]> git.proxmox.com Git - mirror_frr.git/blob - lib/sockopt.c
projects / mirror_frr.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge pull request #12798 from donaldsharp/rib_match_multicast
[mirror_frr.git] / lib / sockopt.c
1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /* setsockopt functions
3 * Copyright (C) 1999 Kunihiro Ishiguro
4 */
5
6 #include <zebra.h>
7
8 #include "log.h"
9 #include "sockopt.h"
10 #include "sockunion.h"
11 #include "lib_errors.h"
12
13 #if (defined(__FreeBSD__) \
14 && ((__FreeBSD_version >= 500022 && __FreeBSD_version < 700000) \
15 || (__FreeBSD_version < 500000 && __FreeBSD_version >= 440000))) \
16 || (defined(__NetBSD__) && defined(__NetBSD_Version__) \
17 && __NetBSD_Version__ >= 106010000) \
18 || defined(__OpenBSD__) || defined(__APPLE__) \
19 || defined(__DragonFly__) || defined(__sun)
20 #define HAVE_BSD_STRUCT_IP_MREQ_HACK
21 #endif
22
23 void setsockopt_so_recvbuf(int sock, int size)
24 {
25 int orig_req = size;
26
27 while (setsockopt(sock, SOL_SOCKET, SO_RCVBUF, &size, sizeof(size))
28 == -1)
29 size /= 2;
30
31 if (size != orig_req)
32 flog_err(EC_LIB_SOCKET,
33 "%s: fd %d: SO_RCVBUF set to %d (requested %d)",
34 __func__, sock, size, orig_req);
35 }
36
37 void setsockopt_so_sendbuf(const int sock, int size)
38 {
39 int orig_req = size;
40
41 while (setsockopt(sock, SOL_SOCKET, SO_SNDBUF, &size, sizeof(size))
42 == -1)
43 size /= 2;
44
45 if (size != orig_req)
46 flog_err(EC_LIB_SOCKET,
47 "%s: fd %d: SO_SNDBUF set to %d (requested %d)",
48 __func__, sock, size, orig_req);
49 }
50
51 int getsockopt_so_sendbuf(const int sock)
52 {
53 uint32_t optval;
54 socklen_t optlen = sizeof(optval);
55 int ret = getsockopt(sock, SOL_SOCKET, SO_SNDBUF, (char *)&optval,
56 &optlen);
57 if (ret < 0) {
58 flog_err_sys(EC_LIB_SYSTEM_CALL,
59 "fd %d: can't getsockopt SO_SNDBUF: %d (%s)", sock,
60 errno, safe_strerror(errno));
61 return ret;
62 }
63 return optval;
64 }
65
66 int getsockopt_so_recvbuf(const int sock)
67 {
68 uint32_t optval;
69 socklen_t optlen = sizeof(optval);
70 int ret = getsockopt(sock, SOL_SOCKET, SO_RCVBUF, (char *)&optval,
71 &optlen);
72 if (ret < 0) {
73 flog_err_sys(EC_LIB_SYSTEM_CALL,
74 "fd %d: can't getsockopt SO_RCVBUF: %d (%s)", sock,
75 errno, safe_strerror(errno));
76 return ret;
77 }
78 return optval;
79 }
80
81 static void *getsockopt_cmsg_data(struct msghdr *msgh, int level, int type)
82 {
83 struct cmsghdr *cmsg;
84
85 for (cmsg = CMSG_FIRSTHDR(msgh); cmsg != NULL;
86 cmsg = CMSG_NXTHDR(msgh, cmsg))
87 if (cmsg->cmsg_level == level && cmsg->cmsg_type == type)
88 return CMSG_DATA(cmsg);
89
90 return NULL;
91 }
92
93 /* Set IPv6 packet info to the socket. */
94 int setsockopt_ipv6_pktinfo(int sock, int val)
95 {
96 int ret;
97
98 #ifdef IPV6_RECVPKTINFO /*2292bis-01*/
99 ret = setsockopt(sock, IPPROTO_IPV6, IPV6_RECVPKTINFO, &val,
100 sizeof(val));
101 if (ret < 0)
102 flog_err(EC_LIB_SOCKET,
103 "can't setsockopt IPV6_RECVPKTINFO : %s",
104 safe_strerror(errno));
105 #else /*RFC2292*/
106 ret = setsockopt(sock, IPPROTO_IPV6, IPV6_PKTINFO, &val, sizeof(val));
107 if (ret < 0)
108 flog_err(EC_LIB_SOCKET, "can't setsockopt IPV6_PKTINFO : %s",
109 safe_strerror(errno));
110 #endif /* IANA_IPV6 */
111 return ret;
112 }
113
114 /* Set multicast hops val to the socket. */
115 int setsockopt_ipv6_multicast_hops(int sock, int val)
116 {
117 int ret;
118
119 ret = setsockopt(sock, IPPROTO_IPV6, IPV6_MULTICAST_HOPS, &val,
120 sizeof(val));
121 if (ret < 0)
122 flog_err(EC_LIB_SOCKET, "can't setsockopt IPV6_MULTICAST_HOPS");
123 return ret;
124 }
125
126 /* Set multicast hops val to the socket. */
127 int setsockopt_ipv6_unicast_hops(int sock, int val)
128 {
129 int ret;
130
131 ret = setsockopt(sock, IPPROTO_IPV6, IPV6_UNICAST_HOPS, &val,
132 sizeof(val));
133 if (ret < 0)
134 flog_err(EC_LIB_SOCKET, "can't setsockopt IPV6_UNICAST_HOPS");
135 return ret;
136 }
137
138 int setsockopt_ipv6_hoplimit(int sock, int val)
139 {
140 int ret;
141
142 #ifdef IPV6_RECVHOPLIMIT /*2292bis-01*/
143 ret = setsockopt(sock, IPPROTO_IPV6, IPV6_RECVHOPLIMIT, &val,
144 sizeof(val));
145 if (ret < 0)
146 flog_err(EC_LIB_SOCKET, "can't setsockopt IPV6_RECVHOPLIMIT");
147 #else /*RFC2292*/
148 ret = setsockopt(sock, IPPROTO_IPV6, IPV6_HOPLIMIT, &val, sizeof(val));
149 if (ret < 0)
150 flog_err(EC_LIB_SOCKET, "can't setsockopt IPV6_HOPLIMIT");
151 #endif
152 return ret;
153 }
154
155 /* Set multicast loop zero to the socket. */
156 int setsockopt_ipv6_multicast_loop(int sock, int val)
157 {
158 int ret;
159
160 ret = setsockopt(sock, IPPROTO_IPV6, IPV6_MULTICAST_LOOP, &val,
161 sizeof(val));
162 if (ret < 0)
163 flog_err(EC_LIB_SOCKET, "can't setsockopt IPV6_MULTICAST_LOOP");
164 return ret;
165 }
166
167 static int getsockopt_ipv6_ifindex(struct msghdr *msgh)
168 {
169 struct in6_pktinfo *pktinfo;
170
171 pktinfo = getsockopt_cmsg_data(msgh, IPPROTO_IPV6, IPV6_PKTINFO);
172
173 return pktinfo->ipi6_ifindex;
174 }
175
176 int setsockopt_ipv6_tclass(int sock, int tclass)
177 {
178 int ret = 0;
179
180 #ifdef IPV6_TCLASS /* RFC3542 */
181 ret = setsockopt(sock, IPPROTO_IPV6, IPV6_TCLASS, &tclass,
182 sizeof(tclass));
183 if (ret < 0)
184 flog_err(EC_LIB_SOCKET,
185 "Can't set IPV6_TCLASS option for fd %d to %#x: %s",
186 sock, tclass, safe_strerror(errno));
187 #endif
188 return ret;
189 }
190
191 /*
192 * Process multicast socket options for IPv4 in an OS-dependent manner.
193 * Supported options are IP_{ADD,DROP}_MEMBERSHIP.
194 *
195 * Many operating systems have a limit on the number of groups that
196 * can be joined per socket (where each group and local address
197 * counts). This impacts OSPF, which joins groups on each interface
198 * using a single socket. The limit is typically 20, derived from the
199 * original BSD multicast implementation. Some systems have
200 * mechanisms for increasing this limit.
201 *
202 * In many 4.4BSD-derived systems, multicast group operations are not
203 * allowed on interfaces that are not UP. Thus, a previous attempt to
204 * leave the group may have failed, leaving it still joined, and we
205 * drop/join quietly to recover. This may not be necessary, but aims to
206 * defend against unknown behavior in that we will still return an error
207 * if the second join fails. It is not clear how other systems
208 * (e.g. Linux, Solaris) behave when leaving groups on down interfaces,
209 * but this behavior should not be harmful if they behave the same way,
210 * allow leaves, or implicitly leave all groups joined to down interfaces.
211 */
212 int setsockopt_ipv4_multicast(int sock, int optname, struct in_addr if_addr,
213 unsigned int mcast_addr, ifindex_t ifindex)
214 {
215 #ifdef HAVE_RFC3678
216 struct group_req gr;
217 struct sockaddr_in *si;
218 int ret;
219 memset(&gr, 0, sizeof(gr));
220 si = (struct sockaddr_in *)&gr.gr_group;
221 gr.gr_interface = ifindex;
222 si->sin_family = AF_INET;
223 #ifdef HAVE_STRUCT_SOCKADDR_IN_SIN_LEN
224 si->sin_len = sizeof(struct sockaddr_in);
225 #endif /* HAVE_STRUCT_SOCKADDR_IN_SIN_LEN */
226 si->sin_addr.s_addr = mcast_addr;
227 ret = setsockopt(sock, IPPROTO_IP,
228 (optname == IP_ADD_MEMBERSHIP) ? MCAST_JOIN_GROUP
229 : MCAST_LEAVE_GROUP,
230 (void *)&gr, sizeof(gr));
231 if ((ret < 0) && (optname == IP_ADD_MEMBERSHIP)
232 && (errno == EADDRINUSE)) {
233 setsockopt(sock, IPPROTO_IP, MCAST_LEAVE_GROUP, (void *)&gr,
234 sizeof(gr));
235 ret = setsockopt(sock, IPPROTO_IP, MCAST_JOIN_GROUP,
236 (void *)&gr, sizeof(gr));
237 }
238 return ret;
239
240 #elif defined(HAVE_STRUCT_IP_MREQN_IMR_IFINDEX) && !defined(__FreeBSD__)
241 struct ip_mreqn mreqn;
242 int ret;
243
244 assert(optname == IP_ADD_MEMBERSHIP || optname == IP_DROP_MEMBERSHIP);
245 memset(&mreqn, 0, sizeof(mreqn));
246
247 mreqn.imr_multiaddr.s_addr = mcast_addr;
248 mreqn.imr_ifindex = ifindex;
249
250 ret = setsockopt(sock, IPPROTO_IP, optname, (void *)&mreqn,
251 sizeof(mreqn));
252 if ((ret < 0) && (optname == IP_ADD_MEMBERSHIP)
253 && (errno == EADDRINUSE)) {
254 /* see above: handle possible problem when interface comes back
255 * up */
256 zlog_info(
257 "setsockopt_ipv4_multicast attempting to drop and re-add (fd %d, mcast %pI4, ifindex %u)",
258 sock, &mreqn.imr_multiaddr, ifindex);
259 setsockopt(sock, IPPROTO_IP, IP_DROP_MEMBERSHIP, (void *)&mreqn,
260 sizeof(mreqn));
261 ret = setsockopt(sock, IPPROTO_IP, IP_ADD_MEMBERSHIP,
262 (void *)&mreqn, sizeof(mreqn));
263 }
264 return ret;
265
266 /* Example defines for another OS, boilerplate off other code in this
267 function, AND handle optname as per other sections for consistency !! */
268 /* #elif defined(BOGON_NIX) && EXAMPLE_VERSION_CODE > -100000 */
269 /* Add your favourite OS here! */
270
271 #elif defined(HAVE_BSD_STRUCT_IP_MREQ_HACK) /* #if OS_TYPE */
272 /* standard BSD API */
273
274 struct ip_mreq mreq;
275 int ret;
276
277 assert(optname == IP_ADD_MEMBERSHIP || optname == IP_DROP_MEMBERSHIP);
278
279
280 memset(&mreq, 0, sizeof(mreq));
281 mreq.imr_multiaddr.s_addr = mcast_addr;
282 #if !defined __OpenBSD__
283 mreq.imr_interface.s_addr = htonl(ifindex);
284 #else
285 mreq.imr_interface.s_addr = if_addr.s_addr;
286 #endif
287
288 ret = setsockopt(sock, IPPROTO_IP, optname, (void *)&mreq,
289 sizeof(mreq));
290 if ((ret < 0) && (optname == IP_ADD_MEMBERSHIP)
291 && (errno == EADDRINUSE)) {
292 /* see above: handle possible problem when interface comes back
293 * up */
294 zlog_info(
295 "setsockopt_ipv4_multicast attempting to drop and re-add (fd %d, mcast %pI4, ifindex %u)",
296 sock, &mreq.imr_multiaddr, ifindex);
297 setsockopt(sock, IPPROTO_IP, IP_DROP_MEMBERSHIP, (void *)&mreq,
298 sizeof(mreq));
299 ret = setsockopt(sock, IPPROTO_IP, IP_ADD_MEMBERSHIP,
300 (void *)&mreq, sizeof(mreq));
301 }
302 return ret;
303
304 #else
305 #error "Unsupported multicast API"
306 #endif /* #if OS_TYPE */
307 }
308
309 /*
310 * Set IP_MULTICAST_IF socket option in an OS-dependent manner.
311 */
312 int setsockopt_ipv4_multicast_if(int sock, struct in_addr if_addr,
313 ifindex_t ifindex)
314 {
315
316 #ifdef HAVE_STRUCT_IP_MREQN_IMR_IFINDEX
317 struct ip_mreqn mreqn;
318 memset(&mreqn, 0, sizeof(mreqn));
319
320 mreqn.imr_ifindex = ifindex;
321 return setsockopt(sock, IPPROTO_IP, IP_MULTICAST_IF, (void *)&mreqn,
322 sizeof(mreqn));
323
324 /* Example defines for another OS, boilerplate off other code in this
325 function */
326 /* #elif defined(BOGON_NIX) && EXAMPLE_VERSION_CODE > -100000 */
327 /* Add your favourite OS here! */
328 #elif defined(HAVE_BSD_STRUCT_IP_MREQ_HACK)
329 struct in_addr m;
330
331 #if !defined __OpenBSD__
332 m.s_addr = htonl(ifindex);
333 #else
334 m.s_addr = if_addr.s_addr;
335 #endif
336
337 return setsockopt(sock, IPPROTO_IP, IP_MULTICAST_IF, (void *)&m,
338 sizeof(m));
339 #else
340 #error "Unsupported multicast API"
341 #endif
342 }
343
344 int setsockopt_ipv4_multicast_loop(int sock, uint8_t val)
345 {
346 int ret;
347
348 ret = setsockopt(sock, IPPROTO_IP, IP_MULTICAST_LOOP, (void *)&val,
349 sizeof(val));
350 if (ret < 0)
351 flog_err(EC_LIB_SOCKET, "can't setsockopt IP_MULTICAST_LOOP");
352
353 return ret;
354 }
355
356 static int setsockopt_ipv4_ifindex(int sock, ifindex_t val)
357 {
358 int ret;
359
360 #if defined(IP_PKTINFO)
361 ret = setsockopt(sock, IPPROTO_IP, IP_PKTINFO, &val, sizeof(val));
362 if (ret < 0)
363 flog_err(EC_LIB_SOCKET,
364 "Can't set IP_PKTINFO option for fd %d to %d: %s",
365 sock, val, safe_strerror(errno));
366 #elif defined(IP_RECVIF)
367 ret = setsockopt(sock, IPPROTO_IP, IP_RECVIF, &val, sizeof(val));
368 if (ret < 0)
369 flog_err(EC_LIB_SOCKET,
370 "Can't set IP_RECVIF option for fd %d to %d: %s", sock,
371 val, safe_strerror(errno));
372 #else
373 #warning "Neither IP_PKTINFO nor IP_RECVIF is available."
374 #warning "Will not be able to receive link info."
375 #warning "Things might be seriously broken.."
376 /* XXX Does this ever happen? Should there be a zlog_warn message here?
377 */
378 ret = -1;
379 #endif
380 return ret;
381 }
382
383 int setsockopt_ipv4_tos(int sock, int tos)
384 {
385 int ret;
386
387 ret = setsockopt(sock, IPPROTO_IP, IP_TOS, &tos, sizeof(tos));
388 if (ret < 0)
389 flog_err(EC_LIB_SOCKET,
390 "Can't set IP_TOS option for fd %d to %#x: %s", sock,
391 tos, safe_strerror(errno));
392 return ret;
393 }
394
395
396 int setsockopt_ifindex(int af, int sock, ifindex_t val)
397 {
398 int ret = -1;
399
400 switch (af) {
401 case AF_INET:
402 ret = setsockopt_ipv4_ifindex(sock, val);
403 break;
404 case AF_INET6:
405 ret = setsockopt_ipv6_pktinfo(sock, val);
406 break;
407 default:
408 flog_err(EC_LIB_DEVELOPMENT,
409 "setsockopt_ifindex: unknown address family %d", af);
410 }
411 return ret;
412 }
413
414 /*
415 * Requires: msgh is not NULL and points to a valid struct msghdr, which
416 * may or may not have control data about the incoming interface.
417 *
418 * Returns the interface index (small integer >= 1) if it can be
419 * determined, or else 0.
420 */
421 static ifindex_t getsockopt_ipv4_ifindex(struct msghdr *msgh)
422 {
423 ifindex_t ifindex;
424
425 #if defined(IP_PKTINFO)
426 /* Linux pktinfo based ifindex retrieval */
427 struct in_pktinfo *pktinfo;
428
429 pktinfo = (struct in_pktinfo *)getsockopt_cmsg_data(msgh, IPPROTO_IP,
430 IP_PKTINFO);
431
432 /* getsockopt_ifindex() will forward this, being 0 "not found" */
433 if (pktinfo == NULL)
434 return 0;
435
436 ifindex = pktinfo->ipi_ifindex;
437
438 #elif defined(IP_RECVIF)
439
440 /* retrieval based on IP_RECVIF */
441
442 /* BSD systems use a sockaddr_dl as the control message payload. */
443 struct sockaddr_dl *sdl;
444
445 /* BSD */
446 sdl = (struct sockaddr_dl *)getsockopt_cmsg_data(msgh, IPPROTO_IP,
447 IP_RECVIF);
448 if (sdl != NULL)
449 ifindex = sdl->sdl_index;
450 else
451 ifindex = 0;
452
453 #else
454 /*
455 * Neither IP_PKTINFO nor IP_RECVIF defined - warn at compile time.
456 * XXX Decide if this is a core service, or if daemons have to cope.
457 * Since Solaris 8 and OpenBSD seem not to provide it, it seems that
458 * daemons have to cope.
459 */
460 #warning "getsockopt_ipv4_ifindex: Neither IP_PKTINFO nor IP_RECVIF defined."
461 #warning "Some daemons may fail to operate correctly!"
462 ifindex = 0;
463
464 #endif /* IP_PKTINFO */
465
466 return ifindex;
467 }
468
469 /* return ifindex, 0 if none found */
470 ifindex_t getsockopt_ifindex(int af, struct msghdr *msgh)
471 {
472 switch (af) {
473 case AF_INET:
474 return (getsockopt_ipv4_ifindex(msgh));
475 case AF_INET6:
476 return (getsockopt_ipv6_ifindex(msgh));
477 default:
478 flog_err(EC_LIB_DEVELOPMENT,
479 "getsockopt_ifindex: unknown address family %d", af);
480 return 0;
481 }
482 }
483
484 /* swab iph between order system uses for IP_HDRINCL and host order */
485 void sockopt_iphdrincl_swab_htosys(struct ip *iph)
486 {
487 /* BSD and derived take iph in network order, except for
488 * ip_len and ip_off
489 */
490 #ifndef HAVE_IP_HDRINCL_BSD_ORDER
491 iph->ip_len = htons(iph->ip_len);
492 iph->ip_off = htons(iph->ip_off);
493 #endif /* HAVE_IP_HDRINCL_BSD_ORDER */
494
495 iph->ip_id = htons(iph->ip_id);
496 }
497
498 void sockopt_iphdrincl_swab_systoh(struct ip *iph)
499 {
500 #ifndef HAVE_IP_HDRINCL_BSD_ORDER
501 iph->ip_len = ntohs(iph->ip_len);
502 iph->ip_off = ntohs(iph->ip_off);
503 #endif /* HAVE_IP_HDRINCL_BSD_ORDER */
504
505 iph->ip_id = ntohs(iph->ip_id);
506 }
507
508 int sockopt_tcp_rtt(int sock)
509 {
510 #ifdef TCP_INFO
511 struct tcp_info ti;
512 socklen_t len = sizeof(ti);
513
514 if (getsockopt(sock, IPPROTO_TCP, TCP_INFO, &ti, &len) != 0)
515 return 0;
516
517 return ti.tcpi_rtt / 1000;
518 #else
519 return 0;
520 #endif
521 }
522
523 int sockopt_tcp_signature_ext(int sock, union sockunion *su, uint16_t prefixlen,
524 const char *password)
525 {
526 #ifndef HAVE_DECL_TCP_MD5SIG
527 /*
528 * We have been asked to enable MD5 auth for an address, but our
529 * platform doesn't support that
530 */
531 return -2;
532 #endif
533
534 #ifndef TCP_MD5SIG_EXT
535 /*
536 * We have been asked to enable MD5 auth for a prefix, but our platform
537 * doesn't support that
538 */
539 if (prefixlen > 0)
540 return -2;
541 #endif
542
543 #if HAVE_DECL_TCP_MD5SIG
544 int ret;
545
546 int optname = TCP_MD5SIG;
547 #ifndef GNU_LINUX
548 /*
549 * XXX Need to do PF_KEY operation here to add/remove an SA entry,
550 * and add/remove an SP entry for this peer's packet flows also.
551 */
552 int md5sig = password && *password ? 1 : 0;
553 #else
554 int keylen = password ? strlen(password) : 0;
555 struct tcp_md5sig md5sig;
556 union sockunion *su2, *susock;
557
558 /* Figure out whether the socket and the sockunion are the same family..
559 * adding AF_INET to AF_INET6 needs to be v4 mapped, you'd think..
560 */
561 if (!(susock = sockunion_getsockname(sock)))
562 return -1;
563
564 if (susock->sa.sa_family == su->sa.sa_family)
565 su2 = su;
566 else {
567 /* oops.. */
568 su2 = susock;
569
570 if (su2->sa.sa_family == AF_INET) {
571 sockunion_free(susock);
572 return 0;
573 }
574
575 /* If this does not work, then all users of this sockopt will
576 * need to
577 * differentiate between IPv4 and IPv6, and keep separate
578 * sockets for
579 * each.
580 *
581 * Sadly, it doesn't seem to work at present. It's unknown
582 * whether
583 * this is a bug or not.
584 */
585 if (su2->sa.sa_family == AF_INET6
586 && su->sa.sa_family == AF_INET) {
587 su2->sin6.sin6_family = AF_INET6;
588 /* V4Map the address */
589 memset(&su2->sin6.sin6_addr, 0,
590 sizeof(struct in6_addr));
591 su2->sin6.sin6_addr.s6_addr32[2] = htonl(0xffff);
592 memcpy(&su2->sin6.sin6_addr.s6_addr32[3],
593 &su->sin.sin_addr, 4);
594 }
595 }
596
597 memset(&md5sig, 0, sizeof(md5sig));
598 memcpy(&md5sig.tcpm_addr, su2, sizeof(*su2));
599
600 md5sig.tcpm_keylen = keylen;
601 if (keylen)
602 memcpy(md5sig.tcpm_key, password, keylen);
603 sockunion_free(susock);
604
605 /*
606 * Handle support for MD5 signatures on prefixes, if available and
607 * requested. Technically the #ifdef check below is not needed because
608 * if prefixlen > 0 and we don't have support for this feature we would
609 * have already returned by now, but leaving it there to be explicit.
610 */
611 #ifdef TCP_MD5SIG_EXT
612 if (prefixlen > 0) {
613 md5sig.tcpm_prefixlen = prefixlen;
614 md5sig.tcpm_flags = TCP_MD5SIG_FLAG_PREFIX;
615 optname = TCP_MD5SIG_EXT;
616 }
617 #endif /* TCP_MD5SIG_EXT */
618
619 #endif /* GNU_LINUX */
620
621 ret = setsockopt(sock, IPPROTO_TCP, optname, &md5sig, sizeof(md5sig));
622 if (ret < 0) {
623 if (ENOENT == errno)
624 ret = 0;
625 else
626 flog_err_sys(
627 EC_LIB_SYSTEM_CALL,
628 "sockopt_tcp_signature: setsockopt(%d): %s",
629 sock, safe_strerror(errno));
630 }
631 return ret;
632 #endif /* HAVE_TCP_MD5SIG */
633
634 /*
635 * Making compiler happy. If we get to this point we probably
636 * have done something really really wrong.
637 */
638 return -2;
639 }
640
641 int sockopt_tcp_signature(int sock, union sockunion *su, const char *password)
642 {
643 return sockopt_tcp_signature_ext(sock, su, 0, password);
644 }
645
646 /* set TCP mss value to socket */
647 int sockopt_tcp_mss_set(int sock, int tcp_maxseg)
648 {
649 int ret = 0;
650 socklen_t tcp_maxseg_len = sizeof(tcp_maxseg);
651
652 ret = setsockopt(sock, IPPROTO_TCP, TCP_MAXSEG, &tcp_maxseg,
653 tcp_maxseg_len);
654 if (ret != 0) {
655 flog_err_sys(EC_LIB_SYSTEM_CALL,
656 "%s failed: setsockopt(%d): %s", __func__, sock,
657 safe_strerror(errno));
658 }
659
660 return ret;
661 }
662
663 /* get TCP mss value synced by socket */
664 int sockopt_tcp_mss_get(int sock)
665 {
666 int ret = 0;
667 int tcp_maxseg = 0;
668 socklen_t tcp_maxseg_len = sizeof(tcp_maxseg);
669
670 ret = getsockopt(sock, IPPROTO_TCP, TCP_MAXSEG, &tcp_maxseg,
671 &tcp_maxseg_len);
672 if (ret != 0) {
673 flog_err_sys(EC_LIB_SYSTEM_CALL,
674 "%s failed: getsockopt(%d): %s", __func__, sock,
675 safe_strerror(errno));
676 return 0;
677 }
678
679 return tcp_maxseg;
680 }
681
682 int setsockopt_tcp_keepalive(int sock, uint16_t keepalive_idle,
683 uint16_t keepalive_intvl,
684 uint16_t keepalive_probes)
685 {
686 int val = 1;
687
688 if (setsockopt(sock, SOL_SOCKET, SO_KEEPALIVE, &val, sizeof(val)) < 0) {
689 flog_err_sys(EC_LIB_SYSTEM_CALL,
690 "%s failed: setsockopt SO_KEEPALIVE (%d): %s",
691 __func__, sock, safe_strerror(errno));
692 return -1;
693 }
694
695 #if defined __OpenBSD__
696 return 0;
697 #else
698 /* Send first probe after keepalive_idle seconds */
699 val = keepalive_idle;
700 if (setsockopt(sock, IPPROTO_TCP, TCP_KEEPIDLE, &val, sizeof(val)) <
701 0) {
702 flog_err_sys(EC_LIB_SYSTEM_CALL,
703 "%s failed: setsockopt TCP_KEEPIDLE (%d): %s",
704 __func__, sock, safe_strerror(errno));
705 return -1;
706 }
707
708 /* Set interval between two probes */
709 val = keepalive_intvl;
710 if (setsockopt(sock, IPPROTO_TCP, TCP_KEEPINTVL, &val, sizeof(val)) <
711 0) {
712 flog_err_sys(EC_LIB_SYSTEM_CALL,
713 "%s failed: setsockopt TCP_KEEPINTVL (%d): %s",
714 __func__, sock, safe_strerror(errno));
715 return -1;
716 }
717
718 /* Set maximum probes */
719 val = keepalive_probes;
720 if (setsockopt(sock, IPPROTO_TCP, TCP_KEEPCNT, &val, sizeof(val)) < 0) {
721 flog_err_sys(EC_LIB_SYSTEM_CALL,
722 "%s failed: setsockopt TCP_KEEPCNT (%d): %s",
723 __func__, sock, safe_strerror(errno));
724 return -1;
725 }
726
727 return 0;
728 #endif
729 }
FRRouting mirror