Jerry/bird
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

Actually check sequence numbers.

Browse source
This commit is contained in:
Pavel Machek 1999-12-01 12:52:57 +00:00
parent 3daf783f95
commit 639e628554
3 changed files with 16 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
proto/rip/auth.c
View file

@ -31,7 +31,7 @@
/* 1 == failed, 0 == ok */ /* 1 == failed, 0 == ok */
int int
rip_incoming_authentication( struct proto *p, struct rip_block_auth *block, struct rip_packet *packet, int num ) rip_incoming_authentication( struct proto *p, struct rip_block_auth *block, struct rip_packet *packet, int num, ip_addr whotoldme )
{ {
DBG( "Incoming authentication: " ); DBG( "Incoming authentication: " );
switch (block->authtype) { /* Authentication type */ switch (block->authtype) { /* Authentication type */
@ -73,6 +73,18 @@ rip_incoming_authentication( struct proto *p, struct rip_block_auth *block, stru
DBG( "time, " ); DBG( "time, " );
if ((head->from > now) || (head->to < now)) if ((head->from > now) || (head->to < now))
goto skip; goto skip;
if (block->seq) {
struct neighbor *neigh = neigh_find(p, &whotoldme, 0);
if (!neigh) {
log( L_AUTH "Non-neighbour md5 checksummed packet?\n" );
} else {
if (neigh->aux > block->seq) {
log( L_AUTH "md5 prottected packet with lower numbers\n" );
return 0;
}
neigh->aux = block->seq;
}
}
DBG( "check, " ); DBG( "check, " );
if (head->id == block->keyid) { if (head->id == block->keyid) {
struct MD5Context ctxt; struct MD5Context ctxt;

6
proto/rip/rip.c
View file

@ -9,7 +9,7 @@
FIXME: IpV6 support: use right address for broadcasts FIXME: IpV6 support: use right address for broadcasts
FIXME: IpV6 support: receive "route using" blocks FIXME: IpV6 support: receive "route using" blocks
FIXME: fold rip_connection into rip_interface? FIXME (nonurgent): fold rip_connection into rip_interface?
We are not going to honour requests for sending part of We are not going to honour requests for sending part of
routing table. That would need to turn split horizont off, routing table. That would need to turn split horizont off,
@ -353,7 +353,7 @@ rip_process_packet( struct proto *p, struct rip_packet *packet, int num, ip_addr
if (block->family == 0xffff) { if (block->family == 0xffff) {
if (i) if (i)
continue; /* md5 tail has this family */ continue; /* md5 tail has this family */
if (rip_incoming_authentication(p, (void *) block, packet, num)) if (rip_incoming_authentication(p, (void *) block, packet, num, whotoldme))
BAD( "Authentication failed" ); BAD( "Authentication failed" );
authenticated = 1; authenticated = 1;
continue; continue;
@ -437,8 +437,6 @@ rip_timer(timer *t)
} }
} }
/* FIXME: we need to do triggered updates */
DBG( "RIP: Broadcasting routing tables\n" ); DBG( "RIP: Broadcasting routing tables\n" );
{ {
struct rip_interface *rif; struct rip_interface *rif;

2
proto/rip/rip.h
View file

@ -157,5 +157,5 @@ void rip_init_config(struct rip_proto_config *c);
/* Authentication functions */ /* Authentication functions */
int rip_incoming_authentication( struct proto *p, struct rip_block_auth *block, struct rip_packet *packet, int num ); int rip_incoming_authentication( struct proto *p, struct rip_block_auth *block, struct rip_packet *packet, int num, ip_addr whotoldme );
int rip_outgoing_authentication( struct proto *p, struct rip_block_auth *block, struct rip_packet *packet, int num ); int rip_outgoing_authentication( struct proto *p, struct rip_block_auth *block, struct rip_packet *packet, int num );