Support for MD5 authentication in BGP
Martin Mares
mj at ucw.cz
Tue Oct 7 10:42:55 CEST 2008
Hi!
> static void
> -bgp_close(struct bgp_proto *p UNUSED)
> +bgp_close(struct bgp_proto *p)
> {
> ASSERT(bgp_counter);
> bgp_counter--;
> +
> + if (p->cf->password)
> + sk_set_md5_auth(bgp_listen_sk, p->cf->remote_ip, NULL);
> +
I do not understand this: Why do you change the MD5 auth state on the
listening socket?
> diff -uprN bird-as4/sysdep/linux/sysio.h bird-as4-md5/sysdep/linux/sysio.h
> --- bird-as4/sysdep/linux/sysio.h 2000-05-11 18:30:56.000000000 +0200
> +++ bird-as4-md5/sysdep/linux/sysio.h 2008-10-06 23:24:45.000000000 +0200
> @@ -139,3 +139,24 @@ static inline char *sysio_mcast_join(soc
> #endif
>
> #endif
> +
> +#include <linux/socket.h>
> +#include <linux/tcp.h>
> +
> +/* For the case that we have older kernel headers */
> +/* Copied from Linux kernel file include/linux/tcp.h */
> +
> +#ifndef TCP_MD5SIG
Do we want to support so old kernel headers?
> + * FIXME: check portability
Probably none ;)
> +int
> +sk_set_md5_auth(sock *s, ip_addr a, char *passwd)
> +{
> + sockaddr sa;
> + fill_in_sockaddr(&sa, a, 0);
> + return sk_set_md5_auth_int(s, &sa, passwd);
> +}
Please add a documentation comment for this function.
> + if (s->password != NULL)
`if (s->password)' is enough :) [and consistent with the rest of the code]
Have a nice fortnight
--
Martin `MJ' Mares <mj at ucw.cz> http://mj.ucw.cz/
Faculty of Math and Physics, Charles University, Prague, Czech Rep., Earth
"Anyone can build a fast CPU. The trick is to build a fast system." -- S. Cray
More information about the Bird-users
mailing list