BGP strict bind socket error

Ondrej Zajicek santiago at crfreenet.org
Wed Dec 29 17:41:45 CET 2021


On Tue, Dec 28, 2021 at 06:34:28PM +0100, Alexander Zubkov wrote:
> Hi,
> 
> I want to bring this question up again. In our company we use it in
> production with patches, but I think it would be useful in upstream
> version too.
> Short version of the story: bird can try to bind socket when
> IP-address is absent in the system, it will result in a error and the
> protocol will remain in down state after that. Suggested change is to
> allow it to bind non-local addresses.
>
> If this variant is OK, than the next step is to choose wether it would
> be some configuration option or maybe a compile-time flag.

Hi

My main objection is that whether to use IP_FREEBIND should be primarily
developer decision, not admin decision. Either the code should work
correctly without IP_FREEBIND, or we should use it always or
automatically when necessary.

I looked for disadvantages of always using IP_FREEBIND, i found nothing
except that in case of misconfigured IP address it does not report error.
But BIRD (and modern daemons in general) are supposed to wait for IP to
appear instead of assuming that all valid IPs are available when daemon
starts, so this is not an issue. So it makes sense to use IP_FREEBIND by
default if available.

So i think that there could be a protocol option for freebind, which
should have platform-specific defaults (like rt_default_ecmp is
platform-specific default for ECMP option), independently for IPv4 and
IPv6. This option is primarily intended for disabling freebind in case
of some unexpected case where it is not desirable.

Also note that the patch does not handle IPv6 case (there is
IPV6_FREEBIND) and BSD case (there is IP_BINDANY, which seems that
does the same, but it is less clear and requires some privilege,
so perhaps it makes sense to skip it or not make it default).

I will try the patch, modify it and merge it.

-- 
Elen sila lumenn' omentielvo

Ondrej 'Santiago' Zajicek (email: santiago at crfreenet.org)
OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net)
"To err is human -- to blame it on a computer is even more so."


More information about the Bird-users mailing list