From 89b6d1f8e2759cc38bc768067abe3a296d93f454 Mon Sep 17 00:00:00 2001 From: Stephen Hemminger Date: Thu, 24 Mar 2011 10:51:59 +0000 Subject: bgpd: Cleanups & fixes for minttl / GTSM * bgp_vty.c: (peer_ebgp_multihop_{un,}set_vty) tail-call cleanup. ({no_,}neighbor_ttl_security) ditto. * bgpd.c: (peer_ttl_security_hops_set) Peer group checks and TTL set only need to be done on transition. * sockunion.c: (sockopt_minttl) remove always-on debug and improve readability. --- bgpd/bgp_vty.c | 21 +++++---------------- bgpd/bgpd.c | 55 ++++++++++++++++++++++++++++--------------------------- lib/sockunion.c | 16 ++++++++-------- 3 files changed, 41 insertions(+), 51 deletions(-) diff --git a/bgpd/bgp_vty.c b/bgpd/bgp_vty.c index e1c47f4e..d93c5d36 100644 --- a/bgpd/bgp_vty.c +++ b/bgpd/bgp_vty.c @@ -2629,7 +2629,6 @@ peer_ebgp_multihop_set_vty (struct vty *vty, const char *ip_str, { struct peer *peer; unsigned int ttl; - int ret; peer = peer_and_group_lookup_vty (vty, ip_str); if (! peer) @@ -2640,24 +2639,19 @@ peer_ebgp_multihop_set_vty (struct vty *vty, const char *ip_str, else VTY_GET_INTEGER_RANGE ("TTL", ttl, ttl_str, 1, 255); - ret = peer_ebgp_multihop_set (peer, ttl); - - return bgp_vty_return (vty, ret); + return bgp_vty_return (vty, peer_ebgp_multihop_set (peer, ttl)); } static int peer_ebgp_multihop_unset_vty (struct vty *vty, const char *ip_str) { struct peer *peer; - int ret; peer = peer_and_group_lookup_vty (vty, ip_str); if (! peer) return CMD_WARNING; - ret = peer_ebgp_multihop_unset (peer); - - return bgp_vty_return (vty, ret); + return bgp_vty_return (vty, peer_ebgp_multihop_unset (peer)); } /* neighbor ebgp-multihop. */ @@ -3967,7 +3961,7 @@ DEFUN (neighbor_ttl_security, "Specify the maximum number of hops to the BGP peer\n") { struct peer *peer; - int ret, gtsm_hops; + int gtsm_hops; peer = peer_and_group_lookup_vty (vty, argv[0]); if (! peer) @@ -3975,9 +3969,7 @@ DEFUN (neighbor_ttl_security, VTY_GET_INTEGER_RANGE ("", gtsm_hops, argv[1], 1, 254); - ret = peer_ttl_security_hops_set (peer, gtsm_hops); - - return bgp_vty_return (vty, ret); + return bgp_vty_return (vty, peer_ttl_security_hops_set (peer, gtsm_hops)); } DEFUN (no_neighbor_ttl_security, @@ -3989,15 +3981,12 @@ DEFUN (no_neighbor_ttl_security, "Specify the maximum number of hops to the BGP peer\n") { struct peer *peer; - int ret; peer = peer_and_group_lookup_vty (vty, argv[0]); if (! peer) return CMD_WARNING; - ret = peer_ttl_security_hops_unset (peer); - - return bgp_vty_return (vty, ret); + return bgp_vty_return (vty, peer_ttl_security_hops_unset (peer)); } /* Address family configuration. */ diff --git a/bgpd/bgpd.c b/bgpd/bgpd.c index cc0ea8d4..5a412f23 100644 --- a/bgpd/bgpd.c +++ b/bgpd/bgpd.c @@ -4376,7 +4376,7 @@ peer_ttl_security_hops_set (struct peer *peer, int gtsm_hops) zlog_debug ("peer_ttl_security_hops_set: set gtsm_hops to %d for %s", gtsm_hops, peer->host); if (peer_sort (peer) == BGP_PEER_IBGP) - return 0; + return 0; /* We cannot configure ttl-security hops when ebgp-multihop is already set. For non peer-groups, the check is simple. For peer-groups, it's @@ -4385,35 +4385,36 @@ peer_ttl_security_hops_set (struct peer *peer, int gtsm_hops) before actually applying the ttl-security rules. Cisco really made a mess of this configuration parameter, and OpenBGPD got it right. */ + + if (peer->gtsm_hops == 0) { + if (CHECK_FLAG (peer->sflags, PEER_STATUS_GROUP)) + { + group = peer->group; + if (group->conf->ttl != 1) + return BGP_ERR_NO_EBGP_MULTIHOP_WITH_TTLHACK; - if (CHECK_FLAG (peer->sflags, PEER_STATUS_GROUP)) - { - group = peer->group; - if (group->conf->ttl != 1) - return BGP_ERR_NO_EBGP_MULTIHOP_WITH_TTLHACK; - - for (ALL_LIST_ELEMENTS (group->peer, node, nnode, peer1)) - { - if (peer_sort (peer1) == BGP_PEER_IBGP) - continue; - - if (peer1->ttl != 1) - return BGP_ERR_NO_EBGP_MULTIHOP_WITH_TTLHACK; - } - } - else - { - if (peer->ttl != 1) - return BGP_ERR_NO_EBGP_MULTIHOP_WITH_TTLHACK; - } + for (ALL_LIST_ELEMENTS (group->peer, node, nnode, peer1)) + { + if (peer_sort (peer1) == BGP_PEER_IBGP) + continue; + if (peer1->ttl != 1) + return BGP_ERR_NO_EBGP_MULTIHOP_WITH_TTLHACK; + } + } + else + { + if (peer->ttl != 1) + return BGP_ERR_NO_EBGP_MULTIHOP_WITH_TTLHACK; + } + /* specify MAXTTL on outgoing packets */ + ret = peer_ebgp_multihop_set (peer, MAXTTL); + if (ret != 0) + return ret; + } + peer->gtsm_hops = gtsm_hops; - /* specify MAXTTL on outgoing packets */ - ret = peer_ebgp_multihop_set (peer, MAXTTL); - if (ret != 0) - return ret; - if (! CHECK_FLAG (peer->sflags, PEER_STATUS_GROUP)) { if (peer->fd >= 0 && peer_sort (peer) != BGP_PEER_IBGP) @@ -4793,7 +4794,7 @@ bgp_config_write_peer (struct vty *vty, struct bgp *bgp, /* ttl-security hops */ if (peer_sort (peer) != BGP_PEER_IBGP && peer->gtsm_hops != 0) if (! peer_group_active (peer) || g_peer->gtsm_hops != peer->gtsm_hops) - vty_out (vty, " neighbor %s ttl-security hops %d%s", addr, + vty_out (vty, " neighbor %s ttl-security hops %d%s", addr, peer->gtsm_hops, VTY_NEWLINE); /* disable-connected-check. */ diff --git a/lib/sockunion.c b/lib/sockunion.c index a32809c1..df05acb3 100644 --- a/lib/sockunion.c +++ b/lib/sockunion.c @@ -540,23 +540,23 @@ sockopt_cork (int sock, int onoff) int sockopt_minttl (int family, int sock, int minttl) { +#ifdef IP_MINTTL int ret; - zlog_debug ("sockopt_minttl: set minttl to %d", minttl); - -#ifdef IP_MINTTL ret = setsockopt (sock, IPPROTO_IP, IP_MINTTL, &minttl, sizeof(minttl)); -#else - ret = -1; - errno = EOPNOTSUPP; -#endif /* IP_MINTTL */ if (ret < 0) { - zlog (NULL, LOG_WARNING, "can't set sockopt IP_MINTTL to %d on socket %d: %s", minttl, sock, safe_strerror (errno)); + zlog (NULL, LOG_WARNING, + "can't set sockopt IP_MINTTL to %d on socket %d: %s", + minttl, sock, safe_strerror (errno)); return -1; } return 0; +#else + errno = EOPNOTSUPP; + return -1; +#endif /* IP_MINTTL */ } /* If same family and same prefix return 1. */ -- cgit v1.2.1