Fixes broken cryptographic authentication in OSPF

Cryptographic authentication in OSPF is defective by design - there might be several packets independently sent to the network (for example HELLO, LSUPD and LSACK) where they might be reordered and that causes crypt. sequence number error. That can be workarounded by not incresing sequence number too often. Now we update it only when last packet was sent before at least one second. This can constitute a risk of replay attacks, but RFC supposes something similar (like time in seconds used as CSN).
author: Ondrej Zajicek <santiago@crfreenet.org> 2009-04-08 20:15:01 +0200
committer: Ondrej Zajicek <santiago@crfreenet.org> 2009-04-08 20:15:01 +0200
commit: 024c310b537abc3ddbac3054de71fd759d422824 (patch)
tree: 159cc669b9d16d2d97102c187320c800e376f710 /nest/config.Y
parent: b722fe7ebdf7e11f097ed0a85302769de2ac10fb (diff)
download: bird-024c310b537abc3ddbac3054de71fd759d422824.tar
bird-024c310b537abc3ddbac3054de71fd759d422824.zip
1 files changed, 7 insertions, 1 deletions
diff --git a/nest/config.Y b/nest/config.Y
index 48940ff..e843777 100644
--- a/nest/config.Y
+++ b/nest/config.Y
@@ -22,7 +22,13 @@ static list *this_p_list;
 static struct password_item *this_p_item;
 static int password_id;
 
-static list *
+static inline void
+reset_passwords(void)
+{
+ this_p_list = NULL;
+}
+
+static inline list *
 get_passwords(void)
 {
   list *rv = this_p_list;
author	Ondrej Zajicek <santiago@crfreenet.org>	2009-04-08 20:15:01 +0200
committer	Ondrej Zajicek <santiago@crfreenet.org>	2009-04-08 20:15:01 +0200
commit	024c310b537abc3ddbac3054de71fd759d422824 (patch)
tree	159cc669b9d16d2d97102c187320c800e376f710 /nest/config.Y
parent	b722fe7ebdf7e11f097ed0a85302769de2ac10fb (diff)
download	bird-024c310b537abc3ddbac3054de71fd759d422824.tar bird-024c310b537abc3ddbac3054de71fd759d422824.zip