kpriv/freebsd-ports
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
freebsd-ports/net/quagga/files/extra-tcpmd5-patch-bgpd-bgpd.c
Renato Botelho 830f3d55d6 - Update to 0.98.5 
From the official site:
    0.98.5 from stable series is released fixing several bugs in ospfd and
    bgpd, most notably some crashes in ospfd and yet another route server
    functionality regression in bgpd.

PR:		ports/85461
Submitted by:	Boris Kovalenko <boris@tagnet.ru> (maintainer)
2005-08-30 12:36:47 +00:00

90 lines
2.3 KiB
C
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

--- bgpd/bgpd.c.orig Thu Dec 9 06:46:46 2004
+++ bgpd/bgpd.c Sat Jan 29 11:29:26 2005
@@ -59,6 +59,9 @@
#ifdef HAVE_SNMP
#include "bgpd/bgp_snmp.h"
#endif /* HAVE_SNMP */
+#ifndef TCP_SIG_SPI_BASE
+#define TCP_SIG_SPI_BASE 1000 /* XXX this will go away */
+#endif
/* BGP process wide configuration. */
static struct bgp_master bgp_master;
@@ -707,6 +710,7 @@
peer->ostatus = Idle;
peer->version = BGP_VERSION_4;
peer->weight = 0;
+ peer->password[0] = '\0';
/* Set default flags. */
for (afi = AFI_IP; afi < AFI_MAX; afi++)
@@ -3270,6 +3274,55 @@
return 0;
}
+#ifdef QUAGGA_TCP_MD5SIG
+/* Set password for authenticating with the peer. */
+int
+peer_password_set (struct peer *peer, char *password)
+{
+ struct bgp *bgp = peer->bgp;
+ int len;
+
+ len = strlen(password);
+
+ if ((len < PEER_PASSWORD_MINLEN) || (len > PEER_PASSWORD_MAXLEN))
+ return BGP_ERR_INVALID_VALUE;
+
+ memcpy(peer->password, password, len);
+
+ /*
+ * XXX Need to do PF_KEY operation here to add an SA entry,
+ * and add an SP entry for this peer's packet flows also.
+ */
+
+ SET_FLAG (peer->flags, PEER_FLAG_TCP_SIGNATURE);
+
+ if (peer->fd >= 0)
+ sockopt_tcp_signature (peer->su.sa.sa_family, peer->fd, TCP_SIG_SPI_BASE +
+ peer->port);
+
+ return 0;
+}
+
+int
+peer_password_unset (struct peer *peer)
+{
+ struct bgp *bgp = peer->bgp;
+
+ UNSET_FLAG (peer->flags, PEER_FLAG_TCP_SIGNATURE);
+ /* Paranoia. */
+ memset(peer->password, 0, sizeof(peer->password));
+
+ if (peer->fd >= 0)
+ sockopt_tcp_signature (peer->su.sa.sa_family, peer->fd, 0);
+
+ /*
+ * XXX Need to do PF_KEY operation here to remove the SA and SP.
+ */
+
+ return 0;
+}
+#endif /* QUAGGA_TCP_MD5SIG */
+
/* Set distribute list to the peer. */
int
peer_distribute_set (struct peer *peer, afi_t afi, safi_t safi, int direct,
@@ -4279,6 +4332,13 @@
if (peer->desc)
vty_out (vty, " neighbor %s description %s%s", addr, peer->desc,
VTY_NEWLINE);
+
+#ifdef QUAGGA_TCP_MD5SIG
+ /* tcp-md5 session password. XXX the password should be obfuscated */
+ if (CHECK_FLAG (peer->flags, PEER_FLAG_TCP_SIGNATURE))
+ vty_out (vty, " neighbor %s password %s%s", addr, peer->password,
+ VTY_NEWLINE);
+#endif /* QUAGGA_TCP_MD5SIG */
/* Shutdown. */
if (CHECK_FLAG (peer->flags, PEER_FLAG_SHUTDOWN))
Reference in a new issue View git blame Copy permalink