Implements TTL security for OSPF and RIP.

Interfaces for OSPF and RIP could be configured to use (and request) TTL 255 for traffic to direct neighbors. Thanks to Simon Dickhoven for the original patch for RIPng.
author: Ondrej Zajicek <santiago@crfreenet.org> 2013-06-25 15:33:00 +0200
committer: Ondrej Zajicek <santiago@crfreenet.org> 2013-06-25 15:39:44 +0200
commit: 70e212f913b6ce9d343d6c401b4f1712986a5f8c (patch)
tree: 0673749a5724d28db2928ab4ad077b2327f1de66 /sysdep/linux/sysio.h
parent: ef4a50be10c6dd0abffd957132cd146029c3d79d (diff)
1 files changed, 26 insertions, 12 deletions
diff --git a/sysdep/linux/sysio.h b/sysdep/linux/sysio.h
index 41287e71..250ed586 100644
--- a/sysdep/linux/sysio.h
+++ b/sysdep/linux/sysio.h
@@ -194,17 +194,22 @@ sk_set_md5_auth_int(sock *s, sockaddr *sa, char *passwd)
 /* RX/TX packet info handling for IPv4 */
 /* Mostly similar to standardized IPv6 code */
 
-#define CMSG_RX_SPACE CMSG_SPACE(sizeof(struct in_pktinfo))
+#define CMSG_RX_SPACE (CMSG_SPACE(sizeof(struct in_pktinfo)) + CMSG_SPACE(sizeof(int)))
 #define CMSG_TX_SPACE CMSG_SPACE(sizeof(struct in_pktinfo))
 
 static char *
 sysio_register_cmsgs(sock *s)
 {
   int ok = 1;
+
   if ((s->flags & SKF_LADDR_RX) &&
-      setsockopt(s->fd, IPPROTO_IP, IP_PKTINFO, &ok, sizeof(ok)) < 0)
+      (setsockopt(s->fd, IPPROTO_IP, IP_PKTINFO, &ok, sizeof(ok)) < 0))
     return "IP_PKTINFO";
 
+  if ((s->flags & SKF_TTL_RX) &&
+      (setsockopt(s->fd, IPPROTO_IP, IP_RECVTTL, &ok, sizeof(ok)) < 0))
+    return "IP_RECVTTL";
+
   return NULL;
 }
 
@@ -213,25 +218,34 @@ sysio_process_rx_cmsgs(sock *s, struct msghdr *msg)
 {
   struct cmsghdr *cm;
   struct in_pktinfo *pi = NULL;
-
-  if (!(s->flags & SKF_LADDR_RX))
-    return;
+  int *ttl = NULL;
 
   for (cm = CMSG_FIRSTHDR(msg); cm != NULL; cm = CMSG_NXTHDR(msg, cm))
+  {
+    if (cm->cmsg_level == IPPROTO_IP && cm->cmsg_type == IP_PKTINFO)
+      pi = (struct in_pktinfo *) CMSG_DATA(cm);
+
+    if (cm->cmsg_level == IPPROTO_IP && cm->cmsg_type == IP_TTL)
+      ttl = (int *) CMSG_DATA(cm);
+  }
+
+  if (s->flags & SKF_LADDR_RX)
+  {
+    if (pi)
     {
-      if (cm->cmsg_level == IPPROTO_IP && cm->cmsg_type == IP_PKTINFO)
-	pi = (struct in_pktinfo *) CMSG_DATA(cm);
+      get_inaddr(&s->laddr, &pi->ipi_addr);
+      s->lifindex = pi->ipi_ifindex;
     }
-
-  if (!pi)
+    else
     {
       s->laddr = IPA_NONE;
       s->lifindex = 0;
-      return;
     }
+  }
+
+  if (s->flags & SKF_TTL_RX)
+    s->ttl = ttl ? *ttl : -1;
 
-  get_inaddr(&s->laddr, &pi->ipi_addr);
-  s->lifindex = pi->ipi_ifindex;
   return;
 }
author	Ondrej Zajicek <santiago@crfreenet.org>	2013-06-25 15:33:00 +0200
committer	Ondrej Zajicek <santiago@crfreenet.org>	2013-06-25 15:39:44 +0200
commit	70e212f913b6ce9d343d6c401b4f1712986a5f8c (patch)
tree	0673749a5724d28db2928ab4ad077b2327f1de66 /sysdep/linux/sysio.h
parent	ef4a50be10c6dd0abffd957132cd146029c3d79d (diff)