From 1bc4b2cc840eb3f48c7e245528ef79c2b0ba50e7 Mon Sep 17 00:00:00 2001 From: Ondrej Filip Date: Mon, 4 May 2009 17:49:56 +0200 Subject: Syntax error fix for systems without CONFIG_SELF_CONSCIOUS (KRT_ALLOW_LEARN) --- sysdep/unix/krt.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'sysdep') diff --git a/sysdep/unix/krt.c b/sysdep/unix/krt.c index 83456b0..6208f68 100644 --- a/sysdep/unix/krt.c +++ b/sysdep/unix/krt.c @@ -637,8 +637,8 @@ krt_got_route_async(struct krt_proto *p, rte *e, int new UNUSED) DBG("It's a redirect, kill him! Kill! Kill!\n"); krt_set_notify(p, net, NULL, e); break; - case KRT_SRC_ALIEN: #ifdef KRT_ALLOW_LEARN + case KRT_SRC_ALIEN: if (KRT_CF->learn) { krt_learn_async(p, e, new); -- cgit v1.2.3 From 2b70f0742e808053f87315433a2a64c749c3ec1d Mon Sep 17 00:00:00 2001 From: Ondrej Filip Date: Mon, 4 May 2009 18:17:46 +0200 Subject: Linux specific TCP-MD5 handling moved to sysdep/linux/sysio.h FreeBSD coded added. BSD cannot set BGP passwords itself. This has to be done by external command. --- sysdep/bsd/sysio.h | 45 +++++++++++++++++++++++++++++++++++++++++++++ sysdep/linux/sysio.h | 35 +++++++++++++++++++++++++++++++++++ sysdep/unix/io.c | 37 ------------------------------------- 3 files changed, 80 insertions(+), 37 deletions(-) (limited to 'sysdep') diff --git a/sysdep/bsd/sysio.h b/sysdep/bsd/sysio.h index b2dc3a2..b0ec456 100644 --- a/sysdep/bsd/sysio.h +++ b/sysdep/bsd/sysio.h @@ -74,3 +74,48 @@ sysio_mcast_join(sock * s) } #endif + + +#include +#ifndef TCP_KEYLEN_MAX +#define TCP_KEYLEN_MAX 80 +#endif +#ifndef TCP_SIG_SPI +#define TCP_SIG_SPI 0x1000 +#endif + +/* + * FIXME: Passwords has to be set by setkey(8) command. This is the same + * behaviour like Quagga. We need to add code for SA/SP entries + * management. + */ + +static int +sk_set_md5_auth_int(sock *s, sockaddr *sa, char *passwd) +{ + int enable = 0; + if (passwd) + { + int len = strlen(passwd); + + enable = len ? TCP_SIG_SPI : 0; + + if (len > TCP_KEYLEN_MAX) + { + log(L_ERR "MD5 password too long"); + return -1; + } + } + + int rv = setsockopt(s->fd, IPPROTO_TCP, TCP_MD5SIG, &enable, sizeof(enable)); + + if (rv < 0) + { + if (errno == ENOPROTOOPT) + log(L_ERR "Kernel does not support TCP MD5 signatures"); + else + log(L_ERR "sk_set_md5_auth_int: setsockopt: %m"); + } + + return rv; +} diff --git a/sysdep/linux/sysio.h b/sysdep/linux/sysio.h index 6e54110..2fa5f0a 100644 --- a/sysdep/linux/sysio.h +++ b/sysdep/linux/sysio.h @@ -160,3 +160,38 @@ struct tcp_md5sig { }; #endif + +static int +sk_set_md5_auth_int(sock *s, sockaddr *sa, char *passwd) +{ + struct tcp_md5sig md5; + + memset(&md5, 0, sizeof(md5)); + memcpy(&md5.tcpm_addr, (struct sockaddr *) sa, sizeof(*sa)); + + if (passwd) + { + int len = strlen(passwd); + + if (len > TCP_MD5SIG_MAXKEYLEN) + { + log(L_ERR "MD5 password too long"); + return -1; + } + + md5.tcpm_keylen = len; + memcpy(&md5.tcpm_key, passwd, len); + } + + int rv = setsockopt(s->fd, IPPROTO_TCP, TCP_MD5SIG, &md5, sizeof(md5)); + + if (rv < 0) + { + if (errno == ENOPROTOOPT) + log(L_ERR "Kernel does not support TCP MD5 signatures"); + else + log(L_ERR "sk_set_md5_auth_int: setsockopt: %m"); + } + + return rv; +} diff --git a/sysdep/unix/io.c b/sysdep/unix/io.c index b6c7f84..50992fb 100644 --- a/sysdep/unix/io.c +++ b/sysdep/unix/io.c @@ -738,43 +738,6 @@ sk_set_ttl(sock *s, int ttl) } -/* FIXME: check portability */ - -static int -sk_set_md5_auth_int(sock *s, sockaddr *sa, char *passwd) -{ - struct tcp_md5sig md5; - - memset(&md5, 0, sizeof(md5)); - memcpy(&md5.tcpm_addr, (struct sockaddr *) sa, sizeof(*sa)); - - if (passwd) - { - int len = strlen(passwd); - - if (len > TCP_MD5SIG_MAXKEYLEN) - { - log(L_ERR "MD5 password too long"); - return -1; - } - - md5.tcpm_keylen = len; - memcpy(&md5.tcpm_key, passwd, len); - } - - int rv = setsockopt(s->fd, IPPROTO_TCP, TCP_MD5SIG, &md5, sizeof(md5)); - - if (rv < 0) - { - if (errno == ENOPROTOOPT) - log(L_ERR "Kernel does not support TCP MD5 signatures"); - else - log(L_ERR "sk_set_md5_auth_int: setsockopt: %m"); - } - - return rv; -} - /** * sk_set_md5_auth - add / remove MD5 security association for given socket. * @s: socket -- cgit v1.2.3 From ef9c9ab9b64a6f3b5154e5340ffdcd1d211ec4c5 Mon Sep 17 00:00:00 2001 From: Ondrej Filip Date: Mon, 11 May 2009 01:32:49 +0200 Subject: OpenBSD port related changes. --- sysdep/autoconf.h.in | 4 ++++ sysdep/unix/endian.h | 3 +++ 2 files changed, 7 insertions(+) (limited to 'sysdep') diff --git a/sysdep/autoconf.h.in b/sysdep/autoconf.h.in index 6cf90aa..66e66a8 100644 --- a/sysdep/autoconf.h.in +++ b/sysdep/autoconf.h.in @@ -54,3 +54,7 @@ /* struct sockaddr_in(6) */ #undef HAVE_SIN_LEN + +/* We have stdint.h */ +#undef HAVE_STDINT_H + diff --git a/sysdep/unix/endian.h b/sysdep/unix/endian.h index 58c746f..bc48631 100644 --- a/sysdep/unix/endian.h +++ b/sysdep/unix/endian.h @@ -13,5 +13,8 @@ #include #include +#ifdef HAVE_STDINT_H +#include +#endif #endif -- cgit v1.2.3