bgpd.c revision 1.175
1/* $OpenBSD: bgpd.c,v 1.175 2015/02/09 11:37:31 claudio Exp $ */ 2 3/* 4 * Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org> 5 * 6 * Permission to use, copy, modify, and distribute this software for any 7 * purpose with or without fee is hereby granted, provided that the above 8 * copyright notice and this permission notice appear in all copies. 9 * 10 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 */ 18 19#include <sys/types.h> 20#include <sys/socket.h> 21#include <sys/wait.h> 22#include <netinet/in.h> 23#include <arpa/inet.h> 24#include <err.h> 25#include <errno.h> 26#include <fcntl.h> 27#include <poll.h> 28#include <pwd.h> 29#include <signal.h> 30#include <stdio.h> 31#include <stdlib.h> 32#include <string.h> 33#include <unistd.h> 34 35#include "bgpd.h" 36#include "mrt.h" 37#include "session.h" 38 39void sighdlr(int); 40__dead void usage(void); 41int main(int, char *[]); 42int check_child(pid_t, const char *); 43int send_filterset(struct imsgbuf *, struct filter_set_head *); 44int reconfigure(char *, struct bgpd_config *, struct mrt_head *, 45 struct peer **); 46int dispatch_imsg(struct imsgbuf *, int, struct bgpd_config *); 47int control_setup(struct bgpd_config *); 48 49int rfd = -1; 50int cflags; 51volatile sig_atomic_t mrtdump; 52volatile sig_atomic_t quit; 53volatile sig_atomic_t sigchld; 54volatile sig_atomic_t reconfig; 55pid_t reconfpid; 56int reconfpending; 57struct imsgbuf *ibuf_se; 58struct imsgbuf *ibuf_rde; 59struct rib_names ribnames = SIMPLEQ_HEAD_INITIALIZER(ribnames); 60char *cname; 61char *rcname; 62 63void 64sighdlr(int sig) 65{ 66 switch (sig) { 67 case SIGTERM: 68 case SIGINT: 69 quit = 1; 70 break; 71 case SIGCHLD: 72 sigchld = 1; 73 break; 74 case SIGHUP: 75 reconfig = 1; 76 break; 77 case SIGALRM: 78 case SIGUSR1: 79 mrtdump = 1; 80 break; 81 } 82} 83 84__dead void 85usage(void) 86{ 87 extern char *__progname; 88 89 fprintf(stderr, "usage: %s [-cdnv] [-D macro=value] [-f file]\n", 90 __progname); 91 exit(1); 92} 93 94#define PFD_PIPE_SESSION 0 95#define PFD_PIPE_ROUTE 1 96#define PFD_SOCK_ROUTE 2 97#define POLL_MAX 3 98#define MAX_TIMEOUT 3600 99 100int 101main(int argc, char *argv[]) 102{ 103 struct bgpd_config conf; 104 struct mrt_head mrt_l; 105 struct peer *peer_l, *p; 106 struct mrt *m; 107 struct listen_addr *la; 108 struct pollfd pfd[POLL_MAX]; 109 pid_t io_pid = 0, rde_pid = 0, pid; 110 char *conffile; 111 int debug = 0; 112 int ch, timeout, nfds; 113 int pipe_m2s[2]; 114 int pipe_m2r[2]; 115 int pipe_s2r[2]; 116 int pipe_s2r_c[2]; 117 118 conffile = CONFFILE; 119 bgpd_process = PROC_MAIN; 120 121 log_init(1); /* log to stderr until daemonized */ 122 log_verbose(1); 123 124 bzero(&conf, sizeof(conf)); 125 LIST_INIT(&mrt_l); 126 peer_l = NULL; 127 128 while ((ch = getopt(argc, argv, "cdD:f:nv")) != -1) { 129 switch (ch) { 130 case 'c': 131 conf.opts |= BGPD_OPT_FORCE_DEMOTE; 132 break; 133 case 'd': 134 debug = 1; 135 break; 136 case 'D': 137 if (cmdline_symset(optarg) < 0) 138 log_warnx("could not parse macro definition %s", 139 optarg); 140 break; 141 case 'f': 142 conffile = optarg; 143 break; 144 case 'n': 145 conf.opts |= BGPD_OPT_NOACTION; 146 break; 147 case 'v': 148 if (conf.opts & BGPD_OPT_VERBOSE) 149 conf.opts |= BGPD_OPT_VERBOSE2; 150 conf.opts |= BGPD_OPT_VERBOSE; 151 log_verbose(1); 152 break; 153 default: 154 usage(); 155 /* NOTREACHED */ 156 } 157 } 158 159 argc -= optind; 160 argv += optind; 161 if (argc > 0) 162 usage(); 163 164 if (conf.opts & BGPD_OPT_NOACTION) { 165 struct network_head net_l; 166 struct rdomain_head rdom_l; 167 struct filter_head rules_l; 168 169 if (parse_config(conffile, &conf, &mrt_l, &peer_l, &net_l, 170 &rules_l, &rdom_l)) 171 exit(1); 172 173 if (conf.opts & BGPD_OPT_VERBOSE) 174 print_config(&conf, &ribnames, &net_l, peer_l, &rules_l, 175 &mrt_l, &rdom_l); 176 else 177 fprintf(stderr, "configuration OK\n"); 178 exit(0); 179 } 180 181 if (geteuid()) 182 errx(1, "need root privileges"); 183 184 if (getpwnam(BGPD_USER) == NULL) 185 errx(1, "unknown user %s", BGPD_USER); 186 187 log_init(debug); 188 log_verbose(conf.opts & BGPD_OPT_VERBOSE); 189 190 if (!debug) 191 daemon(1, 0); 192 193 log_info("startup"); 194 195 if (socketpair(AF_UNIX, SOCK_STREAM | SOCK_CLOEXEC | SOCK_NONBLOCK, 196 PF_UNSPEC, pipe_m2s) == -1) 197 fatal("socketpair"); 198 if (socketpair(AF_UNIX, SOCK_STREAM | SOCK_CLOEXEC | SOCK_NONBLOCK, 199 PF_UNSPEC, pipe_m2r) == -1) 200 fatal("socketpair"); 201 if (socketpair(AF_UNIX, SOCK_STREAM | SOCK_CLOEXEC | SOCK_NONBLOCK, 202 PF_UNSPEC, pipe_s2r) == -1) 203 fatal("socketpair"); 204 if (socketpair(AF_UNIX, SOCK_STREAM | SOCK_CLOEXEC | SOCK_NONBLOCK, 205 PF_UNSPEC, pipe_s2r_c) == -1) 206 fatal("socketpair"); 207 208 /* fork children */ 209 rde_pid = rde_main(pipe_m2r, pipe_s2r, pipe_m2s, pipe_s2r_c, debug); 210 io_pid = session_main(pipe_m2s, pipe_s2r, pipe_m2r, pipe_s2r_c); 211 212 setproctitle("parent"); 213 214 signal(SIGTERM, sighdlr); 215 signal(SIGINT, sighdlr); 216 signal(SIGCHLD, sighdlr); 217 signal(SIGHUP, sighdlr); 218 signal(SIGALRM, sighdlr); 219 signal(SIGUSR1, sighdlr); 220 signal(SIGPIPE, SIG_IGN); 221 222 close(pipe_m2s[1]); 223 close(pipe_m2r[1]); 224 close(pipe_s2r[0]); 225 close(pipe_s2r[1]); 226 227 if ((ibuf_se = malloc(sizeof(struct imsgbuf))) == NULL || 228 (ibuf_rde = malloc(sizeof(struct imsgbuf))) == NULL) 229 fatal(NULL); 230 imsg_init(ibuf_se, pipe_m2s[0]); 231 imsg_init(ibuf_rde, pipe_m2r[0]); 232 mrt_init(ibuf_rde, ibuf_se); 233 if ((rfd = kr_init()) == -1) 234 quit = 1; 235 quit = reconfigure(conffile, &conf, &mrt_l, &peer_l); 236 if (pftable_clear_all() != 0) 237 quit = 1; 238 239 while (quit == 0) { 240 bzero(pfd, sizeof(pfd)); 241 pfd[PFD_PIPE_SESSION].fd = ibuf_se->fd; 242 pfd[PFD_PIPE_SESSION].events = POLLIN; 243 if (ibuf_se->w.queued) 244 pfd[PFD_PIPE_SESSION].events |= POLLOUT; 245 pfd[PFD_PIPE_ROUTE].fd = ibuf_rde->fd; 246 pfd[PFD_PIPE_ROUTE].events = POLLIN; 247 if (ibuf_rde->w.queued) 248 pfd[PFD_PIPE_ROUTE].events |= POLLOUT; 249 pfd[PFD_SOCK_ROUTE].fd = rfd; 250 pfd[PFD_SOCK_ROUTE].events = POLLIN; 251 252 timeout = mrt_timeout(&mrt_l); 253 if (timeout > MAX_TIMEOUT) 254 timeout = MAX_TIMEOUT; 255 256 if ((nfds = poll(pfd, POLL_MAX, timeout * 1000)) == -1) 257 if (errno != EINTR) { 258 log_warn("poll error"); 259 quit = 1; 260 } 261 262 if (nfds > 0 && pfd[PFD_PIPE_SESSION].revents & POLLOUT) 263 if (msgbuf_write(&ibuf_se->w) <= 0 && errno != EAGAIN) { 264 log_warn("pipe write error (to SE)"); 265 quit = 1; 266 } 267 268 if (nfds > 0 && pfd[PFD_PIPE_ROUTE].revents & POLLOUT) 269 if (msgbuf_write(&ibuf_rde->w) <= 0 && 270 errno != EAGAIN) { 271 log_warn("pipe write error (to RDE)"); 272 quit = 1; 273 } 274 275 if (nfds > 0 && pfd[PFD_PIPE_SESSION].revents & POLLIN) { 276 if (dispatch_imsg(ibuf_se, PFD_PIPE_SESSION, &conf) == 277 -1) 278 quit = 1; 279 } 280 281 if (nfds > 0 && pfd[PFD_PIPE_ROUTE].revents & POLLIN) { 282 if (dispatch_imsg(ibuf_rde, PFD_PIPE_ROUTE, &conf) == 283 -1) 284 quit = 1; 285 } 286 287 if (nfds > 0 && pfd[PFD_SOCK_ROUTE].revents & POLLIN) { 288 if (kr_dispatch_msg() == -1) 289 quit = 1; 290 } 291 292 if (reconfig) { 293 u_int error; 294 295 reconfig = 0; 296 switch (reconfigure(conffile, &conf, &mrt_l, &peer_l)) { 297 case -1: /* fatal error */ 298 quit = 1; 299 break; 300 case 0: /* all OK */ 301 error = 0; 302 break; 303 case 2: 304 error = CTL_RES_PENDING; 305 break; 306 default: /* parse error */ 307 error = CTL_RES_PARSE_ERROR; 308 break; 309 } 310 if (reconfpid != 0) { 311 send_imsg_session(IMSG_CTL_RESULT, reconfpid, 312 &error, sizeof(error)); 313 reconfpid = 0; 314 } 315 } 316 317 if (sigchld) { 318 sigchld = 0; 319 if (check_child(io_pid, "session engine")) { 320 quit = 1; 321 io_pid = 0; 322 } 323 if (check_child(rde_pid, "route decision engine")) { 324 quit = 1; 325 rde_pid = 0; 326 } 327 } 328 329 if (mrtdump) { 330 mrtdump = 0; 331 mrt_handler(&mrt_l); 332 } 333 } 334 335 signal(SIGCHLD, SIG_IGN); 336 337 if (io_pid) 338 kill(io_pid, SIGTERM); 339 340 if (rde_pid) 341 kill(rde_pid, SIGTERM); 342 343 while ((p = peer_l) != NULL) { 344 peer_l = p->next; 345 free(p); 346 } 347 while ((m = LIST_FIRST(&mrt_l)) != NULL) { 348 LIST_REMOVE(m, entry); 349 free(m); 350 } 351 if (conf.listen_addrs) 352 while ((la = TAILQ_FIRST(conf.listen_addrs)) != NULL) { 353 TAILQ_REMOVE(conf.listen_addrs, la, entry); 354 close(la->fd); 355 free(la); 356 } 357 358 control_cleanup(conf.csock); 359 control_cleanup(conf.rcsock); 360 carp_demote_shutdown(); 361 kr_shutdown(conf.fib_priority); 362 pftable_clear_all(); 363 free(conf.listen_addrs); 364 365 do { 366 if ((pid = wait(NULL)) == -1 && 367 errno != EINTR && errno != ECHILD) 368 fatal("wait"); 369 } while (pid != -1 || (pid == -1 && errno == EINTR)); 370 371 msgbuf_clear(&ibuf_se->w); 372 free(ibuf_se); 373 msgbuf_clear(&ibuf_rde->w); 374 free(ibuf_rde); 375 free(rcname); 376 free(cname); 377 378 log_info("Terminating"); 379 return (0); 380} 381 382int 383check_child(pid_t pid, const char *pname) 384{ 385 int status; 386 387 if (waitpid(pid, &status, WNOHANG) > 0) { 388 if (WIFEXITED(status)) { 389 log_warnx("Lost child: %s exited", pname); 390 return (1); 391 } 392 if (WIFSIGNALED(status)) { 393 log_warnx("Lost child: %s terminated; signal %d", 394 pname, WTERMSIG(status)); 395 return (1); 396 } 397 } 398 399 return (0); 400} 401 402int 403send_filterset(struct imsgbuf *i, struct filter_set_head *set) 404{ 405 struct filter_set *s; 406 407 TAILQ_FOREACH(s, set, entry) 408 if (imsg_compose(i, IMSG_FILTER_SET, 0, 0, -1, s, 409 sizeof(struct filter_set)) == -1) 410 return (-1); 411 return (0); 412} 413 414int 415reconfigure(char *conffile, struct bgpd_config *conf, struct mrt_head *mrt_l, 416 struct peer **peer_l) 417{ 418 struct network_head net_l; 419 struct rdomain_head rdom_l; 420 struct filter_head rules_l; 421 struct peer *p; 422 struct filter_rule *r; 423 struct listen_addr *la; 424 struct rde_rib *rr; 425 struct rdomain *rd; 426 427 if (reconfpending) { 428 log_info("previous reload still running"); 429 return (2); 430 } 431 reconfpending = 2; /* one per child */ 432 433 log_info("rereading config"); 434 if (parse_config(conffile, conf, mrt_l, peer_l, &net_l, &rules_l, 435 &rdom_l)) { 436 log_warnx("config file %s has errors, not reloading", 437 conffile); 438 reconfpending = 0; 439 return (1); 440 } 441 442 cflags = conf->flags; 443 prepare_listeners(conf); 444 445 /* start reconfiguration */ 446 if (imsg_compose(ibuf_se, IMSG_RECONF_CONF, 0, 0, -1, 447 conf, sizeof(struct bgpd_config)) == -1) 448 return (-1); 449 if (imsg_compose(ibuf_rde, IMSG_RECONF_CONF, 0, 0, -1, 450 conf, sizeof(struct bgpd_config)) == -1) 451 return (-1); 452 453 TAILQ_FOREACH(la, conf->listen_addrs, entry) { 454 if (imsg_compose(ibuf_se, IMSG_RECONF_LISTENER, 0, 0, la->fd, 455 la, sizeof(struct listen_addr)) == -1) 456 return (-1); 457 la->fd = -1; 458 } 459 460 if (control_setup(conf) == -1) 461 return (-1); 462 463 /* adjust fib syncing on reload */ 464 ktable_preload(); 465 466 /* RIBs for the RDE */ 467 while ((rr = SIMPLEQ_FIRST(&ribnames))) { 468 SIMPLEQ_REMOVE_HEAD(&ribnames, entry); 469 if (ktable_update(rr->rtableid, rr->name, NULL, 470 rr->flags, conf->fib_priority) == -1) { 471 log_warnx("failed to load rdomain %d", 472 rr->rtableid); 473 return (-1); 474 } 475 if (imsg_compose(ibuf_rde, IMSG_RECONF_RIB, 0, 0, -1, 476 rr, sizeof(struct rde_rib)) == -1) 477 return (-1); 478 free(rr); 479 } 480 481 /* send peer list to the SE */ 482 for (p = *peer_l; p != NULL; p = p->next) { 483 if (imsg_compose(ibuf_se, IMSG_RECONF_PEER, p->conf.id, 0, -1, 484 &p->conf, sizeof(struct peer_config)) == -1) 485 return (-1); 486 } 487 488 /* networks go via kroute to the RDE */ 489 if (kr_net_reload(0, &net_l)) 490 return (-1); 491 492 /* filters for the RDE */ 493 while ((r = TAILQ_FIRST(&rules_l)) != NULL) { 494 TAILQ_REMOVE(&rules_l, r, entry); 495 if (imsg_compose(ibuf_rde, IMSG_RECONF_FILTER, 0, 0, -1, 496 r, sizeof(struct filter_rule)) == -1) 497 return (-1); 498 if (send_filterset(ibuf_rde, &r->set) == -1) 499 return (-1); 500 filterset_free(&r->set); 501 free(r); 502 } 503 504 while ((rd = SIMPLEQ_FIRST(&rdom_l)) != NULL) { 505 SIMPLEQ_REMOVE_HEAD(&rdom_l, entry); 506 if (ktable_update(rd->rtableid, rd->descr, rd->ifmpe, 507 rd->flags, conf->fib_priority) == -1) { 508 log_warnx("failed to load rdomain %d", 509 rd->rtableid); 510 return (-1); 511 } 512 /* networks go via kroute to the RDE */ 513 if (kr_net_reload(rd->rtableid, &rd->net_l)) 514 return (-1); 515 516 if (imsg_compose(ibuf_rde, IMSG_RECONF_RDOMAIN, 0, 0, -1, 517 rd, sizeof(*rd)) == -1) 518 return (-1); 519 520 /* export targets */ 521 if (imsg_compose(ibuf_rde, IMSG_RECONF_RDOMAIN_EXPORT, 0, 0, 522 -1, NULL, 0) == -1) 523 return (-1); 524 if (send_filterset(ibuf_rde, &rd->export) == -1) 525 return (-1); 526 filterset_free(&rd->export); 527 528 /* import targets */ 529 if (imsg_compose(ibuf_rde, IMSG_RECONF_RDOMAIN_IMPORT, 0, 0, 530 -1, NULL, 0) == -1) 531 return (-1); 532 if (send_filterset(ibuf_rde, &rd->import) == -1) 533 return (-1); 534 filterset_free(&rd->import); 535 536 if (imsg_compose(ibuf_rde, IMSG_RECONF_RDOMAIN_DONE, 0, 0, 537 -1, NULL, 0) == -1) 538 return (-1); 539 540 free(rd); 541 } 542 543 /* signal the SE first then the RDE to activate the new config */ 544 if (imsg_compose(ibuf_se, IMSG_RECONF_DONE, 0, 0, -1, NULL, 0) == -1) 545 return (-1); 546 547 /* mrt changes can be sent out of bound */ 548 mrt_reconfigure(mrt_l); 549 return (0); 550} 551 552int 553dispatch_imsg(struct imsgbuf *ibuf, int idx, struct bgpd_config *conf) 554{ 555 struct imsg imsg; 556 ssize_t n; 557 int rv, verbose; 558 559 if ((n = imsg_read(ibuf)) == -1) 560 return (-1); 561 562 if (n == 0) { /* connection closed */ 563 log_warnx("dispatch_imsg in main: pipe closed"); 564 return (-1); 565 } 566 567 rv = 0; 568 for (;;) { 569 if ((n = imsg_get(ibuf, &imsg)) == -1) 570 return (-1); 571 572 if (n == 0) 573 break; 574 575 switch (imsg.hdr.type) { 576 case IMSG_KROUTE_CHANGE: 577 if (idx != PFD_PIPE_ROUTE) 578 log_warnx("route request not from RDE"); 579 else if (imsg.hdr.len != IMSG_HEADER_SIZE + 580 sizeof(struct kroute_full)) 581 log_warnx("wrong imsg len"); 582 else if (kr_change(imsg.hdr.peerid, imsg.data, 583 conf->fib_priority)) 584 rv = -1; 585 break; 586 case IMSG_KROUTE_DELETE: 587 if (idx != PFD_PIPE_ROUTE) 588 log_warnx("route request not from RDE"); 589 else if (imsg.hdr.len != IMSG_HEADER_SIZE + 590 sizeof(struct kroute_full)) 591 log_warnx("wrong imsg len"); 592 else if (kr_delete(imsg.hdr.peerid, imsg.data, 593 conf->fib_priority)) 594 rv = -1; 595 break; 596 case IMSG_NEXTHOP_ADD: 597 if (idx != PFD_PIPE_ROUTE) 598 log_warnx("nexthop request not from RDE"); 599 else if (imsg.hdr.len != IMSG_HEADER_SIZE + 600 sizeof(struct bgpd_addr)) 601 log_warnx("wrong imsg len"); 602 else if (kr_nexthop_add(imsg.hdr.peerid, imsg.data) == 603 -1) 604 rv = -1; 605 break; 606 case IMSG_NEXTHOP_REMOVE: 607 if (idx != PFD_PIPE_ROUTE) 608 log_warnx("nexthop request not from RDE"); 609 else if (imsg.hdr.len != IMSG_HEADER_SIZE + 610 sizeof(struct bgpd_addr)) 611 log_warnx("wrong imsg len"); 612 else 613 kr_nexthop_delete(imsg.hdr.peerid, imsg.data); 614 break; 615 case IMSG_PFTABLE_ADD: 616 if (idx != PFD_PIPE_ROUTE) 617 log_warnx("pftable request not from RDE"); 618 else 619 if (imsg.hdr.len != IMSG_HEADER_SIZE + 620 sizeof(struct pftable_msg)) 621 log_warnx("wrong imsg len"); 622 else if (pftable_addr_add(imsg.data) != 0) 623 rv = -1; 624 break; 625 case IMSG_PFTABLE_REMOVE: 626 if (idx != PFD_PIPE_ROUTE) 627 log_warnx("pftable request not from RDE"); 628 else 629 if (imsg.hdr.len != IMSG_HEADER_SIZE + 630 sizeof(struct pftable_msg)) 631 log_warnx("wrong imsg len"); 632 else if (pftable_addr_remove(imsg.data) != 0) 633 rv = -1; 634 break; 635 case IMSG_PFTABLE_COMMIT: 636 if (idx != PFD_PIPE_ROUTE) 637 log_warnx("pftable request not from RDE"); 638 else 639 if (imsg.hdr.len != IMSG_HEADER_SIZE) 640 log_warnx("wrong imsg len"); 641 else if (pftable_commit() != 0) 642 rv = -1; 643 break; 644 case IMSG_CTL_RELOAD: 645 if (idx != PFD_PIPE_SESSION) 646 log_warnx("reload request not from SE"); 647 else { 648 reconfig = 1; 649 reconfpid = imsg.hdr.pid; 650 } 651 break; 652 case IMSG_CTL_FIB_COUPLE: 653 if (idx != PFD_PIPE_SESSION) 654 log_warnx("couple request not from SE"); 655 else 656 kr_fib_couple(imsg.hdr.peerid, 657 conf->fib_priority); 658 break; 659 case IMSG_CTL_FIB_DECOUPLE: 660 if (idx != PFD_PIPE_SESSION) 661 log_warnx("decouple request not from SE"); 662 else 663 kr_fib_decouple(imsg.hdr.peerid, 664 conf->fib_priority); 665 break; 666 case IMSG_CTL_KROUTE: 667 case IMSG_CTL_KROUTE_ADDR: 668 case IMSG_CTL_SHOW_NEXTHOP: 669 case IMSG_CTL_SHOW_INTERFACE: 670 case IMSG_CTL_SHOW_FIB_TABLES: 671 if (idx != PFD_PIPE_SESSION) 672 log_warnx("kroute request not from SE"); 673 else 674 kr_show_route(&imsg); 675 break; 676 case IMSG_IFINFO: 677 if (idx != PFD_PIPE_SESSION) 678 log_warnx("IFINFO request not from SE"); 679 else if (imsg.hdr.len != IMSG_HEADER_SIZE + IFNAMSIZ) 680 log_warnx("IFINFO request with wrong len"); 681 else 682 kr_ifinfo(imsg.data); 683 break; 684 case IMSG_DEMOTE: 685 if (idx != PFD_PIPE_SESSION) 686 log_warnx("demote request not from SE"); 687 else if (imsg.hdr.len != IMSG_HEADER_SIZE + 688 sizeof(struct demote_msg)) 689 log_warnx("DEMOTE request with wrong len"); 690 else { 691 struct demote_msg *msg; 692 693 msg = imsg.data; 694 carp_demote_set(msg->demote_group, msg->level); 695 } 696 break; 697 case IMSG_CTL_LOG_VERBOSE: 698 /* already checked by SE */ 699 memcpy(&verbose, imsg.data, sizeof(verbose)); 700 log_verbose(verbose); 701 break; 702 case IMSG_RECONF_DONE: 703 if (reconfpending == 0) 704 log_warnx("unexpected RECONF_DONE received"); 705 else if (reconfpending == 2) { 706 imsg_compose(ibuf_rde, IMSG_RECONF_DONE, 0, 707 0, -1, NULL, 0); 708 709 /* finally fix kroute information */ 710 ktable_postload(conf->fib_priority); 711 712 /* redistribute list needs to be reloaded too */ 713 kr_reload(); 714 } 715 reconfpending--; 716 break; 717 default: 718 break; 719 } 720 imsg_free(&imsg); 721 if (rv != 0) 722 return (rv); 723 } 724 return (0); 725} 726 727void 728send_nexthop_update(struct kroute_nexthop *msg) 729{ 730 char *gw = NULL; 731 732 if (msg->gateway.aid) 733 if (asprintf(&gw, ": via %s", 734 log_addr(&msg->gateway)) == -1) { 735 log_warn("send_nexthop_update"); 736 quit = 1; 737 } 738 739 log_info("nexthop %s now %s%s%s", log_addr(&msg->nexthop), 740 msg->valid ? "valid" : "invalid", 741 msg->connected ? ": directly connected" : "", 742 msg->gateway.aid ? gw : ""); 743 744 free(gw); 745 746 if (imsg_compose(ibuf_rde, IMSG_NEXTHOP_UPDATE, 0, 0, -1, 747 msg, sizeof(struct kroute_nexthop)) == -1) 748 quit = 1; 749} 750 751void 752send_imsg_session(int type, pid_t pid, void *data, u_int16_t datalen) 753{ 754 imsg_compose(ibuf_se, type, 0, pid, -1, data, datalen); 755} 756 757int 758send_network(int type, struct network_config *net, struct filter_set_head *h) 759{ 760 if (imsg_compose(ibuf_rde, type, 0, 0, -1, net, 761 sizeof(struct network_config)) == -1) 762 return (-1); 763 /* networks that get deleted don't need to send the filter set */ 764 if (type == IMSG_NETWORK_REMOVE) 765 return (0); 766 if (send_filterset(ibuf_rde, h) == -1) 767 return (-1); 768 if (imsg_compose(ibuf_rde, IMSG_NETWORK_DONE, 0, 0, -1, NULL, 0) == -1) 769 return (-1); 770 771 return (0); 772} 773 774int 775bgpd_filternexthop(struct kroute *kr, struct kroute6 *kr6) 776{ 777 /* kernel routes are never filtered */ 778 if (kr && kr->flags & F_KERNEL && kr->prefixlen != 0) 779 return (0); 780 if (kr6 && kr6->flags & F_KERNEL && kr6->prefixlen != 0) 781 return (0); 782 783 if (cflags & BGPD_FLAG_NEXTHOP_BGP) { 784 if (kr && kr->flags & F_BGPD_INSERTED) 785 return (0); 786 if (kr6 && kr6->flags & F_BGPD_INSERTED) 787 return (0); 788 } 789 790 if (cflags & BGPD_FLAG_NEXTHOP_DEFAULT) { 791 if (kr && kr->prefixlen == 0) 792 return (0); 793 if (kr6 && kr6->prefixlen == 0) 794 return (0); 795 } 796 797 return (1); 798} 799 800int 801control_setup(struct bgpd_config *conf) 802{ 803 int fd, restricted; 804 805 /* control socket is outside chroot */ 806 if (!cname || strcmp(cname, conf->csock)) { 807 if (cname) { 808 control_cleanup(cname); 809 free(cname); 810 } 811 if ((cname = strdup(conf->csock)) == NULL) 812 fatal("strdup"); 813 if ((fd = control_init(0, cname)) == -1) 814 fatalx("control socket setup failed"); 815 restricted = 0; 816 if (imsg_compose(ibuf_se, IMSG_RECONF_CTRL, 0, 0, fd, 817 &restricted, sizeof(restricted)) == -1) 818 return (-1); 819 } 820 if (!conf->rcsock) { 821 /* remove restricted socket */ 822 control_cleanup(rcname); 823 free(rcname); 824 rcname = NULL; 825 } else if (!rcname || strcmp(rcname, conf->rcsock)) { 826 if (rcname) { 827 control_cleanup(rcname); 828 free(rcname); 829 } 830 if ((rcname = strdup(conf->rcsock)) == NULL) 831 fatal("strdup"); 832 if ((fd = control_init(1, rcname)) == -1) 833 fatalx("control socket setup failed"); 834 restricted = 1; 835 if (imsg_compose(ibuf_se, IMSG_RECONF_CTRL, 0, 0, fd, 836 &restricted, sizeof(restricted)) == -1) 837 return (-1); 838 } 839 return (0); 840} 841