summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rwxr-xr-xconfigure.ac6
-rw-r--r--lib/sockopt.c27
2 files changed, 31 insertions, 2 deletions
diff --git a/configure.ac b/configure.ac
index 6cca8610..7cf30a80 100755
--- a/configure.ac
+++ b/configure.ac
@@ -247,6 +247,8 @@ AC_ARG_ENABLE(capabilities,
[ --disable-capabilities disable using POSIX capabilities])
AC_ARG_ENABLE(gcc_ultra_verbose,
[ --enable-gcc-ultra-verbose enable ultra verbose GCC warnings])
+AC_ARG_ENABLE(linux24_tcp_md5,
+[ --enable-linux24-tcp-md5 enable support for old, Linux-2.4 RFC2385 patch])
AC_ARG_ENABLE(gcc-rdynamic,
[ --enable-gcc-rdynamic enable gcc linking with -rdynamic for better backtraces])
AC_ARG_ENABLE(time-check,
@@ -293,6 +295,10 @@ if test "${enable_ospf_te}" = "yes"; then
AC_DEFINE(HAVE_OSPF_TE,,OSPF TE)
fi
+if test "${enable_linux24_tcp_md5}" = "yes"; then
+ AC_DEFINE(HAVE_TCP_MD5_LINUX24,,Old Linux 2.4 TCP MD5 Signature Patch)
+fi
+
AC_MSG_CHECKING(if zebra should be configurable to send Route Advertisements)
if test "${enable_rtadv}" != "no"; then
AC_MSG_RESULT(yes)
diff --git a/lib/sockopt.c b/lib/sockopt.c
index 4ba7e874..d25d371b 100644
--- a/lib/sockopt.c
+++ b/lib/sockopt.c
@@ -498,7 +498,30 @@ sockopt_iphdrincl_swab_systoh (struct ip *iph)
int
sockopt_tcp_signature (int sock, union sockunion *su, const char *password)
{
-#if HAVE_DECL_TCP_MD5SIG
+#if defined(HAVE_TCP_MD5_LINUX24) && defined(GNU_LINUX)
+ /* Support for the old Linux 2.4 TCP-MD5 patch, taken from Hasso Tepper's
+ * version of the Quagga patch (based on work by Rick Payne, and Bruce
+ * Simpson)
+ */
+#define TCP_MD5_AUTH 13
+#define TCP_MD5_AUTH_ADD 1
+#define TCP_MD5_AUTH_DEL 2
+ struct tcp_rfc2385_cmd {
+ u_int8_t command; /* Command - Add/Delete */
+ u_int32_t address; /* IPV4 address associated */
+ u_int8_t keylen; /* MD5 Key len (do NOT assume 0 terminated ascii) */
+ void *key; /* MD5 Key */
+ } cmd;
+ struct in_addr *addr = &su->sin.sin_addr;
+
+ cmd.command = (password != NULL ? TCP_MD5_AUTH_ADD : TCP_MD5_AUTH_DEL);
+ cmd.address = addr->s_addr;
+ cmd.keylen = (password != NULL ? strlen (password) : 0);
+ cmd.key = password;
+
+ return setsockopt (sock, IPPROTO_TCP, TCP_MD5_AUTH, &cmd, sizeof cmd);
+
+#elif HAVE_DECL_TCP_MD5SIG
int ret;
#ifndef GNU_LINUX
/*
@@ -559,5 +582,5 @@ sockopt_tcp_signature (int sock, union sockunion *su, const char *password)
return ret;
#else /* HAVE_TCP_MD5SIG */
return -2;
-#endif /* HAVE_TCP_MD5SIG */
+#endif /* !HAVE_TCP_MD5SIG */
}