1 /* BGP network related fucntions
2 Copyright (C) 1999 Kunihiro Ishiguro
4 This file is part of GNU Zebra.
6 GNU Zebra is free software; you can redistribute it and/or modify it
7 under the terms of the GNU General Public License as published by the
8 Free Software Foundation; either version 2, or (at your option) any
11 GNU Zebra is distributed in the hope that it will be useful, but
12 WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with GNU Zebra; see the file COPYING. If not, write to the Free
18 Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
24 #include "sockunion.h"
36 #include "bgpd/bgpd.h"
37 #include "bgpd/bgp_fsm.h"
38 #include "bgpd/bgp_attr.h"
39 #include "bgpd/bgp_debug.h"
40 #include "bgpd/bgp_network.h"
42 extern struct zebra_privs_t bgpd_privs;
44 /* BGP listening socket. */
49 struct thread *thread;
53 * Set MD5 key for the socket, for the given IPv4 peer address.
54 * If the password is NULL or zero-length, the option will be disabled.
57 bgp_md5_set_socket (int socket, union sockunion *su, const char *password)
64 #if HAVE_DECL_TCP_MD5SIG
65 ret = sockopt_tcp_signature (socket, su, password);
67 #endif /* HAVE_TCP_MD5SIG */
70 zlog (NULL, LOG_WARNING, "can't set TCP_MD5SIG option on socket %d: %s",
71 socket, safe_strerror (en));
76 /* Helper for bgp_connect */
78 bgp_md5_set_connect (int socket, union sockunion *su, const char *password)
82 #if HAVE_DECL_TCP_MD5SIG
83 if ( bgpd_privs.change (ZPRIVS_RAISE) )
85 zlog_err ("%s: could not raise privs", __func__);
89 ret = bgp_md5_set_socket (socket, su, password);
91 if (bgpd_privs.change (ZPRIVS_LOWER) )
92 zlog_err ("%s: could not lower privs", __func__);
93 #endif /* HAVE_TCP_MD5SIG */
99 bgp_md5_set (struct peer *peer)
101 struct listnode *node;
103 struct bgp_listener *listener;
105 if ( bgpd_privs.change (ZPRIVS_RAISE) )
107 zlog_err ("%s: could not raise privs", __func__);
111 /* Just set the password on the listen socket(s). Outbound connections
112 * are taken care of in bgp_connect() below.
114 for (ALL_LIST_ELEMENTS_RO(bm->listen_sockets, node, listener))
115 if (listener->su.sa.sa_family == peer->su.sa.sa_family)
117 ret = bgp_md5_set_socket (listener->fd, &peer->su, peer->password);
121 if (bgpd_privs.change (ZPRIVS_LOWER) )
122 zlog_err ("%s: could not lower privs", __func__);
127 /* Update BGP socket send buffer size */
129 bgp_update_sock_send_buffer_size (int fd)
131 int size = BGP_SOCKET_SNDBUF_SIZE;
133 socklen_t optlen = sizeof(optval);
135 if (getsockopt(fd, SOL_SOCKET, SO_SNDBUF, &optval, &optlen) < 0)
137 zlog_err("getsockopt of SO_SNDBUF failed %s\n", safe_strerror(errno));
142 if (setsockopt(fd, SOL_SOCKET, SO_SNDBUF, &size, sizeof(size)) < 0)
144 zlog_err("Couldn't increase send buffer: %s\n", safe_strerror(errno));
150 bgp_set_socket_ttl (struct peer *peer, int bgp_sock)
152 char buf[INET_ADDRSTRLEN];
153 int ret, ttl, minttl;
161 minttl = 256 - peer->gtsm_hops;
165 ttl = peer_ttl (peer);
169 ret = sockopt_ttl (peer->su.sa.sa_family, bgp_sock, ttl);
171 zlog_err ("%s: Can't set TxTTL on peer (rtrid %s) socket, err = %d",
173 inet_ntop (AF_INET, &peer->remote_id, buf, sizeof(buf)),
176 ret = sockopt_minttl (peer->su.sa.sa_family, bgp_sock, minttl);
177 if (ret && (errno != ENOTSUP || minttl))
178 zlog_err ("%s: Can't set MinTTL on peer (rtrid %s) socket, err = %d",
180 inet_ntop (AF_INET, &peer->remote_id, buf, sizeof(buf)),
184 /* Accept bgp connection. */
186 bgp_accept (struct thread *thread)
191 struct bgp_listener *listener = THREAD_ARG(thread);
194 char buf[SU_ADDRSTRLEN];
196 /* Register accept thread. */
197 accept_sock = THREAD_FD (thread);
200 zlog_err ("accept_sock is nevative value %d", accept_sock);
203 listener->thread = thread_add_read (bm->master, bgp_accept, listener, accept_sock);
205 /* Accept client connection. */
206 bgp_sock = sockunion_accept (accept_sock, &su);
209 zlog_err ("[Error] BGP socket accept failed (%s)", safe_strerror (errno));
212 set_nonblocking (bgp_sock);
214 /* Set socket send buffer size */
215 bgp_update_sock_send_buffer_size(bgp_sock);
217 if (BGP_DEBUG (events, EVENTS))
218 zlog_debug ("[Event] BGP connection from host %s:%d",
219 inet_sutop (&su, buf), sockunion_get_port (&su));
221 /* Check remote IP address */
222 peer1 = peer_lookup (NULL, &su);
223 /* We could perhaps just drop new connections from already Established
226 if (! peer1 || peer1->status == Idle || peer1->status > Established)
228 if (BGP_DEBUG (events, EVENTS))
231 zlog_debug ("[Event] BGP connection IP address %s is not configured",
232 inet_sutop (&su, buf));
234 zlog_debug ("[Event] BGP connection IP address %s is %s state",
235 inet_sutop (&su, buf),
236 LOOKUP (bgp_status_msg, peer1->status));
242 bgp_set_socket_ttl (peer1, bgp_sock);
244 /* Make dummy peer until read Open packet. */
245 if (BGP_DEBUG (events, EVENTS))
246 zlog_debug ("[Event] Make dummy peer structure until read Open packet");
249 char buf[SU_ADDRSTRLEN];
251 peer = peer_create_accept (peer1->bgp);
254 peer->status = Active;
256 /* Config state that should affect OPEN packet must be copied over */
257 peer->local_id = peer1->local_id;
258 peer->v_holdtime = peer1->v_holdtime;
259 peer->v_keepalive = peer1->v_keepalive;
260 peer->local_as = peer1->local_as;
261 peer->change_local_as = peer1->change_local_as;
262 peer->flags = peer1->flags;
263 peer->sflags = peer1->sflags;
264 #define PEER_ARRAY_COPY(D,S,A) \
265 memcpy ((D)->A, (S)->A, sizeof (((D)->A)[0][0])*AFI_MAX*SAFI_MAX);
266 PEER_ARRAY_COPY(peer, peer1, afc);
267 PEER_ARRAY_COPY(peer, peer1, af_flags);
268 #undef PEER_ARRAY_COPY
270 /* Make peer's address string. */
271 sockunion2str (&su, buf, SU_ADDRSTRLEN);
272 peer->host = XSTRDUP (MTYPE_BGP_PEER_HOST, buf);
274 SET_FLAG (peer->sflags, PEER_STATUS_ACCEPT_PEER);
277 BGP_EVENT_ADD (peer, TCP_connection_open);
282 /* BGP socket bind. */
284 bgp_bind (struct peer *peer)
286 #ifdef SO_BINDTODEVICE
294 strncpy ((char *)&ifreq.ifr_name, peer->ifname, sizeof (ifreq.ifr_name));
296 if ( bgpd_privs.change (ZPRIVS_RAISE) )
297 zlog_err ("bgp_bind: could not raise privs");
299 ret = setsockopt (peer->fd, SOL_SOCKET, SO_BINDTODEVICE,
300 &ifreq, sizeof (ifreq));
303 if (bgpd_privs.change (ZPRIVS_LOWER) )
304 zlog_err ("bgp_bind: could not lower privs");
308 zlog (peer->log, LOG_INFO, "bind to interface %s failed, errno=%d",
309 peer->ifname, myerrno);
312 #endif /* SO_BINDTODEVICE */
317 bgp_update_address (struct interface *ifp, const union sockunion *dst,
318 union sockunion *addr)
320 struct prefix *p, *sel, d;
321 struct connected *connected;
322 struct listnode *node;
325 sockunion2hostprefix (dst, &d);
329 for (ALL_LIST_ELEMENTS_RO (ifp->connected, node, connected))
331 p = connected->address;
332 if (p->family != d.family)
334 if (prefix_common_bits (p, &d) > common)
337 common = prefix_common_bits (sel, &d);
344 prefix2sockunion (sel, addr);
348 /* Update source selection. */
350 bgp_update_source (struct peer *peer)
352 struct interface *ifp;
353 union sockunion addr;
355 /* Source is specified with interface name. */
358 ifp = if_lookup_by_name (peer->update_if);
362 if (bgp_update_address (ifp, &peer->su, &addr))
365 sockunion_bind (peer->fd, &addr, 0, &addr);
368 /* Source is specified with IP address. */
369 if (peer->update_source)
370 sockunion_bind (peer->fd, peer->update_source, 0, peer->update_source);
373 /* BGP try to connect to the peer. */
375 bgp_connect (struct peer *peer)
377 ifindex_t ifindex = 0;
379 /* Make socket for the peer. */
380 peer->fd = sockunion_socket (&peer->su);
384 set_nonblocking (peer->fd);
386 /* Set socket send buffer size */
387 bgp_update_sock_send_buffer_size(peer->fd);
389 bgp_set_socket_ttl (peer, peer->fd);
391 sockopt_reuseaddr (peer->fd);
392 sockopt_reuseport (peer->fd);
394 #ifdef IPTOS_PREC_INTERNETCONTROL
395 if (bgpd_privs.change (ZPRIVS_RAISE))
396 zlog_err ("%s: could not raise privs", __func__);
397 if (sockunion_family (&peer->su) == AF_INET)
398 setsockopt_ipv4_tos (peer->fd, IPTOS_PREC_INTERNETCONTROL);
399 else if (sockunion_family (&peer->su) == AF_INET6)
400 setsockopt_ipv6_tclass (peer->fd, IPTOS_PREC_INTERNETCONTROL);
401 if (bgpd_privs.change (ZPRIVS_LOWER))
402 zlog_err ("%s: could not lower privs", __func__);
406 bgp_md5_set_connect (peer->fd, &peer->su, peer->password);
411 /* Update source bind. */
412 bgp_update_source (peer);
415 ifindex = ifname2ifindex (peer->ifname);
417 if (BGP_DEBUG (events, EVENTS))
418 plog_debug (peer->log, "%s [Event] Connect start to %s fd %d",
419 peer->host, peer->host, peer->fd);
421 /* Connect to the remote peer. */
422 return sockunion_connect (peer->fd, &peer->su, htons (peer->port), ifindex);
425 /* After TCP connection is established. Get local address and port. */
427 bgp_getsockname (struct peer *peer)
431 sockunion_free (peer->su_local);
432 peer->su_local = NULL;
437 sockunion_free (peer->su_remote);
438 peer->su_remote = NULL;
441 peer->su_local = sockunion_getsockname (peer->fd);
442 peer->su_remote = sockunion_getpeername (peer->fd);
444 bgp_nexthop_set (peer->su_local, peer->su_remote, &peer->nexthop, peer);
449 bgp_listener (int sock, struct sockaddr *sa, socklen_t salen)
451 struct bgp_listener *listener;
454 sockopt_reuseaddr (sock);
455 sockopt_reuseport (sock);
457 if (bgpd_privs.change (ZPRIVS_RAISE))
458 zlog_err ("%s: could not raise privs", __func__);
460 #ifdef IPTOS_PREC_INTERNETCONTROL
461 if (sa->sa_family == AF_INET)
462 setsockopt_ipv4_tos (sock, IPTOS_PREC_INTERNETCONTROL);
463 else if (sa->sa_family == AF_INET6)
464 setsockopt_ipv6_tclass (sock, IPTOS_PREC_INTERNETCONTROL);
467 sockopt_v6only (sa->sa_family, sock);
469 ret = bind (sock, sa, salen);
471 if (bgpd_privs.change (ZPRIVS_LOWER))
472 zlog_err ("%s: could not lower privs", __func__);
476 zlog_err ("bind: %s", safe_strerror (en));
480 ret = listen (sock, 3);
483 zlog_err ("listen: %s", safe_strerror (errno));
487 listener = XMALLOC (MTYPE_BGP_LISTENER, sizeof(*listener));
489 memcpy(&listener->su, sa, salen);
490 listener->thread = thread_add_read (bm->master, bgp_accept, listener, sock);
491 listnode_add (bm->listen_sockets, listener);
496 /* IPv6 supported version of BGP server socket setup. */
498 bgp_socket (unsigned short port, const char *address)
500 struct addrinfo *ainfo;
501 struct addrinfo *ainfo_save;
502 static const struct addrinfo req = {
503 .ai_family = AF_UNSPEC,
504 .ai_flags = AI_PASSIVE,
505 .ai_socktype = SOCK_STREAM,
508 char port_str[BUFSIZ];
510 snprintf (port_str, sizeof(port_str), "%d", port);
511 port_str[sizeof (port_str) - 1] = '\0';
513 ret = getaddrinfo (address, port_str, &req, &ainfo_save);
516 zlog_err ("getaddrinfo: %s", gai_strerror (ret));
521 for (ainfo = ainfo_save; ainfo; ainfo = ainfo->ai_next)
525 if (ainfo->ai_family != AF_INET && ainfo->ai_family != AF_INET6)
528 sock = socket (ainfo->ai_family, ainfo->ai_socktype, ainfo->ai_protocol);
531 zlog_err ("socket: %s", safe_strerror (errno));
535 /* if we intend to implement ttl-security, this socket needs ttl=255 */
536 sockopt_ttl (ainfo->ai_family, sock, MAXTTL);
538 ret = bgp_listener (sock, ainfo->ai_addr, ainfo->ai_addrlen);
544 freeaddrinfo (ainfo_save);
547 zlog_err ("%s: no usable addresses", __func__);
557 struct listnode *node, *next;
558 struct bgp_listener *listener;
560 for (ALL_LIST_ELEMENTS (bm->listen_sockets, node, next, listener))
562 thread_cancel (listener->thread);
563 close (listener->fd);
564 listnode_delete (bm->listen_sockets, listener);
565 XFREE (MTYPE_BGP_LISTENER, listener);
projects / quagga-debian.git / blob