add BGP MD5 password support

natesales · Nov 8, 2020 · b263edb · b263edb
1 parent cf78fee
commit b263edb
Show file tree

Hide file tree

Showing 3 changed files with 7 additions and 5 deletions.
diff --git a/README.md b/README.md
@@ -109,6 +109,7 @@ bcg uses RFC 8092 BGP Large Communities
 | disabled       | Should neighbor sessions be disabled?                                                                     |
 | passive        | Should neighbor sessions listen passively for BGP TCP connections?                                        |
 | multihop       | Should neighbor sessions allow multihop?                                                                  |
+| password       | BGP MD5 Password                                                                                          |
 | neighbors      | List of neighbor IP addresses                                                                             |
 | pre-import     | List of BIRD expressions to execute after the prefilter and before the prefix filter                      |
 | pre-export     | List of BIRD expressions to execute before the export filter                                              |

diff --git a/parser.go b/parser.go
@@ -34,6 +34,7 @@ type Peer struct {
 	Multihop     bool     `yaml:"multihop" toml:"Multihop" json:"multihop"`
 	Passive      bool     `yaml:"passive" toml:"Passive" json:"passive"`
 	Disabled     bool     `yaml:"disabled" toml:"Disabled" json:"disabled"`
+	Password     string   `yaml:"password" toml:"Password" json:"password"`
 	PreImport    string   `yaml:"pre-import" toml:"PreImport" json:"pre-import"`
 	PreExport    string   `yaml:"pre-export" toml:"PreExport" json:"pre-export"`
 	NeighborIps  []string `yaml:"neighbors" toml:"Neighbors" json:"neighbors"`

diff --git a/templates/peer.tmpl b/templates/peer.tmpl
@@ -30,12 +30,13 @@ protocol bgp {{ $peer.Name }}v{{ $af }}_{{ $i }} {
     {{ if $peer.Disabled }}disabled;{{ end }}
     {{- if $peer.Passive }}passive;{{ end }}
     {{- if $peer.Multihop }}multihop 255;{{ end }}
+    {{- if $peer.Password }}password {{ $peer.Password }};{{ end }}
     ipv{{ $af }} {
         {{ if $global.KeepFiltered -}}
         import keep filtered;
         {{ end -}}
         import limit AS{{ $peer.Asn }}_MAXPFX_v{{ $af }} action disable;
-        {{ if eq $peer.Asn $global.Asn }}next hop self;{{ end }}
+        {{ if eq $peer.Asn $global.Asn }}next hop self;{{ end -}}
         import filter {
             reject_bogons();
             strip_communities();
@@ -71,12 +72,10 @@ protocol bgp {{ $peer.Name }}v{{ $af }}_{{ $i }} {
         };
 
         export filter {
-            {{ $peer.PreExport -}}
-
-            {{- if or $global.OriginSet4 $global.OriginSet6 }}
+            {{ $peer.PreExport }}
+            {{- if or $global.OriginSet4 $global.OriginSet6 -}}
             accept_local(); # Originated
             {{ end -}}
-
             {{ if eq $peer.Type "upstream" -}}
             if ((ASN,0,103) ~ bgp_large_community) then accept; # Downstream
             {{ else if or (eq $peer.Type "peer") (eq $peer.Type "import-valid") -}}
@@ -89,4 +88,5 @@ protocol bgp {{ $peer.Name }}v{{ $af }}_{{ $i }} {
         };
     };
 }
+
 {{ end }}