lib: add support for extended TCP MD5 auth

MD5 auth on TCP is supported for prefixes in recent versions of Linux;
add complementary support for FRR.

This is a reworked version of Donald's commit to keep library
compatibility and obviate the need for changes in daemons that don't
need to support this themselves.

Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>

1 files changed, 34 insertions, 0 deletions

diff --git a/lib/sockopt.h b/lib/sockopt.h
index 8fa5987cf..732fec92a 100644
--- a/lib/sockopt.h
+++ b/lib/sockopt.h
@@ -100,9 +100,43 @@ extern void sockopt_iphdrincl_swab_htosys(struct ip *iph);
 extern void sockopt_iphdrincl_swab_systoh(struct ip *iph);
 
 extern int sockopt_tcp_rtt(int);
+
+/*
+ * TCP MD5 signature option. This option allows TCP MD5 to be enabled on
+ * addresses.
+ *
+ * sock
+ *    Socket to enable option on.
+ *
+ * su
+ *    Sockunion specifying address to enable option on.
+ *
+ * password
+ *    MD5 auth password
+ */
 extern int sockopt_tcp_signature(int sock, union sockunion *su,
 				 const char *password);
 
+/*
+ * Extended TCP MD5 signature option. This option allows TCP MD5 to be enabled
+ * on prefixes.
+ *
+ * sock
+ *    Socket to enable option on.
+ *
+ * su
+ *    Sockunion specifying address (or prefix) to enable option on.
+ *
+ * prefixlen
+ *    0    - su is an address; fall back to non-extended mode
+ *    Else - su is a prefix; prefixlen is the mask length
+ *
+ * password
+ *    MD5 auth password
+ */
+extern int sockopt_tcp_signature_ext(int sock, union sockunion *su,
+				     uint16_t prefixlen, const char *password);
+
 #ifdef __cplusplus
 }
 #endif