Commit 354496ac authored by Ondřej Zajíček's avatar Ondřej Zajíček

Some fixes for TTL security.

parent cc31b75a
...@@ -87,6 +87,7 @@ ospf_sk_open(struct ospf_iface *ifa) ...@@ -87,6 +87,7 @@ ospf_sk_open(struct ospf_iface *ifa)
sk->tbsize = rxbufsize(ifa); sk->tbsize = rxbufsize(ifa);
sk->data = (void *) ifa; sk->data = (void *) ifa;
sk->flags = SKF_LADDR_RX | (ifa->check_ttl ? SKF_TTL_RX : 0); sk->flags = SKF_LADDR_RX | (ifa->check_ttl ? SKF_TTL_RX : 0);
sk->ttl = ifa->cf->ttl_security ? 255 : -1;
if (sk_open(sk) != 0) if (sk_open(sk) != 0)
goto err; goto err;
...@@ -664,7 +665,8 @@ ospf_iface_reconfigure(struct ospf_iface *ifa, struct ospf_iface_patt *new) ...@@ -664,7 +665,8 @@ ospf_iface_reconfigure(struct ospf_iface *ifa, struct ospf_iface_patt *new)
/* Change of these options would require to reset the iface socket */ /* Change of these options would require to reset the iface socket */
if ((new->real_bcast != ifa->cf->real_bcast) || if ((new->real_bcast != ifa->cf->real_bcast) ||
(new->tx_tos != ifa->cf->tx_tos) || (new->tx_tos != ifa->cf->tx_tos) ||
(new->tx_priority != ifa->cf->tx_priority)) (new->tx_priority != ifa->cf->tx_priority) ||
(new->ttl_security != ifa->cf->ttl_security))
return 0; return 0;
ifa->cf = new; ifa->cf = new;
......
...@@ -6,9 +6,22 @@ ...@@ -6,9 +6,22 @@
* Can be freely distributed and used under the terms of the GNU GPL. * Can be freely distributed and used under the terms of the GNU GPL.
*/ */
#ifdef __NetBSD__
#ifndef IP_RECVTTL
#define IP_RECVTTL 23
#endif
#ifndef IP_MINTTL
#define IP_MINTTL 24
#endif
#endif
#ifdef __DragonFly__ #ifdef __DragonFly__
#define TCP_MD5SIG TCP_SIGNATURE_ENABLE #define TCP_MD5SIG TCP_SIGNATURE_ENABLE
#endif #endif
#ifdef IPV6 #ifdef IPV6
static inline void static inline void
...@@ -259,8 +272,6 @@ sk_set_md5_auth_int(sock *s, sockaddr *sa, char *passwd) ...@@ -259,8 +272,6 @@ sk_set_md5_auth_int(sock *s, sockaddr *sa, char *passwd)
#ifndef IPV6 #ifndef IPV6
#ifdef IP_MINTTL
static int static int
sk_set_min_ttl4(sock *s, int ttl) sk_set_min_ttl4(sock *s, int ttl)
{ {
...@@ -277,17 +288,6 @@ sk_set_min_ttl4(sock *s, int ttl) ...@@ -277,17 +288,6 @@ sk_set_min_ttl4(sock *s, int ttl)
return 0; return 0;
} }
#else /* no IP_MINTTL */
static int
sk_set_min_ttl4(sock *s, int ttl)
{
log(L_ERR "IPv4 TTL security not supported");
return -1;
}
#endif
#else /* IPv6 */ #else /* IPv6 */
static int static int
......
...@@ -821,10 +821,10 @@ sk_setup(sock *s) ...@@ -821,10 +821,10 @@ sk_setup(sock *s)
WARN("IPV6_V6ONLY"); WARN("IPV6_V6ONLY");
#endif #endif
if (s->ttl >= 0) if ((s->ttl >= 0) && (err = sk_set_ttl_int(s)))
err = sk_set_ttl_int(s); goto bad;
sysio_register_cmsgs(s); err = sysio_register_cmsgs(s);
bad: bad:
return err; return err;
} }
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment