summaryrefslogtreecommitdiff
path: root/watchquagga
diff options
context:
space:
mode:
authorNick Hilliard <nick@inex.ie>2011-03-23 15:33:17 +0000
committerPaul Jakma <paul@quagga.net>2011-03-23 15:33:17 +0000
commitfa411a212b55bba650d68fd0456686f3e47b7395 (patch)
tree4d7ef846c2cbc154631a5901747b3384854d497c /watchquagga
parentdb07ad7358cb5e26358326332629ffb658f5747a (diff)
bgpd: RFC 5082 Generalized TTL Security Mechanism support
* bgpd: Add support for RFC 5082 GTSM, which allows the TTL field to be used to verify that incoming packets have been sent from neighbours no more than X IP hops away. In other words, this allows packets that were sent from further away (i.e. not by the neighbour with known distance, and so possibly a miscreant) to be filtered out. * lib/sockunion.{c,h}: (sockopt_minttl) new function, to set a minimum TTL using the IP_MINTTL socket opt. * bgpd.h: (BGP_ERR_NO_EBGP_MULTIHOP_WITH_TTLHACK) define for command error for minttl. (struct peer) add a config variable, to store the configured minttl. (peer_ttl_security_hops_{set,unset}) configuration handlers * bgpd.c: (peer_group_get) init gtsm_hops (peer_ebgp_multihop_{un,}set) check for conflicts with GTSM. Multihop and GTSM can't both be active for a peer at the same time. (peer_ttl_security_hops_set) set minttl, taking care to avoid conflicts with ebgp_multihop. (bgp_config_write_peer) write out minttl as "neighbor .. ttl-security hops X". * bgp_vty.c: (bgp_vty_return) message for BGP_ERR_NO_EBGP_MULTIHOP_WITH_TTLHACK (peer_ebgp_multihop_{un,}set_vty) * bgp_network.c: (bgp_accept) set minttl on accepted sockets if appropriate. (bgp_connect) ditto for outbound.
Diffstat (limited to 'watchquagga')
0 files changed, 0 insertions, 0 deletions