batfish · progwriter · Oct 29, 2020 · Oct 28, 2020
diff --git a/projects/batfish/src/main/antlr4/org/batfish/grammar/palo_alto/PaloAltoLexer.g4 b/projects/batfish/src/main/antlr4/org/batfish/grammar/palo_alto/PaloAltoLexer.g4
@@ -952,6 +952,11 @@ MULTICAST
     'multicast'
 ;
 
+MULTIHOP
+:
+    'multihop'
+;
+
 NAT
 :
     'nat'

diff --git a/projects/batfish/src/main/antlr4/org/batfish/grammar/palo_alto/PaloAlto_bgp.g4 b/projects/batfish/src/main/antlr4/org/batfish/grammar/palo_alto/PaloAlto_bgp.g4
@@ -118,6 +118,7 @@ bgppgp_connection_options
     CONNECTION_OPTIONS
     (
         bgppgp_co_incoming_bgp_connection
+        | bgppgp_co_multihop
         | bgppgp_co_null
         | bgppgp_co_outgoing_bgp_connection
     )
@@ -142,6 +143,11 @@ bgppgp_coi_remote_port
     REMOTE_PORT p = port_number
 ;
 
+bgppgp_co_multihop
+:
+    MULTIHOP num = uint8 // 0-255
+;
+
 bgppgp_co_null
 :
     (

diff --git a/...cts/batfish/src/main/java/org/batfish/grammar/palo_alto/PaloAltoConfigurationBuilder.java b/...cts/batfish/src/main/java/org/batfish/grammar/palo_alto/PaloAltoConfigurationBuilder.java
@@ -116,6 +116,7 @@
 import org.batfish.grammar.palo_alto.PaloAltoParser.Bgppg_definitionContext;
 import org.batfish.grammar.palo_alto.PaloAltoParser.Bgppg_enableContext;
 import org.batfish.grammar.palo_alto.PaloAltoParser.Bgppg_peerContext;
+import org.batfish.grammar.palo_alto.PaloAltoParser.Bgppgp_co_multihopContext;
 import org.batfish.grammar.palo_alto.PaloAltoParser.Bgppgp_coi_allowContext;
 import org.batfish.grammar.palo_alto.PaloAltoParser.Bgppgp_coi_remote_portContext;
 import org.batfish.grammar.palo_alto.PaloAltoParser.Bgppgp_coo_allowContext;
@@ -927,6 +928,11 @@ public void exitBgppgp_coi_remote_port(Bgppgp_coi_remote_portContext ctx) {
     _currentBgpPeer.getConnectionOptions().setRemotePort(toInteger(ctx.p));
   }
 
+  @Override
+  public void enterBgppgp_co_multihop(Bgppgp_co_multihopContext ctx) {
+    _currentBgpPeer.setMultihop(toInteger(ctx.num));
+  }
+
   @Override
   public void exitBgppgp_coo_allow(Bgppgp_coo_allowContext ctx) {
     _currentBgpPeer.getConnectionOptions().setOutgoingAllow(toBoolean(ctx.yn));

diff --git a/projects/batfish/src/main/java/org/batfish/representation/palo_alto/BgpPeer.java b/projects/batfish/src/main/java/org/batfish/representation/palo_alto/BgpPeer.java
@@ -52,6 +52,15 @@ public void setLocalInterface(@Nullable String localInterface) {
     _localInterface = localInterface;
   }
 
+  @Nullable
+  public Integer getMultihop() {
+    return _multihop;
+  }
+
+  public void setMultihop(@Nullable Integer multihop) {
+    _multihop = multihop;
+  }
+
   public @Nonnull String getName() {
     return _name;
   }
@@ -90,4 +99,5 @@ public void setReflectorClient(@Nullable ReflectorClient reflectorClient) {
   private @Nullable Ip _peerAddress;
   private @Nullable Long _peerAs;
   private @Nullable ReflectorClient _reflectorClient;
+  private @Nullable Integer _multihop;
 }
diff --git a/...cts/batfish/src/main/java/org/batfish/representation/palo_alto/PaloAltoConfiguration.java b/...cts/batfish/src/main/java/org/batfish/representation/palo_alto/PaloAltoConfiguration.java
@@ -2084,6 +2084,10 @@ private void convertPeer(
             .setGroup(pg.getName())
             .setLocalAs(localAs)
             .setPeerAddress(peer.getPeerAddress())
+            // Multihop (as batfish VI model understands it) is always on for PAN because of
+            // "number + 2" computation
+            // See https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClKkCAK
+            .setEbgpMultihop(true)
             .setRemoteAs(peerAs);
     if (peer.getLocalAddress() != null) {
       peerB.setLocalIp(peer.getLocalAddress());

diff --git a/projects/batfish/src/test/java/org/batfish/grammar/palo_alto/PaloAltoGrammarTest.java b/projects/batfish/src/test/java/org/batfish/grammar/palo_alto/PaloAltoGrammarTest.java
@@ -3713,4 +3713,33 @@ public void testSecurityRuleTag() {
             .getTags(),
         contains("TAG"));
   }
+
+  @Test
+  public void testBgpMultihopExtraction() {
+    String hostname = "bgp-multihop";
+    PaloAltoConfiguration vs = parsePaloAltoConfig(hostname);
+    assertThat(
+        vs.getVirtualRouters()
+            .get("vr1")
+            .getBgp()
+            .getPeerGroups()
+            .get("pg1")
+            .getPeers()
+            .get("peer1")
+            .getMultihop(),
+        equalTo(0));
+  }
+
+  @Test
+  public void testBgpMultihopConversion() {
+    String hostname = "bgp-multihop";
+    Configuration c = parseConfig(hostname);
+    assertTrue(
+        c.getVrfs()
+            .get("vr1")
+            .getBgpProcess()
+            .getActiveNeighbors()
+            .get(Prefix.parse("120.120.120.120/32"))
+            .getEbgpMultihop());
+  }
 }
diff --git a/projects/batfish/src/test/resources/org/batfish/grammar/palo_alto/testconfigs/bgp-multihop b/projects/batfish/src/test/resources/org/batfish/grammar/palo_alto/testconfigs/bgp-multihop
@@ -0,0 +1,15 @@
+set deviceconfig system hostname bgp-multihop
+
+set network interface ethernet ethernet1/3 layer3 units ethernet1/3.5 ip 1.1.1.3/24
+set network virtual-router vr1 interface ethernet1/3.5
+
+set network virtual-router vr1 protocol bgp enable yes
+set network virtual-router vr1 protocol bgp router-id 1.1.1.1
+set network virtual-router vr1 protocol bgp local-as 1
+
+set network virtual-router vr1 protocol bgp peer-group pg1 enable yes
+set network virtual-router vr1 protocol bgp peer-group pg1 peer peer1 local-address interface ethernet1/3.5
+set network virtual-router vr1 protocol bgp peer-group pg1 peer peer1 peer-address ip 120.120.120.120
+set network virtual-router vr1 protocol bgp peer-group pg1 peer peer1 peer-as 2345
+set network virtual-router vr1 protocol bgp peer-group pg1 peer peer1 enable yes
+set network virtual-router vr1 protocol bgp peer-group pg1 peer peer1 connection-options multihop 0