diff options
-rw-r--r-- | proto/rip/auth.c | 14 | ||||
-rw-r--r-- | proto/rip/rip.c | 6 | ||||
-rw-r--r-- | proto/rip/rip.h | 2 |
3 files changed, 16 insertions, 6 deletions
diff --git a/proto/rip/auth.c b/proto/rip/auth.c index 17c8d3a..5337268 100644 --- a/proto/rip/auth.c +++ b/proto/rip/auth.c @@ -31,7 +31,7 @@ /* 1 == failed, 0 == ok */ int -rip_incoming_authentication( struct proto *p, struct rip_block_auth *block, struct rip_packet *packet, int num ) +rip_incoming_authentication( struct proto *p, struct rip_block_auth *block, struct rip_packet *packet, int num, ip_addr whotoldme ) { DBG( "Incoming authentication: " ); switch (block->authtype) { /* Authentication type */ @@ -73,6 +73,18 @@ rip_incoming_authentication( struct proto *p, struct rip_block_auth *block, stru DBG( "time, " ); if ((head->from > now) || (head->to < now)) goto skip; + if (block->seq) { + struct neighbor *neigh = neigh_find(p, &whotoldme, 0); + if (!neigh) { + log( L_AUTH "Non-neighbour md5 checksummed packet?\n" ); + } else { + if (neigh->aux > block->seq) { + log( L_AUTH "md5 prottected packet with lower numbers\n" ); + return 0; + } + neigh->aux = block->seq; + } + } DBG( "check, " ); if (head->id == block->keyid) { struct MD5Context ctxt; diff --git a/proto/rip/rip.c b/proto/rip/rip.c index cca329e..6340133 100644 --- a/proto/rip/rip.c +++ b/proto/rip/rip.c @@ -9,7 +9,7 @@ FIXME: IpV6 support: use right address for broadcasts FIXME: IpV6 support: receive "route using" blocks - FIXME: fold rip_connection into rip_interface? + FIXME (nonurgent): fold rip_connection into rip_interface? We are not going to honour requests for sending part of routing table. That would need to turn split horizont off, @@ -353,7 +353,7 @@ rip_process_packet( struct proto *p, struct rip_packet *packet, int num, ip_addr if (block->family == 0xffff) { if (i) continue; /* md5 tail has this family */ - if (rip_incoming_authentication(p, (void *) block, packet, num)) + if (rip_incoming_authentication(p, (void *) block, packet, num, whotoldme)) BAD( "Authentication failed" ); authenticated = 1; continue; @@ -437,8 +437,6 @@ rip_timer(timer *t) } } - /* FIXME: we need to do triggered updates */ - DBG( "RIP: Broadcasting routing tables\n" ); { struct rip_interface *rif; diff --git a/proto/rip/rip.h b/proto/rip/rip.h index fb066b5..8e759c4 100644 --- a/proto/rip/rip.h +++ b/proto/rip/rip.h @@ -157,5 +157,5 @@ void rip_init_config(struct rip_proto_config *c); /* Authentication functions */ -int rip_incoming_authentication( struct proto *p, struct rip_block_auth *block, struct rip_packet *packet, int num ); +int rip_incoming_authentication( struct proto *p, struct rip_block_auth *block, struct rip_packet *packet, int num, ip_addr whotoldme ); int rip_outgoing_authentication( struct proto *p, struct rip_block_auth *block, struct rip_packet *packet, int num ); |