IO: Fix socket priority

[thirdparty/bird.git] / sysdep / unix / io.c

diff --git a/sysdep/unix/io.c b/sysdep/unix/io.c
index c7527c973442f0dd7ef883fefb0717e3221dfcbf..53a37a501b284ca774710f1c2d0c1e0e8eb5cf32 100644 (file)
--- a/sysdep/unix/io.c
+++ b/sysdep/unix/io.c
@@ -7,16 +7,29 @@
  *     Can be freely distributed and used under the terms of the GNU GPL.
  */
 
+/* Unfortunately, some glibc versions hide parts of RFC 3542 API
+   if _GNU_SOURCE is not defined. */
+#ifndef _GNU_SOURCE
+#define _GNU_SOURCE
+#endif
+
 #include <stdio.h>
 #include <stdlib.h>
 #include <time.h>
 #include <sys/time.h>
 #include <sys/types.h>
 #include <sys/socket.h>
-#include <sys/fcntl.h>
+#include <sys/uio.h>
 #include <sys/un.h>
+#include <poll.h>
 #include <unistd.h>
+#include <fcntl.h>
 #include <errno.h>
+#include <net/if.h>
+#include <netinet/in.h>
+#include <netinet/tcp.h>
+#include <netinet/udp.h>
+#include <netinet/icmp6.h>
 
 #include "nest/bird.h"
 #include "lib/lists.h"
@@ -31,12 +44,12 @@
 #include "lib/sysio.h"
 
 /* Maximum number of calls of tx handler for one socket in one
- * select iteration. Should be small enough to not monopolize CPU by
+ * poll iteration. Should be small enough to not monopolize CPU by
  * one protocol instance.
  */
 #define MAX_STEPS 4
 
-/* Maximum number of calls of rx handler for all sockets in one select
+/* Maximum number of calls of rx handler for all sockets in one poll
    iteration. RX callbacks are often much more costly so we limit
    this to gen small latencies */
 #define MAX_RX_STEPS 4
@@ -71,6 +84,7 @@ static struct resclass rf_class = {
   sizeof(struct rfile),
   rf_free,
   rf_dump,
+  NULL,
   NULL
 };
 
@@ -112,7 +126,8 @@ tracked_fopen(pool *p, char *name, char *mode)
 static list near_timers, far_timers;
 static bird_clock_t first_far_timer = TIME_INFINITY;
 
-bird_clock_t now, now_real;
+/* now must be different from 0, because 0 is a special value in timer->expires */
+bird_clock_t now = 1, now_real, boot_time;
 
 static void
 update_times_plain(void)
@@ -197,6 +212,7 @@ static struct resclass tm_class = {
   sizeof(timer),
   tm_free,
   tm_dump,
+  NULL,
   NULL
 };
 
@@ -319,6 +335,8 @@ tm_first_shot(void)
   return x;
 }
 
+void io_log_event(void *hook, void *data);
+
 static void
 tm_shot(void)
 {
@@ -359,6 +377,7 @@ tm_shot(void)
            i = 0;
          tm_start(t, i);
        }
+      io_log_event(t->hook, t->data);
       t->hook(t);
     }
 }
@@ -431,6 +450,7 @@ tm_format_reltime(char *x, struct tm *tm, bird_clock_t delta)
 /**
  * tm_format_datetime - convert date and time to textual representation
  * @x: destination buffer of size %TM_DATETIME_BUFFER_SIZE
+ * @fmt_spec: specification of resulting textual representation of the time
  * @t: time
  *
  * This function formats the given relative time value @t to a textual
@@ -458,6 +478,7 @@ tm_format_datetime(char *x, struct timeformat *fmt_spec, bird_clock_t t)
     strcpy(x, "<too-long>");
 }
 
+
 /**
  * DOC: Sockets
  *
@@ -479,545 +500,873 @@ tm_format_datetime(char *x, struct timeformat *fmt_spec, bird_clock_t t)
 #define SOL_IPV6 IPPROTO_IPV6
 #endif
 
-static list sock_list;
-static struct birdsock *current_sock;
-static struct birdsock *stored_sock;
-static int sock_recalc_fdsets_p;
+#ifndef SOL_ICMPV6
+#define SOL_ICMPV6 IPPROTO_ICMPV6
+#endif
 
-static inline sock *
-sk_next(sock *s)
+
+/*
+ *     Sockaddr helper functions
+ */
+
+static inline int UNUSED sockaddr_length(int af)
+{ return (af == AF_INET) ? sizeof(struct sockaddr_in) : sizeof(struct sockaddr_in6); }
+
+static inline void
+sockaddr_fill4(struct sockaddr_in *sa, ip_addr a, uint port)
 {
-  if (!s->n.next->next)
-    return NULL;
-  else
-    return SKIP_BACK(sock, n, s->n.next);
+  memset(sa, 0, sizeof(struct sockaddr_in));
+#ifdef HAVE_STRUCT_SOCKADDR_SA_LEN
+  sa->sin_len = sizeof(struct sockaddr_in);
+#endif
+  sa->sin_family = AF_INET;
+  sa->sin_port = htons(port);
+  sa->sin_addr = ipa_to_in4(a);
 }
 
-static void
-sk_alloc_bufs(sock *s)
+static inline void
+sockaddr_fill6(struct sockaddr_in6 *sa, ip_addr a, struct iface *ifa, uint port)
 {
-  if (!s->rbuf && s->rbsize)
-    s->rbuf = s->rbuf_alloc = xmalloc(s->rbsize);
-  s->rpos = s->rbuf;
-  if (!s->tbuf && s->tbsize)
-    s->tbuf = s->tbuf_alloc = xmalloc(s->tbsize);
-  s->tpos = s->ttx = s->tbuf;
+  memset(sa, 0, sizeof(struct sockaddr_in6));
+#ifdef SIN6_LEN
+  sa->sin6_len = sizeof(struct sockaddr_in6);
+#endif
+  sa->sin6_family = AF_INET6;
+  sa->sin6_port = htons(port);
+  sa->sin6_flowinfo = 0;
+  sa->sin6_addr = ipa_to_in6(a);
+
+  if (ifa && ipa_is_link_local(a))
+    sa->sin6_scope_id = ifa->index;
 }
 
-static void
-sk_free_bufs(sock *s)
+void
+sockaddr_fill(sockaddr *sa, int af, ip_addr a, struct iface *ifa, uint port)
 {
-  if (s->rbuf_alloc)
-    {
-      xfree(s->rbuf_alloc);
-      s->rbuf = s->rbuf_alloc = NULL;
-    }
-  if (s->tbuf_alloc)
-    {
-      xfree(s->tbuf_alloc);
-      s->tbuf = s->tbuf_alloc = NULL;
-    }
+  if (af == AF_INET)
+    sockaddr_fill4((struct sockaddr_in *) sa, a, port);
+  else if (af == AF_INET6)
+    sockaddr_fill6((struct sockaddr_in6 *) sa, a, ifa, port);
+  else
+    bug("Unknown AF");
 }
 
-static void
-sk_free(resource *r)
+static inline void
+sockaddr_read4(struct sockaddr_in *sa, ip_addr *a, uint *port)
 {
-  sock *s = (sock *) r;
-
-  sk_free_bufs(s);
-  if (s->fd >= 0)
-    {
-      close(s->fd);
-      if (s == current_sock)
-       current_sock = sk_next(s);
-      if (s == stored_sock)
-       stored_sock = sk_next(s);
-      rem_node(&s->n);
-      sock_recalc_fdsets_p = 1;
-    }
+  *port = ntohs(sa->sin_port);
+  *a = ipa_from_in4(sa->sin_addr);
 }
 
-void
-sk_reallocate(sock *s)
+static inline void
+sockaddr_read6(struct sockaddr_in6 *sa, ip_addr *a, struct iface **ifa, uint *port)
 {
-  sk_free_bufs(s);
-  sk_alloc_bufs(s);
+  *port = ntohs(sa->sin6_port);
+  *a = ipa_from_in6(sa->sin6_addr);
+
+  if (ifa && ipa_is_link_local(*a))
+    *ifa = if_find_by_index(sa->sin6_scope_id);
 }
 
-static void
-sk_dump(resource *r)
+int
+sockaddr_read(sockaddr *sa, int af, ip_addr *a, struct iface **ifa, uint *port)
 {
-  sock *s = (sock *) r;
-  static char *sk_type_names[] = { "TCP<", "TCP>", "TCP", "UDP", "UDP/MC", "IP", "IP/MC", "MAGIC", "UNIX<", "UNIX", "DEL!" };
+  if (sa->sa.sa_family != af)
+    goto fail;
 
-  debug("(%s, ud=%p, sa=%08x, sp=%d, da=%08x, dp=%d, tos=%d, ttl=%d, if=%s)\n",
-       sk_type_names[s->type],
-       s->data,
-       s->saddr,
-       s->sport,
-       s->daddr,
-       s->dport,
-       s->tos,
-       s->ttl,
-       s->iface ? s->iface->name : "none");
+  if (af == AF_INET)
+    sockaddr_read4((struct sockaddr_in *) sa, a, port);
+  else if (af == AF_INET6)
+    sockaddr_read6((struct sockaddr_in6 *) sa, a, ifa, port);
+  else
+    goto fail;
+
+  return 0;
+
+ fail:
+  *a = IPA_NONE;
+  *port = 0;
+  return -1;
 }
 
-static struct resclass sk_class = {
-  "Socket",
-  sizeof(sock),
-  sk_free,
-  sk_dump,
-  NULL
-};
 
-/**
- * sk_new - create a socket
- * @p: pool
- *
- * This function creates a new socket resource. If you want to use it,
- * you need to fill in all the required fields of the structure and
- * call sk_open() to do the actual opening of the socket.
+/*
+ *     IPv6 multicast syscalls
  */
-sock *
-sk_new(pool *p)
+
+/* Fortunately standardized in RFC 3493 */
+
+#define INIT_MREQ6(maddr,ifa) \
+  { .ipv6mr_multiaddr = ipa_to_in6(maddr), .ipv6mr_interface = ifa->index }
+
+static inline int
+sk_setup_multicast6(sock *s)
 {
-  sock *s = ralloc(p, &sk_class);
-  s->pool = p;
-  // s->saddr = s->daddr = IPA_NONE;
-  s->tos = s->ttl = -1;
-  s->fd = -1;
-  return s;
+  int index = s->iface->index;
+  int ttl = s->ttl;
+  int n = 0;
+
+  if (setsockopt(s->fd, SOL_IPV6, IPV6_MULTICAST_IF, &index, sizeof(index)) < 0)
+    ERR("IPV6_MULTICAST_IF");
+
+  if (setsockopt(s->fd, SOL_IPV6, IPV6_MULTICAST_HOPS, &ttl, sizeof(ttl)) < 0)
+    ERR("IPV6_MULTICAST_HOPS");
+
+  if (setsockopt(s->fd, SOL_IPV6, IPV6_MULTICAST_LOOP, &n, sizeof(n)) < 0)
+    ERR("IPV6_MULTICAST_LOOP");
+
+  return 0;
 }
 
-static void
-sk_insert(sock *s)
+static inline int
+sk_join_group6(sock *s, ip_addr maddr)
 {
-  add_tail(&sock_list, &s->n);
-  sock_recalc_fdsets_p = 1;
-}
+  struct ipv6_mreq mr = INIT_MREQ6(maddr, s->iface);
 
-#ifdef IPV6
+  if (setsockopt(s->fd, SOL_IPV6, IPV6_JOIN_GROUP, &mr, sizeof(mr)) < 0)
+    ERR("IPV6_JOIN_GROUP");
 
-void
-fill_in_sockaddr(sockaddr *sa, ip_addr a, unsigned port)
+  return 0;
+}
+
+static inline int
+sk_leave_group6(sock *s, ip_addr maddr)
 {
-  memset (sa, 0, sizeof (struct sockaddr_in6));
-  sa->sin6_family = AF_INET6;
-  sa->sin6_port = htons(port);
-  sa->sin6_flowinfo = 0;
-#ifdef HAVE_SIN_LEN
-  sa->sin6_len = sizeof(struct sockaddr_in6);
-#endif
-  set_inaddr(&sa->sin6_addr, a);
+  struct ipv6_mreq mr = INIT_MREQ6(maddr, s->iface);
+
+  if (setsockopt(s->fd, SOL_IPV6, IPV6_LEAVE_GROUP, &mr, sizeof(mr)) < 0)
+    ERR("IPV6_LEAVE_GROUP");
+
+  return 0;
 }
 
-static inline void
-fill_in_sockifa(sockaddr *sa, struct iface *ifa)
+
+/*
+ *     IPv6 packet control messages
+ */
+
+/* Also standardized, in RFC 3542 */
+
+/*
+ * RFC 2292 uses IPV6_PKTINFO for both the socket option and the cmsg
+ * type, RFC 3542 changed the socket option to IPV6_RECVPKTINFO. If we
+ * don't have IPV6_RECVPKTINFO we suppose the OS implements the older
+ * RFC and we use IPV6_PKTINFO.
+ */
+#ifndef IPV6_RECVPKTINFO
+#define IPV6_RECVPKTINFO IPV6_PKTINFO
+#endif
+/*
+ * Same goes for IPV6_HOPLIMIT -> IPV6_RECVHOPLIMIT.
+ */
+#ifndef IPV6_RECVHOPLIMIT
+#define IPV6_RECVHOPLIMIT IPV6_HOPLIMIT
+#endif
+
+
+#define CMSG6_SPACE_PKTINFO CMSG_SPACE(sizeof(struct in6_pktinfo))
+#define CMSG6_SPACE_TTL CMSG_SPACE(sizeof(int))
+
+static inline int
+sk_request_cmsg6_pktinfo(sock *s)
 {
-  sa->sin6_scope_id = ifa ? ifa->index : 0;
+  int y = 1;
+
+  if (setsockopt(s->fd, SOL_IPV6, IPV6_RECVPKTINFO, &y, sizeof(y)) < 0)
+    ERR("IPV6_RECVPKTINFO");
+
+  return 0;
 }
 
-void
-get_sockaddr(struct sockaddr_in6 *sa, ip_addr *a, unsigned *port, int check)
+static inline int
+sk_request_cmsg6_ttl(sock *s)
 {
-  if (check && sa->sin6_family != AF_INET6)
-    bug("get_sockaddr called for wrong address family (%d)", sa->sin6_family);
-  if (port)
-    *port = ntohs(sa->sin6_port);
-  memcpy(a, &sa->sin6_addr, sizeof(*a));
-  ipa_ntoh(*a);
+  int y = 1;
+
+  if (setsockopt(s->fd, SOL_IPV6, IPV6_RECVHOPLIMIT, &y, sizeof(y)) < 0)
+    ERR("IPV6_RECVHOPLIMIT");
+
+  return 0;
 }
 
-#else
+static inline void
+sk_process_cmsg6_pktinfo(sock *s, struct cmsghdr *cm)
+{
+  if (cm->cmsg_type == IPV6_PKTINFO)
+  {
+    struct in6_pktinfo *pi = (struct in6_pktinfo *) CMSG_DATA(cm);
+    s->laddr = ipa_from_in6(pi->ipi6_addr);
+    s->lifindex = pi->ipi6_ifindex;
+  }
+}
 
-void
-fill_in_sockaddr(sockaddr *sa, ip_addr a, unsigned port)
+static inline void
+sk_process_cmsg6_ttl(sock *s, struct cmsghdr *cm)
 {
-  memset (sa, 0, sizeof (struct sockaddr_in));
-  sa->sin_family = AF_INET;
-  sa->sin_port = htons(port);
-#ifdef HAVE_SIN_LEN
-  sa->sin_len = sizeof(struct sockaddr_in);
-#endif
-  set_inaddr(&sa->sin_addr, a);
+  if (cm->cmsg_type == IPV6_HOPLIMIT)
+    s->rcv_ttl = * (int *) CMSG_DATA(cm);
 }
 
 static inline void
-fill_in_sockifa(sockaddr *sa UNUSED, struct iface *ifa UNUSED)
+sk_prepare_cmsgs6(sock *s, struct msghdr *msg, void *cbuf, size_t cbuflen)
 {
+  struct cmsghdr *cm;
+  struct in6_pktinfo *pi;
+  int controllen = 0;
+
+  msg->msg_control = cbuf;
+  msg->msg_controllen = cbuflen;
+
+  cm = CMSG_FIRSTHDR(msg);
+  cm->cmsg_level = SOL_IPV6;
+  cm->cmsg_type = IPV6_PKTINFO;
+  cm->cmsg_len = CMSG_LEN(sizeof(*pi));
+  controllen += CMSG_SPACE(sizeof(*pi));
+
+  pi = (struct in6_pktinfo *) CMSG_DATA(cm);
+  pi->ipi6_ifindex = s->iface ? s->iface->index : 0;
+  pi->ipi6_addr = ipa_to_in6(s->saddr);
+
+  msg->msg_controllen = controllen;
 }
 
-void
-get_sockaddr(struct sockaddr_in *sa, ip_addr *a, unsigned *port, int check)
+
+/*
+ *     Miscellaneous socket syscalls
+ */
+
+static inline int
+sk_set_ttl4(sock *s, int ttl)
 {
-  if (check && sa->sin_family != AF_INET)
-    bug("get_sockaddr called for wrong address family (%d)", sa->sin_family);
-  if (port)
-    *port = ntohs(sa->sin_port);
-  memcpy(a, &sa->sin_addr.s_addr, sizeof(*a));
-  ipa_ntoh(*a);
+  if (setsockopt(s->fd, SOL_IP, IP_TTL, &ttl, sizeof(ttl)) < 0)
+    ERR("IP_TTL");
+
+  return 0;
 }
 
-#endif
+static inline int
+sk_set_ttl6(sock *s, int ttl)
+{
+  if (setsockopt(s->fd, SOL_IPV6, IPV6_UNICAST_HOPS, &ttl, sizeof(ttl)) < 0)
+    ERR("IPV6_UNICAST_HOPS");
 
-static char *
-sk_set_ttl_int(sock *s)
+  return 0;
+}
+
+static inline int
+sk_set_tos4(sock *s, int tos)
 {
-#ifdef IPV6
-  if (setsockopt(s->fd, SOL_IPV6, IPV6_UNICAST_HOPS, &s->ttl, sizeof(s->ttl)) < 0)
-    return "IPV6_UNICAST_HOPS";
-#else
-  if (setsockopt(s->fd, SOL_IP, IP_TTL, &s->ttl, sizeof(s->ttl)) < 0)
-    return "IP_TTL";
-#ifdef CONFIG_UNIX_DONTROUTE
-  int one = 1;
-  if (s->ttl == 1 && setsockopt(s->fd, SOL_SOCKET, SO_DONTROUTE, &one, sizeof(one)) < 0)
-    return "SO_DONTROUTE";
-#endif 
-#endif
-  return NULL;
+  if (setsockopt(s->fd, SOL_IP, IP_TOS, &tos, sizeof(tos)) < 0)
+    ERR("IP_TOS");
+
+  return 0;
 }
 
-#define ERR(x) do { err = x; goto bad; } while(0)
-#define WARN(x) log(L_WARN "sk_setup: %s: %m", x)
+static inline int
+sk_set_tos6(sock *s, int tos)
+{
+  if (setsockopt(s->fd, SOL_IPV6, IPV6_TCLASS, &tos, sizeof(tos)) < 0)
+    ERR("IPV6_TCLASS");
+
+  return 0;
+}
 
-static char *
-sk_setup(sock *s)
+static inline int
+sk_set_high_port(sock *s UNUSED)
 {
-  int fd = s->fd;
-  char *err = NULL;
+  /* Port range setting is optional, ignore it if not supported */
 
-  if (fcntl(fd, F_SETFL, O_NONBLOCK) < 0)
-    ERR("fcntl(O_NONBLOCK)");
-  if (s->type == SK_UNIX)
-    return NULL;
-#ifndef IPV6
-  if ((s->tos >= 0) && setsockopt(fd, SOL_IP, IP_TOS, &s->tos, sizeof(s->tos)) < 0)
-    WARN("IP_TOS");
+#ifdef IP_PORTRANGE
+  if (sk_is_ipv4(s))
+  {
+    int range = IP_PORTRANGE_HIGH;
+    if (setsockopt(s->fd, SOL_IP, IP_PORTRANGE, &range, sizeof(range)) < 0)
+      ERR("IP_PORTRANGE");
+  }
 #endif
 
-#ifdef IPV6
-  int v = 1;
-  if ((s->flags & SKF_V6ONLY) && setsockopt(fd, IPPROTO_IPV6, IPV6_V6ONLY, &v, sizeof(v)) < 0)
-    WARN("IPV6_V6ONLY");
+#ifdef IPV6_PORTRANGE
+  if (sk_is_ipv6(s))
+  {
+    int range = IPV6_PORTRANGE_HIGH;
+    if (setsockopt(s->fd, SOL_IPV6, IPV6_PORTRANGE, &range, sizeof(range)) < 0)
+      ERR("IPV6_PORTRANGE");
+  }
 #endif
 
-  if (s->ttl >= 0)
-    err = sk_set_ttl_int(s);
+  return 0;
+}
+
+static inline byte *
+sk_skip_ip_header(byte *pkt, int *len)
+{
+  if ((*len < 20) || ((*pkt & 0xf0) != 0x40))
+    return NULL;
+
+  int hlen = (*pkt & 0x0f) * 4;
+  if ((hlen < 20) || (hlen > *len))
+    return NULL;
+
+  *len -= hlen;
+  return pkt + hlen;
+}
 
-  sysio_register_cmsgs(s);
-bad:
-  return err;
+byte *
+sk_rx_buffer(sock *s, int *len)
+{
+  if (sk_is_ipv4(s) && (s->type == SK_IP))
+    return sk_skip_ip_header(s->rbuf, len);
+  else
+    return s->rbuf;
 }
 
+
+/*
+ *     Public socket functions
+ */
+
 /**
- * sk_set_ttl - set TTL for given socket.
+ * sk_setup_multicast - enable multicast for given socket
  * @s: socket
- * @ttl: TTL value
  *
- * Set TTL for already opened connections when TTL was not set before.
- * Useful for accepted connections when different ones should have 
- * different TTL.
+ * Prepare transmission of multicast packets for given datagram socket.
+ * The socket must have defined @iface.
  *
  * Result: 0 for success, -1 for an error.
  */
 
 int
-sk_set_ttl(sock *s, int ttl)
+sk_setup_multicast(sock *s)
 {
-  char *err;
-
-  s->ttl = ttl;
-  if (err = sk_set_ttl_int(s))
-    log(L_ERR "sk_set_ttl: %s: %m", err);
+  ASSERT(s->iface);
 
-  return (err ? -1 : 0);
+  if (sk_is_ipv4(s))
+    return sk_setup_multicast4(s);
+  else
+    return sk_setup_multicast6(s);
 }
 
-
 /**
- * sk_set_md5_auth - add / remove MD5 security association for given socket.
+ * sk_join_group - join multicast group for given socket
  * @s: socket
- * @a: IP address of the other side
- * @passwd: password used for MD5 authentication
- *
- * In TCP MD5 handling code in kernel, there is a set of pairs
- * (address, password) used to choose password according to
- * address of the other side. This function is useful for
- * listening socket, for active sockets it is enough to set
- * s->password field.
+ * @maddr: multicast address
  *
- * When called with passwd != NULL, the new pair is added,
- * When called with passwd == NULL, the existing pair is removed.
+ * Join multicast group for given datagram socket and associated interface.
+ * The socket must have defined @iface.
  *
  * Result: 0 for success, -1 for an error.
  */
 
 int
-sk_set_md5_auth(sock *s, ip_addr a, char *passwd)
+sk_join_group(sock *s, ip_addr maddr)
 {
-  sockaddr sa;
-  fill_in_sockaddr(&sa, a, 0);
-  return sk_set_md5_auth_int(s, &sa, passwd);
+  if (sk_is_ipv4(s))
+    return sk_join_group4(s, maddr);
+  else
+    return sk_join_group6(s, maddr);
 }
 
+/**
+ * sk_leave_group - leave multicast group for given socket
+ * @s: socket
+ * @maddr: multicast address
+ *
+ * Leave multicast group for given datagram socket and associated interface.
+ * The socket must have defined @iface.
+ *
+ * Result: 0 for success, -1 for an error.
+ */
+
 int
-sk_set_broadcast(sock *s, int enable)
+sk_leave_group(sock *s, ip_addr maddr)
 {
-  if (setsockopt(s->fd, SOL_SOCKET, SO_BROADCAST, &enable, sizeof(enable)) < 0)
-    {
-      log(L_ERR "sk_set_broadcast: SO_BROADCAST: %m");
-      return -1;
-    }
-
-  return 0;
+  if (sk_is_ipv4(s))
+    return sk_leave_group4(s, maddr);
+  else
+    return sk_leave_group6(s, maddr);
 }
 
-
-#ifdef IPV6
+/**
+ * sk_setup_broadcast - enable broadcast for given socket
+ * @s: socket
+ *
+ * Allow reception and transmission of broadcast packets for given datagram
+ * socket. The socket must have defined @iface. For transmission, packets should
+ * be send to @brd address of @iface.
+ *
+ * Result: 0 for success, -1 for an error.
+ */
 
 int
-sk_set_ipv6_checksum(sock *s, int offset)
+sk_setup_broadcast(sock *s)
 {
-  if (setsockopt(s->fd, IPPROTO_IPV6, IPV6_CHECKSUM, &offset, sizeof(offset)) < 0)
-    {
-      log(L_ERR "sk_set_ipv6_checksum: IPV6_CHECKSUM: %m");
-      return -1;
-    }
+  int y = 1;
+
+  if (setsockopt(s->fd, SOL_SOCKET, SO_BROADCAST, &y, sizeof(y)) < 0)
+    ERR("SO_BROADCAST");
 
   return 0;
 }
 
-int
-sk_setup_multicast(sock *s)
-{
-  char *err;
-  int zero = 0;
-  int index;
-
-  ASSERT(s->iface && s->iface->addr);
-
-  index = s->iface->index;
-  if (setsockopt(s->fd, SOL_IPV6, IPV6_MULTICAST_HOPS, &s->ttl, sizeof(s->ttl)) < 0)
-    ERR("IPV6_MULTICAST_HOPS");
-  if (setsockopt(s->fd, SOL_IPV6, IPV6_MULTICAST_LOOP, &zero, sizeof(zero)) < 0)
-    ERR("IPV6_MULTICAST_LOOP");
-  if (setsockopt(s->fd, SOL_IPV6, IPV6_MULTICAST_IF, &index, sizeof(index)) < 0)
-    ERR("IPV6_MULTICAST_IF");
+/**
+ * sk_set_ttl - set transmit TTL for given socket
+ * @s: socket
+ * @ttl: TTL value
+ *
+ * Set TTL for already opened connections when TTL was not set before. Useful
+ * for accepted connections when different ones should have different TTL.
+ *
+ * Result: 0 for success, -1 for an error.
+ */
 
-  return 0;
+int
+sk_set_ttl(sock *s, int ttl)
+{
+  s->ttl = ttl;
 
-bad:
-  log(L_ERR "sk_setup_multicast: %s: %m", err);
-  return -1;
+  if (sk_is_ipv4(s))
+    return sk_set_ttl4(s, ttl);
+  else
+    return sk_set_ttl6(s, ttl);
 }
 
+/**
+ * sk_set_min_ttl - set minimal accepted TTL for given socket
+ * @s: socket
+ * @ttl: TTL value
+ *
+ * Set minimal accepted TTL for given socket. Can be used for TTL security.
+ * implementations.
+ *
+ * Result: 0 for success, -1 for an error.
+ */
+
 int
-sk_join_group(sock *s, ip_addr maddr)
+sk_set_min_ttl(sock *s, int ttl)
 {
-  struct ipv6_mreq mreq;
-       
-  set_inaddr(&mreq.ipv6mr_multiaddr, maddr);
+  if (sk_is_ipv4(s))
+    return sk_set_min_ttl4(s, ttl);
+  else
+    return sk_set_min_ttl6(s, ttl);
+}
 
-#ifdef CONFIG_IPV6_GLIBC_20
-  mreq.ipv6mr_ifindex = s->iface->index;
-#else
-  mreq.ipv6mr_interface = s->iface->index;
+#if 0
+/**
+ * sk_set_md5_auth - add / remove MD5 security association for given socket
+ * @s: socket
+ * @local: IP address of local side
+ * @remote: IP address of remote side
+ * @ifa: Interface for link-local IP address
+ * @passwd: Password used for MD5 authentication
+ * @setkey: Update also system SA/SP database
+ *
+ * In TCP MD5 handling code in kernel, there is a set of security associations
+ * used for choosing password and other authentication parameters according to
+ * the local and remote address. This function is useful for listening socket,
+ * for active sockets it may be enough to set s->password field.
+ *
+ * When called with passwd != NULL, the new pair is added,
+ * When called with passwd == NULL, the existing pair is removed.
+ *
+ * Note that while in Linux, the MD5 SAs are specific to socket, in BSD they are
+ * stored in global SA/SP database (but the behavior also must be enabled on
+ * per-socket basis). In case of multiple sockets to the same neighbor, the
+ * socket-specific state must be configured for each socket while global state
+ * just once per src-dst pair. The @setkey argument controls whether the global
+ * state (SA/SP database) is also updated.
+ *
+ * Result: 0 for success, -1 for an error.
+ */
+
+int
+sk_set_md5_auth(sock *s, ip_addr local, ip_addr remote, struct iface *ifa, char *passwd, int setkey)
+{ DUMMY; }
 #endif
 
-  if (setsockopt(s->fd, SOL_IPV6, IPV6_JOIN_GROUP, &mreq, sizeof(mreq)) < 0)
-    {
-      log(L_ERR "sk_join_group: IPV6_JOIN_GROUP: %m");
-      return -1;
-    }
+/**
+ * sk_set_ipv6_checksum - specify IPv6 checksum offset for given socket
+ * @s: socket
+ * @offset: offset
+ *
+ * Specify IPv6 checksum field offset for given raw IPv6 socket. After that, the
+ * kernel will automatically fill it for outgoing packets and check it for
+ * incoming packets. Should not be used on ICMPv6 sockets, where the position is
+ * known to the kernel.
+ *
+ * Result: 0 for success, -1 for an error.
+ */
+
+int
+sk_set_ipv6_checksum(sock *s, int offset)
+{
+  if (setsockopt(s->fd, SOL_IPV6, IPV6_CHECKSUM, &offset, sizeof(offset)) < 0)
+    ERR("IPV6_CHECKSUM");
 
   return 0;
 }
 
 int
-sk_leave_group(sock *s, ip_addr maddr)
+sk_set_icmp6_filter(sock *s, int p1, int p2)
 {
-  struct ipv6_mreq mreq;
-       
-  set_inaddr(&mreq.ipv6mr_multiaddr, maddr);
+  /* a bit of lame interface, but it is here only for Radv */
+  struct icmp6_filter f;
 
-#ifdef CONFIG_IPV6_GLIBC_20
-  mreq.ipv6mr_ifindex = s->iface->index;
-#else
-  mreq.ipv6mr_interface = s->iface->index;
-#endif
+  ICMP6_FILTER_SETBLOCKALL(&f);
+  ICMP6_FILTER_SETPASS(p1, &f);
+  ICMP6_FILTER_SETPASS(p2, &f);
 
-  if (setsockopt(s->fd, SOL_IPV6, IPV6_LEAVE_GROUP, &mreq, sizeof(mreq)) < 0)
-    {
-      log(L_ERR "sk_leave_group: IPV6_LEAVE_GROUP: %m");
-      return -1;
-    }
+  if (setsockopt(s->fd, SOL_ICMPV6, ICMP6_FILTER, &f, sizeof(f)) < 0)
+    ERR("ICMP6_FILTER");
 
   return 0;
 }
 
-/* PKTINFO handling is also standardized in IPv6 */
-#define CMSG_RX_SPACE CMSG_SPACE(sizeof(struct in6_pktinfo))
+void
+sk_log_error(sock *s, const char *p)
+{
+  log(L_ERR "%s: Socket error: %s%#m", p, s->err);
+}
+
 
-static char *
-sysio_register_cmsgs(sock *s)
+/*
+ *     Actual struct birdsock code
+ */
+
+static list sock_list;
+static struct birdsock *current_sock;
+static struct birdsock *stored_sock;
+
+static inline sock *
+sk_next(sock *s)
 {
-  int ok = 1;
-  if ((s->flags & SKF_LADDR_RX) &&
-      setsockopt(s->fd, IPPROTO_IPV6, IPV6_RECVPKTINFO, &ok, sizeof(ok)) < 0)
-    return "IPV6_RECVPKTINFO";
+  if (!s->n.next->next)
+    return NULL;
+  else
+    return SKIP_BACK(sock, n, s->n.next);
+}
 
-  return NULL;
+static void
+sk_alloc_bufs(sock *s)
+{
+  if (!s->rbuf && s->rbsize)
+    s->rbuf = s->rbuf_alloc = xmalloc(s->rbsize);
+  s->rpos = s->rbuf;
+  if (!s->tbuf && s->tbsize)
+    s->tbuf = s->tbuf_alloc = xmalloc(s->tbsize);
+  s->tpos = s->ttx = s->tbuf;
 }
 
-void
-sysio_process_rx_cmsgs(sock *s, struct msghdr *msg)
+static void
+sk_free_bufs(sock *s)
 {
-  struct cmsghdr *cm;
-  struct in6_pktinfo *pi = NULL;
+  if (s->rbuf_alloc)
+  {
+    xfree(s->rbuf_alloc);
+    s->rbuf = s->rbuf_alloc = NULL;
+  }
+  if (s->tbuf_alloc)
+  {
+    xfree(s->tbuf_alloc);
+    s->tbuf = s->tbuf_alloc = NULL;
+  }
+}
 
-  if (!(s->flags & SKF_LADDR_RX))
-    return;
+static void
+sk_free(resource *r)
+{
+  sock *s = (sock *) r;
 
-  for (cm = CMSG_FIRSTHDR(msg); cm != NULL; cm = CMSG_NXTHDR(msg, cm))
-    {
-      if (cm->cmsg_level == IPPROTO_IPV6 && cm->cmsg_type == IPV6_PKTINFO)
-       pi = (struct in6_pktinfo *) CMSG_DATA(cm);
-    }
+  sk_free_bufs(s);
+  if (s->fd >= 0)
+  {
+    close(s->fd);
 
-  if (!pi)
-    {
-      s->laddr = IPA_NONE;
-      s->lifindex = 0;
+    /* FIXME: we should call sk_stop() for SKF_THREAD sockets */
+    if (s->flags & SKF_THREAD)
       return;
-    }
 
-  get_inaddr(&s->laddr, &pi->ipi6_addr);
-  s->lifindex = pi->ipi6_ifindex;
-  return;
+    if (s == current_sock)
+      current_sock = sk_next(s);
+    if (s == stored_sock)
+      stored_sock = sk_next(s);
+    rem_node(&s->n);
+  }
 }
 
 void
-sysio_prepare_tx_cmsgs(sock *s, struct msghdr *msg)
+sk_set_rbsize(sock *s, uint val)
 {
-  struct cmsghdr *cm;
-  struct in6_pktinfo *pi;
+  ASSERT(s->rbuf_alloc == s->rbuf);
 
-  if (!(s->flags & SKF_LADDR_TX))
-    {
-      msg->msg_controllen = 0;
-      return;
-    }
+  if (s->rbsize == val)
+    return;
 
-  cm = CMSG_FIRSTHDR(msg);
-  cm->cmsg_level = IPPROTO_IPV6;
-  cm->cmsg_type = PIV6_PKTINFO;
-  cm->cmsg_len = CMSG_LEN(sizeof(*pi));
+  s->rbsize = val;
+  xfree(s->rbuf_alloc);
+  s->rbuf_alloc = xmalloc(val);
+  s->rpos = s->rbuf = s->rbuf_alloc;
+}
 
-  pi = (struct in6_pktinfo *) CMSG_DATA(cm);
-  set_inaddr(&pi->ipi6_addr, s->saddr);
-  pi->ipi6_ifindex = s->iface ? s->iface->index : 0;
+void
+sk_set_tbsize(sock *s, uint val)
+{
+  ASSERT(s->tbuf_alloc == s->tbuf);
 
-  msg->msg_controllen = cmsg->cmsg_len;
-  return;
+  if (s->tbsize == val)
+    return;
+
+  byte *old_tbuf = s->tbuf;
+
+  s->tbsize = val;
+  s->tbuf = s->tbuf_alloc = xrealloc(s->tbuf_alloc, val);
+  s->tpos = s->tbuf + (s->tpos - old_tbuf);
+  s->ttx  = s->tbuf + (s->ttx  - old_tbuf);
 }
 
-#else /* IPV4 */
+void
+sk_set_tbuf(sock *s, void *tbuf)
+{
+  s->tbuf = tbuf ?: s->tbuf_alloc;
+  s->ttx = s->tpos = s->tbuf;
+}
 
-int
-sk_setup_multicast(sock *s)
+void
+sk_reallocate(sock *s)
 {
-  char *err;
+  sk_free_bufs(s);
+  sk_alloc_bufs(s);
+}
 
-  ASSERT(s->iface && s->iface->addr);
+static void
+sk_dump(resource *r)
+{
+  sock *s = (sock *) r;
+  static char *sk_type_names[] = { "TCP<", "TCP>", "TCP", "UDP", NULL, "IP", NULL, "MAGIC", "UNIX<", "UNIX", "DEL!" };
 
-  if (err = sysio_setup_multicast(s))
-    {
-      log(L_ERR "sk_setup_multicast: %s: %m", err);
-      return -1;
-    }
+  debug("(%s, ud=%p, sa=%I, sp=%d, da=%I, dp=%d, tos=%d, ttl=%d, if=%s)\n",
+       sk_type_names[s->type],
+       s->data,
+       s->saddr,
+       s->sport,
+       s->daddr,
+       s->dport,
+       s->tos,
+       s->ttl,
+       s->iface ? s->iface->name : "none");
+}
 
-  return 0;
+static struct resclass sk_class = {
+  "Socket",
+  sizeof(sock),
+  sk_free,
+  sk_dump,
+  NULL,
+  NULL
+};
+
+/**
+ * sk_new - create a socket
+ * @p: pool
+ *
+ * This function creates a new socket resource. If you want to use it,
+ * you need to fill in all the required fields of the structure and
+ * call sk_open() to do the actual opening of the socket.
+ *
+ * The real function name is sock_new(), sk_new() is a macro wrapper
+ * to avoid collision with OpenSSL.
+ */
+sock *
+sock_new(pool *p)
+{
+  sock *s = ralloc(p, &sk_class);
+  s->pool = p;
+  // s->saddr = s->daddr = IPA_NONE;
+  s->tos = s->priority = s->ttl = -1;
+  s->fd = -1;
+  return s;
 }
 
-int
-sk_join_group(sock *s, ip_addr maddr)
+static int
+sk_setup(sock *s)
 {
- char *err;
+  int y = 1;
+  int fd = s->fd;
 
- if (err = sysio_join_group(s, maddr))
-    {
-      log(L_ERR "sk_join_group: %s: %m", err);
-      return -1;
-    }
+  if (fcntl(fd, F_SETFL, O_NONBLOCK) < 0)
+    ERR("O_NONBLOCK");
 
-  return 0;
-}
+  if (!s->af)
+    return 0;
 
-int
-sk_leave_group(sock *s, ip_addr maddr)
-{
- char *err;
+  if (ipa_nonzero(s->saddr) && !(s->flags & SKF_BIND))
+    s->flags |= SKF_PKTINFO;
 
- if (err = sysio_leave_group(s, maddr))
-    {
-      log(L_ERR "sk_leave_group: %s: %m", err);
+#ifdef CONFIG_USE_HDRINCL
+  if (sk_is_ipv4(s) && (s->type == SK_IP) && (s->flags & SKF_PKTINFO))
+  {
+    s->flags &= ~SKF_PKTINFO;
+    s->flags |= SKF_HDRINCL;
+    if (setsockopt(fd, SOL_IP, IP_HDRINCL, &y, sizeof(y)) < 0)
+      ERR("IP_HDRINCL");
+  }
+#endif
+
+  if (s->vrf && !s->iface)
+  {
+    /* Bind socket to associated VRF interface.
+       This is Linux-specific, but so is SO_BINDTODEVICE. */
+#ifdef SO_BINDTODEVICE
+    struct ifreq ifr = {};
+    strcpy(ifr.ifr_name, s->vrf->name);
+    if (setsockopt(s->fd, SOL_SOCKET, SO_BINDTODEVICE, &ifr, sizeof(ifr)) < 0)
+      ERR("SO_BINDTODEVICE");
+#endif
+  }
+
+  if (s->iface)
+  {
+#ifdef SO_BINDTODEVICE
+    struct ifreq ifr = {};
+    strcpy(ifr.ifr_name, s->iface->name);
+    if (setsockopt(s->fd, SOL_SOCKET, SO_BINDTODEVICE, &ifr, sizeof(ifr)) < 0)
+      ERR("SO_BINDTODEVICE");
+#endif
+
+#ifdef CONFIG_UNIX_DONTROUTE
+    if (setsockopt(s->fd, SOL_SOCKET, SO_DONTROUTE, &y, sizeof(y)) < 0)
+      ERR("SO_DONTROUTE");
+#endif
+  }
+
+  if (sk_is_ipv4(s))
+  {
+    if (s->flags & SKF_LADDR_RX)
+      if (sk_request_cmsg4_pktinfo(s) < 0)
+       return -1;
+
+    if (s->flags & SKF_TTL_RX)
+      if (sk_request_cmsg4_ttl(s) < 0)
+       return -1;
+
+    if ((s->type == SK_UDP) || (s->type == SK_IP))
+      if (sk_disable_mtu_disc4(s) < 0)
+       return -1;
+
+    if (s->ttl >= 0)
+      if (sk_set_ttl4(s, s->ttl) < 0)
+       return -1;
+
+    if (s->tos >= 0)
+      if (sk_set_tos4(s, s->tos) < 0)
+       return -1;
+  }
+
+  if (sk_is_ipv6(s))
+  {
+    if (s->flags & SKF_V6ONLY)
+      if (setsockopt(fd, SOL_IPV6, IPV6_V6ONLY, &y, sizeof(y)) < 0)
+       ERR("IPV6_V6ONLY");
+
+    if (s->flags & SKF_LADDR_RX)
+      if (sk_request_cmsg6_pktinfo(s) < 0)
+       return -1;
+
+    if (s->flags & SKF_TTL_RX)
+      if (sk_request_cmsg6_ttl(s) < 0)
+       return -1;
+
+    if ((s->type == SK_UDP) || (s->type == SK_IP))
+      if (sk_disable_mtu_disc6(s) < 0)
+       return -1;
+
+    if (s->ttl >= 0)
+      if (sk_set_ttl6(s, s->ttl) < 0)
+       return -1;
+
+    if (s->tos >= 0)
+      if (sk_set_tos6(s, s->tos) < 0)
+       return -1;
+  }
+
+  /* Must be after sk_set_tos4() as setting ToS on Linux also mangles priority */
+  if (s->priority >= 0)
+    if (sk_set_priority(s, s->priority) < 0)
       return -1;
-    }
 
   return 0;
 }
 
-#endif 
-
+static void
+sk_insert(sock *s)
+{
+  add_tail(&sock_list, &s->n);
+}
 
 static void
 sk_tcp_connected(sock *s)
 {
+  sockaddr sa;
+  int sa_len = sizeof(sa);
+
+  if ((getsockname(s->fd, &sa.sa, &sa_len) < 0) ||
+      (sockaddr_read(&sa, s->af, &s->saddr, &s->iface, &s->sport) < 0))
+    log(L_WARN "SOCK: Cannot get local IP address for TCP>");
+
   s->type = SK_TCP;
   sk_alloc_bufs(s);
   s->tx_hook(s);
 }
 
 static int
-sk_passive_connected(sock *s, struct sockaddr *sa, int al, int type)
+sk_passive_connected(sock *s, int type)
 {
-  int fd = accept(s->fd, sa, &al);
-  if (fd >= 0)
-    {
-      sock *t = sk_new(s->pool);
-      char *err;
-      t->type = type;
-      t->fd = fd;
-      t->ttl = s->ttl;
-      t->tos = s->tos;
-      t->rbsize = s->rbsize;
-      t->tbsize = s->tbsize;
-      if (type == SK_TCP)
-       {
-         sockaddr lsa;
-         int lsa_len = sizeof(lsa);
-         if (getsockname(fd, (struct sockaddr *) &lsa, &lsa_len) == 0)
-           get_sockaddr(&lsa, &t->saddr, &t->sport, 1);
+  sockaddr loc_sa, rem_sa;
+  int loc_sa_len = sizeof(loc_sa);
+  int rem_sa_len = sizeof(rem_sa);
 
-         get_sockaddr((sockaddr *) sa, &t->daddr, &t->dport, 1);
-       }
-      sk_insert(t);
-      if (err = sk_setup(t))
-       {
-         log(L_ERR "Incoming connection: %s: %m", err);
-         rfree(t);
-         return 1;
-       }
-      sk_alloc_bufs(t);
-      s->rx_hook(t, 0);
-      return 1;
-    }
-  else if (errno != EINTR && errno != EAGAIN)
-    {
+  int fd = accept(s->fd, ((type == SK_TCP) ? &rem_sa.sa : NULL), &rem_sa_len);
+  if (fd < 0)
+  {
+    if ((errno != EINTR) && (errno != EAGAIN))
       s->err_hook(s, errno);
-    }
-  return 0;
+    return 0;
+  }
+
+  sock *t = sk_new(s->pool);
+  t->type = type;
+  t->fd = fd;
+  t->af = s->af;
+  t->ttl = s->ttl;
+  t->tos = s->tos;
+  t->rbsize = s->rbsize;
+  t->tbsize = s->tbsize;
+
+  if (type == SK_TCP)
+  {
+    if ((getsockname(fd, &loc_sa.sa, &loc_sa_len) < 0) ||
+       (sockaddr_read(&loc_sa, s->af, &t->saddr, &t->iface, &t->sport) < 0))
+      log(L_WARN "SOCK: Cannot get local IP address for TCP<");
+
+    if (sockaddr_read(&rem_sa, s->af, &t->daddr, &t->iface, &t->dport) < 0)
+      log(L_WARN "SOCK: Cannot get remote IP address for TCP<");
+  }
+
+  if (sk_setup(t) < 0)
+  {
+    /* FIXME: Call err_hook instead ? */
+    log(L_ERR "SOCK: Incoming connection: %s%#m", t->err);
+
+    /* FIXME: handle it better in rfree() */
+    close(t->fd);
+    t->fd = -1;
+    rfree(t);
+    return 1;
+  }
+
+  sk_insert(t);
+  sk_alloc_bufs(t);
+  s->rx_hook(t, 0);
+  return 1;
 }
 
 /**
@@ -1033,108 +1382,117 @@ sk_passive_connected(sock *s, struct sockaddr *sa, int al, int type)
 int
 sk_open(sock *s)
 {
-  int fd;
+  int af = BIRD_AF;
+  int fd = -1;
+  int do_bind = 0;
+  int bind_port = 0;
+  ip_addr bind_addr = IPA_NONE;
   sockaddr sa;
-  int one = 1;
-  int type = s->type;
-  int has_src = ipa_nonzero(s->saddr) || s->sport;
-  char *err;
-
-  switch (type)
-    {
-    case SK_TCP_ACTIVE:
-      s->ttx = "";                     /* Force s->ttx != s->tpos */
-      /* Fall thru */
-    case SK_TCP_PASSIVE:
-      fd = socket(BIRD_PF, SOCK_STREAM, IPPROTO_TCP);
-      break;
-    case SK_UDP:
-      fd = socket(BIRD_PF, SOCK_DGRAM, IPPROTO_UDP);
-      break;
-    case SK_IP:
-      fd = socket(BIRD_PF, SOCK_RAW, s->dport);
-      break;
-    case SK_MAGIC:
-      fd = s->fd;
-      break;
-    default:
-      bug("sk_open() called for invalid sock type %d", type);
-    }
-  if (fd < 0)
-    die("sk_open: socket: %m");
-  s->fd = fd;
-
-  if (err = sk_setup(s))
-    goto bad;
 
-  if (has_src)
-    {
-      int port;
+  switch (s->type)
+  {
+  case SK_TCP_ACTIVE:
+    s->ttx = "";                       /* Force s->ttx != s->tpos */
+    /* Fall thru */
+  case SK_TCP_PASSIVE:
+    fd = socket(af, SOCK_STREAM, IPPROTO_TCP);
+    bind_port = s->sport;
+    bind_addr = s->saddr;
+    do_bind = bind_port || ipa_nonzero(bind_addr);
+    break;
+
+  case SK_UDP:
+    fd = socket(af, SOCK_DGRAM, IPPROTO_UDP);
+    bind_port = s->sport;
+    bind_addr = (s->flags & SKF_BIND) ? s->saddr : IPA_NONE;
+    do_bind = 1;
+    break;
+
+  case SK_IP:
+    fd = socket(af, SOCK_RAW, s->dport);
+    bind_port = 0;
+    bind_addr = (s->flags & SKF_BIND) ? s->saddr : IPA_NONE;
+    do_bind = ipa_nonzero(bind_addr);
+    break;
+
+  case SK_MAGIC:
+    af = 0;
+    fd = s->fd;
+    break;
+
+  default:
+    bug("sk_open() called for invalid sock type %d", s->type);
+  }
 
-      if (type == SK_IP)
-       port = 0;
-      else
-       {
-         port = s->sport;
-         if (setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, &one, sizeof(one)) < 0)
-           ERR("SO_REUSEADDR");
-       }
-      fill_in_sockaddr(&sa, s->saddr, port);
-      fill_in_sockifa(&sa, s->iface);
-      if (bind(fd, (struct sockaddr *) &sa, sizeof(sa)) < 0)
-       ERR("bind");
-    }
-  fill_in_sockaddr(&sa, s->daddr, s->dport);
+  if (fd < 0)
+    ERR("socket");
 
-  if (s->password)
-    {
-      int rv = sk_set_md5_auth_int(s, &sa, s->password);
-      if (rv < 0)
-       goto bad_no_log;
-    }
+  s->af = af;
+  s->fd = fd;
 
-  switch (type)
+  if (sk_setup(s) < 0)
+    goto err;
+
+  if (do_bind)
+  {
+    if (bind_port)
     {
-    case SK_TCP_ACTIVE:
-      if (connect(fd, (struct sockaddr *) &sa, sizeof(sa)) >= 0)
-       sk_tcp_connected(s);
-      else if (errno != EINTR && errno != EAGAIN && errno != EINPROGRESS &&
-              errno != ECONNREFUSED && errno != EHOSTUNREACH)
-       ERR("connect");
-      break;
-    case SK_TCP_PASSIVE:
-      if (listen(fd, 8))
-       ERR("listen");
-      break;
-    case SK_MAGIC:
-      break;
-    default:
-      sk_alloc_bufs(s);
-#ifdef IPV6
-#ifdef IPV6_MTU_DISCOVER
-      {
-       int dont = IPV6_PMTUDISC_DONT;
-       if (setsockopt(fd, SOL_IPV6, IPV6_MTU_DISCOVER, &dont, sizeof(dont)) < 0)
-         ERR("IPV6_MTU_DISCOVER");
-      }
-#endif
-#else
-#ifdef IP_PMTUDISC
+      int y = 1;
+
+      if (setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, &y, sizeof(y)) < 0)
+       ERR2("SO_REUSEADDR");
+
+#ifdef CONFIG_NO_IFACE_BIND
+      /* Workaround missing ability to bind to an iface */
+      if ((s->type == SK_UDP) && s->iface && ipa_zero(bind_addr))
       {
-       int dont = IP_PMTUDISC_DONT;
-       if (setsockopt(fd, SOL_IP, IP_PMTUDISC, &dont, sizeof(dont)) < 0)
-         ERR("IP_PMTUDISC");
+       if (setsockopt(fd, SOL_SOCKET, SO_REUSEPORT, &y, sizeof(y)) < 0)
+         ERR2("SO_REUSEPORT");
       }
-#endif
 #endif
     }
+    else
+      if (s->flags & SKF_HIGH_PORT)
+       if (sk_set_high_port(s) < 0)
+         log(L_WARN "Socket error: %s%#m", s->err);
+
+    sockaddr_fill(&sa, af, bind_addr, s->iface, bind_port);
+    if (bind(fd, &sa.sa, SA_LEN(sa)) < 0)
+      ERR2("bind");
+  }
 
-  sk_insert(s);
+  if (s->password)
+    if (sk_set_md5_auth(s, s->saddr, s->daddr, s->iface, s->password, 0) < 0)
+      goto err;
+
+  switch (s->type)
+  {
+  case SK_TCP_ACTIVE:
+    sockaddr_fill(&sa, af, s->daddr, s->iface, s->dport);
+    if (connect(fd, &sa.sa, SA_LEN(sa)) >= 0)
+      sk_tcp_connected(s);
+    else if (errno != EINTR && errno != EAGAIN && errno != EINPROGRESS &&
+            errno != ECONNREFUSED && errno != EHOSTUNREACH && errno != ENETUNREACH)
+      ERR2("connect");
+    break;
+
+  case SK_TCP_PASSIVE:
+    if (listen(fd, 8) < 0)
+      ERR2("listen");
+    break;
+
+  case SK_MAGIC:
+    break;
+
+  default:
+    sk_alloc_bufs(s);
+  }
+
+  if (!(s->flags & SKF_THREAD))
+    sk_insert(s);
   return 0;
 
-bad:
-  log(L_ERR "sk_open: %s: %m", err);
-bad_no_log:
+err:
   close(fd);
   s->fd = -1;
   return -1;
@@ -1143,37 +1501,145 @@ bad_no_log:
 int
 sk_open_unix(sock *s, char *name)
 {
-  int fd;
   struct sockaddr_un sa;
-  char *err;
+  int fd;
+
+  /* We are sloppy during error (leak fd and not set s->err), but we die anyway */
 
   fd = socket(AF_UNIX, SOCK_STREAM, 0);
   if (fd < 0)
-    die("sk_open_unix: socket: %m");
-  s->fd = fd;
-  if (err = sk_setup(s))
-    goto bad;
-  unlink(name);
- 
-  if (strlen(name) >= sizeof(sa.sun_path))
-    die("sk_open_unix: path too long");
+    return -1;
+
+  if (fcntl(fd, F_SETFL, O_NONBLOCK) < 0)
+    return -1;
 
+  /* Path length checked in test_old_bird() */
   sa.sun_family = AF_UNIX;
   strcpy(sa.sun_path, name);
+
   if (bind(fd, (struct sockaddr *) &sa, SUN_LEN(&sa)) < 0)
-    ERR("bind");
-  if (listen(fd, 8))
-    ERR("listen");
+    return -1;
+
+  if (listen(fd, 8) < 0)
+    return -1;
+
+  s->fd = fd;
   sk_insert(s);
   return 0;
+}
 
-bad:
-  log(L_ERR "sk_open_unix: %s: %m", err);
-  close(fd);
-  s->fd = -1;
-  return -1;
+
+#define CMSG_RX_SPACE MAX(CMSG4_SPACE_PKTINFO+CMSG4_SPACE_TTL, \
+                         CMSG6_SPACE_PKTINFO+CMSG6_SPACE_TTL)
+#define CMSG_TX_SPACE MAX(CMSG4_SPACE_PKTINFO,CMSG6_SPACE_PKTINFO)
+
+static void
+sk_prepare_cmsgs(sock *s, struct msghdr *msg, void *cbuf, size_t cbuflen)
+{
+  if (sk_is_ipv4(s))
+    sk_prepare_cmsgs4(s, msg, cbuf, cbuflen);
+  else
+    sk_prepare_cmsgs6(s, msg, cbuf, cbuflen);
+}
+
+static void
+sk_process_cmsgs(sock *s, struct msghdr *msg)
+{
+  struct cmsghdr *cm;
+
+  s->laddr = IPA_NONE;
+  s->lifindex = 0;
+  s->rcv_ttl = -1;
+
+  for (cm = CMSG_FIRSTHDR(msg); cm != NULL; cm = CMSG_NXTHDR(msg, cm))
+  {
+    if ((cm->cmsg_level == SOL_IP) && sk_is_ipv4(s))
+    {
+      sk_process_cmsg4_pktinfo(s, cm);
+      sk_process_cmsg4_ttl(s, cm);
+    }
+
+    if ((cm->cmsg_level == SOL_IPV6) && sk_is_ipv6(s))
+    {
+      sk_process_cmsg6_pktinfo(s, cm);
+      sk_process_cmsg6_ttl(s, cm);
+    }
+  }
+}
+
+
+static inline int
+sk_sendmsg(sock *s)
+{
+  struct iovec iov = {s->tbuf, s->tpos - s->tbuf};
+  byte cmsg_buf[CMSG_TX_SPACE];
+  sockaddr dst;
+
+  sockaddr_fill(&dst, s->af, s->daddr, s->iface, s->dport);
+
+  struct msghdr msg = {
+    .msg_name = &dst.sa,
+    .msg_namelen = SA_LEN(dst),
+    .msg_iov = &iov,
+    .msg_iovlen = 1
+  };
+
+#ifdef CONFIG_USE_HDRINCL
+  byte hdr[20];
+  struct iovec iov2[2] = { {hdr, 20}, iov };
+
+  if (s->flags & SKF_HDRINCL)
+  {
+    sk_prepare_ip_header(s, hdr, iov.iov_len);
+    msg.msg_iov = iov2;
+    msg.msg_iovlen = 2;
+  }
+#endif
+
+  if (s->flags & SKF_PKTINFO)
+    sk_prepare_cmsgs(s, &msg, cmsg_buf, sizeof(cmsg_buf));
+
+  return sendmsg(s->fd, &msg, 0);
 }
 
+static inline int
+sk_recvmsg(sock *s)
+{
+  struct iovec iov = {s->rbuf, s->rbsize};
+  byte cmsg_buf[CMSG_RX_SPACE];
+  sockaddr src;
+
+  struct msghdr msg = {
+    .msg_name = &src.sa,
+    .msg_namelen = sizeof(src), // XXXX ??
+    .msg_iov = &iov,
+    .msg_iovlen = 1,
+    .msg_control = cmsg_buf,
+    .msg_controllen = sizeof(cmsg_buf),
+    .msg_flags = 0
+  };
+
+  int rv = recvmsg(s->fd, &msg, 0);
+  if (rv < 0)
+    return rv;
+
+  //ifdef IPV4
+  //  if (cf_type == SK_IP)
+  //    rv = ipv4_skip_header(pbuf, rv);
+  //endif
+
+  sockaddr_read(&src, s->af, &s->faddr, NULL, &s->fport);
+  sk_process_cmsgs(s, &msg);
+
+  if (msg.msg_flags & MSG_TRUNC)
+    s->flags |= SKF_TRUNCATED;
+  else
+    s->flags &= ~SKF_TRUNCATED;
+
+  return rv;
+}
+
+
 static inline void reset_tx_buffer(sock *s) { s->ttx = s->tpos = s->tbuf; }
 
 static int
@@ -1182,87 +1648,69 @@ sk_maybe_write(sock *s)
   int e;
 
   switch (s->type)
+  {
+  case SK_TCP:
+  case SK_MAGIC:
+  case SK_UNIX:
+    while (s->ttx != s->tpos)
     {
-    case SK_TCP:
-    case SK_MAGIC:
-    case SK_UNIX:
-      while (s->ttx != s->tpos)
+      e = write(s->fd, s->ttx, s->tpos - s->ttx);
+
+      if (e < 0)
+      {
+       if (errno != EINTR && errno != EAGAIN)
        {
-         e = write(s->fd, s->ttx, s->tpos - s->ttx);
-         if (e < 0)
-           {
-             if (errno != EINTR && errno != EAGAIN)
-               {
-                 reset_tx_buffer(s);
-                 s->err_hook(s, errno);
-                 return -1;
-               }
-             return 0;
-           }
-         s->ttx += e;
+         reset_tx_buffer(s);
+         /* EPIPE is just a connection close notification during TX */
+         s->err_hook(s, (errno != EPIPE) ? errno : 0);
+         return -1;
        }
-      reset_tx_buffer(s);
-      return 1;
-    case SK_UDP:
-    case SK_IP:
-      {
-       if (s->tbuf == s->tpos)
-         return 1;
-
-       sockaddr sa;
-       fill_in_sockaddr(&sa, s->daddr, s->dport);
-       fill_in_sockifa(&sa, s->iface);
-
-       struct iovec iov = {s->tbuf, s->tpos - s->tbuf};
-       byte cmsg_buf[CMSG_TX_SPACE];
-
-       struct msghdr msg = {
-         .msg_name = &sa,
-         .msg_namelen = sizeof(sa),
-         .msg_iov = &iov,
-         .msg_iovlen = 1,
-         .msg_control = cmsg_buf,
-         .msg_controllen = sizeof(cmsg_buf),
-         .msg_flags = 0};
-
-       sysio_prepare_tx_cmsgs(s, &msg);
-       e = sendmsg(s->fd, &msg, 0);
-
-       if (e < 0)
-         {
-           if (errno != EINTR && errno != EAGAIN)
-             {
-               reset_tx_buffer(s);
-               s->err_hook(s, errno);
-               return -1;
-             }
-           return 0;
-         }
-       reset_tx_buffer(s);
+       return 0;
+      }
+      s->ttx += e;
+    }
+    reset_tx_buffer(s);
+    return 1;
+
+  case SK_UDP:
+  case SK_IP:
+    {
+      if (s->tbuf == s->tpos)
        return 1;
+
+      e = sk_sendmsg(s);
+
+      if (e < 0)
+      {
+       if (errno != EINTR && errno != EAGAIN)
+       {
+         reset_tx_buffer(s);
+         s->err_hook(s, errno);
+         return -1;
+       }
+
+       if (!s->tx_hook)
+         reset_tx_buffer(s);
+       return 0;
       }
-    default:
-      bug("sk_maybe_write: unknown socket type %d", s->type);
+      reset_tx_buffer(s);
+      return 1;
     }
+  default:
+    bug("sk_maybe_write: unknown socket type %d", s->type);
+  }
 }
 
 int
 sk_rx_ready(sock *s)
 {
-  fd_set rd, wr;
-  struct timeval timo;
   int rv;
-
-  FD_ZERO(&rd);
-  FD_ZERO(&wr);
-  FD_SET(s->fd, &rd);
-
-  timo.tv_sec = 0;
-  timo.tv_usec = 0;
+  struct pollfd pfd = { .fd = s->fd };
+  pfd.events |= POLLIN;
 
  redo:
-  rv = select(s->fd+1, &rd, &wr, NULL, &timo);
-  
+  rv = poll(&pfd, 1, 0);
+
   if ((rv < 0) && (errno == EINTR || errno == EAGAIN))
     goto redo;
 
@@ -1298,12 +1746,15 @@ sk_send(sock *s, unsigned len)
  *
  * This is a sk_send() replacement for connection-less packet sockets
  * which allows destination of the packet to be chosen dynamically.
+ * Raw IP sockets should use 0 for @port.
  */
 int
 sk_send_to(sock *s, unsigned len, ip_addr addr, unsigned port)
 {
   s->daddr = addr;
-  s->dport = port;
+  if (port)
+    s->dport = port;
+
   s->ttx = s->tbuf;
   s->tpos = s->tbuf + len;
   return sk_maybe_write(s);
@@ -1324,106 +1775,111 @@ sk_send_full(sock *s, unsigned len, struct iface *ifa,
 }
 */
 
-static int
-sk_read(sock *s)
+ /* sk_read() and sk_write() are called from BFD's event loop */
+
+int
+sk_read(sock *s, int revents)
 {
   switch (s->type)
+  {
+  case SK_TCP_PASSIVE:
+    return sk_passive_connected(s, SK_TCP);
+
+  case SK_UNIX_PASSIVE:
+    return sk_passive_connected(s, SK_UNIX);
+
+  case SK_TCP:
+  case SK_UNIX:
     {
-    case SK_TCP_PASSIVE:
+      int c = read(s->fd, s->rpos, s->rbuf + s->rbsize - s->rpos);
+
+      if (c < 0)
       {
-       sockaddr sa;
-       return sk_passive_connected(s, (struct sockaddr *) &sa, sizeof(sa), SK_TCP);
+       if (errno != EINTR && errno != EAGAIN)
+         s->err_hook(s, errno);
+       else if (errno == EAGAIN && !(revents & POLLIN))
+       {
+         log(L_ERR "Got EAGAIN from read when revents=%x (without POLLIN)", revents);
+         s->err_hook(s, 0);
+       }
       }
-    case SK_UNIX_PASSIVE:
+      else if (!c)
+       s->err_hook(s, 0);
+      else
       {
-       struct sockaddr_un sa;
-       return sk_passive_connected(s, (struct sockaddr *) &sa, sizeof(sa), SK_UNIX);
+       s->rpos += c;
+       if (s->rx_hook(s, s->rpos - s->rbuf))
+       {
+         /* We need to be careful since the socket could have been deleted by the hook */
+         if (current_sock == s)
+           s->rpos = s->rbuf;
+       }
+       return 1;
       }
-    case SK_TCP:
-    case SK_UNIX:
+      return 0;
+    }
+
+  case SK_MAGIC:
+    return s->rx_hook(s, 0);
+
+  default:
+    {
+      int e = sk_recvmsg(s);
+
+      if (e < 0)
       {
-       int c = read(s->fd, s->rpos, s->rbuf + s->rbsize - s->rpos);
-
-       if (c < 0)
-         {
-           if (errno != EINTR && errno != EAGAIN)
-             s->err_hook(s, errno);
-         }
-       else if (!c)
-         s->err_hook(s, 0);
-       else
-         {
-           s->rpos += c;
-           if (s->rx_hook(s, s->rpos - s->rbuf))
-             {
-               /* We need to be careful since the socket could have been deleted by the hook */
-               if (current_sock == s)
-                 s->rpos = s->rbuf;
-             }
-           return 1;
-         }
+       if (errno != EINTR && errno != EAGAIN)
+         s->err_hook(s, errno);
        return 0;
       }
-    case SK_MAGIC:
-      return s->rx_hook(s, 0);
-    default:
-      {
-       sockaddr sa;
-       int e;
-
-       struct iovec iov = {s->rbuf, s->rbsize};
-       byte cmsg_buf[CMSG_RX_SPACE];
-
-       struct msghdr msg = {
-         .msg_name = &sa,
-         .msg_namelen = sizeof(sa),
-         .msg_iov = &iov,
-         .msg_iovlen = 1,
-         .msg_control = cmsg_buf,
-         .msg_controllen = sizeof(cmsg_buf),
-         .msg_flags = 0};
-
-       e = recvmsg(s->fd, &msg, 0);
-
-       if (e < 0)
-         {
-           if (errno != EINTR && errno != EAGAIN)
-             s->err_hook(s, errno);
-           return 0;
-         }
-       s->rpos = s->rbuf + e;
-       get_sockaddr(&sa, &s->faddr, &s->fport, 1);
-       sysio_process_rx_cmsgs(s, &msg);
-
-       s->rx_hook(s, e);
-       return 1;
-      }
+
+      s->rpos = s->rbuf + e;
+      s->rx_hook(s, e);
+      return 1;
     }
+  }
 }
 
-static int
+int
 sk_write(sock *s)
 {
   switch (s->type)
+  {
+  case SK_TCP_ACTIVE:
     {
-    case SK_TCP_ACTIVE:
-      {
-       sockaddr sa;
-       fill_in_sockaddr(&sa, s->daddr, s->dport);
-       if (connect(s->fd, (struct sockaddr *) &sa, sizeof(sa)) >= 0 || errno == EISCONN)
-         sk_tcp_connected(s);
-       else if (errno != EINTR && errno != EAGAIN && errno != EINPROGRESS)
-         s->err_hook(s, errno);
-       return 0;
-      }
-    default:
-      if (s->ttx != s->tpos && sk_maybe_write(s) > 0)
-       {
-         s->tx_hook(s);
-         return 1;
-       }
+      sockaddr sa;
+      sockaddr_fill(&sa, s->af, s->daddr, s->iface, s->dport);
+
+      if (connect(s->fd, &sa.sa, SA_LEN(sa)) >= 0 || errno == EISCONN)
+       sk_tcp_connected(s);
+      else if (errno != EINTR && errno != EAGAIN && errno != EINPROGRESS)
+       s->err_hook(s, errno);
       return 0;
     }
+
+  default:
+    if (s->ttx != s->tpos && sk_maybe_write(s) > 0)
+    {
+      if (s->tx_hook)
+       s->tx_hook(s);
+      return 1;
+    }
+    return 0;
+  }
+}
+
+void
+sk_err(sock *s, int revents)
+{
+  int se = 0, sse = sizeof(se);
+  if ((s->type != SK_MAGIC) && (revents & POLLERR))
+    if (getsockopt(s->fd, SOL_SOCKET, SO_ERROR, &se, &sse) < 0)
+    {
+      log(L_ERR "IO: Socket error: SO_ERROR: %m");
+      se = 0;
+    }
+
+  s->err_hook(s, se);
 }
 
 void
@@ -1434,16 +1890,170 @@ sk_dump_all(void)
 
   debug("Open sockets:\n");
   WALK_LIST(n, sock_list)
-    {
-      s = SKIP_BACK(sock, n, n);
-      debug("%p ", s);
-      sk_dump(&s->r);
-    }
+  {
+    s = SKIP_BACK(sock, n, n);
+    debug("%p ", s);
+    sk_dump(&s->r);
+  }
   debug("\n");
 }
 
-#undef ERR
-#undef WARN
+
+/*
+ *     Internal event log and watchdog
+ */
+
+#define EVENT_LOG_LENGTH 32
+
+struct event_log_entry
+{
+  void *hook;
+  void *data;
+  btime timestamp;
+  btime duration;
+};
+
+static struct event_log_entry event_log[EVENT_LOG_LENGTH];
+static struct event_log_entry *event_open;
+static int event_log_pos, event_log_num, watchdog_active;
+static btime last_time;
+static btime loop_time;
+
+static void
+io_update_time(void)
+{
+  struct timespec ts;
+  int rv;
+
+  if (!clock_monotonic_available)
+    return;
+
+  /*
+   * This is third time-tracking procedure (after update_times() above and
+   * times_update() in BFD), dedicated to internal event log and latency
+   * tracking. Hopefully, we consolidate these sometimes.
+   */
+
+  rv = clock_gettime(CLOCK_MONOTONIC, &ts);
+  if (rv < 0)
+    die("clock_gettime: %m");
+
+  last_time = ((s64) ts.tv_sec S) + (ts.tv_nsec / 1000);
+
+  if (event_open)
+  {
+    event_open->duration = last_time - event_open->timestamp;
+
+    if (event_open->duration > config->latency_limit)
+      log(L_WARN "Event 0x%p 0x%p took %d ms",
+         event_open->hook, event_open->data, (int) (event_open->duration TO_MS));
+
+    event_open = NULL;
+  }
+}
+
+/**
+ * io_log_event - mark approaching event into event log
+ * @hook: event hook address
+ * @data: event data address
+ *
+ * Store info (hook, data, timestamp) about the following internal event into
+ * a circular event log (@event_log). When latency tracking is enabled, the log
+ * entry is kept open (in @event_open) so the duration can be filled later.
+ */
+void
+io_log_event(void *hook, void *data)
+{
+  if (config->latency_debug)
+    io_update_time();
+
+  struct event_log_entry *en = event_log + event_log_pos;
+
+  en->hook = hook;
+  en->data = data;
+  en->timestamp = last_time;
+  en->duration = 0;
+
+  event_log_num++;
+  event_log_pos++;
+  event_log_pos %= EVENT_LOG_LENGTH;
+
+  event_open = config->latency_debug ? en : NULL;
+}
+
+static inline void
+io_close_event(void)
+{
+  if (event_open)
+    io_update_time();
+}
+
+void
+io_log_dump(void)
+{
+  int i;
+
+  log(L_DEBUG "Event log:");
+  for (i = 0; i < EVENT_LOG_LENGTH; i++)
+  {
+    struct event_log_entry *en = event_log + (event_log_pos + i) % EVENT_LOG_LENGTH;
+    if (en->hook)
+      log(L_DEBUG "  Event 0x%p 0x%p at %8d for %d ms", en->hook, en->data,
+         (int) ((last_time - en->timestamp) TO_MS), (int) (en->duration TO_MS));
+  }
+}
+
+void
+watchdog_sigalrm(int sig UNUSED)
+{
+  /* Update last_time and duration, but skip latency check */
+  config->latency_limit = 0xffffffff;
+  io_update_time();
+
+  /* We want core dump */
+  abort();
+}
+
+static inline void
+watchdog_start1(void)
+{
+  io_update_time();
+
+  loop_time = last_time;
+}
+
+static inline void
+watchdog_start(void)
+{
+  io_update_time();
+
+  loop_time = last_time;
+  event_log_num = 0;
+
+  if (config->watchdog_timeout)
+  {
+    alarm(config->watchdog_timeout);
+    watchdog_active = 1;
+  }
+}
+
+static inline void
+watchdog_stop(void)
+{
+  io_update_time();
+
+  if (watchdog_active)
+  {
+    alarm(0);
+    watchdog_active = 0;
+  }
+
+  btime duration = last_time - loop_time;
+  if (duration > config->watchdog_warning)
+    log(L_WARN "I/O loop cycle took %d ms for %d events",
+       (int) (duration TO_MS), event_log_num);
+}
+
 
 /*
  *     Main I/O Loop
@@ -1451,6 +2061,7 @@ sk_dump_all(void)
 
 volatile int async_config_flag;                /* Asynchronous reconfiguration/dump scheduled */
 volatile int async_dump_flag;
+volatile int async_shutdown_flag;
 
 void
 io_init(void)
@@ -1462,6 +2073,7 @@ io_init(void)
   krt_io_init();
   init_times();
   update_times();
+  boot_time = now;
   srandom((int) now_real);
 }
 
@@ -1471,90 +2083,99 @@ static int short_loops = 0;
 void
 io_loop(void)
 {
-  fd_set rd, wr;
-  struct timeval timo;
+  int poll_tout;
   time_t tout;
-  int hi, events;
+  int nfds, events, pout;
   sock *s;
   node *n;
+  int fdmax = 256;
+  struct pollfd *pfd = xmalloc(fdmax * sizeof(struct pollfd));
 
-  sock_recalc_fdsets_p = 1;
+  watchdog_start1();
   for(;;)
     {
       events = ev_run_list(&global_event_list);
+    timers:
       update_times();
       tout = tm_first_shot();
       if (tout <= now)
        {
          tm_shot();
-         continue;
+         goto timers;
        }
-      timo.tv_sec = events ? 0 : tout - now;
-      timo.tv_usec = 0;
+      poll_tout = (events ? 0 : MIN(tout - now, 3)) * 1000; /* Time in milliseconds */
 
-      if (sock_recalc_fdsets_p)
-       {
-         sock_recalc_fdsets_p = 0;
-         FD_ZERO(&rd);
-         FD_ZERO(&wr);
-       }
+      io_close_event();
 
-      hi = 0;
+      nfds = 0;
       WALK_LIST(n, sock_list)
        {
+         pfd[nfds] = (struct pollfd) { .fd = -1 }; /* everything other set to 0 by this */
          s = SKIP_BACK(sock, n, n);
          if (s->rx_hook)
            {
-             FD_SET(s->fd, &rd);
-             if (s->fd > hi)
-               hi = s->fd;
+             pfd[nfds].fd = s->fd;
+             pfd[nfds].events |= POLLIN;
            }
-         else
-           FD_CLR(s->fd, &rd);
          if (s->tx_hook && s->ttx != s->tpos)
            {
-             FD_SET(s->fd, &wr);
-             if (s->fd > hi)
-               hi = s->fd;
+             pfd[nfds].fd = s->fd;
+             pfd[nfds].events |= POLLOUT;
+           }
+         if (pfd[nfds].fd != -1)
+           {
+             s->index = nfds;
+             nfds++;
            }
          else
-           FD_CLR(s->fd, &wr);
+           s->index = -1;
+
+         if (nfds >= fdmax)
+           {
+             fdmax *= 2;
+             pfd = xrealloc(pfd, fdmax * sizeof(struct pollfd));
+           }
        }
 
       /*
        * Yes, this is racy. But even if the signal comes before this test
-       * and entering select(), it gets caught on the next timer tick.
+       * and entering poll(), it gets caught on the next timer tick.
        */
 
       if (async_config_flag)
        {
+         io_log_event(async_config, NULL);
          async_config();
          async_config_flag = 0;
          continue;
        }
       if (async_dump_flag)
        {
+         io_log_event(async_dump, NULL);
          async_dump();
          async_dump_flag = 0;
          continue;
        }
       if (async_shutdown_flag)
        {
+         io_log_event(async_shutdown, NULL);
          async_shutdown();
          async_shutdown_flag = 0;
          continue;
        }
 
-      /* And finally enter select() to find active sockets */
-      hi = select(hi+1, &rd, &wr, NULL, &timo);
+      /* And finally enter poll() to find active sockets */
+      watchdog_stop();
+      pout = poll(pfd, nfds, poll_tout);
+      watchdog_start();
 
-      if (hi < 0)
+      if (pout < 0)
        {
          if (errno == EINTR || errno == EAGAIN)
            continue;
-         die("select: %m");
+         die("poll: %m");
        }
-      if (hi)
+      if (pout)
        {
          /* guaranteed to be non-empty */
          current_sock = SKIP_BACK(sock, n, HEAD(sock_list));
@@ -1562,30 +2183,39 @@ io_loop(void)
          while (current_sock)
            {
              sock *s = current_sock;
+             if (s->index == -1)
+               {
+                 current_sock = sk_next(s);
+                 goto next;
+               }
+
              int e;
              int steps;
 
              steps = MAX_STEPS;
-             if ((s->type >= SK_MAGIC) && FD_ISSET(s->fd, &rd) && s->rx_hook)
+             if (s->fast_rx && (pfd[s->index].revents & POLLIN) && s->rx_hook)
                do
                  {
                    steps--;
-                   e = sk_read(s);
+                   io_log_event(s->rx_hook, s->data);
+                   e = sk_read(s, pfd[s->index].revents);
                    if (s != current_sock)
                      goto next;
                  }
                while (e && s->rx_hook && steps);
 
              steps = MAX_STEPS;
-             if (FD_ISSET(s->fd, &wr))
+             if (pfd[s->index].revents & POLLOUT)
                do
                  {
                    steps--;
+                   io_log_event(s->tx_hook, s->data);
                    e = sk_write(s);
                    if (s != current_sock)
                      goto next;
                  }
                while (e && steps);
+
              current_sock = sk_next(s);
            next: ;
            }
@@ -1603,19 +2233,33 @@ io_loop(void)
          while (current_sock && count < MAX_RX_STEPS)
            {
              sock *s = current_sock;
-             int e;
+             if (s->index == -1)
+               {
+                 current_sock = sk_next(s);
+                 goto next2;
+               }
 
-             if ((s->type < SK_MAGIC) && FD_ISSET(s->fd, &rd) && s->rx_hook)
+             if (!s->fast_rx && (pfd[s->index].revents & POLLIN) && s->rx_hook)
                {
                  count++;
-                 e = sk_read(s);
+                 io_log_event(s->rx_hook, s->data);
+                 sk_read(s, pfd[s->index].revents);
+                 if (s != current_sock)
+                   goto next2;
+               }
+
+             if (pfd[s->index].revents & (POLLHUP | POLLERR))
+               {
+                 sk_err(s, pfd[s->index].revents);
                  if (s != current_sock)
-                     goto next2;
+                   goto next2;
                }
+
              current_sock = sk_next(s);
            next2: ;
            }
 
+
          stored_sock = current_sock;
        }
     }
@@ -1628,9 +2272,10 @@ test_old_bird(char *path)
   struct sockaddr_un sa;
 
   fd = socket(AF_UNIX, SOCK_STREAM, 0);
-
   if (fd < 0)
     die("Cannot create socket: %m");
+  if (strlen(path) >= sizeof(sa.sun_path))
+    die("Socket path too long");
   bzero(&sa, sizeof(sa));
   sa.sun_family = AF_UNIX;
   strcpy(sa.sun_path, path);
@@ -1638,5 +2283,3 @@ test_old_bird(char *path)
     die("I found another BIRD running.");
   close(fd);
 }
-
-