Merge branch 'master' into dev

This commit is contained in:
Ondrej Zajicek 2009-05-21 09:26:59 +02:00
commit 6c84554b67
11 changed files with 111 additions and 43 deletions

View file

@ -114,6 +114,10 @@ else
;; ;;
ipv4:freebsd*) sysdesc=bsd ipv4:freebsd*) sysdesc=bsd
;; ;;
ipv6:openbsd*) sysdesc=bsd-v6
;;
ipv4:openbsd*) sysdesc=bsd
;;
*) AC_MSG_ERROR([Cannot determine correct system configuration. Please use --with-sysconfig to set it manually.]) *) AC_MSG_ERROR([Cannot determine correct system configuration. Please use --with-sysconfig to set it manually.])
;; ;;
esac esac

View file

@ -435,7 +435,7 @@ This argument can be omitted if there exists only a single instance.
<tag>show symbols</tag> <tag>show symbols</tag>
Show the list of symbols defined in the configuration (names of protocols, routing tables etc.). Show the list of symbols defined in the configuration (names of protocols, routing tables etc.).
<tag>show route [[for] <m/prefix/|<m/IP/] [table <m/sym/] [filter <m/f/|where <m/c/] [(import|preimport) <m/p/] [<m/options/]</tag> <tag>show route [[for] <m/prefix/|<m/IP/] [table <m/sym/] [filter <m/f/|where <m/c/] [(import|preimport) <m/p/] [protocol <m/p/] [<m/options/]</tag>
Show contents of a routing table (by default of the main one), Show contents of a routing table (by default of the main one),
that is routes, their metrics and (in case the <cf/all/ switch is given) that is routes, their metrics and (in case the <cf/all/ switch is given)
all their attributes. all their attributes.
@ -454,6 +454,9 @@ This argument can be omitted if there exists only a single instance.
that are imported to the specified protocol. With <cf/preimport/, the that are imported to the specified protocol. With <cf/preimport/, the
import filter of the protocol is skipped. import filter of the protocol is skipped.
<p>You can also select just routes added by a specific protocol.
<cf>protocol <m/p/</cf>.
<p>The <cf/stats/ switch requests showing of route statistics (the <p>The <cf/stats/ switch requests showing of route statistics (the
number of networks, number of routes before and after filtering). If number of networks, number of routes before and after filtering). If
you use <cf/count/ instead, only the statistics will be printed. you use <cf/count/ instead, only the statistics will be printed.

View file

@ -56,7 +56,7 @@ CF_ENUM(T_ENUM_RTD, RTD_, ROUTER, DEVICE, BLACKHOLE, UNREACHABLE, PROHIBIT)
%type <r> rtable %type <r> rtable
%type <s> optsym %type <s> optsym
%type <ra> r_args %type <ra> r_args
%type <i> echo_mask echo_size debug_mask debug_list debug_flag import_or_proto %type <i> echo_mask echo_size debug_mask debug_list debug_flag import_or_preimport
%type <t> proto_patt %type <t> proto_patt
CF_GRAMMAR CF_GRAMMAR
@ -298,7 +298,7 @@ CF_CLI(SHOW INTERFACES,,, [[Show network interfaces]])
CF_CLI(SHOW INTERFACES SUMMARY,,, [[Show summary of network interfaces]]) CF_CLI(SHOW INTERFACES SUMMARY,,, [[Show summary of network interfaces]])
{ if_show_summary(); } ; { if_show_summary(); } ;
CF_CLI(SHOW ROUTE, r_args, [[[<prefix>|for <prefix>|for <ip>] [table <t>] [filter <f>|where <cond>] [all] [primary] [(import|protocol) <p>] [stats|count]]], [[Show routing table]]) CF_CLI(SHOW ROUTE, r_args, [[[<prefix>|for <prefix>|for <ip>] [table <t>] [filter <f>|where <cond>] [all] [primary] [(import|preimport) <p>] [protocol <p>] [stats|count]]], [[Show routing table]])
{ rt_show($3); } ; { rt_show($3); } ;
r_args: r_args:
@ -344,7 +344,7 @@ r_args:
$$ = $1; $$ = $1;
$$->primary_only = 1; $$->primary_only = 1;
} }
| r_args import_or_proto SYM { | r_args import_or_preimport SYM {
struct proto_config *c = (struct proto_config *) $3->def; struct proto_config *c = (struct proto_config *) $3->def;
$$ = $1; $$ = $1;
if ($$->import_mode) cf_error("Protocol specified twice"); if ($$->import_mode) cf_error("Protocol specified twice");
@ -354,6 +354,14 @@ r_args:
$$->import_protocol = c->proto; $$->import_protocol = c->proto;
$$->running_on_config = c->proto->cf->global; $$->running_on_config = c->proto->cf->global;
} }
| r_args PROTOCOL SYM {
struct proto_config *c = (struct proto_config *) $3->def;
$$ = $1;
if ($$->show_protocol) cf_error("Protocol specified twice");
if ($3->class != SYM_PROTO || !c->proto) cf_error("%s is not a protocol", $3->name);
$$->show_protocol = c->proto;
$$->running_on_config = c->proto->cf->global;
}
| r_args STATS { | r_args STATS {
$$ = $1; $$ = $1;
$$->stats = 1; $$->stats = 1;
@ -364,7 +372,7 @@ r_args:
} }
; ;
import_or_proto: import_or_preimport:
PREIMPORT { $$ = 1; } PREIMPORT { $$ = 1; }
| IMPORT { $$ = 2; } | IMPORT { $$ = 2; }
; ;

View file

@ -211,6 +211,7 @@ struct rt_show_data {
struct filter *filter; struct filter *filter;
int verbose; int verbose;
struct fib_iterator fit; struct fib_iterator fit;
struct proto *show_protocol;
struct proto *import_protocol; struct proto *import_protocol;
int import_mode, primary_only; int import_mode, primary_only;
struct config *running_on_config; struct config *running_on_config;

View file

@ -979,11 +979,13 @@ rt_show_net(struct cli *c, net *n, struct rt_show_data *d)
struct ea_list *tmpa, *old_tmpa; struct ea_list *tmpa, *old_tmpa;
struct proto *p0 = e->attrs->proto; struct proto *p0 = e->attrs->proto;
struct proto *p1 = d->import_protocol; struct proto *p1 = d->import_protocol;
struct proto *p2 = d->show_protocol;
d->rt_counter++; d->rt_counter++;
ee = e; ee = e;
rte_update_lock(); /* We use the update buffer for filtering */ rte_update_lock(); /* We use the update buffer for filtering */
old_tmpa = tmpa = p0->make_tmp_attrs ? p0->make_tmp_attrs(e, rte_update_pool) : NULL; old_tmpa = tmpa = p0->make_tmp_attrs ? p0->make_tmp_attrs(e, rte_update_pool) : NULL;
ok = (d->filter == FILTER_ACCEPT || f_run(d->filter, &e, &tmpa, rte_update_pool, FF_FORCE_TMPATTR) <= F_ACCEPT); ok = (d->filter == FILTER_ACCEPT || f_run(d->filter, &e, &tmpa, rte_update_pool, FF_FORCE_TMPATTR) <= F_ACCEPT);
if (p2 && p2 != p0) ok = 0;
if (ok && d->import_mode) if (ok && d->import_mode)
{ {
int ic = (p1->import_control ? p1->import_control(p1, &e, &tmpa, rte_update_pool) : 0); int ic = (p1->import_control ? p1->import_control(p1, &e, &tmpa, rte_update_pool) : 0);

View file

@ -54,3 +54,7 @@
/* struct sockaddr_in(6) */ /* struct sockaddr_in(6) */
#undef HAVE_SIN_LEN #undef HAVE_SIN_LEN
/* We have stdint.h */
#undef HAVE_STDINT_H

View file

@ -74,3 +74,48 @@ sysio_mcast_join(sock * s)
} }
#endif #endif
#include <netinet/tcp.h>
#ifndef TCP_KEYLEN_MAX
#define TCP_KEYLEN_MAX 80
#endif
#ifndef TCP_SIG_SPI
#define TCP_SIG_SPI 0x1000
#endif
/*
* FIXME: Passwords has to be set by setkey(8) command. This is the same
* behaviour like Quagga. We need to add code for SA/SP entries
* management.
*/
static int
sk_set_md5_auth_int(sock *s, sockaddr *sa, char *passwd)
{
int enable = 0;
if (passwd)
{
int len = strlen(passwd);
enable = len ? TCP_SIG_SPI : 0;
if (len > TCP_KEYLEN_MAX)
{
log(L_ERR "MD5 password too long");
return -1;
}
}
int rv = setsockopt(s->fd, IPPROTO_TCP, TCP_MD5SIG, &enable, sizeof(enable));
if (rv < 0)
{
if (errno == ENOPROTOOPT)
log(L_ERR "Kernel does not support TCP MD5 signatures");
else
log(L_ERR "sk_set_md5_auth_int: setsockopt: %m");
}
return rv;
}

View file

@ -160,3 +160,38 @@ struct tcp_md5sig {
}; };
#endif #endif
static int
sk_set_md5_auth_int(sock *s, sockaddr *sa, char *passwd)
{
struct tcp_md5sig md5;
memset(&md5, 0, sizeof(md5));
memcpy(&md5.tcpm_addr, (struct sockaddr *) sa, sizeof(*sa));
if (passwd)
{
int len = strlen(passwd);
if (len > TCP_MD5SIG_MAXKEYLEN)
{
log(L_ERR "MD5 password too long");
return -1;
}
md5.tcpm_keylen = len;
memcpy(&md5.tcpm_key, passwd, len);
}
int rv = setsockopt(s->fd, IPPROTO_TCP, TCP_MD5SIG, &md5, sizeof(md5));
if (rv < 0)
{
if (errno == ENOPROTOOPT)
log(L_ERR "Kernel does not support TCP MD5 signatures");
else
log(L_ERR "sk_set_md5_auth_int: setsockopt: %m");
}
return rv;
}

View file

@ -13,5 +13,8 @@
#include <sys/types.h> #include <sys/types.h>
#include <netinet/in.h> #include <netinet/in.h>
#ifdef HAVE_STDINT_H
#include <stdint.h>
#endif
#endif #endif

View file

@ -738,43 +738,6 @@ sk_set_ttl(sock *s, int ttl)
} }
/* FIXME: check portability */
static int
sk_set_md5_auth_int(sock *s, sockaddr *sa, char *passwd)
{
struct tcp_md5sig md5;
memset(&md5, 0, sizeof(md5));
memcpy(&md5.tcpm_addr, (struct sockaddr *) sa, sizeof(*sa));
if (passwd)
{
int len = strlen(passwd);
if (len > TCP_MD5SIG_MAXKEYLEN)
{
log(L_ERR "MD5 password too long");
return -1;
}
md5.tcpm_keylen = len;
memcpy(&md5.tcpm_key, passwd, len);
}
int rv = setsockopt(s->fd, IPPROTO_TCP, TCP_MD5SIG, &md5, sizeof(md5));
if (rv < 0)
{
if (errno == ENOPROTOOPT)
log(L_ERR "Kernel does not support TCP MD5 signatures");
else
log(L_ERR "sk_set_md5_auth_int: setsockopt: %m");
}
return rv;
}
/** /**
* sk_set_md5_auth - add / remove MD5 security association for given socket. * sk_set_md5_auth - add / remove MD5 security association for given socket.
* @s: socket * @s: socket

View file

@ -637,8 +637,8 @@ krt_got_route_async(struct krt_proto *p, rte *e, int new UNUSED)
DBG("It's a redirect, kill him! Kill! Kill!\n"); DBG("It's a redirect, kill him! Kill! Kill!\n");
krt_set_notify(p, net, NULL, e); krt_set_notify(p, net, NULL, e);
break; break;
case KRT_SRC_ALIEN:
#ifdef KRT_ALLOW_LEARN #ifdef KRT_ALLOW_LEARN
case KRT_SRC_ALIEN:
if (KRT_CF->learn) if (KRT_CF->learn)
{ {
krt_learn_async(p, e, new); krt_learn_async(p, e, new);