1 /* BGP network related fucntions
2 * Copyright (C) 1999 Kunihiro Ishiguro
4 * This file is part of GNU Zebra.
6 * GNU Zebra is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the
8 * Free Software Foundation; either version 2, or (at your option) any
11 * GNU Zebra is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * General Public License for more details.
16 * You should have received a copy of the GNU General Public License along
17 * with this program; see the file COPYING; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
24 #include "sockunion.h"
38 #include "lib_errors.h"
41 #include "bgpd/bgpd.h"
42 #include "bgpd/bgp_open.h"
43 #include "bgpd/bgp_fsm.h"
44 #include "bgpd/bgp_attr.h"
45 #include "bgpd/bgp_debug.h"
46 #include "bgpd/bgp_errors.h"
47 #include "bgpd/bgp_network.h"
48 #include "bgpd/bgp_zebra.h"
49 #include "bgpd/bgp_nht.h"
51 extern struct zebra_privs_t bgpd_privs
;
53 static char *bgp_get_bound_name(struct peer
*peer
);
55 void bgp_dump_listener_info(struct vty
*vty
)
57 struct listnode
*node
;
58 struct bgp_listener
*listener
;
60 vty_out(vty
, "Name fd Address\n");
61 vty_out(vty
, "---------------------------\n");
62 for (ALL_LIST_ELEMENTS_RO(bm
->listen_sockets
, node
, listener
))
63 vty_out(vty
, "%-16s %d %pSU\n",
64 listener
->name
? listener
->name
: VRF_DEFAULT_NAME
,
65 listener
->fd
, &listener
->su
);
69 * Set MD5 key for the socket, for the given IPv4 peer address.
70 * If the password is NULL or zero-length, the option will be disabled.
72 static int bgp_md5_set_socket(int socket
, union sockunion
*su
,
73 uint16_t prefixlen
, const char *password
)
77 #if HAVE_DECL_TCP_MD5SIG
79 #endif /* HAVE_TCP_MD5SIG */
83 #if HAVE_DECL_TCP_MD5SIG
84 /* Ensure there is no extraneous port information. */
85 memcpy(&su2
, su
, sizeof(union sockunion
));
86 if (su2
.sa
.sa_family
== AF_INET
)
89 su2
.sin6
.sin6_port
= 0;
91 /* For addresses, use the non-extended signature functionality */
92 if ((su2
.sa
.sa_family
== AF_INET
&& prefixlen
== IPV4_MAX_BITLEN
)
93 || (su2
.sa
.sa_family
== AF_INET6
&& prefixlen
== IPV6_MAX_BITLEN
))
94 ret
= sockopt_tcp_signature(socket
, &su2
, password
);
96 ret
= sockopt_tcp_signature_ext(socket
, &su2
, prefixlen
,
99 #endif /* HAVE_TCP_MD5SIG */
106 "Unable to set TCP MD5 option on socket for peer %pSU (sock=%d): This platform does not support MD5 auth for prefixes",
112 "Unable to set TCP MD5 option on socket for peer %pSU (sock=%d): %s",
113 su
, socket
, safe_strerror(en
));
120 /* Helper for bgp_connect */
121 static int bgp_md5_set_connect(int socket
, union sockunion
*su
,
122 uint16_t prefixlen
, const char *password
)
126 #if HAVE_DECL_TCP_MD5SIG
127 frr_with_privs(&bgpd_privs
) {
128 ret
= bgp_md5_set_socket(socket
, su
, prefixlen
, password
);
130 #endif /* HAVE_TCP_MD5SIG */
135 static int bgp_md5_set_password(struct peer
*peer
, const char *password
)
137 struct listnode
*node
;
139 struct bgp_listener
*listener
;
142 * Set or unset the password on the listen socket(s). Outbound
143 * connections are taken care of in bgp_connect() below.
145 frr_with_privs(&bgpd_privs
) {
146 for (ALL_LIST_ELEMENTS_RO(bm
->listen_sockets
, node
, listener
))
147 if (listener
->su
.sa
.sa_family
==
148 peer
->su
.sa
.sa_family
) {
150 peer
->su
.sa
.sa_family
== AF_INET
155 * if we have stored a BGP vrf instance in the
156 * listener it must match the bgp instance in
157 * the peer otherwise the peer bgp instance
158 * must be the default vrf or a view instance
160 if (!listener
->bgp
) {
161 if (peer
->bgp
->vrf_id
!= VRF_DEFAULT
)
163 } else if (listener
->bgp
!= peer
->bgp
)
166 ret
= bgp_md5_set_socket(listener
->fd
,
167 &peer
->su
, prefixlen
,
175 int bgp_md5_set_prefix(struct bgp
*bgp
, struct prefix
*p
, const char *password
)
179 struct listnode
*node
;
180 struct bgp_listener
*listener
;
182 /* Set or unset the password on the listen socket(s). */
183 frr_with_privs(&bgpd_privs
) {
184 for (ALL_LIST_ELEMENTS_RO(bm
->listen_sockets
, node
, listener
))
185 if (listener
->su
.sa
.sa_family
== p
->family
186 && ((bgp
->vrf_id
== VRF_DEFAULT
)
187 || (listener
->bgp
== bgp
))) {
188 prefix2sockunion(p
, &su
);
189 ret
= bgp_md5_set_socket(listener
->fd
, &su
,
199 int bgp_md5_unset_prefix(struct bgp
*bgp
, struct prefix
*p
)
201 return bgp_md5_set_prefix(bgp
, p
, NULL
);
204 int bgp_md5_set(struct peer
*peer
)
206 /* Set the password from listen socket. */
207 return bgp_md5_set_password(peer
, peer
->password
);
210 static void bgp_update_setsockopt_tcp_keepalive(struct bgp
*bgp
, int fd
)
214 if (bgp
->tcp_keepalive_idle
!= 0) {
217 ret
= setsockopt_tcp_keepalive(fd
, bgp
->tcp_keepalive_idle
,
218 bgp
->tcp_keepalive_intvl
,
219 bgp
->tcp_keepalive_probes
);
222 "Can't set TCP keepalive on socket %d, idle %u intvl %u probes %u",
223 fd
, bgp
->tcp_keepalive_idle
,
224 bgp
->tcp_keepalive_intvl
,
225 bgp
->tcp_keepalive_probes
);
229 int bgp_md5_unset(struct peer
*peer
)
231 /* Unset the password from listen socket. */
232 return bgp_md5_set_password(peer
, NULL
);
235 int bgp_set_socket_ttl(struct peer
*peer
, int bgp_sock
)
239 if (!peer
->gtsm_hops
) {
240 ret
= sockopt_ttl(peer
->su
.sa
.sa_family
, bgp_sock
, peer
->ttl
);
244 "%s: Can't set TxTTL on peer (rtrid %pI4) socket, err = %d",
245 __func__
, &peer
->remote_id
, errno
);
249 /* On Linux, setting minttl without setting ttl seems to mess
251 outgoing ttl. Therefore setting both.
253 ret
= sockopt_ttl(peer
->su
.sa
.sa_family
, bgp_sock
, MAXTTL
);
257 "%s: Can't set TxTTL on peer (rtrid %pI4) socket, err = %d",
258 __func__
, &peer
->remote_id
, errno
);
261 ret
= sockopt_minttl(peer
->su
.sa
.sa_family
, bgp_sock
,
262 MAXTTL
+ 1 - peer
->gtsm_hops
);
266 "%s: Can't set MinTTL on peer (rtrid %pI4) socket, err = %d",
267 __func__
, &peer
->remote_id
, errno
);
276 * Obtain the BGP instance that the incoming connection should be processed
277 * against. This is important because more than one VRF could be using the
278 * same IP address space. The instance is got by obtaining the device to
279 * which the incoming connection is bound to. This could either be a VRF
280 * or it could be an interface, which in turn determines the VRF.
282 static int bgp_get_instance_for_inc_conn(int sock
, struct bgp
**bgp_inst
)
284 #ifndef SO_BINDTODEVICE
285 /* only Linux has SO_BINDTODEVICE, but we're in Linux-specific code here
286 * anyway since the assumption is that the interface name returned by
287 * getsockopt() is useful in identifying the VRF, particularly with
289 * VRF l3master device. The whole mechanism is specific to Linux, so...
290 * when other platforms add VRF support, this will need handling here as
291 * well. (or, some restructuring) */
292 *bgp_inst
= bgp_get_default();
296 char name
[VRF_NAMSIZ
+ 1];
297 socklen_t name_len
= VRF_NAMSIZ
;
300 struct listnode
*node
, *nnode
;
304 rc
= getsockopt(sock
, SOL_SOCKET
, SO_BINDTODEVICE
, name
, &name_len
);
306 #if defined(HAVE_CUMULUS)
307 flog_err(EC_LIB_SOCKET
,
308 "[Error] BGP SO_BINDTODEVICE get failed (%s), sock %d",
309 safe_strerror(errno
), sock
);
315 *bgp_inst
= bgp_get_default();
316 return 0; /* default instance. */
319 /* First try match to instance; if that fails, check for interfaces. */
320 bgp
= bgp_lookup_by_name(name
);
322 if (!bgp
->vrf_id
) // unexpected
328 /* TODO - This will be optimized once interfaces move into the NS */
329 for (ALL_LIST_ELEMENTS(bm
->bgp
, node
, nnode
, bgp
)) {
330 struct interface
*ifp
;
332 if (bgp
->inst_type
== BGP_INSTANCE_TYPE_VIEW
)
335 ifp
= if_lookup_by_name(name
, bgp
->vrf_id
);
342 /* We didn't match to either an instance or an interface. */
347 static void bgp_socket_set_buffer_size(const int fd
)
349 if (getsockopt_so_sendbuf(fd
) < (int)bm
->socket_buffer
)
350 setsockopt_so_sendbuf(fd
, bm
->socket_buffer
);
351 if (getsockopt_so_recvbuf(fd
) < (int)bm
->socket_buffer
)
352 setsockopt_so_recvbuf(fd
, bm
->socket_buffer
);
355 /* Accept bgp connection. */
356 static void bgp_accept(struct thread
*thread
)
361 struct bgp_listener
*listener
= THREAD_ARG(thread
);
364 char buf
[SU_ADDRSTRLEN
];
365 struct bgp
*bgp
= NULL
;
369 bgp
= bgp_lookup_by_name(listener
->name
);
371 /* Register accept thread. */
372 accept_sock
= THREAD_FD(thread
);
373 if (accept_sock
< 0) {
374 flog_err_sys(EC_LIB_SOCKET
,
375 "[Error] BGP accept socket fd is negative: %d",
380 thread_add_read(bm
->master
, bgp_accept
, listener
, accept_sock
,
383 /* Accept client connection. */
384 bgp_sock
= sockunion_accept(accept_sock
, &su
);
385 int save_errno
= errno
;
387 if (save_errno
== EINVAL
) {
389 bgp
? vrf_lookup_by_id(bgp
->vrf_id
) : NULL
;
392 * It appears that sometimes, when VRFs are deleted on
393 * the system, it takes a little while for us to get
394 * notified about that. In the meantime we endlessly
395 * loop on accept(), because the socket, having been
396 * bound to a now-deleted VRF device, is in some weird
397 * state which causes accept() to fail.
399 * To avoid this, if we see accept() fail with EINVAL,
400 * we cancel ourselves and trust that when the VRF
401 * deletion notification comes in the event handler for
402 * that will take care of cleaning us up.
406 "[Error] accept() failed with error \"%s\" on BGP listener socket %d for BGP instance in VRF \"%s\"; refreshing socket",
407 safe_strerror(save_errno
), accept_sock
,
409 THREAD_OFF(listener
->thread
);
413 "[Error] BGP socket accept failed (%s); retrying",
414 safe_strerror(save_errno
));
418 set_nonblocking(bgp_sock
);
420 /* Obtain BGP instance this connection is meant for.
421 * - if it is a VRF netns sock, then BGP is in listener structure
422 * - otherwise, the bgp instance need to be demultiplexed
426 else if (bgp_get_instance_for_inc_conn(bgp_sock
, &bgp
)) {
427 if (bgp_debug_neighbor_events(NULL
))
429 "[Event] Could not get instance for incoming conn from %s",
430 inet_sutop(&su
, buf
));
435 bgp_socket_set_buffer_size(bgp_sock
);
437 /* Set TCP keepalive when TCP keepalive is enabled */
438 bgp_update_setsockopt_tcp_keepalive(bgp
, bgp_sock
);
440 /* Check remote IP address */
441 peer1
= peer_lookup(bgp
, &su
);
444 peer1
= peer_lookup_dynamic_neighbor(bgp
, &su
);
446 /* Dynamic neighbor has been created, let it proceed */
447 peer1
->fd
= bgp_sock
;
449 /* Set the user configured MSS to TCP socket */
450 if (CHECK_FLAG(peer1
->flags
, PEER_FLAG_TCP_MSS
))
451 sockopt_tcp_mss_set(bgp_sock
, peer1
->tcp_mss
);
453 bgp_fsm_change_status(peer1
, Active
);
455 peer1
->t_start
); /* created in peer_create() */
457 if (peer_active(peer1
)) {
458 if (CHECK_FLAG(peer1
->flags
,
459 PEER_FLAG_TIMER_DELAYOPEN
))
462 TCP_connection_open_w_delay
);
465 TCP_connection_open
);
473 if (bgp_debug_neighbor_events(NULL
)) {
475 "[Event] %s connection rejected(%s:%u:%s) - not configured and not valid for dynamic",
476 inet_sutop(&su
, buf
), bgp
->name_pretty
, bgp
->as
,
477 VRF_LOGNAME(vrf_lookup_by_id(bgp
->vrf_id
)));
483 if (CHECK_FLAG(peer1
->flags
, PEER_FLAG_SHUTDOWN
)
484 || CHECK_FLAG(peer1
->bgp
->flags
, BGP_FLAG_SHUTDOWN
)) {
485 if (bgp_debug_neighbor_events(peer1
))
487 "[Event] connection from %s rejected(%s:%u:%s) due to admin shutdown",
488 inet_sutop(&su
, buf
), bgp
->name_pretty
, bgp
->as
,
489 VRF_LOGNAME(vrf_lookup_by_id(bgp
->vrf_id
)));
495 * Do not accept incoming connections in Clearing state. This can result
496 * in incorect state transitions - e.g., the connection goes back to
497 * Established and then the Clearing_Completed event is generated. Also,
498 * block incoming connection in Deleted state.
500 if (peer1
->status
== Clearing
|| peer1
->status
== Deleted
) {
501 if (bgp_debug_neighbor_events(peer1
))
503 "[Event] Closing incoming conn for %s (%p) state %d",
504 peer1
->host
, peer1
, peer1
->status
);
509 /* Check that at least one AF is activated for the peer. */
510 if (!peer_active(peer1
)) {
511 if (bgp_debug_neighbor_events(peer1
))
513 "%s - incoming conn rejected - no AF activated for peer",
519 /* Do not try to reconnect if the peer reached maximum
520 * prefixes, restart timer is still running or the peer
523 if (BGP_PEER_START_SUPPRESSED(peer1
)) {
524 if (bgp_debug_neighbor_events(peer1
))
526 "[Event] Incoming BGP connection rejected from %s due to maximum-prefix or shutdown",
532 if (bgp_debug_neighbor_events(peer1
))
533 zlog_debug("[Event] BGP connection from host %s fd %d",
534 inet_sutop(&su
, buf
), bgp_sock
);
536 if (peer1
->doppelganger
) {
537 /* We have an existing connection. Kill the existing one and run
540 if (bgp_debug_neighbor_events(peer1
))
542 "[Event] New active connection from peer %s, Killing previous active connection",
544 peer_delete(peer1
->doppelganger
);
547 if (bgp_set_socket_ttl(peer1
, bgp_sock
) < 0)
548 if (bgp_debug_neighbor_events(peer1
))
550 "[Event] Unable to set min/max TTL on peer %s, Continuing",
553 peer
= peer_create(&su
, peer1
->conf_if
, peer1
->bgp
, peer1
->local_as
,
554 peer1
->as
, peer1
->as_type
, NULL
);
555 hash_release(peer
->bgp
->peerhash
, peer
);
556 (void)hash_get(peer
->bgp
->peerhash
, peer
, hash_alloc_intern
);
558 peer_xfer_config(peer
, peer1
);
559 bgp_peer_gr_flags_update(peer
);
561 BGP_GR_ROUTER_DETECT_AND_SEND_CAPABILITY_TO_ZEBRA(peer
->bgp
,
564 if (bgp_peer_gr_mode_get(peer
) == PEER_DISABLE
) {
566 UNSET_FLAG(peer
->sflags
, PEER_STATUS_NSF_MODE
);
568 if (CHECK_FLAG(peer
->sflags
, PEER_STATUS_NSF_WAIT
)) {
573 UNSET_FLAG(peer
->flags
, PEER_FLAG_CONFIG_NODE
);
575 peer
->doppelganger
= peer1
;
576 peer1
->doppelganger
= peer
;
578 frr_with_privs(&bgpd_privs
) {
579 vrf_bind(peer
->bgp
->vrf_id
, bgp_sock
, bgp_get_bound_name(peer
));
581 bgp_peer_reg_with_nht(peer
);
582 bgp_fsm_change_status(peer
, Active
);
583 THREAD_OFF(peer
->t_start
); /* created in peer_create() */
585 SET_FLAG(peer
->sflags
, PEER_STATUS_ACCEPT_PEER
);
586 /* Make dummy peer until read Open packet. */
587 if (peer_established(peer1
)
588 && CHECK_FLAG(peer1
->sflags
, PEER_STATUS_NSF_MODE
)) {
589 /* If we have an existing established connection with graceful
591 * capability announced with one or more address families, then
593 * existing established connection and move state to connect.
595 peer1
->last_reset
= PEER_DOWN_NSF_CLOSE_SESSION
;
597 if (CHECK_FLAG(peer1
->flags
, PEER_FLAG_GRACEFUL_RESTART
)
598 || CHECK_FLAG(peer1
->flags
,
599 PEER_FLAG_GRACEFUL_RESTART_HELPER
))
600 SET_FLAG(peer1
->sflags
, PEER_STATUS_NSF_WAIT
);
602 bgp_event_update(peer1
, TCP_connection_closed
);
605 if (peer_active(peer
)) {
606 if (CHECK_FLAG(peer
->flags
, PEER_FLAG_TIMER_DELAYOPEN
))
607 BGP_EVENT_ADD(peer
, TCP_connection_open_w_delay
);
609 BGP_EVENT_ADD(peer
, TCP_connection_open
);
613 * If we are doing nht for a peer that is v6 LL based
614 * massage the event system to make things happy
616 bgp_nht_interface_events(peer
);
619 /* BGP socket bind. */
620 static char *bgp_get_bound_name(struct peer
*peer
)
625 if ((peer
->bgp
->vrf_id
== VRF_DEFAULT
) && !peer
->ifname
629 if (peer
->su
.sa
.sa_family
!= AF_INET
630 && peer
->su
.sa
.sa_family
!= AF_INET6
)
631 return NULL
; // unexpected
633 /* For IPv6 peering, interface (unnumbered or link-local with interface)
634 * takes precedence over VRF. For IPv4 peering, explicit interface or
635 * VRF are the situations to bind.
637 if (peer
->su
.sa
.sa_family
== AF_INET6
&& peer
->conf_if
)
638 return peer
->conf_if
;
643 if (peer
->bgp
->inst_type
== BGP_INSTANCE_TYPE_VIEW
)
646 return peer
->bgp
->name
;
649 int bgp_update_address(struct interface
*ifp
, const union sockunion
*dst
,
650 union sockunion
*addr
)
652 struct prefix
*p
, *sel
, d
;
653 struct connected
*connected
;
654 struct listnode
*node
;
657 if (!sockunion2hostprefix(dst
, &d
))
663 for (ALL_LIST_ELEMENTS_RO(ifp
->connected
, node
, connected
)) {
664 p
= connected
->address
;
665 if (p
->family
!= d
.family
)
667 if (prefix_common_bits(p
, &d
) > common
) {
669 common
= prefix_common_bits(sel
, &d
);
676 prefix2sockunion(sel
, addr
);
680 /* Update source selection. */
681 static int bgp_update_source(struct peer
*peer
)
683 struct interface
*ifp
;
684 union sockunion addr
;
687 sockunion_init(&addr
);
689 /* Source is specified with interface name. */
690 if (peer
->update_if
) {
691 ifp
= if_lookup_by_name(peer
->update_if
, peer
->bgp
->vrf_id
);
695 if (bgp_update_address(ifp
, &peer
->su
, &addr
))
698 ret
= sockunion_bind(peer
->fd
, &addr
, 0, &addr
);
701 /* Source is specified with IP address. */
702 if (peer
->update_source
)
703 ret
= sockunion_bind(peer
->fd
, peer
->update_source
, 0,
704 peer
->update_source
);
709 /* BGP try to connect to the peer. */
710 int bgp_connect(struct peer
*peer
)
712 assert(!CHECK_FLAG(peer
->thread_flags
, PEER_THREAD_WRITES_ON
));
713 assert(!CHECK_FLAG(peer
->thread_flags
, PEER_THREAD_READS_ON
));
714 ifindex_t ifindex
= 0;
716 if (peer
->conf_if
&& BGP_PEER_SU_UNSPEC(peer
)) {
717 if (bgp_debug_neighbor_events(peer
))
718 zlog_debug("Peer address not learnt: Returning from connect");
721 frr_with_privs(&bgpd_privs
) {
722 /* Make socket for the peer. */
723 peer
->fd
= vrf_sockunion_socket(&peer
->su
, peer
->bgp
->vrf_id
,
724 bgp_get_bound_name(peer
));
727 peer
->last_reset
= PEER_DOWN_SOCKET_ERROR
;
728 if (bgp_debug_neighbor_events(peer
))
729 zlog_debug("%s: Failure to create socket for connection to %s, error received: %s(%d)",
730 __func__
, peer
->host
, safe_strerror(errno
),
735 set_nonblocking(peer
->fd
);
737 /* Set the user configured MSS to TCP socket */
738 if (CHECK_FLAG(peer
->flags
, PEER_FLAG_TCP_MSS
))
739 sockopt_tcp_mss_set(peer
->fd
, peer
->tcp_mss
);
741 bgp_socket_set_buffer_size(peer
->fd
);
743 /* Set TCP keepalive when TCP keepalive is enabled */
744 bgp_update_setsockopt_tcp_keepalive(peer
->bgp
, peer
->fd
);
746 if (bgp_set_socket_ttl(peer
, peer
->fd
) < 0) {
747 peer
->last_reset
= PEER_DOWN_SOCKET_ERROR
;
748 if (bgp_debug_neighbor_events(peer
))
749 zlog_debug("%s: Failure to set socket ttl for connection to %s, error received: %s(%d)",
750 __func__
, peer
->host
, safe_strerror(errno
),
756 sockopt_reuseaddr(peer
->fd
);
757 sockopt_reuseport(peer
->fd
);
759 #ifdef IPTOS_PREC_INTERNETCONTROL
760 frr_with_privs(&bgpd_privs
) {
761 if (sockunion_family(&peer
->su
) == AF_INET
)
762 setsockopt_ipv4_tos(peer
->fd
, bm
->tcp_dscp
);
763 else if (sockunion_family(&peer
->su
) == AF_INET6
)
764 setsockopt_ipv6_tclass(peer
->fd
, bm
->tcp_dscp
);
768 if (peer
->password
) {
769 uint16_t prefixlen
= peer
->su
.sa
.sa_family
== AF_INET
773 bgp_md5_set_connect(peer
->fd
, &peer
->su
, prefixlen
,
777 /* Update source bind. */
778 if (bgp_update_source(peer
) < 0) {
779 peer
->last_reset
= PEER_DOWN_SOCKET_ERROR
;
780 return connect_error
;
783 if (peer
->conf_if
|| peer
->ifname
)
784 ifindex
= ifname2ifindex(peer
->conf_if
? peer
->conf_if
788 if (bgp_debug_neighbor_events(peer
))
789 zlog_debug("%s [Event] Connect start to %s fd %d", peer
->host
,
790 peer
->host
, peer
->fd
);
792 /* Connect to the remote peer. */
793 return sockunion_connect(peer
->fd
, &peer
->su
, htons(peer
->port
),
797 /* After TCP connection is established. Get local address and port. */
798 int bgp_getsockname(struct peer
*peer
)
800 if (peer
->su_local
) {
801 sockunion_free(peer
->su_local
);
802 peer
->su_local
= NULL
;
805 if (peer
->su_remote
) {
806 sockunion_free(peer
->su_remote
);
807 peer
->su_remote
= NULL
;
810 peer
->su_local
= sockunion_getsockname(peer
->fd
);
813 peer
->su_remote
= sockunion_getpeername(peer
->fd
);
814 if (!peer
->su_remote
)
817 if (!bgp_zebra_nexthop_set(peer
->su_local
, peer
->su_remote
,
818 &peer
->nexthop
, peer
)) {
819 flog_err(EC_BGP_NH_UPD
,
820 "%s: nexthop_set failed, resetting connection - intf %p",
821 peer
->host
, peer
->nexthop
.ifp
);
828 static int bgp_listener(int sock
, struct sockaddr
*sa
, socklen_t salen
,
831 struct bgp_listener
*listener
;
834 sockopt_reuseaddr(sock
);
835 sockopt_reuseport(sock
);
837 frr_with_privs(&bgpd_privs
) {
839 #ifdef IPTOS_PREC_INTERNETCONTROL
840 if (sa
->sa_family
== AF_INET
)
841 setsockopt_ipv4_tos(sock
, bm
->tcp_dscp
);
842 else if (sa
->sa_family
== AF_INET6
)
843 setsockopt_ipv6_tclass(sock
, bm
->tcp_dscp
);
846 sockopt_v6only(sa
->sa_family
, sock
);
848 ret
= bind(sock
, sa
, salen
);
853 flog_err_sys(EC_LIB_SOCKET
, "bind: %s", safe_strerror(en
));
857 ret
= listen(sock
, SOMAXCONN
);
859 flog_err_sys(EC_LIB_SOCKET
, "listen: %s", safe_strerror(errno
));
863 listener
= XCALLOC(MTYPE_BGP_LISTENER
, sizeof(*listener
));
865 listener
->name
= XSTRDUP(MTYPE_BGP_LISTENER
, bgp
->name
);
867 /* this socket is in a vrf record bgp back pointer */
868 if (bgp
->vrf_id
!= VRF_DEFAULT
)
871 memcpy(&listener
->su
, sa
, salen
);
872 thread_add_read(bm
->master
, bgp_accept
, listener
, sock
,
874 listnode_add(bm
->listen_sockets
, listener
);
879 /* IPv6 supported version of BGP server socket setup. */
880 int bgp_socket(struct bgp
*bgp
, unsigned short port
, const char *address
)
882 struct addrinfo
*ainfo
;
883 struct addrinfo
*ainfo_save
;
884 static const struct addrinfo req
= {
885 .ai_family
= AF_UNSPEC
,
886 .ai_flags
= AI_PASSIVE
,
887 .ai_socktype
= SOCK_STREAM
,
890 char port_str
[BUFSIZ
];
892 snprintf(port_str
, sizeof(port_str
), "%d", port
);
893 port_str
[sizeof(port_str
) - 1] = '\0';
895 frr_with_privs(&bgpd_privs
) {
896 ret
= vrf_getaddrinfo(address
, port_str
, &req
, &ainfo_save
,
900 flog_err_sys(EC_LIB_SOCKET
, "getaddrinfo: %s",
904 if (bgp_option_check(BGP_OPT_NO_ZEBRA
) &&
905 bgp
->vrf_id
!= VRF_DEFAULT
) {
906 freeaddrinfo(ainfo_save
);
910 for (ainfo
= ainfo_save
; ainfo
; ainfo
= ainfo
->ai_next
) {
913 if (ainfo
->ai_family
!= AF_INET
&& ainfo
->ai_family
!= AF_INET6
)
916 frr_with_privs(&bgpd_privs
) {
917 sock
= vrf_socket(ainfo
->ai_family
,
922 == BGP_INSTANCE_TYPE_VRF
923 ? bgp
->name
: NULL
));
926 flog_err_sys(EC_LIB_SOCKET
, "socket: %s",
927 safe_strerror(errno
));
931 /* if we intend to implement ttl-security, this socket needs
933 sockopt_ttl(ainfo
->ai_family
, sock
, MAXTTL
);
935 ret
= bgp_listener(sock
, ainfo
->ai_addr
, ainfo
->ai_addrlen
,
942 freeaddrinfo(ainfo_save
);
943 if (count
== 0 && bgp
->inst_type
!= BGP_INSTANCE_TYPE_VRF
) {
946 "%s: no usable addresses please check other programs usage of specified port %d",
948 flog_err_sys(EC_LIB_SOCKET
, "%s: Program cannot continue",
956 /* this function closes vrf socket
957 * this should be called only for vrf socket with netns backend
959 void bgp_close_vrf_socket(struct bgp
*bgp
)
961 struct listnode
*node
, *next
;
962 struct bgp_listener
*listener
;
967 if (bm
->listen_sockets
== NULL
)
970 for (ALL_LIST_ELEMENTS(bm
->listen_sockets
, node
, next
, listener
)) {
971 if (listener
->bgp
== bgp
) {
972 THREAD_OFF(listener
->thread
);
974 listnode_delete(bm
->listen_sockets
, listener
);
975 XFREE(MTYPE_BGP_LISTENER
, listener
->name
);
976 XFREE(MTYPE_BGP_LISTENER
, listener
);
981 /* this function closes main socket
985 struct listnode
*node
, *next
;
986 struct bgp_listener
*listener
;
988 if (bm
->listen_sockets
== NULL
)
991 for (ALL_LIST_ELEMENTS(bm
->listen_sockets
, node
, next
, listener
)) {
994 THREAD_OFF(listener
->thread
);
996 listnode_delete(bm
->listen_sockets
, listener
);
997 XFREE(MTYPE_BGP_LISTENER
, listener
->name
);
998 XFREE(MTYPE_BGP_LISTENER
, listener
);