diff options
author | Pavel Machek <pavel@ucw.cz> | 1999-10-02 12:44:48 +0200 |
---|---|---|
committer | Pavel Machek <pavel@ucw.cz> | 1999-10-02 12:44:48 +0200 |
commit | ac40c888c21c72ae7f6c3d329dd2ba5417eec009 (patch) | |
tree | 028e6a4399941eef43afbbf68812aec7fbc92c59 /proto/rip | |
parent | 7db7b7db603a2d852066c313da76c72673a204fa (diff) | |
download | bird-ac40c888c21c72ae7f6c3d329dd2ba5417eec009.tar bird-ac40c888c21c72ae7f6c3d329dd2ba5417eec009.zip |
Obvious bugs in authentication fixed.
Diffstat (limited to 'proto/rip')
-rw-r--r-- | proto/rip/auth.c | 6 | ||||
-rw-r--r-- | proto/rip/rip.c | 14 |
2 files changed, 16 insertions, 4 deletions
diff --git a/proto/rip/auth.c b/proto/rip/auth.c index 9dd26da..7d09f27 100644 --- a/proto/rip/auth.c +++ b/proto/rip/auth.c @@ -61,8 +61,10 @@ rip_incoming_authentication( struct proto *p, struct rip_block_auth *block, stru head = P_CF->passwords; while (head) { /* FIXME: should check serial numbers, somehow */ + DBG( "time, " ); if ((head->from > now) || (head->to < now)) - continue; + goto skip; + DBG( "check, " ); if (head->id == block->keyid) { struct MD5Context ctxt; char md5sum_packet[16]; @@ -77,7 +79,9 @@ rip_incoming_authentication( struct proto *p, struct rip_block_auth *block, stru if (memcmp(md5sum_packet, md5sum_computed, 16)) return 1; + return 0; } + skip: head = head->next; } return 1; diff --git a/proto/rip/rip.c b/proto/rip/rip.c index ef98a78..7fcf624 100644 --- a/proto/rip/rip.c +++ b/proto/rip/rip.c @@ -60,6 +60,7 @@ rip_tx( sock *s ) struct rip_packet *packet = (void *) s->tbuf; int i; + DBG( "Sending to %I\n", s->daddr ); do { if (c->done) { @@ -285,7 +286,11 @@ rip_process_packet( struct proto *p, struct rip_packet *packet, int num, ip_addr if (!neigh_find( p, &whotoldme, 0 )) { log( L_ERR "%I send me routing info but he is not my neighbour", whotoldme ); +#if 0 return 0; +#else + log( L_ERR "...ignoring" ); +#endif } for (i=0; i<num; i++) { @@ -294,7 +299,8 @@ rip_process_packet( struct proto *p, struct rip_packet *packet, int num, ip_addr if (!i) { if (rip_incoming_authentication(p, (void *) block, packet, num)) BAD( "Authentication failed" ); - } else BAD( "Authentication is not the first!" ); + } + /* FIXME: Need to reject packets which have no authentication */ ipa_ntoh( block->network ); ipa_ntoh( block->netmask ); ipa_ntoh( block->nexthop ); @@ -500,8 +506,10 @@ new_iface(struct proto *p, struct iface *new, unsigned long flags, struct iface_ if (flags & IF_BROADCAST) rif->sock->daddr = new->addr->brd; - if (flags & IF_UNNUMBERED) /* Hmm, rip is not defined over unnumbered links */ + if (flags & IF_UNNUMBERED) { rif->sock->daddr = new->addr->opposite; + log( L_WARN "RIP/%s: rip is not defined over unnumbered links\n", P_NAME ); + } if (want_multicast) { rif->sock->daddr = ipa_from_u32(0xe0000009); rif->sock->saddr = ipa_from_u32(0xe0000009); @@ -516,7 +524,7 @@ new_iface(struct proto *p, struct iface *new, unsigned long flags, struct iface_ /* Don't try to transmit into this one? Well, why not? This should not happen, anyway :-) */ } - log( L_DEBUG "RIP/%s: listening on %s, port %d, mode %s", P_NAME, rif->iface ? rif->iface->name : "(dummy)", P_CF->port, want_multicast ? "multicast" : "broadcast" ); + log( L_DEBUG "RIP/%s: listening on %s, port %d, mode %s (%I)", P_NAME, rif->iface ? rif->iface->name : "(dummy)", P_CF->port, want_multicast ? "multicast" : "broadcast", rif->sock->daddr ); return rif; } |