[mirror_frr.git] / ldpd / socket.c

/*	$OpenBSD$ */

/*
 * Copyright (c) 2016 Renato Westphal <renato@openbsd.org>
 * Copyright (c) 2009 Michele Marchetto <michele@openbsd.org>
 * Copyright (c) 2005 Claudio Jeker <claudio@openbsd.org>
 * Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org>
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 */

#include <zebra.h>

#include "ldpd.h"
#include "ldpe.h"
#include "log.h"

#include "lib/log.h"
#include "privs.h"
#include "sockopt.h"

extern struct zebra_privs_t	 ldpd_privs;
extern struct zebra_privs_t	 ldpe_privs;

int
ldp_create_socket(int af, enum socket_type type)
{
	int			 fd, domain, proto;
	union ldpd_addr		 addr;
	struct sockaddr_storage	 local_sa;
#ifdef __OpenBSD__
	int			 opt;
#endif
	int			 save_errno;

	/* create socket */
	switch (type) {
	case LDP_SOCKET_DISC:
	case LDP_SOCKET_EDISC:
		domain = SOCK_DGRAM;
		proto = IPPROTO_UDP;
		break;
	case LDP_SOCKET_SESSION:
		domain = SOCK_STREAM;
		proto = IPPROTO_TCP;
		break;
	default:
		fatalx("ldp_create_socket: unknown socket type");
	}
	fd = socket(af, domain, proto);
	if (fd == -1) {
		log_warn("%s: error creating socket", __func__);
		return (-1);
	}
	sock_set_nonblock(fd);
	sockopt_v6only(af, fd);

	/* bind to a local address/port */
	switch (type) {
	case LDP_SOCKET_DISC:
		/* listen on all addresses */
		memset(&addr, 0, sizeof(addr));
		memcpy(&local_sa, addr2sa(af, &addr, LDP_PORT),
		    sizeof(local_sa));
		break;
	case LDP_SOCKET_EDISC:
	case LDP_SOCKET_SESSION:
		addr = (ldp_af_conf_get(ldpd_conf, af))->trans_addr;
		memcpy(&local_sa, addr2sa(af, &addr, LDP_PORT),
		    sizeof(local_sa));
		/* ignore any possible error */
		sock_set_bindany(fd, 1);
		break;
	}
	if (ldpd_privs.change(ZPRIVS_RAISE))
		log_warn("%s: could not raise privs", __func__);
	if (sock_set_reuse(fd, 1) == -1) {
		close(fd);
		return (-1);
	}
	if (bind(fd, (struct sockaddr *)&local_sa,
	    sockaddr_len((struct sockaddr *)&local_sa)) == -1) {
		save_errno = errno;
		if (ldpd_privs.change(ZPRIVS_LOWER))
			log_warn("%s: could not lower privs", __func__);
		log_warnx("%s: error binding socket: %s", __func__,
		    safe_strerror(save_errno));
		close(fd);
		return (-1);
	}
	if (ldpd_privs.change(ZPRIVS_LOWER))
		log_warn("%s: could not lower privs", __func__);

	/* set options */
	switch (af) {
	case AF_INET:
		if (sock_set_ipv4_tos(fd, IPTOS_PREC_INTERNETCONTROL) == -1) {
			close(fd);
			return (-1);
		}
		if (type == LDP_SOCKET_DISC) {
			if (sock_set_ipv4_mcast_ttl(fd,
			    IP_DEFAULT_MULTICAST_TTL) == -1) {
				close(fd);
				return (-1);
			}
			if (sock_set_ipv4_mcast_loop(fd) == -1) {
				close(fd);
				return (-1);
			}
		}
		if (type == LDP_SOCKET_DISC || type == LDP_SOCKET_EDISC) {
			if (sock_set_ipv4_recvif(fd, 1) == -1) {
				close(fd);
				return (-1);
			}
#ifndef MSG_MCAST
#if defined(HAVE_IP_PKTINFO)
			if (sock_set_ipv4_pktinfo(fd, 1) == -1) {
				close(fd);
				return (-1);
			}
#elif defined(HAVE_IP_RECVDSTADDR)
			if (sock_set_ipv4_recvdstaddr(fd, 1) == -1) {
				close(fd);
				return (-1);
			}
#else
#error "Unsupported socket API"
#endif
#endif /* MSG_MCAST */
		}
		if (type == LDP_SOCKET_SESSION) {
			if (sock_set_ipv4_ucast_ttl(fd, 255) == -1) {
				close(fd);
				return (-1);
			}
		}
		break;
	case AF_INET6:
		if (sock_set_ipv6_dscp(fd, IPTOS_PREC_INTERNETCONTROL) == -1) {
			close(fd);
			return (-1);
		}
		if (type == LDP_SOCKET_DISC) {
			if (sock_set_ipv6_mcast_loop(fd) == -1) {
				close(fd);
				return (-1);
			}
			if (sock_set_ipv6_mcast_hops(fd, 255) == -1) {
				close(fd);
				return (-1);
			}
			if (!(ldpd_conf->ipv6.flags & F_LDPD_AF_NO_GTSM)) {
				/* ignore any possible error */
				sock_set_ipv6_minhopcount(fd, 255);
			}
		}
		if (type == LDP_SOCKET_DISC || type == LDP_SOCKET_EDISC) {
			if (sock_set_ipv6_pktinfo(fd, 1) == -1) {
				close(fd);
				return (-1);
			}
		}
		if (type == LDP_SOCKET_SESSION) {
			if (sock_set_ipv6_ucast_hops(fd, 255) == -1) {
				close(fd);
				return (-1);
			}
		}
		break;
	}
	switch (type) {
	case LDP_SOCKET_DISC:
	case LDP_SOCKET_EDISC:
		sock_set_recvbuf(fd);
		break;
	case LDP_SOCKET_SESSION:
		if (listen(fd, LDP_BACKLOG) == -1)
			log_warn("%s: error listening on socket", __func__);

#ifdef __OpenBSD__
		opt = 1;
		if (setsockopt(fd, IPPROTO_TCP, TCP_MD5SIG, &opt,
		    sizeof(opt)) == -1) {
			if (errno == ENOPROTOOPT) {	/* system w/o md5sig */
				log_warnx("md5sig not available, disabling");
				sysdep.no_md5sig = 1;
			} else {
				close(fd);
				return (-1);
			}
		}
#endif
		break;
	}

	return (fd);
}

void
sock_set_nonblock(int fd)
{
	int	flags;

	if ((flags = fcntl(fd, F_GETFL, 0)) == -1)
		fatal("fcntl F_GETFL");

	flags |= O_NONBLOCK;

	if ((flags = fcntl(fd, F_SETFL, flags)) == -1)
		fatal("fcntl F_SETFL");
}

void
sock_set_cloexec(int fd)
{
	int	flags;

	if ((flags = fcntl(fd, F_GETFD, 0)) == -1)
		fatal("fcntl F_GETFD");

	flags |= FD_CLOEXEC;

	if ((flags = fcntl(fd, F_SETFD, flags)) == -1)
		fatal("fcntl F_SETFD");
}

void
sock_set_recvbuf(int fd)
{
	int	bsize;

	bsize = 65535;
	while (setsockopt(fd, SOL_SOCKET, SO_RCVBUF, &bsize,
	    sizeof(bsize)) == -1)
		bsize /= 2;
}

int
sock_set_reuse(int fd, int enable)
{
	if (setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, &enable,
	    sizeof(int)) < 0) {
		log_warn("%s: error setting SO_REUSEADDR", __func__);
		return (-1);
	}

	return (0);
}

int
sock_set_bindany(int fd, int enable)
{
#ifdef HAVE_SO_BINDANY
	if (ldpd_privs.change(ZPRIVS_RAISE))
		log_warn("%s: could not raise privs", __func__);
	if (setsockopt(fd, SOL_SOCKET, SO_BINDANY, &enable,
	    sizeof(int)) < 0) {
		if (ldpd_privs.change(ZPRIVS_LOWER))
			log_warn("%s: could not lower privs", __func__);
		log_warn("%s: error setting SO_BINDANY", __func__);
		return (-1);
	}
	if (ldpd_privs.change(ZPRIVS_LOWER))
		log_warn("%s: could not lower privs", __func__);
	return (0);
#elif defined(HAVE_IP_FREEBIND)
	if (setsockopt(fd, IPPROTO_IP, IP_FREEBIND, &enable, sizeof(int)) < 0) {
		log_warn("%s: error setting IP_FREEBIND", __func__);
		return (-1);
	}
	return (0);
#else
	log_warnx("%s: missing SO_BINDANY and IP_FREEBIND, unable to bind "
	    "to a nonlocal IP address", __func__);
	return (-1);
#endif /* HAVE_SO_BINDANY */
}

#ifndef __OpenBSD__
/*
 * Set MD5 key for the socket, for the given peer address. If the password
 * is NULL or zero-length, the option will be disabled.
 */
int
sock_set_md5sig(int fd, int af, union ldpd_addr *addr, const char *password)
{
	int		 ret = -1;
	int		 save_errno = ENOSYS;
#if HAVE_DECL_TCP_MD5SIG
	union sockunion	 su;
#endif

	if (fd == -1)
		return (0);
#if HAVE_DECL_TCP_MD5SIG
	memcpy(&su, addr2sa(af, addr, 0), sizeof(su));

	if (ldpe_privs.change(ZPRIVS_RAISE)) {
		log_warn("%s: could not raise privs", __func__);
		return (-1);
	}
	ret = sockopt_tcp_signature(fd, &su, password);
	save_errno = errno;
	if (ldpe_privs.change(ZPRIVS_LOWER))
		log_warn("%s: could not lower privs", __func__);
#endif /* HAVE_TCP_MD5SIG */
	if (ret < 0)
		log_warnx("%s: can't set TCP_MD5SIG option on fd %d: %s",
		    __func__, fd, safe_strerror(save_errno));

	return (ret);
}
#endif

int
sock_set_ipv4_tos(int fd, int tos)
{
	if (setsockopt(fd, IPPROTO_IP, IP_TOS, (int *)&tos, sizeof(tos)) < 0) {
		log_warn("%s: error setting IP_TOS to 0x%x", __func__, tos);
		return (-1);
	}

	return (0);
}

int
sock_set_ipv4_recvif(int fd, int enable)
{
	return (setsockopt_ifindex(AF_INET, fd, enable));
}

int
sock_set_ipv4_minttl(int fd, int ttl)
{
	return (sockopt_minttl(AF_INET, fd, ttl));
}

int
sock_set_ipv4_ucast_ttl(int fd, int ttl)
{
	if (setsockopt(fd, IPPROTO_IP, IP_TTL, &ttl, sizeof(ttl)) < 0) {
		log_warn("%s: error setting IP_TTL", __func__);
		return (-1);
	}

	return (0);
}

int
sock_set_ipv4_mcast_ttl(int fd, uint8_t ttl)
{
	if (setsockopt(fd, IPPROTO_IP, IP_MULTICAST_TTL,
	    (char *)&ttl, sizeof(ttl)) < 0) {
		log_warn("%s: error setting IP_MULTICAST_TTL to %d",
		    __func__, ttl);
		return (-1);
	}

	return (0);
}

#ifndef MSG_MCAST
#if defined(HAVE_IP_PKTINFO)
int
sock_set_ipv4_pktinfo(int fd, int enable)
{
	if (setsockopt(fd, IPPROTO_IP, IP_PKTINFO, &enable,
	    sizeof(enable)) < 0) {
		log_warn("%s: error setting IP_PKTINFO", __func__);
		return (-1);
	}

	return (0);
}
#elif defined(HAVE_IP_RECVDSTADDR)
int
sock_set_ipv4_recvdstaddr(int fd, int enable)
{
	if (setsockopt(fd, IPPROTO_IP, IP_RECVDSTADDR, &enable,
	    sizeof(enable)) < 0) {
		log_warn("%s: error setting IP_RECVDSTADDR", __func__);
		return (-1);
	}

	return (0);
}
#else
#error "Unsupported socket API"
#endif
#endif /* MSG_MCAST */

int
sock_set_ipv4_mcast(struct iface *iface)
{
	struct in_addr		 if_addr;

	if_addr.s_addr = if_get_ipv4_addr(iface);

	if (setsockopt_ipv4_multicast_if(global.ipv4.ldp_disc_socket,
	    if_addr, iface->ifindex) < 0) {
		log_warn("%s: error setting IP_MULTICAST_IF, interface %s",
		    __func__, iface->name);
		return (-1);
	}

	return (0);
}

int
sock_set_ipv4_mcast_loop(int fd)
{
	uint8_t	loop = 0;

	if (setsockopt(fd, IPPROTO_IP, IP_MULTICAST_LOOP,
	    (char *)&loop, sizeof(loop)) < 0) {
		log_warn("%s: error setting IP_MULTICAST_LOOP", __func__);
		return (-1);
	}

	return (0);
}

int
sock_set_ipv6_dscp(int fd, int dscp)
{
	if (setsockopt(fd, IPPROTO_IPV6, IPV6_TCLASS, &dscp,
	    sizeof(dscp)) < 0) {
		log_warn("%s: error setting IPV6_TCLASS", __func__);
		return (-1);
	}

	return (0);
}

int
sock_set_ipv6_pktinfo(int fd, int enable)
{
	if (setsockopt(fd, IPPROTO_IPV6, IPV6_RECVPKTINFO, &enable,
	    sizeof(enable)) < 0) {
		log_warn("%s: error setting IPV6_RECVPKTINFO", __func__);
		return (-1);
	}

	return (0);
}

int
sock_set_ipv6_minhopcount(int fd, int hoplimit)
{
	return (sockopt_minttl(AF_INET6, fd, hoplimit));
}

int
sock_set_ipv6_ucast_hops(int fd, int hoplimit)
{
	if (setsockopt(fd, IPPROTO_IPV6, IPV6_UNICAST_HOPS,
	    &hoplimit, sizeof(hoplimit)) < 0) {
		log_warn("%s: error setting IPV6_UNICAST_HOPS", __func__);
		return (-1);
	}

	return (0);
}

int
sock_set_ipv6_mcast_hops(int fd, int hoplimit)
{
	if (setsockopt(fd, IPPROTO_IPV6, IPV6_MULTICAST_HOPS,
	    &hoplimit, sizeof(hoplimit)) < 0) {
		log_warn("%s: error setting IPV6_MULTICAST_HOPS", __func__);
		return (-1);
	}

	return (0);
}

int
sock_set_ipv6_mcast(struct iface *iface)
{
	if (setsockopt(global.ipv6.ldp_disc_socket, IPPROTO_IPV6,
	    IPV6_MULTICAST_IF, &iface->ifindex, sizeof(iface->ifindex)) < 0) {
		log_warn("%s: error setting IPV6_MULTICAST_IF, interface %s",
		    __func__, iface->name);
		return (-1);
	}

	return (0);
}

int
sock_set_ipv6_mcast_loop(int fd)
{
	unsigned int	loop = 0;

	if (setsockopt(fd, IPPROTO_IPV6, IPV6_MULTICAST_LOOP,
	    &loop, sizeof(loop)) < 0) {
		log_warn("%s: error setting IPV6_MULTICAST_LOOP", __func__);
		return (-1);
	}

	return (0);
}
Commit	Line	Data
8429abe0 RW	1	/* $OpenBSD$ */
	2
	3	/*
	4	* Copyright (c) 2016 Renato Westphal <renato@openbsd.org>
	5	* Copyright (c) 2009 Michele Marchetto <michele@openbsd.org>
	6	* Copyright (c) 2005 Claudio Jeker <claudio@openbsd.org>
	7	* Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org>
	8	*
	9	* Permission to use, copy, modify, and distribute this software for any
	10	* purpose with or without fee is hereby granted, provided that the above
	11	* copyright notice and this permission notice appear in all copies.
	12	*
	13	* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
	14	* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
	15	* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
	16	* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
	17	* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
	18	* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
	19	* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
	20	*/
	21
eac6e3f0	22	#include <zebra.h>
8429abe0 RW	23
	24	#include "ldpd.h"
	25	#include "ldpe.h"
	26	#include "log.h"
	27
eac6e3f0 RW	28	#include "lib/log.h"
	29	#include "privs.h"
	30	#include "sockopt.h"
	31
	32	extern struct zebra_privs_t ldpd_privs;
	33	extern struct zebra_privs_t ldpe_privs;
	34
8429abe0 RW	35	int
	36	ldp_create_socket(int af, enum socket_type type)
	37	{
	38	int fd, domain, proto;
	39	union ldpd_addr addr;
	40	struct sockaddr_storage local_sa;
eac6e3f0	41	#ifdef __OpenBSD__
8429abe0	42	int opt;
eac6e3f0 RW	43	#endif
eac6e3f0 RW	44	int save_errno;
8429abe0 RW	45
	46	/* create socket */
	47	switch (type) {
	48	case LDP_SOCKET_DISC:
	49	case LDP_SOCKET_EDISC:
	50	domain = SOCK_DGRAM;
	51	proto = IPPROTO_UDP;
	52	break;
	53	case LDP_SOCKET_SESSION:
	54	domain = SOCK_STREAM;
	55	proto = IPPROTO_TCP;
	56	break;
	57	default:
	58	fatalx("ldp_create_socket: unknown socket type");
	59	}
eac6e3f0	60	fd = socket(af, domain, proto);
8429abe0 RW	61	if (fd == -1) {
	62	log_warn("%s: error creating socket", __func__);
	63	return (-1);
	64	}
eac6e3f0 RW	65	sock_set_nonblock(fd);
eac6e3f0 RW	66	sockopt_v6only(af, fd);
8429abe0 RW	67
	68	/* bind to a local address/port */
	69	switch (type) {
	70	case LDP_SOCKET_DISC:
	71	/* listen on all addresses */
	72	memset(&addr, 0, sizeof(addr));
	73	memcpy(&local_sa, addr2sa(af, &addr, LDP_PORT),
	74	sizeof(local_sa));
	75	break;
	76	case LDP_SOCKET_EDISC:
	77	case LDP_SOCKET_SESSION:
	78	addr = (ldp_af_conf_get(ldpd_conf, af))->trans_addr;
	79	memcpy(&local_sa, addr2sa(af, &addr, LDP_PORT),
	80	sizeof(local_sa));
eac6e3f0 RW	81	/* ignore any possible error */
eac6e3f0 RW	82	sock_set_bindany(fd, 1);
8429abe0 RW	83	break;
8429abe0 RW	84	}
eac6e3f0 RW	85	if (ldpd_privs.change(ZPRIVS_RAISE))
eac6e3f0 RW	86	log_warn("%s: could not raise privs", __func__);
8429abe0 RW	87	if (sock_set_reuse(fd, 1) == -1) {
	88	close(fd);
	89	return (-1);
	90	}
eac6e3f0 RW	91	if (bind(fd, (struct sockaddr *)&local_sa,
	92	sockaddr_len((struct sockaddr *)&local_sa)) == -1) {
	93	save_errno = errno;
	94	if (ldpd_privs.change(ZPRIVS_LOWER))
	95	log_warn("%s: could not lower privs", __func__);
	96	log_warnx("%s: error binding socket: %s", __func__,
	97	safe_strerror(save_errno));
8429abe0 RW	98	close(fd);
	99	return (-1);
	100	}
eac6e3f0 RW	101	if (ldpd_privs.change(ZPRIVS_LOWER))
eac6e3f0 RW	102	log_warn("%s: could not lower privs", __func__);
8429abe0 RW	103
	104	/* set options */
	105	switch (af) {
	106	case AF_INET:
	107	if (sock_set_ipv4_tos(fd, IPTOS_PREC_INTERNETCONTROL) == -1) {
	108	close(fd);
	109	return (-1);
	110	}
	111	if (type == LDP_SOCKET_DISC) {
	112	if (sock_set_ipv4_mcast_ttl(fd,
	113	IP_DEFAULT_MULTICAST_TTL) == -1) {
	114	close(fd);
	115	return (-1);
	116	}
	117	if (sock_set_ipv4_mcast_loop(fd) == -1) {
	118	close(fd);
	119	return (-1);
	120	}
	121	}
	122	if (type == LDP_SOCKET_DISC \|\| type == LDP_SOCKET_EDISC) {
	123	if (sock_set_ipv4_recvif(fd, 1) == -1) {
	124	close(fd);
	125	return (-1);
	126	}
eac6e3f0 RW	127	#ifndef MSG_MCAST
	128	#if defined(HAVE_IP_PKTINFO)
	129	if (sock_set_ipv4_pktinfo(fd, 1) == -1) {
	130	close(fd);
	131	return (-1);
	132	}
	133	#elif defined(HAVE_IP_RECVDSTADDR)
	134	if (sock_set_ipv4_recvdstaddr(fd, 1) == -1) {
	135	close(fd);
	136	return (-1);
	137	}
	138	#else
	139	#error "Unsupported socket API"
	140	#endif
	141	#endif /* MSG_MCAST */
8429abe0 RW	142	}
	143	if (type == LDP_SOCKET_SESSION) {
	144	if (sock_set_ipv4_ucast_ttl(fd, 255) == -1) {
	145	close(fd);
	146	return (-1);
	147	}
	148	}
	149	break;
	150	case AF_INET6:
	151	if (sock_set_ipv6_dscp(fd, IPTOS_PREC_INTERNETCONTROL) == -1) {
	152	close(fd);
	153	return (-1);
	154	}
	155	if (type == LDP_SOCKET_DISC) {
	156	if (sock_set_ipv6_mcast_loop(fd) == -1) {
	157	close(fd);
	158	return (-1);
	159	}
	160	if (sock_set_ipv6_mcast_hops(fd, 255) == -1) {
	161	close(fd);
	162	return (-1);
	163	}
	164	if (!(ldpd_conf->ipv6.flags & F_LDPD_AF_NO_GTSM)) {
eac6e3f0 RW	165	/* ignore any possible error */
eac6e3f0 RW	166	sock_set_ipv6_minhopcount(fd, 255);
8429abe0 RW	167	}
	168	}
	169	if (type == LDP_SOCKET_DISC \|\| type == LDP_SOCKET_EDISC) {
	170	if (sock_set_ipv6_pktinfo(fd, 1) == -1) {
	171	close(fd);
	172	return (-1);
	173	}
	174	}
	175	if (type == LDP_SOCKET_SESSION) {
	176	if (sock_set_ipv6_ucast_hops(fd, 255) == -1) {
	177	close(fd);
	178	return (-1);
	179	}
	180	}
	181	break;
	182	}
	183	switch (type) {
	184	case LDP_SOCKET_DISC:
	185	case LDP_SOCKET_EDISC:
	186	sock_set_recvbuf(fd);
	187	break;
	188	case LDP_SOCKET_SESSION:
	189	if (listen(fd, LDP_BACKLOG) == -1)
	190	log_warn("%s: error listening on socket", __func__);
	191
eac6e3f0	192	#ifdef __OpenBSD__
8429abe0 RW	193	opt = 1;
	194	if (setsockopt(fd, IPPROTO_TCP, TCP_MD5SIG, &opt,
	195	sizeof(opt)) == -1) {
	196	if (errno == ENOPROTOOPT) { /* system w/o md5sig */
	197	log_warnx("md5sig not available, disabling");
	198	sysdep.no_md5sig = 1;
	199	} else {
	200	close(fd);
	201	return (-1);
	202	}
	203	}
eac6e3f0	204	#endif
8429abe0 RW	205	break;
	206	}
	207
	208	return (fd);
	209	}
	210
eac6e3f0 RW	211	void
	212	sock_set_nonblock(int fd)
	213	{
	214	int flags;
	215
	216	if ((flags = fcntl(fd, F_GETFL, 0)) == -1)
	217	fatal("fcntl F_GETFL");
	218
	219	flags \|= O_NONBLOCK;
	220
	221	if ((flags = fcntl(fd, F_SETFL, flags)) == -1)
	222	fatal("fcntl F_SETFL");
	223	}
	224
	225	void
	226	sock_set_cloexec(int fd)
	227	{
	228	int flags;
	229
	230	if ((flags = fcntl(fd, F_GETFD, 0)) == -1)
	231	fatal("fcntl F_GETFD");
	232
	233	flags \|= FD_CLOEXEC;
	234
	235	if ((flags = fcntl(fd, F_SETFD, flags)) == -1)
	236	fatal("fcntl F_SETFD");
	237	}
	238
8429abe0 RW	239	void
	240	sock_set_recvbuf(int fd)
	241	{
	242	int bsize;
	243
	244	bsize = 65535;
	245	while (setsockopt(fd, SOL_SOCKET, SO_RCVBUF, &bsize,
	246	sizeof(bsize)) == -1)
	247	bsize /= 2;
	248	}
	249
	250	int
	251	sock_set_reuse(int fd, int enable)
	252	{
	253	if (setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, &enable,
	254	sizeof(int)) < 0) {
	255	log_warn("%s: error setting SO_REUSEADDR", __func__);
	256	return (-1);
	257	}
	258
	259	return (0);
	260	}
	261
	262	int
	263	sock_set_bindany(int fd, int enable)
	264	{
eac6e3f0 RW	265	#ifdef HAVE_SO_BINDANY
	266	if (ldpd_privs.change(ZPRIVS_RAISE))
	267	log_warn("%s: could not raise privs", __func__);
8429abe0 RW	268	if (setsockopt(fd, SOL_SOCKET, SO_BINDANY, &enable,
8429abe0 RW	269	sizeof(int)) < 0) {
eac6e3f0 RW	270	if (ldpd_privs.change(ZPRIVS_LOWER))
eac6e3f0 RW	271	log_warn("%s: could not lower privs", __func__);
8429abe0 RW	272	log_warn("%s: error setting SO_BINDANY", __func__);
	273	return (-1);
	274	}
eac6e3f0 RW	275	if (ldpd_privs.change(ZPRIVS_LOWER))
	276	log_warn("%s: could not lower privs", __func__);
	277	return (0);
	278	#elif defined(HAVE_IP_FREEBIND)
	279	if (setsockopt(fd, IPPROTO_IP, IP_FREEBIND, &enable, sizeof(int)) < 0) {
	280	log_warn("%s: error setting IP_FREEBIND", __func__);
	281	return (-1);
	282	}
8429abe0	283	return (0);
eac6e3f0 RW	284	#else
	285	log_warnx("%s: missing SO_BINDANY and IP_FREEBIND, unable to bind "
	286	"to a nonlocal IP address", __func__);
	287	return (-1);
	288	#endif /* HAVE_SO_BINDANY */
	289	}
	290
	291	#ifndef __OpenBSD__
	292	/*
	293	* Set MD5 key for the socket, for the given peer address. If the password
	294	* is NULL or zero-length, the option will be disabled.
	295	*/
	296	int
	297	sock_set_md5sig(int fd, int af, union ldpd_addr addr, const char password)
	298	{
	299	int ret = -1;
	300	int save_errno = ENOSYS;
	301	#if HAVE_DECL_TCP_MD5SIG
	302	union sockunion su;
	303	#endif
	304
	305	if (fd == -1)
	306	return (0);
	307	#if HAVE_DECL_TCP_MD5SIG
	308	memcpy(&su, addr2sa(af, addr, 0), sizeof(su));
	309
	310	if (ldpe_privs.change(ZPRIVS_RAISE)) {
	311	log_warn("%s: could not raise privs", __func__);
	312	return (-1);
	313	}
	314	ret = sockopt_tcp_signature(fd, &su, password);
	315	save_errno = errno;
	316	if (ldpe_privs.change(ZPRIVS_LOWER))
	317	log_warn("%s: could not lower privs", __func__);
	318	#endif /* HAVE_TCP_MD5SIG */
	319	if (ret < 0)
	320	log_warnx("%s: can't set TCP_MD5SIG option on fd %d: %s",
	321	__func__, fd, safe_strerror(save_errno));
	322
	323	return (ret);
8429abe0	324	}
eac6e3f0	325	#endif
8429abe0 RW	326
	327	int
	328	sock_set_ipv4_tos(int fd, int tos)
	329	{
	330	if (setsockopt(fd, IPPROTO_IP, IP_TOS, (int *)&tos, sizeof(tos)) < 0) {
	331	log_warn("%s: error setting IP_TOS to 0x%x", __func__, tos);
	332	return (-1);
	333	}
	334
	335	return (0);
	336	}
	337
	338	int
	339	sock_set_ipv4_recvif(int fd, int enable)
	340	{
eac6e3f0	341	return (setsockopt_ifindex(AF_INET, fd, enable));
8429abe0 RW	342	}
	343
	344	int
	345	sock_set_ipv4_minttl(int fd, int ttl)
	346	{
eac6e3f0	347	return (sockopt_minttl(AF_INET, fd, ttl));
8429abe0 RW	348	}
	349
	350	int
	351	sock_set_ipv4_ucast_ttl(int fd, int ttl)
	352	{
	353	if (setsockopt(fd, IPPROTO_IP, IP_TTL, &ttl, sizeof(ttl)) < 0) {
	354	log_warn("%s: error setting IP_TTL", __func__);
	355	return (-1);
	356	}
	357
	358	return (0);
	359	}
	360
	361	int
	362	sock_set_ipv4_mcast_ttl(int fd, uint8_t ttl)
	363	{
	364	if (setsockopt(fd, IPPROTO_IP, IP_MULTICAST_TTL,
	365	(char *)&ttl, sizeof(ttl)) < 0) {
	366	log_warn("%s: error setting IP_MULTICAST_TTL to %d",
	367	__func__, ttl);
	368	return (-1);
	369	}
	370
	371	return (0);
	372	}
	373
eac6e3f0 RW	374	#ifndef MSG_MCAST
	375	#if defined(HAVE_IP_PKTINFO)
	376	int
	377	sock_set_ipv4_pktinfo(int fd, int enable)
	378	{
	379	if (setsockopt(fd, IPPROTO_IP, IP_PKTINFO, &enable,
	380	sizeof(enable)) < 0) {
	381	log_warn("%s: error setting IP_PKTINFO", __func__);
	382	return (-1);
	383	}
	384
	385	return (0);
	386	}
	387	#elif defined(HAVE_IP_RECVDSTADDR)
	388	int
	389	sock_set_ipv4_recvdstaddr(int fd, int enable)
	390	{
	391	if (setsockopt(fd, IPPROTO_IP, IP_RECVDSTADDR, &enable,
	392	sizeof(enable)) < 0) {
	393	log_warn("%s: error setting IP_RECVDSTADDR", __func__);
	394	return (-1);
	395	}
	396
	397	return (0);
	398	}
	399	#else
	400	#error "Unsupported socket API"
	401	#endif
	402	#endif /* MSG_MCAST */
	403
8429abe0 RW	404	int
	405	sock_set_ipv4_mcast(struct iface *iface)
	406	{
eac6e3f0	407	struct in_addr if_addr;
8429abe0	408
eac6e3f0	409	if_addr.s_addr = if_get_ipv4_addr(iface);
8429abe0	410
eac6e3f0 RW	411	if (setsockopt_ipv4_multicast_if(global.ipv4.ldp_disc_socket,
eac6e3f0 RW	412	if_addr, iface->ifindex) < 0) {
8429abe0 RW	413	log_warn("%s: error setting IP_MULTICAST_IF, interface %s",
	414	__func__, iface->name);
	415	return (-1);
	416	}
	417
	418	return (0);
	419	}
	420
	421	int
	422	sock_set_ipv4_mcast_loop(int fd)
	423	{
	424	uint8_t loop = 0;
	425
	426	if (setsockopt(fd, IPPROTO_IP, IP_MULTICAST_LOOP,
	427	(char *)&loop, sizeof(loop)) < 0) {
	428	log_warn("%s: error setting IP_MULTICAST_LOOP", __func__);
	429	return (-1);
	430	}
	431
	432	return (0);
	433	}
	434
	435	int
	436	sock_set_ipv6_dscp(int fd, int dscp)
	437	{
	438	if (setsockopt(fd, IPPROTO_IPV6, IPV6_TCLASS, &dscp,
	439	sizeof(dscp)) < 0) {
	440	log_warn("%s: error setting IPV6_TCLASS", __func__);
	441	return (-1);
	442	}
	443
	444	return (0);
	445	}
	446
	447	int
	448	sock_set_ipv6_pktinfo(int fd, int enable)
	449	{
	450	if (setsockopt(fd, IPPROTO_IPV6, IPV6_RECVPKTINFO, &enable,
	451	sizeof(enable)) < 0) {
	452	log_warn("%s: error setting IPV6_RECVPKTINFO", __func__);
	453	return (-1);
	454	}
	455
	456	return (0);
	457	}
	458
	459	int
	460	sock_set_ipv6_minhopcount(int fd, int hoplimit)
	461	{
eac6e3f0	462	return (sockopt_minttl(AF_INET6, fd, hoplimit));
8429abe0 RW	463	}
	464
	465	int
	466	sock_set_ipv6_ucast_hops(int fd, int hoplimit)
	467	{
	468	if (setsockopt(fd, IPPROTO_IPV6, IPV6_UNICAST_HOPS,
	469	&hoplimit, sizeof(hoplimit)) < 0) {
	470	log_warn("%s: error setting IPV6_UNICAST_HOPS", __func__);
	471	return (-1);
	472	}
	473
	474	return (0);
	475	}
	476
	477	int
	478	sock_set_ipv6_mcast_hops(int fd, int hoplimit)
	479	{
	480	if (setsockopt(fd, IPPROTO_IPV6, IPV6_MULTICAST_HOPS,
	481	&hoplimit, sizeof(hoplimit)) < 0) {
	482	log_warn("%s: error setting IPV6_MULTICAST_HOPS", __func__);
	483	return (-1);
	484	}
	485
	486	return (0);
	487	}
	488
	489	int
	490	sock_set_ipv6_mcast(struct iface *iface)
	491	{
	492	if (setsockopt(global.ipv6.ldp_disc_socket, IPPROTO_IPV6,
	493	IPV6_MULTICAST_IF, &iface->ifindex, sizeof(iface->ifindex)) < 0) {
	494	log_warn("%s: error setting IPV6_MULTICAST_IF, interface %s",
	495	__func__, iface->name);
	496	return (-1);
	497	}
	498
	499	return (0);
	500	}
	501
	502	int
	503	sock_set_ipv6_mcast_loop(int fd)
	504	{
	505	unsigned int loop = 0;
	506
	507	if (setsockopt(fd, IPPROTO_IPV6, IPV6_MULTICAST_LOOP,
	508	&loop, sizeof(loop)) < 0) {
	509	log_warn("%s: error setting IPV6_MULTICAST_LOOP", __func__);
	510	return (-1);
	511	}
	512
	513	return (0);
	514	}