From 13bcf54fb37e0f97ab15fc9033a8e55ab2036811 Mon Sep 17 00:00:00 2001 From: claudio Date: Sun, 19 Jun 2022 10:30:09 +0000 Subject: [PATCH] Implement a applymask() function that works on bgpd_addr structs. Use this function in kroute so that kroute_find and kroute6_find can switch to use struct bgpd_addr as argument. OK tb@ --- usr.sbin/bgpd/bgpd.h | 3 +- usr.sbin/bgpd/kroute.c | 70 ++++++++++++++++++----------------------- usr.sbin/bgpd/session.c | 22 +++---------- usr.sbin/bgpd/util.c | 18 ++++++++++- 4 files changed, 54 insertions(+), 59 deletions(-) diff --git a/usr.sbin/bgpd/bgpd.h b/usr.sbin/bgpd/bgpd.h index 175fd8ac7df..cc190a33496 100644 --- a/usr.sbin/bgpd/bgpd.h +++ b/usr.sbin/bgpd/bgpd.h @@ -1,4 +1,4 @@ -/* $OpenBSD: bgpd.h,v 1.431 2022/06/16 15:33:05 claudio Exp $ */ +/* $OpenBSD: bgpd.h,v 1.432 2022/06/19 10:30:09 claudio Exp $ */ /* * Copyright (c) 2003, 2004 Henning Brauer @@ -1435,6 +1435,7 @@ int prefix_compare(const struct bgpd_addr *, void inet4applymask(struct in_addr *, const struct in_addr *, int); void inet6applymask(struct in6_addr *, const struct in6_addr *, int); +void applymask(struct bgpd_addr *, const struct bgpd_addr *, int); const char *aid2str(uint8_t); int aid2afi(uint8_t, uint16_t *, uint8_t *); int afi2aid(uint16_t, uint8_t, uint8_t *); diff --git a/usr.sbin/bgpd/kroute.c b/usr.sbin/bgpd/kroute.c index f5bfb841adc..7835959f844 100644 --- a/usr.sbin/bgpd/kroute.c +++ b/usr.sbin/bgpd/kroute.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kroute.c,v 1.259 2022/06/16 15:36:36 claudio Exp $ */ +/* $OpenBSD: kroute.c,v 1.260 2022/06/19 10:30:09 claudio Exp $ */ /* * Copyright (c) 2022 Claudio Jeker @@ -127,15 +127,15 @@ int knexthop_compare(struct knexthop_node *, struct knexthop_node *); int kredist_compare(struct kredist_node *, struct kredist_node *); int kif_compare(struct kif_node *, struct kif_node *); -struct kroute_node *kroute_find(struct ktable *, in_addr_t, uint8_t, - uint8_t); +struct kroute_node *kroute_find(struct ktable *, const struct bgpd_addr *, + uint8_t, uint8_t); struct kroute_node *kroute_matchgw(struct kroute_node *, struct bgpd_addr *); int kroute_insert(struct ktable *, struct kroute_node *); int kroute_remove(struct ktable *, struct kroute_node *); void kroute_clear(struct ktable *); -struct kroute6_node *kroute6_find(struct ktable *, const struct in6_addr *, +struct kroute6_node *kroute6_find(struct ktable *, const struct bgpd_addr *, uint8_t, uint8_t); struct kroute6_node *kroute6_matchgw(struct kroute6_node *, struct bgpd_addr *); @@ -495,7 +495,7 @@ kr4_change(struct ktable *kt, struct kroute_full *kl) labelid = rtlabel_name2id(kl->label); - if ((kr = kroute_find(kt, kl->prefix.v4.s_addr, kl->prefixlen, + if ((kr = kroute_find(kt, &kl->prefix, kl->prefixlen, RTP_MINE)) != NULL) action = RTM_CHANGE; @@ -553,7 +553,7 @@ kr6_change(struct ktable *kt, struct kroute_full *kl) labelid = rtlabel_name2id(kl->label); - if ((kr6 = kroute6_find(kt, &kl->prefix.v6, kl->prefixlen, + if ((kr6 = kroute6_find(kt, &kl->prefix, kl->prefixlen, RTP_MINE)) != NULL) action = RTM_CHANGE; @@ -626,7 +626,7 @@ krVPN4_change(struct ktable *kt, struct kroute_full *kl) if (kl->flags & (F_BLACKHOLE|F_REJECT)) kl->nexthop.v4.s_addr = htonl(INADDR_LOOPBACK); - if ((kr = kroute_find(kt, kl->prefix.v4.s_addr, kl->prefixlen, + if ((kr = kroute_find(kt, &kl->prefix, kl->prefixlen, RTP_MINE)) != NULL) action = RTM_CHANGE; @@ -700,7 +700,7 @@ krVPN6_change(struct ktable *kt, struct kroute_full *kl) labelid = rtlabel_name2id(kl->label); - if ((kr6 = kroute6_find(kt, &kl->prefix.v6, kl->prefixlen, + if ((kr6 = kroute6_find(kt, &kl->prefix, kl->prefixlen, RTP_MINE)) != NULL) action = RTM_CHANGE; @@ -806,7 +806,7 @@ kr4_delete(struct ktable *kt, struct kroute_full *kl) { struct kroute_node *kr; - if ((kr = kroute_find(kt, kl->prefix.v4.s_addr, kl->prefixlen, + if ((kr = kroute_find(kt, &kl->prefix, kl->prefixlen, RTP_MINE)) == NULL) return (0); @@ -826,7 +826,7 @@ kr6_delete(struct ktable *kt, struct kroute_full *kl) { struct kroute6_node *kr6; - if ((kr6 = kroute6_find(kt, &kl->prefix.v6, kl->prefixlen, + if ((kr6 = kroute6_find(kt, &kl->prefix, kl->prefixlen, RTP_MINE)) == NULL) return (0); @@ -846,7 +846,7 @@ krVPN4_delete(struct ktable *kt, struct kroute_full *kl) { struct kroute_node *kr; - if ((kr = kroute_find(kt, kl->prefix.v4.s_addr, kl->prefixlen, + if ((kr = kroute_find(kt, &kl->prefix, kl->prefixlen, RTP_MINE)) == NULL) return (0); @@ -866,7 +866,7 @@ krVPN6_delete(struct ktable *kt, struct kroute_full *kl) { struct kroute6_node *kr6; - if ((kr6 = kroute6_find(kt, &kl->prefix.v6, kl->prefixlen, + if ((kr6 = kroute6_find(kt, &kl->prefix, kl->prefixlen, RTP_MINE)) == NULL) return (0); @@ -1749,13 +1749,13 @@ kif_compare(struct kif_node *a, struct kif_node *b) */ struct kroute_node * -kroute_find(struct ktable *kt, in_addr_t prefix, uint8_t prefixlen, - uint8_t prio) +kroute_find(struct ktable *kt, const struct bgpd_addr *prefix, + uint8_t prefixlen, uint8_t prio) { struct kroute_node s; struct kroute_node *kn, *tmp; - s.r.prefix.s_addr = prefix; + s.r.prefix = prefix->v4; s.r.prefixlen = prefixlen; s.r.priority = prio; @@ -1904,13 +1904,13 @@ kroute_clear(struct ktable *kt) } struct kroute6_node * -kroute6_find(struct ktable *kt, const struct in6_addr *prefix, +kroute6_find(struct ktable *kt, const struct bgpd_addr *prefix, uint8_t prefixlen, uint8_t prio) { struct kroute6_node s; struct kroute6_node *kn6, *tmp; - memcpy(&s.r.prefix, prefix, sizeof(struct in6_addr)); + s.r.prefix = prefix->v6; s.r.prefixlen = prefixlen; s.r.priority = prio; @@ -2488,21 +2488,16 @@ kroute_match(struct ktable *kt, struct bgpd_addr *key, int matchall) { int i; struct kroute_node *kr; - struct in_addr ina; + struct bgpd_addr masked; /* this will never match the default route */ - for (i = 32; i > 0; i--) { - inet4applymask(&ina, &key->v4, i); - if ((kr = kroute_find(kt, ina.s_addr, i, RTP_ANY)) != NULL) + for (i = 32; i >= 0; i--) { + applymask(&masked, key, i); + if ((kr = kroute_find(kt, &masked, i, RTP_ANY)) != NULL) if (matchall || bgpd_filternexthop(&kr->r, NULL) == 0) return (kr); } - /* so if there is no match yet, lookup the default route */ - if ((kr = kroute_find(kt, 0, 0, RTP_ANY)) != NULL) - if (matchall || bgpd_filternexthop(&kr->r, NULL) == 0) - return (kr); - return (NULL); } @@ -2511,21 +2506,16 @@ kroute6_match(struct ktable *kt, struct bgpd_addr *key, int matchall) { int i; struct kroute6_node *kr6; - struct in6_addr ina; + struct bgpd_addr masked; /* this will never match the default route */ - for (i = 128; i > 0; i--) { - inet6applymask(&ina, &key->v6, i); - if ((kr6 = kroute6_find(kt, &ina, i, RTP_ANY)) != NULL) + for (i = 128; i >= 0; i--) { + applymask(&masked, key, i); + if ((kr6 = kroute6_find(kt, &masked, i, RTP_ANY)) != NULL) if (matchall || bgpd_filternexthop(NULL, &kr6->r) == 0) return (kr6); } - /* so if there is no match yet, lookup the default route */ - if ((kr6 = kroute6_find(kt, &in6addr_any, 0, RTP_ANY)) != NULL) - if (matchall || bgpd_filternexthop(NULL, &kr6->r) == 0) - return (kr6); - return (NULL); } @@ -3467,8 +3457,8 @@ kr_fib_delete(struct ktable *kt, struct kroute_full *kl, int mpath) switch (kl->prefix.aid) { case AID_INET: - if ((kr = kroute_find(kt, kl->prefix.v4.s_addr, - kl->prefixlen, kl->priority)) == NULL) + if ((kr = kroute_find(kt, &kl->prefix, kl->prefixlen, + kl->priority)) == NULL) return (0); if (!(kr->r.flags & F_KERNEL)) return (0); @@ -3485,7 +3475,7 @@ kr_fib_delete(struct ktable *kt, struct kroute_full *kl, int mpath) return (-1); break; case AID_INET6: - if ((kr6 = kroute6_find(kt, &kl->prefix.v6, kl->prefixlen, + if ((kr6 = kroute6_find(kt, &kl->prefix, kl->prefixlen, kl->priority)) == NULL) return (0); if (!(kr6->r.flags & F_KERNEL)) @@ -3519,7 +3509,7 @@ kr_fib_change(struct ktable *kt, struct kroute_full *kl, int type, int mpath) flags = kl->flags; switch (kl->prefix.aid) { case AID_INET: - if ((kr = kroute_find(kt, kl->prefix.v4.s_addr, kl->prefixlen, + if ((kr = kroute_find(kt, &kl->prefix, kl->prefixlen, kl->priority)) != NULL) { if (kr->r.flags & F_KERNEL) { /* get the correct route */ @@ -3599,7 +3589,7 @@ add4: } break; case AID_INET6: - if ((kr6 = kroute6_find(kt, &kl->prefix.v6, kl->prefixlen, + if ((kr6 = kroute6_find(kt, &kl->prefix, kl->prefixlen, kl->priority)) != NULL) { if (kr6->r.flags & F_KERNEL) { /* get the correct route */ diff --git a/usr.sbin/bgpd/session.c b/usr.sbin/bgpd/session.c index baff7931627..1bb784a3b6f 100644 --- a/usr.sbin/bgpd/session.c +++ b/usr.sbin/bgpd/session.c @@ -1,4 +1,4 @@ -/* $OpenBSD: session.c,v 1.427 2022/02/23 11:20:35 claudio Exp $ */ +/* $OpenBSD: session.c,v 1.428 2022/06/19 10:30:10 claudio Exp $ */ /* * Copyright (c) 2003, 2004, 2005 Henning Brauer @@ -3382,23 +3382,11 @@ session_template_clone(struct peer *p, struct sockaddr *ip, uint32_t id, int session_match_mask(struct peer *p, struct bgpd_addr *a) { - struct in_addr v4masked; - struct in6_addr v6masked; + struct bgpd_addr masked; - switch (p->conf.remote_addr.aid) { - case AID_INET: - inet4applymask(&v4masked, &a->v4, p->conf.remote_masklen); - if (p->conf.remote_addr.v4.s_addr == v4masked.s_addr) - return (1); - return (0); - case AID_INET6: - inet6applymask(&v6masked, &a->v6, p->conf.remote_masklen); - - if (memcmp(&v6masked, &p->conf.remote_addr.v6, - sizeof(v6masked)) == 0) - return (1); - return (0); - } + applymask(&masked, a, p->conf.remote_masklen); + if (memcmp(&masked, &p->conf.remote_addr, sizeof(masked)) == 0) + return (1); return (0); } diff --git a/usr.sbin/bgpd/util.c b/usr.sbin/bgpd/util.c index 414f70ed766..c84b502c00f 100644 --- a/usr.sbin/bgpd/util.c +++ b/usr.sbin/bgpd/util.c @@ -1,4 +1,4 @@ -/* $OpenBSD: util.c,v 1.65 2022/06/17 09:12:06 claudio Exp $ */ +/* $OpenBSD: util.c,v 1.66 2022/06/19 10:30:10 claudio Exp $ */ /* * Copyright (c) 2006 Claudio Jeker @@ -783,6 +783,22 @@ inet6applymask(struct in6_addr *dest, const struct in6_addr *src, int prefixlen) dest->s6_addr[i] = src->s6_addr[i] & mask.s6_addr[i]; } +void +applymask(struct bgpd_addr *dest, const struct bgpd_addr *src, int prefixlen) +{ + *dest = *src; + switch (src->aid) { + case AID_INET: + case AID_VPN_IPv4: + inet4applymask(&dest->v4, &src->v4, prefixlen); + break; + case AID_INET6: + case AID_VPN_IPv6: + inet6applymask(&dest->v6, &src->v6, prefixlen); + break; + } +} + /* address family translation functions */ const struct aid aid_vals[AID_MAX] = AID_VALS; -- 2.20.1