0
0
mirror of https://gitlab.nic.cz/labs/bird.git synced 2024-12-22 09:41:54 +00:00

Update socket code to be synced with master branch.

This commit is contained in:
Ondrej Zajicek 2014-05-18 11:51:15 +02:00
parent 621782ecee
commit abffa9d421
16 changed files with 1368 additions and 1255 deletions

View File

@ -19,7 +19,6 @@
#include "lib/resource.h"
#include "lib/string.h"
#include "client/client.h"
#include "sysdep/unix/unix.h"
static int input_hidden_end;
static int prompt_active;

View File

@ -149,7 +149,7 @@ static inline ip6_addr ip6_not(ip6_addr a)
#define ipa_from_ip6(x) x
#define ipa_from_u32(x) ipa_from_ip4(ip4_from_u32(x))
#define ipa_to_ip4(x) _I3(x)
#define ipa_to_ip4(x) _MI4(_I3(x))
#define ipa_to_ip6(x) x
#define ipa_to_u32(x) ip4_to_u32(ipa_to_ip4(x))
@ -356,12 +356,6 @@ static inline ip6_addr ipa_get_in4(struct in_addr *in)
static inline ip6_addr ipa_get_in6(struct in6_addr *in)
{ return ip6_ntoh(*(ip6_addr *) in); }
// XXXX check callers
static inline void ipa_put_in4(struct in_addr *in, ip6_addr a)
{ ip6_put32_ip4(in, a); }
static inline void ipa_put_in6(struct in6_addr *in, ip6_addr a)
{ ip6_put32(in, a); }

View File

@ -222,6 +222,16 @@ int bvsnprintf(char *buf, int size, const char *fmt, va_list args)
continue;
case 'm':
if (flags & SPECIAL) {
if (!errno)
continue;
if (size < 2)
return -1;
*str++ = ':';
*str++ = ' ';
start += 2;
size -= 2;
}
s = strerror(errno);
goto str;
case 'M':

View File

@ -44,18 +44,21 @@ typedef struct birdsock {
unsigned lifindex; /* local interface that received the datagram */
/* laddr and lifindex are valid only if SKF_LADDR_RX flag is set to request it */
int fd; /* System-dependent data */
int af; /* Address family (AF_INET, AF_INET6 or 0 for non-IP) of fd */
int fd; /* System-dependent data */
int index; /* Index in poll buffer */
int rcv_ttl; /* TTL of last received datagram */
node n;
void *rbuf_alloc, *tbuf_alloc;
char *password; /* Password for MD5 authentication */
char *password; /* Password for MD5 authentication */
char *err; /* Error message */
} sock;
sock *sock_new(pool *); /* Allocate new socket */
#define sk_new(X) sock_new(X) /* Wrapper to avoid name collision with OpenSSL */
int sk_open(sock *); /* Open socket */
int sk_rx_ready(sock *s);
int sk_send(sock *, unsigned len); /* Send data, <0=err, >0=ok, 0=sleep */
int sk_send_to(sock *, unsigned len, ip_addr to, unsigned port); /* sk_send to given destination */
void sk_reallocate(sock *); /* Free and allocate tbuf & rbuf */
@ -63,32 +66,31 @@ void sk_set_rbsize(sock *s, uint val); /* Resize RX buffer */
void sk_set_tbsize(sock *s, uint val); /* Resize TX buffer, keeping content */
void sk_set_tbuf(sock *s, void *tbuf); /* Switch TX buffer, NULL-> return to internal */
void sk_dump_all(void);
int sk_set_ttl(sock *s, int ttl); /* Set transmit TTL for given socket */
int sk_set_min_ttl(sock *s, int ttl); /* Set minimal accepted TTL for given socket */
/* Add or remove security associations for given passive socket */
int sk_set_md5_auth(sock *s, ip_addr a, struct iface *ifa, char *passwd);
int sk_rx_ready(sock *s);
/* Prepare UDP or IP socket to multicasting. s->iface and s->ttl must be set */
int sk_setup_multicast(sock *s);
int sk_join_group(sock *s, ip_addr maddr);
int sk_leave_group(sock *s, ip_addr maddr);
int sk_set_ipv6_checksum(sock *s, int offset);
int sk_set_icmp6_filter(sock *s, int p1, int p2);
int sk_set_broadcast(sock *s, int enable);
static inline int sk_send_buffer_empty(sock *sk)
{ return sk->tbuf == sk->tpos; }
static inline int sk_is_ipv4(sock *sk)
{ return sk->af == AF_INET; }
static inline int sk_is_ipv6(sock *sk)
{ return sk->af == AF_INET6; }
extern int sk_priority_control; /* Suggested priority for control traffic, should be sysdep define */
int sk_setup_multicast(sock *s); /* Prepare UDP or IP socket for multicasting */
int sk_join_group(sock *s, ip_addr maddr); /* Join multicast group on sk iface */
int sk_leave_group(sock *s, ip_addr maddr); /* Leave multicast group on sk iface */
int sk_setup_broadcast(sock *s);
int sk_set_ttl(sock *s, int ttl); /* Set transmit TTL for given socket */
int sk_set_min_ttl(sock *s, int ttl); /* Set minimal accepted TTL for given socket */
int sk_set_md5_auth(sock *s, ip_addr a, struct iface *ifa, char *passwd);
int sk_set_ipv6_checksum(sock *s, int offset);
int sk_set_icmp6_filter(sock *s, int p1, int p2);
void sk_log_error(sock *s, const char *p);
extern int sk_priority_control; /* Suggested priority for control traffic, should be sysdep define */
/* Socket flags */

View File

@ -101,8 +101,8 @@ bfd_rx_hook(sock *sk, int len)
uint err_val = 0;
char fb[8];
if ((sk->sport == BFD_CONTROL_PORT) && (sk->ttl < 255))
DROP("wrong TTL", sk->ttl);
if ((sk->sport == BFD_CONTROL_PORT) && (sk->rcv_ttl < 255))
DROP("wrong TTL", sk->rcv_ttl);
if (len < BFD_BASE_LEN)
DROP("too short", len);
@ -209,6 +209,7 @@ bfd_open_rx_sk(struct bfd_proto *p, int multihop)
return sk;
err:
sk_log_error(sk, p->p.name);
rfree(sk);
return NULL;
}
@ -243,6 +244,7 @@ bfd_open_tx_sk(struct bfd_proto *p, ip_addr local, struct iface *ifa)
return sk;
err:
sk_log_error(sk, p->p.name);
rfree(sk);
return NULL;
}

View File

@ -106,14 +106,11 @@ bgp_open(struct bgp_proto *p)
struct config *cfg = p->cf->c.global;
int errcode;
bgp_counter++;
if (!bgp_listen_sk)
bgp_listen_sk = bgp_setup_listen_sk(cfg->listen_bgp_addr, cfg->listen_bgp_port, cfg->listen_bgp_flags);
if (!bgp_listen_sk)
{
bgp_counter--;
errcode = BEM_NO_SOCKET;
goto err;
}
@ -121,16 +118,16 @@ bgp_open(struct bgp_proto *p)
if (!bgp_linpool)
bgp_linpool = lp_new(&root_pool, 4080);
bgp_counter++;
if (p->cf->password)
{
int rv = sk_set_md5_auth(bgp_listen_sk, p->cf->remote_ip, p->cf->iface, p->cf->password);
if (rv < 0)
{
bgp_close(p, 0);
errcode = BEM_INVALID_MD5;
goto err;
}
}
if (sk_set_md5_auth(bgp_listen_sk, p->cf->remote_ip, p->cf->iface, p->cf->password) < 0)
{
sk_log_error(bgp_listen_sk, p->p.name);
bgp_close(p, 0);
errcode = BEM_INVALID_MD5;
goto err;
}
return 0;
@ -194,7 +191,8 @@ bgp_close(struct bgp_proto *p, int apply_md5)
bgp_counter--;
if (p->cf->password && apply_md5)
sk_set_md5_auth(bgp_listen_sk, p->cf->remote_ip, p->cf->iface, NULL);
if (sk_set_md5_auth(bgp_listen_sk, p->cf->remote_ip, p->cf->iface, NULL) < 0)
sk_log_error(bgp_listen_sk, p->p.name);
if (!bgp_counter)
{
@ -697,25 +695,21 @@ bgp_connect(struct bgp_proto *p) /* Enter Connect state and start establishing c
bgp_conn_set_state(conn, BS_CONNECT);
if (sk_open(s) < 0)
{
bgp_sock_err(s, 0);
return;
}
goto err;
/* Set minimal receive TTL if needed */
if (p->cf->ttl_security)
{
DBG("Setting minimum received TTL to %d", 256 - hops);
if (sk_set_min_ttl(s, 256 - hops) < 0)
{
log(L_ERR "TTL security configuration failed, closing session");
bgp_sock_err(s, 0);
return;
}
}
goto err;
DBG("BGP: Waiting for connect success\n");
bgp_start_timer(conn->connect_retry_timer, p->cf->connect_retry_time);
return;
err:
sk_log_error(s, p->p.name);
bgp_sock_err(s, 0);
return;
}
/**
@ -760,32 +754,33 @@ bgp_incoming_connection(sock *sk, int dummy UNUSED)
sk->dport, acc ? "accepted" : "rejected");
if (!acc)
goto err;
goto reject;
int hops = p->cf->multihop ? : 1;
if (sk_set_ttl(sk, p->cf->ttl_security ? 255 : hops) < 0)
goto err;
if (p->cf->ttl_security)
{
/* TTL security support */
if ((sk_set_ttl(sk, 255) < 0) ||
(sk_set_min_ttl(sk, 256 - hops) < 0))
{
log(L_ERR "TTL security configuration failed, closing session");
if (sk_set_min_ttl(sk, 256 - hops) < 0)
goto err;
}
}
else
sk_set_ttl(sk, hops);
bgp_setup_conn(p, &p->incoming_conn);
bgp_setup_sk(&p->incoming_conn, sk);
bgp_send_open(&p->incoming_conn);
return 0;
err:
sk_log_error(sk, p->p.name);
log(L_ERR "%s: Incoming connection aborted", p->p.name);
rfree(sk);
return 0;
}
}
log(L_WARN "BGP: Unexpected connect from unknown address %I%J (port %d)",
sk->daddr, ipa_has_link_scope(sk->daddr) ? sk->iface : NULL, sk->dport);
err:
reject:
rfree(sk);
return 0;
}
@ -816,13 +811,15 @@ bgp_setup_listen_sk(ip_addr addr, unsigned port, u32 flags)
s->err_hook = bgp_listen_sock_err;
if (sk_open(s) < 0)
{
log(L_ERR "BGP: Unable to open listening socket");
rfree(s);
return NULL;
}
goto err;
return s;
err:
sk_log_error(s, "BGP");
log(L_ERR "BGP: Cannot open listening socket");
rfree(s);
return NULL;
}
static void

View File

@ -123,7 +123,7 @@ ospf_sk_open(struct ospf_iface *ifa)
ifa->all_routers = ifa->addr->brd;
ifa->des_routers = IPA_NONE;
if (sk_set_broadcast(sk, 1) < 0)
if (sk_setup_broadcast(sk) < 0)
goto err;
}
else
@ -144,6 +144,7 @@ ospf_sk_open(struct ospf_iface *ifa)
return 1;
err:
sk_log_error(sk, po->proto.name);
rfree(sk);
return 0;
}
@ -154,7 +155,9 @@ ospf_sk_join_dr(struct ospf_iface *ifa)
if (ifa->sk_dr)
return;
sk_join_group(ifa->sk, ifa->des_routers);
if (sk_join_group(ifa->sk, ifa->des_routers) < 0)
sk_log_error(sk, ifa->oa->po->proto.name);
ifa->sk_dr = 1;
}
@ -164,7 +167,9 @@ ospf_sk_leave_dr(struct ospf_iface *ifa)
if (!ifa->sk_dr)
return;
sk_leave_group(ifa->sk, ifa->des_routers);
if (sk_leave_group(ifa->sk, ifa->des_routers) < 0)
sk_log_error(sk, ifa->oa->po->proto.name);
ifa->sk_dr = 0;
}
@ -198,8 +203,9 @@ ospf_open_vlink_sk(struct proto_ospf *po)
return;
err:
rfree(sk);
sk_log_error(sk, po->proto.name);
log(L_ERR "%s: Cannot open virtual link socket", po->proto.name);
rfree(sk);
}
static void
@ -459,7 +465,7 @@ ospf_iface_add(struct object_lock *lock)
/* Open socket if interface is not stub */
if (! ifa->stub && ! ospf_sk_open(ifa))
{
log(L_ERR "%s: Socket open failed on interface %s, declaring as stub", p->name, ifa->ifname);
log(L_ERR "%s: Cannot open socket for %s, declaring as stub", p->name, ifa->ifname);
ifa->ioprob = OSPF_I_SK;
ifa->stub = 1;
}

View File

@ -310,9 +310,9 @@ ospf_rx_hook(sock *sk, int size)
return 1;
}
if (ifa->check_ttl && (sk->ttl < 255))
if (ifa->check_ttl && (sk->rcv_ttl < 255))
{
log(L_ERR "%s%I - TTL %d (< 255)", mesg, sk->faddr, sk->ttl);
log(L_ERR "%s%I - TTL %d (< 255)", mesg, sk->faddr, sk->rcv_ttl);
return 1;
}

View File

@ -416,7 +416,7 @@ radv_sk_open(struct radv_iface *ifa)
sk->data = ifa;
sk->flags = SKF_LADDR_RX;
if (sk_open(sk) != 0)
if (sk_open(sk) < 0)
goto err;
/* We want listen just to ICMPv6 messages of type RS and RA */
@ -433,6 +433,7 @@ radv_sk_open(struct radv_iface *ifa)
return 1;
err:
sk_log_error(sk, ifa->ra->p.name);
rfree(sk);
return 0;
}

View File

@ -484,10 +484,10 @@ rip_rx(sock *s, int size)
iface = i->iface;
if (i->check_ttl && (s->ttl < 255))
if (i->check_ttl && (s->rcv_ttl < 255))
{
log( L_REMOTE "%s: Discarding packet with TTL %d (< 255) from %I on %s",
p->name, s->ttl, s->faddr, i->iface->name);
p->name, s->rcv_ttl, s->faddr, i->iface->name);
return 1;
}
@ -731,7 +731,7 @@ new_iface(struct proto *p, struct iface *new, unsigned long flags, struct iface_
log( L_WARN "%s: interface %s is too strange for me", p->name, rif->iface->name );
} else {
if (sk_open(rif->sock)<0)
if (sk_open(rif->sock) < 0)
goto err;
if (rif->multicast)
@ -743,7 +743,7 @@ new_iface(struct proto *p, struct iface *new, unsigned long flags, struct iface_
}
else
{
if (sk_set_broadcast(rif->sock, 1) < 0)
if (sk_setup_broadcast(rif->sock) < 0)
goto err;
}
}
@ -753,7 +753,8 @@ new_iface(struct proto *p, struct iface *new, unsigned long flags, struct iface_
return rif;
err:
log( L_ERR "%s: could not create socket for %s", p->name, rif->iface ? rif->iface->name : "(dummy)" );
sk_log_error(rif->sock, p->name);
log(L_ERR "%s: Cannot open socket for %s", p->name, rif->iface ? rif->iface->name : "(dummy)" );
if (rif->iface) {
rfree(rif->sock);
mb_free(rif);

View File

@ -1,11 +1,16 @@
/*
* BIRD Internet Routing Daemon -- NetBSD Multicasting and Network Includes
* BIRD Internet Routing Daemon -- BSD Multicasting and Network Includes
*
* (c) 2004 Ondrej Filip <feela@network.cz>
*
* Can be freely distributed and used under the terms of the GNU GPL.
*/
#include <net/if_dl.h>
#include <netinet/in_systm.h> // Workaround for some BSDs
#include <netinet/ip.h>
#ifdef __NetBSD__
#ifndef IP_RECVTTL
@ -23,127 +28,116 @@
#endif
#include <net/if.h>
#include <net/if_dl.h>
#include <netinet/in_systm.h> // Workaround for some BSDs
#include <netinet/ip.h>
#define SA_LEN(x) (x).sa.sa_len
/* BSD Multicast handling for IPv4 */
/*
* BSD IPv4 multicast syscalls
*/
static inline char *
#define INIT_MREQ4(maddr,ifa) \
{ .imr_multiaddr = ipa_to_in4(maddr), .imr_interface = ipa_to_in4(ifa->addr->ip) }
static inline int
sk_setup_multicast4(sock *s)
{
struct in_addr m;
u8 zero = 0;
u8 ttl = s->ttl;
struct in_addr ifa = ipa_to_in4(s->iface->addr->ip);
u8 ttl = s->ttl;
u8 n = 0;
if (setsockopt(s->fd, IPPROTO_IP, IP_MULTICAST_LOOP, &zero, sizeof(zero)) < 0)
return "IP_MULTICAST_LOOP";
/* This defines where should we send _outgoing_ multicasts */
if (setsockopt(s->fd, IPPROTO_IP, IP_MULTICAST_IF, &ifa, sizeof(ifa)) < 0)
ERR("IP_MULTICAST_IF");
if (setsockopt(s->fd, IPPROTO_IP, IP_MULTICAST_TTL, &ttl, sizeof(ttl)) < 0)
return "IP_MULTICAST_TTL";
if (setsockopt(s->fd, IPPROTO_IP, IP_MULTICAST_TTL, &ttl, sizeof(ttl)) < 0)
ERR("IP_MULTICAST_TTL");
/* This defines where should we send _outgoing_ multicasts */
ipa_put_in4(&m, s->iface->addr->ip);
if (setsockopt(s->fd, IPPROTO_IP, IP_MULTICAST_IF, &m, sizeof(m)) < 0)
return "IP_MULTICAST_IF";
if (setsockopt(s->fd, IPPROTO_IP, IP_MULTICAST_LOOP, &n, sizeof(n)) < 0)
ERR("IP_MULTICAST_LOOP");
return NULL;
return 0;
}
static inline char *
static inline int
sk_join_group4(sock *s, ip_addr maddr)
{
struct ip_mreq mreq;
struct ip_mreq mr = INIT_MREQ4(maddr, s->iface);
bzero(&mreq, sizeof(mreq));
ipa_put_in4(&mreq.imr_interface, s->iface->addr->ip);
ipa_put_in4(&mreq.imr_multiaddr, maddr);
if (setsockopt(s->fd, IPPROTO_IP, IP_ADD_MEMBERSHIP, &mr, sizeof(mr)) < 0)
ERR("IP_ADD_MEMBERSHIP");
/* And this one sets interface for _receiving_ multicasts from */
if (setsockopt(s->fd, IPPROTO_IP, IP_ADD_MEMBERSHIP, &mreq, sizeof(mreq)) < 0)
return "IP_ADD_MEMBERSHIP";
return NULL;
return 0;
}
static inline char *
static inline int
sk_leave_group4(sock *s, ip_addr maddr)
{
struct ip_mreq mreq;
struct ip_mreq mr = INIT_MREQ4(maddr, s->iface);
bzero(&mreq, sizeof(mreq));
ipa_put_in4(&mreq.imr_interface, s->iface->addr->ip);
ipa_put_in4(&mreq.imr_multiaddr, maddr);
if (setsockopt(s->fd, IPPROTO_IP, IP_DROP_MEMBERSHIP, &mr, sizeof(mr)) < 0)
ERR("IP_ADD_MEMBERSHIP");
/* And this one sets interface for _receiving_ multicasts from */
if (setsockopt(s->fd, IPPROTO_IP, IP_DROP_MEMBERSHIP, &mreq, sizeof(mreq)) < 0)
return "IP_DROP_MEMBERSHIP";
return NULL;
return 0;
}
/* BSD RX/TX packet info handling for IPv4 */
/* it uses IP_RECVDSTADDR / IP_RECVIF socket options instead of IP_PKTINFO */
/*
* BSD IPv4 packet control messages
*/
#define CMSG_SPACE_PKTINFO4 (CMSG_SPACE(sizeof(struct in_addr)) + \
/* It uses IP_RECVDSTADDR / IP_RECVIF socket options instead of IP_PKTINFO */
#define CMSG4_SPACE_PKTINFO (CMSG_SPACE(sizeof(struct in_addr)) + \
CMSG_SPACE(sizeof(struct sockaddr_dl)))
#define CMSG_SPACE_PKTINFO6 CMSG_SPACE(sizeof(struct in6_pktinfo))
#define CMSG4_SPACE_TTL CMSG_SPACE(sizeof(char))
#define CMSG_RX_SPACE (MAX(CMSG_SPACE_PKTINFO4,CMSG_SPACE_PKTINFO6) + CMSG_SPACE(sizeof(int)))
#define CMSG_TX_SPACE MAX(CMSG_SPACE_PKTINFO4,CMSG_SPACE_PKTINFO6)
static inline char *
static inline int
sk_request_cmsg4_pktinfo(sock *s)
{
int ok = 1;
int y = 1;
if (setsockopt(s->fd, IPPROTO_IP, IP_RECVDSTADDR, &ok, sizeof(ok)) < 0)
return "IP_RECVDSTADDR";
if (setsockopt(s->fd, IPPROTO_IP, IP_RECVDSTADDR, &y, sizeof(y)) < 0)
ERR("IP_RECVDSTADDR");
if (setsockopt(s->fd, IPPROTO_IP, IP_RECVIF, &ok, sizeof(ok)) < 0)
return "IP_RECVIF";
if (setsockopt(s->fd, IPPROTO_IP, IP_RECVIF, &y, sizeof(y)) < 0)
ERR("IP_RECVIF");
return NULL;
return 0;
}
static inline int
sk_request_cmsg4_ttl(sock *s)
{
int y = 1;
if (setsockopt(s->fd, IPPROTO_IP, IP_RECVTTL, &y, sizeof(y)) < 0)
ERR("IP_RECVTTL");
return 0;
}
static inline void
sk_process_cmsg4_pktinfo(sock *s, struct cmsghdr *cm)
{
if ((cm->cmsg_type == IP_RECVDSTADDR) && (s->flags & SKF_LADDR_RX))
s->laddr = ipa_get_in4((struct in_addr *) CMSG_DATA(cm));
if (cm->cmsg_type == IP_RECVDSTADDR)
s->laddr = ipa_from_in4(* (struct in_addr *) CMSG_DATA(cm));
if ((cm->cmsg_type == IP_RECVIF) && (s->flags & SKF_LADDR_RX))
if (cm->cmsg_type == IP_RECVIF)
s->lifindex = ((struct sockaddr_dl *) CMSG_DATA(cm))->sdl_index;
}
static inline char *
sk_request_cmsg4_ttl(sock *s)
{
int ok = 1;
if (setsockopt(s->fd, IPPROTO_IP, IP_RECVTTL, &ok, sizeof(ok)) < 0)
return "IP_RECVTTL";
return NULL;
}
static inline void
sk_process_cmsg4_ttl(sock *s, struct cmsghdr *cm)
{
if ((cm->cmsg_type == IP_RECVTTL) && (s->flags & SKF_TTL_RX))
s->ttl = * (unsigned char *) CMSG_DATA(cm);
if (cm->cmsg_type == IP_RECVTTL)
s->rcv_ttl = * (unsigned char *) CMSG_DATA(cm);
}
/* Unfortunately, IP_SENDSRCADDR does not work for raw IP sockets on BSD kernels */
static inline void
sk_prepare_cmsgs4(sock *s, struct msghdr *msg, void *cbuf, size_t cbuflen)
{
/* Unfortunately, IP_SENDSRCADDR does not work for raw IP sockets on BSD kernels */
#ifdef IP_SENDSRCADDR
struct cmsghdr *cm;
struct in_addr *sa;
@ -157,13 +151,12 @@ sk_prepare_cmsgs4(sock *s, struct msghdr *msg, void *cbuf, size_t cbuflen)
cm->cmsg_len = CMSG_LEN(sizeof(*sa));
sa = (struct in_addr *) CMSG_DATA(cm);
ipa_put_in4(&sa, s->saddr);
*sa = ipa_to_in4(s->saddr);
msg->msg_controllen = cm->cmsg_len;
#endif
}
static void
sk_prepare_ip_header(sock *s, void *hdr, int dlen)
{
@ -177,8 +170,8 @@ sk_prepare_ip_header(sock *s, void *hdr, int dlen)
ip->ip_len = 20 + dlen;
ip->ip_ttl = (s->ttl < 0) ? 64 : s->ttl;
ip->ip_p = s->dport;
ipa_put_in4(&ip->ip_src, s->saddr);
ipa_put_in4(&ip->ip_dst, s->daddr);
ip->ip_src = ipa_to_in4(s->saddr);
ip->ip_dst = ipa_to_in4(s->daddr);
#ifdef __OpenBSD__
/* OpenBSD expects ip_len in network order, other BSDs expect host order */
@ -187,7 +180,10 @@ sk_prepare_ip_header(sock *s, void *hdr, int dlen)
}
#include <netinet/tcp.h>
/*
* Miscellaneous BSD socket syscalls
*/
#ifndef TCP_KEYLEN_MAX
#define TCP_KEYLEN_MAX 80
#endif
@ -201,59 +197,69 @@ sk_prepare_ip_header(sock *s, void *hdr, int dlen)
* management.
*/
static int
sk_set_md5_auth_int(sock *s, struct sockaddr *sa, int sa_len, char *passwd)
int
sk_set_md5_auth(sock *s, ip_addr a, struct iface *ifa, char *passwd)
{
int enable = 0;
if (passwd)
{
int len = strlen(passwd);
enable = len ? TCP_SIG_SPI : 0;
if (passwd && *passwd)
{
int len = strlen(passwd);
enable = TCP_SIG_SPI;
if (len > TCP_KEYLEN_MAX)
{
log(L_ERR "MD5 password too long");
return -1;
}
}
if (len > TCP_KEYLEN_MAX)
ERR_MSG("MD5 password too long");
}
int rv = setsockopt(s->fd, IPPROTO_TCP, TCP_MD5SIG, &enable, sizeof(enable));
if (setsockopt(s->fd, IPPROTO_TCP, TCP_MD5SIG, &enable, sizeof(enable)) < 0)
{
if (errno == ENOPROTOOPT)
ERR_MSG("Kernel does not support TCP MD5 signatures");
else
ERR("TCP_MD5SIG");
}
if (rv < 0)
{
if (errno == ENOPROTOOPT)
log(L_ERR "Kernel does not support TCP MD5 signatures");
else
log(L_ERR "sk_set_md5_auth_int: setsockopt: %m");
}
return rv;
return 0;
}
static inline char *
static inline int
sk_set_min_ttl4(sock *s, int ttl)
{
if (setsockopt(s->fd, IPPROTO_IP, IP_MINTTL, &ttl, sizeof(ttl)) < 0)
return "IP_MINTTL";
{
if (errno == ENOPROTOOPT)
ERR_MSG("Kernel does not support IPv4 TTL security");
else
ERR("IP_MINTTL");
}
return NULL;
return 0;
}
static inline char *
static inline int
sk_set_min_ttl6(sock *s, int ttl)
{
errno = ENOPROTOOPT;
return "IP_MINTTL";
ERR_MSG("Kernel does not support IPv6 TTL security");
}
static inline int
sk_disable_mtu_disc4(sock *s)
{
/* TODO: Set IP_DONTFRAG to 0 ? */
return 0;
}
static inline int
sk_disable_mtu_disc6(sock *s)
{
/* TODO: Set IPV6_DONTFRAG to 0 ? */
return 0;
}
int sk_priority_control = -1;
static int
static inline int
sk_set_priority(sock *s, int prio UNUSED)
{
log(L_WARN "Socket priority not supported");
return -1;
ERR_MSG("Socket priority not supported");
}

View File

@ -63,7 +63,7 @@ nl_open_sock(struct nl_sock *nl)
{
if (nl->fd < 0)
{
nl->fd = socket(PF_NETLINK, SOCK_RAW, NETLINK_ROUTE);
nl->fd = socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE);
if (nl->fd < 0)
die("Unable to open rtnetlink socket: %m");
nl->seq = now;
@ -576,24 +576,24 @@ kif_do_scan(struct kif_proto *p UNUSED)
if_start_update();
/* Is it important which PF_* is used for link-level interface scan?
It seems that some information is available only when PF_INET is used. */
/* Is it important which AF_* is used for link-level interface scan?
It seems that some information is available only when AF_INET is used. */
nl_request_dump(PF_INET, RTM_GETLINK);
nl_request_dump(AF_INET, RTM_GETLINK);
while (h = nl_get_scan())
if (h->nlmsg_type == RTM_NEWLINK || h->nlmsg_type == RTM_DELLINK)
nl_parse_link(h, 1);
else
log(L_DEBUG "nl_scan_ifaces: Unknown packet received (type=%d)", h->nlmsg_type);
nl_request_dump(PF_INET, RTM_GETADDR);
nl_request_dump(AF_INET, RTM_GETADDR);
while (h = nl_get_scan())
if (h->nlmsg_type == RTM_NEWADDR || h->nlmsg_type == RTM_DELADDR)
nl_parse_addr(h, 1);
else
log(L_DEBUG "nl_scan_ifaces: Unknown packet received (type=%d)", h->nlmsg_type);
nl_request_dump(PF_INET6, RTM_GETADDR);
nl_request_dump(AF_INET6, RTM_GETADDR);
while (h = nl_get_scan())
if (h->nlmsg_type == RTM_NEWADDR || h->nlmsg_type == RTM_DELADDR)
nl_parse_addr(h, 1);
@ -969,14 +969,14 @@ krt_do_scan(struct krt_proto *p UNUSED) /* CONFIG_ALL_TABLES_AT_ONCE => p is NUL
{
struct nlmsghdr *h;
nl_request_dump(PF_INET, RTM_GETROUTE);
nl_request_dump(AF_INET, RTM_GETROUTE);
while (h = nl_get_scan())
if (h->nlmsg_type == RTM_NEWROUTE || h->nlmsg_type == RTM_DELROUTE)
nl_parse_route(h, 1);
else
log(L_DEBUG "nl_scan_fire: Unknown packet received (type=%d)", h->nlmsg_type);
nl_request_dump(PF_INET6, RTM_GETROUTE);
nl_request_dump(AF_INET6, RTM_GETROUTE);
while (h = nl_get_scan())
if (h->nlmsg_type == RTM_NEWROUTE || h->nlmsg_type == RTM_DELROUTE)
nl_parse_route(h, 1);
@ -1076,7 +1076,7 @@ nl_open_async(void)
DBG("KRT: Opening async netlink socket\n");
fd = socket(PF_NETLINK, SOCK_RAW, NETLINK_ROUTE);
fd = socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE);
if (fd < 0)
{
log(L_ERR "Unable to open asynchronous rtnetlink socket: %m");
@ -1101,7 +1101,7 @@ nl_open_async(void)
sk->type = SK_MAGIC;
sk->rx_hook = nl_async_hook;
sk->fd = fd;
if (sk_open(sk))
if (sk_open(sk) < 0)
bug("Netlink: sk_open failed");
}

View File

@ -6,184 +6,149 @@
* Can be freely distributed and used under the terms of the GNU GPL.
*/
#include <net/if.h>
#ifndef IPV6_UNICAST_HOPS
/* Needed on glibc 2.0 systems */
#include <linux/in6.h>
#define CONFIG_IPV6_GLIBC_20
#endif
#ifndef HAVE_STRUCT_IP_MREQN
/* Several versions of glibc don't define this structure, so we have to do it ourselves */
struct ip_mreqn
{
struct in_addr imr_multiaddr; /* IP multicast address of group */
struct in_addr imr_address; /* local IP address of interface */
int imr_ifindex; /* Interface index */
struct in_addr imr_multiaddr; /* IP multicast address of group */
struct in_addr imr_address; /* local IP address of interface */
int imr_ifindex; /* Interface index */
};
#endif
#ifndef IP_MINTTL
#define IP_MINTTL 21
#endif
static inline void fill_mreqn(struct ip_mreqn *m, ip_addr maddr, struct iface *ifa)
{
bzero(m, sizeof(*m));
m->imr_ifindex = ifa->index;
ipa_put_in4(&m->imr_multiaddr, maddr);
}
#ifndef IPV6_TCLASS
#define IPV6_TCLASS 67
#endif
static inline char *
sk_setup_multicast4(sock *s)
{
struct ip_mreqn m;
int zero = 0;
#ifndef IPV6_MINHOPCOUNT
#define IPV6_MINHOPCOUNT 73
#endif
if (setsockopt(s->fd, SOL_IP, IP_MULTICAST_LOOP, &zero, sizeof(zero)) < 0)
return "IP_MULTICAST_LOOP";
if (setsockopt(s->fd, SOL_IP, IP_MULTICAST_TTL, &s->ttl, sizeof(s->ttl)) < 0)
return "IP_MULTICAST_TTL";
/* This defines where should we send _outgoing_ multicasts */
fill_mreqn(&m, IPA_NONE, s->iface);
if (setsockopt(s->fd, SOL_IP, IP_MULTICAST_IF, &m, sizeof(m)) < 0)
return "IP_MULTICAST_IF";
return NULL;
}
static inline char *
sk_join_group4(sock *s, ip_addr maddr)
{
struct ip_mreqn m;
fill_mreqn(&m, maddr, s->iface);
if (setsockopt(s->fd, SOL_IP, IP_ADD_MEMBERSHIP, &m, sizeof(m)) < 0)
return "IP_ADD_MEMBERSHIP";
return NULL;
}
static inline char *
sk_leave_group4(sock *s, ip_addr maddr)
{
struct ip_mreqn m;
fill_mreqn(&m, maddr, s->iface);
if (setsockopt(s->fd, SOL_IP, IP_DROP_MEMBERSHIP, &m, sizeof(m)) < 0)
return "IP_DROP_MEMBERSHIP";
return NULL;
}
/* For the case that we have older libc headers */
/* Copied from Linux kernel file include/linux/tcp.h */
#ifndef TCP_MD5SIG
#define TCP_MD5SIG 14
#define TCP_MD5SIG_MAXKEYLEN 80
#include <linux/types.h>
struct tcp_md5sig {
struct sockaddr_storage tcpm_addr; /* address associated */
__u16 __tcpm_pad1; /* zero */
__u16 tcpm_keylen; /* key length */
__u32 __tcpm_pad2; /* zero */
__u8 tcpm_key[TCP_MD5SIG_MAXKEYLEN]; /* key (binary) */
u16 __tcpm_pad1; /* zero */
u16 tcpm_keylen; /* key length */
u32 __tcpm_pad2; /* zero */
u8 tcpm_key[TCP_MD5SIG_MAXKEYLEN]; /* key (binary) */
};
#endif
static int
sk_set_md5_auth_int(sock *s, struct sockaddr *sa, int sa_len, char *passwd)
/* Linux does not care if sa_len is larger than needed */
#define SA_LEN(x) sizeof(sockaddr)
/*
* Linux IPv4 multicast syscalls
*/
#define INIT_MREQ4(maddr,ifa) \
{ .imr_multiaddr = ipa_to_in4(maddr), .imr_ifindex = ifa->index }
static inline int
sk_setup_multicast4(sock *s)
{
struct tcp_md5sig md5;
struct ip_mreqn mr = { .imr_ifindex = s->iface->index };
int ttl = s->ttl;
int n = 0;
memset(&md5, 0, sizeof(md5));
memcpy(&md5.tcpm_addr, sa, sa_len);
/* This defines where should we send _outgoing_ multicasts */
if (setsockopt(s->fd, SOL_IP, IP_MULTICAST_IF, &mr, sizeof(mr)) < 0)
ERR("IP_MULTICAST_IF");
if (passwd)
{
int len = strlen(passwd);
if (setsockopt(s->fd, SOL_IP, IP_MULTICAST_TTL, &ttl, sizeof(ttl)) < 0)
ERR("IP_MULTICAST_TTL");
if (len > TCP_MD5SIG_MAXKEYLEN)
{
log(L_ERR "MD5 password too long");
return -1;
}
if (setsockopt(s->fd, SOL_IP, IP_MULTICAST_LOOP, &n, sizeof(n)) < 0)
ERR("IP_MULTICAST_LOOP");
md5.tcpm_keylen = len;
memcpy(&md5.tcpm_key, passwd, len);
}
return 0;
}
int rv = setsockopt(s->fd, SOL_TCP, TCP_MD5SIG, &md5, sizeof(md5));
static inline int
sk_join_group4(sock *s, ip_addr maddr)
{
struct ip_mreqn mr = INIT_MREQ4(maddr, s->iface);
if (rv < 0)
{
if (errno == ENOPROTOOPT)
log(L_ERR "Kernel does not support TCP MD5 signatures");
else
log(L_ERR "sk_set_md5_auth_int: TCP_MD5SIG: %m");
}
if (setsockopt(s->fd, SOL_IP, IP_ADD_MEMBERSHIP, &mr, sizeof(mr)) < 0)
ERR("IP_ADD_MEMBERSHIP");
return rv;
return 0;
}
static inline int
sk_leave_group4(sock *s, ip_addr maddr)
{
struct ip_mreqn mr = INIT_MREQ4(maddr, s->iface);
if (setsockopt(s->fd, SOL_IP, IP_DROP_MEMBERSHIP, &mr, sizeof(mr)) < 0)
ERR("IP_DROP_MEMBERSHIP");
return 0;
}
/* RX/TX packet info handling for IPv4 */
/*
* Linux IPv4 packet control messages
*/
/* Mostly similar to standardized IPv6 code */
#define CMSG4_SPACE_PKTINFO CMSG_SPACE(sizeof(struct in_pktinfo))
#define CMSG4_SPACE_TTL CMSG_SPACE(sizeof(int))
static inline char *
static inline int
sk_request_cmsg4_pktinfo(sock *s)
{
int ok = 1;
int y = 1;
if (setsockopt(s->fd, SOL_IP, IP_PKTINFO, &ok, sizeof(ok)) < 0)
return "IP_PKTINFO";
if (setsockopt(s->fd, SOL_IP, IP_PKTINFO, &y, sizeof(y)) < 0)
ERR("IP_PKTINFO");
return NULL;
return 0;
}
static inline int
sk_request_cmsg4_ttl(sock *s)
{
int y = 1;
if (setsockopt(s->fd, SOL_IP, IP_RECVTTL, &y, sizeof(y)) < 0)
ERR("IP_RECVTTL");
return 0;
}
static inline void
sk_process_cmsg4_pktinfo(sock *s, struct cmsghdr *cm)
{
if ((cm->cmsg_type == IP_PKTINFO) && (s->flags & SKF_LADDR_RX))
if (cm->cmsg_type == IP_PKTINFO)
{
struct in_pktinfo *pi = (struct in_pktinfo *) CMSG_DATA(cm);
s->laddr = ipa_get_in4(&pi->ipi_addr);
s->laddr = ipa_from_in4(pi->ipi_addr);
s->lifindex = pi->ipi_ifindex;
}
}
#define CMSG4_SPACE_TTL CMSG_SPACE(sizeof(int))
static inline char *
sk_request_cmsg4_ttl(sock *s)
{
int ok = 1;
if (setsockopt(s->fd, SOL_IP, IP_RECVTTL, &ok, sizeof(ok)) < 0)
return "IP_RECVTTL";
return NULL;
}
static inline void
sk_process_cmsg4_ttl(sock *s, struct cmsghdr *cm)
{
if ((cm->cmsg_type == IP_TTL) && (s->flags & SKF_TTL_RX))
s->ttl = * (int *) CMSG_DATA(cm);
if (cm->cmsg_type == IP_TTL)
s->rcv_ttl = * (int *) CMSG_DATA(cm);
}
static inline void
sk_prepare_cmsgs4(sock *s, struct msghdr *msg, void *cbuf, size_t cbuflen)
{
@ -200,56 +165,105 @@ sk_prepare_cmsgs4(sock *s, struct msghdr *msg, void *cbuf, size_t cbuflen)
pi = (struct in_pktinfo *) CMSG_DATA(cm);
pi->ipi_ifindex = s->iface ? s->iface->index : 0;
ipa_put_in4(&pi->ipi_spec_dst, s->saddr);
ipa_put_in4(&pi->ipi_addr, IPA_NONE);
pi->ipi_spec_dst = ipa_to_in4(s->saddr);
pi->ipi_addr = ipa_to_in4(IPA_NONE);
msg->msg_controllen = cm->cmsg_len;
}
/*
* Miscellaneous Linux socket syscalls
*/
#ifndef IP_MINTTL
#define IP_MINTTL 21
#endif
#ifndef IPV6_MINHOPCOUNT
#define IPV6_MINHOPCOUNT 73
#endif
static inline char *
sk_set_min_ttl4(sock *s, int ttl)
int
sk_set_md5_auth(sock *s, ip_addr a, struct iface *ifa, char *passwd)
{
if (setsockopt(s->fd, SOL_IP, IP_MINTTL, &ttl, sizeof(ttl)) < 0)
return "IP_MINTTL";
struct tcp_md5sig md5;
return NULL;
}
memset(&md5, 0, sizeof(md5));
sockaddr_fill((sockaddr *) &md5.tcpm_addr, s->af, a, ifa, 0);
static inline char *
sk_set_min_ttl6(sock *s, int ttl)
{
if (setsockopt(s->fd, SOL_IPV6, IPV6_MINHOPCOUNT, &ttl, sizeof(ttl)) < 0)
return "IPV6_MINHOPCOUNT";
return NULL;
}
#ifndef IPV6_TCLASS
#define IPV6_TCLASS 67
#endif
int sk_priority_control = 7;
static int
sk_set_priority(sock *s, int prio)
{
if (setsockopt(s->fd, SOL_SOCKET, SO_PRIORITY, &prio, sizeof(prio)) < 0)
if (passwd)
{
log(L_WARN "sk_set_priority: setsockopt: %m");
return -1;
int len = strlen(passwd);
if (len > TCP_MD5SIG_MAXKEYLEN)
ERR_MSG("MD5 password too long");
md5.tcpm_keylen = len;
memcpy(&md5.tcpm_key, passwd, len);
}
if (setsockopt(s->fd, SOL_TCP, TCP_MD5SIG, &md5, sizeof(md5)) < 0)
{
if (errno == ENOPROTOOPT)
ERR_MSG("Kernel does not support TCP MD5 signatures");
else
ERR("TCP_MD5SIG");
}
return 0;
}
static inline int
sk_set_min_ttl4(sock *s, int ttl)
{
if (setsockopt(s->fd, SOL_IP, IP_MINTTL, &ttl, sizeof(ttl)) < 0)
{
if (errno == ENOPROTOOPT)
ERR_MSG("Kernel does not support IPv4 TTL security");
else
ERR("IP_MINTTL");
}
return 0;
}
static inline int
sk_set_min_ttl6(sock *s, int ttl)
{
if (setsockopt(s->fd, SOL_IPV6, IPV6_MINHOPCOUNT, &ttl, sizeof(ttl)) < 0)
{
if (errno == ENOPROTOOPT)
ERR_MSG("Kernel does not support IPv6 TTL security");
else
ERR("IPV6_MINHOPCOUNT");
}
return 0;
}
static inline int
sk_disable_mtu_disc4(sock *s)
{
int dont = IP_PMTUDISC_DONT;
if (setsockopt(s->fd, SOL_IP, IP_MTU_DISCOVER, &dont, sizeof(dont)) < 0)
ERR("IP_MTU_DISCOVER");
return 0;
}
static inline int
sk_disable_mtu_disc6(sock *s)
{
int dont = IPV6_PMTUDISC_DONT;
if (setsockopt(s->fd, SOL_IPV6, IPV6_MTU_DISCOVER, &dont, sizeof(dont)) < 0)
ERR("IPV6_MTU_DISCOVER");
return 0;
}
int sk_priority_control = 7;
static inline int
sk_set_priority(sock *s, int prio)
{
if (setsockopt(s->fd, SOL_SOCKET, SO_PRIORITY, &prio, sizeof(prio)) < 0)
ERR("SO_PRIORITY");
return 0;
}

File diff suppressed because it is too large Load Diff

View File

@ -463,7 +463,12 @@ cli_init_unix(uid_t use_uid, gid_t use_gid)
s->type = SK_UNIX_PASSIVE;
s->rx_hook = cli_connect;
s->rbsize = 1024;
sk_open_unix(s, path_control_socket);
/* Return value intentionally ignored */
unlink(path_control_socket);
if (sk_open_unix(s, path_control_socket) < 0)
die("Cannot create control socket %s: %m", path_control_socket);
if (use_uid || use_gid)
if (chown(path_control_socket, use_uid, use_gid) < 0)

View File

@ -12,6 +12,8 @@
#include <sys/socket.h>
struct pool;
struct iface;
struct birdsock;
/* main.c */
@ -27,29 +29,62 @@ void cmd_shutdown(void);
#define UNIX_DEFAULT_CONFIGURE_TIMEOUT 300
/* io.c */
volatile int async_config_flag;
volatile int async_dump_flag;
volatile int async_shutdown_flag;
#define ERR(c) do { s->err = c; return -1; } while (0)
#define ERR2(c) do { s->err = c; goto err; } while (0)
#define ERR_MSG(c) do { errno = 0; s->err = c; return -1; } while (0)
struct sockaddr;
struct iface;
void sockaddr_fill(struct sockaddr *sa, ip_addr a, struct iface *ifa, unsigned port);
void sockaddr_read(struct sockaddr *sa, ip_addr *a, struct iface **ifa, unsigned *port, int check);
#define SOCKADDR_SIZE 32
typedef struct sockaddr_bird {
struct sockaddr sa;
char padding[SOCKADDR_SIZE - sizeof(struct sockaddr)];
} sockaddr;
/* This is sloppy hack, it should be detected by configure script */
/* Linux systems have it defined so this is definition for BSD systems */
#ifndef s6_addr32
#define s6_addr32 __u6_addr.__u6_addr32
#endif
static inline ip_addr ipa_from_in4(struct in_addr a)
{ return ipa_from_u32(ntohl(a.s_addr)); }
static inline ip_addr ipa_from_in6(struct in6_addr a)
{ return _MI6(ntohl(a.s6_addr32[0]), ntohl(a.s6_addr32[1]), ntohl(a.s6_addr32[2]), ntohl(a.s6_addr32[3])); }
static inline ip_addr ipa_from_sa4(sockaddr *sa)
{ return ipa_from_in4(((struct sockaddr_in *) sa)->sin_addr); }
static inline ip_addr ipa_from_sa6(sockaddr *sa)
{ return ipa_from_in6(((struct sockaddr_in6 *) sa)->sin6_addr); }
static inline struct in_addr ipa_to_in4(ip_addr a)
{ return (struct in_addr) { htonl(ipa_to_u32(a)) }; }
static inline struct in6_addr ipa_to_in6(ip_addr a)
{ return (struct in6_addr) { .s6_addr32 = { htonl(_I0(a)), htonl(_I1(a)), htonl(_I2(a)), htonl(_I3(a)) } }; }
void sockaddr_fill(sockaddr *sa, int af, ip_addr a, struct iface *ifa, uint port);
int sockaddr_read(sockaddr *sa, int af, ip_addr *a, struct iface **ifa, uint *port);
#ifndef SUN_LEN
#define SUN_LEN(ptr) ((size_t) (((struct sockaddr_un *) 0)->sun_path) + strlen ((ptr)->sun_path))
#endif
struct birdsock;
struct iface;
volatile int async_config_flag;
volatile int async_dump_flag;
volatile int async_shutdown_flag;
void io_init(void);
void io_loop(void);
void sk_open_unix(struct birdsock *s, char *name);
int sk_open_unix(struct birdsock *s, char *name);
void *tracked_fopen(struct pool *, char *name, char *mode);
void test_old_bird(char *path);