0
0
mirror of https://gitlab.nic.cz/labs/bird.git synced 2024-12-22 01:31:55 +00:00

Some fixes for TTL security.

This commit is contained in:
Ondrej Zajicek 2013-07-11 13:50:44 +02:00
parent cc31b75a8f
commit 354496ace8
3 changed files with 19 additions and 17 deletions

View File

@ -87,6 +87,7 @@ ospf_sk_open(struct ospf_iface *ifa)
sk->tbsize = rxbufsize(ifa);
sk->data = (void *) ifa;
sk->flags = SKF_LADDR_RX | (ifa->check_ttl ? SKF_TTL_RX : 0);
sk->ttl = ifa->cf->ttl_security ? 255 : -1;
if (sk_open(sk) != 0)
goto err;
@ -664,7 +665,8 @@ ospf_iface_reconfigure(struct ospf_iface *ifa, struct ospf_iface_patt *new)
/* Change of these options would require to reset the iface socket */
if ((new->real_bcast != ifa->cf->real_bcast) ||
(new->tx_tos != ifa->cf->tx_tos) ||
(new->tx_priority != ifa->cf->tx_priority))
(new->tx_priority != ifa->cf->tx_priority) ||
(new->ttl_security != ifa->cf->ttl_security))
return 0;
ifa->cf = new;

View File

@ -6,9 +6,22 @@
* Can be freely distributed and used under the terms of the GNU GPL.
*/
#ifdef __NetBSD__
#ifndef IP_RECVTTL
#define IP_RECVTTL 23
#endif
#ifndef IP_MINTTL
#define IP_MINTTL 24
#endif
#endif
#ifdef __DragonFly__
#define TCP_MD5SIG TCP_SIGNATURE_ENABLE
#endif
#ifdef IPV6
static inline void
@ -259,8 +272,6 @@ sk_set_md5_auth_int(sock *s, sockaddr *sa, char *passwd)
#ifndef IPV6
#ifdef IP_MINTTL
static int
sk_set_min_ttl4(sock *s, int ttl)
{
@ -277,17 +288,6 @@ sk_set_min_ttl4(sock *s, int ttl)
return 0;
}
#else /* no IP_MINTTL */
static int
sk_set_min_ttl4(sock *s, int ttl)
{
log(L_ERR "IPv4 TTL security not supported");
return -1;
}
#endif
#else /* IPv6 */
static int

View File

@ -821,10 +821,10 @@ sk_setup(sock *s)
WARN("IPV6_V6ONLY");
#endif
if (s->ttl >= 0)
err = sk_set_ttl_int(s);
if ((s->ttl >= 0) && (err = sk_set_ttl_int(s)))
goto bad;
sysio_register_cmsgs(s);
err = sysio_register_cmsgs(s);
bad:
return err;
}