diff options
author | Chris Caputo <ccaputo@alt.net> | 2009-06-23 05:34:29 +0000 |
---|---|---|
committer | Paul Jakma <paul@quagga.net> | 2009-06-23 14:21:40 +0100 |
commit | 2b35ae41c2c5d39801c943fa740c72fc15613141 (patch) | |
tree | b72600ce7970f5a62a344fd7fed3f5e53779b7a2 | |
parent | b60668d092f1778395b6c10b406059b8cbf235b8 (diff) |
Fixes to RFC2385/MD5 BGP
* bgpd/bgp_network.c: Fix MD5 listen in IPv4 version of bgp_socket() by
adding listen socket to listen_sockets list so that MD5 passwords can
get set.
* lib/sockopt.c: (sockopt_tcp_signature) Fix bogus "% Error while applying
TCP-Sig to session(s)" / "can't set TCP_MD5SIG option" startup error
messages by not returning error when there isn't one.
-rw-r--r-- | bgpd/bgp_network.c | 1 | ||||
-rw-r--r-- | lib/sockopt.c | 15 |
2 files changed, 13 insertions, 3 deletions
diff --git a/bgpd/bgp_network.c b/bgpd/bgp_network.c index 6d16c6ec..99f71138 100644 --- a/bgpd/bgp_network.c +++ b/bgpd/bgp_network.c @@ -517,6 +517,7 @@ bgp_socket (struct bgp *bgp, unsigned short port, char *address) return ret; } + listnode_add (bm->listen_sockets, (void *)sock); thread_add_read (bm->master, bgp_accept, bgp, sock); return sock; diff --git a/lib/sockopt.c b/lib/sockopt.c index 96324ffe..55c6226b 100644 --- a/lib/sockopt.c +++ b/lib/sockopt.c @@ -550,8 +550,8 @@ sockopt_tcp_signature (int sock, union sockunion *su, const char *password) if (su2->sa.sa_family == AF_INET) { sockunion_free (susock); - return -1; - }; + return 0; + } #ifdef HAVE_IPV6 /* If this does not work, then all users of this sockopt will need to @@ -580,7 +580,16 @@ sockopt_tcp_signature (int sock, union sockunion *su, const char *password) memcpy (md5sig.tcpm_key, password, keylen); sockunion_free (susock); #endif /* GNU_LINUX */ - ret = setsockopt (sock, IPPROTO_TCP, TCP_MD5SIG, &md5sig, sizeof md5sig); + if ((ret = setsockopt (sock, IPPROTO_TCP, TCP_MD5SIG, &md5sig, sizeof md5sig)) < 0) + { + /* ENOENT is harmless. It is returned when we clear a password for which + one was not previously set. */ + if (ENOENT == errno) + ret = 0; + else + zlog_err ("sockopt_tcp_signature: setsockopt(%d): %s", + sock, safe_strerror(errno)); + } return ret; #else /* HAVE_TCP_MD5SIG */ return -2; |