From 97cabcf760b8343512b5646e60cc228b8dc1350a Mon Sep 17 00:00:00 2001
From: "Andrew J. Schorr" <ajschorr@alumni.princeton.edu>
Date: Fri, 6 Jul 2007 17:00:24 +0000
Subject: [lib] Add comments regarding setsockopt_multicast_ipv4 arguments.

2007-07-06 Andrew J. Schorr <ajschorr@alumni.princeton.edu>

	* sockopt.{c,h}: (setsockopt_multicast_ipv4) Add some comments about
	  the arguments.
---
 lib/sockopt.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

(limited to 'lib/sockopt.c')

diff --git a/lib/sockopt.c b/lib/sockopt.c
index 6ddbded1..f5f1a7ed 100644
--- a/lib/sockopt.c
+++ b/lib/sockopt.c
@@ -176,9 +176,10 @@ getsockopt_ipv6_ifindex (struct msghdr *msgh)
 int
 setsockopt_multicast_ipv4(int sock, 
 			int optname, 
-			struct in_addr if_addr,
+			struct in_addr if_addr /* required */,
 			unsigned int mcast_addr,
-			unsigned int ifindex)
+			unsigned int ifindex /* optional: if non-zero, may be
+						  used instead of if_addr */)
 {
 
 #ifdef HAVE_STRUCT_IP_MREQN_IMR_IFINDEX
-- 
cgit v1.2.3


From b7fe4141123c6fc26fffec68d0db62ecf474c074 Mon Sep 17 00:00:00 2001
From: Denis Ovsienko <linux@pilot.org.ua>
Date: Tue, 21 Aug 2007 16:32:56 +0000
Subject: Bug #362 is fixed now.

---
 lib/sockopt.c | 29 +++++++++++++++++++++++++++++
 1 file changed, 29 insertions(+)

(limited to 'lib/sockopt.c')

diff --git a/lib/sockopt.c b/lib/sockopt.c
index f5f1a7ed..f8fa946e 100644
--- a/lib/sockopt.c
+++ b/lib/sockopt.c
@@ -36,6 +36,35 @@ setsockopt_so_recvbuf (int sock, int size)
   return ret;
 }
 
+int
+setsockopt_so_sendbuf (const int sock, int size)
+{
+  int ret = setsockopt (sock, SOL_SOCKET, SO_SNDBUF,
+    (char *)&size, sizeof (int));
+  
+  if (ret < 0)
+    zlog_err ("fd %d: can't setsockopt SO_SNDBUF to %d: %s",
+      sock, size, safe_strerror (errno));
+
+  return ret;
+}
+
+int
+getsockopt_so_sendbuf (const int sock)
+{
+  u_int32_t optval;
+  socklen_t optlen = sizeof (optval);
+  int ret = getsockopt (sock, SOL_SOCKET, SO_SNDBUF,
+    (char *)&optval, &optlen);
+  if (ret < 0)
+  {
+    zlog_err ("fd %d: can't getsockopt SO_SNDBUF: %d (%s)",
+      sock, errno, safe_strerror (errno));
+    return ret;
+  }
+  return optval;
+}
+
 static void *
 getsockopt_cmsg_data (struct msghdr *msgh, int level, int type)
 {
-- 
cgit v1.2.3


From 0df7c91f048f2116610d6bdfce3ab6cad1981802 Mon Sep 17 00:00:00 2001
From: Paul Jakma <paul.jakma@sun.com>
Date: Mon, 21 Jul 2008 21:02:49 +0000
Subject: [bgpd] TCP-MD5: password vty configuration and initial Linux support

2008-07-21 Paul Jakma <paul.jakma@sun.com>

	* bgp_packet.c: (bgp_open_receive) fix warning in a zlog call
	* bgp_vty.c: (bgp_vty_return) add return code
	* bgpd.c: (bgp_master_init) setup the socket list.
	* bgp_network.c: Remove the dual IPv4/6 socket thing for now, which
	  was implemented by Michael, until such time as its clear its
	  required for Linux (see sockopt comments). IPv6 support, including
	  IPv4 sessions on AF_INET6 sockets, therefore is broken, and the
	  '-l 0.0.0.0' arguments would need to be given to bgpd to make
	  things work here.

2008-07-21 Michael H. Warfield <mhw@wittsend.com>
           YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
	   Tomohiko Kusuda <kusuda@inetcore.com>
           Leigh Brown <leigh@solinno.co.uk>

	* bgp_network.c: (bgp_md5_set_one) shim between libzebra tcp-md5
	  sockopt and bgpd.
	  (bgp_md5_set_socket) Helper for bgp_connect
	  (bgp_md5_set) setup TCP-MD5SIG for the given peer.
	  (bgp_connect) call out to bgp_md5_set_socket for the outgoing
	  connect socket.
	  (bgp_socket) save references to the listen sockets, needed if
	  TCP-MD5SIG is applied later or changed.
	* bgp_vty.c: (*neighbor_password_cmd) New 'neighbor ... password'
	  commands.
	* bgpd.c: (peer_{new,delete) manage TCP-MD5 password
	  (peer_group2peer_config_copy) inherit TCP-MD5 password
	  (peer_password_{un,}set) orchestrate the whole add/remove of TCP-MD5
	  passwords: applying checks, stopping peers, and trying to return
	  errors to UI, etc.
	  (bgp_config_write_peer) save password.
	  Fix missing newline in writeout of neighbor ... port.

2008-07-21 Paul Jakma <paul.jakma@sun.com>

	* sockunion.c: ifdef out various places that converted
	  v4mapped sockets to pure v4. Doesn't seem necessary at all,
	  presumably a workaround for now historical inet_ntop bugs (?)

2008-07-21 Michael H. Warfield <mhw@wittsend.com>
           YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>

	* sockopt.{c,h}: (sockopt_tcp_signature) Add TCP-MD5SIG support.
---
 lib/sockopt.c | 68 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 68 insertions(+)

(limited to 'lib/sockopt.c')

diff --git a/lib/sockopt.c b/lib/sockopt.c
index f8fa946e..a2038a5c 100644
--- a/lib/sockopt.c
+++ b/lib/sockopt.c
@@ -22,6 +22,7 @@
 #include <zebra.h>
 #include "log.h"
 #include "sockopt.h"
+#include "sockunion.h"
 
 int
 setsockopt_so_recvbuf (int sock, int size)
@@ -480,3 +481,70 @@ sockopt_iphdrincl_swab_systoh (struct ip *iph)
 
   iph->ip_id = ntohs(iph->ip_id);
 }
+
+int
+sockopt_tcp_signature (int sock, union sockunion *su, const char *password)
+{
+#if HAVE_DECL_TCP_MD5SIG
+#ifndef GNU_LINUX
+  /*
+   * XXX Need to do PF_KEY operation here to add/remove an SA entry,
+   * and add/remove an SP entry for this peer's packet flows also.
+   */
+  int md5sig = password && *password ? 1 : 0;
+#else
+  int keylen = password ? strlen (password) : 0;
+  struct tcp_md5sig md5sig;
+  union sockunion *su2, *susock;
+  int ret;
+  
+  /* Figure out whether the socket and the sockunion are the same family..
+   * adding AF_INET to AF_INET6 needs to be v4 mapped, you'd think..
+   */
+  if (!(susock = sockunion_getsockname (sock)))
+    return -1;
+  
+  if (susock->sa.sa_family == su->sa.sa_family)
+    su2 = su;
+  else
+    {
+      /* oops.. */
+      su2 = susock;
+      
+      if (su2->sa.sa_family == AF_INET)
+        {
+          sockunion_free (susock);
+          return -1;
+        };
+      
+      /* If this does not work, then all users of this sockopt will need to
+       * differentiate between IPv4 and IPv6, and keep seperate sockets for
+       * each. 
+       *
+       * Sadly, it doesn't seem to work at present. It's unknown whether
+       * this is a bug or not.
+       */
+      if (su2->sa.sa_family == AF_INET6
+          && su->sa.sa_family == AF_INET)
+        {
+           su2->sin6.sin6_family = AF_INET6;
+           /* V4Map the address */
+           memset (&su2->sin6.sin6_addr, 0, sizeof (struct in6_addr));
+           su2->sin6.sin6_addr.s6_addr32[2] = htonl(0xffff);
+           memcpy (&su2->sin6.sin6_addr.s6_addr32[3], &su->sin.sin_addr, 4);
+        }
+    }
+  
+  memset (&md5sig, 0, sizeof (md5sig));
+  memcpy (&md5sig.tcpm_addr, su2, sizeof (*su2));
+  md5sig.tcpm_keylen = keylen;
+  if (keylen)
+    memcpy (md5sig.tcpm_key, password, keylen);
+#endif /* GNU_LINUX */
+  ret = setsockopt (sock, IPPROTO_TCP, TCP_MD5SIG, &md5sig, sizeof md5sig);
+  sockunion_free (susock);
+  return ret;
+#else /* HAVE_TCP_MD5SIG */
+  return -2;
+#endif /* HAVE_TCP_MD5SIG */
+}
-- 
cgit v1.2.3


From 1423c809cc4ddc2e013ba6264c49a11e5719c6f2 Mon Sep 17 00:00:00 2001
From: Stephen Hemminger <stephen.hemminger@vyatta.com>
Date: Thu, 14 Aug 2008 17:59:25 +0100
Subject: [lib] mes_lookup string lookup table argument should be marked const

2008-08-14 Stephen Hemminger <stephen.hemminger@vyatta.com>

	* lib/log.{c,h}: struct message argument should point to const
	* */*.c: adjust to suit,

Signed-off-by: Paul Jakma <paul@quagga.net>
---
 lib/sockopt.c | 13 +++++++++++++
 1 file changed, 13 insertions(+)

(limited to 'lib/sockopt.c')

diff --git a/lib/sockopt.c b/lib/sockopt.c
index a2038a5c..2f01199a 100644
--- a/lib/sockopt.c
+++ b/lib/sockopt.c
@@ -342,6 +342,19 @@ setsockopt_ipv4_ifindex (int sock, int val)
   return ret;
 }
 
+int
+setsockopt_ipv4_tos(int sock, int tos)
+{
+  int ret;
+
+  ret = setsockopt (sock, IPPROTO_IP, IP_TOS, &tos, sizeof (tos));
+  if (ret < 0)
+    zlog_warn ("Can't set IP_TOS option for fd %d to %#x: %s",
+	       sock, tos, safe_strerror(errno));
+  return ret;
+}
+
+
 int
 setsockopt_ifindex (int af, int sock, int val)
 {
-- 
cgit v1.2.3


From f5612dd382d9c0f4089b08ec164c25a8082d9f89 Mon Sep 17 00:00:00 2001
From: Paul Jakma <paul.jakma@sun.com>
Date: Fri, 15 Aug 2008 14:05:08 +0100
Subject: [lib] Fix mistake in tcp-md5sig commit which broke compile on BSD

2008-08-15 Paul Jakma <paul.jakma@sun.com>

	* lib/sockopt.c: (sockopt_tcp_signature) ifdef'ing hid variable
	  declaration for HAVE_DECL_TCP_MD5SIG && !GNU_LINUX, breaking
	  compile - fix.
---
 lib/sockopt.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'lib/sockopt.c')

diff --git a/lib/sockopt.c b/lib/sockopt.c
index 2f01199a..4ba7e874 100644
--- a/lib/sockopt.c
+++ b/lib/sockopt.c
@@ -499,6 +499,7 @@ int
 sockopt_tcp_signature (int sock, union sockunion *su, const char *password)
 {
 #if HAVE_DECL_TCP_MD5SIG
+  int ret;
 #ifndef GNU_LINUX
   /*
    * XXX Need to do PF_KEY operation here to add/remove an SA entry,
@@ -509,7 +510,6 @@ sockopt_tcp_signature (int sock, union sockunion *su, const char *password)
   int keylen = password ? strlen (password) : 0;
   struct tcp_md5sig md5sig;
   union sockunion *su2, *susock;
-  int ret;
   
   /* Figure out whether the socket and the sockunion are the same family..
    * adding AF_INET to AF_INET6 needs to be v4 mapped, you'd think..
@@ -553,9 +553,9 @@ sockopt_tcp_signature (int sock, union sockunion *su, const char *password)
   md5sig.tcpm_keylen = keylen;
   if (keylen)
     memcpy (md5sig.tcpm_key, password, keylen);
+  sockunion_free (susock);
 #endif /* GNU_LINUX */
   ret = setsockopt (sock, IPPROTO_TCP, TCP_MD5SIG, &md5sig, sizeof md5sig);
-  sockunion_free (susock);
   return ret;
 #else /* HAVE_TCP_MD5SIG */
   return -2;
-- 
cgit v1.2.3