Age | Commit message (Collapse) | Author |
|
bgp_bind_address is replaced with sockunion_bind.
|
|
if update-source was given as interface name, bgpd was unconditionally
trying to bind to an IPv4 address from that interface.
change function to find the best-matching (number of address bits)
same-family address on the interface.
|
|
To set the TOS bits on TCP connections, platforms that restrict
capabilities need the priv level to be raised before the sockopt
is set, and this requires the ZCAP_NET_ADMIN priv.
* bgp_main.c: update _caps_p to include ZCAP_NET_ADMIN
* bgp_network.c
* bgp_connect(): request ZPRIVS_RAISE/ZPRIVS_LOWER
* bgp_listener(): request ZPRIVS_RAISE earlier
|
|
IPv6 supports the same concept of differentiated service for routing
protocols as IPv4, but like too many things, the standards committee
decided that having two names for the same thing wasn't good enough and
introduced a third more generic term transport class.
The socket option to set transport class works the same as IPv4, but the
arguments are different.
* lib/sockopt.[ch]
* setsockopt_ipv6_tclass(): new function
* bgpd/bgp_network.c
* bgp_connect(): set socket option
* bgp_listener(): set socket option
* ospf6d/ospf6_network.c
* ospf6_set_transport_class(): new function
* ospf6_serv_sock(): set socket option
* ripngd/ripngd.c
* ripng_make_socket(): set socket option
|
|
* bgp_aspath.c: (assegments_parse) just bail early if length doesn't match
and fix the formatting.
* bgp_network.c: add include needed for set_nonblocking
* bgp_packet.c: formatting
|
|
* bgpd: Add support for RFC 5082 GTSM, which allows the TTL field to be used
to verify that incoming packets have been sent from neighbours no more
than X IP hops away. In other words, this allows packets that were sent from
further away (i.e. not by the neighbour with known distance, and so possibly
a miscreant) to be filtered out.
* lib/sockunion.{c,h}: (sockopt_minttl) new function, to set a minimum TTL
using the IP_MINTTL socket opt.
* bgpd.h: (BGP_ERR_NO_EBGP_MULTIHOP_WITH_TTLHACK) define for command
error for minttl.
(struct peer) add a config variable, to store the configured minttl.
(peer_ttl_security_hops_{set,unset}) configuration handlers
* bgpd.c: (peer_group_get) init gtsm_hops
(peer_ebgp_multihop_{un,}set) check for conflicts with GTSM. Multihop and
GTSM can't both be active for a peer at the same time.
(peer_ttl_security_hops_set) set minttl, taking care to avoid conflicts with
ebgp_multihop.
(bgp_config_write_peer) write out minttl as "neighbor .. ttl-security hops X".
* bgp_vty.c: (bgp_vty_return) message for
BGP_ERR_NO_EBGP_MULTIHOP_WITH_TTLHACK
(peer_ebgp_multihop_{un,}set_vty)
* bgp_network.c: (bgp_accept) set minttl on accepted sockets if appropriate.
(bgp_connect) ditto for outbound.
|
|
* bgpd: Rather than toggling socket in/out of non-block mode, just leave it
in nonblocking mode.
One exception is in bgp_notify which only happens just before close.
|
|
* bgp_network.c: (bgp_md5_set) Missing piece from earlier listener change
did not get ported from Vyatta code into upstream. The list
listener_sockets changed from (int *) to (struct bgp_listener *).
|
|
* bgp_network.c: (bgp_accept) The code in current git will crash as part of
the revised listener code is missing. The new listener thread code passes
a pointer to a bgp_listener structure, not the bgp pointer. The old code
always got a NULL for bgp pointer, so that is now hard coded.
|
|
Start BGP listener only after first instance is started. This helps the
security if BGP is not used but daemon is started. It also addresses some
issues like MD5 not working on listener unless IPV6 configured (because
listener was not in list); as well as compiler warnings.
* bgp_network.c: (bgp_listener) listen socket creation consolidated here
(bgp_socket) Use bgp_listener
* bgpd.c: (bgp_get) call bgp_socket on creation of first struct bgp.
(bgp_init) remove bgp_socket call.
* memtypes.c: Add MTYPE_BGP_LISTENER
|
|
Currently, when accepting the connection, it can be left as zombie, when the
peer just initiates a connection, but never sends data (and the TCP
connection end packets are lost). This happens because for accepted
connections a temporary new peer entry is created until OPEN message is
exchanged, and this temporary peer entry does not get the hold time
parameter set at all.
* bgp_network.c: (bgp_accept) Set hold time and keepalive values for ACCEPT
peers.
|
|
This patch fixes:
bgp_network.c: In function 'bgp_md5_set':
bgp_network.c:107: warning: cast from pointer to integer of different size
bgp_network.c: In function 'bgp_socket':
bgp_network.c:447: warning: cast to pointer from integer of different size
|
|
* bgpd/bgp_network.c: Fix MD5 listen in IPv4 version of bgp_socket() by
adding listen socket to listen_sockets list so that MD5 passwords can
get set.
* lib/sockopt.c: (sockopt_tcp_signature) Fix bogus "% Error while applying
TCP-Sig to session(s)" / "can't set TCP_MD5SIG option" startup error
messages by not returning error when there isn't one.
|
|
When bgp calls getaddrinfo, it gets both ipv6 and ipv4 addresses.
Unless IPV6_ONLY is set on Linux, only the ipv6 bind will succeed,
and the IPV4 connections will come in as mapped connections on the
IPV6 socket.
|
|
2008-08-14 Stephen Hemminger <stephen.hemminger@vyatta.com>
* lib/log.{c,h}: struct message argument should point to const
* */*.c: adjust to suit,
Signed-off-by: Paul Jakma <paul@quagga.net>
|
|
2008-07-21 Paul Jakma <paul.jakma@sun.com>
* bgp_packet.c: (bgp_open_receive) fix warning in a zlog call
* bgp_vty.c: (bgp_vty_return) add return code
* bgpd.c: (bgp_master_init) setup the socket list.
* bgp_network.c: Remove the dual IPv4/6 socket thing for now, which
was implemented by Michael, until such time as its clear its
required for Linux (see sockopt comments). IPv6 support, including
IPv4 sessions on AF_INET6 sockets, therefore is broken, and the
'-l 0.0.0.0' arguments would need to be given to bgpd to make
things work here.
2008-07-21 Michael H. Warfield <mhw@wittsend.com>
YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Tomohiko Kusuda <kusuda@inetcore.com>
Leigh Brown <leigh@solinno.co.uk>
* bgp_network.c: (bgp_md5_set_one) shim between libzebra tcp-md5
sockopt and bgpd.
(bgp_md5_set_socket) Helper for bgp_connect
(bgp_md5_set) setup TCP-MD5SIG for the given peer.
(bgp_connect) call out to bgp_md5_set_socket for the outgoing
connect socket.
(bgp_socket) save references to the listen sockets, needed if
TCP-MD5SIG is applied later or changed.
* bgp_vty.c: (*neighbor_password_cmd) New 'neighbor ... password'
commands.
* bgpd.c: (peer_{new,delete) manage TCP-MD5 password
(peer_group2peer_config_copy) inherit TCP-MD5 password
(peer_password_{un,}set) orchestrate the whole add/remove of TCP-MD5
passwords: applying checks, stopping peers, and trying to return
errors to UI, etc.
(bgp_config_write_peer) save password.
Fix missing newline in writeout of neighbor ... port.
2008-07-21 Paul Jakma <paul.jakma@sun.com>
* sockunion.c: ifdef out various places that converted
v4mapped sockets to pure v4. Doesn't seem necessary at all,
presumably a workaround for now historical inet_ntop bugs (?)
2008-07-21 Michael H. Warfield <mhw@wittsend.com>
YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
* sockopt.{c,h}: (sockopt_tcp_signature) Add TCP-MD5SIG support.
|
|
2008-01-29 Jorge Boncompte <jorge@dti2.net>
* bgp_network.c: (bgp_socket) IPv4-only version crashes if -l is not
used as address will be null.
|
|
* bgp_main.c: Add 'listenon' argument, to pass address to bind
to.
* bgp_network.c: (bgp_socket) Extend to take bind address.
* bgpd.c: (bgp_init) Pass stored address.
* bgpd.h: (struct bgp_master) storage for bind address
2007-11-01 Paul Jakma <paul.jakma@sun.com>
* tools/multiple-bgpd.sh: New, quick script to launch a bunch of
bgpds.
|
|
2007-05-09 Paul Jakma <paul.jakma@sun.com>
* configure.ac: sys/conf.h depends on sys/param.h, at least on
FBSD 6.2.
(bug #363) Should check for in_pktinfo for IRDP
2006-05-27 Paul Jakma <paul.jakma@sun.com>
* configure.ac: General cleanup of header and type checks, introducing
an internal define, QUAGGA_INCLUDES, to build up a list of
stuff to include so as to avoid 'present but cant be compiled'
warnings.
Misc additional checks of things missing according to autoscan.
Add LIBM, for bgpd's use of libm, so as to avoid burdening
LIBS, and all the binaries, with libm linkage.
Remove the bad practice of using m4 changequote(), just
quote the []'s in the case statements properly.
This should fix bugs 162, 303 and 178.
* */*.{c,h}: Update all HAVE_* to the standard autoconf namespaced
HAVE_* defines. I.e. HAVE_SA_LEN -> HAVE_STRUCT_SOCKADDR_SA_LEN,
* bgpd/Makefile.am: Add LIBM to bgpd's LDADD, for pow().
|
|
* (global) The great bgpd extern and static'ification.
* bgp_routemap.c: remove unused ROUTE_MATCH_ASPATH_OLD code
(route_set_metric_compile) fix u_int32_t to ULONG_MAX comparison
warnings.
* bgp_route.h: (bgp_process, bgp_withdraw, bgp_update) export these
used by various files which had their own private declarations,
in the case of mplsvpn - incorrect.
|
|
* bgp_network.c: (bgp_accept) use XSTRDUP
* bgpd.c: (peer_delete) XFREE the correct memtype, not free.
(peer_create) use XSTRDUP
* bgp_packet.c: (bgp_stream_dup) deleted, stream_dup should be used
(various) update -> s/bgp_stream_dup/stream_dup
|
|
* bgp_fsm.c: (bgp_stop) use sockunion_free, not XFREE..
* bgp_network.c: (bgp_getsockname) ditto
* bgp_routemap.c: (route_match_peer) ditto, als use a ret value and
remove one sockunion_free.
* bgpd.c: (peer_delete) ditto
|
|
* (global): Fix up list loops to match changes in lib/linklist,
and some basic auditing of usage.
* configure.ac: define QUAGGA_NO_DEPRECATED_INTERFACES
* HACKING: Add notes about deprecating interfaces and commands.
* lib/linklist.h: Add usage comments.
Rename getdata macro to listgetdata.
Rename nextnode to listnextnode and fix its odd behaviour to be
less dangerous.
Make listgetdata macro assert node is not null, NULL list entries
should be bug condition.
ALL_LIST_ELEMENTS, new macro, forward-referencing macro for use
with for loop, Suggested by Jim Carlson of Sun.
Add ALL_LIST_ELEMENTS_RO for cases which obviously do not need the
"safety" of previous macro.
LISTNODE_ADD and DELETE macros renamed to ATTACH, DETACH, to
distinguish from the similarly named functions, and reflect their
effect better.
Add a QUAGGA_NO_DEPRECATED_INTERFACES define guarded section
with the old defines which were modified above,
for backwards compatibility - guarded to prevent Quagga using it..
* lib/linklist.c: fix up for linklist.h changes.
* ospf6d/ospf6_abr.c: (ospf6_abr_examin_brouter) change to a single
scan of the area list, rather than scanning all areas first for
INTER_ROUTER and then again for INTER_NETWORK. According to
16.2, the scan should be area specific anyway, and further
ospf6d does not seem to implement 16.3 anyway.
|
|
* *.c: Change level of debug messages to LOG_DEBUG.
|
|
* global: Replace strerror with safe_strerror. And vtysh/vtysh.c
needs to include "log.h" to pick up the declaration.
|
|
* Update with fix in debian bug id 222930.
* bgp_main.c: Add ZCAP_RAW, needed to bind to interfaces.
bgp_network.c: (....) raise/lower privs around call to
SO_BINDTODEVICE sockopt.
|
|
|
|
* Revert the attempted clean-up of the dummy peer hack, reverts
patchsets 435 (see 2004-02-17 below) and 456.
|
|
* bgpd.h: (bgp_peer) add fd_local and fd_accept
file descriptor's, fd becomes a pointer to one of these.
* bgpd.c: (global) adjust for fact that fd is now a pointer.
(peer_create_accept) removed.
* bgp_route.c: (global) adjust for change of peer fd to pointer
* bgp_packet.c: (bgp_collision_detect) adjust and remove the
"replace with other peer" hack.
* bgp_network.c: (bgp_accept) Remove the dummy peer hack.
Update peer->fd_accept instead.
(global) Adjust fd references - now a pointer.
* bgp_fsm.c: (global) adjust peer fd to pointer.
(bgp_connection_stop) new function, to stop connection.
(global) adjust everything which closed peer fd to use
bgp_connection_stop().
|
|
[quagga-dev 879].
|
|
* bgp_network.c: drop privs on error cases
(from [quagga-dev 438])
|
|
* Merge of zebra privileges
|
|
|