Mensi updaty do ripu. Pridana passwd autentikace (netestovano).

This commit is contained in:
Pavel Machek 1999-05-11 09:53:45 +00:00
parent f7103dfcfe
commit 1b16029c12
5 changed files with 115 additions and 44 deletions

View file

@ -1,4 +1,4 @@
source=rip.c
source=rip.c auth.c
root-rel=../../
dir-name=proto/rip

57
proto/rip/auth.c Normal file
View file

@ -0,0 +1,57 @@
/*
* Rest in pieces - RIP protocol
*
* Copyright (c) 1999 Pavel Machek <pavel@ucw.cz>
*
* Can be freely distributed and used under the terms of the GNU GPL.
*/
#define LOCAL_DEBUG
#include <string.h>
#include <stdlib.h>
#include "nest/bird.h"
#include "nest/iface.h"
#include "nest/protocol.h"
#include "nest/route.h"
#include "lib/socket.h"
#include "lib/resource.h"
#include "lib/lists.h"
#include "lib/timer.h"
#include "rip.h"
#define P ((struct rip_proto *) p)
#define P_CF ((struct rip_proto_config *)p->cf)
int
rip_incoming_authentication( struct proto *p, struct rip_block *block, struct rip_packet *packet, int num )
{
DBG( "Incoming authentication: " );
switch (block->tag) { /* Authentication type */
case AT_PLAINTEXT:
DBG( "Plaintext passwd" );
if (strncmp( (char *) (&block->network), P_CF->password, 16)) {
log( L_AUTH, "Passwd authentication failed!\n" );
return 1;
}
return 0;
}
return 0;
}
void
rip_outgoing_authentication( struct proto *p, struct rip_block *block, struct rip_packet *packet, int num )
{
DBG( "Outgoing authentication: " );
block->tag = P_CF->authtype;
switch (P_CF->authtype) {
case AT_PLAINTEXT:
strncpy( (char *) (&block->network), P_CF->password, 16);
return;
}
}

View file

@ -7,11 +7,7 @@
/*
To add:
passive option (== do not send routing updates to this interface)
version1 switch
multicast off option for interface
interface mode broadcast/multicast/quiet
*/
@ -28,9 +24,11 @@ struct rip_patt *rip_get_iface(void);
CF_DECLS
CF_KEYWORDS(RIP, INFINITY, METRIC, PORT, PERIOD, GARBAGETIME, MODE, MULTICAST, BROADCAST, QUIET, DEFAULT)
CF_KEYWORDS(RIP, INFINITY, METRIC, PORT, PERIOD, GARBAGETIME, PASSWORD,
MODE, BROADCAST, QUIET, NOLISTEN, VERSION1,
AUTHENTICATION, NONE, PLAINTEXT, MD5)
%type <i> rip_mode
%type <i> rip_mode rip_auth
CF_GRAMMAR
@ -49,15 +47,22 @@ RIP_CFG:
| RIP_CFG PORT expr ';' { RIP_CFG->port = $3; }
| RIP_CFG PERIOD expr ';' { RIP_CFG->period = $3; }
| RIP_CFG GARBAGETIME expr ';' { RIP_CFG->garbage_time = $3; }
| RIP_CFG PASSWORD TEXT ';' { RIP_CFG->password = $3; }
| RIP_CFG AUTHENTICATION rip_auth ';' {RIP_CFG->authtype = $3; }
| RIP_CFG rip_iface_list ';'
;
rip_auth:
PLAINTEXT { $$=AT_PLAINTEXT; }
| MD5 { $$=AT_MD5; }
| NONE { $$=AT_NONE; }
;
rip_mode:
MULTICAST { $$=IM_MULTICAST; }
| BROADCAST { $$=IM_BROADCAST; }
| QUIET { $$=IM_QUIET; }
| DEFAULT { $$=IM_DEFAULT; }
BROADCAST { $$|=IM_BROADCAST; }
| QUIET { $$|=IM_QUIET; }
| NOLISTEN { $$|=IM_NOLISTEN; }
| VERSION1 { $$|=IM_VERSION1 | IM_BROADCAST; }
;
rip_iface_item:

View file

@ -1,7 +1,7 @@
/*
* Rest in pieces - RIP protocol
*
* Copyright (c) 1998 Pavel Machek <pavel@ucw.cz>
* Copyright (c) 1998, 1999 Pavel Machek <pavel@ucw.cz>
*
* Can be freely distributed and used under the terms of the GNU GPL.
*/
@ -75,7 +75,7 @@ rip_tx( sock *s )
packet->heading.version = RIP_V2;
packet->heading.unused = 0;
i = 0;
i = !!P_CF->authtype;
FIB_ITERATE_START(&P->rtable, &c->iter, z) {
struct rip_entry *e = (struct rip_entry *) z;
DBG( "." );
@ -103,6 +103,9 @@ rip_tx( sock *s )
break_loop:
if (P_CF->authtype)
rip_outgoing_authentication(p, &packet->block[0], packet, i);
DBG( ", sending %d blocks, ", i );
if (ipa_nonzero(c->daddr))
@ -170,13 +173,6 @@ find_interface(struct proto *p, struct iface *what)
* Input processing
*/
static int
process_authentication( struct proto *p, struct rip_block *block )
{
/* FIXME: Should do md5 authentication */
return 0;
}
/* Let main routing table know about our new entry */
static void
advertise_entry( struct proto *p, struct rip_block *b, ip_addr whotoldme )
@ -289,7 +285,7 @@ rip_process_packet( struct proto *p, struct rip_packet *packet, int num, ip_addr
struct rip_block *block = &packet->block[i];
if (block->family == 0xffff)
if (!i) {
if (process_authentication(p, block))
if (rip_incoming_authentication(p, block, packet, num))
BAD( "Authentication failed" );
} else BAD( "Authentication is not the first!" );
ipa_ntoh( block->network );
@ -372,7 +368,7 @@ rip_timer(timer *t)
struct iface *iface = rif->iface;
if (!iface) continue;
if (rif->patt->mode == IM_QUIET) continue;
if (rif->patt->mode & IM_QUIET) continue;
if (!(iface->flags & IF_UP)) continue;
if (iface->flags & (IF_IGNORE | IF_LOOPBACK)) continue;
@ -400,7 +396,7 @@ rip_start(struct proto *p)
P->timer->recurrent = P_CF->period;
P->timer->hook = rip_timer;
tm_start( P->timer, 5 );
rif = new_iface(p, NULL, 0); /* Initialize dummy interface */
rif = new_iface(p, NULL, 0, NULL); /* Initialize dummy interface */
add_head( &P->interfaces, NODE rif );
CHK_MAGIC;
@ -460,19 +456,20 @@ kill_iface(struct proto *p, struct rip_interface *i)
* new maybe null if we are creating initial send socket
*/
struct rip_interface *
new_iface(struct proto *p, struct iface *new, unsigned long flags)
new_iface(struct proto *p, struct iface *new, unsigned long flags, struct iface_patt *patt )
{
struct rip_interface *rif;
int want_multicast;
int want_multicast = 0;
rif = mb_alloc(p->pool, sizeof( struct rip_interface ));
rif->iface = new;
rif->proto = p;
rif->busy = NULL;
rif->patt = (struct rip_patt *) patt;
want_multicast = 0 && (flags & IF_MULTICAST);
/* FIXME: should have config option to disable this one */
/* FIXME: lookup multicasts over unnumbered links */
if (rif->patt)
want_multicast = (!(rif->patt->mode & IM_BROADCAST)) && (flags & IF_MULTICAST);
/* lookup multicasts over unnumbered links - no: rip is not defined over unnumbered links */
rif->sock = sk_new( p->pool );
rif->sock->type = want_multicast?SK_UDP_MC:SK_UDP;
@ -489,19 +486,18 @@ new_iface(struct proto *p, struct iface *new, unsigned long flags)
rif->sock->ttl = 1; /* FIXME: care must be taken not to send requested responses from this socket */
if (want_multicast)
rif->sock->daddr = ipa_from_u32(0x7f000001); /* FIXME: must lookup address in rfc's */
rif->sock->daddr = ipa_from_u32(0xe0000009);
if (flags & IF_BROADCAST)
rif->sock->daddr = new->addr->brd;
if (flags & IF_UNNUMBERED)
if (flags & IF_UNNUMBERED) /* Hmm, rip is not defined over unnumbered links */
rif->sock->daddr = new->addr->opposite;
if (!ipa_nonzero(rif->sock->daddr))
log( L_WARN "RIP: interface %s is too strange for me", rif->iface ? rif->iface->name : "(dummy)" );
/* FIXME: Should ignore the interface instead of blindly trying to bind on it */
if (!ipa_nonzero(rif->sock->daddr)) {
log( L_WARN "RIP/%s: interface %s is too strange for me", P_NAME, rif->iface ? rif->iface->name : "(dummy)" );
} else
if (!(rif->patt->mode & IM_NOLISTEN))
if (sk_open(rif->sock)<0)
die( "RIP/%s: could not listen on %s", P_NAME, rif->iface ? rif->iface->name : "(dummy)" );
/* FIXME: Should not be fatal, since the interface might have gone */
log( L_WARN "RIP/%s: could not listen on %s", P_NAME, rif->iface ? rif->iface->name : "(dummy)" );
return rif;
}
@ -526,8 +522,7 @@ rip_if_notify(struct proto *p, unsigned c, struct iface *iface)
if (!k) return; /* We are not interested in this interface */
DBG("adding interface %s\n", iface->name );
rif = new_iface(p, iface, iface->flags);
rif->patt = (void *) k;
rif = new_iface(p, iface, iface->flags, k);
add_head( &P->interfaces, NODE rif );
}
}
@ -608,6 +603,8 @@ rip_init_config(struct rip_proto_config *c)
c->port = 520;
c->period = 30;
c->garbage_time = 120+180;
c->password = "PASSWORD";
c->authtype = AT_NONE;
}
static void

View file

@ -69,10 +69,11 @@ struct rip_interface {
int metric; /* User configurable data */
int mode;
#define IM_DEFAULT 0
#define IM_QUIET 1
#define IM_MULTICAST 2
#define IM_BROADCAST 3
#define IM_MULTICAST 1
#define IM_BROADCAST 2
#define IM_QUIET 4
#define IM_NOLISTEN 8
#define IM_VERSION1 16
};
struct rip_patt {
@ -90,6 +91,12 @@ struct rip_proto_config {
int port;
int period;
int garbage_time;
char *password;
int authtype;
#define AT_NONE 0
#define AT_PLAINTEXT 2
#define AT_MD5 1234 /* FIXME: get a real number for this one */
};
struct rip_proto {
@ -108,4 +115,9 @@ struct rip_proto {
void rip_init_instance(struct proto *p);
void rip_init_config(struct rip_proto_config *c);
struct rip_interface *new_iface(struct proto *p, struct iface *new, unsigned long flags);
struct rip_interface *new_iface(struct proto *p, struct iface *new, unsigned long flags, struct iface_patt *patt);
/* Authentication functions */
int rip_incoming_authentication( struct proto *p, struct rip_block *block, struct rip_packet *packet, int num );
void rip_outgoing_authentication( struct proto *p, struct rip_block *block, struct rip_packet *packet, int num );