-
Notifications
You must be signed in to change notification settings - Fork 1.3k
bgpd: add neighbor ip-transparent #18789
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Conversation
can we add a simple topotest that shows that this works? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please add a topotest to check if it works as expected.
a5a96aa
to
8f05c96
Compare
next: I'll submit the related topotest |
Interesting, if I understand right, this use case works with neighbor passive |
8f05c96
to
d50b46a
Compare
d50b46a
to
ef813aa
Compare
ef813aa
to
a6de6cf
Compare
a6de6cf
to
af44d1a
Compare
ci:rerun unrelated failures |
@vjardin please fix styling (frrbot). |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
looks good ... looks like you've added the topo tests, as well
This pull request has conflicts, please resolve those before we can evaluate the pull request. |
af44d1a
to
a7993ba
Compare
I have fixed all except for
|
eb458e9
to
7cdd080
Compare
LGTM once CI finishes.... |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Mixed peer->af_flags with peer->flags for PEER_FLAG_IP_TRANSPARENT.
7cdd080
to
d1a6e3c
Compare
This pull request has conflicts, please resolve those before we can evaluate the pull request. |
d1a6e3c
to
d219953
Compare
d219953
to
00e2a6a
Compare
ci:rerun |
waiting on blocker @ton31337 ... :-) |
Add sockopt_ip_transparent(), a thin wrapper around setsockopt(sock, SOL_IP, IP_TRANSPARENT) guarded by #ifdef IP_TRANSPARENT. This lets daemons such as bgpd create transparent sockets when running on kernels that support the option, while keeping the build portable on systems that do not provide it. Signed-off-by: Vincent Jardin <[email protected]>
Implement a per‑neighbor flag that sets IP_TRANSPARENT for the underlying TCP socket. With this flag bgpd can accept or initiate a session to/from an address that is not present on the host. Typical use‑cases: - running bgpd inside a container without configuring the router loopback address inside that netns. - hitless switchover of a keepalived/VRRP VIP: the standby bgpd can pre‑bind and come up instantly after takeover. - BGP speakers when the IP address is not set (transparent firewall). - others... It is safeguarded by a CAP_NET_ADMIN. Signed-off-by: Vincent Jardin <[email protected]>
When a neighbor is established for an ip-transparent and the source address is well known, let's honor that the connection. Signed-off-by: Vincent Jardin <[email protected]>
r1 is a legacy bgp setting r2 is configured using IP transparent 2 steps: - when IP transparent is not set, TCP session should not establish - when IP transparent is set, TCP session should establish Signed-off-by: Vincent Jardin <[email protected]>
00e2a6a
to
4d07a2f
Compare
Thanks |
Implement a per‑neighbor flag that sets IP_TRANSPARENT for the underlying TCP socket. With this flag bgpd can accept or initiate a session to/from an address that is not present on the host.
Typical use‑cases: