diff options
| author | Renato Westphal <renato@cvs.openbsd.org> | 2015-07-19 21:01:57 +0000 |
|---|---|---|
| committer | Renato Westphal <renato@cvs.openbsd.org> | 2015-07-19 21:01:57 +0000 |
| commit | 56eae6feccf598575c94e77527240efa67e047b2 (patch) | |
| tree | cd702738ed4a2927509d4f4155f7f0345bf000a2 /usr.sbin/ldpd/ldpe.c | |
| parent | 9a2afa8acf1879cf27b958867ec93b8685463544 (diff) | |
Implement md5 authentication support.
ok claudio@
Diffstat (limited to 'usr.sbin/ldpd/ldpe.c')
| -rw-r--r-- | usr.sbin/ldpd/ldpe.c | 33 |
1 files changed, 32 insertions, 1 deletions
diff --git a/usr.sbin/ldpd/ldpe.c b/usr.sbin/ldpd/ldpe.c index d7b4172c760..c4413c164d7 100644 --- a/usr.sbin/ldpd/ldpe.c +++ b/usr.sbin/ldpd/ldpe.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ldpe.c,v 1.31 2015/07/19 20:54:17 renato Exp $ */ +/* $OpenBSD: ldpe.c,v 1.32 2015/07/19 21:01:56 renato Exp $ */ /* * Copyright (c) 2005 Claudio Jeker <claudio@openbsd.org> @@ -22,6 +22,7 @@ #include <sys/socket.h> #include <sys/queue.h> #include <netinet/in.h> +#include <netinet/tcp.h> #include <arpa/inet.h> #include <net/if_types.h> #include <stdlib.h> @@ -51,6 +52,8 @@ void ldpe_shutdown(void); struct ldpd_conf *leconf = NULL, *nconf; struct imsgev *iev_main; struct imsgev *iev_lde; +struct event pfkey_ev; +struct ldpd_sysdep sysdep; /* ARGSUSED */ void @@ -77,6 +80,7 @@ ldpe(struct ldpd_conf *xconf, int pipe_parent2ldpe[2], int pipe_ldpe2lde[2], struct event ev_sigint, ev_sigterm; struct sockaddr_in disc_addr, sess_addr; pid_t pid; + int pfkeysock, opt; switch (pid = fork()) { case -1: @@ -92,6 +96,8 @@ ldpe(struct ldpd_conf *xconf, int pipe_parent2ldpe[2], int pipe_ldpe2lde[2], setproctitle("ldp engine"); ldpd_process = PROC_LDP_ENGINE; + pfkeysock = pfkey_init(&sysdep); + /* create ldpd control socket outside chroot */ if (control_init() == -1) fatalx("control socket setup failed"); @@ -171,6 +177,16 @@ ldpe(struct ldpd_conf *xconf, int pipe_parent2ldpe[2], int pipe_ldpe2lde[2], if (listen(xconf->ldp_session_socket, LDP_BACKLOG) == -1) fatal("error in listen on session socket"); + opt = 1; + if (setsockopt(xconf->ldp_session_socket, IPPROTO_TCP, TCP_MD5SIG, + &opt, sizeof(opt)) == -1) { + if (errno == ENOPROTOOPT) { /* system w/o md5sig */ + log_warnx("md5sig not available, disabling"); + sysdep.no_md5sig = 1; + } else + fatal("setsockopt TCP_MD5SIG"); + } + /* set some defaults */ if (if_set_tos(xconf->ldp_session_socket, IPTOS_PREC_INTERNETCONTROL) == -1) @@ -225,6 +241,10 @@ ldpe(struct ldpd_conf *xconf, int pipe_parent2ldpe[2], int pipe_ldpe2lde[2], iev_main->handler, iev_main); event_add(&iev_main->ev, NULL); + event_set(&pfkey_ev, pfkeysock, EV_READ | EV_PERSIST, + ldpe_dispatch_pfkey, NULL); + event_add(&pfkey_ev, NULL); + event_set(&leconf->disc_ev, leconf->ldp_discovery_socket, EV_READ|EV_PERSIST, disc_recv_packet, NULL); event_add(&leconf->disc_ev, NULL); @@ -574,6 +594,17 @@ ldpe_dispatch_lde(int fd, short event, void *bula) } } +/* ARGSUSED */ +void +ldpe_dispatch_pfkey(int fd, short event, void *bula) +{ + if (event & EV_READ) { + if (pfkey_read(fd, NULL) == -1) { + fatal("pfkey_read failed, exiting..."); + } + } +} + u_int32_t ldpe_router_id(void) { |