diff options
| author | Ondrej Zajicek <santiago@crfreenet.org> | 2013-06-25 15:33:00 +0200 |
|---|---|---|
| committer | Ondrej Zajicek <santiago@crfreenet.org> | 2013-06-25 15:39:44 +0200 |
| commit | 70e212f913b6ce9d343d6c401b4f1712986a5f8c (patch) | |
| tree | 0673749a5724d28db2928ab4ad077b2327f1de66 /proto/ospf/packet.c | |
| parent | ef4a50be10c6dd0abffd957132cd146029c3d79d (diff) | |
Implements TTL security for OSPF and RIP.
Interfaces for OSPF and RIP could be configured to use (and request)
TTL 255 for traffic to direct neighbors.
Thanks to Simon Dickhoven for the original patch for RIPng.
Diffstat (limited to 'proto/ospf/packet.c')
| -rw-r--r-- | proto/ospf/packet.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/proto/ospf/packet.c b/proto/ospf/packet.c index 241a58f7..4338bc1a 100644 --- a/proto/ospf/packet.c +++ b/proto/ospf/packet.c @@ -309,6 +309,12 @@ ospf_rx_hook(sock *sk, int size) return 1; } + if (ifa->check_ttl && (sk->ttl < 255)) + { + log(L_ERR "%s%I - TTL %d (< 255)", mesg, sk->faddr, sk->ttl); + return 1; + } + if ((unsigned) size < sizeof(struct ospf_packet)) { log(L_ERR "%s%I - too short (%u bytes)", mesg, sk->faddr, size); |