From 2af25a971a28ccac05d2385669e8b103c0328f7d Mon Sep 17 00:00:00 2001 From: Ondrej Zajicek Date: Thu, 11 Feb 2010 11:12:58 +0100 Subject: Fixes a crash caused by missing error hook on BGP listening socket. Error happened when too many BGP connections arrived in one moment (ECONNABORTED). --- sysdep/unix/io.c | 1 - 1 file changed, 1 deletion(-) (limited to 'sysdep/unix') diff --git a/sysdep/unix/io.c b/sysdep/unix/io.c index 296b6b3a..90b5b144 100644 --- a/sysdep/unix/io.c +++ b/sysdep/unix/io.c @@ -947,7 +947,6 @@ sk_passive_connected(sock *s, struct sockaddr *sa, int al, int type) } else if (errno != EINTR && errno != EAGAIN) { - log(L_ERR "accept: %m"); s->err_hook(s, errno); } return 0; -- cgit v1.2.3 From dca75fd7c207f0bfc627cb6b74a484da3b27e05f Mon Sep 17 00:00:00 2001 From: Ondrej Zajicek Date: Sat, 13 Feb 2010 12:26:26 +0100 Subject: Removes phantom protocol from the pipe design. It seems that by adding one pipe-specific exception to route announcement code and by adding one argument to rt_notify() callback i could completely eliminate the need for the phantom protocol instance and therefore make the code more straightforward. It will also fix some minor bugs (like ignoring debug flag changes from the command line). --- nest/proto-hooks.c | 3 +- nest/proto.c | 5 ---- nest/protocol.h | 11 ++----- nest/rt-table.c | 24 ++++++++++----- proto/bgp/attrs.c | 2 +- proto/bgp/bgp.h | 2 +- proto/ospf/ospf.c | 5 ++-- proto/pipe/pipe.c | 86 ++++++++---------------------------------------------- proto/pipe/pipe.h | 14 ++++++++- proto/rip/rip.c | 3 +- sysdep/unix/krt.c | 3 +- 11 files changed, 55 insertions(+), 103 deletions(-) (limited to 'sysdep/unix') diff --git a/nest/proto-hooks.c b/nest/proto-hooks.c index c30b1070..3d19e3fe 100644 --- a/nest/proto-hooks.c +++ b/nest/proto-hooks.c @@ -178,13 +178,14 @@ void ifa_notify(struct proto *p, unsigned flags, struct ifa *a) /** * rt_notify - notify instance about routing table change * @p: protocol instance + * @table: a routing table * @net: a network entry * @new: new route for the network * @old: old route for the network * @attrs: extended attributes associated with the @new entry * * The rt_notify() hook is called to inform the protocol instance about - * changes in the routing table it's connected to, that is a route @old + * changes in the connected routing table @table, that is a route @old * belonging to network @net being replaced by a new route @new with * extended attributes @attrs. Either @new or @old or both can be %NULL * if the corresponding route doesn't exist. diff --git a/nest/proto.c b/nest/proto.c index a7e4e0c9..57c2aa13 100644 --- a/nest/proto.c +++ b/nest/proto.c @@ -133,11 +133,6 @@ proto_init_instance(struct proto *p) p->attn = ev_new(p->pool); p->attn->data = p; rt_lock_table(p->table); - -#ifdef CONFIG_PIPE - if (proto_is_pipe(p)) - rt_lock_table(pipe_get_peer_table(p)); -#endif } /** diff --git a/nest/protocol.h b/nest/protocol.h index 876427ab..82f3766f 100644 --- a/nest/protocol.h +++ b/nest/protocol.h @@ -16,6 +16,7 @@ struct iface; struct ifa; +struct rtable; struct rte; struct neighbor; struct rta; @@ -162,7 +163,7 @@ struct proto { void (*if_notify)(struct proto *, unsigned flags, struct iface *i); void (*ifa_notify)(struct proto *, unsigned flags, struct ifa *a); - void (*rt_notify)(struct proto *, struct network *net, struct rte *new, struct rte *old, struct ea_list *attrs); + void (*rt_notify)(struct proto *, struct rtable *table, struct network *net, struct rte *new, struct rte *old, struct ea_list *attrs); void (*neigh_notify)(struct neighbor *neigh); struct ea_list *(*make_tmp_attrs)(struct rte *rt, struct linpool *pool); void (*store_tmp_attrs)(struct rte *rt, struct ea_list *attrs); @@ -339,13 +340,7 @@ struct announce_hook *proto_add_announce_hook(struct proto *, struct rtable *); */ #ifdef CONFIG_PIPE - -static inline int proto_is_pipe(struct proto *p) -{ return p->proto == &proto_pipe; } - -struct rtable *pipe_get_peer_table(struct proto *p); -struct proto_stats *pipe_get_peer_stats(struct proto *p); - +#include "proto/pipe/pipe.h" #endif diff --git a/nest/rt-table.c b/nest/rt-table.c index c9e421e9..72a1cb0e 100644 --- a/nest/rt-table.c +++ b/nest/rt-table.c @@ -161,6 +161,7 @@ static inline void do_rte_announce(struct announce_hook *a, int type, net *net, rte *new, rte *old, ea_list *tmpa, int class, int refeed) { struct proto *p = a->proto; + struct filter *filter = p->out_filter; struct proto_stats *stats = &p->stats; rte *new0 = new; rte *old0 = old; @@ -168,6 +169,15 @@ do_rte_announce(struct announce_hook *a, int type, net *net, rte *new, rte *old, int fast_exit_hack = 0; +#ifdef CONFIG_PIPE + /* The secondary direction of the pipe */ + if (proto_is_pipe(p) && (p->table != a->table)) + { + filter = p->in_filter; + stats = pipe_get_peer_stats(p); + } +#endif + if (new) { stats->exp_updates_received++; @@ -186,8 +196,8 @@ do_rte_announce(struct announce_hook *a, int type, net *net, rte *new, rte *old, } else if (ok) rte_trace_out(D_FILTERS, p, new, "forced accept by protocol"); - else if (p->out_filter == FILTER_REJECT || - p->out_filter && f_run(p->out_filter, &new, &tmpa, rte_update_pool, FF_FORCE_TMPATTR) > F_ACCEPT) + else if (filter == FILTER_REJECT || + filter && f_run(filter, &new, &tmpa, rte_update_pool, FF_FORCE_TMPATTR) > F_ACCEPT) { stats->exp_updates_filtered++; drop_reason = "filtered out"; @@ -230,13 +240,13 @@ do_rte_announce(struct announce_hook *a, int type, net *net, rte *new, rte *old, if (old && !refeed) { - if (p->out_filter == FILTER_REJECT) + if (filter == FILTER_REJECT) old = NULL; else { ea_list *tmpb = p->make_tmp_attrs ? p->make_tmp_attrs(old, rte_update_pool) : NULL; ok = p->import_control ? p->import_control(p, &old, &tmpb, rte_update_pool) : 0; - if (ok < 0 || (!ok && p->out_filter && f_run(p->out_filter, &old, &tmpb, rte_update_pool, FF_FORCE_TMPATTR) > F_ACCEPT)) + if (ok < 0 || (!ok && filter && f_run(filter, &old, &tmpb, rte_update_pool, FF_FORCE_TMPATTR) > F_ACCEPT)) { if (old != old0) rte_free(old); @@ -271,18 +281,18 @@ do_rte_announce(struct announce_hook *a, int type, net *net, rte *new, rte *old, rte_trace_out(D_ROUTES, p, old, "removed"); } if (!new) - p->rt_notify(p, net, NULL, old, NULL); + p->rt_notify(p, a->table, net, NULL, old, NULL); else if (tmpa) { ea_list *t = tmpa; while (t->next) t = t->next; t->next = new->attrs->eattrs; - p->rt_notify(p, net, new, old, tmpa); + p->rt_notify(p, a->table, net, new, old, tmpa); t->next = NULL; } else - p->rt_notify(p, net, new, old, new->attrs->eattrs); + p->rt_notify(p, a->table, net, new, old, new->attrs->eattrs); if (new && new != new0) /* Discard temporary rte's */ rte_free(new); if (old && old != old0) diff --git a/proto/bgp/attrs.c b/proto/bgp/attrs.c index 4cfabf18..96679870 100644 --- a/proto/bgp/attrs.c +++ b/proto/bgp/attrs.c @@ -772,7 +772,7 @@ bgp_free_bucket(struct bgp_proto *p, struct bgp_bucket *buck) } void -bgp_rt_notify(struct proto *P, net *n, rte *new, rte *old UNUSED, ea_list *attrs) +bgp_rt_notify(struct proto *P, rtable *tbl UNUSED, net *n, rte *new, rte *old UNUSED, ea_list *attrs) { struct bgp_proto *p = (struct bgp_proto *) P; struct bgp_bucket *buck; diff --git a/proto/bgp/bgp.h b/proto/bgp/bgp.h index 7f574ed4..1a291952 100644 --- a/proto/bgp/bgp.h +++ b/proto/bgp/bgp.h @@ -179,7 +179,7 @@ byte *bgp_attach_attr_wa(struct ea_list **to, struct linpool *pool, unsigned att struct rta *bgp_decode_attrs(struct bgp_conn *conn, byte *a, unsigned int len, struct linpool *pool, int mandatory); int bgp_get_attr(struct eattr *e, byte *buf, int buflen); int bgp_rte_better(struct rte *, struct rte *); -void bgp_rt_notify(struct proto *, struct network *, struct rte *, struct rte *, struct ea_list *); +void bgp_rt_notify(struct proto *P, rtable *tbl UNUSED, net *n, rte *new, rte *old UNUSED, ea_list *attrs); int bgp_import_control(struct proto *, struct rte **, struct ea_list **, struct linpool *); void bgp_attr_init(struct bgp_proto *); unsigned int bgp_encode_attrs(struct bgp_proto *p, byte *w, ea_list *attrs, int remains); diff --git a/proto/ospf/ospf.c b/proto/ospf/ospf.c index d2ceab25..26a05d95 100644 --- a/proto/ospf/ospf.c +++ b/proto/ospf/ospf.c @@ -78,7 +78,7 @@ static int ospf_reload_routes(struct proto *p); -static void ospf_rt_notify(struct proto *p, net * n, rte * new, rte * old UNUSED, ea_list * attrs); +static void ospf_rt_notify(struct proto *p, struct rtable *table UNUSED, net * n, rte * new, rte * old UNUSED, ea_list * attrs); static void ospf_ifa_notify(struct proto *p, unsigned flags, struct ifa *a); static int ospf_rte_better(struct rte *new, struct rte *old); static int ospf_rte_same(struct rte *new, struct rte *old); @@ -484,8 +484,7 @@ ospf_shutdown(struct proto *p) } static void -ospf_rt_notify(struct proto *p, net * n, rte * new, rte * old UNUSED, - ea_list * attrs) +ospf_rt_notify(struct proto *p, rtable *tbl UNUSED, net * n, rte * new, rte * old UNUSED, ea_list * attrs) { struct proto_ospf *po = (struct proto_ospf *) p; diff --git a/proto/pipe/pipe.c b/proto/pipe/pipe.c index 879135d1..943d3a0e 100644 --- a/proto/pipe/pipe.c +++ b/proto/pipe/pipe.c @@ -31,9 +31,12 @@ #include "pipe.h" static void -pipe_send(struct pipe_proto *p, rtable *src_table, rtable *dest, net *n, rte *new, rte *old, ea_list *attrs) +pipe_rt_notify(struct proto *P, rtable *src_table, net *n, rte *new, rte *old, ea_list *attrs) { + struct pipe_proto *p = (struct pipe_proto *) P; + rtable *dest = (src_table == P->table) ? p->peer : P->table; /* The other side of the pipe */ struct proto *src; + net *nn; rte *e; rta a; @@ -85,30 +88,12 @@ pipe_send(struct pipe_proto *p, rtable *src_table, rtable *dest, net *n, rte *ne src_table->pipe_busy = 0; } -static void -pipe_rt_notify_pri(struct proto *P, net *net, rte *new, rte *old, ea_list *attrs) -{ - struct pipe_proto *p = (struct pipe_proto *) P; - - DBG("PIPE %c> %I/%d\n", (new ? '+' : '-'), net->n.prefix, net->n.pxlen); - pipe_send(p, p->p.table, p->peer, net, new, old, attrs); -} - -static void -pipe_rt_notify_sec(struct proto *P, net *net, rte *new, rte *old, ea_list *attrs) -{ - struct pipe_proto *p = ((struct pipe_proto *) P)->phantom; - - DBG("PIPE %c< %I/%d\n", (new ? '+' : '-'), net->n.prefix, net->n.pxlen); - pipe_send(p, p->peer, p->p.table, net, new, old, attrs); -} - static int pipe_import_control(struct proto *P, rte **ee, ea_list **ea UNUSED, struct linpool *p UNUSED) { struct proto *pp = (*ee)->sender; - if (pp == P || pp == &((struct pipe_proto *) P)->phantom->p) + if (pp == P) return -1; /* Avoid local loops automatically */ return 0; } @@ -130,49 +115,16 @@ static int pipe_start(struct proto *P) { struct pipe_proto *p = (struct pipe_proto *) P; - struct pipe_proto *ph; struct announce_hook *a; - /* - * Create a phantom protocol which will represent the remote - * end of the pipe (we need to do this in order to get different - * filters and announce functions and it unfortunately involves - * a couple of magic trickery). - * - * The phantom protocol is used ONLY in announce hooks and - * therefore in do_rte_announce() function. - */ - ph = mb_alloc(P->pool, sizeof(struct pipe_proto)); - memcpy(ph, p, sizeof(struct pipe_proto)); - p->phantom = ph; - ph->phantom = p; - ph->p.accept_ra_types = (p->mode == PIPE_OPAQUE) ? RA_OPTIMAL : RA_ANY; - ph->p.rt_notify = pipe_rt_notify_sec; - ph->p.proto_state = PS_UP; - ph->p.core_state = ph->p.core_goal = FS_HAPPY; + /* Clean up the secondary stats */ + bzero(&p->peer_stats, sizeof(struct proto_stats)); - /* - * Routes should be filtered in the do_rte_announce() (export - * filter for protocols). Reverse direction is handled by putting - * specified import filter to out_filter field of the phantom - * protocol. - * - * in_filter fields are not important, there is an exception in - * rte_update() to ignore it for pipes. We cannot just set - * P->in_filter to FILTER_ACCEPT, because that would break other - * things (reconfiguration, show-protocols command). - */ - ph->p.in_filter = FILTER_ACCEPT; - ph->p.out_filter = P->in_filter; + /* Lock the peer table, unlock is handled in proto_fell_down() */ + rt_lock_table(p->peer); - /* - * Connect the phantom protocol to the peer routing table, but - * keep it in the list of connections of the primary protocol, - * so that it gets disconnected at the right time and we also - * get all routes from both sides during the feeding phase. - */ + /* Connect the protocol also to the peer routing table. */ a = proto_add_announce_hook(P, p->peer); - a->proto = &ph->p; return PS_UP; } @@ -187,9 +139,10 @@ pipe_init(struct proto_config *C) p->peer = c->peer->table; p->mode = c->mode; P->accept_ra_types = (p->mode == PIPE_OPAQUE) ? RA_OPTIMAL : RA_ANY; - P->rt_notify = pipe_rt_notify_pri; + P->rt_notify = pipe_rt_notify; P->import_control = pipe_import_control; P->reload_routes = pipe_reload_routes; + return P; } @@ -222,24 +175,9 @@ pipe_reconfigure(struct proto *P, struct proto_config *new) if ((o->peer->table != n->peer->table) || (o->mode != n->mode)) return 0; - /* Update also the filter in the phantom protocol */ - p->phantom->p.out_filter = new->in_filter; return 1; } -struct rtable * -pipe_get_peer_table(struct proto *P) -{ - struct pipe_proto *p = (struct pipe_proto *) P; - return p->peer; -} - -struct proto_stats * -pipe_get_peer_stats(struct proto *P) -{ - struct pipe_proto *p = (struct pipe_proto *) P; - return &p->phantom->p.stats; -} struct protocol proto_pipe = { name: "Pipe", diff --git a/proto/pipe/pipe.h b/proto/pipe/pipe.h index 368ba41b..fbd21291 100644 --- a/proto/pipe/pipe.h +++ b/proto/pipe/pipe.h @@ -21,8 +21,20 @@ struct pipe_config { struct pipe_proto { struct proto p; struct rtable *peer; + struct proto_stats peer_stats; /* Statistics for the direction peer->primary */ int mode; /* PIPE_OPAQUE or PIPE_TRANSPARENT */ - struct pipe_proto *phantom; }; + +extern struct protocol proto_pipe; + +static inline int proto_is_pipe(struct proto *p) +{ return p->proto == &proto_pipe; } + +static inline struct rtable * pipe_get_peer_table(struct proto *P) +{ return ((struct pipe_proto *) P)->peer; } + +static inline struct proto_stats * pipe_get_peer_stats(struct proto *P) +{ return &((struct pipe_proto *) P)->peer_stats; } + #endif diff --git a/proto/rip/rip.c b/proto/rip/rip.c index f9a160e6..d69d6432 100644 --- a/proto/rip/rip.c +++ b/proto/rip/rip.c @@ -864,7 +864,8 @@ rip_store_tmp_attrs(struct rte *rt, struct ea_list *attrs) * own), so store it into our data structures. */ static void -rip_rt_notify(struct proto *p, struct network *net, struct rte *new, struct rte *old, struct ea_list *attrs) +rip_rt_notify(struct proto *p, struct rtable *table UNUSED, struct network *net, + struct rte *new, struct rte *old, struct ea_list *attrs) { CHK_MAGIC; diff --git a/sysdep/unix/krt.c b/sysdep/unix/krt.c index 488447b7..6d94cada 100644 --- a/sysdep/unix/krt.c +++ b/sysdep/unix/krt.c @@ -742,7 +742,8 @@ krt_scan(timer *t UNUSED) */ static void -krt_notify(struct proto *P, net *net, rte *new, rte *old, struct ea_list *attrs UNUSED) +krt_notify(struct proto *P, struct rtable *table UNUSED, net *net, + rte *new, rte *old, struct ea_list *attrs UNUSED) { struct krt_proto *p = (struct krt_proto *) P; -- cgit v1.2.3 From e0a45fb42163a6bfdeeee44bd0a6a7461552e10f Mon Sep 17 00:00:00 2001 From: Ondrej Zajicek Date: Sun, 21 Feb 2010 09:57:26 +0100 Subject: Restricted read-only CLI. Also adds support for executing commands using birdc . --- client/client.c | 49 ++++++++++++++++++++++++++++++++++++++++++++++--- doc/reply_codes | 2 ++ nest/cli.h | 9 +++++++++ nest/config.Y | 25 ++++++++++++++----------- nest/proto.c | 6 +++++- nest/protocol.h | 2 +- sysdep/unix/config.Y | 2 +- sysdep/unix/main.c | 13 +++++++++++++ 8 files changed, 91 insertions(+), 17 deletions(-) (limited to 'sysdep/unix') diff --git a/client/client.c b/client/client.c index 88a6095f..8f514f62 100644 --- a/client/client.c +++ b/client/client.c @@ -25,8 +25,10 @@ #include "client/client.h" #include "sysdep/unix/unix.h" -static char *opt_list = "s:v"; +static char *opt_list = "s:vr"; static int verbose; +static char *init_cmd; +static int once; static char *server_path = PATH_CONTROL_SOCKET; static int server_fd; @@ -49,7 +51,7 @@ static int num_lines, skip_input, interactive; static void usage(void) { - fprintf(stderr, "Usage: birdc [-s ] [-v]\n"); + fprintf(stderr, "Usage: birdc [-s ] [-v] [-r]\n"); exit(1); } @@ -67,11 +69,36 @@ parse_args(int argc, char **argv) case 'v': verbose++; break; + case 'r': + init_cmd = "restrict"; + break; default: usage(); } + + /* If some arguments are not options, we take it as commands */ if (optind < argc) - usage(); + { + char *tmp; + int i; + int len = 0; + + if (init_cmd) + usage(); + + for (i = optind; i < argc; i++) + len += strlen(argv[i]) + 1; + + tmp = init_cmd = malloc(len); + for (i = optind; i < argc; i++) + { + strcpy(tmp, argv[i]); + tmp += strlen(tmp); + *tmp++ = ' '; + } + + once = 1; + } } /*** Input ***/ @@ -267,6 +294,22 @@ update_state(void) if (nstate == cstate) return; + if (init_cmd) + { + /* First transition - client received hello from BIRD + and there is waiting initial command */ + submit_server_command(init_cmd); + init_cmd = NULL; + return; + } + + if (!init_cmd && once) + { + /* Initial command is finished and we want to exit */ + cleanup(); + exit(0); + } + if (nstate == STATE_PROMPT) if (input_initialized) input_reveal(); diff --git a/doc/reply_codes b/doc/reply_codes index db760fb4..22e0fd2d 100644 --- a/doc/reply_codes +++ b/doc/reply_codes @@ -24,6 +24,7 @@ Reply codes of BIRD command-line interface 0013 Status report 0014 Route count 0015 Reloading +0016 Access restricted 1000 BIRD version 1001 Interface list @@ -51,6 +52,7 @@ Reply codes of BIRD command-line interface 8004 Stopped due to reconfiguration 8005 Protocol is down => cannot dump 8006 Reload failed +8007 Access denied 9000 Command too long 9001 Parse error diff --git a/nest/cli.h b/nest/cli.h index f816ef18..57414a29 100644 --- a/nest/cli.h +++ b/nest/cli.h @@ -33,6 +33,7 @@ typedef struct cli { void (*cleanup)(struct cli *c); void *rover; /* Private to continuation routine */ int last_reply; + int restricted; /* CLI is restricted to read-only commands */ struct linpool *parser_pool; /* Pool used during parsing */ byte *ring_buf; /* Ring buffer for asynchronous messages */ byte *ring_end, *ring_read, *ring_write; /* Pointers to the ring buffer */ @@ -60,6 +61,14 @@ void cli_kick(cli *); void cli_written(cli *); void cli_echo(unsigned int class, byte *msg); +static inline int cli_access_restricted(void) +{ + if (this_cli && this_cli->restricted) + return (cli_printf(this_cli, 8007, "Access denied"), 1); + else + return 0; +} + /* Functions provided by sysdep layer */ void cli_write_trigger(cli *); diff --git a/nest/config.Y b/nest/config.Y index 8dc8c713..5a895051 100644 --- a/nest/config.Y +++ b/nest/config.Y @@ -45,7 +45,7 @@ CF_KEYWORDS(INTERFACE, IMPORT, EXPORT, FILTER, NONE, TABLE, STATES, ROUTES, FILT CF_KEYWORDS(PASSWORD, FROM, PASSIVE, TO, ID, EVENTS, PACKETS, PROTOCOLS, INTERFACES) CF_KEYWORDS(PRIMARY, STATS, COUNT, FOR, COMMANDS, PREEXPORT, GENERATE) CF_KEYWORDS(LISTEN, BGP, V6ONLY, ADDRESS, PORT, PASSWORDS, DESCRIPTION) -CF_KEYWORDS(RELOAD, IN, OUT, MRTDUMP, MESSAGES) +CF_KEYWORDS(RELOAD, IN, OUT, MRTDUMP, MESSAGES, RESTRICT) CF_ENUM(T_ENUM_RTS, RTS_, DUMMY, STATIC, INHERIT, DEVICE, STATIC_DEVICE, REDIRECT, RIP, OSPF, OSPF_IA, OSPF_EXT1, OSPF_EXT2, BGP, PIPE) @@ -325,10 +325,10 @@ CF_CLI(SHOW STATUS,,, [[Show router status]]) { cmd_show_status(); } ; CF_CLI(SHOW PROTOCOLS, proto_patt2, [ | \"\"], [[Show routing protocols]]) -{ proto_apply_cmd($3, proto_cmd_show, 0); } ; +{ proto_apply_cmd($3, proto_cmd_show, 0, 0); } ; CF_CLI(SHOW PROTOCOLS ALL, proto_patt2, [ | \"\"], [[Show routing protocol details]]) -{ proto_apply_cmd($4, proto_cmd_show, 1); } ; +{ proto_apply_cmd($4, proto_cmd_show, 0, 1); } ; optsym: SYM @@ -459,25 +459,28 @@ echo_size: ; CF_CLI(DISABLE, proto_patt, | \"\" | all, [[Disable protocol]]) -{ proto_apply_cmd($2, proto_cmd_disable, 0); } ; +{ proto_apply_cmd($2, proto_cmd_disable, 1, 0); } ; CF_CLI(ENABLE, proto_patt, | \"\" | all, [[Enable protocol]]) -{ proto_apply_cmd($2, proto_cmd_enable, 0); } ; +{ proto_apply_cmd($2, proto_cmd_enable, 1, 0); } ; CF_CLI(RESTART, proto_patt, | \"\" | all, [[Restart protocol]]) -{ proto_apply_cmd($2, proto_cmd_restart, 0); } ; +{ proto_apply_cmd($2, proto_cmd_restart, 1, 0); } ; CF_CLI(RELOAD, proto_patt, | \"\" | all, [[Reload protocol]]) -{ proto_apply_cmd($2, proto_cmd_reload, CMD_RELOAD); } ; +{ proto_apply_cmd($2, proto_cmd_reload, 1, CMD_RELOAD); } ; CF_CLI(RELOAD IN, proto_patt, | \"\" | all, [[Reload protocol (just imported routes)]]) -{ proto_apply_cmd($3, proto_cmd_reload, CMD_RELOAD_IN); } ; +{ proto_apply_cmd($3, proto_cmd_reload, 1, CMD_RELOAD_IN); } ; CF_CLI(RELOAD OUT, proto_patt, | \"\" | all, [[Reload protocol (just exported routes)]]) -{ proto_apply_cmd($3, proto_cmd_reload, CMD_RELOAD_OUT); } ; +{ proto_apply_cmd($3, proto_cmd_reload, 1, CMD_RELOAD_OUT); } ; CF_CLI_HELP(DEBUG, ..., [[Control protocol debugging via BIRD logs]]) CF_CLI(DEBUG, proto_patt debug_mask, ( | | all) (all | off | { states | routes | filters | events | packets }), [[Control protocol debugging via BIRD logs]]) -{ proto_apply_cmd($2, proto_cmd_debug, $3); } ; +{ proto_apply_cmd($2, proto_cmd_debug, 1, $3); } ; CF_CLI_HELP(MRTDUMP, ..., [[Control protocol debugging via MRTdump files]]) CF_CLI(MRTDUMP, proto_patt mrtdump_mask, ( | | all) (all | off | { states | messages }), [[Control protocol debugging via MRTdump format]]) -{ proto_apply_cmd($2, proto_cmd_mrtdump, $3); } ; +{ proto_apply_cmd($2, proto_cmd_mrtdump, 1, $3); } ; + +CF_CLI(RESTRICT,,,[[Restrict current CLI session to safe commands]]) +{ this_cli->restricted = 1; cli_msg(16, "Access restricted"); } ; proto_patt: SYM { $$.ptr = $1; $$.patt = 0; } diff --git a/nest/proto.c b/nest/proto.c index 7c4d32d0..e9cf3dfa 100644 --- a/nest/proto.c +++ b/nest/proto.c @@ -1006,8 +1006,12 @@ proto_apply_cmd_patt(char *patt, void (* cmd)(struct proto *, unsigned int, int) } void -proto_apply_cmd(struct proto_spec ps, void (* cmd)(struct proto *, unsigned int, int), unsigned int arg) +proto_apply_cmd(struct proto_spec ps, void (* cmd)(struct proto *, unsigned int, int), + int restricted, unsigned int arg) { + if (restricted && cli_access_restricted()) + return; + if (ps.patt) proto_apply_cmd_patt(ps.ptr, cmd, arg); else diff --git a/nest/protocol.h b/nest/protocol.h index d652c4fb..99356a3d 100644 --- a/nest/protocol.h +++ b/nest/protocol.h @@ -213,7 +213,7 @@ void proto_cmd_reload(struct proto *, unsigned int, int); void proto_cmd_debug(struct proto *, unsigned int, int); void proto_cmd_mrtdump(struct proto *, unsigned int, int); -void proto_apply_cmd(struct proto_spec ps, void (* cmd)(struct proto *, unsigned int, int), unsigned int arg); +void proto_apply_cmd(struct proto_spec ps, void (* cmd)(struct proto *, unsigned int, int), int restricted, unsigned int arg); struct proto *proto_get_named(struct symbol *, struct protocol *); #define CMD_RELOAD 0 diff --git a/sysdep/unix/config.Y b/sysdep/unix/config.Y index 8c2b6903..ac5be7e2 100644 --- a/sysdep/unix/config.Y +++ b/sysdep/unix/config.Y @@ -107,7 +107,7 @@ CF_CLI(CONFIGURE SOFT, cfg_name, [\"\"], [[Reload configuration and ignore { cmd_reconfig($3, RECONFIG_SOFT); } ; CF_CLI(DOWN,,, [[Shut the daemon down]]) -{ cli_msg(7, "Shutdown requested"); order_shutdown(); } ; +{ cmd_shutdown(); } ; cfg_name: /* empty */ { $$ = NULL; } diff --git a/sysdep/unix/main.c b/sysdep/unix/main.c index 7a1ef286..2245692c 100644 --- a/sysdep/unix/main.c +++ b/sysdep/unix/main.c @@ -141,6 +141,9 @@ cmd_reconfig(char *name, int type) { struct config *conf; + if (cli_access_restricted()) + return; + if (!name) name = config_name; cli_msg(-2, "Reading configuration from %s", name); @@ -303,6 +306,16 @@ cli_init_unix(void) * Shutdown */ +void +cmd_shutdown(void) +{ + if (cli_access_restricted()) + return; + + cli_msg(7, "Shutdown requested"); + order_shutdown(); +} + void async_shutdown(void) { -- cgit v1.2.3 From e81b440f6878605edd19ed62441648ac71260881 Mon Sep 17 00:00:00 2001 From: Ondrej Zajicek Date: Sun, 21 Feb 2010 14:34:53 +0100 Subject: Fix configure to enable warnings and fix most of them. --- client/client.c | 20 ++++++++++++-------- conf/gen_keywords.m4 | 6 +++--- configure.in | 20 ++++++-------------- lib/event.c | 3 ++- lib/ip.h | 2 +- lib/ipv4.h | 2 +- lib/socket.h | 2 ++ nest/a-path.c | 4 ++-- nest/cli.c | 4 ++-- nest/locks.c | 3 ++- nest/proto.c | 2 +- nest/rt-table.c | 12 ++++++------ proto/bgp/attrs.c | 10 +++++----- proto/bgp/bgp.c | 12 ++++++------ proto/bgp/packets.c | 3 +-- proto/ospf/hello.c | 12 ++++++------ proto/ospf/lsalib.c | 15 +++++++-------- proto/ospf/lsalib.h | 4 ++-- proto/ospf/lsupd.c | 9 +++------ proto/ospf/neighbor.c | 3 +-- proto/ospf/ospf.c | 16 +++++++--------- proto/ospf/ospf.h | 5 +++-- proto/ospf/packet.c | 1 - proto/ospf/rt.c | 6 +++--- proto/ospf/topology.c | 11 +++++------ proto/pipe/pipe.c | 2 +- proto/rip/rip.c | 3 ++- sysdep/linux/sysio.h | 2 +- sysdep/unix/io.c | 12 +++++++----- sysdep/unix/log.c | 1 + sysdep/unix/unix.h | 1 + 31 files changed, 102 insertions(+), 106 deletions(-) (limited to 'sysdep/unix') diff --git a/client/client.c b/client/client.c index 8f514f62..9acabf21 100644 --- a/client/client.c +++ b/client/client.c @@ -311,10 +311,12 @@ update_state(void) } if (nstate == STATE_PROMPT) - if (input_initialized) - input_reveal(); - else - input_init(); + { + if (input_initialized) + input_reveal(); + else + input_init(); + } if (nstate != STATE_PROMPT) input_hide(); @@ -372,6 +374,8 @@ server_connect(void) die("fcntl: %m"); } +#define PRINTF(LEN, PARGS...) do { if (!skip_input) len = printf(PARGS); } while(0) + static void server_got_reply(char *x) { @@ -379,15 +383,15 @@ server_got_reply(char *x) int len = 0; if (*x == '+') /* Async reply */ - skip_input || (len = printf(">>> %s\n", x+1)); + PRINTF(len, ">>> %s\n", x+1); else if (x[0] == ' ') /* Continuation */ - skip_input || (len = printf("%s%s\n", verbose ? " " : "", x+1)); + PRINTF(len, "%s%s\n", verbose ? " " : "", x+1); else if (strlen(x) > 4 && sscanf(x, "%d", &code) == 1 && code >= 0 && code < 10000 && (x[4] == ' ' || x[4] == '-')) { if (code) - skip_input || (len = printf("%s\n", verbose ? x : x+5)); + PRINTF(len, "%s\n", verbose ? x : x+5); if (x[4] == ' ') { nstate = STATE_PROMPT; @@ -396,7 +400,7 @@ server_got_reply(char *x) } } else - skip_input || (len = printf("??? <%s>\n", x)); + PRINTF(len, "??? <%s>\n", x); if (skip_input) return; diff --git a/conf/gen_keywords.m4 b/conf/gen_keywords.m4 index 34a0011f..cf3fb58e 100644 --- a/conf/gen_keywords.m4 +++ b/conf/gen_keywords.m4 @@ -23,7 +23,7 @@ m4_define(CF_DECLS, `m4_divert(-1)') m4_define(CF_DEFINES, `m4_divert(-1)') # Keywords are translated to C initializers -m4_define(CF_handle_kw, `m4_divert(1){ "m4_translit($1,[[A-Z]],[[a-z]])", $1 }, +m4_define(CF_handle_kw, `m4_divert(1){ "m4_translit($1,[[A-Z]],[[a-z]])", $1, NULL }, m4_divert(-1)') m4_define(CF_keywd, `m4_ifdef([[CF_tok_$1]],,[[m4_define([[CF_tok_$1]],1)CF_handle_kw($1)]])') m4_define(CF_KEYWORDS, `m4_define([[CF_toks]],[[]])CF_iterate([[CF_keywd]], [[$@]])m4_ifelse(CF_toks,,,%token[[]]CF_toks @@ -34,7 +34,7 @@ m4_define(CF_CLI, `CF_KEYWORDS(m4_translit($1, [[ ]], [[,]])) ') # Enums are translated to C initializers: use CF_ENUM(typename, prefix, values) -m4_define(CF_enum, `m4_divert(1){ "CF_enum_prefix[[]]$1", -((CF_enum_type<<16) | CF_enum_prefix[[]]$1) }, +m4_define(CF_enum, `m4_divert(1){ "CF_enum_prefix[[]]$1", -((CF_enum_type<<16) | CF_enum_prefix[[]]$1), NULL }, m4_divert(-1)') m4_define(CF_ENUM, `m4_define([[CF_enum_type]],$1)m4_define([[CF_enum_prefix]],$2)CF_iterate([[CF_enum]], [[m4_shift(m4_shift($@))]])DNL') @@ -42,7 +42,7 @@ m4_define(CF_ENUM, `m4_define([[CF_enum_type]],$1)m4_define([[CF_enum_prefix]],$ m4_m4wrap(` m4_divert(0) static struct keyword keyword_list[] = { -m4_undivert(1){ NULL, -1 } }; +m4_undivert(1){ NULL, -1, NULL } }; ') # As we are processing C source, we must access all M4 primitives via diff --git a/configure.in b/configure.in index ec2417b2..c931c183 100644 --- a/configure.in +++ b/configure.in @@ -8,7 +8,6 @@ AC_CONFIG_AUX_DIR(tools) AC_ARG_ENABLE(debug,[ --enable-debug enable internal debugging routines (default: disabled)],,enable_debug=no) AC_ARG_ENABLE(memcheck,[ --enable-memcheck check memory allocations when debugging (default: enabled)],,enable_memcheck=yes) -AC_ARG_ENABLE(warnings,[ --enable-warnings enable extra warnings (default: disabled)],,enable_warnings=no) AC_ARG_ENABLE(client,[ --enable-client enable building of BIRD client (default: enabled)],,enable_client=yes) AC_ARG_ENABLE(ipv6,[ --enable-ipv6 enable building of IPv6 version (default: disabled)],,enable_ipv6=no) AC_ARG_WITH(sysconfig,[ --with-sysconfig=FILE use specified BIRD system configuration file]) @@ -56,24 +55,17 @@ AC_SEARCH_LIBS(clock_gettime,[c rt posix4]) AC_CANONICAL_HOST -AC_PROG_CC -if test -z "$GCC" ; then - AC_MSG_ERROR([This program requires the GNU C Compiler.]) - fi AC_MSG_CHECKING([what CFLAGS should we use]) if test "$ac_test_CFLAGS" != set ; then - if test "$enable_warnings" = yes ; then - WARNS=" -Wmissing-prototypes -Wundef" - else - WARNS=" -Wno-unused" - fi - CFLAGS="$CFLAGS -Wall -W -Wstrict-prototypes -Wno-pointer-sign -Wno-parentheses$WARNS" -fi -if test "$with_sysinclude" != no -a -n "$with_sysinclude"; then - CPPFLAGS="$CPPFLAGS -I$with_sysinclude" + CFLAGS="$CFLAGS -Wall -Wstrict-prototypes -Wno-pointer-sign -Wno-parentheses" fi AC_MSG_RESULT($CFLAGS) +AC_PROG_CC +if test -z "$GCC" ; then + AC_MSG_ERROR([This program requires the GNU C Compiler.]) +fi + AC_PROG_CPP AC_PROG_INSTALL AC_PROG_RANLIB diff --git a/lib/event.c b/lib/event.c index d556cd05..ce5e81c8 100644 --- a/lib/event.c +++ b/lib/event.c @@ -49,7 +49,8 @@ static struct resclass ev_class = { "Event", sizeof(event), (void (*)(resource *)) ev_postpone, - ev_dump + ev_dump, + NULL }; /** diff --git a/lib/ip.h b/lib/ip.h index 1cc74e81..5dc9191b 100644 --- a/lib/ip.h +++ b/lib/ip.h @@ -46,7 +46,7 @@ char *ip_scope_text(unsigned); struct prefix { ip_addr addr; - int len; + unsigned int len; }; #define ip_is_prefix(a,l) (!ipa_nonzero(ipa_and(a, ipa_not(ipa_mkmask(l))))) diff --git a/lib/ipv4.h b/lib/ipv4.h index 52bed16f..74f1e88f 100644 --- a/lib/ipv4.h +++ b/lib/ipv4.h @@ -72,7 +72,7 @@ int ipv4_classify(u32); u32 ipv4_class_mask(u32); byte *ipv4_skip_header(byte *, int *); -static inline int ipv4_has_link_scope(u32 a) +static inline int ipv4_has_link_scope(u32 a UNUSED) { return 0; } diff --git a/lib/socket.h b/lib/socket.h index 82b5de0c..a2857999 100644 --- a/lib/socket.h +++ b/lib/socket.h @@ -66,6 +66,8 @@ int sk_leave_group(sock *s, ip_addr maddr); int sk_set_ipv6_checksum(sock *s, int offset); #endif +int sk_set_broadcast(sock *s, int enable); + static inline int sk_send_buffer_empty(sock *sk) { diff --git a/nest/a-path.c b/nest/a-path.c index 396d4632..058b4344 100644 --- a/nest/a-path.c +++ b/nest/a-path.c @@ -385,7 +385,7 @@ as_path_match(struct adata *path, struct f_path_mask *mask) struct pm_pos pos[2048 + 1]; int plen = parse_path(path, pos); int l, h, i, nh, nl; - u32 val; + u32 val = 0; /* l and h are bound of interval of positions where are marked states */ @@ -417,7 +417,7 @@ as_path_match(struct adata *path, struct f_path_mask *mask) goto step; case PM_QUESTION: step: - nh = -1; + nh = nl = -1; for (i = h; i >= l; i--) if (pos[i].mark) { diff --git a/nest/cli.c b/nest/cli.c index ace97beb..4d2b8fd0 100644 --- a/nest/cli.c +++ b/nest/cli.c @@ -357,8 +357,8 @@ cli_echo(unsigned int class, byte *msg) free = (c->ring_end - c->ring_buf) - (c->ring_write - c->ring_read + 1); else free = c->ring_read - c->ring_write - 1; - if (len > free || - free < c->log_threshold && class < (unsigned) L_INFO[0]) + if ((len > free) || + (free < c->log_threshold && class < (unsigned) L_INFO[0])) { c->ring_overflow++; continue; diff --git a/nest/locks.c b/nest/locks.c index 1cdbbc99..7044d6a9 100644 --- a/nest/locks.c +++ b/nest/locks.c @@ -97,7 +97,8 @@ static struct resclass olock_class = { "ObjLock", sizeof(struct object_lock), olock_free, - olock_dump + olock_dump, + NULL }; /** diff --git a/nest/proto.c b/nest/proto.c index e9cf3dfa..48837055 100644 --- a/nest/proto.c +++ b/nest/proto.c @@ -51,7 +51,7 @@ proto_enqueue(list *l, struct proto *p) static void proto_relink(struct proto *p) { - list *l; + list *l = NULL; if (p->debug & D_STATES) { diff --git a/nest/rt-table.c b/nest/rt-table.c index 72a1cb0e..41ecf646 100644 --- a/nest/rt-table.c +++ b/nest/rt-table.c @@ -158,7 +158,7 @@ rte_trace_out(unsigned int flag, struct proto *p, rte *e, char *msg) } static inline void -do_rte_announce(struct announce_hook *a, int type, net *net, rte *new, rte *old, ea_list *tmpa, int class, int refeed) +do_rte_announce(struct announce_hook *a, int type UNUSED, net *net, rte *new, rte *old, ea_list *tmpa, int class, int refeed) { struct proto *p = a->proto; struct filter *filter = p->out_filter; @@ -196,8 +196,8 @@ do_rte_announce(struct announce_hook *a, int type, net *net, rte *new, rte *old, } else if (ok) rte_trace_out(D_FILTERS, p, new, "forced accept by protocol"); - else if (filter == FILTER_REJECT || - filter && f_run(filter, &new, &tmpa, rte_update_pool, FF_FORCE_TMPATTR) > F_ACCEPT) + else if ((filter == FILTER_REJECT) || + (filter && f_run(filter, &new, &tmpa, rte_update_pool, FF_FORCE_TMPATTR) > F_ACCEPT)) { stats->exp_updates_filtered++; drop_reason = "filtered out"; @@ -329,7 +329,7 @@ do_rte_announce(struct announce_hook *a, int type, net *net, rte *new, rte *old, * the protocol gets called. */ static void -rte_announce(rtable *tab, int type, net *net, rte *new, rte *old, ea_list *tmpa) +rte_announce(rtable *tab, unsigned type, net *net, rte *new, rte *old, ea_list *tmpa) { struct announce_hook *a; int class = ipa_classify(net->n.prefix); @@ -1203,8 +1203,8 @@ rt_show_net(struct cli *c, net *n, struct rt_show_data *d) 'configure soft' command may change the export filter and do not update routes */ - if (p1->out_filter == FILTER_REJECT || - p1->out_filter && f_run(p1->out_filter, &e, &tmpa, rte_update_pool, FF_FORCE_TMPATTR) > F_ACCEPT) + if ((p1->out_filter == FILTER_REJECT) || + (p1->out_filter && f_run(p1->out_filter, &e, &tmpa, rte_update_pool, FF_FORCE_TMPATTR) > F_ACCEPT)) ok = 0; } } diff --git a/proto/bgp/attrs.c b/proto/bgp/attrs.c index 96679870..6d0c0450 100644 --- a/proto/bgp/attrs.c +++ b/proto/bgp/attrs.c @@ -47,7 +47,7 @@ bgp_check_origin(struct bgp_proto *p UNUSED, byte *a, int len UNUSED) } static void -bgp_format_origin(eattr *a, byte *buf, int buflen) +bgp_format_origin(eattr *a, byte *buf, int buflen UNUSED) { static char *bgp_origin_names[] = { "IGP", "EGP", "Incomplete" }; @@ -257,14 +257,14 @@ static struct attr_desc bgp_attr_table[] = { NULL, NULL }, { "cluster_list", -1, BAF_OPTIONAL, EAF_TYPE_INT_SET, 0, /* BA_CLUSTER_LIST */ bgp_check_cluster_list, bgp_format_cluster_list }, - { NULL, }, /* BA_DPA */ - { NULL, }, /* BA_ADVERTISER */ - { NULL, }, /* BA_RCID_PATH */ + { .name = NULL }, /* BA_DPA */ + { .name = NULL }, /* BA_ADVERTISER */ + { .name = NULL }, /* BA_RCID_PATH */ { "mp_reach_nlri", -1, BAF_OPTIONAL, EAF_TYPE_OPAQUE, 1, /* BA_MP_REACH_NLRI */ bgp_check_reach_nlri, NULL }, { "mp_unreach_nlri", -1, BAF_OPTIONAL, EAF_TYPE_OPAQUE, 1, /* BA_MP_UNREACH_NLRI */ bgp_check_unreach_nlri, NULL }, - { NULL, }, /* BA_EXTENDED_COMM */ + { .name = NULL }, /* BA_EXTENDED_COMM */ { "as4_path", -1, BAF_OPTIONAL | BAF_TRANSITIVE, EAF_TYPE_OPAQUE, 1, /* BA_AS4_PATH */ NULL, NULL }, { "as4_aggregator", -1, BAF_OPTIONAL | BAF_TRANSITIVE, EAF_TYPE_OPAQUE, 1, /* BA_AS4_PATH */ diff --git a/proto/bgp/bgp.c b/proto/bgp/bgp.c index be841bdf..4410c043 100644 --- a/proto/bgp/bgp.c +++ b/proto/bgp/bgp.c @@ -203,7 +203,7 @@ bgp_start_timer(timer *t, int value) void bgp_close_conn(struct bgp_conn *conn) { - struct bgp_proto *p = conn->bgp; + // struct bgp_proto *p = conn->bgp; DBG("BGP: Closing connection\n"); conn->packets_to_send = 0; @@ -237,7 +237,7 @@ bgp_update_startup_delay(struct bgp_proto *p) DBG("BGP: Updating startup delay\n"); - if (p->last_proto_error && ((now - p->last_proto_error) >= cf->error_amnesia_time)) + if (p->last_proto_error && ((now - p->last_proto_error) >= (int) cf->error_amnesia_time)) p->startup_delay = 0; p->last_proto_error = now; @@ -492,7 +492,7 @@ bgp_setup_conn(struct bgp_proto *p, struct bgp_conn *conn) } static void -bgp_setup_sk(struct bgp_proto *p, struct bgp_conn *conn, sock *s) +bgp_setup_sk(struct bgp_conn *conn, sock *s) { s->data = conn; s->err_hook = bgp_sock_err; @@ -555,7 +555,7 @@ bgp_connect(struct bgp_proto *p) /* Enter Connect state and start establishing c s->tx_hook = bgp_connected; BGP_TRACE(D_EVENTS, "Connecting to %I from local address %I", s->daddr, s->saddr); bgp_setup_conn(p, conn); - bgp_setup_sk(p, conn, s); + bgp_setup_sk(conn, s); bgp_conn_set_state(conn, BS_CONNECT); if (sk_open(s)) { @@ -601,7 +601,7 @@ bgp_incoming_connection(sock *sk, int dummy UNUSED) goto err; bgp_setup_conn(p, &p->incoming_conn); - bgp_setup_sk(p, &p->incoming_conn, sk); + bgp_setup_sk(&p->incoming_conn, sk); sk_set_ttl(sk, p->cf->multihop ? : 1); bgp_send_open(&p->incoming_conn); return 0; @@ -615,7 +615,7 @@ bgp_incoming_connection(sock *sk, int dummy UNUSED) } static void -bgp_listen_sock_err(sock *sk, int err) +bgp_listen_sock_err(sock *sk UNUSED, int err) { if (err == ECONNABORTED) log(L_WARN "BGP: Incoming connection aborted"); diff --git a/proto/bgp/packets.c b/proto/bgp/packets.c index 329efb3c..3609c568 100644 --- a/proto/bgp/packets.c +++ b/proto/bgp/packets.c @@ -44,7 +44,6 @@ static byte * mrt_put_bgp4_hdr(byte *buf, struct bgp_conn *conn, int as4) { struct bgp_proto *p = conn->bgp; - ip_addr local_addr; if (as4) { @@ -614,7 +613,7 @@ bgp_tx(sock *sk) void bgp_parse_capabilities(struct bgp_conn *conn, byte *opt, int len) { - struct bgp_proto *p = conn->bgp; + // struct bgp_proto *p = conn->bgp; int cl; while (len > 0) diff --git a/proto/ospf/hello.c b/proto/ospf/hello.c index 738748d8..2f3a8a81 100644 --- a/proto/ospf/hello.c +++ b/proto/ospf/hello.c @@ -48,8 +48,8 @@ ospf_hello_receive(struct ospf_packet *ps_i, struct ospf_iface *ifa, struct proto_ospf *po = ifa->oa->po; struct proto *p = &po->proto; char *beg = "Bad OSPF HELLO packet from ", *rec = " received: "; - unsigned int size, i, twoway, oldpriority, eligible, peers; - u32 olddr, oldbdr, oldiface_id, tmp; + unsigned int size, i, twoway, eligible, peers; + u32 tmp; u32 *pnrid; size = ntohs(ps_i->length); @@ -188,11 +188,11 @@ ospf_hello_receive(struct ospf_packet *ps_i, struct ospf_iface *ifa, if (!twoway) ospf_neigh_sm(n, INM_1WAYREC); - olddr = n->dr; - oldbdr = n->bdr; - oldpriority = n->priority; + u32 olddr = n->dr; + u32 oldbdr = n->bdr; + u32 oldpriority = n->priority; #ifdef OSPFv3 - oldiface_id = n->iface_id; + u32 oldiface_id = n->iface_id; #endif n->dr = ntohl(ps->dr); diff --git a/proto/ospf/lsalib.c b/proto/ospf/lsalib.c index ab633984..35f02dcd 100644 --- a/proto/ospf/lsalib.c +++ b/proto/ospf/lsalib.c @@ -122,22 +122,22 @@ ntohlsah(struct ospf_lsa_header *n, struct ospf_lsa_header *h) } void -htonlsab(void *h, void *n, u16 type, u16 len) +htonlsab(void *h, void *n, u16 len) { u32 *hid = h; u32 *nid = n; - int i; + unsigned i; for (i = 0; i < (len / sizeof(u32)); i++) nid[i] = htonl(hid[i]); } void -ntohlsab(void *n, void *h, u16 type, u16 len) +ntohlsab(void *n, void *h, u16 len) { u32 *nid = n; u32 *hid = h; - int i; + unsigned i; for (i = 0; i < (len / sizeof(u32)); i++) hid[i] = ntohl(nid[i]); @@ -185,11 +185,10 @@ void lsasum_calculate(struct ospf_lsa_header *h, void *body) { u16 length = h->length; - u16 type = h->type; // log(L_WARN "Checksum %R %R %d start (len %d)", h->id, h->rt, h->type, length); htonlsah(h, h); - htonlsab(body, body, type, length - sizeof(struct ospf_lsa_header)); + htonlsab(body, body, length - sizeof(struct ospf_lsa_header)); /* char buf[1024]; @@ -203,7 +202,7 @@ lsasum_calculate(struct ospf_lsa_header *h, void *body) // log(L_WARN "Checksum result %4x", h->checksum); ntohlsah(h, h); - ntohlsab(body, body, type, length - sizeof(struct ospf_lsa_header)); + ntohlsab(body, body, length - sizeof(struct ospf_lsa_header)); } /* @@ -325,7 +324,7 @@ lsa_validate_rt(struct ospf_lsa_header *lsa, struct ospf_lsa_rt *body) } static int -lsa_validate_net(struct ospf_lsa_header *lsa, struct ospf_lsa_net *body) +lsa_validate_net(struct ospf_lsa_header *lsa, struct ospf_lsa_net *body UNUSED) { if (lsa->length < (HDRLEN + sizeof(struct ospf_lsa_net))) return 0; diff --git a/proto/ospf/lsalib.h b/proto/ospf/lsalib.h index ed929beb..a799de31 100644 --- a/proto/ospf/lsalib.h +++ b/proto/ospf/lsalib.h @@ -12,8 +12,8 @@ void htonlsah(struct ospf_lsa_header *h, struct ospf_lsa_header *n); void ntohlsah(struct ospf_lsa_header *n, struct ospf_lsa_header *h); -void htonlsab(void *h, void *n, u16 type, u16 len); -void ntohlsab(void *n, void *h, u16 type, u16 len); +void htonlsab(void *h, void *n, u16 len); +void ntohlsab(void *n, void *h, u16 len); void lsasum_calculate(struct ospf_lsa_header *header, void *body); u16 lsasum_check(struct ospf_lsa_header *h, void *body); #define CMP_NEWER 1 diff --git a/proto/ospf/lsupd.c b/proto/ospf/lsupd.c index 9bed374e..628dca96 100644 --- a/proto/ospf/lsupd.c +++ b/proto/ospf/lsupd.c @@ -290,8 +290,7 @@ ospf_lsupd_flood(struct proto_ospf *po, htonlsah(hh, lh); help = (u8 *) (lh + 1); en = ospf_hash_find_header(po->gr, domain, hh); - htonlsab(en->lsa_body, help, hh->type, hh->length - - sizeof(struct ospf_lsa_header)); + htonlsab(en->lsa_body, help, hh->length - sizeof(struct ospf_lsa_header)); } len = sizeof(struct ospf_lsupd_packet) + ntohs(lh->length); @@ -386,8 +385,7 @@ ospf_lsupd_send_list(struct ospf_neighbor *n, list * l) } htonlsah(&(en->lsa), pktpos); pktpos = pktpos + sizeof(struct ospf_lsa_header); - htonlsab(en->lsa_body, pktpos, en->lsa.type, en->lsa.length - - sizeof(struct ospf_lsa_header)); + htonlsab(en->lsa_body, pktpos, en->lsa.length - sizeof(struct ospf_lsa_header)); pktpos = pktpos + en->lsa.length - sizeof(struct ospf_lsa_header); len += en->lsa.length; lsano++; @@ -630,8 +628,7 @@ ospf_lsupd_receive(struct ospf_packet *ps_i, struct ospf_iface *ifa, /* pg 144 (5d) */ void *body = mb_alloc(p->pool, lsatmp.length - sizeof(struct ospf_lsa_header)); - ntohlsab(lsa + 1, body, lsatmp.type, - lsatmp.length - sizeof(struct ospf_lsa_header)); + ntohlsab(lsa + 1, body, lsatmp.length - sizeof(struct ospf_lsa_header)); /* We will do validation check after flooding and acknowledging given LSA to minimize problems diff --git a/proto/ospf/neighbor.c b/proto/ospf/neighbor.c index 0411d48e..13abc569 100644 --- a/proto/ospf/neighbor.c +++ b/proto/ospf/neighbor.c @@ -440,7 +440,6 @@ void bdr_election(struct ospf_iface *ifa) { struct proto_ospf *po = ifa->oa->po; - struct proto *p = &po->proto; u32 myid = po->router_id; struct ospf_neighbor *neigh, *ndr, *nbdr, me; int doadj; @@ -632,7 +631,7 @@ static void rxmt_timer_hook(timer * timer) { struct ospf_neighbor *n = (struct ospf_neighbor *) timer->data; - struct proto *p = &n->ifa->oa->po->proto; + // struct proto *p = &n->ifa->oa->po->proto; struct top_hash_entry *en; DBG("%s: RXMT timer fired on interface %s for neigh: %I.\n", diff --git a/proto/ospf/ospf.c b/proto/ospf/ospf.c index 26a05d95..edca5959 100644 --- a/proto/ospf/ospf.c +++ b/proto/ospf/ospf.c @@ -224,9 +224,11 @@ ospf_dump(struct proto *p) } } + /* OSPF_TRACE(D_EVENTS, "LSA graph dump start:"); ospf_top_dump(po->gr, p); OSPF_TRACE(D_EVENTS, "LSA graph dump finished"); + */ neigh_dump_all(); } @@ -500,7 +502,7 @@ ospf_rt_notify(struct proto *p, rtable *tbl UNUSED, net * n, rte * new, rte * ol } static void -ospf_ifa_notify(struct proto *p, unsigned flags, struct ifa *a) +ospf_ifa_notify(struct proto *p, unsigned flags UNUSED, struct ifa *a) { struct proto_ospf *po = (struct proto_ospf *) p; struct ospf_iface *ifa; @@ -915,7 +917,7 @@ ospf_reconfigure(struct proto *p, struct proto_config *c) void ospf_sh_neigh(struct proto *p, char *iff) { - struct ospf_iface *ifa = NULL, *f; + struct ospf_iface *ifa = NULL; struct ospf_neighbor *n; struct proto_ospf *po = (struct proto_ospf *) p; @@ -1006,7 +1008,7 @@ void ospf_sh_iface(struct proto *p, char *iff) { struct proto_ospf *po = (struct proto_ospf *) p; - struct ospf_iface *ifa = NULL, *f; + struct ospf_iface *ifa = NULL; if (p->proto_state != PS_UP) { @@ -1193,7 +1195,6 @@ show_lsa_network(struct top_hash_entry *he) static inline void show_lsa_sum_net(struct top_hash_entry *he) { - struct ospf_lsa_header *lsa = &(he->lsa); ip_addr ip; int pxlen; @@ -1217,7 +1218,7 @@ show_lsa_sum_rt(struct top_hash_entry *he) u32 dst_rid, options; #ifdef OSPFv2 - struct ospf_lsa_sum *ls = he->lsa_body; + // struct ospf_lsa_sum *ls = he->lsa_body; dst_rid = he->lsa.id; options = 0; #else /* OSPFv3 */ @@ -1235,7 +1236,6 @@ show_lsa_external(struct top_hash_entry *he) { struct ospf_lsa_header *lsa = &(he->lsa); struct ospf_lsa_ext *ext = he->lsa_body; - struct ospf_lsa_ext_tos *et = (struct ospf_lsa_ext_tos *) (ext + 1); char str_via[STD_ADDRESS_P_LENGTH + 8] = ""; char str_tag[16] = ""; ip_addr ip, rt_fwaddr; @@ -1493,8 +1493,6 @@ ospf_sh_lsadb(struct proto *p) if ((dscope != last_dscope) || (hea[i]->domain != last_domain)) { - struct iface *ifa; - cli_msg(-1017, ""); switch (dscope) { @@ -1506,7 +1504,7 @@ ospf_sh_lsadb(struct proto *p) break; #ifdef OSPFv3 case LSA_SCOPE_LINK: - ifa = if_find_by_index(hea[i]->domain); + struct iface *ifa = if_find_by_index(hea[i]->domain); cli_msg(-1017, "Link %s", (ifa != NULL) ? ifa->name : "?"); break; #endif diff --git a/proto/ospf/ospf.h b/proto/ospf/ospf.h index 17dc1521..78b66ec9 100644 --- a/proto/ospf/ospf.h +++ b/proto/ospf/ospf.h @@ -704,7 +704,7 @@ struct ospf_area struct top_hash_entry *pxr_lsa; /* Originated prefix LSA */ list cand; /* List of candidates for RT calc. */ struct fib net_fib; /* Networks to advertise or not */ - int stub; + unsigned stub; int trcap; /* Transit capability? */ u32 options; /* Optional features */ struct proto_ospf *po; @@ -781,13 +781,14 @@ void schedule_net_lsa(struct ospf_iface *ifa); #ifdef OSPFv3 void schedule_link_lsa(struct ospf_iface *ifa); #else -static inline void schedule_link_lsa(struct ospf_iface *ifa) {} +static inline void schedule_link_lsa(struct ospf_iface *ifa UNUSED) {} #endif void ospf_sh_neigh(struct proto *p, char *iff); void ospf_sh(struct proto *p); void ospf_sh_iface(struct proto *p, char *iff); void ospf_sh_state(struct proto *p, int verbose); +void ospf_sh_lsadb(struct proto *p); #define EA_OSPF_METRIC1 EA_CODE(EAP_OSPF, 0) diff --git a/proto/ospf/packet.c b/proto/ospf/packet.c index ce9739e0..ea5f7a86 100644 --- a/proto/ospf/packet.c +++ b/proto/ospf/packet.c @@ -14,7 +14,6 @@ void ospf_pkt_fill_hdr(struct ospf_iface *ifa, void *buf, u8 h_type) { struct proto_ospf *po = ifa->oa->po; - struct proto *p = &po->proto; struct ospf_packet *pkt; pkt = (struct ospf_packet *) buf; diff --git a/proto/ospf/rt.c b/proto/ospf/rt.c index c3ed19f8..84e47252 100644 --- a/proto/ospf/rt.c +++ b/proto/ospf/rt.c @@ -226,7 +226,7 @@ process_prefixes(struct ospf_area *oa) static void ospf_rt_spfa_rtlinks(struct ospf_area *oa, struct top_hash_entry *act, struct top_hash_entry *en) { - struct proto *p = &oa->po->proto; + // struct proto *p = &oa->po->proto; struct proto_ospf *po = oa->po; orta nf; u32 i; @@ -519,7 +519,7 @@ link_back(struct ospf_area *oa, struct top_hash_entry *en, struct top_hash_entry static void ospf_rt_sum_tr(struct ospf_area *oa) { - struct proto *p = &oa->po->proto; + // struct proto *p = &oa->po->proto; struct proto_ospf *po = oa->po; struct ospf_area *bb = po->backbone; ip_addr ip, abrip; @@ -1077,8 +1077,8 @@ static int calc_next_hop(struct ospf_area *oa, struct top_hash_entry *en, struct top_hash_entry *par) { + // struct proto *p = &oa->po->proto; struct ospf_neighbor *neigh; - struct proto *p = &oa->po->proto; struct proto_ospf *po = oa->po; struct ospf_iface *ifa; diff --git a/proto/ospf/topology.c b/proto/ospf/topology.c index 870c0bc2..54701192 100644 --- a/proto/ospf/topology.c +++ b/proto/ospf/topology.c @@ -744,7 +744,7 @@ originate_sum_net_lsa(struct ospf_area *oa, struct fib_node *fn, int metric) } void -originate_sum_rt_lsa(struct ospf_area *oa, struct fib_node *fn, int metric, u32 options) +originate_sum_rt_lsa(struct ospf_area *oa, struct fib_node *fn, int metric, u32 options UNUSED) { struct proto_ospf *po = oa->po; struct proto *p = &po->proto; @@ -899,7 +899,6 @@ originate_ext_lsa_body(net *n, rte *e, u16 *length, struct proto_ospf *po, u32 tag = ea_get_int(attrs, EA_OSPF_TAG, 0); int gw = 0; int size = sizeof(struct ospf_lsa_ext); - u32 *buf; if ((e->attrs->dest == RTD_ROUTER) && !ipa_equal(e->attrs->gw, IPA_NONE) && @@ -927,7 +926,7 @@ originate_ext_lsa_body(net *n, rte *e, u16 *length, struct proto_ospf *po, ext->fwaddr = gw ? e->attrs->gw : IPA_NONE; ext->tag = tag; #else /* OSPFv3 */ - buf = ext->rest; + u32 *buf = ext->rest; buf = put_ipv6_prefix(buf, n->n.prefix, n->n.pxlen, 0, 0); if (gw) @@ -1017,7 +1016,6 @@ flush_ext_lsa(net *n, struct proto_ospf *po) { struct proto *p = &po->proto; struct fib_node *fn = &n->n; - struct ospf_area *oa; struct top_hash_entry *en; OSPF_TRACE(D_EVENTS, "Flushing AS-external-LSA for %I/%d", @@ -1651,10 +1649,11 @@ ospf_hash_delete(struct top_graph *f, struct top_hash_entry *e) bug("ospf_hash_delete() called for invalid node"); } +/* static void ospf_dump_lsa(struct top_hash_entry *he, struct proto *p) { - /* + struct ospf_lsa_rt *rt = NULL; struct ospf_lsa_rt_link *rr = NULL; struct ospf_lsa_net *ln = NULL; @@ -1688,7 +1687,6 @@ ospf_dump_lsa(struct top_hash_entry *he, struct proto *p) default: break; } - */ } void @@ -1704,6 +1702,7 @@ ospf_top_dump(struct top_graph *f, struct proto *p) ospf_dump_lsa(e, p); } } +*/ /* This is very inefficient, please don't call it often */ diff --git a/proto/pipe/pipe.c b/proto/pipe/pipe.c index 943d3a0e..7fdf2733 100644 --- a/proto/pipe/pipe.c +++ b/proto/pipe/pipe.c @@ -168,7 +168,7 @@ pipe_get_status(struct proto *P, byte *buf) static int pipe_reconfigure(struct proto *P, struct proto_config *new) { - struct pipe_proto *p = (struct pipe_proto *) P; + // struct pipe_proto *p = (struct pipe_proto *) P; struct pipe_config *o = (struct pipe_config *) P->cf; struct pipe_config *n = (struct pipe_config *) new; diff --git a/proto/rip/rip.c b/proto/rip/rip.c index d69d6432..3b95a3ed 100644 --- a/proto/rip/rip.c +++ b/proto/rip/rip.c @@ -752,6 +752,7 @@ new_iface(struct proto *p, struct iface *new, unsigned long flags, struct iface_ return NULL; } /* On dummy, we just return non-working socket, so that user gets error every time anyone requests table */ + return rif; } static void @@ -956,7 +957,7 @@ rip_rte_insert(net *net UNUSED, rte *rte) static void rip_rte_remove(net *net UNUSED, rte *rte) { - struct proto *p = rte->attrs->proto; + // struct proto *p = rte->attrs->proto; CHK_MAGIC; DBG( "rip_rte_remove: %p\n", rte ); rem_node( &rte->u.rip.garbage ); diff --git a/sysdep/linux/sysio.h b/sysdep/linux/sysio.h index 70d35ccf..7fe3566b 100644 --- a/sysdep/linux/sysio.h +++ b/sysdep/linux/sysio.h @@ -87,7 +87,7 @@ struct ip_mreqn #define fill_mreq_ifa fill_mreq #define fill_mreq_grp fill_mreq -static inline fill_mreq(struct ip_mreqn *m, struct iface *ifa, ip_addr maddr) +static inline void fill_mreq(struct ip_mreqn *m, struct iface *ifa, ip_addr maddr) { bzero(m, sizeof(*m)); m->imr_ifindex = ifa->index; diff --git a/sysdep/unix/io.c b/sysdep/unix/io.c index 90b5b144..915baf44 100644 --- a/sysdep/unix/io.c +++ b/sysdep/unix/io.c @@ -70,7 +70,8 @@ static struct resclass rf_class = { "FILE", sizeof(struct rfile), rf_free, - rf_dump + rf_dump, + NULL }; void * @@ -195,7 +196,8 @@ static struct resclass tm_class = { "Timer", sizeof(timer), tm_free, - tm_dump + tm_dump, + NULL }; /** @@ -564,7 +566,8 @@ static struct resclass sk_class = { "Socket", sizeof(sock), sk_free, - sk_dump + sk_dump, + NULL }; /** @@ -640,7 +643,7 @@ fill_in_sockaddr(sockaddr *sa, ip_addr a, unsigned port) } static inline void -fill_in_sockifa(sockaddr *sa, struct iface *ifa) +fill_in_sockifa(sockaddr *sa UNUSED, struct iface *ifa UNUSED) { } @@ -1492,7 +1495,6 @@ io_loop(void) { sock *s = current_sock; int e; - int steps; if ((s->type < SK_MAGIC) && FD_ISSET(s->fd, &rd) && s->rx_hook) { diff --git a/sysdep/unix/log.c b/sysdep/unix/log.c index f227549c..3d3b4337 100644 --- a/sysdep/unix/log.c +++ b/sysdep/unix/log.c @@ -19,6 +19,7 @@ #include #include #include +#include #include "nest/bird.h" #include "nest/cli.h" diff --git a/sysdep/unix/unix.h b/sysdep/unix/unix.h index 83f61af9..1a461ee1 100644 --- a/sysdep/unix/unix.h +++ b/sysdep/unix/unix.h @@ -17,6 +17,7 @@ void async_config(void); void async_dump(void); void async_shutdown(void); void cmd_reconfig(char *name, int type); +void cmd_shutdown(void); /* io.c */ -- cgit v1.2.3 From ff2857b03db854f99902766ad842aaa5fa29ec3c Mon Sep 17 00:00:00 2001 From: Ondrej Zajicek Date: Fri, 26 Feb 2010 10:55:58 +0100 Subject: Many changes in (mainly) kernel syncers. - BSD kernel syncer is now self-conscious and can learn alien routes - important bugfix in BSD kernel syncer (crash after protocol restart) - many minor changes and bugfixes in kernel syncers and neighbor cache - direct protocol does not generate host and link local routes - min_scope check is removed, all routes have SCOPE_UNIVERSE by default - also fixes some remaining compiler warnings --- doc/bird.sgml | 15 ++- lib/ip.h | 4 + nest/iface.h | 1 + nest/neighbor.c | 23 +++- nest/proto.c | 1 - nest/protocol.h | 1 - nest/rt-dev.c | 7 +- nest/rt-table.c | 52 ++------- proto/bgp/packets.c | 3 - proto/ospf/ospf.c | 12 +- proto/ospf/rt.c | 6 +- sysdep/bsd/krt-sock.c | 250 +++++++++++++++++++++-------------------- sysdep/cf/bsd-v6.h | 2 +- sysdep/cf/bsd.h | 2 +- sysdep/linux/netlink/netlink.c | 151 ++++++++++--------------- sysdep/unix/io.c | 2 +- sysdep/unix/krt.c | 40 +++---- sysdep/unix/krt.h | 1 + sysdep/unix/unix.h | 4 + 19 files changed, 279 insertions(+), 298 deletions(-) (limited to 'sysdep/unix') diff --git a/doc/bird.sgml b/doc/bird.sgml index 3d82e45b..b70f0345 100644 --- a/doc/bird.sgml +++ b/doc/bird.sgml @@ -824,7 +824,14 @@ defined by using the defined( attribute ) operator. Network the route is talking about. Read-only. (See the chapter about routing tables.) - Address scope of the network ( Preference of the route. Valid values are 0-65535. (See the chapter about routing tables.) @@ -842,7 +849,11 @@ defined by using the defined( attribute ) operator. what protocol has told me about this route. Possible values: - Route type ( Type of destination the packets should be sent to (proto == p && ipa_equal(*a, n->addr)) + if (n->proto == p && ipa_equal(*a, n->addr) && (!ifa || (ifa == n->iface))) return n; class = ipa_classify(*a); @@ -129,7 +129,12 @@ neigh_find2(struct proto *p, ip_addr *a, struct iface *ifa, unsigned flags) return NULL; /* Bad scope or a somecast */ if (ifa) - scope = if_connected(a, ifa); + { + scope = if_connected(a, ifa); + + if ((scope < 0) && (flags & NEF_ONLINK)) + scope = class & IADDR_SCOPE_MASK; + } else WALK_LIST(i, iface_list) if ((scope = if_connected(a, i)) >= 0) @@ -138,22 +143,28 @@ neigh_find2(struct proto *p, ip_addr *a, struct iface *ifa, unsigned flags) break; } - if (!ifa && !(flags & NEF_STICKY)) + /* scope < 0 means i don't know neighbor */ + /* scope >= 0 implies ifa != NULL */ + + if ((scope < 0) && !(flags & NEF_STICKY)) return NULL; n = sl_alloc(neigh_slab); n->addr = *a; - n->iface = ifa; - if (ifa) + if (scope >= 0) { add_tail(&neigh_hash_table[h], &n->n); add_tail(&ifa->neighbors, &n->if_n); } else { + /* sticky flag does not work for link-local neighbors; + fortunately, we don't use this combination */ add_tail(&sticky_neigh_list, &n->n); + ifa = NULL; scope = 0; } + n->iface = ifa; n->proto = p; n->data = NULL; n->aux = 0; diff --git a/nest/proto.c b/nest/proto.c index 48837055..db6bf9bf 100644 --- a/nest/proto.c +++ b/nest/proto.c @@ -113,7 +113,6 @@ proto_new(struct proto_config *c, unsigned size) p->table = c->table->table; p->in_filter = c->in_filter; p->out_filter = c->out_filter; - p->min_scope = SCOPE_SITE; p->hash_key = random_u32(); c->proto = p; return p; diff --git a/nest/protocol.h b/nest/protocol.h index 99356a3d..d94873e4 100644 --- a/nest/protocol.h +++ b/nest/protocol.h @@ -130,7 +130,6 @@ struct proto { u32 debug; /* Debugging flags */ u32 mrtdump; /* MRTDump flags */ unsigned preference; /* Default route preference */ - int min_scope; /* Minimal route scope accepted */ unsigned accept_ra_types; /* Which types of route announcements are accepted (RA_OPTIMAL or RA_ANY) */ unsigned disabled; /* Manually disabled */ unsigned proto_state; /* Protocol state machine (see below) */ diff --git a/nest/rt-dev.c b/nest/rt-dev.c index b86015df..bb8eb8ee 100644 --- a/nest/rt-dev.c +++ b/nest/rt-dev.c @@ -33,6 +33,10 @@ dev_ifa_notify(struct proto *p, unsigned c, struct ifa *ad) !iface_patt_find(&P->iface_list, ad->iface)) /* Empty list is automagically treated as "*" */ return; + + if (ad->scope <= SCOPE_LINK) + return; + if (c & IF_CHANGE_DOWN) { net *n; @@ -56,7 +60,7 @@ dev_ifa_notify(struct proto *p, unsigned c, struct ifa *ad) bzero(&A, sizeof(A)); A.proto = p; A.source = RTS_DEVICE; - A.scope = ad->scope; + A.scope = SCOPE_UNIVERSE; A.cast = RTC_UNICAST; A.dest = RTD_DEVICE; A.iface = ad->iface; @@ -76,7 +80,6 @@ dev_init(struct proto_config *c) struct proto *p = proto_new(c, sizeof(struct proto)); p->ifa_notify = dev_ifa_notify; - p->min_scope = SCOPE_HOST; return p; } diff --git a/nest/rt-table.c b/nest/rt-table.c index 41ecf646..1860b1a1 100644 --- a/nest/rt-table.c +++ b/nest/rt-table.c @@ -158,7 +158,7 @@ rte_trace_out(unsigned int flag, struct proto *p, rte *e, char *msg) } static inline void -do_rte_announce(struct announce_hook *a, int type UNUSED, net *net, rte *new, rte *old, ea_list *tmpa, int class, int refeed) +do_rte_announce(struct announce_hook *a, int type UNUSED, net *net, rte *new, rte *old, ea_list *tmpa, int refeed) { struct proto *p = a->proto; struct filter *filter = p->out_filter; @@ -183,13 +183,7 @@ do_rte_announce(struct announce_hook *a, int type UNUSED, net *net, rte *new, rt stats->exp_updates_received++; char *drop_reason = NULL; - if ((class & IADDR_SCOPE_MASK) < p->min_scope) - { - stats->exp_updates_rejected++; - drop_reason = "out of scope"; - fast_exit_hack = 1; - } - else if ((ok = p->import_control ? p->import_control(p, &new, &tmpa, rte_update_pool) : 0) < 0) + if ((ok = p->import_control ? p->import_control(p, &new, &tmpa, rte_update_pool) : 0) < 0) { stats->exp_updates_rejected++; drop_reason = "rejected by protocol"; @@ -332,7 +326,6 @@ static void rte_announce(rtable *tab, unsigned type, net *net, rte *new, rte *old, ea_list *tmpa) { struct announce_hook *a; - int class = ipa_classify(net->n.prefix); if (type == RA_OPTIMAL) { @@ -346,7 +339,7 @@ rte_announce(rtable *tab, unsigned type, net *net, rte *new, rte *old, ea_list * { ASSERT(a->proto->core_state == FS_HAPPY || a->proto->core_state == FS_FEEDING); if (a->proto->accept_ra_types == type) - do_rte_announce(a, type, net, new, old, tmpa, class, 0); + do_rte_announce(a, type, net, new, old, tmpa, 0); } } @@ -362,33 +355,15 @@ rte_validate(rte *e) n->n.prefix, n->n.pxlen, e->sender->name); return 0; } - if (n->n.pxlen) + + c = ipa_classify_net(n->n.prefix); + if ((c < 0) || !(c & IADDR_HOST) || ((c & IADDR_SCOPE_MASK) <= SCOPE_LINK)) { - c = ipa_classify(n->n.prefix); - if (c < 0 || !(c & IADDR_HOST)) - { - if (!ipa_nonzero(n->n.prefix)) - { - /* Various default routes */ -#ifdef IPV6 - if (n->n.pxlen == 96) -#else - if (n->n.pxlen <= 1) -#endif - return 1; - } - log(L_WARN "Ignoring bogus route %I/%d received via %s", - n->n.prefix, n->n.pxlen, e->sender->name); - return 0; - } - if ((c & IADDR_SCOPE_MASK) < e->sender->min_scope) - { - log(L_WARN "Ignoring %s scope route %I/%d received from %I via %s", - ip_scope_text(c & IADDR_SCOPE_MASK), - n->n.prefix, n->n.pxlen, e->attrs->from, e->sender->name); - return 0; - } + log(L_WARN "Ignoring bogus route %I/%d received via %s", + n->n.prefix, n->n.pxlen, e->sender->name); + return 0; } + return 1; } @@ -1018,7 +993,7 @@ do_feed_baby(struct proto *p, int type, struct announce_hook *h, net *n, rte *e) rte_update_lock(); tmpa = q->make_tmp_attrs ? q->make_tmp_attrs(e, rte_update_pool) : NULL; - do_rte_announce(h, type, n, e, p->refeeding ? e : NULL, tmpa, ipa_classify(n->n.prefix), p->refeeding); + do_rte_announce(h, type, n, e, p->refeeding ? e : NULL, tmpa, p->refeeding); rte_update_unlock(); } @@ -1190,11 +1165,8 @@ rt_show_net(struct cli *c, net *n, struct rt_show_data *d) if (p2 && p2 != p0) ok = 0; if (ok && d->export_mode) { - int class = ipa_classify(n->n.prefix); int ic; - if ((class & IADDR_SCOPE_MASK) < p1->min_scope) - ok = 0; - else if ((ic = p1->import_control ? p1->import_control(p1, &e, &tmpa, rte_update_pool) : 0) < 0) + if ((ic = p1->import_control ? p1->import_control(p1, &e, &tmpa, rte_update_pool) : 0) < 0) ok = 0; else if (!ic && d->export_mode > 1) { diff --git a/proto/bgp/packets.c b/proto/bgp/packets.c index 3609c568..2baa6e34 100644 --- a/proto/bgp/packets.c +++ b/proto/bgp/packets.c @@ -914,7 +914,6 @@ bgp_do_rx_update(struct bgp_conn *conn, rta *a = NULL; ip_addr prefix; net *n; - rte e; int err = 0, pxlen; p->mp_reach_len = 0; @@ -936,8 +935,6 @@ bgp_do_rx_update(struct bgp_conn *conn, DO_NLRI(mp_reach) { - int i; - /* Create fake NEXT_HOP attribute */ if (len < 1 || (*x != 16 && *x != 32) || len < *x + 2) goto bad; diff --git a/proto/ospf/ospf.c b/proto/ospf/ospf.c index edca5959..191aa456 100644 --- a/proto/ospf/ospf.c +++ b/proto/ospf/ospf.c @@ -1234,7 +1234,6 @@ show_lsa_sum_rt(struct top_hash_entry *he) static inline void show_lsa_external(struct top_hash_entry *he) { - struct ospf_lsa_header *lsa = &(he->lsa); struct ospf_lsa_ext *ext = he->lsa_body; char str_via[STD_ADDRESS_P_LENGTH + 8] = ""; char str_tag[16] = ""; @@ -1245,7 +1244,7 @@ show_lsa_external(struct top_hash_entry *he) rt_metric = ext->metric & METRIC_MASK; ebit = ext->metric & LSA_EXT_EBIT; #ifdef OSPFv2 - ip = ipa_and(ipa_from_u32(lsa->id), ext->netmask); + ip = ipa_and(ipa_from_u32(he->lsa.id), ext->netmask); pxlen = ipa_mklen(ext->netmask); rt_fwaddr = ext->fwaddr; rt_fwaddr_valid = !ipa_equal(rt_fwaddr, IPA_NONE); @@ -1282,10 +1281,7 @@ show_lsa_external(struct top_hash_entry *he) static inline void show_lsa_prefix(struct top_hash_entry *he, struct ospf_lsa_header *olsa) { - struct ospf_lsa_header *lsa = &(he->lsa); struct ospf_lsa_prefix *px = he->lsa_body; - struct ospf_lsa_ext *ext = he->lsa_body; - char *msg; ip_addr pxa; int pxlen; u8 pxopts; @@ -1504,8 +1500,10 @@ ospf_sh_lsadb(struct proto *p) break; #ifdef OSPFv3 case LSA_SCOPE_LINK: - struct iface *ifa = if_find_by_index(hea[i]->domain); - cli_msg(-1017, "Link %s", (ifa != NULL) ? ifa->name : "?"); + { + struct iface *ifa = if_find_by_index(hea[i]->domain); + cli_msg(-1017, "Link %s", (ifa != NULL) ? ifa->name : "?"); + } break; #endif } diff --git a/proto/ospf/rt.c b/proto/ospf/rt.c index 84e47252..c856eea1 100644 --- a/proto/ospf/rt.c +++ b/proto/ospf/rt.c @@ -170,7 +170,7 @@ static void process_prefixes(struct ospf_area *oa) { struct proto_ospf *po = oa->po; - struct proto *p = &po->proto; + // struct proto *p = &po->proto; struct top_hash_entry *en, *src; struct ospf_lsa_prefix *px; ip_addr pxa; @@ -228,7 +228,6 @@ ospf_rt_spfa_rtlinks(struct ospf_area *oa, struct top_hash_entry *act, struct to { // struct proto *p = &oa->po->proto; struct proto_ospf *po = oa->po; - orta nf; u32 i; struct ospf_lsa_rt *rt = en->lsa_body; @@ -249,6 +248,7 @@ ospf_rt_spfa_rtlinks(struct ospf_area *oa, struct top_hash_entry *act, struct to */ DBG("\n"); + orta nf; nf.type = RTS_OSPF; nf.options = 0; nf.metric1 = act->dist + rtl->metric; @@ -571,7 +571,7 @@ ospf_rt_sum_tr(struct ospf_area *oa) type = ORT_NET; re = (ort *) fib_find(&po->rtf, &ip, pxlen); } - else if (en->lsa.type == LSA_T_SUM_RT) + else // en->lsa.type == LSA_T_SUM_RT { #ifdef OSPFv2 struct ospf_lsa_sum *ls = en->lsa_body; diff --git a/sysdep/bsd/krt-sock.c b/sysdep/bsd/krt-sock.c index a5279657..dac2c2e6 100644 --- a/sysdep/bsd/krt-sock.c +++ b/sysdep/bsd/krt-sock.c @@ -33,39 +33,8 @@ #include "lib/string.h" #include "lib/socket.h" -#ifdef IPV6 -#define HOST_MASK 128 -#else -#define HOST_MASK 32 -#endif - int rt_sock = 0; -#define CHECK_FAMILY(sa) \ - ((((struct sockaddr *)sa)->sa_family) == BIRD_AF) - -static struct iface * -krt_temp_iface_index(struct krt_proto *p, unsigned index) -{ - struct iface *i, *j; - - WALK_LIST(i, p->scan.temp_ifs) - if (i->index == index) - return i; - i = mb_allocz(p->p.pool, sizeof(struct iface)); - if (j = if_find_by_index(index)) - { - strcpy(i->name, j->name); - i->addr = j->addr; - } - else - strcpy(i->name, "?"); - i->index = index; - add_tail(&p->scan.temp_ifs, &i->n); - return i; -} - - int krt_capable(rte *e) { @@ -83,7 +52,7 @@ krt_capable(rte *e) || a->dest == RTD_UNREACHABLE #endif #ifdef RTF_BLACKHOLE - || a->dest == RTD_BLACKHOLE /* FIXME Prohibited? */ + || a->dest == RTD_BLACKHOLE #endif ); } @@ -96,6 +65,13 @@ krt_capable(rte *e) l = ROUNDUP(((struct sockaddr *)&(u))->sa_len);\ memmove(body, &(u), l); body += l;} +#define GETADDR(p, F) \ + bzero(p, sizeof(*p));\ + if ((addrs & (F)) && ((struct sockaddr *)body)->sa_len) {\ + unsigned int l = ROUNDUP(((struct sockaddr *)body)->sa_len);\ + memcpy(p, body, (l > sizeof(*p) ? sizeof(*p) : l));\ + body += l;} + static void krt_sock_send(int cmd, rte *e) { @@ -108,7 +84,7 @@ krt_sock_send(int cmd, rte *e) char *body = (char *)msg.buf; sockaddr gate, mask, dst; - DBG("krt-sock: send %I/%d via %I", net->n.prefix, net->n.pxlen, a->gw); + DBG("krt-sock: send %I/%d via %I\n", net->n.prefix, net->n.pxlen, a->gw); fill_in_sockaddr(&dst, net->n.prefix, 0); fill_in_sockaddr(&mask, ipa_mkmask(net->n.pxlen), 0); @@ -119,9 +95,9 @@ krt_sock_send(int cmd, rte *e) msg.rtm.rtm_type = cmd; msg.rtm.rtm_seq = msg_seq++; msg.rtm.rtm_addrs = RTA_DST; - msg.rtm.rtm_flags = RTF_UP; + msg.rtm.rtm_flags = RTF_UP | RTF_PROTO1; - if (net->n.pxlen == HOST_MASK) + if (net->n.pxlen == MAX_PREFIX_LENGTH) { msg.rtm.rtm_flags |= RTF_HOST; } @@ -200,12 +176,12 @@ krt_sock_send(int cmd, rte *e) msg.rtm.rtm_msglen = l; if ((l = write(rt_sock, (char *)&msg, l)) < 0) { - log(L_ERR "KIF: error writting route to socket (%I/%d)", net->n.prefix, net->n.pxlen); + log(L_ERR "KIF: Error sending route %I/%d to kernel", net->n.prefix, net->n.pxlen); } } void -krt_set_notify(struct krt_proto *p UNUSED, net *net UNUSED, rte *new, rte *old) +krt_set_notify(struct krt_proto *p UNUSED, net *net, rte *new, rte *old) { if (old) { @@ -258,68 +234,87 @@ krt_set_start(struct krt_proto *x, int first UNUSED) bug("krt-sock: sk_open failed"); } +#define SKIP(ARG...) do { DBG("KRT: Ignoring route - " ARG); return; } while(0) + static void krt_read_rt(struct ks_msg *msg, struct krt_proto *p, int scan) { - sockaddr gate, mask, dst; rta a; rte *e; net *net; + sockaddr dst, gate, mask; ip_addr idst, igate, imask; void *body = (char *)msg->buf; int new = (msg->rtm.rtm_type == RTM_ADD); int src; + char *errmsg = "KRT: Invalid route received"; int flags = msg->rtm.rtm_flags; int addrs = msg->rtm.rtm_addrs; - int masklen = -1; - - if (!(flags & RTF_UP)) - { - DBG("Down.\n"); - return; - } - if (flags & RTF_HOST) - masklen = HOST_MASK; + if (!(flags & RTF_UP) && scan) + SKIP("not up in scan\n"); - if(!CHECK_FAMILY(body)) return; + if (!(flags & RTF_DONE) && !scan) + SKIP("not done in async\n"); - if(msg->rtm.rtm_flags & RTF_LLINFO) return; /* ARPs etc. */ + if (flags & RTF_LLINFO) + SKIP("link-local\n"); -#define GETADDR(p, F) \ - bzero(p, sizeof(*p));\ - if ((addrs & (F)) && ((struct sockaddr *)body)->sa_len) {\ - unsigned int l = ROUNDUP(((struct sockaddr *)body)->sa_len);\ - memcpy(p, body, (l > sizeof(*p) ? sizeof(*p) : l));\ - body += l;} + GETADDR(&dst, RTA_DST); + GETADDR(&gate, RTA_GATEWAY); + GETADDR(&mask, RTA_NETMASK); - GETADDR (&dst, RTA_DST); - GETADDR (&gate, RTA_GATEWAY); - GETADDR (&mask, RTA_NETMASK); + if (sa_family_check(&dst)) + get_sockaddr(&dst, &idst, NULL, 0); + else + SKIP("invalid DST"); - idst = IPA_NONE; - igate = IPA_NONE; - imask = IPA_NONE; + /* We will check later whether we have valid gateway addr */ + if (sa_family_check(&gate)) + get_sockaddr(&gate, &igate, NULL, 0); + else + igate = IPA_NONE; - get_sockaddr(&dst, &idst, NULL, 0); - if(CHECK_FAMILY(&gate)) get_sockaddr(&gate, &igate, NULL, 0); + /* We do not test family for RTA_NETMASK, because BSD sends us + some strange values, but interpreting them as IPv4/IPv6 works */ get_sockaddr(&mask, &imask, NULL, 0); - if (masklen < 0) masklen = ipa_mklen(imask); + int c = ipa_classify_net(idst); + if ((c < 0) || !(c & IADDR_HOST) || ((c & IADDR_SCOPE_MASK) <= SCOPE_LINK)) + SKIP("strange class/scope\n"); - if (flags & (RTF_DYNAMIC | RTF_MODIFIED)) - { - log(L_WARN "krt: Ignoring redirect to %I/%d via %I", idst, masklen, igate); - return; - } + int pxlen = (flags & RTF_HOST) ? MAX_PREFIX_LENGTH : ipa_mklen(imask); + if (pxlen < 0) + { log(L_ERR "%s (%I) - netmask %I", errmsg, idst, imask); return; } - if (masklen < 0) - { - log(L_WARN "krt: Got invalid route from kernel!"); - return; - } + if ((flags & RTF_GATEWAY) && ipa_zero(igate)) + { log(L_ERR "%s (%I/%d) - missing gateway", errmsg, idst, pxlen); return; } + + u32 self_mask = RTF_PROTO1; + u32 alien_mask = RTF_STATIC | RTF_PROTO1; + +#ifdef RTF_PROTO2 + alien_mask |= RTF_PROTO2; +#endif - net = net_get(p->p.table, idst, masklen); +#ifdef RTF_PROTO3 + alien_mask |= RTF_PROTO3; +#endif + + if (flags & (RTF_DYNAMIC | RTF_MODIFIED)) + src = KRT_SRC_REDIRECT; + else if (flags & self_mask) + { + if (!scan) + SKIP("echo\n"); + src = KRT_SRC_BIRD; + } + else if (flags & alien_mask) + src = KRT_SRC_ALIEN; + else + src = KRT_SRC_KERNEL; + + net = net_get(p->p.table, idst, pxlen); bzero(&a, sizeof(a)); @@ -333,56 +328,56 @@ krt_read_rt(struct ks_msg *msg, struct krt_proto *p, int scan) a.iface = NULL; a.eattrs = NULL; - a.dest = RTD_NONE; - - if (flags & RTF_GATEWAY) - { - neighbor *ng = neigh_find(&p->p, &igate, 0); - if (ng && ng->scope) - a.iface = ng->iface; - else - { - log(L_WARN "Kernel told us to use non-neighbor %I for %I/%d", igate, net->n.prefix, net->n.pxlen); - return; - } - - a.dest = RTD_ROUTER; - a.gw = igate; - } - else - { - a.dest = RTD_DEVICE; - a.gw = IPA_NONE; - a.iface = krt_temp_iface_index(p, msg->rtm.rtm_index); - } + /* reject/blackhole routes have also set RTF_GATEWAY, + we wil check them first. */ #ifdef RTF_REJECT if(flags & RTF_REJECT) { a.dest = RTD_UNREACHABLE; - a.gw = IPA_NONE; + goto done; } #endif #ifdef RTF_BLACKHOLE if(flags & RTF_BLACKHOLE) { a.dest = RTD_BLACKHOLE; - a.gw = IPA_NONE; + goto done; } #endif - if (a.dest == RTD_NONE) + a.iface = if_find_by_index(msg->rtm.rtm_index); + if (!a.iface) + { + log(L_ERR "KRT: Received route %I/%d with unknown ifindex %u", + net->n.prefix, net->n.pxlen, msg->rtm.rtm_index); + return; + } + + if (flags & RTF_GATEWAY) { - log(L_WARN "Kernel reporting unknown route type to %I/%d", net->n.prefix, net->n.pxlen); - return; - } + neighbor *ng; + a.dest = RTD_ROUTER; + a.gw = igate; - src = KRT_SRC_UNKNOWN; /* FIXME */ + ng = neigh_find2(&p->p, &a.gw, a.iface, 0); + if (!ng || (ng->scope == SCOPE_HOST)) + { + log(L_ERR "KRT: Received route %I/%d with strange next-hop %I", + net->n.prefix, net->n.pxlen, a.gw); + return; + } + } + else + a.dest = RTD_DEVICE; + done: e = rte_get_temp(&a); e->net = net; e->u.krt.src = src; - //e->u.krt.proto = i->rtm_protocol; - //e->u.krt.type = i->rtm_type; + + /* These are probably too Linux-specific */ + e->u.krt.proto = 0; + e->u.krt.type = 0; e->u.krt.metric = 0; if (scan) @@ -471,6 +466,10 @@ krt_read_addr(struct ks_msg *msg) int scope, masklen = -1; int new = (ifam->ifam_type == RTM_NEWADDR); + /* Strange messages with zero (invalid) ifindex appear on OpenBSD */ + if (ifam->ifam_index == 0) + return; + if(!(iface = if_find_by_index(ifam->ifam_index))) { log(L_ERR "KIF: Received address message for unknown interface %d", ifam->ifam_index); @@ -486,7 +485,9 @@ krt_read_addr(struct ks_msg *msg) GETADDR (&null, RTA_AUTHOR); GETADDR (&brd, RTA_BRD); - if(!CHECK_FAMILY(&addr)) return; /* Some other family address */ + /* Some other family address */ + if (!sa_family_check(&addr)) + return; get_sockaddr(&addr, &iaddr, NULL, 0); get_sockaddr(&mask, &imask, NULL, 0); @@ -593,27 +594,27 @@ krt_sysctl_scan(struct proto *p, pool *pool, byte **buf, size_t *bl, int cmd) mib[4] = cmd; mib[5] = 0; - if( sysctl(mib, 6 , NULL , &needed, NULL, 0) < 0) + if (sysctl(mib, 6 , NULL , &needed, NULL, 0) < 0) { die("RT scan..."); } obl = *bl; - while(needed > *bl) *bl *= 2; - while(needed < (*bl/2)) *bl /= 2; + while (needed > *bl) *bl *= 2; + while (needed < (*bl/2)) *bl /= 2; - if( (obl!=*bl) || !*buf) + if ((obl!=*bl) || !*buf) { - if(*buf) mb_free(*buf); - if( (*buf = mb_alloc(pool, *bl)) == NULL ) die("RT scan buf alloc"); + if (*buf) mb_free(*buf); + if ((*buf = mb_alloc(pool, *bl)) == NULL) die("RT scan buf alloc"); } on = needed; - if( sysctl(mib, 6 , *buf, &needed, NULL, 0) < 0) + if (sysctl(mib, 6 , *buf, &needed, NULL, 0) < 0) { - if(on != needed) return; /* The buffer size changed since last sysctl */ + if (on != needed) return; /* The buffer size changed since last sysctl */ die("RT scan 2"); } @@ -624,22 +625,23 @@ krt_sysctl_scan(struct proto *p, pool *pool, byte **buf, size_t *bl, int cmd) } } +static byte *krt_buffer = NULL; +static byte *kif_buffer = NULL; +static size_t krt_buflen = 32768; +static size_t kif_buflen = 4096; + void krt_scan_fire(struct krt_proto *p) { - static byte *buf = NULL; - static size_t bl = 32768; - krt_sysctl_scan((struct proto *)p , p->krt_pool, &buf, &bl, NET_RT_DUMP); + krt_sysctl_scan((struct proto *)p, p->krt_pool, &krt_buffer, &krt_buflen, NET_RT_DUMP); } void krt_if_scan(struct kif_proto *p) { - static byte *buf = NULL; - static size_t bl = 4096; struct proto *P = (struct proto *)p; if_start_update(); - krt_sysctl_scan(P, P->pool, &buf, &bl, NET_RT_IFLIST); + krt_sysctl_scan(P, P->pool, &kif_buffer, &kif_buflen, NET_RT_IFLIST); if_end_update(); } @@ -652,7 +654,9 @@ krt_set_construct(struct krt_config *c UNUSED) void krt_set_shutdown(struct krt_proto *x UNUSED, int last UNUSED) { -} + mb_free(krt_buffer); + krt_buffer = NULL; +} void krt_if_io_init(void) @@ -672,5 +676,7 @@ krt_if_start(struct kif_proto *p UNUSED) void krt_if_shutdown(struct kif_proto *p UNUSED) { + mb_free(kif_buffer); + kif_buffer = NULL; } diff --git a/sysdep/cf/bsd-v6.h b/sysdep/cf/bsd-v6.h index f3aefeb4..66985abf 100644 --- a/sysdep/cf/bsd-v6.h +++ b/sysdep/cf/bsd-v6.h @@ -9,7 +9,7 @@ #define IPV6 #define CONFIG_AUTO_ROUTES -#undef CONFIG_SELF_CONSCIOUS +#define CONFIG_SELF_CONSCIOUS #undef CONFIG_MULTIPLE_TABLES #undef CONFIG_UNIX_IFACE diff --git a/sysdep/cf/bsd.h b/sysdep/cf/bsd.h index 72b24720..acd1b58b 100644 --- a/sysdep/cf/bsd.h +++ b/sysdep/cf/bsd.h @@ -7,7 +7,7 @@ */ #define CONFIG_AUTO_ROUTES -#undef CONFIG_SELF_CONSCIOUS +#define CONFIG_SELF_CONSCIOUS #undef CONFIG_MULTIPLE_TABLES #undef CONFIG_UNIX_IFACE diff --git a/sysdep/linux/netlink/netlink.c b/sysdep/linux/netlink/netlink.c index f45fe159..b59b32f3 100644 --- a/sysdep/linux/netlink/netlink.c +++ b/sysdep/linux/netlink/netlink.c @@ -52,7 +52,6 @@ struct nl_sock static struct nl_sock nl_scan = {.fd = -1}; /* Netlink socket for synchronous scan */ static struct nl_sock nl_req = {.fd = -1}; /* Netlink socket for requests */ - static void nl_open_sock(struct nl_sock *nl) { @@ -555,23 +554,7 @@ krt_set_notify(struct krt_proto *p, net *n UNUSED, rte *new, rte *old) nl_send_route(p, new, 1); } -static struct iface * -krt_temp_iface(struct krt_proto *p, unsigned index) -{ - struct iface *i, *j; - - WALK_LIST(i, p->scan.temp_ifs) - if (i->index == index) - return i; - i = mb_allocz(p->p.pool, sizeof(struct iface)); - if (j = if_find_by_index(index)) - strcpy(i->name, j->name); - else - strcpy(i->name, "?"); - i->index = index; - add_tail(&p->scan.temp_ifs, &i->n); - return i; -} +#define SKIP(ARG...) do { DBG("KRT: Ignoring route - " ARG); return; } while(0) static void nl_parse_route(struct nlmsghdr *h, int scan) @@ -599,31 +582,7 @@ nl_parse_route(struct nlmsghdr *h, int scan) #endif (a[RTA_GATEWAY] && RTA_PAYLOAD(a[RTA_GATEWAY]) != sizeof(ip_addr))) { - log(L_ERR "nl_parse_route: Malformed message received"); - return; - } - - p = nl_table_map[i->rtm_table]; /* Do we know this table? */ - if (!p) - return; - -#ifdef IPV6 - if (a[RTA_IIF]) - { - DBG("KRT: Ignoring route with IIF set\n"); - return; - } -#else - if (i->rtm_tos != 0) /* We don't support TOS */ - { - DBG("KRT: Ignoring route with TOS %02x\n", i->rtm_tos); - return; - } -#endif - - if (scan && !new) - { - DBG("KRT: Ignoring route deletion\n"); + log(L_ERR "KRT: Malformed message received"); return; } @@ -634,33 +593,57 @@ nl_parse_route(struct nlmsghdr *h, int scan) } else dst = IPA_NONE; + if (a[RTA_OIF]) memcpy(&oif, RTA_DATA(a[RTA_OIF]), sizeof(oif)); else oif = ~0; - DBG("Got %I/%d, type=%d, oif=%d, table=%d, prid=%d, proto=%s\n", dst, i->rtm_dst_len, i->rtm_type, oif, i->rtm_table, i->rtm_protocol, p->p.name); + DBG("KRT: Got %I/%d, type=%d, oif=%d, table=%d, prid=%d, proto=%s\n", dst, i->rtm_dst_len, i->rtm_type, oif, i->rtm_table, i->rtm_protocol, p->p.name); + + p = nl_table_map[i->rtm_table]; /* Do we know this table? */ + if (!p) + SKIP("unknown table %d", i->rtm_table); + +#ifdef IPV6 + if (a[RTA_IIF]) + SKIP("IIF set\n"); +#else + if (i->rtm_tos != 0) /* We don't support TOS */ + SKIP("TOS %02x\n", i->rtm_tos); +#endif + + if (scan && !new) + SKIP("RTM_DELROUTE in scan\n"); + + int c = ipa_classify_net(dst); + if ((c < 0) || !(c & IADDR_HOST) || ((c & IADDR_SCOPE_MASK) <= SCOPE_LINK)) + SKIP("strange class/scope\n"); + + // ignore rtm_scope, it is not a real scope + // if (i->rtm_scope != RT_SCOPE_UNIVERSE) + // SKIP("scope %u\n", i->rtm_scope); switch (i->rtm_protocol) { + case RTPROT_UNSPEC: + SKIP("proto unspec\n"); + case RTPROT_REDIRECT: src = KRT_SRC_REDIRECT; break; + case RTPROT_KERNEL: - DBG("Route originated in kernel, ignoring\n"); + src = KRT_SRC_KERNEL; return; + case RTPROT_BIRD: -#ifdef IPV6 - case RTPROT_BOOT: - /* Current Linux kernels don't remember rtm_protocol for IPv6 routes and supply RTPROT_BOOT instead */ -#endif if (!scan) - { - DBG("Echo of our own route, ignoring\n"); - return; - } + SKIP("echo\n"); src = KRT_SRC_BIRD; break; + + case RTPROT_BOOT: default: src = KRT_SRC_ALIEN; } @@ -679,52 +662,48 @@ nl_parse_route(struct nlmsghdr *h, int scan) switch (i->rtm_type) { case RTN_UNICAST: - if (oif == ~0U) + ra.iface = if_find_by_index(oif); + if (!ra.iface) { - log(L_ERR "KRT: Mysterious route with no OIF (%I/%d)", net->n.prefix, net->n.pxlen); + log(L_ERR "KRT: Received route %I/%d with unknown ifindex %u", + net->n.prefix, net->n.pxlen, oif); return; } + if (a[RTA_GATEWAY]) { - struct iface *ifa = if_find_by_index(oif); neighbor *ng; ra.dest = RTD_ROUTER; memcpy(&ra.gw, RTA_DATA(a[RTA_GATEWAY]), sizeof(ra.gw)); ipa_ntoh(ra.gw); - if (i->rtm_flags & RTNH_F_ONLINK) - { - /* route with 'onlink' attribute */ - ra.iface = if_find_by_index(oif); - if (ra.iface == NULL) - { - log(L_WARN "Kernel told us to use unknown interface %u for %I/%d", - oif, net->n.prefix, net->n.pxlen); - return; - } - } - else + ng = neigh_find2(&p->p, &ra.gw, ra.iface, + (i->rtm_flags & RTNH_F_ONLINK) ? NEF_ONLINK : 0); + if (!ng || (ng->scope == SCOPE_HOST)) { - ng = neigh_find2(&p->p, &ra.gw, ifa, 0); - if (ng && ng->scope) - { - if (ng->iface != ifa) - log(L_WARN "KRT: Route with unexpected iface for %I/%d", net->n.prefix, net->n.pxlen); - ra.iface = ng->iface; - } - else - { - log(L_WARN "Kernel told us to use non-neighbor %I for %I/%d", ra.gw, net->n.prefix, net->n.pxlen); - return; - } - + log(L_ERR "KRT: Received route %I/%d with strange next-hop %I", + net->n.prefix, net->n.pxlen, ra.gw); + return; } } else { ra.dest = RTD_DEVICE; - ra.iface = krt_temp_iface(p, oif); + + /* + * In Linux IPv6, 'native' device routes have proto + * RTPROT_BOOT and not RTPROT_KERNEL (which they have in + * IPv4 and which is expected). We cannot distinguish + * 'native' and user defined device routes, so we ignore all + * such device routes and for consistency, we have the same + * behavior in IPv4. Anyway, users should use RTPROT_STATIC + * for their 'alien' routes. + */ + + if (i->rtm_protocol == RTPROT_BOOT) + src = KRT_SRC_KERNEL; } + break; case RTN_BLACKHOLE: ra.dest = RTD_BLACKHOLE; @@ -737,13 +716,7 @@ nl_parse_route(struct nlmsghdr *h, int scan) break; /* FIXME: What about RTN_THROW? */ default: - DBG("KRT: Ignoring route with type=%d\n", i->rtm_type); - return; - } - - if (i->rtm_scope != RT_SCOPE_UNIVERSE) - { - DBG("KRT: Ignoring route with scope=%d\n", i->rtm_scope); + SKIP("type %d\n", i->rtm_type); return; } diff --git a/sysdep/unix/io.c b/sysdep/unix/io.c index 915baf44..02d59abb 100644 --- a/sysdep/unix/io.c +++ b/sysdep/unix/io.c @@ -663,7 +663,6 @@ get_sockaddr(struct sockaddr_in *sa, ip_addr *a, unsigned *port, int check) static char * sk_set_ttl_int(sock *s) { - int one = 1; #ifdef IPV6 if (setsockopt(s->fd, SOL_IPV6, IPV6_UNICAST_HOPS, &s->ttl, sizeof(s->ttl)) < 0) return "IPV6_UNICAST_HOPS"; @@ -671,6 +670,7 @@ sk_set_ttl_int(sock *s) if (setsockopt(s->fd, SOL_IP, IP_TTL, &s->ttl, sizeof(s->ttl)) < 0) return "IP_TTL"; #ifdef CONFIG_UNIX_DONTROUTE + int one = 1; if (s->ttl == 1 && setsockopt(s->fd, SOL_SOCKET, SO_DONTROUTE, &one, sizeof(one)) < 0) return "SO_DONTROUTE"; #endif diff --git a/sysdep/unix/krt.c b/sysdep/unix/krt.c index 6d94cada..47b96217 100644 --- a/sysdep/unix/krt.c +++ b/sysdep/unix/krt.c @@ -558,32 +558,30 @@ krt_got_route(struct krt_proto *p, rte *e) rte *old; net *net = e->net; int verdict; -#ifdef KRT_ALLOW_LEARN - int src = e->u.krt.src; -#endif -#ifdef CONFIG_AUTO_ROUTES - if (e->attrs->dest == RTD_DEVICE) +#ifdef KRT_ALLOW_LEARN + switch (e->u.krt.src) { - /* It's a device route. Probably a kernel-generated one. */ + case KRT_SRC_KERNEL: verdict = KRF_IGNORE; goto sentenced; - } -#endif -#ifdef KRT_ALLOW_LEARN - if (src == KRT_SRC_ALIEN) - { + case KRT_SRC_REDIRECT: + verdict = KRF_DELETE; + goto sentenced; + + case KRT_SRC_ALIEN: if (KRT_CF->learn) krt_learn_scan(p, e); else { - krt_trace_in_rl(&rl_alien_ignored, p, e, "alien route, ignored"); + krt_trace_in_rl(&rl_alien_ignored, p, e, "[alien] ignored"); rte_free(e); } return; } #endif + /* The rest is for KRT_SRC_BIRD (or KRT_SRC_UNKNOWN) */ if (net->n.flags & KRF_VERDICT_MASK) { @@ -605,7 +603,7 @@ krt_got_route(struct krt_proto *p, rte *e) else verdict = KRF_DELETE; -sentenced: + sentenced: krt_trace_in(p, e, ((char *[]) { "?", "seen", "will be updated", "will be removed", "ignored" }) [verdict]); net->n.flags = (net->n.flags & ~KRF_VERDICT_MASK) | verdict; if (verdict == KRF_UPDATE || verdict == KRF_DELETE) @@ -680,19 +678,24 @@ krt_prune(struct krt_proto *p) } void -krt_got_route_async(struct krt_proto *p, rte *e, int new UNUSED) +krt_got_route_async(struct krt_proto *p, rte *e, int new) { net *net = e->net; - int src = e->u.krt.src; - switch (src) + switch (e->u.krt.src) { case KRT_SRC_BIRD: ASSERT(0); /* Should be filtered by the back end */ + case KRT_SRC_REDIRECT: - DBG("It's a redirect, kill him! Kill! Kill!\n"); - krt_set_notify(p, net, NULL, e); + if (new) + { + krt_trace_in(p, e, "[redirect] deleting"); + krt_set_notify(p, net, NULL, e); + } + /* If !new, it is probably echo of our deletion */ break; + #ifdef KRT_ALLOW_LEARN case KRT_SRC_ALIEN: if (KRT_CF->learn) @@ -878,7 +881,6 @@ krt_init(struct proto_config *c) p->p.accept_ra_types = RA_OPTIMAL; p->p.rt_notify = krt_notify; - p->p.min_scope = SCOPE_HOST; return &p->p; } diff --git a/sysdep/unix/krt.h b/sysdep/unix/krt.h index 607e6993..1d9e1448 100644 --- a/sysdep/unix/krt.h +++ b/sysdep/unix/krt.h @@ -83,6 +83,7 @@ void krt_got_route_async(struct krt_proto *p, struct rte *e, int new); #define KRT_SRC_BIRD 0 /* Our route (not passed in async mode) */ #define KRT_SRC_REDIRECT 1 /* Redirect route, delete it */ #define KRT_SRC_ALIEN 2 /* Route installed by someone else */ +#define KRT_SRC_KERNEL 3 /* Kernel routes, are ignored by krt syncer */ extern struct protocol proto_unix_iface; diff --git a/sysdep/unix/unix.h b/sysdep/unix/unix.h index 1a461ee1..0b179e00 100644 --- a/sysdep/unix/unix.h +++ b/sysdep/unix/unix.h @@ -9,6 +9,8 @@ #ifndef _BIRD_UNIX_H_ #define _BIRD_UNIX_H_ +#include + struct pool; /* main.c */ @@ -29,10 +31,12 @@ volatile int async_shutdown_flag; #define BIRD_PF PF_INET6 #define BIRD_AF AF_INET6 typedef struct sockaddr_in6 sockaddr; +static inline int sa_family_check(sockaddr *sa) { return sa->sin6_family == AF_INET6; } #else #define BIRD_PF PF_INET #define BIRD_AF AF_INET typedef struct sockaddr_in sockaddr; +static inline int sa_family_check(sockaddr *sa) { return sa->sin_family == AF_INET; } #endif #ifndef SUN_LEN -- cgit v1.2.3 From 53434e44a95fe9334f4bdf5e0da987929addffb1 Mon Sep 17 00:00:00 2001 From: Ondrej Zajicek Date: Sat, 27 Feb 2010 16:00:07 +0100 Subject: Better flushing of interfaces. When device protocol goes down, interfaces should be flushed asynchronously (in the same way like routes from protocols are flushed), when protocol goes to DOWN/HUNGRY. This fixes the problem with static routes staying in kernel routing table after BIRD shutdown. --- nest/iface.c | 9 +++++++++ nest/iface.h | 3 ++- nest/proto.c | 7 +++++++ proto/static/static.c | 9 +++++---- sysdep/unix/krt.c | 9 --------- 5 files changed, 23 insertions(+), 14 deletions(-) (limited to 'sysdep/unix') diff --git a/nest/iface.c b/nest/iface.c index 5e88b21b..82dead35 100644 --- a/nest/iface.c +++ b/nest/iface.c @@ -336,6 +336,15 @@ if_end_update(void) } } +void +if_flush_ifaces(struct proto *p) +{ + if (p->debug & D_EVENTS) + log(L_TRACE "%s: Flushing interfaces", p->name); + if_start_update(); + if_end_update(); +} + /** * if_feed_baby - advertise interfaces to a new protocol * @p: protocol to feed diff --git a/nest/iface.h b/nest/iface.h index 02129ac6..8fc2567d 100644 --- a/nest/iface.h +++ b/nest/iface.h @@ -75,8 +75,9 @@ struct iface *if_update(struct iface *); struct ifa *ifa_update(struct ifa *); void ifa_delete(struct ifa *); void if_start_update(void); -void if_end_update(void); void if_end_partial_update(struct iface *); +void if_end_update(void); +void if_flush_ifaces(struct proto *p); void if_feed_baby(struct proto *); struct iface *if_find_by_index(unsigned); struct iface *if_find_by_name(char *); diff --git a/nest/proto.c b/nest/proto.c index db6bf9bf..78fca99c 100644 --- a/nest/proto.c +++ b/nest/proto.c @@ -740,6 +740,8 @@ proto_notify_state(struct proto *p, unsigned ps) } } +extern struct protocol proto_unix_iface; + static void proto_flush_all(void *unused UNUSED) { @@ -748,6 +750,11 @@ proto_flush_all(void *unused UNUSED) rt_prune_all(); while ((p = HEAD(flush_proto_list))->n.next) { + /* This will flush interfaces in the same manner + like rt_prune_all() flushes routes */ + if (p->proto == &proto_unix_iface) + if_flush_ifaces(p); + DBG("Flushing protocol %s\n", p->name); p->core_state = FS_HUNGRY; proto_relink(p); diff --git a/proto/static/static.c b/proto/static/static.c index c71d1da9..9308c59a 100644 --- a/proto/static/static.c +++ b/proto/static/static.c @@ -125,11 +125,12 @@ static_shutdown(struct proto *p) struct static_config *c = (void *) p->cf; struct static_route *r; - DBG("Static: prepare for landing!\n"); + /* Just reset the flag, the routes will be flushed by the nest */ WALK_LIST(r, c->iface_routes) - static_remove(p, r); + r->installed = 0; WALK_LIST(r, c->other_routes) - static_remove(p, r); + r->installed = 0; + return PS_DOWN; } @@ -294,7 +295,7 @@ static_show_rt(struct static_route *r) switch (r->dest) { case RTD_ROUTER: bsprintf(via, "via %I", r->via); break; - case RTD_DEVICE: bsprintf(via, "to %s", r->if_name); break; + case RTD_DEVICE: bsprintf(via, "dev %s", r->if_name); break; case RTD_BLACKHOLE: bsprintf(via, "blackhole"); break; case RTD_UNREACHABLE: bsprintf(via, "unreachable"); break; case RTD_PROHIBIT: bsprintf(via, "prohibited"); break; diff --git a/sysdep/unix/krt.c b/sysdep/unix/krt.c index 47b96217..c8887b72 100644 --- a/sysdep/unix/krt.c +++ b/sysdep/unix/krt.c @@ -139,15 +139,6 @@ kif_shutdown(struct proto *P) krt_if_shutdown(p); kif_proto = NULL; - if_start_update(); /* Remove all interfaces */ - if_end_update(); - /* - * FIXME: Is it really a good idea? It causes routes to be flushed, - * but at the same time it avoids sending of these deletions to the kernel, - * because krt thinks the kernel itself has already removed the route - * when downing the interface. Sad. - */ - return PS_DOWN; } -- cgit v1.2.3