github.com/osrg/gobgp/v3@v3.30.0/pkg/server/sockopt_linux.go (about) 1 // Copyright (C) 2016 Nippon Telegraph and Telephone Corporation. 2 // 3 // Licensed under the Apache License, Version 2.0 (the "License"); 4 // you may not use this file except in compliance with the License. 5 // You may obtain a copy of the License at 6 // 7 // http://www.apache.org/licenses/LICENSE-2.0 8 // 9 // Unless required by applicable law or agreed to in writing, software 10 // distributed under the License is distributed on an "AS IS" BASIS, 11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 12 // implied. 13 // See the License for the specific language governing permissions and 14 // limitations under the License. 15 //go:build linux 16 // +build linux 17 18 package server 19 20 import ( 21 "fmt" 22 "net" 23 "os" 24 "strings" 25 "syscall" 26 27 "golang.org/x/sys/unix" 28 29 "github.com/osrg/gobgp/v3/pkg/log" 30 ) 31 32 const ( 33 ipv6MinHopCount = 73 // Generalized TTL Security Mechanism (RFC5082) 34 ) 35 36 func buildTcpMD5Sig(address, key string) *unix.TCPMD5Sig { 37 t := unix.TCPMD5Sig{} 38 39 var addr net.IP 40 if strings.Contains(address, "/") { 41 var err error 42 var ipnet *net.IPNet 43 addr, ipnet, err = net.ParseCIDR(address) 44 if err != nil { 45 return nil 46 } 47 prefixlen, _ := ipnet.Mask.Size() 48 t.Prefixlen = uint8(prefixlen) 49 t.Flags = unix.TCP_MD5SIG_FLAG_PREFIX 50 } else { 51 addr = net.ParseIP(address) 52 } 53 54 if addr.To4() != nil { 55 t.Addr.Family = unix.AF_INET 56 copy(t.Addr.Data[2:], addr.To4()) 57 } else { 58 t.Addr.Family = unix.AF_INET6 59 copy(t.Addr.Data[6:], addr.To16()) 60 } 61 62 t.Keylen = uint16(len(key)) 63 copy(t.Key[0:], []byte(key)) 64 65 return &t 66 } 67 68 func setTCPMD5SigSockopt(l *net.TCPListener, address string, key string) error { 69 sc, err := l.SyscallConn() 70 if err != nil { 71 return err 72 } 73 74 var sockerr error 75 t := buildTcpMD5Sig(address, key) 76 if t == nil { 77 return fmt.Errorf("unable to generate TcpMD5Sig from %s", address) 78 } 79 if err := sc.Control(func(s uintptr) { 80 opt := unix.TCP_MD5SIG 81 82 if t.Prefixlen != 0 { 83 opt = unix.TCP_MD5SIG_EXT 84 } 85 86 sockerr = unix.SetsockoptTCPMD5Sig(int(s), unix.IPPROTO_TCP, opt, t) 87 }); err != nil { 88 return err 89 } 90 return sockerr 91 } 92 93 func setBindToDevSockopt(sc syscall.RawConn, device string) error { 94 return setsockOptString(sc, syscall.SOL_SOCKET, syscall.SO_BINDTODEVICE, device) 95 } 96 97 func setTCPTTLSockopt(conn *net.TCPConn, ttl int) error { 98 family := extractFamilyFromTCPConn(conn) 99 sc, err := conn.SyscallConn() 100 if err != nil { 101 return err 102 } 103 return setsockoptIpTtl(sc, family, ttl) 104 } 105 106 func setTCPMinTTLSockopt(conn *net.TCPConn, ttl int) error { 107 family := extractFamilyFromTCPConn(conn) 108 sc, err := conn.SyscallConn() 109 if err != nil { 110 return err 111 } 112 level := syscall.IPPROTO_IP 113 name := syscall.IP_MINTTL 114 if family == syscall.AF_INET6 { 115 level = syscall.IPPROTO_IPV6 116 name = ipv6MinHopCount 117 } 118 return setsockOptInt(sc, level, name, ttl) 119 } 120 121 func setTCPMSSSockopt(conn *net.TCPConn, mss uint16) error { 122 family := extractFamilyFromTCPConn(conn) 123 sc, err := conn.SyscallConn() 124 if err != nil { 125 return err 126 } 127 return setsockoptTcpMss(sc, family, mss) 128 } 129 130 func dialerControl(logger log.Logger, network, address string, c syscall.RawConn, ttl, minTtl uint8, mss uint16, password string, bindInterface string) error { 131 family := syscall.AF_INET 132 raddr, _ := net.ResolveTCPAddr("tcp", address) 133 if raddr.IP.To4() == nil { 134 family = syscall.AF_INET6 135 } 136 137 var sockerr error 138 if password != "" { 139 addr, _, _ := net.SplitHostPort(address) 140 t := buildTcpMD5Sig(addr, password) 141 if err := c.Control(func(fd uintptr) { 142 sockerr = os.NewSyscallError("setsockopt", unix.SetsockoptTCPMD5Sig(int(fd), unix.IPPROTO_TCP, unix.TCP_MD5SIG, t)) 143 }); err != nil { 144 return err 145 } 146 if sockerr != nil { 147 return sockerr 148 } 149 } 150 151 if ttl != 0 { 152 if err := c.Control(func(fd uintptr) { 153 level := syscall.IPPROTO_IP 154 name := syscall.IP_TTL 155 if family == syscall.AF_INET6 { 156 level = syscall.IPPROTO_IPV6 157 name = syscall.IPV6_UNICAST_HOPS 158 } 159 sockerr = os.NewSyscallError("setsockopt", syscall.SetsockoptInt(int(fd), level, name, int(ttl))) 160 }); err != nil { 161 return err 162 } 163 if sockerr != nil { 164 return sockerr 165 } 166 } 167 168 if minTtl != 0 { 169 if err := c.Control(func(fd uintptr) { 170 level := syscall.IPPROTO_IP 171 name := syscall.IP_MINTTL 172 if family == syscall.AF_INET6 { 173 level = syscall.IPPROTO_IPV6 174 name = ipv6MinHopCount 175 } 176 sockerr = os.NewSyscallError("setsockopt", syscall.SetsockoptInt(int(fd), level, name, int(minTtl))) 177 }); err != nil { 178 return err 179 } 180 if sockerr != nil { 181 return sockerr 182 } 183 } 184 185 if mss != 0 { 186 if err := c.Control(func(fd uintptr) { 187 level := syscall.IPPROTO_TCP 188 name := syscall.TCP_MAXSEG 189 sockerr = os.NewSyscallError("setsockopt", syscall.SetsockoptInt(int(fd), level, name, int(mss))) 190 }); err != nil { 191 return err 192 } 193 if sockerr != nil { 194 return sockerr 195 } 196 } 197 198 if bindInterface != "" { 199 if err := setBindToDevSockopt(c, bindInterface); err != nil { 200 return err 201 } 202 } 203 return nil 204 }