diff options
| author | Rafael Zalamena <rzalamena@opensourcerouting.org> | 2019-10-15 19:56:27 +0200 |
|---|---|---|
| committer | Rafael Zalamena <rzalamena@opensourcerouting.org> | 2019-11-04 13:50:54 +0100 |
| commit | 4a9feb66b9cae67b0e360d8a5880ba3395b5fbe9 (patch) | |
| tree | ec47746bc95f447e4d8708f5f4ddbc0adfcc3762 /bfdd | |
| parent | Merge pull request #5272 from vincentbernat/fix/debian-copyright (diff) | |
| download | frr-4a9feb66b9cae67b0e360d8a5880ba3395b5fbe9.tar.xz frr-4a9feb66b9cae67b0e360d8a5880ba3395b5fbe9.zip | |
bfdd: bind VRF sockets to devices
Always bind the created sockets to their respective VRF devices. With
this it should be possible to run BFD on VRFs without needing to weaken
the security setting `net.ipv4.udp_l3mdev_accept=1`.
Signed-off-by: Rafael Zalamena <rzalamena@opensourcerouting.org>
Diffstat (limited to 'bfdd')
| -rw-r--r-- | bfdd/bfd.c | 12 | ||||
| -rw-r--r-- | bfdd/bfd.h | 12 | ||||
| -rw-r--r-- | bfdd/bfd_packet.c | 28 |
3 files changed, 28 insertions, 24 deletions
diff --git a/bfdd/bfd.c b/bfdd/bfd.c index 6e956aa92..cc171f2eb 100644 --- a/bfdd/bfd.c +++ b/bfdd/bfd.c @@ -1696,17 +1696,17 @@ static int bfd_vrf_enable(struct vrf *vrf) if (vrf->vrf_id == VRF_DEFAULT || vrf_get_backend() == VRF_BACKEND_NETNS) { if (!bvrf->bg_shop) - bvrf->bg_shop = bp_udp_shop(vrf->vrf_id); + bvrf->bg_shop = bp_udp_shop(vrf); if (!bvrf->bg_mhop) - bvrf->bg_mhop = bp_udp_mhop(vrf->vrf_id); + bvrf->bg_mhop = bp_udp_mhop(vrf); if (!bvrf->bg_shop6) - bvrf->bg_shop6 = bp_udp6_shop(vrf->vrf_id); + bvrf->bg_shop6 = bp_udp6_shop(vrf); if (!bvrf->bg_mhop6) - bvrf->bg_mhop6 = bp_udp6_mhop(vrf->vrf_id); + bvrf->bg_mhop6 = bp_udp6_mhop(vrf); if (!bvrf->bg_echo) - bvrf->bg_echo = bp_echo_socket(vrf->vrf_id); + bvrf->bg_echo = bp_echo_socket(vrf); if (!bvrf->bg_echov6) - bvrf->bg_echov6 = bp_echov6_socket(vrf->vrf_id); + bvrf->bg_echov6 = bp_echov6_socket(vrf); /* Add descriptors to the event loop. */ if (!bvrf->bg_ev[0]) diff --git a/bfdd/bfd.h b/bfdd/bfd.h index 220dd6e0a..eddfde62f 100644 --- a/bfdd/bfd.h +++ b/bfdd/bfd.h @@ -461,14 +461,14 @@ int bp_set_tosv6(int sd, uint8_t value); int bp_set_tos(int sd, uint8_t value); int bp_bind_dev(int sd, const char *dev); -int bp_udp_shop(vrf_id_t vrf_id); -int bp_udp_mhop(vrf_id_t vrf_id); -int bp_udp6_shop(vrf_id_t vrf_id); -int bp_udp6_mhop(vrf_id_t vrf_id); +int bp_udp_shop(const struct vrf *vrf); +int bp_udp_mhop(const struct vrf *vrf); +int bp_udp6_shop(const struct vrf *vrf); +int bp_udp6_mhop(const struct vrf *vrf); int bp_peer_socket(const struct bfd_session *bs); int bp_peer_socketv6(const struct bfd_session *bs); -int bp_echo_socket(vrf_id_t vrf_id); -int bp_echov6_socket(vrf_id_t vrf_id); +int bp_echo_socket(const struct vrf *vrf); +int bp_echov6_socket(const struct vrf *vrf); void ptm_bfd_snd(struct bfd_session *bfd, int fbit); void ptm_bfd_echo_snd(struct bfd_session *bfd); diff --git a/bfdd/bfd_packet.c b/bfdd/bfd_packet.c index ed36bb742..23f298bbc 100644 --- a/bfdd/bfd_packet.c +++ b/bfdd/bfd_packet.c @@ -889,12 +889,13 @@ static void bp_bind_ip(int sd, uint16_t port) log_fatal("bind-ip: bind: %s", strerror(errno)); } -int bp_udp_shop(vrf_id_t vrf_id) +int bp_udp_shop(const struct vrf *vrf) { int sd; frr_with_privs(&bglobal.bfdd_privs) { - sd = vrf_socket(AF_INET, SOCK_DGRAM, PF_UNSPEC, vrf_id, NULL); + sd = vrf_socket(AF_INET, SOCK_DGRAM, PF_UNSPEC, vrf->vrf_id, + vrf->name); } if (sd == -1) log_fatal("udp-shop: socket: %s", strerror(errno)); @@ -904,12 +905,13 @@ int bp_udp_shop(vrf_id_t vrf_id) return sd; } -int bp_udp_mhop(vrf_id_t vrf_id) +int bp_udp_mhop(const struct vrf *vrf) { int sd; frr_with_privs(&bglobal.bfdd_privs) { - sd = vrf_socket(AF_INET, SOCK_DGRAM, PF_UNSPEC, vrf_id, NULL); + sd = vrf_socket(AF_INET, SOCK_DGRAM, PF_UNSPEC, vrf->vrf_id, + vrf->name); } if (sd == -1) log_fatal("udp-mhop: socket: %s", strerror(errno)); @@ -1116,12 +1118,13 @@ static void bp_bind_ipv6(int sd, uint16_t port) log_fatal("bind-ipv6: bind: %s", strerror(errno)); } -int bp_udp6_shop(vrf_id_t vrf_id) +int bp_udp6_shop(const struct vrf *vrf) { int sd; frr_with_privs(&bglobal.bfdd_privs) { - sd = vrf_socket(AF_INET6, SOCK_DGRAM, PF_UNSPEC, vrf_id, NULL); + sd = vrf_socket(AF_INET6, SOCK_DGRAM, PF_UNSPEC, vrf->vrf_id, + vrf->name); } if (sd == -1) log_fatal("udp6-shop: socket: %s", strerror(errno)); @@ -1132,12 +1135,13 @@ int bp_udp6_shop(vrf_id_t vrf_id) return sd; } -int bp_udp6_mhop(vrf_id_t vrf_id) +int bp_udp6_mhop(const struct vrf *vrf) { int sd; frr_with_privs(&bglobal.bfdd_privs) { - sd = vrf_socket(AF_INET6, SOCK_DGRAM, PF_UNSPEC, vrf_id, NULL); + sd = vrf_socket(AF_INET6, SOCK_DGRAM, PF_UNSPEC, vrf->vrf_id, + vrf->name); } if (sd == -1) log_fatal("udp6-mhop: socket: %s", strerror(errno)); @@ -1148,12 +1152,12 @@ int bp_udp6_mhop(vrf_id_t vrf_id) return sd; } -int bp_echo_socket(vrf_id_t vrf_id) +int bp_echo_socket(const struct vrf *vrf) { int s; frr_with_privs(&bglobal.bfdd_privs) { - s = vrf_socket(AF_INET, SOCK_DGRAM, 0, vrf_id, NULL); + s = vrf_socket(AF_INET, SOCK_DGRAM, 0, vrf->vrf_id, vrf->name); } if (s == -1) log_fatal("echo-socket: socket: %s", strerror(errno)); @@ -1164,12 +1168,12 @@ int bp_echo_socket(vrf_id_t vrf_id) return s; } -int bp_echov6_socket(vrf_id_t vrf_id) +int bp_echov6_socket(const struct vrf *vrf) { int s; frr_with_privs(&bglobal.bfdd_privs) { - s = vrf_socket(AF_INET6, SOCK_DGRAM, 0, vrf_id, NULL); + s = vrf_socket(AF_INET6, SOCK_DGRAM, 0, vrf->vrf_id, vrf->name); } if (s == -1) log_fatal("echov6-socket: socket: %s", strerror(errno)); |