int bgp_set_socket_ttl(struct peer *peer, int bgp_sock)
{
char buf[INET_ADDRSTRLEN];
int ret = 0;
/* In case of peer is EBGP, we should set TTL for this connection. */
if (!peer->gtsm_hops && (peer_sort(peer) == BGP_PEER_EBGP)) {
ret = sockopt_ttl(peer->su.sa.sa_family, bgp_sock, peer->ttl);
if (ret) {
flog_err(
EC_LIB_SOCKET,
"%s: Can't set TxTTL on peer (rtrid %s) socket, err = %d",
__func__,
inet_ntop(AF_INET, &peer->remote_id, buf,
sizeof(buf)),
errno);
return ret;
}
} else if (peer->gtsm_hops) {
/* On Linux, setting minttl without setting ttl seems to mess
with the
outgoing ttl. Therefore setting both.
*/
ret = sockopt_ttl(peer->su.sa.sa_family, bgp_sock, MAXTTL);
if (ret) {
flog_err(
EC_LIB_SOCKET,
"%s: Can't set TxTTL on peer (rtrid %s) socket, err = %d",
__func__,
inet_ntop(AF_INET, &peer->remote_id, buf,
sizeof(buf)),
errno);
return ret;
}
ret = sockopt_minttl(peer->su.sa.sa_family, bgp_sock,
MAXTTL + 1 - peer->gtsm_hops);
if (ret) {
flog_err(
EC_LIB_SOCKET,
"%s: Can't set MinTTL on peer (rtrid %s) socket, err = %d",
__func__,
inet_ntop(AF_INET, &peer->remote_id, buf,
sizeof(buf)),
errno);
return ret;
}
}
return ret;
}
int mcp_tcp_client_connect (struct ppp_mcp_sock *peer)
{
unsigned int ifindex = 0;
if(peer->fd > 0)
{
close(peer->fd);
peer->fd = -1;
}
/* Make socket for the peer. */
peer->fd = sockunion_socket (&peer->su);
if (peer->fd < 0)
return -1;
/* If we can get socket for the peer, adjest TTL and make connection. */
sockopt_ttl (peer->su.sa.sa_family, peer->fd, 512);
sockopt_reuseaddr (peer->fd);
sockopt_reuseport (peer->fd);
PPPD_DEBUG_TCP("%s [Event] Connect start to %s fd %d",
peer->hostname, peer->hostname, peer->fd);
/* Connect to the remote peer. */
return sockunion_connect (peer->fd, &peer->su, htons(peer->port), ifindex);
}
int
bgp_socket (unsigned short port, const char *address)
{
struct addrinfo *ainfo;
struct addrinfo *ainfo_save;
static const struct addrinfo req = {
.ai_family = AF_UNSPEC,
.ai_flags = AI_PASSIVE,
.ai_socktype = SOCK_STREAM,
};
int ret, count;
char port_str[BUFSIZ];
snprintf (port_str, sizeof(port_str), "%d", port);
port_str[sizeof (port_str) - 1] = '\0';
ret = getaddrinfo (address, port_str, &req, &ainfo_save);
if (ret != 0)
{
zlog_err ("getaddrinfo: %s", gai_strerror (ret));
return -1;
}
count = 0;
for (ainfo = ainfo_save; ainfo; ainfo = ainfo->ai_next)
{
int sock;
if (ainfo->ai_family != AF_INET && ainfo->ai_family != AF_INET6)
continue;
sock = socket (ainfo->ai_family, ainfo->ai_socktype, ainfo->ai_protocol);
if (sock < 0)
{
zlog_err ("socket: %s", safe_strerror (errno));
continue;
}
/* if we intend to implement ttl-security, this socket needs ttl=255 */
sockopt_ttl (ainfo->ai_family, sock, MAXTTL);
ret = bgp_listener (sock, ainfo->ai_addr, ainfo->ai_addrlen);
if (ret == 0)
++count;
else
close(sock);
}
freeaddrinfo (ainfo_save);
if (count == 0)
{
zlog_err ("%s: no usable addresses", __func__);
return -1;
}
return 0;
}
/* BGP try to connect to the peer. */
int
bgp_connect (struct peer *peer)
{
unsigned int ifindex = 0;
/* Make socket for the peer. */
peer->fd = sockunion_socket (&peer->su);
if (peer->fd < 0)
return -1;
/* If we can get socket for the peer, adjest TTL and make connection. */
if (peer->sort == BGP_PEER_EBGP) {
sockopt_ttl (peer->su.sa.sa_family, peer->fd, peer->ttl);
if (peer->gtsm_hops)
sockopt_minttl (peer->su.sa.sa_family, peer->fd, MAXTTL + 1 - peer->gtsm_hops);
}
sockopt_reuseaddr (peer->fd);
sockopt_reuseport (peer->fd);
#ifdef IPTOS_PREC_INTERNETCONTROL
if (bgpd_privs.change (ZPRIVS_RAISE))
zlog_err ("%s: could not raise privs", __func__);
if (sockunion_family (&peer->su) == AF_INET)
setsockopt_ipv4_tos (peer->fd, IPTOS_PREC_INTERNETCONTROL);
# ifdef HAVE_IPV6
else if (sockunion_family (&peer->su) == AF_INET6)
setsockopt_ipv6_tclass (peer->fd, IPTOS_PREC_INTERNETCONTROL);
# endif
if (bgpd_privs.change (ZPRIVS_LOWER))
zlog_err ("%s: could not lower privs", __func__);
#endif
if (peer->password)
bgp_md5_set_connect (peer->fd, &peer->su, peer->password);
/* Bind socket. */
bgp_bind (peer);
/* Update source bind. */
bgp_update_source (peer);
#ifdef HAVE_IPV6
if (peer->ifname)
ifindex = if_nametoindex (peer->ifname);
#endif /* HAVE_IPV6 */
if (BGP_DEBUG (events, EVENTS))
plog_debug (peer->log, "%s [Event] Connect start to %s fd %d",
peer->host, peer->host, peer->fd);
/* Connect to the remote peer. */
return sockunion_connect (peer->fd, &peer->su, htons (peer->port), ifindex);
}
/* Traditional IPv4 only version. */
int
bgp_socket (unsigned short port, const char *address)
{
int sock;
int socklen;
struct sockaddr_in sin;
int ret, en;
sock = socket (AF_INET, SOCK_STREAM, 0);
if (sock < 0)
{
zlog_err ("socket: %s", safe_strerror (errno));
return sock;
}
/* if we intend to implement ttl-security, this socket needs ttl=255 */
sockopt_ttl (AF_INET, sock, MAXTTL);
memset (&sin, 0, sizeof (struct sockaddr_in));
sin.sin_family = AF_INET;
sin.sin_port = htons (port);
socklen = sizeof (struct sockaddr_in);
if (address && ((ret = inet_aton(address, &sin.sin_addr)) < 1))
{
zlog_err("bgp_socket: could not parse ip address %s: %s",
address, safe_strerror (errno));
return ret;
}
#ifdef HAVE_STRUCT_SOCKADDR_IN_SIN_LEN
sin.sin_len = socklen;
#endif /* HAVE_STRUCT_SOCKADDR_IN_SIN_LEN */
ret = bgp_listener (sock, (struct sockaddr *) &sin, socklen);
if (ret < 0)
{
close (sock);
return ret;
}
return sock;
}
/* BGP try to connect to the peer. */
int
bgp_connect (struct peer *peer)
{
unsigned int ifindex = 0;
/* Make socket for the peer. */
peer->fd = sockunion_socket (&peer->su);
if (peer->fd < 0)
return -1;
/* If we can get socket for the peer, adjest TTL and make connection. */
if (peer_sort (peer) == BGP_PEER_EBGP)
sockopt_ttl (peer->su.sa.sa_family, peer->fd, peer->ttl);
sockopt_reuseaddr (peer->fd);
sockopt_reuseport (peer->fd);
/* Bind socket. */
bgp_bind (peer);
/* Update source bind. */
bgp_update_source (peer);
#ifdef HAVE_IPV6
if (peer->ifname)
ifindex = if_nametoindex (peer->ifname);
#endif /* HAVE_IPV6 */
if (BGP_DEBUG (events, EVENTS))
plog_info (peer->log, "%s [Event] Connect start to %s fd %d",
peer->host, peer->host, peer->fd);
#ifdef HAVE_TCP_SIGNATURE
if (CHECK_FLAG (peer->flags, PEER_FLAG_PASSWORD))
bgp_tcpsig_set (peer->fd, peer);
#endif /* HAVE_TCP_SIGNATURE */
/* Connect to the remote peer. */
return sockunion_connect (peer->fd, &peer->su, htons (peer->port), ifindex);
}
/* Accept bgp connection. */
static int
bgp_accept (struct thread *thread)
{
int bgp_sock;
int accept_sock;
union sockunion su;
struct bgp_listener *listener = THREAD_ARG(thread);
struct peer *peer;
struct peer *peer1;
char buf[SU_ADDRSTRLEN];
/* Register accept thread. */
accept_sock = THREAD_FD (thread);
if (accept_sock < 0)
{
zlog_err ("accept_sock is nevative value %d", accept_sock);
return -1;
}
listener->thread = thread_add_read (master, bgp_accept, listener, accept_sock);
/* Accept client connection. */
bgp_sock = sockunion_accept (accept_sock, &su);
if (bgp_sock < 0)
{
zlog_err ("[Error] BGP socket accept failed (%s)", safe_strerror (errno));
return -1;
}
set_nonblocking (bgp_sock);
if (BGP_DEBUG (events, EVENTS))
zlog_debug ("[Event] BGP connection from host %s", inet_sutop (&su, buf));
/* Check remote IP address */
peer1 = peer_lookup (NULL, &su);
if (! peer1 || peer1->status == Idle)
{
if (BGP_DEBUG (events, EVENTS))
{
if (! peer1)
zlog_debug ("[Event] BGP connection IP address %s is not configured",
inet_sutop (&su, buf));
else
zlog_debug ("[Event] BGP connection IP address %s is Idle state",
inet_sutop (&su, buf));
}
close (bgp_sock);
return -1;
}
/* In case of peer is EBGP, we should set TTL for this connection. */
if (peer_sort (peer1) == BGP_PEER_EBGP) {
sockopt_ttl (peer1->su.sa.sa_family, bgp_sock, peer1->ttl);
if (peer1->gtsm_hops)
sockopt_minttl (peer1->su.sa.sa_family, bgp_sock, MAXTTL + 1 - peer1->gtsm_hops);
}
/* Make dummy peer until read Open packet. */
if (BGP_DEBUG (events, EVENTS))
zlog_debug ("[Event] Make dummy peer structure until read Open packet");
{
char buf[SU_ADDRSTRLEN + 1];
peer = peer_create_accept (peer1->bgp);
SET_FLAG (peer->sflags, PEER_STATUS_ACCEPT_PEER);
peer->su = su;
peer->fd = bgp_sock;
peer->status = Active;
peer->local_id = peer1->local_id;
peer->v_holdtime = peer1->v_holdtime;
peer->v_keepalive = peer1->v_keepalive;
/* Make peer's address string. */
sockunion2str (&su, buf, SU_ADDRSTRLEN);
peer->host = STRDUP (MTYPE_BGP_PEER_HOST, buf);
}
BGP_EVENT_ADD (peer, TCP_connection_open);
return 0;
}
/* IPv6 supported version of BGP server socket setup. */
int bgp_socket(struct bgp *bgp, unsigned short port, const char *address)
{
struct addrinfo *ainfo;
struct addrinfo *ainfo_save;
static const struct addrinfo req = {
.ai_family = AF_UNSPEC,
.ai_flags = AI_PASSIVE,
.ai_socktype = SOCK_STREAM,
};
int ret, count;
char port_str[BUFSIZ];
snprintf(port_str, sizeof(port_str), "%d", port);
port_str[sizeof(port_str) - 1] = '\0';
frr_elevate_privs(&bgpd_privs) {
ret = vrf_getaddrinfo(address, port_str, &req, &ainfo_save,
bgp->vrf_id);
}
if (ret != 0) {
flog_err_sys(EC_LIB_SOCKET, "getaddrinfo: %s",
gai_strerror(ret));
return -1;
}
if (bgp_option_check(BGP_OPT_NO_ZEBRA) &&
bgp->vrf_id != VRF_DEFAULT) {
freeaddrinfo(ainfo_save);
return -1;
}
count = 0;
for (ainfo = ainfo_save; ainfo; ainfo = ainfo->ai_next) {
int sock;
if (ainfo->ai_family != AF_INET && ainfo->ai_family != AF_INET6)
continue;
frr_elevate_privs(&bgpd_privs) {
sock = vrf_socket(ainfo->ai_family,
ainfo->ai_socktype,
ainfo->ai_protocol, bgp->vrf_id,
(bgp->inst_type
== BGP_INSTANCE_TYPE_VRF
? bgp->name : NULL));
}
if (sock < 0) {
flog_err_sys(EC_LIB_SOCKET, "socket: %s",
safe_strerror(errno));
continue;
}
/* if we intend to implement ttl-security, this socket needs
* ttl=255 */
sockopt_ttl(ainfo->ai_family, sock, MAXTTL);
ret = bgp_listener(sock, ainfo->ai_addr, ainfo->ai_addrlen,
bgp);
if (ret == 0)
++count;
else
close(sock);
}
freeaddrinfo(ainfo_save);
if (count == 0 && bgp->inst_type != BGP_INSTANCE_TYPE_VRF) {
flog_err(
EC_LIB_SOCKET,
"%s: no usable addresses please check other programs usage of specified port %d",
__func__, port);
flog_err_sys(EC_LIB_SOCKET, "%s: Program cannot continue",
__func__);
exit(-1);
}
return 0;
}
/* BGP try to connect to the peer. */
int bgp_connect (struct peer *peer)
{
printf("\n BGP CONNECT: I am in BGP Connect\n");
unsigned int ifindex = 0;
/*setting up TLS for a second*/
printf("\n BGP CONNECT: I am just about to initialise SSL\n");
ssl_init(); //initialise the library, method, contact of ssl session, returns nothing
if(BGPTLS.psCTX==NULL)
{
printf("\n BGP CONNECT: There is no entry in the .psCTX pointer \n");
}
else
{
printf("\n BGP CONNECT: There is an entry in the .psCTX pointer, it is %i \n", BGPTLS_sess_server.psCTX);
}
printf("\n BGP CONNECT: There is an entry in the .psCTX pointer: ");
printf("%i \n", BGPTLS.psCTX);
/*if (SSL_CTX_use_certificate_chain_file(BGPTLS_sess_server.psCTX,"/usr/home/dugald/subcert.pem")!=1)
{
printf("Error loading certificate from file");
}
else
{
printf("Certificate has loaded correctly");
} */
/* Make socket for the peer. */
printf("BGP CONNECT: Here's sockets");
peer->fd = sockunion_socket (&peer->su);
SSL_connect(BGPTLS->ssl);
if (peer->fd < 0)
return -1;
/* If we can get socket for the peer, adjest TTL and make connection. */
if (peer->sort == BGP_PEER_EBGP)
{
sockopt_ttl (peer->su.sa.sa_family, peer->fd, peer->ttl);
if (peer->gtsm_hops)
sockopt_minttl (peer->su.sa.sa_family, peer->fd, MAXTTL + 1 - peer->gtsm_hops);
}
sockopt_reuseaddr (peer->fd);
sockopt_reuseport (peer->fd);
#ifdef IPTOS_PREC_INTERNETCONTROL
if (bgpd_privs.change (ZPRIVS_RAISE))
zlog_err ("%s: could not raise privs", __func__);
if (sockunion_family (&peer->su) == AF_INET)
setsockopt_ipv4_tos (peer->fd, IPTOS_PREC_INTERNETCONTROL);
# ifdef HAVE_IPV6
else if (sockunion_family (&peer->su) == AF_INET6)
setsockopt_ipv6_tclass (peer->fd, IPTOS_PREC_INTERNETCONTROL);
# endif
if (bgpd_privs.change (ZPRIVS_LOWER))
zlog_err ("%s: could not lower privs", __func__);
#endif
if (peer->password)
bgp_md5_set_connect (peer->fd, &peer->su, peer->password);
/* Bind socket. */
//bgp_bind (peer);
/* Update source bind. */
//bgp_update_source (peer);
#ifdef HAVE_IPV6
if (peer->ifname)
ifindex = if_nametoindex (peer->ifname);
#endif /* HAVE_IPV6 */
if (BGP_DEBUG (events, EVENTS))
plog_debug (peer->log, "%s [Event] Connect start to %s fd %d", peer->host, peer->host, peer->fd);
/* Connect to the remote peer. */
return sockunion_connect (peer->fd, &peer->su, htons (peer->port), ifindex);
}
