summaryrefslogtreecommitdiff
path: root/bgpd/bgp_network.c
diff options
context:
space:
mode:
Diffstat (limited to 'bgpd/bgp_network.c')
-rw-r--r--bgpd/bgp_network.c170
1 files changed, 85 insertions, 85 deletions
diff --git a/bgpd/bgp_network.c b/bgpd/bgp_network.c
index 476b64e75a..0664fdfd1c 100644
--- a/bgpd/bgp_network.c
+++ b/bgpd/bgp_network.c
@@ -35,12 +35,14 @@
#include "hash.h"
#include "filter.h"
#include "ns.h"
+#include "lib_errors.h"
#include "bgpd/bgpd.h"
#include "bgpd/bgp_open.h"
#include "bgpd/bgp_fsm.h"
#include "bgpd/bgp_attr.h"
#include "bgpd/bgp_debug.h"
+#include "bgpd/bgp_errors.h"
#include "bgpd/bgp_network.h"
extern struct zebra_privs_t bgpd_privs;
@@ -95,15 +97,9 @@ static int bgp_md5_set_connect(int socket, union sockunion *su,
int ret = -1;
#if HAVE_DECL_TCP_MD5SIG
- if (bgpd_privs.change(ZPRIVS_RAISE)) {
- zlog_err("%s: could not raise privs", __func__);
- return ret;
+ frr_elevate_privs(&bgpd_privs) {
+ ret = bgp_md5_set_socket(socket, su, password);
}
-
- ret = bgp_md5_set_socket(socket, su, password);
-
- if (bgpd_privs.change(ZPRIVS_LOWER))
- zlog_err("%s: could not lower privs", __func__);
#endif /* HAVE_TCP_MD5SIG */
return ret;
@@ -115,25 +111,18 @@ static int bgp_md5_set_password(struct peer *peer, const char *password)
int ret = 0;
struct bgp_listener *listener;
- if (bgpd_privs.change(ZPRIVS_RAISE)) {
- zlog_err("%s: could not raise privs", __func__);
- return -1;
- }
-
+ frr_elevate_privs(&bgpd_privs) {
/* Set or unset the password on the listen socket(s). Outbound
- * connections
- * are taken care of in bgp_connect() below.
+ * connections are taken care of in bgp_connect() below.
*/
- for (ALL_LIST_ELEMENTS_RO(bm->listen_sockets, node, listener))
- if (listener->su.sa.sa_family == peer->su.sa.sa_family) {
- ret = bgp_md5_set_socket(listener->fd, &peer->su,
- password);
- break;
- }
-
- if (bgpd_privs.change(ZPRIVS_LOWER))
- zlog_err("%s: could not lower privs", __func__);
-
+ for (ALL_LIST_ELEMENTS_RO(bm->listen_sockets, node, listener))
+ if (listener->su.sa.sa_family
+ == peer->su.sa.sa_family) {
+ ret = bgp_md5_set_socket(listener->fd,
+ &peer->su, password);
+ break;
+ }
+ }
return ret;
}
@@ -158,10 +147,12 @@ int bgp_set_socket_ttl(struct peer *peer, int bgp_sock)
if (!peer->gtsm_hops && (peer_sort(peer) == BGP_PEER_EBGP)) {
ret = sockopt_ttl(peer->su.sa.sa_family, bgp_sock, peer->ttl);
if (ret) {
- zlog_err(
+ flog_err(
+ LIB_ERR_SOCKET,
"%s: Can't set TxTTL on peer (rtrid %s) socket, err = %d",
- __func__, inet_ntop(AF_INET, &peer->remote_id,
- buf, sizeof(buf)),
+ __func__,
+ inet_ntop(AF_INET, &peer->remote_id, buf,
+ sizeof(buf)),
errno);
return ret;
}
@@ -172,20 +163,24 @@ int bgp_set_socket_ttl(struct peer *peer, int bgp_sock)
*/
ret = sockopt_ttl(peer->su.sa.sa_family, bgp_sock, MAXTTL);
if (ret) {
- zlog_err(
+ flog_err(
+ LIB_ERR_SOCKET,
"%s: Can't set TxTTL on peer (rtrid %s) socket, err = %d",
- __func__, inet_ntop(AF_INET, &peer->remote_id,
- buf, sizeof(buf)),
+ __func__,
+ inet_ntop(AF_INET, &peer->remote_id, buf,
+ sizeof(buf)),
errno);
return ret;
}
ret = sockopt_minttl(peer->su.sa.sa_family, bgp_sock,
MAXTTL + 1 - peer->gtsm_hops);
if (ret) {
- zlog_err(
+ flog_err(
+ LIB_ERR_SOCKET,
"%s: Can't set MinTTL on peer (rtrid %s) socket, err = %d",
- __func__, inet_ntop(AF_INET, &peer->remote_id,
- buf, sizeof(buf)),
+ __func__,
+ inet_ntop(AF_INET, &peer->remote_id, buf,
+ sizeof(buf)),
errno);
return ret;
}
@@ -226,8 +221,10 @@ static int bgp_get_instance_for_inc_conn(int sock, struct bgp **bgp_inst)
rc = getsockopt(sock, SOL_SOCKET, SO_BINDTODEVICE, name, &name_len);
if (rc != 0) {
#if defined(HAVE_CUMULUS)
- zlog_err("[Error] BGP SO_BINDTODEVICE get failed (%s), sock %d",
- safe_strerror(errno), sock);
+ flog_err(
+ LIB_ERR_SOCKET,
+ "[Error] BGP SO_BINDTODEVICE get failed (%s), sock %d",
+ safe_strerror(errno), sock);
return -1;
#endif
}
@@ -282,7 +279,8 @@ static int bgp_accept(struct thread *thread)
/* Register accept thread. */
accept_sock = THREAD_FD(thread);
if (accept_sock < 0) {
- zlog_err("accept_sock is nevative value %d", accept_sock);
+ flog_err_sys(LIB_ERR_SOCKET, "accept_sock is nevative value %d",
+ accept_sock);
return -1;
}
listener->thread = NULL;
@@ -293,8 +291,9 @@ static int bgp_accept(struct thread *thread)
/* Accept client connection. */
bgp_sock = sockunion_accept(accept_sock, &su);
if (bgp_sock < 0) {
- zlog_err("[Error] BGP socket accept failed (%s)",
- safe_strerror(errno));
+ flog_err_sys(LIB_ERR_SOCKET,
+ "[Error] BGP socket accept failed (%s)",
+ safe_strerror(errno));
return -1;
}
set_nonblocking(bgp_sock);
@@ -543,13 +542,11 @@ int bgp_connect(struct peer *peer)
zlog_debug("Peer address not learnt: Returning from connect");
return 0;
}
- if (bgpd_privs.change(ZPRIVS_RAISE))
- zlog_err("Can't raise privileges");
+ frr_elevate_privs(&bgpd_privs) {
/* Make socket for the peer. */
- peer->fd = vrf_sockunion_socket(&peer->su, peer->bgp->vrf_id,
- bgp_get_bound_name(peer));
- if (bgpd_privs.change(ZPRIVS_LOWER))
- zlog_err("Can't lower privileges");
+ peer->fd = vrf_sockunion_socket(&peer->su, peer->bgp->vrf_id,
+ bgp_get_bound_name(peer));
+ }
if (peer->fd < 0)
return -1;
@@ -568,14 +565,14 @@ int bgp_connect(struct peer *peer)
peer->host, safe_strerror(errno));
#ifdef IPTOS_PREC_INTERNETCONTROL
- if (bgpd_privs.change(ZPRIVS_RAISE))
- zlog_err("%s: could not raise privs", __func__);
- if (sockunion_family(&peer->su) == AF_INET)
- setsockopt_ipv4_tos(peer->fd, IPTOS_PREC_INTERNETCONTROL);
- else if (sockunion_family(&peer->su) == AF_INET6)
- setsockopt_ipv6_tclass(peer->fd, IPTOS_PREC_INTERNETCONTROL);
- if (bgpd_privs.change(ZPRIVS_LOWER))
- zlog_err("%s: could not lower privs", __func__);
+ frr_elevate_privs(&bgpd_privs) {
+ if (sockunion_family(&peer->su) == AF_INET)
+ setsockopt_ipv4_tos(peer->fd,
+ IPTOS_PREC_INTERNETCONTROL);
+ else if (sockunion_family(&peer->su) == AF_INET6)
+ setsockopt_ipv6_tclass(peer->fd,
+ IPTOS_PREC_INTERNETCONTROL);
+ }
#endif
if (peer->password)
@@ -623,7 +620,8 @@ int bgp_getsockname(struct peer *peer)
if (bgp_nexthop_set(peer->su_local, peer->su_remote, &peer->nexthop,
peer)) {
#if defined(HAVE_CUMULUS)
- zlog_err(
+ flog_err(
+ BGP_ERR_NH_UPD,
"%s: nexthop_set failed, resetting connection - intf %p",
peer->host, peer->nexthop.ifp);
return -1;
@@ -642,31 +640,31 @@ static int bgp_listener(int sock, struct sockaddr *sa, socklen_t salen,
sockopt_reuseaddr(sock);
sockopt_reuseport(sock);
- if (bgpd_privs.change(ZPRIVS_RAISE))
- zlog_err("%s: could not raise privs", __func__);
+ frr_elevate_privs(&bgpd_privs) {
#ifdef IPTOS_PREC_INTERNETCONTROL
- if (sa->sa_family == AF_INET)
- setsockopt_ipv4_tos(sock, IPTOS_PREC_INTERNETCONTROL);
- else if (sa->sa_family == AF_INET6)
- setsockopt_ipv6_tclass(sock, IPTOS_PREC_INTERNETCONTROL);
+ if (sa->sa_family == AF_INET)
+ setsockopt_ipv4_tos(sock, IPTOS_PREC_INTERNETCONTROL);
+ else if (sa->sa_family == AF_INET6)
+ setsockopt_ipv6_tclass(sock,
+ IPTOS_PREC_INTERNETCONTROL);
#endif
- sockopt_v6only(sa->sa_family, sock);
+ sockopt_v6only(sa->sa_family, sock);
- ret = bind(sock, sa, salen);
- en = errno;
- if (bgpd_privs.change(ZPRIVS_LOWER))
- zlog_err("%s: could not lower privs", __func__);
+ ret = bind(sock, sa, salen);
+ en = errno;
+ }
if (ret < 0) {
- zlog_err("bind: %s", safe_strerror(en));
+ flog_err_sys(LIB_ERR_SOCKET, "bind: %s", safe_strerror(en));
return ret;
}
ret = listen(sock, SOMAXCONN);
if (ret < 0) {
- zlog_err("listen: %s", safe_strerror(errno));
+ flog_err_sys(LIB_ERR_SOCKET, "listen: %s",
+ safe_strerror(errno));
return ret;
}
@@ -702,14 +700,13 @@ int bgp_socket(struct bgp *bgp, unsigned short port, const char *address)
snprintf(port_str, sizeof(port_str), "%d", port);
port_str[sizeof(port_str) - 1] = '\0';
- if (bgpd_privs.change(ZPRIVS_RAISE))
- zlog_err("Can't raise privileges");
- ret = vrf_getaddrinfo(address, port_str, &req, &ainfo_save,
- bgp->vrf_id);
- if (bgpd_privs.change(ZPRIVS_LOWER))
- zlog_err("Can't lower privileges");
+ frr_elevate_privs(&bgpd_privs) {
+ ret = vrf_getaddrinfo(address, port_str, &req, &ainfo_save,
+ bgp->vrf_id);
+ }
if (ret != 0) {
- zlog_err("getaddrinfo: %s", gai_strerror(ret));
+ flog_err_sys(LIB_ERR_SOCKET, "getaddrinfo: %s",
+ gai_strerror(ret));
return -1;
}
@@ -720,16 +717,17 @@ int bgp_socket(struct bgp *bgp, unsigned short port, const char *address)
if (ainfo->ai_family != AF_INET && ainfo->ai_family != AF_INET6)
continue;
- if (bgpd_privs.change(ZPRIVS_RAISE))
- zlog_err("Can't raise privileges");
- sock = vrf_socket(ainfo->ai_family, ainfo->ai_socktype,
- ainfo->ai_protocol, bgp->vrf_id,
- (bgp->inst_type == BGP_INSTANCE_TYPE_VRF ?
- bgp->name : NULL));
- if (bgpd_privs.change(ZPRIVS_LOWER))
- zlog_err("Can't lower privileges");
+ frr_elevate_privs(&bgpd_privs) {
+ sock = vrf_socket(ainfo->ai_family,
+ ainfo->ai_socktype,
+ ainfo->ai_protocol, bgp->vrf_id,
+ (bgp->inst_type
+ == BGP_INSTANCE_TYPE_VRF
+ ? bgp->name : NULL));
+ }
if (sock < 0) {
- zlog_err("socket: %s", safe_strerror(errno));
+ flog_err_sys(LIB_ERR_SOCKET, "socket: %s",
+ safe_strerror(errno));
continue;
}
@@ -746,10 +744,12 @@ int bgp_socket(struct bgp *bgp, unsigned short port, const char *address)
}
freeaddrinfo(ainfo_save);
if (count == 0 && bgp->inst_type != BGP_INSTANCE_TYPE_VRF) {
- zlog_err(
+ flog_err(
+ LIB_ERR_SOCKET,
"%s: no usable addresses please check other programs usage of specified port %d",
__func__, port);
- zlog_err("%s: Program cannot continue", __func__);
+ flog_err_sys(LIB_ERR_SOCKET, "%s: Program cannot continue",
+ __func__);
exit(-1);
}
generated by cgit v1.2.3 (git 2.39.1) at 2025-12-07 23:23:02 +0000