so.
diff --git usr.sbin/bgpd/parse.y usr.sbin/bgpd/parse.y
index 4b24de688e0..e5054dd2b66 100644
--- usr.sbin/bgpd/parse.y
+++ usr.sbin/bgpd/parse.y
@@ -2762,6 +2762,13 @@ filter_as : as4number_any {
fatal(NULL);
$$->a.flags = AS_FLAG_NEIGHBORAS;
}
+ | equalityop NEIGHBORAS {
+ if (($$ = calloc(1, sizeof(struct filter_as_l))) ==
+ NULL)
+ fatal(NULL);
+ $$->a.op = $1;
+ $$->a.flags = AS_FLAG_NEIGHBORAS;
+ }
| equalityop as4number_any {
if (($$ = calloc(1, sizeof(struct filter_as_l))) ==
NULL)
bgpd: allow equalityop matching for neighbor-as