diff options
| author | Ondrej Zajicek <santiago@crfreenet.org> | 2013-07-11 13:50:44 +0200 |
|---|---|---|
| committer | Ondrej Zajicek <santiago@crfreenet.org> | 2013-07-11 13:50:44 +0200 |
| commit | 354496ace87341428e6005fbc073fbe57b4e6c0e (patch) | |
| tree | 3dae3a53b6e45cd7cb144296d54fda90fff7cc14 | |
| parent | cc31b75a8fd7949533c12db2c3e9d67eeaf46d10 (diff) | |
Some fixes for TTL security.
| -rw-r--r-- | proto/ospf/iface.c | 4 | ||||
| -rw-r--r-- | sysdep/bsd/sysio.h | 26 | ||||
| -rw-r--r-- | sysdep/unix/io.c | 6 |
3 files changed, 19 insertions, 17 deletions
diff --git a/proto/ospf/iface.c b/proto/ospf/iface.c index 698ef620..63c26466 100644 --- a/proto/ospf/iface.c +++ b/proto/ospf/iface.c @@ -87,6 +87,7 @@ ospf_sk_open(struct ospf_iface *ifa) sk->tbsize = rxbufsize(ifa); sk->data = (void *) ifa; sk->flags = SKF_LADDR_RX | (ifa->check_ttl ? SKF_TTL_RX : 0); + sk->ttl = ifa->cf->ttl_security ? 255 : -1; if (sk_open(sk) != 0) goto err; @@ -664,7 +665,8 @@ ospf_iface_reconfigure(struct ospf_iface *ifa, struct ospf_iface_patt *new) /* Change of these options would require to reset the iface socket */ if ((new->real_bcast != ifa->cf->real_bcast) || (new->tx_tos != ifa->cf->tx_tos) || - (new->tx_priority != ifa->cf->tx_priority)) + (new->tx_priority != ifa->cf->tx_priority) || + (new->ttl_security != ifa->cf->ttl_security)) return 0; ifa->cf = new; diff --git a/sysdep/bsd/sysio.h b/sysdep/bsd/sysio.h index 031eac9a..cf049a0b 100644 --- a/sysdep/bsd/sysio.h +++ b/sysdep/bsd/sysio.h @@ -6,9 +6,22 @@ * Can be freely distributed and used under the terms of the GNU GPL. */ +#ifdef __NetBSD__ + +#ifndef IP_RECVTTL +#define IP_RECVTTL 23 +#endif + +#ifndef IP_MINTTL +#define IP_MINTTL 24 +#endif + +#endif + #ifdef __DragonFly__ #define TCP_MD5SIG TCP_SIGNATURE_ENABLE #endif + #ifdef IPV6 static inline void @@ -259,8 +272,6 @@ sk_set_md5_auth_int(sock *s, sockaddr *sa, char *passwd) #ifndef IPV6 -#ifdef IP_MINTTL - static int sk_set_min_ttl4(sock *s, int ttl) { @@ -277,17 +288,6 @@ sk_set_min_ttl4(sock *s, int ttl) return 0; } -#else /* no IP_MINTTL */ - -static int -sk_set_min_ttl4(sock *s, int ttl) -{ - log(L_ERR "IPv4 TTL security not supported"); - return -1; -} - -#endif - #else /* IPv6 */ static int diff --git a/sysdep/unix/io.c b/sysdep/unix/io.c index 93863885..4fee10e7 100644 --- a/sysdep/unix/io.c +++ b/sysdep/unix/io.c @@ -821,10 +821,10 @@ sk_setup(sock *s) WARN("IPV6_V6ONLY"); #endif - if (s->ttl >= 0) - err = sk_set_ttl_int(s); + if ((s->ttl >= 0) && (err = sk_set_ttl_int(s))) + goto bad; - sysio_register_cmsgs(s); + err = sysio_register_cmsgs(s); bad: return err; } |