summaryrefslogtreecommitdiff
path: root/proto/ospf/packet.c
diff options
context:
space:
mode:
authorOndrej Zajicek <santiago@crfreenet.org>2013-06-25 15:33:00 +0200
committerOndrej Zajicek <santiago@crfreenet.org>2013-06-25 15:39:44 +0200
commit70e212f913b6ce9d343d6c401b4f1712986a5f8c (patch)
tree0673749a5724d28db2928ab4ad077b2327f1de66 /proto/ospf/packet.c
parentef4a50be10c6dd0abffd957132cd146029c3d79d (diff)
Implements TTL security for OSPF and RIP.
Interfaces for OSPF and RIP could be configured to use (and request) TTL 255 for traffic to direct neighbors. Thanks to Simon Dickhoven for the original patch for RIPng.
Diffstat (limited to 'proto/ospf/packet.c')
-rw-r--r--proto/ospf/packet.c6
1 files changed, 6 insertions, 0 deletions
diff --git a/proto/ospf/packet.c b/proto/ospf/packet.c
index 241a58f7..4338bc1a 100644
--- a/proto/ospf/packet.c
+++ b/proto/ospf/packet.c
@@ -309,6 +309,12 @@ ospf_rx_hook(sock *sk, int size)
return 1;
}
+ if (ifa->check_ttl && (sk->ttl < 255))
+ {
+ log(L_ERR "%s%I - TTL %d (< 255)", mesg, sk->faddr, sk->ttl);
+ return 1;
+ }
+
if ((unsigned) size < sizeof(struct ospf_packet))
{
log(L_ERR "%s%I - too short (%u bytes)", mesg, sk->faddr, size);