static void bgp_clear(struct bgp_peer *peer);
static void bgp_set_retry(struct bgp_peer *peer);
-static void bgp_cidr(in_addr_t ip, in_addr_t mask, struct bgp_ip_prefix *pfx);
static struct bgp_route_list *bgp_insert_route(struct bgp_route_list *head,
struct bgp_route_list *new);
+static struct bgp_route6_list *bgp_insert_route6(struct bgp_route6_list *head,
+ struct bgp_route6_list *new);
+static void bgp_process_timers(struct bgp_peer *peer);
static void bgp_free_routes(struct bgp_route_list *routes);
+static void bgp_free_routes6(struct bgp_route6_list *routes);
static char const *bgp_msg_type_str(uint8_t type);
static int bgp_connect(struct bgp_peer *peer);
static int bgp_handle_connect(struct bgp_peer *peer);
static int bgp_send_open(struct bgp_peer *peer);
static int bgp_send_keepalive(struct bgp_peer *peer);
static int bgp_send_update(struct bgp_peer *peer);
+static int bgp_send_update6(struct bgp_peer *peer);
static int bgp_send_notification(struct bgp_peer *peer, uint8_t code,
uint8_t subcode);
static uint16_t our_as;
static struct bgp_route_list *bgp_routes = 0;
+static struct bgp_route6_list *bgp_routes6 = 0;
int bgp_configured = 0;
struct bgp_peer *bgp_peers = 0;
return 0;
bgp_routes = 0;
+ bgp_routes6 = 0;
bgp_configured = 0; /* set by bgp_start */
return 1;
/* start connection with a peer */
int bgp_start(struct bgp_peer *peer, char *name, int as, int keepalive,
- int hold, int enable)
+ int hold, struct in_addr update_source, int enable)
{
struct hostent *h;
int ibgp;
}
memcpy(&peer->addr, h->h_addr, sizeof(peer->addr));
+ peer->source_addr = update_source.s_addr;
peer->as = as > 0 ? as : our_as;
ibgp = peer->as == our_as;
ADD_ATTRIBUTE();
- /* NEXT_HOP */
- a.flags = BGP_PATH_ATTR_FLAG_TRANS;
- a.code = BGP_PATH_ATTR_CODE_NEXT_HOP;
- ip = my_address; /* we're it */
- a.data.s.len = sizeof(ip);
- memcpy(a.data.s.value, &ip, sizeof(ip));
-
- ADD_ATTRIBUTE();
-
/* MULTI_EXIT_DISC */
a.flags = BGP_PATH_ATTR_FLAG_OPTIONAL;
a.code = BGP_PATH_ATTR_CODE_MULTI_EXIT_DISC;
ADD_ATTRIBUTE();
+ /* remember the len before adding NEXT_HOP */
+ peer->path_attr_len_without_nexthop = peer->path_attr_len;
+
+ /* NEXT_HOP */
+ a.flags = BGP_PATH_ATTR_FLAG_TRANS;
+ a.code = BGP_PATH_ATTR_CODE_NEXT_HOP;
+ if (config->nexthop_address)
+ {
+ ip = config->nexthop_address;
+ }
+ else
+ {
+ ip = my_address; /* we're it */
+ }
+ a.data.s.len = sizeof(ip);
+ memcpy(a.data.s.value, &ip, sizeof(ip));
+
+ ADD_ATTRIBUTE();
+
if (!(peer->path_attrs = malloc(peer->path_attr_len)))
{
LOG(0, 0, 0, "Can't allocate path_attrs for %s (%s)\n",
memcpy(peer->path_attrs, path_attrs, peer->path_attr_len);
+ /* multiprotocol attributes initialization */
+ if (config->ipv6_prefix.s6_addr[0])
+ {
+ struct bgp_attr_mp_reach_nlri_partial mp_reach_nlri_partial;
+ struct bgp_attr_mp_unreach_nlri_partial mp_unreach_nlri_partial;
+
+ a.flags = BGP_PATH_ATTR_FLAG_OPTIONAL;
+ a.code = BGP_PATH_ATTR_CODE_MP_REACH_NLRI;
+ a.data.s.len = 0; /* will be set on UPDATE */
+
+ mp_reach_nlri_partial.afi = htons(BGP_MP_AFI_IPv6);
+ mp_reach_nlri_partial.safi = BGP_MP_SAFI_UNICAST;
+ mp_reach_nlri_partial.reserved = 0;
+ mp_reach_nlri_partial.next_hop_len = 16;
+
+ /* use the defined nexthop6, or our address in ipv6_prefix */
+ if (config->nexthop6_address.s6_addr[0])
+ memcpy(&mp_reach_nlri_partial.next_hop,
+ &config->nexthop6_address.s6_addr, 16);
+ else
+ {
+ /* our address is ipv6prefix::1 */
+ memcpy(&mp_reach_nlri_partial.next_hop,
+ &config->ipv6_prefix.s6_addr, 16);
+ mp_reach_nlri_partial.next_hop[15] = 1;
+ }
+
+ memcpy(&a.data.s.value, &mp_reach_nlri_partial,
+ sizeof(struct bgp_attr_mp_reach_nlri_partial));
+ memcpy(&peer->mp_reach_nlri_partial, &a,
+ BGP_PATH_ATTR_MP_REACH_NLRI_PARTIAL_SIZE);
+
+ a.flags = BGP_PATH_ATTR_FLAG_OPTIONAL | BGP_PATH_ATTR_FLAG_EXTLEN;
+ a.code = BGP_PATH_ATTR_CODE_MP_UNREACH_NLRI;
+ a.data.e.len = 0; /* will be set on UPDATE */
+
+ mp_unreach_nlri_partial.afi = htons(BGP_MP_AFI_IPv6);
+ mp_unreach_nlri_partial.safi = BGP_MP_SAFI_UNICAST;
+
+ memcpy(&a.data.e.value, &mp_unreach_nlri_partial,
+ sizeof(struct bgp_attr_mp_unreach_nlri_partial));
+ memcpy(&peer->mp_unreach_nlri_partial, &a,
+ BGP_PATH_ATTR_MP_UNREACH_NLRI_PARTIAL_SIZE);
+ }
+
+ peer->mp_handling = HandlingUnknown;
+
LOG(4, 0, 0, "Initiating BGP connection to %s (routing %s)\n",
name, enable ? "enabled" : "suspended");
bgp_free_routes(peer->routes);
peer->routes = 0;
+ bgp_free_routes6(peer->routes6);
+ peer->routes6 = 0;
peer->outbuf->packet.header.len = 0;
peer->outbuf->done = 0;
bgp_halt(peer); /* give up */
}
-/* convert ip/mask to CIDR notation */
-static void bgp_cidr(in_addr_t ip, in_addr_t mask, struct bgp_ip_prefix *pfx)
+/* insert route into list; sorted */
+static struct bgp_route_list *bgp_insert_route(struct bgp_route_list *head,
+ struct bgp_route_list *new)
{
- int i;
- uint32_t b;
-
- /* convert to prefix notation */
- pfx->len = 32;
- pfx->prefix = ip;
+ struct bgp_route_list *p = head;
+ struct bgp_route_list *e = 0;
- if (!mask) /* bogus */
- mask = 0xffffffff;
+ while (p && memcmp(&p->dest, &new->dest, sizeof(p->dest)) < 0)
+ {
+ e = p;
+ p = p->next;
+ }
- for (i = 0; i < 32 && ((b = ntohl(1 << i)), !(mask & b)); i++)
+ if (e)
{
- pfx->len--;
- pfx->prefix &= ~b;
+ new->next = e->next;
+ e->next = new;
+ }
+ else
+ {
+ new->next = head;
+ head = new;
}
+
+ return head;
}
-/* insert route into list; sorted */
-static struct bgp_route_list *bgp_insert_route(struct bgp_route_list *head,
- struct bgp_route_list *new)
+/* insert route6 into list; sorted */
+static struct bgp_route6_list *bgp_insert_route6(struct bgp_route6_list *head,
+ struct bgp_route6_list *new)
{
- struct bgp_route_list *p = head;
- struct bgp_route_list *e = 0;
+ struct bgp_route6_list *p = head;
+ struct bgp_route6_list *e = 0;
while (p && memcmp(&p->dest, &new->dest, sizeof(p->dest)) < 0)
{
* that if that route is later deleted we don't have to be concerned
* about adding back the more specific one).
*/
-int bgp_add_route(in_addr_t ip, in_addr_t mask)
+int bgp_add_route(in_addr_t ip, int prefixlen)
{
struct bgp_route_list *r = bgp_routes;
struct bgp_route_list add;
int i;
- bgp_cidr(ip, mask, &add.dest);
+ add.dest.prefix = ip;
+ add.dest.len = prefixlen;
add.next = 0;
/* check for duplicate */
return 1;
}
+/* add route to list for peers */
+/*
+ * Note: same provisions as above
+ */
+int bgp_add_route6(struct in6_addr ip, int prefixlen)
+{
+ struct bgp_route6_list *r = bgp_routes6;
+ struct bgp_route6_list add;
+ int i;
+ char ipv6addr[INET6_ADDRSTRLEN];
+
+ memcpy(&add.dest.prefix, &ip.s6_addr, 16);
+ add.dest.len = prefixlen;
+ add.next = 0;
+
+ /* check for duplicate */
+ while (r)
+ {
+ i = memcmp(&r->dest, &add.dest, sizeof(r->dest));
+ if (!i)
+ return 1; /* already covered */
+
+ if (i > 0)
+ break;
+
+ r = r->next;
+ }
+
+ /* insert into route list; sorted */
+ if (!(r = malloc(sizeof(*r))))
+ {
+ LOG(0, 0, 0, "Can't allocate route for %s/%d (%s)\n",
+ inet_ntop(AF_INET6, &ip, ipv6addr, INET6_ADDRSTRLEN), add.dest.len,
+ strerror(errno));
+
+ return 0;
+ }
+
+ memcpy(r, &add, sizeof(*r));
+ bgp_routes6 = bgp_insert_route6(bgp_routes6, r);
+
+ /* flag established peers for update */
+ for (i = 0; i < BGP_NUM_PEERS; i++)
+ if (bgp_peers[i].state == Established
+ && bgp_peers[i].mp_handling == HandleIPv6Routes)
+ bgp_peers[i].update_routes6 = 1;
+
+ LOG(4, 0, 0, "Registered BGP route %s/%d\n",
+ inet_ntop(AF_INET6, &ip, ipv6addr, INET6_ADDRSTRLEN), add.dest.len);
+
+ return 1;
+}
+
/* remove route from list for peers */
-int bgp_del_route(in_addr_t ip, in_addr_t mask)
+int bgp_del_route(in_addr_t ip, int prefixlen)
{
struct bgp_route_list *r = bgp_routes;
struct bgp_route_list *e = 0;
struct bgp_route_list del;
int i;
- bgp_cidr(ip, mask, &del.dest);
+ del.dest.prefix = ip;
+ del.dest.len = prefixlen;
del.next = 0;
/* find entry in routes list and remove */
return 1;
}
+/* remove route from list for peers */
+int bgp_del_route6(struct in6_addr ip, int prefixlen)
+{
+ struct bgp_route6_list *r = bgp_routes6;
+ struct bgp_route6_list *e = 0;
+ struct bgp_route6_list del;
+ int i;
+ char ipv6addr[INET6_ADDRSTRLEN];
+
+ memcpy(&del.dest.prefix, &ip.s6_addr, 16);
+ del.dest.len = prefixlen;
+ del.next = 0;
+
+ /* find entry in routes list and remove */
+ while (r)
+ {
+ i = memcmp(&r->dest, &del.dest, sizeof(r->dest));
+ if (!i)
+ {
+ if (e)
+ e->next = r->next;
+ else
+ bgp_routes6 = r->next;
+
+ free(r);
+ break;
+ }
+
+ e = r;
+
+ if (i > 0)
+ r = 0; /* stop */
+ else
+ r = r->next;
+ }
+
+ /* not found */
+ if (!r)
+ return 1;
+
+ /* flag established peers for update */
+ for (i = 0; i < BGP_NUM_PEERS; i++)
+ if (bgp_peers[i].state == Established
+ && bgp_peers[i].mp_handling == HandleIPv6Routes)
+ bgp_peers[i].update_routes6 = 1;
+
+ LOG(4, 0, 0, "Removed BGP route %s/%d\n",
+ inet_ntop(AF_INET6, &ip, ipv6addr, INET6_ADDRSTRLEN), del.dest.len);
+
+ return 1;
+}
+
/* enable or disable routing */
void bgp_enable_routing(int enable)
{
continue;
}
- /* process timers */
- if (peer->state == Established)
+ /* process pending IPv6 updates */
+ if (peer->update_routes6
+ && !peer->outbuf->packet.header.len) /* ditto */
{
- if (time_now > peer->expire_time)
- {
- LOG(1, 0, 0, "No message from BGP peer %s in %ds\n",
- peer->name, peer->hold);
-
- bgp_send_notification(peer, BGP_ERR_HOLD_TIMER_EXP, 0);
+ if (!bgp_send_update6(peer))
continue;
- }
-
- if (time_now > peer->keepalive_time && !peer->outbuf->packet.header.len)
- bgp_send_keepalive(peer);
- }
- else if (peer->state == Idle)
- {
- if (time_now > peer->retry_time)
- bgp_connect(peer);
}
- else if (time_now > peer->state_time + BGP_STATE_TIME)
+
+ /* process timers */
+ bgp_process_timers(peer);
+ }
+
+ return 1;
+}
+
+/* process bgp timers only */
+void bgp_process_peers_timers()
+{
+ int i;
+
+ if (!bgp_configured)
+ return;
+
+ for (i = 0; i < BGP_NUM_PEERS; i++)
+ {
+ struct bgp_peer *peer = &bgp_peers[i];
+
+ if (peer->state == Disabled)
+ continue;
+
+ bgp_process_timers(peer);
+ }
+}
+
+static void bgp_process_timers(struct bgp_peer *peer)
+{
+ if (peer->state == Established)
+ {
+ if (time_now > peer->expire_time)
{
- LOG(1, 0, 0, "%s timer expired for BGP peer %s\n",
- bgp_state_str(peer->state), peer->name);
+ LOG(1, 0, 0, "No message from BGP peer %s in %ds\n",
+ peer->name, peer->hold);
- bgp_restart(peer);
+ bgp_send_notification(peer, BGP_ERR_HOLD_TIMER_EXP, 0);
+ return;
}
+
+ if (time_now > peer->keepalive_time && !peer->outbuf->packet.header.len)
+ bgp_send_keepalive(peer);
+ }
+ else if (peer->state == Idle)
+ {
+ if (time_now > peer->retry_time)
+ bgp_connect(peer);
}
+ else if (time_now > peer->state_time + BGP_STATE_TIME)
+ {
+ LOG(1, 0, 0, "%s timer expired for BGP peer %s\n",
+ bgp_state_str(peer->state), peer->name);
- return 1;
+ bgp_restart(peer);
+ }
}
static void bgp_free_routes(struct bgp_route_list *routes)
}
}
+static void bgp_free_routes6(struct bgp_route6_list *routes)
+{
+ struct bgp_route6_list *tmp;
+
+ while ((tmp = routes))
+ {
+ routes = tmp->next;
+ free(tmp);
+ }
+}
+
char const *bgp_state_str(enum bgp_state state)
{
switch (state)
{
static int bgp_port = 0;
struct sockaddr_in addr;
+ struct sockaddr_in source_addr;
struct epoll_event ev;
if (!bgp_port)
/* set to non-blocking */
fcntl(peer->sock, F_SETFL, fcntl(peer->sock, F_GETFL, 0) | O_NONBLOCK);
+ /* set source address */
+ memset(&source_addr, 0, sizeof(source_addr));
+ source_addr.sin_family = AF_INET;
+ source_addr.sin_addr.s_addr = peer->source_addr; /* defaults to INADDR_ANY */
+ if (bind(peer->sock, (struct sockaddr *) &source_addr, sizeof(source_addr)) < 0)
+ {
+ LOG(1, 0, 0, "Can't set source address to %s: %s\n",
+ inet_ntoa(source_addr.sin_addr), strerror(errno));
+
+ bgp_set_retry(peer);
+ return 0;
+ }
+
/* try connect */
memset(&addr, 0, sizeof(addr));
addr.sin_family = AF_INET;
struct bgp_data_open data;
int hold;
int i;
+ off_t param_offset, capability_offset;
+ struct bgp_opt_param *param;
+ uint8_t capabilities_len;
+ char *capabilities = NULL;
+ struct bgp_capability *capability;
+ struct bgp_mp_cap_param *mp_cap;
for (i = 0; i < sizeof(p->header.marker); i++)
{
if (peer->keepalive * 3 > peer->hold)
peer->keepalive = peer->hold / 3;
+ /* check for optional parameters */
+ /* 2 is for the size of type + len (both uint8_t) */
+ for (param_offset = 0;
+ param_offset < data.opt_len;
+ param_offset += 2 + param->len)
+ {
+ param = (struct bgp_opt_param *)((char *)&data.opt_params + param_offset);
+
+ /* sensible check */
+ if (data.opt_len - param_offset < 2
+ || param->len > data.opt_len - param_offset - 2)
+ {
+ LOG(1, 0, 0, "Malformed Optional Parameter list from BGP peer %s\n",
+ peer->name);
+
+ bgp_send_notification(peer, BGP_ERR_OPEN, BGP_ERR_UNSPEC);
+ return 0;
+ }
+
+ /* we know only one parameter type */
+ if (param->type != BGP_PARAM_TYPE_CAPABILITY)
+ {
+ LOG(1, 0, 0, "Unsupported Optional Parameter type %d from BGP peer %s\n",
+ param->type, peer->name);
+
+ bgp_send_notification(peer, BGP_ERR_OPEN, BGP_ERR_OPN_UNSUP_PARAM);
+ return 0;
+ }
+
+ capabilities_len = param->len;
+ capabilities = (char *)¶m->value;
+
+ /* look for BGP multiprotocol capability */
+ for (capability_offset = 0;
+ capability_offset < capabilities_len;
+ capability_offset += 2 + capability->len)
+ {
+ capability = (struct bgp_capability *)(capabilities + capability_offset);
+
+ /* sensible check */
+ if (capabilities_len - capability_offset < 2
+ || capability->len > capabilities_len - capability_offset - 2)
+ {
+ LOG(1, 0, 0, "Malformed Capabilities list from BGP peer %s\n",
+ peer->name);
+
+ bgp_send_notification(peer, BGP_ERR_OPEN, BGP_ERR_UNSPEC);
+ return 0;
+ }
+
+ /* we only know one capability code */
+ if (capability->code != BGP_CAP_CODE_MP
+ && capability->len != sizeof(struct bgp_mp_cap_param))
+ {
+ LOG(4, 0, 0, "Unsupported Capability code %d from BGP peer %s\n",
+ capability->code, peer->name);
+
+ /* we don't terminate, still; we just jump to the next one */
+ continue;
+ }
+
+ mp_cap = (struct bgp_mp_cap_param *)&capability->value;
+ /* the only <AFI, SAFI> tuple we support */
+ if (ntohs(mp_cap->afi) != BGP_MP_AFI_IPv6 && mp_cap->safi != BGP_MP_SAFI_UNICAST)
+ {
+ LOG(4, 0, 0, "Unsupported multiprotocol AFI %d and SAFI %d from BGP peer %s\n",
+ mp_cap->afi, mp_cap->safi, peer->name);
+
+ /* we don't terminate, still; we just jump to the next one */
+ continue;
+ }
+
+ /* yes it can! */
+ peer->mp_handling = HandleIPv6Routes;
+ }
+ }
+
+ if (peer->mp_handling != HandleIPv6Routes)
+ {
+ peer->mp_handling = DoesntHandleIPv6Routes;
+ if (config->ipv6_prefix.s6_addr[0])
+ LOG(1, 0, 0, "Warning: BGP peer %s doesn't handle IPv6 prefixes updates\n",
+ peer->name);
+ }
+
/* next transition requires an exchange of keepalives */
bgp_send_keepalive(peer);
-
- /* FIXME: may need to check for optional params */
}
break;
if (notification->error_code == BGP_ERR_CEASE)
{
LOG(4, 0, 0, "BGP peer %s sent CEASE\n", peer->name);
- bgp_restart(peer);
+ bgp_set_retry(peer);
+ return 0;
+ }
+
+ if (notification->error_code == BGP_ERR_OPEN
+ && notification->error_subcode == BGP_ERR_OPN_UNSUP_PARAM)
+ {
+ LOG(4, 0, 0, "BGP peer %s doesn't support BGP Capabilities\n", peer->name);
+ peer->mp_handling = DoesntHandleIPv6Routes;
+ bgp_set_retry(peer);
return 0;
}
+ if (notification->error_code == BGP_ERR_OPEN
+ && notification->error_subcode == BGP_ERR_OPN_UNSUP_CAP)
+ {
+ /* the only capability we advertise is this one, so upon receiving
+ an "unsupported capability" message, we disable IPv6 routes for
+ this peer */
+ LOG(4, 0, 0, "BGP peer %s doesn't support IPv6 routes advertisement\n", peer->name);
+ peer->mp_handling = DoesntHandleIPv6Routes;
+ break;
+ }
+
/* FIXME: should handle more notifications */
LOG(4, 0, 0, "BGP peer %s sent unhandled NOTIFICATION %d\n",
peer->name, (int) notification->error_code);
static int bgp_send_open(struct bgp_peer *peer)
{
struct bgp_data_open data;
+ struct bgp_mp_cap_param mp_ipv6 = { htons(BGP_MP_AFI_IPv6), 0, BGP_MP_SAFI_UNICAST };
+ struct bgp_capability cap_mp_ipv6;
+ struct bgp_opt_param param_cap_mp_ipv6;
uint16_t len = sizeof(peer->outbuf->packet.header);
memset(peer->outbuf->packet.header.marker, 0xff,
data.version = BGP_VERSION;
data.as = htons(our_as);
data.hold_time = htons(peer->hold);
- data.identifier = my_address;
- data.opt_len = 0;
+ /* use the source IP we use as identifier, if available */
+ if (peer->source_addr != INADDR_ANY)
+ data.identifier = peer->source_addr;
+ else
+ data.identifier = my_address;
+
+ /* if we know peer doesn't support MP (mp_handling == DoesntHandleIPv6Routes)
+ then don't add this parameter */
+ if (config->ipv6_prefix.s6_addr[0]
+ && (peer->mp_handling == HandlingUnknown
+ || peer->mp_handling == HandleIPv6Routes))
+ {
+ /* construct the param and capability */
+ cap_mp_ipv6.code = BGP_CAP_CODE_MP;
+ cap_mp_ipv6.len = sizeof(mp_ipv6);
+ memcpy(&cap_mp_ipv6.value, &mp_ipv6, cap_mp_ipv6.len);
+
+ param_cap_mp_ipv6.type = BGP_PARAM_TYPE_CAPABILITY;
+ param_cap_mp_ipv6.len = 2 + sizeof(mp_ipv6);
+ memcpy(¶m_cap_mp_ipv6.value, &cap_mp_ipv6, param_cap_mp_ipv6.len);
+
+ data.opt_len = 2 + param_cap_mp_ipv6.len;
+ memcpy(&data.opt_params, ¶m_cap_mp_ipv6, data.opt_len);
+ }
+ else
+ data.opt_len = 0;
- memcpy(peer->outbuf->packet.data, &data, BGP_DATA_OPEN_SIZE);
- len += BGP_DATA_OPEN_SIZE;
+ memcpy(peer->outbuf->packet.data, &data, BGP_DATA_OPEN_SIZE + data.opt_len);
+ len += BGP_DATA_OPEN_SIZE + data.opt_len;
peer->outbuf->packet.header.len = htons(len);
peer->outbuf->done = 0;
return bgp_write(peer);
}
+/* send/buffer UPDATE message for IPv6 routes */
+static int bgp_send_update6(struct bgp_peer *peer)
+{
+ uint16_t attr_len;
+ uint16_t unreach_len = 0;
+ char *unreach_len_pos;
+ uint8_t reach_len;
+ uint16_t len = sizeof(peer->outbuf->packet.header);
+ struct bgp_route6_list *have = peer->routes6;
+ struct bgp_route6_list *want = peer->routing ? bgp_routes6 : 0;
+ struct bgp_route6_list *e = 0;
+ struct bgp_route6_list *add = 0;
+ int s;
+ char ipv6addr[INET6_ADDRSTRLEN];
+
+ char *data = (char *) &peer->outbuf->packet.data;
+
+ /* need leave room for attr_len, bgp_path_attrs and one prefix */
+ char *max = (char *) &peer->outbuf->packet.data
+ + sizeof(peer->outbuf->packet.data)
+ - sizeof(attr_len) - peer->path_attr_len_without_nexthop
+ - BGP_PATH_ATTR_MP_REACH_NLRI_PARTIAL_SIZE - sizeof(struct bgp_ip6_prefix);
+
+ memset(peer->outbuf->packet.header.marker, 0xff,
+ sizeof(peer->outbuf->packet.header.marker));
+
+ peer->outbuf->packet.header.type = BGP_MSG_UPDATE;
+
+ /* insert non-MP unfeasible routes length */
+ memcpy(data, &unreach_len, sizeof(unreach_len));
+ /* skip over it and attr_len too; it will be filled when known */
+ data += sizeof(unreach_len) + sizeof(attr_len);
+ len += sizeof(unreach_len) + sizeof(attr_len);
+
+ /* copy usual attributes */
+ memcpy(data, peer->path_attrs, peer->path_attr_len_without_nexthop);
+ data += peer->path_attr_len_without_nexthop;
+ attr_len = peer->path_attr_len_without_nexthop;
+
+ /* copy MP unreachable NLRI heading */
+ memcpy(data, peer->mp_unreach_nlri_partial,
+ BGP_PATH_ATTR_MP_UNREACH_NLRI_PARTIAL_SIZE);
+ /* remember where to update this attr len */
+ unreach_len_pos = data + 2;
+ data += BGP_PATH_ATTR_MP_UNREACH_NLRI_PARTIAL_SIZE;
+ attr_len += BGP_PATH_ATTR_MP_UNREACH_NLRI_PARTIAL_SIZE;
+
+ peer->update_routes6 = 0; /* tentatively clear */
+
+ /* find differences */
+ while ((have || want) && data < (max - sizeof(struct bgp_ip6_prefix)))
+ {
+ if (have)
+ s = want
+ ? memcmp(&have->dest, &want->dest, sizeof(have->dest))
+ : -1;
+ else
+ s = 1;
+
+ if (s < 0) /* found one to delete */
+ {
+ struct bgp_route6_list *tmp = have;
+ have = have->next;
+
+ s = BGP_IP_PREFIX_SIZE(tmp->dest);
+ memcpy(data, &tmp->dest, s);
+ data += s;
+ unreach_len += s;
+ attr_len += s;
+
+ LOG(5, 0, 0, "Withdrawing route %s/%d from BGP peer %s\n",
+ inet_ntop(AF_INET6, &tmp->dest.prefix, ipv6addr, INET6_ADDRSTRLEN),
+ tmp->dest.len, peer->name);
+
+ free(tmp);
+
+ if (e)
+ e->next = have;
+ else
+ peer->routes6 = have;
+ }
+ else
+ {
+ if (!s) /* same */
+ {
+ e = have; /* stash the last found to relink above */
+ have = have->next;
+ want = want->next;
+ }
+ else if (s > 0) /* addition reqd. */
+ {
+ if (add)
+ {
+ peer->update_routes6 = 1; /* only one add per packet */
+ if (!have)
+ break;
+ }
+ else
+ add = want;
+
+ if (want)
+ want = want->next;
+ }
+ }
+ }
+
+ if (have || want)
+ peer->update_routes6 = 1; /* more to do */
+
+ /* anything changed? */
+ if (!(unreach_len || add))
+ return 1;
+
+ if (unreach_len)
+ {
+ /* go back and insert MP unreach_len */
+ unreach_len += sizeof(struct bgp_attr_mp_unreach_nlri_partial);
+ unreach_len = htons(unreach_len);
+ memcpy(unreach_len_pos, &unreach_len, sizeof(unreach_len));
+ }
+ else
+ {
+ /* we can remove this attribute, then */
+ data -= BGP_PATH_ATTR_MP_UNREACH_NLRI_PARTIAL_SIZE;
+ attr_len -= BGP_PATH_ATTR_MP_UNREACH_NLRI_PARTIAL_SIZE;
+ }
+
+ if (add)
+ {
+ if (!(e = malloc(sizeof(*e))))
+ {
+ LOG(0, 0, 0, "Can't allocate route for %s/%d (%s)\n",
+ inet_ntop(AF_INET6, &add->dest.prefix, ipv6addr, INET6_ADDRSTRLEN),
+ add->dest.len, strerror(errno));
+
+ return 0;
+ }
+
+ memcpy(e, add, sizeof(*e));
+ e->next = 0;
+ peer->routes6 = bgp_insert_route6(peer->routes6, e);
+
+ /* copy MP reachable NLRI heading */
+ memcpy(data, peer->mp_reach_nlri_partial,
+ BGP_PATH_ATTR_MP_REACH_NLRI_PARTIAL_SIZE);
+ /* with proper len */
+ reach_len = BGP_IP_PREFIX_SIZE(add->dest);
+ data[2] = sizeof(struct bgp_attr_mp_reach_nlri_partial) + reach_len;
+ data += BGP_PATH_ATTR_MP_REACH_NLRI_PARTIAL_SIZE;
+ attr_len += BGP_PATH_ATTR_MP_REACH_NLRI_PARTIAL_SIZE;
+
+ memcpy(data, &add->dest, reach_len);
+ data += reach_len;
+ attr_len += reach_len;
+
+ LOG(5, 0, 0, "Advertising route %s/%d to BGP peer %s\n",
+ inet_ntop(AF_INET6, &add->dest.prefix, ipv6addr, INET6_ADDRSTRLEN),
+ add->dest.len, peer->name);
+ }
+
+ /* update len with attributes we added */
+ len += attr_len;
+
+ /* go back and insert attr_len */
+ attr_len = htons(attr_len);
+ memcpy((char *)&peer->outbuf->packet.data + 2, &attr_len, sizeof(attr_len));
+
+ peer->outbuf->packet.header.len = htons(len);
+ peer->outbuf->done = 0;
+
+ return bgp_write(peer);
+}
+
/* send/buffer NOTIFICATION message */
static int bgp_send_notification(struct bgp_peer *peer, uint8_t code,
uint8_t subcode)
#define SYSLOG_NAMES
#include <syslog.h>
#include <malloc.h>
-#include <math.h>
#include <net/route.h>
#include <sys/mman.h>
#include <netdb.h>
#include <sys/time.h>
#include <sys/resource.h>
#include <sys/wait.h>
-#include <linux/if.h>
+#include <net/if.h>
#include <stddef.h>
#include <time.h>
#include <dlfcn.h>
#include <sched.h>
#include <sys/sysinfo.h>
#include <libcli.h>
+#include <linux/netlink.h>
+#include <linux/rtnetlink.h>
#include "md5.h"
#include "l2tpns.h"
// Globals
configt *config = NULL; // all configuration
+int nlfd = -1; // netlink socket
int tunfd = -1; // tun interface file handle. (network device)
int udpfd = -1; // UDP file handle
int controlfd = -1; // Control signal handle
int daefd = -1; // Socket listening for DAE connections.
int snoopfd = -1; // UDP file handle for sending out intercept data
int *radfds = NULL; // RADIUS requests file handles
-int ifrfd = -1; // File descriptor for routing, etc
-int ifr6fd = -1; // File descriptor for IPv6 routing, etc
int rand_fd = -1; // Random data source
int cluster_sockfd = -1; // Intra-cluster communications socket.
int epollfd = -1; // event polling
time_t basetime = 0; // base clock
-char hostname[1000] = ""; // us.
+char hostname[MAXHOSTNAME] = ""; // us.
static int tunidx; // ifr_ifindex of tun device
+int nlseqnum = 0; // netlink sequence number
+int min_initok_nlseqnum = 0; // minimun seq number for messages after init is ok
static int syslog_log = 0; // are we logging to syslog
static FILE *log_stream = 0; // file handle for direct logging (i.e. direct into file, not via syslog).
uint32_t last_id = 0; // Unique ID for radius accounting
CONFIG("cluster_hb_timeout", cluster_hb_timeout, INT),
CONFIG("cluster_master_min_adv", cluster_master_min_adv, INT),
CONFIG("ipv6_prefix", ipv6_prefix, IPv6),
+ CONFIG("cli_bind_address", cli_bind_address, IPv4),
+ CONFIG("hostname", hostname, STRING),
+ CONFIG("nexthop_address", nexthop_address, IPv4),
+ CONFIG("nexthop6_address", nexthop6_address, IPv6),
{ NULL, 0, 0, 0 },
};
NULL,
"plugin_pre_auth",
"plugin_post_auth",
- "plugin_packet_rx",
- "plugin_packet_tx",
"plugin_timer",
"plugin_new_session",
"plugin_kill_session",
struct Tringbuffer *ringbuffer = NULL;
#endif
+static ssize_t netlink_send(struct nlmsghdr *nh);
+static void netlink_addattr(struct nlmsghdr *nh, int type, const void *data, int alen);
static void cache_ipmap(in_addr_t ip, sessionidt s);
static void uncache_ipmap(in_addr_t ip);
static void cache_ipv6map(struct in6_addr ip, int prefixlen, sessionidt s);
// via BGP if enabled, and stuffs it into the
// 'sessionbyip' cache.
//
-// 'ip' and 'mask' must be in _host_ order.
+// 'ip' must be in _host_ order.
//
-static void routeset(sessionidt s, in_addr_t ip, in_addr_t mask, in_addr_t gw, int add)
+static void routeset(sessionidt s, in_addr_t ip, int prefixlen, in_addr_t gw, int add)
{
- struct rtentry r;
+ struct {
+ struct nlmsghdr nh;
+ struct rtmsg rt;
+ char buf[32];
+ } req;
int i;
+ in_addr_t n_ip;
- if (!mask) mask = 0xffffffff;
+ if (!prefixlen) prefixlen = 32;
- ip &= mask; // Force the ip to be the first one in the route.
+ ip &= 0xffffffff << (32 - prefixlen);; // Force the ip to be the first one in the route.
- memset(&r, 0, sizeof(r));
- r.rt_dev = config->tundevice;
- r.rt_dst.sa_family = AF_INET;
- *(uint32_t *) & (((struct sockaddr_in *) &r.rt_dst)->sin_addr.s_addr) = htonl(ip);
- r.rt_gateway.sa_family = AF_INET;
- *(uint32_t *) & (((struct sockaddr_in *) &r.rt_gateway)->sin_addr.s_addr) = htonl(gw);
- r.rt_genmask.sa_family = AF_INET;
- *(uint32_t *) & (((struct sockaddr_in *) &r.rt_genmask)->sin_addr.s_addr) = htonl(mask);
- r.rt_flags = (RTF_UP | RTF_STATIC);
+ memset(&req, 0, sizeof(req));
+
+ if (add)
+ {
+ req.nh.nlmsg_type = RTM_NEWROUTE;
+ req.nh.nlmsg_flags = NLM_F_REQUEST | NLM_F_CREATE | NLM_F_REPLACE;
+ }
+ else
+ {
+ req.nh.nlmsg_type = RTM_DELROUTE;
+ req.nh.nlmsg_flags = NLM_F_REQUEST;
+ }
+
+ req.nh.nlmsg_len = NLMSG_LENGTH(sizeof(req.rt));
+
+ req.rt.rtm_family = AF_INET;
+ req.rt.rtm_dst_len = prefixlen;
+ req.rt.rtm_table = RT_TABLE_MAIN;
+ req.rt.rtm_protocol = 42;
+ req.rt.rtm_scope = RT_SCOPE_LINK;
+ req.rt.rtm_type = RTN_UNICAST;
+
+ netlink_addattr(&req.nh, RTA_OIF, &tunidx, sizeof(int));
+ n_ip = htonl(ip);
+ netlink_addattr(&req.nh, RTA_DST, &n_ip, sizeof(n_ip));
if (gw)
- r.rt_flags |= RTF_GATEWAY;
- else if (mask == 0xffffffff)
- r.rt_flags |= RTF_HOST;
+ {
+ n_ip = htonl(gw);
+ netlink_addattr(&req.nh, RTA_GATEWAY, &n_ip, sizeof(n_ip));
+ }
- LOG(1, s, 0, "Route %s %s/%s%s%s\n", add ? "add" : "del",
- fmtaddr(htonl(ip), 0), fmtaddr(htonl(mask), 1),
+ LOG(1, s, session[s].tunnel, "Route %s %s/%d%s%s\n", add ? "add" : "del",
+ fmtaddr(htonl(ip), 0), prefixlen,
gw ? " via" : "", gw ? fmtaddr(htonl(gw), 2) : "");
- if (ioctl(ifrfd, add ? SIOCADDRT : SIOCDELRT, (void *) &r) < 0)
- LOG(0, 0, 0, "routeset() error in ioctl: %s\n", strerror(errno));
+ if (netlink_send(&req.nh) < 0)
+ LOG(0, 0, 0, "routeset() error in sending netlink message: %s\n", strerror(errno));
#ifdef BGP
if (add)
- bgp_add_route(htonl(ip), htonl(mask));
+ bgp_add_route(htonl(ip), prefixlen);
else
- bgp_del_route(htonl(ip), htonl(mask));
+ bgp_del_route(htonl(ip), prefixlen);
#endif /* BGP */
// Add/Remove the IPs to the 'sessionbyip' cache.
if (!add) // Are we deleting a route?
s = 0; // Caching the session as '0' is the same as uncaching.
- for (i = ip; (i&mask) == (ip&mask) ; ++i)
+ for (i = ip; i < ip+(1<<(32-prefixlen)) ; ++i)
cache_ipmap(i, s);
}
}
void route6set(sessionidt s, struct in6_addr ip, int prefixlen, int add)
{
- struct in6_rtmsg rt;
+ struct {
+ struct nlmsghdr nh;
+ struct rtmsg rt;
+ char buf[64];
+ } req;
+ int metric;
char ipv6addr[INET6_ADDRSTRLEN];
- if (ifr6fd < 0)
+ if (!config->ipv6_prefix.s6_addr[0])
{
LOG(0, 0, 0, "Asked to set IPv6 route, but IPv6 not setup.\n");
return;
}
- memset(&rt, 0, sizeof(rt));
+ memset(&req, 0, sizeof(req));
+
+ if (add)
+ {
+ req.nh.nlmsg_type = RTM_NEWROUTE;
+ req.nh.nlmsg_flags = NLM_F_REQUEST | NLM_F_CREATE | NLM_F_REPLACE;
+ }
+ else
+ {
+ req.nh.nlmsg_type = RTM_DELROUTE;
+ req.nh.nlmsg_flags = NLM_F_REQUEST;
+ }
+
+ req.nh.nlmsg_len = NLMSG_LENGTH(sizeof(req.rt));
- memcpy(&rt.rtmsg_dst, &ip, sizeof(struct in6_addr));
- rt.rtmsg_dst_len = prefixlen;
- rt.rtmsg_metric = 1;
- rt.rtmsg_flags = RTF_UP;
- rt.rtmsg_ifindex = tunidx;
+ req.rt.rtm_family = AF_INET6;
+ req.rt.rtm_dst_len = prefixlen;
+ req.rt.rtm_table = RT_TABLE_MAIN;
+ req.rt.rtm_protocol = 42;
+ req.rt.rtm_scope = RT_SCOPE_LINK;
+ req.rt.rtm_type = RTN_UNICAST;
- LOG(1, 0, 0, "Route %s %s/%d\n",
+ netlink_addattr(&req.nh, RTA_OIF, &tunidx, sizeof(int));
+ netlink_addattr(&req.nh, RTA_DST, &ip, sizeof(ip));
+ metric = 1;
+ netlink_addattr(&req.nh, RTA_METRICS, &metric, sizeof(metric));
+
+ LOG(1, s, session[s].tunnel, "Route %s %s/%d\n",
add ? "add" : "del",
inet_ntop(AF_INET6, &ip, ipv6addr, INET6_ADDRSTRLEN),
prefixlen);
- if (ioctl(ifr6fd, add ? SIOCADDRT : SIOCDELRT, (void *) &rt) < 0)
- LOG(0, 0, 0, "route6set() error in ioctl: %s\n",
- strerror(errno));
+ if (netlink_send(&req.nh) < 0)
+ LOG(0, 0, 0, "route6set() error in sending netlink message: %s\n", strerror(errno));
- // FIXME: need to add BGP routing (RFC2858)
+#ifdef BGP
+ if (add)
+ bgp_add_route6(ip, prefixlen);
+ else
+ bgp_del_route6(ip, prefixlen);
+#endif /* BGP */
if (s)
{
return;
}
-// defined in linux/ipv6.h, but tricky to include from user-space
-// TODO: move routing to use netlink rather than ioctl
-struct in6_ifreq {
- struct in6_addr ifr6_addr;
- __u32 ifr6_prefixlen;
- unsigned int ifr6_ifindex;
+//
+// Set up netlink socket
+static void initnetlink(void)
+{
+ struct sockaddr_nl nladdr;
+
+ nlfd = socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE);
+ if (nlfd < 0)
+ {
+ LOG(0, 0, 0, "Can't create netlink socket: %s\n", strerror(errno));
+ exit(1);
+ }
+
+ memset(&nladdr, 0, sizeof(nladdr));
+ nladdr.nl_family = AF_NETLINK;
+ nladdr.nl_pid = getpid();
+
+ if (bind(nlfd, (struct sockaddr *)&nladdr, sizeof(nladdr)) < 0)
+ {
+ LOG(0, 0, 0, "Can't bind netlink socket: %s\n", strerror(errno));
+ exit(1);
+ }
+}
+
+static ssize_t netlink_send(struct nlmsghdr *nh)
+{
+ struct sockaddr_nl nladdr;
+ struct iovec iov;
+ struct msghdr msg;
+
+ nh->nlmsg_pid = getpid();
+ nh->nlmsg_seq = ++nlseqnum;
+
+ // set kernel address
+ memset(&nladdr, 0, sizeof(nladdr));
+ nladdr.nl_family = AF_NETLINK;
+
+ iov = (struct iovec){ (void *)nh, nh->nlmsg_len };
+ msg = (struct msghdr){ (void *)&nladdr, sizeof(nladdr), &iov, 1, NULL, 0, 0 };
+
+ return sendmsg(nlfd, &msg, 0);
+}
+
+static ssize_t netlink_recv(void *buf, ssize_t len)
+{
+ struct sockaddr_nl nladdr;
+ struct iovec iov;
+ struct msghdr msg;
+
+ // set kernel address
+ memset(&nladdr, 0, sizeof(nladdr));
+ nladdr.nl_family = AF_NETLINK;
+
+ iov = (struct iovec){ buf, len };
+ msg = (struct msghdr){ (void *)&nladdr, sizeof(nladdr), &iov, 1, NULL, 0, 0 };
+
+ return recvmsg(nlfd, &msg, 0);
+}
+
+/* adapted from iproute2 */
+static void netlink_addattr(struct nlmsghdr *nh, int type, const void *data, int alen)
+{
+ int len = RTA_LENGTH(alen);
+ struct rtattr *rta;
+
+ rta = (struct rtattr *)(((void *)nh) + NLMSG_ALIGN(nh->nlmsg_len));
+ rta->rta_type = type;
+ rta->rta_len = len;
+ memcpy(RTA_DATA(rta), data, alen);
+ nh->nlmsg_len = NLMSG_ALIGN(nh->nlmsg_len) + RTA_ALIGN(len);
+}
+
+// messages corresponding to different phases seq number
+static char *tun_nl_phase_msg[] = {
+ "initialized",
+ "getting tun interface index",
+ "setting tun interface parameters",
+ "setting tun IPv4 address",
+ "setting tun LL IPv6 address",
+ "setting tun global IPv6 address",
};
//
static void inittun(void)
{
struct ifreq ifr;
- struct in6_ifreq ifr6;
- struct sockaddr_in sin = {0};
+
memset(&ifr, 0, sizeof(ifr));
ifr.ifr_flags = IFF_TUN;
LOG(0, 0, 0, "Can't set tun interface: %s\n", strerror(errno));
exit(1);
}
- assert(strlen(ifr.ifr_name) < sizeof(config->tundevice));
- strncpy(config->tundevice, ifr.ifr_name, sizeof(config->tundevice) - 1);
- ifrfd = socket(PF_INET, SOCK_DGRAM, IPPROTO_IP);
+ assert(strlen(ifr.ifr_name) < sizeof(config->tundevice) - 1);
+ strncpy(config->tundevice, ifr.ifr_name, sizeof(config->tundevice));
- sin.sin_family = AF_INET;
- sin.sin_addr.s_addr = config->bind_address ? config->bind_address : 0x01010101; // 1.1.1.1
- memcpy(&ifr.ifr_addr, &sin, sizeof(struct sockaddr));
-
- if (ioctl(ifrfd, SIOCSIFADDR, (void *) &ifr) < 0)
+ tunidx = if_nametoindex(config->tundevice);
+ if (tunidx == 0)
{
- LOG(0, 0, 0, "Error setting tun address: %s\n", strerror(errno));
+ LOG(0, 0, 0, "Can't get tun interface index\n");
exit(1);
}
- /* Bump up the qlen to deal with bursts from the network */
- ifr.ifr_qlen = 1000;
- if (ioctl(ifrfd, SIOCSIFTXQLEN, (void *) &ifr) < 0)
- {
- LOG(0, 0, 0, "Error setting tun queue length: %s\n", strerror(errno));
- exit(1);
- }
- /* set MTU to modem MRU */
- ifr.ifr_mtu = MRU;
- if (ioctl(ifrfd, SIOCSIFMTU, (void *) &ifr) < 0)
- {
- LOG(0, 0, 0, "Error setting tun MTU: %s\n", strerror(errno));
- exit(1);
- }
- ifr.ifr_flags = IFF_UP;
- if (ioctl(ifrfd, SIOCSIFFLAGS, (void *) &ifr) < 0)
- {
- LOG(0, 0, 0, "Error setting tun flags: %s\n", strerror(errno));
- exit(1);
- }
- if (ioctl(ifrfd, SIOCGIFINDEX, (void *) &ifr) < 0)
+
{
- LOG(0, 0, 0, "Error getting tun ifindex: %s\n", strerror(errno));
- exit(1);
- }
- tunidx = ifr.ifr_ifindex;
+ struct {
+ // interface setting
+ struct nlmsghdr nh;
+ union {
+ struct ifinfomsg ifinfo;
+ struct ifaddrmsg ifaddr;
+ } ifmsg;
+ char rtdata[32]; // 32 should be enough
+ } req;
+ uint32_t txqlen, mtu;
+ in_addr_t ip;
- // Only setup IPv6 on the tun device if we have a configured prefix
- if (config->ipv6_prefix.s6_addr[0]) {
- ifr6fd = socket(PF_INET6, SOCK_DGRAM, 0);
+ memset(&req, 0, sizeof(req));
- // Link local address is FE80::1
- memset(&ifr6.ifr6_addr, 0, sizeof(ifr6.ifr6_addr));
- ifr6.ifr6_addr.s6_addr[0] = 0xFE;
- ifr6.ifr6_addr.s6_addr[1] = 0x80;
- ifr6.ifr6_addr.s6_addr[15] = 1;
- ifr6.ifr6_prefixlen = 64;
- ifr6.ifr6_ifindex = ifr.ifr_ifindex;
- if (ioctl(ifr6fd, SIOCSIFADDR, (void *) &ifr6) < 0)
- {
- LOG(0, 0, 0, "Error setting tun IPv6 link local address:"
- " %s\n", strerror(errno));
- }
+ req.nh.nlmsg_type = RTM_NEWLINK;
+ req.nh.nlmsg_flags = NLM_F_REQUEST | NLM_F_MULTI;
+ req.nh.nlmsg_len = NLMSG_LENGTH(sizeof(req.ifmsg.ifinfo));
- // Global address is prefix::1
- memset(&ifr6.ifr6_addr, 0, sizeof(ifr6.ifr6_addr));
- ifr6.ifr6_addr = config->ipv6_prefix;
- ifr6.ifr6_addr.s6_addr[15] = 1;
- ifr6.ifr6_prefixlen = 64;
- ifr6.ifr6_ifindex = ifr.ifr_ifindex;
- if (ioctl(ifr6fd, SIOCSIFADDR, (void *) &ifr6) < 0)
- {
- LOG(0, 0, 0, "Error setting tun IPv6 global address: %s\n",
- strerror(errno));
+ req.ifmsg.ifinfo.ifi_family = AF_UNSPEC;
+ req.ifmsg.ifinfo.ifi_index = tunidx;
+ req.ifmsg.ifinfo.ifi_flags |= IFF_UP; // set interface up
+ req.ifmsg.ifinfo.ifi_change = IFF_UP; // only change this flag
+
+ /* Bump up the qlen to deal with bursts from the network */
+ txqlen = 1000;
+ netlink_addattr(&req.nh, IFLA_TXQLEN, &txqlen, sizeof(txqlen));
+ /* set MTU to modem MRU */
+ mtu = MRU;
+ netlink_addattr(&req.nh, IFLA_MTU, &mtu, sizeof(mtu));
+
+ if (netlink_send(&req.nh) < 0)
+ goto senderror;
+
+ memset(&req, 0, sizeof(req));
+
+ req.nh.nlmsg_type = RTM_NEWADDR;
+ req.nh.nlmsg_flags = NLM_F_REQUEST | NLM_F_CREATE | NLM_F_REPLACE | NLM_F_MULTI;
+ req.nh.nlmsg_len = NLMSG_LENGTH(sizeof(req.ifmsg.ifaddr));
+
+ req.ifmsg.ifaddr.ifa_family = AF_INET;
+ req.ifmsg.ifaddr.ifa_prefixlen = 32;
+ req.ifmsg.ifaddr.ifa_scope = RT_SCOPE_UNIVERSE;
+ req.ifmsg.ifaddr.ifa_index = tunidx;
+
+ if (config->bind_address)
+ ip = config->bind_address;
+ else
+ ip = 0x01010101; // 1.1.1.1
+ netlink_addattr(&req.nh, IFA_LOCAL, &ip, sizeof(ip));
+
+ if (netlink_send(&req.nh) < 0)
+ goto senderror;
+
+ // Only setup IPv6 on the tun device if we have a configured prefix
+ if (config->ipv6_prefix.s6_addr[0]) {
+ struct in6_addr ip6;
+
+ memset(&req, 0, sizeof(req));
+
+ req.nh.nlmsg_type = RTM_NEWADDR;
+ req.nh.nlmsg_flags = NLM_F_REQUEST | NLM_F_CREATE | NLM_F_REPLACE | NLM_F_MULTI;
+ req.nh.nlmsg_len = NLMSG_LENGTH(sizeof(req.ifmsg.ifaddr));
+
+ req.ifmsg.ifaddr.ifa_family = AF_INET6;
+ req.ifmsg.ifaddr.ifa_prefixlen = 64;
+ req.ifmsg.ifaddr.ifa_scope = RT_SCOPE_LINK;
+ req.ifmsg.ifaddr.ifa_index = tunidx;
+
+ // Link local address is FE80::1
+ memset(&ip6, 0, sizeof(ip6));
+ ip6.s6_addr[0] = 0xFE;
+ ip6.s6_addr[1] = 0x80;
+ ip6.s6_addr[15] = 1;
+ netlink_addattr(&req.nh, IFA_LOCAL, &ip6, sizeof(ip6));
+
+ if (netlink_send(&req.nh) < 0)
+ goto senderror;
+
+ memset(&req, 0, sizeof(req));
+
+ req.nh.nlmsg_type = RTM_NEWADDR;
+ req.nh.nlmsg_flags = NLM_F_REQUEST | NLM_F_CREATE | NLM_F_REPLACE | NLM_F_MULTI;
+ req.nh.nlmsg_len = NLMSG_LENGTH(sizeof(req.ifmsg.ifaddr));
+
+ req.ifmsg.ifaddr.ifa_family = AF_INET6;
+ req.ifmsg.ifaddr.ifa_prefixlen = 64;
+ req.ifmsg.ifaddr.ifa_scope = RT_SCOPE_UNIVERSE;
+ req.ifmsg.ifaddr.ifa_index = tunidx;
+
+ // Global address is prefix::1
+ ip6 = config->ipv6_prefix;
+ ip6.s6_addr[15] = 1;
+ netlink_addattr(&req.nh, IFA_LOCAL, &ip6, sizeof(ip6));
+
+ if (netlink_send(&req.nh) < 0)
+ goto senderror;
}
+
+ memset(&req, 0, sizeof(req));
+
+ req.nh.nlmsg_type = NLMSG_DONE;
+ req.nh.nlmsg_len = NLMSG_LENGTH(0);
+
+ if (netlink_send(&req.nh) < 0)
+ goto senderror;
+
+ // if we get an error for seqnum < min_initok_nlseqnum,
+ // we must exit as initialization went wrong
+ if (config->ipv6_prefix.s6_addr[0])
+ min_initok_nlseqnum = 5 + 1; // idx + if + addr + 2*addr6
+ else
+ min_initok_nlseqnum = 3 + 1; // idx + if + addr
}
+
+ return;
+
+senderror:
+ LOG(0, 0, 0, "Error while setting up tun device: %s\n", strerror(errno));
+ exit(1);
}
// set up UDP ports
return;
}
- // Add on L2TP header
- {
- bundleidt bid = 0;
- if(session[s].bundle != 0 && bundle[session[s].bundle].num_of_links > 1)
- {
- bid = session[s].bundle;
- s = bundle[bid].members[bundle[bid].current_ses = (bundle[bid].current_ses + 1) % bundle[bid].num_of_links];
- t = session[s].tunnel;
- sp = &session[s];
- LOG(4, s, t, "MPPP: (1)Session number becomes: %d\n", s);
- if(len > MINFRAGLEN)
- {
- // Partition the packet to "bundle[b].num_of_links" fragments
- bundlet *b = &bundle[bid];
- uint32_t num_of_links = b->num_of_links;
- uint32_t fraglen = len / num_of_links;
- fraglen = (fraglen > session[s].mru ? session[s].mru : fraglen);
- uint32_t last_fraglen = fraglen + len % num_of_links;
- last_fraglen = (last_fraglen > session[s].mru ? len % num_of_links : last_fraglen);
- uint32_t remain = len;
-
- // send the first packet
- uint8_t *p = makeppp(fragbuf, sizeof(fragbuf), buf, fraglen, s, t, PPPIP, 0, bid, MP_BEGIN);
- if (!p) return;
- tunnelsend(fragbuf, fraglen + (p-fragbuf), t); // send it...
- // statistics
- update_session_out_stat(s, sp, fraglen);
- remain -= fraglen;
- while (remain > last_fraglen)
- {
- s = b->members[b->current_ses = (b->current_ses + 1) % num_of_links];
- t = session[s].tunnel;
- sp = &session[s];
- LOG(4, s, t, "MPPP: (2)Session number becomes: %d\n", s);
- p = makeppp(fragbuf, sizeof(fragbuf), buf+(len - remain), fraglen, s, t, PPPIP, 0, bid, 0);
- if (!p) return;
- tunnelsend(fragbuf, fraglen + (p-fragbuf), t); // send it...
- update_session_out_stat(s, sp, fraglen);
- remain -= fraglen;
- }
- // send the last fragment
- s = b->members[b->current_ses = (b->current_ses + 1) % num_of_links];
+ if(session[s].bundle != 0 && bundle[session[s].bundle].num_of_links > 1)
+ {
+ // Add on L2TP header
+ bundleidt bid = session[s].bundle;
+ bundlet *b = &bundle[bid];
+
+ b->current_ses = (b->current_ses + 1) % b->num_of_links;
+ s = b->members[b->current_ses];
+ t = session[s].tunnel;
+ sp = &session[s];
+ LOG(4, s, t, "MPPP: (1)Session number becomes: %d\n", s);
+ if(len > MINFRAGLEN)
+ {
+ // Partition the packet to "bundle[b].num_of_links" fragments
+ uint32_t num_of_links = b->num_of_links;
+ uint32_t fraglen = len / num_of_links;
+ fraglen = (fraglen > session[s].mru ? session[s].mru : fraglen);
+ uint32_t last_fraglen = fraglen + len % num_of_links;
+ last_fraglen = (last_fraglen > session[s].mru ? len % num_of_links : last_fraglen);
+ uint32_t remain = len;
+
+ // send the first packet
+ uint8_t *p = makeppp(fragbuf, sizeof(fragbuf), buf, fraglen, s, t, PPPIP, 0, bid, MP_BEGIN);
+ if (!p) return;
+ tunnelsend(fragbuf, fraglen + (p-fragbuf), t); // send it...
+ // statistics
+ update_session_out_stat(s, sp, fraglen);
+ remain -= fraglen;
+ while (remain > last_fraglen)
+ {
+ b->current_ses = (b->current_ses + 1) % num_of_links;
+ s = b->members[b->current_ses];
t = session[s].tunnel;
sp = &session[s];
- LOG(4, s, t, "MPPP: (2)Session number becomes: %d\n", s);
- p = makeppp(fragbuf, sizeof(fragbuf), buf+(len - remain), remain, s, t, PPPIP, 0, bid, MP_END);
- if (!p) return;
- tunnelsend(fragbuf, remain + (p-fragbuf), t); // send it...
- update_session_out_stat(s, sp, remain);
- if (remain != last_fraglen)
- LOG(3, s, t, "PROCESSIPOUT ERROR REMAIN != LAST_FRAGLEN, %d != %d\n", remain, last_fraglen);
- }
- else {
- // Send it as one frame
- uint8_t *p = makeppp(fragbuf, sizeof(fragbuf), buf, len, s, t, PPPIP, 0, bid, MP_BOTH_BITS);
- if (!p) return;
- tunnelsend(fragbuf, len + (p-fragbuf), t); // send it...
- LOG(4, s, t, "MPPP: packet sent as one frame\n");
- update_session_out_stat(s, sp, len);
- }
- }
- else
- {
- uint8_t *p = makeppp(fragbuf, sizeof(fragbuf), buf, len, s, t, PPPIP, 0, 0, 0);
- if (!p) return;
- tunnelsend(fragbuf, len + (p-fragbuf), t); // send it...
+ LOG(4, s, t, "MPPP: (2)Session number becomes: %d\n", s);
+ p = makeppp(fragbuf, sizeof(fragbuf), buf+(len - remain), fraglen, s, t, PPPIP, 0, bid, 0);
+ if (!p) return;
+ tunnelsend(fragbuf, fraglen + (p-fragbuf), t); // send it...
+ update_session_out_stat(s, sp, fraglen);
+ remain -= fraglen;
+ }
+ // send the last fragment
+ b->current_ses = (b->current_ses + 1) % num_of_links;
+ s = b->members[b->current_ses];
+ t = session[s].tunnel;
+ sp = &session[s];
+ LOG(4, s, t, "MPPP: (2)Session number becomes: %d\n", s);
+ p = makeppp(fragbuf, sizeof(fragbuf), buf+(len - remain), remain, s, t, PPPIP, 0, bid, MP_END);
+ if (!p) return;
+ tunnelsend(fragbuf, remain + (p-fragbuf), t); // send it...
+ update_session_out_stat(s, sp, remain);
+ if (remain != last_fraglen)
+ LOG(3, s, t, "PROCESSIPOUT ERROR REMAIN != LAST_FRAGLEN, %d != %d\n", remain, last_fraglen);
+ }
+ else {
+ // Send it as one frame
+ uint8_t *p = makeppp(fragbuf, sizeof(fragbuf), buf, len, s, t, PPPIP, 0, bid, MP_BOTH_BITS);
+ if (!p) return;
+ tunnelsend(fragbuf, len + (p-fragbuf), t); // send it...
+ LOG(4, s, t, "MPPP: packet sent as one frame\n");
update_session_out_stat(s, sp, len);
- }
- }
+ }
+ }
+ else
+ {
+ uint8_t *p = makeppp(fragbuf, sizeof(fragbuf), buf, len, s, t, PPPIP, 0, 0, 0);
+ if (!p) return;
+ tunnelsend(fragbuf, len + (p-fragbuf), t); // send it...
+ update_session_out_stat(s, sp, len);
+ }
// Snooping this session, send it to intercept box
if (sp->snoop_ip && sp->snoop_port)
if (session[s].bundle && bundle[session[s].bundle].num_of_links > 1)
{
bundleidt bid = session[s].bundle;
- s = bundle[bid].members[bundle[bid].current_ses = (bundle[bid].current_ses + 1) % bundle[bid].num_of_links];
+ bundlet *b = &bundle[bid];
+
+ b->current_ses = (b->current_ses + 1) % b->num_of_links;
+ s = b->members[b->current_ses];
LOG(3, s, session[s].tunnel, "MPPP: Session number becomes: %u\n", s);
}
t = session[s].tunnel;
static void control16(controlt * c, uint16_t avp, uint16_t val, uint8_t m)
{
uint16_t l = (m ? 0x8008 : 0x0008);
- *(uint16_t *) (c->buf + c->length + 0) = htons(l);
- *(uint16_t *) (c->buf + c->length + 2) = htons(0);
- *(uint16_t *) (c->buf + c->length + 4) = htons(avp);
- *(uint16_t *) (c->buf + c->length + 6) = htons(val);
+ c->buf16[c->length/2 + 0] = htons(l);
+ c->buf16[c->length/2 + 1] = htons(0);
+ c->buf16[c->length/2 + 2] = htons(avp);
+ c->buf16[c->length/2 + 3] = htons(val);
c->length += 8;
}
static void control32(controlt * c, uint16_t avp, uint32_t val, uint8_t m)
{
uint16_t l = (m ? 0x800A : 0x000A);
- *(uint16_t *) (c->buf + c->length + 0) = htons(l);
- *(uint16_t *) (c->buf + c->length + 2) = htons(0);
- *(uint16_t *) (c->buf + c->length + 4) = htons(avp);
- *(uint32_t *) (c->buf + c->length + 6) = htonl(val);
+ c->buf16[c->length/2 + 0] = htons(l);
+ c->buf16[c->length/2 + 1] = htons(0);
+ c->buf16[c->length/2 + 2] = htons(avp);
+ *(uint32_t *) &c->buf[c->length + 6] = htonl(val);
c->length += 10;
}
static void controls(controlt * c, uint16_t avp, char *val, uint8_t m)
{
uint16_t l = ((m ? 0x8000 : 0) + strlen(val) + 6);
- *(uint16_t *) (c->buf + c->length + 0) = htons(l);
- *(uint16_t *) (c->buf + c->length + 2) = htons(0);
- *(uint16_t *) (c->buf + c->length + 4) = htons(avp);
- memcpy(c->buf + c->length + 6, val, strlen(val));
+ c->buf16[c->length/2 + 0] = htons(l);
+ c->buf16[c->length/2 + 1] = htons(0);
+ c->buf16[c->length/2 + 2] = htons(avp);
+ memcpy(&c->buf[c->length + 6], val, strlen(val));
c->length += 6 + strlen(val);
}
static void controlb(controlt * c, uint16_t avp, uint8_t *val, unsigned int len, uint8_t m)
{
uint16_t l = ((m ? 0x8000 : 0) + len + 6);
- *(uint16_t *) (c->buf + c->length + 0) = htons(l);
- *(uint16_t *) (c->buf + c->length + 2) = htons(0);
- *(uint16_t *) (c->buf + c->length + 4) = htons(avp);
- memcpy(c->buf + c->length + 6, val, len);
+ c->buf16[c->length/2 + 0] = htons(l);
+ c->buf16[c->length/2 + 1] = htons(0);
+ c->buf16[c->length/2 + 2] = htons(avp);
+ memcpy(&c->buf[c->length + 6], val, len);
c->length += 6 + len;
}
}
assert(c);
c->next = 0;
- *(uint16_t *) (c->buf + 0) = htons(0xC802); // flags/ver
+ c->buf16[0] = htons(0xC802); // flags/ver
c->length = 12;
control16(c, 0, mtype, 1);
return c;
// (ZLB send).
static void controlnull(tunnelidt t)
{
- uint8_t buf[12];
+ uint16_t buf[6];
if (tunnel[t].controlc) // Messages queued; They will carry the ack.
return;
- *(uint16_t *) (buf + 0) = htons(0xC802); // flags/ver
- *(uint16_t *) (buf + 2) = htons(12); // length
- *(uint16_t *) (buf + 4) = htons(tunnel[t].far); // tunnel
- *(uint16_t *) (buf + 6) = htons(0); // session
- *(uint16_t *) (buf + 8) = htons(tunnel[t].ns); // sequence
- *(uint16_t *) (buf + 10) = htons(tunnel[t].nr); // sequence
- tunnelsend(buf, 12, t);
+ buf[0] = htons(0xC802); // flags/ver
+ buf[1] = htons(12); // length
+ buf[2] = htons(tunnel[t].far); // tunnel
+ buf[3] = htons(0); // session
+ buf[4] = htons(tunnel[t].ns); // sequence
+ buf[5] = htons(tunnel[t].nr); // sequence
+ tunnelsend((uint8_t *)buf, 12, t);
}
// add a control message to a tunnel, and send if within window
static void controladd(controlt *c, sessionidt far, tunnelidt t)
{
- *(uint16_t *) (c->buf + 2) = htons(c->length); // length
- *(uint16_t *) (c->buf + 4) = htons(tunnel[t].far); // tunnel
- *(uint16_t *) (c->buf + 6) = htons(far); // session
- *(uint16_t *) (c->buf + 8) = htons(tunnel[t].ns); // sequence
+ c->buf16[1] = htons(c->length); // length
+ c->buf16[2] = htons(tunnel[t].far); // tunnel
+ c->buf16[3] = htons(far); // session
+ c->buf16[4] = htons(tunnel[t].ns); // sequence
tunnel[t].ns++; // advance sequence
// link in message in to queue
if (tunnel[t].controlc)
int routed = 0;
for (r = 0; r < MAXROUTE && session[s].route[r].ip; r++)
{
- if ((session[s].ip & session[s].route[r].mask) ==
- (session[s].route[r].ip & session[s].route[r].mask))
+ if ((session[s].ip >> (32-session[s].route[r].prefixlen)) ==
+ (session[s].route[r].ip >> (32-session[s].route[r].prefixlen)))
routed++;
- if (del_routes) routeset(s, session[s].route[r].ip, session[s].route[r].mask, 0, 0);
+ if (del_routes) routeset(s, session[s].route[r].ip, session[s].route[r].prefixlen, 0, 0);
session[s].route[r].ip = 0;
}
{
// This session was part of a bundle
bundle[b].num_of_links--;
- LOG(3, s, 0, "MPPP: Dropping member link: %d from bundle %d\n",s,b);
+ LOG(3, s, session[s].tunnel, "MPPP: Dropping member link: %d from bundle %d\n",s,b);
if(bundle[b].num_of_links == 0)
{
bundleclear(b);
- LOG(3, s, 0, "MPPP: Kill bundle: %d (No remaing member links)\n",b);
+ LOG(3, s, session[s].tunnel, "MPPP: Kill bundle: %d (No remaing member links)\n",b);
}
else
{
break;
}
bundle[b].members[mem_num] = bundle[b].members[bundle[b].num_of_links];
- LOG(3, s, 0, "MPPP: Adjusted member links array\n");
+ LOG(3, s, session[s].tunnel, "MPPP: Adjusted member links array\n");
}
}
cluster_send_bundle(b);
controlt *c = controlnew(14); // sending CDN
if (cdn_error)
{
- uint8_t buf[4];
- *(uint16_t *) buf = htons(cdn_result);
- *(uint16_t *) (buf+2) = htons(cdn_error);
- controlb(c, 1, buf, 4, 1);
+ uint16_t buf[2];
+ buf[0] = htons(cdn_result);
+ buf[1] = htons(cdn_error);
+ controlb(c, 1, (uint8_t *)buf, 4, 1);
}
else
control16(c, 1, cdn_result, 1);
controlt *c = controlnew(4); // sending StopCCN
if (error)
{
- uint8_t buf[64];
+ uint16_t buf[32];
int l = 4;
- *(uint16_t *) buf = htons(result);
- *(uint16_t *) (buf+2) = htons(error);
+ buf[0] = htons(result);
+ buf[1] = htons(error);
if (msg)
{
int m = strlen(msg);
if (m + 4 > sizeof(buf))
m = sizeof(buf) - 4;
- memcpy(buf+4, msg, m);
+ memcpy(buf+2, msg, m);
l += m;
}
- controlb(c, 1, buf, l, 1);
+ controlb(c, 1, (uint8_t *)buf, l, 1);
}
else
control16(c, 1, result, 1);
// Set multilink options before sending initial LCP packet
sess_local[s].mp_mrru = 1614;
- sess_local[s].mp_epdis = config->bind_address ? config->bind_address : my_address;
+ sess_local[s].mp_epdis = ntohl(config->bind_address ? config->bind_address : my_address);
sendlcp(s, t);
change_state(s, lcp, RequestSent);
static clockt last_talked = 0;
static clockt start_busy_wait = 0;
- if (!config->cluster_iam_master)
- {
#ifdef BGP
- static time_t stopped_bgp = 0;
- if (bgp_configured)
+ static time_t stopped_bgp = 0;
+ if (bgp_configured)
+ {
+ if (!stopped_bgp)
{
- if (!stopped_bgp)
- {
- LOG(1, 0, 0, "Shutting down in %d seconds, stopping BGP...\n", QUIT_DELAY);
+ LOG(1, 0, 0, "Shutting down in %d seconds, stopping BGP...\n", QUIT_DELAY);
- for (i = 0; i < BGP_NUM_PEERS; i++)
- if (bgp_peers[i].state == Established)
- bgp_stop(&bgp_peers[i]);
+ for (i = 0; i < BGP_NUM_PEERS; i++)
+ if (bgp_peers[i].state == Established)
+ bgp_stop(&bgp_peers[i]);
- stopped_bgp = time_now;
+ stopped_bgp = time_now;
+ if (!config->cluster_iam_master)
+ {
// we don't want to become master
cluster_send_ping(0);
return 1;
}
-
- if (time_now < (stopped_bgp + QUIT_DELAY))
- return 1;
}
+
+ if (!config->cluster_iam_master && time_now < (stopped_bgp + QUIT_DELAY))
+ return 1;
+ }
#endif /* BGP */
+ if (!config->cluster_iam_master)
return 0;
- }
if (main_quit == QUIT_SHUTDOWN)
{
# include "fake_epoll.h"
#endif
-// the base set of fds polled: cli, cluster, tun, udp, control, dae
-#define BASE_FDS 6
+// the base set of fds polled: cli, cluster, tun, udp, control, dae, netlink
+#define BASE_FDS 7
// additional polled fds
#ifdef BGP
exit(1);
}
- LOG(4, 0, 0, "Beginning of main loop. clifd=%d, cluster_sockfd=%d, tunfd=%d, udpfd=%d, controlfd=%d, daefd=%d\n",
- clifd, cluster_sockfd, tunfd, udpfd, controlfd, daefd);
+ LOG(4, 0, 0, "Beginning of main loop. clifd=%d, cluster_sockfd=%d, tunfd=%d, udpfd=%d, controlfd=%d, daefd=%d, nlfd=%d\n",
+ clifd, cluster_sockfd, tunfd, udpfd, controlfd, daefd, nlfd);
/* setup our fds to poll for input */
{
d[i].type = FD_TYPE_DAE;
e.data.ptr = &d[i++];
epoll_ctl(epollfd, EPOLL_CTL_ADD, daefd, &e);
+
+ d[i].type = FD_TYPE_NETLINK;
+ e.data.ptr = &d[i++];
+ epoll_ctl(epollfd, EPOLL_CTL_ADD, nlfd, &e);
}
#ifdef BGP
if (config->neighbour[i].name[0])
bgp_start(&bgp_peers[i], config->neighbour[i].name,
config->neighbour[i].as, config->neighbour[i].keepalive,
- config->neighbour[i].hold, 0); /* 0 = routing disabled */
+ config->neighbour[i].hold, config->neighbour[i].update_source,
+ 0); /* 0 = routing disabled */
}
#endif /* BGP */
break;
#endif /* BGP */
+ case FD_TYPE_NETLINK:
+ {
+ struct nlmsghdr *nh = (struct nlmsghdr *)buf;
+ s = netlink_recv(buf, sizeof(buf));
+ if (nh->nlmsg_type == NLMSG_ERROR)
+ {
+ struct nlmsgerr *errmsg = NLMSG_DATA(nh);
+ if (errmsg->error)
+ {
+ if (errmsg->msg.nlmsg_seq < min_initok_nlseqnum)
+ {
+ LOG(0, 0, 0, "Got a fatal netlink error (while %s): %s\n", tun_nl_phase_msg[nh->nlmsg_seq], strerror(-errmsg->error));
+ exit(1);
+ }
+ else
+
+ LOG(0, 0, 0, "Got a netlink error: %s\n", strerror(-errmsg->error));
+ }
+ // else it's a ack
+ }
+ else
+ LOG(1, 0, 0, "Got a unknown netlink message: type %d seq %d flags %d\n", nh->nlmsg_type, nh->nlmsg_seq, nh->nlmsg_flags);
+ n--;
+ break;
+ }
+
default:
LOG(0, 0, 0, "Unexpected fd type returned from epoll_wait: %d\n", d->type);
}
more++;
}
}
+#ifdef BGP
+ else
+ /* no event received, but timers could still have expired */
+ bgp_process_peers_timers();
+#endif /* BGP */
if (time_changed)
{
//
// Add a block of addresses to the IP pool to hand out.
//
-static void add_to_ip_pool(in_addr_t addr, in_addr_t mask)
+static void add_to_ip_pool(in_addr_t addr, int prefixlen)
{
int i;
- if (mask == 0)
- mask = 0xffffffff; // Host route only.
+ if (prefixlen == 0)
+ prefixlen = 32; // Host route only.
- addr &= mask;
+ addr &= 0xffffffff << (32 - prefixlen);
if (ip_pool_size >= MAXIPPOOL) // Pool is full!
return ;
- for (i = addr ;(i & mask) == addr; ++i)
+ for (i = addr ; i < addr+(1<<(32-prefixlen)); ++i)
{
if ((i & 0xff) == 0 || (i&0xff) == 255)
continue; // Skip 0 and broadcast addresses.
{
// It's a range
int numbits = 0;
- in_addr_t start = 0, mask = 0;
+ in_addr_t start = 0;
LOG(2, 0, 0, "Adding IP address range %s\n", buf);
*p++ = 0;
continue;
}
start = ntohl(inet_addr(pool));
- mask = (in_addr_t) (pow(2, numbits) - 1) << (32 - numbits);
// Add a static route for this pool
- LOG(5, 0, 0, "Adding route for address pool %s/%u\n",
- fmtaddr(htonl(start), 0), 32 + mask);
+ LOG(5, 0, 0, "Adding route for address pool %s/%d\n",
+ fmtaddr(htonl(start), 0), numbits);
- routeset(0, start, mask, 0, 1);
+ routeset(0, start, numbits, 0, 1);
- add_to_ip_pool(start, mask);
+ add_to_ip_pool(start, numbits);
}
else
{
initplugins();
initdata(optdebug, optconfig);
- init_cli(hostname);
+ init_cli();
read_config_file();
+ /* set hostname /after/ having read the config file */
+ if (*config->hostname)
+ strcpy(hostname, config->hostname);
+ cli_init_complete(hostname);
update_config();
init_tbf(config->num_tbfs);
}
}
+ initnetlink();
+
/* Set up the cluster communications port. */
if (cluster_init() < 0)
exit(1);
// Add the route for this session.
for (r = 0; r < MAXROUTE && session[s].route[r].ip; r++)
{
- if ((session[s].ip & session[s].route[r].mask) ==
- (session[s].route[r].ip & session[s].route[r].mask))
+ if ((session[s].ip >> (32-session[s].route[r].prefixlen)) ==
+ (session[s].route[r].ip >> (32-session[s].route[r].prefixlen)))
routed++;
- routeset(s, session[s].route[r].ip, session[s].route[r].mask, 0, 1);
+ routeset(s, session[s].route[r].ip, session[s].route[r].prefixlen, 0, 1);
}
// Static IPs need to be routed if not already
for (i = 0; !newip && i < MAXROUTE && (session[s].route[i].ip || new->route[i].ip); i++)
if (new->route[i].ip != session[s].route[i].ip ||
- new->route[i].mask != session[s].route[i].mask)
+ new->route[i].prefixlen != session[s].route[i].prefixlen)
newip++;
// needs update
// remove old routes...
for (i = 0; i < MAXROUTE && session[s].route[i].ip; i++)
{
- if ((session[s].ip & session[s].route[i].mask) ==
- (session[s].route[i].ip & session[s].route[i].mask))
+ if ((session[s].ip >> (32-session[s].route[i].prefixlen)) ==
+ (session[s].route[i].ip >> (32-session[s].route[i].prefixlen)))
routed++;
- routeset(s, session[s].route[i].ip, session[s].route[i].mask, 0, 0);
+ routeset(s, session[s].route[i].ip, session[s].route[i].prefixlen, 0, 0);
}
// ...ip
// add new routes...
for (i = 0; i < MAXROUTE && new->route[i].ip; i++)
{
- if ((new->ip & new->route[i].mask) ==
- (new->route[i].ip & new->route[i].mask))
+ if ((new->ip >> (32-new->route[i].prefixlen)) ==
+ (new->route[i].ip >> (32-new->route[i].prefixlen)))
routed++;
- routeset(s, new->route[i].ip, new->route[i].mask, 0, 1);
+ routeset(s, new->route[i].ip, new->route[i].prefixlen, 0, 1);
}
// ...ip
projects / l2tpns.git / commitdiff