]> git.proxmox.com Git - mirror_frr.git/blob - bgpd/bgp_network.c
projects / mirror_frr.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge pull request #12084 from ak503/bgp_show_lc
[mirror_frr.git] / bgpd / bgp_network.c
1 /* BGP network related fucntions
2 * Copyright (C) 1999 Kunihiro Ishiguro
3 *
4 * This file is part of GNU Zebra.
5 *
6 * GNU Zebra is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the
8 * Free Software Foundation; either version 2, or (at your option) any
9 * later version.
10 *
11 * GNU Zebra is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * General Public License for more details.
15 *
16 * You should have received a copy of the GNU General Public License along
17 * with this program; see the file COPYING; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
19 */
20
21 #include <zebra.h>
22
23 #include "thread.h"
24 #include "sockunion.h"
25 #include "sockopt.h"
26 #include "memory.h"
27 #include "log.h"
28 #include "if.h"
29 #include "prefix.h"
30 #include "command.h"
31 #include "privs.h"
32 #include "linklist.h"
33 #include "network.h"
34 #include "queue.h"
35 #include "hash.h"
36 #include "filter.h"
37 #include "ns.h"
38 #include "lib_errors.h"
39 #include "nexthop.h"
40
41 #include "bgpd/bgpd.h"
42 #include "bgpd/bgp_open.h"
43 #include "bgpd/bgp_fsm.h"
44 #include "bgpd/bgp_attr.h"
45 #include "bgpd/bgp_debug.h"
46 #include "bgpd/bgp_errors.h"
47 #include "bgpd/bgp_network.h"
48 #include "bgpd/bgp_zebra.h"
49 #include "bgpd/bgp_nht.h"
50
51 extern struct zebra_privs_t bgpd_privs;
52
53 static char *bgp_get_bound_name(struct peer *peer);
54
55 void bgp_dump_listener_info(struct vty *vty)
56 {
57 struct listnode *node;
58 struct bgp_listener *listener;
59
60 vty_out(vty, "Name fd Address\n");
61 vty_out(vty, "---------------------------\n");
62 for (ALL_LIST_ELEMENTS_RO(bm->listen_sockets, node, listener))
63 vty_out(vty, "%-16s %d %pSU\n",
64 listener->name ? listener->name : VRF_DEFAULT_NAME,
65 listener->fd, &listener->su);
66 }
67
68 /*
69 * Set MD5 key for the socket, for the given IPv4 peer address.
70 * If the password is NULL or zero-length, the option will be disabled.
71 */
72 static int bgp_md5_set_socket(int socket, union sockunion *su,
73 uint16_t prefixlen, const char *password)
74 {
75 int ret = -1;
76 int en = ENOSYS;
77 #if HAVE_DECL_TCP_MD5SIG
78 union sockunion su2;
79 #endif /* HAVE_TCP_MD5SIG */
80
81 assert(socket >= 0);
82
83 #if HAVE_DECL_TCP_MD5SIG
84 /* Ensure there is no extraneous port information. */
85 memcpy(&su2, su, sizeof(union sockunion));
86 if (su2.sa.sa_family == AF_INET)
87 su2.sin.sin_port = 0;
88 else
89 su2.sin6.sin6_port = 0;
90
91 /* For addresses, use the non-extended signature functionality */
92 if ((su2.sa.sa_family == AF_INET && prefixlen == IPV4_MAX_BITLEN)
93 || (su2.sa.sa_family == AF_INET6 && prefixlen == IPV6_MAX_BITLEN))
94 ret = sockopt_tcp_signature(socket, &su2, password);
95 else
96 ret = sockopt_tcp_signature_ext(socket, &su2, prefixlen,
97 password);
98 en = errno;
99 #endif /* HAVE_TCP_MD5SIG */
100
101 if (ret < 0) {
102 switch (ret) {
103 case -2:
104 flog_warn(
105 EC_BGP_NO_TCP_MD5,
106 "Unable to set TCP MD5 option on socket for peer %pSU (sock=%d): This platform does not support MD5 auth for prefixes",
107 su, socket);
108 break;
109 default:
110 flog_warn(
111 EC_BGP_NO_TCP_MD5,
112 "Unable to set TCP MD5 option on socket for peer %pSU (sock=%d): %s",
113 su, socket, safe_strerror(en));
114 }
115 }
116
117 return ret;
118 }
119
120 /* Helper for bgp_connect */
121 static int bgp_md5_set_connect(int socket, union sockunion *su,
122 uint16_t prefixlen, const char *password)
123 {
124 int ret = -1;
125
126 #if HAVE_DECL_TCP_MD5SIG
127 frr_with_privs(&bgpd_privs) {
128 ret = bgp_md5_set_socket(socket, su, prefixlen, password);
129 }
130 #endif /* HAVE_TCP_MD5SIG */
131
132 return ret;
133 }
134
135 static int bgp_md5_set_password(struct peer *peer, const char *password)
136 {
137 struct listnode *node;
138 int ret = 0;
139 struct bgp_listener *listener;
140
141 /*
142 * Set or unset the password on the listen socket(s). Outbound
143 * connections are taken care of in bgp_connect() below.
144 */
145 frr_with_privs(&bgpd_privs) {
146 for (ALL_LIST_ELEMENTS_RO(bm->listen_sockets, node, listener))
147 if (listener->su.sa.sa_family ==
148 peer->su.sa.sa_family) {
149 uint16_t prefixlen =
150 peer->su.sa.sa_family == AF_INET
151 ? IPV4_MAX_BITLEN
152 : IPV6_MAX_BITLEN;
153
154 /*
155 * if we have stored a BGP vrf instance in the
156 * listener it must match the bgp instance in
157 * the peer otherwise the peer bgp instance
158 * must be the default vrf or a view instance
159 */
160 if (!listener->bgp) {
161 if (peer->bgp->vrf_id != VRF_DEFAULT)
162 continue;
163 } else if (listener->bgp != peer->bgp)
164 continue;
165
166 ret = bgp_md5_set_socket(listener->fd,
167 &peer->su, prefixlen,
168 password);
169 break;
170 }
171 }
172 return ret;
173 }
174
175 int bgp_md5_set_prefix(struct bgp *bgp, struct prefix *p, const char *password)
176 {
177 int ret = 0;
178 union sockunion su;
179 struct listnode *node;
180 struct bgp_listener *listener;
181
182 /* Set or unset the password on the listen socket(s). */
183 frr_with_privs(&bgpd_privs) {
184 for (ALL_LIST_ELEMENTS_RO(bm->listen_sockets, node, listener))
185 if (listener->su.sa.sa_family == p->family
186 && ((bgp->vrf_id == VRF_DEFAULT)
187 || (listener->bgp == bgp))) {
188 prefix2sockunion(p, &su);
189 ret = bgp_md5_set_socket(listener->fd, &su,
190 p->prefixlen,
191 password);
192 break;
193 }
194 }
195
196 return ret;
197 }
198
199 int bgp_md5_unset_prefix(struct bgp *bgp, struct prefix *p)
200 {
201 return bgp_md5_set_prefix(bgp, p, NULL);
202 }
203
204 int bgp_md5_set(struct peer *peer)
205 {
206 /* Set the password from listen socket. */
207 return bgp_md5_set_password(peer, peer->password);
208 }
209
210 static void bgp_update_setsockopt_tcp_keepalive(struct bgp *bgp, int fd)
211 {
212 if (!bgp)
213 return;
214 if (bgp->tcp_keepalive_idle != 0) {
215 int ret;
216
217 ret = setsockopt_tcp_keepalive(fd, bgp->tcp_keepalive_idle,
218 bgp->tcp_keepalive_intvl,
219 bgp->tcp_keepalive_probes);
220 if (ret < 0)
221 zlog_err(
222 "Can't set TCP keepalive on socket %d, idle %u intvl %u probes %u",
223 fd, bgp->tcp_keepalive_idle,
224 bgp->tcp_keepalive_intvl,
225 bgp->tcp_keepalive_probes);
226 }
227 }
228
229 int bgp_md5_unset(struct peer *peer)
230 {
231 /* Unset the password from listen socket. */
232 return bgp_md5_set_password(peer, NULL);
233 }
234
235 int bgp_set_socket_ttl(struct peer *peer, int bgp_sock)
236 {
237 int ret = 0;
238
239 if (!peer->gtsm_hops) {
240 ret = sockopt_ttl(peer->su.sa.sa_family, bgp_sock, peer->ttl);
241 if (ret) {
242 flog_err(
243 EC_LIB_SOCKET,
244 "%s: Can't set TxTTL on peer (rtrid %pI4) socket, err = %d",
245 __func__, &peer->remote_id, errno);
246 return ret;
247 }
248 } else {
249 /* On Linux, setting minttl without setting ttl seems to mess
250 with the
251 outgoing ttl. Therefore setting both.
252 */
253 ret = sockopt_ttl(peer->su.sa.sa_family, bgp_sock, MAXTTL);
254 if (ret) {
255 flog_err(
256 EC_LIB_SOCKET,
257 "%s: Can't set TxTTL on peer (rtrid %pI4) socket, err = %d",
258 __func__, &peer->remote_id, errno);
259 return ret;
260 }
261 ret = sockopt_minttl(peer->su.sa.sa_family, bgp_sock,
262 MAXTTL + 1 - peer->gtsm_hops);
263 if (ret) {
264 flog_err(
265 EC_LIB_SOCKET,
266 "%s: Can't set MinTTL on peer (rtrid %pI4) socket, err = %d",
267 __func__, &peer->remote_id, errno);
268 return ret;
269 }
270 }
271
272 return ret;
273 }
274
275 /*
276 * Obtain the BGP instance that the incoming connection should be processed
277 * against. This is important because more than one VRF could be using the
278 * same IP address space. The instance is got by obtaining the device to
279 * which the incoming connection is bound to. This could either be a VRF
280 * or it could be an interface, which in turn determines the VRF.
281 */
282 static int bgp_get_instance_for_inc_conn(int sock, struct bgp **bgp_inst)
283 {
284 #ifndef SO_BINDTODEVICE
285 /* only Linux has SO_BINDTODEVICE, but we're in Linux-specific code here
286 * anyway since the assumption is that the interface name returned by
287 * getsockopt() is useful in identifying the VRF, particularly with
288 * Linux's
289 * VRF l3master device. The whole mechanism is specific to Linux, so...
290 * when other platforms add VRF support, this will need handling here as
291 * well. (or, some restructuring) */
292 *bgp_inst = bgp_get_default();
293 return !*bgp_inst;
294
295 #else
296 char name[VRF_NAMSIZ + 1];
297 socklen_t name_len = VRF_NAMSIZ;
298 struct bgp *bgp;
299 int rc;
300 struct listnode *node, *nnode;
301
302 *bgp_inst = NULL;
303 name[0] = '\0';
304 rc = getsockopt(sock, SOL_SOCKET, SO_BINDTODEVICE, name, &name_len);
305 if (rc != 0) {
306 #if defined(HAVE_CUMULUS)
307 flog_err(EC_LIB_SOCKET,
308 "[Error] BGP SO_BINDTODEVICE get failed (%s), sock %d",
309 safe_strerror(errno), sock);
310 return -1;
311 #endif
312 }
313
314 if (!strlen(name)) {
315 *bgp_inst = bgp_get_default();
316 return 0; /* default instance. */
317 }
318
319 /* First try match to instance; if that fails, check for interfaces. */
320 bgp = bgp_lookup_by_name(name);
321 if (bgp) {
322 if (!bgp->vrf_id) // unexpected
323 return -1;
324 *bgp_inst = bgp;
325 return 0;
326 }
327
328 /* TODO - This will be optimized once interfaces move into the NS */
329 for (ALL_LIST_ELEMENTS(bm->bgp, node, nnode, bgp)) {
330 struct interface *ifp;
331
332 if (bgp->inst_type == BGP_INSTANCE_TYPE_VIEW)
333 continue;
334
335 ifp = if_lookup_by_name(name, bgp->vrf_id);
336 if (ifp) {
337 *bgp_inst = bgp;
338 return 0;
339 }
340 }
341
342 /* We didn't match to either an instance or an interface. */
343 return -1;
344 #endif
345 }
346
347 static void bgp_socket_set_buffer_size(const int fd)
348 {
349 if (getsockopt_so_sendbuf(fd) < (int)bm->socket_buffer)
350 setsockopt_so_sendbuf(fd, bm->socket_buffer);
351 if (getsockopt_so_recvbuf(fd) < (int)bm->socket_buffer)
352 setsockopt_so_recvbuf(fd, bm->socket_buffer);
353 }
354
355 /* Accept bgp connection. */
356 static void bgp_accept(struct thread *thread)
357 {
358 int bgp_sock;
359 int accept_sock;
360 union sockunion su;
361 struct bgp_listener *listener = THREAD_ARG(thread);
362 struct peer *peer;
363 struct peer *peer1;
364 char buf[SU_ADDRSTRLEN];
365 struct bgp *bgp = NULL;
366
367 sockunion_init(&su);
368
369 bgp = bgp_lookup_by_name(listener->name);
370
371 /* Register accept thread. */
372 accept_sock = THREAD_FD(thread);
373 if (accept_sock < 0) {
374 flog_err_sys(EC_LIB_SOCKET,
375 "[Error] BGP accept socket fd is negative: %d",
376 accept_sock);
377 return;
378 }
379
380 thread_add_read(bm->master, bgp_accept, listener, accept_sock,
381 &listener->thread);
382
383 /* Accept client connection. */
384 bgp_sock = sockunion_accept(accept_sock, &su);
385 int save_errno = errno;
386 if (bgp_sock < 0) {
387 if (save_errno == EINVAL) {
388 struct vrf *vrf =
389 bgp ? vrf_lookup_by_id(bgp->vrf_id) : NULL;
390
391 /*
392 * It appears that sometimes, when VRFs are deleted on
393 * the system, it takes a little while for us to get
394 * notified about that. In the meantime we endlessly
395 * loop on accept(), because the socket, having been
396 * bound to a now-deleted VRF device, is in some weird
397 * state which causes accept() to fail.
398 *
399 * To avoid this, if we see accept() fail with EINVAL,
400 * we cancel ourselves and trust that when the VRF
401 * deletion notification comes in the event handler for
402 * that will take care of cleaning us up.
403 */
404 flog_err_sys(
405 EC_LIB_SOCKET,
406 "[Error] accept() failed with error \"%s\" on BGP listener socket %d for BGP instance in VRF \"%s\"; refreshing socket",
407 safe_strerror(save_errno), accept_sock,
408 VRF_LOGNAME(vrf));
409 THREAD_OFF(listener->thread);
410 } else {
411 flog_err_sys(
412 EC_LIB_SOCKET,
413 "[Error] BGP socket accept failed (%s); retrying",
414 safe_strerror(save_errno));
415 }
416 return;
417 }
418 set_nonblocking(bgp_sock);
419
420 /* Obtain BGP instance this connection is meant for.
421 * - if it is a VRF netns sock, then BGP is in listener structure
422 * - otherwise, the bgp instance need to be demultiplexed
423 */
424 if (listener->bgp)
425 bgp = listener->bgp;
426 else if (bgp_get_instance_for_inc_conn(bgp_sock, &bgp)) {
427 if (bgp_debug_neighbor_events(NULL))
428 zlog_debug(
429 "[Event] Could not get instance for incoming conn from %s",
430 inet_sutop(&su, buf));
431 close(bgp_sock);
432 return;
433 }
434
435 bgp_socket_set_buffer_size(bgp_sock);
436
437 /* Set TCP keepalive when TCP keepalive is enabled */
438 bgp_update_setsockopt_tcp_keepalive(bgp, bgp_sock);
439
440 /* Check remote IP address */
441 peer1 = peer_lookup(bgp, &su);
442
443 if (!peer1) {
444 peer1 = peer_lookup_dynamic_neighbor(bgp, &su);
445 if (peer1) {
446 /* Dynamic neighbor has been created, let it proceed */
447 peer1->fd = bgp_sock;
448
449 /* Set the user configured MSS to TCP socket */
450 if (CHECK_FLAG(peer1->flags, PEER_FLAG_TCP_MSS))
451 sockopt_tcp_mss_set(bgp_sock, peer1->tcp_mss);
452
453 bgp_fsm_change_status(peer1, Active);
454 THREAD_OFF(
455 peer1->t_start); /* created in peer_create() */
456
457 if (peer_active(peer1)) {
458 if (CHECK_FLAG(peer1->flags,
459 PEER_FLAG_TIMER_DELAYOPEN))
460 BGP_EVENT_ADD(
461 peer1,
462 TCP_connection_open_w_delay);
463 else
464 BGP_EVENT_ADD(peer1,
465 TCP_connection_open);
466 }
467
468 return;
469 }
470 }
471
472 if (!peer1) {
473 if (bgp_debug_neighbor_events(NULL)) {
474 zlog_debug(
475 "[Event] %s connection rejected(%s:%u:%s) - not configured and not valid for dynamic",
476 inet_sutop(&su, buf), bgp->name_pretty, bgp->as,
477 VRF_LOGNAME(vrf_lookup_by_id(bgp->vrf_id)));
478 }
479 close(bgp_sock);
480 return;
481 }
482
483 if (CHECK_FLAG(peer1->flags, PEER_FLAG_SHUTDOWN)
484 || CHECK_FLAG(peer1->bgp->flags, BGP_FLAG_SHUTDOWN)) {
485 if (bgp_debug_neighbor_events(peer1))
486 zlog_debug(
487 "[Event] connection from %s rejected(%s:%u:%s) due to admin shutdown",
488 inet_sutop(&su, buf), bgp->name_pretty, bgp->as,
489 VRF_LOGNAME(vrf_lookup_by_id(bgp->vrf_id)));
490 close(bgp_sock);
491 return;
492 }
493
494 /*
495 * Do not accept incoming connections in Clearing state. This can result
496 * in incorect state transitions - e.g., the connection goes back to
497 * Established and then the Clearing_Completed event is generated. Also,
498 * block incoming connection in Deleted state.
499 */
500 if (peer1->status == Clearing || peer1->status == Deleted) {
501 if (bgp_debug_neighbor_events(peer1))
502 zlog_debug(
503 "[Event] Closing incoming conn for %s (%p) state %d",
504 peer1->host, peer1, peer1->status);
505 close(bgp_sock);
506 return;
507 }
508
509 /* Check that at least one AF is activated for the peer. */
510 if (!peer_active(peer1)) {
511 if (bgp_debug_neighbor_events(peer1))
512 zlog_debug(
513 "%s - incoming conn rejected - no AF activated for peer",
514 peer1->host);
515 close(bgp_sock);
516 return;
517 }
518
519 /* Do not try to reconnect if the peer reached maximum
520 * prefixes, restart timer is still running or the peer
521 * is shutdown.
522 */
523 if (BGP_PEER_START_SUPPRESSED(peer1)) {
524 if (bgp_debug_neighbor_events(peer1))
525 zlog_debug(
526 "[Event] Incoming BGP connection rejected from %s due to maximum-prefix or shutdown",
527 peer1->host);
528 close(bgp_sock);
529 return;
530 }
531
532 if (bgp_debug_neighbor_events(peer1))
533 zlog_debug("[Event] BGP connection from host %s fd %d",
534 inet_sutop(&su, buf), bgp_sock);
535
536 if (peer1->doppelganger) {
537 /* We have an existing connection. Kill the existing one and run
538 with this one.
539 */
540 if (bgp_debug_neighbor_events(peer1))
541 zlog_debug(
542 "[Event] New active connection from peer %s, Killing previous active connection",
543 peer1->host);
544 peer_delete(peer1->doppelganger);
545 }
546
547 if (bgp_set_socket_ttl(peer1, bgp_sock) < 0)
548 if (bgp_debug_neighbor_events(peer1))
549 zlog_debug(
550 "[Event] Unable to set min/max TTL on peer %s, Continuing",
551 peer1->host);
552
553 peer = peer_create(&su, peer1->conf_if, peer1->bgp, peer1->local_as,
554 peer1->as, peer1->as_type, NULL);
555 hash_release(peer->bgp->peerhash, peer);
556 (void)hash_get(peer->bgp->peerhash, peer, hash_alloc_intern);
557
558 peer_xfer_config(peer, peer1);
559 bgp_peer_gr_flags_update(peer);
560
561 BGP_GR_ROUTER_DETECT_AND_SEND_CAPABILITY_TO_ZEBRA(peer->bgp,
562 peer->bgp->peer);
563
564 if (bgp_peer_gr_mode_get(peer) == PEER_DISABLE) {
565
566 UNSET_FLAG(peer->sflags, PEER_STATUS_NSF_MODE);
567
568 if (CHECK_FLAG(peer->sflags, PEER_STATUS_NSF_WAIT)) {
569 peer_nsf_stop(peer);
570 }
571 }
572
573 UNSET_FLAG(peer->flags, PEER_FLAG_CONFIG_NODE);
574
575 peer->doppelganger = peer1;
576 peer1->doppelganger = peer;
577 peer->fd = bgp_sock;
578 frr_with_privs(&bgpd_privs) {
579 vrf_bind(peer->bgp->vrf_id, bgp_sock, bgp_get_bound_name(peer));
580 }
581 bgp_peer_reg_with_nht(peer);
582 bgp_fsm_change_status(peer, Active);
583 THREAD_OFF(peer->t_start); /* created in peer_create() */
584
585 SET_FLAG(peer->sflags, PEER_STATUS_ACCEPT_PEER);
586 /* Make dummy peer until read Open packet. */
587 if (peer_established(peer1)
588 && CHECK_FLAG(peer1->sflags, PEER_STATUS_NSF_MODE)) {
589 /* If we have an existing established connection with graceful
590 * restart
591 * capability announced with one or more address families, then
592 * drop
593 * existing established connection and move state to connect.
594 */
595 peer1->last_reset = PEER_DOWN_NSF_CLOSE_SESSION;
596
597 if (CHECK_FLAG(peer1->flags, PEER_FLAG_GRACEFUL_RESTART)
598 || CHECK_FLAG(peer1->flags,
599 PEER_FLAG_GRACEFUL_RESTART_HELPER))
600 SET_FLAG(peer1->sflags, PEER_STATUS_NSF_WAIT);
601
602 bgp_event_update(peer1, TCP_connection_closed);
603 }
604
605 if (peer_active(peer)) {
606 if (CHECK_FLAG(peer->flags, PEER_FLAG_TIMER_DELAYOPEN))
607 BGP_EVENT_ADD(peer, TCP_connection_open_w_delay);
608 else
609 BGP_EVENT_ADD(peer, TCP_connection_open);
610 }
611
612 /*
613 * If we are doing nht for a peer that is v6 LL based
614 * massage the event system to make things happy
615 */
616 bgp_nht_interface_events(peer);
617 }
618
619 /* BGP socket bind. */
620 static char *bgp_get_bound_name(struct peer *peer)
621 {
622 if (!peer)
623 return NULL;
624
625 if ((peer->bgp->vrf_id == VRF_DEFAULT) && !peer->ifname
626 && !peer->conf_if)
627 return NULL;
628
629 if (peer->su.sa.sa_family != AF_INET
630 && peer->su.sa.sa_family != AF_INET6)
631 return NULL; // unexpected
632
633 /* For IPv6 peering, interface (unnumbered or link-local with interface)
634 * takes precedence over VRF. For IPv4 peering, explicit interface or
635 * VRF are the situations to bind.
636 */
637 if (peer->su.sa.sa_family == AF_INET6 && peer->conf_if)
638 return peer->conf_if;
639
640 if (peer->ifname)
641 return peer->ifname;
642
643 if (peer->bgp->inst_type == BGP_INSTANCE_TYPE_VIEW)
644 return NULL;
645
646 return peer->bgp->name;
647 }
648
649 int bgp_update_address(struct interface *ifp, const union sockunion *dst,
650 union sockunion *addr)
651 {
652 struct prefix *p, *sel, d;
653 struct connected *connected;
654 struct listnode *node;
655 int common;
656
657 if (!sockunion2hostprefix(dst, &d))
658 return 1;
659
660 sel = NULL;
661 common = -1;
662
663 for (ALL_LIST_ELEMENTS_RO(ifp->connected, node, connected)) {
664 p = connected->address;
665 if (p->family != d.family)
666 continue;
667 if (prefix_common_bits(p, &d) > common) {
668 sel = p;
669 common = prefix_common_bits(sel, &d);
670 }
671 }
672
673 if (!sel)
674 return 1;
675
676 prefix2sockunion(sel, addr);
677 return 0;
678 }
679
680 /* Update source selection. */
681 static int bgp_update_source(struct peer *peer)
682 {
683 struct interface *ifp;
684 union sockunion addr;
685 int ret = 0;
686
687 sockunion_init(&addr);
688
689 /* Source is specified with interface name. */
690 if (peer->update_if) {
691 ifp = if_lookup_by_name(peer->update_if, peer->bgp->vrf_id);
692 if (!ifp)
693 return -1;
694
695 if (bgp_update_address(ifp, &peer->su, &addr))
696 return -1;
697
698 ret = sockunion_bind(peer->fd, &addr, 0, &addr);
699 }
700
701 /* Source is specified with IP address. */
702 if (peer->update_source)
703 ret = sockunion_bind(peer->fd, peer->update_source, 0,
704 peer->update_source);
705
706 return ret;
707 }
708
709 /* BGP try to connect to the peer. */
710 int bgp_connect(struct peer *peer)
711 {
712 assert(!CHECK_FLAG(peer->thread_flags, PEER_THREAD_WRITES_ON));
713 assert(!CHECK_FLAG(peer->thread_flags, PEER_THREAD_READS_ON));
714 ifindex_t ifindex = 0;
715
716 if (peer->conf_if && BGP_PEER_SU_UNSPEC(peer)) {
717 if (bgp_debug_neighbor_events(peer))
718 zlog_debug("Peer address not learnt: Returning from connect");
719 return 0;
720 }
721 frr_with_privs(&bgpd_privs) {
722 /* Make socket for the peer. */
723 peer->fd = vrf_sockunion_socket(&peer->su, peer->bgp->vrf_id,
724 bgp_get_bound_name(peer));
725 }
726 if (peer->fd < 0) {
727 peer->last_reset = PEER_DOWN_SOCKET_ERROR;
728 if (bgp_debug_neighbor_events(peer))
729 zlog_debug("%s: Failure to create socket for connection to %s, error received: %s(%d)",
730 __func__, peer->host, safe_strerror(errno),
731 errno);
732 return -1;
733 }
734
735 set_nonblocking(peer->fd);
736
737 /* Set the user configured MSS to TCP socket */
738 if (CHECK_FLAG(peer->flags, PEER_FLAG_TCP_MSS))
739 sockopt_tcp_mss_set(peer->fd, peer->tcp_mss);
740
741 bgp_socket_set_buffer_size(peer->fd);
742
743 /* Set TCP keepalive when TCP keepalive is enabled */
744 bgp_update_setsockopt_tcp_keepalive(peer->bgp, peer->fd);
745
746 if (bgp_set_socket_ttl(peer, peer->fd) < 0) {
747 peer->last_reset = PEER_DOWN_SOCKET_ERROR;
748 if (bgp_debug_neighbor_events(peer))
749 zlog_debug("%s: Failure to set socket ttl for connection to %s, error received: %s(%d)",
750 __func__, peer->host, safe_strerror(errno),
751 errno);
752
753 return -1;
754 }
755
756 sockopt_reuseaddr(peer->fd);
757 sockopt_reuseport(peer->fd);
758
759 #ifdef IPTOS_PREC_INTERNETCONTROL
760 frr_with_privs(&bgpd_privs) {
761 if (sockunion_family(&peer->su) == AF_INET)
762 setsockopt_ipv4_tos(peer->fd, bm->tcp_dscp);
763 else if (sockunion_family(&peer->su) == AF_INET6)
764 setsockopt_ipv6_tclass(peer->fd, bm->tcp_dscp);
765 }
766 #endif
767
768 if (peer->password) {
769 uint16_t prefixlen = peer->su.sa.sa_family == AF_INET
770 ? IPV4_MAX_BITLEN
771 : IPV6_MAX_BITLEN;
772
773 bgp_md5_set_connect(peer->fd, &peer->su, prefixlen,
774 peer->password);
775 }
776
777 /* Update source bind. */
778 if (bgp_update_source(peer) < 0) {
779 peer->last_reset = PEER_DOWN_SOCKET_ERROR;
780 return connect_error;
781 }
782
783 if (peer->conf_if || peer->ifname)
784 ifindex = ifname2ifindex(peer->conf_if ? peer->conf_if
785 : peer->ifname,
786 peer->bgp->vrf_id);
787
788 if (bgp_debug_neighbor_events(peer))
789 zlog_debug("%s [Event] Connect start to %s fd %d", peer->host,
790 peer->host, peer->fd);
791
792 /* Connect to the remote peer. */
793 return sockunion_connect(peer->fd, &peer->su, htons(peer->port),
794 ifindex);
795 }
796
797 /* After TCP connection is established. Get local address and port. */
798 int bgp_getsockname(struct peer *peer)
799 {
800 if (peer->su_local) {
801 sockunion_free(peer->su_local);
802 peer->su_local = NULL;
803 }
804
805 if (peer->su_remote) {
806 sockunion_free(peer->su_remote);
807 peer->su_remote = NULL;
808 }
809
810 peer->su_local = sockunion_getsockname(peer->fd);
811 if (!peer->su_local)
812 return -1;
813 peer->su_remote = sockunion_getpeername(peer->fd);
814 if (!peer->su_remote)
815 return -1;
816
817 if (!bgp_zebra_nexthop_set(peer->su_local, peer->su_remote,
818 &peer->nexthop, peer)) {
819 flog_err(EC_BGP_NH_UPD,
820 "%s: nexthop_set failed, resetting connection - intf %p",
821 peer->host, peer->nexthop.ifp);
822 return -1;
823 }
824 return 0;
825 }
826
827
828 static int bgp_listener(int sock, struct sockaddr *sa, socklen_t salen,
829 struct bgp *bgp)
830 {
831 struct bgp_listener *listener;
832 int ret, en;
833
834 sockopt_reuseaddr(sock);
835 sockopt_reuseport(sock);
836
837 frr_with_privs(&bgpd_privs) {
838
839 #ifdef IPTOS_PREC_INTERNETCONTROL
840 if (sa->sa_family == AF_INET)
841 setsockopt_ipv4_tos(sock, bm->tcp_dscp);
842 else if (sa->sa_family == AF_INET6)
843 setsockopt_ipv6_tclass(sock, bm->tcp_dscp);
844 #endif
845
846 sockopt_v6only(sa->sa_family, sock);
847
848 ret = bind(sock, sa, salen);
849 en = errno;
850 }
851
852 if (ret < 0) {
853 flog_err_sys(EC_LIB_SOCKET, "bind: %s", safe_strerror(en));
854 return ret;
855 }
856
857 ret = listen(sock, SOMAXCONN);
858 if (ret < 0) {
859 flog_err_sys(EC_LIB_SOCKET, "listen: %s", safe_strerror(errno));
860 return ret;
861 }
862
863 listener = XCALLOC(MTYPE_BGP_LISTENER, sizeof(*listener));
864 listener->fd = sock;
865 listener->name = XSTRDUP(MTYPE_BGP_LISTENER, bgp->name);
866
867 /* this socket is in a vrf record bgp back pointer */
868 if (bgp->vrf_id != VRF_DEFAULT)
869 listener->bgp = bgp;
870
871 memcpy(&listener->su, sa, salen);
872 thread_add_read(bm->master, bgp_accept, listener, sock,
873 &listener->thread);
874 listnode_add(bm->listen_sockets, listener);
875
876 return 0;
877 }
878
879 /* IPv6 supported version of BGP server socket setup. */
880 int bgp_socket(struct bgp *bgp, unsigned short port, const char *address)
881 {
882 struct addrinfo *ainfo;
883 struct addrinfo *ainfo_save;
884 static const struct addrinfo req = {
885 .ai_family = AF_UNSPEC,
886 .ai_flags = AI_PASSIVE,
887 .ai_socktype = SOCK_STREAM,
888 };
889 int ret, count;
890 char port_str[BUFSIZ];
891
892 snprintf(port_str, sizeof(port_str), "%d", port);
893 port_str[sizeof(port_str) - 1] = '\0';
894
895 frr_with_privs(&bgpd_privs) {
896 ret = vrf_getaddrinfo(address, port_str, &req, &ainfo_save,
897 bgp->vrf_id);
898 }
899 if (ret != 0) {
900 flog_err_sys(EC_LIB_SOCKET, "getaddrinfo: %s",
901 gai_strerror(ret));
902 return -1;
903 }
904 if (bgp_option_check(BGP_OPT_NO_ZEBRA) &&
905 bgp->vrf_id != VRF_DEFAULT) {
906 freeaddrinfo(ainfo_save);
907 return -1;
908 }
909 count = 0;
910 for (ainfo = ainfo_save; ainfo; ainfo = ainfo->ai_next) {
911 int sock;
912
913 if (ainfo->ai_family != AF_INET && ainfo->ai_family != AF_INET6)
914 continue;
915
916 frr_with_privs(&bgpd_privs) {
917 sock = vrf_socket(ainfo->ai_family,
918 ainfo->ai_socktype,
919 ainfo->ai_protocol,
920 bgp->vrf_id,
921 (bgp->inst_type
922 == BGP_INSTANCE_TYPE_VRF
923 ? bgp->name : NULL));
924 }
925 if (sock < 0) {
926 flog_err_sys(EC_LIB_SOCKET, "socket: %s",
927 safe_strerror(errno));
928 continue;
929 }
930
931 /* if we intend to implement ttl-security, this socket needs
932 * ttl=255 */
933 sockopt_ttl(ainfo->ai_family, sock, MAXTTL);
934
935 ret = bgp_listener(sock, ainfo->ai_addr, ainfo->ai_addrlen,
936 bgp);
937 if (ret == 0)
938 ++count;
939 else
940 close(sock);
941 }
942 freeaddrinfo(ainfo_save);
943 if (count == 0 && bgp->inst_type != BGP_INSTANCE_TYPE_VRF) {
944 flog_err(
945 EC_LIB_SOCKET,
946 "%s: no usable addresses please check other programs usage of specified port %d",
947 __func__, port);
948 flog_err_sys(EC_LIB_SOCKET, "%s: Program cannot continue",
949 __func__);
950 exit(-1);
951 }
952
953 return 0;
954 }
955
956 /* this function closes vrf socket
957 * this should be called only for vrf socket with netns backend
958 */
959 void bgp_close_vrf_socket(struct bgp *bgp)
960 {
961 struct listnode *node, *next;
962 struct bgp_listener *listener;
963
964 if (!bgp)
965 return;
966
967 if (bm->listen_sockets == NULL)
968 return;
969
970 for (ALL_LIST_ELEMENTS(bm->listen_sockets, node, next, listener)) {
971 if (listener->bgp == bgp) {
972 THREAD_OFF(listener->thread);
973 close(listener->fd);
974 listnode_delete(bm->listen_sockets, listener);
975 XFREE(MTYPE_BGP_LISTENER, listener->name);
976 XFREE(MTYPE_BGP_LISTENER, listener);
977 }
978 }
979 }
980
981 /* this function closes main socket
982 */
983 void bgp_close(void)
984 {
985 struct listnode *node, *next;
986 struct bgp_listener *listener;
987
988 if (bm->listen_sockets == NULL)
989 return;
990
991 for (ALL_LIST_ELEMENTS(bm->listen_sockets, node, next, listener)) {
992 if (listener->bgp)
993 continue;
994 THREAD_OFF(listener->thread);
995 close(listener->fd);
996 listnode_delete(bm->listen_sockets, listener);
997 XFREE(MTYPE_BGP_LISTENER, listener->name);
998 XFREE(MTYPE_BGP_LISTENER, listener);
999 }
1000 }
FRRouting mirror