bgp_network.c 15 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606
  1. /* BGP network related fucntions
  2. Copyright (C) 1999 Kunihiro Ishiguro
  3. This file is part of GNU Zebra.
  4. GNU Zebra is free software; you can redistribute it and/or modify it
  5. under the terms of the GNU General Public License as published by the
  6. Free Software Foundation; either version 2, or (at your option) any
  7. later version.
  8. GNU Zebra is distributed in the hope that it will be useful, but
  9. WITHOUT ANY WARRANTY; without even the implied warranty of
  10. MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
  11. General Public License for more details.
  12. You should have received a copy of the GNU General Public License
  13. along with GNU Zebra; see the file COPYING. If not, write to the Free
  14. Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
  15. 02111-1307, USA. */
  16. #include <zebra.h>
  17. #include "thread.h"
  18. #include "sockunion.h"
  19. #include "sockopt.h"
  20. #include "memory.h"
  21. #include "log.h"
  22. #include "if.h"
  23. #include "prefix.h"
  24. #include "command.h"
  25. #include "privs.h"
  26. #include "linklist.h"
  27. #include "network.h"
  28. #include "bgpd/bgpd.h"
  29. #include "bgpd/bgp_fsm.h"
  30. #include "bgpd/bgp_attr.h"
  31. #include "bgpd/bgp_debug.h"
  32. #include "bgpd/bgp_network.h"
  33. extern struct zebra_privs_t bgpd_privs;
  34. /* BGP listening socket. */
  35. struct bgp_listener
  36. {
  37. int fd;
  38. union sockunion su;
  39. struct thread *thread;
  40. };
  41. /*
  42. * Set MD5 key for the socket, for the given IPv4 peer address.
  43. * If the password is NULL or zero-length, the option will be disabled.
  44. */
  45. static int
  46. bgp_md5_set_socket (int socket, union sockunion *su, const char *password)
  47. {
  48. int ret = -1;
  49. int en = ENOSYS;
  50. assert (socket >= 0);
  51. #if HAVE_DECL_TCP_MD5SIG
  52. ret = sockopt_tcp_signature (socket, su, password);
  53. en = errno;
  54. #endif /* HAVE_TCP_MD5SIG */
  55. if (ret < 0)
  56. zlog (NULL, LOG_WARNING, "can't set TCP_MD5SIG option on socket %d: %s",
  57. socket, safe_strerror (en));
  58. return ret;
  59. }
  60. /* Helper for bgp_connect */
  61. static int
  62. bgp_md5_set_connect (int socket, union sockunion *su, const char *password)
  63. {
  64. int ret = -1;
  65. #if HAVE_DECL_TCP_MD5SIG
  66. if ( bgpd_privs.change (ZPRIVS_RAISE) )
  67. {
  68. zlog_err ("%s: could not raise privs", __func__);
  69. return ret;
  70. }
  71. ret = bgp_md5_set_socket (socket, su, password);
  72. if (bgpd_privs.change (ZPRIVS_LOWER) )
  73. zlog_err ("%s: could not lower privs", __func__);
  74. #endif /* HAVE_TCP_MD5SIG */
  75. return ret;
  76. }
  77. int
  78. bgp_md5_set (struct peer *peer)
  79. {
  80. struct listnode *node;
  81. int ret = 0;
  82. struct bgp_listener *listener;
  83. if ( bgpd_privs.change (ZPRIVS_RAISE) )
  84. {
  85. zlog_err ("%s: could not raise privs", __func__);
  86. return -1;
  87. }
  88. /* Just set the password on the listen socket(s). Outbound connections
  89. * are taken care of in bgp_connect() below.
  90. */
  91. for (ALL_LIST_ELEMENTS_RO(bm->listen_sockets, node, listener))
  92. if (listener->su.sa.sa_family == peer->su.sa.sa_family)
  93. {
  94. ret = bgp_md5_set_socket (listener->fd, &peer->su, peer->password);
  95. break;
  96. }
  97. if (bgpd_privs.change (ZPRIVS_LOWER) )
  98. zlog_err ("%s: could not lower privs", __func__);
  99. return ret;
  100. }
  101. /* Update BGP socket send buffer size */
  102. static void
  103. bgp_update_sock_send_buffer_size (int fd)
  104. {
  105. int size = BGP_SOCKET_SNDBUF_SIZE;
  106. int optval;
  107. socklen_t optlen = sizeof(optval);
  108. if (getsockopt(fd, SOL_SOCKET, SO_SNDBUF, &optval, &optlen) < 0)
  109. {
  110. zlog_err("getsockopt of SO_SNDBUF failed %s\n", safe_strerror(errno));
  111. return;
  112. }
  113. if (optval < size)
  114. {
  115. if (setsockopt(fd, SOL_SOCKET, SO_SNDBUF, &size, sizeof(size)) < 0)
  116. {
  117. zlog_err("Couldn't increase send buffer: %s\n", safe_strerror(errno));
  118. }
  119. }
  120. }
  121. static void
  122. bgp_set_socket_ttl (struct peer *peer, int bgp_sock)
  123. {
  124. char buf[INET_ADDRSTRLEN];
  125. int ret;
  126. /* In case of peer is EBGP, we should set TTL for this connection. */
  127. if (!peer->gtsm_hops && (peer_sort (peer) == BGP_PEER_EBGP))
  128. {
  129. ret = sockopt_ttl (peer->su.sa.sa_family, bgp_sock, peer->ttl);
  130. if (ret)
  131. {
  132. zlog_err ("%s: Can't set TxTTL on peer (rtrid %s) socket, err = %d",
  133. __func__,
  134. inet_ntop (AF_INET, &peer->remote_id, buf, sizeof(buf)),
  135. errno);
  136. }
  137. }
  138. else if (peer->gtsm_hops)
  139. {
  140. /* On Linux, setting minttl without setting ttl seems to mess with the
  141. outgoing ttl. Therefore setting both.
  142. */
  143. ret = sockopt_ttl (peer->su.sa.sa_family, bgp_sock, MAXTTL);
  144. if (ret)
  145. {
  146. zlog_err ("%s: Can't set TxTTL on peer (rtrid %s) socket, err = %d",
  147. __func__,
  148. inet_ntop (AF_INET, &peer->remote_id, buf, sizeof(buf)),
  149. errno);
  150. }
  151. ret = sockopt_minttl (peer->su.sa.sa_family, bgp_sock,
  152. MAXTTL + 1 - peer->gtsm_hops);
  153. if (ret)
  154. {
  155. zlog_err ("%s: Can't set MinTTL on peer (rtrid %s) socket, err = %d",
  156. __func__,
  157. inet_ntop (AF_INET, &peer->remote_id, buf, sizeof(buf)),
  158. errno);
  159. }
  160. }
  161. }
  162. /* Accept bgp connection. */
  163. static int
  164. bgp_accept (struct thread *thread)
  165. {
  166. int bgp_sock;
  167. int accept_sock;
  168. union sockunion su;
  169. struct bgp_listener *listener = THREAD_ARG(thread);
  170. struct peer *peer;
  171. struct peer *peer1;
  172. char buf[SU_ADDRSTRLEN];
  173. /* Register accept thread. */
  174. accept_sock = THREAD_FD (thread);
  175. if (accept_sock < 0)
  176. {
  177. zlog_err ("accept_sock is nevative value %d", accept_sock);
  178. return -1;
  179. }
  180. listener->thread = thread_add_read (master, bgp_accept, listener, accept_sock);
  181. /* Accept client connection. */
  182. bgp_sock = sockunion_accept (accept_sock, &su);
  183. if (bgp_sock < 0)
  184. {
  185. zlog_err ("[Error] BGP socket accept failed (%s)", safe_strerror (errno));
  186. return -1;
  187. }
  188. set_nonblocking (bgp_sock);
  189. /* Set socket send buffer size */
  190. bgp_update_sock_send_buffer_size(bgp_sock);
  191. if (BGP_DEBUG (events, EVENTS))
  192. zlog_debug ("[Event] BGP connection from host %s", inet_sutop (&su, buf));
  193. /* Check remote IP address */
  194. peer1 = peer_lookup (NULL, &su);
  195. if (! peer1 || peer1->status == Idle)
  196. {
  197. if (BGP_DEBUG (events, EVENTS))
  198. {
  199. if (! peer1)
  200. zlog_debug ("[Event] BGP connection IP address %s is not configured",
  201. inet_sutop (&su, buf));
  202. else
  203. zlog_debug ("[Event] BGP connection IP address %s is Idle state",
  204. inet_sutop (&su, buf));
  205. }
  206. close (bgp_sock);
  207. return -1;
  208. }
  209. bgp_set_socket_ttl (peer1, bgp_sock);
  210. /* Make dummy peer until read Open packet. */
  211. if (BGP_DEBUG (events, EVENTS))
  212. zlog_debug ("[Event] Make dummy peer structure until read Open packet");
  213. {
  214. char buf[SU_ADDRSTRLEN];
  215. peer = peer_create_accept (peer1->bgp);
  216. SET_FLAG (peer->sflags, PEER_STATUS_ACCEPT_PEER);
  217. peer->su = su;
  218. peer->fd = bgp_sock;
  219. peer->status = Active;
  220. peer->local_id = peer1->local_id;
  221. peer->v_holdtime = peer1->v_holdtime;
  222. peer->v_keepalive = peer1->v_keepalive;
  223. /* Make peer's address string. */
  224. sockunion2str (&su, buf, SU_ADDRSTRLEN);
  225. peer->host = XSTRDUP (MTYPE_BGP_PEER_HOST, buf);
  226. }
  227. BGP_EVENT_ADD (peer, TCP_connection_open);
  228. return 0;
  229. }
  230. /* BGP socket bind. */
  231. static int
  232. bgp_bind (struct peer *peer)
  233. {
  234. #ifdef SO_BINDTODEVICE
  235. int ret;
  236. struct ifreq ifreq;
  237. if (! peer->ifname)
  238. return 0;
  239. strncpy ((char *)&ifreq.ifr_name, peer->ifname, sizeof (ifreq.ifr_name));
  240. if ( bgpd_privs.change (ZPRIVS_RAISE) )
  241. zlog_err ("bgp_bind: could not raise privs");
  242. ret = setsockopt (peer->fd, SOL_SOCKET, SO_BINDTODEVICE,
  243. &ifreq, sizeof (ifreq));
  244. if (bgpd_privs.change (ZPRIVS_LOWER) )
  245. zlog_err ("bgp_bind: could not lower privs");
  246. if (ret < 0)
  247. {
  248. zlog (peer->log, LOG_INFO, "bind to interface %s failed", peer->ifname);
  249. return ret;
  250. }
  251. #endif /* SO_BINDTODEVICE */
  252. return 0;
  253. }
  254. static int
  255. bgp_update_address (struct interface *ifp, const union sockunion *dst,
  256. union sockunion *addr)
  257. {
  258. struct prefix *p, *sel, *d;
  259. struct connected *connected;
  260. struct listnode *node;
  261. int common;
  262. d = sockunion2hostprefix (dst);
  263. sel = NULL;
  264. common = -1;
  265. for (ALL_LIST_ELEMENTS_RO (ifp->connected, node, connected))
  266. {
  267. p = connected->address;
  268. if (p->family != d->family)
  269. continue;
  270. if (prefix_common_bits (p, d) > common)
  271. {
  272. sel = p;
  273. common = prefix_common_bits (sel, d);
  274. }
  275. }
  276. prefix_free (d);
  277. if (!sel)
  278. return 1;
  279. prefix2sockunion (sel, addr);
  280. return 0;
  281. }
  282. /* Update source selection. */
  283. static void
  284. bgp_update_source (struct peer *peer)
  285. {
  286. struct interface *ifp;
  287. union sockunion addr;
  288. /* Source is specified with interface name. */
  289. if (peer->update_if)
  290. {
  291. ifp = if_lookup_by_name (peer->update_if);
  292. if (! ifp)
  293. return;
  294. if (bgp_update_address (ifp, &peer->su, &addr))
  295. return;
  296. sockunion_bind (peer->fd, &addr, 0, &addr);
  297. }
  298. /* Source is specified with IP address. */
  299. if (peer->update_source)
  300. sockunion_bind (peer->fd, peer->update_source, 0, peer->update_source);
  301. }
  302. /* BGP try to connect to the peer. */
  303. int
  304. bgp_connect (struct peer *peer)
  305. {
  306. unsigned int ifindex = 0;
  307. /* Make socket for the peer. */
  308. peer->fd = sockunion_socket (&peer->su);
  309. if (peer->fd < 0)
  310. return -1;
  311. set_nonblocking (peer->fd);
  312. /* Set socket send buffer size */
  313. bgp_update_sock_send_buffer_size(peer->fd);
  314. bgp_set_socket_ttl (peer, peer->fd);
  315. sockopt_reuseaddr (peer->fd);
  316. sockopt_reuseport (peer->fd);
  317. #ifdef IPTOS_PREC_INTERNETCONTROL
  318. if (bgpd_privs.change (ZPRIVS_RAISE))
  319. zlog_err ("%s: could not raise privs", __func__);
  320. if (sockunion_family (&peer->su) == AF_INET)
  321. setsockopt_ipv4_tos (peer->fd, IPTOS_PREC_INTERNETCONTROL);
  322. # ifdef HAVE_IPV6
  323. else if (sockunion_family (&peer->su) == AF_INET6)
  324. setsockopt_ipv6_tclass (peer->fd, IPTOS_PREC_INTERNETCONTROL);
  325. # endif
  326. if (bgpd_privs.change (ZPRIVS_LOWER))
  327. zlog_err ("%s: could not lower privs", __func__);
  328. #endif
  329. if (peer->password)
  330. bgp_md5_set_connect (peer->fd, &peer->su, peer->password);
  331. /* Bind socket. */
  332. bgp_bind (peer);
  333. /* Update source bind. */
  334. bgp_update_source (peer);
  335. #ifdef HAVE_IPV6
  336. if (peer->ifname)
  337. ifindex = if_nametoindex (peer->ifname);
  338. #endif /* HAVE_IPV6 */
  339. if (BGP_DEBUG (events, EVENTS))
  340. plog_debug (peer->log, "%s [Event] Connect start to %s fd %d",
  341. peer->host, peer->host, peer->fd);
  342. /* Connect to the remote peer. */
  343. return sockunion_connect (peer->fd, &peer->su, htons (peer->port), ifindex);
  344. }
  345. /* After TCP connection is established. Get local address and port. */
  346. void
  347. bgp_getsockname (struct peer *peer)
  348. {
  349. if (peer->su_local)
  350. {
  351. sockunion_free (peer->su_local);
  352. peer->su_local = NULL;
  353. }
  354. if (peer->su_remote)
  355. {
  356. sockunion_free (peer->su_remote);
  357. peer->su_remote = NULL;
  358. }
  359. peer->su_local = sockunion_getsockname (peer->fd);
  360. peer->su_remote = sockunion_getpeername (peer->fd);
  361. bgp_nexthop_set (peer->su_local, peer->su_remote, &peer->nexthop, peer);
  362. }
  363. static int
  364. bgp_listener (int sock, struct sockaddr *sa, socklen_t salen)
  365. {
  366. struct bgp_listener *listener;
  367. int ret, en;
  368. sockopt_reuseaddr (sock);
  369. sockopt_reuseport (sock);
  370. if (bgpd_privs.change (ZPRIVS_RAISE))
  371. zlog_err ("%s: could not raise privs", __func__);
  372. #ifdef IPTOS_PREC_INTERNETCONTROL
  373. if (sa->sa_family == AF_INET)
  374. setsockopt_ipv4_tos (sock, IPTOS_PREC_INTERNETCONTROL);
  375. # ifdef HAVE_IPV6
  376. else if (sa->sa_family == AF_INET6)
  377. setsockopt_ipv6_tclass (sock, IPTOS_PREC_INTERNETCONTROL);
  378. # endif
  379. #endif
  380. sockopt_v6only (sa->sa_family, sock);
  381. ret = bind (sock, sa, salen);
  382. en = errno;
  383. if (bgpd_privs.change (ZPRIVS_LOWER))
  384. zlog_err ("%s: could not lower privs", __func__);
  385. if (ret < 0)
  386. {
  387. zlog_err ("bind: %s", safe_strerror (en));
  388. return ret;
  389. }
  390. ret = listen (sock, 3);
  391. if (ret < 0)
  392. {
  393. zlog_err ("listen: %s", safe_strerror (errno));
  394. return ret;
  395. }
  396. listener = XMALLOC (MTYPE_BGP_LISTENER, sizeof(*listener));
  397. listener->fd = sock;
  398. memcpy(&listener->su, sa, salen);
  399. listener->thread = thread_add_read (master, bgp_accept, listener, sock);
  400. listnode_add (bm->listen_sockets, listener);
  401. return 0;
  402. }
  403. /* IPv6 supported version of BGP server socket setup. */
  404. #if defined (HAVE_IPV6) && ! defined (NRL)
  405. int
  406. bgp_socket (unsigned short port, const char *address)
  407. {
  408. struct addrinfo *ainfo;
  409. struct addrinfo *ainfo_save;
  410. static const struct addrinfo req = {
  411. .ai_family = AF_UNSPEC,
  412. .ai_flags = AI_PASSIVE,
  413. .ai_socktype = SOCK_STREAM,
  414. };
  415. int ret, count;
  416. char port_str[BUFSIZ];
  417. snprintf (port_str, sizeof(port_str), "%d", port);
  418. port_str[sizeof (port_str) - 1] = '\0';
  419. ret = getaddrinfo (address, port_str, &req, &ainfo_save);
  420. if (ret != 0)
  421. {
  422. zlog_err ("getaddrinfo: %s", gai_strerror (ret));
  423. return -1;
  424. }
  425. count = 0;
  426. for (ainfo = ainfo_save; ainfo; ainfo = ainfo->ai_next)
  427. {
  428. int sock;
  429. if (ainfo->ai_family != AF_INET && ainfo->ai_family != AF_INET6)
  430. continue;
  431. sock = socket (ainfo->ai_family, ainfo->ai_socktype, ainfo->ai_protocol);
  432. if (sock < 0)
  433. {
  434. zlog_err ("socket: %s", safe_strerror (errno));
  435. continue;
  436. }
  437. /* if we intend to implement ttl-security, this socket needs ttl=255 */
  438. sockopt_ttl (ainfo->ai_family, sock, MAXTTL);
  439. ret = bgp_listener (sock, ainfo->ai_addr, ainfo->ai_addrlen);
  440. if (ret == 0)
  441. ++count;
  442. else
  443. close(sock);
  444. }
  445. freeaddrinfo (ainfo_save);
  446. if (count == 0)
  447. {
  448. zlog_err ("%s: no usable addresses", __func__);
  449. return -1;
  450. }
  451. return 0;
  452. }
  453. #else
  454. /* Traditional IPv4 only version. */
  455. int
  456. bgp_socket (unsigned short port, const char *address)
  457. {
  458. int sock;
  459. int socklen;
  460. struct sockaddr_in sin;
  461. int ret, en;
  462. sock = socket (AF_INET, SOCK_STREAM, 0);
  463. if (sock < 0)
  464. {
  465. zlog_err ("socket: %s", safe_strerror (errno));
  466. return sock;
  467. }
  468. /* if we intend to implement ttl-security, this socket needs ttl=255 */
  469. sockopt_ttl (AF_INET, sock, MAXTTL);
  470. memset (&sin, 0, sizeof (struct sockaddr_in));
  471. sin.sin_family = AF_INET;
  472. sin.sin_port = htons (port);
  473. socklen = sizeof (struct sockaddr_in);
  474. if (address && ((ret = inet_aton(address, &sin.sin_addr)) < 1))
  475. {
  476. zlog_err("bgp_socket: could not parse ip address %s: %s",
  477. address, safe_strerror (errno));
  478. return ret;
  479. }
  480. #ifdef HAVE_STRUCT_SOCKADDR_IN_SIN_LEN
  481. sin.sin_len = socklen;
  482. #endif /* HAVE_STRUCT_SOCKADDR_IN_SIN_LEN */
  483. ret = bgp_listener (sock, (struct sockaddr *) &sin, socklen);
  484. if (ret < 0)
  485. {
  486. close (sock);
  487. return ret;
  488. }
  489. return sock;
  490. }
  491. #endif /* HAVE_IPV6 && !NRL */
  492. void
  493. bgp_close (void)
  494. {
  495. struct listnode *node, *next;
  496. struct bgp_listener *listener;
  497. for (ALL_LIST_ELEMENTS (bm->listen_sockets, node, next, listener))
  498. {
  499. thread_cancel (listener->thread);
  500. close (listener->fd);
  501. listnode_delete (bm->listen_sockets, listener);
  502. XFREE (MTYPE_BGP_LISTENER, listener);
  503. }
  504. }