ospfd: OSPFAPI Server options to limit to local connections and per-instance TCP

This commit include OSPFAPI Server options to:

 1. Allow specification of the OSPFAPI server local address.
 2. Allow different OSPFAPI server TCP ports to be specified for different
    OSPF instances in /etc/services.

Signed-off-by: Acee Lindem <acee@lindem.com>

4 files changed, 51 insertions, 14 deletions

diff --git a/doc/user/ospfd.rst b/doc/user/ospfd.rst
index 47f8fad17..1d3b1ccb7 100644
--- a/doc/user/ospfd.rst
+++ b/doc/user/ospfd.rst
@@ -28,6 +28,12 @@ Configuring OSPF
 
    Enable the OSPF API server. This is required to use ``ospfclient``.
 
+.. option:: -l, --apiserver_addr <address>
+
+   Specify the local IPv4 address to which to bind the OSPF API server socket.
+   If unspecified, connections are accepted to any address. Specification of
+   127.0.0.1 can be used to limit socket access to local applications.
+
 *ospfd* must acquire interface information from *zebra* in order to function.
 Therefore *zebra* must be running before invoking *ospfd*. Also, if *zebra* is
 restarted then *ospfd* must be too.
diff --git a/ospfd/ospf_apiserver.c b/ospfd/ospf_apiserver.c
index 419113e6d..fcc28c6f9 100644
--- a/ospfd/ospf_apiserver.c
+++ b/ospfd/ospf_apiserver.c
@@ -62,6 +62,11 @@ DEFINE_MTYPE_STATIC(OSPFD, APISERVER_MSGFILTER, "API Server Message Filter");
 /* List of all active connections. */
 struct list *apiserver_list;
 
+/* Indicates that API the server socket local addresss has been
+ * specified.
+ */
+struct in_addr ospf_apiserver_addr;
+
 /* -----------------------------------------------------------
  * Functions to lookup interfaces
  * -----------------------------------------------------------
@@ -109,7 +114,21 @@ struct ospf_interface *ospf_apiserver_if_lookup_by_ifp(struct interface *ifp)
 
 unsigned short ospf_apiserver_getport(void)
 {
-	struct servent *sp = getservbyname("ospfapi", "tcp");
+	struct servent *sp = NULL;
+	char sbuf[16];
+
+	/*
+	 * Allow the OSPF API server port to be specified per-instance by
+	 * including the instance ID in the /etc/services name. Use the
+	 * prior name if no per-instance service is specified.
+	 */
+	if (ospf_instance) {
+		snprintfrr(sbuf, sizeof(sbuf), "ospfapi-%d", ospf_instance);
+		sp = getservbyname(sbuf, "tcp");
+	}
+
+	if (!sp)
+		sp = getservbyname("ospfapi", "tcp");
 
 	return sp ? ntohs(sp->s_port) : OSPF_API_SYNC_PORT;
 }
@@ -557,8 +576,10 @@ int ospf_apiserver_serv_sock_family(unsigned short port, int family)
 	sockopt_reuseaddr(accept_sock);
 	sockopt_reuseport(accept_sock);
 
-	/* Bind socket to address and given port. */
-	rc = sockunion_bind(accept_sock, &su, port, NULL);
+	/* Bind socket to optional lcoal address and port. */
+	if (ospf_apiserver_addr.s_addr)
+		sockunion2ip(&su) = ospf_apiserver_addr.s_addr;
+	rc = sockunion_bind(accept_sock, &su, port, &su);
 	if (rc < 0) {
 		close(accept_sock); /* Close socket */
 		return rc;
diff --git a/ospfd/ospf_apiserver.h b/ospfd/ospf_apiserver.h
index 0aaf67c1f..4341a9d38 100644
--- a/ospfd/ospf_apiserver.h
+++ b/ospfd/ospf_apiserver.h
@@ -67,6 +67,14 @@ enum ospf_apiserver_event {
 };
 
 /* -----------------------------------------------------------
+ * External definitions for OSPF API ospfd parameters.
+ * -----------------------------------------------------------
+ */
+
+extern int ospf_apiserver_enable;
+extern struct in_addr ospf_apiserver_addr;
+
+/* -----------------------------------------------------------
  * Following are functions to manage client connections.
  * -----------------------------------------------------------
  */
diff --git a/ospfd/ospf_main.c b/ospfd/ospf_main.c
index abad6c5b9..9e97abba1 100644
--- a/ospfd/ospf_main.c
+++ b/ospfd/ospf_main.c
@@ -44,6 +44,7 @@
 #include "ospfd/ospf_errors.h"
 #include "ospfd/ospf_ldp_sync.h"
 #include "ospfd/ospf_routemap_nb.h"
+#include "ospfd/ospf_apiserver.h"
 
 #define OSPFD_STATE_NAME	 "%s/ospfd.json", frr_libstatedir
 #define OSPFD_INST_STATE_NAME(i) "%s/ospfd-%d.json", frr_runstatedir, i
@@ -75,6 +76,7 @@ struct zebra_privs_t ospfd_privs = {
 const struct option longopts[] = {
 	{"instance", required_argument, NULL, 'n'},
 	{"apiserver", no_argument, NULL, 'a'},
+	{"apiserver_addr", required_argument, NULL, 'l'},
 	{0}
 };
 
@@ -83,10 +85,6 @@ const struct option longopts[] = {
 /* Master of threads. */
 struct event_loop *master;
 
-#ifdef SUPPORT_OSPF_API
-extern int ospf_apiserver_enable;
-#endif /* SUPPORT_OSPF_API */
-
 /* SIGHUP handler. */
 static void sighup(void)
 {
@@ -193,15 +191,11 @@ static void ospf_config_end(void)
 /* OSPFd main routine. */
 int main(int argc, char **argv)
 {
-#ifdef SUPPORT_OSPF_API
-	/* OSPF apiserver is disabled by default. */
-	ospf_apiserver_enable = 0;
-#endif /* SUPPORT_OSPF_API */
-
 	frr_preinit(&ospfd_di, argc, argv);
-	frr_opt_add("n:a", longopts,
+	frr_opt_add("n:al:", longopts,
 		    "  -n, --instance     Set the instance id\n"
-		    "  -a, --apiserver    Enable OSPF apiserver\n");
+		    "  -a, --apiserver    Enable OSPF apiserver\n"
+		    "  -l, --apiserver_addr     Set OSPF apiserver bind address\n");
 
 	while (1) {
 		int opt;
@@ -223,6 +217,14 @@ int main(int argc, char **argv)
 		case 'a':
 			ospf_apiserver_enable = 1;
 			break;
+		case 'l':
+			if (inet_pton(AF_INET, optarg, &ospf_apiserver_addr) <=
+			    0) {
+				zlog_err("OSPF: Invalid API Server IPv4 address %s specified",
+					 optarg);
+				exit(0);
+			}
+			break;
 #endif /* SUPPORT_OSPF_API */
 		default:
 			frr_help_exit(1);