diff options
| author | Paul Jakma <paul.jakma@sun.com> | 2008-07-21 21:02:49 +0000 |
|---|---|---|
| committer | Paul Jakma <paul.jakma@sun.com> | 2008-07-21 21:02:49 +0000 |
| commit | 0df7c91f048f2116610d6bdfce3ab6cad1981802 (patch) | |
| tree | 18390aa845054b757fae86dde49b907ee7f14908 /bgpd/bgpd.h | |
| parent | f04b0e6bb8c1339243717b156880d7e24c84c951 (diff) | |
[bgpd] TCP-MD5: password vty configuration and initial Linux support
2008-07-21 Paul Jakma <paul.jakma@sun.com>
* bgp_packet.c: (bgp_open_receive) fix warning in a zlog call
* bgp_vty.c: (bgp_vty_return) add return code
* bgpd.c: (bgp_master_init) setup the socket list.
* bgp_network.c: Remove the dual IPv4/6 socket thing for now, which
was implemented by Michael, until such time as its clear its
required for Linux (see sockopt comments). IPv6 support, including
IPv4 sessions on AF_INET6 sockets, therefore is broken, and the
'-l 0.0.0.0' arguments would need to be given to bgpd to make
things work here.
2008-07-21 Michael H. Warfield <mhw@wittsend.com>
YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Tomohiko Kusuda <kusuda@inetcore.com>
Leigh Brown <leigh@solinno.co.uk>
* bgp_network.c: (bgp_md5_set_one) shim between libzebra tcp-md5
sockopt and bgpd.
(bgp_md5_set_socket) Helper for bgp_connect
(bgp_md5_set) setup TCP-MD5SIG for the given peer.
(bgp_connect) call out to bgp_md5_set_socket for the outgoing
connect socket.
(bgp_socket) save references to the listen sockets, needed if
TCP-MD5SIG is applied later or changed.
* bgp_vty.c: (*neighbor_password_cmd) New 'neighbor ... password'
commands.
* bgpd.c: (peer_{new,delete) manage TCP-MD5 password
(peer_group2peer_config_copy) inherit TCP-MD5 password
(peer_password_{un,}set) orchestrate the whole add/remove of TCP-MD5
passwords: applying checks, stopping peers, and trying to return
errors to UI, etc.
(bgp_config_write_peer) save password.
Fix missing newline in writeout of neighbor ... port.
2008-07-21 Paul Jakma <paul.jakma@sun.com>
* sockunion.c: ifdef out various places that converted
v4mapped sockets to pure v4. Doesn't seem necessary at all,
presumably a workaround for now historical inet_ntop bugs (?)
2008-07-21 Michael H. Warfield <mhw@wittsend.com>
YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
* sockopt.{c,h}: (sockopt_tcp_signature) Add TCP-MD5SIG support.
Diffstat (limited to 'bgpd/bgpd.h')
| -rw-r--r-- | bgpd/bgpd.h | 18 |
1 files changed, 16 insertions, 2 deletions
diff --git a/bgpd/bgpd.h b/bgpd/bgpd.h index e9fc410f..afe06635 100644 --- a/bgpd/bgpd.h +++ b/bgpd/bgpd.h @@ -42,6 +42,9 @@ struct bgp_master struct work_queue *process_main_queue; struct work_queue *process_rsclient_queue; + /* Listening sockets */ + struct list *listen_sockets; + /* BGP port number. */ u_int16_t port; @@ -377,7 +380,10 @@ struct peer #define PEER_FLAG_ORF_PREFIX_RM (1 << 13) /* orf capability receive-mode */ #define PEER_FLAG_MAX_PREFIX (1 << 14) /* maximum prefix */ #define PEER_FLAG_MAX_PREFIX_WARNING (1 << 15) /* maximum prefix warning-only */ -#define PEER_FLAG_NEXTHOP_LOCAL_UNCHANGED (1 << 16) /* leave link-local nexthop unchanged */ +#define PEER_FLAG_NEXTHOP_LOCAL_UNCHANGED (1 << 16) /* leave link-local nexthop unchanged */ + + /* MD5 password */ + char *password; /* default-originate route-map. */ struct @@ -534,6 +540,9 @@ struct peer #define PEER_RMAP_TYPE_EXPORT (1 << 7) /* neighbor route-map export */ }; +#define PEER_PASSWORD_MINLEN (1) +#define PEER_PASSWORD_MAXLEN (80) + /* This structure's member directly points incoming packet data stream. */ struct bgp_nlri @@ -787,7 +796,8 @@ enum bgp_clear_type #define BGP_ERR_INSTANCE_MISMATCH -26 #define BGP_ERR_LOCAL_AS_ALLOWED_ONLY_FOR_EBGP -27 #define BGP_ERR_CANNOT_HAVE_LOCAL_AS_SAME_AS -28 -#define BGP_ERR_MAX -29 +#define BGP_ERR_TCPSIG_FAILED -29 +#define BGP_ERR_MAX -30 extern struct bgp_master *bm; @@ -924,6 +934,10 @@ extern int peer_route_map_set (struct peer *, afi_t, safi_t, int, const char *); extern int peer_route_map_unset (struct peer *, afi_t, safi_t, int); extern int peer_unsuppress_map_set (struct peer *, afi_t, safi_t, const char *); + +extern int peer_password_set (struct peer *, const char *); +extern int peer_password_unset (struct peer *); + extern int peer_unsuppress_map_unset (struct peer *, afi_t, safi_t); extern int peer_maximum_prefix_set (struct peer *, afi_t, safi_t, u_int32_t, u_char, int, u_int16_t); |