Actually check sequence numbers.

author: Pavel Machek <pavel@ucw.cz> 1999-12-01 13:52:57 +0100
committer: Pavel Machek <pavel@ucw.cz> 1999-12-01 13:52:57 +0100
commit: 639e62855495fcf461c177373d8f5eb0d5d87332 (patch)
tree: 4d68acba497cb62f733914d5cb2652d30cb8e18d /proto/rip/auth.c
parent: 3daf783f95790682025ef03ac5b2f486943e6214 (diff)
download: bird-639e62855495fcf461c177373d8f5eb0d5d87332.tar
bird-639e62855495fcf461c177373d8f5eb0d5d87332.zip
1 files changed, 13 insertions, 1 deletions
diff --git a/proto/rip/auth.c b/proto/rip/auth.c
index 17c8d3a..5337268 100644
--- a/proto/rip/auth.c
+++ b/proto/rip/auth.c
@@ -31,7 +31,7 @@
 
 /* 1 == failed, 0 == ok */
 int
-rip_incoming_authentication( struct proto *p, struct rip_block_auth *block, struct rip_packet *packet, int num )
+rip_incoming_authentication( struct proto *p, struct rip_block_auth *block, struct rip_packet *packet, int num, ip_addr whotoldme )
 {
   DBG( "Incoming authentication: " );
   switch (block->authtype) {	/* Authentication type */
@@ -73,6 +73,18 @@ rip_incoming_authentication( struct proto *p, struct rip_block_auth *block, stru
 	DBG( "time, " );
 	if ((head->from > now) || (head->to < now))
 	  goto skip;
+	if (block->seq) {
+	  struct neighbor *neigh = neigh_find(p, &whotoldme, 0);
+	  if (!neigh) {
+	    log( L_AUTH "Non-neighbour md5 checksummed packet?\n" );
+	  } else {
+	    if (neigh->aux > block->seq) {
+	      log( L_AUTH "md5 prottected packet with lower numbers\n" );
+	      return 0;
+	    }
+	    neigh->aux = block->seq;
+	  }
+	}
 	DBG( "check, " );
 	if (head->id == block->keyid) {
 	  struct MD5Context ctxt;
author	Pavel Machek <pavel@ucw.cz>	1999-12-01 13:52:57 +0100
committer	Pavel Machek <pavel@ucw.cz>	1999-12-01 13:52:57 +0100
commit	639e62855495fcf461c177373d8f5eb0d5d87332 (patch)
tree	4d68acba497cb62f733914d5cb2652d30cb8e18d /proto/rip/auth.c
parent	3daf783f95790682025ef03ac5b2f486943e6214 (diff)
download	bird-639e62855495fcf461c177373d8f5eb0d5d87332.tar bird-639e62855495fcf461c177373d8f5eb0d5d87332.zip