server: use SetsockoptTCPMD5Sig from golang.org/x/sys/unix

Use the TCPMD5Sig type and the corresponding SetsockoptTCPMD5Sig func
added upstream in golang.org/x/sys v0.6.0

Signed-off-by: Tobias Klauser <tklauser@distanz.ch>

go.mod

@@ -17,6 +17,7 @@ require (
 	github.com/stretchr/testify v1.8.1
 	github.com/vishvananda/netlink v1.2.1-beta.2
 	golang.org/x/net v0.7.0
+	golang.org/x/sys v0.6.0
 	golang.org/x/text v0.7.0
 	google.golang.org/grpc v1.51.0
 	google.golang.org/protobuf v1.28.1
@@ -42,7 +43,6 @@ require (
 	github.com/spf13/pflag v1.0.5 // indirect
 	github.com/subosito/gotenv v1.4.1 // indirect
 	github.com/vishvananda/netns v0.0.0-20200728191858-db3c7e526aae // indirect
-	golang.org/x/sys v0.5.0 // indirect
 	google.golang.org/genproto v0.0.0-20221024183307-1bc688fe9f3e // indirect
 	gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15 // indirect
 	gopkg.in/ini.v1 v1.67.0 // indirect

go.sum

@@ -351,8 +351,8 @@ golang.org/x/sys v0.0.0-20210423185535-09eb48e85fd7/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.5.0 h1:MUK/U/4lj1t1oPg0HfuXDN/Z1wv31ZJ/YcPiGccS4DU=
-golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.6.0 h1:MVltZSvRTcU2ljQOhs94SXPftV6DCNnZViHeQps87pQ=
+golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=

pkg/server/sockopt_linux.go

@@ -21,56 +21,47 @@ import (
 	"net"
 	"os"
 	"syscall"
-	"unsafe"
+
+	"golang.org/x/sys/unix"
 
 	"github.com/osrg/gobgp/v3/pkg/log"
 )
 
 const (
-	tcpMD5SIG       = 14 // TCP MD5 Signature (RFC2385)
 	ipv6MinHopCount = 73 // Generalized TTL Security Mechanism (RFC5082)
 )
 
-type tcpmd5sig struct {
-	ss_family uint16
-	ss        [126]byte
-	// padding the struct
-	_      uint16
-	keylen uint16
-	// padding the struct
-	_   uint32
-	key [80]byte
-}
-
-func buildTcpMD5Sig(address, key string) (tcpmd5sig, error) {
-	t := tcpmd5sig{}
+func buildTcpMD5Sig(address, key string) *unix.TCPMD5Sig {
+	t := unix.TCPMD5Sig{}
 	addr := net.ParseIP(address)
 	if addr.To4() != nil {
-		t.ss_family = syscall.AF_INET
-		copy(t.ss[2:], addr.To4())
+		t.Addr.Family = unix.AF_INET
+		copy(t.Addr.Data[2:], addr.To4())
 	} else {
-		t.ss_family = syscall.AF_INET6
-		copy(t.ss[6:], addr.To16())
+		t.Addr.Family = unix.AF_INET6
+		copy(t.Addr.Data[6:], addr.To16())
 	}
 
-	t.keylen = uint16(len(key))
-	copy(t.key[0:], []byte(key))
+	t.Keylen = uint16(len(key))
+	copy(t.Key[0:], []byte(key))
 
-	return t, nil
+	return &t
 }
 
 func setTCPMD5SigSockopt(l *net.TCPListener, address string, key string) error {
-	t, err := buildTcpMD5Sig(address, key)
+	sc, err := l.SyscallConn()
 	if err != nil {
 		return err
 	}
-	b := *(*[unsafe.Sizeof(t)]byte)(unsafe.Pointer(&t))
 
-	sc, err := l.SyscallConn()
-	if err != nil {
+	var sockerr error
+	t := buildTcpMD5Sig(address, key)
+	if err := sc.Control(func(s uintptr) {
+		sockerr = unix.SetsockoptTCPMD5Sig(int(s), unix.IPPROTO_TCP, unix.TCP_MD5SIG, t)
+	}); err != nil {
 		return err
 	}
-	return setsockOptString(sc, syscall.IPPROTO_TCP, tcpMD5SIG, string(b[:]))
+	return sockerr
 }
 
 func setBindToDevSockopt(sc syscall.RawConn, device string) error {
@@ -111,13 +102,9 @@ func dialerControl(logger log.Logger, network, address string, c syscall.RawConn
 	var sockerr error
 	if password != "" {
 		addr, _, _ := net.SplitHostPort(address)
-		t, err := buildTcpMD5Sig(addr, password)
-		if err != nil {
-			return err
-		}
-		b := *(*[unsafe.Sizeof(t)]byte)(unsafe.Pointer(&t))
+		t := buildTcpMD5Sig(addr, password)
 		if err := c.Control(func(fd uintptr) {
-			sockerr = os.NewSyscallError("setsockopt", syscall.SetsockoptString(int(fd), syscall.IPPROTO_TCP, tcpMD5SIG, string(b[:])))
+			sockerr = os.NewSyscallError("setsockopt", unix.SetsockoptTCPMD5Sig(int(fd), unix.IPPROTO_TCP, unix.TCP_MD5SIG, t))
 		}); err != nil {
 			return err
 		}

pkg/server/sockopt_linux_test.go

@@ -26,9 +26,9 @@ import (
 )
 
 func Test_buildTcpMD5Sig(t *testing.T) {
-	s, _ := buildTcpMD5Sig("1.2.3.4", "hello")
+	s := buildTcpMD5Sig("1.2.3.4", "hello")
 
-	if unsafe.Sizeof(s) != 216 {
+	if unsafe.Sizeof(*s) != 216 {
 		t.Error("TCPM5Sig struct size is wrong", unsafe.Sizeof(s))
 	}
 
@@ -47,7 +47,7 @@ func Test_buildTcpMD5Sig(t *testing.T) {
 }
 
 func Test_buildTcpMD5Sigv6(t *testing.T) {
-	s, _ := buildTcpMD5Sig("fe80::4850:31ff:fe01:fc55", "helloworld")
+	s := buildTcpMD5Sig("fe80::4850:31ff:fe01:fc55", "helloworld")
 
 	buf1 := new(bytes.Buffer)
 	if err := binary.Write(buf1, binary.LittleEndian, s); err != nil {