From 6f0e3f6e17687eb25b7b77c4fdc8324837d4700f Mon Sep 17 00:00:00 2001 From: Paul Jakma Date: Thu, 10 May 2007 02:38:51 +0000 Subject: [autoconf] bugs 162,303,178: Fix 'present but can not be compiled' warnings 2007-05-09 Paul Jakma * configure.ac: sys/conf.h depends on sys/param.h, at least on FBSD 6.2. (bug #363) Should check for in_pktinfo for IRDP 2006-05-27 Paul Jakma * configure.ac: General cleanup of header and type checks, introducing an internal define, QUAGGA_INCLUDES, to build up a list of stuff to include so as to avoid 'present but cant be compiled' warnings. Misc additional checks of things missing according to autoscan. Add LIBM, for bgpd's use of libm, so as to avoid burdening LIBS, and all the binaries, with libm linkage. Remove the bad practice of using m4 changequote(), just quote the []'s in the case statements properly. This should fix bugs 162, 303 and 178. * */*.{c,h}: Update all HAVE_* to the standard autoconf namespaced HAVE_* defines. I.e. HAVE_SA_LEN -> HAVE_STRUCT_SOCKADDR_SA_LEN, * bgpd/Makefile.am: Add LIBM to bgpd's LDADD, for pow(). --- bgpd/bgp_network.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'bgpd/bgp_network.c') diff --git a/bgpd/bgp_network.c b/bgpd/bgp_network.c index 61661c0d..8040e47d 100644 --- a/bgpd/bgp_network.c +++ b/bgpd/bgp_network.c @@ -159,9 +159,9 @@ bgp_bind_address (int sock, struct in_addr *addr) memset (&local, 0, sizeof (struct sockaddr_in)); local.sin_family = AF_INET; -#ifdef HAVE_SIN_LEN +#ifdef HAVE_STRUCT_SOCKADDR_IN_SIN_LEN local.sin_len = sizeof(struct sockaddr_in); -#endif /* HAVE_SIN_LEN */ +#endif /* HAVE_STRUCT_SOCKADDR_IN_SIN_LEN */ memcpy (&local.sin_addr, addr, sizeof (struct in_addr)); if ( bgpd_privs.change (ZPRIVS_RAISE) ) @@ -379,9 +379,9 @@ bgp_socket (struct bgp *bgp, unsigned short port) sin.sin_family = AF_INET; sin.sin_port = htons (port); socklen = sizeof (struct sockaddr_in); -#ifdef HAVE_SIN_LEN +#ifdef HAVE_STRUCT_SOCKADDR_IN_SIN_LEN sin.sin_len = socklen; -#endif /* HAVE_SIN_LEN */ +#endif /* HAVE_STRUCT_SOCKADDR_IN_SIN_LEN */ if ( bgpd_privs.change (ZPRIVS_RAISE) ) zlog_err ("bgp_socket: could not raise privs"); -- cgit v1.2.3 From 3a02d1f7fb778a1ea4f45d037f13dfcd126e2337 Mon Sep 17 00:00:00 2001 From: Paul Jakma Date: Thu, 1 Nov 2007 14:29:11 +0000 Subject: 2007-10-30 Nick Hilliard * bgp_main.c: Add 'listenon' argument, to pass address to bind to. * bgp_network.c: (bgp_socket) Extend to take bind address. * bgpd.c: (bgp_init) Pass stored address. * bgpd.h: (struct bgp_master) storage for bind address 2007-11-01 Paul Jakma * tools/multiple-bgpd.sh: New, quick script to launch a bunch of bgpds. --- bgpd/bgp_network.c | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) (limited to 'bgpd/bgp_network.c') diff --git a/bgpd/bgp_network.c b/bgpd/bgp_network.c index 8040e47d..6b8c8a44 100644 --- a/bgpd/bgp_network.c +++ b/bgpd/bgp_network.c @@ -282,7 +282,7 @@ bgp_getsockname (struct peer *peer) /* IPv6 supported version of BGP server socket setup. */ #if defined (HAVE_IPV6) && ! defined (NRL) int -bgp_socket (struct bgp *bgp, unsigned short port) +bgp_socket (struct bgp *bgp, unsigned short port, char *address) { int ret, en; struct addrinfo req; @@ -299,7 +299,7 @@ bgp_socket (struct bgp *bgp, unsigned short port) sprintf (port_str, "%d", port); port_str[sizeof (port_str) - 1] = '\0'; - ret = getaddrinfo (NULL, port_str, &req, &ainfo); + ret = getaddrinfo (address, port_str, &req, &ainfo); if (ret != 0) { zlog_err ("getaddrinfo: %s", gai_strerror (ret)); @@ -357,7 +357,7 @@ bgp_socket (struct bgp *bgp, unsigned short port) #else /* Traditional IPv4 only version. */ int -bgp_socket (struct bgp *bgp, unsigned short port) +bgp_socket (struct bgp *bgp, unsigned short port, char *address) { int sock; int socklen; @@ -379,6 +379,14 @@ bgp_socket (struct bgp *bgp, unsigned short port) sin.sin_family = AF_INET; sin.sin_port = htons (port); socklen = sizeof (struct sockaddr_in); + + ret = inet_aton(address, &sin.sin_addr); + + if (ret < 1) + { + zlog_err("bgp_socket: could not parse ip address %s: ", address, safe_strerror (errno)); + return ret; + } #ifdef HAVE_STRUCT_SOCKADDR_IN_SIN_LEN sin.sin_len = socklen; #endif /* HAVE_STRUCT_SOCKADDR_IN_SIN_LEN */ -- cgit v1.2.3 From 90b68769a1a1d7623cae02be71b7a8e4094455ad Mon Sep 17 00:00:00 2001 From: Paul Jakma Date: Tue, 29 Jan 2008 17:26:34 +0000 Subject: [bgpd] fix crash on startup if compiled IPv4-only 2008-01-29 Jorge Boncompte * bgp_network.c: (bgp_socket) IPv4-only version crashes if -l is not used as address will be null. --- bgpd/bgp_network.c | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) (limited to 'bgpd/bgp_network.c') diff --git a/bgpd/bgp_network.c b/bgpd/bgp_network.c index 6b8c8a44..8452545d 100644 --- a/bgpd/bgp_network.c +++ b/bgpd/bgp_network.c @@ -296,7 +296,7 @@ bgp_socket (struct bgp *bgp, unsigned short port, char *address) req.ai_flags = AI_PASSIVE; req.ai_family = AF_UNSPEC; req.ai_socktype = SOCK_STREAM; - sprintf (port_str, "%d", port); + snprintf (port_str, sizeof(port_str), "%d", port); port_str[sizeof (port_str) - 1] = '\0'; ret = getaddrinfo (address, port_str, &req, &ainfo); @@ -380,11 +380,10 @@ bgp_socket (struct bgp *bgp, unsigned short port, char *address) sin.sin_port = htons (port); socklen = sizeof (struct sockaddr_in); - ret = inet_aton(address, &sin.sin_addr); - - if (ret < 1) + if (address && ((ret = inet_aton(address, &sin.sin_addr)) < 1)) { - zlog_err("bgp_socket: could not parse ip address %s: ", address, safe_strerror (errno)); + zlog_err("bgp_socket: could not parse ip address %s: %s", + address, safe_strerror (errno)); return ret; } #ifdef HAVE_STRUCT_SOCKADDR_IN_SIN_LEN -- cgit v1.2.3 From 0df7c91f048f2116610d6bdfce3ab6cad1981802 Mon Sep 17 00:00:00 2001 From: Paul Jakma Date: Mon, 21 Jul 2008 21:02:49 +0000 Subject: [bgpd] TCP-MD5: password vty configuration and initial Linux support 2008-07-21 Paul Jakma * bgp_packet.c: (bgp_open_receive) fix warning in a zlog call * bgp_vty.c: (bgp_vty_return) add return code * bgpd.c: (bgp_master_init) setup the socket list. * bgp_network.c: Remove the dual IPv4/6 socket thing for now, which was implemented by Michael, until such time as its clear its required for Linux (see sockopt comments). IPv6 support, including IPv4 sessions on AF_INET6 sockets, therefore is broken, and the '-l 0.0.0.0' arguments would need to be given to bgpd to make things work here. 2008-07-21 Michael H. Warfield YOSHIFUJI Hideaki Tomohiko Kusuda Leigh Brown * bgp_network.c: (bgp_md5_set_one) shim between libzebra tcp-md5 sockopt and bgpd. (bgp_md5_set_socket) Helper for bgp_connect (bgp_md5_set) setup TCP-MD5SIG for the given peer. (bgp_connect) call out to bgp_md5_set_socket for the outgoing connect socket. (bgp_socket) save references to the listen sockets, needed if TCP-MD5SIG is applied later or changed. * bgp_vty.c: (*neighbor_password_cmd) New 'neighbor ... password' commands. * bgpd.c: (peer_{new,delete) manage TCP-MD5 password (peer_group2peer_config_copy) inherit TCP-MD5 password (peer_password_{un,}set) orchestrate the whole add/remove of TCP-MD5 passwords: applying checks, stopping peers, and trying to return errors to UI, etc. (bgp_config_write_peer) save password. Fix missing newline in writeout of neighbor ... port. 2008-07-21 Paul Jakma * sockunion.c: ifdef out various places that converted v4mapped sockets to pure v4. Doesn't seem necessary at all, presumably a workaround for now historical inet_ntop bugs (?) 2008-07-21 Michael H. Warfield YOSHIFUJI Hideaki * sockopt.{c,h}: (sockopt_tcp_signature) Add TCP-MD5SIG support. --- bgpd/bgp_network.c | 82 +++++++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 81 insertions(+), 1 deletion(-) (limited to 'bgpd/bgp_network.c') diff --git a/bgpd/bgp_network.c b/bgpd/bgp_network.c index 8452545d..71f3ec7d 100644 --- a/bgpd/bgp_network.c +++ b/bgpd/bgp_network.c @@ -22,12 +22,14 @@ Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA #include "thread.h" #include "sockunion.h" +#include "sockopt.h" #include "memory.h" #include "log.h" #include "if.h" #include "prefix.h" #include "command.h" #include "privs.h" +#include "linklist.h" #include "bgpd/bgpd.h" #include "bgpd/bgp_fsm.h" @@ -37,6 +39,80 @@ Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA extern struct zebra_privs_t bgpd_privs; + +/* + * Set MD5 key for the socket, for the given IPv4 peer address. + * If the password is NULL or zero-length, the option will be disabled. + */ +static int +bgp_md5_set_socket (int socket, union sockunion *su, const char *password) +{ + int ret = -1; + int en = ENOSYS; + + assert (socket >= 0); + +#if HAVE_DECL_TCP_MD5SIG + ret = sockopt_tcp_signature (socket, su, password); + en = errno; +#endif /* HAVE_TCP_MD5SIG */ + + if (ret < 0) + zlog (NULL, LOG_WARNING, "can't set TCP_MD5SIG option on socket %d: %s", + socket, safe_strerror (en)); + + return ret; +} + +/* Helper for bgp_connect */ +static int +bgp_md5_set_connect (int socket, union sockunion *su, const char *password) +{ + int ret = -1; + +#if HAVE_DECL_TCP_MD5SIG + if ( bgpd_privs.change (ZPRIVS_RAISE) ) + { + zlog_err ("%s: could not raise privs", __func__); + return ret; + } + + ret = bgp_md5_set_socket (socket, su, password); + + if (bgpd_privs.change (ZPRIVS_LOWER) ) + zlog_err ("%s: could not lower privs", __func__); +#endif /* HAVE_TCP_MD5SIG */ + + return ret; +} + +int +bgp_md5_set (struct peer *peer) +{ + struct listnode *node; + int fret = 0, ret; + int *socket; + + if ( bgpd_privs.change (ZPRIVS_RAISE) ) + { + zlog_err ("%s: could not raise privs", __func__); + return -1; + } + + /* Just set the password on the listen socket(s). Outbound connections + * are taken care of in bgp_connect() below. + */ + for (ALL_LIST_ELEMENTS_RO(bm->listen_sockets, node, socket)) + { + ret = bgp_md5_set_socket ((int )socket, &peer->su, peer->password); + if (ret < 0) + fret = ret; + } + if (bgpd_privs.change (ZPRIVS_LOWER) ) + zlog_err ("%s: could not lower privs", __func__); + + return fret; +} /* Accept bgp connection. */ static int @@ -237,6 +313,9 @@ bgp_connect (struct peer *peer) sockopt_reuseaddr (peer->fd); sockopt_reuseport (peer->fd); + + if (peer->password) + bgp_md5_set_connect (peer->fd, &peer->su, peer->password); /* Bind socket. */ bgp_bind (peer); @@ -345,7 +424,8 @@ bgp_socket (struct bgp *bgp, unsigned short port, char *address) close (sock); continue; } - + + listnode_add (bm->listen_sockets, (void *)sock); thread_add_read (master, bgp_accept, bgp, sock); } while ((ainfo = ainfo->ai_next) != NULL); -- cgit v1.2.3 From 1423c809cc4ddc2e013ba6264c49a11e5719c6f2 Mon Sep 17 00:00:00 2001 From: Stephen Hemminger Date: Thu, 14 Aug 2008 17:59:25 +0100 Subject: [lib] mes_lookup string lookup table argument should be marked const 2008-08-14 Stephen Hemminger * lib/log.{c,h}: struct message argument should point to const * */*.c: adjust to suit, Signed-off-by: Paul Jakma --- bgpd/bgp_network.c | 14 ++++++++++++++ 1 file changed, 14 insertions(+) (limited to 'bgpd/bgp_network.c') diff --git a/bgpd/bgp_network.c b/bgpd/bgp_network.c index 71f3ec7d..5dbd4872 100644 --- a/bgpd/bgp_network.c +++ b/bgpd/bgp_network.c @@ -314,6 +314,11 @@ bgp_connect (struct peer *peer) sockopt_reuseaddr (peer->fd); sockopt_reuseport (peer->fd); +#ifdef IPTOS_PREC_INTERNETCONTROL + if (sockunion_family (&peer->su) == AF_INET) + setsockopt_ipv4_tos (peer->fd, IPTOS_PREC_INTERNETCONTROL); +#endif + if (peer->password) bgp_md5_set_connect (peer->fd, &peer->su, peer->password); @@ -402,6 +407,11 @@ bgp_socket (struct bgp *bgp, unsigned short port, char *address) sockopt_reuseaddr (sock); sockopt_reuseport (sock); +#ifdef IPTOS_PREC_INTERNETCONTROL + if (ainfo->ai_family == AF_INET) + setsockopt_ipv4_tos (sock, IPTOS_PREC_INTERNETCONTROL); +#endif + if (bgpd_privs.change (ZPRIVS_RAISE) ) zlog_err ("bgp_socket: could not raise privs"); @@ -454,6 +464,10 @@ bgp_socket (struct bgp *bgp, unsigned short port, char *address) sockopt_reuseaddr (sock); sockopt_reuseport (sock); +#ifdef IPTOS_PREC_INTERNETCONTROL + setsockopt_ipv4_tos (sock, IPTOS_PREC_INTERNETCONTROL); +#endif + memset (&sin, 0, sizeof (struct sockaddr_in)); sin.sin_family = AF_INET; -- cgit v1.2.3