input.c revision 1.1.1.7
1 /* 2 * Copyright (c) 1983, 1988, 1993 3 * The Regents of the University of California. All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 3. All advertising materials mentioning features or use of this software 14 * must display the following acknowledgment: 15 * This product includes software developed by the University of 16 * California, Berkeley and its contributors. 17 * 4. Neither the name of the University nor the names of its contributors 18 * may be used to endorse or promote products derived from this software 19 * without specific prior written permission. 20 * 21 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 24 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 31 * SUCH DAMAGE. 32 */ 33 34 #if !defined(sgi) && !defined(__NetBSD__) 35 static char sccsid[] __attribute__((unused)) = "@(#)input.c 8.1 (Berkeley) 6/5/93"; 36 #elif defined(__NetBSD__) 37 __RCSID("$NetBSD: input.c,v 1.1.1.7 1999/02/23 09:56:50 christos Exp $"); 38 #endif 39 40 #include "defs.h" 41 42 static void input(struct sockaddr_in *, struct interface *, struct interface *, 43 struct rip *, int); 44 static void input_route(naddr, naddr, struct rt_spare *, struct netinfo *); 45 static int ck_passwd(struct interface *, struct rip *, void *, 46 naddr, struct msg_limit *); 47 48 49 /* process RIP input 50 */ 51 void 52 read_rip(int sock, 53 struct interface *sifp) 54 { 55 struct sockaddr_in from; 56 struct interface *aifp; 57 int fromlen, cc; 58 #ifdef USE_PASSIFNAME 59 static struct msg_limit bad_name; 60 struct { 61 char ifname[IFNAMSIZ]; 62 union pkt_buf pbuf; 63 } inbuf; 64 #else 65 struct { 66 union pkt_buf pbuf; 67 } inbuf; 68 #endif 69 70 71 for (;;) { 72 fromlen = sizeof(from); 73 cc = recvfrom(sock, &inbuf, sizeof(inbuf), 0, 74 (struct sockaddr*)&from, &fromlen); 75 if (cc <= 0) { 76 if (cc < 0 && errno != EWOULDBLOCK) 77 LOGERR("recvfrom(rip)"); 78 break; 79 } 80 if (fromlen != sizeof(struct sockaddr_in)) 81 logbad(1,"impossible recvfrom(rip) fromlen=%d", 82 fromlen); 83 84 /* aifp is the "authenticated" interface via which the packet 85 * arrived. In fact, it is only the interface on which 86 * the packet should have arrived based on is source 87 * address. 88 * sifp is interface associated with the socket through which 89 * the packet was received. 90 */ 91 #ifdef USE_PASSIFNAME 92 if ((cc -= sizeof(inbuf.ifname)) < 0) 93 logbad(0,"missing USE_PASSIFNAME; only %d bytes", 94 cc+sizeof(inbuf.ifname)); 95 96 /* check the remote interfaces first */ 97 for (aifp = remote_if; aifp; aifp = aifp->int_rlink) { 98 if (aifp->int_addr == from.sin_addr.s_addr) 99 break; 100 } 101 if (aifp == 0) { 102 aifp = ifwithname(inbuf.ifname, 0); 103 if (aifp == 0) { 104 msglim(&bad_name, from.sin_addr.s_addr, 105 "impossible interface name %.*s", 106 IFNAMSIZ, inbuf.ifname); 107 } else if (((aifp->int_if_flags & IFF_POINTOPOINT) 108 && aifp->int_dstaddr!=from.sin_addr.s_addr) 109 || (!(aifp->int_if_flags & IFF_POINTOPOINT) 110 && !on_net(from.sin_addr.s_addr, 111 aifp->int_net, 112 aifp->int_mask))) { 113 /* If it came via the wrong interface, do not 114 * trust it. 115 */ 116 aifp = 0; 117 } 118 } 119 #else 120 aifp = iflookup(from.sin_addr.s_addr); 121 #endif 122 if (sifp == 0) 123 sifp = aifp; 124 125 input(&from, sifp, aifp, &inbuf.pbuf.rip, cc); 126 } 127 } 128 129 130 /* Process a RIP packet 131 */ 132 static void 133 input(struct sockaddr_in *from, /* received from this IP address */ 134 struct interface *sifp, /* interface of incoming socket */ 135 struct interface *aifp, /* "authenticated" interface */ 136 struct rip *rip, 137 int cc) 138 { 139 # define FROM_NADDR from->sin_addr.s_addr 140 static struct msg_limit use_auth, bad_len, bad_mask; 141 static struct msg_limit unk_router, bad_router, bad_nhop; 142 143 struct rt_entry *rt; 144 struct rt_spare new; 145 struct netinfo *n, *lim; 146 struct interface *ifp1; 147 naddr gate, mask, v1_mask, dst, ddst_h = 0; 148 struct auth *ap; 149 struct tgate *tg = 0; 150 struct tgate_net *tn; 151 int i, j; 152 153 /* Notice when we hear from a remote gateway 154 */ 155 if (aifp != 0 156 && (aifp->int_state & IS_REMOTE)) 157 aifp->int_act_time = now.tv_sec; 158 159 trace_rip("Recv", "from", from, sifp, rip, cc); 160 161 if (rip->rip_vers == 0) { 162 msglim(&bad_router, FROM_NADDR, 163 "RIP version 0, cmd %d, packet received from %s", 164 rip->rip_cmd, naddr_ntoa(FROM_NADDR)); 165 return; 166 } else if (rip->rip_vers > RIPv2) { 167 rip->rip_vers = RIPv2; 168 } 169 if (cc > (int)OVER_MAXPACKETSIZE) { 170 msglim(&bad_router, FROM_NADDR, 171 "packet at least %d bytes too long received from %s", 172 cc-MAXPACKETSIZE, naddr_ntoa(FROM_NADDR)); 173 return; 174 } 175 176 n = rip->rip_nets; 177 lim = (struct netinfo *)((char*)rip + cc); 178 179 /* Notice authentication. 180 * As required by section 4.2 in RFC 1723, discard authenticated 181 * RIPv2 messages, but only if configured for that silliness. 182 * 183 * RIPv2 authentication is lame. Why authenticate queries? 184 * Why should a RIPv2 implementation with authentication disabled 185 * not be able to listen to RIPv2 packets with authentication, while 186 * RIPv1 systems will listen? Crazy! 187 */ 188 if (!auth_ok 189 && rip->rip_vers == RIPv2 190 && n < lim && n->n_family == RIP_AF_AUTH) { 191 msglim(&use_auth, FROM_NADDR, 192 "RIPv2 message with authentication from %s discarded", 193 naddr_ntoa(FROM_NADDR)); 194 return; 195 } 196 197 switch (rip->rip_cmd) { 198 case RIPCMD_REQUEST: 199 /* For mere requests, be a little sloppy about the source 200 */ 201 if (aifp == 0) 202 aifp = sifp; 203 204 /* Are we talking to ourself or a remote gateway? 205 */ 206 ifp1 = ifwithaddr(FROM_NADDR, 0, 1); 207 if (ifp1) { 208 if (ifp1->int_state & IS_REMOTE) { 209 /* remote gateway */ 210 aifp = ifp1; 211 if (check_remote(aifp)) { 212 aifp->int_act_time = now.tv_sec; 213 (void)if_ok(aifp, "remote "); 214 } 215 } else if (from->sin_port == htons(RIP_PORT)) { 216 trace_pkt(" discard our own RIP request"); 217 return; 218 } 219 } 220 221 /* did the request come from a router? 222 */ 223 if (from->sin_port == htons(RIP_PORT)) { 224 /* yes, ignore the request if RIP is off so that 225 * the router does not depend on us. 226 */ 227 if (rip_sock < 0 228 || (aifp != 0 229 && IS_RIP_OUT_OFF(aifp->int_state))) { 230 trace_pkt(" discard request while RIP off"); 231 return; 232 } 233 } 234 235 /* According to RFC 1723, we should ignore unauthenticated 236 * queries. That is too silly to bother with. Sheesh! 237 * Are forwarding tables supposed to be secret, when 238 * a bad guy can infer them with test traffic? When RIP 239 * is still the most common router-discovery protocol 240 * and so hosts need to send queries that will be answered? 241 * What about `rtquery`? 242 * Maybe on firewalls you'd care, but not enough to 243 * give up the diagnostic facilities of remote probing. 244 */ 245 246 if (n >= lim) { 247 msglim(&bad_len, FROM_NADDR, "empty request from %s", 248 naddr_ntoa(FROM_NADDR)); 249 return; 250 } 251 if (cc%sizeof(*n) != sizeof(struct rip)%sizeof(*n)) { 252 msglim(&bad_len, FROM_NADDR, 253 "request of bad length (%d) from %s", 254 cc, naddr_ntoa(FROM_NADDR)); 255 } 256 257 if (rip->rip_vers == RIPv2 258 && (aifp == 0 || (aifp->int_state & IS_NO_RIPV1_OUT))) { 259 v12buf.buf->rip_vers = RIPv2; 260 /* If we have a secret but it is a cleartext secret, 261 * do not disclose our secret unless the other guy 262 * already knows it. 263 */ 264 ap = find_auth(aifp); 265 if (ap != 0 && ap->type == RIP_AUTH_PW 266 && n->n_family == RIP_AF_AUTH 267 && !ck_passwd(aifp,rip,lim,FROM_NADDR,&use_auth)) 268 ap = 0; 269 } else { 270 v12buf.buf->rip_vers = RIPv1; 271 ap = 0; 272 } 273 clr_ws_buf(&v12buf, ap); 274 275 do { 276 NTOHL(n->n_metric); 277 278 /* A single entry with family RIP_AF_UNSPEC and 279 * metric HOPCNT_INFINITY means "all routes". 280 * We respond to routers only if we are acting 281 * as a supplier, or to anyone other than a router 282 * (i.e. a query). 283 */ 284 if (n->n_family == RIP_AF_UNSPEC 285 && n->n_metric == HOPCNT_INFINITY) { 286 /* Answer a query from a utility program 287 * with all we know. 288 */ 289 if (from->sin_port != htons(RIP_PORT)) { 290 supply(from, aifp, OUT_QUERY, 0, 291 rip->rip_vers, ap != 0); 292 return; 293 } 294 295 /* A router trying to prime its tables. 296 * Filter the answer in the about same way 297 * broadcasts are filtered. 298 * 299 * Only answer a router if we are a supplier 300 * to keep an unwary host that is just starting 301 * from picking us as a router. 302 */ 303 if (aifp == 0) { 304 trace_pkt("ignore distant router"); 305 return; 306 } 307 if (!supplier 308 || IS_RIP_OFF(aifp->int_state)) { 309 trace_pkt("ignore; not supplying"); 310 return; 311 } 312 313 /* Do not answer a RIPv1 router if 314 * we are sending RIPv2. But do offer 315 * poor man's router discovery. 316 */ 317 if ((aifp->int_state & IS_NO_RIPV1_OUT) 318 && rip->rip_vers == RIPv1) { 319 if (!(aifp->int_state & IS_PM_RDISC)) { 320 trace_pkt("ignore; sending RIPv2"); 321 return; 322 } 323 324 v12buf.n->n_family = RIP_AF_INET; 325 v12buf.n->n_dst = RIP_DEFAULT; 326 i = aifp->int_d_metric; 327 if (0 != (rt = rtget(RIP_DEFAULT, 0))) 328 i = MIN(i, (rt->rt_metric 329 +aifp->int_metric+1)); 330 v12buf.n->n_metric = htonl(i); 331 v12buf.n++; 332 break; 333 } 334 335 /* Respond with RIPv1 instead of RIPv2 if 336 * that is what we are broadcasting on the 337 * interface to keep the remote router from 338 * getting the wrong initial idea of the 339 * routes we send. 340 */ 341 supply(from, aifp, OUT_UNICAST, 0, 342 (aifp->int_state & IS_NO_RIPV1_OUT) 343 ? RIPv2 : RIPv1, 344 ap != 0); 345 return; 346 } 347 348 /* Ignore authentication */ 349 if (n->n_family == RIP_AF_AUTH) 350 continue; 351 352 if (n->n_family != RIP_AF_INET) { 353 msglim(&bad_router, FROM_NADDR, 354 "request from %s for unsupported" 355 " (af %d) %s", 356 naddr_ntoa(FROM_NADDR), 357 ntohs(n->n_family), 358 naddr_ntoa(n->n_dst)); 359 return; 360 } 361 362 /* We are being asked about a specific destination. 363 */ 364 dst = n->n_dst; 365 if (!check_dst(dst)) { 366 msglim(&bad_router, FROM_NADDR, 367 "bad queried destination %s from %s", 368 naddr_ntoa(dst), 369 naddr_ntoa(FROM_NADDR)); 370 return; 371 } 372 373 /* decide what mask was intended */ 374 if (rip->rip_vers == RIPv1 375 || 0 == (mask = ntohl(n->n_mask)) 376 || 0 != (ntohl(dst) & ~mask)) 377 mask = ripv1_mask_host(dst, aifp); 378 379 /* try to find the answer */ 380 rt = rtget(dst, mask); 381 if (!rt && dst != RIP_DEFAULT) 382 rt = rtfind(n->n_dst); 383 384 if (v12buf.buf->rip_vers != RIPv1) 385 v12buf.n->n_mask = mask; 386 if (rt == 0) { 387 /* we do not have the answer */ 388 v12buf.n->n_metric = HOPCNT_INFINITY; 389 } else { 390 /* we have the answer, so compute the 391 * right metric and next hop. 392 */ 393 v12buf.n->n_family = RIP_AF_INET; 394 v12buf.n->n_dst = dst; 395 v12buf.n->n_metric = (rt->rt_metric+1 396 + ((aifp!=0) 397 ? aifp->int_metric 398 : 1)); 399 if (v12buf.n->n_metric > HOPCNT_INFINITY) 400 v12buf.n->n_metric = HOPCNT_INFINITY; 401 if (v12buf.buf->rip_vers != RIPv1) { 402 v12buf.n->n_tag = rt->rt_tag; 403 v12buf.n->n_mask = mask; 404 if (aifp != 0 405 && on_net(rt->rt_gate, 406 aifp->int_net, 407 aifp->int_mask) 408 && rt->rt_gate != aifp->int_addr) 409 v12buf.n->n_nhop = rt->rt_gate; 410 } 411 } 412 HTONL(v12buf.n->n_metric); 413 414 /* Stop paying attention if we fill the output buffer. 415 */ 416 if (++v12buf.n >= v12buf.lim) 417 break; 418 } while (++n < lim); 419 420 /* Send the answer about specific routes. 421 */ 422 if (ap != 0 && ap->type == RIP_AUTH_MD5) 423 end_md5_auth(&v12buf, ap); 424 425 if (from->sin_port != htons(RIP_PORT)) { 426 /* query */ 427 (void)output(OUT_QUERY, from, aifp, 428 v12buf.buf, 429 ((char *)v12buf.n - (char*)v12buf.buf)); 430 } else if (supplier) { 431 (void)output(OUT_UNICAST, from, aifp, 432 v12buf.buf, 433 ((char *)v12buf.n - (char*)v12buf.buf)); 434 } else { 435 /* Only answer a router if we are a supplier 436 * to keep an unwary host that is just starting 437 * from picking us an a router. 438 */ 439 ; 440 } 441 return; 442 443 case RIPCMD_TRACEON: 444 case RIPCMD_TRACEOFF: 445 /* verify message came from a privileged port */ 446 if (ntohs(from->sin_port) > IPPORT_RESERVED) { 447 msglog("trace command from untrusted port on %s", 448 naddr_ntoa(FROM_NADDR)); 449 return; 450 } 451 if (aifp == 0) { 452 msglog("trace command from unknown router %s", 453 naddr_ntoa(FROM_NADDR)); 454 return; 455 } 456 if (rip->rip_cmd == RIPCMD_TRACEON) { 457 rip->rip_tracefile[cc-4] = '\0'; 458 set_tracefile((char*)rip->rip_tracefile, 459 "trace command: %s\n", 0); 460 } else { 461 trace_off("tracing turned off by %s", 462 naddr_ntoa(FROM_NADDR)); 463 } 464 return; 465 466 case RIPCMD_RESPONSE: 467 if (cc%sizeof(*n) != sizeof(struct rip)%sizeof(*n)) { 468 msglim(&bad_len, FROM_NADDR, 469 "response of bad length (%d) from %s", 470 cc, naddr_ntoa(FROM_NADDR)); 471 } 472 473 /* verify message came from a router */ 474 if (from->sin_port != ntohs(RIP_PORT)) { 475 msglim(&bad_router, FROM_NADDR, 476 " discard RIP response from unknown port" 477 " %d", from->sin_port); 478 return; 479 } 480 481 if (rip_sock < 0) { 482 trace_pkt(" discard response while RIP off"); 483 return; 484 } 485 486 /* Are we talking to ourself or a remote gateway? 487 */ 488 ifp1 = ifwithaddr(FROM_NADDR, 0, 1); 489 if (ifp1) { 490 if (ifp1->int_state & IS_REMOTE) { 491 /* remote gateway */ 492 aifp = ifp1; 493 if (check_remote(aifp)) { 494 aifp->int_act_time = now.tv_sec; 495 (void)if_ok(aifp, "remote "); 496 } 497 } else { 498 trace_pkt(" discard our own RIP response"); 499 return; 500 } 501 } 502 503 /* Accept routing packets from routers directly connected 504 * via broadcast or point-to-point networks, and from 505 * those listed in /etc/gateways. 506 */ 507 if (aifp == 0) { 508 msglim(&unk_router, FROM_NADDR, 509 " discard response from %s" 510 " via unexpected interface", 511 naddr_ntoa(FROM_NADDR)); 512 return; 513 } 514 if (IS_RIP_IN_OFF(aifp->int_state)) { 515 trace_pkt(" discard RIPv%d response" 516 " via disabled interface %s", 517 rip->rip_vers, aifp->int_name); 518 return; 519 } 520 521 if (n >= lim) { 522 msglim(&bad_len, FROM_NADDR, "empty response from %s", 523 naddr_ntoa(FROM_NADDR)); 524 return; 525 } 526 527 if (((aifp->int_state & IS_NO_RIPV1_IN) 528 && rip->rip_vers == RIPv1) 529 || ((aifp->int_state & IS_NO_RIPV2_IN) 530 && rip->rip_vers != RIPv1)) { 531 trace_pkt(" discard RIPv%d response", 532 rip->rip_vers); 533 return; 534 } 535 536 /* Ignore routes via dead interface. 537 */ 538 if (aifp->int_state & IS_BROKE) { 539 trace_pkt("discard response via broken interface %s", 540 aifp->int_name); 541 return; 542 } 543 544 /* If the interface cares, ignore bad routers. 545 * Trace but do not log this problem, because where it 546 * happens, it happens frequently. 547 */ 548 if (aifp->int_state & IS_DISTRUST) { 549 tg = tgates; 550 while (tg->tgate_addr != FROM_NADDR) { 551 tg = tg->tgate_next; 552 if (tg == 0) { 553 trace_pkt(" discard RIP response" 554 " from untrusted router %s", 555 naddr_ntoa(FROM_NADDR)); 556 return; 557 } 558 } 559 } 560 561 /* Authenticate the packet if we have a secret. 562 * If we do not have any secrets, ignore the error in 563 * RFC 1723 and accept it regardless. 564 */ 565 if (aifp->int_auth[0].type != RIP_AUTH_NONE 566 && rip->rip_vers != RIPv1 567 && !ck_passwd(aifp,rip,lim,FROM_NADDR,&use_auth)) 568 return; 569 570 do { 571 if (n->n_family == RIP_AF_AUTH) 572 continue; 573 574 NTOHL(n->n_metric); 575 dst = n->n_dst; 576 if (n->n_family != RIP_AF_INET 577 && (n->n_family != RIP_AF_UNSPEC 578 || dst != RIP_DEFAULT)) { 579 msglim(&bad_router, FROM_NADDR, 580 "route from %s to unsupported" 581 " address family=%d destination=%s", 582 naddr_ntoa(FROM_NADDR), 583 n->n_family, 584 naddr_ntoa(dst)); 585 continue; 586 } 587 if (!check_dst(dst)) { 588 msglim(&bad_router, FROM_NADDR, 589 "bad destination %s from %s", 590 naddr_ntoa(dst), 591 naddr_ntoa(FROM_NADDR)); 592 return; 593 } 594 if (n->n_metric == 0 595 || n->n_metric > HOPCNT_INFINITY) { 596 msglim(&bad_router, FROM_NADDR, 597 "bad metric %d from %s" 598 " for destination %s", 599 n->n_metric, 600 naddr_ntoa(FROM_NADDR), 601 naddr_ntoa(dst)); 602 return; 603 } 604 605 /* Notice the next-hop. 606 */ 607 gate = FROM_NADDR; 608 if (n->n_nhop != 0) { 609 if (rip->rip_vers == RIPv1) { 610 n->n_nhop = 0; 611 } else { 612 /* Use it only if it is valid. */ 613 if (on_net(n->n_nhop, 614 aifp->int_net, aifp->int_mask) 615 && check_dst(n->n_nhop)) { 616 gate = n->n_nhop; 617 } else { 618 msglim(&bad_nhop, FROM_NADDR, 619 "router %s to %s" 620 " has bad next hop %s", 621 naddr_ntoa(FROM_NADDR), 622 naddr_ntoa(dst), 623 naddr_ntoa(n->n_nhop)); 624 n->n_nhop = 0; 625 } 626 } 627 } 628 629 if (rip->rip_vers == RIPv1 630 || 0 == (mask = ntohl(n->n_mask))) { 631 mask = ripv1_mask_host(dst,aifp); 632 } else if ((ntohl(dst) & ~mask) != 0) { 633 msglim(&bad_mask, FROM_NADDR, 634 "router %s sent bad netmask" 635 " %#lx with %s", 636 naddr_ntoa(FROM_NADDR), 637 mask, 638 naddr_ntoa(dst)); 639 continue; 640 } 641 if (rip->rip_vers == RIPv1) 642 n->n_tag = 0; 643 644 /* Adjust metric according to incoming interface.. 645 */ 646 n->n_metric += aifp->int_metric; 647 if (n->n_metric > HOPCNT_INFINITY) 648 n->n_metric = HOPCNT_INFINITY; 649 650 /* Should we trust this route from this router? */ 651 if (tg && (tn = tg->tgate_nets)->mask != 0) { 652 for (i = 0; i < MAX_TGATE_NETS; i++, tn++) { 653 if (on_net(dst, tn->net, tn->mask) 654 && tn->mask <= mask) 655 break; 656 } 657 if (i >= MAX_TGATE_NETS || tn->mask == 0) { 658 trace_pkt(" ignored unauthorized %s", 659 addrname(dst,mask,0)); 660 continue; 661 } 662 } 663 664 /* Recognize and ignore a default route we faked 665 * which is being sent back to us by a machine with 666 * broken split-horizon. 667 * Be a little more paranoid than that, and reject 668 * default routes with the same metric we advertised. 669 */ 670 if (aifp->int_d_metric != 0 671 && dst == RIP_DEFAULT 672 && (int)n->n_metric >= aifp->int_d_metric) 673 continue; 674 675 /* We can receive aggregated RIPv2 routes that must 676 * be broken down before they are transmitted by 677 * RIPv1 via an interface on a subnet. 678 * We might also receive the same routes aggregated 679 * via other RIPv2 interfaces. 680 * This could cause duplicate routes to be sent on 681 * the RIPv1 interfaces. "Longest matching variable 682 * length netmasks" lets RIPv2 listeners understand, 683 * but breaking down the aggregated routes for RIPv1 684 * listeners can produce duplicate routes. 685 * 686 * Breaking down aggregated routes here bloats 687 * the daemon table, but does not hurt the kernel 688 * table, since routes are always aggregated for 689 * the kernel. 690 * 691 * Notice that this does not break down network 692 * routes corresponding to subnets. This is part 693 * of the defense against RS_NET_SYN. 694 */ 695 if (have_ripv1_out 696 && (((rt = rtget(dst,mask)) == 0 697 || !(rt->rt_state & RS_NET_SYN))) 698 && (v1_mask = ripv1_mask_net(dst,0)) > mask) { 699 ddst_h = v1_mask & -v1_mask; 700 i = (v1_mask & ~mask)/ddst_h; 701 if (i >= 511) { 702 /* Punt if we would have to generate 703 * an unreasonable number of routes. 704 */ 705 if (TRACECONTENTS) 706 trace_misc("accept %s-->%s as 1" 707 " instead of %d routes", 708 addrname(dst,mask,0), 709 naddr_ntoa(FROM_NADDR), 710 i+1); 711 i = 0; 712 } else { 713 mask = v1_mask; 714 } 715 } else { 716 i = 0; 717 } 718 719 new.rts_gate = gate; 720 new.rts_router = FROM_NADDR; 721 new.rts_metric = n->n_metric; 722 new.rts_tag = n->n_tag; 723 new.rts_time = now.tv_sec; 724 new.rts_ifp = aifp; 725 new.rts_de_ag = i; 726 j = 0; 727 for (;;) { 728 input_route(dst, mask, &new, n); 729 if (++j > i) 730 break; 731 dst = htonl(ntohl(dst) + ddst_h); 732 } 733 } while (++n < lim); 734 break; 735 } 736 #undef FROM_NADDR 737 } 738 739 740 /* Process a single input route. 741 */ 742 static void 743 input_route(naddr dst, /* network order */ 744 naddr mask, 745 struct rt_spare *new, 746 struct netinfo *n) 747 { 748 int i; 749 struct rt_entry *rt; 750 struct rt_spare *rts, *rts0; 751 struct interface *ifp1; 752 753 754 /* See if the other guy is telling us to send our packets to him. 755 * Sometimes network routes arrive over a point-to-point link for 756 * the network containing the address(es) of the link. 757 * 758 * If our interface is broken, switch to using the other guy. 759 */ 760 ifp1 = ifwithaddr(dst, 1, 1); 761 if (ifp1 != 0 762 && (!(ifp1->int_state & IS_BROKE) 763 || (ifp1->int_state & IS_PASSIVE))) 764 return; 765 766 /* Look for the route in our table. 767 */ 768 rt = rtget(dst, mask); 769 770 /* Consider adding the route if we do not already have it. 771 */ 772 if (rt == 0) { 773 /* Ignore unknown routes being poisoned. 774 */ 775 if (new->rts_metric == HOPCNT_INFINITY) 776 return; 777 778 /* Ignore the route if it points to us */ 779 if (n->n_nhop != 0 780 && 0 != ifwithaddr(n->n_nhop, 1, 0)) 781 return; 782 783 /* If something has not gone crazy and tried to fill 784 * our memory, accept the new route. 785 */ 786 if (total_routes < MAX_ROUTES) 787 rtadd(dst, mask, 0, new); 788 return; 789 } 790 791 /* We already know about the route. Consider this update. 792 * 793 * If (rt->rt_state & RS_NET_SYN), then this route 794 * is the same as a network route we have inferred 795 * for subnets we know, in order to tell RIPv1 routers 796 * about the subnets. 797 * 798 * It is impossible to tell if the route is coming 799 * from a distant RIPv2 router with the standard 800 * netmask because that router knows about the entire 801 * network, or if it is a round-about echo of a 802 * synthetic, RIPv1 network route of our own. 803 * The worst is that both kinds of routes might be 804 * received, and the bad one might have the smaller 805 * metric. Partly solve this problem by never 806 * aggregating into such a route. Also keep it 807 * around as long as the interface exists. 808 */ 809 810 rts0 = rt->rt_spares; 811 for (rts = rts0, i = NUM_SPARES; i != 0; i--, rts++) { 812 if (rts->rts_router == new->rts_router) 813 break; 814 /* Note the worst slot to reuse, 815 * other than the current slot. 816 */ 817 if (rts0 == rt->rt_spares 818 || BETTER_LINK(rt, rts0, rts)) 819 rts0 = rts; 820 } 821 if (i != 0) { 822 /* Found a route from the router already in the table. 823 */ 824 825 /* If the new route is a route broken down from an 826 * aggregated route, and if the previous route is either 827 * not a broken down route or was broken down from a finer 828 * netmask, and if the previous route is current, 829 * then forget this one. 830 */ 831 if (new->rts_de_ag > rts->rts_de_ag 832 && now_stale <= rts->rts_time) 833 return; 834 835 /* Keep poisoned routes around only long enough to pass 836 * the poison on. Use a new timestamp for good routes. 837 */ 838 if (rts->rts_metric == HOPCNT_INFINITY 839 && new->rts_metric == HOPCNT_INFINITY) 840 new->rts_time = rts->rts_time; 841 842 /* If this is an update for the router we currently prefer, 843 * then note it. 844 */ 845 if (i == NUM_SPARES) { 846 rtchange(rt, rt->rt_state, new, 0); 847 /* If the route got worse, check for something better. 848 */ 849 if (new->rts_metric > rts->rts_metric) 850 rtswitch(rt, 0); 851 return; 852 } 853 854 /* This is an update for a spare route. 855 * Finished if the route is unchanged. 856 */ 857 if (rts->rts_gate == new->rts_gate 858 && rts->rts_metric == new->rts_metric 859 && rts->rts_tag == new->rts_tag) { 860 trace_upslot(rt, rts, new); 861 *rts = *new; 862 return; 863 } 864 /* Forget it if it has gone bad. 865 */ 866 if (new->rts_metric == HOPCNT_INFINITY) { 867 rts_delete(rt, rts); 868 return; 869 } 870 871 } else { 872 /* The update is for a route we know about, 873 * but not from a familiar router. 874 * 875 * Ignore the route if it points to us. 876 */ 877 if (n->n_nhop != 0 878 && 0 != ifwithaddr(n->n_nhop, 1, 0)) 879 return; 880 881 /* the loop above set rts0=worst spare */ 882 rts = rts0; 883 884 /* Save the route as a spare only if it has 885 * a better metric than our worst spare. 886 * This also ignores poisoned routes (those 887 * received with metric HOPCNT_INFINITY). 888 */ 889 if (new->rts_metric >= rts->rts_metric) 890 return; 891 } 892 893 trace_upslot(rt, rts, new); 894 *rts = *new; 895 896 /* try to switch to a better route */ 897 rtswitch(rt, rts); 898 } 899 900 901 static int /* 0 if bad */ 902 ck_passwd(struct interface *aifp, 903 struct rip *rip, 904 void *lim, 905 naddr from, 906 struct msg_limit *use_authp) 907 { 908 # define NA (rip->rip_auths) 909 struct netauth *na2; 910 struct auth *ap; 911 MD5_CTX md5_ctx; 912 u_char hash[RIP_AUTH_PW_LEN]; 913 int i, len; 914 915 916 if ((void *)NA >= lim || NA->a_family != RIP_AF_AUTH) { 917 msglim(use_authp, from, "missing password from %s", 918 naddr_ntoa(from)); 919 return 0; 920 } 921 922 /* accept any current (+/- 24 hours) password 923 */ 924 for (ap = aifp->int_auth, i = 0; i < MAX_AUTH_KEYS; i++, ap++) { 925 if (ap->type != NA->a_type 926 || (u_long)ap->start > (u_long)clk.tv_sec+DAY 927 || (u_long)ap->end+DAY < (u_long)clk.tv_sec) 928 continue; 929 930 if (NA->a_type == RIP_AUTH_PW) { 931 if (!memcmp(NA->au.au_pw, ap->key, RIP_AUTH_PW_LEN)) 932 return 1; 933 934 } else { 935 /* accept MD5 secret with the right key ID 936 */ 937 if (NA->au.a_md5.md5_keyid != ap->keyid) 938 continue; 939 940 len = ntohs(NA->au.a_md5.md5_pkt_len); 941 if ((len-sizeof(*rip)) % sizeof(*NA) != 0 942 || len != (char *)lim-(char*)rip-(int)sizeof(*NA)) { 943 msglim(use_authp, from, 944 "wrong MD5 RIPv2 packet length of %d" 945 " instead of %d from %s", 946 len, (int)((char *)lim-(char *)rip 947 -sizeof(*NA)), 948 naddr_ntoa(from)); 949 return 0; 950 } 951 na2 = (struct netauth *)((char *)rip+len); 952 953 /* Given a good hash value, these are not security 954 * problems so be generous and accept the routes, 955 * after complaining. 956 */ 957 if (TRACEPACKETS) { 958 if (NA->au.a_md5.md5_auth_len 959 != RIP_AUTH_MD5_LEN) 960 msglim(use_authp, from, 961 "unknown MD5 RIPv2 auth len %#x" 962 " instead of %#x from %s", 963 NA->au.a_md5.md5_auth_len, 964 RIP_AUTH_MD5_LEN, 965 naddr_ntoa(from)); 966 if (na2->a_family != RIP_AF_AUTH) 967 msglim(use_authp, from, 968 "unknown MD5 RIPv2 family %#x" 969 " instead of %#x from %s", 970 na2->a_family, RIP_AF_AUTH, 971 naddr_ntoa(from)); 972 if (na2->a_type != ntohs(1)) 973 msglim(use_authp, from, 974 "MD5 RIPv2 hash has %#x" 975 " instead of %#x from %s", 976 na2->a_type, ntohs(1), 977 naddr_ntoa(from)); 978 } 979 980 MD5Init(&md5_ctx); 981 MD5Update(&md5_ctx, (u_char *)rip, len); 982 MD5Update(&md5_ctx, ap->key, RIP_AUTH_MD5_LEN); 983 MD5Final(hash, &md5_ctx); 984 if (!memcmp(hash, na2->au.au_pw, sizeof(hash))) 985 return 1; 986 } 987 } 988 989 msglim(use_authp, from, "bad password from %s", 990 naddr_ntoa(from)); 991 return 0; 992 #undef NA 993 } 994
Indexes created Wed Oct 15 16:09:53 GMT 2025