Browse Source

[bgpd] Add support for the old Linux 2.4, TCP_MD5_AUTH RFC2385 patch

* configure.ac: Add a --enable-linux24-tcp-md5 argument, to compile in
  support for the old TCP-MD5 patch for Linux 2.4 systems.  This overrides
  auto-detection of TCP-MD5 supported by the target system.
* lib/sockopt.c: (sockopt_tcp_signature) add in a variant for the old
  Linux 2.4, TCP_MD5_AUTH variant of TCP-MD5 support, conditional
  on the previous configure arg.
Paul Jakma 12 years ago
parent
commit
3453a7122c
2 changed files with 31 additions and 2 deletions
  1. 6 0
      configure.ac
  2. 25 2
      lib/sockopt.c

+ 6 - 0
configure.ac

@@ -247,6 +247,8 @@ AC_ARG_ENABLE(capabilities,
 [  --disable-capabilities        disable using POSIX capabilities])
 AC_ARG_ENABLE(gcc_ultra_verbose,
 [  --enable-gcc-ultra-verbose    enable ultra verbose GCC warnings])
+AC_ARG_ENABLE(linux24_tcp_md5,
+[  --enable-linux24-tcp-md5  enable support for old, Linux-2.4 RFC2385 patch])
 AC_ARG_ENABLE(gcc-rdynamic,
 [  --enable-gcc-rdynamic   enable gcc linking with -rdynamic for better backtraces])
 AC_ARG_ENABLE(time-check,
@@ -293,6 +295,10 @@ if test "${enable_ospf_te}" = "yes"; then
   AC_DEFINE(HAVE_OSPF_TE,,OSPF TE)
 fi
 
+if test "${enable_linux24_tcp_md5}" = "yes"; then
+  AC_DEFINE(HAVE_TCP_MD5_LINUX24,,Old Linux 2.4 TCP MD5 Signature Patch)
+fi
+
 AC_MSG_CHECKING(if zebra should be configurable to send Route Advertisements)
 if test "${enable_rtadv}" != "no"; then
   AC_MSG_RESULT(yes)

+ 25 - 2
lib/sockopt.c

@@ -498,7 +498,30 @@ sockopt_iphdrincl_swab_systoh (struct ip *iph)
 int
 sockopt_tcp_signature (int sock, union sockunion *su, const char *password)
 {
-#if HAVE_DECL_TCP_MD5SIG
+#if defined(HAVE_TCP_MD5_LINUX24) && defined(GNU_LINUX)
+  /* Support for the old Linux 2.4 TCP-MD5 patch, taken from Hasso Tepper's
+   * version of the Quagga patch (based on work by Rick Payne, and Bruce
+   * Simpson)
+   */
+#define TCP_MD5_AUTH 13
+#define TCP_MD5_AUTH_ADD 1
+#define TCP_MD5_AUTH_DEL 2
+  struct tcp_rfc2385_cmd {
+    u_int8_t     command;    /* Command - Add/Delete */
+    u_int32_t    address;    /* IPV4 address associated */
+    u_int8_t     keylen;     /* MD5 Key len (do NOT assume 0 terminated ascii) */
+    void         *key;       /* MD5 Key */
+  } cmd;
+  struct in_addr *addr = &su->sin.sin_addr;
+  
+  cmd.command = (password != NULL ? TCP_MD5_AUTH_ADD : TCP_MD5_AUTH_DEL);
+  cmd.address = addr->s_addr;
+  cmd.keylen = (password != NULL ? strlen (password) : 0);
+  cmd.key = password;
+  
+  return setsockopt (sock, IPPROTO_TCP, TCP_MD5_AUTH, &cmd, sizeof cmd);
+  
+#elif HAVE_DECL_TCP_MD5SIG
   int ret;
 #ifndef GNU_LINUX
   /*
@@ -559,5 +582,5 @@ sockopt_tcp_signature (int sock, union sockunion *su, const char *password)
   return ret;
 #else /* HAVE_TCP_MD5SIG */
   return -2;
-#endif /* HAVE_TCP_MD5SIG */
+#endif /* !HAVE_TCP_MD5SIG */
 }