Implements TTL security for OSPF and RIP.

Interfaces for OSPF and RIP could be configured to use (and request)
TTL 255 for traffic to direct neighbors.

Thanks to Simon Dickhoven for the original patch for RIPng.

1 files changed, 11 insertions, 2 deletions

diff --git a/proto/rip/config.Y b/proto/rip/config.Y
index ec82aa3d..791c43a2 100644
--- a/proto/rip/config.Y
+++ b/proto/rip/config.Y
@@ -22,12 +22,18 @@ CF_DEFINES
 #define RIP_CFG ((struct rip_proto_config *) this_proto)
 #define RIP_IPATT ((struct rip_patt *) this_ipatt)
 
+#ifdef IPV6
+#define RIP_DEFAULT_TTL_SECURITY 2
+#else
+#define RIP_DEFAULT_TTL_SECURITY 0
+#endif
+
 CF_DECLS
 
 CF_KEYWORDS(RIP, INFINITY, METRIC, PORT, PERIOD, GARBAGE, TIMEOUT,
 	    MODE, BROADCAST, MULTICAST, QUIET, NOLISTEN, VERSION1, 
-	    AUTHENTICATION, NONE, PLAINTEXT, MD5,
-	    HONOR, NEVER, NEIGHBOR, ALWAYS, TX, PRIORITY,
+	    AUTHENTICATION, NONE, PLAINTEXT, MD5, TTL, SECURITY,
+	    HONOR, NEVER, NEIGHBOR, ALWAYS, TX, PRIORITY, ONLY,
 	    RIP_METRIC, RIP_TAG)
 
 %type <i> rip_mode rip_auth
@@ -78,6 +84,8 @@ rip_iface_item:
  | MODE rip_mode { RIP_IPATT->mode |= $2; }
  | TX tos { RIP_IPATT->tx_tos = $2; }
  | TX PRIORITY expr { RIP_IPATT->tx_priority = $3; }
+ | TTL SECURITY bool { RIP_IPATT->ttl_security = $3; }
+ | TTL SECURITY TX ONLY { RIP_IPATT->ttl_security = 2; }
  ;
 
 rip_iface_opts: 
@@ -98,6 +106,7 @@ rip_iface_init:
      RIP_IPATT->metric = 1;
      RIP_IPATT->tx_tos = IP_PREC_INTERNET_CONTROL;
      RIP_IPATT->tx_priority = sk_priority_control;
+     RIP_IPATT->ttl_security = RIP_DEFAULT_TTL_SECURITY;
    }
  ;