search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
dhcpcd: update README.DRAGONFLY
[dragonfly.git] / sbin / routed / input.c
blobaac6077e701d7489c67c014ef5a2dcb3ce93df1c
1 /*
2 * Copyright (c) 1983, 1988, 1993
3 * The Regents of the University of California. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
13 * 3. Neither the name of the University nor the names of its contributors
14 * may be used to endorse or promote products derived from this software
15 * without specific prior written permission.
16 *
17 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
18 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
19 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
20 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
21 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
22 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
23 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
25 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
26 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
27 * SUCH DAMAGE.
28 *
29 * @(#)input.c 8.1 (Berkeley) 6/5/93
30 * $FreeBSD: src/sbin/routed/input.c,v 1.7.2.1 2001/08/01 09:01:45 obrien Exp $
31 */
32
33 #include "defs.h"
34
35 static void input(struct sockaddr_in *, struct interface *, struct interface *,
36 struct rip *, int);
37 static void input_route(naddr, naddr, struct rt_spare *, struct netinfo *);
38 static int ck_passwd(struct interface *, struct rip *, void *,
39 naddr, struct msg_limit *);
40
41
42 /* process RIP input
43 */
44 void
45 read_rip(int sock,
46 struct interface *sifp)
47 {
48 struct sockaddr_in from;
49 struct interface *aifp;
50 int cc;
51 socklen_t fromlen;
52 #ifdef USE_PASSIFNAME
53 static struct msg_limit bad_name;
54 struct {
55 char ifname[IFNAMSIZ];
56 union pkt_buf pbuf;
57 } inbuf;
58 #else
59 struct {
60 union pkt_buf pbuf;
61 } inbuf;
62 #endif
63
64
65 for (;;) {
66 fromlen = sizeof(from);
67 cc = recvfrom(sock, &inbuf, sizeof(inbuf), 0,
68 (struct sockaddr*)&from, &fromlen);
69 if (cc <= 0) {
70 if (cc < 0 && errno != EWOULDBLOCK)
71 LOGERR("recvfrom(rip)");
72 break;
73 }
74 if (fromlen != sizeof(struct sockaddr_in))
75 logbad(1,"impossible recvfrom(rip) fromlen=%d",
76 fromlen);
77
78 /* aifp is the "authenticated" interface via which the packet
79 * arrived. In fact, it is only the interface on which
80 * the packet should have arrived based on is source
81 * address.
82 * sifp is interface associated with the socket through which
83 * the packet was received.
84 */
85 #ifdef USE_PASSIFNAME
86 if ((cc -= sizeof(inbuf.ifname)) < 0)
87 logbad(0,"missing USE_PASSIFNAME; only %d bytes",
88 cc+sizeof(inbuf.ifname));
89
90 /* check the remote interfaces first */
91 for (aifp = remote_if; aifp; aifp = aifp->int_rlink) {
92 if (aifp->int_addr == from.sin_addr.s_addr)
93 break;
94 }
95 if (aifp == NULL) {
96 aifp = ifwithname(inbuf.ifname, 0);
97 if (aifp == NULL) {
98 msglim(&bad_name, from.sin_addr.s_addr,
99 "impossible interface name %.*s",
100 IFNAMSIZ, inbuf.ifname);
101 } else if (((aifp->int_if_flags & IFF_POINTOPOINT)
102 && aifp->int_dstaddr!=from.sin_addr.s_addr)
103 || (!(aifp->int_if_flags & IFF_POINTOPOINT)
104 && !on_net(from.sin_addr.s_addr,
105 aifp->int_net,
106 aifp->int_mask))) {
107 /* If it came via the wrong interface, do not
108 * trust it.
109 */
110 aifp = NULL;
111 }
112 }
113 #else
114 aifp = iflookup(from.sin_addr.s_addr);
115 #endif
116 if (sifp == NULL)
117 sifp = aifp;
118
119 input(&from, sifp, aifp, &inbuf.pbuf.rip, cc);
120 }
121 }
122
123
124 /* Process a RIP packet
125 */
126 static void
127 input(struct sockaddr_in *from, /* received from this IP address */
128 struct interface *sifp, /* interface of incoming socket */
129 struct interface *aifp, /* "authenticated" interface */
130 struct rip *rip,
131 int cc)
132 {
133 # define FROM_NADDR from->sin_addr.s_addr
134 static struct msg_limit use_auth, bad_len, bad_mask;
135 static struct msg_limit unk_router, bad_router, bad_nhop;
136
137 struct rt_entry *rt;
138 struct rt_spare new;
139 struct netinfo *n, *lim;
140 struct interface *ifp1;
141 naddr gate, mask, v1_mask, dst, ddst_h = 0;
142 struct auth *ap;
143 struct tgate *tg = NULL;
144 struct tgate_net *tn;
145 int i, j;
146
147 /* Notice when we hear from a remote gateway
148 */
149 if (aifp != NULL
150 && (aifp->int_state & IS_REMOTE))
151 aifp->int_act_time = now.tv_sec;
152
153 trace_rip("Recv", "from", from, sifp, rip, cc);
154
155 if (rip->rip_vers == 0) {
156 msglim(&bad_router, FROM_NADDR,
157 "RIP version 0, cmd %d, packet received from %s",
158 rip->rip_cmd, naddr_ntoa(FROM_NADDR));
159 return;
160 } else if (rip->rip_vers > RIPv2) {
161 rip->rip_vers = RIPv2;
162 }
163 if (cc > (int)OVER_MAXPACKETSIZE) {
164 msglim(&bad_router, FROM_NADDR,
165 "packet at least %d bytes too long received from %s",
166 cc-MAXPACKETSIZE, naddr_ntoa(FROM_NADDR));
167 return;
168 }
169
170 n = rip->rip_nets;
171 lim = (struct netinfo *)((char*)rip + cc);
172
173 /* Notice authentication.
174 * As required by section 4.2 in RFC 1723, discard authenticated
175 * RIPv2 messages, but only if configured for that silliness.
176 *
177 * RIPv2 authentication is lame. Why authenticate queries?
178 * Why should a RIPv2 implementation with authentication disabled
179 * not be able to listen to RIPv2 packets with authentication, while
180 * RIPv1 systems will listen? Crazy!
181 */
182 if (!auth_ok
183 && rip->rip_vers == RIPv2
184 && n < lim && n->n_family == RIP_AF_AUTH) {
185 msglim(&use_auth, FROM_NADDR,
186 "RIPv2 message with authentication from %s discarded",
187 naddr_ntoa(FROM_NADDR));
188 return;
189 }
190
191 switch (rip->rip_cmd) {
192 case RIPCMD_REQUEST:
193 /* For mere requests, be a little sloppy about the source
194 */
195 if (aifp == NULL)
196 aifp = sifp;
197
198 /* Are we talking to ourself or a remote gateway?
199 */
200 ifp1 = ifwithaddr(FROM_NADDR, 0, 1);
201 if (ifp1) {
202 if (ifp1->int_state & IS_REMOTE) {
203 /* remote gateway */
204 aifp = ifp1;
205 if (check_remote(aifp)) {
206 aifp->int_act_time = now.tv_sec;
207 if_ok(aifp, "remote ");
208 }
209 } else if (from->sin_port == htons(RIP_PORT)) {
210 trace_pkt(" discard our own RIP request");
211 return;
212 }
213 }
214
215 /* did the request come from a router?
216 */
217 if (from->sin_port == htons(RIP_PORT)) {
218 /* yes, ignore the request if RIP is off so that
219 * the router does not depend on us.
220 */
221 if (rip_sock < 0
222 || (aifp != NULL
223 && IS_RIP_OUT_OFF(aifp->int_state))) {
224 trace_pkt(" discard request while RIP off");
225 return;
226 }
227 }
228
229 /* According to RFC 1723, we should ignore unauthenticated
230 * queries. That is too silly to bother with. Sheesh!
231 * Are forwarding tables supposed to be secret, when
232 * a bad guy can infer them with test traffic? When RIP
233 * is still the most common router-discovery protocol
234 * and so hosts need to send queries that will be answered?
235 * What about `rtquery`?
236 * Maybe on firewalls you'd care, but not enough to
237 * give up the diagnostic facilities of remote probing.
238 */
239
240 if (n >= lim) {
241 msglim(&bad_len, FROM_NADDR, "empty request from %s",
242 naddr_ntoa(FROM_NADDR));
243 return;
244 }
245 if (cc%sizeof(*n) != sizeof(struct rip)%sizeof(*n)) {
246 msglim(&bad_len, FROM_NADDR,
247 "request of bad length (%d) from %s",
248 cc, naddr_ntoa(FROM_NADDR));
249 }
250
251 if (rip->rip_vers == RIPv2
252 && (aifp == NULL || (aifp->int_state & IS_NO_RIPV1_OUT))) {
253 v12buf.buf->rip_vers = RIPv2;
254 /* If we have a secret but it is a cleartext secret,
255 * do not disclose our secret unless the other guy
256 * already knows it.
257 */
258 ap = find_auth(aifp);
259 if (ap != NULL && ap->type == RIP_AUTH_PW
260 && n->n_family == RIP_AF_AUTH
261 && !ck_passwd(aifp,rip,lim,FROM_NADDR,&use_auth))
262 ap = NULL;
263 } else {
264 v12buf.buf->rip_vers = RIPv1;
265 ap = NULL;
266 }
267 clr_ws_buf(&v12buf, ap);
268
269 do {
270 n->n_metric = ntohl(n->n_metric);
271
272 /* A single entry with family RIP_AF_UNSPEC and
273 * metric HOPCNT_INFINITY means "all routes".
274 * We respond to routers only if we are acting
275 * as a supplier, or to anyone other than a router
276 * (i.e. a query).
277 */
278 if (n->n_family == RIP_AF_UNSPEC
279 && n->n_metric == HOPCNT_INFINITY) {
280 /* Answer a query from a utility program
281 * with all we know.
282 */
283 if (aifp == NULL) {
284 trace_pkt("ignore remote query");
285 return;
286 }
287 if (from->sin_port != htons(RIP_PORT)) {
288 supply(from, aifp, OUT_QUERY, 0,
289 rip->rip_vers, ap != NULL);
290 return;
291 }
292
293 /* A router trying to prime its tables.
294 * Filter the answer in the about same way
295 * broadcasts are filtered.
296 *
297 * Only answer a router if we are a supplier
298 * to keep an unwary host that is just starting
299 * from picking us as a router.
300 */
301 if (aifp == NULL) {
302 trace_pkt("ignore distant router");
303 return;
304 }
305 if (!supplier
306 || IS_RIP_OFF(aifp->int_state)) {
307 trace_pkt("ignore; not supplying");
308 return;
309 }
310
311 /* Do not answer a RIPv1 router if
312 * we are sending RIPv2. But do offer
313 * poor man's router discovery.
314 */
315 if ((aifp->int_state & IS_NO_RIPV1_OUT)
316 && rip->rip_vers == RIPv1) {
317 if (!(aifp->int_state & IS_PM_RDISC)) {
318 trace_pkt("ignore; sending RIPv2");
319 return;
320 }
321
322 v12buf.n->n_family = RIP_AF_INET;
323 v12buf.n->n_dst = RIP_DEFAULT;
324 i = aifp->int_d_metric;
325 if (NULL != (rt = rtget(RIP_DEFAULT, 0)))
326 i = MIN(i, (rt->rt_metric
327 +aifp->int_metric+1));
328 v12buf.n->n_metric = htonl(i);
329 v12buf.n++;
330 break;
331 }
332
333 /* Respond with RIPv1 instead of RIPv2 if
334 * that is what we are broadcasting on the
335 * interface to keep the remote router from
336 * getting the wrong initial idea of the
337 * routes we send.
338 */
339 supply(from, aifp, OUT_UNICAST, 0,
340 (aifp->int_state & IS_NO_RIPV1_OUT)
341 ? RIPv2 : RIPv1,
342 ap != NULL);
343 return;
344 }
345
346 /* Ignore authentication */
347 if (n->n_family == RIP_AF_AUTH)
348 continue;
349
350 if (n->n_family != RIP_AF_INET) {
351 msglim(&bad_router, FROM_NADDR,
352 "request from %s for unsupported"
353 " (af %d) %s",
354 naddr_ntoa(FROM_NADDR),
355 ntohs(n->n_family),
356 naddr_ntoa(n->n_dst));
357 return;
358 }
359
360 /* We are being asked about a specific destination.
361 */
362 dst = n->n_dst;
363 if (!check_dst(dst)) {
364 msglim(&bad_router, FROM_NADDR,
365 "bad queried destination %s from %s",
366 naddr_ntoa(dst),
367 naddr_ntoa(FROM_NADDR));
368 return;
369 }
370
371 /* decide what mask was intended */
372 if (rip->rip_vers == RIPv1
373 || 0 == (mask = ntohl(n->n_mask))
374 || 0 != (ntohl(dst) & ~mask))
375 mask = ripv1_mask_host(dst, aifp);
376
377 /* try to find the answer */
378 rt = rtget(dst, mask);
379 if (!rt && dst != RIP_DEFAULT)
380 rt = rtfind(n->n_dst);
381
382 if (v12buf.buf->rip_vers != RIPv1)
383 v12buf.n->n_mask = mask;
384 if (rt == NULL) {
385 /* we do not have the answer */
386 v12buf.n->n_metric = HOPCNT_INFINITY;
387 } else {
388 /* we have the answer, so compute the
389 * right metric and next hop.
390 */
391 v12buf.n->n_family = RIP_AF_INET;
392 v12buf.n->n_dst = dst;
393 v12buf.n->n_metric = (rt->rt_metric+1
394 + ((aifp!=NULL)
395 ? aifp->int_metric
396 : 1));
397 if (v12buf.n->n_metric > HOPCNT_INFINITY)
398 v12buf.n->n_metric = HOPCNT_INFINITY;
399 if (v12buf.buf->rip_vers != RIPv1) {
400 v12buf.n->n_tag = rt->rt_tag;
401 v12buf.n->n_mask = mask;
402 if (aifp != NULL
403 && on_net(rt->rt_gate,
404 aifp->int_net,
405 aifp->int_mask)
406 && rt->rt_gate != aifp->int_addr)
407 v12buf.n->n_nhop = rt->rt_gate;
408 }
409 }
410 v12buf.n->n_metric = htonl(v12buf.n->n_metric);
411
412 /* Stop paying attention if we fill the output buffer.
413 */
414 if (++v12buf.n >= v12buf.lim)
415 break;
416 } while (++n < lim);
417
418 /* Send the answer about specific routes.
419 */
420 if (ap != NULL && ap->type == RIP_AUTH_MD5)
421 end_md5_auth(&v12buf, ap);
422
423 if (from->sin_port != htons(RIP_PORT)) {
424 /* query */
425 output(OUT_QUERY, from, aifp,
426 v12buf.buf,
427 ((char *)v12buf.n - (char*)v12buf.buf));
428 } else if (supplier) {
429 output(OUT_UNICAST, from, aifp,
430 v12buf.buf,
431 ((char *)v12buf.n - (char*)v12buf.buf));
432 } else {
433 /* Only answer a router if we are a supplier
434 * to keep an unwary host that is just starting
435 * from picking us an a router.
436 */
437 ;
438 }
439 return;
440
441 case RIPCMD_TRACEON:
442 case RIPCMD_TRACEOFF:
443 /* Notice that trace messages are turned off for all possible
444 * abuse if _PATH_TRACE is undefined in pathnames.h.
445 * Notice also that because of the way the trace file is
446 * handled in trace.c, no abuse is plausible even if
447 * _PATH_TRACE_ is defined.
448 *
449 * First verify message came from a privileged port. */
450 if (ntohs(from->sin_port) > IPPORT_RESERVED) {
451 msglog("trace command from untrusted port on %s",
452 naddr_ntoa(FROM_NADDR));
453 return;
454 }
455 if (aifp == NULL) {
456 msglog("trace command from unknown router %s",
457 naddr_ntoa(FROM_NADDR));
458 return;
459 }
460 if (rip->rip_cmd == RIPCMD_TRACEON) {
461 rip->rip_tracefile[cc-4] = '\0';
462 set_tracefile((char*)rip->rip_tracefile,
463 "trace command: %s\n", 0);
464 } else {
465 trace_off("tracing turned off by %s",
466 naddr_ntoa(FROM_NADDR));
467 }
468 return;
469
470 case RIPCMD_RESPONSE:
471 if (cc%sizeof(*n) != sizeof(struct rip)%sizeof(*n)) {
472 msglim(&bad_len, FROM_NADDR,
473 "response of bad length (%d) from %s",
474 cc, naddr_ntoa(FROM_NADDR));
475 }
476
477 /* verify message came from a router */
478 if (from->sin_port != ntohs(RIP_PORT)) {
479 msglim(&bad_router, FROM_NADDR,
480 " discard RIP response from unknown port"
481 " %d on host %s", ntohs(from->sin_port),
482 naddr_ntoa(FROM_NADDR));
483 return;
484 }
485
486 if (rip_sock < 0) {
487 trace_pkt(" discard response while RIP off");
488 return;
489 }
490
491 /* Are we talking to ourself or a remote gateway?
492 */
493 ifp1 = ifwithaddr(FROM_NADDR, 0, 1);
494 if (ifp1) {
495 if (ifp1->int_state & IS_REMOTE) {
496 /* remote gateway */
497 aifp = ifp1;
498 if (check_remote(aifp)) {
499 aifp->int_act_time = now.tv_sec;
500 if_ok(aifp, "remote ");
501 }
502 } else {
503 trace_pkt(" discard our own RIP response");
504 return;
505 }
506 }
507
508 /* Accept routing packets from routers directly connected
509 * via broadcast or point-to-point networks, and from
510 * those listed in /etc/gateways.
511 */
512 if (aifp == NULL) {
513 msglim(&unk_router, FROM_NADDR,
514 " discard response from %s"
515 " via unexpected interface",
516 naddr_ntoa(FROM_NADDR));
517 return;
518 }
519 if (IS_RIP_IN_OFF(aifp->int_state)) {
520 trace_pkt(" discard RIPv%d response"
521 " via disabled interface %s",
522 rip->rip_vers, aifp->int_name);
523 return;
524 }
525
526 if (n >= lim) {
527 msglim(&bad_len, FROM_NADDR, "empty response from %s",
528 naddr_ntoa(FROM_NADDR));
529 return;
530 }
531
532 if (((aifp->int_state & IS_NO_RIPV1_IN)
533 && rip->rip_vers == RIPv1)
534 || ((aifp->int_state & IS_NO_RIPV2_IN)
535 && rip->rip_vers != RIPv1)) {
536 trace_pkt(" discard RIPv%d response",
537 rip->rip_vers);
538 return;
539 }
540
541 /* Ignore routes via dead interface.
542 */
543 if (aifp->int_state & IS_BROKE) {
544 trace_pkt("discard response via broken interface %s",
545 aifp->int_name);
546 return;
547 }
548
549 /* If the interface cares, ignore bad routers.
550 * Trace but do not log this problem, because where it
551 * happens, it happens frequently.
552 */
553 if (aifp->int_state & IS_DISTRUST) {
554 tg = tgates;
555 while (tg->tgate_addr != FROM_NADDR) {
556 tg = tg->tgate_next;
557 if (tg == NULL) {
558 trace_pkt(" discard RIP response"
559 " from untrusted router %s",
560 naddr_ntoa(FROM_NADDR));
561 return;
562 }
563 }
564 }
565
566 /* Authenticate the packet if we have a secret.
567 * If we do not have any secrets, ignore the error in
568 * RFC 1723 and accept it regardless.
569 */
570 if (aifp->int_auth[0].type != RIP_AUTH_NONE
571 && rip->rip_vers != RIPv1
572 && !ck_passwd(aifp,rip,lim,FROM_NADDR,&use_auth))
573 return;
574
575 do {
576 if (n->n_family == RIP_AF_AUTH)
577 continue;
578
579 n->n_metric = ntohl(n->n_metric);
580 dst = n->n_dst;
581 if (n->n_family != RIP_AF_INET
582 && (n->n_family != RIP_AF_UNSPEC
583 || dst != RIP_DEFAULT)) {
584 msglim(&bad_router, FROM_NADDR,
585 "route from %s to unsupported"
586 " address family=%d destination=%s",
587 naddr_ntoa(FROM_NADDR),
588 n->n_family,
589 naddr_ntoa(dst));
590 continue;
591 }
592 if (!check_dst(dst)) {
593 msglim(&bad_router, FROM_NADDR,
594 "bad destination %s from %s",
595 naddr_ntoa(dst),
596 naddr_ntoa(FROM_NADDR));
597 return;
598 }
599 if (n->n_metric == 0
600 || n->n_metric > HOPCNT_INFINITY) {
601 msglim(&bad_router, FROM_NADDR,
602 "bad metric %d from %s"
603 " for destination %s",
604 n->n_metric,
605 naddr_ntoa(FROM_NADDR),
606 naddr_ntoa(dst));
607 return;
608 }
609
610 /* Notice the next-hop.
611 */
612 gate = FROM_NADDR;
613 if (n->n_nhop != 0) {
614 if (rip->rip_vers == RIPv1) {
615 n->n_nhop = 0;
616 } else {
617 /* Use it only if it is valid. */
618 if (on_net(n->n_nhop,
619 aifp->int_net, aifp->int_mask)
620 && check_dst(n->n_nhop)) {
621 gate = n->n_nhop;
622 } else {
623 msglim(&bad_nhop, FROM_NADDR,
624 "router %s to %s"
625 " has bad next hop %s",
626 naddr_ntoa(FROM_NADDR),
627 naddr_ntoa(dst),
628 naddr_ntoa(n->n_nhop));
629 n->n_nhop = 0;
630 }
631 }
632 }
633
634 if (rip->rip_vers == RIPv1
635 || 0 == (mask = ntohl(n->n_mask))) {
636 mask = ripv1_mask_host(dst,aifp);
637 } else if ((ntohl(dst) & ~mask) != 0) {
638 msglim(&bad_mask, FROM_NADDR,
639 "router %s sent bad netmask"
640 " %#lx with %s",
641 naddr_ntoa(FROM_NADDR),
642 (u_long)mask,
643 naddr_ntoa(dst));
644 continue;
645 }
646 if (rip->rip_vers == RIPv1)
647 n->n_tag = 0;
648
649 /* Adjust metric according to incoming interface..
650 */
651 n->n_metric += aifp->int_metric;
652 if (n->n_metric > HOPCNT_INFINITY)
653 n->n_metric = HOPCNT_INFINITY;
654
655 /* Should we trust this route from this router? */
656 if (tg && (tn = tg->tgate_nets)->mask != 0) {
657 for (i = 0; i < MAX_TGATE_NETS; i++, tn++) {
658 if (on_net(dst, tn->net, tn->mask)
659 && tn->mask <= mask)
660 break;
661 }
662 if (i >= MAX_TGATE_NETS || tn->mask == 0) {
663 trace_pkt(" ignored unauthorized %s",
664 addrname(dst,mask,0));
665 continue;
666 }
667 }
668
669 /* Recognize and ignore a default route we faked
670 * which is being sent back to us by a machine with
671 * broken split-horizon.
672 * Be a little more paranoid than that, and reject
673 * default routes with the same metric we advertised.
674 */
675 if (aifp->int_d_metric != 0
676 && dst == RIP_DEFAULT
677 && (int)n->n_metric >= aifp->int_d_metric)
678 continue;
679
680 /* We can receive aggregated RIPv2 routes that must
681 * be broken down before they are transmitted by
682 * RIPv1 via an interface on a subnet.
683 * We might also receive the same routes aggregated
684 * via other RIPv2 interfaces.
685 * This could cause duplicate routes to be sent on
686 * the RIPv1 interfaces. "Longest matching variable
687 * length netmasks" lets RIPv2 listeners understand,
688 * but breaking down the aggregated routes for RIPv1
689 * listeners can produce duplicate routes.
690 *
691 * Breaking down aggregated routes here bloats
692 * the daemon table, but does not hurt the kernel
693 * table, since routes are always aggregated for
694 * the kernel.
695 *
696 * Notice that this does not break down network
697 * routes corresponding to subnets. This is part
698 * of the defense against RS_NET_SYN.
699 */
700 if (have_ripv1_out
701 && (((rt = rtget(dst,mask)) == NULL
702 || !(rt->rt_state & RS_NET_SYN)))
703 && (v1_mask = ripv1_mask_net(dst,0)) > mask) {
704 ddst_h = v1_mask & -v1_mask;
705 i = (v1_mask & ~mask)/ddst_h;
706 if (i >= 511) {
707 /* Punt if we would have to generate
708 * an unreasonable number of routes.
709 */
710 if (TRACECONTENTS)
711 trace_misc("accept %s-->%s as 1"
712 " instead of %d routes",
713 addrname(dst,mask,0),
714 naddr_ntoa(FROM_NADDR),
715 i+1);
716 i = 0;
717 } else {
718 mask = v1_mask;
719 }
720 } else {
721 i = 0;
722 }
723
724 new.rts_gate = gate;
725 new.rts_router = FROM_NADDR;
726 new.rts_metric = n->n_metric;
727 new.rts_tag = n->n_tag;
728 new.rts_time = now.tv_sec;
729 new.rts_ifp = aifp;
730 new.rts_de_ag = i;
731 j = 0;
732 for (;;) {
733 input_route(dst, mask, &new, n);
734 if (++j > i)
735 break;
736 dst = htonl(ntohl(dst) + ddst_h);
737 }
738 } while (++n < lim);
739 break;
740 }
741 #undef FROM_NADDR
742 }
743
744
745 /* Process a single input route.
746 */
747 static void
748 input_route(naddr dst, /* network order */
749 naddr mask,
750 struct rt_spare *new,
751 struct netinfo *n)
752 {
753 int i;
754 struct rt_entry *rt;
755 struct rt_spare *rts, *rts0;
756 struct interface *ifp1;
757
758
759 /* See if the other guy is telling us to send our packets to him.
760 * Sometimes network routes arrive over a point-to-point link for
761 * the network containing the address(es) of the link.
762 *
763 * If our interface is broken, switch to using the other guy.
764 */
765 ifp1 = ifwithaddr(dst, 1, 1);
766 if (ifp1 != NULL
767 && (!(ifp1->int_state & IS_BROKE)
768 || (ifp1->int_state & IS_PASSIVE)))
769 return;
770
771 /* Look for the route in our table.
772 */
773 rt = rtget(dst, mask);
774
775 /* Consider adding the route if we do not already have it.
776 */
777 if (rt == NULL) {
778 /* Ignore unknown routes being poisoned.
779 */
780 if (new->rts_metric == HOPCNT_INFINITY)
781 return;
782
783 /* Ignore the route if it points to us */
784 if (n->n_nhop != 0
785 && 0 != ifwithaddr(n->n_nhop, 1, 0))
786 return;
787
788 /* If something has not gone crazy and tried to fill
789 * our memory, accept the new route.
790 */
791 if (total_routes < MAX_ROUTES)
792 rtadd(dst, mask, 0, new);
793 return;
794 }
795
796 /* We already know about the route. Consider this update.
797 *
798 * If (rt->rt_state & RS_NET_SYN), then this route
799 * is the same as a network route we have inferred
800 * for subnets we know, in order to tell RIPv1 routers
801 * about the subnets.
802 *
803 * It is impossible to tell if the route is coming
804 * from a distant RIPv2 router with the standard
805 * netmask because that router knows about the entire
806 * network, or if it is a round-about echo of a
807 * synthetic, RIPv1 network route of our own.
808 * The worst is that both kinds of routes might be
809 * received, and the bad one might have the smaller
810 * metric. Partly solve this problem by never
811 * aggregating into such a route. Also keep it
812 * around as long as the interface exists.
813 */
814
815 rts0 = rt->rt_spares;
816 for (rts = rts0, i = NUM_SPARES; i != 0; i--, rts++) {
817 if (rts->rts_router == new->rts_router)
818 break;
819 /* Note the worst slot to reuse,
820 * other than the current slot.
821 */
822 if (rts0 == rt->rt_spares
823 || BETTER_LINK(rt, rts0, rts))
824 rts0 = rts;
825 }
826 if (i != 0) {
827 /* Found a route from the router already in the table.
828 */
829
830 /* If the new route is a route broken down from an
831 * aggregated route, and if the previous route is either
832 * not a broken down route or was broken down from a finer
833 * netmask, and if the previous route is current,
834 * then forget this one.
835 */
836 if (new->rts_de_ag > rts->rts_de_ag
837 && now_stale <= rts->rts_time)
838 return;
839
840 /* Keep poisoned routes around only long enough to pass
841 * the poison on. Use a new timestamp for good routes.
842 */
843 if (rts->rts_metric == HOPCNT_INFINITY
844 && new->rts_metric == HOPCNT_INFINITY)
845 new->rts_time = rts->rts_time;
846
847 /* If this is an update for the router we currently prefer,
848 * then note it.
849 */
850 if (i == NUM_SPARES) {
851 rtchange(rt, rt->rt_state, new, 0);
852 /* If the route got worse, check for something better.
853 */
854 if (new->rts_metric > rts->rts_metric)
855 rtswitch(rt, 0);
856 return;
857 }
858
859 /* This is an update for a spare route.
860 * Finished if the route is unchanged.
861 */
862 if (rts->rts_gate == new->rts_gate
863 && rts->rts_metric == new->rts_metric
864 && rts->rts_tag == new->rts_tag) {
865 trace_upslot(rt, rts, new);
866 *rts = *new;
867 return;
868 }
869 /* Forget it if it has gone bad.
870 */
871 if (new->rts_metric == HOPCNT_INFINITY) {
872 rts_delete(rt, rts);
873 return;
874 }
875
876 } else {
877 /* The update is for a route we know about,
878 * but not from a familiar router.
879 *
880 * Ignore the route if it points to us.
881 */
882 if (n->n_nhop != 0
883 && 0 != ifwithaddr(n->n_nhop, 1, 0))
884 return;
885
886 /* the loop above set rts0=worst spare */
887 rts = rts0;
888
889 /* Save the route as a spare only if it has
890 * a better metric than our worst spare.
891 * This also ignores poisoned routes (those
892 * received with metric HOPCNT_INFINITY).
893 */
894 if (new->rts_metric >= rts->rts_metric)
895 return;
896 }
897
898 trace_upslot(rt, rts, new);
899 *rts = *new;
900
901 /* try to switch to a better route */
902 rtswitch(rt, rts);
903 }
904
905
906 static int /* 0 if bad */
907 ck_passwd(struct interface *aifp,
908 struct rip *rip,
909 void *lim,
910 naddr from,
911 struct msg_limit *use_authp)
912 {
913 # define NA (rip->rip_auths)
914 struct netauth *na2;
915 struct auth *ap;
916 MD5_CTX md5_ctx;
917 u_char hash[RIP_AUTH_PW_LEN];
918 int i, len;
919
920
921 if ((void *)NA >= lim || NA->a_family != RIP_AF_AUTH) {
922 msglim(use_authp, from, "missing password from %s",
923 naddr_ntoa(from));
924 return 0;
925 }
926
927 /* accept any current (+/- 24 hours) password
928 */
929 for (ap = aifp->int_auth, i = 0; i < MAX_AUTH_KEYS; i++, ap++) {
930 if (ap->type != NA->a_type
931 || (u_long)ap->start > (u_long)clk.tv_sec+DAY
932 || (u_long)ap->end+DAY < (u_long)clk.tv_sec)
933 continue;
934
935 if (NA->a_type == RIP_AUTH_PW) {
936 if (!memcmp(NA->au.au_pw, ap->key, RIP_AUTH_PW_LEN))
937 return 1;
938
939 } else {
940 /* accept MD5 secret with the right key ID
941 */
942 if (NA->au.a_md5.md5_keyid != ap->keyid)
943 continue;
944
945 len = ntohs(NA->au.a_md5.md5_pkt_len);
946 if ((len-sizeof(*rip)) % sizeof(*NA) != 0
947 || len != (char *)lim-(char*)rip-(int)sizeof(*NA)) {
948 msglim(use_authp, from,
949 "wrong MD5 RIPv2 packet length of %d"
950 " instead of %d from %s",
951 len, (int)((char *)lim-(char *)rip
952 -sizeof(*NA)),
953 naddr_ntoa(from));
954 return 0;
955 }
956 na2 = (struct netauth *)((char *)rip+len);
957
958 /* Given a good hash value, these are not security
959 * problems so be generous and accept the routes,
960 * after complaining.
961 */
962 if (TRACEPACKETS) {
963 if (NA->au.a_md5.md5_auth_len
964 != RIP_AUTH_MD5_LEN)
965 msglim(use_authp, from,
966 "unknown MD5 RIPv2 auth len %#x"
967 " instead of %#x from %s",
968 NA->au.a_md5.md5_auth_len,
969 RIP_AUTH_MD5_LEN,
970 naddr_ntoa(from));
971 if (na2->a_family != RIP_AF_AUTH)
972 msglim(use_authp, from,
973 "unknown MD5 RIPv2 family %#x"
974 " instead of %#x from %s",
975 na2->a_family, RIP_AF_AUTH,
976 naddr_ntoa(from));
977 if (na2->a_type != ntohs(1))
978 msglim(use_authp, from,
979 "MD5 RIPv2 hash has %#x"
980 " instead of %#x from %s",
981 na2->a_type, ntohs(1),
982 naddr_ntoa(from));
983 }
984
985 MD5_Init(&md5_ctx);
986 MD5_Update(&md5_ctx, (u_char *)rip, len);
987 MD5_Update(&md5_ctx, ap->key, RIP_AUTH_MD5_LEN);
988 MD5_Final(hash, &md5_ctx);
989 if (!memcmp(hash, na2->au.au_pw, sizeof(hash)))
990 return 1;
991 }
992 }
993
994 msglim(use_authp, from, "bad password from %s",
995 naddr_ntoa(from));
996 return 0;
997 #undef NA
998 }
DragonFly BSD