1 /* $OpenBSD: packet.c,v 1.62 2016/06/13 20:13:34 renato Exp $ */ 2 3 /* 4 * Copyright (c) 2013, 2016 Renato Westphal <renato@openbsd.org> 5 * Copyright (c) 2009 Michele Marchetto <michele@openbsd.org> 6 * Copyright (c) 2004, 2005, 2008 Esben Norby <norby@openbsd.org> 7 * 8 * Permission to use, copy, modify, and distribute this software for any 9 * purpose with or without fee is hereby granted, provided that the above 10 * copyright notice and this permission notice appear in all copies. 11 * 12 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 13 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 14 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 15 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 16 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 17 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 18 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 19 */ 20 21 #include <sys/types.h> 22 #include <netinet/in.h> 23 #include <netinet/tcp.h> 24 #include <arpa/inet.h> 25 #include <net/if_dl.h> 26 #include <unistd.h> 27 #include <errno.h> 28 #include <stdlib.h> 29 #include <string.h> 30 31 #include "ldpd.h" 32 #include "ldpe.h" 33 #include "log.h" 34 35 static struct iface *disc_find_iface(unsigned int, int, 36 union ldpd_addr *, int); 37 static void session_read(int, short, void *); 38 static void session_write(int, short, void *); 39 static ssize_t session_get_pdu(struct ibuf_read *, char **); 40 static void tcp_close(struct tcp_conn *); 41 static struct pending_conn *pending_conn_new(int, int, union ldpd_addr *); 42 static void pending_conn_timeout(int, short, void *); 43 44 int 45 gen_ldp_hdr(struct ibuf *buf, uint16_t size) 46 { 47 struct ldp_hdr ldp_hdr; 48 49 memset(&ldp_hdr, 0, sizeof(ldp_hdr)); 50 ldp_hdr.version = htons(LDP_VERSION); 51 /* exclude the 'Version' and 'PDU Length' fields from the total */ 52 ldp_hdr.length = htons(size - LDP_HDR_DEAD_LEN); 53 ldp_hdr.lsr_id = leconf->rtr_id.s_addr; 54 ldp_hdr.lspace_id = 0; 55 56 return (ibuf_add(buf, &ldp_hdr, LDP_HDR_SIZE)); 57 } 58 59 int 60 gen_msg_hdr(struct ibuf *buf, uint32_t type, uint16_t size) 61 { 62 static int msgcnt = 0; 63 struct ldp_msg msg; 64 65 memset(&msg, 0, sizeof(msg)); 66 msg.type = htons(type); 67 /* exclude the 'Type' and 'Length' fields from the total */ 68 msg.length = htons(size - LDP_MSG_DEAD_LEN); 69 msg.msgid = htonl(++msgcnt); 70 71 return (ibuf_add(buf, &msg, sizeof(msg))); 72 } 73 74 /* send packets */ 75 int 76 send_packet(int fd, int af, union ldpd_addr *dst, struct iface_af *ia, 77 void *pkt, size_t len) 78 { 79 struct sockaddr *sa; 80 81 switch (af) { 82 case AF_INET: 83 if (ia && IN_MULTICAST(ntohl(dst->v4.s_addr))) { 84 /* set outgoing interface for multicast traffic */ 85 if (sock_set_ipv4_mcast(ia->iface) == -1) { 86 log_debug("%s: error setting multicast " 87 "interface, %s", __func__, ia->iface->name); 88 return (-1); 89 } 90 } 91 break; 92 case AF_INET6: 93 if (ia && IN6_IS_ADDR_MULTICAST(&dst->v6)) { 94 /* set outgoing interface for multicast traffic */ 95 if (sock_set_ipv6_mcast(ia->iface) == -1) { 96 log_debug("%s: error setting multicast " 97 "interface, %s", __func__, ia->iface->name); 98 return (-1); 99 } 100 } 101 break; 102 default: 103 fatalx("send_packet: unknown af"); 104 } 105 106 sa = addr2sa(af, dst, LDP_PORT); 107 if (sendto(fd, pkt, len, 0, sa, sa->sa_len) == -1) { 108 log_warn("%s: error sending packet to %s", __func__, 109 log_sockaddr(sa)); 110 return (-1); 111 } 112 113 return (0); 114 } 115 116 /* Discovery functions */ 117 #define CMSG_MAXLEN max(sizeof(struct sockaddr_dl), sizeof(struct in6_pktinfo)) 118 void 119 disc_recv_packet(int fd, short event, void *bula) 120 { 121 union { 122 struct cmsghdr hdr; 123 char buf[CMSG_SPACE(CMSG_MAXLEN)]; 124 } cmsgbuf; 125 struct msghdr msg; 126 struct sockaddr_storage from; 127 struct iovec iov; 128 char *buf; 129 struct cmsghdr *cmsg; 130 ssize_t r; 131 int multicast; 132 int af; 133 union ldpd_addr src; 134 unsigned int ifindex = 0; 135 struct iface *iface; 136 uint16_t len; 137 struct ldp_hdr ldp_hdr; 138 uint16_t pdu_len; 139 struct ldp_msg ldp_msg; 140 uint16_t msg_len; 141 struct in_addr lsr_id; 142 143 if (event != EV_READ) 144 return; 145 146 /* setup buffer */ 147 memset(&msg, 0, sizeof(msg)); 148 iov.iov_base = buf = pkt_ptr; 149 iov.iov_len = IBUF_READ_SIZE; 150 msg.msg_name = &from; 151 msg.msg_namelen = sizeof(from); 152 msg.msg_iov = &iov; 153 msg.msg_iovlen = 1; 154 msg.msg_control = &cmsgbuf.buf; 155 msg.msg_controllen = sizeof(cmsgbuf.buf); 156 157 if ((r = recvmsg(fd, &msg, 0)) == -1) { 158 if (errno != EAGAIN && errno != EINTR) 159 log_debug("%s: read error: %s", __func__, 160 strerror(errno)); 161 return; 162 } 163 164 multicast = (msg.msg_flags & MSG_MCAST) ? 1 : 0; 165 sa2addr((struct sockaddr *)&from, &af, &src); 166 if (bad_addr(af, &src)) { 167 log_debug("%s: invalid source address: %s", __func__, 168 log_addr(af, &src)); 169 return; 170 } 171 172 for (cmsg = CMSG_FIRSTHDR(&msg); cmsg != NULL; 173 cmsg = CMSG_NXTHDR(&msg, cmsg)) { 174 if (af == AF_INET && cmsg->cmsg_level == IPPROTO_IP && 175 cmsg->cmsg_type == IP_RECVIF) { 176 ifindex = ((struct sockaddr_dl *) 177 CMSG_DATA(cmsg))->sdl_index; 178 break; 179 } 180 if (af == AF_INET6 && cmsg->cmsg_level == IPPROTO_IPV6 && 181 cmsg->cmsg_type == IPV6_PKTINFO) { 182 ifindex = ((struct in6_pktinfo *) 183 CMSG_DATA(cmsg))->ipi6_ifindex; 184 break; 185 } 186 } 187 188 /* find a matching interface */ 189 iface = disc_find_iface(ifindex, af, &src, multicast); 190 if (iface == NULL) 191 return; 192 193 /* check packet size */ 194 len = (uint16_t)r; 195 if (len < (LDP_HDR_SIZE + LDP_MSG_SIZE) || len > LDP_MAX_LEN) { 196 log_debug("%s: bad packet size, source %s", __func__, 197 log_addr(af, &src)); 198 return; 199 } 200 201 /* LDP header sanity checks */ 202 memcpy(&ldp_hdr, buf, sizeof(ldp_hdr)); 203 if (ntohs(ldp_hdr.version) != LDP_VERSION) { 204 log_debug("%s: invalid LDP version %d, source %s", __func__, 205 ntohs(ldp_hdr.version), log_addr(af, &src)); 206 return; 207 } 208 if (ntohs(ldp_hdr.lspace_id) != 0) { 209 log_debug("%s: invalid label space %u, source %s", __func__, 210 ntohs(ldp_hdr.lspace_id), log_addr(af, &src)); 211 return; 212 } 213 /* check "PDU Length" field */ 214 pdu_len = ntohs(ldp_hdr.length); 215 if ((pdu_len < (LDP_HDR_PDU_LEN + LDP_MSG_SIZE)) || 216 (pdu_len > (len - LDP_HDR_DEAD_LEN))) { 217 log_debug("%s: invalid LDP packet length %u, source %s", 218 __func__, ntohs(ldp_hdr.length), log_addr(af, &src)); 219 return; 220 } 221 buf += LDP_HDR_SIZE; 222 len -= LDP_HDR_SIZE; 223 224 lsr_id.s_addr = ldp_hdr.lsr_id; 225 226 /* 227 * For UDP, we process only the first message of each packet. This does 228 * not impose any restrictions since LDP uses UDP only for sending Hello 229 * packets. 230 */ 231 memcpy(&ldp_msg, buf, sizeof(ldp_msg)); 232 233 /* check "Message Length" field */ 234 msg_len = ntohs(ldp_msg.length); 235 if (msg_len < LDP_MSG_LEN || ((msg_len + LDP_MSG_DEAD_LEN) > pdu_len)) { 236 log_debug("%s: invalid LDP message length %u, source %s", 237 __func__, ntohs(ldp_msg.length), log_addr(af, &src)); 238 return; 239 } 240 buf += LDP_MSG_SIZE; 241 len -= LDP_MSG_SIZE; 242 243 /* switch LDP packet type */ 244 switch (ntohs(ldp_msg.type)) { 245 case MSG_TYPE_HELLO: 246 recv_hello(lsr_id, &ldp_msg, af, &src, iface, multicast, 247 buf, len); 248 break; 249 default: 250 log_debug("%s: unknown LDP packet type, source %s", __func__, 251 log_addr(af, &src)); 252 } 253 } 254 255 static struct iface * 256 disc_find_iface(unsigned int ifindex, int af, union ldpd_addr *src, 257 int multicast) 258 { 259 struct iface *iface; 260 struct iface_af *ia; 261 struct if_addr *if_addr; 262 in_addr_t mask; 263 264 iface = if_lookup(leconf, ifindex); 265 if (iface == NULL) 266 return (NULL); 267 268 /* 269 * For unicast packets, we just need to make sure that the interface 270 * is enabled for the given address-family. 271 */ 272 if (!multicast) { 273 ia = iface_af_get(iface, af); 274 if (ia->enabled) 275 return (iface); 276 return (NULL); 277 } 278 279 switch (af) { 280 case AF_INET: 281 LIST_FOREACH(if_addr, &iface->addr_list, entry) { 282 if (if_addr->af != AF_INET) 283 continue; 284 285 switch (iface->type) { 286 case IF_TYPE_POINTOPOINT: 287 if (if_addr->dstbrd.v4.s_addr == src->v4.s_addr) 288 return (iface); 289 break; 290 default: 291 mask = prefixlen2mask(if_addr->prefixlen); 292 if ((if_addr->addr.v4.s_addr & mask) == 293 (src->v4.s_addr & mask)) 294 return (iface); 295 break; 296 } 297 } 298 break; 299 case AF_INET6: 300 if (IN6_IS_ADDR_LINKLOCAL(&src->v6)) 301 return (iface); 302 break; 303 default: 304 fatalx("disc_find_iface: unknown af"); 305 } 306 307 return (NULL); 308 } 309 310 void 311 session_accept(int fd, short event, void *bula) 312 { 313 struct sockaddr_storage src; 314 socklen_t len = sizeof(src); 315 int newfd; 316 int af; 317 union ldpd_addr addr; 318 struct nbr *nbr; 319 struct pending_conn *pconn; 320 321 if (!(event & EV_READ)) 322 return; 323 324 newfd = accept4(fd, (struct sockaddr *)&src, &len, 325 SOCK_NONBLOCK | SOCK_CLOEXEC); 326 if (newfd == -1) { 327 /* 328 * Pause accept if we are out of file descriptors, or 329 * libevent will haunt us here too. 330 */ 331 if (errno == ENFILE || errno == EMFILE) { 332 accept_pause(); 333 } else if (errno != EWOULDBLOCK && errno != EINTR && 334 errno != ECONNABORTED) 335 log_debug("%s: accept error: %s", __func__, 336 strerror(errno)); 337 return; 338 } 339 340 sa2addr((struct sockaddr *)&src, &af, &addr); 341 342 /* 343 * Since we don't support label spaces, we can identify this neighbor 344 * just by its source address. This way we don't need to wait for its 345 * Initialization message to know who we are talking to. 346 */ 347 nbr = nbr_find_addr(af, &addr); 348 if (nbr == NULL) { 349 /* 350 * According to RFC 5036, we would need to send a No Hello 351 * Error Notification message and close this TCP connection 352 * right now. But doing so would trigger the backoff exponential 353 * timer in the remote peer, which would considerably slow down 354 * the session establishment process. The trick here is to wait 355 * five seconds before sending the Notification Message. There's 356 * a good chance that the remote peer will send us a Hello 357 * message within this interval, so it's worth waiting before 358 * taking a more drastic measure. 359 */ 360 pconn = pending_conn_find(af, &addr); 361 if (pconn) 362 close(newfd); 363 else 364 pending_conn_new(newfd, af, &addr); 365 return; 366 } 367 /* protection against buggy implementations */ 368 if (nbr_session_active_role(nbr)) { 369 close(newfd); 370 return; 371 } 372 if (nbr->state != NBR_STA_PRESENT) { 373 log_debug("%s: lsr-id %s: rejecting additional transport " 374 "connection", __func__, inet_ntoa(nbr->id)); 375 close(newfd); 376 return; 377 } 378 379 session_accept_nbr(nbr, newfd); 380 } 381 382 void 383 session_accept_nbr(struct nbr *nbr, int fd) 384 { 385 struct nbr_params *nbrp; 386 int opt; 387 socklen_t len; 388 389 nbrp = nbr_params_find(leconf, nbr->id); 390 if (nbrp && nbrp->auth.method == AUTH_MD5SIG) { 391 if (sysdep.no_pfkey || sysdep.no_md5sig) { 392 log_warnx("md5sig configured but not available"); 393 close(fd); 394 return; 395 } 396 397 len = sizeof(opt); 398 if (getsockopt(fd, IPPROTO_TCP, TCP_MD5SIG, &opt, &len) == -1) 399 fatal("getsockopt TCP_MD5SIG"); 400 if (!opt) { /* non-md5'd connection! */ 401 log_warnx("connection attempt without md5 signature"); 402 close(fd); 403 return; 404 } 405 } 406 407 nbr->tcp = tcp_new(fd, nbr); 408 nbr_fsm(nbr, NBR_EVT_MATCH_ADJ); 409 } 410 411 static void 412 session_read(int fd, short event, void *arg) 413 { 414 struct nbr *nbr = arg; 415 struct tcp_conn *tcp = nbr->tcp; 416 struct ldp_hdr *ldp_hdr; 417 struct ldp_msg *ldp_msg; 418 char *buf, *pdu; 419 ssize_t n, len; 420 uint16_t pdu_len, msg_len, msg_size, max_pdu_len; 421 int ret; 422 423 if (event != EV_READ) 424 return; 425 426 if ((n = read(fd, tcp->rbuf->buf + tcp->rbuf->wpos, 427 sizeof(tcp->rbuf->buf) - tcp->rbuf->wpos)) == -1) { 428 if (errno != EINTR && errno != EAGAIN) { 429 log_warn("%s: read error", __func__); 430 nbr_fsm(nbr, NBR_EVT_CLOSE_SESSION); 431 return; 432 } 433 /* retry read */ 434 return; 435 } 436 if (n == 0) { 437 /* connection closed */ 438 log_debug("%s: connection closed by remote end", __func__); 439 nbr_fsm(nbr, NBR_EVT_CLOSE_SESSION); 440 return; 441 } 442 tcp->rbuf->wpos += n; 443 444 while ((len = session_get_pdu(tcp->rbuf, &buf)) > 0) { 445 pdu = buf; 446 ldp_hdr = (struct ldp_hdr *)pdu; 447 if (ntohs(ldp_hdr->version) != LDP_VERSION) { 448 session_shutdown(nbr, S_BAD_PROTO_VER, 0, 0); 449 free(buf); 450 return; 451 } 452 453 pdu_len = ntohs(ldp_hdr->length); 454 /* 455 * RFC 5036 - Section 3.5.3: 456 * "Prior to completion of the negotiation, the maximum 457 * allowable length is 4096 bytes". 458 */ 459 if (nbr->state == NBR_STA_OPER) 460 max_pdu_len = nbr->max_pdu_len; 461 else 462 max_pdu_len = LDP_MAX_LEN; 463 if (pdu_len < (LDP_HDR_PDU_LEN + LDP_MSG_SIZE) || 464 pdu_len > max_pdu_len) { 465 session_shutdown(nbr, S_BAD_PDU_LEN, 0, 0); 466 free(buf); 467 return; 468 } 469 pdu_len -= LDP_HDR_PDU_LEN; 470 471 if (ldp_hdr->lsr_id != nbr->id.s_addr || 472 ldp_hdr->lspace_id != 0) { 473 session_shutdown(nbr, S_BAD_LDP_ID, 0, 0); 474 free(buf); 475 return; 476 } 477 478 pdu += LDP_HDR_SIZE; 479 len -= LDP_HDR_SIZE; 480 481 if (nbr->state == NBR_STA_OPER) 482 nbr_fsm(nbr, NBR_EVT_PDU_RCVD); 483 484 while (len >= LDP_MSG_SIZE) { 485 uint16_t type; 486 487 ldp_msg = (struct ldp_msg *)pdu; 488 type = ntohs(ldp_msg->type); 489 msg_len = ntohs(ldp_msg->length); 490 msg_size = msg_len + LDP_MSG_DEAD_LEN; 491 if (msg_len < LDP_MSG_LEN || msg_size > pdu_len) { 492 session_shutdown(nbr, S_BAD_TLV_LEN, 493 ldp_msg->msgid, ldp_msg->type); 494 free(buf); 495 return; 496 } 497 pdu_len -= msg_size; 498 499 /* check for error conditions earlier */ 500 switch (type) { 501 case MSG_TYPE_INIT: 502 if ((nbr->state != NBR_STA_INITIAL) && 503 (nbr->state != NBR_STA_OPENSENT)) { 504 session_shutdown(nbr, S_SHUTDOWN, 505 ldp_msg->msgid, ldp_msg->type); 506 free(buf); 507 return; 508 } 509 break; 510 case MSG_TYPE_KEEPALIVE: 511 if ((nbr->state == NBR_STA_INITIAL) || 512 (nbr->state == NBR_STA_OPENSENT)) { 513 session_shutdown(nbr, S_SHUTDOWN, 514 ldp_msg->msgid, ldp_msg->type); 515 free(buf); 516 return; 517 } 518 break; 519 case MSG_TYPE_ADDR: 520 case MSG_TYPE_ADDRWITHDRAW: 521 case MSG_TYPE_LABELMAPPING: 522 case MSG_TYPE_LABELREQUEST: 523 case MSG_TYPE_LABELWITHDRAW: 524 case MSG_TYPE_LABELRELEASE: 525 case MSG_TYPE_LABELABORTREQ: 526 if (nbr->state != NBR_STA_OPER) { 527 session_shutdown(nbr, S_SHUTDOWN, 528 ldp_msg->msgid, ldp_msg->type); 529 free(buf); 530 return; 531 } 532 break; 533 default: 534 break; 535 } 536 537 /* switch LDP packet type */ 538 switch (type) { 539 case MSG_TYPE_NOTIFICATION: 540 ret = recv_notification(nbr, pdu, msg_size); 541 break; 542 case MSG_TYPE_INIT: 543 ret = recv_init(nbr, pdu, msg_size); 544 break; 545 case MSG_TYPE_KEEPALIVE: 546 ret = recv_keepalive(nbr, pdu, msg_size); 547 break; 548 case MSG_TYPE_ADDR: 549 case MSG_TYPE_ADDRWITHDRAW: 550 ret = recv_address(nbr, pdu, msg_size); 551 break; 552 case MSG_TYPE_LABELMAPPING: 553 case MSG_TYPE_LABELREQUEST: 554 case MSG_TYPE_LABELWITHDRAW: 555 case MSG_TYPE_LABELRELEASE: 556 case MSG_TYPE_LABELABORTREQ: 557 ret = recv_labelmessage(nbr, pdu, msg_size, 558 type); 559 break; 560 default: 561 log_debug("%s: unknown LDP message from nbr %s", 562 __func__, inet_ntoa(nbr->id)); 563 if (!(ntohs(ldp_msg->type) & UNKNOWN_FLAG)) 564 send_notification_nbr(nbr, 565 S_UNKNOWN_MSG, ldp_msg->msgid, 566 ldp_msg->type); 567 /* ignore the message */ 568 ret = 0; 569 break; 570 } 571 572 if (ret == -1) { 573 /* parser failed, giving up */ 574 free(buf); 575 return; 576 } 577 578 /* Analyse the next message */ 579 pdu += msg_size; 580 len -= msg_size; 581 } 582 free(buf); 583 if (len != 0) { 584 session_shutdown(nbr, S_BAD_PDU_LEN, 0, 0); 585 return; 586 } 587 } 588 } 589 590 static void 591 session_write(int fd, short event, void *arg) 592 { 593 struct tcp_conn *tcp = arg; 594 struct nbr *nbr = tcp->nbr; 595 596 if (!(event & EV_WRITE)) 597 return; 598 599 if (msgbuf_write(&tcp->wbuf.wbuf) <= 0) 600 if (errno != EAGAIN && nbr) 601 nbr_fsm(nbr, NBR_EVT_CLOSE_SESSION); 602 603 if (nbr == NULL && !tcp->wbuf.wbuf.queued) { 604 /* 605 * We are done sending the notification message, now we can 606 * close the socket. 607 */ 608 tcp_close(tcp); 609 return; 610 } 611 612 evbuf_event_add(&tcp->wbuf); 613 } 614 615 void 616 session_shutdown(struct nbr *nbr, uint32_t status, uint32_t msgid, 617 uint32_t type) 618 { 619 switch (nbr->state) { 620 case NBR_STA_PRESENT: 621 if (nbr_pending_connect(nbr)) 622 event_del(&nbr->ev_connect); 623 break; 624 case NBR_STA_INITIAL: 625 case NBR_STA_OPENREC: 626 case NBR_STA_OPENSENT: 627 case NBR_STA_OPER: 628 log_debug("%s: lsr-id %s", __func__, inet_ntoa(nbr->id)); 629 630 send_notification_nbr(nbr, status, msgid, type); 631 632 /* try to flush write buffer, if it fails tough shit */ 633 msgbuf_write(&nbr->tcp->wbuf.wbuf); 634 635 nbr_fsm(nbr, NBR_EVT_CLOSE_SESSION); 636 break; 637 default: 638 fatalx("session_shutdown: unknown neighbor state"); 639 } 640 } 641 642 void 643 session_close(struct nbr *nbr) 644 { 645 log_debug("%s: closing session with lsr-id %s", __func__, 646 inet_ntoa(nbr->id)); 647 648 tcp_close(nbr->tcp); 649 nbr_stop_ktimer(nbr); 650 nbr_stop_ktimeout(nbr); 651 } 652 653 static ssize_t 654 session_get_pdu(struct ibuf_read *r, char **b) 655 { 656 struct ldp_hdr l; 657 size_t av, dlen, left; 658 659 av = r->wpos; 660 if (av < sizeof(l)) 661 return (0); 662 663 memcpy(&l, r->buf, sizeof(l)); 664 dlen = ntohs(l.length) + LDP_HDR_DEAD_LEN; 665 if (dlen > av) 666 return (0); 667 668 if ((*b = malloc(dlen)) == NULL) 669 return (-1); 670 671 memcpy(*b, r->buf, dlen); 672 if (dlen < av) { 673 left = av - dlen; 674 memmove(r->buf, r->buf + dlen, left); 675 r->wpos = left; 676 } else 677 r->wpos = 0; 678 679 return (dlen); 680 } 681 682 struct tcp_conn * 683 tcp_new(int fd, struct nbr *nbr) 684 { 685 struct tcp_conn *tcp; 686 687 if ((tcp = calloc(1, sizeof(*tcp))) == NULL) 688 fatal(__func__); 689 690 tcp->fd = fd; 691 evbuf_init(&tcp->wbuf, tcp->fd, session_write, tcp); 692 693 if (nbr) { 694 if ((tcp->rbuf = calloc(1, sizeof(struct ibuf_read))) == NULL) 695 fatal(__func__); 696 697 event_set(&tcp->rev, tcp->fd, EV_READ | EV_PERSIST, 698 session_read, nbr); 699 event_add(&tcp->rev, NULL); 700 tcp->nbr = nbr; 701 } 702 703 return (tcp); 704 } 705 706 static void 707 tcp_close(struct tcp_conn *tcp) 708 { 709 evbuf_clear(&tcp->wbuf); 710 711 if (tcp->nbr) { 712 event_del(&tcp->rev); 713 free(tcp->rbuf); 714 tcp->nbr->tcp = NULL; 715 } 716 717 close(tcp->fd); 718 accept_unpause(); 719 free(tcp); 720 } 721 722 static struct pending_conn * 723 pending_conn_new(int fd, int af, union ldpd_addr *addr) 724 { 725 struct pending_conn *pconn; 726 struct timeval tv; 727 728 if ((pconn = calloc(1, sizeof(*pconn))) == NULL) 729 fatal(__func__); 730 731 pconn->fd = fd; 732 pconn->af = af; 733 pconn->addr = *addr; 734 evtimer_set(&pconn->ev_timeout, pending_conn_timeout, pconn); 735 TAILQ_INSERT_TAIL(&global.pending_conns, pconn, entry); 736 737 timerclear(&tv); 738 tv.tv_sec = PENDING_CONN_TIMEOUT; 739 if (evtimer_add(&pconn->ev_timeout, &tv) == -1) 740 fatal(__func__); 741 742 return (pconn); 743 } 744 745 void 746 pending_conn_del(struct pending_conn *pconn) 747 { 748 if (evtimer_pending(&pconn->ev_timeout, NULL) && 749 evtimer_del(&pconn->ev_timeout) == -1) 750 fatal(__func__); 751 752 TAILQ_REMOVE(&global.pending_conns, pconn, entry); 753 free(pconn); 754 } 755 756 struct pending_conn * 757 pending_conn_find(int af, union ldpd_addr *addr) 758 { 759 struct pending_conn *pconn; 760 761 TAILQ_FOREACH(pconn, &global.pending_conns, entry) 762 if (af == pconn->af && 763 ldp_addrcmp(af, addr, &pconn->addr) == 0) 764 return (pconn); 765 766 return (NULL); 767 } 768 769 static void 770 pending_conn_timeout(int fd, short event, void *arg) 771 { 772 struct pending_conn *pconn = arg; 773 struct tcp_conn *tcp; 774 775 log_debug("%s: no adjacency with remote end: %s", __func__, 776 log_addr(pconn->af, &pconn->addr)); 777 778 /* 779 * Create a write buffer detached from any neighbor to send a 780 * notification message reliably. 781 */ 782 tcp = tcp_new(pconn->fd, NULL); 783 send_notification(S_NO_HELLO, tcp, 0, 0); 784 msgbuf_write(&tcp->wbuf.wbuf); 785 786 pending_conn_del(pconn); 787 } 788