implement "passive": do not attempt to open a tcp connection to the

neighbor system

4 files changed, 25 insertions, 9 deletions

diff --git a/usr.sbin/bgpd/bgpd.conf.5 b/usr.sbin/bgpd/bgpd.conf.5
index bb56807b34b..dde5a9d672c 100644
--- a/usr.sbin/bgpd/bgpd.conf.5
+++ b/usr.sbin/bgpd/bgpd.conf.5
@@ -1,4 +1,4 @@
-.\" $OpenBSD: bgpd.conf.5,v 1.3 2003/12/24 13:49:21 henning Exp $
+.\" $OpenBSD: bgpd.conf.5,v 1.4 2003/12/25 14:28:49 henning Exp $
 .\"
 .\" Copyright (c) 2003 Henning Brauer <henning@openbsd.org>
 .\" Copyright (c) 2002 Daniel Hartmeier <dhartmei@openbsd.org>
@@ -182,6 +182,8 @@ have to be directly connected to the local machine.
 If this is not the case the
 .Em multihop
 statement defines the maximum hops the neighbor is away.
+.It Ar passive
+Do not attempt to actively open a TCP connection to the neighbor system.
 .El
 .Sh SEE ALSO
 .Xr bgpd 8
diff --git a/usr.sbin/bgpd/bgpd.h b/usr.sbin/bgpd/bgpd.h
index 8f407572fe2..d8b969c9202 100644
--- a/usr.sbin/bgpd/bgpd.h
+++ b/usr.sbin/bgpd/bgpd.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: bgpd.h,v 1.23 2003/12/25 02:24:26 henning Exp $ */
+/*	$OpenBSD: bgpd.h,v 1.24 2003/12/25 14:28:49 henning Exp $ */
 
 /*
  * Copyright (c) 2003 Henning Brauer <henning@openbsd.org>
@@ -122,6 +122,7 @@ struct peer_config {
 	u_int16_t		 remote_as;
 	u_int8_t		 ebgp;		/* 1 = ebgp, 0 = ibgp */
 	u_int8_t		 distance;	/* 1 = direct, >1 = multihop */
+	u_int8_t		 passive;
 	enum reconf_action	 reconf_action;
 };
 
diff --git a/usr.sbin/bgpd/parse.y b/usr.sbin/bgpd/parse.y
index 00675a1f47f..cd5794486b3 100644
--- a/usr.sbin/bgpd/parse.y
+++ b/usr.sbin/bgpd/parse.y
@@ -1,4 +1,4 @@
-/*	$OpenBSD: parse.y,v 1.12 2003/12/24 14:10:49 henning Exp $ */
+/*	$OpenBSD: parse.y,v 1.13 2003/12/25 14:28:49 henning Exp $ */
 
 /*
  * Copyright (c) 2002, 2003 Henning Brauer <henning@openbsd.org>
@@ -84,7 +84,7 @@ typedef struct {
 %token	SET
 %token	AS BGPID HOLDTIME YMIN LISTEN ON NO FIBUPDATE
 %token	GROUP NEIGHBOR
-%token	REMOTEAS DESCR LOCALADDR MULTIHOP
+%token	REMOTEAS DESCR LOCALADDR MULTIHOP PASSIVE
 %token	ERROR
 %token	MRTDUMP
 %token	<v.string>	STRING
@@ -266,6 +266,9 @@ peeropts	: REMOTEAS number	{
 			}
 			curpeer->conf.distance = $2;
 		}
+		| PASSIVE		{
+			curpeer->conf.passive = 1;
+		}
 		;
 
 %%
@@ -315,6 +318,7 @@ lookup(char *s)
 		{ "neighbor",		NEIGHBOR},
 		{ "no",			NO},
 		{ "on",			ON},
+		{ "passive",		PASSIVE},
 		{ "remote-as",		REMOTEAS},
 		{ "set",		SET},
 	};
diff --git a/usr.sbin/bgpd/session.c b/usr.sbin/bgpd/session.c
index 4572eba1d32..db179c197e2 100644
--- a/usr.sbin/bgpd/session.c
+++ b/usr.sbin/bgpd/session.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: session.c,v 1.42 2003/12/25 13:39:00 henning Exp $ */
+/*	$OpenBSD: session.c,v 1.43 2003/12/25 14:28:49 henning Exp $ */
 
 /*
  * Copyright (c) 2003 Henning Brauer <henning@openbsd.org>
@@ -325,8 +325,6 @@ bgp_fsm(struct peer *peer, enum session_events event)
 			peer->KeepaliveTimer = 0;
 			peer->events = 0;
 			peer->StartTimer = 0;
-			peer->ConnectRetryTimer =
-			    time(NULL) + INTERVAL_CONNECTRETRY;
 
 			/* allocate read buffer */
 			peer->rbuf = calloc(1, sizeof(struct peer_buf_read));
@@ -337,8 +335,15 @@ bgp_fsm(struct peer *peer, enum session_events event)
 			/* init write buffer */
 			msgbuf_init(&peer->wbuf);
 
-			change_state(peer, STATE_CONNECT, event);
-			session_connect(peer);
+			if (peer->conf.passive) {
+				change_state(peer, STATE_ACTIVE, event);
+				peer->ConnectRetryTimer = 0;
+			} else {
+				change_state(peer, STATE_CONNECT, event);
+				session_connect(peer);
+				peer->ConnectRetryTimer =
+				    time(NULL) + INTERVAL_CONNECTRETRY;
+			}
 			break;
 		default:
 			/* ignore */
@@ -1271,6 +1276,10 @@ session_dispatch_imsg(struct imsgbuf *ibuf, int idx)
 			if (p->conf.distance != pconf->distance)
 				reconf = RECONF_REINIT;
 
+			if (p->state <= STATE_ACTIVE &&
+			    p->conf.passive && !pconf->passive)
+				reconf = RECONF_REINIT;
+
 			memcpy(&p->conf, pconf, sizeof(struct peer_config));
 			p->conf.reconf_action = reconf;
 			if (pconf->reconf_action > reconf)