Incoming side of authentication done but untested. Right handling of

filters in rip.
This commit is contained in:
Pavel Machek 1999-05-31 19:16:22 +00:00
parent 2e6197d634
commit 91c7c7416b
3 changed files with 91 additions and 8 deletions

View file

@ -19,6 +19,7 @@
#include "lib/resource.h" #include "lib/resource.h"
#include "lib/lists.h" #include "lib/lists.h"
#include "lib/timer.h" #include "lib/timer.h"
#include "lib/md5.h"
#include "rip.h" #include "rip.h"
@ -47,10 +48,28 @@ rip_incoming_authentication( struct proto *p, struct rip_block_auth *block, stru
DBG( "md5 password" ); DBG( "md5 password" );
{ {
struct password_item *head; struct password_item *head;
struct rip_md5_tail *tail;
tail = (char *) packet + (block->packetlen - sizeof(struct rip_block_auth));
head = P_CF->passwords; head = P_CF->passwords;
while (head) { while (head) {
if (head->id == block->keyid) if (head->id == block->keyid) {
/* Perform md5 + compare */; struct MD5Context ctxt;
int i;
char md5sum_packet[16];
char md5sum_computed[16];
memcpy(md5sum_packet, tail->md5, i);
password_strncpy(tail->md5, head->password, 16);
MD5Init(&ctxt);
MD5Update(&ctxt, packet, block->packetlen );
MD5Final(md5sum_computed, &ctxt);
if (memcmp(md5sum_packet, md5sum_computed, 16))
return 1;
}
head = head->next; head = head->next;
} }
return 1; return 1;
@ -72,7 +91,7 @@ rip_outgoing_authentication( struct proto *p, struct rip_block_auth *block, stru
log( L_ERR "no passwords set and password authentication requested\n" ); log( L_ERR "no passwords set and password authentication requested\n" );
return; return;
} }
strncpy( (char *) (&block->packetlen), P_CF->passwords->password, 16); password_strncpy( (char *) (&block->packetlen), P_CF->passwords->password, 16);
return; return;
} }
} }

View file

@ -80,11 +80,11 @@ rip_tx( sock *s )
struct rip_entry *e = (struct rip_entry *) z; struct rip_entry *e = (struct rip_entry *) z;
DBG( "." ); DBG( "." );
packet->block[i].family = htons( 2 ); /* AF_INET */ packet->block[i].family = htons( 2 ); /* AF_INET */
packet->block[i].tag = htons( 0 ); /* FIXME: What should I set it to? */ packet->block[i].tag = htons( e->tag );
packet->block[i].network = e->n.prefix; packet->block[i].network = e->n.prefix;
packet->block[i].netmask = ipa_mkmask( e->n.pxlen ); packet->block[i].netmask = ipa_mkmask( e->n.pxlen );
packet->block[i].nexthop = IPA_NONE; /* FIXME: How should I set it? My own IP address? */ packet->block[i].nexthop = IPA_NONE; /* FIXME: How should I set it? My own IP address? */
packet->block[i].metric = htonl( 1+ (e->metric?:1) ); /* FIXME: is this right? I already ++ metric at input side */ packet->block[i].metric = htonl( e->metric );
if (ipa_equal(e->whotoldme, s->daddr)) { if (ipa_equal(e->whotoldme, s->daddr)) {
DBG( "(split horizont)" ); DBG( "(split horizont)" );
/* FIXME: should we do it in all cases? */ /* FIXME: should we do it in all cases? */
@ -527,8 +527,57 @@ rip_if_notify(struct proto *p, unsigned c, struct iface *iface)
} }
} }
static struct ea_list *
rip_gen_attrs(struct proto *p, struct linpool *pool, int metric, u16 tag)
{
struct ea_list *l = lp_alloc(pool, sizeof(struct ea_list) + 2*sizeof(eattr));
l->next = NULL;
l->flags = EALF_SORTED;
l->count = 2;
l->attrs[0].id = EA_RIP_TAG;
l->attrs[0].flags = 0;
l->attrs[0].type = EAF_TYPE_INT | EAF_INLINE;
l->attrs[0].u.data = tag;
l->attrs[1].id = EA_RIP_TAG;
l->attrs[1].flags = 0;
l->attrs[1].type = EAF_TYPE_INT | EAF_INLINE;
l->attrs[1].u.data = metric;
return l;
}
static int
rip_import_control(struct proto *p, struct rte **rt, struct ea_list **attrs, struct linpool *pool)
{
if ((*rt)->attrs->proto == p) /* My own must not be touched */
return 1;
if ((*rt)->attrs->source != RTS_RIP) {
struct ea_list *new = rip_gen_attrs(p, pool, 1, 0);
new->next = *attrs;
*attrs = new;
}
return 0;
}
static struct ea_list *
rip_make_tmp_attrs(struct rte *rt, struct linpool *pool)
{
struct proto *p = rt->attrs->proto;
return rip_gen_attrs(p, pool, rt->u.rip.metric, rt->u.rip.tag);
}
static void static void
rip_rt_notify(struct proto *p, struct network *net, struct rte *new, struct rte *old, struct ea_list *tmpa) rip_store_tmp_attrs(struct rte *rt, struct ea_list *attrs)
{
struct proto *p = rt->attrs->proto;
rt->u.rip.tag = ea_find(attrs, EA_RIP_TAG)->u.data;
rt->u.rip.metric = ea_find(attrs, EA_RIP_TAG)->u.data;
}
static void
rip_rt_notify(struct proto *p, struct network *net, struct rte *new, struct rte *old, struct ea_list *attrs)
{ {
CHK_MAGIC; CHK_MAGIC;
@ -546,8 +595,12 @@ rip_rt_notify(struct proto *p, struct network *net, struct rte *new, struct rte
e = fib_get( &P->rtable, &net->n.prefix, net->n.pxlen ); e = fib_get( &P->rtable, &net->n.prefix, net->n.pxlen );
e->nexthop = new->attrs->gw; e->nexthop = new->attrs->gw;
e->tag = new->u.rip.tag; e->tag = ea_find(attrs, EA_RIP_TAG)->u.data;
e->metric = new->u.rip.metric; e->metric = ea_find(attrs, EA_RIP_TAG)->u.data;
if (e->metric > P_CF->infinity)
e->metric = P_CF->infinity;
if (!e->metric)
e->metric = 1;
e->whotoldme = new->attrs->from; e->whotoldme = new->attrs->from;
e->updated = e->changed = now; e->updated = e->changed = now;
e->flags = 0; e->flags = 0;
@ -563,6 +616,7 @@ rip_rte_better(struct rte *new, struct rte *old)
if (old->u.rip.metric > new->u.rip.metric) if (old->u.rip.metric > new->u.rip.metric)
return 1; return 1;
/* FIXME */
#define old_metric_is_much_older_than_new_metric 0 #define old_metric_is_much_older_than_new_metric 0
if ((old->u.rip.metric == new->u.rip.metric) && (old_metric_is_much_older_than_new_metric)) if ((old->u.rip.metric == new->u.rip.metric) && (old_metric_is_much_older_than_new_metric))
return 1; return 1;
@ -590,6 +644,7 @@ rip_init_instance(struct proto *p)
p->preference = DEF_PREF_RIP; p->preference = DEF_PREF_RIP;
p->if_notify = rip_if_notify; p->if_notify = rip_if_notify;
p->rt_notify = rip_rt_notify; p->rt_notify = rip_rt_notify;
p->import_control = rip_import_control;
p->rte_better = rip_rte_better; p->rte_better = rip_rte_better;
p->rte_insert = rip_rte_insert; p->rte_insert = rip_rte_insert;
p->rte_remove = rip_rte_remove; p->rte_remove = rip_rte_remove;

View file

@ -5,6 +5,9 @@
#include "nest/route.h" #include "nest/route.h"
#include "nest/password.h" #include "nest/password.h"
#define EA_RIP_TAG EA_CODE(EAP_RIP, 0)
#define EA_RIP_METRIC EA_CODE(EAP_RIP, 1)
struct rip_connection { struct rip_connection {
node n; node n;
@ -53,6 +56,12 @@ struct rip_block_auth {
u32 zero1; u32 zero1;
}; };
struct rip_md5_tail {
u16 mustbeFFFF;
u16 mustbe0001;
char md5[16];
};
struct rip_entry { struct rip_entry {
struct fib_node n; struct fib_node n;