diff options
| author |   renato <renato@openbsd.org> | 2016-05-23 15:43:11 +0000 |
|---|---|---|
| committer | renato <renato@openbsd.org> | 2016-05-23 15:43:11 +0000 |
| commit | 864088009bd3eca4d93699e2960e08ff83139540 (patch) | |
| tree | ff6b77c612e3bb326ce8d8ccfb965f57b58969ec | |
| parent | Allow setting the session holdtime per neighbor. (diff) | |
| download | wireguard-openbsd-864088009bd3eca4d93699e2960e08ff83139540.tar.xz wireguard-openbsd-864088009bd3eca4d93699e2960e08ff83139540.zip | |
Add knob to configure the transport address.
This will be especially important when we add support for IPv6, because
we'll not be able to use the router-id as the transport-address in
this case.
| -rw-r--r-- | usr.sbin/ldpd/hello.c | 7 | ||||
| -rw-r--r-- | usr.sbin/ldpd/init.c | 6 | ||||
| -rw-r--r-- | usr.sbin/ldpd/ldpd.c | 3 | ||||
| -rw-r--r-- | usr.sbin/ldpd/ldpd.conf.5 | 7 | ||||
| -rw-r--r-- | usr.sbin/ldpd/ldpe.c | 4 | ||||
| -rw-r--r-- | usr.sbin/ldpd/ldpe.h | 7 | ||||
| -rw-r--r-- | usr.sbin/ldpd/neighbor.c | 21 | ||||
| -rw-r--r-- | usr.sbin/ldpd/packet.c | 4 | ||||
| -rw-r--r-- | usr.sbin/ldpd/parse.y | 19 | ||||
| -rw-r--r-- | usr.sbin/ldpd/pfkey.c | 12 | ||||
| -rw-r--r-- | usr.sbin/ldpd/printconf.c | 3 |
11 files changed, 58 insertions, 35 deletions
diff --git a/usr.sbin/ldpd/hello.c b/usr.sbin/ldpd/hello.c index 4d580e83b31..acc6cf1f331 100644 --- a/usr.sbin/ldpd/hello.c +++ b/usr.sbin/ldpd/hello.c @@ -1,4 +1,4 @@ -/* $OpenBSD: hello.c,v 1.29 2016/05/23 15:14:07 renato Exp $ */ +/* $OpenBSD: hello.c,v 1.30 2016/05/23 15:43:11 renato Exp $ */ /* * Copyright (c) 2009 Michele Marchetto <michele@openbsd.org> @@ -86,7 +86,8 @@ send_hello(enum hello_type type, struct iface *iface, struct tnbr *tnbr) gen_msg_tlv(buf, MSG_TYPE_HELLO, size); gen_hello_prms_tlv(buf, holdtime, flags); - gen_opt4_hello_prms_tlv(buf, TLV_TYPE_IPV4TRANSADDR, ldpe_router_id()); + gen_opt4_hello_prms_tlv(buf, TLV_TYPE_IPV4TRANSADDR, + leconf->trans_addr.s_addr); send_packet(fd, iface, buf->buf, buf->wpos, &dst); ibuf_free(buf); @@ -191,7 +192,7 @@ recv_hello(struct iface *iface, struct in_addr src, char *buf, u_int16_t len) /* create new adjacency for existing neighbor */ adj = adj_new(nbr, &source, transport_addr); - if (nbr->addr.s_addr != transport_addr.s_addr) + if (nbr->raddr.s_addr != transport_addr.s_addr) log_warnx("%s: neighbor %s: multiple " "adjacencies advertising different " "transport addresses", __func__, diff --git a/usr.sbin/ldpd/init.c b/usr.sbin/ldpd/init.c index 4879ccce941..dd366f5267c 100644 --- a/usr.sbin/ldpd/init.c +++ b/usr.sbin/ldpd/init.c @@ -1,4 +1,4 @@ -/* $OpenBSD: init.c,v 1.17 2016/05/23 15:41:04 renato Exp $ */ +/* $OpenBSD: init.c,v 1.18 2016/05/23 15:43:11 renato Exp $ */ /* * Copyright (c) 2009 Michele Marchetto <michele@openbsd.org> @@ -106,7 +106,7 @@ recv_init(struct nbr *nbr, char *buf, u_int16_t len) return (-1); } - nbr->keepalive = min(nbr_get_keepalive(nbr->addr), + nbr->keepalive = min(nbr_get_keepalive(nbr->raddr), ntohs(sess.keepalive_time)); if (!nbr_pending_idtimer(nbr)) @@ -127,7 +127,7 @@ gen_init_prms_tlv(struct ibuf *buf, struct nbr *nbr, u_int16_t size) parms.type = htons(TLV_TYPE_COMMONSESSION); parms.length = htons(size); parms.proto_version = htons(LDP_VERSION); - parms.keepalive_time = htons(nbr_get_keepalive(nbr->addr)); + parms.keepalive_time = htons(nbr_get_keepalive(nbr->raddr)); parms.reserved = 0; parms.pvlim = 0; parms.max_pdu_len = 0; diff --git a/usr.sbin/ldpd/ldpd.c b/usr.sbin/ldpd/ldpd.c index 318ccd120dd..81d9cc5792c 100644 --- a/usr.sbin/ldpd/ldpd.c +++ b/usr.sbin/ldpd/ldpd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ldpd.c,v 1.30 2016/05/23 15:41:04 renato Exp $ */ +/* $OpenBSD: ldpd.c,v 1.31 2016/05/23 15:43:11 renato Exp $ */ /* * Copyright (c) 2005 Claudio Jeker <claudio@openbsd.org> @@ -618,6 +618,7 @@ merge_config(struct ldpd_conf *conf, struct ldpd_conf *xconf) conf->keepalive = xconf->keepalive; conf->thello_holdtime = xconf->thello_holdtime; conf->thello_interval = xconf->thello_interval; + conf->trans_addr.s_addr = xconf->trans_addr.s_addr; /* merge interfaces */ LIST_FOREACH_SAFE(iface, &conf->iface_list, entry, itmp) { diff --git a/usr.sbin/ldpd/ldpd.conf.5 b/usr.sbin/ldpd/ldpd.conf.5 index ef32391294e..e5592e5b5a5 100644 --- a/usr.sbin/ldpd/ldpd.conf.5 +++ b/usr.sbin/ldpd/ldpd.conf.5 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ldpd.conf.5,v 1.21 2016/05/23 15:41:04 renato Exp $ +.\" $OpenBSD: ldpd.conf.5,v 1.22 2016/05/23 15:43:11 renato Exp $ .\" .\" Copyright (c) 2009 Michele Marchetto <michele@openbsd.org> .\" Copyright (c) 2005, 2006 Esben Norby <norby@openbsd.org> @@ -110,6 +110,7 @@ The default value is 180; valid range is 1\-65535. .Pp .It Ic router-id Ar address Set the router ID; in combination with labelspace it forms the LSR-ID. +If not specified, the numerically lowest IP address of the router will be used. .Pp .It Xo .Ic targeted-hello-accept @@ -121,6 +122,10 @@ allow LDP sessions to be established with remote neighbors that have not been specifically configured. The default is .Ic no . +.Pp +.It Ic transport-address Ar address +Set the local address to be used in the TCP sessions. +If not specified, the router-id will be used. .El .Sh INTERFACES Each interface can have several parameters configured individually, otherwise diff --git a/usr.sbin/ldpd/ldpe.c b/usr.sbin/ldpd/ldpe.c index 1042c17a080..bd1ff57ee8e 100644 --- a/usr.sbin/ldpd/ldpe.c +++ b/usr.sbin/ldpd/ldpe.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ldpe.c,v 1.45 2016/05/23 15:20:21 renato Exp $ */ +/* $OpenBSD: ldpe.c,v 1.46 2016/05/23 15:43:11 renato Exp $ */ /* * Copyright (c) 2005 Claudio Jeker <claudio@openbsd.org> @@ -137,7 +137,7 @@ ldpe(struct ldpd_conf *xconf, int pipe_parent2ldpe[2], int pipe_ldpe2lde[2], /* create the extended discovery UDP socket */ disc_addr.sin_family = AF_INET; disc_addr.sin_port = htons(LDP_PORT); - disc_addr.sin_addr.s_addr = xconf->rtr_id.s_addr; + disc_addr.sin_addr.s_addr = xconf->trans_addr.s_addr; if ((xconf->ldp_ediscovery_socket = socket(AF_INET, SOCK_DGRAM | SOCK_NONBLOCK | SOCK_CLOEXEC, diff --git a/usr.sbin/ldpd/ldpe.h b/usr.sbin/ldpd/ldpe.h index ceee13bf4c6..53661c29293 100644 --- a/usr.sbin/ldpd/ldpe.h +++ b/usr.sbin/ldpd/ldpe.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ldpe.h,v 1.43 2016/05/23 15:41:04 renato Exp $ */ +/* $OpenBSD: ldpe.h,v 1.44 2016/05/23 15:43:11 renato Exp $ */ /* * Copyright (c) 2004, 2005, 2008 Esben Norby <norby@openbsd.org> @@ -73,8 +73,9 @@ struct nbr { struct mapping_head release_list; struct mapping_head abortreq_list; - struct in_addr addr; - struct in_addr id; + struct in_addr laddr; /* local address */ + struct in_addr raddr; /* remote address */ + struct in_addr id; /* lsr id */ time_t uptime; u_int32_t peerid; /* unique ID in DB */ diff --git a/usr.sbin/ldpd/neighbor.c b/usr.sbin/ldpd/neighbor.c index 79cc6e33be9..189968286a1 100644 --- a/usr.sbin/ldpd/neighbor.c +++ b/usr.sbin/ldpd/neighbor.c @@ -1,4 +1,4 @@ -/* $OpenBSD: neighbor.c,v 1.54 2016/05/23 15:41:04 renato Exp $ */ +/* $OpenBSD: neighbor.c,v 1.55 2016/05/23 15:43:11 renato Exp $ */ /* * Copyright (c) 2009 Michele Marchetto <michele@openbsd.org> @@ -220,7 +220,8 @@ nbr_new(struct in_addr id, struct in_addr addr) LIST_INIT(&nbr->adj_list); nbr->state = NBR_STA_PRESENT; nbr->id.s_addr = id.s_addr; - nbr->addr.s_addr = addr.s_addr; + nbr->laddr.s_addr = leconf->trans_addr.s_addr; + nbr->raddr.s_addr = addr.s_addr; nbr->peerid = 0; if (RB_INSERT(nbr_id_head, &nbrs_by_id, nbr) != NULL) @@ -239,7 +240,7 @@ nbr_new(struct in_addr id, struct in_addr addr) /* init pfkey - remove old if any, load new ones */ pfkey_remove(nbr); - nbrp = nbr_params_find(leconf, nbr->addr); + nbrp = nbr_params_find(leconf, nbr->raddr); if (nbrp && pfkey_establish(nbr, nbrp) == -1) fatalx("pfkey setup failed"); @@ -307,7 +308,7 @@ nbr_find_ldpid(u_int32_t rtr_id) int nbr_session_active_role(struct nbr *nbr) { - if (ntohl(ldpe_router_id()) > ntohl(nbr->addr.s_addr)) + if (ntohl(nbr->laddr.s_addr) > ntohl(nbr->raddr.s_addr)) return (1); return (0); @@ -472,7 +473,7 @@ nbr_connect_cb(int fd, short event, void *arg) close(nbr->fd); errno = error; log_debug("%s: error while connecting to %s: %s", __func__, - inet_ntoa(nbr->addr), strerror(errno)); + inet_ntoa(nbr->raddr), strerror(errno)); return; } @@ -494,7 +495,7 @@ nbr_establish_connection(struct nbr *nbr) return (-1); } - nbrp = nbr_params_find(leconf, nbr->addr); + nbrp = nbr_params_find(leconf, nbr->raddr); if (nbrp && nbrp->auth.method == AUTH_MD5SIG) { if (sysdep.no_pfkey || sysdep.no_md5sig) { log_warnx("md5sig configured but not available"); @@ -510,7 +511,7 @@ nbr_establish_connection(struct nbr *nbr) bzero(&local_sa, sizeof(local_sa)); local_sa.sin_family = AF_INET; local_sa.sin_port = htons(0); - local_sa.sin_addr.s_addr = ldpe_router_id(); + local_sa.sin_addr.s_addr = nbr->laddr.s_addr; if (bind(nbr->fd, (struct sockaddr *) &local_sa, sizeof(struct sockaddr_in)) == -1) { @@ -523,7 +524,7 @@ nbr_establish_connection(struct nbr *nbr) bzero(&remote_sa, sizeof(remote_sa)); remote_sa.sin_family = AF_INET; remote_sa.sin_port = htons(LDP_PORT); - remote_sa.sin_addr.s_addr = nbr->addr.s_addr; + remote_sa.sin_addr.s_addr = nbr->raddr.s_addr; /* * Send an extra hello to guarantee that the remote peer has formed @@ -542,7 +543,7 @@ nbr_establish_connection(struct nbr *nbr) return (0); } log_warn("%s: error while connecting to %s", __func__, - inet_ntoa(nbr->addr)); + inet_ntoa(nbr->raddr)); close(nbr->fd); return (-1); } @@ -617,7 +618,7 @@ nbr_to_ctl(struct nbr *nbr) struct timeval now; memcpy(&nctl.id, &nbr->id, sizeof(nctl.id)); - memcpy(&nctl.addr, &nbr->addr, sizeof(nctl.addr)); + memcpy(&nctl.addr, &nbr->raddr, sizeof(nctl.addr)); nctl.nbr_state = nbr->state; gettimeofday(&now, NULL); diff --git a/usr.sbin/ldpd/packet.c b/usr.sbin/ldpd/packet.c index 690a661225e..feb39c40343 100644 --- a/usr.sbin/ldpd/packet.c +++ b/usr.sbin/ldpd/packet.c @@ -1,4 +1,4 @@ -/* $OpenBSD: packet.c,v 1.43 2016/05/23 15:14:08 renato Exp $ */ +/* $OpenBSD: packet.c,v 1.44 2016/05/23 15:43:11 renato Exp $ */ /* * Copyright (c) 2009 Michele Marchetto <michele@openbsd.org> @@ -59,7 +59,7 @@ gen_ldp_hdr(struct ibuf *buf, u_int16_t size) size -= TLV_HDR_LEN; ldp_hdr.length = htons(size); - ldp_hdr.lsr_id = ldpe_router_id(); + ldp_hdr.lsr_id = leconf->rtr_id.s_addr; ldp_hdr.lspace_id = 0; return (ibuf_add(buf, &ldp_hdr, LDP_HDR_SIZE)); diff --git a/usr.sbin/ldpd/parse.y b/usr.sbin/ldpd/parse.y index 7b2dc2d48a0..1ff60fe3707 100644 --- a/usr.sbin/ldpd/parse.y +++ b/usr.sbin/ldpd/parse.y @@ -1,4 +1,4 @@ -/* $OpenBSD: parse.y,v 1.35 2016/05/23 15:41:04 renato Exp $ */ +/* $OpenBSD: parse.y,v 1.36 2016/05/23 15:43:11 renato Exp $ */ /* * Copyright (c) 2004, 2005, 2008 Esben Norby <norby@openbsd.org> @@ -129,7 +129,7 @@ typedef struct { %token LHELLOHOLDTIME LHELLOINTERVAL %token THELLOHOLDTIME THELLOINTERVAL %token THELLOACCEPT -%token KEEPALIVE +%token KEEPALIVE TRANSADDRESS %token NEIGHBOR PASSWORD %token L2VPN TYPE VPLS PWTYPE MTU BRIDGE %token ETHERNET ETHERNETTAGGED STATUSTLV CONTROLWORD @@ -240,6 +240,18 @@ conf_main : ROUTERID STRING { } conf->keepalive = $2; } + | TRANSADDRESS STRING { + if (!inet_aton($2, &conf->trans_addr)) { + yyerror("error parsing transport-address"); + free($2); + YYERROR; + } + free($2); + if (bad_ip_addr(conf->trans_addr)) { + yyerror("invalid transport-address"); + YYERROR; + } + } | iface_defaults | tnbr_defaults ; @@ -694,6 +706,7 @@ lookup(char *s) {"targeted-hello-holdtime", THELLOHOLDTIME}, {"targeted-hello-interval", THELLOINTERVAL}, {"targeted-neighbor", TNEIGHBOR}, + {"transport-address", TRANSADDRESS}, {"type", TYPE}, {"vpls", VPLS}, {"yes", YES} @@ -1080,6 +1093,8 @@ parse_config(char *filename, int opts) if (conf->rtr_id.s_addr == 0) conf->rtr_id.s_addr = get_rtr_id(); + if (conf->trans_addr.s_addr == 0) + conf->trans_addr.s_addr = conf->rtr_id.s_addr; return (conf); } diff --git a/usr.sbin/ldpd/pfkey.c b/usr.sbin/ldpd/pfkey.c index 766eb5ab547..61c124240fa 100644 --- a/usr.sbin/ldpd/pfkey.c +++ b/usr.sbin/ldpd/pfkey.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pfkey.c,v 1.2 2016/05/23 15:01:54 renato Exp $ */ +/* $OpenBSD: pfkey.c,v 1.3 2016/05/23 15:43:11 renato Exp $ */ /* * Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org> @@ -375,12 +375,12 @@ pfkey_md5sig_establish(struct nbr *nbr, struct nbr_params *nbrp) sleep(1); if (!nbr->auth.spi_out) - if (pfkey_sa_add(&nbr->auth.local_addr, &nbr->addr, + if (pfkey_sa_add(&nbr->laddr, &nbr->raddr, nbrp->auth.md5key_len, nbrp->auth.md5key, &nbr->auth.spi_out) == -1) return (-1); if (!nbr->auth.spi_in) - if (pfkey_sa_add(&nbr->addr, &nbr->auth.local_addr, + if (pfkey_sa_add(&nbr->raddr, &nbr->laddr, nbrp->auth.md5key_len, nbrp->auth.md5key, &nbr->auth.spi_in) == -1) return (-1); @@ -393,16 +393,15 @@ int pfkey_md5sig_remove(struct nbr *nbr) { if (nbr->auth.spi_out) - if (pfkey_sa_remove(&nbr->auth.local_addr, &nbr->addr, + if (pfkey_sa_remove(&nbr->laddr, &nbr->raddr, &nbr->auth.spi_out) == -1) return (-1); if (nbr->auth.spi_in) - if (pfkey_sa_remove(&nbr->addr, &nbr->auth.local_addr, + if (pfkey_sa_remove(&nbr->raddr, &nbr->laddr, &nbr->auth.spi_in) == -1) return (-1); nbr->auth.established = 0; - nbr->auth.local_addr.s_addr = 0; nbr->auth.spi_in = 0; nbr->auth.spi_out = 0; nbr->auth.method = AUTH_NONE; @@ -421,7 +420,6 @@ pfkey_establish(struct nbr *nbr, struct nbr_params *nbrp) * make sure we keep copies of everything we need to * remove SAs and flows later again. */ - nbr->auth.local_addr.s_addr = ldpe_router_id(); nbr->auth.method = nbrp->auth.method; switch (nbr->auth.method) { diff --git a/usr.sbin/ldpd/printconf.c b/usr.sbin/ldpd/printconf.c index 1a12fab968d..d2f5b7e6b3f 100644 --- a/usr.sbin/ldpd/printconf.c +++ b/usr.sbin/ldpd/printconf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: printconf.c,v 1.12 2016/05/23 15:41:04 renato Exp $ */ +/* $OpenBSD: printconf.c,v 1.13 2016/05/23 15:43:11 renato Exp $ */ /* * Copyright (c) 2004, 2005, 2008 Esben Norby <norby@openbsd.org> @@ -51,6 +51,7 @@ print_mainconf(struct ldpd_conf *conf) printf("targeted-hello-accept no\n"); printf("keepalive %u\n", conf->keepalive); + printf("transport-address %s\n", inet_ntoa(conf->trans_addr)); } void |