Commit 6c84554b authored by Ondřej Zajíček's avatar Ondřej Zajíček
Browse files

Merge branch 'master' into dev

parents f434d191 4d176e14
......@@ -114,6 +114,10 @@ else
;;
ipv4:freebsd*) sysdesc=bsd
;;
ipv6:openbsd*) sysdesc=bsd-v6
;;
ipv4:openbsd*) sysdesc=bsd
;;
*) AC_MSG_ERROR([Cannot determine correct system configuration. Please use --with-sysconfig to set it manually.])
;;
esac
......
......@@ -435,7 +435,7 @@ This argument can be omitted if there exists only a single instance.
<tag>show symbols</tag>
Show the list of symbols defined in the configuration (names of protocols, routing tables etc.).
<tag>show route [[for] <m/prefix/|<m/IP/] [table <m/sym/] [filter <m/f/|where <m/c/] [(import|preimport) <m/p/] [<m/options/]</tag>
<tag>show route [[for] <m/prefix/|<m/IP/] [table <m/sym/] [filter <m/f/|where <m/c/] [(import|preimport) <m/p/] [protocol <m/p/] [<m/options/]</tag>
Show contents of a routing table (by default of the main one),
that is routes, their metrics and (in case the <cf/all/ switch is given)
all their attributes.
......@@ -454,6 +454,9 @@ This argument can be omitted if there exists only a single instance.
that are imported to the specified protocol. With <cf/preimport/, the
import filter of the protocol is skipped.
<p>You can also select just routes added by a specific protocol.
<cf>protocol <m/p/</cf>.
<p>The <cf/stats/ switch requests showing of route statistics (the
number of networks, number of routes before and after filtering). If
you use <cf/count/ instead, only the statistics will be printed.
......
......@@ -56,7 +56,7 @@ CF_ENUM(T_ENUM_RTD, RTD_, ROUTER, DEVICE, BLACKHOLE, UNREACHABLE, PROHIBIT)
%type <r> rtable
%type <s> optsym
%type <ra> r_args
%type <i> echo_mask echo_size debug_mask debug_list debug_flag import_or_proto
%type <i> echo_mask echo_size debug_mask debug_list debug_flag import_or_preimport
%type <t> proto_patt
CF_GRAMMAR
......@@ -298,7 +298,7 @@ CF_CLI(SHOW INTERFACES,,, [[Show network interfaces]])
CF_CLI(SHOW INTERFACES SUMMARY,,, [[Show summary of network interfaces]])
{ if_show_summary(); } ;
CF_CLI(SHOW ROUTE, r_args, [[[<prefix>|for <prefix>|for <ip>] [table <t>] [filter <f>|where <cond>] [all] [primary] [(import|protocol) <p>] [stats|count]]], [[Show routing table]])
CF_CLI(SHOW ROUTE, r_args, [[[<prefix>|for <prefix>|for <ip>] [table <t>] [filter <f>|where <cond>] [all] [primary] [(import|preimport) <p>] [protocol <p>] [stats|count]]], [[Show routing table]])
{ rt_show($3); } ;
r_args:
......@@ -344,7 +344,7 @@ r_args:
$$ = $1;
$$->primary_only = 1;
}
| r_args import_or_proto SYM {
| r_args import_or_preimport SYM {
struct proto_config *c = (struct proto_config *) $3->def;
$$ = $1;
if ($$->import_mode) cf_error("Protocol specified twice");
......@@ -354,6 +354,14 @@ r_args:
$$->import_protocol = c->proto;
$$->running_on_config = c->proto->cf->global;
}
| r_args PROTOCOL SYM {
struct proto_config *c = (struct proto_config *) $3->def;
$$ = $1;
if ($$->show_protocol) cf_error("Protocol specified twice");
if ($3->class != SYM_PROTO || !c->proto) cf_error("%s is not a protocol", $3->name);
$$->show_protocol = c->proto;
$$->running_on_config = c->proto->cf->global;
}
| r_args STATS {
$$ = $1;
$$->stats = 1;
......@@ -364,7 +372,7 @@ r_args:
}
;
import_or_proto:
import_or_preimport:
PREIMPORT { $$ = 1; }
| IMPORT { $$ = 2; }
;
......
......@@ -211,6 +211,7 @@ struct rt_show_data {
struct filter *filter;
int verbose;
struct fib_iterator fit;
struct proto *show_protocol;
struct proto *import_protocol;
int import_mode, primary_only;
struct config *running_on_config;
......
......@@ -979,11 +979,13 @@ rt_show_net(struct cli *c, net *n, struct rt_show_data *d)
struct ea_list *tmpa, *old_tmpa;
struct proto *p0 = e->attrs->proto;
struct proto *p1 = d->import_protocol;
struct proto *p2 = d->show_protocol;
d->rt_counter++;
ee = e;
rte_update_lock(); /* We use the update buffer for filtering */
old_tmpa = tmpa = p0->make_tmp_attrs ? p0->make_tmp_attrs(e, rte_update_pool) : NULL;
ok = (d->filter == FILTER_ACCEPT || f_run(d->filter, &e, &tmpa, rte_update_pool, FF_FORCE_TMPATTR) <= F_ACCEPT);
if (p2 && p2 != p0) ok = 0;
if (ok && d->import_mode)
{
int ic = (p1->import_control ? p1->import_control(p1, &e, &tmpa, rte_update_pool) : 0);
......
......@@ -54,3 +54,7 @@
/* struct sockaddr_in(6) */
#undef HAVE_SIN_LEN
/* We have stdint.h */
#undef HAVE_STDINT_H
......@@ -74,3 +74,48 @@ sysio_mcast_join(sock * s)
}
#endif
#include <netinet/tcp.h>
#ifndef TCP_KEYLEN_MAX
#define TCP_KEYLEN_MAX 80
#endif
#ifndef TCP_SIG_SPI
#define TCP_SIG_SPI 0x1000
#endif
/*
* FIXME: Passwords has to be set by setkey(8) command. This is the same
* behaviour like Quagga. We need to add code for SA/SP entries
* management.
*/
static int
sk_set_md5_auth_int(sock *s, sockaddr *sa, char *passwd)
{
int enable = 0;
if (passwd)
{
int len = strlen(passwd);
enable = len ? TCP_SIG_SPI : 0;
if (len > TCP_KEYLEN_MAX)
{
log(L_ERR "MD5 password too long");
return -1;
}
}
int rv = setsockopt(s->fd, IPPROTO_TCP, TCP_MD5SIG, &enable, sizeof(enable));
if (rv < 0)
{
if (errno == ENOPROTOOPT)
log(L_ERR "Kernel does not support TCP MD5 signatures");
else
log(L_ERR "sk_set_md5_auth_int: setsockopt: %m");
}
return rv;
}
......@@ -160,3 +160,38 @@ struct tcp_md5sig {
};
#endif
static int
sk_set_md5_auth_int(sock *s, sockaddr *sa, char *passwd)
{
struct tcp_md5sig md5;
memset(&md5, 0, sizeof(md5));
memcpy(&md5.tcpm_addr, (struct sockaddr *) sa, sizeof(*sa));
if (passwd)
{
int len = strlen(passwd);
if (len > TCP_MD5SIG_MAXKEYLEN)
{
log(L_ERR "MD5 password too long");
return -1;
}
md5.tcpm_keylen = len;
memcpy(&md5.tcpm_key, passwd, len);
}
int rv = setsockopt(s->fd, IPPROTO_TCP, TCP_MD5SIG, &md5, sizeof(md5));
if (rv < 0)
{
if (errno == ENOPROTOOPT)
log(L_ERR "Kernel does not support TCP MD5 signatures");
else
log(L_ERR "sk_set_md5_auth_int: setsockopt: %m");
}
return rv;
}
......@@ -13,5 +13,8 @@
#include <sys/types.h>
#include <netinet/in.h>
#ifdef HAVE_STDINT_H
#include <stdint.h>
#endif
#endif
......@@ -738,43 +738,6 @@ sk_set_ttl(sock *s, int ttl)
}
/* FIXME: check portability */
static int
sk_set_md5_auth_int(sock *s, sockaddr *sa, char *passwd)
{
struct tcp_md5sig md5;
memset(&md5, 0, sizeof(md5));
memcpy(&md5.tcpm_addr, (struct sockaddr *) sa, sizeof(*sa));
if (passwd)
{
int len = strlen(passwd);
if (len > TCP_MD5SIG_MAXKEYLEN)
{
log(L_ERR "MD5 password too long");
return -1;
}
md5.tcpm_keylen = len;
memcpy(&md5.tcpm_key, passwd, len);
}
int rv = setsockopt(s->fd, IPPROTO_TCP, TCP_MD5SIG, &md5, sizeof(md5));
if (rv < 0)
{
if (errno == ENOPROTOOPT)
log(L_ERR "Kernel does not support TCP MD5 signatures");
else
log(L_ERR "sk_set_md5_auth_int: setsockopt: %m");
}
return rv;
}
/**
* sk_set_md5_auth - add / remove MD5 security association for given socket.
* @s: socket
......
......@@ -637,8 +637,8 @@ krt_got_route_async(struct krt_proto *p, rte *e, int new UNUSED)
DBG("It's a redirect, kill him! Kill! Kill!\n");
krt_set_notify(p, net, NULL, e);
break;
case KRT_SRC_ALIEN:
#ifdef KRT_ALLOW_LEARN
case KRT_SRC_ALIEN:
if (KRT_CF->learn)
{
krt_learn_async(p, e, new);
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment