/* After TCP connection is established. Get local address and port. */ int bgp_getsockname(struct peer *peer) { if (peer->su_local) { sockunion_free(peer->su_local); peer->su_local = NULL; } if (peer->su_remote) { sockunion_free(peer->su_remote); peer->su_remote = NULL; } peer->su_local = sockunion_getsockname(peer->fd); if (!peer->su_local) return -1; peer->su_remote = sockunion_getpeername(peer->fd); if (!peer->su_remote) return -1; if (!bgp_zebra_nexthop_set(peer->su_local, peer->su_remote, &peer->nexthop, peer)) { flog_err(EC_BGP_NH_UPD, "%s: nexthop_set failed, resetting connection - intf %p", peer->host, peer->nexthop.ifp); return -1; } return 0; }
/* After TCP connection is established. Get local address and port. */ void bgp_getsockname (struct peer *peer) { if (peer->su_local) { sockunion_free (peer->su_local); peer->su_local = NULL; } if (peer->su_remote) { sockunion_free (peer->su_remote); peer->su_remote = NULL; } peer->su_local = sockunion_getsockname (peer->fd); peer->su_remote = sockunion_getpeername (peer->fd); bgp_nexthop_set (peer->su_local, peer->su_remote, &peer->nexthop, peer); }
/* This function is the first starting point of all BGP connection. It try to connect to remote peer with non-blocking IO. */ int bgp_start (struct peer *peer) { int status; if (BGP_PEER_START_SUPPRESSED (peer)) { if (BGP_DEBUG (fsm, FSM)) plog_err (peer->log, "%s [FSM] Trying to start suppressed peer" " - this is never supposed to happen!", peer->host); return -1; } /* Scrub some information that might be left over from a previous, * session */ /* Connection information. */ if (peer->su_local) { sockunion_free (peer->su_local); peer->su_local = NULL; } if (peer->su_remote) { sockunion_free (peer->su_remote); peer->su_remote = NULL; } /* Clear remote router-id. */ peer->remote_id.s_addr = 0; /* Clear peer capability flag. */ peer->cap = 0; /* If the peer is passive mode, force to move to Active mode. */ if (CHECK_FLAG (peer->flags, PEER_FLAG_PASSIVE)) { BGP_EVENT_ADD (peer, TCP_connection_open_failed); return 0; } status = bgp_connect (peer); switch (status) { case connect_error: if (BGP_DEBUG (fsm, FSM)) plog_debug (peer->log, "%s [FSM] Connect error", peer->host); BGP_EVENT_ADD (peer, TCP_connection_open_failed); break; case connect_success: if (BGP_DEBUG (fsm, FSM)) plog_debug (peer->log, "%s [FSM] Connect immediately success", peer->host); BGP_EVENT_ADD (peer, TCP_connection_open); break; case connect_in_progress: /* To check nonblocking connect, we wait until socket is readable or writable. */ if (BGP_DEBUG (fsm, FSM)) plog_debug (peer->log, "%s [FSM] Non blocking connect waiting result", peer->host); if (peer->fd < 0) { zlog_err ("bgp_start peer's fd is negative value %d", peer->fd); return -1; } BGP_READ_ON (peer->t_read, bgp_read, peer->fd); BGP_WRITE_ON (peer->t_write, bgp_write, peer->fd); break; } return 0; }
int sockopt_tcp_signature (int sock, union sockunion *su, const char *password) { #define CONFIG_TCP_MD5SIG 1 #define TCP_MD5SIG 14 #define GNU_LINUX 1 #if defined(HAVE_TCP_MD5_LINUX24) && defined(GNU_LINUX) /* Support for the old Linux 2.4 TCP-MD5 patch, taken from Hasso Tepper's * version of the Quagga patch (based on work by Rick Payne, and Bruce * Simpson) */ #define TCP_MD5_AUTH 13 #define TCP_MD5_AUTH_ADD 1 #define TCP_MD5_AUTH_DEL 2 struct tcp_rfc2385_cmd { u_int8_t command; /* Command - Add/Delete */ u_int32_t address; /* IPV4 address associated */ u_int8_t keylen; /* MD5 Key len (do NOT assume 0 terminated ascii) */ void *key; /* MD5 Key */ } cmd; struct in_addr *addr = &su->sin.sin_addr; cmd.command = (password != NULL ? TCP_MD5_AUTH_ADD : TCP_MD5_AUTH_DEL); cmd.address = addr->s_addr; cmd.keylen = (password != NULL ? strlen (password) : 0); cmd.key = password; return setsockopt (sock, IPPROTO_TCP, TCP_MD5_AUTH, &cmd, sizeof cmd); #elif CONFIG_TCP_MD5SIG int ret; #ifndef GNU_LINUX /* * XXX Need to do PF_KEY operation here to add/remove an SA entry, * and add/remove an SP entry for this peer's packet flows also. */ int md5sig = password && *password ? 1 : 0; #else struct { struct { unsigned short ss_family; char __data[128 - sizeof(unsigned short)]; } tcpm_addr; /* address associated */ __u16 __tcpm_pad1; /* zero */ __u16 tcpm_keylen; /* key length */ __u32 __tcpm_pad2; /* zero */ __u8 tcpm_key[80]; /* key (binary) */ } md5sig; //struct tcp_md5sig md5sig; int keylen = 0; union sockunion *su2, *susock; if(NULL != password) keylen = strlen(password) ; /* Figure out whether the socket and the sockunion are the same family.. * adding AF_INET to AF_INET6 needs to be v4 mapped, you'd think.. */ susock = XCALLOC (MTYPE_SOCKUNION, sizeof (union sockunion)); if(NULL == susock) { return -1; } if (!( sockunion_getsockname (sock, susock))) return -1; if (susock->sa.sa_family == su->sa.sa_family) su2 = su; else { /* oops.. */ su2 = susock; if (su2->sa.sa_family == AF_INET) { sockunion_free (susock); return 0; } #ifdef HAVE_IPV6 /* If this does not work, then all users of this sockopt will need to * differentiate between IPv4 and IPv6, and keep seperate sockets for * each. * * Sadly, it doesn't seem to work at present. It's unknown whether * this is a bug or not. */ if (su2->sa.sa_family == AF_INET6 && su->sa.sa_family == AF_INET) { su2->sin6.sin6_family = AF_INET6; /* V4Map the address */ memset (&su2->sin6.sin6_addr, 0, sizeof (struct in6_addr)); su2->sin6.sin6_addr.s6_addr32[2] = htonl(0xffff); memcpy (&su2->sin6.sin6_addr.s6_addr32[3], &su->sin.sin_addr, 4); } #endif } memset (&md5sig, 0, sizeof (md5sig)); memcpy (&md5sig.tcpm_addr, su2, sizeof (*su2)); md5sig.tcpm_keylen = keylen; if (keylen) memcpy (md5sig.tcpm_key, password, keylen); sockunion_free (susock); #endif /* GNU_LINUX */ if ((ret = setsockopt (sock, IPPROTO_TCP, TCP_MD5SIG, &md5sig, sizeof md5sig)) < 0) { /* ENOENT is harmless. It is returned when we clear a password for which one was not previously set. */ if (ENOENT == errno) ret = 0; else zlog_err ("sockopt_tcp_signature: setsockopt(%d): %s", sock, safe_strerror(errno)); } return ret; #else /* HAVE_TCP_MD5SIG */ return -2; #endif /* !HAVE_TCP_MD5SIG */ }
int sockopt_tcp_signature (int sock, union sockunion *su, const char *password) { #if HAVE_DECL_TCP_MD5SIG int ret; #ifndef GNU_LINUX /* * XXX Need to do PF_KEY operation here to add/remove an SA entry, * and add/remove an SP entry for this peer's packet flows also. */ int md5sig = password && *password ? 1 : 0; #else int keylen = password ? strlen (password) : 0; struct tcp_md5sig md5sig; union sockunion *su2, *susock; /* Figure out whether the socket and the sockunion are the same family.. * adding AF_INET to AF_INET6 needs to be v4 mapped, you'd think.. */ if (!(susock = sockunion_getsockname (sock))) return -1; if (susock->sa.sa_family == su->sa.sa_family) su2 = su; else { /* oops.. */ su2 = susock; if (su2->sa.sa_family == AF_INET) { sockunion_free (susock); return -1; }; /* If this does not work, then all users of this sockopt will need to * differentiate between IPv4 and IPv6, and keep seperate sockets for * each. * * Sadly, it doesn't seem to work at present. It's unknown whether * this is a bug or not. */ if (su2->sa.sa_family == AF_INET6 && su->sa.sa_family == AF_INET) { su2->sin6.sin6_family = AF_INET6; /* V4Map the address */ memset (&su2->sin6.sin6_addr, 0, sizeof (struct in6_addr)); su2->sin6.sin6_addr.s6_addr32[2] = htonl(0xffff); memcpy (&su2->sin6.sin6_addr.s6_addr32[3], &su->sin.sin_addr, 4); } } memset (&md5sig, 0, sizeof (md5sig)); memcpy (&md5sig.tcpm_addr, su2, sizeof (*su2)); md5sig.tcpm_keylen = keylen; if (keylen) memcpy (md5sig.tcpm_key, password, keylen); sockunion_free (susock); #endif /* GNU_LINUX */ ret = setsockopt (sock, IPPROTO_TCP, TCP_MD5SIG, &md5sig, sizeof md5sig); return ret; #else /* HAVE_TCP_MD5SIG */ return -2; #endif /* HAVE_TCP_MD5SIG */ }