On Tue, Oct 07, 2008 at 10:42:55AM +0200, Martin Mares wrote:
Hi!
static void -bgp_close(struct bgp_proto *p UNUSED) +bgp_close(struct bgp_proto *p) { ASSERT(bgp_counter); bgp_counter--; + + if (p->cf->password) + sk_set_md5_auth(bgp_listen_sk, p->cf->remote_ip, NULL); +
I do not understand this: Why do you change the MD5 auth state on the listening socket?
AFAIK we have to set the (address, password) pairs even before new connection is estabilished, othewise signed SYN packets are dropped and the connection wouldn't estabilish.
diff -uprN bird-as4/sysdep/linux/sysio.h bird-as4-md5/sysdep/linux/sysio.h --- bird-as4/sysdep/linux/sysio.h 2000-05-11 18:30:56.000000000 +0200 +++ bird-as4-md5/sysdep/linux/sysio.h 2008-10-06 23:24:45.000000000 +0200 @@ -139,3 +139,24 @@ static inline char *sysio_mcast_join(soc #endif
#endif + +#include <linux/socket.h> +#include <linux/tcp.h> + +/* For the case that we have older kernel headers */ +/* Copied from Linux kernel file include/linux/tcp.h */ + +#ifndef TCP_MD5SIG
Do we want to support so old kernel headers?
Kernel headers in current Debian don't contain TCP_MD5SIG, so i need it to compile Bird on my computer.
+ * FIXME: check portability
Probably none ;)
I tried to google it and it seems to me that FreeBSD uses the same setsockopt() optval name, but i don't know details yet.
+int +sk_set_md5_auth(sock *s, ip_addr a, char *passwd) +{ + sockaddr sa; + fill_in_sockaddr(&sa, a, 0); + return sk_set_md5_auth_int(s, &sa, passwd); +}
Please add a documentation comment for this function.
OK
+ if (s->password != NULL)
`if (s->password)' is enough :) [and consistent with the rest of the code]
I personally prefer != NULL variant as more readable, but consistency is stronger argument :-) . -- Elen sila lumenn' omentielvo Ondrej 'SanTiago' Zajicek (email: santiago@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) "To err is human -- to blame it on a computer is even more so."