proxmox-mirrors/mirror_frr
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_frr synced 2025-08-14 16:04:49 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge pull request #5173 from opensourcerouting/72-bfdd-vrf-socket

Browse Source 
[7.2] bfdd: VRF security improvement
This commit is contained in:
Donatas Abraitis 2019-11-08 11:12:15 +02:00 committed by GitHub
commit f5a5822563
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 28 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
bfdd/bfd.c
View File

@ -1649,17 +1649,17 @@ static int bfd_vrf_enable(struct vrf *vrf)
if (vrf->vrf_id == VRF_DEFAULT || if (vrf->vrf_id == VRF_DEFAULT ||
vrf_get_backend() == VRF_BACKEND_NETNS) { vrf_get_backend() == VRF_BACKEND_NETNS) {
if (!bvrf->bg_shop) if (!bvrf->bg_shop)
bvrf->bg_shop = bp_udp_shop(vrf->vrf_id); bvrf->bg_shop = bp_udp_shop(vrf);
if (!bvrf->bg_mhop) if (!bvrf->bg_mhop)
bvrf->bg_mhop = bp_udp_mhop(vrf->vrf_id); bvrf->bg_mhop = bp_udp_mhop(vrf);
if (!bvrf->bg_shop6) if (!bvrf->bg_shop6)
bvrf->bg_shop6 = bp_udp6_shop(vrf->vrf_id); bvrf->bg_shop6 = bp_udp6_shop(vrf);
if (!bvrf->bg_mhop6) if (!bvrf->bg_mhop6)
bvrf->bg_mhop6 = bp_udp6_mhop(vrf->vrf_id); bvrf->bg_mhop6 = bp_udp6_mhop(vrf);
if (!bvrf->bg_echo) if (!bvrf->bg_echo)
bvrf->bg_echo = bp_echo_socket(vrf->vrf_id); bvrf->bg_echo = bp_echo_socket(vrf);
if (!bvrf->bg_echov6) if (!bvrf->bg_echov6)
bvrf->bg_echov6 = bp_echov6_socket(vrf->vrf_id); bvrf->bg_echov6 = bp_echov6_socket(vrf);
/* Add descriptors to the event loop. */ /* Add descriptors to the event loop. */
if (!bvrf->bg_ev[0]) if (!bvrf->bg_ev[0])

12
bfdd/bfd.h
View File

@ -461,14 +461,14 @@ int bp_set_tosv6(int sd, uint8_t value);
int bp_set_tos(int sd, uint8_t value); int bp_set_tos(int sd, uint8_t value);
int bp_bind_dev(int sd, const char *dev); int bp_bind_dev(int sd, const char *dev);
int bp_udp_shop(vrf_id_t vrf_id); int bp_udp_shop(const struct vrf *vrf);
int bp_udp_mhop(vrf_id_t vrf_id); int bp_udp_mhop(const struct vrf *vrf);
int bp_udp6_shop(vrf_id_t vrf_id); int bp_udp6_shop(const struct vrf *vrf);
int bp_udp6_mhop(vrf_id_t vrf_id); int bp_udp6_mhop(const struct vrf *vrf);
int bp_peer_socket(const struct bfd_session *bs); int bp_peer_socket(const struct bfd_session *bs);
int bp_peer_socketv6(const struct bfd_session *bs); int bp_peer_socketv6(const struct bfd_session *bs);
int bp_echo_socket(vrf_id_t vrf_id); int bp_echo_socket(const struct vrf *vrf);
int bp_echov6_socket(vrf_id_t vrf_id); int bp_echov6_socket(const struct vrf *vrf);
void ptm_bfd_snd(struct bfd_session *bfd, int fbit); void ptm_bfd_snd(struct bfd_session *bfd, int fbit);
void ptm_bfd_echo_snd(struct bfd_session *bfd); void ptm_bfd_echo_snd(struct bfd_session *bfd);

28
bfdd/bfd_packet.c
View File

@ -890,12 +890,13 @@ static void bp_bind_ip(int sd, uint16_t port)
log_fatal("bind-ip: bind: %s", strerror(errno)); log_fatal("bind-ip: bind: %s", strerror(errno));
} }
int bp_udp_shop(vrf_id_t vrf_id) int bp_udp_shop(const struct vrf *vrf)
{ {
int sd; int sd;
frr_with_privs(&bglobal.bfdd_privs) { frr_with_privs(&bglobal.bfdd_privs) {
sd = vrf_socket(AF_INET, SOCK_DGRAM, PF_UNSPEC, vrf_id, NULL); sd = vrf_socket(AF_INET, SOCK_DGRAM, PF_UNSPEC, vrf->vrf_id,
vrf->name);
} }
if (sd == -1) if (sd == -1)
log_fatal("udp-shop: socket: %s", strerror(errno)); log_fatal("udp-shop: socket: %s", strerror(errno));
@ -905,12 +906,13 @@ int bp_udp_shop(vrf_id_t vrf_id)
return sd; return sd;
} }
int bp_udp_mhop(vrf_id_t vrf_id) int bp_udp_mhop(const struct vrf *vrf)
{ {
int sd; int sd;
frr_with_privs(&bglobal.bfdd_privs) { frr_with_privs(&bglobal.bfdd_privs) {
sd = vrf_socket(AF_INET, SOCK_DGRAM, PF_UNSPEC, vrf_id, NULL); sd = vrf_socket(AF_INET, SOCK_DGRAM, PF_UNSPEC, vrf->vrf_id,
vrf->name);
} }
if (sd == -1) if (sd == -1)
log_fatal("udp-mhop: socket: %s", strerror(errno)); log_fatal("udp-mhop: socket: %s", strerror(errno));
@ -1117,12 +1119,13 @@ static void bp_bind_ipv6(int sd, uint16_t port)
log_fatal("bind-ipv6: bind: %s", strerror(errno)); log_fatal("bind-ipv6: bind: %s", strerror(errno));
} }
int bp_udp6_shop(vrf_id_t vrf_id) int bp_udp6_shop(const struct vrf *vrf)
{ {
int sd; int sd;
frr_with_privs(&bglobal.bfdd_privs) { frr_with_privs(&bglobal.bfdd_privs) {
sd = vrf_socket(AF_INET6, SOCK_DGRAM, PF_UNSPEC, vrf_id, NULL); sd = vrf_socket(AF_INET6, SOCK_DGRAM, PF_UNSPEC, vrf->vrf_id,
vrf->name);
} }
if (sd == -1) if (sd == -1)
log_fatal("udp6-shop: socket: %s", strerror(errno)); log_fatal("udp6-shop: socket: %s", strerror(errno));
@ -1133,12 +1136,13 @@ int bp_udp6_shop(vrf_id_t vrf_id)
return sd; return sd;
} }
int bp_udp6_mhop(vrf_id_t vrf_id) int bp_udp6_mhop(const struct vrf *vrf)
{ {
int sd; int sd;
frr_with_privs(&bglobal.bfdd_privs) { frr_with_privs(&bglobal.bfdd_privs) {
sd = vrf_socket(AF_INET6, SOCK_DGRAM, PF_UNSPEC, vrf_id, NULL); sd = vrf_socket(AF_INET6, SOCK_DGRAM, PF_UNSPEC, vrf->vrf_id,
vrf->name);
} }
if (sd == -1) if (sd == -1)
log_fatal("udp6-mhop: socket: %s", strerror(errno)); log_fatal("udp6-mhop: socket: %s", strerror(errno));
@ -1149,12 +1153,12 @@ int bp_udp6_mhop(vrf_id_t vrf_id)
return sd; return sd;
} }
int bp_echo_socket(vrf_id_t vrf_id) int bp_echo_socket(const struct vrf *vrf)
{ {
int s; int s;
frr_with_privs(&bglobal.bfdd_privs) { frr_with_privs(&bglobal.bfdd_privs) {
s = vrf_socket(AF_INET, SOCK_DGRAM, 0, vrf_id, NULL); s = vrf_socket(AF_INET, SOCK_DGRAM, 0, vrf->vrf_id, vrf->name);
} }
if (s == -1) if (s == -1)
log_fatal("echo-socket: socket: %s", strerror(errno)); log_fatal("echo-socket: socket: %s", strerror(errno));
@ -1165,12 +1169,12 @@ int bp_echo_socket(vrf_id_t vrf_id)
return s; return s;
} }
int bp_echov6_socket(vrf_id_t vrf_id) int bp_echov6_socket(const struct vrf *vrf)
{ {
int s; int s;
frr_with_privs(&bglobal.bfdd_privs) { frr_with_privs(&bglobal.bfdd_privs) {
s = vrf_socket(AF_INET6, SOCK_DGRAM, 0, vrf_id, NULL); s = vrf_socket(AF_INET6, SOCK_DGRAM, 0, vrf->vrf_id, vrf->name);
} }
if (s == -1) if (s == -1)
log_fatal("echov6-socket: socket: %s", strerror(errno)); log_fatal("echov6-socket: socket: %s", strerror(errno));