diff options
author | Paul Jakma <paul@quagga.net> | 2009-06-12 14:21:02 +0100 |
---|---|---|
committer | Paul Jakma <paul@quagga.net> | 2009-06-12 14:21:02 +0100 |
commit | 3453a7122c1d585ad789ed0f63deb90cc5e89fae (patch) | |
tree | 688446217623080afedffc7f074c8cba58b9b5aa | |
parent | 10819ecee3ced786162b68310cf172aacda18857 (diff) |
[bgpd] Add support for the old Linux 2.4, TCP_MD5_AUTH RFC2385 patch
* configure.ac: Add a --enable-linux24-tcp-md5 argument, to compile in
support for the old TCP-MD5 patch for Linux 2.4 systems. This overrides
auto-detection of TCP-MD5 supported by the target system.
* lib/sockopt.c: (sockopt_tcp_signature) add in a variant for the old
Linux 2.4, TCP_MD5_AUTH variant of TCP-MD5 support, conditional
on the previous configure arg.
-rwxr-xr-x | configure.ac | 6 | ||||
-rw-r--r-- | lib/sockopt.c | 27 |
2 files changed, 31 insertions, 2 deletions
diff --git a/configure.ac b/configure.ac index 6cca8610..7cf30a80 100755 --- a/configure.ac +++ b/configure.ac @@ -247,6 +247,8 @@ AC_ARG_ENABLE(capabilities, [ --disable-capabilities disable using POSIX capabilities]) AC_ARG_ENABLE(gcc_ultra_verbose, [ --enable-gcc-ultra-verbose enable ultra verbose GCC warnings]) +AC_ARG_ENABLE(linux24_tcp_md5, +[ --enable-linux24-tcp-md5 enable support for old, Linux-2.4 RFC2385 patch]) AC_ARG_ENABLE(gcc-rdynamic, [ --enable-gcc-rdynamic enable gcc linking with -rdynamic for better backtraces]) AC_ARG_ENABLE(time-check, @@ -293,6 +295,10 @@ if test "${enable_ospf_te}" = "yes"; then AC_DEFINE(HAVE_OSPF_TE,,OSPF TE) fi +if test "${enable_linux24_tcp_md5}" = "yes"; then + AC_DEFINE(HAVE_TCP_MD5_LINUX24,,Old Linux 2.4 TCP MD5 Signature Patch) +fi + AC_MSG_CHECKING(if zebra should be configurable to send Route Advertisements) if test "${enable_rtadv}" != "no"; then AC_MSG_RESULT(yes) diff --git a/lib/sockopt.c b/lib/sockopt.c index 4ba7e874..d25d371b 100644 --- a/lib/sockopt.c +++ b/lib/sockopt.c @@ -498,7 +498,30 @@ sockopt_iphdrincl_swab_systoh (struct ip *iph) int sockopt_tcp_signature (int sock, union sockunion *su, const char *password) { -#if HAVE_DECL_TCP_MD5SIG +#if defined(HAVE_TCP_MD5_LINUX24) && defined(GNU_LINUX) + /* Support for the old Linux 2.4 TCP-MD5 patch, taken from Hasso Tepper's + * version of the Quagga patch (based on work by Rick Payne, and Bruce + * Simpson) + */ +#define TCP_MD5_AUTH 13 +#define TCP_MD5_AUTH_ADD 1 +#define TCP_MD5_AUTH_DEL 2 + struct tcp_rfc2385_cmd { + u_int8_t command; /* Command - Add/Delete */ + u_int32_t address; /* IPV4 address associated */ + u_int8_t keylen; /* MD5 Key len (do NOT assume 0 terminated ascii) */ + void *key; /* MD5 Key */ + } cmd; + struct in_addr *addr = &su->sin.sin_addr; + + cmd.command = (password != NULL ? TCP_MD5_AUTH_ADD : TCP_MD5_AUTH_DEL); + cmd.address = addr->s_addr; + cmd.keylen = (password != NULL ? strlen (password) : 0); + cmd.key = password; + + return setsockopt (sock, IPPROTO_TCP, TCP_MD5_AUTH, &cmd, sizeof cmd); + +#elif HAVE_DECL_TCP_MD5SIG int ret; #ifndef GNU_LINUX /* @@ -559,5 +582,5 @@ sockopt_tcp_signature (int sock, union sockunion *su, const char *password) return ret; #else /* HAVE_TCP_MD5SIG */ return -2; -#endif /* HAVE_TCP_MD5SIG */ +#endif /* !HAVE_TCP_MD5SIG */ } |