summaryrefslogtreecommitdiffstats
path: root/proto/rip
diff options
context:
space:
mode:
authorPavel Machek <pavel@ucw.cz>1999-10-02 12:44:48 +0200
committerPavel Machek <pavel@ucw.cz>1999-10-02 12:44:48 +0200
commitac40c888c21c72ae7f6c3d329dd2ba5417eec009 (patch)
tree028e6a4399941eef43afbbf68812aec7fbc92c59 /proto/rip
parent7db7b7db603a2d852066c313da76c72673a204fa (diff)
downloadbird-ac40c888c21c72ae7f6c3d329dd2ba5417eec009.tar
bird-ac40c888c21c72ae7f6c3d329dd2ba5417eec009.zip
Obvious bugs in authentication fixed.
Diffstat (limited to 'proto/rip')
-rw-r--r--proto/rip/auth.c6
-rw-r--r--proto/rip/rip.c14
2 files changed, 16 insertions, 4 deletions
diff --git a/proto/rip/auth.c b/proto/rip/auth.c
index 9dd26da..7d09f27 100644
--- a/proto/rip/auth.c
+++ b/proto/rip/auth.c
@@ -61,8 +61,10 @@ rip_incoming_authentication( struct proto *p, struct rip_block_auth *block, stru
head = P_CF->passwords;
while (head) {
/* FIXME: should check serial numbers, somehow */
+ DBG( "time, " );
if ((head->from > now) || (head->to < now))
- continue;
+ goto skip;
+ DBG( "check, " );
if (head->id == block->keyid) {
struct MD5Context ctxt;
char md5sum_packet[16];
@@ -77,7 +79,9 @@ rip_incoming_authentication( struct proto *p, struct rip_block_auth *block, stru
if (memcmp(md5sum_packet, md5sum_computed, 16))
return 1;
+ return 0;
}
+ skip:
head = head->next;
}
return 1;
diff --git a/proto/rip/rip.c b/proto/rip/rip.c
index ef98a78..7fcf624 100644
--- a/proto/rip/rip.c
+++ b/proto/rip/rip.c
@@ -60,6 +60,7 @@ rip_tx( sock *s )
struct rip_packet *packet = (void *) s->tbuf;
int i;
+ DBG( "Sending to %I\n", s->daddr );
do {
if (c->done) {
@@ -285,7 +286,11 @@ rip_process_packet( struct proto *p, struct rip_packet *packet, int num, ip_addr
if (!neigh_find( p, &whotoldme, 0 )) {
log( L_ERR "%I send me routing info but he is not my neighbour", whotoldme );
+#if 0
return 0;
+#else
+ log( L_ERR "...ignoring" );
+#endif
}
for (i=0; i<num; i++) {
@@ -294,7 +299,8 @@ rip_process_packet( struct proto *p, struct rip_packet *packet, int num, ip_addr
if (!i) {
if (rip_incoming_authentication(p, (void *) block, packet, num))
BAD( "Authentication failed" );
- } else BAD( "Authentication is not the first!" );
+ }
+ /* FIXME: Need to reject packets which have no authentication */
ipa_ntoh( block->network );
ipa_ntoh( block->netmask );
ipa_ntoh( block->nexthop );
@@ -500,8 +506,10 @@ new_iface(struct proto *p, struct iface *new, unsigned long flags, struct iface_
if (flags & IF_BROADCAST)
rif->sock->daddr = new->addr->brd;
- if (flags & IF_UNNUMBERED) /* Hmm, rip is not defined over unnumbered links */
+ if (flags & IF_UNNUMBERED) {
rif->sock->daddr = new->addr->opposite;
+ log( L_WARN "RIP/%s: rip is not defined over unnumbered links\n", P_NAME );
+ }
if (want_multicast) {
rif->sock->daddr = ipa_from_u32(0xe0000009);
rif->sock->saddr = ipa_from_u32(0xe0000009);
@@ -516,7 +524,7 @@ new_iface(struct proto *p, struct iface *new, unsigned long flags, struct iface_
/* Don't try to transmit into this one? Well, why not? This should not happen, anyway :-) */
}
- log( L_DEBUG "RIP/%s: listening on %s, port %d, mode %s", P_NAME, rif->iface ? rif->iface->name : "(dummy)", P_CF->port, want_multicast ? "multicast" : "broadcast" );
+ log( L_DEBUG "RIP/%s: listening on %s, port %d, mode %s (%I)", P_NAME, rif->iface ? rif->iface->name : "(dummy)", P_CF->port, want_multicast ? "multicast" : "broadcast", rif->sock->daddr );
return rif;
}