@@ -94,17 +94,17 @@ struct sock_args {
const char *clientns;
const char *serverns;
const char *password;
const char *client_pw;
- /* prefix for MD5 password */
- const char *md5_prefix_str;
+ /* prefix for MD5/AO*/
+ const char *key_addr_prefix_str;
union {
struct sockaddr_in v4;
struct sockaddr_in6 v6;
- } md5_prefix;
- unsigned int prefix_len;
+ } key_addr;
+ unsigned int key_addr_prefix_len;
/* 0: default, -1: force off, +1: force on */
int bind_key_ifindex;
/* expected addresses and device index for connection */
const char *expected_dev;
@@ -264,16 +264,16 @@ static int tcp_md5sig(int sd, void *addr, socklen_t alen, struct sock_args *args
int rc;
md5sig.tcpm_keylen = keylen;
memcpy(md5sig.tcpm_key, args->password, keylen);
- if (args->prefix_len) {
+ if (args->key_addr_prefix_len) {
opt = TCP_MD5SIG_EXT;
md5sig.tcpm_flags |= TCP_MD5SIG_FLAG_PREFIX;
- md5sig.tcpm_prefixlen = args->prefix_len;
- addr = &args->md5_prefix;
+ md5sig.tcpm_prefixlen = args->key_addr_prefix_len;
+ addr = &args->key_addr;
}
memcpy(&md5sig.tcpm_addr, addr, alen);
if ((args->ifindex && args->bind_key_ifindex >= 0) || args->bind_key_ifindex >= 1) {
opt = TCP_MD5SIG_EXT;
@@ -309,17 +309,17 @@ static int tcp_md5_remote(int sd, struct sock_args *args)
int alen;
switch (args->version) {
case AF_INET:
sin.sin_port = htons(args->port);
- sin.sin_addr = args->md5_prefix.v4.sin_addr;
+ sin.sin_addr = args->key_addr.v4.sin_addr;
addr = &sin;
alen = sizeof(sin);
break;
case AF_INET6:
sin6.sin6_port = htons(args->port);
- sin6.sin6_addr = args->md5_prefix.v6.sin6_addr;
+ sin6.sin6_addr = args->key_addr.v6.sin6_addr;
addr = &sin6;
alen = sizeof(sin6);
break;
default:
log_error("unknown address family\n");
@@ -705,11 +705,11 @@ enum addr_type {
ADDR_TYPE_LOCAL,
ADDR_TYPE_REMOTE,
ADDR_TYPE_MCAST,
ADDR_TYPE_EXPECTED_LOCAL,
ADDR_TYPE_EXPECTED_REMOTE,
- ADDR_TYPE_MD5_PREFIX,
+ ADDR_TYPE_KEY_PREFIX,
};
static int convert_addr(struct sock_args *args, const char *_str,
enum addr_type atype)
{
@@ -745,32 +745,32 @@ static int convert_addr(struct sock_args *args, const char *_str,
break;
case ADDR_TYPE_EXPECTED_REMOTE:
desc = "expected remote";
addr = &args->expected_raddr;
break;
- case ADDR_TYPE_MD5_PREFIX:
- desc = "md5 prefix";
+ case ADDR_TYPE_KEY_PREFIX:
+ desc = "key addr prefix";
if (family == AF_INET) {
- args->md5_prefix.v4.sin_family = AF_INET;
- addr = &args->md5_prefix.v4.sin_addr;
+ args->key_addr.v4.sin_family = AF_INET;
+ addr = &args->key_addr.v4.sin_addr;
} else if (family == AF_INET6) {
- args->md5_prefix.v6.sin6_family = AF_INET6;
- addr = &args->md5_prefix.v6.sin6_addr;
+ args->key_addr.v6.sin6_family = AF_INET6;
+ addr = &args->key_addr.v6.sin6_addr;
} else
return 1;
sep = strchr(str, '/');
if (sep) {
*sep = '\0';
sep++;
if (str_to_uint(sep, 1, pfx_len_max,
- &args->prefix_len) != 0) {
- fprintf(stderr, "Invalid port\n");
+ &args->key_addr_prefix_len) != 0) {
+ fprintf(stderr, "Invalid prefix\n");
return 1;
}
} else {
- args->prefix_len = 0;
+ args->key_addr_prefix_len = 0;
}
break;
default:
log_error("unknown address type\n");
exit(1);
@@ -835,13 +835,13 @@ static int validate_addresses(struct sock_args *args)
if (args->remote_addr_str &&
convert_addr(args, args->remote_addr_str, ADDR_TYPE_REMOTE) < 0)
return 1;
- if (args->md5_prefix_str &&
- convert_addr(args, args->md5_prefix_str,
- ADDR_TYPE_MD5_PREFIX) < 0)
+ if (args->key_addr_prefix_str &&
+ convert_addr(args, args->key_addr_prefix_str,
+ ADDR_TYPE_KEY_PREFIX) < 0)
return 1;
if (args->expected_laddr_str &&
convert_addr(args, args->expected_laddr_str,
ADDR_TYPE_EXPECTED_LOCAL))
@@ -2020,11 +2020,11 @@ int main(int argc, char *argv[])
break;
case 'X':
args.client_pw = optarg;
break;
case 'm':
- args.md5_prefix_str = optarg;
+ args.key_addr_prefix_str = optarg;
break;
case 'S':
args.use_setsockopt = 1;
break;
case 'f':
@@ -2079,17 +2079,17 @@ int main(int argc, char *argv[])
return 1;
}
}
if (args.password &&
- ((!args.has_remote_ip && !args.md5_prefix_str) ||
+ ((!args.has_remote_ip && !args.key_addr_prefix_str) ||
args.type != SOCK_STREAM)) {
log_error("MD5 passwords apply to TCP only and require a remote ip for the password\n");
return 1;
}
- if (args.md5_prefix_str && !args.password) {
+ if (args.key_addr_prefix_str && !args.password) {
log_error("Prefix range for MD5 protection specified without a password\n");
return 1;
}
if (iter == 0) {