On Wed, Dec 29, 2021 at 06:11:32PM +0100, Alexander Zubkov wrote: > Yes, probably it is ok to use it by default, at least in our case we > use it always-on (as in attached patch). Only in this case it may be > better to lower the log level for it then for the cases when it does > not work. > With default on there may be cases when someone will be surprised to > see the bird listening on nonexistent address in netstat. And may be > someone has some sort of security concerns with it, then please speak > now or forever hold your peace. :)
Thanks, merged (the first patch). After all, i make it 'free bind' BGP option, disabled by default [*], applying SKF_FREEBIND to the listening socket. But your second patch enabled SKF_FREEBIND for both listening and active socket, i see reasons for listening one, but why to do it for the active socket (in bgp_connect())? [*] commit 60e9def9ef7b5d16f868b0fb4ab1192d59fd7541 > I looked a bit about the FreeBSD, but there are different options for > it and it can probably be disabled with sysctl there. So I thought it > would be better if some people with more FreeBSD (or other *BSD) > experience updated this part later. Yes, after some research it seems that it is not an equivalent option. > diff --git a/proto/bgp/bgp.c b/proto/bgp/bgp.c > index e4d754b1..5d985e25 100644 > --- a/proto/bgp/bgp.c > +++ b/proto/bgp/bgp.c > @@ -180,7 +180,7 @@ bgp_open(struct bgp_proto *p) > sk->sport = port; > sk->iface = ifa; > sk->vrf = p->p.vrf; > - sk->flags = 0; > + sk->flags = SKF_FREEBIND; > sk->tos = IP_PREC_INTERNET_CONTROL; > sk->rbsize = BGP_RX_BUFFER_SIZE; > sk->tbsize = BGP_TX_BUFFER_SIZE; > @@ -1117,6 +1117,7 @@ bgp_connect(struct bgp_proto *p) /* Enter > Connect state and start establishing c > s->dport = p->cf->remote_port; > s->iface = p->neigh ? p->neigh->iface : NULL; > s->vrf = p->p.vrf; > + s->flags = SKF_FREEBIND; > s->ttl = p->cf->ttl_security ? 255 : hops; > s->rbsize = p->cf->enable_extended_messages ? BGP_RX_BUFFER_EXT_SIZE : > BGP_RX_BUFFER_SIZE; > s->tbsize = p->cf->enable_extended_messages ? BGP_TX_BUFFER_EXT_SIZE : > BGP_TX_BUFFER_SIZE; -- Elen sila lumenn' omentielvo Ondrej 'Santiago' Zajicek (email: [email protected]) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) "To err is human -- to blame it on a computer is even more so."
