diff options
-rw-r--r-- | doc/bird.conf.example | 3 | ||||
-rw-r--r-- | proto/ospf/config.Y | 6 | ||||
-rw-r--r-- | proto/ospf/iface.c | 4 | ||||
-rw-r--r-- | proto/ospf/ospf.h | 5 | ||||
-rw-r--r-- | proto/ospf/packet.c | 28 |
5 files changed, 41 insertions, 5 deletions
diff --git a/doc/bird.conf.example b/doc/bird.conf.example index ca7546e..4de53cf 100644 --- a/doc/bird.conf.example +++ b/doc/bird.conf.example @@ -117,6 +117,8 @@ protocol static { # dead count 5; # wait 50; # type broadcast; +# authentication simple; +# password "pass"; # }; # interface "arc0" { # type nonbroadcast; @@ -130,6 +132,7 @@ protocol static { # stub 1; # interface "ppp1" { # hello 8; +# authentication none; # }; # }; #} diff --git a/proto/ospf/config.Y b/proto/ospf/config.Y index e678a26..f22361c 100644 --- a/proto/ospf/config.Y +++ b/proto/ospf/config.Y @@ -23,7 +23,7 @@ CF_DECLS CF_KEYWORDS(OSPF, AREA, OSPF_METRIC1, OSPF_METRIC2, OSPF_TAG) CF_KEYWORDS(NEIGHBORS, RFC1583COMPAT, STUB, TICK, COST, RETRANSMIT) CF_KEYWORDS(HELLO, TRANSIT, PRIORITY, DEAD, NONBROADCAST, POINTOPOINT, TYPE) -CF_KEYWORDS(NEIGHBORS) +CF_KEYWORDS(NEIGHBORS, NONE, SIMPLE, AUTHENTICATION, PASSWORD) %type <t> opttext @@ -86,6 +86,9 @@ ospf_iface_item: | TYPE NONBROADCAST { OSPF_PATT->type = OSPF_IT_NBMA ; } | TYPE POINTOPOINT { OSPF_PATT->type = OSPF_IT_PTP ; } | NEIGHBORS '{' ipa_list '}' + | AUTHENTICATION NONE { OSPF_PATT->autype=AU_NONE ; } + | AUTHENTICATION SIMPLE { OSPF_PATT->autype=AU_SIMPLE ; } + | PASSWORD TEXT { memcpy(OSPF_PATT->password, $2, 8); } | ; @@ -116,6 +119,7 @@ ospf_iface_start: OSPF_PATT->deadc = DEADC_D; OSPF_PATT->type = OSPF_IT_UNDEF; init_list(&OSPF_PATT->nbma_list); + OSPF_PATT->autype=AU_NONE; } ; diff --git a/proto/ospf/iface.c b/proto/ospf/iface.c index ff29a1f..7658f43 100644 --- a/proto/ospf/iface.c +++ b/proto/ospf/iface.c @@ -398,8 +398,8 @@ ospf_ifa_add(struct object_lock *lock) ifa->helloint=ip->helloint; ifa->waitint=ip->waitint; ifa->deadc=ip->deadc; - ifa->autype=0; /* FIXME add authentification */ - for(i=0;i<8;i++) ifa->aukey[i]=0; + ifa->autype=ip->autype; + memcpy(ifa->aukey,ip->password,8); ifa->options=2; /* FIXME what options? */ if(ip->type==OSPF_IT_UNDEF) diff --git a/proto/ospf/ospf.h b/proto/ospf/ospf.h index 65bb605..3d5d1df 100644 --- a/proto/ospf/ospf.h +++ b/proto/ospf/ospf.h @@ -377,6 +377,11 @@ struct ospf_iface_patt { int waitint; int deadc; int type; + int autype; +#define AU_NONE 0 +#define AU_SIMPLE 1 +#define AU_CRYPT 2 + u8 password[8]; list nbma_list; }; diff --git a/proto/ospf/packet.c b/proto/ospf/packet.c index 88234da..4b2e772 100644 --- a/proto/ospf/packet.c +++ b/proto/ospf/packet.c @@ -31,10 +31,29 @@ fill_ospf_pkt_hdr(struct ospf_iface *ifa, void *buf, u8 h_type) void ospf_tx_authenticate(struct ospf_iface *ifa, struct ospf_packet *pkt) { - /* FIXME */ + int i; + pkt->autype=ifa->autype; + memcpy(pkt->authetication, ifa->aukey, 8); return; } +int +ospf_rx_authenticate(struct ospf_iface *ifa, struct ospf_packet *pkt) +{ + int i; + if(pkt->autype!=ifa->autype) return 0; + if(ifa->autype==AU_NONE) return 1; + if(ifa->autype==AU_SIMPLE) + { + for(i=0;i<8;i++) + { + if(pkt->authetication[i]!=ifa->aukey[i]) return 0; + } + return 1; + } + return 0; +} + void ospf_pkt_finalize(struct ospf_iface *ifa, struct ospf_packet *pkt) { @@ -95,7 +114,12 @@ ospf_rx_hook(sock *sk, int size) return(1); } - /* FIXME: Do authetification */ + if(!ospf_rx_authenticate(ifa,ps)) + { + log("%s: Bad OSPF packet received: bad password", p->name); + return(1); + } + if(ps->areaid!=ifa->an) { |