Implements TTL security for OSPF and RIP.

Interfaces for OSPF and RIP could be configured to use (and request) TTL 255 for traffic to direct neighbors. Thanks to Simon Dickhoven for the original patch for RIPng.
author: Ondrej Zajicek <santiago@crfreenet.org> 2013-06-25 15:33:00 +0200
committer: Ondrej Zajicek <santiago@crfreenet.org> 2013-06-25 15:39:44 +0200
commit: 70e212f913b6ce9d343d6c401b4f1712986a5f8c (patch)
tree: 0673749a5724d28db2928ab4ad077b2327f1de66 /proto/ospf/iface.c
parent: ef4a50be10c6dd0abffd957132cd146029c3d79d (diff)
1 files changed, 3 insertions, 2 deletions
diff --git a/proto/ospf/iface.c b/proto/ospf/iface.c
index bc3b1ef6..698ef620 100644
--- a/proto/ospf/iface.c
+++ b/proto/ospf/iface.c
@@ -86,7 +86,7 @@ ospf_sk_open(struct ospf_iface *ifa)
   sk->rbsize = rxbufsize(ifa);
   sk->tbsize = rxbufsize(ifa);
   sk->data = (void *) ifa;
-  sk->flags = SKF_LADDR_RX;
+  sk->flags = SKF_LADDR_RX | (ifa->check_ttl ? SKF_TTL_RX : 0);
 
   if (sk_open(sk) != 0)
     goto err;
@@ -131,7 +131,7 @@ ospf_sk_open(struct ospf_iface *ifa)
     else
     {
       ifa->all_routers = AllSPFRouters;
-      sk->ttl = 1;	/* Hack, this will affect just multicast packets */
+      sk->ttl = ifa->cf->ttl_security ? 255 : 1;
 
       if (sk_setup_multicast(sk) < 0)
         goto err;
@@ -534,6 +534,7 @@ ospf_iface_new(struct ospf_area *oa, struct ifa *addr, struct ospf_iface_patt *i
   ifa->rxbuf = ip->rxbuf;
   ifa->check_link = ip->check_link;
   ifa->ecmp_weight = ip->ecmp_weight;
+  ifa->check_ttl = (ip->ttl_security == 1);
 
 #ifdef OSPFv2
   ifa->autype = ip->autype;
author	Ondrej Zajicek <santiago@crfreenet.org>	2013-06-25 15:33:00 +0200
committer	Ondrej Zajicek <santiago@crfreenet.org>	2013-06-25 15:39:44 +0200
commit	70e212f913b6ce9d343d6c401b4f1712986a5f8c (patch)
tree	0673749a5724d28db2928ab4ad077b2327f1de66 /proto/ospf/iface.c
parent	ef4a50be10c6dd0abffd957132cd146029c3d79d (diff)