mirror of
https://gitlab.nic.cz/labs/bird.git
synced 2024-12-22 01:31:55 +00:00
Some fixes for TTL security.
This commit is contained in:
parent
cc31b75a8f
commit
354496ace8
@ -87,6 +87,7 @@ ospf_sk_open(struct ospf_iface *ifa)
|
||||
sk->tbsize = rxbufsize(ifa);
|
||||
sk->data = (void *) ifa;
|
||||
sk->flags = SKF_LADDR_RX | (ifa->check_ttl ? SKF_TTL_RX : 0);
|
||||
sk->ttl = ifa->cf->ttl_security ? 255 : -1;
|
||||
|
||||
if (sk_open(sk) != 0)
|
||||
goto err;
|
||||
@ -664,7 +665,8 @@ ospf_iface_reconfigure(struct ospf_iface *ifa, struct ospf_iface_patt *new)
|
||||
/* Change of these options would require to reset the iface socket */
|
||||
if ((new->real_bcast != ifa->cf->real_bcast) ||
|
||||
(new->tx_tos != ifa->cf->tx_tos) ||
|
||||
(new->tx_priority != ifa->cf->tx_priority))
|
||||
(new->tx_priority != ifa->cf->tx_priority) ||
|
||||
(new->ttl_security != ifa->cf->ttl_security))
|
||||
return 0;
|
||||
|
||||
ifa->cf = new;
|
||||
|
@ -6,9 +6,22 @@
|
||||
* Can be freely distributed and used under the terms of the GNU GPL.
|
||||
*/
|
||||
|
||||
#ifdef __NetBSD__
|
||||
|
||||
#ifndef IP_RECVTTL
|
||||
#define IP_RECVTTL 23
|
||||
#endif
|
||||
|
||||
#ifndef IP_MINTTL
|
||||
#define IP_MINTTL 24
|
||||
#endif
|
||||
|
||||
#endif
|
||||
|
||||
#ifdef __DragonFly__
|
||||
#define TCP_MD5SIG TCP_SIGNATURE_ENABLE
|
||||
#endif
|
||||
|
||||
#ifdef IPV6
|
||||
|
||||
static inline void
|
||||
@ -259,8 +272,6 @@ sk_set_md5_auth_int(sock *s, sockaddr *sa, char *passwd)
|
||||
|
||||
#ifndef IPV6
|
||||
|
||||
#ifdef IP_MINTTL
|
||||
|
||||
static int
|
||||
sk_set_min_ttl4(sock *s, int ttl)
|
||||
{
|
||||
@ -277,17 +288,6 @@ sk_set_min_ttl4(sock *s, int ttl)
|
||||
return 0;
|
||||
}
|
||||
|
||||
#else /* no IP_MINTTL */
|
||||
|
||||
static int
|
||||
sk_set_min_ttl4(sock *s, int ttl)
|
||||
{
|
||||
log(L_ERR "IPv4 TTL security not supported");
|
||||
return -1;
|
||||
}
|
||||
|
||||
#endif
|
||||
|
||||
#else /* IPv6 */
|
||||
|
||||
static int
|
||||
|
@ -821,10 +821,10 @@ sk_setup(sock *s)
|
||||
WARN("IPV6_V6ONLY");
|
||||
#endif
|
||||
|
||||
if (s->ttl >= 0)
|
||||
err = sk_set_ttl_int(s);
|
||||
if ((s->ttl >= 0) && (err = sk_set_ttl_int(s)))
|
||||
goto bad;
|
||||
|
||||
sysio_register_cmsgs(s);
|
||||
err = sysio_register_cmsgs(s);
|
||||
bad:
|
||||
return err;
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user