On Wed, Dec 29, 2021 at 06:11:32PM +0100, Alexander Zubkov wrote:
Yes, probably it is ok to use it by default, at least in our case we use it always-on (as in attached patch). Only in this case it may be better to lower the log level for it then for the cases when it does not work. With default on there may be cases when someone will be surprised to see the bird listening on nonexistent address in netstat. And may be someone has some sort of security concerns with it, then please speak now or forever hold your peace. :)
Thanks, merged (the first patch). After all, i make it 'free bind' BGP option, disabled by default [*], applying SKF_FREEBIND to the listening socket. But your second patch enabled SKF_FREEBIND for both listening and active socket, i see reasons for listening one, but why to do it for the active socket (in bgp_connect())? [*] commit 60e9def9ef7b5d16f868b0fb4ab1192d59fd7541
I looked a bit about the FreeBSD, but there are different options for it and it can probably be disabled with sysctl there. So I thought it would be better if some people with more FreeBSD (or other *BSD) experience updated this part later.
Yes, after some research it seems that it is not an equivalent option.
diff --git a/proto/bgp/bgp.c b/proto/bgp/bgp.c index e4d754b1..5d985e25 100644 --- a/proto/bgp/bgp.c +++ b/proto/bgp/bgp.c @@ -180,7 +180,7 @@ bgp_open(struct bgp_proto *p) sk->sport = port; sk->iface = ifa; sk->vrf = p->p.vrf; - sk->flags = 0; + sk->flags = SKF_FREEBIND; sk->tos = IP_PREC_INTERNET_CONTROL; sk->rbsize = BGP_RX_BUFFER_SIZE; sk->tbsize = BGP_TX_BUFFER_SIZE; @@ -1117,6 +1117,7 @@ bgp_connect(struct bgp_proto *p) /* Enter Connect state and start establishing c s->dport = p->cf->remote_port; s->iface = p->neigh ? p->neigh->iface : NULL; s->vrf = p->p.vrf; + s->flags = SKF_FREEBIND; s->ttl = p->cf->ttl_security ? 255 : hops; s->rbsize = p->cf->enable_extended_messages ? BGP_RX_BUFFER_EXT_SIZE : BGP_RX_BUFFER_SIZE; s->tbsize = p->cf->enable_extended_messages ? BGP_TX_BUFFER_EXT_SIZE : BGP_TX_BUFFER_SIZE;
-- Elen sila lumenn' omentielvo Ondrej 'Santiago' Zajicek (email: santiago@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) "To err is human -- to blame it on a computer is even more so."