Merge branch 'common-cvs-git-upstream' into fdn-mods fdn-mods
authorBenjamin Cama <benoar@dolka.fr>
Thu, 2 Feb 2012 01:15:14 +0000 (02:15 +0100)
committerBenjamin Cama <benoar@dolka.fr>
Thu, 2 Feb 2012 01:15:14 +0000 (02:15 +0100)
Signed-off-by: Benjamin Cama <benoar@dolka.fr>
bgp.c
bgp.h
cli.c
etc/startup-config.default
l2tpns.c
l2tpns.h
ppp.c
radius.c
util.c

diff --git a/bgp.c b/bgp.c
index ea4ef45..7c1e6c0 100644 (file)
--- a/bgp.c
+++ b/bgp.c
 
 static void bgp_clear(struct bgp_peer *peer);
 static void bgp_set_retry(struct bgp_peer *peer);
-static void bgp_cidr(in_addr_t ip, in_addr_t mask, struct bgp_ip_prefix *pfx);
 static struct bgp_route_list *bgp_insert_route(struct bgp_route_list *head,
     struct bgp_route_list *new);
+static struct bgp_route6_list *bgp_insert_route6(struct bgp_route6_list *head,
+    struct bgp_route6_list *new);
 
+static void bgp_process_timers(struct bgp_peer *peer);
 static void bgp_free_routes(struct bgp_route_list *routes);
+static void bgp_free_routes6(struct bgp_route6_list *routes);
 static char const *bgp_msg_type_str(uint8_t type);
 static int bgp_connect(struct bgp_peer *peer);
 static int bgp_handle_connect(struct bgp_peer *peer);
@@ -41,11 +44,13 @@ static int bgp_handle_input(struct bgp_peer *peer);
 static int bgp_send_open(struct bgp_peer *peer);
 static int bgp_send_keepalive(struct bgp_peer *peer);
 static int bgp_send_update(struct bgp_peer *peer);
+static int bgp_send_update6(struct bgp_peer *peer);
 static int bgp_send_notification(struct bgp_peer *peer, uint8_t code,
     uint8_t subcode);
 
 static uint16_t our_as;
 static struct bgp_route_list *bgp_routes = 0;
+static struct bgp_route6_list *bgp_routes6 = 0;
 
 int bgp_configured = 0;
 struct bgp_peer *bgp_peers = 0;
@@ -86,6 +91,7 @@ int bgp_setup(int as)
        return 0;
 
     bgp_routes = 0;
+    bgp_routes6 = 0;
     bgp_configured = 0; /* set by bgp_start */
 
     return 1;
@@ -93,7 +99,7 @@ int bgp_setup(int as)
 
 /* start connection with a peer */
 int bgp_start(struct bgp_peer *peer, char *name, int as, int keepalive,
-    int hold, int enable)
+    int hold, struct in_addr update_source, int enable)
 {
     struct hostent *h;
     int ibgp;
@@ -122,6 +128,7 @@ int bgp_start(struct bgp_peer *peer, char *name, int as, int keepalive,
     }
 
     memcpy(&peer->addr, h->h_addr, sizeof(peer->addr));
+    peer->source_addr = update_source.s_addr;
     peer->as = as > 0 ? as : our_as;
     ibgp = peer->as == our_as;
 
@@ -189,15 +196,6 @@ int bgp_start(struct bgp_peer *peer, char *name, int as, int keepalive,
 
     ADD_ATTRIBUTE();
 
-    /* NEXT_HOP */
-    a.flags = BGP_PATH_ATTR_FLAG_TRANS;
-    a.code = BGP_PATH_ATTR_CODE_NEXT_HOP;
-    ip = my_address; /* we're it */
-    a.data.s.len = sizeof(ip);
-    memcpy(a.data.s.value, &ip, sizeof(ip));
-
-    ADD_ATTRIBUTE();
-
     /* MULTI_EXIT_DISC */
     a.flags = BGP_PATH_ATTR_FLAG_OPTIONAL;
     a.code = BGP_PATH_ATTR_CODE_MULTI_EXIT_DISC;
@@ -227,6 +225,25 @@ int bgp_start(struct bgp_peer *peer, char *name, int as, int keepalive,
 
     ADD_ATTRIBUTE();
 
+    /* remember the len before adding NEXT_HOP */
+    peer->path_attr_len_without_nexthop = peer->path_attr_len;
+
+    /* NEXT_HOP */
+    a.flags = BGP_PATH_ATTR_FLAG_TRANS;
+    a.code = BGP_PATH_ATTR_CODE_NEXT_HOP;
+    if (config->nexthop_address)
+    {
+       ip = config->nexthop_address;
+    }
+    else
+    {
+       ip = my_address; /* we're it */
+    }
+    a.data.s.len = sizeof(ip);
+    memcpy(a.data.s.value, &ip, sizeof(ip));
+
+    ADD_ATTRIBUTE();
+
     if (!(peer->path_attrs = malloc(peer->path_attr_len)))
     {
        LOG(0, 0, 0, "Can't allocate path_attrs for %s (%s)\n",
@@ -237,6 +254,53 @@ int bgp_start(struct bgp_peer *peer, char *name, int as, int keepalive,
 
     memcpy(peer->path_attrs, path_attrs, peer->path_attr_len);
 
+    /* multiprotocol attributes initialization */
+    if (config->ipv6_prefix.s6_addr[0])
+    {
+       struct bgp_attr_mp_reach_nlri_partial mp_reach_nlri_partial;
+       struct bgp_attr_mp_unreach_nlri_partial mp_unreach_nlri_partial;
+
+       a.flags = BGP_PATH_ATTR_FLAG_OPTIONAL;
+       a.code = BGP_PATH_ATTR_CODE_MP_REACH_NLRI;
+       a.data.s.len = 0; /* will be set on UPDATE */
+
+       mp_reach_nlri_partial.afi = htons(BGP_MP_AFI_IPv6);
+       mp_reach_nlri_partial.safi = BGP_MP_SAFI_UNICAST;
+       mp_reach_nlri_partial.reserved = 0;
+       mp_reach_nlri_partial.next_hop_len = 16;
+
+       /* use the defined nexthop6, or our address in ipv6_prefix */
+       if (config->nexthop6_address.s6_addr[0])
+           memcpy(&mp_reach_nlri_partial.next_hop,
+                   &config->nexthop6_address.s6_addr, 16);
+       else
+       {
+           /* our address is ipv6prefix::1 */
+           memcpy(&mp_reach_nlri_partial.next_hop,
+                   &config->ipv6_prefix.s6_addr, 16);
+           mp_reach_nlri_partial.next_hop[15] = 1;
+       }
+
+       memcpy(&a.data.s.value, &mp_reach_nlri_partial,
+               sizeof(struct bgp_attr_mp_reach_nlri_partial));
+       memcpy(&peer->mp_reach_nlri_partial, &a,
+               BGP_PATH_ATTR_MP_REACH_NLRI_PARTIAL_SIZE);
+
+       a.flags = BGP_PATH_ATTR_FLAG_OPTIONAL | BGP_PATH_ATTR_FLAG_EXTLEN;
+       a.code = BGP_PATH_ATTR_CODE_MP_UNREACH_NLRI;
+       a.data.e.len = 0; /* will be set on UPDATE */
+
+       mp_unreach_nlri_partial.afi = htons(BGP_MP_AFI_IPv6);
+       mp_unreach_nlri_partial.safi = BGP_MP_SAFI_UNICAST;
+
+       memcpy(&a.data.e.value, &mp_unreach_nlri_partial,
+               sizeof(struct bgp_attr_mp_unreach_nlri_partial));
+       memcpy(&peer->mp_unreach_nlri_partial, &a,
+               BGP_PATH_ATTR_MP_UNREACH_NLRI_PARTIAL_SIZE);
+    }
+
+    peer->mp_handling = HandlingUnknown;
+
     LOG(4, 0, 0, "Initiating BGP connection to %s (routing %s)\n",
        name, enable ? "enabled" : "suspended");
 
@@ -265,6 +329,8 @@ static void bgp_clear(struct bgp_peer *peer)
 
     bgp_free_routes(peer->routes);
     peer->routes = 0;
+    bgp_free_routes6(peer->routes6);
+    peer->routes6 = 0;
 
     peer->outbuf->packet.header.len = 0;
     peer->outbuf->done = 0;
@@ -325,32 +391,39 @@ static void bgp_set_retry(struct bgp_peer *peer)
        bgp_halt(peer); /* give up */
 }
 
-/* convert ip/mask to CIDR notation */
-static void bgp_cidr(in_addr_t ip, in_addr_t mask, struct bgp_ip_prefix *pfx)
+/* insert route into list; sorted */
+static struct bgp_route_list *bgp_insert_route(struct bgp_route_list *head,
+    struct bgp_route_list *new)
 {
-    int i;
-    uint32_t b;
-
-    /* convert to prefix notation */
-    pfx->len = 32;
-    pfx->prefix = ip;
+    struct bgp_route_list *p = head;
+    struct bgp_route_list *e = 0;
 
-    if (!mask) /* bogus */
-       mask = 0xffffffff;
+    while (p && memcmp(&p->dest, &new->dest, sizeof(p->dest)) < 0)
+    {
+       e = p;
+       p = p->next;
+    }
 
-    for (i = 0; i < 32 && ((b = ntohl(1 << i)), !(mask & b)); i++)
+    if (e)
     {
-       pfx->len--;
-       pfx->prefix &= ~b;
+       new->next = e->next;
+       e->next = new;
+    }
+    else
+    {
+       new->next = head;
+       head = new;
     }
+
+    return head;
 }
 
-/* insert route into list; sorted */
-static struct bgp_route_list *bgp_insert_route(struct bgp_route_list *head,
-    struct bgp_route_list *new)
+/* insert route6 into list; sorted */
+static struct bgp_route6_list *bgp_insert_route6(struct bgp_route6_list *head,
+    struct bgp_route6_list *new)
 {
-    struct bgp_route_list *p = head;
-    struct bgp_route_list *e = 0;
+    struct bgp_route6_list *p = head;
+    struct bgp_route6_list *e = 0;
 
     while (p && memcmp(&p->dest, &new->dest, sizeof(p->dest)) < 0)
     {
@@ -379,13 +452,14 @@ static struct bgp_route_list *bgp_insert_route(struct bgp_route_list *head,
  * that if that route is later deleted we don't have to be concerned
  * about adding back the more specific one).
  */
-int bgp_add_route(in_addr_t ip, in_addr_t mask)
+int bgp_add_route(in_addr_t ip, int prefixlen)
 {
     struct bgp_route_list *r = bgp_routes;
     struct bgp_route_list add;
     int i;
 
-    bgp_cidr(ip, mask, &add.dest);
+    add.dest.prefix = ip;
+    add.dest.len = prefixlen;
     add.next = 0;
 
     /* check for duplicate */
@@ -424,15 +498,69 @@ int bgp_add_route(in_addr_t ip, in_addr_t mask)
     return 1;
 }
 
+/* add route to list for peers */
+/*
+ * Note: same provisions as above
+ */
+int bgp_add_route6(struct in6_addr ip, int prefixlen)
+{
+    struct bgp_route6_list *r = bgp_routes6;
+    struct bgp_route6_list add;
+    int i;
+    char ipv6addr[INET6_ADDRSTRLEN];
+
+    memcpy(&add.dest.prefix, &ip.s6_addr, 16);
+    add.dest.len = prefixlen;
+    add.next = 0;
+
+    /* check for duplicate */
+    while (r)
+    {
+       i = memcmp(&r->dest, &add.dest, sizeof(r->dest));
+       if (!i)
+           return 1; /* already covered */
+
+       if (i > 0)
+           break;
+
+       r = r->next;
+    }
+
+    /* insert into route list; sorted */
+    if (!(r = malloc(sizeof(*r))))
+    {
+       LOG(0, 0, 0, "Can't allocate route for %s/%d (%s)\n",
+           inet_ntop(AF_INET6, &ip, ipv6addr, INET6_ADDRSTRLEN), add.dest.len,
+           strerror(errno));
+
+       return 0;
+    }
+
+    memcpy(r, &add, sizeof(*r));
+    bgp_routes6 = bgp_insert_route6(bgp_routes6, r);
+
+    /* flag established peers for update */
+    for (i = 0; i < BGP_NUM_PEERS; i++)
+       if (bgp_peers[i].state == Established
+               && bgp_peers[i].mp_handling == HandleIPv6Routes)
+           bgp_peers[i].update_routes6 = 1;
+
+    LOG(4, 0, 0, "Registered BGP route %s/%d\n",
+       inet_ntop(AF_INET6, &ip, ipv6addr, INET6_ADDRSTRLEN), add.dest.len);
+
+    return 1;
+}
+
 /* remove route from list for peers */
-int bgp_del_route(in_addr_t ip, in_addr_t mask)
+int bgp_del_route(in_addr_t ip, int prefixlen)
 {
     struct bgp_route_list *r = bgp_routes;
     struct bgp_route_list *e = 0;
     struct bgp_route_list del;
     int i;
 
-    bgp_cidr(ip, mask, &del.dest);
+    del.dest.prefix = ip;
+    del.dest.len = prefixlen;
     del.next = 0;
 
     /* find entry in routes list and remove */
@@ -473,6 +601,58 @@ int bgp_del_route(in_addr_t ip, in_addr_t mask)
     return 1;
 }
 
+/* remove route from list for peers */
+int bgp_del_route6(struct in6_addr ip, int prefixlen)
+{
+    struct bgp_route6_list *r = bgp_routes6;
+    struct bgp_route6_list *e = 0;
+    struct bgp_route6_list del;
+    int i;
+    char ipv6addr[INET6_ADDRSTRLEN];
+
+    memcpy(&del.dest.prefix, &ip.s6_addr, 16);
+    del.dest.len = prefixlen;
+    del.next = 0;
+
+    /* find entry in routes list and remove */
+    while (r)
+    {
+       i = memcmp(&r->dest, &del.dest, sizeof(r->dest));
+       if (!i)
+       {
+           if (e)
+               e->next = r->next;
+           else
+               bgp_routes6 = r->next;
+
+           free(r);
+           break;
+       }
+
+       e = r;
+
+       if (i > 0)
+           r = 0; /* stop */
+       else
+           r = r->next;
+    }
+
+    /* not found */
+    if (!r)
+       return 1;
+
+    /* flag established peers for update */
+    for (i = 0; i < BGP_NUM_PEERS; i++)
+       if (bgp_peers[i].state == Established
+               && bgp_peers[i].mp_handling == HandleIPv6Routes)
+           bgp_peers[i].update_routes6 = 1;
+
+    LOG(4, 0, 0, "Removed BGP route %s/%d\n",
+       inet_ntop(AF_INET6, &ip, ipv6addr, INET6_ADDRSTRLEN), del.dest.len);
+
+    return 1;
+}
+
 /* enable or disable routing */
 void bgp_enable_routing(int enable)
 {
@@ -617,36 +797,68 @@ int bgp_process(uint32_t events[])
                continue;
        }
 
-       /* process timers */
-       if (peer->state == Established)
+       /* process pending IPv6 updates */
+       if (peer->update_routes6
+           && !peer->outbuf->packet.header.len) /* ditto */
        {
-           if (time_now > peer->expire_time)
-           {
-               LOG(1, 0, 0, "No message from BGP peer %s in %ds\n",
-                   peer->name, peer->hold);
-
-               bgp_send_notification(peer, BGP_ERR_HOLD_TIMER_EXP, 0);
+           if (!bgp_send_update6(peer))
                continue;
-           }
-
-           if (time_now > peer->keepalive_time && !peer->outbuf->packet.header.len)
-               bgp_send_keepalive(peer);
-       }
-       else if (peer->state == Idle)
-       {
-           if (time_now > peer->retry_time)
-               bgp_connect(peer);
        }
-       else if (time_now > peer->state_time + BGP_STATE_TIME)
+
+       /* process timers */
+       bgp_process_timers(peer);
+    }
+
+    return 1;
+}
+
+/* process bgp timers only */
+void bgp_process_peers_timers()
+{
+    int i;
+
+    if (!bgp_configured)
+       return;
+
+    for (i = 0; i < BGP_NUM_PEERS; i++)
+    {
+       struct bgp_peer *peer = &bgp_peers[i];
+
+       if (peer->state == Disabled)
+           continue;
+
+       bgp_process_timers(peer);
+    }
+}
+
+static void bgp_process_timers(struct bgp_peer *peer)
+{
+    if (peer->state == Established)
+    {
+       if (time_now > peer->expire_time)
        {
-           LOG(1, 0, 0, "%s timer expired for BGP peer %s\n",
-               bgp_state_str(peer->state), peer->name);
+           LOG(1, 0, 0, "No message from BGP peer %s in %ds\n",
+               peer->name, peer->hold);
 
-           bgp_restart(peer);
+           bgp_send_notification(peer, BGP_ERR_HOLD_TIMER_EXP, 0);
+           return;
        }
+
+       if (time_now > peer->keepalive_time && !peer->outbuf->packet.header.len)
+           bgp_send_keepalive(peer);
+    }
+    else if (peer->state == Idle)
+    {
+       if (time_now > peer->retry_time)
+           bgp_connect(peer);
     }
+    else if (time_now > peer->state_time + BGP_STATE_TIME)
+    {
+       LOG(1, 0, 0, "%s timer expired for BGP peer %s\n",
+           bgp_state_str(peer->state), peer->name);
 
-    return 1;
+       bgp_restart(peer);
+    }
 }
 
 static void bgp_free_routes(struct bgp_route_list *routes)
@@ -660,6 +872,17 @@ static void bgp_free_routes(struct bgp_route_list *routes)
     }
 }
 
+static void bgp_free_routes6(struct bgp_route6_list *routes)
+{
+    struct bgp_route6_list *tmp;
+
+    while ((tmp = routes))
+    {
+       routes = tmp->next;
+       free(tmp);
+    }
+}
+
 char const *bgp_state_str(enum bgp_state state)
 {
     switch (state)
@@ -694,6 +917,7 @@ static int bgp_connect(struct bgp_peer *peer)
 {
     static int bgp_port = 0;
     struct sockaddr_in addr;
+    struct sockaddr_in source_addr;
     struct epoll_event ev;
 
     if (!bgp_port)
@@ -725,6 +949,19 @@ static int bgp_connect(struct bgp_peer *peer)
     /* set to non-blocking */
     fcntl(peer->sock, F_SETFL, fcntl(peer->sock, F_GETFL, 0) | O_NONBLOCK);
 
+    /* set source address */
+    memset(&source_addr, 0, sizeof(source_addr));
+    source_addr.sin_family = AF_INET;
+    source_addr.sin_addr.s_addr = peer->source_addr; /* defaults to INADDR_ANY */
+    if (bind(peer->sock, (struct sockaddr *) &source_addr, sizeof(source_addr)) < 0)
+    {
+       LOG(1, 0, 0, "Can't set source address to %s: %s\n",
+           inet_ntoa(source_addr.sin_addr), strerror(errno));
+
+       bgp_set_retry(peer);
+       return 0;
+    }
+
     /* try connect */
     memset(&addr, 0, sizeof(addr));
     addr.sin_family = AF_INET;
@@ -900,6 +1137,12 @@ static int bgp_handle_input(struct bgp_peer *peer)
            struct bgp_data_open data;
            int hold;
            int i;
+           off_t param_offset, capability_offset;
+           struct bgp_opt_param *param;
+           uint8_t capabilities_len;
+           char *capabilities = NULL;
+           struct bgp_capability *capability;
+           struct bgp_mp_cap_param *mp_cap;
 
            for (i = 0; i < sizeof(p->header.marker); i++)
            {
@@ -962,10 +1205,93 @@ static int bgp_handle_input(struct bgp_peer *peer)
            if (peer->keepalive * 3 > peer->hold)
                peer->keepalive = peer->hold / 3;
 
+           /* check for optional parameters */
+           /* 2 is for the size of type + len (both uint8_t) */
+           for (param_offset = 0;
+                   param_offset < data.opt_len;
+                   param_offset += 2 + param->len)
+           {
+               param = (struct bgp_opt_param *)((char *)&data.opt_params + param_offset);
+
+               /* sensible check */
+               if (data.opt_len - param_offset < 2
+                       || param->len > data.opt_len - param_offset - 2)
+               {
+                   LOG(1, 0, 0, "Malformed Optional Parameter list from BGP peer %s\n",
+                       peer->name);
+
+                   bgp_send_notification(peer, BGP_ERR_OPEN, BGP_ERR_UNSPEC);
+                   return 0;
+               }
+
+               /* we know only one parameter type */
+               if (param->type != BGP_PARAM_TYPE_CAPABILITY)
+               {
+                   LOG(1, 0, 0, "Unsupported Optional Parameter type %d from BGP peer %s\n",
+                       param->type, peer->name);
+
+                   bgp_send_notification(peer, BGP_ERR_OPEN, BGP_ERR_OPN_UNSUP_PARAM);
+                   return 0;
+               }
+
+               capabilities_len = param->len;
+               capabilities = (char *)&param->value;
+
+               /* look for BGP multiprotocol capability */
+               for (capability_offset = 0;
+                       capability_offset < capabilities_len;
+                       capability_offset += 2 + capability->len)
+               {
+                   capability = (struct bgp_capability *)(capabilities + capability_offset);
+
+                   /* sensible check */
+                   if (capabilities_len - capability_offset < 2
+                           || capability->len > capabilities_len - capability_offset - 2)
+                   {
+                       LOG(1, 0, 0, "Malformed Capabilities list from BGP peer %s\n",
+                           peer->name);
+
+                       bgp_send_notification(peer, BGP_ERR_OPEN, BGP_ERR_UNSPEC);
+                       return 0;
+                   }
+
+                   /* we only know one capability code */
+                   if (capability->code != BGP_CAP_CODE_MP
+                           && capability->len != sizeof(struct bgp_mp_cap_param))
+                   {
+                       LOG(4, 0, 0, "Unsupported Capability code %d from BGP peer %s\n",
+                           capability->code, peer->name);
+
+                       /* we don't terminate, still; we just jump to the next one */
+                       continue;
+                   }
+
+                   mp_cap = (struct bgp_mp_cap_param *)&capability->value;
+                   /* the only <AFI, SAFI> tuple we support */
+                   if (ntohs(mp_cap->afi) != BGP_MP_AFI_IPv6 && mp_cap->safi != BGP_MP_SAFI_UNICAST)
+                   {
+                       LOG(4, 0, 0, "Unsupported multiprotocol AFI %d and SAFI %d from BGP peer %s\n",
+                           mp_cap->afi, mp_cap->safi, peer->name);
+
+                       /* we don't terminate, still; we just jump to the next one */
+                       continue;
+                   }
+
+                   /* yes it can! */
+                   peer->mp_handling = HandleIPv6Routes;
+               }
+           }
+
+           if (peer->mp_handling != HandleIPv6Routes)
+           {
+               peer->mp_handling = DoesntHandleIPv6Routes;
+               if (config->ipv6_prefix.s6_addr[0])
+                   LOG(1, 0, 0, "Warning: BGP peer %s doesn't handle IPv6 prefixes updates\n",
+                           peer->name);
+           }
+
            /* next transition requires an exchange of keepalives */
            bgp_send_keepalive(peer);
-
-           /* FIXME: may need to check for optional params */
        }
 
        break;
@@ -994,10 +1320,30 @@ static int bgp_handle_input(struct bgp_peer *peer)
            if (notification->error_code == BGP_ERR_CEASE)
            {
                LOG(4, 0, 0, "BGP peer %s sent CEASE\n", peer->name);
-               bgp_restart(peer);
+               bgp_set_retry(peer);
+               return 0;
+           }
+
+           if (notification->error_code == BGP_ERR_OPEN
+                   && notification->error_subcode == BGP_ERR_OPN_UNSUP_PARAM)
+           {
+               LOG(4, 0, 0, "BGP peer %s doesn't support BGP Capabilities\n", peer->name);
+               peer->mp_handling = DoesntHandleIPv6Routes;
+               bgp_set_retry(peer);
                return 0;
            }
 
+           if (notification->error_code == BGP_ERR_OPEN
+                   && notification->error_subcode == BGP_ERR_OPN_UNSUP_CAP)
+           {
+               /* the only capability we advertise is this one, so upon receiving
+                  an "unsupported capability" message, we disable IPv6 routes for
+                  this peer */
+               LOG(4, 0, 0, "BGP peer %s doesn't support IPv6 routes advertisement\n", peer->name);
+               peer->mp_handling = DoesntHandleIPv6Routes;
+               break;
+           }
+
            /* FIXME: should handle more notifications */
            LOG(4, 0, 0, "BGP peer %s sent unhandled NOTIFICATION %d\n",
                peer->name, (int) notification->error_code);
@@ -1028,6 +1374,9 @@ static int bgp_handle_input(struct bgp_peer *peer)
 static int bgp_send_open(struct bgp_peer *peer)
 {
     struct bgp_data_open data;
+    struct bgp_mp_cap_param mp_ipv6 = { htons(BGP_MP_AFI_IPv6), 0, BGP_MP_SAFI_UNICAST };
+    struct bgp_capability cap_mp_ipv6;
+    struct bgp_opt_param param_cap_mp_ipv6;
     uint16_t len = sizeof(peer->outbuf->packet.header);
 
     memset(peer->outbuf->packet.header.marker, 0xff,
@@ -1038,11 +1387,35 @@ static int bgp_send_open(struct bgp_peer *peer)
     data.version = BGP_VERSION;
     data.as = htons(our_as);
     data.hold_time = htons(peer->hold);
-    data.identifier = my_address;
-    data.opt_len = 0;
+    /* use the source IP we use as identifier, if available */
+    if (peer->source_addr != INADDR_ANY)
+       data.identifier = peer->source_addr;
+    else
+       data.identifier = my_address;
+
+    /* if we know peer doesn't support MP (mp_handling == DoesntHandleIPv6Routes)
+       then don't add this parameter */
+    if (config->ipv6_prefix.s6_addr[0]
+           && (peer->mp_handling == HandlingUnknown
+               || peer->mp_handling == HandleIPv6Routes))
+    {
+       /* construct the param and capability */
+       cap_mp_ipv6.code = BGP_CAP_CODE_MP;
+       cap_mp_ipv6.len = sizeof(mp_ipv6);
+       memcpy(&cap_mp_ipv6.value, &mp_ipv6, cap_mp_ipv6.len);
+
+       param_cap_mp_ipv6.type = BGP_PARAM_TYPE_CAPABILITY;
+       param_cap_mp_ipv6.len = 2 + sizeof(mp_ipv6);
+       memcpy(&param_cap_mp_ipv6.value, &cap_mp_ipv6, param_cap_mp_ipv6.len);
+
+       data.opt_len = 2 + param_cap_mp_ipv6.len;
+       memcpy(&data.opt_params, &param_cap_mp_ipv6, data.opt_len);
+    }
+    else
+       data.opt_len = 0;
 
-    memcpy(peer->outbuf->packet.data, &data, BGP_DATA_OPEN_SIZE);
-    len += BGP_DATA_OPEN_SIZE;
+    memcpy(peer->outbuf->packet.data, &data, BGP_DATA_OPEN_SIZE + data.opt_len);
+    len += BGP_DATA_OPEN_SIZE + data.opt_len;
 
     peer->outbuf->packet.header.len = htons(len);
     peer->outbuf->done = 0;
@@ -1209,6 +1582,179 @@ static int bgp_send_update(struct bgp_peer *peer)
     return bgp_write(peer);
 }
 
+/* send/buffer UPDATE message for IPv6 routes */
+static int bgp_send_update6(struct bgp_peer *peer)
+{
+    uint16_t attr_len;
+    uint16_t unreach_len = 0;
+    char *unreach_len_pos;
+    uint8_t reach_len;
+    uint16_t len = sizeof(peer->outbuf->packet.header);
+    struct bgp_route6_list *have = peer->routes6;
+    struct bgp_route6_list *want = peer->routing ? bgp_routes6 : 0;
+    struct bgp_route6_list *e = 0;
+    struct bgp_route6_list *add = 0;
+    int s;
+    char ipv6addr[INET6_ADDRSTRLEN];
+
+    char *data = (char *) &peer->outbuf->packet.data;
+
+    /* need leave room for attr_len, bgp_path_attrs and one prefix */
+    char *max = (char *) &peer->outbuf->packet.data
+       + sizeof(peer->outbuf->packet.data)
+       - sizeof(attr_len) - peer->path_attr_len_without_nexthop
+       - BGP_PATH_ATTR_MP_REACH_NLRI_PARTIAL_SIZE - sizeof(struct bgp_ip6_prefix);
+
+    memset(peer->outbuf->packet.header.marker, 0xff,
+       sizeof(peer->outbuf->packet.header.marker));
+
+    peer->outbuf->packet.header.type = BGP_MSG_UPDATE;
+
+    /* insert non-MP unfeasible routes length */
+    memcpy(data, &unreach_len, sizeof(unreach_len));
+    /* skip over it and attr_len too; it will be filled when known */
+    data += sizeof(unreach_len) + sizeof(attr_len);
+    len += sizeof(unreach_len) + sizeof(attr_len);
+
+    /* copy usual attributes */
+    memcpy(data, peer->path_attrs, peer->path_attr_len_without_nexthop);
+    data += peer->path_attr_len_without_nexthop;
+    attr_len = peer->path_attr_len_without_nexthop;
+
+    /* copy MP unreachable NLRI heading */
+    memcpy(data, peer->mp_unreach_nlri_partial,
+           BGP_PATH_ATTR_MP_UNREACH_NLRI_PARTIAL_SIZE);
+    /* remember where to update this attr len */
+    unreach_len_pos = data + 2;
+    data += BGP_PATH_ATTR_MP_UNREACH_NLRI_PARTIAL_SIZE;
+    attr_len += BGP_PATH_ATTR_MP_UNREACH_NLRI_PARTIAL_SIZE;
+
+    peer->update_routes6 = 0; /* tentatively clear */
+
+    /* find differences */
+    while ((have || want) && data < (max - sizeof(struct bgp_ip6_prefix)))
+    {
+       if (have)
+           s = want
+               ? memcmp(&have->dest, &want->dest, sizeof(have->dest))
+               : -1;
+       else
+           s = 1;
+
+       if (s < 0) /* found one to delete */
+       {
+           struct bgp_route6_list *tmp = have;
+           have = have->next;
+
+           s = BGP_IP_PREFIX_SIZE(tmp->dest);
+           memcpy(data, &tmp->dest, s);
+           data += s;
+           unreach_len += s;
+           attr_len += s;
+
+           LOG(5, 0, 0, "Withdrawing route %s/%d from BGP peer %s\n",
+               inet_ntop(AF_INET6, &tmp->dest.prefix, ipv6addr, INET6_ADDRSTRLEN),
+               tmp->dest.len, peer->name);
+
+           free(tmp);
+
+           if (e)
+               e->next = have;
+           else
+               peer->routes6 = have;
+       }
+       else
+       {
+           if (!s) /* same */
+           {
+               e = have; /* stash the last found to relink above */
+               have = have->next;
+               want = want->next;
+           }
+           else if (s > 0) /* addition reqd. */
+           {
+               if (add)
+               {
+                   peer->update_routes6 = 1; /* only one add per packet */
+                   if (!have)
+                       break;
+               }
+               else
+                   add = want;
+
+               if (want)
+                   want = want->next;
+           }
+       }
+    }
+
+    if (have || want)
+       peer->update_routes6 = 1; /* more to do */
+
+    /* anything changed? */
+    if (!(unreach_len || add))
+       return 1;
+
+    if (unreach_len)
+    {
+       /* go back and insert MP unreach_len */
+       unreach_len += sizeof(struct bgp_attr_mp_unreach_nlri_partial);
+       unreach_len = htons(unreach_len);
+       memcpy(unreach_len_pos, &unreach_len, sizeof(unreach_len));
+    }
+    else
+    {
+       /* we can remove this attribute, then */
+       data -= BGP_PATH_ATTR_MP_UNREACH_NLRI_PARTIAL_SIZE;
+       attr_len -= BGP_PATH_ATTR_MP_UNREACH_NLRI_PARTIAL_SIZE;
+    }
+
+    if (add)
+    {
+       if (!(e = malloc(sizeof(*e))))
+       {
+           LOG(0, 0, 0, "Can't allocate route for %s/%d (%s)\n",
+               inet_ntop(AF_INET6, &add->dest.prefix, ipv6addr, INET6_ADDRSTRLEN),
+               add->dest.len, strerror(errno));
+
+           return 0;
+       }
+
+       memcpy(e, add, sizeof(*e));
+       e->next = 0;
+       peer->routes6 = bgp_insert_route6(peer->routes6, e);
+
+       /* copy MP reachable NLRI heading */
+       memcpy(data, peer->mp_reach_nlri_partial,
+               BGP_PATH_ATTR_MP_REACH_NLRI_PARTIAL_SIZE);
+       /* with proper len */
+       reach_len = BGP_IP_PREFIX_SIZE(add->dest);
+       data[2] = sizeof(struct bgp_attr_mp_reach_nlri_partial) + reach_len;
+       data += BGP_PATH_ATTR_MP_REACH_NLRI_PARTIAL_SIZE;
+       attr_len += BGP_PATH_ATTR_MP_REACH_NLRI_PARTIAL_SIZE;
+
+       memcpy(data, &add->dest, reach_len);
+       data += reach_len;
+       attr_len += reach_len;
+
+       LOG(5, 0, 0, "Advertising route %s/%d to BGP peer %s\n",
+           inet_ntop(AF_INET6, &add->dest.prefix, ipv6addr, INET6_ADDRSTRLEN),
+           add->dest.len, peer->name);
+    }
+
+    /* update len with attributes we added */
+    len += attr_len;
+
+    /* go back and insert attr_len */
+    attr_len = htons(attr_len);
+    memcpy((char *)&peer->outbuf->packet.data + 2, &attr_len, sizeof(attr_len));
+
+    peer->outbuf->packet.header.len = htons(len);
+    peer->outbuf->done = 0;
+
+    return bgp_write(peer);
+}
+
 /* send/buffer NOTIFICATION message */
 static int bgp_send_notification(struct bgp_peer *peer, uint8_t code,
     uint8_t subcode)
diff --git a/bgp.h b/bgp.h
index 8540375..8e636ab 100644 (file)
--- a/bgp.h
+++ b/bgp.h
@@ -43,11 +43,51 @@ struct bgp_data_open {
     char opt_params[sizeof(((struct bgp_packet *)0)->data) - BGP_DATA_OPEN_SIZE]; /* variable */
 } __attribute__ ((packed));
 
+struct bgp_opt_param {
+    uint8_t type;
+    uint8_t len;
+#define BGP_MAX_OPT_PARAM_SIZE 256
+    char value[BGP_MAX_OPT_PARAM_SIZE];
+} __attribute__ ((packed));
+
+#define BGP_PARAM_TYPE_CAPABILITY      2
+struct bgp_capability {
+    uint8_t code;
+    uint8_t len;
+#define BGP_MAX_CAPABILITY_SIZE        256
+    char value[BGP_MAX_CAPABILITY_SIZE];
+} __attribute__ ((packed));
+
+/* RFC4760 Multiprotocol extension */
+#define BGP_CAP_CODE_MP        1
+
+struct bgp_mp_cap_param {
+    uint16_t afi; /* sa_family_t */
+    uint8_t reserved; /* SHOULD be 0 */
+    uint8_t safi;
+} __attribute__ ((packed));
+
+/* bgp_mp_cap_param.afi */
+#define BGP_MP_AFI_RESERVED    0
+#define BGP_MP_AFI_IPv4                1
+#define BGP_MP_AFI_IPv6                2
+/* bgp_mp_cap_param.safi */
+#define BGP_MP_SAFI_UNICAST    1
+#define BGP_MP_SAFI_MULTICAST  2
+
+struct bgp_ip6_prefix {
+    uint8_t len;
+    uint8_t prefix[16]; /* variable */
+} __attribute__ ((packed));
+
+/* end of RFC4760 specific definitions */
+
 struct bgp_ip_prefix {
     uint8_t len;
     uint32_t prefix; /* variable */
 } __attribute__ ((packed));
 
+/* works for both IPv4 and IPv6 prefixes */
 #define BGP_IP_PREFIX_SIZE(p) (1 + ((p).len / 8) + ((p).len % 8 != 0))
 
 struct bgp_path_attr {
@@ -65,6 +105,22 @@ struct bgp_path_attr {
     } data; /* variable */
 } __attribute__ ((packed));
 
+struct bgp_attr_mp_reach_nlri_partial {
+    uint16_t afi; /* sa_family_t */
+    uint8_t safi;
+    uint8_t next_hop_len;
+    uint8_t next_hop[16];
+    uint8_t reserved;
+} __attribute__ ((packed));
+#define BGP_PATH_ATTR_MP_REACH_NLRI_PARTIAL_SIZE (3 + sizeof(struct bgp_attr_mp_reach_nlri_partial))
+
+struct bgp_attr_mp_unreach_nlri_partial {
+    uint16_t afi; /* sa_family_t */
+    uint8_t safi;
+} __attribute__ ((packed));
+/* we use it as an extended attribute */
+#define BGP_PATH_ATTR_MP_UNREACH_NLRI_PARTIAL_SIZE (4 + sizeof(struct bgp_attr_mp_unreach_nlri_partial))
+
 /* bgp_path_attr.flags (bitfields) */
 #define BGP_PATH_ATTR_FLAG_OPTIONAL    (1 << 7)
 #define BGP_PATH_ATTR_FLAG_TRANS       (1 << 6)
@@ -85,9 +141,11 @@ struct bgp_path_attr {
 #define BGP_PATH_ATTR_CODE_ATOMIC_AGGREGATE    6       /* well-known, discretionary */
 #define BGP_PATH_ATTR_CODE_AGGREGATOR          7       /* optional, transitive */
 #define BGP_PATH_ATTR_CODE_COMMUNITIES         8       /* optional, transitive (RFC1997) */
+#define BGP_PATH_ATTR_CODE_MP_REACH_NLRI       14      /* optional, non-transitive (RFC4760) */
+#define BGP_PATH_ATTR_CODE_MP_UNREACH_NLRI     15      /* optional, non-transitive (RFC4760) */
 
 #define BGP_PATH_ATTR_SIZE(p) ((((p).flags & BGP_PATH_ATTR_FLAG_EXTLEN) \
-    ? ((p).data.e.len + 1) : (p).data.s.len) + 3)
+    ? ((p).data.e.len + 4) : (p).data.s.len) + 3)
 
 /* well known COMMUNITIES */
 #define BGP_COMMUNITY_NO_EXPORT                        0xffffff01      /* don't advertise outside confederation */
@@ -101,6 +159,7 @@ struct bgp_data_notification {
 } __attribute__ ((packed));
 
 /* bgp_data_notification.error_code, .error_subcode */
+#define BGP_ERR_UNSPEC                 0
 #define BGP_ERR_HEADER                 1
 #  define BGP_ERR_HDR_NOT_SYNC           1
 #  define BGP_ERR_HDR_BAD_LEN            2
@@ -112,6 +171,7 @@ struct bgp_data_notification {
 #  define BGP_ERR_OPN_UNSUP_PARAM        4
 #  define BGP_ERR_OPN_AUTH_FAILURE       5
 #  define BGP_ERR_OPN_HOLD_TIME                  6
+#  define BGP_ERR_OPN_UNSUP_CAP                  7
 #define BGP_ERR_UPDATE                 3
 #  define BGP_ERR_UPD_BAD_ATTR_LIST      1
 #  define BGP_ERR_UPD_UNKN_WK_ATTR       2
@@ -138,6 +198,11 @@ enum bgp_state {
     Established,                       /* established */
 };
 
+struct bgp_route6_list {
+    struct bgp_ip6_prefix dest;
+    struct bgp_route6_list *next;
+};
+
 struct bgp_route_list {
     struct bgp_ip_prefix dest;
     struct bgp_route_list *next;
@@ -148,10 +213,17 @@ struct bgp_buf {
     size_t done;                       /* bytes sent/recvd */
 };
 
+enum bgp_mp_handling {
+    HandleIPv6Routes,
+    DoesntHandleIPv6Routes,
+    HandlingUnknown,
+};
+
 /* state */
 struct bgp_peer {
     char name[32];                     /* peer name */
     in_addr_t addr;                    /* peer address */
+    in_addr_t source_addr;             /* our source address */
     int as;                            /* AS number */
     int sock;
     enum bgp_state state;              /* FSM state */
@@ -173,8 +245,14 @@ struct bgp_peer {
     int cli_flag;                      /* updates requested from CLI */
     char *path_attrs;                  /* path attrs to send in UPDATE message */
     int path_attr_len;                 /* length of path attrs */
+    int path_attr_len_without_nexthop; /* length of path attrs  without NEXT_HOP */
     uint32_t events;                   /* events to poll */
     struct event_data edata;           /* poll data */
+    enum bgp_mp_handling mp_handling;  /* how it handles IPv6 routes advertisements */
+    int update_routes6;                        /* UPDATE required for IPv6 routes */
+    struct bgp_route6_list *routes6;   /* IPv6 routes known by this peer */
+    char mp_reach_nlri_partial[BGP_PATH_ATTR_MP_REACH_NLRI_PARTIAL_SIZE];
+    char mp_unreach_nlri_partial[BGP_PATH_ATTR_MP_UNREACH_NLRI_PARTIAL_SIZE];
 };
 
 /* bgp_peer.cli_flag */
@@ -188,16 +266,19 @@ extern int bgp_configured;
 /* actions */
 int bgp_setup(int as);
 int bgp_start(struct bgp_peer *peer, char *name, int as, int keepalive,
-    int hold, int enable);
+    int hold, struct in_addr update_source, int enable);
 
 void bgp_stop(struct bgp_peer *peer);
 void bgp_halt(struct bgp_peer *peer);
 int bgp_restart(struct bgp_peer *peer);
-int bgp_add_route(in_addr_t ip, in_addr_t mask);
-int bgp_del_route(in_addr_t ip, in_addr_t mask);
+int bgp_add_route(in_addr_t ip, int prefixlen);
+int bgp_add_route6(struct in6_addr ip, int prefixlen);
+int bgp_del_route(in_addr_t ip, int prefixlen);
+int bgp_del_route6(struct in6_addr ip, int prefixlen);
 void bgp_enable_routing(int enable);
 int bgp_set_poll(void);
 int bgp_process(uint32_t events[]);
+void bgp_process_peers_timers();
 char const *bgp_state_str(enum bgp_state state);
 
 #endif /* __BGP_H__ */
diff --git a/cli.c b/cli.c
index 1149815..3f63413 100644 (file)
--- a/cli.c
+++ b/cli.c
@@ -130,20 +130,14 @@ static int cmd_show_access_list(struct cli_def *cli, char *command, char **argv,
 /* match if b is a substr of a */
 #define MATCH(a,b) (!strncmp((a), (b), strlen(b)))
 
-void init_cli(char *hostname)
+void init_cli()
 {
        FILE *f;
        char buf[4096];
        struct cli_command *c;
        struct cli_command *c2;
-       int on = 1;
-       struct sockaddr_in addr;
 
        cli = cli_init();
-       if (hostname && *hostname)
-               cli_set_hostname(cli, hostname);
-       else
-               cli_set_hostname(cli, "l2tpns");
 
        c = cli_register_command(cli, NULL, "show", NULL, PRIVILEGE_UNPRIVILEGED, MODE_EXEC, NULL);
        cli_register_command(cli, c, "banana", cmd_show_banana, PRIVILEGE_UNPRIVILEGED, MODE_EXEC, "Show a banana");
@@ -269,6 +263,17 @@ void init_cli(char *hostname)
                }
                fclose(f);
        }
+}
+
+void cli_init_complete(char *hostname)
+{
+       int on = 1;
+       struct sockaddr_in addr;
+
+       if (hostname && *hostname)
+               cli_set_hostname(cli, hostname);
+       else
+               cli_set_hostname(cli, "l2tpns");
 
        memset(&addr, 0, sizeof(addr));
        clifd = socket(PF_INET, SOCK_STREAM, IPPROTO_TCP);
@@ -280,13 +285,22 @@ void init_cli(char *hostname)
                fcntl(clifd, F_SETFL, flags | O_NONBLOCK);
        }
        addr.sin_family = AF_INET;
+       addr.sin_addr.s_addr = config->cli_bind_address; /* defaults to INADDR_ANY */
        addr.sin_port = htons(23);
        if (bind(clifd, (void *) &addr, sizeof(addr)) < 0)
+       {
+               LOG(0, 0, 0, "Error binding cli on port 23: %s\n", strerror(errno));
+               close(clifd);
+               clifd = -1;
+               return;
+       }
+       if (listen(clifd, 10) < 0)
        {
                LOG(0, 0, 0, "Error listening on cli port 23: %s\n", strerror(errno));
+               close(clifd);
+               clifd = -1;
                return;
        }
-       listen(clifd, 10);
 }
 
 void cli_do(int sockfd)
@@ -440,6 +454,14 @@ static int cmd_show_session(struct cli_def *cli, char *command, char **argv, int
                        if (session[s].idle_timeout)
                                cli_print(cli, "\tIdle Timeout:\t%u seconds", session[s].idle_timeout - (session[s].last_data ? abs(time_now - session[s].last_data) : 0));
 
+                       if (session[s].timeout)
+                       {
+                               cli_print(cli, "\tRemaining time:\t%u",
+                                       (session[s].bundle && bundle[session[s].bundle].num_of_links > 1)
+                                       ? (unsigned) (session[s].timeout - bundle[session[s].bundle].online_time)
+                                       : (unsigned) (session[s].timeout - (time_now - session[s].opened)));
+                       }
+
                        cli_print(cli, "\tBytes In/Out:\t%u/%u", session[s].cout, session[s].cin);
                        cli_print(cli, "\tPkts In/Out:\t%u/%u", session[s].pout, session[s].pin);
                        cli_print(cli, "\tMRU:\t\t%d", session[s].mru);
@@ -507,7 +529,7 @@ static int cmd_show_session(struct cli_def *cli, char *command, char **argv, int
        }
 
        // Show Summary
-       cli_print(cli, "%5s %4s %-32s %-15s %s %s %s %s %10s %10s %10s %4s %-15s %s",
+       cli_print(cli, "%5s %4s %-32s %-15s %s %s %s %s %10s %10s %10s %4s %10s %-15s %s",
                        "SID",
                        "TID",
                        "Username",
@@ -520,13 +542,20 @@ static int cmd_show_session(struct cli_def *cli, char *command, char **argv, int
                        "downloaded",
                        "uploaded",
                        "idle",
+                       "Rem.Time",
                        "LAC",
                        "CLI");
 
        for (i = 1; i < MAXSESSION; i++)
        {
+               uint32_t rem_time;
                if (!session[i].opened) continue;
-               cli_print(cli, "%5d %4d %-32s %-15s %s %s %s %s %10u %10lu %10lu %4u %-15s %s",
+               if (session[i].bundle && bundle[session[i].bundle].num_of_links > 1)
+                       rem_time = session[i].timeout ? (session[i].timeout - bundle[session[i].bundle].online_time) : 0;
+               else
+                       rem_time = session[i].timeout ? (session[i].timeout - (time_now-session[i].opened)) : 0;
+
+               cli_print(cli, "%5d %4d %-32s %-15s %s %s %s %s %10u %10lu %10lu %4u %10lu %-15s %s",
                                i,
                                session[i].tunnel,
                                session[i].user[0] ? session[i].user : "*",
@@ -539,6 +568,7 @@ static int cmd_show_session(struct cli_def *cli, char *command, char **argv, int
                                (unsigned long)session[i].cout,
                                (unsigned long)session[i].cin,
                                abs(time_now - (session[i].last_packet ? session[i].last_packet : time_now)),
+                               (unsigned long)(rem_time),
                                fmtaddr(htonl(tunnel[ session[i].tunnel ].ip), 1),
                                session[i].calling[0] ? session[i].calling : "*");
        }
@@ -957,6 +987,11 @@ static int cmd_show_run(struct cli_def *cli, char *command, char **argv, int arg
                                h = BGP_HOLD_TIME;
 
                        cli_print(cli, " neighbour %s timers %d %d", config->neighbour[i].name, k, h);
+
+                       if (config->neighbour[i].update_source.s_addr != INADDR_ANY)
+                               cli_print(cli, " neighbour %s update-source %s",
+                                               config->neighbour[i].name,
+                                               inet_ntoa(config->neighbour[i].update_source));
                }
        }
 #endif
@@ -1983,6 +2018,7 @@ static int cmd_router_bgp_neighbour(struct cli_def *cli, char *command, char **a
                        return cli_arg_help(cli, 0,
                                "remote-as", "Set remote autonomous system number",
                                "timers",    "Set timers",
+                               "update-source",    "Set source address to use for the BGP session",
                                NULL);
 
                default:
@@ -2001,6 +2037,9 @@ static int cmd_router_bgp_neighbour(struct cli_def *cli, char *command, char **a
                                        return cli_arg_help(cli, 1, NULL);
                        }
 
+                       if (MATCH("update-source", argv[1]))
+                               return cli_arg_help(cli, argc > 3, "A.B.C.D", "Source IP address", NULL);
+
                        return CLI_OK;
                }
        }
@@ -2037,12 +2076,33 @@ static int cmd_router_bgp_neighbour(struct cli_def *cli, char *command, char **a
                        snprintf(config->neighbour[i].name, sizeof(config->neighbour[i].name), "%s", argv[0]);
                        config->neighbour[i].keepalive = -1;
                        config->neighbour[i].hold = -1;
+                       config->neighbour[i].update_source.s_addr = INADDR_ANY;
                }
 
                config->neighbour[i].as = as;
                return CLI_OK;
        }
 
+       if (MATCH("update-source", argv[1]))
+       {
+               struct in_addr addr;
+
+               if (!config->neighbour[i].name[0])
+               {
+                       cli_error(cli, "Specify remote-as first");
+                       return CLI_OK;
+               }
+
+               if (!inet_aton(argv[2], &addr))
+               {
+                       cli_error(cli, "Cannot parse IP \"%s\"", argv[2]);
+                       return CLI_OK;
+               }
+
+               config->neighbour[i].update_source = addr;
+               return CLI_OK;
+       }
+
        if (argc != 4 || !MATCH("timers", argv[1]))
        {
                cli_error(cli, "Invalid arguments");
index 77425c8..f86e2aa 100644 (file)
@@ -7,6 +7,9 @@ set log_file "/var/log/l2tpns"
 # Write pid to this file
 set pid_file "/var/run/l2tpns.pid"
 
+# This host name, if different from the OS one
+#set hostname "localhost"
+
 # Shared secret with LAC
 set l2tp_secret "secret"
 
@@ -53,6 +56,9 @@ set accounting_dir "/var/run/l2tpns/acct"
 # Listen address for L2TP
 #set bind_address 1.1.1.1
 
+# Listen address for CLI
+#set cli_bind_address 127.0.0.1
+
 # Send a gratiuitous ARP for bind address
 #set send_garp no
 
@@ -102,6 +108,10 @@ set accounting_dir "/var/run/l2tpns/acct"
 # IPv6 address prefix
 #set ipv6_prefix ::
 
+# BGP NEXT_HOP path attribute
+#set nexthop 10.0.1.1
+#set nexthop6 2001:db8::1
+
 # Drop/kill sessions
 #load plugin "sessionctl"
 
index 394a323..0721f5c 100644 (file)
--- a/l2tpns.c
+++ b/l2tpns.c
@@ -12,7 +12,6 @@
 #define SYSLOG_NAMES
 #include <syslog.h>
 #include <malloc.h>
-#include <math.h>
 #include <net/route.h>
 #include <sys/mman.h>
 #include <netdb.h>
@@ -29,7 +28,7 @@
 #include <sys/time.h>
 #include <sys/resource.h>
 #include <sys/wait.h>
-#include <linux/if.h>
+#include <net/if.h>
 #include <stddef.h>
 #include <time.h>
 #include <dlfcn.h>
@@ -37,6 +36,8 @@
 #include <sched.h>
 #include <sys/sysinfo.h>
 #include <libcli.h>
+#include <linux/netlink.h>
+#include <linux/rtnetlink.h>
 
 #include "md5.h"
 #include "l2tpns.h"
@@ -54,6 +55,7 @@
 
 // Globals
 configt *config = NULL;                // all configuration
+int nlfd = -1;                 // netlink socket
 int tunfd = -1;                        // tun interface file handle. (network device)
 int udpfd = -1;                        // UDP file handle
 int controlfd = -1;            // Control signal handle
@@ -61,14 +63,14 @@ int clifd = -1;                     // Socket listening for CLI connections.
 int daefd = -1;                        // Socket listening for DAE connections.
 int snoopfd = -1;              // UDP file handle for sending out intercept data
 int *radfds = NULL;            // RADIUS requests file handles
-int ifrfd = -1;                        // File descriptor for routing, etc
-int ifr6fd = -1;               // File descriptor for IPv6 routing, etc
 int rand_fd = -1;              // Random data source
 int cluster_sockfd = -1;       // Intra-cluster communications socket.
 int epollfd = -1;              // event polling
 time_t basetime = 0;           // base clock
-char hostname[1000] = "";      // us.
+char hostname[MAXHOSTNAME] = "";       // us.
 static int tunidx;             // ifr_ifindex of tun device
+int nlseqnum = 0;              // netlink sequence number
+int min_initok_nlseqnum = 0;   // minimun seq number for messages after init is ok
 static int syslog_log = 0;     // are we logging to syslog
 static FILE *log_stream = 0;   // file handle for direct logging (i.e. direct into file, not via syslog).
 uint32_t last_id = 0;          // Unique ID for radius accounting
@@ -155,6 +157,10 @@ config_descriptt config_values[] = {
        CONFIG("cluster_hb_timeout", cluster_hb_timeout, INT),
        CONFIG("cluster_master_min_adv", cluster_master_min_adv, INT),
        CONFIG("ipv6_prefix", ipv6_prefix, IPv6),
+       CONFIG("cli_bind_address", cli_bind_address, IPv4),
+       CONFIG("hostname", hostname, STRING),
+       CONFIG("nexthop_address", nexthop_address, IPv4),
+       CONFIG("nexthop6_address", nexthop6_address, IPv6),
        { NULL, 0, 0, 0 },
 };
 
@@ -162,8 +168,6 @@ static char *plugin_functions[] = {
        NULL,
        "plugin_pre_auth",
        "plugin_post_auth",
-       "plugin_packet_rx",
-       "plugin_packet_tx",
        "plugin_timer",
        "plugin_new_session",
        "plugin_kill_session",
@@ -195,6 +199,8 @@ struct Tstats *_statistics = NULL;
 struct Tringbuffer *ringbuffer = NULL;
 #endif
 
+static ssize_t netlink_send(struct nlmsghdr *nh);
+static void netlink_addattr(struct nlmsghdr *nh, int type, const void *data, int alen);
 static void cache_ipmap(in_addr_t ip, sessionidt s);
 static void uncache_ipmap(in_addr_t ip);
 static void cache_ipv6map(struct in6_addr ip, int prefixlen, sessionidt s);
@@ -414,43 +420,65 @@ void random_data(uint8_t *buf, int len)
 // via BGP if enabled, and stuffs it into the
 // 'sessionbyip' cache.
 //
-// 'ip' and 'mask' must be in _host_ order.
+// 'ip' must be in _host_ order.
 //
-static void routeset(sessionidt s, in_addr_t ip, in_addr_t mask, in_addr_t gw, int add)
+static void routeset(sessionidt s, in_addr_t ip, int prefixlen, in_addr_t gw, int add)
 {
-       struct rtentry r;
+       struct {
+               struct nlmsghdr nh;
+               struct rtmsg rt;
+               char buf[32];
+       } req;
        int i;
+       in_addr_t n_ip;
 
-       if (!mask) mask = 0xffffffff;
+       if (!prefixlen) prefixlen = 32;
 
-       ip &= mask;             // Force the ip to be the first one in the route.
+       ip &= 0xffffffff << (32 - prefixlen);;  // Force the ip to be the first one in the route.
 
-       memset(&r, 0, sizeof(r));
-       r.rt_dev = config->tundevice;
-       r.rt_dst.sa_family = AF_INET;
-       *(uint32_t *) & (((struct sockaddr_in *) &r.rt_dst)->sin_addr.s_addr) = htonl(ip);
-       r.rt_gateway.sa_family = AF_INET;
-       *(uint32_t *) & (((struct sockaddr_in *) &r.rt_gateway)->sin_addr.s_addr) = htonl(gw);
-       r.rt_genmask.sa_family = AF_INET;
-       *(uint32_t *) & (((struct sockaddr_in *) &r.rt_genmask)->sin_addr.s_addr) = htonl(mask);
-       r.rt_flags = (RTF_UP | RTF_STATIC);
+       memset(&req, 0, sizeof(req));
+
+       if (add)
+       {
+               req.nh.nlmsg_type = RTM_NEWROUTE;
+               req.nh.nlmsg_flags = NLM_F_REQUEST | NLM_F_CREATE | NLM_F_REPLACE;
+       }
+       else
+       {
+               req.nh.nlmsg_type = RTM_DELROUTE;
+               req.nh.nlmsg_flags = NLM_F_REQUEST;
+       }
+
+       req.nh.nlmsg_len = NLMSG_LENGTH(sizeof(req.rt));
+
+       req.rt.rtm_family = AF_INET;
+       req.rt.rtm_dst_len = prefixlen;
+       req.rt.rtm_table = RT_TABLE_MAIN;
+       req.rt.rtm_protocol = 42;
+       req.rt.rtm_scope = RT_SCOPE_LINK;
+       req.rt.rtm_type = RTN_UNICAST;
+
+       netlink_addattr(&req.nh, RTA_OIF, &tunidx, sizeof(int));
+       n_ip = htonl(ip);
+       netlink_addattr(&req.nh, RTA_DST, &n_ip, sizeof(n_ip));
        if (gw)
-               r.rt_flags |= RTF_GATEWAY;
-       else if (mask == 0xffffffff)
-               r.rt_flags |= RTF_HOST;
+       {
+               n_ip = htonl(gw);
+               netlink_addattr(&req.nh, RTA_GATEWAY, &n_ip, sizeof(n_ip));
+       }
 
-       LOG(1, s, 0, "Route %s %s/%s%s%s\n", add ? "add" : "del",
-           fmtaddr(htonl(ip), 0), fmtaddr(htonl(mask), 1),
+       LOG(1, s, session[s].tunnel, "Route %s %s/%d%s%s\n", add ? "add" : "del",
+           fmtaddr(htonl(ip), 0), prefixlen,
            gw ? " via" : "", gw ? fmtaddr(htonl(gw), 2) : "");
 
-       if (ioctl(ifrfd, add ? SIOCADDRT : SIOCDELRT, (void *) &r) < 0)
-               LOG(0, 0, 0, "routeset() error in ioctl: %s\n", strerror(errno));
+       if (netlink_send(&req.nh) < 0)
+               LOG(0, 0, 0, "routeset() error in sending netlink message: %s\n", strerror(errno));
 
 #ifdef BGP
        if (add)
-               bgp_add_route(htonl(ip), htonl(mask));
+               bgp_add_route(htonl(ip), prefixlen);
        else
-               bgp_del_route(htonl(ip), htonl(mask));
+               bgp_del_route(htonl(ip), prefixlen);
 #endif /* BGP */
 
                // Add/Remove the IPs to the 'sessionbyip' cache.
@@ -466,40 +494,68 @@ static void routeset(sessionidt s, in_addr_t ip, in_addr_t mask, in_addr_t gw, i
                if (!add)       // Are we deleting a route?
                        s = 0;  // Caching the session as '0' is the same as uncaching.
 
-               for (i = ip; (i&mask) == (ip&mask) ; ++i)
+               for (i = ip; i < ip+(1<<(32-prefixlen)) ; ++i)
                        cache_ipmap(i, s);
        }
 }
 
 void route6set(sessionidt s, struct in6_addr ip, int prefixlen, int add)
 {
-       struct in6_rtmsg rt;
+       struct {
+               struct nlmsghdr nh;
+               struct rtmsg rt;
+               char buf[64];
+       } req;
+       int metric;
        char ipv6addr[INET6_ADDRSTRLEN];
 
-       if (ifr6fd < 0)
+       if (!config->ipv6_prefix.s6_addr[0])
        {
                LOG(0, 0, 0, "Asked to set IPv6 route, but IPv6 not setup.\n");
                return;
        }
 
-       memset(&rt, 0, sizeof(rt));
+       memset(&req, 0, sizeof(req));
+
+       if (add)
+       {
+               req.nh.nlmsg_type = RTM_NEWROUTE;
+               req.nh.nlmsg_flags = NLM_F_REQUEST | NLM_F_CREATE | NLM_F_REPLACE;
+       }
+       else
+       {
+               req.nh.nlmsg_type = RTM_DELROUTE;
+               req.nh.nlmsg_flags = NLM_F_REQUEST;
+       }
+
+       req.nh.nlmsg_len = NLMSG_LENGTH(sizeof(req.rt));
 
-       memcpy(&rt.rtmsg_dst, &ip, sizeof(struct in6_addr));
-       rt.rtmsg_dst_len = prefixlen;
-       rt.rtmsg_metric = 1;
-       rt.rtmsg_flags = RTF_UP;
-       rt.rtmsg_ifindex = tunidx;
+       req.rt.rtm_family = AF_INET6;
+       req.rt.rtm_dst_len = prefixlen;
+       req.rt.rtm_table = RT_TABLE_MAIN;
+       req.rt.rtm_protocol = 42;
+       req.rt.rtm_scope = RT_SCOPE_LINK;
+       req.rt.rtm_type = RTN_UNICAST;
 
-       LOG(1, 0, 0, "Route %s %s/%d\n",
+       netlink_addattr(&req.nh, RTA_OIF, &tunidx, sizeof(int));
+       netlink_addattr(&req.nh, RTA_DST, &ip, sizeof(ip));
+       metric = 1;
+       netlink_addattr(&req.nh, RTA_METRICS, &metric, sizeof(metric));
+
+       LOG(1, s, session[s].tunnel, "Route %s %s/%d\n",
            add ? "add" : "del",
            inet_ntop(AF_INET6, &ip, ipv6addr, INET6_ADDRSTRLEN),
            prefixlen);
 
-       if (ioctl(ifr6fd, add ? SIOCADDRT : SIOCDELRT, (void *) &rt) < 0)
-               LOG(0, 0, 0, "route6set() error in ioctl: %s\n",
-                               strerror(errno));
+       if (netlink_send(&req.nh) < 0)
+               LOG(0, 0, 0, "route6set() error in sending netlink message: %s\n", strerror(errno));
 
-       // FIXME: need to add BGP routing (RFC2858)
+#ifdef BGP
+       if (add)
+               bgp_add_route6(ip, prefixlen);
+       else
+               bgp_del_route6(ip, prefixlen);
+#endif /* BGP */
 
        if (s)
        {
@@ -512,12 +568,86 @@ void route6set(sessionidt s, struct in6_addr ip, int prefixlen, int add)
        return;
 }
 
-// defined in linux/ipv6.h, but tricky to include from user-space
-// TODO: move routing to use netlink rather than ioctl
-struct in6_ifreq {
-       struct in6_addr ifr6_addr;
-       __u32 ifr6_prefixlen;
-       unsigned int ifr6_ifindex;
+//
+// Set up netlink socket
+static void initnetlink(void)
+{
+       struct sockaddr_nl nladdr;
+
+       nlfd = socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE);
+       if (nlfd < 0)
+       {
+               LOG(0, 0, 0, "Can't create netlink socket: %s\n", strerror(errno));
+               exit(1);
+       }
+
+       memset(&nladdr, 0, sizeof(nladdr));
+       nladdr.nl_family = AF_NETLINK;
+       nladdr.nl_pid = getpid();
+
+       if (bind(nlfd, (struct sockaddr *)&nladdr, sizeof(nladdr)) < 0)
+       {
+               LOG(0, 0, 0, "Can't bind netlink socket: %s\n", strerror(errno));
+               exit(1);
+       }
+}
+
+static ssize_t netlink_send(struct nlmsghdr *nh)
+{
+       struct sockaddr_nl nladdr;
+       struct iovec iov;
+       struct msghdr msg;
+
+       nh->nlmsg_pid = getpid();
+       nh->nlmsg_seq = ++nlseqnum;
+
+       // set kernel address
+       memset(&nladdr, 0, sizeof(nladdr));
+       nladdr.nl_family = AF_NETLINK;
+
+       iov = (struct iovec){ (void *)nh, nh->nlmsg_len };
+       msg = (struct msghdr){ (void *)&nladdr, sizeof(nladdr), &iov, 1, NULL, 0, 0 };
+
+       return sendmsg(nlfd, &msg, 0);
+}
+
+static ssize_t netlink_recv(void *buf, ssize_t len)
+{
+       struct sockaddr_nl nladdr;
+       struct iovec iov;
+       struct msghdr msg;
+
+       // set kernel address
+       memset(&nladdr, 0, sizeof(nladdr));
+       nladdr.nl_family = AF_NETLINK;
+
+       iov = (struct iovec){ buf, len };
+       msg = (struct msghdr){ (void *)&nladdr, sizeof(nladdr), &iov, 1, NULL, 0, 0 };
+
+       return recvmsg(nlfd, &msg, 0);
+}
+
+/* adapted from iproute2 */
+static void netlink_addattr(struct nlmsghdr *nh, int type, const void *data, int alen)
+{
+       int len = RTA_LENGTH(alen);
+       struct rtattr *rta;
+
+       rta = (struct rtattr *)(((void *)nh) + NLMSG_ALIGN(nh->nlmsg_len));
+       rta->rta_type = type;
+       rta->rta_len = len;
+       memcpy(RTA_DATA(rta), data, alen);
+       nh->nlmsg_len = NLMSG_ALIGN(nh->nlmsg_len) + RTA_ALIGN(len);
+}
+
+// messages corresponding to different phases seq number
+static char *tun_nl_phase_msg[] = {
+       "initialized",
+       "getting tun interface index",
+       "setting tun interface parameters",
+       "setting tun IPv4 address",
+       "setting tun LL IPv6 address",
+       "setting tun global IPv6 address",
 };
 
 //
@@ -525,8 +655,7 @@ struct in6_ifreq {
 static void inittun(void)
 {
        struct ifreq ifr;
-       struct in6_ifreq ifr6;
-       struct sockaddr_in sin = {0};
+
        memset(&ifr, 0, sizeof(ifr));
        ifr.ifr_flags = IFF_TUN;
 
@@ -545,75 +674,136 @@ static void inittun(void)
                LOG(0, 0, 0, "Can't set tun interface: %s\n", strerror(errno));
                exit(1);
        }
-       assert(strlen(ifr.ifr_name) < sizeof(config->tundevice));
-       strncpy(config->tundevice, ifr.ifr_name, sizeof(config->tundevice) - 1);
-       ifrfd = socket(PF_INET, SOCK_DGRAM, IPPROTO_IP);
+       assert(strlen(ifr.ifr_name) < sizeof(config->tundevice) - 1);
+       strncpy(config->tundevice, ifr.ifr_name, sizeof(config->tundevice));
 
-       sin.sin_family = AF_INET;
-       sin.sin_addr.s_addr = config->bind_address ? config->bind_address : 0x01010101; // 1.1.1.1
-       memcpy(&ifr.ifr_addr, &sin, sizeof(struct sockaddr));
-
-       if (ioctl(ifrfd, SIOCSIFADDR, (void *) &ifr) < 0)
+       tunidx = if_nametoindex(config->tundevice);
+       if (tunidx == 0)
        {
-               LOG(0, 0, 0, "Error setting tun address: %s\n", strerror(errno));
+               LOG(0, 0, 0, "Can't get tun interface index\n");
                exit(1);
        }
-       /* Bump up the qlen to deal with bursts from the network */
-       ifr.ifr_qlen = 1000;
-       if (ioctl(ifrfd, SIOCSIFTXQLEN, (void *) &ifr) < 0)
-       {
-               LOG(0, 0, 0, "Error setting tun queue length: %s\n", strerror(errno));
-               exit(1);
-       }
-       /* set MTU to modem MRU */
-       ifr.ifr_mtu = MRU;
-       if (ioctl(ifrfd, SIOCSIFMTU, (void *) &ifr) < 0)
-       {
-               LOG(0, 0, 0, "Error setting tun MTU: %s\n", strerror(errno));
-               exit(1);
-       }
-       ifr.ifr_flags = IFF_UP;
-       if (ioctl(ifrfd, SIOCSIFFLAGS, (void *) &ifr) < 0)
-       {
-               LOG(0, 0, 0, "Error setting tun flags: %s\n", strerror(errno));
-               exit(1);
-       }
-       if (ioctl(ifrfd, SIOCGIFINDEX, (void *) &ifr) < 0)
+
        {
-               LOG(0, 0, 0, "Error getting tun ifindex: %s\n", strerror(errno));
-               exit(1);
-       }
-       tunidx = ifr.ifr_ifindex;
+               struct {
+                       // interface setting
+                       struct nlmsghdr nh;
+                       union {
+                               struct ifinfomsg ifinfo;
+                               struct ifaddrmsg ifaddr;
+                       } ifmsg;
+                       char rtdata[32]; // 32 should be enough
+               } req;
+               uint32_t txqlen, mtu;
+               in_addr_t ip;
 
-       // Only setup IPv6 on the tun device if we have a configured prefix
-       if (config->ipv6_prefix.s6_addr[0]) {
-               ifr6fd = socket(PF_INET6, SOCK_DGRAM, 0);
+               memset(&req, 0, sizeof(req));
 
-               // Link local address is FE80::1
-               memset(&ifr6.ifr6_addr, 0, sizeof(ifr6.ifr6_addr));
-               ifr6.ifr6_addr.s6_addr[0] = 0xFE;
-               ifr6.ifr6_addr.s6_addr[1] = 0x80;
-               ifr6.ifr6_addr.s6_addr[15] = 1;
-               ifr6.ifr6_prefixlen = 64;
-               ifr6.ifr6_ifindex = ifr.ifr_ifindex;
-               if (ioctl(ifr6fd, SIOCSIFADDR, (void *) &ifr6) < 0)
-               {
-                       LOG(0, 0, 0, "Error setting tun IPv6 link local address:"
-                               " %s\n", strerror(errno));
-               }
+               req.nh.nlmsg_type = RTM_NEWLINK;
+               req.nh.nlmsg_flags = NLM_F_REQUEST | NLM_F_MULTI;
+               req.nh.nlmsg_len = NLMSG_LENGTH(sizeof(req.ifmsg.ifinfo));
 
-               // Global address is prefix::1
-               memset(&ifr6.ifr6_addr, 0, sizeof(ifr6.ifr6_addr));
-               ifr6.ifr6_addr = config->ipv6_prefix;
-               ifr6.ifr6_addr.s6_addr[15] = 1;
-               ifr6.ifr6_prefixlen = 64;
-               ifr6.ifr6_ifindex = ifr.ifr_ifindex;
-               if (ioctl(ifr6fd, SIOCSIFADDR, (void *) &ifr6) < 0)
-               {
-                       LOG(0, 0, 0, "Error setting tun IPv6 global address: %s\n",
-                               strerror(errno));
+               req.ifmsg.ifinfo.ifi_family = AF_UNSPEC;
+               req.ifmsg.ifinfo.ifi_index = tunidx;
+               req.ifmsg.ifinfo.ifi_flags |= IFF_UP; // set interface up
+               req.ifmsg.ifinfo.ifi_change = IFF_UP; // only change this flag
+
+               /* Bump up the qlen to deal with bursts from the network */
+               txqlen = 1000;
+               netlink_addattr(&req.nh, IFLA_TXQLEN, &txqlen, sizeof(txqlen));
+               /* set MTU to modem MRU */
+               mtu = MRU;
+               netlink_addattr(&req.nh, IFLA_MTU, &mtu, sizeof(mtu));
+
+               if (netlink_send(&req.nh) < 0)
+                       goto senderror;
+
+               memset(&req, 0, sizeof(req));
+
+               req.nh.nlmsg_type = RTM_NEWADDR;
+               req.nh.nlmsg_flags = NLM_F_REQUEST | NLM_F_CREATE | NLM_F_REPLACE | NLM_F_MULTI;
+               req.nh.nlmsg_len = NLMSG_LENGTH(sizeof(req.ifmsg.ifaddr));
+
+               req.ifmsg.ifaddr.ifa_family = AF_INET;
+               req.ifmsg.ifaddr.ifa_prefixlen = 32;
+               req.ifmsg.ifaddr.ifa_scope = RT_SCOPE_UNIVERSE;
+               req.ifmsg.ifaddr.ifa_index = tunidx;
+
+               if (config->bind_address)
+                       ip = config->bind_address;
+               else
+                       ip = 0x01010101; // 1.1.1.1
+               netlink_addattr(&req.nh, IFA_LOCAL, &ip, sizeof(ip));
+
+               if (netlink_send(&req.nh) < 0)
+                       goto senderror;
+
+               // Only setup IPv6 on the tun device if we have a configured prefix
+               if (config->ipv6_prefix.s6_addr[0]) {
+                       struct in6_addr ip6;
+
+                       memset(&req, 0, sizeof(req));
+
+                       req.nh.nlmsg_type = RTM_NEWADDR;
+                       req.nh.nlmsg_flags = NLM_F_REQUEST | NLM_F_CREATE | NLM_F_REPLACE | NLM_F_MULTI;
+                       req.nh.nlmsg_len = NLMSG_LENGTH(sizeof(req.ifmsg.ifaddr));
+
+                       req.ifmsg.ifaddr.ifa_family = AF_INET6;
+                       req.ifmsg.ifaddr.ifa_prefixlen = 64;
+                       req.ifmsg.ifaddr.ifa_scope = RT_SCOPE_LINK;
+                       req.ifmsg.ifaddr.ifa_index = tunidx;
+
+                       // Link local address is FE80::1
+                       memset(&ip6, 0, sizeof(ip6));
+                       ip6.s6_addr[0] = 0xFE;
+                       ip6.s6_addr[1] = 0x80;
+                       ip6.s6_addr[15] = 1;
+                       netlink_addattr(&req.nh, IFA_LOCAL, &ip6, sizeof(ip6));
+
+                       if (netlink_send(&req.nh) < 0)
+                               goto senderror;
+
+                       memset(&req, 0, sizeof(req));
+
+                       req.nh.nlmsg_type = RTM_NEWADDR;
+                       req.nh.nlmsg_flags = NLM_F_REQUEST | NLM_F_CREATE | NLM_F_REPLACE | NLM_F_MULTI;
+                       req.nh.nlmsg_len = NLMSG_LENGTH(sizeof(req.ifmsg.ifaddr));
+
+                       req.ifmsg.ifaddr.ifa_family = AF_INET6;
+                       req.ifmsg.ifaddr.ifa_prefixlen = 64;
+                       req.ifmsg.ifaddr.ifa_scope = RT_SCOPE_UNIVERSE;
+                       req.ifmsg.ifaddr.ifa_index = tunidx;
+
+                       // Global address is prefix::1
+                       ip6 = config->ipv6_prefix;
+                       ip6.s6_addr[15] = 1;
+                       netlink_addattr(&req.nh, IFA_LOCAL, &ip6, sizeof(ip6));
+
+                       if (netlink_send(&req.nh) < 0)
+                               goto senderror;
                }
+
+               memset(&req, 0, sizeof(req));
+
+               req.nh.nlmsg_type = NLMSG_DONE;
+               req.nh.nlmsg_len = NLMSG_LENGTH(0);
+
+               if (netlink_send(&req.nh) < 0)
+                       goto senderror;
+
+               // if we get an error for seqnum < min_initok_nlseqnum,
+               // we must exit as initialization went wrong
+               if (config->ipv6_prefix.s6_addr[0])
+                       min_initok_nlseqnum = 5 + 1; // idx + if + addr + 2*addr6
+               else
+                       min_initok_nlseqnum = 3 + 1; // idx + if + addr
        }
+
+       return;
+
+senderror:
+       LOG(0, 0, 0, "Error while setting up tun device: %s\n", strerror(errno));
+       exit(1);
 }
 
 // set up UDP ports
@@ -1270,75 +1460,76 @@ static void processipout(uint8_t *buf, int len)
                return;
        }
 
-       // Add on L2TP header
-        {
-                bundleidt bid = 0;
-                if(session[s].bundle != 0 && bundle[session[s].bundle].num_of_links > 1)
-                {
-                        bid = session[s].bundle;
-                        s = bundle[bid].members[bundle[bid].current_ses = (bundle[bid].current_ses + 1) % bundle[bid].num_of_links];
-                       t = session[s].tunnel;
-                       sp = &session[s];
-                        LOG(4, s, t, "MPPP: (1)Session number becomes: %d\n", s);
-                        if(len > MINFRAGLEN)
-                        {
-                                // Partition the packet to "bundle[b].num_of_links" fragments
-                               bundlet *b = &bundle[bid];
-                               uint32_t num_of_links = b->num_of_links;
-                                uint32_t fraglen = len / num_of_links;
-                               fraglen = (fraglen > session[s].mru ? session[s].mru : fraglen);
-                               uint32_t last_fraglen = fraglen + len % num_of_links;
-                               last_fraglen = (last_fraglen > session[s].mru ? len % num_of_links : last_fraglen);
-                               uint32_t remain = len;
-
-                               // send the first packet
-                                uint8_t *p = makeppp(fragbuf, sizeof(fragbuf), buf, fraglen, s, t, PPPIP, 0, bid, MP_BEGIN);
-                                if (!p) return;
-                                tunnelsend(fragbuf, fraglen + (p-fragbuf), t); // send it...
-                               // statistics
-                               update_session_out_stat(s, sp, fraglen);
-                               remain -= fraglen;
-                               while (remain > last_fraglen)
-                               {
-                                       s = b->members[b->current_ses = (b->current_ses + 1) % num_of_links];
-                                       t = session[s].tunnel;
-                                       sp = &session[s];
-                                       LOG(4, s, t, "MPPP: (2)Session number becomes: %d\n", s);
-                                       p = makeppp(fragbuf, sizeof(fragbuf), buf+(len - remain), fraglen, s, t, PPPIP, 0, bid, 0);
-                                       if (!p) return;
-                                       tunnelsend(fragbuf, fraglen + (p-fragbuf), t); // send it...
-                                       update_session_out_stat(s, sp, fraglen);
-                                       remain -= fraglen;
-                               }
-                               // send the last fragment
-                               s = b->members[b->current_ses = (b->current_ses + 1) % num_of_links];
+       if(session[s].bundle != 0 && bundle[session[s].bundle].num_of_links > 1)
+       {
+               // Add on L2TP header
+               bundleidt bid = session[s].bundle;
+               bundlet *b = &bundle[bid];
+
+               b->current_ses = (b->current_ses + 1) % b->num_of_links;
+               s = b->members[b->current_ses];
+               t = session[s].tunnel;
+               sp = &session[s];
+               LOG(4, s, t, "MPPP: (1)Session number becomes: %d\n", s);
+               if(len > MINFRAGLEN)
+               {
+                       // Partition the packet to "bundle[b].num_of_links" fragments
+                       uint32_t num_of_links = b->num_of_links;
+                       uint32_t fraglen = len / num_of_links;
+                       fraglen = (fraglen > session[s].mru ? session[s].mru : fraglen);
+                       uint32_t last_fraglen = fraglen + len % num_of_links;
+                       last_fraglen = (last_fraglen > session[s].mru ? len % num_of_links : last_fraglen);
+                       uint32_t remain = len;
+
+                       // send the first packet
+                       uint8_t *p = makeppp(fragbuf, sizeof(fragbuf), buf, fraglen, s, t, PPPIP, 0, bid, MP_BEGIN);
+                       if (!p) return;
+                       tunnelsend(fragbuf, fraglen + (p-fragbuf), t); // send it...
+                       // statistics
+                       update_session_out_stat(s, sp, fraglen);
+                       remain -= fraglen;
+                       while (remain > last_fraglen)
+                       { 
+                               b->current_ses = (b->current_ses + 1) % num_of_links;
+                               s = b->members[b->current_ses];
                                t = session[s].tunnel;
                                sp = &session[s];
-                                       LOG(4, s, t, "MPPP: (2)Session number becomes: %d\n", s);
-                                       p = makeppp(fragbuf, sizeof(fragbuf), buf+(len - remain), remain, s, t, PPPIP, 0, bid, MP_END);
-                                       if (!p) return;
-                                       tunnelsend(fragbuf, remain + (p-fragbuf), t); // send it...
-                               update_session_out_stat(s, sp, remain);
-                               if (remain != last_fraglen)
-                                       LOG(3, s, t, "PROCESSIPOUT ERROR REMAIN != LAST_FRAGLEN, %d != %d\n", remain, last_fraglen);
-                        }
-                        else {
-                                // Send it as one frame
-                                uint8_t *p = makeppp(fragbuf, sizeof(fragbuf), buf, len, s, t, PPPIP, 0, bid, MP_BOTH_BITS);
-                                if (!p) return;
-                                tunnelsend(fragbuf, len + (p-fragbuf), t); // send it...
-                               LOG(4, s, t, "MPPP: packet sent as one frame\n");
-                               update_session_out_stat(s, sp, len);
-                        }
-                }
-                else
-                {
-                        uint8_t *p = makeppp(fragbuf, sizeof(fragbuf), buf, len, s, t, PPPIP, 0, 0, 0);
-                        if (!p) return;
-                        tunnelsend(fragbuf, len + (p-fragbuf), t); // send it...
+                               LOG(4, s, t, "MPPP: (2)Session number becomes: %d\n", s);
+                               p = makeppp(fragbuf, sizeof(fragbuf), buf+(len - remain), fraglen, s, t, PPPIP, 0, bid, 0);
+                               if (!p) return;
+                               tunnelsend(fragbuf, fraglen + (p-fragbuf), t); // send it...
+                               update_session_out_stat(s, sp, fraglen);
+                               remain -= fraglen;
+                       }
+                       // send the last fragment
+                       b->current_ses = (b->current_ses + 1) % num_of_links;
+                       s = b->members[b->current_ses];
+                       t = session[s].tunnel;
+                       sp = &session[s];
+                       LOG(4, s, t, "MPPP: (2)Session number becomes: %d\n", s);
+                       p = makeppp(fragbuf, sizeof(fragbuf), buf+(len - remain), remain, s, t, PPPIP, 0, bid, MP_END);
+                       if (!p) return;
+                       tunnelsend(fragbuf, remain + (p-fragbuf), t); // send it...
+                       update_session_out_stat(s, sp, remain);
+                       if (remain != last_fraglen)
+                               LOG(3, s, t, "PROCESSIPOUT ERROR REMAIN != LAST_FRAGLEN, %d != %d\n", remain, last_fraglen);
+               }
+               else {
+                       // Send it as one frame
+                       uint8_t *p = makeppp(fragbuf, sizeof(fragbuf), buf, len, s, t, PPPIP, 0, bid, MP_BOTH_BITS);
+                       if (!p) return;
+                       tunnelsend(fragbuf, len + (p-fragbuf), t); // send it...
+                       LOG(4, s, t, "MPPP: packet sent as one frame\n");
                        update_session_out_stat(s, sp, len);
-                }
-        }
+               }
+       }
+       else
+       {
+               uint8_t *p = makeppp(fragbuf, sizeof(fragbuf), buf, len, s, t, PPPIP, 0, 0, 0);
+               if (!p) return;
+               tunnelsend(fragbuf, len + (p-fragbuf), t); // send it...
+               update_session_out_stat(s, sp, len);
+       }
 
        // Snooping this session, send it to intercept box
        if (sp->snoop_ip && sp->snoop_port)
@@ -1418,7 +1609,10 @@ static void processipv6out(uint8_t * buf, int len)
        if (session[s].bundle && bundle[session[s].bundle].num_of_links > 1)
        {
                bundleidt bid = session[s].bundle;
-               s = bundle[bid].members[bundle[bid].current_ses = (bundle[bid].current_ses + 1) % bundle[bid].num_of_links];
+               bundlet *b = &bundle[bid];
+
+               b->current_ses = (b->current_ses + 1) % b->num_of_links;
+               s = b->members[b->current_ses];
                LOG(3, s, session[s].tunnel, "MPPP: Session number becomes: %u\n", s);
        }
        t = session[s].tunnel;
@@ -1518,10 +1712,10 @@ static void send_ipout(sessionidt s, uint8_t *buf, int len)
 static void control16(controlt * c, uint16_t avp, uint16_t val, uint8_t m)
 {
        uint16_t l = (m ? 0x8008 : 0x0008);
-       *(uint16_t *) (c->buf + c->length + 0) = htons(l);
-       *(uint16_t *) (c->buf + c->length + 2) = htons(0);
-       *(uint16_t *) (c->buf + c->length + 4) = htons(avp);
-       *(uint16_t *) (c->buf + c->length + 6) = htons(val);
+       c->buf16[c->length/2 + 0] = htons(l);
+       c->buf16[c->length/2 + 1] = htons(0);
+       c->buf16[c->length/2 + 2] = htons(avp);
+       c->buf16[c->length/2 + 3] = htons(val);
        c->length += 8;
 }
 
@@ -1529,10 +1723,10 @@ static void control16(controlt * c, uint16_t avp, uint16_t val, uint8_t m)
 static void control32(controlt * c, uint16_t avp, uint32_t val, uint8_t m)
 {
        uint16_t l = (m ? 0x800A : 0x000A);
-       *(uint16_t *) (c->buf + c->length + 0) = htons(l);
-       *(uint16_t *) (c->buf + c->length + 2) = htons(0);
-       *(uint16_t *) (c->buf + c->length + 4) = htons(avp);
-       *(uint32_t *) (c->buf + c->length + 6) = htonl(val);
+       c->buf16[c->length/2 + 0] = htons(l);
+       c->buf16[c->length/2 + 1] = htons(0);
+       c->buf16[c->length/2 + 2] = htons(avp);
+       *(uint32_t *) &c->buf[c->length + 6] = htonl(val);
        c->length += 10;
 }
 
@@ -1540,10 +1734,10 @@ static void control32(controlt * c, uint16_t avp, uint32_t val, uint8_t m)
 static void controls(controlt * c, uint16_t avp, char *val, uint8_t m)
 {
        uint16_t l = ((m ? 0x8000 : 0) + strlen(val) + 6);
-       *(uint16_t *) (c->buf + c->length + 0) = htons(l);
-       *(uint16_t *) (c->buf + c->length + 2) = htons(0);
-       *(uint16_t *) (c->buf + c->length + 4) = htons(avp);
-       memcpy(c->buf + c->length + 6, val, strlen(val));
+       c->buf16[c->length/2 + 0] = htons(l);
+       c->buf16[c->length/2 + 1] = htons(0);
+       c->buf16[c->length/2 + 2] = htons(avp);
+       memcpy(&c->buf[c->length + 6], val, strlen(val));
        c->length += 6 + strlen(val);
 }
 
@@ -1551,10 +1745,10 @@ static void controls(controlt * c, uint16_t avp, char *val, uint8_t m)
 static void controlb(controlt * c, uint16_t avp, uint8_t *val, unsigned int len, uint8_t m)
 {
        uint16_t l = ((m ? 0x8000 : 0) + len + 6);
-       *(uint16_t *) (c->buf + c->length + 0) = htons(l);
-       *(uint16_t *) (c->buf + c->length + 2) = htons(0);
-       *(uint16_t *) (c->buf + c->length + 4) = htons(avp);
-       memcpy(c->buf + c->length + 6, val, len);
+       c->buf16[c->length/2 + 0] = htons(l);
+       c->buf16[c->length/2 + 1] = htons(0);
+       c->buf16[c->length/2 + 2] = htons(avp);
+       memcpy(&c->buf[c->length + 6], val, len);
        c->length += 6 + len;
 }
 
@@ -1571,7 +1765,7 @@ static controlt *controlnew(uint16_t mtype)
        }
        assert(c);
        c->next = 0;
-       *(uint16_t *) (c->buf + 0) = htons(0xC802); // flags/ver
+       c->buf16[0] = htons(0xC802); // flags/ver
        c->length = 12;
        control16(c, 0, mtype, 1);
        return c;
@@ -1581,26 +1775,26 @@ static controlt *controlnew(uint16_t mtype)
 // (ZLB send).
 static void controlnull(tunnelidt t)
 {
-       uint8_t buf[12];
+       uint16_t buf[6];
        if (tunnel[t].controlc) // Messages queued; They will carry the ack.
                return;
 
-       *(uint16_t *) (buf + 0) = htons(0xC802); // flags/ver
-       *(uint16_t *) (buf + 2) = htons(12); // length
-       *(uint16_t *) (buf + 4) = htons(tunnel[t].far); // tunnel
-       *(uint16_t *) (buf + 6) = htons(0); // session
-       *(uint16_t *) (buf + 8) = htons(tunnel[t].ns); // sequence
-       *(uint16_t *) (buf + 10) = htons(tunnel[t].nr); // sequence
-       tunnelsend(buf, 12, t);
+       buf[0] = htons(0xC802); // flags/ver
+       buf[1] = htons(12); // length
+       buf[2] = htons(tunnel[t].far); // tunnel
+       buf[3] = htons(0); // session
+       buf[4] = htons(tunnel[t].ns); // sequence
+       buf[5] = htons(tunnel[t].nr); // sequence
+       tunnelsend((uint8_t *)buf, 12, t);
 }
 
 // add a control message to a tunnel, and send if within window
 static void controladd(controlt *c, sessionidt far, tunnelidt t)
 {
-       *(uint16_t *) (c->buf + 2) = htons(c->length); // length
-       *(uint16_t *) (c->buf + 4) = htons(tunnel[t].far); // tunnel
-       *(uint16_t *) (c->buf + 6) = htons(far); // session
-       *(uint16_t *) (c->buf + 8) = htons(tunnel[t].ns); // sequence
+       c->buf16[1] = htons(c->length); // length
+       c->buf16[2] = htons(tunnel[t].far); // tunnel
+       c->buf16[3] = htons(far); // session
+       c->buf16[4] = htons(tunnel[t].ns); // sequence
        tunnel[t].ns++;              // advance sequence
        // link in message in to queue
        if (tunnel[t].controlc)
@@ -1756,11 +1950,11 @@ void sessionshutdown(sessionidt s, char const *reason, int cdn_result, int cdn_e
                int routed = 0;
                for (r = 0; r < MAXROUTE && session[s].route[r].ip; r++)
                {
-                       if ((session[s].ip & session[s].route[r].mask) ==
-                           (session[s].route[r].ip & session[s].route[r].mask))
+                       if ((session[s].ip >> (32-session[s].route[r].prefixlen)) ==
+                           (session[s].route[r].ip >> (32-session[s].route[r].prefixlen)))
                                routed++;
 
-                       if (del_routes) routeset(s, session[s].route[r].ip, session[s].route[r].mask, 0, 0);
+                       if (del_routes) routeset(s, session[s].route[r].ip, session[s].route[r].prefixlen, 0, 0);
                        session[s].route[r].ip = 0;
                }
 
@@ -1780,11 +1974,11 @@ void sessionshutdown(sessionidt s, char const *reason, int cdn_result, int cdn_e
                {
                        // This session was part of a bundle
                        bundle[b].num_of_links--;
-                       LOG(3, s, 0, "MPPP: Dropping member link: %d from bundle %d\n",s,b);
+                       LOG(3, s, session[s].tunnel, "MPPP: Dropping member link: %d from bundle %d\n",s,b);
                        if(bundle[b].num_of_links == 0) 
                        {
                                bundleclear(b);
-                               LOG(3, s, 0, "MPPP: Kill bundle: %d (No remaing member links)\n",b);
+                               LOG(3, s, session[s].tunnel, "MPPP: Kill bundle: %d (No remaing member links)\n",b);
                        }
                        else 
                        {
@@ -1801,7 +1995,7 @@ void sessionshutdown(sessionidt s, char const *reason, int cdn_result, int cdn_e
                                                        break;
                                                }
                                        bundle[b].members[mem_num] = bundle[b].members[bundle[b].num_of_links];
-                                       LOG(3, s, 0, "MPPP: Adjusted member links array\n");
+                                       LOG(3, s, session[s].tunnel, "MPPP: Adjusted member links array\n");
                                }
                        }
                        cluster_send_bundle(b);
@@ -1816,10 +2010,10 @@ void sessionshutdown(sessionidt s, char const *reason, int cdn_result, int cdn_e
                controlt *c = controlnew(14); // sending CDN
                if (cdn_error)
                {
-                       uint8_t buf[4];
-                       *(uint16_t *) buf     = htons(cdn_result);
-                       *(uint16_t *) (buf+2) = htons(cdn_error);
-                       controlb(c, 1, buf, 4, 1);
+                       uint16_t buf[2];
+                       buf[0] = htons(cdn_result);
+                       buf[1] = htons(cdn_error);
+                       controlb(c, 1, (uint8_t *)buf, 4, 1);
                }
                else
                        control16(c, 1, cdn_result, 1);
@@ -2008,21 +2202,21 @@ static void tunnelshutdown(tunnelidt t, char *reason, int result, int error, cha
                controlt *c = controlnew(4);    // sending StopCCN
                if (error)
                {
-                       uint8_t buf[64];
+                       uint16_t buf[32];
                        int l = 4;
-                       *(uint16_t *) buf     = htons(result);
-                       *(uint16_t *) (buf+2) = htons(error);
+                       buf[0] = htons(result);
+                       buf[1] = htons(error);
                        if (msg)
                        {
                                int m = strlen(msg);
                                if (m + 4 > sizeof(buf))
                                    m = sizeof(buf) - 4;
 
-                               memcpy(buf+4, msg, m);
+                               memcpy(buf+2, msg, m);
                                l += m;
                        }
 
-                       controlb(c, 1, buf, l, 1);
+                       controlb(c, 1, (uint8_t *)buf, l, 1);
                }
                else
                        control16(c, 1, result, 1);
@@ -2764,7 +2958,7 @@ void processudp(uint8_t *buf, int len, struct sockaddr_in *addr)
 
                                        // Set multilink options before sending initial LCP packet
                                        sess_local[s].mp_mrru = 1614;
-                                       sess_local[s].mp_epdis = config->bind_address ? config->bind_address : my_address;
+                                       sess_local[s].mp_epdis = ntohl(config->bind_address ? config->bind_address : my_address);
 
                                        sendlcp(s, t);
                                        change_state(s, lcp, RequestSent);
@@ -3392,35 +3586,36 @@ static int still_busy(void)
        static clockt last_talked = 0;
        static clockt start_busy_wait = 0;
 
-       if (!config->cluster_iam_master)
-       {
 #ifdef BGP
-               static time_t stopped_bgp = 0;
-               if (bgp_configured)
+       static time_t stopped_bgp = 0;
+       if (bgp_configured)
+       {
+               if (!stopped_bgp)
                {
-                       if (!stopped_bgp)
-                       {
-                               LOG(1, 0, 0, "Shutting down in %d seconds, stopping BGP...\n", QUIT_DELAY);
+                       LOG(1, 0, 0, "Shutting down in %d seconds, stopping BGP...\n", QUIT_DELAY);
 
-                               for (i = 0; i < BGP_NUM_PEERS; i++)
-                                       if (bgp_peers[i].state == Established)
-                                               bgp_stop(&bgp_peers[i]);
+                       for (i = 0; i < BGP_NUM_PEERS; i++)
+                               if (bgp_peers[i].state == Established)
+                                       bgp_stop(&bgp_peers[i]);
 
-                               stopped_bgp = time_now;
+                       stopped_bgp = time_now;
 
+                       if (!config->cluster_iam_master)
+                       {
                                // we don't want to become master
                                cluster_send_ping(0);
 
                                return 1;
                        }
-
-                       if (time_now < (stopped_bgp + QUIT_DELAY))
-                               return 1;
                }
+
+               if (!config->cluster_iam_master && time_now < (stopped_bgp + QUIT_DELAY))
+                       return 1;
+       }
 #endif /* BGP */
 
+       if (!config->cluster_iam_master)
                return 0;
-       }
 
        if (main_quit == QUIT_SHUTDOWN)
        {
@@ -3486,8 +3681,8 @@ static int still_busy(void)
 # include "fake_epoll.h"
 #endif
 
-// the base set of fds polled: cli, cluster, tun, udp, control, dae
-#define BASE_FDS       6
+// the base set of fds polled: cli, cluster, tun, udp, control, dae, netlink
+#define BASE_FDS       7
 
 // additional polled fds
 #ifdef BGP
@@ -3511,8 +3706,8 @@ static void mainloop(void)
                exit(1);
        }
 
-       LOG(4, 0, 0, "Beginning of main loop.  clifd=%d, cluster_sockfd=%d, tunfd=%d, udpfd=%d, controlfd=%d, daefd=%d\n",
-               clifd, cluster_sockfd, tunfd, udpfd, controlfd, daefd);
+       LOG(4, 0, 0, "Beginning of main loop.  clifd=%d, cluster_sockfd=%d, tunfd=%d, udpfd=%d, controlfd=%d, daefd=%d, nlfd=%d\n",
+               clifd, cluster_sockfd, tunfd, udpfd, controlfd, daefd, nlfd);
 
        /* setup our fds to poll for input */
        {
@@ -3548,6 +3743,10 @@ static void mainloop(void)
                d[i].type = FD_TYPE_DAE;
                e.data.ptr = &d[i++];
                epoll_ctl(epollfd, EPOLL_CTL_ADD, daefd, &e);
+
+               d[i].type = FD_TYPE_NETLINK;
+               e.data.ptr = &d[i++];
+               epoll_ctl(epollfd, EPOLL_CTL_ADD, nlfd, &e);
        }
 
 #ifdef BGP
@@ -3561,7 +3760,8 @@ static void mainloop(void)
                if (config->neighbour[i].name[0])
                        bgp_start(&bgp_peers[i], config->neighbour[i].name,
                                config->neighbour[i].as, config->neighbour[i].keepalive,
-                               config->neighbour[i].hold, 0); /* 0 = routing disabled */
+                               config->neighbour[i].hold, config->neighbour[i].update_source,
+                               0); /* 0 = routing disabled */
        }
 #endif /* BGP */
 
@@ -3684,6 +3884,32 @@ static void mainloop(void)
                                        break;
 #endif /* BGP */
 
+                               case FD_TYPE_NETLINK:
+                               {
+                                       struct nlmsghdr *nh = (struct nlmsghdr *)buf;
+                                       s = netlink_recv(buf, sizeof(buf));
+                                       if (nh->nlmsg_type == NLMSG_ERROR)
+                                       {
+                                               struct nlmsgerr *errmsg = NLMSG_DATA(nh);
+                                               if (errmsg->error)
+                                               {
+                                                       if (errmsg->msg.nlmsg_seq < min_initok_nlseqnum)
+                                                       {
+                                                               LOG(0, 0, 0, "Got a fatal netlink error (while %s): %s\n", tun_nl_phase_msg[nh->nlmsg_seq], strerror(-errmsg->error));
+                                                               exit(1);
+                                                       }
+                                                       else
+
+                                                               LOG(0, 0, 0, "Got a netlink error: %s\n", strerror(-errmsg->error));
+                                               }
+                                               // else it's a ack
+                                       }
+                                       else
+                                               LOG(1, 0, 0, "Got a unknown netlink message: type %d seq %d flags %d\n", nh->nlmsg_type, nh->nlmsg_seq, nh->nlmsg_flags);
+                                       n--;
+                                       break;
+                               }
+
                                default:
                                        LOG(0, 0, 0, "Unexpected fd type returned from epoll_wait: %d\n", d->type);
                                }
@@ -3755,6 +3981,11 @@ static void mainloop(void)
                                more++;
                        }
                }
+#ifdef BGP
+               else
+                       /* no event received, but timers could still have expired */
+                       bgp_process_peers_timers();
+#endif /* BGP */
 
                if (time_changed)
                {
@@ -4242,18 +4473,18 @@ static void fix_address_pool(int sid)
 //
 // Add a block of addresses to the IP pool to hand out.
 //
-static void add_to_ip_pool(in_addr_t addr, in_addr_t mask)
+static void add_to_ip_pool(in_addr_t addr, int prefixlen)
 {
        int i;
-       if (mask == 0)
-               mask = 0xffffffff;      // Host route only.
+       if (prefixlen == 0)
+               prefixlen = 32;         // Host route only.
 
-       addr &= mask;
+       addr &= 0xffffffff << (32 - prefixlen);
 
        if (ip_pool_size >= MAXIPPOOL)  // Pool is full!
                return ;
 
-       for (i = addr ;(i & mask) == addr; ++i)
+       for (i = addr ; i < addr+(1<<(32-prefixlen)); ++i)
        {
                if ((i & 0xff) == 0 || (i&0xff) == 255)
                        continue;       // Skip 0 and broadcast addresses.
@@ -4311,7 +4542,7 @@ static void initippool()
                {
                        // It's a range
                        int numbits = 0;
-                       in_addr_t start = 0, mask = 0;
+                       in_addr_t start = 0;
 
                        LOG(2, 0, 0, "Adding IP address range %s\n", buf);
                        *p++ = 0;
@@ -4321,15 +4552,14 @@ static void initippool()
                                continue;
                        }
                        start = ntohl(inet_addr(pool));
-                       mask = (in_addr_t) (pow(2, numbits) - 1) << (32 - numbits);
 
                        // Add a static route for this pool
-                       LOG(5, 0, 0, "Adding route for address pool %s/%u\n",
-                               fmtaddr(htonl(start), 0), 32 + mask);
+                       LOG(5, 0, 0, "Adding route for address pool %s/%d\n",
+                               fmtaddr(htonl(start), 0), numbits);
 
-                       routeset(0, start, mask, 0, 1);
+                       routeset(0, start, numbits, 0, 1);
 
-                       add_to_ip_pool(start, mask);
+                       add_to_ip_pool(start, numbits);
                }
                else
                {
@@ -4480,8 +4710,12 @@ int main(int argc, char *argv[])
        initplugins();
        initdata(optdebug, optconfig);
 
-       init_cli(hostname);
+       init_cli();
        read_config_file();
+       /* set hostname /after/ having read the config file */
+       if (*config->hostname)
+               strcpy(hostname, config->hostname);
+       cli_init_complete(hostname);
        update_config();
        init_tbf(config->num_tbfs);
 
@@ -4525,6 +4759,8 @@ int main(int argc, char *argv[])
                }
        }
 
+       initnetlink();
+
        /* Set up the cluster communications port. */
        if (cluster_init() < 0)
                exit(1);
@@ -4976,11 +5212,11 @@ int sessionsetup(sessionidt s, tunnelidt t)
                // Add the route for this session.
                for (r = 0; r < MAXROUTE && session[s].route[r].ip; r++)
                {
-                       if ((session[s].ip & session[s].route[r].mask) ==
-                           (session[s].route[r].ip & session[s].route[r].mask))
+                       if ((session[s].ip >> (32-session[s].route[r].prefixlen)) ==
+                           (session[s].route[r].ip >> (32-session[s].route[r].prefixlen)))
                                routed++;
 
-                       routeset(s, session[s].route[r].ip, session[s].route[r].mask, 0, 1);
+                       routeset(s, session[s].route[r].ip, session[s].route[r].prefixlen, 0, 1);
                }
 
                // Static IPs need to be routed if not already
@@ -5051,7 +5287,7 @@ int load_session(sessionidt s, sessiont *new)
 
        for (i = 0; !newip && i < MAXROUTE && (session[s].route[i].ip || new->route[i].ip); i++)
                if (new->route[i].ip != session[s].route[i].ip ||
-                   new->route[i].mask != session[s].route[i].mask)
+                   new->route[i].prefixlen != session[s].route[i].prefixlen)
                        newip++;
 
        // needs update
@@ -5062,11 +5298,11 @@ int load_session(sessionidt s, sessiont *new)
                // remove old routes...
                for (i = 0; i < MAXROUTE && session[s].route[i].ip; i++)
                {
-                       if ((session[s].ip & session[s].route[i].mask) ==
-                           (session[s].route[i].ip & session[s].route[i].mask))
+                       if ((session[s].ip >> (32-session[s].route[i].prefixlen)) ==
+                           (session[s].route[i].ip >> (32-session[s].route[i].prefixlen)))
                                routed++;
 
-                       routeset(s, session[s].route[i].ip, session[s].route[i].mask, 0, 0);
+                       routeset(s, session[s].route[i].ip, session[s].route[i].prefixlen, 0, 0);
                }
 
                // ...ip
@@ -5085,11 +5321,11 @@ int load_session(sessionidt s, sessiont *new)
                // add new routes...
                for (i = 0; i < MAXROUTE && new->route[i].ip; i++)
                {
-                       if ((new->ip & new->route[i].mask) ==
-                           (new->route[i].ip & new->route[i].mask))
+                       if ((new->ip >> (32-new->route[i].prefixlen)) ==
+                           (new->route[i].ip >> (32-new->route[i].prefixlen)))
                                routed++;
 
-                       routeset(s, new->route[i].ip, new->route[i].mask, 0, 1);
+                       routeset(s, new->route[i].ip, new->route[i].prefixlen, 0, 1);
                }
 
                // ...ip
index 5b68df7..8e3d26e 100644 (file)
--- a/l2tpns.h
+++ b/l2tpns.h
@@ -38,6 +38,7 @@
 #define PPPoE_MRU      1492            // maximum PPPoE MRU (rfc2516: 1500 less PPPoE header (6) and PPP protocol ID (2))
 #define MAXETHER       (MAXMTU+18)     // max packet we try sending to tun
 #define MAXTEL         96              // telephone number
+#define MAXHOSTNAME    256             // hostname
 #define MAXUSER                128             // username
 #define MAXPASS                128             // password
 #define MAXCLASS       128             // radius class attribute size
@@ -234,7 +235,7 @@ struct cli_tunnel_actions {
 typedef struct                 // route
 {
        in_addr_t ip;
-       in_addr_t mask;
+       int prefixlen;
 }
 routet;
 
@@ -242,7 +243,10 @@ typedef struct controls            // control message
 {
        struct controls *next;  // next in queue
        uint16_t length;        // length
-       uint8_t buf[MAXCONTROL];
+       union {
+               uint8_t buf[MAXCONTROL];
+               uint16_t buf16[MAXCONTROL/2];
+       } __attribute__ ((__transparent_union__));
 }
 controlt;
 
@@ -617,6 +621,10 @@ struct Tstats
 #define SET_STAT(x, y)
 #endif
 
+#ifndef IFNAMSIZ
+# define IFNAMSIZ 16
+#endif
+
 typedef struct
 {
        int             debug;                          // debugging level
@@ -632,7 +640,7 @@ typedef struct
        int             reload_config;                  // flag to re-read config (set by cli)
        int             multi_read_count;               // amount of packets to read per fd in processing loop
 
-       char            tundevice[10];                  // tun device name
+       char            tundevice[IFNAMSIZ];            // tun device name
        char            log_filename[128];
 
        char            l2tp_secret[64];                // L2TP shared secret
@@ -713,6 +721,8 @@ typedef struct
 
        int             cluster_master_min_adv;         // Master advertises routes while the number of up to date
                                                        // slaves is less than this value.
+       in_addr_t       cli_bind_address;               // bind address for CLI
+       char            hostname[MAXHOSTNAME];  // hostname (overridden by -h on command line)
        // Guest change
        char            guest_user[MAXUSER];            // Guest account username
 
@@ -724,7 +734,10 @@ typedef struct
                uint16_t as;
                int keepalive;
                int hold;
+               struct in_addr update_source;
        } neighbour[BGP_NUM_PEERS];
+       in_addr_t       nexthop_address;
+       struct in6_addr nexthop6_address;
 #endif
 } configt;
 
@@ -898,7 +911,8 @@ void become_master(void);   // We're the master; kick off any required master init
 
 
 // cli.c
-void init_cli(char *hostname);
+void init_cli();
+void cli_init_complete(char *hostname);
 void cli_do_file(FILE *fh);
 void cli_do(int sockfd);
 int cli_arg_help(struct cli_def *cli, int cr_ok, char *entry, ...);
@@ -936,6 +950,7 @@ struct event_data {
                FD_TYPE_DAE,
                FD_TYPE_RADIUS,
                FD_TYPE_BGP,
+               FD_TYPE_NETLINK,
        } type;
        int index; // for RADIUS, BGP
 };
diff --git a/ppp.c b/ppp.c
index ed12040..4d01e90 100644 (file)
--- a/ppp.c
+++ b/ppp.c
@@ -819,6 +819,10 @@ void processlcp(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l)
 
                        break;
 
+               case Closing:
+                       sessionshutdown(s, "LCP: ConfigReq in state Closing. This should not happen. Killing session.", CDN_ADMIN_DISC, TERM_LOST_SERVICE);
+                       break;
+
                default:
                        LOG(2, s, t, "LCP: ignoring %s in state %s\n", ppp_code(*p), ppp_state(session[s].ppp.lcp));
                        return;
@@ -1534,7 +1538,7 @@ void processipv6cp(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l)
                uint8_t *o = p + 4;
                int length = l - 4;
                int gotip = 0;
-               uint8_t ident[8];
+               uint32_t ident[2];
 
                while (length > 2)
                {
@@ -1546,12 +1550,12 @@ void processipv6cp(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l)
                                gotip++; // seen address
                                if (o[1] != 10) return;
 
-                               *(uint32_t *) ident = htonl(session[s].ip);
-                               *(uint32_t *) (ident + 4) = 0;
+                               ident[0] = htonl(session[s].ip);
+                               ident[1] = 0;
 
                                if (memcmp(o + 2, ident, sizeof(ident)))
                                {
-                                       q = ppp_conf_nak(s, b, sizeof(b), PPPIPV6CP, &response, q, p, o, ident, sizeof(ident));
+                                       q = ppp_conf_nak(s, b, sizeof(b), PPPIPV6CP, &response, q, p, o, (uint8_t *)ident, sizeof(ident));
                                        if (!q) return;
                                }
 
index f9f7263..02b29b7 100644 (file)
--- a/radius.c
+++ b/radius.c
@@ -407,21 +407,11 @@ void radiussend(uint16_t r, uint8_t state)
                        int r;
                        for (r = 0; s && r < MAXROUTE && session[s].route[r].ip; r++)
                        {
-                               int width = 32;
-                               if (session[s].route[r].mask)
-                               {
-                                   int mask = session[s].route[r].mask;
-                                   while (!(mask & 1))
-                                   {
-                                       width--;
-                                       mask >>= 1;
-                                   }
-                               }
-
                                *p = 22;        // Framed-Route
                                p[1] = sprintf((char *) p + 2, "%s/%d %s 1",
                                        fmtaddr(htonl(session[s].route[r].ip), 0),
-                                       width, fmtaddr(htonl(session[s].ip), 1)) + 2;
+                                       session[s].route[r].prefixlen,
+                                       fmtaddr(htonl(session[s].ip), 1)) + 2;
 
                                p += p[1];
                        }
@@ -701,7 +691,7 @@ void processrad(uint8_t *buf, int len, char socket_index)
                                        else if (*p == 22)
                                        {
                                                // Framed-Route
-                                               in_addr_t ip = 0, mask = 0;
+                                               in_addr_t ip = 0;
                                                uint8_t u = 0;
                                                uint8_t bits = 0;
                                                uint8_t *n = p + 2;
@@ -723,14 +713,13 @@ void processrad(uint8_t *buf, int len, char socket_index)
                                                        n++;
                                                        while (n < e && isdigit(*n))
                                                                bits = bits * 10 + *n++ - '0';
-                                                       mask = (( -1) << (32 - bits));
                                                }
                                                else if ((ip >> 24) < 128)
-                                                       mask = 0xFF0000;
+                                                       bits = 8;
                                                else if ((ip >> 24) < 192)
-                                                       mask = 0xFFFF0000;
+                                                       bits = 16;
                                                else
-                                                       mask = 0xFFFFFF00;
+                                                       bits = 24;
 
                                                if (routes == MAXROUTE)
                                                {
@@ -738,11 +727,11 @@ void processrad(uint8_t *buf, int len, char socket_index)
                                                }
                                                else if (ip)
                                                {
-                                                       LOG(3, s, session[s].tunnel, "   Radius reply contains route for %s/%s\n",
-                                                               fmtaddr(htonl(ip), 0), fmtaddr(htonl(mask), 1));
+                                                       LOG(3, s, session[s].tunnel, "   Radius reply contains route for %s/%d\n",
+                                                               fmtaddr(htonl(ip), 0), bits);
                                                        
                                                        session[s].route[routes].ip = ip;
-                                                       session[s].route[routes].mask = mask;
+                                                       session[s].route[routes].prefixlen = bits;
                                                        routes++;
                                                }
                                        }
diff --git a/util.c b/util.c
index 0ab1d92..e132be6 100644 (file)
--- a/util.c
+++ b/util.c
@@ -79,8 +79,6 @@ pid_t fork_and_close()
     if (controlfd != -1)      close(controlfd);
     if (daefd != -1)          close(daefd);
     if (snoopfd != -1)        close(snoopfd);
-    if (ifrfd != -1)          close(ifrfd);
-    if (ifr6fd != -1)         close(ifr6fd);
     if (rand_fd != -1)        close(rand_fd);
     if (epollfd != -1)        close(epollfd);