Intercepting incoming traffic

The secure OLSR plugin must be able to intercept all incoming OLSR traffic and check the signature if present. This is a matter of de-registering all the OLSR sockets (UDP port 698) from the socket listener, and then re-register them with the plugins own input function. This is done using the functions:

int
remove_olsr_socket(int, void(*)(int));

void
add_olsr_socket(int, void(*)(int));

which are implemented in src/socket_parser.c. The OLSR sockets can all be retrieved from the global interface list ifnet.

The plugins own OLSR input function keeps the registered message parser functions and only differs from the original input function in olsrd on two points:

• An incoming packet is checked for timestamp exchange messages which are processed before the signature check. Keep in mind that these packets contains signatures of their own.

• An incoming packet is checked for an ending signature message:
  • If no such message is found, the packet is not considered sane and is discarded.
  • If a signature message is received from a neighbor for which no timestamp is registered, the timestamp exchange process is initialized.
  • If the neighbor is registered, the signature is checked.
  • If the signature cannot be verified, the packet is discarded.
  • If the signature is verified, the timestamp is checked.
  • If the timestamp validates the packet is passed on to the packet parser within olsrd.