On Sun, Jan 9, 2022 at 3:41 AM Ondrej Zajicek <[email protected]> wrote: > > On Wed, Dec 29, 2021 at 06:11:32PM +0100, Alexander Zubkov wrote: > > Yes, probably it is ok to use it by default, at least in our case we > > use it always-on (as in attached patch). Only in this case it may be > > better to lower the log level for it then for the cases when it does > > not work. > > With default on there may be cases when someone will be surprised to > > see the bird listening on nonexistent address in netstat. And may be > > someone has some sort of security concerns with it, then please speak > > now or forever hold your peace. :) > > Thanks, merged (the first patch). After all, i make it 'free bind' BGP > option, disabled by default [*], applying SKF_FREEBIND to the listening > socket. But your second patch enabled SKF_FREEBIND for both listening and > active socket, i see reasons for listening one, but why to do it for > the active socket (in bgp_connect())?
Cool, thanks! Now, that you asked this question, I think there is really no reason for that. :) It receives an error anyway if it is IP_FREEBIND and not IP_TRANSPARENT, when trying to connect. Maybe I was worried that BIRD could put the protocol down when trying to connect too and added it there just for the case. > > [*] commit 60e9def9ef7b5d16f868b0fb4ab1192d59fd7541 > > > > I looked a bit about the FreeBSD, but there are different options for > > it and it can probably be disabled with sysctl there. So I thought it > > would be better if some people with more FreeBSD (or other *BSD) > > experience updated this part later. > > Yes, after some research it seems that it is not an equivalent option. > > > > diff --git a/proto/bgp/bgp.c b/proto/bgp/bgp.c > > index e4d754b1..5d985e25 100644 > > --- a/proto/bgp/bgp.c > > +++ b/proto/bgp/bgp.c > > @@ -180,7 +180,7 @@ bgp_open(struct bgp_proto *p) > > sk->sport = port; > > sk->iface = ifa; > > sk->vrf = p->p.vrf; > > - sk->flags = 0; > > + sk->flags = SKF_FREEBIND; > > sk->tos = IP_PREC_INTERNET_CONTROL; > > sk->rbsize = BGP_RX_BUFFER_SIZE; > > sk->tbsize = BGP_TX_BUFFER_SIZE; > > @@ -1117,6 +1117,7 @@ bgp_connect(struct bgp_proto *p) /* Enter > > Connect state and start establishing c > > s->dport = p->cf->remote_port; > > s->iface = p->neigh ? p->neigh->iface : NULL; > > s->vrf = p->p.vrf; > > + s->flags = SKF_FREEBIND; > > s->ttl = p->cf->ttl_security ? 255 : hops; > > s->rbsize = p->cf->enable_extended_messages ? BGP_RX_BUFFER_EXT_SIZE : > > BGP_RX_BUFFER_SIZE; > > s->tbsize = p->cf->enable_extended_messages ? BGP_TX_BUFFER_EXT_SIZE : > > BGP_TX_BUFFER_SIZE; > > > -- > Elen sila lumenn' omentielvo > > Ondrej 'Santiago' Zajicek (email: [email protected]) > OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) > "To err is human -- to blame it on a computer is even more so."
