input.c revision 1.29 1 1.29 agc /* $NetBSD: input.c,v 1.29 2002/12/01 08:19:48 agc Exp $ */
2 1.9 cgd
3 1.1 cgd /*
4 1.5 mycroft * Copyright (c) 1983, 1988, 1993
5 1.5 mycroft * The Regents of the University of California. All rights reserved.
6 1.1 cgd *
7 1.1 cgd * Redistribution and use in source and binary forms, with or without
8 1.1 cgd * modification, are permitted provided that the following conditions
9 1.1 cgd * are met:
10 1.1 cgd * 1. Redistributions of source code must retain the above copyright
11 1.1 cgd * notice, this list of conditions and the following disclaimer.
12 1.1 cgd * 2. Redistributions in binary form must reproduce the above copyright
13 1.1 cgd * notice, this list of conditions and the following disclaimer in the
14 1.1 cgd * documentation and/or other materials provided with the distribution.
15 1.1 cgd * 3. All advertising materials mentioning features or use of this software
16 1.24 christos * must display the following acknowledgment:
17 1.1 cgd * This product includes software developed by the University of
18 1.1 cgd * California, Berkeley and its contributors.
19 1.1 cgd * 4. Neither the name of the University nor the names of its contributors
20 1.1 cgd * may be used to endorse or promote products derived from this software
21 1.1 cgd * without specific prior written permission.
22 1.1 cgd *
23 1.1 cgd * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
24 1.1 cgd * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
25 1.1 cgd * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
26 1.1 cgd * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
27 1.1 cgd * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
28 1.1 cgd * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
29 1.1 cgd * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
30 1.1 cgd * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
31 1.1 cgd * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
32 1.1 cgd * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
33 1.1 cgd * SUCH DAMAGE.
34 1.1 cgd */
35 1.1 cgd
36 1.27 christos #include "defs.h"
37 1.27 christos
38 1.27 christos #ifdef __NetBSD__
39 1.29 agc __RCSID("$NetBSD: input.c,v 1.29 2002/12/01 08:19:48 agc Exp $");
40 1.27 christos #elif defined(__FreeBSD__)
41 1.27 christos __RCSID("$FreeBSD$");
42 1.27 christos #else
43 1.28 christos __RCSID("Revision: 2.26 ");
44 1.28 christos #ident "Revision: 2.26 "
45 1.9 cgd #endif
46 1.1 cgd
47 1.19 christos static void input(struct sockaddr_in *, struct interface *, struct interface *,
48 1.19 christos struct rip *, int);
49 1.22 thorpej static void input_route(naddr, naddr, struct rt_spare *, struct netinfo *);
50 1.19 christos static int ck_passwd(struct interface *, struct rip *, void *,
51 1.19 christos naddr, struct msg_limit *);
52 1.1 cgd
53 1.15 christos
54 1.17 thorpej /* process RIP input
55 1.15 christos */
56 1.17 thorpej void
57 1.17 thorpej read_rip(int sock,
58 1.19 christos struct interface *sifp)
59 1.15 christos {
60 1.17 thorpej struct sockaddr_in from;
61 1.19 christos struct interface *aifp;
62 1.17 thorpej int fromlen, cc;
63 1.19 christos #ifdef USE_PASSIFNAME
64 1.19 christos static struct msg_limit bad_name;
65 1.19 christos struct {
66 1.19 christos char ifname[IFNAMSIZ];
67 1.19 christos union pkt_buf pbuf;
68 1.19 christos } inbuf;
69 1.19 christos #else
70 1.19 christos struct {
71 1.19 christos union pkt_buf pbuf;
72 1.19 christos } inbuf;
73 1.19 christos #endif
74 1.15 christos
75 1.15 christos
76 1.17 thorpej for (;;) {
77 1.17 thorpej fromlen = sizeof(from);
78 1.17 thorpej cc = recvfrom(sock, &inbuf, sizeof(inbuf), 0,
79 1.17 thorpej (struct sockaddr*)&from, &fromlen);
80 1.17 thorpej if (cc <= 0) {
81 1.17 thorpej if (cc < 0 && errno != EWOULDBLOCK)
82 1.17 thorpej LOGERR("recvfrom(rip)");
83 1.17 thorpej break;
84 1.17 thorpej }
85 1.17 thorpej if (fromlen != sizeof(struct sockaddr_in))
86 1.17 thorpej logbad(1,"impossible recvfrom(rip) fromlen=%d",
87 1.17 thorpej fromlen);
88 1.17 thorpej
89 1.19 christos /* aifp is the "authenticated" interface via which the packet
90 1.19 christos * arrived. In fact, it is only the interface on which
91 1.19 christos * the packet should have arrived based on is source
92 1.19 christos * address.
93 1.19 christos * sifp is interface associated with the socket through which
94 1.19 christos * the packet was received.
95 1.19 christos */
96 1.19 christos #ifdef USE_PASSIFNAME
97 1.19 christos if ((cc -= sizeof(inbuf.ifname)) < 0)
98 1.19 christos logbad(0,"missing USE_PASSIFNAME; only %d bytes",
99 1.19 christos cc+sizeof(inbuf.ifname));
100 1.19 christos
101 1.19 christos /* check the remote interfaces first */
102 1.19 christos for (aifp = remote_if; aifp; aifp = aifp->int_rlink) {
103 1.19 christos if (aifp->int_addr == from.sin_addr.s_addr)
104 1.19 christos break;
105 1.19 christos }
106 1.19 christos if (aifp == 0) {
107 1.19 christos aifp = ifwithname(inbuf.ifname, 0);
108 1.19 christos if (aifp == 0) {
109 1.19 christos msglim(&bad_name, from.sin_addr.s_addr,
110 1.19 christos "impossible interface name %.*s",
111 1.19 christos IFNAMSIZ, inbuf.ifname);
112 1.19 christos } else if (((aifp->int_if_flags & IFF_POINTOPOINT)
113 1.19 christos && aifp->int_dstaddr!=from.sin_addr.s_addr)
114 1.19 christos || (!(aifp->int_if_flags & IFF_POINTOPOINT)
115 1.19 christos && !on_net(from.sin_addr.s_addr,
116 1.19 christos aifp->int_net,
117 1.19 christos aifp->int_mask))) {
118 1.19 christos /* If it came via the wrong interface, do not
119 1.19 christos * trust it.
120 1.19 christos */
121 1.19 christos aifp = 0;
122 1.19 christos }
123 1.19 christos }
124 1.19 christos #else
125 1.19 christos aifp = iflookup(from.sin_addr.s_addr);
126 1.19 christos #endif
127 1.19 christos if (sifp == 0)
128 1.19 christos sifp = aifp;
129 1.19 christos
130 1.19 christos input(&from, sifp, aifp, &inbuf.pbuf.rip, cc);
131 1.15 christos }
132 1.15 christos }
133 1.15 christos
134 1.15 christos
135 1.17 thorpej /* Process a RIP packet
136 1.1 cgd */
137 1.17 thorpej static void
138 1.17 thorpej input(struct sockaddr_in *from, /* received from this IP address */
139 1.19 christos struct interface *sifp, /* interface of incoming socket */
140 1.19 christos struct interface *aifp, /* "authenticated" interface */
141 1.17 thorpej struct rip *rip,
142 1.19 christos int cc)
143 1.1 cgd {
144 1.17 thorpej # define FROM_NADDR from->sin_addr.s_addr
145 1.19 christos static struct msg_limit use_auth, bad_len, bad_mask;
146 1.22 thorpej static struct msg_limit unk_router, bad_router, bad_nhop;
147 1.17 thorpej
148 1.17 thorpej struct rt_entry *rt;
149 1.22 thorpej struct rt_spare new;
150 1.17 thorpej struct netinfo *n, *lim;
151 1.17 thorpej struct interface *ifp1;
152 1.20 lukem naddr gate, mask, v1_mask, dst, ddst_h = 0;
153 1.19 christos struct auth *ap;
154 1.22 thorpej struct tgate *tg = 0;
155 1.22 thorpej struct tgate_net *tn;
156 1.22 thorpej int i, j;
157 1.17 thorpej
158 1.19 christos /* Notice when we hear from a remote gateway
159 1.19 christos */
160 1.19 christos if (aifp != 0
161 1.19 christos && (aifp->int_state & IS_REMOTE))
162 1.19 christos aifp->int_act_time = now.tv_sec;
163 1.17 thorpej
164 1.19 christos trace_rip("Recv", "from", from, sifp, rip, cc);
165 1.17 thorpej
166 1.17 thorpej if (rip->rip_vers == 0) {
167 1.19 christos msglim(&bad_router, FROM_NADDR,
168 1.19 christos "RIP version 0, cmd %d, packet received from %s",
169 1.19 christos rip->rip_cmd, naddr_ntoa(FROM_NADDR));
170 1.17 thorpej return;
171 1.18 christos } else if (rip->rip_vers > RIPv2) {
172 1.18 christos rip->rip_vers = RIPv2;
173 1.17 thorpej }
174 1.25 christos if (cc > (int)OVER_MAXPACKETSIZE) {
175 1.19 christos msglim(&bad_router, FROM_NADDR,
176 1.19 christos "packet at least %d bytes too long received from %s",
177 1.19 christos cc-MAXPACKETSIZE, naddr_ntoa(FROM_NADDR));
178 1.1 cgd return;
179 1.1 cgd }
180 1.17 thorpej
181 1.17 thorpej n = rip->rip_nets;
182 1.19 christos lim = (struct netinfo *)((char*)rip + cc);
183 1.17 thorpej
184 1.17 thorpej /* Notice authentication.
185 1.17 thorpej * As required by section 4.2 in RFC 1723, discard authenticated
186 1.17 thorpej * RIPv2 messages, but only if configured for that silliness.
187 1.17 thorpej *
188 1.19 christos * RIPv2 authentication is lame. Why authenticate queries?
189 1.17 thorpej * Why should a RIPv2 implementation with authentication disabled
190 1.24 christos * not be able to listen to RIPv2 packets with authentication, while
191 1.17 thorpej * RIPv1 systems will listen? Crazy!
192 1.17 thorpej */
193 1.17 thorpej if (!auth_ok
194 1.18 christos && rip->rip_vers == RIPv2
195 1.17 thorpej && n < lim && n->n_family == RIP_AF_AUTH) {
196 1.19 christos msglim(&use_auth, FROM_NADDR,
197 1.19 christos "RIPv2 message with authentication from %s discarded",
198 1.19 christos naddr_ntoa(FROM_NADDR));
199 1.1 cgd return;
200 1.1 cgd }
201 1.15 christos
202 1.1 cgd switch (rip->rip_cmd) {
203 1.17 thorpej case RIPCMD_REQUEST:
204 1.19 christos /* For mere requests, be a little sloppy about the source
205 1.19 christos */
206 1.19 christos if (aifp == 0)
207 1.19 christos aifp = sifp;
208 1.19 christos
209 1.19 christos /* Are we talking to ourself or a remote gateway?
210 1.17 thorpej */
211 1.19 christos ifp1 = ifwithaddr(FROM_NADDR, 0, 1);
212 1.19 christos if (ifp1) {
213 1.19 christos if (ifp1->int_state & IS_REMOTE) {
214 1.19 christos /* remote gateway */
215 1.19 christos aifp = ifp1;
216 1.19 christos if (check_remote(aifp)) {
217 1.19 christos aifp->int_act_time = now.tv_sec;
218 1.19 christos (void)if_ok(aifp, "remote ");
219 1.19 christos }
220 1.19 christos } else if (from->sin_port == htons(RIP_PORT)) {
221 1.19 christos trace_pkt(" discard our own RIP request");
222 1.17 thorpej return;
223 1.17 thorpej }
224 1.19 christos }
225 1.1 cgd
226 1.19 christos /* did the request come from a router?
227 1.19 christos */
228 1.19 christos if (from->sin_port == htons(RIP_PORT)) {
229 1.19 christos /* yes, ignore the request if RIP is off so that
230 1.19 christos * the router does not depend on us.
231 1.17 thorpej */
232 1.19 christos if (rip_sock < 0
233 1.19 christos || (aifp != 0
234 1.19 christos && IS_RIP_OUT_OFF(aifp->int_state))) {
235 1.19 christos trace_pkt(" discard request while RIP off");
236 1.17 thorpej return;
237 1.17 thorpej }
238 1.17 thorpej }
239 1.17 thorpej
240 1.24 christos /* According to RFC 1723, we should ignore unauthenticated
241 1.17 thorpej * queries. That is too silly to bother with. Sheesh!
242 1.19 christos * Are forwarding tables supposed to be secret, when
243 1.19 christos * a bad guy can infer them with test traffic? When RIP
244 1.19 christos * is still the most common router-discovery protocol
245 1.19 christos * and so hosts need to send queries that will be answered?
246 1.19 christos * What about `rtquery`?
247 1.17 thorpej * Maybe on firewalls you'd care, but not enough to
248 1.17 thorpej * give up the diagnostic facilities of remote probing.
249 1.17 thorpej */
250 1.17 thorpej
251 1.19 christos if (n >= lim) {
252 1.19 christos msglim(&bad_len, FROM_NADDR, "empty request from %s",
253 1.19 christos naddr_ntoa(FROM_NADDR));
254 1.19 christos return;
255 1.17 thorpej }
256 1.19 christos if (cc%sizeof(*n) != sizeof(struct rip)%sizeof(*n)) {
257 1.19 christos msglim(&bad_len, FROM_NADDR,
258 1.19 christos "request of bad length (%d) from %s",
259 1.19 christos cc, naddr_ntoa(FROM_NADDR));
260 1.19 christos }
261 1.19 christos
262 1.19 christos if (rip->rip_vers == RIPv2
263 1.19 christos && (aifp == 0 || (aifp->int_state & IS_NO_RIPV1_OUT))) {
264 1.19 christos v12buf.buf->rip_vers = RIPv2;
265 1.19 christos /* If we have a secret but it is a cleartext secret,
266 1.19 christos * do not disclose our secret unless the other guy
267 1.19 christos * already knows it.
268 1.19 christos */
269 1.19 christos ap = find_auth(aifp);
270 1.19 christos if (ap != 0 && ap->type == RIP_AUTH_PW
271 1.19 christos && n->n_family == RIP_AF_AUTH
272 1.19 christos && !ck_passwd(aifp,rip,lim,FROM_NADDR,&use_auth))
273 1.19 christos ap = 0;
274 1.19 christos } else {
275 1.19 christos v12buf.buf->rip_vers = RIPv1;
276 1.19 christos ap = 0;
277 1.19 christos }
278 1.19 christos clr_ws_buf(&v12buf, ap);
279 1.19 christos
280 1.19 christos do {
281 1.19 christos NTOHL(n->n_metric);
282 1.17 thorpej
283 1.17 thorpej /* A single entry with family RIP_AF_UNSPEC and
284 1.17 thorpej * metric HOPCNT_INFINITY means "all routes".
285 1.1 cgd * We respond to routers only if we are acting
286 1.1 cgd * as a supplier, or to anyone other than a router
287 1.17 thorpej * (i.e. a query).
288 1.1 cgd */
289 1.17 thorpej if (n->n_family == RIP_AF_UNSPEC
290 1.19 christos && n->n_metric == HOPCNT_INFINITY) {
291 1.22 thorpej /* Answer a query from a utility program
292 1.22 thorpej * with all we know.
293 1.22 thorpej */
294 1.17 thorpej if (from->sin_port != htons(RIP_PORT)) {
295 1.19 christos supply(from, aifp, OUT_QUERY, 0,
296 1.19 christos rip->rip_vers, ap != 0);
297 1.18 christos return;
298 1.17 thorpej }
299 1.19 christos
300 1.18 christos /* A router trying to prime its tables.
301 1.18 christos * Filter the answer in the about same way
302 1.18 christos * broadcasts are filtered.
303 1.18 christos *
304 1.18 christos * Only answer a router if we are a supplier
305 1.18 christos * to keep an unwary host that is just starting
306 1.22 thorpej * from picking us as a router.
307 1.18 christos */
308 1.19 christos if (aifp == 0) {
309 1.19 christos trace_pkt("ignore distant router");
310 1.19 christos return;
311 1.19 christos }
312 1.18 christos if (!supplier
313 1.19 christos || IS_RIP_OFF(aifp->int_state)) {
314 1.19 christos trace_pkt("ignore; not supplying");
315 1.18 christos return;
316 1.19 christos }
317 1.18 christos
318 1.22 thorpej /* Do not answer a RIPv1 router if
319 1.22 thorpej * we are sending RIPv2. But do offer
320 1.22 thorpej * poor man's router discovery.
321 1.22 thorpej */
322 1.22 thorpej if ((aifp->int_state & IS_NO_RIPV1_OUT)
323 1.22 thorpej && rip->rip_vers == RIPv1) {
324 1.22 thorpej if (!(aifp->int_state & IS_PM_RDISC)) {
325 1.22 thorpej trace_pkt("ignore; sending RIPv2");
326 1.22 thorpej return;
327 1.22 thorpej }
328 1.22 thorpej
329 1.22 thorpej v12buf.n->n_family = RIP_AF_INET;
330 1.22 thorpej v12buf.n->n_dst = RIP_DEFAULT;
331 1.22 thorpej i = aifp->int_d_metric;
332 1.28 christos if (0 != (rt = rtget(RIP_DEFAULT, 0))) {
333 1.28 christos j = (rt->rt_metric
334 1.28 christos +aifp->int_metric
335 1.28 christos +aifp->int_adj_outmetric
336 1.28 christos +1);
337 1.28 christos if (i > j)
338 1.28 christos i = j;
339 1.28 christos }
340 1.22 thorpej v12buf.n->n_metric = htonl(i);
341 1.22 thorpej v12buf.n++;
342 1.22 thorpej break;
343 1.22 thorpej }
344 1.22 thorpej
345 1.22 thorpej /* Respond with RIPv1 instead of RIPv2 if
346 1.22 thorpej * that is what we are broadcasting on the
347 1.22 thorpej * interface to keep the remote router from
348 1.22 thorpej * getting the wrong initial idea of the
349 1.22 thorpej * routes we send.
350 1.22 thorpej */
351 1.18 christos supply(from, aifp, OUT_UNICAST, 0,
352 1.22 thorpej (aifp->int_state & IS_NO_RIPV1_OUT)
353 1.19 christos ? RIPv2 : RIPv1,
354 1.19 christos ap != 0);
355 1.17 thorpej return;
356 1.17 thorpej }
357 1.17 thorpej
358 1.19 christos /* Ignore authentication */
359 1.19 christos if (n->n_family == RIP_AF_AUTH)
360 1.19 christos continue;
361 1.19 christos
362 1.17 thorpej if (n->n_family != RIP_AF_INET) {
363 1.19 christos msglim(&bad_router, FROM_NADDR,
364 1.22 thorpej "request from %s for unsupported"
365 1.22 thorpej " (af %d) %s",
366 1.19 christos naddr_ntoa(FROM_NADDR),
367 1.19 christos ntohs(n->n_family),
368 1.19 christos naddr_ntoa(n->n_dst));
369 1.17 thorpej return;
370 1.17 thorpej }
371 1.17 thorpej
372 1.19 christos /* We are being asked about a specific destination.
373 1.19 christos */
374 1.17 thorpej dst = n->n_dst;
375 1.17 thorpej if (!check_dst(dst)) {
376 1.19 christos msglim(&bad_router, FROM_NADDR,
377 1.19 christos "bad queried destination %s from %s",
378 1.19 christos naddr_ntoa(dst),
379 1.19 christos naddr_ntoa(FROM_NADDR));
380 1.1 cgd return;
381 1.1 cgd }
382 1.17 thorpej
383 1.19 christos /* decide what mask was intended */
384 1.17 thorpej if (rip->rip_vers == RIPv1
385 1.17 thorpej || 0 == (mask = ntohl(n->n_mask))
386 1.17 thorpej || 0 != (ntohl(dst) & ~mask))
387 1.19 christos mask = ripv1_mask_host(dst, aifp);
388 1.17 thorpej
389 1.19 christos /* try to find the answer */
390 1.17 thorpej rt = rtget(dst, mask);
391 1.17 thorpej if (!rt && dst != RIP_DEFAULT)
392 1.17 thorpej rt = rtfind(n->n_dst);
393 1.17 thorpej
394 1.19 christos if (v12buf.buf->rip_vers != RIPv1)
395 1.19 christos v12buf.n->n_mask = mask;
396 1.17 thorpej if (rt == 0) {
397 1.19 christos /* we do not have the answer */
398 1.19 christos v12buf.n->n_metric = HOPCNT_INFINITY;
399 1.17 thorpej } else {
400 1.19 christos /* we have the answer, so compute the
401 1.19 christos * right metric and next hop.
402 1.19 christos */
403 1.19 christos v12buf.n->n_family = RIP_AF_INET;
404 1.19 christos v12buf.n->n_dst = dst;
405 1.28 christos j = rt->rt_metric+1;
406 1.28 christos if (!aifp)
407 1.28 christos ++j;
408 1.28 christos else
409 1.28 christos j += (aifp->int_metric
410 1.28 christos + aifp->int_adj_outmetric);
411 1.28 christos if (j < HOPCNT_INFINITY)
412 1.28 christos v12buf.n->n_metric = j;
413 1.28 christos else
414 1.19 christos v12buf.n->n_metric = HOPCNT_INFINITY;
415 1.19 christos if (v12buf.buf->rip_vers != RIPv1) {
416 1.19 christos v12buf.n->n_tag = rt->rt_tag;
417 1.19 christos v12buf.n->n_mask = mask;
418 1.19 christos if (aifp != 0
419 1.17 thorpej && on_net(rt->rt_gate,
420 1.19 christos aifp->int_net,
421 1.19 christos aifp->int_mask)
422 1.19 christos && rt->rt_gate != aifp->int_addr)
423 1.19 christos v12buf.n->n_nhop = rt->rt_gate;
424 1.17 thorpej }
425 1.17 thorpej }
426 1.19 christos HTONL(v12buf.n->n_metric);
427 1.19 christos
428 1.19 christos /* Stop paying attention if we fill the output buffer.
429 1.19 christos */
430 1.19 christos if (++v12buf.n >= v12buf.lim)
431 1.19 christos break;
432 1.19 christos } while (++n < lim);
433 1.19 christos
434 1.19 christos /* Send the answer about specific routes.
435 1.19 christos */
436 1.19 christos if (ap != 0 && ap->type == RIP_AUTH_MD5)
437 1.19 christos end_md5_auth(&v12buf, ap);
438 1.19 christos
439 1.17 thorpej if (from->sin_port != htons(RIP_PORT)) {
440 1.17 thorpej /* query */
441 1.19 christos (void)output(OUT_QUERY, from, aifp,
442 1.19 christos v12buf.buf,
443 1.19 christos ((char *)v12buf.n - (char*)v12buf.buf));
444 1.17 thorpej } else if (supplier) {
445 1.19 christos (void)output(OUT_UNICAST, from, aifp,
446 1.19 christos v12buf.buf,
447 1.19 christos ((char *)v12buf.n - (char*)v12buf.buf));
448 1.19 christos } else {
449 1.19 christos /* Only answer a router if we are a supplier
450 1.19 christos * to keep an unwary host that is just starting
451 1.19 christos * from picking us an a router.
452 1.19 christos */
453 1.19 christos ;
454 1.17 thorpej }
455 1.1 cgd return;
456 1.1 cgd
457 1.1 cgd case RIPCMD_TRACEON:
458 1.1 cgd case RIPCMD_TRACEOFF:
459 1.26 christos /* Notice that trace messages are turned off for all possible
460 1.26 christos * abuse if _PATH_TRACE is undefined in pathnames.h.
461 1.26 christos * Notice also that because of the way the trace file is
462 1.26 christos * handled in trace.c, no abuse is plausible even if
463 1.26 christos * _PATH_TRACE_ is defined.
464 1.26 christos *
465 1.26 christos * First verify message came from a privileged port. */
466 1.17 thorpej if (ntohs(from->sin_port) > IPPORT_RESERVED) {
467 1.17 thorpej msglog("trace command from untrusted port on %s",
468 1.17 thorpej naddr_ntoa(FROM_NADDR));
469 1.1 cgd return;
470 1.17 thorpej }
471 1.18 christos if (aifp == 0) {
472 1.17 thorpej msglog("trace command from unknown router %s",
473 1.17 thorpej naddr_ntoa(FROM_NADDR));
474 1.12 christos return;
475 1.17 thorpej }
476 1.17 thorpej if (rip->rip_cmd == RIPCMD_TRACEON) {
477 1.19 christos rip->rip_tracefile[cc-4] = '\0';
478 1.25 christos #ifndef __NetBSD__
479 1.19 christos set_tracefile((char*)rip->rip_tracefile,
480 1.19 christos "trace command: %s\n", 0);
481 1.23 christos #else
482 1.23 christos msglog("RIP_TRACEON for `%s' from %s ignored",
483 1.23 christos (char *) rip->rip_tracefile,
484 1.23 christos naddr_ntoa(FROM_NADDR));
485 1.23 christos #endif
486 1.17 thorpej } else {
487 1.25 christos #ifndef __NetBSD__
488 1.19 christos trace_off("tracing turned off by %s",
489 1.17 thorpej naddr_ntoa(FROM_NADDR));
490 1.23 christos #else
491 1.23 christos msglog("RIP_TRACEOFF from %s ignored",
492 1.23 christos naddr_ntoa(FROM_NADDR));
493 1.23 christos #endif
494 1.17 thorpej }
495 1.1 cgd return;
496 1.1 cgd
497 1.1 cgd case RIPCMD_RESPONSE:
498 1.19 christos if (cc%sizeof(*n) != sizeof(struct rip)%sizeof(*n)) {
499 1.19 christos msglim(&bad_len, FROM_NADDR,
500 1.19 christos "response of bad length (%d) from %s",
501 1.19 christos cc, naddr_ntoa(FROM_NADDR));
502 1.17 thorpej }
503 1.17 thorpej
504 1.1 cgd /* verify message came from a router */
505 1.17 thorpej if (from->sin_port != ntohs(RIP_PORT)) {
506 1.19 christos msglim(&bad_router, FROM_NADDR,
507 1.19 christos " discard RIP response from unknown port"
508 1.27 christos " %d on %s",
509 1.27 christos ntohs(from->sin_port), naddr_ntoa(FROM_NADDR));
510 1.1 cgd return;
511 1.17 thorpej }
512 1.17 thorpej
513 1.17 thorpej if (rip_sock < 0) {
514 1.19 christos trace_pkt(" discard response while RIP off");
515 1.17 thorpej return;
516 1.17 thorpej }
517 1.17 thorpej
518 1.17 thorpej /* Are we talking to ourself or a remote gateway?
519 1.17 thorpej */
520 1.17 thorpej ifp1 = ifwithaddr(FROM_NADDR, 0, 1);
521 1.17 thorpej if (ifp1) {
522 1.17 thorpej if (ifp1->int_state & IS_REMOTE) {
523 1.19 christos /* remote gateway */
524 1.19 christos aifp = ifp1;
525 1.19 christos if (check_remote(aifp)) {
526 1.19 christos aifp->int_act_time = now.tv_sec;
527 1.19 christos (void)if_ok(aifp, "remote ");
528 1.17 thorpej }
529 1.17 thorpej } else {
530 1.19 christos trace_pkt(" discard our own RIP response");
531 1.19 christos return;
532 1.1 cgd }
533 1.17 thorpej }
534 1.17 thorpej
535 1.19 christos /* Accept routing packets from routers directly connected
536 1.19 christos * via broadcast or point-to-point networks, and from
537 1.17 thorpej * those listed in /etc/gateways.
538 1.17 thorpej */
539 1.19 christos if (aifp == 0) {
540 1.19 christos msglim(&unk_router, FROM_NADDR,
541 1.19 christos " discard response from %s"
542 1.19 christos " via unexpected interface",
543 1.19 christos naddr_ntoa(FROM_NADDR));
544 1.19 christos return;
545 1.19 christos }
546 1.19 christos if (IS_RIP_IN_OFF(aifp->int_state)) {
547 1.19 christos trace_pkt(" discard RIPv%d response"
548 1.19 christos " via disabled interface %s",
549 1.19 christos rip->rip_vers, aifp->int_name);
550 1.17 thorpej return;
551 1.17 thorpej }
552 1.19 christos
553 1.19 christos if (n >= lim) {
554 1.19 christos msglim(&bad_len, FROM_NADDR, "empty response from %s",
555 1.19 christos naddr_ntoa(FROM_NADDR));
556 1.17 thorpej return;
557 1.17 thorpej }
558 1.17 thorpej
559 1.18 christos if (((aifp->int_state & IS_NO_RIPV1_IN)
560 1.17 thorpej && rip->rip_vers == RIPv1)
561 1.18 christos || ((aifp->int_state & IS_NO_RIPV2_IN)
562 1.17 thorpej && rip->rip_vers != RIPv1)) {
563 1.19 christos trace_pkt(" discard RIPv%d response",
564 1.17 thorpej rip->rip_vers);
565 1.17 thorpej return;
566 1.17 thorpej }
567 1.17 thorpej
568 1.17 thorpej /* Ignore routes via dead interface.
569 1.17 thorpej */
570 1.18 christos if (aifp->int_state & IS_BROKE) {
571 1.22 thorpej trace_pkt("discard response via broken interface %s",
572 1.18 christos aifp->int_name);
573 1.17 thorpej return;
574 1.17 thorpej }
575 1.17 thorpej
576 1.19 christos /* If the interface cares, ignore bad routers.
577 1.19 christos * Trace but do not log this problem, because where it
578 1.19 christos * happens, it happens frequently.
579 1.19 christos */
580 1.19 christos if (aifp->int_state & IS_DISTRUST) {
581 1.22 thorpej tg = tgates;
582 1.19 christos while (tg->tgate_addr != FROM_NADDR) {
583 1.19 christos tg = tg->tgate_next;
584 1.19 christos if (tg == 0) {
585 1.19 christos trace_pkt(" discard RIP response"
586 1.19 christos " from untrusted router %s",
587 1.19 christos naddr_ntoa(FROM_NADDR));
588 1.19 christos return;
589 1.19 christos }
590 1.18 christos }
591 1.17 thorpej }
592 1.17 thorpej
593 1.19 christos /* Authenticate the packet if we have a secret.
594 1.19 christos * If we do not have any secrets, ignore the error in
595 1.19 christos * RFC 1723 and accept it regardless.
596 1.19 christos */
597 1.19 christos if (aifp->int_auth[0].type != RIP_AUTH_NONE
598 1.19 christos && rip->rip_vers != RIPv1
599 1.19 christos && !ck_passwd(aifp,rip,lim,FROM_NADDR,&use_auth))
600 1.19 christos return;
601 1.17 thorpej
602 1.19 christos do {
603 1.17 thorpej if (n->n_family == RIP_AF_AUTH)
604 1.15 christos continue;
605 1.17 thorpej
606 1.17 thorpej NTOHL(n->n_metric);
607 1.17 thorpej dst = n->n_dst;
608 1.17 thorpej if (n->n_family != RIP_AF_INET
609 1.17 thorpej && (n->n_family != RIP_AF_UNSPEC
610 1.17 thorpej || dst != RIP_DEFAULT)) {
611 1.19 christos msglim(&bad_router, FROM_NADDR,
612 1.19 christos "route from %s to unsupported"
613 1.19 christos " address family=%d destination=%s",
614 1.19 christos naddr_ntoa(FROM_NADDR),
615 1.19 christos n->n_family,
616 1.19 christos naddr_ntoa(dst));
617 1.1 cgd continue;
618 1.1 cgd }
619 1.17 thorpej if (!check_dst(dst)) {
620 1.19 christos msglim(&bad_router, FROM_NADDR,
621 1.19 christos "bad destination %s from %s",
622 1.19 christos naddr_ntoa(dst),
623 1.19 christos naddr_ntoa(FROM_NADDR));
624 1.17 thorpej return;
625 1.1 cgd }
626 1.17 thorpej if (n->n_metric == 0
627 1.17 thorpej || n->n_metric > HOPCNT_INFINITY) {
628 1.19 christos msglim(&bad_router, FROM_NADDR,
629 1.19 christos "bad metric %d from %s"
630 1.19 christos " for destination %s",
631 1.19 christos n->n_metric,
632 1.19 christos naddr_ntoa(FROM_NADDR),
633 1.19 christos naddr_ntoa(dst));
634 1.17 thorpej return;
635 1.1 cgd }
636 1.17 thorpej
637 1.17 thorpej /* Notice the next-hop.
638 1.1 cgd */
639 1.19 christos gate = FROM_NADDR;
640 1.18 christos if (n->n_nhop != 0) {
641 1.24 christos if (rip->rip_vers == RIPv1) {
642 1.18 christos n->n_nhop = 0;
643 1.17 thorpej } else {
644 1.18 christos /* Use it only if it is valid. */
645 1.18 christos if (on_net(n->n_nhop,
646 1.18 christos aifp->int_net, aifp->int_mask)
647 1.18 christos && check_dst(n->n_nhop)) {
648 1.18 christos gate = n->n_nhop;
649 1.18 christos } else {
650 1.19 christos msglim(&bad_nhop, FROM_NADDR,
651 1.19 christos "router %s to %s"
652 1.19 christos " has bad next hop %s",
653 1.19 christos naddr_ntoa(FROM_NADDR),
654 1.19 christos naddr_ntoa(dst),
655 1.19 christos naddr_ntoa(n->n_nhop));
656 1.19 christos n->n_nhop = 0;
657 1.18 christos }
658 1.17 thorpej }
659 1.17 thorpej }
660 1.17 thorpej
661 1.17 thorpej if (rip->rip_vers == RIPv1
662 1.17 thorpej || 0 == (mask = ntohl(n->n_mask))) {
663 1.18 christos mask = ripv1_mask_host(dst,aifp);
664 1.17 thorpej } else if ((ntohl(dst) & ~mask) != 0) {
665 1.19 christos msglim(&bad_mask, FROM_NADDR,
666 1.19 christos "router %s sent bad netmask"
667 1.25 christos " %#lx with %s",
668 1.19 christos naddr_ntoa(FROM_NADDR),
669 1.25 christos (u_long)mask,
670 1.19 christos naddr_ntoa(dst));
671 1.1 cgd continue;
672 1.1 cgd }
673 1.17 thorpej if (rip->rip_vers == RIPv1)
674 1.17 thorpej n->n_tag = 0;
675 1.1 cgd
676 1.17 thorpej /* Adjust metric according to incoming interface..
677 1.17 thorpej */
678 1.28 christos n->n_metric += (aifp->int_metric
679 1.28 christos + aifp->int_adj_inmetric);
680 1.17 thorpej if (n->n_metric > HOPCNT_INFINITY)
681 1.17 thorpej n->n_metric = HOPCNT_INFINITY;
682 1.17 thorpej
683 1.22 thorpej /* Should we trust this route from this router? */
684 1.22 thorpej if (tg && (tn = tg->tgate_nets)->mask != 0) {
685 1.22 thorpej for (i = 0; i < MAX_TGATE_NETS; i++, tn++) {
686 1.22 thorpej if (on_net(dst, tn->net, tn->mask)
687 1.22 thorpej && tn->mask <= mask)
688 1.22 thorpej break;
689 1.22 thorpej }
690 1.22 thorpej if (i >= MAX_TGATE_NETS || tn->mask == 0) {
691 1.22 thorpej trace_pkt(" ignored unauthorized %s",
692 1.22 thorpej addrname(dst,mask,0));
693 1.22 thorpej continue;
694 1.22 thorpej }
695 1.22 thorpej }
696 1.22 thorpej
697 1.17 thorpej /* Recognize and ignore a default route we faked
698 1.17 thorpej * which is being sent back to us by a machine with
699 1.17 thorpej * broken split-horizon.
700 1.17 thorpej * Be a little more paranoid than that, and reject
701 1.17 thorpej * default routes with the same metric we advertised.
702 1.17 thorpej */
703 1.18 christos if (aifp->int_d_metric != 0
704 1.17 thorpej && dst == RIP_DEFAULT
705 1.25 christos && (int)n->n_metric >= aifp->int_d_metric)
706 1.17 thorpej continue;
707 1.17 thorpej
708 1.17 thorpej /* We can receive aggregated RIPv2 routes that must
709 1.17 thorpej * be broken down before they are transmitted by
710 1.17 thorpej * RIPv1 via an interface on a subnet.
711 1.17 thorpej * We might also receive the same routes aggregated
712 1.17 thorpej * via other RIPv2 interfaces.
713 1.17 thorpej * This could cause duplicate routes to be sent on
714 1.17 thorpej * the RIPv1 interfaces. "Longest matching variable
715 1.17 thorpej * length netmasks" lets RIPv2 listeners understand,
716 1.17 thorpej * but breaking down the aggregated routes for RIPv1
717 1.17 thorpej * listeners can produce duplicate routes.
718 1.17 thorpej *
719 1.17 thorpej * Breaking down aggregated routes here bloats
720 1.17 thorpej * the daemon table, but does not hurt the kernel
721 1.17 thorpej * table, since routes are always aggregated for
722 1.17 thorpej * the kernel.
723 1.17 thorpej *
724 1.17 thorpej * Notice that this does not break down network
725 1.17 thorpej * routes corresponding to subnets. This is part
726 1.17 thorpej * of the defense against RS_NET_SYN.
727 1.1 cgd */
728 1.17 thorpej if (have_ripv1_out
729 1.17 thorpej && (((rt = rtget(dst,mask)) == 0
730 1.19 christos || !(rt->rt_state & RS_NET_SYN)))
731 1.19 christos && (v1_mask = ripv1_mask_net(dst,0)) > mask) {
732 1.17 thorpej ddst_h = v1_mask & -v1_mask;
733 1.17 thorpej i = (v1_mask & ~mask)/ddst_h;
734 1.18 christos if (i >= 511) {
735 1.17 thorpej /* Punt if we would have to generate
736 1.17 thorpej * an unreasonable number of routes.
737 1.17 thorpej */
738 1.22 thorpej if (TRACECONTENTS)
739 1.22 thorpej trace_misc("accept %s-->%s as 1"
740 1.22 thorpej " instead of %d routes",
741 1.22 thorpej addrname(dst,mask,0),
742 1.22 thorpej naddr_ntoa(FROM_NADDR),
743 1.22 thorpej i+1);
744 1.17 thorpej i = 0;
745 1.17 thorpej } else {
746 1.17 thorpej mask = v1_mask;
747 1.17 thorpej }
748 1.17 thorpej } else {
749 1.17 thorpej i = 0;
750 1.17 thorpej }
751 1.17 thorpej
752 1.22 thorpej new.rts_gate = gate;
753 1.22 thorpej new.rts_router = FROM_NADDR;
754 1.22 thorpej new.rts_metric = n->n_metric;
755 1.22 thorpej new.rts_tag = n->n_tag;
756 1.22 thorpej new.rts_time = now.tv_sec;
757 1.22 thorpej new.rts_ifp = aifp;
758 1.22 thorpej new.rts_de_ag = i;
759 1.22 thorpej j = 0;
760 1.17 thorpej for (;;) {
761 1.22 thorpej input_route(dst, mask, &new, n);
762 1.22 thorpej if (++j > i)
763 1.17 thorpej break;
764 1.17 thorpej dst = htonl(ntohl(dst) + ddst_h);
765 1.1 cgd }
766 1.19 christos } while (++n < lim);
767 1.1 cgd break;
768 1.1 cgd }
769 1.19 christos #undef FROM_NADDR
770 1.17 thorpej }
771 1.17 thorpej
772 1.17 thorpej
773 1.17 thorpej /* Process a single input route.
774 1.17 thorpej */
775 1.17 thorpej static void
776 1.22 thorpej input_route(naddr dst, /* network order */
777 1.17 thorpej naddr mask,
778 1.22 thorpej struct rt_spare *new,
779 1.17 thorpej struct netinfo *n)
780 1.17 thorpej {
781 1.17 thorpej int i;
782 1.17 thorpej struct rt_entry *rt;
783 1.17 thorpej struct rt_spare *rts, *rts0;
784 1.17 thorpej struct interface *ifp1;
785 1.17 thorpej
786 1.17 thorpej
787 1.17 thorpej /* See if the other guy is telling us to send our packets to him.
788 1.17 thorpej * Sometimes network routes arrive over a point-to-point link for
789 1.17 thorpej * the network containing the address(es) of the link.
790 1.17 thorpej *
791 1.17 thorpej * If our interface is broken, switch to using the other guy.
792 1.17 thorpej */
793 1.17 thorpej ifp1 = ifwithaddr(dst, 1, 1);
794 1.17 thorpej if (ifp1 != 0
795 1.19 christos && (!(ifp1->int_state & IS_BROKE)
796 1.19 christos || (ifp1->int_state & IS_PASSIVE)))
797 1.17 thorpej return;
798 1.17 thorpej
799 1.17 thorpej /* Look for the route in our table.
800 1.17 thorpej */
801 1.17 thorpej rt = rtget(dst, mask);
802 1.17 thorpej
803 1.17 thorpej /* Consider adding the route if we do not already have it.
804 1.17 thorpej */
805 1.17 thorpej if (rt == 0) {
806 1.17 thorpej /* Ignore unknown routes being poisoned.
807 1.17 thorpej */
808 1.22 thorpej if (new->rts_metric == HOPCNT_INFINITY)
809 1.17 thorpej return;
810 1.17 thorpej
811 1.18 christos /* Ignore the route if it points to us */
812 1.18 christos if (n->n_nhop != 0
813 1.18 christos && 0 != ifwithaddr(n->n_nhop, 1, 0))
814 1.18 christos return;
815 1.18 christos
816 1.18 christos /* If something has not gone crazy and tried to fill
817 1.18 christos * our memory, accept the new route.
818 1.18 christos */
819 1.18 christos if (total_routes < MAX_ROUTES)
820 1.22 thorpej rtadd(dst, mask, 0, new);
821 1.17 thorpej return;
822 1.17 thorpej }
823 1.1 cgd
824 1.17 thorpej /* We already know about the route. Consider this update.
825 1.17 thorpej *
826 1.17 thorpej * If (rt->rt_state & RS_NET_SYN), then this route
827 1.17 thorpej * is the same as a network route we have inferred
828 1.17 thorpej * for subnets we know, in order to tell RIPv1 routers
829 1.17 thorpej * about the subnets.
830 1.17 thorpej *
831 1.17 thorpej * It is impossible to tell if the route is coming
832 1.17 thorpej * from a distant RIPv2 router with the standard
833 1.17 thorpej * netmask because that router knows about the entire
834 1.17 thorpej * network, or if it is a round-about echo of a
835 1.17 thorpej * synthetic, RIPv1 network route of our own.
836 1.17 thorpej * The worst is that both kinds of routes might be
837 1.17 thorpej * received, and the bad one might have the smaller
838 1.18 christos * metric. Partly solve this problem by never
839 1.18 christos * aggregating into such a route. Also keep it
840 1.17 thorpej * around as long as the interface exists.
841 1.1 cgd */
842 1.17 thorpej
843 1.17 thorpej rts0 = rt->rt_spares;
844 1.17 thorpej for (rts = rts0, i = NUM_SPARES; i != 0; i--, rts++) {
845 1.22 thorpej if (rts->rts_router == new->rts_router)
846 1.17 thorpej break;
847 1.17 thorpej /* Note the worst slot to reuse,
848 1.17 thorpej * other than the current slot.
849 1.17 thorpej */
850 1.17 thorpej if (rts0 == rt->rt_spares
851 1.17 thorpej || BETTER_LINK(rt, rts0, rts))
852 1.17 thorpej rts0 = rts;
853 1.17 thorpej }
854 1.17 thorpej if (i != 0) {
855 1.22 thorpej /* Found a route from the router already in the table.
856 1.17 thorpej */
857 1.22 thorpej
858 1.22 thorpej /* If the new route is a route broken down from an
859 1.22 thorpej * aggregated route, and if the previous route is either
860 1.22 thorpej * not a broken down route or was broken down from a finer
861 1.22 thorpej * netmask, and if the previous route is current,
862 1.22 thorpej * then forget this one.
863 1.22 thorpej */
864 1.22 thorpej if (new->rts_de_ag > rts->rts_de_ag
865 1.22 thorpej && now_stale <= rts->rts_time)
866 1.22 thorpej return;
867 1.17 thorpej
868 1.18 christos /* Keep poisoned routes around only long enough to pass
869 1.22 thorpej * the poison on. Use a new timestamp for good routes.
870 1.17 thorpej */
871 1.22 thorpej if (rts->rts_metric == HOPCNT_INFINITY
872 1.22 thorpej && new->rts_metric == HOPCNT_INFINITY)
873 1.22 thorpej new->rts_time = rts->rts_time;
874 1.17 thorpej
875 1.17 thorpej /* If this is an update for the router we currently prefer,
876 1.17 thorpej * then note it.
877 1.17 thorpej */
878 1.17 thorpej if (i == NUM_SPARES) {
879 1.22 thorpej rtchange(rt, rt->rt_state, new, 0);
880 1.17 thorpej /* If the route got worse, check for something better.
881 1.1 cgd */
882 1.22 thorpej if (new->rts_metric > rts->rts_metric)
883 1.17 thorpej rtswitch(rt, 0);
884 1.17 thorpej return;
885 1.17 thorpej }
886 1.17 thorpej
887 1.17 thorpej /* This is an update for a spare route.
888 1.17 thorpej * Finished if the route is unchanged.
889 1.17 thorpej */
890 1.22 thorpej if (rts->rts_gate == new->rts_gate
891 1.22 thorpej && rts->rts_metric == new->rts_metric
892 1.22 thorpej && rts->rts_tag == new->rts_tag) {
893 1.22 thorpej trace_upslot(rt, rts, new);
894 1.22 thorpej *rts = *new;
895 1.17 thorpej return;
896 1.22 thorpej }
897 1.22 thorpej /* Forget it if it has gone bad.
898 1.22 thorpej */
899 1.22 thorpej if (new->rts_metric == HOPCNT_INFINITY) {
900 1.19 christos rts_delete(rt, rts);
901 1.19 christos return;
902 1.1 cgd }
903 1.17 thorpej
904 1.17 thorpej } else {
905 1.17 thorpej /* The update is for a route we know about,
906 1.17 thorpej * but not from a familiar router.
907 1.18 christos *
908 1.18 christos * Ignore the route if it points to us.
909 1.17 thorpej */
910 1.18 christos if (n->n_nhop != 0
911 1.18 christos && 0 != ifwithaddr(n->n_nhop, 1, 0))
912 1.18 christos return;
913 1.18 christos
914 1.22 thorpej /* the loop above set rts0=worst spare */
915 1.17 thorpej rts = rts0;
916 1.17 thorpej
917 1.17 thorpej /* Save the route as a spare only if it has
918 1.17 thorpej * a better metric than our worst spare.
919 1.17 thorpej * This also ignores poisoned routes (those
920 1.17 thorpej * received with metric HOPCNT_INFINITY).
921 1.17 thorpej */
922 1.22 thorpej if (new->rts_metric >= rts->rts_metric)
923 1.17 thorpej return;
924 1.1 cgd }
925 1.17 thorpej
926 1.22 thorpej trace_upslot(rt, rts, new);
927 1.22 thorpej *rts = *new;
928 1.17 thorpej
929 1.17 thorpej /* try to switch to a better route */
930 1.17 thorpej rtswitch(rt, rts);
931 1.19 christos }
932 1.19 christos
933 1.19 christos
934 1.19 christos static int /* 0 if bad */
935 1.19 christos ck_passwd(struct interface *aifp,
936 1.19 christos struct rip *rip,
937 1.19 christos void *lim,
938 1.19 christos naddr from,
939 1.19 christos struct msg_limit *use_authp)
940 1.19 christos {
941 1.19 christos # define NA (rip->rip_auths)
942 1.19 christos struct netauth *na2;
943 1.19 christos struct auth *ap;
944 1.19 christos MD5_CTX md5_ctx;
945 1.19 christos u_char hash[RIP_AUTH_PW_LEN];
946 1.24 christos int i, len;
947 1.19 christos
948 1.19 christos
949 1.19 christos if ((void *)NA >= lim || NA->a_family != RIP_AF_AUTH) {
950 1.19 christos msglim(use_authp, from, "missing password from %s",
951 1.19 christos naddr_ntoa(from));
952 1.19 christos return 0;
953 1.19 christos }
954 1.19 christos
955 1.19 christos /* accept any current (+/- 24 hours) password
956 1.19 christos */
957 1.19 christos for (ap = aifp->int_auth, i = 0; i < MAX_AUTH_KEYS; i++, ap++) {
958 1.19 christos if (ap->type != NA->a_type
959 1.19 christos || (u_long)ap->start > (u_long)clk.tv_sec+DAY
960 1.19 christos || (u_long)ap->end+DAY < (u_long)clk.tv_sec)
961 1.19 christos continue;
962 1.19 christos
963 1.19 christos if (NA->a_type == RIP_AUTH_PW) {
964 1.24 christos if (!memcmp(NA->au.au_pw, ap->key, RIP_AUTH_PW_LEN))
965 1.19 christos return 1;
966 1.19 christos
967 1.19 christos } else {
968 1.19 christos /* accept MD5 secret with the right key ID
969 1.19 christos */
970 1.19 christos if (NA->au.a_md5.md5_keyid != ap->keyid)
971 1.19 christos continue;
972 1.19 christos
973 1.24 christos len = ntohs(NA->au.a_md5.md5_pkt_len);
974 1.24 christos if ((len-sizeof(*rip)) % sizeof(*NA) != 0
975 1.25 christos || len != (char *)lim-(char*)rip-(int)sizeof(*NA)) {
976 1.19 christos msglim(use_authp, from,
977 1.24 christos "wrong MD5 RIPv2 packet length of %d"
978 1.24 christos " instead of %d from %s",
979 1.24 christos len, (int)((char *)lim-(char *)rip
980 1.24 christos -sizeof(*NA)),
981 1.19 christos naddr_ntoa(from));
982 1.19 christos return 0;
983 1.19 christos }
984 1.24 christos na2 = (struct netauth *)((char *)rip+len);
985 1.24 christos
986 1.24 christos /* Given a good hash value, these are not security
987 1.24 christos * problems so be generous and accept the routes,
988 1.24 christos * after complaining.
989 1.24 christos */
990 1.24 christos if (TRACEPACKETS) {
991 1.24 christos if (NA->au.a_md5.md5_auth_len
992 1.28 christos != RIP_AUTH_MD5_HASH_LEN)
993 1.24 christos msglim(use_authp, from,
994 1.24 christos "unknown MD5 RIPv2 auth len %#x"
995 1.29 agc " instead of %#lx from %s",
996 1.24 christos NA->au.a_md5.md5_auth_len,
997 1.29 agc (unsigned long) RIP_AUTH_MD5_HASH_LEN,
998 1.24 christos naddr_ntoa(from));
999 1.24 christos if (na2->a_family != RIP_AF_AUTH)
1000 1.24 christos msglim(use_authp, from,
1001 1.24 christos "unknown MD5 RIPv2 family %#x"
1002 1.24 christos " instead of %#x from %s",
1003 1.24 christos na2->a_family, RIP_AF_AUTH,
1004 1.24 christos naddr_ntoa(from));
1005 1.24 christos if (na2->a_type != ntohs(1))
1006 1.24 christos msglim(use_authp, from,
1007 1.24 christos "MD5 RIPv2 hash has %#x"
1008 1.24 christos " instead of %#x from %s",
1009 1.24 christos na2->a_type, ntohs(1),
1010 1.24 christos naddr_ntoa(from));
1011 1.24 christos }
1012 1.24 christos
1013 1.19 christos MD5Init(&md5_ctx);
1014 1.28 christos MD5Update(&md5_ctx, (u_char *)rip,
1015 1.28 christos len + RIP_AUTH_MD5_HASH_XTRA);
1016 1.28 christos MD5Update(&md5_ctx, ap->key, RIP_AUTH_MD5_KEY_LEN);
1017 1.19 christos MD5Final(hash, &md5_ctx);
1018 1.24 christos if (!memcmp(hash, na2->au.au_pw, sizeof(hash)))
1019 1.24 christos return 1;
1020 1.19 christos }
1021 1.19 christos }
1022 1.19 christos
1023 1.19 christos msglim(use_authp, from, "bad password from %s",
1024 1.19 christos naddr_ntoa(from));
1025 1.19 christos return 0;
1026 1.19 christos #undef NA
1027 1.1 cgd }
1028