diff options
author | Timo Teräs <timo.teras@iki.fi> | 2016-10-19 13:15:07 +0300 |
---|---|---|
committer | Timo Teräs <timo.teras@iki.fi> | 2016-10-19 16:10:27 +0300 |
commit | 2ed71552e2efad2ec88d241bf447464d0873e550 (patch) | |
tree | 90c9840701559ea20d04bbf5a1b5ba7f4023bd7e /main | |
parent | ca712c8127101721b2bb51eaccd4ed6b3491c78e (diff) | |
download | aports-2ed71552e2efad2ec88d241bf447464d0873e550.tar.bz2 aports-2ed71552e2efad2ec88d241bf447464d0873e550.tar.xz |
main/quagga-nhrp: upgrade to 1.1.0 + nhrp patch
Diffstat (limited to 'main')
8 files changed, 9124 insertions, 38 deletions
diff --git a/main/quagga-nhrp/0001-zebra-use-FIB-state-for-nexthop-tracking.patch b/main/quagga-nhrp/0001-zebra-use-FIB-state-for-nexthop-tracking.patch new file mode 100644 index 0000000000..d9cee06948 --- /dev/null +++ b/main/quagga-nhrp/0001-zebra-use-FIB-state-for-nexthop-tracking.patch @@ -0,0 +1,28 @@ +From 22d31cdc21523aa790c07d84ee1b89dcb53107af Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi> +Date: Wed, 30 Mar 2016 13:46:57 +0300 +Subject: [PATCH 1/5] zebra: use FIB state for nexthop tracking + +The FIB override routes can override ZEBRA_FLAG_SELECTED routes +in FIB. Use the FIB state instead to report correct nexthop when +FIB override routes are present. +--- + zebra/zebra_rnh.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/zebra/zebra_rnh.c b/zebra/zebra_rnh.c +index 7b6d0f8..97d3597 100644 +--- a/zebra/zebra_rnh.c ++++ b/zebra/zebra_rnh.c +@@ -223,7 +223,7 @@ zebra_evaluate_rnh_table (vrf_id_t vrfid, int family) + { + if (CHECK_FLAG (rib->status, RIB_ENTRY_REMOVED)) + continue; +- if (CHECK_FLAG (rib->flags, ZEBRA_FLAG_SELECTED)) ++ if (CHECK_FLAG (rib->status, RIB_ENTRY_SELECTED_FIB)) + { + if (CHECK_FLAG(rnh->flags, ZEBRA_NHT_CONNECTED)) + { +-- +2.10.1 + diff --git a/main/quagga-nhrp/0002-zebra-fix-nht-validity-checking-to-be-same-as-when-i.patch b/main/quagga-nhrp/0002-zebra-fix-nht-validity-checking-to-be-same-as-when-i.patch new file mode 100644 index 0000000000..88d338184f --- /dev/null +++ b/main/quagga-nhrp/0002-zebra-fix-nht-validity-checking-to-be-same-as-when-i.patch @@ -0,0 +1,33 @@ +From 17d31f627a305eeba2d12525d3deea516c2ac0c1 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi> +Date: Wed, 30 Mar 2016 14:31:14 +0300 +Subject: [PATCH 2/5] zebra: fix nht validity checking to be same as when it's + resolved + +This reverts commit 7e3a435bd99 "A valid BGP nexthop is flagged as invalid" + +Problem is BGP thinks the nexthop is accessible when it's recursive, and +selects it, but zebra rejects it at route install time. Causing FIB and +BGP state to be out-of-sync. Fix nht to follow same rules as zebra rib. +--- + zebra/zebra_rnh.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/zebra/zebra_rnh.c b/zebra/zebra_rnh.c +index 97d3597..5762d3f 100644 +--- a/zebra/zebra_rnh.c ++++ b/zebra/zebra_rnh.c +@@ -498,8 +498,8 @@ send_client (struct rnh *rnh, struct zserv *client, vrf_id_t vrf_id) + nump = stream_get_endp(s); + stream_putc (s, 0); + for (nexthop = rib->nexthop; nexthop; nexthop = nexthop->next) +- if ((CHECK_FLAG (nexthop->flags, NEXTHOP_FLAG_FIB) || +- CHECK_FLAG (nexthop->flags, NEXTHOP_FLAG_RECURSIVE)) && ++ if (CHECK_FLAG (nexthop->flags, NEXTHOP_FLAG_FIB) && ++ ! CHECK_FLAG (nexthop->flags, NEXTHOP_FLAG_RECURSIVE) && + CHECK_FLAG (nexthop->flags, NEXTHOP_FLAG_ACTIVE)) + { + stream_putc (s, nexthop->type); +-- +2.10.1 + diff --git a/main/quagga-nhrp/0003-bgpd-honor-disable-connected-check-option-with-next-.patch b/main/quagga-nhrp/0003-bgpd-honor-disable-connected-check-option-with-next-.patch new file mode 100644 index 0000000000..9e338fa074 --- /dev/null +++ b/main/quagga-nhrp/0003-bgpd-honor-disable-connected-check-option-with-next-.patch @@ -0,0 +1,28 @@ +From 0f4aa527ebddbe32632db5517dd4b98c1371c072 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi> +Date: Wed, 19 Oct 2016 15:35:45 +0300 +Subject: [PATCH 3/5] bgpd: honor disable-connected-check option with next hop + tracking + +Make bgpd ignore connected state again if configured to do so. +--- + bgpd/bgp_fsm.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/bgpd/bgp_fsm.c b/bgpd/bgp_fsm.c +index 2e07d93..7da63ea 100644 +--- a/bgpd/bgp_fsm.c ++++ b/bgpd/bgp_fsm.c +@@ -716,7 +716,8 @@ bgp_start (struct peer *peer) + } + + /* Register to be notified on peer up */ +- if ((peer->ttl == 1) || (peer->gtsm_hops == 1)) ++ if ((peer->ttl == 1 || peer->gtsm_hops == 1) && ++ ! CHECK_FLAG (peer->flags, PEER_FLAG_DISABLE_CONNECTED_CHECK)) + connected = 1; + + bgp_find_or_add_nexthop(family2afi(peer->su.sa.sa_family), NULL, peer, +-- +2.10.1 + diff --git a/main/quagga-nhrp/0004-bgpd-simplify-ebgp-multihop-and-ttl-security-handlin.patch b/main/quagga-nhrp/0004-bgpd-simplify-ebgp-multihop-and-ttl-security-handlin.patch new file mode 100644 index 0000000000..58429fd03e --- /dev/null +++ b/main/quagga-nhrp/0004-bgpd-simplify-ebgp-multihop-and-ttl-security-handlin.patch @@ -0,0 +1,652 @@ +From f61ef00502afb21473f33fcbde851003b96356d5 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi> +Date: Tue, 7 Jul 2015 15:08:51 +0300 +Subject: [PATCH 4/5] bgpd: simplify ebgp-multihop and ttl-security handling + +Change to track configured value in ->ttl and ->gtsm_hops; +not the value set to sockopt. Instead, setting of socket's ttl +and minttl options are now merged to one function which calculates +it on demand. This greatly simplifies the code. +--- + bgpd/bgp_fsm.c | 2 +- + bgpd/bgp_network.c | 58 ++++++------- + bgpd/bgp_network.h | 1 + + bgpd/bgp_route.c | 4 +- + bgpd/bgp_vty.c | 26 ++---- + bgpd/bgp_zebra.c | 13 ++- + bgpd/bgpd.c | 237 +++++++++++------------------------------------------ + bgpd/bgpd.h | 7 +- + 8 files changed, 95 insertions(+), 253 deletions(-) + +diff --git a/bgpd/bgp_fsm.c b/bgpd/bgp_fsm.c +index 7da63ea..67c50c4 100644 +--- a/bgpd/bgp_fsm.c ++++ b/bgpd/bgp_fsm.c +@@ -716,7 +716,7 @@ bgp_start (struct peer *peer) + } + + /* Register to be notified on peer up */ +- if ((peer->ttl == 1 || peer->gtsm_hops == 1) && ++ if ((peer_ttl(peer) == 1 || peer->gtsm_hops == 1) && + ! CHECK_FLAG (peer->flags, PEER_FLAG_DISABLE_CONNECTED_CHECK)) + connected = 1; + +diff --git a/bgpd/bgp_network.c b/bgpd/bgp_network.c +index 51a6f60..c7d3389 100644 +--- a/bgpd/bgp_network.c ++++ b/bgpd/bgp_network.c +@@ -146,47 +146,39 @@ bgp_update_sock_send_buffer_size (int fd) + } + } + +-static void ++void + bgp_set_socket_ttl (struct peer *peer, int bgp_sock) + { + char buf[INET_ADDRSTRLEN]; +- int ret; ++ int ret, ttl, minttl; + +- /* In case of peer is EBGP, we should set TTL for this connection. */ +- if (!peer->gtsm_hops && (peer_sort (peer) == BGP_PEER_EBGP)) ++ if (bgp_sock < 0) ++ return; ++ ++ if (peer->gtsm_hops) + { +- ret = sockopt_ttl (peer->su.sa.sa_family, bgp_sock, peer->ttl); +- if (ret) +- { +- zlog_err ("%s: Can't set TxTTL on peer (rtrid %s) socket, err = %d", +- __func__, +- inet_ntop (AF_INET, &peer->remote_id, buf, sizeof(buf)), +- errno); +- } ++ ttl = 255; ++ minttl = 256 - peer->gtsm_hops; + } +- else if (peer->gtsm_hops) ++ else + { +- /* On Linux, setting minttl without setting ttl seems to mess with the +- outgoing ttl. Therefore setting both. +- */ +- ret = sockopt_ttl (peer->su.sa.sa_family, bgp_sock, MAXTTL); +- if (ret) +- { +- zlog_err ("%s: Can't set TxTTL on peer (rtrid %s) socket, err = %d", +- __func__, +- inet_ntop (AF_INET, &peer->remote_id, buf, sizeof(buf)), +- errno); +- } +- ret = sockopt_minttl (peer->su.sa.sa_family, bgp_sock, +- MAXTTL + 1 - peer->gtsm_hops); +- if (ret) +- { +- zlog_err ("%s: Can't set MinTTL on peer (rtrid %s) socket, err = %d", +- __func__, +- inet_ntop (AF_INET, &peer->remote_id, buf, sizeof(buf)), +- errno); +- } ++ ttl = peer_ttl (peer); ++ minttl = 0; + } ++ ++ ret = sockopt_ttl (peer->su.sa.sa_family, bgp_sock, ttl); ++ if (ret) ++ zlog_err ("%s: Can't set TxTTL on peer (rtrid %s) socket, err = %d", ++ __func__, ++ inet_ntop (AF_INET, &peer->remote_id, buf, sizeof(buf)), ++ errno); ++ ++ ret = sockopt_minttl (peer->su.sa.sa_family, bgp_sock, minttl); ++ if (ret && (errno != ENOTSUP || minttl)) ++ zlog_err ("%s: Can't set MinTTL on peer (rtrid %s) socket, err = %d", ++ __func__, ++ inet_ntop (AF_INET, &peer->remote_id, buf, sizeof(buf)), ++ errno); + } + + /* Accept bgp connection. */ +diff --git a/bgpd/bgp_network.h b/bgpd/bgp_network.h +index 1276843..31995ca 100644 +--- a/bgpd/bgp_network.h ++++ b/bgpd/bgp_network.h +@@ -28,6 +28,7 @@ extern void bgp_close (void); + extern int bgp_connect (struct peer *); + extern void bgp_getsockname (struct peer *); + ++extern void bgp_set_socket_ttl (struct peer *peer, int bgp_sock); + extern int bgp_md5_set (struct peer *); + + #endif /* _QUAGGA_BGP_NETWORK_H */ +diff --git a/bgpd/bgp_route.c b/bgpd/bgp_route.c +index 4cb6c14..010fd4d 100644 +--- a/bgpd/bgp_route.c ++++ b/bgpd/bgp_route.c +@@ -2339,7 +2339,7 @@ bgp_update_main (struct peer *peer, struct prefix *p, struct attr *attr, + /* Nexthop reachability check. */ + if ((afi == AFI_IP || afi == AFI_IP6) && safi == SAFI_UNICAST) + { +- if (peer->sort == BGP_PEER_EBGP && peer->ttl == 1 && ++ if (peer->sort == BGP_PEER_EBGP && peer_ttl (peer) == 1 && + ! CHECK_FLAG (peer->flags, PEER_FLAG_DISABLE_CONNECTED_CHECK)) + connected = 1; + else +@@ -2391,7 +2391,7 @@ bgp_update_main (struct peer *peer, struct prefix *p, struct attr *attr, + /* Nexthop reachability check. */ + if ((afi == AFI_IP || afi == AFI_IP6) && safi == SAFI_UNICAST) + { +- if (peer->sort == BGP_PEER_EBGP && peer->ttl == 1 && ++ if (peer->sort == BGP_PEER_EBGP && peer_ttl (peer) == 1 && + ! CHECK_FLAG (peer->flags, PEER_FLAG_DISABLE_CONNECTED_CHECK)) + connected = 1; + else +diff --git a/bgpd/bgp_vty.c b/bgpd/bgp_vty.c +index 7af4e81..8eeaff9 100644 +--- a/bgpd/bgp_vty.c ++++ b/bgpd/bgp_vty.c +@@ -3058,7 +3058,7 @@ peer_ebgp_multihop_unset_vty (struct vty *vty, const char *ip_str) + if (! peer) + return CMD_WARNING; + +- return bgp_vty_return (vty, peer_ebgp_multihop_unset (peer)); ++ return bgp_vty_return (vty, peer_ebgp_multihop_set (peer, 0)); + } + + /* neighbor ebgp-multihop. */ +@@ -4380,7 +4380,7 @@ DEFUN (no_neighbor_ttl_security, + if (! peer) + return CMD_WARNING; + +- return bgp_vty_return (vty, peer_ttl_security_hops_unset (peer)); ++ return bgp_vty_return (vty, peer_ttl_security_hops_set (peer, 0)); + } + + /* Address family configuration. */ +@@ -8364,6 +8364,7 @@ bgp_show_peer (struct vty *vty, struct peer *p) + char timebuf[BGP_UPTIME_LEN]; + afi_t afi; + safi_t safi; ++ int ttl; + + bgp = p->bgp; + +@@ -8663,21 +8664,12 @@ bgp_show_peer (struct vty *vty, struct peer *p) + } + + /* EBGP Multihop and GTSM */ +- if (p->sort != BGP_PEER_IBGP) +- { +- if (p->gtsm_hops > 0) +- vty_out (vty, " External BGP neighbor may be up to %d hops away.%s", +- p->gtsm_hops, VTY_NEWLINE); +- else if (p->ttl > 1) +- vty_out (vty, " External BGP neighbor may be up to %d hops away.%s", +- p->ttl, VTY_NEWLINE); +- } +- else +- { +- if (p->gtsm_hops > 0) +- vty_out (vty, " Internal BGP neighbor may be up to %d hops away.%s", +- p->gtsm_hops, VTY_NEWLINE); +- } ++ ttl = p->gtsm_hops; ++ if (! ttl) ++ ttl = peer_ttl (p); ++ vty_out (vty, " %s BGP neighbor may be up to %d hops away.%s", ++ p->sort == BGP_PEER_IBGP ? "Internal" : "External", ++ ttl, VTY_NEWLINE); + + /* Local address. */ + if (p->su_local) +diff --git a/bgpd/bgp_zebra.c b/bgpd/bgp_zebra.c +index 45d502a..ba87ad1 100644 +--- a/bgpd/bgp_zebra.c ++++ b/bgpd/bgp_zebra.c +@@ -172,11 +172,10 @@ bgp_interface_down (int command, struct zclient *zclient, zebra_size_t length, + + for (ALL_LIST_ELEMENTS (bgp->peer, node, nnode, peer)) + { +- if ((peer->ttl != 1) && (peer->gtsm_hops != 1)) +- continue; +- +- if (ifp == peer->nexthop.ifp) +- BGP_EVENT_ADD (peer, BGP_Stop); ++ if (peer->gtsm_hops != 1 && peer_ttl (peer) != 1) ++ continue; ++ if (ifp == peer->nexthop.ifp) ++ BGP_EVENT_ADD (peer, BGP_Stop); + } + } + } +@@ -716,7 +715,7 @@ bgp_zebra_announce (struct prefix *p, struct bgp_info *info, struct bgp *bgp, sa + SET_FLAG (flags, ZEBRA_FLAG_INTERNAL); + } + +- if ((peer->sort == BGP_PEER_EBGP && peer->ttl != 1) ++ if ((peer->sort == BGP_PEER_EBGP && peer_ttl (peer) != 1) + || CHECK_FLAG (peer->flags, PEER_FLAG_DISABLE_CONNECTED_CHECK)) + SET_FLAG (flags, ZEBRA_FLAG_INTERNAL); + +@@ -991,7 +990,7 @@ bgp_zebra_withdraw (struct prefix *p, struct bgp_info *info, safi_t safi) + SET_FLAG (flags, ZEBRA_FLAG_IBGP); + } + +- if ((peer->sort == BGP_PEER_EBGP && peer->ttl != 1) ++ if ((peer->sort == BGP_PEER_EBGP && peer_ttl (peer) != 1) + || CHECK_FLAG (peer->flags, PEER_FLAG_DISABLE_CONNECTED_CHECK)) + SET_FLAG (flags, ZEBRA_FLAG_INTERNAL); + +diff --git a/bgpd/bgpd.c b/bgpd/bgpd.c +index 018a599..56e4322 100644 +--- a/bgpd/bgpd.c ++++ b/bgpd/bgpd.c +@@ -646,7 +646,8 @@ peer_global_config_reset (struct peer *peer) + { + peer->weight = 0; + peer->change_local_as = 0; +- peer->ttl = (peer_sort (peer) == BGP_PEER_IBGP ? 255 : 1); ++ peer->ttl = 0; ++ peer->gtsm_hops = 0; + if (peer->update_source) + { + sockunion_free (peer->update_source); +@@ -925,9 +926,6 @@ peer_create (union sockunion *su, struct bgp *bgp, as_t local_as, + /* Last read and reset time set */ + peer->readtime = peer->resettime = bgp_clock (); + +- /* Default TTL set. */ +- peer->ttl = (peer->sort == BGP_PEER_IBGP) ? 255 : 1; +- + /* Make peer's address string. */ + sockunion2str (su, buf, SU_ADDRSTRLEN); + peer->host = XSTRDUP (MTYPE_BGP_PEER_HOST, buf); +@@ -957,7 +955,6 @@ peer_create_accept (struct bgp *bgp) + static void + peer_as_change (struct peer *peer, as_t as) + { +- bgp_peer_sort_t type; + struct peer *conf; + + /* Stop peer. */ +@@ -972,7 +969,6 @@ peer_as_change (struct peer *peer, as_t as) + else + BGP_EVENT_ADD (peer, BGP_Stop); + } +- type = peer_sort (peer); + peer->as = as; + + if (bgp_config_check (peer->bgp, BGP_CONFIG_CONFEDERATION) +@@ -995,12 +991,6 @@ peer_as_change (struct peer *peer, as_t as) + else + peer->v_routeadv = BGP_DEFAULT_EBGP_ROUTEADV; + +- /* TTL reset */ +- if (peer_sort (peer) == BGP_PEER_IBGP) +- peer->ttl = 255; +- else if (type == BGP_PEER_IBGP) +- peer->ttl = 1; +- + /* reflector-client reset */ + if (peer_sort (peer) != BGP_PEER_IBGP) + { +@@ -1506,7 +1496,7 @@ peer_group_get (struct bgp *bgp, const char *name) + group->conf->host = XSTRDUP (MTYPE_BGP_PEER_HOST, name); + group->conf->group = group; + group->conf->as = 0; +- group->conf->ttl = 1; ++ group->conf->ttl = 0; + group->conf->gtsm_hops = 0; + group->conf->v_routeadv = BGP_DEFAULT_EBGP_ROUTEADV; + UNSET_FLAG (group->conf->config, PEER_CONFIG_TIMER); +@@ -1807,6 +1797,16 @@ peer_group_remote_as (struct bgp *bgp, const char *group_name, as_t *as) + } + + int ++peer_ttl (struct peer *peer) ++{ ++ if (peer->ttl) ++ return peer->ttl; ++ if (peer->gtsm_hops || peer->sort == BGP_PEER_IBGP) ++ return 255; ++ return 1; ++} ++ ++int + peer_group_delete (struct peer_group *group) + { + struct bgp *bgp; +@@ -1938,10 +1938,6 @@ peer_group_bind (struct bgp *bgp, union sockunion *su, + group->conf->v_routeadv = BGP_DEFAULT_EBGP_ROUTEADV; + } + +- /* ebgp-multihop reset */ +- if (peer_sort (group->conf) == BGP_PEER_IBGP) +- group->conf->ttl = 255; +- + /* local-as reset */ + if (peer_sort (group->conf) != BGP_PEER_EBGP) + { +@@ -2870,29 +2866,17 @@ peer_ebgp_multihop_set (struct peer *peer, int ttl) + struct peer *peer1; + + if (peer->sort == BGP_PEER_IBGP) +- return 0; ++ return BGP_ERR_NO_IBGP_WITH_TTLHACK; + +- /* see comment in peer_ttl_security_hops_set() */ +- if (ttl != MAXTTL) +- { +- if (CHECK_FLAG (peer->sflags, PEER_STATUS_GROUP)) +- { +- group = peer->group; +- if (group->conf->gtsm_hops != 0) +- return BGP_ERR_NO_EBGP_MULTIHOP_WITH_TTLHACK; +- +- for (ALL_LIST_ELEMENTS (group->peer, node, nnode, peer1)) +- { +- if (peer1->sort == BGP_PEER_IBGP) +- continue; ++ if (peer->gtsm_hops != 0) ++ return BGP_ERR_NO_EBGP_MULTIHOP_WITH_TTLHACK; + +- if (peer1->gtsm_hops != 0) +- return BGP_ERR_NO_EBGP_MULTIHOP_WITH_TTLHACK; +- } +- } +- else ++ if (CHECK_FLAG (peer->sflags, PEER_STATUS_GROUP)) ++ { ++ group = peer->group; ++ for (ALL_LIST_ELEMENTS (group->peer, node, nnode, peer1)) + { +- if (peer->gtsm_hops != 0) ++ if (peer1->gtsm_hops != 0) + return BGP_ERR_NO_EBGP_MULTIHOP_WITH_TTLHACK; + } + } +@@ -2901,62 +2885,18 @@ peer_ebgp_multihop_set (struct peer *peer, int ttl) + + if (! CHECK_FLAG (peer->sflags, PEER_STATUS_GROUP)) + { +- if (peer->fd >= 0 && peer->sort != BGP_PEER_IBGP) +- sockopt_ttl (peer->su.sa.sa_family, peer->fd, peer->ttl); ++ bgp_set_socket_ttl (peer, peer->fd); + } + else + { + group = peer->group; + for (ALL_LIST_ELEMENTS (group->peer, node, nnode, peer)) +- { +- if (peer->sort == BGP_PEER_IBGP) +- continue; +- +- peer->ttl = group->conf->ttl; +- +- if (peer->fd >= 0) +- sockopt_ttl (peer->su.sa.sa_family, peer->fd, peer->ttl); +- } +- } +- return 0; +-} +- +-int +-peer_ebgp_multihop_unset (struct peer *peer) +-{ +- struct peer_group *group; +- struct listnode *node, *nnode; +- +- if (peer->sort == BGP_PEER_IBGP) +- return 0; +- +- if (peer->gtsm_hops != 0 && peer->ttl != MAXTTL) +- return BGP_ERR_NO_EBGP_MULTIHOP_WITH_TTLHACK; +- +- if (peer_group_active (peer)) +- peer->ttl = peer->group->conf->ttl; +- else +- peer->ttl = 1; +- +- if (! CHECK_FLAG (peer->sflags, PEER_STATUS_GROUP)) +- { +- if (peer->fd >= 0 && peer->sort != BGP_PEER_IBGP) +- sockopt_ttl (peer->su.sa.sa_family, peer->fd, peer->ttl); ++ { ++ peer->ttl = ttl; ++ bgp_set_socket_ttl (peer, peer->fd); ++ } + } +- else +- { +- group = peer->group; +- for (ALL_LIST_ELEMENTS (group->peer, node, nnode, peer)) +- { +- if (peer->sort == BGP_PEER_IBGP) +- continue; + +- peer->ttl = 1; +- +- if (peer->fd >= 0) +- sockopt_ttl (peer->su.sa.sa_family, peer->fd, peer->ttl); +- } +- } + return 0; + } + +@@ -4652,78 +4592,41 @@ peer_maximum_prefix_unset (struct peer *peer, afi_t afi, safi_t safi) + return 0; + } + +-static int is_ebgp_multihop_configured (struct peer *peer) +-{ +- struct peer_group *group; +- struct listnode *node, *nnode; +- struct peer *peer1; +- +- if (CHECK_FLAG (peer->sflags, PEER_STATUS_GROUP)) +- { +- group = peer->group; +- if ((peer_sort(peer) != BGP_PEER_IBGP) && +- (group->conf->ttl != 1)) +- return 1; +- +- for (ALL_LIST_ELEMENTS (group->peer, node, nnode, peer1)) +- { +- if ((peer_sort (peer1) != BGP_PEER_IBGP) && +- (peer1->ttl != 1)) +- return 1; +- } +- } +- else +- { +- if ((peer_sort(peer) != BGP_PEER_IBGP) && +- (peer->ttl != 1)) +- return 1; +- } +- return 0; +-} +- + /* Set # of hops between us and BGP peer. */ + int + peer_ttl_security_hops_set (struct peer *peer, int gtsm_hops) + { + struct peer_group *group; + struct listnode *node, *nnode; +- int ret; ++ struct peer *peer1; + + zlog_debug ("peer_ttl_security_hops_set: set gtsm_hops to %d for %s", gtsm_hops, peer->host); + +- /* We cannot configure ttl-security hops when ebgp-multihop is already +- set. For non peer-groups, the check is simple. For peer-groups, it's +- slightly messy, because we need to check both the peer-group structure +- and all peer-group members for any trace of ebgp-multihop configuration +- before actually applying the ttl-security rules. Cisco really made a +- mess of this configuration parameter, and OpenBGPD got it right. +- */ +- +- if (peer->gtsm_hops == 0) +- { +- if (is_ebgp_multihop_configured (peer)) +- return BGP_ERR_NO_EBGP_MULTIHOP_WITH_TTLHACK; ++ if (peer->ttl != 0) ++ return BGP_ERR_NO_EBGP_MULTIHOP_WITH_TTLHACK; + +- /* specify MAXTTL on outgoing packets */ +- /* Routine handles iBGP peers correctly */ +- ret = peer_ebgp_multihop_set (peer, MAXTTL); +- if (ret != 0) +- return ret; ++ if (CHECK_FLAG (peer->sflags, PEER_STATUS_GROUP)) ++ { ++ group = peer->group; ++ for (ALL_LIST_ELEMENTS (group->peer, node, nnode, peer1)) ++ { ++ if (peer1->ttl != 0) ++ return BGP_ERR_NO_EBGP_MULTIHOP_WITH_TTLHACK; ++ } + } +- ++ + peer->gtsm_hops = gtsm_hops; + + if (! CHECK_FLAG (peer->sflags, PEER_STATUS_GROUP)) + { +- if (peer->fd >= 0) +- sockopt_minttl (peer->su.sa.sa_family, peer->fd, MAXTTL + 1 - gtsm_hops); ++ bgp_set_socket_ttl (peer, peer->fd); + } + else + { + group = peer->group; + for (ALL_LIST_ELEMENTS (group->peer, node, nnode, peer)) + { +- peer->gtsm_hops = group->conf->gtsm_hops; ++ peer->gtsm_hops = gtsm_hops; + + /* Change setting of existing peer + * established then change value (may break connectivity) +@@ -4732,9 +4635,7 @@ peer_ttl_security_hops_set (struct peer *peer, int gtsm_hops) + */ + if (peer->status == Established) + { +- if (peer->fd >= 0 && peer->gtsm_hops != 0) +- sockopt_minttl (peer->su.sa.sa_family, peer->fd, +- MAXTTL + 1 - peer->gtsm_hops); ++ bgp_set_socket_ttl (peer, peer->fd); + } + else if (peer->status < Established) + { +@@ -4749,42 +4650,6 @@ peer_ttl_security_hops_set (struct peer *peer, int gtsm_hops) + } + + int +-peer_ttl_security_hops_unset (struct peer *peer) +-{ +- struct peer_group *group; +- struct listnode *node, *nnode; +- struct peer *opeer; +- +- zlog_debug ("peer_ttl_security_hops_unset: set gtsm_hops to zero for %s", peer->host); +- +- /* if a peer-group member, then reset to peer-group default rather than 0 */ +- if (peer_group_active (peer)) +- peer->gtsm_hops = peer->group->conf->gtsm_hops; +- else +- peer->gtsm_hops = 0; +- +- opeer = peer; +- if (! CHECK_FLAG (peer->sflags, PEER_STATUS_GROUP)) +- { +- if (peer->fd >= 0) +- sockopt_minttl (peer->su.sa.sa_family, peer->fd, 0); +- } +- else +- { +- group = peer->group; +- for (ALL_LIST_ELEMENTS (group->peer, node, nnode, peer)) +- { +- peer->gtsm_hops = 0; +- +- if (peer->fd >= 0) +- sockopt_minttl (peer->su.sa.sa_family, peer->fd, 0); +- } +- } +- +- return peer_ebgp_multihop_unset (opeer); +-} +- +-int + peer_clear (struct peer *peer) + { + if (! CHECK_FLAG (peer->flags, PEER_FLAG_SHUTDOWN)) +@@ -5094,19 +4959,13 @@ bgp_config_write_peer (struct vty *vty, struct bgp *bgp, + ! CHECK_FLAG (g_peer->flags, PEER_FLAG_PASSIVE)) + vty_out (vty, " neighbor %s passive%s", addr, VTY_NEWLINE); + +- /* EBGP multihop. */ +- if (peer->sort != BGP_PEER_IBGP && peer->ttl != 1 && +- !(peer->gtsm_hops != 0 && peer->ttl == MAXTTL)) +- if (! peer_group_active (peer) || +- g_peer->ttl != peer->ttl) +- vty_out (vty, " neighbor %s ebgp-multihop %d%s", addr, peer->ttl, +- VTY_NEWLINE); +- +- /* ttl-security hops */ +- if (peer->gtsm_hops != 0) +- if (! peer_group_active (peer) || g_peer->gtsm_hops != peer->gtsm_hops) +- vty_out (vty, " neighbor %s ttl-security hops %d%s", addr, +- peer->gtsm_hops, VTY_NEWLINE); ++ /* TTL option */ ++ if (peer->gtsm_hops && ! peer_group_active (peer)) ++ vty_out (vty, " neighbor %s ttl-security hops %d%s", addr, ++ peer->gtsm_hops, VTY_NEWLINE); ++ else if (peer->ttl && ! peer_group_active (peer)) ++ vty_out (vty, " neighbor %s ebgp-multihop %d%s", addr, peer->ttl, ++ VTY_NEWLINE); + + /* disable-connected-check. */ + if (CHECK_FLAG (peer->flags, PEER_FLAG_DISABLE_CONNECTED_CHECK)) +diff --git a/bgpd/bgpd.h b/bgpd/bgpd.h +index 0058b58..a4c608d 100644 +--- a/bgpd/bgpd.h ++++ b/bgpd/bgpd.h +@@ -832,8 +832,8 @@ enum bgp_clear_type + #define BGP_ERR_TCPSIG_FAILED -29 + #define BGP_ERR_NO_EBGP_MULTIHOP_WITH_TTLHACK -30 + #define BGP_ERR_NO_IBGP_WITH_TTLHACK -31 +-#define BGP_ERR_MAX -32 +-#define BGP_ERR_CANNOT_HAVE_LOCAL_AS_SAME_AS_REMOTE_AS -33 ++#define BGP_ERR_CANNOT_HAVE_LOCAL_AS_SAME_AS_REMOTE_AS -32 ++#define BGP_ERR_MAX -33 + + extern struct bgp_master *bm; + +@@ -913,6 +913,7 @@ extern int peer_rsclient_active (struct peer *); + + extern int peer_remote_as (struct bgp *, union sockunion *, as_t *, afi_t, safi_t); + extern int peer_group_remote_as (struct bgp *, const char *, as_t *); ++extern int peer_ttl (struct peer *peer); + extern int peer_delete (struct peer *peer); + extern int peer_group_delete (struct peer_group *); + extern int peer_group_remote_as_delete (struct peer_group *); +@@ -934,7 +935,6 @@ extern int peer_af_flag_unset (struct peer *, afi_t, safi_t, u_int32_t); + extern int peer_af_flag_check (struct peer *, afi_t, safi_t, u_int32_t); + + extern int peer_ebgp_multihop_set (struct peer *, int); +-extern int peer_ebgp_multihop_unset (struct peer *); + + extern int peer_description_set (struct peer *, const char *); + extern int peer_description_unset (struct peer *); +@@ -996,7 +996,6 @@ extern int peer_clear (struct peer *); + extern int peer_clear_soft (struct peer *, afi_t, safi_t, enum bgp_clear_type); + + extern int peer_ttl_security_hops_set (struct peer *, int); +-extern int peer_ttl_security_hops_unset (struct peer *); + + extern void bgp_scan_finish (void); + #endif /* _QUAGGA_BGPD_H */ +-- +2.10.1 + diff --git a/main/quagga-nhrp/0005-nhrpd-implement-next-hop-resolution-protocol.patch b/main/quagga-nhrp/0005-nhrpd-implement-next-hop-resolution-protocol.patch new file mode 100644 index 0000000000..f2f7696175 --- /dev/null +++ b/main/quagga-nhrp/0005-nhrpd-implement-next-hop-resolution-protocol.patch @@ -0,0 +1,8276 @@ +From a7ca28fd70cee2dda0ee34883cce901af2a1e4bf Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi> +Date: Fri, 25 Dec 2015 10:32:11 +0200 +Subject: [PATCH 5/5] nhrpd: implement next hop resolution protocol + +This provides DMVPN support and integrates to strongSwan. Please read +README.nhrpd and README.kernel for more details. +--- + Makefile.am | 4 +- + SERVICES | 1 + + configure.ac | 27 +- + lib/log.c | 5 + + lib/log.h | 3 +- + lib/memtypes.c | 14 + + lib/route_types.txt | 2 + + nhrpd/Makefile.am | 34 ++ + nhrpd/README.kernel | 145 ++++++++ + nhrpd/README.nhrpd | 137 ++++++++ + nhrpd/linux.c | 153 ++++++++ + nhrpd/list.h | 191 ++++++++++ + nhrpd/netlink.c | 398 +++++++++++++++++++++ + nhrpd/netlink.h | 21 ++ + nhrpd/nhrp_cache.c | 341 ++++++++++++++++++ + nhrpd/nhrp_event.c | 280 +++++++++++++++ + nhrpd/nhrp_interface.c | 404 +++++++++++++++++++++ + nhrpd/nhrp_main.c | 246 +++++++++++++ + nhrpd/nhrp_nhs.c | 369 ++++++++++++++++++++ + nhrpd/nhrp_packet.c | 312 +++++++++++++++++ + nhrpd/nhrp_peer.c | 860 +++++++++++++++++++++++++++++++++++++++++++++ + nhrpd/nhrp_protocol.h | 128 +++++++ + nhrpd/nhrp_route.c | 345 ++++++++++++++++++ + nhrpd/nhrp_shortcut.c | 402 +++++++++++++++++++++ + nhrpd/nhrp_vc.c | 217 ++++++++++++ + nhrpd/nhrp_vty.c | 928 +++++++++++++++++++++++++++++++++++++++++++++++++ + nhrpd/nhrpd.h | 440 +++++++++++++++++++++++ + nhrpd/os.h | 5 + + nhrpd/reqid.c | 49 +++ + nhrpd/resolver.c | 190 ++++++++++ + nhrpd/vici.c | 482 +++++++++++++++++++++++++ + nhrpd/vici.h | 24 ++ + nhrpd/zbuf.c | 219 ++++++++++++ + nhrpd/zbuf.h | 189 ++++++++++ + nhrpd/znl.c | 160 +++++++++ + nhrpd/znl.h | 29 ++ + vtysh/Makefile.am | 1 + + vtysh/vtysh.c | 1 + + vtysh/vtysh.h | 5 +- + zebra/zebra_rib.c | 2 + + zebra/zebra_rnh.c | 19 +- + zebra/zebra_vty.c | 2 + + 44 files changed, 7776 insertions(+), 11 deletions(-) + create mode 100644 nhrpd/Makefile.am + create mode 100644 nhrpd/README.kernel + create mode 100644 nhrpd/README.nhrpd + create mode 100644 nhrpd/linux.c + create mode 100644 nhrpd/list.h + create mode 100644 nhrpd/netlink.c + create mode 100644 nhrpd/netlink.h + create mode 100644 nhrpd/nhrp_cache.c + create mode 100644 nhrpd/nhrp_event.c + create mode 100644 nhrpd/nhrp_interface.c + create mode 100644 nhrpd/nhrp_main.c + create mode 100644 nhrpd/nhrp_nhs.c + create mode 100644 nhrpd/nhrp_packet.c + create mode 100644 nhrpd/nhrp_peer.c + create mode 100644 nhrpd/nhrp_protocol.h + create mode 100644 nhrpd/nhrp_route.c + create mode 100644 nhrpd/nhrp_shortcut.c + create mode 100644 nhrpd/nhrp_vc.c + create mode 100644 nhrpd/nhrp_vty.c + create mode 100644 nhrpd/nhrpd.h + create mode 100644 nhrpd/os.h + create mode 100644 nhrpd/reqid.c + create mode 100644 nhrpd/resolver.c + create mode 100644 nhrpd/vici.c + create mode 100644 nhrpd/vici.h + create mode 100644 nhrpd/zbuf.c + create mode 100644 nhrpd/zbuf.h + create mode 100644 nhrpd/znl.c + create mode 100644 nhrpd/znl.h + +diff --git a/Makefile.am b/Makefile.am +index 0cd75be..3dea489 100644 +--- a/Makefile.am ++++ b/Makefile.am +@@ -1,10 +1,10 @@ + ## Process this file with automake to produce Makefile.in. + +-SUBDIRS = lib qpb fpm @ZEBRA@ @BGPD@ @RIPD@ @RIPNGD@ @OSPFD@ @OSPF6D@ \ ++SUBDIRS = lib qpb fpm @ZEBRA@ @BGPD@ @RIPD@ @RIPNGD@ @OSPFD@ @OSPF6D@ @NHRPD@ \ + @ISISD@ @PIMD@ @WATCHQUAGGA@ @VTYSH@ @OSPFCLIENT@ @DOC@ m4 @pkgsrcdir@ \ + redhat @SOLARIS@ tests + +-DIST_SUBDIRS = lib qpb fpm zebra bgpd ripd ripngd ospfd ospf6d \ ++DIST_SUBDIRS = lib qpb fpm zebra bgpd ripd ripngd ospfd ospf6d nhrpd \ + isisd watchquagga vtysh ospfclient doc m4 pkgsrc redhat tests \ + solaris pimd + +diff --git a/SERVICES b/SERVICES +index c69d0c1..0322d45 100644 +--- a/SERVICES ++++ b/SERVICES +@@ -18,3 +18,4 @@ ospf6d 2606/tcp + ospfapi 2607/tcp + isisd 2608/tcp + pimd 2611/tcp ++nhrpd 2612/tcp +diff --git a/configure.ac b/configure.ac +index f027762..dc41418 100755 +--- a/configure.ac ++++ b/configure.ac +@@ -76,6 +76,7 @@ AC_PROG_CPP + AM_PROG_CC_C_O + AC_PROG_RANLIB + AC_PROG_EGREP ++PKG_PROG_PKG_CONFIG + + dnl autoconf 2.59 appears not to support AC_PROG_SED + dnl AC_PROG_SED +@@ -245,6 +246,8 @@ AC_ARG_ENABLE(ospfd, + AS_HELP_STRING([--disable-ospfd], [do not build ospfd])) + AC_ARG_ENABLE(ospf6d, + AS_HELP_STRING([--disable-ospf6d], [do not build ospf6d])) ++AC_ARG_ENABLE(nhrpd, ++ AS_HELP_STRING([--disable-nhrpd], [do not build nhrpd])) + AC_ARG_ENABLE(watchquagga, + AS_HELP_STRING([--disable-watchquagga], [do not build watchquagga])) + AC_ARG_ENABLE(isisd, +@@ -1186,6 +1189,17 @@ else + fi + AM_CONDITIONAL(OSPFD, test "x$OSPFD" = "xospfd") + ++if test x"$opsys" != x"gnu-linux"; then ++ dnl NHRPd works currently with Linux only. ++ enable_nhrpd="no" ++fi ++if test "${enable_nhrpd}" = "no";then ++ NHRPD="" ++else ++ NHRPD="nhrpd" ++fi ++AM_CONDITIONAL(NHRPD, test "x$NHRPD" = "xnhrpd") ++ + if test "${enable_watchquagga}" = "no";then + WATCHQUAGGA="" + else +@@ -1241,6 +1255,7 @@ AC_SUBST(RIPD) + AC_SUBST(RIPNGD) + AC_SUBST(OSPFD) + AC_SUBST(OSPF6D) ++AC_SUBST(NHRPD) + AC_SUBST(WATCHQUAGGA) + AC_SUBST(ISISD) + AC_SUBST(PIMD) +@@ -1276,6 +1291,14 @@ AC_SUBST(HAVE_LIBPCREPOSIX) + AC_SUBST(LIB_REGEX) + + dnl ------------------ ++dnl check C-Ares library ++dnl ------------------ ++if test "${enable_nhrpd}" != "no";then ++ PKG_CHECK_MODULES([CARES], [libcares]) ++fi ++ ++ ++dnl ------------------ + dnl check Net-SNMP library + dnl ------------------ + if test "${enable_snmp}" != ""; then +@@ -1551,6 +1574,7 @@ AC_DEFINE_UNQUOTED(PATH_RIPNGD_PID, "$quagga_statedir/ripngd.pid",ripngd PID) + AC_DEFINE_UNQUOTED(PATH_BGPD_PID, "$quagga_statedir/bgpd.pid",bgpd PID) + AC_DEFINE_UNQUOTED(PATH_OSPFD_PID, "$quagga_statedir/ospfd.pid",ospfd PID) + AC_DEFINE_UNQUOTED(PATH_OSPF6D_PID, "$quagga_statedir/ospf6d.pid",ospf6d PID) ++AC_DEFINE_UNQUOTED(PATH_NHRPD_PID, "$quagga_statedir/nhrpd.pid",nhrpd PID) + AC_DEFINE_UNQUOTED(PATH_ISISD_PID, "$quagga_statedir/isisd.pid",isisd PID) + AC_DEFINE_UNQUOTED(PATH_PIMD_PID, "$quagga_statedir/pimd.pid",pimd PID) + AC_DEFINE_UNQUOTED(PATH_WATCHQUAGGA_PID, "$quagga_statedir/watchquagga.pid",watchquagga PID) +@@ -1561,6 +1585,7 @@ AC_DEFINE_UNQUOTED(RIPNG_VTYSH_PATH, "$quagga_statedir/ripngd.vty",ripng vty soc + AC_DEFINE_UNQUOTED(BGP_VTYSH_PATH, "$quagga_statedir/bgpd.vty",bgpd vty socket) + AC_DEFINE_UNQUOTED(OSPF_VTYSH_PATH, "$quagga_statedir/ospfd.vty",ospfd vty socket) + AC_DEFINE_UNQUOTED(OSPF6_VTYSH_PATH, "$quagga_statedir/ospf6d.vty",ospf6d vty socket) ++AC_DEFINE_UNQUOTED(NHRP_VTYSH_PATH, "$quagga_statedir/nhrpd.vty",nhrpd vty socket) + AC_DEFINE_UNQUOTED(ISIS_VTYSH_PATH, "$quagga_statedir/isisd.vty",isisd vty socket) + AC_DEFINE_UNQUOTED(PIM_VTYSH_PATH, "$quagga_statedir/pimd.vty",pimd vty socket) + AC_DEFINE_UNQUOTED(DAEMON_VTY_DIR, "$quagga_statedir",daemon vty directory) +@@ -1588,7 +1613,7 @@ AC_CONFIG_FILES([Makefile lib/Makefile qpb/Makefile zebra/Makefile ripd/Makefile + ripngd/Makefile bgpd/Makefile ospfd/Makefile watchquagga/Makefile + ospf6d/Makefile isisd/Makefile vtysh/Makefile + doc/Makefile ospfclient/Makefile tests/Makefile m4/Makefile +- pimd/Makefile ++ pimd/Makefile nhrpd/Makefile + tests/bgpd.tests/Makefile + tests/libzebra.tests/Makefile + redhat/Makefile +diff --git a/lib/log.c b/lib/log.c +index 42b7717..d437066 100644 +--- a/lib/log.c ++++ b/lib/log.c +@@ -53,6 +53,7 @@ const char *zlog_proto_names[] = + "ISIS", + "PIM", + "MASC", ++ "NHRP", + NULL, + }; + +@@ -986,6 +987,8 @@ proto_redistnum(int afi, const char *s) + return ZEBRA_ROUTE_BGP; + else if (strncmp (s, "ba", 2) == 0) + return ZEBRA_ROUTE_BABEL; ++ else if (strncmp (s, "n", 1) == 0) ++ return ZEBRA_ROUTE_NHRP; + } + if (afi == AFI_IP6) + { +@@ -1005,6 +1008,8 @@ proto_redistnum(int afi, const char *s) + return ZEBRA_ROUTE_BGP; + else if (strncmp (s, "ba", 2) == 0) + return ZEBRA_ROUTE_BABEL; ++ else if (strncmp (s, "n", 1) == 0) ++ return ZEBRA_ROUTE_NHRP; + } + return -1; + } +diff --git a/lib/log.h b/lib/log.h +index 7aa0896..c172009 100644 +--- a/lib/log.h ++++ b/lib/log.h +@@ -54,7 +54,8 @@ typedef enum + ZLOG_OSPF6, + ZLOG_ISIS, + ZLOG_PIM, +- ZLOG_MASC ++ ZLOG_MASC, ++ ZLOG_NHRP, + } zlog_proto_t; + + /* If maxlvl is set to ZLOG_DISABLED, then no messages will be sent +diff --git a/lib/memtypes.c b/lib/memtypes.c +index 8abe99d..ba2bacf 100644 +--- a/lib/memtypes.c ++++ b/lib/memtypes.c +@@ -280,6 +280,19 @@ struct memory_list memory_list_pim[] = + { -1, NULL }, + }; + ++struct memory_list memory_list_nhrp[] = ++{ ++ { MTYPE_NHRP_IF, "NHRP interface" }, ++ { MTYPE_NHRP_VC, "NHRP virtual connection" }, ++ { MTYPE_NHRP_PEER, "NHRP peer entry" }, ++ { MTYPE_NHRP_CACHE, "NHRP cache entry" }, ++ { MTYPE_NHRP_NHS, "NHRP next hop server" }, ++ { MTYPE_NHRP_REGISTRATION, "NHRP registration entries" }, ++ { MTYPE_NHRP_SHORTCUT, "NHRP shortcut" }, ++ { MTYPE_NHRP_ROUTE, "NHRP routing entry" }, ++ { -1, NULL } ++}; ++ + struct memory_list memory_list_vtysh[] = + { + { MTYPE_VTYSH_CONFIG, "Vtysh configuration", }, +@@ -297,5 +310,6 @@ struct mlist mlists[] __attribute__ ((unused)) = { + { memory_list_isis, "ISIS" }, + { memory_list_bgp, "BGP" }, + { memory_list_pim, "PIM" }, ++ { memory_list_nhrp, "NHRP" }, + { NULL, NULL}, + }; +diff --git a/lib/route_types.txt b/lib/route_types.txt +index 1b85607..811d24e 100644 +--- a/lib/route_types.txt ++++ b/lib/route_types.txt +@@ -60,6 +60,7 @@ ZEBRA_ROUTE_PIM, pim, pimd, 'P', 1, 0, "PIM" + ZEBRA_ROUTE_HSLS, hsls, hslsd, 'H', 0, 0, "HSLS" + ZEBRA_ROUTE_OLSR, olsr, olsrd, 'o', 0, 0, "OLSR" + ZEBRA_ROUTE_BABEL, babel, babeld, 'A', 1, 1, "Babel" ++ZEBRA_ROUTE_NHRP, nhrp, nhrpd, 'N', 1, 1, "NHRP" + + ## help strings + ZEBRA_ROUTE_SYSTEM, "Reserved route type, for internal use only" +@@ -76,3 +77,4 @@ ZEBRA_ROUTE_PIM, "Protocol Independent Multicast (PIM)" + ZEBRA_ROUTE_HSLS, "Hazy-Sighted Link State Protocol (HSLS)" + ZEBRA_ROUTE_OLSR, "Optimised Link State Routing (OLSR)" + ZEBRA_ROUTE_BABEL, "Babel routing protocol (Babel)" ++ZEBRA_ROUTE_NHRP, "Next Hop Resolution Protocol (NHRP)" +diff --git a/nhrpd/Makefile.am b/nhrpd/Makefile.am +new file mode 100644 +index 0000000..d7e9e3a +--- /dev/null ++++ b/nhrpd/Makefile.am +@@ -0,0 +1,34 @@ ++## Process this file with automake to produce Makefile.in. ++ ++AM_CPPFLAGS = -I.. -I$(top_srcdir) -I$(top_srcdir)/lib -I$(top_builddir)/lib -DQUAGGA_NO_DEPRECATED_INTERFACES ++DEFS = @DEFS@ @CARES_CFLAGS@ -DSYSCONFDIR=\"$(sysconfdir)/\" ++INSTALL_SDATA=@INSTALL@ -m 600 ++ ++AM_CFLAGS = $(PICFLAGS) #$(WERROR) ++AM_LDFLAGS = $(PICLDFLAGS) ++ ++sbin_PROGRAMS = nhrpd ++ ++nhrpd_SOURCES = \ ++ zbuf.c \ ++ znl.c \ ++ resolver.c \ ++ linux.c \ ++ netlink.c \ ++ vici.c \ ++ reqid.c \ ++ nhrp_event.c \ ++ nhrp_packet.c \ ++ nhrp_interface.c \ ++ nhrp_vc.c \ ++ nhrp_peer.c \ ++ nhrp_cache.c \ ++ nhrp_nhs.c \ ++ nhrp_route.c \ ++ nhrp_shortcut.c \ ++ nhrp_vty.c \ ++ nhrp_main.c ++ ++nhrpd_LDADD = ../lib/libzebra.la @LIBCAP@ @CARES_LIBS@ ++ ++#dist_examples_DATA = nhrpd.conf.sample +diff --git a/nhrpd/README.kernel b/nhrpd/README.kernel +new file mode 100644 +index 0000000..5831316 +--- /dev/null ++++ b/nhrpd/README.kernel +@@ -0,0 +1,145 @@ ++KERNEL REQUIREMENTS ++=================== ++ ++The linux kernel has had various major regressions, performance ++issues and subtle bugs (especially in pmtu). Here is a short list ++of some -stable kernels and the first point release that is supposedly ++working well with opennhrp/dmvpn: ++ 3.12.8 or later ++ 3.14.54 or later ++ 3.18.22 or later[1] ++ ++[1] But you need to apply the following two backported commits: ++ 3cdaa5be9e ipv4: Don't increase PMTU with Datagram Too Big message ++ cb6ccf09d6 route: Use ipv4_mtu instead of raw rt_pmtu ++ ++See below for list of known issues in various kernel versions. ++ ++Kernels earlier than 3.12 need CONFIG_ARPD enabled in the configuration. ++Many distributions do not enable it by default, and you may need to ++compile your own kernel. ++ ++KERNEL BUGS ++=========== ++ ++DMVPN and mGRE support in the kernel has been brittle. There are various ++regressions in multiple kernel versions. ++ ++This list tries to collect them to one source of information: ++ ++- forward pmtu is disabled intentionally (but tunnel devices rely on it) ++ Broken since 3.14-rc1: ++ commit "ipv4: introduce ip_dst_mtu_maybe_forward and protect forwarding path against pmtu spoofing" ++ Workaround: ++ Set sysctl net.ipv4.ip_forward_use_pmtu=1 ++ (Should fix kernel to have this by default on for tunnel devices) ++ ++- subtle path mtu mishandling issues ++ Broken since (uncertain) ++ Fixed in 4.1-rc2: ++ commit "ipv4: Don't increase PMTU with Datagram Too Big message." ++ commit "route: Use ipv4_mtu instead of raw rt_pmtu" ++ ++- fragmentation of large packets inside tunnel not working ++ Broken since 3.11-rc1 ++ commit "ip_tunnels: Use skb-len to PMTU check." ++ Fixed in 3.14.54, 3.18.22, 4.1.9, 4.2-rc3 ++ commit "ip_tunnel: fix ipv4 pmtu check to honor inner ip header df" ++ ++- ipsec will crash during xfrm gc ++ Broke since 3.15-rc1 ++ commit "flowcache: Make flow cache name space aware" ++ Fixed in 3.18.10, 4.0 ++ commit "flowcache: Fix kernel panic in flow_cache_flush_task" ++ ++- TSO on GRE tunnels failed, and resulted in very slow performance ++ Broke since 3.14.24, 3.18-rc3 ++ commit "gre: Use inner mac length when computing tunnel length" ++ Fixed in 3.14.30, 3.18.4 ++ commit "gre: fix the inner mac header in nbma tunnel xmit path" ++ commit "gre: Set inner mac header in gro complete" ++ ++- NAPI GRO handling was broken; causing immediate crash (32-bit only?) ++ Broken since 3.13-rc1 ++ commit "net: gro: allow to build full sized skb" ++ Fixed 3.14.5, 3.15-rc7 ++ commit "net: gro: make sure skb->cb[] initial content has not to be zero" ++ ++- ip_gre dst caching broke NBMA GRE tunnels ++ Broken since 3.14-rc1 ++ Fixed in 3.14.5, 3.15-rc6 ++ commit "ipv4: ip_tunnels: disable cache for nbma gre tunnels" ++ ++- Few packets can be lost when neighbor entry is in NUD_PROBE state, ++ and there is continuous traffic to it. ++ Broken since dawn of time ++ Fixed in 3.15-rc1 ++ commit "neigh: probe application via netlink in NUD_PROBE" ++ ++- GRO was implemented for GRE, but the hw capabilities were not updated ++ correctly. In practice forwarding from non-GRE (physical) interface ++ to GRE interface with gro/gso/tx offloads enabled (also on the target ++ interface) does not work properly. ++ Broken around 3.9 to 3.11, need to check details. ++ ++- recvfrom() returned incorrect NBMA address, breaking NAT detection ++ Broken since 3.10-rc1 ++ commit "GRE: Refactor GRE tunneling code." ++ Fixed in 3.10.27, 3.12.8, 3.13-rc7 ++ commit "ip_gre: fix msg_name parsing for recvfrom/recvmsg" ++ ++- sendto() was broken causing opennhrp not work at all ++ Broken since 3.10-rc1 ++ commit "GRE: Refactor GRE tunneling code." ++ Fixed in 3.10.12, 3.11-rc6 ++ commit "ip_gre: fix ipgre_header to return correct offset" ++ ++- PMTU was broken due to GRE driver rewrite ++ Broken since 3.10-rc1 ++ commit "GRE: Refactor GRE tunneling code." ++ Fixed in 3.11-rc1 ++ commit "ip_tunnels: Use skb-len to PMTU check." ++ ++- PMTU was broken due to routing cache removal ++ Broken since 3.6-rc1 ++ commit "ipv4: Cache input routes in fib_info nexthops" ++ Fixed in 3.11-rc1 ++ commit "ipv4: use next hop exceptions also for input routes" ++ + 3 other commits ++ Patches exist for 3.10, but they were not approved to 3.10-stable. ++ ++- Race condition during bootup: changing ARP flag did not flush ++ existing neighbor entries, causing problems if traffic was routed ++ to gre interface before opennhrp was running. ++ Broken since dawn of time ++ Fixed in 3.11-rc1 ++ commit "arp: flush arp cache on IFF_NOARP change" ++ ++- Crash in IPsec ++ Broken since 3.9-rc1 ++ commit "xfrm: removes a superfluous check and add a statistic" ++ Fixed in 3.10-rc3 ++ commit "xfrm: properly handle invalid states as an error" ++ ++- An incorrect ip_gre change broke NHRP traffic over GRE ++ Broken since 3.8-rc2 ++ commit "ip_gre: make ipgre_tunnel_xmit() not parse network header as IP unconditionally" ++ Fixed in 3.8.5, 3.9-rc4 ++ commit "Revert "ip_gre: make ipgre_tunnel_xmit() not parse network header as IP unconditionally"" ++ ++- Multicast traffic over mGRE was broken. ++ Broken since 2.6.34-rc2 ++ commit "gre: fix hard header destination address checking" ++ Fixed in 2.6.39-rc2 ++ commit "net: gre: provide multicast mappings for ipv4 and ipv6" ++ ++- Serious performance issues causing small throughput on medium to large DMVPN networks ++ Broken since dawn of time ++ Fixed in 2.6.35 ++ multiple commits rewriting ipsec caching ++ ++- Even though around 2.6.24 is the first version where opennhrp started ++ to work, there has been various PMTU, performance, and functionality ++ bugs before 2.6.34. That's one of the first version I consider stable ++ wrt. to opennhrp functionality. ++ +diff --git a/nhrpd/README.nhrpd b/nhrpd/README.nhrpd +new file mode 100644 +index 0000000..569b3f4 +--- /dev/null ++++ b/nhrpd/README.nhrpd +@@ -0,0 +1,137 @@ ++Quagga / NHRP Design and Configuration Notes ++============================================ ++ ++Quagga/NHRP is an NHRP (RFC2332) implementation for Linux. The primary ++use case is to implement DMVPN. The aim is thus to be compatible with ++Cisco DMVPN (and potentially with FlexVPN in the future). ++ ++ ++Current Status ++-------------- ++ ++- IPsec integration with strongSwan (requires patched strongSwan) ++- IPv4 over IPv4 NBMA GRE ++- IPv6 over IPv4 NBMA GRE -- majority of code exist; but is not tested ++- Spoke (NHC) functionality complete ++- Hub (NHS) functionality complete ++- Multicast support is not done yet ++ (so OSPF will not work, use BGP for now) ++ ++The code is not (yet) compatible with Cisco FlexVPN style DMVPN. It ++would require relaying IKEv2 routing messages from strongSwan to nhrpd ++and parsing that. It is doable, but not implemented for the time being. ++ ++ ++Routing Design ++-------------- ++ ++In contrast to opennhrp routing design, Quagga/NHRP routes each NHRP ++domain address individually (similar to Cisco FlexVPN). ++ ++To create NBMA GRE tunnel you might use following: ++ ip tunnel add gre1 mode gre key 42 ttl 64 dev eth0 ++ ip addr add 10.255.255.2/32 dev gre1 ++ ip link set gre1 up ++ ++This has two important differences compared to opennhrp setup: ++ 1. The 'tunnel add' now specifies physical device binding. Quagga/NHRP ++ wants to know stable protocol address to NBMA address mapping. Thus, ++ add 'dev <physdev>' binding, or specify 'local <nbma-address>'. If ++ neither of this is specified, NHRP will not be enabled on the interface. ++ Alternatively you can skip 'dev' binding on tunnel if you allow ++ nhrpd to manage it using 'tunnel source' command (see below). ++ ++ 2. The 'addr add' now has host prefix. In opennhrp you would have used ++ the GRE subnet prefix length here instead, e.g. /24. ++ ++Quagga/NHRP will automatically create additional host routes pointing to ++gre1 when a connection with these hosts is established. The gre1 subnet ++should be announced by routing protocol. This allows routing protocol ++to decide which is the closest hub and get the gre addresses' traffic. ++ ++The second benefit is that hubs can then easily exchange host prefixes ++of directly connected gre addresses. And thus routing of gre addresses ++inside hubs is based on routing protocol's shortest path choice -- not ++on random choice from next hop server list. ++ ++ ++Configuring nhrpd ++----------------- ++ ++The configuration is done using vtysh, and most commands do what they ++do in Cisco. As minimal configuration example one can do: ++ configure terminal ++ interface gre1 ++ tunnel protection vici profile dmvpn ++ tunnel source eth0 ++ ip nhrp network-id 1 ++ ip nhrp shortcut ++ ip nhrp registration no-unique ++ ip nhrp nhs dynamic nbma hubs.example.com ++ ++There's important notes about the "ip nhrp nhs" command: ++ ++ 1. The 'dynamic' works only against Cisco (or nhrpd), but is not ++ compatible with opennhrp. To use dynamic detection of opennhrp hub's ++ protocol address use the GRE broadcast address there. For the above ++ example of 10.255.255.0/24 the configuration should read instead: ++ ip nhrp nhs 10.255.255.255 nbma hubs.example.com ++ ++ 2. nbma <FQDN> works like opennhrp dynamic-map. That is, all of the ++ A-records are configured as NBMA addresses of different hubs, and ++ each hub protocol address will be dynamically detected. ++ ++ ++Hub functionality ++----------------- ++ ++Sending Traffic Indication (redirect) notifications is now accomplished ++using NFLOG. ++ ++Use: ++iptables -A FORWARD -i gre1 -o gre1 \ ++ -m hashlimit --hashlimit-upto 4/minute --hashlimit-burst 1 \ ++ --hashlimit-mode srcip,dstip --hashlimit-srcmask 16 --hashlimit-dstmask 16 \ ++ --hashlimit-name loglimit-0 -j NFLOG --nflog-group 1 --nflog-range 128 ++ ++or similar to get rate-limited samples of the packets that match traffic ++flow needing redirection. This kernel NFLOG target's nflog-group is configured ++in global nhrp config with: ++ nhrp nflog-group 1 ++ ++To start sending these traffic notices out from hubs, use the nhrp per-interface ++directive: ++ ip nhrp redirect ++ ++opennhrp used PF_PACKET and tried to create packet filter to get only ++the packets of interest. Though, this was bad if shortcut fails to ++establish (remote policy, or both are behind NAT or restrictive ++firewalls), all of the relayaed traffic would match always. ++ ++ ++Getting information via vtysh ++----------------------------- ++ ++Some commands of interest: ++ - show dmvpn ++ - show ip nhrp cache ++ - show ip nhrp shortcut ++ - show ip route nhrp ++ - clear ip nhrp cache ++ - clear ip nhrp shortcut ++ ++ ++Integration with strongSwan ++--------------------------- ++ ++Contrary to opennhrp, Quagga/NHRP has tight integration with IKE daemon. ++Currently strongSwan is supported using the VICI protocol. strongSwan ++is connected using UNIX socket (hardcoded now as /var/run/charon.vici). ++Thus nhrpd needs to be run as user that can open that file. ++ ++Currently, you will need patched strongSwan. The working tree is at: ++ http://git.alpinelinux.org/cgit/user/tteras/strongswan/log/?h=tteras ++ ++And the branch with patches against latest release are: ++ http://git.alpinelinux.org/cgit/user/tteras/strongswan/log/?h=tteras-release ++ +diff --git a/nhrpd/linux.c b/nhrpd/linux.c +new file mode 100644 +index 0000000..1e9c69e +--- /dev/null ++++ b/nhrpd/linux.c +@@ -0,0 +1,153 @@ ++/* NHRP daemon Linux specific glue ++ * Copyright (c) 2014-2015 Timo Teräs ++ * ++ * This file is free software: you may copy, redistribute and/or modify ++ * it under the terms of the GNU General Public License as published by ++ * the Free Software Foundation, either version 2 of the License, or ++ * (at your option) any later version. ++ */ ++ ++#include <fcntl.h> ++#include <stdio.h> ++#include <unistd.h> ++#include <string.h> ++#include <sys/ioctl.h> ++#include <sys/socket.h> ++#include <sys/types.h> ++#include <asm/types.h> ++#include <arpa/inet.h> ++#include <linux/netlink.h> ++#include <linux/rtnetlink.h> ++#include <linux/ip.h> ++#include <linux/if_arp.h> ++#include <linux/if_tunnel.h> ++ ++#include "nhrp_protocol.h" ++#include "os.h" ++#include "netlink.h" ++ ++static int nhrp_socket_fd = -1; ++ ++int os_socket(void) ++{ ++ if (nhrp_socket_fd < 0) ++ nhrp_socket_fd = socket(PF_PACKET, SOCK_DGRAM, htons(ETH_P_NHRP)); ++ return nhrp_socket_fd; ++} ++ ++int os_sendmsg(const uint8_t *buf, size_t len, int ifindex, const uint8_t *addr, size_t addrlen) ++{ ++ struct sockaddr_ll lladdr; ++ struct iovec iov = { ++ .iov_base = (void*) buf, ++ .iov_len = len, ++ }; ++ struct msghdr msg = { ++ .msg_name = &lladdr, ++ .msg_namelen = sizeof(lladdr), ++ .msg_iov = &iov, ++ .msg_iovlen = 1, ++ }; ++ int status; ++ ++ if (addrlen > sizeof(lladdr.sll_addr)) ++ return -1; ++ ++ memset(&lladdr, 0, sizeof(lladdr)); ++ lladdr.sll_family = AF_PACKET; ++ lladdr.sll_protocol = htons(ETH_P_NHRP); ++ lladdr.sll_ifindex = ifindex; ++ lladdr.sll_halen = addrlen; ++ memcpy(lladdr.sll_addr, addr, addrlen); ++ ++ status = sendmsg(nhrp_socket_fd, &msg, 0); ++ if (status < 0) ++ return -1; ++ ++ return 0; ++} ++ ++int os_recvmsg(uint8_t *buf, size_t *len, int *ifindex, uint8_t *addr, size_t *addrlen) ++{ ++ struct sockaddr_ll lladdr; ++ struct iovec iov = { ++ .iov_base = buf, ++ .iov_len = *len, ++ }; ++ struct msghdr msg = { ++ .msg_name = &lladdr, ++ .msg_namelen = sizeof(lladdr), ++ .msg_iov = &iov, ++ .msg_iovlen = 1, ++ }; ++ int r; ++ ++ r = recvmsg(nhrp_socket_fd, &msg, MSG_DONTWAIT); ++ if (r < 0) ++ return r; ++ ++ *len = r; ++ *ifindex = lladdr.sll_ifindex; ++ ++ if (*addrlen <= (size_t) lladdr.sll_addr) { ++ if (memcmp(lladdr.sll_addr, "\x00\x00\x00\x00", 4) != 0) { ++ memcpy(addr, lladdr.sll_addr, lladdr.sll_halen); ++ *addrlen = lladdr.sll_halen; ++ } else { ++ *addrlen = 0; ++ } ++ } ++ ++ return 0; ++} ++ ++static int linux_configure_arp(const char *iface, int on) ++{ ++ struct ifreq ifr; ++ ++ strncpy(ifr.ifr_name, iface, IFNAMSIZ); ++ if (ioctl(nhrp_socket_fd, SIOCGIFFLAGS, &ifr)) ++ return -1; ++ ++ if (on) ++ ifr.ifr_flags &= ~IFF_NOARP; ++ else ++ ifr.ifr_flags |= IFF_NOARP; ++ ++ if (ioctl(nhrp_socket_fd, SIOCSIFFLAGS, &ifr)) ++ return -1; ++ ++ return 0; ++} ++ ++static int linux_icmp_redirect_off(const char *iface) ++{ ++ char fname[256]; ++ int fd, ret = -1; ++ ++ sprintf(fname, "/proc/sys/net/ipv4/conf/%s/send_redirects", iface); ++ fd = open(fname, O_WRONLY); ++ if (fd < 0) ++ return -1; ++ if (write(fd, "0\n", 2) == 2) ++ ret = 0; ++ close(fd); ++ ++ return ret; ++} ++ ++int os_configure_dmvpn(unsigned int ifindex, const char *ifname, int af) ++{ ++ int ret = -1; ++ ++ switch (af) { ++ case AF_INET: ++ ret = linux_icmp_redirect_off("all"); ++ ret |= linux_icmp_redirect_off(ifname); ++ ret |= netlink_configure_arp(ifindex, AF_INET); ++ ret |= linux_configure_arp(ifname, 1); ++ break; ++ } ++ ++ return ret; ++} +diff --git a/nhrpd/list.h b/nhrpd/list.h +new file mode 100644 +index 0000000..32f21ed +--- /dev/null ++++ b/nhrpd/list.h +@@ -0,0 +1,191 @@ ++/* Linux kernel style list handling function ++ * ++ * Written from scratch by Timo Teräs <timo.teras@iki.fi>, but modeled ++ * after the linux kernel code. ++ * ++ * This file is free software: you may copy, redistribute and/or modify ++ * it under the terms of the GNU General Public License as published by ++ * the Free Software Foundation, either version 2 of the License, or ++ * (at your option) any later version. ++ */ ++ ++#ifndef LIST_H ++#define LIST_H ++ ++#ifndef NULL ++#define NULL 0L ++#endif ++ ++#ifndef offsetof ++#ifdef __compiler_offsetof ++#define offsetof(TYPE,MEMBER) __compiler_offsetof(TYPE,MEMBER) ++#else ++#define offsetof(TYPE, MEMBER) ((size_t) &((TYPE *)0)->MEMBER) ++#endif ++#endif ++ ++#ifndef container_of ++#define container_of(ptr, type, member) ({ \ ++ const typeof( ((type *)0)->member ) *__mptr = (ptr); \ ++ (type *)( (char *)__mptr - offsetof(type,member) );}) ++#endif ++ ++struct hlist_head { ++ struct hlist_node *first; ++}; ++ ++struct hlist_node { ++ struct hlist_node *next; ++ struct hlist_node **pprev; ++}; ++ ++static inline int hlist_empty(const struct hlist_head *h) ++{ ++ return !h->first; ++} ++ ++static inline int hlist_hashed(const struct hlist_node *n) ++{ ++ return n->pprev != NULL; ++} ++ ++static inline void hlist_del(struct hlist_node *n) ++{ ++ struct hlist_node *next = n->next; ++ struct hlist_node **pprev = n->pprev; ++ ++ *pprev = next; ++ if (next) ++ next->pprev = pprev; ++ ++ n->next = NULL; ++ n->pprev = NULL; ++} ++ ++static inline void hlist_add_head(struct hlist_node *n, struct hlist_head *h) ++{ ++ struct hlist_node *first = h->first; ++ ++ n->next = first; ++ if (first) ++ first->pprev = &n->next; ++ n->pprev = &h->first; ++ h->first = n; ++} ++ ++static inline void hlist_add_after(struct hlist_node *n, struct hlist_node *prev) ++{ ++ n->next = prev->next; ++ n->pprev = &prev->next; ++ prev->next = n; ++} ++ ++static inline struct hlist_node **hlist_tail_ptr(struct hlist_head *h) ++{ ++ struct hlist_node *n = h->first; ++ if (n == NULL) ++ return &h->first; ++ while (n->next != NULL) ++ n = n->next; ++ return &n->next; ++} ++ ++#define hlist_entry(ptr, type, member) container_of(ptr,type,member) ++ ++#define hlist_for_each(pos, head) \ ++ for (pos = (head)->first; pos; pos = pos->next) ++ ++#define hlist_for_each_safe(pos, n, head) \ ++ for (pos = (head)->first; pos && ({ n = pos->next; 1; }); pos = n) ++ ++#define hlist_for_each_entry(tpos, pos, head, member) \ ++ for (pos = (head)->first; pos && \ ++ ({ tpos = hlist_entry(pos, typeof(*tpos), member); 1;}); \ ++ pos = pos->next) ++ ++#define hlist_for_each_entry_safe(tpos, pos, n, head, member) \ ++ for (pos = (head)->first; \ ++ pos && ({ n = pos->next; 1; }) && \ ++ ({ tpos = hlist_entry(pos, typeof(*tpos), member); 1;}); \ ++ pos = n) ++ ++ ++struct list_head { ++ struct list_head *next, *prev; ++}; ++ ++#define LIST_INITIALIZER(l) { .next = &l, .prev = &l } ++ ++static inline void list_init(struct list_head *list) ++{ ++ list->next = list; ++ list->prev = list; ++} ++ ++static inline void __list_add(struct list_head *new, ++ struct list_head *prev, ++ struct list_head *next) ++{ ++ next->prev = new; ++ new->next = next; ++ new->prev = prev; ++ prev->next = new; ++} ++ ++static inline void list_add(struct list_head *new, struct list_head *head) ++{ ++ __list_add(new, head, head->next); ++} ++ ++static inline void list_add_tail(struct list_head *new, struct list_head *head) ++{ ++ __list_add(new, head->prev, head); ++} ++ ++static inline void __list_del(struct list_head * prev, struct list_head * next) ++{ ++ next->prev = prev; ++ prev->next = next; ++} ++ ++static inline void list_del(struct list_head *entry) ++{ ++ __list_del(entry->prev, entry->next); ++ entry->next = NULL; ++ entry->prev = NULL; ++} ++ ++static inline int list_hashed(const struct list_head *n) ++{ ++ return n->next != n && n->next != NULL; ++} ++ ++static inline int list_empty(const struct list_head *n) ++{ ++ return !list_hashed(n); ++} ++ ++#define list_next(ptr, type, member) \ ++ (list_hashed(ptr) ? container_of((ptr)->next,type,member) : NULL) ++ ++#define list_entry(ptr, type, member) container_of(ptr,type,member) ++ ++#define list_for_each(pos, head) \ ++ for (pos = (head)->next; pos != (head); pos = pos->next) ++ ++#define list_for_each_safe(pos, n, head) \ ++ for (pos = (head)->next, n = pos->next; pos != (head); \ ++ pos = n, n = pos->next) ++ ++#define list_for_each_entry(pos, head, member) \ ++ for (pos = list_entry((head)->next, typeof(*pos), member); \ ++ &pos->member != (head); \ ++ pos = list_entry(pos->member.next, typeof(*pos), member)) ++ ++#define list_for_each_entry_safe(pos, n, head, member) \ ++ for (pos = list_entry((head)->next, typeof(*pos), member), \ ++ n = list_entry(pos->member.next, typeof(*pos), member); \ ++ &pos->member != (head); \ ++ pos = n, n = list_entry(n->member.next, typeof(*n), member)) ++ ++#endif +diff --git a/nhrpd/netlink.c b/nhrpd/netlink.c +new file mode 100644 +index 0000000..7fe2e01 +--- /dev/null ++++ b/nhrpd/netlink.c +@@ -0,0 +1,398 @@ ++/* NHRP netlink/neighbor table arpd code ++ * Copyright (c) 2014-2015 Timo Teräs ++ * ++ * This file is free software: you may copy, redistribute and/or modify ++ * it under the terms of the GNU General Public License as published by ++ * the Free Software Foundation, either version 2 of the License, or ++ * (at your option) any later version. ++ */ ++ ++#include <fcntl.h> ++#include <net/if.h> ++#include <netinet/ip.h> ++#include <netinet/if_ether.h> ++#include <linux/netlink.h> ++#include <linux/neighbour.h> ++#include <linux/netfilter/nfnetlink_log.h> ++#include <linux/if_tunnel.h> ++ ++#include "thread.h" ++#include "nhrpd.h" ++#include "netlink.h" ++#include "znl.h" ++ ++int netlink_nflog_group; ++static int netlink_log_fd = -1; ++static struct thread *netlink_log_thread; ++static int netlink_req_fd = -1; ++static int netlink_listen_fd = -1; ++ ++typedef void (*netlink_dispatch_f)(struct nlmsghdr *msg, struct zbuf *zb); ++ ++void netlink_update_binding(struct interface *ifp, union sockunion *proto, union sockunion *nbma) ++{ ++ struct nlmsghdr *n; ++ struct ndmsg *ndm; ++ struct zbuf *zb = zbuf_alloc(512); ++ ++ n = znl_nlmsg_push(zb, nbma ? RTM_NEWNEIGH : RTM_DELNEIGH, NLM_F_REQUEST | NLM_F_REPLACE | NLM_F_CREATE); ++ ndm = znl_push(zb, sizeof(*ndm)); ++ *ndm = (struct ndmsg) { ++ .ndm_family = sockunion_family(proto), ++ .ndm_ifindex = ifp->ifindex, ++ .ndm_type = RTN_UNICAST, ++ .ndm_state = nbma ? NUD_REACHABLE : NUD_FAILED, ++ }; ++ znl_rta_push(zb, NDA_DST, sockunion_get_addr(proto), family2addrsize(sockunion_family(proto))); ++ if (nbma) ++ znl_rta_push(zb, NDA_LLADDR, sockunion_get_addr(nbma), family2addrsize(sockunion_family(nbma))); ++ znl_nlmsg_complete(zb, n); ++ zbuf_send(zb, netlink_req_fd); ++ zbuf_recv(zb, netlink_req_fd); ++ zbuf_free(zb); ++} ++ ++static void netlink_neigh_msg(struct nlmsghdr *msg, struct zbuf *zb) ++{ ++ struct ndmsg *ndm; ++ struct rtattr *rta; ++ struct nhrp_cache *c; ++ struct interface *ifp; ++ struct zbuf payload; ++ union sockunion addr; ++ size_t len; ++ char buf[SU_ADDRSTRLEN]; ++ int state; ++ ++ ndm = znl_pull(zb, sizeof(*ndm)); ++ if (!ndm) return; ++ ++ sockunion_family(&addr) = AF_UNSPEC; ++ while ((rta = znl_rta_pull(zb, &payload)) != NULL) { ++ len = zbuf_used(&payload); ++ switch (rta->rta_type) { ++ case NDA_DST: ++ sockunion_set(&addr, ndm->ndm_family, zbuf_pulln(&payload, len), len); ++ break; ++ } ++ } ++ ++ ifp = if_lookup_by_index(ndm->ndm_ifindex); ++ if (!ifp || sockunion_family(&addr) == AF_UNSPEC) ++ return; ++ ++ c = nhrp_cache_get(ifp, &addr, 0); ++ if (!c) ++ return; ++ ++ if (msg->nlmsg_type == RTM_GETNEIGH) { ++ debugf(NHRP_DEBUG_KERNEL, "Netlink: who-has %s dev %s", ++ sockunion2str(&addr, buf, sizeof buf), ++ ifp->name); ++ ++ if (c->cur.type >= NHRP_CACHE_CACHED) { ++ nhrp_cache_set_used(c, 1); ++ netlink_update_binding(ifp, &addr, &c->cur.peer->vc->remote.nbma); ++ } ++ } else { ++ debugf(NHRP_DEBUG_KERNEL, "Netlink: update %s dev %s nud %x", ++ sockunion2str(&addr, buf, sizeof buf), ++ ifp->name, ndm->ndm_state); ++ ++ state = (msg->nlmsg_type == RTM_NEWNEIGH) ? ndm->ndm_state : NUD_FAILED; ++ nhrp_cache_set_used(c, state == NUD_REACHABLE); ++ } ++} ++ ++static int netlink_route_recv(struct thread *t) ++{ ++ uint8_t buf[ZNL_BUFFER_SIZE]; ++ int fd = THREAD_FD(t); ++ struct zbuf payload, zb; ++ struct nlmsghdr *n; ++ ++ zbuf_init(&zb, buf, sizeof(buf), 0); ++ while (zbuf_recv(&zb, fd) > 0) { ++ while ((n = znl_nlmsg_pull(&zb, &payload)) != 0) { ++ debugf(NHRP_DEBUG_KERNEL, "Netlink: Received msg_type %u, msg_flags %u", ++ n->nlmsg_type, n->nlmsg_flags); ++ switch (n->nlmsg_type) { ++ case RTM_GETNEIGH: ++ case RTM_NEWNEIGH: ++ case RTM_DELNEIGH: ++ netlink_neigh_msg(n, &payload); ++ break; ++ } ++ } ++ } ++ ++ thread_add_read(master, netlink_route_recv, 0, fd); ++ ++ return 0; ++} ++ ++static void netlink_log_register(int fd, int group) ++{ ++ struct nlmsghdr *n; ++ struct nfgenmsg *nf; ++ struct nfulnl_msg_config_cmd cmd; ++ struct zbuf *zb = zbuf_alloc(512); ++ ++ n = znl_nlmsg_push(zb, (NFNL_SUBSYS_ULOG<<8) | NFULNL_MSG_CONFIG, NLM_F_REQUEST | NLM_F_ACK); ++ nf = znl_push(zb, sizeof(*nf)); ++ *nf = (struct nfgenmsg) { ++ .nfgen_family = AF_UNSPEC, ++ .version = NFNETLINK_V0, ++ .res_id = htons(group), ++ }; ++ cmd.command = NFULNL_CFG_CMD_BIND; ++ znl_rta_push(zb, NFULA_CFG_CMD, &cmd, sizeof(cmd)); ++ znl_nlmsg_complete(zb, n); ++ ++ zbuf_send(zb, fd); ++ zbuf_free(zb); ++} ++ ++static void netlink_log_indication(struct nlmsghdr *msg, struct zbuf *zb) ++{ ++ struct nfgenmsg *nf; ++ struct rtattr *rta; ++ struct zbuf rtapl, pktpl; ++ struct interface *ifp; ++ struct nfulnl_msg_packet_hdr *pkthdr = NULL; ++ uint32_t *in_ndx = NULL; ++ ++ nf = znl_pull(zb, sizeof(*nf)); ++ if (!nf) return; ++ ++ memset(&pktpl, 0, sizeof(pktpl)); ++ while ((rta = znl_rta_pull(zb, &rtapl)) != NULL) { ++ switch (rta->rta_type) { ++ case NFULA_PACKET_HDR: ++ pkthdr = znl_pull(&rtapl, sizeof(*pkthdr)); ++ break; ++ case NFULA_IFINDEX_INDEV: ++ in_ndx = znl_pull(&rtapl, sizeof(*in_ndx)); ++ break; ++ case NFULA_PAYLOAD: ++ pktpl = rtapl; ++ break; ++ /* NFULA_HWHDR exists and is supposed to contain source ++ * hardware address. However, for ip_gre it seems to be ++ * the nexthop destination address if the packet matches ++ * route. */ ++ } ++ } ++ ++ if (!pkthdr || !in_ndx || !zbuf_used(&pktpl)) ++ return; ++ ++ ifp = if_lookup_by_index(htonl(*in_ndx)); ++ if (!ifp) ++ return; ++ ++ nhrp_peer_send_indication(ifp, htons(pkthdr->hw_protocol), &pktpl); ++} ++ ++static int netlink_log_recv(struct thread *t) ++{ ++ uint8_t buf[ZNL_BUFFER_SIZE]; ++ int fd = THREAD_FD(t); ++ struct zbuf payload, zb; ++ struct nlmsghdr *n; ++ ++ netlink_log_thread = NULL; ++ ++ zbuf_init(&zb, buf, sizeof(buf), 0); ++ while (zbuf_recv(&zb, fd) > 0) { ++ while ((n = znl_nlmsg_pull(&zb, &payload)) != 0) { ++ debugf(NHRP_DEBUG_KERNEL, "Netlink-log: Received msg_type %u, msg_flags %u", ++ n->nlmsg_type, n->nlmsg_flags); ++ switch (n->nlmsg_type) { ++ case (NFNL_SUBSYS_ULOG<<8) | NFULNL_MSG_PACKET: ++ netlink_log_indication(n, &payload); ++ break; ++ } ++ } ++ } ++ ++ THREAD_READ_ON(master, netlink_log_thread, netlink_log_recv, 0, netlink_log_fd); ++ ++ return 0; ++} ++ ++void netlink_set_nflog_group(int nlgroup) ++{ ++ if (netlink_log_fd >= 0) { ++ THREAD_OFF(netlink_log_thread); ++ close(netlink_log_fd); ++ netlink_log_fd = -1; ++ } ++ netlink_nflog_group = nlgroup; ++ if (nlgroup) { ++ netlink_log_fd = znl_open(NETLINK_NETFILTER, 0); ++ netlink_log_register(netlink_log_fd, nlgroup); ++ THREAD_READ_ON(master, netlink_log_thread, netlink_log_recv, 0, netlink_log_fd); ++ } ++} ++ ++int netlink_init(void) ++{ ++ netlink_req_fd = znl_open(NETLINK_ROUTE, 0); ++ netlink_listen_fd = znl_open(NETLINK_ROUTE, RTMGRP_NEIGH); ++ thread_add_read(master, netlink_route_recv, 0, netlink_listen_fd); ++ ++ return 0; ++} ++ ++int netlink_configure_arp(unsigned int ifindex, int pf) ++{ ++ struct nlmsghdr *n; ++ struct ndtmsg *ndtm; ++ struct rtattr *rta; ++ struct zbuf *zb = zbuf_alloc(512); ++ int r; ++ ++ n = znl_nlmsg_push(zb, RTM_SETNEIGHTBL, NLM_F_REQUEST | NLM_F_REPLACE); ++ ndtm = znl_push(zb, sizeof(*ndtm)); ++ *ndtm = (struct ndtmsg) { ++ .ndtm_family = pf, ++ }; ++ ++ znl_rta_push(zb, NDTA_NAME, pf == AF_INET ? "arp_cache" : "ndisc_cache", 10); ++ ++ rta = znl_rta_nested_push(zb, NDTA_PARMS); ++ znl_rta_push_u32(zb, NDTPA_IFINDEX, ifindex); ++ znl_rta_push_u32(zb, NDTPA_APP_PROBES, 1); ++ znl_rta_push_u32(zb, NDTPA_MCAST_PROBES, 0); ++ znl_rta_push_u32(zb, NDTPA_UCAST_PROBES, 0); ++ znl_rta_nested_complete(zb, rta); ++ ++ znl_nlmsg_complete(zb, n); ++ r = zbuf_send(zb, netlink_req_fd); ++ zbuf_recv(zb, netlink_req_fd); ++ zbuf_free(zb); ++ ++ return r; ++} ++ ++static int __netlink_gre_get_data(struct zbuf *zb, struct zbuf *data, int ifindex) ++{ ++ struct nlmsghdr *n; ++ struct ifinfomsg *ifi; ++ struct zbuf payload, rtapayload; ++ struct rtattr *rta; ++ ++ debugf(NHRP_DEBUG_KERNEL, "netlink-link-gre: get-info %u", ifindex); ++ ++ n = znl_nlmsg_push(zb, RTM_GETLINK, NLM_F_REQUEST); ++ ifi = znl_push(zb, sizeof(*ifi)); ++ *ifi = (struct ifinfomsg) { ++ .ifi_index = ifindex, ++ }; ++ znl_nlmsg_complete(zb, n); ++ ++ if (zbuf_send(zb, netlink_req_fd) < 0 || ++ zbuf_recv(zb, netlink_req_fd) < 0) ++ return -1; ++ ++ n = znl_nlmsg_pull(zb, &payload); ++ if (!n) return -1; ++ ++ if (n->nlmsg_type != RTM_NEWLINK) ++ return -1; ++ ++ ifi = znl_pull(&payload, sizeof(struct ifinfomsg)); ++ if (!ifi) ++ return -1; ++ ++ debugf(NHRP_DEBUG_KERNEL, "netlink-link-gre: ifindex %u, receive msg_type %u, msg_flags %u", ++ ifi->ifi_index, n->nlmsg_type, n->nlmsg_flags); ++ ++ if (ifi->ifi_index != ifindex) ++ return -1; ++ ++ while ((rta = znl_rta_pull(&payload, &rtapayload)) != NULL) ++ if (rta->rta_type == IFLA_LINKINFO) ++ break; ++ if (!rta) return -1; ++ ++ payload = rtapayload; ++ while ((rta = znl_rta_pull(&payload, &rtapayload)) != NULL) ++ if (rta->rta_type == IFLA_INFO_DATA) ++ break; ++ if (!rta) return -1; ++ ++ *data = rtapayload; ++ return 0; ++} ++ ++void netlink_gre_get_info(unsigned int ifindex, uint32_t *gre_key, unsigned int *link_index, struct in_addr *saddr) ++{ ++ struct zbuf *zb = zbuf_alloc(8192), data, rtapl; ++ struct rtattr *rta; ++ ++ *link_index = 0; ++ *gre_key = 0; ++ saddr->s_addr = 0; ++ ++ if (__netlink_gre_get_data(zb, &data, ifindex) < 0) ++ goto err; ++ ++ while ((rta = znl_rta_pull(&data, &rtapl)) != NULL) { ++ switch (rta->rta_type) { ++ case IFLA_GRE_LINK: ++ *link_index = zbuf_get32(&rtapl); ++ break; ++ case IFLA_GRE_IKEY: ++ case IFLA_GRE_OKEY: ++ *gre_key = zbuf_get32(&rtapl); ++ break; ++ case IFLA_GRE_LOCAL: ++ saddr->s_addr = zbuf_get32(&rtapl); ++ break; ++ } ++ } ++err: ++ zbuf_free(zb); ++} ++ ++void netlink_gre_set_link(unsigned int ifindex, unsigned int link_index) ++{ ++ struct nlmsghdr *n; ++ struct ifinfomsg *ifi; ++ struct rtattr *rta_info, *rta_data, *rta; ++ struct zbuf *zr = zbuf_alloc(8192), data, rtapl; ++ struct zbuf *zb = zbuf_alloc(8192); ++ size_t len; ++ ++ if (__netlink_gre_get_data(zr, &data, ifindex) < 0) ++ goto err; ++ ++ n = znl_nlmsg_push(zb, RTM_NEWLINK, NLM_F_REQUEST); ++ ifi = znl_push(zb, sizeof(*ifi)); ++ *ifi = (struct ifinfomsg) { ++ .ifi_index = ifindex, ++ }; ++ rta_info = znl_rta_nested_push(zb, IFLA_LINKINFO); ++ znl_rta_push(zb, IFLA_INFO_KIND, "gre", 3); ++ rta_data = znl_rta_nested_push(zb, IFLA_INFO_DATA); ++ ++ znl_rta_push_u32(zb, IFLA_GRE_LINK, link_index); ++ while ((rta = znl_rta_pull(&data, &rtapl)) != NULL) { ++ if (rta->rta_type == IFLA_GRE_LINK) ++ continue; ++ len = zbuf_used(&rtapl); ++ znl_rta_push(zb, rta->rta_type, zbuf_pulln(&rtapl, len), len); ++ } ++ ++ znl_rta_nested_complete(zb, rta_data); ++ znl_rta_nested_complete(zb, rta_info); ++ ++ znl_nlmsg_complete(zb, n); ++ zbuf_send(zb, netlink_req_fd); ++ zbuf_recv(zb, netlink_req_fd); ++err: ++ zbuf_free(zb); ++ zbuf_free(zr); ++} +diff --git a/nhrpd/netlink.h b/nhrpd/netlink.h +new file mode 100644 +index 0000000..2285093 +--- /dev/null ++++ b/nhrpd/netlink.h +@@ -0,0 +1,21 @@ ++/* NHRP netlink/neighbor table API ++ * Copyright (c) 2014-2015 Timo Teräs ++ * ++ * This file is free software: you may copy, redistribute and/or modify ++ * it under the terms of the GNU General Public License as published by ++ * the Free Software Foundation, either version 2 of the License, or ++ * (at your option) any later version. ++ */ ++ ++union sockunion; ++struct interface; ++ ++extern int netlink_nflog_group; ++ ++int netlink_init(void); ++int netlink_configure_arp(unsigned int ifindex, int pf); ++void netlink_update_binding(struct interface *ifp, union sockunion *proto, union sockunion *nbma); ++void netlink_set_nflog_group(int nlgroup); ++ ++void netlink_gre_get_info(unsigned int ifindex, uint32_t *gre_key, unsigned int *link_index, struct in_addr *saddr); ++void netlink_gre_set_link(unsigned int ifindex, unsigned int link_index); +diff --git a/nhrpd/nhrp_cache.c b/nhrpd/nhrp_cache.c +new file mode 100644 +index 0000000..447a814 +--- /dev/null ++++ b/nhrpd/nhrp_cache.c +@@ -0,0 +1,341 @@ ++/* NHRP cache ++ * Copyright (c) 2014-2015 Timo Teräs ++ * ++ * This file is free software: you may copy, redistribute and/or modify ++ * it under the terms of the GNU General Public License as published by ++ * the Free Software Foundation, either version 2 of the License, or ++ * (at your option) any later version. ++ */ ++ ++#include "zebra.h" ++#include "memory.h" ++#include "thread.h" ++#include "hash.h" ++#include "nhrpd.h" ++ ++#include "netlink.h" ++ ++unsigned long nhrp_cache_counts[NHRP_CACHE_NUM_TYPES]; ++ ++const char * const nhrp_cache_type_str[] = { ++ [NHRP_CACHE_INVALID] = "invalid", ++ [NHRP_CACHE_INCOMPLETE] = "incomplete", ++ [NHRP_CACHE_NEGATIVE] = "negative", ++ [NHRP_CACHE_CACHED] = "cached", ++ [NHRP_CACHE_DYNAMIC] = "dynamic", ++ [NHRP_CACHE_NHS] = "nhs", ++ [NHRP_CACHE_STATIC] = "static", ++ [NHRP_CACHE_LOCAL] = "local", ++}; ++ ++static unsigned int nhrp_cache_protocol_key(void *peer_data) ++{ ++ struct nhrp_cache *p = peer_data; ++ return sockunion_hash(&p->remote_addr); ++} ++ ++static int nhrp_cache_protocol_cmp(const void *cache_data, const void *key_data) ++{ ++ const struct nhrp_cache *a = cache_data; ++ const struct nhrp_cache *b = key_data; ++ return sockunion_same(&a->remote_addr, &b->remote_addr); ++} ++ ++static void *nhrp_cache_alloc(void *data) ++{ ++ struct nhrp_cache *p, *key = data; ++ ++ p = XMALLOC(MTYPE_NHRP_CACHE, sizeof(struct nhrp_cache)); ++ if (p) { ++ *p = (struct nhrp_cache) { ++ .cur.type = NHRP_CACHE_INVALID, ++ .new.type = NHRP_CACHE_INVALID, ++ .remote_addr = key->remote_addr, ++ .ifp = key->ifp, ++ .notifier_list = NOTIFIER_LIST_INITIALIZER(&p->notifier_list), ++ }; ++ nhrp_cache_counts[p->cur.type]++; ++ } ++ ++ return p; ++} ++ ++static void nhrp_cache_free(struct nhrp_cache *c) ++{ ++ struct nhrp_interface *nifp = c->ifp->info; ++ ++ zassert(c->cur.type == NHRP_CACHE_INVALID && c->cur.peer == NULL); ++ zassert(c->new.type == NHRP_CACHE_INVALID && c->new.peer == NULL); ++ nhrp_cache_counts[c->cur.type]--; ++ notifier_call(&c->notifier_list, NOTIFY_CACHE_DELETE); ++ zassert(!notifier_active(&c->notifier_list)); ++ hash_release(nifp->cache_hash, c); ++ XFREE(MTYPE_NHRP_CACHE, c); ++} ++ ++struct nhrp_cache *nhrp_cache_get(struct interface *ifp, union sockunion *remote_addr, int create) ++{ ++ struct nhrp_interface *nifp = ifp->info; ++ struct nhrp_cache key; ++ ++ if (!nifp->cache_hash) { ++ nifp->cache_hash = hash_create(nhrp_cache_protocol_key, nhrp_cache_protocol_cmp); ++ if (!nifp->cache_hash) ++ return NULL; ++ } ++ ++ key.remote_addr = *remote_addr; ++ key.ifp = ifp; ++ ++ return hash_get(nifp->cache_hash, &key, create ? nhrp_cache_alloc : NULL); ++} ++ ++static int nhrp_cache_do_free(struct thread *t) ++{ ++ struct nhrp_cache *c = THREAD_ARG(t); ++ c->t_timeout = NULL; ++ nhrp_cache_free(c); ++ return 0; ++} ++ ++static int nhrp_cache_do_timeout(struct thread *t) ++{ ++ struct nhrp_cache *c = THREAD_ARG(t); ++ c->t_timeout = NULL; ++ if (c->cur.type != NHRP_CACHE_INVALID) ++ nhrp_cache_update_binding(c, c->cur.type, -1, NULL, 0, NULL); ++ return 0; ++} ++ ++static void nhrp_cache_update_route(struct nhrp_cache *c) ++{ ++ struct prefix pfx; ++ struct nhrp_peer *p = c->cur.peer; ++ ++ sockunion2hostprefix(&c->remote_addr, &pfx); ++ ++ if (p && nhrp_peer_check(p, 1)) { ++ netlink_update_binding(p->ifp, &c->remote_addr, &p->vc->remote.nbma); ++ nhrp_route_announce(1, c->cur.type, &pfx, c->ifp, NULL, c->cur.mtu); ++ if (c->cur.type >= NHRP_CACHE_DYNAMIC) { ++ nhrp_route_update_nhrp(&pfx, c->ifp); ++ c->nhrp_route_installed = 1; ++ } else if (c->nhrp_route_installed) { ++ nhrp_route_update_nhrp(&pfx, NULL); ++ c->nhrp_route_installed = 0; ++ } ++ if (!c->route_installed) { ++ notifier_call(&c->notifier_list, NOTIFY_CACHE_UP); ++ c->route_installed = 1; ++ } ++ } else { ++ if (c->nhrp_route_installed) { ++ nhrp_route_update_nhrp(&pfx, NULL); ++ c->nhrp_route_installed = 0; ++ } ++ if (c->route_installed) { ++ sockunion2hostprefix(&c->remote_addr, &pfx); ++ notifier_call(&c->notifier_list, NOTIFY_CACHE_DOWN); ++ nhrp_route_announce(0, c->cur.type, &pfx, NULL, NULL, 0); ++ c->route_installed = 0; ++ } ++ } ++} ++ ++static void nhrp_cache_peer_notifier(struct notifier_block *n, unsigned long cmd) ++{ ++ struct nhrp_cache *c = container_of(n, struct nhrp_cache, peer_notifier); ++ ++ switch (cmd) { ++ case NOTIFY_PEER_UP: ++ nhrp_cache_update_route(c); ++ break; ++ case NOTIFY_PEER_DOWN: ++ case NOTIFY_PEER_IFCONFIG_CHANGED: ++ notifier_call(&c->notifier_list, NOTIFY_CACHE_DOWN); ++ nhrp_cache_update_binding(c, c->cur.type, -1, NULL, 0, NULL); ++ break; ++ case NOTIFY_PEER_NBMA_CHANGING: ++ if (c->cur.type == NHRP_CACHE_DYNAMIC) ++ c->cur.peer->vc->abort_migration = 1; ++ break; ++ } ++} ++ ++static void nhrp_cache_reset_new(struct nhrp_cache *c) ++{ ++ THREAD_OFF(c->t_auth); ++ if (list_hashed(&c->newpeer_notifier.notifier_entry)) ++ nhrp_peer_notify_del(c->new.peer, &c->newpeer_notifier); ++ nhrp_peer_unref(c->new.peer); ++ memset(&c->new, 0, sizeof(c->new)); ++ c->new.type = NHRP_CACHE_INVALID; ++} ++ ++static void nhrp_cache_update_timers(struct nhrp_cache *c) ++{ ++ THREAD_OFF(c->t_timeout); ++ ++ switch (c->cur.type) { ++ case NHRP_CACHE_INVALID: ++ if (!c->t_auth) ++ THREAD_TIMER_MSEC_ON(master, c->t_timeout, nhrp_cache_do_free, c, 10); ++ break; ++ default: ++ if (c->cur.expires) ++ THREAD_TIMER_ON(master, c->t_timeout, nhrp_cache_do_timeout, c, c->cur.expires - recent_relative_time().tv_sec); ++ break; ++ } ++} ++ ++static void nhrp_cache_authorize_binding(struct nhrp_reqid *r, void *arg) ++{ ++ struct nhrp_cache *c = container_of(r, struct nhrp_cache, eventid); ++ char buf[SU_ADDRSTRLEN]; ++ ++ debugf(NHRP_DEBUG_COMMON, "cache: %s %s: %s", ++ c->ifp->name, sockunion2str(&c->remote_addr, buf, sizeof buf), ++ (const char *) arg); ++ ++ nhrp_reqid_free(&nhrp_event_reqid, r); ++ ++ if (arg && strcmp(arg, "accept") == 0) { ++ if (c->cur.peer) { ++ netlink_update_binding(c->cur.peer->ifp, &c->remote_addr, NULL); ++ nhrp_peer_notify_del(c->cur.peer, &c->peer_notifier); ++ nhrp_peer_unref(c->cur.peer); ++ } ++ nhrp_cache_counts[c->cur.type]--; ++ nhrp_cache_counts[c->new.type]++; ++ c->cur = c->new; ++ c->cur.peer = nhrp_peer_ref(c->cur.peer); ++ nhrp_cache_reset_new(c); ++ if (c->cur.peer) ++ nhrp_peer_notify_add(c->cur.peer, &c->peer_notifier, nhrp_cache_peer_notifier); ++ nhrp_cache_update_route(c); ++ notifier_call(&c->notifier_list, NOTIFY_CACHE_BINDING_CHANGE); ++ } else { ++ nhrp_cache_reset_new(c); ++ } ++ ++ nhrp_cache_update_timers(c); ++} ++ ++static int nhrp_cache_do_auth_timeout(struct thread *t) ++{ ++ struct nhrp_cache *c = THREAD_ARG(t); ++ c->t_auth = NULL; ++ nhrp_cache_authorize_binding(&c->eventid, (void *) "timeout"); ++ return 0; ++} ++ ++static void nhrp_cache_newpeer_notifier(struct notifier_block *n, unsigned long cmd) ++{ ++ struct nhrp_cache *c = container_of(n, struct nhrp_cache, newpeer_notifier); ++ ++ switch (cmd) { ++ case NOTIFY_PEER_UP: ++ if (nhrp_peer_check(c->new.peer, 1)) { ++ evmgr_notify("authorize-binding", c, nhrp_cache_authorize_binding); ++ THREAD_TIMER_ON(master, c->t_auth, nhrp_cache_do_auth_timeout, c, 10); ++ } ++ break; ++ case NOTIFY_PEER_DOWN: ++ case NOTIFY_PEER_IFCONFIG_CHANGED: ++ nhrp_cache_reset_new(c); ++ break; ++ } ++} ++ ++int nhrp_cache_update_binding(struct nhrp_cache *c, enum nhrp_cache_type type, int holding_time, struct nhrp_peer *p, uint32_t mtu, union sockunion *nbma_oa) ++{ ++ if (c->cur.type > type || c->new.type > type) { ++ nhrp_peer_unref(p); ++ return 0; ++ } ++ ++ /* Sanitize MTU */ ++ switch (sockunion_family(&c->remote_addr)) { ++ case AF_INET: ++ if (mtu < 576 || mtu >= 1500) ++ mtu = 0; ++ /* Opennhrp announces nbma mtu, but we use protocol mtu. ++ * This heuristic tries to fix up it. */ ++ if (mtu > 1420) mtu = (mtu & -16) - 80; ++ break; ++ default: ++ mtu = 0; ++ break; ++ } ++ ++ nhrp_cache_reset_new(c); ++ if (c->cur.type == type && c->cur.peer == p && c->cur.mtu == mtu) { ++ if (holding_time > 0) c->cur.expires = recent_relative_time().tv_sec + holding_time; ++ if (nbma_oa) c->cur.remote_nbma_natoa = *nbma_oa; ++ else memset(&c->cur.remote_nbma_natoa, 0, sizeof c->cur.remote_nbma_natoa); ++ nhrp_peer_unref(p); ++ } else { ++ c->new.type = type; ++ c->new.peer = p; ++ c->new.mtu = mtu; ++ if (nbma_oa) c->new.remote_nbma_natoa = *nbma_oa; ++ ++ if (holding_time > 0) ++ c->new.expires = recent_relative_time().tv_sec + holding_time; ++ else if (holding_time < 0) ++ c->new.type = NHRP_CACHE_INVALID; ++ ++ if (c->new.type == NHRP_CACHE_INVALID || ++ c->new.type >= NHRP_CACHE_STATIC || ++ c->map) { ++ nhrp_cache_authorize_binding(&c->eventid, (void *) "accept"); ++ } else { ++ nhrp_peer_notify_add(c->new.peer, &c->newpeer_notifier, nhrp_cache_newpeer_notifier); ++ nhrp_cache_newpeer_notifier(&c->newpeer_notifier, NOTIFY_PEER_UP); ++ THREAD_TIMER_ON(master, c->t_auth, nhrp_cache_do_auth_timeout, c, 60); ++ } ++ } ++ nhrp_cache_update_timers(c); ++ ++ return 1; ++} ++ ++void nhrp_cache_set_used(struct nhrp_cache *c, int used) ++{ ++ c->used = used; ++ if (c->used) ++ notifier_call(&c->notifier_list, NOTIFY_CACHE_USED); ++} ++ ++struct nhrp_cache_iterator_ctx { ++ void (*cb)(struct nhrp_cache *, void *); ++ void *ctx; ++}; ++ ++static void nhrp_cache_iterator(struct hash_backet *b, void *ctx) ++{ ++ struct nhrp_cache_iterator_ctx *ic = ctx; ++ ic->cb(b->data, ic->ctx); ++} ++ ++void nhrp_cache_foreach(struct interface *ifp, void (*cb)(struct nhrp_cache *, void *), void *ctx) ++{ ++ struct nhrp_interface *nifp = ifp->info; ++ struct nhrp_cache_iterator_ctx ic = { ++ .cb = cb, ++ .ctx = ctx, ++ }; ++ ++ if (nifp->cache_hash) ++ hash_iterate(nifp->cache_hash, nhrp_cache_iterator, &ic); ++} ++ ++void nhrp_cache_notify_add(struct nhrp_cache *c, struct notifier_block *n, notifier_fn_t fn) ++{ ++ notifier_add(n, &c->notifier_list, fn); ++} ++ ++void nhrp_cache_notify_del(struct nhrp_cache *c, struct notifier_block *n) ++{ ++ notifier_del(n); ++} +diff --git a/nhrpd/nhrp_event.c b/nhrpd/nhrp_event.c +new file mode 100644 +index 0000000..aab9ec6 +--- /dev/null ++++ b/nhrpd/nhrp_event.c +@@ -0,0 +1,280 @@ ++/* NHRP event manager ++ * Copyright (c) 2014-2015 Timo Teräs ++ * ++ * This file is free software: you may copy, redistribute and/or modify ++ * it under the terms of the GNU General Public License as published by ++ * the Free Software Foundation, either version 2 of the License, or ++ * (at your option) any later version. ++ */ ++ ++#include <string.h> ++#include <sys/socket.h> ++#include <sys/un.h> ++ ++#include "thread.h" ++#include "zbuf.h" ++#include "log.h" ++#include "nhrpd.h" ++ ++const char *nhrp_event_socket_path; ++struct nhrp_reqid_pool nhrp_event_reqid; ++ ++struct event_manager { ++ struct thread *t_reconnect, *t_read, *t_write; ++ struct zbuf ibuf; ++ struct zbuf_queue obuf; ++ int fd; ++ uint8_t ibuf_data[4*1024]; ++}; ++ ++static int evmgr_reconnect(struct thread *t); ++ ++static void evmgr_connection_error(struct event_manager *evmgr) ++{ ++ THREAD_OFF(evmgr->t_read); ++ THREAD_OFF(evmgr->t_write); ++ zbuf_reset(&evmgr->ibuf); ++ zbufq_reset(&evmgr->obuf); ++ ++ if (evmgr->fd >= 0) ++ close(evmgr->fd); ++ evmgr->fd = -1; ++ if (nhrp_event_socket_path) ++ THREAD_TIMER_MSEC_ON(master, evmgr->t_reconnect, evmgr_reconnect, ++ evmgr, 10); ++} ++ ++static void evmgr_recv_message(struct event_manager *evmgr, struct zbuf *zb) ++{ ++ struct zbuf zl; ++ uint32_t eventid = 0; ++ size_t len; ++ char buf[256], result[64] = ""; ++ ++ while (zbuf_may_pull_until(zb, "\n", &zl)) { ++ len = zbuf_used(&zl) - 1; ++ if (len >= sizeof(buf)-1) ++ continue; ++ memcpy(buf, zbuf_pulln(&zl, len), len); ++ buf[len] = 0; ++ ++ debugf(NHRP_DEBUG_EVENT, "evmgr: msg: %s", buf); ++ sscanf(buf, "eventid=%d", &eventid); ++ sscanf(buf, "result=%63s", result); ++ } ++ debugf(NHRP_DEBUG_EVENT, "evmgr: received: eventid=%d result=%s", eventid, result); ++ if (eventid && result[0]) { ++ struct nhrp_reqid *r = nhrp_reqid_lookup(&nhrp_event_reqid, eventid); ++ if (r) r->cb(r, result); ++ } ++} ++ ++static int evmgr_read(struct thread *t) ++{ ++ struct event_manager *evmgr = THREAD_ARG(t); ++ struct zbuf *ibuf = &evmgr->ibuf; ++ struct zbuf msg; ++ ++ evmgr->t_read = NULL; ++ if (zbuf_read(ibuf, evmgr->fd, (size_t) -1) < 0) { ++ evmgr_connection_error(evmgr); ++ return 0; ++ } ++ ++ /* Process all messages in buffer */ ++ while (zbuf_may_pull_until(ibuf, "\n\n", &msg)) ++ evmgr_recv_message(evmgr, &msg); ++ ++ THREAD_READ_ON(master, evmgr->t_read, evmgr_read, evmgr, evmgr->fd); ++ return 0; ++} ++ ++static int evmgr_write(struct thread *t) ++{ ++ struct event_manager *evmgr = THREAD_ARG(t); ++ int r; ++ ++ evmgr->t_write = NULL; ++ r = zbufq_write(&evmgr->obuf, evmgr->fd); ++ if (r > 0) { ++ THREAD_WRITE_ON(master, evmgr->t_write, evmgr_write, evmgr, evmgr->fd); ++ } else if (r < 0) { ++ evmgr_connection_error(evmgr); ++ } ++ ++ return 0; ++} ++ ++static void evmgr_hexdump(struct zbuf *zb, const uint8_t *val, size_t vallen) ++{ ++ static const char xd[] = "0123456789abcdef"; ++ size_t i; ++ char *ptr; ++ ++ ptr = zbuf_pushn(zb, 2*vallen); ++ if (!ptr) return; ++ ++ for (i = 0; i < vallen; i++) { ++ uint8_t b = val[i]; ++ *(ptr++) = xd[b >> 4]; ++ *(ptr++) = xd[b & 0xf]; ++ } ++} ++ ++static void evmgr_put(struct zbuf *zb, const char *fmt, ...) ++{ ++ const char *pos, *nxt, *str; ++ const uint8_t *bin; ++ const union sockunion *su; ++ int len; ++ va_list va; ++ ++ va_start(va, fmt); ++ for (pos = fmt; (nxt = strchr(pos, '%')) != NULL; pos = nxt + 2) { ++ zbuf_put(zb, pos, nxt-pos); ++ switch (nxt[1]) { ++ case '%': ++ zbuf_put8(zb, '%'); ++ break; ++ case 'u': ++ zb->tail += snprintf((char *) zb->tail, zbuf_tailroom(zb), "%u", va_arg(va, uint32_t)); ++ break; ++ case 's': ++ str = va_arg(va, const char *); ++ zbuf_put(zb, str, strlen(str)); ++ break; ++ case 'U': ++ su = va_arg(va, const union sockunion *); ++ if (sockunion2str(su, (char *) zb->tail, zbuf_tailroom(zb))) ++ zb->tail += strlen((char *) zb->tail); ++ else ++ zbuf_set_werror(zb); ++ break; ++ case 'H': ++ bin = va_arg(va, const uint8_t *); ++ len = va_arg(va, int); ++ evmgr_hexdump(zb, bin, len); ++ break; ++ } ++ } ++ va_end(va); ++ zbuf_put(zb, pos, strlen(pos)); ++} ++ ++static void evmgr_submit(struct event_manager *evmgr, struct zbuf *obuf) ++{ ++ if (obuf->error) { ++ zbuf_free(obuf); ++ return; ++ } ++ zbuf_put(obuf, "\n", 1); ++ zbufq_queue(&evmgr->obuf, obuf); ++ if (evmgr->fd >= 0) ++ THREAD_WRITE_ON(master, evmgr->t_write, evmgr_write, evmgr, evmgr->fd); ++} ++ ++static int evmgr_reconnect(struct thread *t) ++{ ++ struct event_manager *evmgr = THREAD_ARG(t); ++ int fd; ++ ++ evmgr->t_reconnect = NULL; ++ if (evmgr->fd >= 0 || !nhrp_event_socket_path) return 0; ++ ++ fd = sock_open_unix(nhrp_event_socket_path); ++ if (fd < 0) { ++ zlog_warn("%s: failure connecting nhrp-event socket: %s", ++ __PRETTY_FUNCTION__, strerror(errno)); ++ zbufq_reset(&evmgr->obuf); ++ THREAD_TIMER_ON(master, evmgr->t_reconnect, evmgr_reconnect, evmgr, 10); ++ return 0; ++ } ++ ++ zlog_info("Connected to Event Manager"); ++ evmgr->fd = fd; ++ THREAD_READ_ON(master, evmgr->t_read, evmgr_read, evmgr, evmgr->fd); ++ ++ return 0; ++} ++ ++static struct event_manager evmgr_connection; ++ ++void evmgr_init(void) ++{ ++ struct event_manager *evmgr = &evmgr_connection; ++ ++ evmgr->fd = -1; ++ zbuf_init(&evmgr->ibuf, evmgr->ibuf_data, sizeof(evmgr->ibuf_data), 0); ++ zbufq_init(&evmgr->obuf); ++ THREAD_TIMER_MSEC_ON(master, evmgr->t_reconnect, evmgr_reconnect, evmgr, 10); ++} ++ ++void evmgr_set_socket(const char *socket) ++{ ++ if (nhrp_event_socket_path) ++ free((char *) nhrp_event_socket_path); ++ nhrp_event_socket_path = strdup(socket); ++ evmgr_connection_error(&evmgr_connection); ++} ++ ++void evmgr_terminate(void) ++{ ++} ++ ++void evmgr_notify(const char *name, struct nhrp_cache *c, void (*cb)(struct nhrp_reqid *, void *)) ++{ ++ struct event_manager *evmgr = &evmgr_connection; ++ struct nhrp_vc *vc; ++ struct nhrp_interface *nifp = c->ifp->info; ++ struct zbuf *zb; ++ afi_t afi = family2afi(sockunion_family(&c->remote_addr)); ++ ++ if (!nhrp_event_socket_path) { ++ cb(&c->eventid, (void*) "accept"); ++ return; ++ } ++ ++ debugf(NHRP_DEBUG_EVENT, "evmgr: sending event %s", name); ++ ++ vc = c->new.peer ? c->new.peer->vc : NULL; ++ zb = zbuf_alloc(1024 + (vc ? (vc->local.certlen + vc->remote.certlen) * 2 : 0)); ++ ++ if (cb) { ++ nhrp_reqid_free(&nhrp_event_reqid, &c->eventid); ++ evmgr_put(zb, ++ "eventid=%u\n", ++ nhrp_reqid_alloc(&nhrp_event_reqid, &c->eventid, cb)); ++ } ++ ++ evmgr_put(zb, ++ "event=%s\n" ++ "type=%s\n" ++ "old_type=%s\n" ++ "num_nhs=%u\n" ++ "interface=%s\n" ++ "local_addr=%U\n", ++ name, ++ nhrp_cache_type_str[c->new.type], ++ nhrp_cache_type_str[c->cur.type], ++ (unsigned int) nhrp_cache_counts[NHRP_CACHE_NHS], ++ c->ifp->name, ++ &nifp->afi[afi].addr); ++ ++ if (vc) { ++ evmgr_put(zb, ++ "vc_initiated=%s\n" ++ "local_nbma=%U\n" ++ "local_cert=%H\n" ++ "remote_addr=%U\n" ++ "remote_nbma=%U\n" ++ "remote_cert=%H\n", ++ c->new.peer->requested ? "yes" : "no", ++ &vc->local.nbma, ++ vc->local.cert, vc->local.certlen, ++ &c->remote_addr, &vc->remote.nbma, ++ vc->remote.cert, vc->remote.certlen); ++ } ++ ++ evmgr_submit(evmgr, zb); ++} ++ +diff --git a/nhrpd/nhrp_interface.c b/nhrpd/nhrp_interface.c +new file mode 100644 +index 0000000..8118927 +--- /dev/null ++++ b/nhrpd/nhrp_interface.c +@@ -0,0 +1,404 @@ ++/* NHRP interface ++ * Copyright (c) 2014-2015 Timo Teräs ++ * ++ * This file is free software: you may copy, redistribute and/or modify ++ * it under the terms of the GNU General Public License as published by ++ * the Free Software Foundation, either version 2 of the License, or ++ * (at your option) any later version. ++ */ ++ ++#include <net/if_arp.h> ++#include "zebra.h" ++#include "linklist.h" ++#include "memory.h" ++#include "thread.h" ++ ++#include "nhrpd.h" ++#include "os.h" ++#include "netlink.h" ++ ++static int nhrp_if_new_hook(struct interface *ifp) ++{ ++ struct nhrp_interface *nifp; ++ afi_t afi; ++ ++ nifp = XCALLOC(MTYPE_NHRP_IF, sizeof(struct nhrp_interface)); ++ if (!nifp) return 0; ++ ++ ifp->info = nifp; ++ nifp->ifp = ifp; ++ ++ notifier_init(&nifp->notifier_list); ++ for (afi = 0; afi < AFI_MAX; afi++) { ++ struct nhrp_afi_data *ad = &nifp->afi[afi]; ++ ad->holdtime = NHRPD_DEFAULT_HOLDTIME; ++ list_init(&ad->nhslist_head); ++ } ++ ++ return 0; ++} ++ ++static int nhrp_if_delete_hook(struct interface *ifp) ++{ ++ XFREE(MTYPE_NHRP_IF, ifp->info); ++ return 0; ++} ++ ++void nhrp_interface_init(void) ++{ ++ if_add_hook(IF_NEW_HOOK, nhrp_if_new_hook); ++ if_add_hook(IF_DELETE_HOOK, nhrp_if_delete_hook); ++} ++ ++void nhrp_interface_update_mtu(struct interface *ifp, afi_t afi) ++{ ++ struct nhrp_interface *nifp = ifp->info; ++ struct nhrp_afi_data *if_ad = &nifp->afi[afi]; ++ unsigned short new_mtu; ++ ++ if (if_ad->configured_mtu < 0) ++ new_mtu = nifp->nbmaifp ? nifp->nbmaifp->mtu : 0; ++ else ++ new_mtu = if_ad->configured_mtu; ++ if (new_mtu >= 1500) ++ new_mtu = 0; ++ ++ if (new_mtu != if_ad->mtu) { ++ debugf(NHRP_DEBUG_IF, "%s: MTU changed to %d", ifp->name, new_mtu); ++ if_ad->mtu = new_mtu; ++ notifier_call(&nifp->notifier_list, NOTIFY_INTERFACE_MTU_CHANGED); ++ } ++} ++ ++static void nhrp_interface_update_source(struct interface *ifp) ++{ ++ struct nhrp_interface *nifp = ifp->info; ++ ++ if (!nifp->source || !nifp->nbmaifp || ++ nifp->linkidx == nifp->nbmaifp->ifindex) ++ return; ++ ++ nifp->linkidx = nifp->nbmaifp->ifindex; ++ debugf(NHRP_DEBUG_IF, "%s: bound device index changed to %d", ifp->name, nifp->linkidx); ++ netlink_gre_set_link(ifp->ifindex, nifp->linkidx); ++} ++ ++static void nhrp_interface_interface_notifier(struct notifier_block *n, unsigned long cmd) ++{ ++ struct nhrp_interface *nifp = container_of(n, struct nhrp_interface, nbmanifp_notifier); ++ struct interface *nbmaifp = nifp->nbmaifp; ++ struct nhrp_interface *nbmanifp = nbmaifp->info; ++ char buf[SU_ADDRSTRLEN]; ++ ++ switch (cmd) { ++ case NOTIFY_INTERFACE_CHANGED: ++ nhrp_interface_update_mtu(nifp->ifp, AFI_IP); ++ nhrp_interface_update_source(nifp->ifp); ++ break; ++ case NOTIFY_INTERFACE_ADDRESS_CHANGED: ++ nifp->nbma = nbmanifp->afi[AFI_IP].addr; ++ nhrp_interface_update(nifp->ifp); ++ notifier_call(&nifp->notifier_list, NOTIFY_INTERFACE_NBMA_CHANGED); ++ debugf(NHRP_DEBUG_IF, "%s: NBMA change: address %s", ++ nifp->ifp->name, ++ sockunion2str(&nifp->nbma, buf, sizeof buf)); ++ break; ++ } ++} ++ ++static void nhrp_interface_update_nbma(struct interface *ifp) ++{ ++ struct nhrp_interface *nifp = ifp->info, *nbmanifp = NULL; ++ struct interface *nbmaifp = NULL; ++ union sockunion nbma; ++ ++ sockunion_family(&nbma) = AF_UNSPEC; ++ ++ if (nifp->source) ++ nbmaifp = if_lookup_by_name(nifp->source); ++ ++ switch (ifp->ll_type) { ++ case ZEBRA_LLT_IPGRE: { ++ struct in_addr saddr = {0}; ++ netlink_gre_get_info(ifp->ifindex, &nifp->grekey, &nifp->linkidx, &saddr); ++ debugf(NHRP_DEBUG_IF, "%s: GRE: %x %x %x", ifp->name, nifp->grekey, nifp->linkidx, saddr.s_addr); ++ if (saddr.s_addr) ++ sockunion_set(&nbma, AF_INET, (u_char *) &saddr.s_addr, sizeof(saddr.s_addr)); ++ else if (!nbmaifp && nifp->linkidx != IFINDEX_INTERNAL) ++ nbmaifp = if_lookup_by_index(nifp->linkidx); ++ } ++ break; ++ default: ++ break; ++ } ++ ++ if (nbmaifp) ++ nbmanifp = nbmaifp->info; ++ ++ if (nbmaifp != nifp->nbmaifp) { ++ if (nifp->nbmaifp) ++ notifier_del(&nifp->nbmanifp_notifier); ++ nifp->nbmaifp = nbmaifp; ++ if (nbmaifp) { ++ notifier_add(&nifp->nbmanifp_notifier, &nbmanifp->notifier_list, nhrp_interface_interface_notifier); ++ debugf(NHRP_DEBUG_IF, "%s: bound to %s", ifp->name, nbmaifp->name); ++ } ++ } ++ ++ if (nbmaifp) { ++ if (sockunion_family(&nbma) == AF_UNSPEC) ++ nbma = nbmanifp->afi[AFI_IP].addr; ++ nhrp_interface_update_mtu(ifp, AFI_IP); ++ nhrp_interface_update_source(ifp); ++ } ++ ++ if (!sockunion_same(&nbma, &nifp->nbma)) { ++ nifp->nbma = nbma; ++ nhrp_interface_update(nifp->ifp); ++ debugf(NHRP_DEBUG_IF, "%s: NBMA address changed", ifp->name); ++ notifier_call(&nifp->notifier_list, NOTIFY_INTERFACE_NBMA_CHANGED); ++ } ++ ++ nhrp_interface_update(ifp); ++} ++ ++static void nhrp_interface_update_address(struct interface *ifp, afi_t afi, int force) ++{ ++ const int family = afi2family(afi); ++ struct nhrp_interface *nifp = ifp->info; ++ struct nhrp_afi_data *if_ad = &nifp->afi[afi]; ++ struct nhrp_cache *nc; ++ struct connected *c, *best; ++ struct listnode *cnode; ++ union sockunion addr; ++ char buf[PREFIX_STRLEN]; ++ ++ /* Select new best match preferring primary address */ ++ best = NULL; ++ for (ALL_LIST_ELEMENTS_RO(ifp->connected, cnode, c)) { ++ if (PREFIX_FAMILY(c->address) != family) ++ continue; ++ if (best == NULL) { ++ best = c; ++ continue; ++ } ++ if ((best->flags & ZEBRA_IFA_SECONDARY) && !(c->flags & ZEBRA_IFA_SECONDARY)) { ++ best = c; ++ continue; ++ } ++ if (!(best->flags & ZEBRA_IFA_SECONDARY) && (c->flags & ZEBRA_IFA_SECONDARY)) ++ continue; ++ if (best->address->prefixlen > c->address->prefixlen) { ++ best = c; ++ continue; ++ } ++ if (best->address->prefixlen < c->address->prefixlen) ++ continue; ++ } ++ ++ /* On NHRP interfaces a host prefix is required */ ++ if (best && if_ad->configured && best->address->prefixlen != 8 * prefix_blen(best->address)) { ++ zlog_notice("%s: %s is not a host prefix", ifp->name, ++ prefix2str(best->address, buf, sizeof buf)); ++ best = NULL; ++ } ++ ++ /* Update address if it changed */ ++ if (best) ++ prefix2sockunion(best->address, &addr); ++ else ++ memset(&addr, 0, sizeof(addr)); ++ ++ if (!force && sockunion_same(&if_ad->addr, &addr)) ++ return; ++ ++ if (sockunion_family(&if_ad->addr) != AF_UNSPEC) { ++ nc = nhrp_cache_get(ifp, &if_ad->addr, 0); ++ if (nc) nhrp_cache_update_binding(nc, NHRP_CACHE_LOCAL, -1, NULL, 0, NULL); ++ } ++ ++ debugf(NHRP_DEBUG_KERNEL, "%s: IPv%d address changed to %s", ++ ifp->name, afi == AFI_IP ? 4 : 6, ++ best ? prefix2str(best->address, buf, sizeof buf) : "(none)"); ++ if_ad->addr = addr; ++ ++ if (if_ad->configured && sockunion_family(&if_ad->addr) != AF_UNSPEC) { ++ nc = nhrp_cache_get(ifp, &addr, 1); ++ if (nc) nhrp_cache_update_binding(nc, NHRP_CACHE_LOCAL, 0, NULL, 0, NULL); ++ } ++ ++ notifier_call(&nifp->notifier_list, NOTIFY_INTERFACE_ADDRESS_CHANGED); ++} ++ ++void nhrp_interface_update(struct interface *ifp) ++{ ++ struct nhrp_interface *nifp = ifp->info; ++ struct nhrp_afi_data *if_ad; ++ afi_t afi; ++ int enabled = 0; ++ ++ notifier_call(&nifp->notifier_list, NOTIFY_INTERFACE_CHANGED); ++ ++ for (afi = 0; afi < AFI_MAX; afi++) { ++ if_ad = &nifp->afi[afi]; ++ ++ if (sockunion_family(&nifp->nbma) == AF_UNSPEC || ++ ifp->ifindex == IFINDEX_INTERNAL || !if_is_up(ifp) || ++ !if_ad->network_id) { ++ if (if_ad->configured) { ++ if_ad->configured = 0; ++ nhrp_interface_update_address(ifp, afi, 1); ++ } ++ continue; ++ } ++ ++ if (!if_ad->configured) { ++ os_configure_dmvpn(ifp->ifindex, ifp->name, afi2family(afi)); ++ if_ad->configured = 1; ++ nhrp_interface_update_address(ifp, afi, 1); ++ } ++ ++ enabled = 1; ++ } ++ ++ if (enabled != nifp->enabled) { ++ nifp->enabled = enabled; ++ notifier_call(&nifp->notifier_list, enabled ? NOTIFY_INTERFACE_UP : NOTIFY_INTERFACE_DOWN); ++ } ++} ++ ++int nhrp_interface_add(int cmd, struct zclient *client, zebra_size_t length, vrf_id_t vrf_id) ++{ ++ struct interface *ifp; ++ ++ /* read and add the interface in the iflist. */ ++ ifp = zebra_interface_add_read(client->ibuf, vrf_id); ++ if (ifp == NULL) ++ return 0; ++ ++ debugf(NHRP_DEBUG_IF, "if-add: %s, ifindex: %u, hw_type: %d %s", ++ ifp->name, ifp->ifindex, ++ ifp->ll_type, if_link_type_str(ifp->ll_type)); ++ ++ nhrp_interface_update_nbma(ifp); ++ ++ return 0; ++} ++ ++int nhrp_interface_delete(int cmd, struct zclient *client, ++ zebra_size_t length, vrf_id_t vrf_id) ++{ ++ struct interface *ifp; ++ struct stream *s; ++ ++ s = client->ibuf; ++ ifp = zebra_interface_state_read(s, vrf_id); ++ if (ifp == NULL) ++ return 0; ++ ++ debugf(NHRP_DEBUG_IF, "if-delete: %s", ifp->name); ++ ifp->ifindex = IFINDEX_INTERNAL; ++ nhrp_interface_update(ifp); ++ /* if_delete(ifp); */ ++ return 0; ++} ++ ++int nhrp_interface_up(int cmd, struct zclient *client, ++ zebra_size_t length, vrf_id_t vrf_id) ++{ ++ struct interface *ifp; ++ ++ ifp = zebra_interface_state_read(client->ibuf, vrf_id); ++ if (ifp == NULL) ++ return 0; ++ ++ debugf(NHRP_DEBUG_IF, "if-up: %s", ifp->name); ++ nhrp_interface_update_nbma(ifp); ++ ++ return 0; ++} ++ ++int nhrp_interface_down(int cmd, struct zclient *client, ++ zebra_size_t length, vrf_id_t vrf_id) ++{ ++ struct interface *ifp; ++ ++ ifp = zebra_interface_state_read(client->ibuf, vrf_id); ++ if (ifp == NULL) ++ return 0; ++ ++ debugf(NHRP_DEBUG_IF, "if-down: %s", ifp->name); ++ nhrp_interface_update(ifp); ++ return 0; ++} ++ ++int nhrp_interface_address_add(int cmd, struct zclient *client, ++ zebra_size_t length, vrf_id_t vrf_id) ++{ ++ struct connected *ifc; ++ char buf[PREFIX_STRLEN]; ++ ++ ifc = zebra_interface_address_read(cmd, client->ibuf, vrf_id); ++ if (ifc == NULL) ++ return 0; ++ ++ debugf(NHRP_DEBUG_IF, "if-addr-add: %s: %s", ++ ifc->ifp->name, ++ prefix2str(ifc->address, buf, sizeof buf)); ++ ++ nhrp_interface_update_address(ifc->ifp, family2afi(PREFIX_FAMILY(ifc->address)), 0); ++ ++ return 0; ++} ++ ++int nhrp_interface_address_delete(int cmd, struct zclient *client, ++ zebra_size_t length, vrf_id_t vrf_id) ++{ ++ struct connected *ifc; ++ char buf[PREFIX_STRLEN]; ++ ++ ifc = zebra_interface_address_read(cmd, client->ibuf, vrf_id); ++ if (ifc == NULL) ++ return 0; ++ ++ debugf(NHRP_DEBUG_IF, "if-addr-del: %s: %s", ++ ifc->ifp->name, ++ prefix2str(ifc->address, buf, sizeof buf)); ++ ++ nhrp_interface_update_address(ifc->ifp, family2afi(PREFIX_FAMILY(ifc->address)), 0); ++ connected_free(ifc); ++ ++ return 0; ++} ++ ++void nhrp_interface_notify_add(struct interface *ifp, struct notifier_block *n, notifier_fn_t fn) ++{ ++ struct nhrp_interface *nifp = ifp->info; ++ notifier_add(n, &nifp->notifier_list, fn); ++} ++ ++void nhrp_interface_notify_del(struct interface *ifp, struct notifier_block *n) ++{ ++ notifier_del(n); ++} ++ ++void nhrp_interface_set_protection(struct interface *ifp, const char *profile, const char *fallback_profile) ++{ ++ struct nhrp_interface *nifp = ifp->info; ++ ++ if (nifp->ipsec_profile) free(nifp->ipsec_profile); ++ nifp->ipsec_profile = profile ? strdup(profile) : NULL; ++ ++ if (nifp->ipsec_fallback_profile) free(nifp->ipsec_fallback_profile); ++ nifp->ipsec_fallback_profile = fallback_profile ? strdup(fallback_profile) : NULL; ++} ++ ++void nhrp_interface_set_source(struct interface *ifp, const char *ifname) ++{ ++ struct nhrp_interface *nifp = ifp->info; ++ ++ if (nifp->source) free(nifp->source); ++ nifp->source = ifname ? strdup(ifname) : NULL; ++ ++ nhrp_interface_update_nbma(ifp); ++} +diff --git a/nhrpd/nhrp_main.c b/nhrpd/nhrp_main.c +new file mode 100644 +index 0000000..29349a0 +--- /dev/null ++++ b/nhrpd/nhrp_main.c +@@ -0,0 +1,246 @@ ++/* NHRP daemon main functions ++ * Copyright (c) 2014-2015 Timo Teräs ++ * ++ * This file is free software: you may copy, redistribute and/or modify ++ * it under the terms of the GNU General Public License as published by ++ * the Free Software Foundation, either version 2 of the License, or ++ * (at your option) any later version. ++ */ ++ ++#include <unistd.h> ++ ++#include "zebra.h" ++#include "privs.h" ++#include "getopt.h" ++#include "thread.h" ++#include "sigevent.h" ++#include "version.h" ++#include "log.h" ++#include "memory.h" ++#include "command.h" ++ ++#include "nhrpd.h" ++#include "netlink.h" ++ ++unsigned int debug_flags = 0; ++ ++struct thread_master *master; ++struct timeval current_time; ++static const char *pid_file = PATH_NHRPD_PID; ++static char config_default[] = SYSCONFDIR NHRP_DEFAULT_CONFIG; ++static char *config_file = NULL; ++static char *vty_addr = NULL; ++static int vty_port = NHRP_VTY_PORT; ++static int do_daemonise = 0; ++ ++/* nhrpd options. */ ++struct option longopts[] = { ++ { "daemon", no_argument, NULL, 'd'}, ++ { "config_file", required_argument, NULL, 'f'}, ++ { "pid_file", required_argument, NULL, 'i'}, ++ { "socket", required_argument, NULL, 'z'}, ++ { "help", no_argument, NULL, 'h'}, ++ { "vty_addr", required_argument, NULL, 'A'}, ++ { "vty_port", required_argument, NULL, 'P'}, ++ { "user", required_argument, NULL, 'u'}, ++ { "group", required_argument, NULL, 'g'}, ++ { "version", no_argument, NULL, 'v'}, ++ { 0 } ++}; ++ ++/* nhrpd privileges */ ++static zebra_capabilities_t _caps_p [] = { ++ ZCAP_NET_RAW, ++ ZCAP_NET_ADMIN, ++ ZCAP_DAC_OVERRIDE, /* for now needed to write to /proc/sys/net/ipv4/<if>/send_redirect */ ++}; ++ ++static struct zebra_privs_t nhrpd_privs = { ++#ifdef QUAGGA_USER ++ .user = QUAGGA_USER, ++#endif ++#ifdef QUAGGA_GROUP ++ .group = QUAGGA_GROUP, ++#endif ++#ifdef VTY_GROUP ++ .vty_group = VTY_GROUP, ++#endif ++ .caps_p = _caps_p, ++ .cap_num_p = ZEBRA_NUM_OF(_caps_p), ++}; ++ ++static void usage(const char *progname, int status) ++{ ++ if (status != 0) ++ fprintf(stderr, "Try `%s --help' for more information.\n", progname); ++ else ++ printf( ++"Usage : %s [OPTION...]\n\ ++Daemon which manages NHRP protocol.\n\n\ ++-d, --daemon Runs in daemon mode\n\ ++-f, --config_file Set configuration file name\n\ ++-i, --pid_file Set process identifier file name\n\ ++-z, --socket Set path of zebra socket\n\ ++-A, --vty_addr Set vty's bind address\n\ ++-P, --vty_port Set vty's port number\n\ ++-u, --user User to run as\n\ ++-g, --group Group to run as\n\ ++-v, --version Print program version\n\ ++-h, --help Display this help and exit\n\ ++\n\ ++Report bugs to %s\n", progname, ZEBRA_BUG_ADDRESS); ++ ++ exit(status); ++} ++ ++static void parse_arguments(const char *progname, int argc, char **argv) ++{ ++ int opt; ++ ++ while (1) { ++ opt = getopt_long(argc, argv, "df:i:z:hA:P:u:g:v", longopts, 0); ++ if(opt < 0) break; ++ ++ switch (opt) { ++ case 0: ++ break; ++ case 'd': ++ do_daemonise = -1; ++ break; ++ case 'f': ++ config_file = optarg; ++ break; ++ case 'i': ++ pid_file = optarg; ++ break; ++ case 'z': ++ zclient_serv_path_set(optarg); ++ break; ++ case 'A': ++ vty_addr = optarg; ++ break; ++ case 'P': ++ vty_port = atoi (optarg); ++ if (vty_port <= 0 || vty_port > 0xffff) ++ vty_port = NHRP_VTY_PORT; ++ break; ++ case 'u': ++ nhrpd_privs.user = optarg; ++ break; ++ case 'g': ++ nhrpd_privs.group = optarg; ++ break; ++ case 'v': ++ print_version(progname); ++ exit(0); ++ break; ++ case 'h': ++ usage(progname, 0); ++ break; ++ default: ++ usage(progname, 1); ++ break; ++ } ++ } ++} ++ ++static void nhrp_sigusr1(void) ++{ ++ zlog_rotate(NULL); ++} ++ ++static void nhrp_request_stop(void) ++{ ++ debugf(NHRP_DEBUG_COMMON, "Exiting..."); ++ ++ nhrp_shortcut_terminate(); ++ nhrp_nhs_terminate(); ++ nhrp_zebra_terminate(); ++ vici_terminate(); ++ evmgr_terminate(); ++ nhrp_vc_terminate(); ++ vrf_terminate(); ++ /* memory_terminate(); */ ++ /* vty_terminate(); */ ++ cmd_terminate(); ++ /* signal_terminate(); */ ++ zprivs_terminate(&nhrpd_privs); ++ ++ debugf(NHRP_DEBUG_COMMON, "Remove pid file."); ++ if (pid_file) unlink(pid_file); ++ debugf(NHRP_DEBUG_COMMON, "Done."); ++ ++ closezlog(zlog_default); ++ ++ exit(0); ++} ++ ++static struct quagga_signal_t sighandlers[] = { ++ { .signal = SIGUSR1, .handler = &nhrp_sigusr1, }, ++ { .signal = SIGINT, .handler = &nhrp_request_stop, }, ++ { .signal = SIGTERM, .handler = &nhrp_request_stop, }, ++}; ++ ++int main(int argc, char **argv) ++{ ++ struct thread thread; ++ const char *progname; ++ ++ /* Set umask before anything for security */ ++ umask(0027); ++ progname = basename(argv[0]); ++ zlog_default = openzlog(progname, ZLOG_NHRP, LOG_CONS|LOG_NDELAY|LOG_PID, LOG_DAEMON); ++ zlog_set_level(NULL, ZLOG_DEST_STDOUT, LOG_WARNING); ++ ++ parse_arguments(progname, argc, argv); ++ ++ /* Library inits. */ ++ master = thread_master_create(); ++ zprivs_init(&nhrpd_privs); ++ signal_init(master, array_size(sighandlers), sighandlers); ++ cmd_init(1); ++ vty_init(master); ++ memory_init(); ++ nhrp_interface_init(); ++ vrf_init(); ++ resolver_init(); ++ ++ /* Run with elevated capabilities, as for all netlink activity ++ * we need privileges anyway. */ ++ nhrpd_privs.change(ZPRIVS_RAISE); ++ ++ netlink_init(); ++ evmgr_init(); ++ nhrp_vc_init(); ++ nhrp_packet_init(); ++ vici_init(); ++ nhrp_zebra_init(); ++ nhrp_shortcut_init(); ++ ++ nhrp_config_init(); ++ ++ /* Get zebra configuration file. */ ++ zlog_set_level(NULL, ZLOG_DEST_STDOUT, do_daemonise ? ZLOG_DISABLED : LOG_DEBUG); ++ vty_read_config(config_file, config_default); ++ ++ if (do_daemonise && daemon(0, 0) < 0) { ++ zlog_err("daemonise: %s", safe_strerror(errno)); ++ exit (1); ++ } ++ ++ /* write pid file */ ++ if (pid_output(pid_file) < 0) { ++ zlog_err("error while writing pidfile"); ++ exit (1); ++ } ++ ++ /* Create VTY socket */ ++ vty_serv_sock(vty_addr, vty_port, NHRP_VTYSH_PATH); ++ zlog_notice("nhrpd starting: vty@%d", vty_port); ++ ++ /* Main loop */ ++ while (thread_fetch(master, &thread)) ++ thread_call(&thread); ++ ++ return 0; ++} +diff --git a/nhrpd/nhrp_nhs.c b/nhrpd/nhrp_nhs.c +new file mode 100644 +index 0000000..d463e06 +--- /dev/null ++++ b/nhrpd/nhrp_nhs.c +@@ -0,0 +1,369 @@ ++/* NHRP NHC nexthop server functions (registration) ++ * Copyright (c) 2014-2015 Timo Teräs ++ * ++ * This file is free software: you may copy, redistribute and/or modify ++ * it under the terms of the GNU General Public License as published by ++ * the Free Software Foundation, either version 2 of the License, or ++ * (at your option) any later version. ++ */ ++ ++#include "zebra.h" ++#include "zbuf.h" ++#include "memory.h" ++#include "thread.h" ++#include "nhrpd.h" ++#include "nhrp_protocol.h" ++ ++static int nhrp_nhs_resolve(struct thread *t); ++ ++struct nhrp_registration { ++ struct list_head reglist_entry; ++ struct thread *t_register; ++ struct nhrp_nhs *nhs; ++ struct nhrp_reqid reqid; ++ unsigned int timeout; ++ unsigned mark : 1; ++ union sockunion proto_addr; ++ struct nhrp_peer *peer; ++ struct notifier_block peer_notifier; ++}; ++ ++static int nhrp_reg_send_req(struct thread *t); ++ ++static void nhrp_reg_reply(struct nhrp_reqid *reqid, void *arg) ++{ ++ struct nhrp_packet_parser *p = arg; ++ struct nhrp_registration *r = container_of(reqid, struct nhrp_registration, reqid); ++ struct nhrp_nhs *nhs = r->nhs; ++ struct interface *ifp = nhs->ifp; ++ struct nhrp_interface *nifp = ifp->info; ++ struct nhrp_extension_header *ext; ++ struct nhrp_cie_header *cie; ++ struct nhrp_cache *c; ++ struct zbuf extpl; ++ union sockunion cie_nbma, cie_proto, *proto; ++ char buf[64]; ++ int ok = 0, holdtime; ++ ++ nhrp_reqid_free(&nhrp_packet_reqid, &r->reqid); ++ ++ if (p->hdr->type != NHRP_PACKET_REGISTRATION_REPLY) { ++ debugf(NHRP_DEBUG_COMMON, "NHS: Registration failed"); ++ return; ++ } ++ ++ debugf(NHRP_DEBUG_COMMON, "NHS: Reg.reply received"); ++ ++ ok = 1; ++ while ((cie = nhrp_cie_pull(&p->payload, p->hdr, &cie_nbma, &cie_proto)) != NULL) { ++ proto = sockunion_family(&cie_proto) != AF_UNSPEC ? &cie_proto : &p->src_proto; ++ debugf(NHRP_DEBUG_COMMON, "NHS: CIE registration: %s: %d", ++ sockunion2str(proto, buf, sizeof(buf)), ++ cie->code); ++ if (!((cie->code == NHRP_CODE_SUCCESS) || ++ (cie->code == NHRP_CODE_ADMINISTRATIVELY_PROHIBITED && nhs->hub))) ++ ok = 0; ++ } ++ ++ if (!ok) ++ return; ++ ++ /* Parse extensions */ ++ sockunion_family(&nifp->nat_nbma) = AF_UNSPEC; ++ while ((ext = nhrp_ext_pull(&p->extensions, &extpl)) != NULL) { ++ switch (htons(ext->type) & ~NHRP_EXTENSION_FLAG_COMPULSORY) { ++ case NHRP_EXTENSION_NAT_ADDRESS: ++ /* NHS adds second CIE if NAT is detected */ ++ if (nhrp_cie_pull(&extpl, p->hdr, &cie_nbma, &cie_proto) && ++ nhrp_cie_pull(&extpl, p->hdr, &cie_nbma, &cie_proto)) { ++ nifp->nat_nbma = cie_nbma; ++ debugf(NHRP_DEBUG_IF, "%s: NAT detected, real NBMA address: %s", ++ ifp->name, sockunion2str(&nifp->nbma, buf, sizeof(buf))); ++ } ++ break; ++ } ++ } ++ ++ /* Success - schedule next registration, and route NHS */ ++ r->timeout = 2; ++ holdtime = nifp->afi[nhs->afi].holdtime; ++ THREAD_OFF(r->t_register); ++ ++ /* RFC 2332 5.2.3 - Registration is recommend to be renewed ++ * every one third of holdtime */ ++ THREAD_TIMER_ON(master, r->t_register, nhrp_reg_send_req, r, holdtime / 3); ++ ++ r->proto_addr = p->dst_proto; ++ c = nhrp_cache_get(ifp, &p->dst_proto, 1); ++ if (c) nhrp_cache_update_binding(c, NHRP_CACHE_NHS, holdtime, nhrp_peer_ref(r->peer), 0, NULL); ++} ++ ++static int nhrp_reg_timeout(struct thread *t) ++{ ++ struct nhrp_registration *r = THREAD_ARG(t); ++ struct nhrp_cache *c; ++ ++ r->t_register = NULL; ++ ++ if (r->timeout >= 16 && sockunion_family(&r->proto_addr) != AF_UNSPEC) { ++ nhrp_reqid_free(&nhrp_packet_reqid, &r->reqid); ++ c = nhrp_cache_get(r->nhs->ifp, &r->proto_addr, 0); ++ if (c) nhrp_cache_update_binding(c, NHRP_CACHE_NHS, -1, NULL, 0, NULL); ++ sockunion_family(&r->proto_addr) = AF_UNSPEC; ++ } ++ ++ r->timeout <<= 1; ++ if (r->timeout > 64) r->timeout = 2; ++ THREAD_TIMER_MSEC_ON(master, r->t_register, nhrp_reg_send_req, r, 10); ++ ++ return 0; ++} ++ ++static void nhrp_reg_peer_notify(struct notifier_block *n, unsigned long cmd) ++{ ++ struct nhrp_registration *r = container_of(n, struct nhrp_registration, peer_notifier); ++ char buf[SU_ADDRSTRLEN]; ++ ++ switch (cmd) { ++ case NOTIFY_PEER_UP: ++ case NOTIFY_PEER_DOWN: ++ case NOTIFY_PEER_IFCONFIG_CHANGED: ++ case NOTIFY_PEER_MTU_CHANGED: ++ debugf(NHRP_DEBUG_COMMON, "NHS: Flush timer for %s", ++ sockunion2str(&r->peer->vc->remote.nbma, buf, sizeof buf)); ++ THREAD_TIMER_OFF(r->t_register); ++ THREAD_TIMER_MSEC_ON(master, r->t_register, nhrp_reg_send_req, r, 10); ++ break; ++ } ++} ++ ++static int nhrp_reg_send_req(struct thread *t) ++{ ++ struct nhrp_registration *r = THREAD_ARG(t); ++ struct nhrp_nhs *nhs = r->nhs; ++ char buf1[SU_ADDRSTRLEN], buf2[SU_ADDRSTRLEN]; ++ struct interface *ifp = nhs->ifp; ++ struct nhrp_interface *nifp = ifp->info; ++ struct nhrp_afi_data *if_ad = &nifp->afi[nhs->afi]; ++ union sockunion *dst_proto; ++ struct zbuf *zb; ++ struct nhrp_packet_header *hdr; ++ struct nhrp_extension_header *ext; ++ struct nhrp_cie_header *cie; ++ ++ r->t_register = NULL; ++ if (!nhrp_peer_check(r->peer, 2)) { ++ debugf(NHRP_DEBUG_COMMON, "NHS: Waiting link for %s", ++ sockunion2str(&r->peer->vc->remote.nbma, buf1, sizeof buf1)); ++ THREAD_TIMER_ON(master, r->t_register, nhrp_reg_send_req, r, 120); ++ return 0; ++ } ++ ++ THREAD_TIMER_ON(master, r->t_register, nhrp_reg_timeout, r, r->timeout); ++ ++ /* RFC2332 5.2.3 NHC uses it's own address as dst if NHS is unknown */ ++ dst_proto = &nhs->proto_addr; ++ if (sockunion_family(dst_proto) == AF_UNSPEC) ++ dst_proto = &if_ad->addr; ++ ++ sockunion2str(&if_ad->addr, buf1, sizeof(buf1)); ++ sockunion2str(dst_proto, buf2, sizeof(buf2)); ++ debugf(NHRP_DEBUG_COMMON, "NHS: Register %s -> %s (timeout %d)", buf1, buf2, r->timeout); ++ ++ /* No protocol address configured for tunnel interface */ ++ if (sockunion_family(&if_ad->addr) == AF_UNSPEC) ++ return 0; ++ ++ zb = zbuf_alloc(1400); ++ hdr = nhrp_packet_push(zb, NHRP_PACKET_REGISTRATION_REQUEST, &nifp->nbma, &if_ad->addr, dst_proto); ++ hdr->hop_count = 0; ++ if (!(if_ad->flags & NHRP_IFF_REG_NO_UNIQUE)) ++ hdr->flags |= htons(NHRP_FLAG_REGISTRATION_UNIQUE); ++ ++ hdr->u.request_id = htonl(nhrp_reqid_alloc(&nhrp_packet_reqid, &r->reqid, nhrp_reg_reply)); ++ ++ /* FIXME: push CIE for each local protocol address */ ++ cie = nhrp_cie_push(zb, NHRP_CODE_SUCCESS, NULL, NULL); ++ cie->prefix_length = 0xff; ++ cie->holding_time = htons(if_ad->holdtime); ++ cie->mtu = htons(if_ad->mtu); ++ ++ nhrp_ext_request(zb, hdr, ifp); ++ ++ /* Cisco NAT detection extension */ ++ hdr->flags |= htons(NHRP_FLAG_REGISTRATION_NAT); ++ ext = nhrp_ext_push(zb, hdr, NHRP_EXTENSION_NAT_ADDRESS); ++ cie = nhrp_cie_push(zb, NHRP_CODE_SUCCESS, &nifp->nbma, &if_ad->addr); ++ cie->prefix_length = 8 * sockunion_get_addrlen(&nifp->nbma); ++ nhrp_ext_complete(zb, ext); ++ ++ nhrp_packet_complete(zb, hdr); ++ nhrp_peer_send(r->peer, zb); ++ zbuf_free(zb); ++ ++ return 0; ++} ++ ++static void nhrp_reg_delete(struct nhrp_registration *r) ++{ ++ nhrp_peer_notify_del(r->peer, &r->peer_notifier); ++ nhrp_peer_unref(r->peer); ++ list_del(&r->reglist_entry); ++ THREAD_OFF(r->t_register); ++ XFREE(MTYPE_NHRP_REGISTRATION, r); ++} ++ ++static struct nhrp_registration *nhrp_reg_by_nbma(struct nhrp_nhs *nhs, const union sockunion *nbma_addr) ++{ ++ struct nhrp_registration *r; ++ ++ list_for_each_entry(r, &nhs->reglist_head, reglist_entry) ++ if (sockunion_same(&r->peer->vc->remote.nbma, nbma_addr)) ++ return r; ++ return NULL; ++} ++ ++static void nhrp_nhs_resolve_cb(struct resolver_query *q, int n, union sockunion *addrs) ++{ ++ struct nhrp_nhs *nhs = container_of(q, struct nhrp_nhs, dns_resolve); ++ struct nhrp_interface *nifp = nhs->ifp->info; ++ struct nhrp_registration *reg, *regn; ++ int i; ++ ++ nhs->t_resolve = NULL; ++ if (n < 0) { ++ /* Failed, retry in a moment */ ++ THREAD_TIMER_ON(master, nhs->t_resolve, nhrp_nhs_resolve, nhs, 5); ++ return; ++ } ++ ++ THREAD_TIMER_ON(master, nhs->t_resolve, nhrp_nhs_resolve, nhs, 2*60*60); ++ ++ list_for_each_entry(reg, &nhs->reglist_head, reglist_entry) ++ reg->mark = 1; ++ ++ nhs->hub = 0; ++ for (i = 0; i < n; i++) { ++ if (sockunion_same(&addrs[i], &nifp->nbma)) { ++ nhs->hub = 1; ++ continue; ++ } ++ ++ reg = nhrp_reg_by_nbma(nhs, &addrs[i]); ++ if (reg) { ++ reg->mark = 0; ++ continue; ++ } ++ ++ reg = XCALLOC(MTYPE_NHRP_REGISTRATION, sizeof(*reg)); ++ reg->peer = nhrp_peer_get(nhs->ifp, &addrs[i]); ++ reg->nhs = nhs; ++ reg->timeout = 1; ++ list_init(®->reglist_entry); ++ list_add_tail(®->reglist_entry, &nhs->reglist_head); ++ nhrp_peer_notify_add(reg->peer, ®->peer_notifier, nhrp_reg_peer_notify); ++ THREAD_TIMER_MSEC_ON(master, reg->t_register, nhrp_reg_send_req, reg, 50); ++ } ++ ++ list_for_each_entry_safe(reg, regn, &nhs->reglist_head, reglist_entry) { ++ if (reg->mark) ++ nhrp_reg_delete(reg); ++ } ++} ++ ++static int nhrp_nhs_resolve(struct thread *t) ++{ ++ struct nhrp_nhs *nhs = THREAD_ARG(t); ++ ++ resolver_resolve(&nhs->dns_resolve, AF_INET, nhs->nbma_fqdn, nhrp_nhs_resolve_cb); ++ ++ return 0; ++} ++ ++int nhrp_nhs_add(struct interface *ifp, afi_t afi, union sockunion *proto_addr, const char *nbma_fqdn) ++{ ++ struct nhrp_interface *nifp = ifp->info; ++ struct nhrp_nhs *nhs; ++ ++ if (sockunion_family(proto_addr) != AF_UNSPEC && ++ sockunion_family(proto_addr) != afi2family(afi)) ++ return NHRP_ERR_PROTOCOL_ADDRESS_MISMATCH; ++ ++ list_for_each_entry(nhs, &nifp->afi[afi].nhslist_head, nhslist_entry) { ++ if (sockunion_family(&nhs->proto_addr) != AF_UNSPEC && ++ sockunion_family(proto_addr) != AF_UNSPEC && ++ sockunion_same(&nhs->proto_addr, proto_addr)) ++ return NHRP_ERR_ENTRY_EXISTS; ++ ++ if (strcmp(nhs->nbma_fqdn, nbma_fqdn) == 0) ++ return NHRP_ERR_ENTRY_EXISTS; ++ } ++ ++ nhs = XMALLOC(MTYPE_NHRP_NHS, sizeof(struct nhrp_nhs)); ++ if (!nhs) return NHRP_ERR_NO_MEMORY; ++ ++ *nhs = (struct nhrp_nhs) { ++ .afi = afi, ++ .ifp = ifp, ++ .proto_addr = *proto_addr, ++ .nbma_fqdn = strdup(nbma_fqdn), ++ .reglist_head = LIST_INITIALIZER(nhs->reglist_head), ++ }; ++ list_add_tail(&nhs->nhslist_entry, &nifp->afi[afi].nhslist_head); ++ THREAD_TIMER_MSEC_ON(master, nhs->t_resolve, nhrp_nhs_resolve, nhs, 1000); ++ ++ return NHRP_OK; ++} ++ ++int nhrp_nhs_del(struct interface *ifp, afi_t afi, union sockunion *proto_addr, const char *nbma_fqdn) ++{ ++ struct nhrp_interface *nifp = ifp->info; ++ struct nhrp_nhs *nhs, *nnhs; ++ int ret = NHRP_ERR_ENTRY_NOT_FOUND; ++ ++ if (sockunion_family(proto_addr) != AF_UNSPEC && ++ sockunion_family(proto_addr) != afi2family(afi)) ++ return NHRP_ERR_PROTOCOL_ADDRESS_MISMATCH; ++ ++ list_for_each_entry_safe(nhs, nnhs, &nifp->afi[afi].nhslist_head, nhslist_entry) { ++ if (!sockunion_same(&nhs->proto_addr, proto_addr)) ++ continue; ++ if (strcmp(nhs->nbma_fqdn, nbma_fqdn) != 0) ++ continue; ++ ++ nhrp_nhs_free(nhs); ++ ret = NHRP_OK; ++ } ++ ++ return ret; ++} ++ ++int nhrp_nhs_free(struct nhrp_nhs *nhs) ++{ ++ struct nhrp_registration *r, *rn; ++ ++ list_for_each_entry_safe(r, rn, &nhs->reglist_head, reglist_entry) ++ nhrp_reg_delete(r); ++ THREAD_OFF(nhs->t_resolve); ++ list_del(&nhs->nhslist_entry); ++ free((void*) nhs->nbma_fqdn); ++ XFREE(MTYPE_NHRP_NHS, nhs); ++ return 0; ++} ++ ++void nhrp_nhs_terminate(void) ++{ ++ struct interface *ifp; ++ struct nhrp_interface *nifp; ++ struct nhrp_nhs *nhs, *tmp; ++ struct listnode *node; ++ afi_t afi; ++ ++ for (ALL_LIST_ELEMENTS_RO(iflist, node, ifp)) { ++ nifp = ifp->info; ++ for (afi = 0; afi < AFI_MAX; afi++) { ++ list_for_each_entry_safe(nhs, tmp, &nifp->afi[afi].nhslist_head, nhslist_entry) ++ nhrp_nhs_free(nhs); ++ } ++ } ++} +diff --git a/nhrpd/nhrp_packet.c b/nhrpd/nhrp_packet.c +new file mode 100644 +index 0000000..5d2866a +--- /dev/null ++++ b/nhrpd/nhrp_packet.c +@@ -0,0 +1,312 @@ ++/* NHRP packet handling functions ++ * Copyright (c) 2014-2015 Timo Teräs ++ * ++ * This file is free software: you may copy, redistribute and/or modify ++ * it under the terms of the GNU General Public License as published by ++ * the Free Software Foundation, either version 2 of the License, or ++ * (at your option) any later version. ++ */ ++ ++#include <netinet/if_ether.h> ++#include "nhrpd.h" ++#include "zbuf.h" ++#include "thread.h" ++#include "hash.h" ++ ++#include "nhrp_protocol.h" ++#include "os.h" ++ ++struct nhrp_reqid_pool nhrp_packet_reqid; ++ ++static uint16_t family2proto(int family) ++{ ++ switch (family) { ++ case AF_INET: return ETH_P_IP; ++ case AF_INET6: return ETH_P_IPV6; ++ } ++ return 0; ++} ++ ++static int proto2family(uint16_t proto) ++{ ++ switch (proto) { ++ case ETH_P_IP: return AF_INET; ++ case ETH_P_IPV6: return AF_INET6; ++ } ++ return AF_UNSPEC; ++} ++ ++struct nhrp_packet_header *nhrp_packet_push( ++ struct zbuf *zb, uint8_t type, ++ const union sockunion *src_nbma, ++ const union sockunion *src_proto, ++ const union sockunion *dst_proto) ++{ ++ struct nhrp_packet_header *hdr; ++ ++ hdr = zbuf_push(zb, struct nhrp_packet_header); ++ if (!hdr) return NULL; ++ ++ *hdr = (struct nhrp_packet_header) { ++ .afnum = htons(family2afi(sockunion_family(src_nbma))), ++ .protocol_type = htons(family2proto(sockunion_family(src_proto))), ++ .version = NHRP_VERSION_RFC2332, ++ .type = type, ++ .hop_count = 64, ++ .src_nbma_address_len = sockunion_get_addrlen(src_nbma), ++ .src_protocol_address_len = sockunion_get_addrlen(src_proto), ++ .dst_protocol_address_len = sockunion_get_addrlen(dst_proto), ++ }; ++ ++ zbuf_put(zb, sockunion_get_addr(src_nbma), hdr->src_nbma_address_len); ++ zbuf_put(zb, sockunion_get_addr(src_proto), hdr->src_protocol_address_len); ++ zbuf_put(zb, sockunion_get_addr(dst_proto), hdr->dst_protocol_address_len); ++ ++ return hdr; ++} ++ ++struct nhrp_packet_header *nhrp_packet_pull( ++ struct zbuf *zb, ++ union sockunion *src_nbma, ++ union sockunion *src_proto, ++ union sockunion *dst_proto) ++{ ++ struct nhrp_packet_header *hdr; ++ ++ hdr = zbuf_pull(zb, struct nhrp_packet_header); ++ if (!hdr) return NULL; ++ ++ sockunion_set( ++ src_nbma, afi2family(htons(hdr->afnum)), ++ zbuf_pulln(zb, hdr->src_nbma_address_len + hdr->src_nbma_subaddress_len), ++ hdr->src_nbma_address_len + hdr->src_nbma_subaddress_len); ++ sockunion_set( ++ src_proto, proto2family(htons(hdr->protocol_type)), ++ zbuf_pulln(zb, hdr->src_protocol_address_len), ++ hdr->src_protocol_address_len); ++ sockunion_set( ++ dst_proto, proto2family(htons(hdr->protocol_type)), ++ zbuf_pulln(zb, hdr->dst_protocol_address_len), ++ hdr->dst_protocol_address_len); ++ ++ return hdr; ++} ++ ++uint16_t nhrp_packet_calculate_checksum(const uint8_t *pdu, uint16_t len) ++{ ++ const uint16_t *pdu16 = (const uint16_t *) pdu; ++ uint32_t csum = 0; ++ int i; ++ ++ for (i = 0; i < len / 2; i++) ++ csum += pdu16[i]; ++ if (len & 1) ++ csum += htons(pdu[len - 1]); ++ ++ while (csum & 0xffff0000) ++ csum = (csum & 0xffff) + (csum >> 16); ++ ++ return (~csum) & 0xffff; ++} ++ ++void nhrp_packet_complete(struct zbuf *zb, struct nhrp_packet_header *hdr) ++{ ++ unsigned short size; ++ ++ if (hdr->extension_offset) ++ nhrp_ext_push(zb, hdr, NHRP_EXTENSION_END | NHRP_EXTENSION_FLAG_COMPULSORY); ++ ++ size = zb->tail - (uint8_t *)hdr; ++ hdr->packet_size = htons(size); ++ hdr->checksum = 0; ++ hdr->checksum = nhrp_packet_calculate_checksum((uint8_t *) hdr, size); ++} ++ ++struct nhrp_cie_header *nhrp_cie_push( ++ struct zbuf *zb, ++ uint8_t code, ++ const union sockunion *nbma, ++ const union sockunion *proto) ++{ ++ struct nhrp_cie_header *cie; ++ ++ cie = zbuf_push(zb, struct nhrp_cie_header); ++ *cie = (struct nhrp_cie_header) { ++ .code = code, ++ }; ++ if (nbma) { ++ cie->nbma_address_len = sockunion_get_addrlen(nbma); ++ zbuf_put(zb, sockunion_get_addr(nbma), cie->nbma_address_len); ++ } ++ if (proto) { ++ cie->protocol_address_len = sockunion_get_addrlen(proto); ++ zbuf_put(zb, sockunion_get_addr(proto), cie->protocol_address_len); ++ } ++ ++ return cie; ++} ++ ++struct nhrp_cie_header *nhrp_cie_pull( ++ struct zbuf *zb, ++ struct nhrp_packet_header *hdr, ++ union sockunion *nbma, ++ union sockunion *proto) ++{ ++ struct nhrp_cie_header *cie; ++ ++ cie = zbuf_pull(zb, struct nhrp_cie_header); ++ if (!cie) return NULL; ++ ++ if (cie->nbma_address_len + cie->nbma_subaddress_len) { ++ sockunion_set( ++ nbma, afi2family(htons(hdr->afnum)), ++ zbuf_pulln(zb, cie->nbma_address_len + cie->nbma_subaddress_len), ++ cie->nbma_address_len + cie->nbma_subaddress_len); ++ } else { ++ sockunion_family(nbma) = AF_UNSPEC; ++ } ++ ++ if (cie->protocol_address_len) { ++ sockunion_set( ++ proto, proto2family(htons(hdr->protocol_type)), ++ zbuf_pulln(zb, cie->protocol_address_len), ++ cie->protocol_address_len); ++ } else { ++ sockunion_family(proto) = AF_UNSPEC; ++ } ++ ++ return cie; ++} ++ ++struct nhrp_extension_header *nhrp_ext_push(struct zbuf *zb, struct nhrp_packet_header *hdr, uint16_t type) ++{ ++ struct nhrp_extension_header *ext; ++ ext = zbuf_push(zb, struct nhrp_extension_header); ++ if (!ext) return NULL; ++ ++ if (!hdr->extension_offset) ++ hdr->extension_offset = htons(zb->tail - (uint8_t*) hdr - sizeof(struct nhrp_extension_header)); ++ ++ *ext = (struct nhrp_extension_header) { ++ .type = htons(type), ++ .length = 0, ++ }; ++ return ext; ++} ++ ++void nhrp_ext_complete(struct zbuf *zb, struct nhrp_extension_header *ext) ++{ ++ ext->length = htons(zb->tail - (uint8_t*)ext - sizeof(struct nhrp_extension_header)); ++} ++ ++struct nhrp_extension_header *nhrp_ext_pull(struct zbuf *zb, struct zbuf *payload) ++{ ++ struct nhrp_extension_header *ext; ++ uint16_t plen; ++ ++ ext = zbuf_pull(zb, struct nhrp_extension_header); ++ if (!ext) return NULL; ++ ++ plen = htons(ext->length); ++ zbuf_init(payload, zbuf_pulln(zb, plen), plen, plen); ++ return ext; ++} ++ ++void nhrp_ext_request(struct zbuf *zb, struct nhrp_packet_header *hdr, struct interface *ifp) ++{ ++ /* Place holders for standard extensions */ ++ nhrp_ext_push(zb, hdr, NHRP_EXTENSION_FORWARD_TRANSIT_NHS | NHRP_EXTENSION_FLAG_COMPULSORY); ++ nhrp_ext_push(zb, hdr, NHRP_EXTENSION_REVERSE_TRANSIT_NHS | NHRP_EXTENSION_FLAG_COMPULSORY); ++ nhrp_ext_push(zb, hdr, NHRP_EXTENSION_RESPONDER_ADDRESS | NHRP_EXTENSION_FLAG_COMPULSORY); ++} ++ ++int nhrp_ext_reply(struct zbuf *zb, struct nhrp_packet_header *hdr, struct interface *ifp, struct nhrp_extension_header *ext, struct zbuf *extpayload) ++{ ++ struct nhrp_interface *nifp = ifp->info; ++ struct nhrp_afi_data *ad = &nifp->afi[htons(hdr->afnum)]; ++ struct nhrp_extension_header *dst; ++ struct nhrp_cie_header *cie; ++ uint16_t type; ++ ++ type = htons(ext->type) & ~NHRP_EXTENSION_FLAG_COMPULSORY; ++ if (type == NHRP_EXTENSION_END) ++ return 0; ++ ++ dst = nhrp_ext_push(zb, hdr, htons(ext->type)); ++ if (!dst) goto err; ++ ++ switch (type) { ++ case NHRP_EXTENSION_RESPONDER_ADDRESS: ++ cie = nhrp_cie_push(zb, NHRP_CODE_SUCCESS, &nifp->nbma, &ad->addr); ++ if (!cie) goto err; ++ cie->holding_time = htons(ad->holdtime); ++ break; ++ default: ++ if (type & NHRP_EXTENSION_FLAG_COMPULSORY) ++ goto err; ++ case NHRP_EXTENSION_FORWARD_TRANSIT_NHS: ++ case NHRP_EXTENSION_REVERSE_TRANSIT_NHS: ++ /* Supported compulsory extensions, and any ++ * non-compulsory that is not explicitly handled, ++ * should be just copied. */ ++ zbuf_copy(zb, extpayload, zbuf_used(extpayload)); ++ break; ++ } ++ nhrp_ext_complete(zb, dst); ++ return 0; ++err: ++ zbuf_set_werror(zb); ++ return -1; ++} ++ ++static int nhrp_packet_recvraw(struct thread *t) ++{ ++ int fd = THREAD_FD(t), ifindex; ++ struct zbuf *zb; ++ struct interface *ifp; ++ struct nhrp_peer *p; ++ union sockunion remote_nbma; ++ uint8_t addr[64]; ++ size_t len, addrlen; ++ ++ thread_add_read(master, nhrp_packet_recvraw, 0, fd); ++ ++ zb = zbuf_alloc(1500); ++ if (!zb) return 0; ++ ++ len = zbuf_size(zb); ++ addrlen = sizeof(addr); ++ if (os_recvmsg(zb->buf, &len, &ifindex, addr, &addrlen) < 0) ++ goto err; ++ ++ zb->head = zb->buf; ++ zb->tail = zb->buf + len; ++ ++ switch (addrlen) { ++ case 4: ++ sockunion_set(&remote_nbma, AF_INET, addr, addrlen); ++ break; ++ default: ++ goto err; ++ } ++ ++ ifp = if_lookup_by_index(ifindex); ++ if (!ifp) goto err; ++ ++ p = nhrp_peer_get(ifp, &remote_nbma); ++ if (!p) goto err; ++ ++ nhrp_peer_recv(p, zb); ++ nhrp_peer_unref(p); ++ return 0; ++ ++err: ++ zbuf_free(zb); ++ return 0; ++} ++ ++int nhrp_packet_init(void) ++{ ++ thread_add_read(master, nhrp_packet_recvraw, 0, os_socket()); ++ return 0; ++} +diff --git a/nhrpd/nhrp_peer.c b/nhrpd/nhrp_peer.c +new file mode 100644 +index 0000000..45bfd7d +--- /dev/null ++++ b/nhrpd/nhrp_peer.c +@@ -0,0 +1,860 @@ ++/* NHRP peer functions ++ * Copyright (c) 2014-2015 Timo Teräs ++ * ++ * This file is free software: you may copy, redistribute and/or modify ++ * it under the terms of the GNU General Public License as published by ++ * the Free Software Foundation, either version 2 of the License, or ++ * (at your option) any later version. ++ */ ++ ++#include <netinet/if_ether.h> ++ ++#include "zebra.h" ++#include "memory.h" ++#include "thread.h" ++#include "hash.h" ++ ++#include "nhrpd.h" ++#include "nhrp_protocol.h" ++#include "os.h" ++ ++struct ipv6hdr { ++ uint8_t priority_version; ++ uint8_t flow_lbl[3]; ++ uint16_t payload_len; ++ uint8_t nexthdr; ++ uint8_t hop_limit; ++ struct in6_addr saddr; ++ struct in6_addr daddr; ++}; ++ ++static void nhrp_packet_debug(struct zbuf *zb, const char *dir); ++ ++static void nhrp_peer_check_delete(struct nhrp_peer *p) ++{ ++ struct nhrp_interface *nifp = p->ifp->info; ++ ++ if (p->ref || notifier_active(&p->notifier_list)) ++ return; ++ ++ THREAD_OFF(p->t_fallback); ++ hash_release(nifp->peer_hash, p); ++ nhrp_interface_notify_del(p->ifp, &p->ifp_notifier); ++ nhrp_vc_notify_del(p->vc, &p->vc_notifier); ++ XFREE(MTYPE_NHRP_PEER, p); ++} ++ ++static int nhrp_peer_notify_up(struct thread *t) ++{ ++ struct nhrp_peer *p = THREAD_ARG(t); ++ struct nhrp_vc *vc = p->vc; ++ struct interface *ifp = p->ifp; ++ struct nhrp_interface *nifp = ifp->info; ++ ++ p->t_fallback = NULL; ++ if (nifp->enabled && (!nifp->ipsec_profile || vc->ipsec)) { ++ p->online = 1; ++ nhrp_peer_ref(p); ++ notifier_call(&p->notifier_list, NOTIFY_PEER_UP); ++ nhrp_peer_unref(p); ++ } ++ ++ return 0; ++} ++ ++static void __nhrp_peer_check(struct nhrp_peer *p) ++{ ++ struct nhrp_vc *vc = p->vc; ++ struct interface *ifp = p->ifp; ++ struct nhrp_interface *nifp = ifp->info; ++ unsigned online; ++ ++ online = nifp->enabled && (!nifp->ipsec_profile || vc->ipsec); ++ if (p->online != online) { ++ THREAD_OFF(p->t_fallback); ++ if (online && notifier_active(&p->notifier_list)) { ++ /* If we requested the IPsec connection, delay ++ * the up notification a bit to allow things ++ * settle down. This allows IKE to install ++ * SPDs and SAs. */ ++ THREAD_TIMER_MSEC_ON( ++ master, p->t_fallback, ++ nhrp_peer_notify_up, p, 50); ++ } else { ++ nhrp_peer_ref(p); ++ p->online = online; ++ if (online) { ++ notifier_call(&p->notifier_list, NOTIFY_PEER_UP); ++ } else { ++ p->requested = p->fallback_requested = 0; ++ notifier_call(&p->notifier_list, NOTIFY_PEER_DOWN); ++ } ++ nhrp_peer_unref(p); ++ } ++ } ++} ++ ++static void nhrp_peer_vc_notify(struct notifier_block *n, unsigned long cmd) ++{ ++ struct nhrp_peer *p = container_of(n, struct nhrp_peer, vc_notifier); ++ ++ switch (cmd) { ++ case NOTIFY_VC_IPSEC_CHANGED: ++ __nhrp_peer_check(p); ++ break; ++ case NOTIFY_VC_IPSEC_UPDATE_NBMA: ++ nhrp_peer_ref(p); ++ notifier_call(&p->notifier_list, NOTIFY_PEER_NBMA_CHANGING); ++ nhrp_peer_unref(p); ++ break; ++ } ++} ++ ++static void nhrp_peer_ifp_notify(struct notifier_block *n, unsigned long cmd) ++{ ++ struct nhrp_peer *p = container_of(n, struct nhrp_peer, ifp_notifier); ++ struct nhrp_interface *nifp; ++ struct nhrp_vc *vc; ++ ++ nhrp_peer_ref(p); ++ switch (cmd) { ++ case NOTIFY_INTERFACE_UP: ++ case NOTIFY_INTERFACE_DOWN: ++ __nhrp_peer_check(p); ++ break; ++ case NOTIFY_INTERFACE_NBMA_CHANGED: ++ /* Source NBMA changed, rebind to new VC */ ++ nifp = p->ifp->info; ++ vc = nhrp_vc_get(&nifp->nbma, &p->vc->remote.nbma, 1); ++ if (vc && p->vc != vc) { ++ nhrp_vc_notify_del(p->vc, &p->vc_notifier); ++ p->vc = vc; ++ nhrp_vc_notify_add(p->vc, &p->vc_notifier, nhrp_peer_vc_notify); ++ __nhrp_peer_check(p); ++ } ++ /* Fall-through to post config update */ ++ case NOTIFY_INTERFACE_ADDRESS_CHANGED: ++ notifier_call(&p->notifier_list, NOTIFY_PEER_IFCONFIG_CHANGED); ++ break; ++ case NOTIFY_INTERFACE_MTU_CHANGED: ++ notifier_call(&p->notifier_list, NOTIFY_PEER_MTU_CHANGED); ++ break; ++ } ++ nhrp_peer_unref(p); ++} ++ ++static unsigned int nhrp_peer_key(void *peer_data) ++{ ++ struct nhrp_peer *p = peer_data; ++ return sockunion_hash(&p->vc->remote.nbma); ++} ++ ++static int nhrp_peer_cmp(const void *cache_data, const void *key_data) ++{ ++ const struct nhrp_peer *a = cache_data; ++ const struct nhrp_peer *b = key_data; ++ return a->ifp == b->ifp && a->vc == b->vc; ++} ++ ++static void *nhrp_peer_create(void *data) ++{ ++ struct nhrp_peer *p, *key = data; ++ ++ p = XMALLOC(MTYPE_NHRP_PEER, sizeof(*p)); ++ if (p) { ++ *p = (struct nhrp_peer) { ++ .ref = 0, ++ .ifp = key->ifp, ++ .vc = key->vc, ++ .notifier_list = NOTIFIER_LIST_INITIALIZER(&p->notifier_list), ++ }; ++ nhrp_vc_notify_add(p->vc, &p->vc_notifier, nhrp_peer_vc_notify); ++ nhrp_interface_notify_add(p->ifp, &p->ifp_notifier, nhrp_peer_ifp_notify); ++ } ++ return p; ++} ++ ++struct nhrp_peer *nhrp_peer_get(struct interface *ifp, const union sockunion *remote_nbma) ++{ ++ struct nhrp_interface *nifp = ifp->info; ++ struct nhrp_peer key, *p; ++ struct nhrp_vc *vc; ++ ++ if (!nifp->peer_hash) { ++ nifp->peer_hash = hash_create(nhrp_peer_key, nhrp_peer_cmp); ++ if (!nifp->peer_hash) return NULL; ++ } ++ ++ vc = nhrp_vc_get(&nifp->nbma, remote_nbma, 1); ++ if (!vc) return NULL; ++ ++ key.ifp = ifp; ++ key.vc = vc; ++ ++ p = hash_get(nifp->peer_hash, &key, nhrp_peer_create); ++ nhrp_peer_ref(p); ++ if (p->ref == 1) __nhrp_peer_check(p); ++ ++ return p; ++} ++ ++struct nhrp_peer *nhrp_peer_ref(struct nhrp_peer *p) ++{ ++ if (p) p->ref++; ++ return p; ++} ++ ++void nhrp_peer_unref(struct nhrp_peer *p) ++{ ++ if (p) { ++ p->ref--; ++ nhrp_peer_check_delete(p); ++ } ++} ++ ++static int nhrp_peer_request_timeout(struct thread *t) ++{ ++ struct nhrp_peer *p = THREAD_ARG(t); ++ struct nhrp_vc *vc = p->vc; ++ struct interface *ifp = p->ifp; ++ struct nhrp_interface *nifp = ifp->info; ++ ++ p->t_fallback = NULL; ++ ++ if (p->online) ++ return 0; ++ ++ if (nifp->ipsec_fallback_profile && !p->prio && !p->fallback_requested) { ++ p->fallback_requested = 1; ++ vici_request_vc(nifp->ipsec_fallback_profile, ++ &vc->local.nbma, &vc->remote.nbma, p->prio); ++ THREAD_TIMER_ON(master, p->t_fallback, nhrp_peer_request_timeout, p, 30); ++ } else { ++ p->requested = p->fallback_requested = 0; ++ } ++ ++ return 0; ++} ++ ++int nhrp_peer_check(struct nhrp_peer *p, int establish) ++{ ++ struct nhrp_vc *vc = p->vc; ++ struct interface *ifp = p->ifp; ++ struct nhrp_interface *nifp = ifp->info; ++ ++ if (p->online) ++ return 1; ++ if (!establish) ++ return 0; ++ if (p->requested) ++ return 0; ++ if (sockunion_family(&vc->local.nbma) == AF_UNSPEC) ++ return 0; ++ ++ p->prio = establish > 1; ++ p->requested = 1; ++ vici_request_vc(nifp->ipsec_profile, &vc->local.nbma, &vc->remote.nbma, p->prio); ++ THREAD_TIMER_ON(master, p->t_fallback, nhrp_peer_request_timeout, p, ++ (nifp->ipsec_fallback_profile && !p->prio) ? 15 : 30); ++ ++ return 0; ++} ++ ++void nhrp_peer_notify_add(struct nhrp_peer *p, struct notifier_block *n, notifier_fn_t fn) ++{ ++ notifier_add(n, &p->notifier_list, fn); ++} ++ ++void nhrp_peer_notify_del(struct nhrp_peer *p, struct notifier_block *n) ++{ ++ notifier_del(n); ++ nhrp_peer_check_delete(p); ++} ++ ++void nhrp_peer_send(struct nhrp_peer *p, struct zbuf *zb) ++{ ++ char buf[2][256]; ++ ++ nhrp_packet_debug(zb, "Send"); ++ ++ if (!p->online) ++ return; ++ ++ debugf(NHRP_DEBUG_KERNEL, "PACKET: Send %s -> %s", ++ sockunion2str(&p->vc->local.nbma, buf[0], sizeof buf[0]), ++ sockunion2str(&p->vc->remote.nbma, buf[1], sizeof buf[1])); ++ ++ os_sendmsg(zb->head, zbuf_used(zb), ++ p->ifp->ifindex, ++ sockunion_get_addr(&p->vc->remote.nbma), ++ sockunion_get_addrlen(&p->vc->remote.nbma)); ++ zbuf_reset(zb); ++} ++ ++static void nhrp_handle_resolution_req(struct nhrp_packet_parser *p) ++{ ++ struct zbuf *zb, payload; ++ struct nhrp_packet_header *hdr; ++ struct nhrp_cie_header *cie; ++ struct nhrp_extension_header *ext; ++ struct nhrp_interface *nifp; ++ struct nhrp_peer *peer; ++ ++ if (!(p->if_ad->flags & NHRP_IFF_SHORTCUT)) { ++ debugf(NHRP_DEBUG_COMMON, "Shortcuts disabled"); ++ /* FIXME: Send error indication? */ ++ return; ++ } ++ ++ if (p->if_ad->network_id && ++ p->route_type == NHRP_ROUTE_OFF_NBMA && ++ p->route_prefix.prefixlen < 8) { ++ debugf(NHRP_DEBUG_COMMON, "Shortcut to more generic than /8 dropped"); ++ return; ++ } ++ ++ debugf(NHRP_DEBUG_COMMON, "Parsing and replying to Resolution Req"); ++ ++ if (nhrp_route_address(p->ifp, &p->src_proto, NULL, &peer) != NHRP_ROUTE_NBMA_NEXTHOP) ++ return; ++ ++#if 0 ++ /* FIXME: Update requestors binding if CIE specifies holding time */ ++ nhrp_cache_update_binding( ++ NHRP_CACHE_CACHED, &p->src_proto, ++ nhrp_peer_get(p->ifp, &p->src_nbma), ++ htons(cie->holding_time)); ++#endif ++ ++ nifp = peer->ifp->info; ++ ++ /* Create reply */ ++ zb = zbuf_alloc(1500); ++ hdr = nhrp_packet_push(zb, NHRP_PACKET_RESOLUTION_REPLY, &p->src_nbma, &p->src_proto, &p->dst_proto); ++ ++ /* Copied information from request */ ++ hdr->flags = p->hdr->flags & htons(NHRP_FLAG_RESOLUTION_SOURCE_IS_ROUTER|NHRP_FLAG_RESOLUTION_SOURCE_STABLE); ++ hdr->flags |= htons(NHRP_FLAG_RESOLUTION_DESTINATION_STABLE | NHRP_FLAG_RESOLUTION_AUTHORATIVE); ++ hdr->u.request_id = p->hdr->u.request_id; ++ ++ /* CIE payload */ ++ cie = nhrp_cie_push(zb, NHRP_CODE_SUCCESS, &nifp->nbma, &p->if_ad->addr); ++ cie->holding_time = htons(p->if_ad->holdtime); ++ cie->mtu = htons(p->if_ad->mtu); ++ if (p->if_ad->network_id && p->route_type == NHRP_ROUTE_OFF_NBMA) ++ cie->prefix_length = p->route_prefix.prefixlen; ++ else ++ cie->prefix_length = 8 * sockunion_get_addrlen(&p->if_ad->addr); ++ ++ /* Handle extensions */ ++ while ((ext = nhrp_ext_pull(&p->extensions, &payload)) != NULL) { ++ switch (htons(ext->type) & ~NHRP_EXTENSION_FLAG_COMPULSORY) { ++ case NHRP_EXTENSION_NAT_ADDRESS: ++ if (sockunion_family(&nifp->nat_nbma) == AF_UNSPEC) ++ break; ++ ext = nhrp_ext_push(zb, hdr, NHRP_EXTENSION_NAT_ADDRESS); ++ if (!ext) goto err; ++ cie = nhrp_cie_push(zb, NHRP_CODE_SUCCESS, &nifp->nat_nbma, &p->if_ad->addr); ++ if (!cie) goto err; ++ nhrp_ext_complete(zb, ext); ++ break; ++ default: ++ if (nhrp_ext_reply(zb, hdr, p->ifp, ext, &payload) < 0) ++ goto err; ++ break; ++ } ++ } ++ ++ nhrp_packet_complete(zb, hdr); ++ nhrp_peer_send(peer, zb); ++err: ++ nhrp_peer_unref(peer); ++ zbuf_free(zb); ++} ++ ++static void nhrp_handle_registration_request(struct nhrp_packet_parser *p) ++{ ++ struct interface *ifp = p->ifp; ++ struct zbuf *zb, payload; ++ struct nhrp_packet_header *hdr; ++ struct nhrp_cie_header *cie; ++ struct nhrp_extension_header *ext; ++ struct nhrp_cache *c; ++ union sockunion cie_nbma, cie_proto, *proto_addr, *nbma_addr, *nbma_natoa; ++ int holdtime, natted = 0; ++ size_t paylen; ++ void *pay; ++ ++ debugf(NHRP_DEBUG_COMMON, "Parsing and replying to Registration Req"); ++ ++ if (!sockunion_same(&p->src_nbma, &p->peer->vc->remote.nbma)) ++ natted = 1; ++ ++ /* Create reply */ ++ zb = zbuf_alloc(1500); ++ hdr = nhrp_packet_push(zb, NHRP_PACKET_REGISTRATION_REPLY, ++ &p->src_nbma, &p->src_proto, &p->if_ad->addr); ++ ++ /* Copied information from request */ ++ hdr->flags = p->hdr->flags & htons(NHRP_FLAG_REGISTRATION_UNIQUE | NHRP_FLAG_REGISTRATION_NAT); ++ hdr->u.request_id = p->hdr->u.request_id; ++ ++ /* Copy payload CIEs */ ++ paylen = zbuf_used(&p->payload); ++ pay = zbuf_pushn(zb, paylen); ++ if (!pay) goto err; ++ memcpy(pay, zbuf_pulln(&p->payload, paylen), paylen); ++ zbuf_init(&payload, pay, paylen, paylen); ++ ++ while ((cie = nhrp_cie_pull(&payload, hdr, &cie_nbma, &cie_proto)) != NULL) { ++ if (cie->prefix_length != 0xff && !(p->hdr->flags & htons(NHRP_FLAG_REGISTRATION_UNIQUE))) { ++ cie->code = NHRP_CODE_BINDING_NON_UNIQUE; ++ continue; ++ } ++ ++ /* We currently support only unique prefix registrations */ ++ if (cie->prefix_length != 0xff) { ++ cie->code = NHRP_CODE_ADMINISTRATIVELY_PROHIBITED; ++ continue; ++ } ++ ++ proto_addr = (sockunion_family(&cie_proto) == AF_UNSPEC) ? &p->src_proto : &cie_proto; ++ nbma_addr = (sockunion_family(&cie_nbma) == AF_UNSPEC) ? &p->src_nbma : &cie_nbma; ++ nbma_natoa = NULL; ++ if (natted) { ++ nbma_natoa = nbma_addr; ++ nbma_addr = &p->peer->vc->remote.nbma; ++ } ++ ++ holdtime = htons(cie->holding_time); ++ if (!holdtime) holdtime = p->if_ad->holdtime; ++ ++ c = nhrp_cache_get(ifp, proto_addr, 1); ++ if (!c) { ++ cie->code = NHRP_CODE_INSUFFICIENT_RESOURCES; ++ continue; ++ } ++ ++ if (!nhrp_cache_update_binding(c, NHRP_CACHE_DYNAMIC, holdtime, nhrp_peer_ref(p->peer), htons(cie->mtu), nbma_natoa)) { ++ cie->code = NHRP_CODE_ADMINISTRATIVELY_PROHIBITED; ++ continue; ++ } ++ ++ cie->code = NHRP_CODE_SUCCESS; ++ } ++ ++ /* Handle extensions */ ++ while ((ext = nhrp_ext_pull(&p->extensions, &payload)) != NULL) { ++ switch (htons(ext->type) & ~NHRP_EXTENSION_FLAG_COMPULSORY) { ++ case NHRP_EXTENSION_NAT_ADDRESS: ++ ext = nhrp_ext_push(zb, hdr, NHRP_EXTENSION_NAT_ADDRESS); ++ if (!ext) goto err; ++ zbuf_copy(zb, &payload, zbuf_used(&payload)); ++ if (natted) { ++ nhrp_cie_push(zb, NHRP_CODE_SUCCESS, ++ &p->peer->vc->remote.nbma, ++ &p->src_proto); ++ } ++ nhrp_ext_complete(zb, ext); ++ break; ++ default: ++ if (nhrp_ext_reply(zb, hdr, ifp, ext, &payload) < 0) ++ goto err; ++ break; ++ } ++ } ++ ++ nhrp_packet_complete(zb, hdr); ++ nhrp_peer_send(p->peer, zb); ++err: ++ zbuf_free(zb); ++} ++ ++static int parse_ether_packet(struct zbuf *zb, uint16_t protocol_type, union sockunion *src, union sockunion *dst) ++{ ++ switch (protocol_type) { ++ case ETH_P_IP: { ++ struct iphdr *iph = zbuf_pull(zb, struct iphdr); ++ if (iph) { ++ if (src) sockunion_set(src, AF_INET, (uint8_t*) &iph->saddr, sizeof(iph->saddr)); ++ if (dst) sockunion_set(dst, AF_INET, (uint8_t*) &iph->daddr, sizeof(iph->daddr)); ++ } ++ } ++ break; ++ case ETH_P_IPV6: { ++ struct ipv6hdr *iph = zbuf_pull(zb, struct ipv6hdr); ++ if (iph) { ++ if (src) sockunion_set(src, AF_INET6, (uint8_t*) &iph->saddr, sizeof(iph->saddr)); ++ if (dst) sockunion_set(dst, AF_INET6, (uint8_t*) &iph->daddr, sizeof(iph->daddr)); ++ } ++ } ++ break; ++ default: ++ return 0; ++ } ++ return 1; ++} ++ ++void nhrp_peer_send_indication(struct interface *ifp, uint16_t protocol_type, struct zbuf *pkt) ++{ ++ union sockunion dst; ++ struct zbuf *zb, payload; ++ struct nhrp_interface *nifp = ifp->info; ++ struct nhrp_afi_data *if_ad; ++ struct nhrp_packet_header *hdr; ++ struct nhrp_peer *p; ++ char buf[2][SU_ADDRSTRLEN]; ++ ++ if (!nifp->enabled) return; ++ ++ payload = *pkt; ++ if (!parse_ether_packet(&payload, protocol_type, &dst, NULL)) ++ return; ++ ++ if (nhrp_route_address(ifp, &dst, NULL, &p) != NHRP_ROUTE_NBMA_NEXTHOP) ++ return; ++ ++ if_ad = &nifp->afi[family2afi(sockunion_family(&dst))]; ++ if (!(if_ad->flags & NHRP_IFF_REDIRECT)) { ++ debugf(NHRP_DEBUG_COMMON, "Send Traffic Indication to %s about packet to %s ignored", ++ sockunion2str(&p->vc->remote.nbma, buf[0], sizeof buf[0]), ++ sockunion2str(&dst, buf[1], sizeof buf[1])); ++ return; ++ } ++ ++ debugf(NHRP_DEBUG_COMMON, "Send Traffic Indication to %s (online=%d) about packet to %s", ++ sockunion2str(&p->vc->remote.nbma, buf[0], sizeof buf[0]), ++ p->online, ++ sockunion2str(&dst, buf[1], sizeof buf[1])); ++ ++ /* Create reply */ ++ zb = zbuf_alloc(1500); ++ hdr = nhrp_packet_push(zb, NHRP_PACKET_TRAFFIC_INDICATION, &nifp->nbma, &if_ad->addr, &dst); ++ hdr->hop_count = 0; ++ ++ /* Payload is the packet causing indication */ ++ zbuf_copy(zb, pkt, zbuf_used(pkt)); ++ nhrp_packet_complete(zb, hdr); ++ nhrp_peer_send(p, zb); ++ nhrp_peer_unref(p); ++ zbuf_free(zb); ++} ++ ++static void nhrp_handle_error_ind(struct nhrp_packet_parser *pp) ++{ ++ struct zbuf origmsg = pp->payload; ++ struct nhrp_packet_header *hdr; ++ struct nhrp_reqid *reqid; ++ union sockunion src_nbma, src_proto, dst_proto; ++ char buf[2][SU_ADDRSTRLEN]; ++ ++ hdr = nhrp_packet_pull(&origmsg, &src_nbma, &src_proto, &dst_proto); ++ if (!hdr) return; ++ ++ debugf(NHRP_DEBUG_COMMON, "Error Indication from %s about packet to %s ignored", ++ sockunion2str(&pp->src_proto, buf[0], sizeof buf[0]), ++ sockunion2str(&dst_proto, buf[1], sizeof buf[1])); ++ ++ reqid = nhrp_reqid_lookup(&nhrp_packet_reqid, htonl(hdr->u.request_id)); ++ if (reqid) ++ reqid->cb(reqid, pp); ++} ++ ++static void nhrp_handle_traffic_ind(struct nhrp_packet_parser *p) ++{ ++ union sockunion dst; ++ char buf[2][SU_ADDRSTRLEN]; ++ ++ if (!parse_ether_packet(&p->payload, htons(p->hdr->protocol_type), NULL, &dst)) ++ return; ++ ++ debugf(NHRP_DEBUG_COMMON, "Traffic Indication from %s about packet to %s: %s", ++ sockunion2str(&p->src_proto, buf[0], sizeof buf[0]), ++ sockunion2str(&dst, buf[1], sizeof buf[1]), ++ (p->if_ad->flags & NHRP_IFF_SHORTCUT) ? "trying shortcut" : "ignored"); ++ ++ if (p->if_ad->flags & NHRP_IFF_SHORTCUT) ++ nhrp_shortcut_initiate(&dst); ++} ++ ++enum packet_type_t { ++ PACKET_UNKNOWN = 0, ++ PACKET_REQUEST, ++ PACKET_REPLY, ++ PACKET_INDICATION, ++}; ++ ++static struct { ++ enum packet_type_t type; ++ const char *name; ++ void (*handler)(struct nhrp_packet_parser *); ++} packet_types[] = { ++ [NHRP_PACKET_RESOLUTION_REQUEST] = { ++ .type = PACKET_REQUEST, ++ .name = "Resolution-Request", ++ .handler = nhrp_handle_resolution_req, ++ }, ++ [NHRP_PACKET_RESOLUTION_REPLY] = { ++ .type = PACKET_REPLY, ++ .name = "Resolution-Reply", ++ }, ++ [NHRP_PACKET_REGISTRATION_REQUEST] = { ++ .type = PACKET_REQUEST, ++ .name = "Registration-Request", ++ .handler = nhrp_handle_registration_request, ++ }, ++ [NHRP_PACKET_REGISTRATION_REPLY] = { ++ .type = PACKET_REPLY, ++ .name = "Registration-Reply", ++ }, ++ [NHRP_PACKET_PURGE_REQUEST] = { ++ .type = PACKET_REQUEST, ++ .name = "Purge-Request", ++ }, ++ [NHRP_PACKET_PURGE_REPLY] = { ++ .type = PACKET_REPLY, ++ .name = "Purge-Reply", ++ }, ++ [NHRP_PACKET_ERROR_INDICATION] = { ++ .type = PACKET_INDICATION, ++ .name = "Error-Indication", ++ .handler = nhrp_handle_error_ind, ++ }, ++ [NHRP_PACKET_TRAFFIC_INDICATION] = { ++ .type = PACKET_INDICATION, ++ .name = "Traffic-Indication", ++ .handler = nhrp_handle_traffic_ind, ++ } ++}; ++ ++static void nhrp_peer_forward(struct nhrp_peer *p, struct nhrp_packet_parser *pp) ++{ ++ struct zbuf *zb, extpl; ++ struct nhrp_packet_header *hdr; ++ struct nhrp_extension_header *ext, *dst; ++ struct nhrp_cie_header *cie; ++ struct nhrp_interface *nifp = pp->ifp->info; ++ struct nhrp_afi_data *if_ad = pp->if_ad; ++ union sockunion cie_nbma, cie_protocol; ++ uint16_t type, len; ++ ++ if (pp->hdr->hop_count == 0) ++ return; ++ ++ /* Create forward packet - copy header */ ++ zb = zbuf_alloc(1500); ++ hdr = nhrp_packet_push(zb, pp->hdr->type, &pp->src_nbma, &pp->src_proto, &pp->dst_proto); ++ hdr->flags = pp->hdr->flags; ++ hdr->hop_count = pp->hdr->hop_count - 1; ++ hdr->u.request_id = pp->hdr->u.request_id; ++ ++ /* Copy payload */ ++ zbuf_copy(zb, &pp->payload, zbuf_used(&pp->payload)); ++ ++ /* Copy extensions */ ++ while ((ext = nhrp_ext_pull(&pp->extensions, &extpl)) != NULL) { ++ type = htons(ext->type) & ~NHRP_EXTENSION_FLAG_COMPULSORY; ++ len = htons(ext->length); ++ ++ if (type == NHRP_EXTENSION_END) ++ break; ++ ++ dst = nhrp_ext_push(zb, hdr, htons(ext->type)); ++ if (!dst) goto err; ++ ++ switch (type) { ++ case NHRP_EXTENSION_FORWARD_TRANSIT_NHS: ++ case NHRP_EXTENSION_REVERSE_TRANSIT_NHS: ++ zbuf_put(zb, extpl.head, len); ++ if ((type == NHRP_EXTENSION_REVERSE_TRANSIT_NHS) == ++ (packet_types[hdr->type].type == PACKET_REPLY)) { ++ /* Check NHS list for forwarding loop */ ++ while ((cie = nhrp_cie_pull(&extpl, pp->hdr, &cie_nbma, &cie_protocol)) != NULL) { ++ if (sockunion_same(&p->vc->remote.nbma, &cie_nbma)) ++ goto err; ++ } ++ /* Append our selves to the list */ ++ cie = nhrp_cie_push(zb, NHRP_CODE_SUCCESS, &nifp->nbma, &if_ad->addr); ++ if (!cie) goto err; ++ cie->holding_time = htons(if_ad->holdtime); ++ } ++ break; ++ default: ++ if (htons(ext->type) & NHRP_EXTENSION_FLAG_COMPULSORY) ++ /* FIXME: RFC says to just copy, but not ++ * append our selves to the transit NHS list */ ++ goto err; ++ case NHRP_EXTENSION_RESPONDER_ADDRESS: ++ /* Supported compulsory extensions, and any ++ * non-compulsory that is not explicitly handled, ++ * should be just copied. */ ++ zbuf_copy(zb, &extpl, len); ++ break; ++ } ++ nhrp_ext_complete(zb, dst); ++ } ++ ++ nhrp_packet_complete(zb, hdr); ++ nhrp_peer_send(p, zb); ++ zbuf_free(zb); ++ return; ++err: ++ nhrp_packet_debug(pp->pkt, "FWD-FAIL"); ++ zbuf_free(zb); ++} ++ ++static void nhrp_packet_debug(struct zbuf *zb, const char *dir) ++{ ++ char buf[2][SU_ADDRSTRLEN]; ++ union sockunion src_nbma, src_proto, dst_proto; ++ struct nhrp_packet_header *hdr; ++ struct zbuf zhdr; ++ int reply; ++ ++ if (likely(!(debug_flags & NHRP_DEBUG_COMMON))) ++ return; ++ ++ zbuf_init(&zhdr, zb->buf, zb->tail-zb->buf, zb->tail-zb->buf); ++ hdr = nhrp_packet_pull(&zhdr, &src_nbma, &src_proto, &dst_proto); ++ ++ sockunion2str(&src_proto, buf[0], sizeof buf[0]); ++ sockunion2str(&dst_proto, buf[1], sizeof buf[1]); ++ ++ reply = packet_types[hdr->type].type == PACKET_REPLY; ++ debugf(NHRP_DEBUG_COMMON, "%s %s(%d) %s -> %s", ++ dir, ++ packet_types[hdr->type].name ? : "Unknown", ++ hdr->type, ++ reply ? buf[1] : buf[0], ++ reply ? buf[0] : buf[1]); ++} ++ ++struct nhrp_route_info { ++ int local; ++ struct interface *ifp; ++ struct nhrp_vc *vc; ++}; ++ ++void nhrp_peer_recv(struct nhrp_peer *p, struct zbuf *zb) ++{ ++ char buf[2][SU_ADDRSTRLEN]; ++ struct nhrp_packet_header *hdr; ++ struct nhrp_vc *vc = p->vc; ++ struct interface *ifp = p->ifp; ++ struct nhrp_interface *nifp = ifp->info; ++ struct nhrp_packet_parser pp; ++ struct nhrp_peer *peer = NULL; ++ struct nhrp_reqid *reqid; ++ const char *info = NULL; ++ union sockunion *target_addr; ++ unsigned paylen, extoff, extlen, realsize; ++ afi_t afi; ++ ++ debugf(NHRP_DEBUG_KERNEL, "PACKET: Recv %s -> %s", ++ sockunion2str(&vc->remote.nbma, buf[0], sizeof buf[0]), ++ sockunion2str(&vc->local.nbma, buf[1], sizeof buf[1])); ++ ++ if (!p->online) { ++ info = "peer not online"; ++ goto drop; ++ } ++ ++ if (nhrp_packet_calculate_checksum(zb->head, zbuf_used(zb)) != 0) { ++ info = "bad checksum"; ++ goto drop; ++ } ++ ++ realsize = zbuf_used(zb); ++ hdr = nhrp_packet_pull(zb, &pp.src_nbma, &pp.src_proto, &pp.dst_proto); ++ if (!hdr) { ++ info = "corrupt header"; ++ goto drop; ++ } ++ ++ pp.ifp = ifp; ++ pp.pkt = zb; ++ pp.hdr = hdr; ++ pp.peer = p; ++ ++ afi = htons(hdr->afnum); ++ if (hdr->type > ZEBRA_NUM_OF(packet_types) || ++ hdr->version != NHRP_VERSION_RFC2332 || ++ afi >= AFI_MAX || ++ packet_types[hdr->type].type == PACKET_UNKNOWN || ++ htons(hdr->packet_size) > realsize) { ++ zlog_info("From %s: error: packet type %d, version %d, AFI %d, size %d (real size %d)", ++ sockunion2str(&vc->remote.nbma, buf[0], sizeof buf[0]), ++ (int) hdr->type, (int) hdr->version, (int) afi, ++ (int) htons(hdr->packet_size), ++ (int) realsize); ++ goto drop; ++ } ++ pp.if_ad = &((struct nhrp_interface *)ifp->info)->afi[afi]; ++ ++ extoff = htons(hdr->extension_offset); ++ if (extoff) { ++ if (extoff >= realsize) { ++ info = "extoff larger than packet"; ++ goto drop; ++ } ++ paylen = extoff - (zb->head - zb->buf); ++ } else { ++ paylen = zbuf_used(zb); ++ } ++ zbuf_init(&pp.payload, zbuf_pulln(zb, paylen), paylen, paylen); ++ extlen = zbuf_used(zb); ++ zbuf_init(&pp.extensions, zbuf_pulln(zb, extlen), extlen, extlen); ++ ++ if (!nifp->afi[afi].network_id) { ++ info = "nhrp not enabled"; ++ goto drop; ++ } ++ ++ nhrp_packet_debug(zb, "Recv"); ++ ++ /* FIXME: Check authentication here. This extension needs to be ++ * pre-handled. */ ++ ++ /* Figure out if this is local */ ++ target_addr = (packet_types[hdr->type].type == PACKET_REPLY) ? &pp.src_proto : &pp.dst_proto; ++ ++ if (sockunion_same(&pp.src_proto, &pp.dst_proto)) ++ pp.route_type = NHRP_ROUTE_LOCAL; ++ else ++ pp.route_type = nhrp_route_address(pp.ifp, target_addr, &pp.route_prefix, &peer); ++ ++ switch (pp.route_type) { ++ case NHRP_ROUTE_LOCAL: ++ nhrp_packet_debug(zb, "!LOCAL"); ++ if (packet_types[hdr->type].type == PACKET_REPLY) { ++ reqid = nhrp_reqid_lookup(&nhrp_packet_reqid, htonl(hdr->u.request_id)); ++ if (reqid) { ++ reqid->cb(reqid, &pp); ++ break; ++ } else { ++ nhrp_packet_debug(zb, "!UNKNOWN-REQID"); ++ /* FIXME: send error-indication */ ++ } ++ } ++ case NHRP_ROUTE_OFF_NBMA: ++ if (packet_types[hdr->type].handler) { ++ packet_types[hdr->type].handler(&pp); ++ break; ++ } ++ break; ++ case NHRP_ROUTE_NBMA_NEXTHOP: ++ nhrp_peer_forward(peer, &pp); ++ break; ++ case NHRP_ROUTE_BLACKHOLE: ++ break; ++ } ++ ++drop: ++ if (info) { ++ zlog_info("From %s: error: %s", ++ sockunion2str(&vc->remote.nbma, buf[0], sizeof buf[0]), ++ info); ++ } ++ if (peer) nhrp_peer_unref(peer); ++ zbuf_free(zb); ++} +diff --git a/nhrpd/nhrp_protocol.h b/nhrpd/nhrp_protocol.h +new file mode 100644 +index 0000000..a4bc9fa +--- /dev/null ++++ b/nhrpd/nhrp_protocol.h +@@ -0,0 +1,128 @@ ++/* nhrp_protocol.h - NHRP protocol definitions ++ * ++ * Copyright (c) 2007-2012 Timo Teräs <timo.teras@iki.fi> ++ * ++ * This software is licensed under the MIT License. ++ * See MIT-LICENSE.txt for additional details. ++ */ ++ ++#ifndef NHRP_PROTOCOL_H ++#define NHRP_PROTOCOL_H ++ ++#include <stdint.h> ++ ++/* NHRP Ethernet protocol number */ ++#define ETH_P_NHRP 0x2001 ++ ++/* NHRP Version */ ++#define NHRP_VERSION_RFC2332 1 ++ ++/* NHRP Packet Types */ ++#define NHRP_PACKET_RESOLUTION_REQUEST 1 ++#define NHRP_PACKET_RESOLUTION_REPLY 2 ++#define NHRP_PACKET_REGISTRATION_REQUEST 3 ++#define NHRP_PACKET_REGISTRATION_REPLY 4 ++#define NHRP_PACKET_PURGE_REQUEST 5 ++#define NHRP_PACKET_PURGE_REPLY 6 ++#define NHRP_PACKET_ERROR_INDICATION 7 ++#define NHRP_PACKET_TRAFFIC_INDICATION 8 ++ ++/* NHRP Extension Types */ ++#define NHRP_EXTENSION_FLAG_COMPULSORY 0x8000 ++#define NHRP_EXTENSION_END 0 ++#define NHRP_EXTENSION_PAYLOAD 0 ++#define NHRP_EXTENSION_RESPONDER_ADDRESS 3 ++#define NHRP_EXTENSION_FORWARD_TRANSIT_NHS 4 ++#define NHRP_EXTENSION_REVERSE_TRANSIT_NHS 5 ++#define NHRP_EXTENSION_AUTHENTICATION 7 ++#define NHRP_EXTENSION_VENDOR 8 ++#define NHRP_EXTENSION_NAT_ADDRESS 9 ++ ++/* NHRP Error Indication Codes */ ++#define NHRP_ERROR_UNRECOGNIZED_EXTENSION 1 ++#define NHRP_ERROR_LOOP_DETECTED 2 ++#define NHRP_ERROR_PROTOCOL_ADDRESS_UNREACHABLE 6 ++#define NHRP_ERROR_PROTOCOL_ERROR 7 ++#define NHRP_ERROR_SDU_SIZE_EXCEEDED 8 ++#define NHRP_ERROR_INVALID_EXTENSION 9 ++#define NHRP_ERROR_INVALID_RESOLUTION_REPLY 10 ++#define NHRP_ERROR_AUTHENTICATION_FAILURE 11 ++#define NHRP_ERROR_HOP_COUNT_EXCEEDED 15 ++ ++/* NHRP CIE Codes */ ++#define NHRP_CODE_SUCCESS 0 ++#define NHRP_CODE_ADMINISTRATIVELY_PROHIBITED 4 ++#define NHRP_CODE_INSUFFICIENT_RESOURCES 5 ++#define NHRP_CODE_NO_BINDING_EXISTS 11 ++#define NHRP_CODE_BINDING_NON_UNIQUE 13 ++#define NHRP_CODE_UNIQUE_ADDRESS_REGISTERED 14 ++ ++/* NHRP Flags for Resolution request/reply */ ++#define NHRP_FLAG_RESOLUTION_SOURCE_IS_ROUTER 0x8000 ++#define NHRP_FLAG_RESOLUTION_AUTHORATIVE 0x4000 ++#define NHRP_FLAG_RESOLUTION_DESTINATION_STABLE 0x2000 ++#define NHRP_FLAG_RESOLUTION_UNIQUE 0x1000 ++#define NHRP_FLAG_RESOLUTION_SOURCE_STABLE 0x0800 ++#define NHRP_FLAG_RESOLUTION_NAT 0x0002 ++ ++/* NHRP Flags for Registration request/reply */ ++#define NHRP_FLAG_REGISTRATION_UNIQUE 0x8000 ++#define NHRP_FLAG_REGISTRATION_NAT 0x0002 ++ ++/* NHRP Flags for Purge request/reply */ ++#define NHRP_FLAG_PURGE_NO_REPLY 0x8000 ++ ++/* NHRP Authentication extension types (ala Cisco) */ ++#define NHRP_AUTHENTICATION_PLAINTEXT 0x00000001 ++ ++/* NHRP Packet Structures */ ++struct nhrp_packet_header { ++ /* Fixed header */ ++ uint16_t afnum; ++ uint16_t protocol_type; ++ uint8_t snap[5]; ++ uint8_t hop_count; ++ uint16_t packet_size; ++ uint16_t checksum; ++ uint16_t extension_offset; ++ uint8_t version; ++ uint8_t type; ++ uint8_t src_nbma_address_len; ++ uint8_t src_nbma_subaddress_len; ++ ++ /* Mandatory header */ ++ uint8_t src_protocol_address_len; ++ uint8_t dst_protocol_address_len; ++ uint16_t flags; ++ union { ++ uint32_t request_id; ++ struct { ++ uint16_t code; ++ uint16_t offset; ++ } error; ++ } u; ++} __attribute__((packed)); ++ ++struct nhrp_cie_header { ++ uint8_t code; ++ uint8_t prefix_length; ++ uint16_t unused; ++ uint16_t mtu; ++ uint16_t holding_time; ++ uint8_t nbma_address_len; ++ uint8_t nbma_subaddress_len; ++ uint8_t protocol_address_len; ++ uint8_t preference; ++} __attribute__((packed)); ++ ++struct nhrp_extension_header { ++ uint16_t type; ++ uint16_t length; ++} __attribute__((packed)); ++ ++struct nhrp_cisco_authentication_extension { ++ uint32_t type; ++ uint8_t secret[8]; ++} __attribute__((packed)); ++ ++#endif +diff --git a/nhrpd/nhrp_route.c b/nhrpd/nhrp_route.c +new file mode 100644 +index 0000000..cc6b5fa +--- /dev/null ++++ b/nhrpd/nhrp_route.c +@@ -0,0 +1,345 @@ ++/* NHRP routing functions ++ * Copyright (c) 2014-2015 Timo Teräs ++ * ++ * This file is free software: you may copy, redistribute and/or modify ++ * it under the terms of the GNU General Public License as published by ++ * the Free Software Foundation, either version 2 of the License, or ++ * (at your option) any later version. ++ */ ++ ++#include "nhrpd.h" ++#include "table.h" ++#include "memory.h" ++#include "stream.h" ++#include "log.h" ++#include "zclient.h" ++ ++static struct zclient *zclient; ++static struct route_table *zebra_rib[AFI_MAX]; ++ ++struct route_info { ++ union sockunion via; ++ struct interface *ifp; ++ struct interface *nhrp_ifp; ++}; ++ ++static void nhrp_zebra_connected(struct zclient *zclient) ++{ ++ /* No real VRF support yet -- bind only to the default vrf */ ++ zclient_send_requests (zclient, VRF_DEFAULT); ++} ++ ++static struct route_node *nhrp_route_update_get(const struct prefix *p, int create) ++{ ++ struct route_node *rn; ++ afi_t afi = family2afi(PREFIX_FAMILY(p)); ++ ++ if (!zebra_rib[afi]) ++ return NULL; ++ ++ if (create) { ++ rn = route_node_get(zebra_rib[afi], p); ++ if (!rn->info) { ++ rn->info = XCALLOC(MTYPE_NHRP_ROUTE, sizeof(struct route_info)); ++ route_lock_node(rn); ++ } ++ return rn; ++ } else { ++ return route_node_lookup(zebra_rib[afi], p); ++ } ++} ++ ++static void nhrp_route_update_put(struct route_node *rn) ++{ ++ struct route_info *ri = rn->info; ++ ++ if (!ri->ifp && !ri->nhrp_ifp && sockunion_family(&ri->via) == AF_UNSPEC) { ++ XFREE(MTYPE_NHRP_ROUTE, rn->info); ++ rn->info = NULL; ++ route_unlock_node(rn); ++ } ++ route_unlock_node(rn); ++} ++ ++static void nhrp_route_update_zebra(const struct prefix *p, union sockunion *nexthop, struct interface *ifp) ++{ ++ struct route_node *rn; ++ struct route_info *ri; ++ ++ rn = nhrp_route_update_get(p, (sockunion_family(nexthop) != AF_UNSPEC) || ifp); ++ if (rn) { ++ ri = rn->info; ++ ri->via = *nexthop; ++ ri->ifp = ifp; ++ nhrp_route_update_put(rn); ++ } ++} ++ ++void nhrp_route_update_nhrp(const struct prefix *p, struct interface *ifp) ++{ ++ struct route_node *rn; ++ struct route_info *ri; ++ ++ rn = nhrp_route_update_get(p, ifp != NULL); ++ if (rn) { ++ ri = rn->info; ++ ri->nhrp_ifp = ifp; ++ nhrp_route_update_put(rn); ++ } ++} ++ ++void nhrp_route_announce(int add, enum nhrp_cache_type type, const struct prefix *p, struct interface *ifp, const union sockunion *nexthop, uint32_t mtu) ++{ ++ struct in_addr *nexthop_ipv4; ++ int flags = 0; ++ ++ if (zclient->sock < 0) ++ return; ++ ++ switch (type) { ++ case NHRP_CACHE_NEGATIVE: ++ SET_FLAG(flags, ZEBRA_FLAG_REJECT); ++ break; ++ case NHRP_CACHE_DYNAMIC: ++ case NHRP_CACHE_NHS: ++ case NHRP_CACHE_STATIC: ++ /* Regular route, so these are announced ++ * to other routing daemons */ ++ break; ++ default: ++ SET_FLAG(flags, ZEBRA_FLAG_FIB_OVERRIDE); ++ break; ++ } ++ SET_FLAG(flags, ZEBRA_FLAG_INTERNAL); ++ ++ if (p->family == AF_INET) { ++ struct zapi_ipv4 api; ++ ++ memset(&api, 0, sizeof(api)); ++ api.flags = flags; ++ api.type = ZEBRA_ROUTE_NHRP; ++ api.safi = SAFI_UNICAST; ++ ++ SET_FLAG(api.message, ZAPI_MESSAGE_NEXTHOP); ++ if (nexthop) { ++ SET_FLAG(api.message, ZAPI_MESSAGE_NEXTHOP); ++ nexthop_ipv4 = (struct in_addr *) sockunion_get_addr(nexthop); ++ api.nexthop_num = 1; ++ api.nexthop = &nexthop_ipv4; ++ } ++ if (ifp) { ++ SET_FLAG(api.message, ZAPI_MESSAGE_IFINDEX); ++ api.ifindex_num = 1; ++ api.ifindex = &ifp->ifindex; ++ } ++ if (mtu) { ++ SET_FLAG(api.message, ZAPI_MESSAGE_MTU); ++ api.mtu = mtu; ++ } ++ ++ if (unlikely(debug_flags & NHRP_DEBUG_ROUTE)) { ++ char buf[2][INET_ADDRSTRLEN]; ++ zlog_debug("Zebra send: IPv4 route %s %s/%d nexthop %s metric %u" ++ " count %d dev %s", ++ add ? "add" : "del", ++ inet_ntop(AF_INET, &p->u.prefix4, buf[0], sizeof(buf[0])), ++ p->prefixlen, ++ nexthop ? inet_ntop(AF_INET, api.nexthop[0], buf[1], sizeof(buf[1])) : "<onlink>", ++ api.metric, api.nexthop_num, ifp->name); ++ } ++ ++ zapi_ipv4_route( ++ add ? ZEBRA_IPV4_ROUTE_ADD : ZEBRA_IPV4_ROUTE_DELETE, ++ zclient, (struct prefix_ipv4 *) p, &api); ++ } ++} ++ ++int nhrp_route_read(int cmd, struct zclient *zclient, zebra_size_t length, vrf_id_t vrf_id) ++{ ++ struct stream *s; ++ struct interface *ifp = NULL; ++ struct prefix prefix; ++ union sockunion nexthop_addr; ++ unsigned char message, nexthop_num, ifindex_num; ++ unsigned ifindex; ++ char buf[2][PREFIX_STRLEN]; ++ int i, afaddrlen, added; ++ ++ s = zclient->ibuf; ++ memset(&prefix, 0, sizeof(prefix)); ++ sockunion_family(&nexthop_addr) = AF_UNSPEC; ++ ++ /* Type, flags, message. */ ++ /*type =*/ stream_getc(s); ++ /*flags =*/ stream_getc(s); ++ message = stream_getc(s); ++ ++ /* Prefix */ ++ switch (cmd) { ++ case ZEBRA_IPV4_ROUTE_ADD: ++ case ZEBRA_IPV4_ROUTE_DELETE: ++ prefix.family = AF_INET; ++ break; ++ case ZEBRA_IPV6_ROUTE_ADD: ++ case ZEBRA_IPV6_ROUTE_DELETE: ++ prefix.family = AF_INET6; ++ break; ++ default: ++ return -1; ++ } ++ afaddrlen = family2addrsize(prefix.family); ++ prefix.prefixlen = stream_getc(s); ++ stream_get(&prefix.u.val, s, PSIZE(prefix.prefixlen)); ++ ++ /* Nexthop, ifindex, distance, metric. */ ++ if (CHECK_FLAG(message, ZAPI_MESSAGE_NEXTHOP|ZAPI_MESSAGE_IFINDEX)) { ++ nexthop_num = stream_getc(s); ++ for (i = 0; i < nexthop_num; i++) { ++ stream_get(buf[0], s, afaddrlen); ++ if (i == 0) sockunion_set(&nexthop_addr, prefix.family, (u_char*) buf[0], afaddrlen); ++ } ++ ifindex_num = stream_getc(s); ++ for (i = 0; i < ifindex_num; i++) { ++ ifindex = stream_getl(s); ++ if (i == 0 && ifindex != IFINDEX_INTERNAL) ++ ifp = if_lookup_by_index(ifindex); ++ } ++ } ++ if (CHECK_FLAG(message, ZAPI_MESSAGE_DISTANCE)) ++ /*distance =*/ stream_getc(s); ++ if (CHECK_FLAG(message, ZAPI_MESSAGE_METRIC)) ++ /*metric =*/ stream_getl(s); ++ ++ added = (cmd == ZEBRA_IPV4_ROUTE_ADD || cmd == ZEBRA_IPV6_ROUTE_ADD); ++ debugf(NHRP_DEBUG_ROUTE, "if-route-%s: %s via %s dev %s", ++ added ? "add" : "del", ++ prefix2str(&prefix, buf[0], sizeof buf[0]), ++ sockunion2str(&nexthop_addr, buf[1], sizeof buf[1]), ++ ifp ? ifp->name : "(none)"); ++ ++ nhrp_route_update_zebra(&prefix, &nexthop_addr, ifp); ++ nhrp_shortcut_prefix_change(&prefix, !added); ++ ++ return 0; ++} ++ ++int nhrp_route_get_nexthop(const union sockunion *addr, struct prefix *p, union sockunion *via, struct interface **ifp) ++{ ++ struct route_node *rn; ++ struct route_info *ri; ++ struct prefix lookup; ++ afi_t afi = family2afi(sockunion_family(addr)); ++ char buf[PREFIX_STRLEN]; ++ ++ sockunion2hostprefix(addr, &lookup); ++ ++ rn = route_node_match(zebra_rib[afi], &lookup); ++ if (!rn) return 0; ++ ++ ri = rn->info; ++ if (ri->nhrp_ifp) { ++ debugf(NHRP_DEBUG_ROUTE, "lookup %s: nhrp_if=%s", ++ prefix2str(&lookup, buf, sizeof buf), ++ ri->nhrp_ifp->name); ++ ++ if (via) sockunion_family(via) = AF_UNSPEC; ++ if (ifp) *ifp = ri->nhrp_ifp; ++ } else { ++ debugf(NHRP_DEBUG_ROUTE, "lookup %s: zebra route dev %s", ++ prefix2str(&lookup, buf, sizeof buf), ++ ri->ifp ? ri->ifp->name : "(none)"); ++ ++ if (via) *via = ri->via; ++ if (ifp) *ifp = ri->ifp; ++ } ++ if (p) *p = rn->p; ++ route_unlock_node(rn); ++ return 1; ++} ++ ++enum nhrp_route_type nhrp_route_address(struct interface *in_ifp, union sockunion *addr, struct prefix *p, struct nhrp_peer **peer) ++{ ++ struct interface *ifp = in_ifp; ++ struct nhrp_interface *nifp; ++ struct nhrp_cache *c; ++ union sockunion via[4]; ++ uint32_t network_id = 0; ++ afi_t afi = family2afi(sockunion_family(addr)); ++ int i; ++ ++ if (ifp) { ++ nifp = ifp->info; ++ network_id = nifp->afi[afi].network_id; ++ ++ c = nhrp_cache_get(ifp, addr, 0); ++ if (c && c->cur.type == NHRP_CACHE_LOCAL) { ++ if (p) memset(p, 0, sizeof(*p)); ++ return NHRP_ROUTE_LOCAL; ++ } ++ } ++ ++ for (i = 0; i < 4; i++) { ++ if (!nhrp_route_get_nexthop(addr, p, &via[i], &ifp)) ++ return NHRP_ROUTE_BLACKHOLE; ++ if (ifp) { ++ /* Departing from nbma network? */ ++ nifp = ifp->info; ++ if (network_id && network_id != nifp->afi[afi].network_id) ++ return NHRP_ROUTE_OFF_NBMA; ++ } ++ if (sockunion_family(&via[i]) == AF_UNSPEC) ++ break; ++ /* Resolve via node, but return the prefix of first match */ ++ addr = &via[i]; ++ p = NULL; ++ } ++ ++ if (ifp) { ++ c = nhrp_cache_get(ifp, addr, 0); ++ if (c && c->cur.type >= NHRP_CACHE_DYNAMIC) { ++ if (p) memset(p, 0, sizeof(*p)); ++ if (c->cur.type == NHRP_CACHE_LOCAL) ++ return NHRP_ROUTE_LOCAL; ++ if (peer) *peer = nhrp_peer_ref(c->cur.peer); ++ return NHRP_ROUTE_NBMA_NEXTHOP; ++ } ++ } ++ ++ return NHRP_ROUTE_BLACKHOLE; ++} ++ ++void nhrp_zebra_init(void) ++{ ++ zebra_rib[AFI_IP] = route_table_init(); ++ zebra_rib[AFI_IP6] = route_table_init(); ++ ++ zclient = zclient_new(master); ++ zclient->zebra_connected = nhrp_zebra_connected; ++ zclient->interface_add = nhrp_interface_add; ++ zclient->interface_delete = nhrp_interface_delete; ++ zclient->interface_up = nhrp_interface_up; ++ zclient->interface_down = nhrp_interface_down; ++ zclient->interface_address_add = nhrp_interface_address_add; ++ zclient->interface_address_delete = nhrp_interface_address_delete; ++ zclient->ipv4_route_add = nhrp_route_read; ++ zclient->ipv4_route_delete = nhrp_route_read; ++ zclient->ipv6_route_add = nhrp_route_read; ++ zclient->ipv6_route_delete = nhrp_route_read; ++ ++ zclient_init(zclient, ZEBRA_ROUTE_NHRP); ++ zclient_redistribute(ZEBRA_REDISTRIBUTE_ADD, zclient, ZEBRA_ROUTE_KERNEL, VRF_DEFAULT); ++ zclient_redistribute(ZEBRA_REDISTRIBUTE_ADD, zclient, ZEBRA_ROUTE_CONNECT, VRF_DEFAULT); ++ zclient_redistribute(ZEBRA_REDISTRIBUTE_ADD, zclient, ZEBRA_ROUTE_STATIC, VRF_DEFAULT); ++ zclient_redistribute(ZEBRA_REDISTRIBUTE_ADD, zclient, ZEBRA_ROUTE_RIP, VRF_DEFAULT); ++ zclient_redistribute(ZEBRA_REDISTRIBUTE_ADD, zclient, ZEBRA_ROUTE_OSPF, VRF_DEFAULT); ++ zclient_redistribute(ZEBRA_REDISTRIBUTE_ADD, zclient, ZEBRA_ROUTE_ISIS, VRF_DEFAULT); ++ zclient_redistribute(ZEBRA_REDISTRIBUTE_ADD, zclient, ZEBRA_ROUTE_BGP, VRF_DEFAULT); ++} ++ ++void nhrp_zebra_terminate(void) ++{ ++ zclient_stop(zclient); ++ route_table_finish(zebra_rib[AFI_IP]); ++ route_table_finish(zebra_rib[AFI_IP6]); ++} ++ +diff --git a/nhrpd/nhrp_shortcut.c b/nhrpd/nhrp_shortcut.c +new file mode 100644 +index 0000000..421f288 +--- /dev/null ++++ b/nhrpd/nhrp_shortcut.c +@@ -0,0 +1,402 @@ ++/* NHRP shortcut related functions ++ * Copyright (c) 2014-2015 Timo Teräs ++ * ++ * This file is free software: you may copy, redistribute and/or modify ++ * it under the terms of the GNU General Public License as published by ++ * the Free Software Foundation, either version 2 of the License, or ++ * (at your option) any later version. ++ */ ++ ++#include "nhrpd.h" ++#include "table.h" ++#include "memory.h" ++#include "thread.h" ++#include "log.h" ++#include "nhrp_protocol.h" ++ ++static struct route_table *shortcut_rib[AFI_MAX]; ++ ++static int nhrp_shortcut_do_purge(struct thread *t); ++static void nhrp_shortcut_delete(struct nhrp_shortcut *s); ++static void nhrp_shortcut_send_resolution_req(struct nhrp_shortcut *s); ++ ++static void nhrp_shortcut_check_use(struct nhrp_shortcut *s) ++{ ++ char buf[PREFIX_STRLEN]; ++ ++ if (s->expiring && s->cache && s->cache->used) { ++ debugf(NHRP_DEBUG_ROUTE, "Shortcut %s used and expiring", ++ prefix2str(s->p, buf, sizeof buf)); ++ nhrp_shortcut_send_resolution_req(s); ++ } ++} ++ ++static int nhrp_shortcut_do_expire(struct thread *t) ++{ ++ struct nhrp_shortcut *s = THREAD_ARG(t); ++ ++ s->t_timer = NULL; ++ THREAD_TIMER_ON(master, s->t_timer, nhrp_shortcut_do_purge, s, s->holding_time/3); ++ s->expiring = 1; ++ nhrp_shortcut_check_use(s); ++ ++ return 0; ++} ++ ++static void nhrp_shortcut_cache_notify(struct notifier_block *n, unsigned long cmd) ++{ ++ struct nhrp_shortcut *s = container_of(n, struct nhrp_shortcut, cache_notifier); ++ ++ switch (cmd) { ++ case NOTIFY_CACHE_UP: ++ if (!s->route_installed) { ++ nhrp_route_announce(1, s->type, s->p, NULL, &s->cache->remote_addr, 0); ++ s->route_installed = 1; ++ } ++ break; ++ case NOTIFY_CACHE_USED: ++ nhrp_shortcut_check_use(s); ++ break; ++ case NOTIFY_CACHE_DOWN: ++ case NOTIFY_CACHE_DELETE: ++ if (s->route_installed) { ++ nhrp_route_announce(0, NHRP_CACHE_INVALID, s->p, NULL, NULL, 0); ++ s->route_installed = 0; ++ } ++ if (cmd == NOTIFY_CACHE_DELETE) ++ nhrp_shortcut_delete(s); ++ break; ++ } ++} ++ ++static void nhrp_shortcut_update_binding(struct nhrp_shortcut *s, enum nhrp_cache_type type, struct nhrp_cache *c, int holding_time) ++{ ++ s->type = type; ++ if (c != s->cache) { ++ if (s->cache) { ++ nhrp_cache_notify_del(s->cache, &s->cache_notifier); ++ s->cache = NULL; ++ } ++ s->cache = c; ++ if (s->cache) { ++ nhrp_cache_notify_add(s->cache, &s->cache_notifier, nhrp_shortcut_cache_notify); ++ if (s->cache->route_installed) { ++ /* Force renewal of Zebra announce on prefix change */ ++ s->route_installed = 0; ++ nhrp_shortcut_cache_notify(&s->cache_notifier, NOTIFY_CACHE_UP); ++ } ++ } ++ if (!s->cache || !s->cache->route_installed) ++ nhrp_shortcut_cache_notify(&s->cache_notifier, NOTIFY_CACHE_DOWN); ++ } ++ if (s->type == NHRP_CACHE_NEGATIVE && !s->route_installed) { ++ nhrp_route_announce(1, s->type, s->p, NULL, NULL, 0); ++ s->route_installed = 1; ++ } else if (s->type == NHRP_CACHE_INVALID && s->route_installed) { ++ nhrp_route_announce(0, NHRP_CACHE_INVALID, s->p, NULL, NULL, 0); ++ s->route_installed = 0; ++ } ++ ++ THREAD_OFF(s->t_timer); ++ if (holding_time) { ++ s->expiring = 0; ++ s->holding_time = holding_time; ++ THREAD_TIMER_ON(master, s->t_timer, nhrp_shortcut_do_expire, s, 2*holding_time/3); ++ } ++} ++ ++static void nhrp_shortcut_delete(struct nhrp_shortcut *s) ++{ ++ struct route_node *rn; ++ afi_t afi = family2afi(PREFIX_FAMILY(s->p)); ++ char buf[PREFIX_STRLEN]; ++ ++ THREAD_OFF(s->t_timer); ++ nhrp_reqid_free(&nhrp_packet_reqid, &s->reqid); ++ ++ debugf(NHRP_DEBUG_ROUTE, "Shortcut %s purged", ++ prefix2str(s->p, buf, sizeof buf)); ++ ++ nhrp_shortcut_update_binding(s, NHRP_CACHE_INVALID, NULL, 0); ++ ++ /* Delete node */ ++ rn = route_node_lookup(shortcut_rib[afi], s->p); ++ if (rn) { ++ XFREE(MTYPE_NHRP_SHORTCUT, rn->info); ++ rn->info = NULL; ++ route_unlock_node(rn); ++ route_unlock_node(rn); ++ } ++} ++ ++static int nhrp_shortcut_do_purge(struct thread *t) ++{ ++ struct nhrp_shortcut *s = THREAD_ARG(t); ++ s->t_timer = NULL; ++ nhrp_shortcut_delete(s); ++ return 0; ++} ++ ++static struct nhrp_shortcut *nhrp_shortcut_get(struct prefix *p) ++{ ++ struct nhrp_shortcut *s; ++ struct route_node *rn; ++ char buf[PREFIX_STRLEN]; ++ afi_t afi = family2afi(PREFIX_FAMILY(p)); ++ ++ if (!shortcut_rib[afi]) ++ return 0; ++ ++ rn = route_node_get(shortcut_rib[afi], p); ++ if (!rn->info) { ++ s = rn->info = XCALLOC(MTYPE_NHRP_SHORTCUT, sizeof(struct nhrp_shortcut)); ++ s->type = NHRP_CACHE_INVALID; ++ s->p = &rn->p; ++ ++ debugf(NHRP_DEBUG_ROUTE, "Shortcut %s created", ++ prefix2str(s->p, buf, sizeof buf)); ++ } else { ++ s = rn->info; ++ route_unlock_node(rn); ++ } ++ return s; ++} ++ ++static void nhrp_shortcut_recv_resolution_rep(struct nhrp_reqid *reqid, void *arg) ++{ ++ struct nhrp_packet_parser *pp = arg; ++ struct nhrp_shortcut *s = container_of(reqid, struct nhrp_shortcut, reqid); ++ struct nhrp_shortcut *ps; ++ struct nhrp_extension_header *ext; ++ struct nhrp_cie_header *cie; ++ struct nhrp_cache *c = NULL; ++ union sockunion *proto, cie_proto, *nbma, *nbma_natoa, cie_nbma, nat_nbma; ++ struct prefix prefix, route_prefix; ++ struct zbuf extpl; ++ char bufp[PREFIX_STRLEN], buf[3][SU_ADDRSTRLEN]; ++ int holding_time = pp->if_ad->holdtime; ++ ++ nhrp_reqid_free(&nhrp_packet_reqid, &s->reqid); ++ THREAD_OFF(s->t_timer); ++ THREAD_TIMER_ON(master, s->t_timer, nhrp_shortcut_do_purge, s, 1); ++ ++ if (pp->hdr->type != NHRP_PACKET_RESOLUTION_REPLY) { ++ if (pp->hdr->type == NHRP_PACKET_ERROR_INDICATION && ++ pp->hdr->u.error.code == NHRP_ERROR_PROTOCOL_ADDRESS_UNREACHABLE) { ++ debugf(NHRP_DEBUG_COMMON, "Shortcut: Resolution: Protocol address unreachable"); ++ nhrp_shortcut_update_binding(s, NHRP_CACHE_NEGATIVE, NULL, holding_time); ++ } else { ++ debugf(NHRP_DEBUG_COMMON, "Shortcut: Resolution failed"); ++ } ++ return; ++ } ++ ++ /* Parse extensions */ ++ memset(&nat_nbma, 0, sizeof nat_nbma); ++ while ((ext = nhrp_ext_pull(&pp->extensions, &extpl)) != NULL) { ++ switch (htons(ext->type) & ~NHRP_EXTENSION_FLAG_COMPULSORY) { ++ case NHRP_EXTENSION_NAT_ADDRESS: ++ nhrp_cie_pull(&extpl, pp->hdr, &nat_nbma, &cie_proto); ++ break; ++ } ++ } ++ ++ /* Minor sanity check */ ++ prefix2sockunion(s->p, &cie_proto); ++ if (!sockunion_same(&cie_proto, &pp->dst_proto)) { ++ debugf(NHRP_DEBUG_COMMON, "Shortcut: Warning dst_proto altered from %s to %s", ++ sockunion2str(&cie_proto, buf[0], sizeof buf[0]), ++ sockunion2str(&pp->dst_proto, buf[1], sizeof buf[1])); ++ } ++ ++ /* One or more CIEs should be given as reply, we support only one */ ++ cie = nhrp_cie_pull(&pp->payload, pp->hdr, &cie_nbma, &cie_proto); ++ if (!cie || cie->code != NHRP_CODE_SUCCESS) { ++ debugf(NHRP_DEBUG_COMMON, "Shortcut: CIE code %d", cie ? cie->code : -1); ++ return; ++ } ++ ++ proto = sockunion_family(&cie_proto) != AF_UNSPEC ? &cie_proto : &pp->dst_proto; ++ if (cie->holding_time) ++ holding_time = htons(cie->holding_time); ++ ++ prefix = *s->p; ++ prefix.prefixlen = cie->prefix_length; ++ ++ /* Sanity check prefix length */ ++ if (prefix.prefixlen >= 8*prefix_blen(&prefix)) { ++ prefix.prefixlen = 8*prefix_blen(&prefix); ++ } else if (nhrp_route_address(NULL, &pp->dst_proto, &route_prefix, NULL) == NHRP_ROUTE_NBMA_NEXTHOP) { ++ if (prefix.prefixlen < route_prefix.prefixlen) ++ prefix.prefixlen = route_prefix.prefixlen; ++ } ++ ++ debugf(NHRP_DEBUG_COMMON, "Shortcut: %s is at proto %s cie-nbma %s nat-nbma %s cie-holdtime %d", ++ prefix2str(&prefix, bufp, sizeof bufp), ++ sockunion2str(proto, buf[0], sizeof buf[0]), ++ sockunion2str(&cie_nbma, buf[1], sizeof buf[1]), ++ sockunion2str(&nat_nbma, buf[2], sizeof buf[2]), ++ htons(cie->holding_time)); ++ ++ /* Update cache entry for the protocol to nbma binding */ ++ if (sockunion_family(&nat_nbma) != AF_UNSPEC) { ++ nbma = &nat_nbma; ++ nbma_natoa = &cie_nbma; ++ } else { ++ nbma = &cie_nbma; ++ nbma_natoa = NULL; ++ } ++ if (sockunion_family(nbma)) { ++ c = nhrp_cache_get(pp->ifp, proto, 1); ++ if (c) { ++ nhrp_cache_update_binding( ++ c, NHRP_CACHE_CACHED, holding_time, ++ nhrp_peer_get(pp->ifp, nbma), ++ htons(cie->mtu), nbma_natoa); ++ } ++ } ++ ++ /* Update shortcut entry for subnet to protocol gw binding */ ++ if (c && !sockunion_same(proto, &pp->dst_proto)) { ++ ps = nhrp_shortcut_get(&prefix); ++ if (ps) { ++ ps->addr = s->addr; ++ nhrp_shortcut_update_binding(ps, NHRP_CACHE_CACHED, c, holding_time); ++ } ++ } ++ ++ debugf(NHRP_DEBUG_COMMON, "Shortcut: Resolution reply handled"); ++} ++ ++static void nhrp_shortcut_send_resolution_req(struct nhrp_shortcut *s) ++{ ++ struct zbuf *zb; ++ struct nhrp_packet_header *hdr; ++ struct interface *ifp; ++ struct nhrp_interface *nifp; ++ struct nhrp_peer *peer; ++ ++ if (nhrp_route_address(NULL, &s->addr, NULL, &peer) != NHRP_ROUTE_NBMA_NEXTHOP) ++ return; ++ ++ if (s->type == NHRP_CACHE_INVALID || s->type == NHRP_CACHE_NEGATIVE) ++ s->type = NHRP_CACHE_INCOMPLETE; ++ ++ ifp = peer->ifp; ++ nifp = ifp->info; ++ ++ /* Create request */ ++ zb = zbuf_alloc(1500); ++ hdr = nhrp_packet_push(zb, NHRP_PACKET_RESOLUTION_REQUEST, ++ &nifp->nbma, &nifp->afi[family2afi(sockunion_family(&s->addr))].addr, &s->addr); ++ hdr->u.request_id = htonl(nhrp_reqid_alloc(&nhrp_packet_reqid, &s->reqid, nhrp_shortcut_recv_resolution_rep)); ++ hdr->flags = htons(NHRP_FLAG_RESOLUTION_SOURCE_IS_ROUTER | ++ NHRP_FLAG_RESOLUTION_AUTHORATIVE | ++ NHRP_FLAG_RESOLUTION_SOURCE_STABLE); ++ ++ /* RFC2332 - One or zero CIEs, if CIE is present contains: ++ * - Prefix length: widest acceptable prefix we accept (if U set, 0xff) ++ * - MTU: MTU of the source station ++ * - Holding Time: Max time to cache the source information ++ * */ ++ /* FIXME: Send holding time, and MTU */ ++ ++ nhrp_ext_request(zb, hdr, ifp); ++ ++ /* Cisco NAT detection extension */ ++ hdr->flags |= htons(NHRP_FLAG_RESOLUTION_NAT); ++ nhrp_ext_push(zb, hdr, NHRP_EXTENSION_NAT_ADDRESS); ++ ++ nhrp_packet_complete(zb, hdr); ++ ++ nhrp_peer_send(peer, zb); ++ nhrp_peer_unref(peer); ++ zbuf_free(zb); ++} ++ ++void nhrp_shortcut_initiate(union sockunion *addr) ++{ ++ struct prefix p; ++ struct nhrp_shortcut *s; ++ ++ sockunion2hostprefix(addr, &p); ++ s = nhrp_shortcut_get(&p); ++ if (s && s->type != NHRP_CACHE_INCOMPLETE) { ++ s->addr = *addr; ++ THREAD_OFF(s->t_timer); ++ THREAD_TIMER_ON(master, s->t_timer, nhrp_shortcut_do_purge, s, 30); ++ nhrp_shortcut_send_resolution_req(s); ++ } ++} ++ ++void nhrp_shortcut_init(void) ++{ ++ shortcut_rib[AFI_IP] = route_table_init(); ++ shortcut_rib[AFI_IP6] = route_table_init(); ++} ++ ++void nhrp_shortcut_terminate(void) ++{ ++ route_table_finish(shortcut_rib[AFI_IP]); ++ route_table_finish(shortcut_rib[AFI_IP6]); ++} ++ ++void nhrp_shortcut_foreach(afi_t afi, void (*cb)(struct nhrp_shortcut *, void *), void *ctx) ++{ ++ struct route_table *rt = shortcut_rib[afi]; ++ struct route_node *rn; ++ route_table_iter_t iter; ++ ++ if (!rt) return; ++ ++ route_table_iter_init(&iter, rt); ++ while ((rn = route_table_iter_next(&iter)) != NULL) { ++ if (rn->info) cb(rn->info, ctx); ++ } ++ route_table_iter_cleanup(&iter); ++} ++ ++struct purge_ctx { ++ const struct prefix *p; ++ int deleted; ++}; ++ ++void nhrp_shortcut_purge(struct nhrp_shortcut *s, int force) ++{ ++ THREAD_OFF(s->t_timer); ++ nhrp_reqid_free(&nhrp_packet_reqid, &s->reqid); ++ ++ if (force) { ++ /* Immediate purge on route with draw or pending shortcut */ ++ THREAD_TIMER_MSEC_ON(master, s->t_timer, nhrp_shortcut_do_purge, s, 5); ++ } else { ++ /* Soft expire - force immediate renewal, but purge ++ * in few seconds to make sure stale route is not ++ * used too long. In practice most purges are caused ++ * by hub bgp change, but target usually stays same. ++ * This allows to keep nhrp route up, and to not ++ * cause temporary rerouting via hubs causing latency ++ * jitter. */ ++ THREAD_TIMER_MSEC_ON(master, s->t_timer, nhrp_shortcut_do_purge, s, 3000); ++ s->expiring = 1; ++ nhrp_shortcut_check_use(s); ++ } ++} ++ ++static void nhrp_shortcut_purge_prefix(struct nhrp_shortcut *s, void *ctx) ++{ ++ struct purge_ctx *pctx = ctx; ++ ++ if (prefix_match(pctx->p, s->p)) ++ nhrp_shortcut_purge(s, pctx->deleted || !s->cache); ++} ++ ++void nhrp_shortcut_prefix_change(const struct prefix *p, int deleted) ++{ ++ struct purge_ctx pctx = { ++ .p = p, ++ .deleted = deleted, ++ }; ++ nhrp_shortcut_foreach(family2afi(PREFIX_FAMILY(p)), nhrp_shortcut_purge_prefix, &pctx); ++} ++ +diff --git a/nhrpd/nhrp_vc.c b/nhrpd/nhrp_vc.c +new file mode 100644 +index 0000000..f9e1ee0 +--- /dev/null ++++ b/nhrpd/nhrp_vc.c +@@ -0,0 +1,217 @@ ++/* NHRP virtual connection ++ * Copyright (c) 2014-2015 Timo Teräs ++ * ++ * This file is free software: you may copy, redistribute and/or modify ++ * it under the terms of the GNU General Public License as published by ++ * the Free Software Foundation, either version 2 of the License, or ++ * (at your option) any later version. ++ */ ++ ++#include "zebra.h" ++#include "memory.h" ++#include "stream.h" ++#include "hash.h" ++#include "thread.h" ++#include "jhash.h" ++ ++#include "nhrpd.h" ++#include "os.h" ++ ++struct child_sa { ++ uint32_t id; ++ struct nhrp_vc *vc; ++ struct list_head childlist_entry; ++}; ++ ++static struct hash *nhrp_vc_hash; ++static struct list_head childlist_head[512]; ++ ++static unsigned int nhrp_vc_key(void *peer_data) ++{ ++ struct nhrp_vc *vc = peer_data; ++ return jhash_2words( ++ sockunion_hash(&vc->local.nbma), ++ sockunion_hash(&vc->remote.nbma), ++ 0); ++} ++ ++static int nhrp_vc_cmp(const void *cache_data, const void *key_data) ++{ ++ const struct nhrp_vc *a = cache_data; ++ const struct nhrp_vc *b = key_data; ++ return sockunion_same(&a->local.nbma, &b->local.nbma) && ++ sockunion_same(&a->remote.nbma, &b->remote.nbma); ++} ++ ++static void *nhrp_vc_alloc(void *data) ++{ ++ struct nhrp_vc *vc, *key = data; ++ ++ vc = XMALLOC(MTYPE_NHRP_VC, sizeof(struct nhrp_vc)); ++ if (vc) { ++ *vc = (struct nhrp_vc) { ++ .local.nbma = key->local.nbma, ++ .remote.nbma = key->remote.nbma, ++ .notifier_list = NOTIFIER_LIST_INITIALIZER(&vc->notifier_list), ++ }; ++ } ++ ++ return vc; ++} ++ ++static void nhrp_vc_free(void *data) ++{ ++ XFREE(MTYPE_NHRP_VC, data); ++} ++ ++struct nhrp_vc *nhrp_vc_get(const union sockunion *src, const union sockunion *dst, int create) ++{ ++ struct nhrp_vc key; ++ key.local.nbma = *src; ++ key.remote.nbma = *dst; ++ return hash_get(nhrp_vc_hash, &key, create ? nhrp_vc_alloc : 0); ++} ++ ++static void nhrp_vc_check_delete(struct nhrp_vc *vc) ++{ ++ if (vc->updating || vc->ipsec || notifier_active(&vc->notifier_list)) ++ return; ++ hash_release(nhrp_vc_hash, vc); ++ nhrp_vc_free(vc); ++} ++ ++static void nhrp_vc_update(struct nhrp_vc *vc, long cmd) ++{ ++ vc->updating = 1; ++ notifier_call(&vc->notifier_list, cmd); ++ vc->updating = 0; ++ nhrp_vc_check_delete(vc); ++} ++ ++static void nhrp_vc_ipsec_reset(struct nhrp_vc *vc) ++{ ++ vc->local.id[0] = 0; ++ vc->local.certlen = 0; ++ vc->remote.id[0] = 0; ++ vc->remote.certlen = 0; ++} ++ ++int nhrp_vc_ipsec_updown(uint32_t child_id, struct nhrp_vc *vc) ++{ ++ char buf[2][SU_ADDRSTRLEN]; ++ struct child_sa *sa = NULL, *lsa; ++ uint32_t child_hash = child_id % ZEBRA_NUM_OF(childlist_head); ++ int abort_migration = 0; ++ ++ list_for_each_entry(lsa, &childlist_head[child_hash], childlist_entry) { ++ if (lsa->id == child_id) { ++ sa = lsa; ++ break; ++ } ++ } ++ ++ if (!sa) { ++ if (!vc) return 0; ++ ++ sa = XMALLOC(MTYPE_NHRP_VC, sizeof(struct child_sa)); ++ if (!sa) return 0; ++ ++ *sa = (struct child_sa) { ++ .id = child_id, ++ .childlist_entry = LIST_INITIALIZER(sa->childlist_entry), ++ .vc = NULL, ++ }; ++ list_add_tail(&sa->childlist_entry, &childlist_head[child_hash]); ++ } ++ ++ if (sa->vc == vc) ++ return 0; ++ ++ if (vc) { ++ /* Attach first to new VC */ ++ vc->ipsec++; ++ nhrp_vc_update(vc, NOTIFY_VC_IPSEC_CHANGED); ++ } ++ if (sa->vc && vc) { ++ /* Notify old VC of migration */ ++ sa->vc->abort_migration = 0; ++ debugf(NHRP_DEBUG_COMMON, "IPsec NBMA change of %s to %s", ++ sockunion2str(&sa->vc->remote.nbma, buf[0], sizeof buf[0]), ++ sockunion2str(&vc->remote.nbma, buf[1], sizeof buf[1])); ++ nhrp_vc_update(sa->vc, NOTIFY_VC_IPSEC_UPDATE_NBMA); ++ abort_migration = sa->vc->abort_migration; ++ } ++ if (sa->vc) { ++ /* Deattach old VC */ ++ sa->vc->ipsec--; ++ if (!sa->vc->ipsec) nhrp_vc_ipsec_reset(sa->vc); ++ nhrp_vc_update(sa->vc, NOTIFY_VC_IPSEC_CHANGED); ++ } ++ ++ /* Update */ ++ sa->vc = vc; ++ if (!vc) { ++ list_del(&sa->childlist_entry); ++ XFREE(MTYPE_NHRP_VC, sa); ++ } ++ ++ return abort_migration; ++} ++ ++void nhrp_vc_notify_add(struct nhrp_vc *vc, struct notifier_block *n, notifier_fn_t action) ++{ ++ notifier_add(n, &vc->notifier_list, action); ++} ++ ++void nhrp_vc_notify_del(struct nhrp_vc *vc, struct notifier_block *n) ++{ ++ notifier_del(n); ++ nhrp_vc_check_delete(vc); ++} ++ ++ ++struct nhrp_vc_iterator_ctx { ++ void (*cb)(struct nhrp_vc *, void *); ++ void *ctx; ++}; ++ ++static void nhrp_vc_iterator(struct hash_backet *b, void *ctx) ++{ ++ struct nhrp_vc_iterator_ctx *ic = ctx; ++ ic->cb(b->data, ic->ctx); ++} ++ ++void nhrp_vc_foreach(void (*cb)(struct nhrp_vc *, void *), void *ctx) ++{ ++ struct nhrp_vc_iterator_ctx ic = { ++ .cb = cb, ++ .ctx = ctx, ++ }; ++ hash_iterate(nhrp_vc_hash, nhrp_vc_iterator, &ic); ++} ++ ++void nhrp_vc_init(void) ++{ ++ size_t i; ++ ++ nhrp_vc_hash = hash_create(nhrp_vc_key, nhrp_vc_cmp); ++ for (i = 0; i < ZEBRA_NUM_OF(childlist_head); i++) ++ list_init(&childlist_head[i]); ++} ++ ++void nhrp_vc_reset(void) ++{ ++ struct child_sa *sa, *n; ++ size_t i; ++ ++ for (i = 0; i < ZEBRA_NUM_OF(childlist_head); i++) { ++ list_for_each_entry_safe(sa, n, &childlist_head[i], childlist_entry) ++ nhrp_vc_ipsec_updown(sa->id, 0); ++ } ++} ++ ++void nhrp_vc_terminate(void) ++{ ++ nhrp_vc_reset(); ++ hash_clean(nhrp_vc_hash, nhrp_vc_free); ++} +diff --git a/nhrpd/nhrp_vty.c b/nhrpd/nhrp_vty.c +new file mode 100644 +index 0000000..9b1c69d +--- /dev/null ++++ b/nhrpd/nhrp_vty.c +@@ -0,0 +1,928 @@ ++/* NHRP vty handling ++ * Copyright (c) 2014-2015 Timo Teräs ++ * ++ * This file is free software: you may copy, redistribute and/or modify ++ * it under the terms of the GNU General Public License as published by ++ * the Free Software Foundation, either version 2 of the License, or ++ * (at your option) any later version. ++ */ ++ ++#include "zebra.h" ++#include "command.h" ++#include "zclient.h" ++#include "stream.h" ++ ++#include "nhrpd.h" ++#include "netlink.h" ++ ++static struct cmd_node zebra_node = { ++ .node = ZEBRA_NODE, ++ .prompt = "%s(config-router)# ", ++ .vtysh = 1, ++}; ++ ++static struct cmd_node nhrp_interface_node = { ++ .node = INTERFACE_NODE, ++ .prompt = "%s(config-if)# ", ++ .vtysh = 1, ++}; ++ ++#define NHRP_DEBUG_FLAGS_CMD "(all|common|event|interface|kernel|route|vici)" ++ ++#define NHRP_DEBUG_FLAGS_STR \ ++ "All messages\n" \ ++ "Common messages (default)\n" \ ++ "Event manager messages\n" \ ++ "Interface messages\n" \ ++ "Kernel messages\n" \ ++ "Route messages\n" \ ++ "VICI messages\n" ++ ++static const struct message debug_flags_desc[] = { ++ { NHRP_DEBUG_ALL, "all" }, ++ { NHRP_DEBUG_COMMON, "common" }, ++ { NHRP_DEBUG_IF, "interface" }, ++ { NHRP_DEBUG_KERNEL, "kernel" }, ++ { NHRP_DEBUG_ROUTE, "route" }, ++ { NHRP_DEBUG_VICI, "vici" }, ++ { NHRP_DEBUG_EVENT, "event" }, ++ { 0, NULL }, ++}; ++ ++static const struct message interface_flags_desc[] = { ++ { NHRP_IFF_SHORTCUT, "shortcut" }, ++ { NHRP_IFF_REDIRECT, "redirect" }, ++ { NHRP_IFF_REG_NO_UNIQUE, "registration no-unique" }, ++ { 0, NULL }, ++}; ++ ++static int nhrp_vty_return(struct vty *vty, int ret) ++{ ++ static const char * const errmsgs[] = { ++ [NHRP_ERR_FAIL] = "Command failed", ++ [NHRP_ERR_NO_MEMORY] = "Out of memory", ++ [NHRP_ERR_UNSUPPORTED_INTERFACE] = "NHRP not supported on this interface", ++ [NHRP_ERR_NHRP_NOT_ENABLED] = "NHRP not enabled (set 'nhrp network-id' first)", ++ [NHRP_ERR_ENTRY_EXISTS] = "Entry exists already", ++ [NHRP_ERR_ENTRY_NOT_FOUND] = "Entry not found", ++ [NHRP_ERR_PROTOCOL_ADDRESS_MISMATCH] = "Protocol address family does not match command (ip/ipv6 mismatch)", ++ }; ++ const char *str = NULL; ++ char buf[256]; ++ ++ if (ret == NHRP_OK) ++ return CMD_SUCCESS; ++ ++ if (ret > 0 && ret <= (int)ZEBRA_NUM_OF(errmsgs)) ++ if (errmsgs[ret]) ++ str = errmsgs[ret]; ++ ++ if (!str) { ++ str = buf; ++ snprintf(buf, sizeof(buf), "Unknown error %d", ret); ++ } ++ ++ vty_out (vty, "%% %s%s", str, VTY_NEWLINE); ++ ++ return CMD_WARNING; ++} ++ ++static int toggle_flag( ++ struct vty *vty, const struct message *flag_desc, ++ const char *name, int on_off, unsigned *flags) ++{ ++ int i; ++ ++ for (i = 0; flag_desc[i].str != NULL; i++) { ++ if (strcmp(flag_desc[i].str, name) != 0) ++ continue; ++ if (on_off) ++ *flags |= flag_desc[i].key; ++ else ++ *flags &= ~flag_desc[i].key; ++ return CMD_SUCCESS; ++ } ++ ++ vty_out(vty, "%% Invalid value %s%s", name, VTY_NEWLINE); ++ return CMD_WARNING; ++} ++ ++#ifndef NO_DEBUG ++ ++DEFUN(show_debugging_nhrp, show_debugging_nhrp_cmd, ++ "show debugging nhrp", ++ SHOW_STR ++ "Debugging information\n" ++ "NHRP configuration\n") ++{ ++ int i; ++ ++ vty_out(vty, "NHRP debugging status:%s", VTY_NEWLINE); ++ ++ for (i = 0; debug_flags_desc[i].str != NULL; i++) { ++ if (debug_flags_desc[i].key == NHRP_DEBUG_ALL) ++ continue; ++ if (!(debug_flags_desc[i].key & debug_flags)) ++ continue; ++ ++ vty_out(vty, " NHRP %s debugging is on%s", ++ debug_flags_desc[i].str, VTY_NEWLINE); ++ } ++ ++ return CMD_SUCCESS; ++} ++ ++DEFUN(debug_nhrp, debug_nhrp_cmd, ++ "debug nhrp " NHRP_DEBUG_FLAGS_CMD, ++ "Enable debug messages for specific or all parts.\n" ++ "NHRP information\n" ++ NHRP_DEBUG_FLAGS_STR) ++{ ++ return toggle_flag(vty, debug_flags_desc, argv[0], 1, &debug_flags); ++} ++ ++DEFUN(no_debug_nhrp, no_debug_nhrp_cmd, ++ "no debug nhrp " NHRP_DEBUG_FLAGS_CMD, ++ NO_STR ++ "Disable debug messages for specific or all parts.\n" ++ "NHRP information\n" ++ NHRP_DEBUG_FLAGS_STR) ++{ ++ return toggle_flag(vty, debug_flags_desc, argv[0], 0, &debug_flags); ++} ++ ++#endif /* NO_DEBUG */ ++ ++static int nhrp_config_write(struct vty *vty) ++{ ++#ifndef NO_DEBUG ++ if (debug_flags == NHRP_DEBUG_ALL) { ++ vty_out(vty, "debug nhrp all%s", VTY_NEWLINE); ++ } else { ++ int i; ++ ++ for (i = 0; debug_flags_desc[i].str != NULL; i++) { ++ if (debug_flags_desc[i].key == NHRP_DEBUG_ALL) ++ continue; ++ if (!(debug_flags & debug_flags_desc[i].key)) ++ continue; ++ vty_out(vty, "debug nhrp %s%s", debug_flags_desc[i].str, VTY_NEWLINE); ++ } ++ } ++ vty_out(vty, "!%s", VTY_NEWLINE); ++#endif /* NO_DEBUG */ ++ ++ if (nhrp_event_socket_path) { ++ vty_out(vty, "nhrp event socket %s%s", ++ nhrp_event_socket_path, VTY_NEWLINE); ++ } ++ if (netlink_nflog_group) { ++ vty_out(vty, "nhrp nflog-group %d%s", ++ netlink_nflog_group, VTY_NEWLINE); ++ } ++ ++ return 0; ++} ++ ++#define IP_STR "IP information\n" ++#define IPV6_STR "IPv6 information\n" ++#define AFI_CMD "(ip|ipv6)" ++#define AFI_STR IP_STR IPV6_STR ++#define NHRP_STR "Next Hop Resolution Protocol functions\n" ++ ++static afi_t cmd_to_afi(const char *cmd) ++{ ++ return strncmp(cmd, "ipv6", 4) == 0 ? AFI_IP6 : AFI_IP; ++} ++ ++static const char *afi_to_cmd(afi_t afi) ++{ ++ if (afi == AFI_IP6) return "ipv6"; ++ return "ip"; ++} ++ ++DEFUN(nhrp_event_socket, nhrp_event_socket_cmd, ++ "nhrp event socket SOCKET", ++ NHRP_STR ++ "Event Manager commands\n" ++ "Event Manager unix socket path\n" ++ "Unix path for the socket") ++{ ++ evmgr_set_socket(argv[0]); ++ return CMD_SUCCESS; ++} ++ ++DEFUN(no_nhrp_event_socket, no_nhrp_event_socket_cmd, ++ "no nhrp event socket [SOCKET]", ++ NO_STR ++ NHRP_STR ++ "Event Manager commands\n" ++ "Event Manager unix socket path\n" ++ "Unix path for the socket") ++{ ++ evmgr_set_socket(NULL); ++ return CMD_SUCCESS; ++} ++ ++DEFUN(nhrp_nflog_group, nhrp_nflog_group_cmd, ++ "nhrp nflog-group <1-65535>", ++ NHRP_STR ++ "Specify NFLOG group number\n" ++ "NFLOG group number\n") ++{ ++ uint32_t nfgroup; ++ ++ VTY_GET_INTEGER_RANGE("nflog-group", nfgroup, argv[0], 1, 65535); ++ netlink_set_nflog_group(nfgroup); ++ ++ return CMD_SUCCESS; ++} ++ ++DEFUN(no_nhrp_nflog_group, no_nhrp_nflog_group_cmd, ++ "no nhrp nflog-group [<1-65535>]", ++ NO_STR ++ NHRP_STR ++ "Specify NFLOG group number\n" ++ "NFLOG group number\n") ++{ ++ netlink_set_nflog_group(0); ++ return CMD_SUCCESS; ++} ++ ++DEFUN(tunnel_protection, tunnel_protection_cmd, ++ "tunnel protection vici profile PROFILE {fallback-profile FALLBACK}", ++ "NHRP/GRE integration\n" ++ "IPsec protection\n" ++ "VICI (StrongSwan)\n" ++ "IPsec profile\n" ++ "IPsec profile name\n" ++ "Fallback IPsec profile\n" ++ "Fallback IPsec profile name\n") ++{ ++ struct interface *ifp = vty->index; ++ ++ nhrp_interface_set_protection(ifp, argv[0], argv[1]); ++ return CMD_SUCCESS; ++} ++ ++DEFUN(no_tunnel_protection, no_tunnel_protection_cmd, ++ "no tunnel protection", ++ NO_STR ++ "NHRP/GRE integration\n" ++ "IPsec protection\n") ++{ ++ struct interface *ifp = vty->index; ++ ++ nhrp_interface_set_protection(ifp, NULL, NULL); ++ return CMD_SUCCESS; ++} ++ ++DEFUN(tunnel_source, tunnel_source_cmd, ++ "tunnel source INTERFACE", ++ "NHRP/GRE integration\n" ++ "Tunnel device binding tracking\n" ++ "Interface name\n") ++{ ++ struct interface *ifp = vty->index; ++ nhrp_interface_set_source(ifp, argv[0]); ++ return CMD_SUCCESS; ++} ++ ++DEFUN(no_tunnel_source, no_tunnel_source_cmd, ++ "no tunnel source", ++ "NHRP/GRE integration\n" ++ "Tunnel device binding tracking\n" ++ "Interface name\n") ++{ ++ struct interface *ifp = vty->index; ++ nhrp_interface_set_source(ifp, NULL); ++ return CMD_SUCCESS; ++} ++ ++DEFUN(if_nhrp_network_id, if_nhrp_network_id_cmd, ++ AFI_CMD " nhrp network-id <1-4294967295>", ++ AFI_STR ++ NHRP_STR ++ "Enable NHRP and specify network-id\n" ++ "System local ID to specify interface group\n") ++{ ++ struct interface *ifp = vty->index; ++ struct nhrp_interface *nifp = ifp->info; ++ afi_t afi = cmd_to_afi(argv[0]); ++ ++ VTY_GET_INTEGER_RANGE("network-id", nifp->afi[afi].network_id, argv[1], 1, 4294967295); ++ nhrp_interface_update(ifp); ++ ++ return CMD_SUCCESS; ++} ++ ++DEFUN(if_no_nhrp_network_id, if_no_nhrp_network_id_cmd, ++ "no " AFI_CMD " nhrp network-id [<1-4294967295>]", ++ NO_STR ++ AFI_STR ++ NHRP_STR ++ "Enable NHRP and specify network-id\n" ++ "System local ID to specify interface group\n") ++{ ++ struct interface *ifp = vty->index; ++ struct nhrp_interface *nifp = ifp->info; ++ afi_t afi = cmd_to_afi(argv[0]); ++ ++ nifp->afi[afi].network_id = 0; ++ nhrp_interface_update(ifp); ++ ++ return CMD_SUCCESS; ++} ++ ++DEFUN(if_nhrp_flags, if_nhrp_flags_cmd, ++ AFI_CMD " nhrp (shortcut|redirect)", ++ AFI_STR ++ NHRP_STR ++ "Allow shortcut establishment\n" ++ "Send redirect notifications\n") ++{ ++ struct interface *ifp = vty->index; ++ struct nhrp_interface *nifp = ifp->info; ++ afi_t afi = cmd_to_afi(argv[0]); ++ ++ return toggle_flag(vty, interface_flags_desc, argv[1], 1, &nifp->afi[afi].flags); ++} ++ ++DEFUN(if_no_nhrp_flags, if_no_nhrp_flags_cmd, ++ "no " AFI_CMD " nhrp (shortcut|redirect)", ++ NO_STR ++ AFI_STR ++ NHRP_STR ++ "Allow shortcut establishment\n" ++ "Send redirect notifications\n") ++{ ++ struct interface *ifp = vty->index; ++ struct nhrp_interface *nifp = ifp->info; ++ afi_t afi = cmd_to_afi(argv[0]); ++ ++ return toggle_flag(vty, interface_flags_desc, argv[1], 0, &nifp->afi[afi].flags); ++} ++ ++DEFUN(if_nhrp_reg_flags, if_nhrp_reg_flags_cmd, ++ AFI_CMD " nhrp registration (no-unique)", ++ AFI_STR ++ NHRP_STR ++ "Registration configuration\n" ++ "Don't set unique flag\n") ++{ ++ struct interface *ifp = vty->index; ++ struct nhrp_interface *nifp = ifp->info; ++ afi_t afi = cmd_to_afi(argv[0]); ++ char name[256]; ++ snprintf(name, sizeof(name), "registration %s", argv[1]); ++ return toggle_flag(vty, interface_flags_desc, name, 1, &nifp->afi[afi].flags); ++} ++ ++DEFUN(if_no_nhrp_reg_flags, if_no_nhrp_reg_flags_cmd, ++ "no " AFI_CMD " nhrp registration (no-unique)", ++ NO_STR ++ AFI_STR ++ NHRP_STR ++ "Registration configuration\n" ++ "Don't set unique flag\n") ++{ ++ struct interface *ifp = vty->index; ++ struct nhrp_interface *nifp = ifp->info; ++ afi_t afi = cmd_to_afi(argv[0]); ++ char name[256]; ++ snprintf(name, sizeof(name), "registration %s", argv[1]); ++ return toggle_flag(vty, interface_flags_desc, name, 0, &nifp->afi[afi].flags); ++} ++ ++DEFUN(if_nhrp_holdtime, if_nhrp_holdtime_cmd, ++ AFI_CMD " nhrp holdtime <1-65000>", ++ AFI_STR ++ NHRP_STR ++ "Specify NBMA address validity time\n" ++ "Time in seconds that NBMA addresses are advertised valid\n") ++{ ++ struct interface *ifp = vty->index; ++ struct nhrp_interface *nifp = ifp->info; ++ afi_t afi = cmd_to_afi(argv[0]); ++ ++ VTY_GET_INTEGER_RANGE("holdtime", nifp->afi[afi].holdtime, argv[1], 1, 65000); ++ nhrp_interface_update(ifp); ++ ++ return CMD_SUCCESS; ++} ++ ++DEFUN(if_no_nhrp_holdtime, if_no_nhrp_holdtime_cmd, ++ "no " AFI_CMD " nhrp holdtime [1-65000]", ++ NO_STR ++ AFI_STR ++ NHRP_STR ++ "Specify NBMA address validity time\n" ++ "Time in seconds that NBMA addresses are advertised valid\n") ++{ ++ struct interface *ifp = vty->index; ++ struct nhrp_interface *nifp = ifp->info; ++ afi_t afi = cmd_to_afi(argv[0]); ++ ++ nifp->afi[afi].holdtime = NHRPD_DEFAULT_HOLDTIME; ++ nhrp_interface_update(ifp); ++ ++ return CMD_SUCCESS; ++} ++ ++DEFUN(if_nhrp_mtu, if_nhrp_mtu_cmd, ++ "ip nhrp mtu (<576-1500>|opennhrp)", ++ IP_STR ++ NHRP_STR ++ "Configure NHRP advertised MTU\n" ++ "MTU value\n" ++ "Advertise bound interface MTU similar to OpenNHRP") ++{ ++ struct interface *ifp = vty->index; ++ struct nhrp_interface *nifp = ifp->info; ++ ++ if (argv[0][0] == 'o') { ++ nifp->afi[AFI_IP].configured_mtu = -1; ++ } else { ++ VTY_GET_INTEGER_RANGE("mtu", nifp->afi[AFI_IP].configured_mtu, argv[0], 576, 1500); ++ } ++ nhrp_interface_update_mtu(ifp, AFI_IP); ++ ++ return CMD_SUCCESS; ++} ++ ++DEFUN(if_no_nhrp_mtu, if_no_nhrp_mtu_cmd, ++ "no ip nhrp mtu [(<576-1500>|opennhrp)]", ++ NO_STR ++ IP_STR ++ NHRP_STR ++ "Configure NHRP advertised MTU\n" ++ "MTU value\n" ++ "Advertise bound interface MTU similar to OpenNHRP") ++{ ++ struct interface *ifp = vty->index; ++ struct nhrp_interface *nifp = ifp->info; ++ ++ nifp->afi[AFI_IP].configured_mtu = 0; ++ nhrp_interface_update_mtu(ifp, AFI_IP); ++ return CMD_SUCCESS; ++} ++ ++DEFUN(if_nhrp_map, if_nhrp_map_cmd, ++ AFI_CMD " nhrp map (A.B.C.D|X:X::X:X) (A.B.C.D|local)", ++ AFI_STR ++ NHRP_STR ++ "Nexthop Server configuration\n" ++ "IPv4 protocol address\n" ++ "IPv6 protocol address\n" ++ "IPv4 NBMA address\n" ++ "Handle protocol address locally\n") ++{ ++ struct interface *ifp = vty->index; ++ afi_t afi = cmd_to_afi(argv[0]); ++ union sockunion proto_addr, nbma_addr; ++ struct nhrp_cache *c; ++ ++ if (str2sockunion(argv[1], &proto_addr) < 0 || ++ afi2family(afi) != sockunion_family(&proto_addr)) ++ return nhrp_vty_return(vty, NHRP_ERR_PROTOCOL_ADDRESS_MISMATCH); ++ ++ c = nhrp_cache_get(ifp, &proto_addr, 1); ++ if (!c) ++ return nhrp_vty_return(vty, NHRP_ERR_FAIL); ++ ++ c->map = 1; ++ if (strcmp(argv[2], "local") == 0) { ++ nhrp_cache_update_binding(c, NHRP_CACHE_LOCAL, 0, NULL, 0, NULL); ++ } else{ ++ if (str2sockunion(argv[2], &nbma_addr) < 0) ++ return nhrp_vty_return(vty, NHRP_ERR_FAIL); ++ nhrp_cache_update_binding(c, NHRP_CACHE_STATIC, 0, ++ nhrp_peer_get(ifp, &nbma_addr), 0, NULL); ++ } ++ ++ return CMD_SUCCESS; ++} ++ ++DEFUN(if_nhrp_nhs, if_nhrp_nhs_cmd, ++ AFI_CMD " nhrp nhs (A.B.C.D|X:X::X:X|dynamic) nbma (A.B.C.D|FQDN)", ++ AFI_STR ++ NHRP_STR ++ "Nexthop Server configuration\n" ++ "IPv4 protocol address\n" ++ "IPv6 protocol address\n" ++ "Automatic detection of protocol address\n" ++ "IPv4 NBMA address\n" ++ "Fully qualified domain name for NBMA address(es)\n") ++{ ++ struct interface *ifp = vty->index; ++ afi_t afi = cmd_to_afi(argv[0]); ++ union sockunion proto_addr; ++ int ret; ++ ++ if (str2sockunion(argv[1], &proto_addr) < 0) ++ sockunion_family(&proto_addr) = AF_UNSPEC; ++ ++ ret = nhrp_nhs_add(ifp, afi, &proto_addr, argv[2]); ++ return nhrp_vty_return(vty, ret); ++} ++ ++DEFUN(if_no_nhrp_nhs, if_no_nhrp_nhs_cmd, ++ "no " AFI_CMD " nhrp nhs (A.B.C.D|X:X::X:X|dynamic) nbma (A.B.C.D|FQDN)", ++ NO_STR ++ AFI_STR ++ NHRP_STR ++ "Nexthop Server configuration\n" ++ "IPv4 protocol address\n" ++ "IPv6 protocol address\n" ++ "Automatic detection of protocol address\n" ++ "IPv4 NBMA address\n" ++ "Fully qualified domain name for NBMA address(es)\n") ++{ ++ struct interface *ifp = vty->index; ++ afi_t afi = cmd_to_afi(argv[0]); ++ union sockunion proto_addr; ++ int ret; ++ ++ if (str2sockunion(argv[1], &proto_addr) < 0) ++ sockunion_family(&proto_addr) = AF_UNSPEC; ++ ++ ret = nhrp_nhs_del(ifp, afi, &proto_addr, argv[2]); ++ return nhrp_vty_return(vty, ret); ++} ++ ++struct info_ctx { ++ struct vty *vty; ++ afi_t afi; ++ int count; ++}; ++ ++static void show_ip_nhrp_cache(struct nhrp_cache *c, void *pctx) ++{ ++ struct info_ctx *ctx = pctx; ++ struct vty *vty = ctx->vty; ++ char buf[2][SU_ADDRSTRLEN]; ++ ++ if (ctx->afi != family2afi(sockunion_family(&c->remote_addr))) ++ return; ++ ++ if (!ctx->count) { ++ vty_out(vty, "%-8s %-8s %-24s %-24s %-6s %s%s", ++ "Iface", ++ "Type", ++ "Protocol", ++ "NBMA", ++ "Flags", ++ "Identity", ++ VTY_NEWLINE); ++ } ++ ctx->count++; ++ ++ vty_out(ctx->vty, "%-8s %-8s %-24s %-24s %c%c%c %s%s", ++ c->ifp->name, ++ nhrp_cache_type_str[c->cur.type], ++ sockunion2str(&c->remote_addr, buf[0], sizeof buf[0]), ++ c->cur.peer ? sockunion2str(&c->cur.peer->vc->remote.nbma, buf[1], sizeof buf[1]) : "-", ++ c->used ? 'U' : ' ', ++ c->t_timeout ? 'T' : ' ', ++ c->t_auth ? 'A' : ' ', ++ c->cur.peer ? c->cur.peer->vc->remote.id : "-", ++ VTY_NEWLINE); ++} ++ ++static void show_ip_opennhrp_cache(struct nhrp_cache *c, void *pctx) ++{ ++ struct info_ctx *ctx = pctx; ++ struct vty *vty = ctx->vty; ++ char buf[SU_ADDRSTRLEN]; ++ ++ if (ctx->afi != family2afi(sockunion_family(&c->remote_addr))) ++ return; ++ ++ vty_out(ctx->vty, ++ "Type: %s%s" ++ "Flags:%s%s%s" ++ "Protocol-Address: %s/%zu%s", ++ nhrp_cache_type_str[c->cur.type], ++ VTY_NEWLINE, ++ (c->cur.peer && c->cur.peer->online) ? " up": "", ++ c->used ? " used": "", ++ VTY_NEWLINE, ++ sockunion2str(&c->remote_addr, buf, sizeof buf), ++ 8 * family2addrsize(sockunion_family(&c->remote_addr)), ++ VTY_NEWLINE); ++ ++ if (c->cur.peer) { ++ vty_out(ctx->vty, ++ "NBMA-Address: %s%s", ++ sockunion2str(&c->cur.peer->vc->remote.nbma, buf, sizeof buf), ++ VTY_NEWLINE); ++ } ++ ++ if (sockunion_family(&c->cur.remote_nbma_natoa) != AF_UNSPEC) { ++ vty_out(ctx->vty, ++ "NBMA-NAT-OA-Address: %s%s", ++ sockunion2str(&c->cur.remote_nbma_natoa, buf, sizeof buf), ++ VTY_NEWLINE); ++ } ++ ++ vty_out(ctx->vty, "%s", VTY_NEWLINE); ++} ++ ++static void show_ip_nhrp_shortcut(struct nhrp_shortcut *s, void *pctx) ++{ ++ struct info_ctx *ctx = pctx; ++ struct nhrp_cache *c; ++ struct vty *vty = ctx->vty; ++ char buf1[PREFIX_STRLEN], buf2[SU_ADDRSTRLEN]; ++ ++ if (!ctx->count) { ++ vty_out(vty, "%-8s %-24s %-24s %s%s", ++ "Type", ++ "Prefix", ++ "Via", ++ "Identity", ++ VTY_NEWLINE); ++ } ++ ctx->count++; ++ ++ c = s->cache; ++ vty_out(ctx->vty, "%-8s %-24s %-24s %s%s", ++ nhrp_cache_type_str[s->type], ++ prefix2str(s->p, buf1, sizeof buf1), ++ c ? sockunion2str(&c->remote_addr, buf2, sizeof buf2) : "", ++ (c && c->cur.peer) ? c->cur.peer->vc->remote.id : "", ++ VTY_NEWLINE); ++} ++ ++DEFUN(show_ip_nhrp, show_ip_nhrp_cmd, ++ "show " AFI_CMD " nhrp (cache|shortcut|opennhrp|)", ++ SHOW_STR ++ AFI_STR ++ "NHRP information\n" ++ "Forwarding cache information\n" ++ "Shortcut information\n" ++ "opennhrpctl style cache dump\n") ++{ ++ struct listnode *node; ++ struct interface *ifp; ++ struct info_ctx ctx = { ++ .vty = vty, ++ .afi = cmd_to_afi(argv[0]), ++ }; ++ ++ if (!argv[1] || argv[1][0] == 'c') { ++ for (ALL_LIST_ELEMENTS_RO(iflist, node, ifp)) ++ nhrp_cache_foreach(ifp, show_ip_nhrp_cache, &ctx); ++ } else if (argv[1][0] == 'o') { ++ vty_out(vty, "Status: ok%s%s", VTY_NEWLINE, VTY_NEWLINE); ++ ctx.count++; ++ for (ALL_LIST_ELEMENTS_RO(iflist, node, ifp)) ++ nhrp_cache_foreach(ifp, show_ip_opennhrp_cache, &ctx); ++ } else { ++ nhrp_shortcut_foreach(ctx.afi, show_ip_nhrp_shortcut, &ctx); ++ } ++ ++ if (!ctx.count) { ++ vty_out(vty, "%% No entries%s", VTY_NEWLINE); ++ return CMD_WARNING; ++ } ++ ++ return CMD_SUCCESS; ++} ++ ++static void show_dmvpn_entry(struct nhrp_vc *vc, void *ctx) ++{ ++ struct vty *vty = ctx; ++ char buf[2][SU_ADDRSTRLEN]; ++ ++ vty_out(vty, "%-24s %-24s %c %-4d %-24s%s", ++ sockunion2str(&vc->local.nbma, buf[0], sizeof buf[0]), ++ sockunion2str(&vc->remote.nbma, buf[1], sizeof buf[1]), ++ notifier_active(&vc->notifier_list) ? 'n' : ' ', ++ vc->ipsec, ++ vc->remote.id, ++ VTY_NEWLINE); ++} ++ ++DEFUN(show_dmvpn, show_dmvpn_cmd, ++ "show dmvpn", ++ SHOW_STR ++ "DMVPN information\n") ++{ ++ vty_out(vty, "%-24s %-24s %-6s %-4s %-24s%s", ++ "Src", ++ "Dst", ++ "Flags", ++ "SAs", ++ "Identity", ++ VTY_NEWLINE); ++ ++ nhrp_vc_foreach(show_dmvpn_entry, vty); ++ ++ return CMD_SUCCESS; ++} ++ ++static void clear_nhrp_cache(struct nhrp_cache *c, void *data) ++{ ++ struct info_ctx *ctx = data; ++ if (c->cur.type <= NHRP_CACHE_CACHED) { ++ nhrp_cache_update_binding(c, c->cur.type, -1, NULL, 0, NULL); ++ ctx->count++; ++ } ++} ++ ++static void clear_nhrp_shortcut(struct nhrp_shortcut *s, void *data) ++{ ++ struct info_ctx *ctx = data; ++ nhrp_shortcut_purge(s, 1); ++ ctx->count++; ++} ++ ++DEFUN(clear_nhrp, clear_nhrp_cmd, ++ "clear " AFI_CMD " nhrp (cache|shortcut)", ++ CLEAR_STR ++ AFI_STR ++ NHRP_STR ++ "Dynamic cache entries\n" ++ "Shortcut entries\n") ++{ ++ struct listnode *node; ++ struct interface *ifp; ++ struct info_ctx ctx = { ++ .vty = vty, ++ .afi = cmd_to_afi(argv[0]), ++ .count = 0, ++ }; ++ ++ if (!argv[1] || argv[1][0] == 'c') { ++ for (ALL_LIST_ELEMENTS_RO(iflist, node, ifp)) ++ nhrp_cache_foreach(ifp, clear_nhrp_cache, &ctx); ++ } else { ++ nhrp_shortcut_foreach(ctx.afi, clear_nhrp_shortcut, &ctx); ++ } ++ ++ if (!ctx.count) { ++ vty_out(vty, "%% No entries%s", VTY_NEWLINE); ++ return CMD_WARNING; ++ } ++ ++ vty_out(vty, "%% %d entries cleared%s", ctx.count, VTY_NEWLINE); ++ return CMD_SUCCESS; ++} ++ ++struct write_map_ctx { ++ struct vty *vty; ++ int family; ++ const char *aficmd; ++}; ++ ++static void interface_config_write_nhrp_map(struct nhrp_cache *c, void *data) ++{ ++ struct write_map_ctx *ctx = data; ++ struct vty *vty = ctx->vty; ++ char buf[2][SU_ADDRSTRLEN]; ++ ++ if (!c->map) return; ++ if (sockunion_family(&c->remote_addr) != ctx->family) return; ++ ++ vty_out(vty, " %s nhrp map %s %s%s", ++ ctx->aficmd, ++ sockunion2str(&c->remote_addr, buf[0], sizeof buf[0]), ++ c->cur.type == NHRP_CACHE_LOCAL ? "local" : ++ sockunion2str(&c->cur.peer->vc->remote.nbma, buf[1], sizeof buf[1]), ++ VTY_NEWLINE); ++} ++ ++static int interface_config_write(struct vty *vty) ++{ ++ struct write_map_ctx mapctx; ++ struct listnode *node; ++ struct interface *ifp; ++ struct nhrp_interface *nifp; ++ struct nhrp_nhs *nhs; ++ const char *aficmd; ++ afi_t afi; ++ char buf[SU_ADDRSTRLEN]; ++ int i; ++ ++ for (ALL_LIST_ELEMENTS_RO(iflist, node, ifp)) { ++ vty_out(vty, "interface %s%s", ifp->name, VTY_NEWLINE); ++ if (ifp->desc) ++ vty_out(vty, " description %s%s", ifp->desc, VTY_NEWLINE); ++ ++ nifp = ifp->info; ++ if (nifp->ipsec_profile) { ++ vty_out(vty, " tunnel protection vici profile %s", ++ nifp->ipsec_profile); ++ if (nifp->ipsec_fallback_profile) ++ vty_out(vty, " fallback-profile %s", ++ nifp->ipsec_fallback_profile); ++ vty_out(vty, "%s", VTY_NEWLINE); ++ } ++ if (nifp->source) ++ vty_out(vty, " tunnel source %s%s", ++ nifp->source, VTY_NEWLINE); ++ ++ for (afi = 0; afi < AFI_MAX; afi++) { ++ struct nhrp_afi_data *ad = &nifp->afi[afi]; ++ ++ aficmd = afi_to_cmd(afi); ++ ++ if (ad->network_id) ++ vty_out(vty, " %s nhrp network-id %u%s", ++ aficmd, ad->network_id, ++ VTY_NEWLINE); ++ ++ if (ad->holdtime != NHRPD_DEFAULT_HOLDTIME) ++ vty_out(vty, " %s nhrp holdtime %u%s", ++ aficmd, ad->holdtime, ++ VTY_NEWLINE); ++ ++ if (ad->configured_mtu < 0) ++ vty_out(vty, " %s nhrp mtu opennhrp%s", ++ aficmd, VTY_NEWLINE); ++ else if (ad->configured_mtu) ++ vty_out(vty, " %s nhrp mtu %u%s", ++ aficmd, ad->configured_mtu, ++ VTY_NEWLINE); ++ ++ for (i = 0; interface_flags_desc[i].str != NULL; i++) { ++ if (!(ad->flags & interface_flags_desc[i].key)) ++ continue; ++ vty_out(vty, " %s nhrp %s%s", ++ aficmd, interface_flags_desc[i].str, VTY_NEWLINE); ++ } ++ ++ mapctx = (struct write_map_ctx) { ++ .vty = vty, ++ .family = afi2family(afi), ++ .aficmd = aficmd, ++ }; ++ nhrp_cache_foreach(ifp, interface_config_write_nhrp_map, &mapctx); ++ ++ list_for_each_entry(nhs, &ad->nhslist_head, nhslist_entry) { ++ vty_out(vty, " %s nhrp nhs %s nbma %s%s", ++ aficmd, ++ sockunion_family(&nhs->proto_addr) == AF_UNSPEC ? "dynamic" : sockunion2str(&nhs->proto_addr, buf, sizeof buf), ++ nhs->nbma_fqdn, ++ VTY_NEWLINE); ++ } ++ } ++ ++ vty_out (vty, "!%s", VTY_NEWLINE); ++ } ++ ++ return 0; ++} ++ ++void nhrp_config_init(void) ++{ ++ install_node(&zebra_node, nhrp_config_write); ++ install_default(ZEBRA_NODE); ++ ++ /* global commands */ ++ install_element(VIEW_NODE, &show_debugging_nhrp_cmd); ++ install_element(VIEW_NODE, &show_ip_nhrp_cmd); ++ install_element(VIEW_NODE, &show_dmvpn_cmd); ++ install_element(ENABLE_NODE, &show_debugging_nhrp_cmd); ++ install_element(ENABLE_NODE, &show_ip_nhrp_cmd); ++ install_element(ENABLE_NODE, &show_dmvpn_cmd); ++ install_element(ENABLE_NODE, &clear_nhrp_cmd); ++ ++ install_element(ENABLE_NODE, &debug_nhrp_cmd); ++ install_element(ENABLE_NODE, &no_debug_nhrp_cmd); ++ ++ install_element(CONFIG_NODE, &debug_nhrp_cmd); ++ install_element(CONFIG_NODE, &no_debug_nhrp_cmd); ++ ++ install_element(CONFIG_NODE, &nhrp_event_socket_cmd); ++ install_element(CONFIG_NODE, &no_nhrp_event_socket_cmd); ++ install_element(CONFIG_NODE, &nhrp_nflog_group_cmd); ++ install_element(CONFIG_NODE, &no_nhrp_nflog_group_cmd); ++ ++ /* interface specific commands */ ++ install_node(&nhrp_interface_node, interface_config_write); ++ install_default(INTERFACE_NODE); ++ ++ install_element(CONFIG_NODE, &interface_cmd); ++ install_element(CONFIG_NODE, &no_interface_cmd); ++ install_element(INTERFACE_NODE, &interface_cmd); ++ install_element(INTERFACE_NODE, &no_interface_cmd); ++ install_element(INTERFACE_NODE, &tunnel_protection_cmd); ++ install_element(INTERFACE_NODE, &no_tunnel_protection_cmd); ++ install_element(INTERFACE_NODE, &tunnel_source_cmd); ++ install_element(INTERFACE_NODE, &no_tunnel_source_cmd); ++ install_element(INTERFACE_NODE, &if_nhrp_network_id_cmd); ++ install_element(INTERFACE_NODE, &if_no_nhrp_network_id_cmd); ++ install_element(INTERFACE_NODE, &if_nhrp_holdtime_cmd); ++ install_element(INTERFACE_NODE, &if_no_nhrp_holdtime_cmd); ++ install_element(INTERFACE_NODE, &if_nhrp_mtu_cmd); ++ install_element(INTERFACE_NODE, &if_no_nhrp_mtu_cmd); ++ install_element(INTERFACE_NODE, &if_nhrp_flags_cmd); ++ install_element(INTERFACE_NODE, &if_no_nhrp_flags_cmd); ++ install_element(INTERFACE_NODE, &if_nhrp_reg_flags_cmd); ++ install_element(INTERFACE_NODE, &if_no_nhrp_reg_flags_cmd); ++ install_element(INTERFACE_NODE, &if_nhrp_map_cmd); ++ install_element(INTERFACE_NODE, &if_nhrp_nhs_cmd); ++ install_element(INTERFACE_NODE, &if_no_nhrp_nhs_cmd); ++} +diff --git a/nhrpd/nhrpd.h b/nhrpd/nhrpd.h +new file mode 100644 +index 0000000..c8f8816 +--- /dev/null ++++ b/nhrpd/nhrpd.h +@@ -0,0 +1,440 @@ ++/* NHRP daemon internal structures and function prototypes ++ * Copyright (c) 2014-2015 Timo Teräs ++ * ++ * This file is free software: you may copy, redistribute and/or modify ++ * it under the terms of the GNU General Public License as published by ++ * the Free Software Foundation, either version 2 of the License, or ++ * (at your option) any later version. ++ */ ++ ++#ifndef NHRPD_H ++#define NHRPD_H ++ ++#include "list.h" ++ ++#include "zebra.h" ++#include "zbuf.h" ++#include "zclient.h" ++#include "log.h" ++ ++#define NHRPD_DEFAULT_HOLDTIME 7200 ++ ++#define NHRP_DEBUG_COMMON (1 << 0) ++#define NHRP_DEBUG_KERNEL (1 << 1) ++#define NHRP_DEBUG_IF (1 << 2) ++#define NHRP_DEBUG_ROUTE (1 << 3) ++#define NHRP_DEBUG_VICI (1 << 4) ++#define NHRP_DEBUG_EVENT (1 << 5) ++#define NHRP_DEBUG_ALL (0xFFFF) ++ ++#define NHRP_VTY_PORT 2612 ++#define NHRP_DEFAULT_CONFIG "nhrpd.conf" ++ ++#if defined(__GNUC__) && (__GNUC__ >= 3) ++#define likely(_x) __builtin_expect(!!(_x), 1) ++#define unlikely(_x) __builtin_expect(!!(_x), 0) ++#else ++#define likely(_x) !!(_x) ++#define unlikely(_x) !!(_x) ++#endif ++ ++extern unsigned int debug_flags; ++extern struct thread_master *master; ++ ++#if defined __STDC_VERSION__ && __STDC_VERSION__ >= 199901L ++ ++#define debugf(level, ...) \ ++ do { \ ++ if (unlikely(debug_flags & level)) \ ++ zlog_debug(__VA_ARGS__); \ ++ } while(0) ++ ++#elif defined __GNUC__ ++ ++#define debugf(level, _args...) \ ++ do { \ ++ if (unlikely(debug_flags & level)) \ ++ zlog_debug(_args); \ ++ } while(0) ++ ++#else ++ ++static inline void debugf(int level, const char *format, ...) { } ++ ++#endif ++ ++enum { ++ NHRP_OK = 0, ++ NHRP_ERR_FAIL, ++ NHRP_ERR_NO_MEMORY, ++ NHRP_ERR_UNSUPPORTED_INTERFACE, ++ NHRP_ERR_NHRP_NOT_ENABLED, ++ NHRP_ERR_ENTRY_EXISTS, ++ NHRP_ERR_ENTRY_NOT_FOUND, ++ NHRP_ERR_PROTOCOL_ADDRESS_MISMATCH, ++}; ++ ++struct notifier_block; ++ ++typedef void (*notifier_fn_t)(struct notifier_block *, unsigned long); ++ ++struct notifier_block { ++ struct list_head notifier_entry; ++ notifier_fn_t action; ++}; ++ ++struct notifier_list { ++ struct list_head notifier_head; ++}; ++ ++#define NOTIFIER_LIST_INITIALIZER(l) \ ++ { .notifier_head = LIST_INITIALIZER((l)->notifier_head) } ++ ++static inline void notifier_init(struct notifier_list *l) ++{ ++ list_init(&l->notifier_head); ++} ++ ++static inline void notifier_add(struct notifier_block *n, struct notifier_list *l, notifier_fn_t action) ++{ ++ n->action = action; ++ list_add_tail(&n->notifier_entry, &l->notifier_head); ++} ++ ++static inline void notifier_del(struct notifier_block *n) ++{ ++ list_del(&n->notifier_entry); ++} ++ ++static inline void notifier_call(struct notifier_list *l, int cmd) ++{ ++ struct notifier_block *n, *nn; ++ list_for_each_entry_safe(n, nn, &l->notifier_head, notifier_entry) ++ n->action(n, cmd); ++} ++ ++static inline int notifier_active(struct notifier_list *l) ++{ ++ return !list_empty(&l->notifier_head); ++} ++ ++struct resolver_query { ++ void (*callback)(struct resolver_query *, int n, union sockunion *); ++}; ++ ++void resolver_init(void); ++void resolver_resolve(struct resolver_query *query, int af, const char *hostname, void (*cb)(struct resolver_query *, int, union sockunion *)); ++ ++void nhrp_zebra_init(void); ++void nhrp_zebra_terminate(void); ++ ++struct zbuf; ++struct nhrp_vc; ++struct nhrp_cache; ++struct nhrp_nhs; ++struct nhrp_interface; ++ ++#define MAX_ID_LENGTH 64 ++#define MAX_CERT_LENGTH 2048 ++ ++enum nhrp_notify_type { ++ NOTIFY_INTERFACE_UP, ++ NOTIFY_INTERFACE_DOWN, ++ NOTIFY_INTERFACE_CHANGED, ++ NOTIFY_INTERFACE_ADDRESS_CHANGED, ++ NOTIFY_INTERFACE_NBMA_CHANGED, ++ NOTIFY_INTERFACE_MTU_CHANGED, ++ ++ NOTIFY_VC_IPSEC_CHANGED, ++ NOTIFY_VC_IPSEC_UPDATE_NBMA, ++ ++ NOTIFY_PEER_UP, ++ NOTIFY_PEER_DOWN, ++ NOTIFY_PEER_IFCONFIG_CHANGED, ++ NOTIFY_PEER_MTU_CHANGED, ++ NOTIFY_PEER_NBMA_CHANGING, ++ ++ NOTIFY_CACHE_UP, ++ NOTIFY_CACHE_DOWN, ++ NOTIFY_CACHE_DELETE, ++ NOTIFY_CACHE_USED, ++ NOTIFY_CACHE_BINDING_CHANGE, ++}; ++ ++struct nhrp_vc { ++ struct notifier_list notifier_list; ++ uint8_t ipsec; ++ uint8_t updating; ++ uint8_t abort_migration; ++ ++ struct nhrp_vc_peer { ++ union sockunion nbma; ++ char id[MAX_ID_LENGTH]; ++ uint16_t certlen; ++ uint8_t cert[MAX_CERT_LENGTH]; ++ } local, remote; ++}; ++ ++enum nhrp_route_type { ++ NHRP_ROUTE_BLACKHOLE, ++ NHRP_ROUTE_LOCAL, ++ NHRP_ROUTE_NBMA_NEXTHOP, ++ NHRP_ROUTE_OFF_NBMA, ++}; ++ ++struct nhrp_peer { ++ unsigned int ref; ++ unsigned online : 1; ++ unsigned requested : 1; ++ unsigned fallback_requested : 1; ++ unsigned prio : 1; ++ struct notifier_list notifier_list; ++ struct interface *ifp; ++ struct nhrp_vc *vc; ++ struct thread *t_fallback; ++ struct notifier_block vc_notifier, ifp_notifier; ++}; ++ ++struct nhrp_packet_parser { ++ struct interface *ifp; ++ struct nhrp_afi_data *if_ad; ++ struct nhrp_peer *peer; ++ struct zbuf *pkt; ++ struct zbuf payload; ++ struct zbuf extensions; ++ struct nhrp_packet_header *hdr; ++ enum nhrp_route_type route_type; ++ struct prefix route_prefix; ++ union sockunion src_nbma, src_proto, dst_proto; ++}; ++ ++struct nhrp_reqid_pool { ++ struct hash *reqid_hash; ++ uint32_t next_request_id; ++}; ++ ++struct nhrp_reqid { ++ uint32_t request_id; ++ void (*cb)(struct nhrp_reqid *, void *); ++}; ++ ++extern struct nhrp_reqid_pool nhrp_packet_reqid; ++extern struct nhrp_reqid_pool nhrp_event_reqid; ++ ++enum nhrp_cache_type { ++ NHRP_CACHE_INVALID = 0, ++ NHRP_CACHE_INCOMPLETE, ++ NHRP_CACHE_NEGATIVE, ++ NHRP_CACHE_CACHED, ++ NHRP_CACHE_DYNAMIC, ++ NHRP_CACHE_NHS, ++ NHRP_CACHE_STATIC, ++ NHRP_CACHE_LOCAL, ++ NHRP_CACHE_NUM_TYPES ++}; ++ ++extern const char * const nhrp_cache_type_str[]; ++extern unsigned long nhrp_cache_counts[NHRP_CACHE_NUM_TYPES]; ++ ++struct nhrp_cache { ++ struct interface *ifp; ++ union sockunion remote_addr; ++ ++ unsigned map : 1; ++ unsigned used : 1; ++ unsigned route_installed : 1; ++ unsigned nhrp_route_installed : 1; ++ ++ struct notifier_block peer_notifier; ++ struct notifier_block newpeer_notifier; ++ struct notifier_list notifier_list; ++ struct nhrp_reqid eventid; ++ struct thread *t_timeout; ++ struct thread *t_auth; ++ ++ struct { ++ enum nhrp_cache_type type; ++ union sockunion remote_nbma_natoa; ++ struct nhrp_peer *peer; ++ time_t expires; ++ uint32_t mtu; ++ } cur, new; ++}; ++ ++struct nhrp_shortcut { ++ struct prefix *p; ++ union sockunion addr; ++ ++ struct nhrp_reqid reqid; ++ struct thread *t_timer; ++ ++ enum nhrp_cache_type type; ++ unsigned int holding_time; ++ unsigned route_installed : 1; ++ unsigned expiring : 1; ++ ++ struct nhrp_cache *cache; ++ struct notifier_block cache_notifier; ++}; ++ ++struct nhrp_nhs { ++ struct interface *ifp; ++ struct list_head nhslist_entry; ++ ++ unsigned hub : 1; ++ afi_t afi; ++ union sockunion proto_addr; ++ const char *nbma_fqdn; /* IP-address or FQDN */ ++ ++ struct thread *t_resolve; ++ struct resolver_query dns_resolve; ++ struct list_head reglist_head; ++}; ++ ++#define NHRP_IFF_SHORTCUT 0x0001 ++#define NHRP_IFF_REDIRECT 0x0002 ++#define NHRP_IFF_REG_NO_UNIQUE 0x0100 ++ ++struct nhrp_interface { ++ struct interface *ifp; ++ ++ unsigned enabled : 1; ++ ++ char *ipsec_profile, *ipsec_fallback_profile, *source; ++ union sockunion nbma; ++ union sockunion nat_nbma; ++ unsigned int linkidx; ++ uint32_t grekey; ++ ++ struct hash *peer_hash; ++ struct hash *cache_hash; ++ ++ struct notifier_list notifier_list; ++ ++ struct interface *nbmaifp; ++ struct notifier_block nbmanifp_notifier; ++ ++ struct nhrp_afi_data { ++ unsigned flags; ++ unsigned short configured : 1; ++ union sockunion addr; ++ uint32_t network_id; ++ short configured_mtu; ++ unsigned short mtu; ++ unsigned int holdtime; ++ struct list_head nhslist_head; ++ } afi[AFI_MAX]; ++}; ++ ++int sock_open_unix(const char *path); ++ ++void nhrp_interface_init(void); ++void nhrp_interface_update(struct interface *ifp); ++void nhrp_interface_update_mtu(struct interface *ifp, afi_t afi); ++ ++int nhrp_interface_add(int cmd, struct zclient *client, zebra_size_t length, vrf_id_t vrf_id); ++int nhrp_interface_delete(int cmd, struct zclient *client, zebra_size_t length, vrf_id_t vrf_id); ++int nhrp_interface_up(int cmd, struct zclient *client, zebra_size_t length, vrf_id_t vrf_id); ++int nhrp_interface_down(int cmd, struct zclient *client, zebra_size_t length, vrf_id_t vrf_id); ++int nhrp_interface_address_add(int cmd, struct zclient *client, zebra_size_t length, vrf_id_t vrf_id); ++int nhrp_interface_address_delete(int cmd, struct zclient *client, zebra_size_t length, vrf_id_t vrf_id); ++ ++void nhrp_interface_notify_add(struct interface *ifp, struct notifier_block *n, notifier_fn_t fn); ++void nhrp_interface_notify_del(struct interface *ifp, struct notifier_block *n); ++void nhrp_interface_set_protection(struct interface *ifp, const char *profile, const char *fallback_profile); ++void nhrp_interface_set_source(struct interface *ifp, const char *ifname); ++ ++int nhrp_nhs_add(struct interface *ifp, afi_t afi, union sockunion *proto_addr, const char *nbma_fqdn); ++int nhrp_nhs_del(struct interface *ifp, afi_t afi, union sockunion *proto_addr, const char *nbma_fqdn); ++int nhrp_nhs_free(struct nhrp_nhs *nhs); ++void nhrp_nhs_terminate(void); ++ ++void nhrp_route_update_nhrp(const struct prefix *p, struct interface *ifp); ++void nhrp_route_announce(int add, enum nhrp_cache_type type, const struct prefix *p, struct interface *ifp, const union sockunion *nexthop, uint32_t mtu); ++int nhrp_route_read(int command, struct zclient *zclient, zebra_size_t length, vrf_id_t vrf_id); ++int nhrp_route_get_nexthop(const union sockunion *addr, struct prefix *p, union sockunion *via, struct interface **ifp); ++enum nhrp_route_type nhrp_route_address(struct interface *in_ifp, union sockunion *addr, struct prefix *p, struct nhrp_peer **peer); ++ ++void nhrp_config_init(void); ++ ++void nhrp_shortcut_init(void); ++void nhrp_shortcut_terminate(void); ++void nhrp_shortcut_initiate(union sockunion *addr); ++void nhrp_shortcut_foreach(afi_t afi, void (*cb)(struct nhrp_shortcut *, void *), void *ctx); ++void nhrp_shortcut_purge(struct nhrp_shortcut *s, int force); ++void nhrp_shortcut_prefix_change(const struct prefix *p, int deleted); ++ ++struct nhrp_cache *nhrp_cache_get(struct interface *ifp, union sockunion *remote_addr, int create); ++void nhrp_cache_foreach(struct interface *ifp, void (*cb)(struct nhrp_cache *, void *), void *ctx); ++void nhrp_cache_set_used(struct nhrp_cache *, int); ++int nhrp_cache_update_binding(struct nhrp_cache *, enum nhrp_cache_type type, int holding_time, struct nhrp_peer *p, uint32_t mtu, union sockunion *nbma_natoa); ++void nhrp_cache_notify_add(struct nhrp_cache *c, struct notifier_block *, notifier_fn_t); ++void nhrp_cache_notify_del(struct nhrp_cache *c, struct notifier_block *); ++ ++void nhrp_vc_init(void); ++void nhrp_vc_terminate(void); ++struct nhrp_vc *nhrp_vc_get(const union sockunion *src, const union sockunion *dst, int create); ++int nhrp_vc_ipsec_updown(uint32_t child_id, struct nhrp_vc *vc); ++void nhrp_vc_notify_add(struct nhrp_vc *, struct notifier_block *, notifier_fn_t); ++void nhrp_vc_notify_del(struct nhrp_vc *, struct notifier_block *); ++void nhrp_vc_foreach(void (*cb)(struct nhrp_vc *, void *), void *ctx); ++void nhrp_vc_reset(void); ++ ++void vici_init(void); ++void vici_terminate(void); ++void vici_request_vc(const char *profile, union sockunion *src, union sockunion *dst, int prio); ++ ++extern const char *nhrp_event_socket_path; ++ ++void evmgr_init(void); ++void evmgr_terminate(void); ++void evmgr_set_socket(const char *socket); ++void evmgr_notify(const char *name, struct nhrp_cache *c, void (*cb)(struct nhrp_reqid *, void *)); ++ ++struct nhrp_packet_header *nhrp_packet_push( ++ struct zbuf *zb, uint8_t type, ++ const union sockunion *src_nbma, ++ const union sockunion *src_proto, ++ const union sockunion *dst_proto); ++void nhrp_packet_complete(struct zbuf *zb, struct nhrp_packet_header *hdr); ++uint16_t nhrp_packet_calculate_checksum(const uint8_t *pdu, uint16_t len); ++ ++struct nhrp_packet_header *nhrp_packet_pull( ++ struct zbuf *zb, ++ union sockunion *src_nbma, ++ union sockunion *src_proto, ++ union sockunion *dst_proto); ++ ++struct nhrp_cie_header *nhrp_cie_push( ++ struct zbuf *zb, uint8_t code, ++ const union sockunion *nbma, ++ const union sockunion *proto); ++struct nhrp_cie_header *nhrp_cie_pull( ++ struct zbuf *zb, ++ struct nhrp_packet_header *hdr, ++ union sockunion *nbma, ++ union sockunion *proto); ++ ++struct nhrp_extension_header *nhrp_ext_push(struct zbuf *zb, struct nhrp_packet_header *hdr, uint16_t type); ++void nhrp_ext_complete(struct zbuf *zb, struct nhrp_extension_header *ext); ++struct nhrp_extension_header *nhrp_ext_pull(struct zbuf *zb, struct zbuf *payload); ++void nhrp_ext_request(struct zbuf *zb, struct nhrp_packet_header *hdr, struct interface *); ++int nhrp_ext_reply(struct zbuf *zb, struct nhrp_packet_header *hdr, struct interface *ifp, struct nhrp_extension_header *ext, struct zbuf *extpayload); ++ ++uint32_t nhrp_reqid_alloc(struct nhrp_reqid_pool *, struct nhrp_reqid *r, void (*cb)(struct nhrp_reqid *, void *)); ++void nhrp_reqid_free(struct nhrp_reqid_pool *, struct nhrp_reqid *r); ++struct nhrp_reqid *nhrp_reqid_lookup(struct nhrp_reqid_pool *, uint32_t reqid); ++ ++int nhrp_packet_init(void); ++ ++struct nhrp_peer *nhrp_peer_get(struct interface *ifp, const union sockunion *remote_nbma); ++struct nhrp_peer *nhrp_peer_ref(struct nhrp_peer *p); ++void nhrp_peer_unref(struct nhrp_peer *p); ++int nhrp_peer_check(struct nhrp_peer *p, int establish); ++void nhrp_peer_notify_add(struct nhrp_peer *p, struct notifier_block *, notifier_fn_t); ++void nhrp_peer_notify_del(struct nhrp_peer *p, struct notifier_block *); ++void nhrp_peer_recv(struct nhrp_peer *p, struct zbuf *zb); ++void nhrp_peer_send(struct nhrp_peer *p, struct zbuf *zb); ++void nhrp_peer_send_indication(struct interface *ifp, uint16_t, struct zbuf *); ++ ++#endif +diff --git a/nhrpd/os.h b/nhrpd/os.h +new file mode 100644 +index 0000000..0fbe8b0 +--- /dev/null ++++ b/nhrpd/os.h +@@ -0,0 +1,5 @@ ++ ++int os_socket(void); ++int os_sendmsg(const uint8_t *buf, size_t len, int ifindex, const uint8_t *addr, size_t addrlen); ++int os_recvmsg(uint8_t *buf, size_t *len, int *ifindex, uint8_t *addr, size_t *addrlen); ++int os_configure_dmvpn(unsigned int ifindex, const char *ifname, int af); +diff --git a/nhrpd/reqid.c b/nhrpd/reqid.c +new file mode 100644 +index 0000000..24b3199 +--- /dev/null ++++ b/nhrpd/reqid.c +@@ -0,0 +1,49 @@ ++#include "zebra.h" ++#include "hash.h" ++#include "nhrpd.h" ++ ++static unsigned int nhrp_reqid_key(void *data) ++{ ++ struct nhrp_reqid *r = data; ++ return r->request_id; ++} ++ ++static int nhrp_reqid_cmp(const void *data, const void *key) ++{ ++ const struct nhrp_reqid *a = data, *b = key; ++ return a->request_id == b->request_id; ++} ++ ++uint32_t nhrp_reqid_alloc(struct nhrp_reqid_pool *p, struct nhrp_reqid *r, void (*cb)(struct nhrp_reqid *, void *)) ++{ ++ if (!p->reqid_hash) { ++ p->reqid_hash = hash_create(nhrp_reqid_key, nhrp_reqid_cmp); ++ p->next_request_id = 1; ++ } ++ ++ if (r->cb != cb) { ++ r->request_id = p->next_request_id; ++ if (++p->next_request_id == 0) p->next_request_id = 1; ++ r->cb = cb; ++ hash_get(p->reqid_hash, r, hash_alloc_intern); ++ } ++ return r->request_id; ++} ++ ++void nhrp_reqid_free(struct nhrp_reqid_pool *p, struct nhrp_reqid *r) ++{ ++ if (r->cb) { ++ hash_release(p->reqid_hash, r); ++ r->cb = NULL; ++ } ++} ++ ++struct nhrp_reqid *nhrp_reqid_lookup(struct nhrp_reqid_pool *p, uint32_t reqid) ++{ ++ struct nhrp_reqid key; ++ if (!p->reqid_hash) return 0; ++ key.request_id = reqid; ++ return hash_lookup(p->reqid_hash, &key); ++} ++ ++ +diff --git a/nhrpd/resolver.c b/nhrpd/resolver.c +new file mode 100644 +index 0000000..07bdb73 +--- /dev/null ++++ b/nhrpd/resolver.c +@@ -0,0 +1,190 @@ ++/* C-Ares integration to Quagga mainloop ++ * Copyright (c) 2014-2015 Timo Teräs ++ * ++ * This file is free software: you may copy, redistribute and/or modify ++ * it under the terms of the GNU General Public License as published by ++ * the Free Software Foundation, either version 2 of the License, or ++ * (at your option) any later version. ++ */ ++ ++#include <ares.h> ++#include <ares_version.h> ++ ++#include "vector.h" ++#include "thread.h" ++#include "nhrpd.h" ++ ++struct resolver_state { ++ ares_channel channel; ++ struct thread *timeout; ++ vector read_threads, write_threads; ++}; ++ ++static struct resolver_state state; ++ ++#define THREAD_RUNNING ((struct thread *)-1) ++ ++static void resolver_update_timeouts(struct resolver_state *r); ++ ++static int resolver_cb_timeout(struct thread *t) ++{ ++ struct resolver_state *r = THREAD_ARG(t); ++ ++ r->timeout = THREAD_RUNNING; ++ ares_process(r->channel, NULL, NULL); ++ r->timeout = NULL; ++ resolver_update_timeouts(r); ++ ++ return 0; ++} ++ ++static int resolver_cb_socket_readable(struct thread *t) ++{ ++ struct resolver_state *r = THREAD_ARG(t); ++ int fd = THREAD_FD(t); ++ ++ vector_set_index(r->read_threads, fd, THREAD_RUNNING); ++ ares_process_fd(r->channel, fd, ARES_SOCKET_BAD); ++ if (vector_lookup(r->read_threads, fd) == THREAD_RUNNING) { ++ t = NULL; ++ THREAD_READ_ON(master, t, resolver_cb_socket_readable, r, fd); ++ vector_set_index(r->read_threads, fd, t); ++ } ++ resolver_update_timeouts(r); ++ ++ return 0; ++} ++ ++static int resolver_cb_socket_writable(struct thread *t) ++{ ++ struct resolver_state *r = THREAD_ARG(t); ++ int fd = THREAD_FD(t); ++ ++ vector_set_index(r->write_threads, fd, THREAD_RUNNING); ++ ares_process_fd(r->channel, ARES_SOCKET_BAD, fd); ++ if (vector_lookup(r->write_threads, fd) == THREAD_RUNNING) { ++ t = NULL; ++ THREAD_WRITE_ON(master, t, resolver_cb_socket_writable, r, fd); ++ vector_set_index(r->write_threads, fd, t); ++ } ++ resolver_update_timeouts(r); ++ ++ return 0; ++} ++ ++static void resolver_update_timeouts(struct resolver_state *r) ++{ ++ struct timeval *tv, tvbuf; ++ ++ if (r->timeout == THREAD_RUNNING) return; ++ ++ THREAD_OFF(r->timeout); ++ tv = ares_timeout(r->channel, NULL, &tvbuf); ++ if (tv) { ++ unsigned int timeoutms = tv->tv_sec * 1000 + tv->tv_usec / 1000; ++ THREAD_TIMER_MSEC_ON(master, r->timeout, resolver_cb_timeout, r, timeoutms); ++ } ++} ++ ++static void ares_socket_cb(void *data, ares_socket_t fd, int readable, int writable) ++{ ++ struct resolver_state *r = (struct resolver_state *) data; ++ struct thread *t; ++ ++ if (readable) { ++ t = vector_lookup_ensure(r->read_threads, fd); ++ if (!t) { ++ THREAD_READ_ON(master, t, resolver_cb_socket_readable, r, fd); ++ vector_set_index(r->read_threads, fd, t); ++ } ++ } else { ++ t = vector_lookup(r->read_threads, fd); ++ if (t) { ++ if (t != THREAD_RUNNING) { ++ THREAD_OFF(t); ++ } ++ vector_unset(r->read_threads, fd); ++ } ++ } ++ ++ if (writable) { ++ t = vector_lookup_ensure(r->write_threads, fd); ++ if (!t) { ++ THREAD_READ_ON(master, t, resolver_cb_socket_writable, r, fd); ++ vector_set_index(r->write_threads, fd, t); ++ } ++ } else { ++ t = vector_lookup(r->write_threads, fd); ++ if (t) { ++ if (t != THREAD_RUNNING) { ++ THREAD_OFF(t); ++ } ++ vector_unset(r->write_threads, fd); ++ } ++ } ++} ++ ++void resolver_init(void) ++{ ++ struct ares_options ares_opts; ++ ++ state.read_threads = vector_init(1); ++ state.write_threads = vector_init(1); ++ ++ ares_opts = (struct ares_options) { ++ .sock_state_cb = &ares_socket_cb, ++ .sock_state_cb_data = &state, ++ .timeout = 2, ++ .tries = 3, ++ }; ++ ++ ares_init_options(&state.channel, &ares_opts, ++ ARES_OPT_SOCK_STATE_CB | ARES_OPT_TIMEOUT | ++ ARES_OPT_TRIES); ++} ++ ++ ++static void ares_address_cb(void *arg, int status, int timeouts, struct hostent *he) ++{ ++ struct resolver_query *query = (struct resolver_query *) arg; ++ union sockunion addr[16]; ++ size_t i; ++ ++ if (status != ARES_SUCCESS) { ++ debugf(NHRP_DEBUG_COMMON, "[%p] Resolving failed", query); ++ query->callback(query, -1, NULL); ++ query->callback = NULL; ++ return; ++ } ++ ++ for (i = 0; he->h_addr_list[i] != NULL && i < ZEBRA_NUM_OF(addr); i++) { ++ memset(&addr[i], 0, sizeof(addr[i])); ++ addr[i].sa.sa_family = he->h_addrtype; ++ switch (he->h_addrtype) { ++ case AF_INET: ++ memcpy(&addr[i].sin.sin_addr, (uint8_t *) he->h_addr_list[i], he->h_length); ++ break; ++ case AF_INET6: ++ memcpy(&addr[i].sin6.sin6_addr, (uint8_t *) he->h_addr_list[i], he->h_length); ++ break; ++ } ++ } ++ ++ debugf(NHRP_DEBUG_COMMON, "[%p] Resolved with %d results", query, (int) i); ++ query->callback(query, i, &addr[0]); ++ query->callback = NULL; ++} ++ ++void resolver_resolve(struct resolver_query *query, int af, const char *hostname, void (*callback)(struct resolver_query *, int, union sockunion *)) ++{ ++ if (query->callback != NULL) { ++ zlog_err("Trying to resolve '%s', but previous query was not finished yet", hostname); ++ return; ++ } ++ ++ debugf(NHRP_DEBUG_COMMON, "[%p] Resolving '%s'", query, hostname); ++ ++ query->callback = callback; ++ ares_gethostbyname(state.channel, hostname, af, ares_address_cb, query); ++ resolver_update_timeouts(&state); ++} +diff --git a/nhrpd/vici.c b/nhrpd/vici.c +new file mode 100644 +index 0000000..507dd14 +--- /dev/null ++++ b/nhrpd/vici.c +@@ -0,0 +1,482 @@ ++/* strongSwan VICI protocol implementation for NHRP ++ * Copyright (c) 2014-2015 Timo Teräs ++ * ++ * This file is free software: you may copy, redistribute and/or modify ++ * it under the terms of the GNU General Public License as published by ++ * the Free Software Foundation, either version 2 of the License, or ++ * (at your option) any later version. ++ */ ++ ++#include <string.h> ++#include <sys/socket.h> ++#include <sys/un.h> ++ ++#include "thread.h" ++#include "zbuf.h" ++#include "log.h" ++#include "nhrpd.h" ++ ++#include "vici.h" ++ ++#define ERRNO_IO_RETRY(EN) (((EN) == EAGAIN) || ((EN) == EWOULDBLOCK) || ((EN) == EINTR)) ++ ++struct blob { ++ char *ptr; ++ int len; ++}; ++ ++static int blob_equal(const struct blob *b, const char *str) ++{ ++ if (b->len != (int) strlen(str)) return 0; ++ return memcmp(b->ptr, str, b->len) == 0; ++} ++ ++static int blob2buf(const struct blob *b, char *buf, size_t n) ++{ ++ if (b->len >= (int) n) return 0; ++ memcpy(buf, b->ptr, b->len); ++ buf[b->len] = 0; ++ return 1; ++} ++ ++struct vici_conn { ++ struct thread *t_reconnect, *t_read, *t_write; ++ struct zbuf ibuf; ++ struct zbuf_queue obuf; ++ int fd; ++ uint8_t ibuf_data[VICI_MAX_MSGLEN]; ++}; ++ ++struct vici_message_ctx { ++ const char *sections[8]; ++ int nsections; ++}; ++ ++static int vici_reconnect(struct thread *t); ++static void vici_submit_request(struct vici_conn *vici, const char *name, ...); ++ ++static void vici_zbuf_puts(struct zbuf *obuf, const char *str) ++{ ++ size_t len = strlen(str); ++ zbuf_put8(obuf, len); ++ zbuf_put(obuf, str, len); ++} ++ ++static void vici_connection_error(struct vici_conn *vici) ++{ ++ nhrp_vc_reset(); ++ ++ THREAD_OFF(vici->t_read); ++ THREAD_OFF(vici->t_write); ++ zbuf_reset(&vici->ibuf); ++ zbufq_reset(&vici->obuf); ++ ++ close(vici->fd); ++ vici->fd = -1; ++ THREAD_TIMER_ON(master, vici->t_reconnect, vici_reconnect, vici, 2); ++} ++ ++static void vici_parse_message( ++ struct vici_conn *vici, struct zbuf *msg, ++ void (*parser)(struct vici_message_ctx *ctx, enum vici_type_t msgtype, const struct blob *key, const struct blob *val), ++ struct vici_message_ctx *ctx) ++{ ++ uint8_t *type; ++ struct blob key; ++ struct blob val; ++ ++ while ((type = zbuf_may_pull(msg, uint8_t)) != NULL) { ++ switch (*type) { ++ case VICI_SECTION_START: ++ key.len = zbuf_get8(msg); ++ key.ptr = zbuf_pulln(msg, key.len); ++ debugf(NHRP_DEBUG_VICI, "VICI: Section start '%.*s'", key.len, key.ptr); ++ parser(ctx, *type, &key, NULL); ++ ctx->nsections++; ++ break; ++ case VICI_SECTION_END: ++ debugf(NHRP_DEBUG_VICI, "VICI: Section end"); ++ parser(ctx, *type, NULL, NULL); ++ ctx->nsections--; ++ break; ++ case VICI_KEY_VALUE: ++ key.len = zbuf_get8(msg); ++ key.ptr = zbuf_pulln(msg, key.len); ++ val.len = zbuf_get_be16(msg); ++ val.ptr = zbuf_pulln(msg, val.len); ++ debugf(NHRP_DEBUG_VICI, "VICI: Key '%.*s'='%.*s'", key.len, key.ptr, val.len, val.ptr); ++ parser(ctx, *type, &key, &val); ++ break; ++ case VICI_LIST_START: ++ key.len = zbuf_get8(msg); ++ key.ptr = zbuf_pulln(msg, key.len); ++ debugf(NHRP_DEBUG_VICI, "VICI: List start '%.*s'", key.len, key.ptr); ++ break; ++ case VICI_LIST_ITEM: ++ val.len = zbuf_get_be16(msg); ++ val.ptr = zbuf_pulln(msg, val.len); ++ debugf(NHRP_DEBUG_VICI, "VICI: List item: '%.*s'", val.len, val.ptr); ++ parser(ctx, *type, &key, &val); ++ break; ++ case VICI_LIST_END: ++ debugf(NHRP_DEBUG_VICI, "VICI: List end"); ++ break; ++ default: ++ debugf(NHRP_DEBUG_VICI, "VICI: Unsupported message component type %d", *type); ++ return; ++ } ++ } ++} ++ ++struct handle_sa_ctx { ++ struct vici_message_ctx msgctx; ++ int event; ++ int child_ok; ++ int kill_ikesa; ++ uint32_t child_uniqueid, ike_uniqueid; ++ struct { ++ union sockunion host; ++ struct blob id, cert; ++ } local, remote; ++}; ++ ++static void parse_sa_message( ++ struct vici_message_ctx *ctx, ++ enum vici_type_t msgtype, ++ const struct blob *key, const struct blob *val) ++{ ++ struct handle_sa_ctx *sactx = container_of(ctx, struct handle_sa_ctx, msgctx); ++ struct nhrp_vc *vc; ++ char buf[512]; ++ ++ switch (msgtype) { ++ case VICI_SECTION_START: ++ if (ctx->nsections == 3) { ++ /* Begin of child-sa section, reset child vars */ ++ sactx->child_uniqueid = 0; ++ sactx->child_ok = 0; ++ } ++ break; ++ case VICI_SECTION_END: ++ if (ctx->nsections == 3) { ++ /* End of child-sa section, update nhrp_vc */ ++ int up = sactx->child_ok || sactx->event == 1; ++ if (up) { ++ vc = nhrp_vc_get(&sactx->local.host, &sactx->remote.host, up); ++ if (vc) { ++ blob2buf(&sactx->local.id, vc->local.id, sizeof(vc->local.id)); ++ if (blob2buf(&sactx->local.cert, (char*)vc->local.cert, sizeof(vc->local.cert))) ++ vc->local.certlen = sactx->local.cert.len; ++ blob2buf(&sactx->remote.id, vc->remote.id, sizeof(vc->remote.id)); ++ if (blob2buf(&sactx->remote.cert, (char*)vc->remote.cert, sizeof(vc->remote.cert))) ++ vc->remote.certlen = sactx->remote.cert.len; ++ sactx->kill_ikesa |= nhrp_vc_ipsec_updown(sactx->child_uniqueid, vc); ++ } ++ } else { ++ nhrp_vc_ipsec_updown(sactx->child_uniqueid, 0); ++ } ++ } ++ break; ++ default: ++ switch (key->ptr[0]) { ++ case 'l': ++ if (blob_equal(key, "local-host") && ctx->nsections == 1) { ++ if (blob2buf(val, buf, sizeof(buf))) ++ str2sockunion(buf, &sactx->local.host); ++ } else if (blob_equal(key, "local-id") && ctx->nsections == 1) { ++ sactx->local.id = *val; ++ } else if (blob_equal(key, "local-cert-data") && ctx->nsections == 1) { ++ sactx->local.cert = *val; ++ } ++ break; ++ case 'r': ++ if (blob_equal(key, "remote-host") && ctx->nsections == 1) { ++ if (blob2buf(val, buf, sizeof(buf))) ++ str2sockunion(buf, &sactx->remote.host); ++ } else if (blob_equal(key, "remote-id") && ctx->nsections == 1) { ++ sactx->remote.id = *val; ++ } else if (blob_equal(key, "remote-cert-data") && ctx->nsections == 1) { ++ sactx->remote.cert = *val; ++ } ++ break; ++ case 'u': ++ if (blob_equal(key, "uniqueid") && blob2buf(val, buf, sizeof(buf))) { ++ if (ctx->nsections == 3) ++ sactx->child_uniqueid = strtoul(buf, NULL, 0); ++ else if (ctx->nsections == 1) ++ sactx->ike_uniqueid = strtoul(buf, NULL, 0); ++ } ++ break; ++ case 's': ++ if (blob_equal(key, "state") && ctx->nsections == 3) { ++ sactx->child_ok = ++ (sactx->event == 0 && ++ (blob_equal(val, "INSTALLED") || ++ blob_equal(val, "REKEYED"))); ++ } ++ break; ++ } ++ break; ++ } ++} ++ ++static void vici_recv_sa(struct vici_conn *vici, struct zbuf *msg, int event) ++{ ++ char buf[32]; ++ struct handle_sa_ctx ctx = { ++ .event = event, ++ }; ++ ++ vici_parse_message(vici, msg, parse_sa_message, &ctx.msgctx); ++ ++ if (ctx.kill_ikesa && ctx.ike_uniqueid) { ++ debugf(NHRP_DEBUG_COMMON, "VICI: Deleting IKE_SA %u", ctx.ike_uniqueid); ++ snprintf(buf, sizeof buf, "%u", ctx.ike_uniqueid); ++ vici_submit_request( ++ vici, "terminate", ++ VICI_KEY_VALUE, "ike-id", strlen(buf), buf, ++ VICI_END); ++ } ++} ++ ++static void vici_recv_message(struct vici_conn *vici, struct zbuf *msg) ++{ ++ uint32_t msglen; ++ uint8_t msgtype; ++ struct blob name; ++ ++ msglen = zbuf_get_be32(msg); ++ msgtype = zbuf_get8(msg); ++ debugf(NHRP_DEBUG_VICI, "VICI: Message %d, %d bytes", msgtype, msglen); ++ ++ switch (msgtype) { ++ case VICI_EVENT: ++ name.len = zbuf_get8(msg); ++ name.ptr = zbuf_pulln(msg, name.len); ++ ++ debugf(NHRP_DEBUG_VICI, "VICI: Event '%.*s'", name.len, name.ptr); ++ if (blob_equal(&name, "list-sa") || ++ blob_equal(&name, "child-updown") || ++ blob_equal(&name, "child-rekey")) ++ vici_recv_sa(vici, msg, 0); ++ else if (blob_equal(&name, "child-state-installed") || ++ blob_equal(&name, "child-state-rekeyed")) ++ vici_recv_sa(vici, msg, 1); ++ else if (blob_equal(&name, "child-state-destroying")) ++ vici_recv_sa(vici, msg, 2); ++ break; ++ case VICI_EVENT_UNKNOWN: ++ zlog_err("VICI: StrongSwan does not support mandatory events (unpatched?)"); ++ break; ++ case VICI_EVENT_CONFIRM: ++ case VICI_CMD_RESPONSE: ++ break; ++ default: ++ zlog_notice("VICI: Unrecognized message type %d", msgtype); ++ break; ++ } ++} ++ ++static int vici_read(struct thread *t) ++{ ++ struct vici_conn *vici = THREAD_ARG(t); ++ struct zbuf *ibuf = &vici->ibuf; ++ struct zbuf pktbuf; ++ ++ vici->t_read = NULL; ++ if (zbuf_read(ibuf, vici->fd, (size_t) -1) < 0) { ++ vici_connection_error(vici); ++ return 0; ++ } ++ ++ /* Process all messages in buffer */ ++ do { ++ uint32_t *hdrlen = zbuf_may_pull(ibuf, uint32_t); ++ if (!hdrlen) ++ break; ++ if (!zbuf_may_pulln(ibuf, ntohl(*hdrlen))) { ++ zbuf_reset_head(ibuf, hdrlen); ++ break; ++ } ++ ++ /* Handle packet */ ++ zbuf_init(&pktbuf, hdrlen, htonl(*hdrlen)+4, htonl(*hdrlen)+4); ++ vici_recv_message(vici, &pktbuf); ++ } while (1); ++ ++ THREAD_READ_ON(master, vici->t_read, vici_read, vici, vici->fd); ++ return 0; ++} ++ ++static int vici_write(struct thread *t) ++{ ++ struct vici_conn *vici = THREAD_ARG(t); ++ int r; ++ ++ vici->t_write = NULL; ++ r = zbufq_write(&vici->obuf, vici->fd); ++ if (r > 0) { ++ THREAD_WRITE_ON(master, vici->t_write, vici_write, vici, vici->fd); ++ } else if (r < 0) { ++ vici_connection_error(vici); ++ } ++ ++ return 0; ++} ++ ++static void vici_submit(struct vici_conn *vici, struct zbuf *obuf) ++{ ++ if (vici->fd < 0) { ++ zbuf_free(obuf); ++ return; ++ } ++ ++ zbufq_queue(&vici->obuf, obuf); ++ THREAD_WRITE_ON(master, vici->t_write, vici_write, vici, vici->fd); ++} ++ ++static void vici_submit_request(struct vici_conn *vici, const char *name, ...) ++{ ++ struct zbuf *obuf; ++ uint32_t *hdrlen; ++ va_list va; ++ size_t len; ++ int type; ++ ++ obuf = zbuf_alloc(256); ++ if (!obuf) return; ++ ++ hdrlen = zbuf_push(obuf, uint32_t); ++ zbuf_put8(obuf, VICI_CMD_REQUEST); ++ vici_zbuf_puts(obuf, name); ++ ++ va_start(va, name); ++ for (type = va_arg(va, int); type != VICI_END; type = va_arg(va, int)) { ++ zbuf_put8(obuf, type); ++ switch (type) { ++ case VICI_KEY_VALUE: ++ vici_zbuf_puts(obuf, va_arg(va, const char *)); ++ len = va_arg(va, size_t); ++ zbuf_put_be16(obuf, len); ++ zbuf_put(obuf, va_arg(va, void *), len); ++ break; ++ case VICI_END: ++ break; ++ default: ++ break; ++ } ++ } ++ va_end(va); ++ *hdrlen = htonl(zbuf_used(obuf) - 4); ++ vici_submit(vici, obuf); ++} ++ ++static void vici_register_event(struct vici_conn *vici, const char *name) ++{ ++ struct zbuf *obuf; ++ uint32_t *hdrlen; ++ uint8_t namelen; ++ ++ namelen = strlen(name); ++ obuf = zbuf_alloc(4 + 1 + 1 + namelen); ++ if (!obuf) return; ++ ++ hdrlen = zbuf_push(obuf, uint32_t); ++ zbuf_put8(obuf, VICI_EVENT_REGISTER); ++ zbuf_put8(obuf, namelen); ++ zbuf_put(obuf, name, namelen); ++ *hdrlen = htonl(zbuf_used(obuf) - 4); ++ ++ vici_submit(vici, obuf); ++} ++ ++static int vici_reconnect(struct thread *t) ++{ ++ struct vici_conn *vici = THREAD_ARG(t); ++ int fd; ++ ++ vici->t_reconnect = NULL; ++ if (vici->fd >= 0) return 0; ++ ++ fd = sock_open_unix("/var/run/charon.vici"); ++ if (fd < 0) { ++ zlog_warn("%s: failure connecting VICI socket: %s", ++ __PRETTY_FUNCTION__, strerror(errno)); ++ THREAD_TIMER_ON(master, vici->t_reconnect, vici_reconnect, vici, 2); ++ return 0; ++ } ++ ++ debugf(NHRP_DEBUG_COMMON, "VICI: Connected"); ++ vici->fd = fd; ++ THREAD_READ_ON(master, vici->t_read, vici_read, vici, vici->fd); ++ ++ /* Send event subscribtions */ ++ //vici_register_event(vici, "child-updown"); ++ //vici_register_event(vici, "child-rekey"); ++ vici_register_event(vici, "child-state-installed"); ++ vici_register_event(vici, "child-state-rekeyed"); ++ vici_register_event(vici, "child-state-destroying"); ++ vici_register_event(vici, "list-sa"); ++ vici_submit_request(vici, "list-sas", VICI_END); ++ ++ return 0; ++} ++ ++static struct vici_conn vici_connection; ++ ++void vici_init(void) ++{ ++ struct vici_conn *vici = &vici_connection; ++ ++ vici->fd = -1; ++ zbuf_init(&vici->ibuf, vici->ibuf_data, sizeof(vici->ibuf_data), 0); ++ zbufq_init(&vici->obuf); ++ THREAD_TIMER_MSEC_ON(master, vici->t_reconnect, vici_reconnect, vici, 10); ++} ++ ++void vici_terminate(void) ++{ ++} ++ ++void vici_request_vc(const char *profile, union sockunion *src, union sockunion *dst, int prio) ++{ ++ struct vici_conn *vici = &vici_connection; ++ char buf[2][SU_ADDRSTRLEN]; ++ ++ sockunion2str(src, buf[0], sizeof buf[0]); ++ sockunion2str(dst, buf[1], sizeof buf[1]); ++ ++ vici_submit_request( ++ vici, "initiate", ++ VICI_KEY_VALUE, "child", strlen(profile), profile, ++ VICI_KEY_VALUE, "timeout", 2, "-1", ++ VICI_KEY_VALUE, "async", 1, "1", ++ VICI_KEY_VALUE, "init-limits", 1, prio ? "0" : "1", ++ VICI_KEY_VALUE, "my-host", strlen(buf[0]), buf[0], ++ VICI_KEY_VALUE, "other-host", strlen(buf[1]), buf[1], ++ VICI_END); ++} ++ ++int sock_open_unix(const char *path) ++{ ++ int ret, fd; ++ struct sockaddr_un addr; ++ ++ fd = socket(AF_UNIX, SOCK_STREAM, 0); ++ if (fd < 0) ++ return -1; ++ ++ memset(&addr, 0, sizeof (struct sockaddr_un)); ++ addr.sun_family = AF_UNIX; ++ strncpy(addr.sun_path, path, strlen (path)); ++ ++ ret = connect(fd, (struct sockaddr *) &addr, sizeof(addr.sun_family) + strlen(addr.sun_path)); ++ if (ret < 0) { ++ close(fd); ++ return -1; ++ } ++ ++ fcntl(fd, F_SETFL, fcntl(fd, F_GETFL, 0) | O_NONBLOCK); ++ ++ return fd; ++} +diff --git a/nhrpd/vici.h b/nhrpd/vici.h +new file mode 100644 +index 0000000..24b900b +--- /dev/null ++++ b/nhrpd/vici.h +@@ -0,0 +1,24 @@ ++ ++enum vici_type_t { ++ VICI_START = 0, ++ VICI_SECTION_START = 1, ++ VICI_SECTION_END = 2, ++ VICI_KEY_VALUE = 3, ++ VICI_LIST_START = 4, ++ VICI_LIST_ITEM = 5, ++ VICI_LIST_END = 6, ++ VICI_END = 7 ++}; ++ ++enum vici_operation_t { ++ VICI_CMD_REQUEST = 0, ++ VICI_CMD_RESPONSE, ++ VICI_CMD_UNKNOWN, ++ VICI_EVENT_REGISTER, ++ VICI_EVENT_UNREGISTER, ++ VICI_EVENT_CONFIRM, ++ VICI_EVENT_UNKNOWN, ++ VICI_EVENT, ++}; ++ ++#define VICI_MAX_MSGLEN (512*1024) +diff --git a/nhrpd/zbuf.c b/nhrpd/zbuf.c +new file mode 100644 +index 0000000..ead7cfd +--- /dev/null ++++ b/nhrpd/zbuf.c +@@ -0,0 +1,219 @@ ++/* Stream/packet buffer API implementation ++ * Copyright (c) 2014-2015 Timo Teräs ++ * ++ * This file is free software: you may copy, redistribute and/or modify ++ * it under the terms of the GNU General Public License as published by ++ * the Free Software Foundation, either version 2 of the License, or ++ * (at your option) any later version. ++ */ ++ ++#define _GNU_SOURCE ++#include <string.h> ++#include <unistd.h> ++#include <errno.h> ++#include "zassert.h" ++#include "zbuf.h" ++#include "memory.h" ++#include "memtypes.h" ++#include "nhrpd.h" ++ ++#define ERRNO_IO_RETRY(EN) (((EN) == EAGAIN) || ((EN) == EWOULDBLOCK) || ((EN) == EINTR)) ++ ++struct zbuf *zbuf_alloc(size_t size) ++{ ++ struct zbuf *zb; ++ ++ zb = XMALLOC(MTYPE_STREAM_DATA, sizeof(*zb) + size); ++ if (!zb) ++ return NULL; ++ ++ zbuf_init(zb, zb+1, size, 0); ++ zb->allocated = 1; ++ ++ return zb; ++} ++ ++void zbuf_init(struct zbuf *zb, void *buf, size_t len, size_t datalen) ++{ ++ *zb = (struct zbuf) { ++ .buf = buf, ++ .end = (uint8_t *)buf + len, ++ .head = buf, ++ .tail = (uint8_t *)buf + datalen, ++ }; ++} ++ ++void zbuf_free(struct zbuf *zb) ++{ ++ if (zb->allocated) ++ XFREE(MTYPE_STREAM_DATA, zb); ++} ++ ++void zbuf_reset(struct zbuf *zb) ++{ ++ zb->head = zb->tail = zb->buf; ++ zb->error = 0; ++} ++ ++void zbuf_reset_head(struct zbuf *zb, void *ptr) ++{ ++ zassert((void*)zb->buf <= ptr && ptr <= (void*)zb->tail); ++ zb->head = ptr; ++} ++ ++static void zbuf_remove_headroom(struct zbuf *zb) ++{ ++ ssize_t headroom = zbuf_headroom(zb); ++ if (!headroom) ++ return; ++ memmove(zb->buf, zb->head, zbuf_used(zb)); ++ zb->head -= headroom; ++ zb->tail -= headroom; ++} ++ ++ssize_t zbuf_read(struct zbuf *zb, int fd, size_t maxlen) ++{ ++ ssize_t r; ++ ++ if (zb->error) ++ return -3; ++ ++ zbuf_remove_headroom(zb); ++ if (maxlen > zbuf_tailroom(zb)) ++ maxlen = zbuf_tailroom(zb); ++ ++ r = read(fd, zb->tail, maxlen); ++ if (r > 0) zb->tail += r; ++ else if (r == 0) r = -2; ++ else if (r < 0 && ERRNO_IO_RETRY(errno)) r = 0; ++ ++ return r; ++} ++ ++ssize_t zbuf_write(struct zbuf *zb, int fd) ++{ ++ ssize_t r; ++ ++ if (zb->error) ++ return -3; ++ ++ r = write(fd, zb->head, zbuf_used(zb)); ++ if (r > 0) { ++ zb->head += r; ++ if (zb->head == zb->tail) ++ zbuf_reset(zb); ++ } ++ else if (r == 0) r = -2; ++ else if (r < 0 && ERRNO_IO_RETRY(errno)) r = 0; ++ ++ return r; ++} ++ ++ssize_t zbuf_recv(struct zbuf *zb, int fd) ++{ ++ ssize_t r; ++ ++ if (zb->error) ++ return -3; ++ ++ zbuf_remove_headroom(zb); ++ r = recv(fd, zb->tail, zbuf_tailroom(zb), 0); ++ if (r > 0) zb->tail += r; ++ else if (r == 0) r = -2; ++ else if (r < 0 && ERRNO_IO_RETRY(errno)) r = 0; ++ return r; ++} ++ ++ssize_t zbuf_send(struct zbuf *zb, int fd) ++{ ++ ssize_t r; ++ ++ if (zb->error) ++ return -3; ++ ++ r = send(fd, zb->head, zbuf_used(zb), 0); ++ if (r >= 0) ++ zbuf_reset(zb); ++ ++ return r; ++} ++ ++void *zbuf_may_pull_until(struct zbuf *zb, const char *sep, struct zbuf *msg) ++{ ++ size_t seplen = strlen(sep), len; ++ uint8_t *ptr; ++ ++ ptr = memmem(zb->head, zbuf_used(zb), sep, seplen); ++ if (!ptr) return NULL; ++ ++ len = ptr - zb->head + seplen; ++ zbuf_init(msg, zbuf_pulln(zb, len), len, len); ++ return msg->head; ++} ++ ++void zbufq_init(struct zbuf_queue *zbq) ++{ ++ *zbq = (struct zbuf_queue) { ++ .queue_head = LIST_INITIALIZER(zbq->queue_head), ++ }; ++} ++ ++void zbufq_reset(struct zbuf_queue *zbq) ++{ ++ struct zbuf *buf, *bufn; ++ ++ list_for_each_entry_safe(buf, bufn, &zbq->queue_head, queue_list) { ++ list_del(&buf->queue_list); ++ zbuf_free(buf); ++ } ++} ++ ++void zbufq_queue(struct zbuf_queue *zbq, struct zbuf *zb) ++{ ++ list_add_tail(&zb->queue_list, &zbq->queue_head); ++} ++ ++int zbufq_write(struct zbuf_queue *zbq, int fd) ++{ ++ struct iovec iov[16]; ++ struct zbuf *zb, *zbn; ++ ssize_t r; ++ size_t iovcnt = 0; ++ ++ list_for_each_entry_safe(zb, zbn, &zbq->queue_head, queue_list) { ++ iov[iovcnt++] = (struct iovec) { ++ .iov_base = zb->head, ++ .iov_len = zbuf_used(zb), ++ }; ++ if (iovcnt >= ZEBRA_NUM_OF(iov)) ++ break; ++ } ++ ++ r = writev(fd, iov, iovcnt); ++ if (r < 0) ++ return r; ++ ++ list_for_each_entry_safe(zb, zbn, &zbq->queue_head, queue_list) { ++ if (r < (ssize_t)zbuf_used(zb)) { ++ zb->head += r; ++ return 1; ++ } ++ ++ r -= zbuf_used(zb); ++ list_del(&zb->queue_list); ++ zbuf_free(zb); ++ } ++ ++ return 0; ++} ++ ++void zbuf_copy(struct zbuf *zdst, struct zbuf *zsrc, size_t len) ++{ ++ const void *src; ++ void *dst; ++ ++ dst = zbuf_pushn(zdst, len); ++ src = zbuf_pulln(zsrc, len); ++ if (!dst || !src) return; ++ memcpy(dst, src, len); ++} +diff --git a/nhrpd/zbuf.h b/nhrpd/zbuf.h +new file mode 100644 +index 0000000..73d7073 +--- /dev/null ++++ b/nhrpd/zbuf.h +@@ -0,0 +1,189 @@ ++/* Stream/packet buffer API ++ * Copyright (c) 2014-2015 Timo Teräs ++ * ++ * This file is free software: you may copy, redistribute and/or modify ++ * it under the terms of the GNU General Public License as published by ++ * the Free Software Foundation, either version 2 of the License, or ++ * (at your option) any later version. ++ */ ++ ++#ifndef ZBUF_H ++#define ZBUF_H ++ ++#include <stdint.h> ++#include <string.h> ++#include <endian.h> ++#include <sys/types.h> ++ ++#include "zassert.h" ++#include "list.h" ++ ++struct zbuf { ++ struct list_head queue_list; ++ unsigned allocated : 1; ++ unsigned error : 1; ++ uint8_t *buf, *end; ++ uint8_t *head, *tail; ++}; ++ ++struct zbuf_queue { ++ struct list_head queue_head; ++}; ++ ++struct zbuf *zbuf_alloc(size_t size); ++void zbuf_init(struct zbuf *zb, void *buf, size_t len, size_t datalen); ++void zbuf_free(struct zbuf *zb); ++ ++static inline size_t zbuf_size(struct zbuf *zb) ++{ ++ return zb->end - zb->buf; ++} ++ ++static inline size_t zbuf_used(struct zbuf *zb) ++{ ++ return zb->tail - zb->head; ++} ++ ++static inline size_t zbuf_tailroom(struct zbuf *zb) ++{ ++ return zb->end - zb->tail; ++} ++ ++static inline size_t zbuf_headroom(struct zbuf *zb) ++{ ++ return zb->head - zb->buf; ++} ++ ++void zbuf_reset(struct zbuf *zb); ++void zbuf_reset_head(struct zbuf *zb, void *ptr); ++ssize_t zbuf_read(struct zbuf *zb, int fd, size_t maxlen); ++ssize_t zbuf_write(struct zbuf *zb, int fd); ++ssize_t zbuf_recv(struct zbuf *zb, int fd); ++ssize_t zbuf_send(struct zbuf *zb, int fd); ++ ++static inline void zbuf_set_rerror(struct zbuf *zb) ++{ ++ zb->error = 1; ++ zb->head = zb->tail; ++} ++ ++static inline void zbuf_set_werror(struct zbuf *zb) ++{ ++ zb->error = 1; ++ zb->tail = zb->end; ++} ++ ++static inline void *__zbuf_pull(struct zbuf *zb, size_t size, int error) ++{ ++ void *head = zb->head; ++ if (size > zbuf_used(zb)) { ++ if (error) zbuf_set_rerror(zb); ++ return NULL; ++ } ++ zb->head += size; ++ return head; ++} ++ ++#define zbuf_pull(zb, type) ((type *)__zbuf_pull(zb, sizeof(type), 1)) ++#define zbuf_pulln(zb, sz) ((void *)__zbuf_pull(zb, sz, 1)) ++#define zbuf_may_pull(zb, type) ((type *)__zbuf_pull(zb, sizeof(type), 0)) ++#define zbuf_may_pulln(zb, sz) ((void *)__zbuf_pull(zb, sz, 0)) ++ ++void *zbuf_may_pull_until(struct zbuf *zb, const char *sep, struct zbuf *msg); ++ ++static inline void zbuf_get(struct zbuf *zb, void *dst, size_t len) ++{ ++ void *src = zbuf_pulln(zb, len); ++ if (src) memcpy(dst, src, len); ++} ++ ++static inline uint8_t zbuf_get8(struct zbuf *zb) ++{ ++ uint8_t *src = zbuf_pull(zb, uint8_t); ++ if (src) return *src; ++ return 0; ++} ++ ++static inline uint32_t zbuf_get32(struct zbuf *zb) ++{ ++ struct unaligned32 { ++ uint32_t value; ++ } __attribute__((packed)); ++ ++ struct unaligned32 *v = zbuf_pull(zb, struct unaligned32); ++ if (v) return v->value; ++ return 0; ++} ++ ++static inline uint16_t zbuf_get_be16(struct zbuf *zb) ++{ ++ struct unaligned16 { ++ uint16_t value; ++ } __attribute__((packed)); ++ ++ struct unaligned16 *v = zbuf_pull(zb, struct unaligned16); ++ if (v) return be16toh(v->value); ++ return 0; ++} ++ ++static inline uint32_t zbuf_get_be32(struct zbuf *zb) ++{ ++ return be32toh(zbuf_get32(zb)); ++} ++ ++static inline void *__zbuf_push(struct zbuf *zb, size_t size, int error) ++{ ++ void *tail = zb->tail; ++ if (size > zbuf_tailroom(zb)) { ++ if (error) zbuf_set_werror(zb); ++ return NULL; ++ } ++ zb->tail += size; ++ return tail; ++} ++ ++#define zbuf_push(zb, type) ((type *)__zbuf_push(zb, sizeof(type), 1)) ++#define zbuf_pushn(zb, sz) ((void *)__zbuf_push(zb, sz, 1)) ++#define zbuf_may_push(zb, type) ((type *)__zbuf_may_push(zb, sizeof(type), 0)) ++#define zbuf_may_pushn(zb, sz) ((void *)__zbuf_push(zb, sz, 0)) ++ ++static inline void zbuf_put(struct zbuf *zb, const void *src, size_t len) ++{ ++ void *dst = zbuf_pushn(zb, len); ++ if (dst) memcpy(dst, src, len); ++} ++ ++static inline void zbuf_put8(struct zbuf *zb, uint8_t val) ++{ ++ uint8_t *dst = zbuf_push(zb, uint8_t); ++ if (dst) *dst = val; ++} ++ ++static inline void zbuf_put_be16(struct zbuf *zb, uint16_t val) ++{ ++ struct unaligned16 { ++ uint16_t value; ++ } __attribute__((packed)); ++ ++ struct unaligned16 *v = zbuf_push(zb, struct unaligned16); ++ if (v) v->value = htobe16(val); ++} ++ ++static inline void zbuf_put_be32(struct zbuf *zb, uint32_t val) ++{ ++ struct unaligned32 { ++ uint32_t value; ++ } __attribute__((packed)); ++ ++ struct unaligned32 *v = zbuf_push(zb, struct unaligned32); ++ if (v) v->value = htobe32(val); ++} ++ ++void zbuf_copy(struct zbuf *zb, struct zbuf *src, size_t len); ++ ++void zbufq_init(struct zbuf_queue *); ++void zbufq_reset(struct zbuf_queue *); ++void zbufq_queue(struct zbuf_queue *, struct zbuf *); ++int zbufq_write(struct zbuf_queue *, int); ++ ++#endif +diff --git a/nhrpd/znl.c b/nhrpd/znl.c +new file mode 100644 +index 0000000..2216d97 +--- /dev/null ++++ b/nhrpd/znl.c +@@ -0,0 +1,160 @@ ++/* Netlink helpers for zbuf ++ * Copyright (c) 2014-2015 Timo Teräs ++ * ++ * This file is free software: you may copy, redistribute and/or modify ++ * it under the terms of the GNU General Public License as published by ++ * the Free Software Foundation, either version 2 of the License, or ++ * (at your option) any later version. ++ */ ++ ++#include <fcntl.h> ++#include <errno.h> ++#include <string.h> ++#include <unistd.h> ++#include <sys/types.h> ++#include <sys/socket.h> ++#include <linux/netlink.h> ++#include <linux/rtnetlink.h> ++ ++#include "znl.h" ++ ++#define ZNL_ALIGN(len) (((len)+3) & ~3) ++ ++void *znl_push(struct zbuf *zb, size_t n) ++{ ++ return zbuf_pushn(zb, ZNL_ALIGN(n)); ++} ++ ++void *znl_pull(struct zbuf *zb, size_t n) ++{ ++ return zbuf_pulln(zb, ZNL_ALIGN(n)); ++} ++ ++struct nlmsghdr *znl_nlmsg_push(struct zbuf *zb, uint16_t type, uint16_t flags) ++{ ++ struct nlmsghdr *n; ++ ++ n = znl_push(zb, sizeof(*n)); ++ if (!n) return NULL; ++ ++ *n = (struct nlmsghdr) { ++ .nlmsg_type = type, ++ .nlmsg_flags = flags, ++ }; ++ return n; ++} ++ ++void znl_nlmsg_complete(struct zbuf *zb, struct nlmsghdr *n) ++{ ++ n->nlmsg_len = zb->tail - (uint8_t*)n; ++} ++ ++struct nlmsghdr *znl_nlmsg_pull(struct zbuf *zb, struct zbuf *payload) ++{ ++ struct nlmsghdr *n; ++ size_t plen; ++ ++ n = znl_pull(zb, sizeof(*n)); ++ if (!n) return NULL; ++ ++ plen = n->nlmsg_len - sizeof(*n); ++ zbuf_init(payload, znl_pull(zb, plen), plen, plen); ++ zbuf_may_pulln(zb, ZNL_ALIGN(plen) - plen); ++ ++ return n; ++} ++ ++struct rtattr *znl_rta_push(struct zbuf *zb, uint16_t type, const void *val, size_t len) ++{ ++ struct rtattr *rta; ++ uint8_t *dst; ++ ++ rta = znl_push(zb, ZNL_ALIGN(sizeof(*rta)) + ZNL_ALIGN(len)); ++ if (!rta) return NULL; ++ ++ *rta = (struct rtattr) { ++ .rta_type = type, ++ .rta_len = ZNL_ALIGN(sizeof(*rta)) + len, ++ }; ++ ++ dst = (uint8_t *)(rta+1); ++ memcpy(dst, val, len); ++ memset(dst+len, 0, ZNL_ALIGN(len) - len); ++ ++ return rta; ++} ++ ++struct rtattr *znl_rta_push_u32(struct zbuf *zb, uint16_t type, uint32_t val) ++{ ++ return znl_rta_push(zb, type, &val, sizeof(val)); ++} ++ ++struct rtattr *znl_rta_nested_push(struct zbuf *zb, uint16_t type) ++{ ++ struct rtattr *rta; ++ ++ rta = znl_push(zb, sizeof(*rta)); ++ if (!rta) return NULL; ++ ++ *rta = (struct rtattr) { ++ .rta_type = type, ++ }; ++ return rta; ++} ++ ++void znl_rta_nested_complete(struct zbuf *zb, struct rtattr *rta) ++{ ++ size_t len = zb->tail - (uint8_t*) rta; ++ size_t align = ZNL_ALIGN(len) - len; ++ ++ if (align) { ++ void *dst = zbuf_pushn(zb, align); ++ if (dst) memset(dst, 0, align); ++ } ++ rta->rta_len = len; ++} ++ ++struct rtattr *znl_rta_pull(struct zbuf *zb, struct zbuf *payload) ++{ ++ struct rtattr *rta; ++ size_t plen; ++ ++ rta = znl_pull(zb, sizeof(*rta)); ++ if (!rta) return NULL; ++ ++ if (rta->rta_len > sizeof(*rta)) { ++ plen = rta->rta_len - sizeof(*rta); ++ zbuf_init(payload, znl_pull(zb, plen), plen, plen); ++ } else { ++ zbuf_init(payload, NULL, 0, 0); ++ } ++ ++ return rta; ++} ++ ++int znl_open(int protocol, int groups) ++{ ++ struct sockaddr_nl addr; ++ int fd, buf = 128 * 1024; ++ ++ fd = socket(AF_NETLINK, SOCK_RAW, protocol); ++ if (fd < 0) ++ return -1; ++ ++ fcntl(fd, F_SETFL, fcntl(fd, F_GETFL, 0) | O_NONBLOCK); ++ fcntl(fd, F_SETFD, FD_CLOEXEC); ++ if (setsockopt(fd, SOL_SOCKET, SO_RCVBUF, &buf, sizeof(buf)) < 0) ++ goto error; ++ ++ memset(&addr, 0, sizeof(addr)); ++ addr.nl_family = AF_NETLINK; ++ addr.nl_groups = groups; ++ if (bind(fd, (struct sockaddr *) &addr, sizeof(addr)) < 0) ++ goto error; ++ ++ return fd; ++error: ++ close(fd); ++ return -1; ++} ++ +diff --git a/nhrpd/znl.h b/nhrpd/znl.h +new file mode 100644 +index 0000000..2cd630b +--- /dev/null ++++ b/nhrpd/znl.h +@@ -0,0 +1,29 @@ ++/* Netlink helpers for zbuf ++ * Copyright (c) 2014-2015 Timo Teräs ++ * ++ * This file is free software: you may copy, redistribute and/or modify ++ * it under the terms of the GNU General Public License as published by ++ * the Free Software Foundation, either version 2 of the License, or ++ * (at your option) any later version. ++ */ ++ ++#include "zbuf.h" ++ ++#define ZNL_BUFFER_SIZE 8192 ++ ++void *znl_push(struct zbuf *zb, size_t n); ++void *znl_pull(struct zbuf *zb, size_t n); ++ ++struct nlmsghdr *znl_nlmsg_push(struct zbuf *zb, uint16_t type, uint16_t flags); ++void znl_nlmsg_complete(struct zbuf *zb, struct nlmsghdr *n); ++struct nlmsghdr *znl_nlmsg_pull(struct zbuf *zb, struct zbuf *payload); ++ ++struct rtattr *znl_rta_push(struct zbuf *zb, uint16_t type, const void *val, size_t len); ++struct rtattr *znl_rta_push_u32(struct zbuf *zb, uint16_t type, uint32_t val); ++struct rtattr *znl_rta_nested_push(struct zbuf *zb, uint16_t type); ++void znl_rta_nested_complete(struct zbuf *zb, struct rtattr *rta); ++ ++struct rtattr *znl_rta_pull(struct zbuf *zb, struct zbuf *payload); ++ ++int znl_open(int protocol, int groups); ++ +diff --git a/vtysh/Makefile.am b/vtysh/Makefile.am +index e44cd49..983103f 100644 +--- a/vtysh/Makefile.am ++++ b/vtysh/Makefile.am +@@ -24,6 +24,7 @@ vtysh_cmd_FILES = $(top_srcdir)/bgpd/*.c $(top_srcdir)/isisd/*.c \ + $(top_srcdir)/ospfd/*.c $(top_srcdir)/ospf6d/*.c \ + $(top_srcdir)/ripd/*.c $(top_srcdir)/ripngd/*.c \ + $(top_srcdir)/pimd/pim_cmd.c \ ++ $(top_srcdir)/nhrpd/nhrp_vty.c \ + $(top_srcdir)/lib/keychain.c $(top_srcdir)/lib/routemap.c \ + $(top_srcdir)/lib/filter.c $(top_srcdir)/lib/plist.c \ + $(top_srcdir)/lib/distribute.c $(top_srcdir)/lib/if_rmap.c \ +diff --git a/vtysh/vtysh.c b/vtysh/vtysh.c +index 2e2203d..1ee8582 100644 +--- a/vtysh/vtysh.c ++++ b/vtysh/vtysh.c +@@ -60,6 +60,7 @@ struct vtysh_client + { .fd = -1, .name = "bgpd", .flag = VTYSH_BGPD, .path = BGP_VTYSH_PATH}, + { .fd = -1, .name = "isisd", .flag = VTYSH_ISISD, .path = ISIS_VTYSH_PATH}, + { .fd = -1, .name = "pimd", .flag = VTYSH_PIMD, .path = PIM_VTYSH_PATH}, ++ { .fd = -1, .name = "nhrpd", .flag = VTYSH_NHRPD, .path = NHRP_VTYSH_PATH}, + }; + + +diff --git a/vtysh/vtysh.h b/vtysh/vtysh.h +index 1681a71..02ff7fd 100644 +--- a/vtysh/vtysh.h ++++ b/vtysh/vtysh.h +@@ -31,9 +31,10 @@ + #define VTYSH_ISISD 0x40 + #define VTYSH_BABELD 0x80 + #define VTYSH_PIMD 0x100 +-#define VTYSH_ALL VTYSH_ZEBRA|VTYSH_RIPD|VTYSH_RIPNGD|VTYSH_OSPFD|VTYSH_OSPF6D|VTYSH_BGPD|VTYSH_ISISD|VTYSH_BABELD|VTYSH_PIMD ++#define VTYSH_NHRPD 0x200 ++#define VTYSH_ALL VTYSH_ZEBRA|VTYSH_RIPD|VTYSH_RIPNGD|VTYSH_OSPFD|VTYSH_OSPF6D|VTYSH_BGPD|VTYSH_ISISD|VTYSH_BABELD|VTYSH_PIMD|VTYSH_NHRPD + #define VTYSH_RMAP VTYSH_ZEBRA|VTYSH_RIPD|VTYSH_RIPNGD|VTYSH_OSPFD|VTYSH_OSPF6D|VTYSH_BGPD|VTYSH_BABELD +-#define VTYSH_INTERFACE VTYSH_ZEBRA|VTYSH_RIPD|VTYSH_RIPNGD|VTYSH_OSPFD|VTYSH_OSPF6D|VTYSH_ISISD|VTYSH_BABELD|VTYSH_PIMD ++#define VTYSH_INTERFACE VTYSH_ZEBRA|VTYSH_RIPD|VTYSH_RIPNGD|VTYSH_OSPFD|VTYSH_OSPF6D|VTYSH_ISISD|VTYSH_BABELD|VTYSH_PIMD|VTYSH_NHRPD + + /* vtysh local configuration file. */ + #define VTYSH_DEFAULT_CONFIG "vtysh.conf" +diff --git a/zebra/zebra_rib.c b/zebra/zebra_rib.c +index abb9560..b03ccc2 100644 +--- a/zebra/zebra_rib.c ++++ b/zebra/zebra_rib.c +@@ -72,6 +72,7 @@ static const struct + [ZEBRA_ROUTE_ISIS] = {ZEBRA_ROUTE_ISIS, 115}, + [ZEBRA_ROUTE_BGP] = {ZEBRA_ROUTE_BGP, 20 /* IBGP is 200. */}, + [ZEBRA_ROUTE_BABEL] = {ZEBRA_ROUTE_BABEL, 95}, ++ [ZEBRA_ROUTE_NHRP] = {ZEBRA_ROUTE_NHRP, 10}, + /* no entry/default: 150 */ + }; + +@@ -1423,6 +1424,7 @@ static const u_char meta_queue_map[ZEBRA_ROUTE_MAX] = { + [ZEBRA_ROUTE_BGP] = 3, + [ZEBRA_ROUTE_HSLS] = 4, + [ZEBRA_ROUTE_BABEL] = 2, ++ [ZEBRA_ROUTE_NHRP] = 2, + }; + + /* Look into the RN and queue it into one or more priority queues, +diff --git a/zebra/zebra_rnh.c b/zebra/zebra_rnh.c +index 5762d3f..98ca6d0 100644 +--- a/zebra/zebra_rnh.c ++++ b/zebra/zebra_rnh.c +@@ -223,15 +223,24 @@ zebra_evaluate_rnh_table (vrf_id_t vrfid, int family) + { + if (CHECK_FLAG (rib->status, RIB_ENTRY_REMOVED)) + continue; +- if (CHECK_FLAG (rib->status, RIB_ENTRY_SELECTED_FIB)) ++ if (! CHECK_FLAG (rib->status, RIB_ENTRY_SELECTED_FIB)) ++ continue; ++ ++ if (CHECK_FLAG(rnh->flags, ZEBRA_NHT_CONNECTED)) + { +- if (CHECK_FLAG(rnh->flags, ZEBRA_NHT_CONNECTED)) ++ if (rib->type == ZEBRA_ROUTE_CONNECT) ++ break; ++ ++ if (rib->type == ZEBRA_ROUTE_NHRP) + { +- if (rib->type == ZEBRA_ROUTE_CONNECT) ++ struct nexthop *nexthop; ++ for (nexthop = rib->nexthop; nexthop; nexthop = nexthop->next) ++ if (nexthop->type == NEXTHOP_TYPE_IFINDEX || ++ nexthop->type == NEXTHOP_TYPE_IFNAME) ++ break; ++ if (nexthop) + break; + } +- else +- break; + } + } + } +diff --git a/zebra/zebra_vty.c b/zebra/zebra_vty.c +index 38f61e9..c73896b 100644 +--- a/zebra/zebra_vty.c ++++ b/zebra/zebra_vty.c +@@ -2121,6 +2121,7 @@ vty_show_ip_route_detail (struct vty *vty, struct route_node *rn, int mcast) + || rib->type == ZEBRA_ROUTE_OSPF6 + || rib->type == ZEBRA_ROUTE_BABEL + || rib->type == ZEBRA_ROUTE_ISIS ++ || rib->type == ZEBRA_ROUTE_NHRP + || rib->type == ZEBRA_ROUTE_BGP) + { + time_t uptime; +@@ -2341,6 +2342,7 @@ vty_show_ip_route (struct vty *vty, struct route_node *rn, struct rib *rib) + || rib->type == ZEBRA_ROUTE_OSPF6 + || rib->type == ZEBRA_ROUTE_BABEL + || rib->type == ZEBRA_ROUTE_ISIS ++ || rib->type == ZEBRA_ROUTE_NHRP + || rib->type == ZEBRA_ROUTE_BGP) + { + time_t uptime; +-- +2.10.1 + diff --git a/main/quagga-nhrp/0006-bgpd-allow-using-ebgp-multihop-for-ibgp-connections.patch b/main/quagga-nhrp/0006-bgpd-allow-using-ebgp-multihop-for-ibgp-connections.patch new file mode 100644 index 0000000000..f38522950a --- /dev/null +++ b/main/quagga-nhrp/0006-bgpd-allow-using-ebgp-multihop-for-ibgp-connections.patch @@ -0,0 +1,69 @@ +From 43b861e1322c492970dcb83db880c27427b13b51 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi> +Date: Wed, 19 Oct 2016 13:45:13 +0300 +Subject: [PATCH] bgpd: allow using ebgp-multihop for ibgp connections +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Allow setting ebgp-multihop for iBGP. It will basically only set +TTL for iBGP connections as the other features of ebgp-multihop +affect only eBGP. This improves compatibility with other +implementations that allow setting TTL for all connections. +Enabling this has similar reasoning as for enabling gtsm for ibgp +(see commit 5d804b439a4138c77). + +Signed-off-by: Timo Teräs <timo.teras@iki.fi> +--- + bgpd/bgp_vty.c | 3 --- + bgpd/bgpd.c | 3 --- + bgpd/bgpd.h | 5 ++--- + 3 files changed, 2 insertions(+), 9 deletions(-) + +diff --git a/bgpd/bgp_vty.c b/bgpd/bgp_vty.c +index 8eeaff9..332ce21 100644 +--- a/bgpd/bgp_vty.c ++++ b/bgpd/bgp_vty.c +@@ -276,9 +276,6 @@ bgp_vty_return (struct vty *vty, int ret) + case BGP_ERR_NO_EBGP_MULTIHOP_WITH_TTLHACK: + str = "ebgp-multihop and ttl-security cannot be configured together"; + break; +- case BGP_ERR_NO_IBGP_WITH_TTLHACK: +- str = "ttl-security only allowed for EBGP peers"; +- break; + } + if (str) + { +diff --git a/bgpd/bgpd.c b/bgpd/bgpd.c +index 56e4322..68ddfc4 100644 +--- a/bgpd/bgpd.c ++++ b/bgpd/bgpd.c +@@ -2865,9 +2865,6 @@ peer_ebgp_multihop_set (struct peer *peer, int ttl) + struct listnode *node, *nnode; + struct peer *peer1; + +- if (peer->sort == BGP_PEER_IBGP) +- return BGP_ERR_NO_IBGP_WITH_TTLHACK; +- + if (peer->gtsm_hops != 0) + return BGP_ERR_NO_EBGP_MULTIHOP_WITH_TTLHACK; + +diff --git a/bgpd/bgpd.h b/bgpd/bgpd.h +index a4c608d..dbdcfa1 100644 +--- a/bgpd/bgpd.h ++++ b/bgpd/bgpd.h +@@ -831,9 +831,8 @@ enum bgp_clear_type + #define BGP_ERR_CANNOT_HAVE_LOCAL_AS_SAME_AS -28 + #define BGP_ERR_TCPSIG_FAILED -29 + #define BGP_ERR_NO_EBGP_MULTIHOP_WITH_TTLHACK -30 +-#define BGP_ERR_NO_IBGP_WITH_TTLHACK -31 +-#define BGP_ERR_CANNOT_HAVE_LOCAL_AS_SAME_AS_REMOTE_AS -32 +-#define BGP_ERR_MAX -33 ++#define BGP_ERR_CANNOT_HAVE_LOCAL_AS_SAME_AS_REMOTE_AS -31 ++#define BGP_ERR_MAX -32 + + extern struct bgp_master *bm; + +-- +2.10.1 + diff --git a/main/quagga-nhrp/APKBUILD b/main/quagga-nhrp/APKBUILD index d03771114a..59cf47cb1c 100644 --- a/main/quagga-nhrp/APKBUILD +++ b/main/quagga-nhrp/APKBUILD @@ -1,10 +1,9 @@ # Maintainer: Timo Teräs <timo.teras@iki.fi> pkgname=quagga-nhrp -pkgver=0.99.24.1_git20151103 -_commitid=dfd18986b0f7503dd2a22b42b69e44d3fdc7a99e -pkgrel=1 +pkgver=1.1.0 +pkgrel=0 pkgdesc="A free routing daemon replacing Zebra supporting RIP, OSPF, BGP and NHRP." -url="http://git.alpinelinux.org/cgit/user/tteras/quagga/commit/?h=nhrp" +url="http://quagga.net/" arch="all" license="GPL2" depends="iproute2" @@ -16,27 +15,29 @@ install="$pkgname.pre-install $pkgname.post-install $pkgname.post-upgrade" subpackages="$pkgname-dev $pkgname-doc $pkgname-dbg" pkgusers="quagga" pkggroups="quagga" -source="quagga-nhrp-$pkgver-$pkgrel.tar.bz2::http://git.alpinelinux.org/cgit/user/tteras/quagga/snapshot/quagga-$_commitid.tar.bz2 - bgpd-route-selection-crash.patch +source="http://download.savannah.gnu.org/releases/quagga/quagga-$pkgver.tar.gz dont-hook-core-signals.patch + 0001-zebra-use-FIB-state-for-nexthop-tracking.patch + 0002-zebra-fix-nht-validity-checking-to-be-same-as-when-i.patch + 0003-bgpd-honor-disable-connected-check-option-with-next-.patch + 0004-bgpd-simplify-ebgp-multihop-and-ttl-security-handlin.patch + 0005-nhrpd-implement-next-hop-resolution-protocol.patch + 0006-bgpd-allow-using-ebgp-multihop-for-ibgp-connections.patch + bgpd.initd zebra.initd zebra.confd " -_builddir="$srcdir"/quagga-$_commitid +builddir="$srcdir"/quagga-$pkgver + prepare() { - cd "$_builddir" - for i in $source; do - case $i in - *.patch) msg $i; patch -p1 -i "$srcdir"/$i || return 1;; - esac - done - ./bootstrap.sh || return 1 + default_prepare + autoreconf } build() { - cd "$_builddir" + cd "$builddir" quagga_cv_ipforward_method=proc \ ./configure \ --build=$CBUILD \ @@ -62,7 +63,7 @@ build() { } package() { - cd "$_builddir" + cd "$builddir" make DESTDIR="$pkgdir" install || return 1 install -o quagga -g quagga -d "$pkgdir"/var/run/quagga @@ -75,21 +76,36 @@ package() { install -Dm644 "$srcdir/zebra.confd" "$pkgdir"/etc/conf.d/zebra install -o quagga -g quagga -d -m755 "$pkgdir"/etc/quagga } -md5sums="5fbd694c92a44ee125c77daa7ee20ce8 quagga-nhrp-0.99.24.1_git20151103-1.tar.bz2 -10c9c745f2f9fdd1d81a4100d44e3313 bgpd-route-selection-crash.patch +md5sums="daa303871e07ea5856aae6fd79e89722 quagga-1.1.0.tar.gz 1224ba91ea6b6e81f583bad7813aba98 dont-hook-core-signals.patch +06f0ae78b129cfc729430c4df9e9f807 0001-zebra-use-FIB-state-for-nexthop-tracking.patch +6769244333af49b9a47268111ee690b6 0002-zebra-fix-nht-validity-checking-to-be-same-as-when-i.patch +78450d646cb3e63899a2223ab2dbce97 0003-bgpd-honor-disable-connected-check-option-with-next-.patch +f8c2e263994a9ca1705127f967d858f0 0004-bgpd-simplify-ebgp-multihop-and-ttl-security-handlin.patch +b4d5c743d457b66ea284db8eb7ff4762 0005-nhrpd-implement-next-hop-resolution-protocol.patch +e1a27c077e323e3f915d4c3b142ca56b 0006-bgpd-allow-using-ebgp-multihop-for-ibgp-connections.patch 09a77e2e84e71c43f5a449738c026261 bgpd.initd 916f1dd1a286ee7b862cda4fe56cbf21 zebra.initd 34e06a1d2bc602ce691abc9ed169dd15 zebra.confd" -sha256sums="5a9251bd59716bda2d5c8ad658542a21e15a48caf3445235e5bb5113abe5577f quagga-nhrp-0.99.24.1_git20151103-1.tar.bz2 -d8d65cc092cf7644b059d4c1b789b223482b0f50ba2cc891da4d71fe083f8cc0 bgpd-route-selection-crash.patch +sha256sums="f7a43a9c59bfd3722002210530b2553c8d5cc05bfea5acd56d4f102b9f55dc63 quagga-1.1.0.tar.gz 4b71588e34ac14f8d6e72e6064b5e4ec302f286ebbe43df94c97411cceb66a23 dont-hook-core-signals.patch +a9cfc74247612640129a0bd8402e78380e35ce86f54ca4aeb40bfcf2a05c5688 0001-zebra-use-FIB-state-for-nexthop-tracking.patch +d290a449084d5be89b124b721a539772ab95e56304d0441723a8811fbd5fa692 0002-zebra-fix-nht-validity-checking-to-be-same-as-when-i.patch +463087091c5fe4ddcc85e476ac56d3bef8c964050b2a45c7b10e670d0c20911b 0003-bgpd-honor-disable-connected-check-option-with-next-.patch +643688c2b3f05b1b307821d0bad18f1452ccebf00d2a5b262ee6fe14f363b14b 0004-bgpd-simplify-ebgp-multihop-and-ttl-security-handlin.patch +6669ebf4398c45c63e97c2caf2b9c76aaeaa29ca88df99835a5bab4dba5a5b52 0005-nhrpd-implement-next-hop-resolution-protocol.patch +4ad0e70d235981c8063395b947a7a677a8d354b130fcf9eb545297e99ce96ddb 0006-bgpd-allow-using-ebgp-multihop-for-ibgp-connections.patch aab037454c6a70cd5cb45e14c47b7dfea358f8d81c7d12418edcf7e58a86c679 bgpd.initd c1d7526581927e990e687cbd5d08447eb060f76a439475572785b5b90c60c460 zebra.initd f7a52d383f60270a5a8fee5d4ac522c5c0ec2b7c4b5252cff54e260f32d9b323 zebra.confd" -sha512sums="b0eff1263b1abc68bbf3539f4abf18138e3e8e91e2c7a4677120ec83535ed9cbb0c7c17dd2e948ce8f3ffc25b9a075e50efacc659febd229149b0a17d3abfd88 quagga-nhrp-0.99.24.1_git20151103-1.tar.bz2 -3317554cc2470f12eb6694f2ada187be4ccc45976ebf09aa487634bbd7a4820a917f3c202bb9d4736771adf33e5eafa45f7bb8dadd2e9872d5fe7885261714b5 bgpd-route-selection-crash.patch +sha512sums="3b29a90c4f05593714bda3c702fd2c8886ce48fba2fbfb98f55cc04d1025edd5427944e9a9fb7cd630e5e8ccea388b72a8e611ab65c370e760f3f319d03f090f quagga-1.1.0.tar.gz 5ef5c5e6d70d991b33b13a062e25b6fbde395dceee36aea29384b0640a48d2957ed5f50d416a1f2f770bf69bae2340133e35b1114be7e1fa722eb6d3d021f37a dont-hook-core-signals.patch +73f23b62a0fdc4a55dc1dab67a7a79cd2968c090dfe264cc6a733c9f0fb844df47e6c876d98211f94e5903c85103020a669bd3dd5bf6cb4f08c1162e030b6b7b 0001-zebra-use-FIB-state-for-nexthop-tracking.patch +4fb238f07b67d927fc1e5ec5cd184fb7a4247dfcb2e2733496db3277da439d2eb9728c634c40cd87a250b890170120f9b613aeb17aaaf054952d2e7ead81e63c 0002-zebra-fix-nht-validity-checking-to-be-same-as-when-i.patch +568c0c9ca2fff36c7ddf52908b8df7028b0f4242ae0329f002460ee632bb4d8067f5e2d3c1dbb5e1fcb513fe30674babf16338b923628ccc2f838b5c23f4fb39 0003-bgpd-honor-disable-connected-check-option-with-next-.patch +de0d14ceb91d6d858b790c276a2bced579696c36c954084892f90d6c36a27bec62cb496b18e11017fad5a1d646149130bf3bcada1f786f2a9939b606491eff15 0004-bgpd-simplify-ebgp-multihop-and-ttl-security-handlin.patch +f731ea78847ce7eca459ebdeb57787380d369f095a3aff4d40aa95da017854f696b8a6e9820371e24948240580d5d691339d79fbb86007c8ea253dabf6eb1036 0005-nhrpd-implement-next-hop-resolution-protocol.patch +dfa33341119fe51caa7bc33b44256f57361f2e3f8192862cca215b312ceb68e6a8c264dbf2a43d6244e6152bfad110cb0fdbefb065d95dd50389cf613d9720b3 0006-bgpd-allow-using-ebgp-multihop-for-ibgp-connections.patch 13b5b57e10df013bd2d931abc49bf76b8c4dee59dbceab22c9f151ccb988b2c5f7167f2909027d5e0f990b59da8de115667b02484aee9a67d347625700f6cacd bgpd.initd 1638a4a64ffd066b1884f7e5a4243edab68739aabd83bd35ea8c9608af7b8623eece1d59fb08feead84e4386b6d1da4220764ccf5fd7f2a9959a8470d5cce86a zebra.initd 900972c6f98e561dfacf384111251db262326e8764b8c763a5ef639fa11c7949c03eef5e3bce324a4b1964fe45416d2db74ae1b6bc967f7d4ba48c2eeda017c4 zebra.confd" diff --git a/main/quagga-nhrp/bgpd-route-selection-crash.patch b/main/quagga-nhrp/bgpd-route-selection-crash.patch deleted file mode 100644 index 473e4e564b..0000000000 --- a/main/quagga-nhrp/bgpd-route-selection-crash.patch +++ /dev/null @@ -1,16 +0,0 @@ -diff --git a/bgpd/bgp_route.c b/bgpd/bgp_route.c -index 34ba1ab..7ade22f 100644 ---- a/bgpd/bgp_route.c -+++ b/bgpd/bgp_route.c -@@ -553,6 +553,11 @@ bgp_info_cmp (struct bgp *bgp, struct bgp_info *new, struct bgp_info *exist, - return 0; - - /* 13. Neighbor address comparision. */ -+ if (new->peer->su_remote == NULL) -+ return 0; -+ if (exist->peer->su_remote == NULL) -+ return 1; -+ - ret = sockunion_cmp (new->peer->su_remote, exist->peer->su_remote); - - if (ret == 1) |