summaryrefslogtreecommitdiff
path: root/sysdep/bsd/sysio.h
diff options
context:
space:
mode:
authorOndrej Filip <feela@mamlas.feela.net>2009-05-04 18:17:46 +0200
committerOndrej Filip <feela@mamlas.feela.net>2009-05-04 18:17:46 +0200
commit2b70f0742e808053f87315433a2a64c749c3ec1d (patch)
treeb8aa2bfc5ad9644320442c59ee8c9c7dab5ee74d /sysdep/bsd/sysio.h
parent1bc4b2cc840eb3f48c7e245528ef79c2b0ba50e7 (diff)
Linux specific TCP-MD5 handling moved to sysdep/linux/sysio.h
FreeBSD coded added. BSD cannot set BGP passwords itself. This has to be done by external command.
Diffstat (limited to 'sysdep/bsd/sysio.h')
-rw-r--r--sysdep/bsd/sysio.h45
1 files changed, 45 insertions, 0 deletions
diff --git a/sysdep/bsd/sysio.h b/sysdep/bsd/sysio.h
index b2dc3a28..b0ec456e 100644
--- a/sysdep/bsd/sysio.h
+++ b/sysdep/bsd/sysio.h
@@ -74,3 +74,48 @@ sysio_mcast_join(sock * s)
}
#endif
+
+
+#include <netinet/tcp.h>
+#ifndef TCP_KEYLEN_MAX
+#define TCP_KEYLEN_MAX 80
+#endif
+#ifndef TCP_SIG_SPI
+#define TCP_SIG_SPI 0x1000
+#endif
+
+/*
+ * FIXME: Passwords has to be set by setkey(8) command. This is the same
+ * behaviour like Quagga. We need to add code for SA/SP entries
+ * management.
+ */
+
+static int
+sk_set_md5_auth_int(sock *s, sockaddr *sa, char *passwd)
+{
+ int enable = 0;
+ if (passwd)
+ {
+ int len = strlen(passwd);
+
+ enable = len ? TCP_SIG_SPI : 0;
+
+ if (len > TCP_KEYLEN_MAX)
+ {
+ log(L_ERR "MD5 password too long");
+ return -1;
+ }
+ }
+
+ int rv = setsockopt(s->fd, IPPROTO_TCP, TCP_MD5SIG, &enable, sizeof(enable));
+
+ if (rv < 0)
+ {
+ if (errno == ENOPROTOOPT)
+ log(L_ERR "Kernel does not support TCP MD5 signatures");
+ else
+ log(L_ERR "sk_set_md5_auth_int: setsockopt: %m");
+ }
+
+ return rv;
+}