<sys/vfscache.h>: Sync enum vtagtype with what we have.
[dragonfly.git] / sbin / routed / input.c
blobd1931d3544642fc3ba8a0b8a983087424df054ad
1 /*
2 * Copyright (c) 1983, 1988, 1993
3 * The Regents of the University of California. All rights reserved.
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
13 * 3. Neither the name of the University nor the names of its contributors
14 * may be used to endorse or promote products derived from this software
15 * without specific prior written permission.
17 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
18 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
19 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
20 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
21 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
22 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
23 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
25 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
26 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
27 * SUCH DAMAGE.
29 * $FreeBSD: src/sbin/routed/input.c,v 1.7.2.1 2001/08/01 09:01:45 obrien Exp $
32 #include "defs.h"
34 #if !defined(__NetBSD__)
35 static char sccsid[] __attribute__((unused)) = "@(#)input.c 8.1 (Berkeley) 6/5/93";
36 #elif defined(__NetBSD__)
37 #include <sys/cdefs.h>
38 __RCSID("$NetBSD$");
39 #endif
41 static void input(struct sockaddr_in *, struct interface *, struct interface *,
42 struct rip *, int);
43 static void input_route(naddr, naddr, struct rt_spare *, struct netinfo *);
44 static int ck_passwd(struct interface *, struct rip *, void *,
45 naddr, struct msg_limit *);
48 /* process RIP input
50 void
51 read_rip(int sock,
52 struct interface *sifp)
54 struct sockaddr_in from;
55 struct interface *aifp;
56 int cc;
57 socklen_t fromlen;
58 #ifdef USE_PASSIFNAME
59 static struct msg_limit bad_name;
60 struct {
61 char ifname[IFNAMSIZ];
62 union pkt_buf pbuf;
63 } inbuf;
64 #else
65 struct {
66 union pkt_buf pbuf;
67 } inbuf;
68 #endif
71 for (;;) {
72 fromlen = sizeof(from);
73 cc = recvfrom(sock, &inbuf, sizeof(inbuf), 0,
74 (struct sockaddr*)&from, &fromlen);
75 if (cc <= 0) {
76 if (cc < 0 && errno != EWOULDBLOCK)
77 LOGERR("recvfrom(rip)");
78 break;
80 if (fromlen != sizeof(struct sockaddr_in))
81 logbad(1,"impossible recvfrom(rip) fromlen=%d",
82 fromlen);
84 /* aifp is the "authenticated" interface via which the packet
85 * arrived. In fact, it is only the interface on which
86 * the packet should have arrived based on is source
87 * address.
88 * sifp is interface associated with the socket through which
89 * the packet was received.
91 #ifdef USE_PASSIFNAME
92 if ((cc -= sizeof(inbuf.ifname)) < 0)
93 logbad(0,"missing USE_PASSIFNAME; only %d bytes",
94 cc+sizeof(inbuf.ifname));
96 /* check the remote interfaces first */
97 for (aifp = remote_if; aifp; aifp = aifp->int_rlink) {
98 if (aifp->int_addr == from.sin_addr.s_addr)
99 break;
101 if (aifp == NULL) {
102 aifp = ifwithname(inbuf.ifname, 0);
103 if (aifp == NULL) {
104 msglim(&bad_name, from.sin_addr.s_addr,
105 "impossible interface name %.*s",
106 IFNAMSIZ, inbuf.ifname);
107 } else if (((aifp->int_if_flags & IFF_POINTOPOINT)
108 && aifp->int_dstaddr!=from.sin_addr.s_addr)
109 || (!(aifp->int_if_flags & IFF_POINTOPOINT)
110 && !on_net(from.sin_addr.s_addr,
111 aifp->int_net,
112 aifp->int_mask))) {
113 /* If it came via the wrong interface, do not
114 * trust it.
116 aifp = NULL;
119 #else
120 aifp = iflookup(from.sin_addr.s_addr);
121 #endif
122 if (sifp == NULL)
123 sifp = aifp;
125 input(&from, sifp, aifp, &inbuf.pbuf.rip, cc);
130 /* Process a RIP packet
132 static void
133 input(struct sockaddr_in *from, /* received from this IP address */
134 struct interface *sifp, /* interface of incoming socket */
135 struct interface *aifp, /* "authenticated" interface */
136 struct rip *rip,
137 int cc)
139 # define FROM_NADDR from->sin_addr.s_addr
140 static struct msg_limit use_auth, bad_len, bad_mask;
141 static struct msg_limit unk_router, bad_router, bad_nhop;
143 struct rt_entry *rt;
144 struct rt_spare new;
145 struct netinfo *n, *lim;
146 struct interface *ifp1;
147 naddr gate, mask, v1_mask, dst, ddst_h = 0;
148 struct auth *ap;
149 struct tgate *tg = NULL;
150 struct tgate_net *tn;
151 int i, j;
153 /* Notice when we hear from a remote gateway
155 if (aifp != NULL
156 && (aifp->int_state & IS_REMOTE))
157 aifp->int_act_time = now.tv_sec;
159 trace_rip("Recv", "from", from, sifp, rip, cc);
161 if (rip->rip_vers == 0) {
162 msglim(&bad_router, FROM_NADDR,
163 "RIP version 0, cmd %d, packet received from %s",
164 rip->rip_cmd, naddr_ntoa(FROM_NADDR));
165 return;
166 } else if (rip->rip_vers > RIPv2) {
167 rip->rip_vers = RIPv2;
169 if (cc > (int)OVER_MAXPACKETSIZE) {
170 msglim(&bad_router, FROM_NADDR,
171 "packet at least %d bytes too long received from %s",
172 cc-MAXPACKETSIZE, naddr_ntoa(FROM_NADDR));
173 return;
176 n = rip->rip_nets;
177 lim = (struct netinfo *)((char*)rip + cc);
179 /* Notice authentication.
180 * As required by section 4.2 in RFC 1723, discard authenticated
181 * RIPv2 messages, but only if configured for that silliness.
183 * RIPv2 authentication is lame. Why authenticate queries?
184 * Why should a RIPv2 implementation with authentication disabled
185 * not be able to listen to RIPv2 packets with authentication, while
186 * RIPv1 systems will listen? Crazy!
188 if (!auth_ok
189 && rip->rip_vers == RIPv2
190 && n < lim && n->n_family == RIP_AF_AUTH) {
191 msglim(&use_auth, FROM_NADDR,
192 "RIPv2 message with authentication from %s discarded",
193 naddr_ntoa(FROM_NADDR));
194 return;
197 switch (rip->rip_cmd) {
198 case RIPCMD_REQUEST:
199 /* For mere requests, be a little sloppy about the source
201 if (aifp == NULL)
202 aifp = sifp;
204 /* Are we talking to ourself or a remote gateway?
206 ifp1 = ifwithaddr(FROM_NADDR, 0, 1);
207 if (ifp1) {
208 if (ifp1->int_state & IS_REMOTE) {
209 /* remote gateway */
210 aifp = ifp1;
211 if (check_remote(aifp)) {
212 aifp->int_act_time = now.tv_sec;
213 if_ok(aifp, "remote ");
215 } else if (from->sin_port == htons(RIP_PORT)) {
216 trace_pkt(" discard our own RIP request");
217 return;
221 /* did the request come from a router?
223 if (from->sin_port == htons(RIP_PORT)) {
224 /* yes, ignore the request if RIP is off so that
225 * the router does not depend on us.
227 if (rip_sock < 0
228 || (aifp != NULL
229 && IS_RIP_OUT_OFF(aifp->int_state))) {
230 trace_pkt(" discard request while RIP off");
231 return;
235 /* According to RFC 1723, we should ignore unauthenticated
236 * queries. That is too silly to bother with. Sheesh!
237 * Are forwarding tables supposed to be secret, when
238 * a bad guy can infer them with test traffic? When RIP
239 * is still the most common router-discovery protocol
240 * and so hosts need to send queries that will be answered?
241 * What about `rtquery`?
242 * Maybe on firewalls you'd care, but not enough to
243 * give up the diagnostic facilities of remote probing.
246 if (n >= lim) {
247 msglim(&bad_len, FROM_NADDR, "empty request from %s",
248 naddr_ntoa(FROM_NADDR));
249 return;
251 if (cc%sizeof(*n) != sizeof(struct rip)%sizeof(*n)) {
252 msglim(&bad_len, FROM_NADDR,
253 "request of bad length (%d) from %s",
254 cc, naddr_ntoa(FROM_NADDR));
257 if (rip->rip_vers == RIPv2
258 && (aifp == NULL || (aifp->int_state & IS_NO_RIPV1_OUT))) {
259 v12buf.buf->rip_vers = RIPv2;
260 /* If we have a secret but it is a cleartext secret,
261 * do not disclose our secret unless the other guy
262 * already knows it.
264 ap = find_auth(aifp);
265 if (ap != NULL && ap->type == RIP_AUTH_PW
266 && n->n_family == RIP_AF_AUTH
267 && !ck_passwd(aifp,rip,lim,FROM_NADDR,&use_auth))
268 ap = NULL;
269 } else {
270 v12buf.buf->rip_vers = RIPv1;
271 ap = NULL;
273 clr_ws_buf(&v12buf, ap);
275 do {
276 n->n_metric = ntohl(n->n_metric);
278 /* A single entry with family RIP_AF_UNSPEC and
279 * metric HOPCNT_INFINITY means "all routes".
280 * We respond to routers only if we are acting
281 * as a supplier, or to anyone other than a router
282 * (i.e. a query).
284 if (n->n_family == RIP_AF_UNSPEC
285 && n->n_metric == HOPCNT_INFINITY) {
286 /* Answer a query from a utility program
287 * with all we know.
289 if (aifp == NULL) {
290 trace_pkt("ignore remote query");
291 return;
293 if (from->sin_port != htons(RIP_PORT)) {
294 supply(from, aifp, OUT_QUERY, 0,
295 rip->rip_vers, ap != NULL);
296 return;
299 /* A router trying to prime its tables.
300 * Filter the answer in the about same way
301 * broadcasts are filtered.
303 * Only answer a router if we are a supplier
304 * to keep an unwary host that is just starting
305 * from picking us as a router.
307 if (aifp == NULL) {
308 trace_pkt("ignore distant router");
309 return;
311 if (!supplier
312 || IS_RIP_OFF(aifp->int_state)) {
313 trace_pkt("ignore; not supplying");
314 return;
317 /* Do not answer a RIPv1 router if
318 * we are sending RIPv2. But do offer
319 * poor man's router discovery.
321 if ((aifp->int_state & IS_NO_RIPV1_OUT)
322 && rip->rip_vers == RIPv1) {
323 if (!(aifp->int_state & IS_PM_RDISC)) {
324 trace_pkt("ignore; sending RIPv2");
325 return;
328 v12buf.n->n_family = RIP_AF_INET;
329 v12buf.n->n_dst = RIP_DEFAULT;
330 i = aifp->int_d_metric;
331 if (NULL != (rt = rtget(RIP_DEFAULT, 0)))
332 i = MIN(i, (rt->rt_metric
333 +aifp->int_metric+1));
334 v12buf.n->n_metric = htonl(i);
335 v12buf.n++;
336 break;
339 /* Respond with RIPv1 instead of RIPv2 if
340 * that is what we are broadcasting on the
341 * interface to keep the remote router from
342 * getting the wrong initial idea of the
343 * routes we send.
345 supply(from, aifp, OUT_UNICAST, 0,
346 (aifp->int_state & IS_NO_RIPV1_OUT)
347 ? RIPv2 : RIPv1,
348 ap != NULL);
349 return;
352 /* Ignore authentication */
353 if (n->n_family == RIP_AF_AUTH)
354 continue;
356 if (n->n_family != RIP_AF_INET) {
357 msglim(&bad_router, FROM_NADDR,
358 "request from %s for unsupported"
359 " (af %d) %s",
360 naddr_ntoa(FROM_NADDR),
361 ntohs(n->n_family),
362 naddr_ntoa(n->n_dst));
363 return;
366 /* We are being asked about a specific destination.
368 dst = n->n_dst;
369 if (!check_dst(dst)) {
370 msglim(&bad_router, FROM_NADDR,
371 "bad queried destination %s from %s",
372 naddr_ntoa(dst),
373 naddr_ntoa(FROM_NADDR));
374 return;
377 /* decide what mask was intended */
378 if (rip->rip_vers == RIPv1
379 || 0 == (mask = ntohl(n->n_mask))
380 || 0 != (ntohl(dst) & ~mask))
381 mask = ripv1_mask_host(dst, aifp);
383 /* try to find the answer */
384 rt = rtget(dst, mask);
385 if (!rt && dst != RIP_DEFAULT)
386 rt = rtfind(n->n_dst);
388 if (v12buf.buf->rip_vers != RIPv1)
389 v12buf.n->n_mask = mask;
390 if (rt == NULL) {
391 /* we do not have the answer */
392 v12buf.n->n_metric = HOPCNT_INFINITY;
393 } else {
394 /* we have the answer, so compute the
395 * right metric and next hop.
397 v12buf.n->n_family = RIP_AF_INET;
398 v12buf.n->n_dst = dst;
399 v12buf.n->n_metric = (rt->rt_metric+1
400 + ((aifp!=NULL)
401 ? aifp->int_metric
402 : 1));
403 if (v12buf.n->n_metric > HOPCNT_INFINITY)
404 v12buf.n->n_metric = HOPCNT_INFINITY;
405 if (v12buf.buf->rip_vers != RIPv1) {
406 v12buf.n->n_tag = rt->rt_tag;
407 v12buf.n->n_mask = mask;
408 if (aifp != NULL
409 && on_net(rt->rt_gate,
410 aifp->int_net,
411 aifp->int_mask)
412 && rt->rt_gate != aifp->int_addr)
413 v12buf.n->n_nhop = rt->rt_gate;
416 v12buf.n->n_metric = htonl(v12buf.n->n_metric);
418 /* Stop paying attention if we fill the output buffer.
420 if (++v12buf.n >= v12buf.lim)
421 break;
422 } while (++n < lim);
424 /* Send the answer about specific routes.
426 if (ap != NULL && ap->type == RIP_AUTH_MD5)
427 end_md5_auth(&v12buf, ap);
429 if (from->sin_port != htons(RIP_PORT)) {
430 /* query */
431 output(OUT_QUERY, from, aifp,
432 v12buf.buf,
433 ((char *)v12buf.n - (char*)v12buf.buf));
434 } else if (supplier) {
435 output(OUT_UNICAST, from, aifp,
436 v12buf.buf,
437 ((char *)v12buf.n - (char*)v12buf.buf));
438 } else {
439 /* Only answer a router if we are a supplier
440 * to keep an unwary host that is just starting
441 * from picking us an a router.
445 return;
447 case RIPCMD_TRACEON:
448 case RIPCMD_TRACEOFF:
449 /* Notice that trace messages are turned off for all possible
450 * abuse if _PATH_TRACE is undefined in pathnames.h.
451 * Notice also that because of the way the trace file is
452 * handled in trace.c, no abuse is plausible even if
453 * _PATH_TRACE_ is defined.
455 * First verify message came from a privileged port. */
456 if (ntohs(from->sin_port) > IPPORT_RESERVED) {
457 msglog("trace command from untrusted port on %s",
458 naddr_ntoa(FROM_NADDR));
459 return;
461 if (aifp == NULL) {
462 msglog("trace command from unknown router %s",
463 naddr_ntoa(FROM_NADDR));
464 return;
466 if (rip->rip_cmd == RIPCMD_TRACEON) {
467 rip->rip_tracefile[cc-4] = '\0';
468 set_tracefile((char*)rip->rip_tracefile,
469 "trace command: %s\n", 0);
470 } else {
471 trace_off("tracing turned off by %s",
472 naddr_ntoa(FROM_NADDR));
474 return;
476 case RIPCMD_RESPONSE:
477 if (cc%sizeof(*n) != sizeof(struct rip)%sizeof(*n)) {
478 msglim(&bad_len, FROM_NADDR,
479 "response of bad length (%d) from %s",
480 cc, naddr_ntoa(FROM_NADDR));
483 /* verify message came from a router */
484 if (from->sin_port != ntohs(RIP_PORT)) {
485 msglim(&bad_router, FROM_NADDR,
486 " discard RIP response from unknown port"
487 " %d on host %s", ntohs(from->sin_port),
488 naddr_ntoa(FROM_NADDR));
489 return;
492 if (rip_sock < 0) {
493 trace_pkt(" discard response while RIP off");
494 return;
497 /* Are we talking to ourself or a remote gateway?
499 ifp1 = ifwithaddr(FROM_NADDR, 0, 1);
500 if (ifp1) {
501 if (ifp1->int_state & IS_REMOTE) {
502 /* remote gateway */
503 aifp = ifp1;
504 if (check_remote(aifp)) {
505 aifp->int_act_time = now.tv_sec;
506 if_ok(aifp, "remote ");
508 } else {
509 trace_pkt(" discard our own RIP response");
510 return;
514 /* Accept routing packets from routers directly connected
515 * via broadcast or point-to-point networks, and from
516 * those listed in /etc/gateways.
518 if (aifp == NULL) {
519 msglim(&unk_router, FROM_NADDR,
520 " discard response from %s"
521 " via unexpected interface",
522 naddr_ntoa(FROM_NADDR));
523 return;
525 if (IS_RIP_IN_OFF(aifp->int_state)) {
526 trace_pkt(" discard RIPv%d response"
527 " via disabled interface %s",
528 rip->rip_vers, aifp->int_name);
529 return;
532 if (n >= lim) {
533 msglim(&bad_len, FROM_NADDR, "empty response from %s",
534 naddr_ntoa(FROM_NADDR));
535 return;
538 if (((aifp->int_state & IS_NO_RIPV1_IN)
539 && rip->rip_vers == RIPv1)
540 || ((aifp->int_state & IS_NO_RIPV2_IN)
541 && rip->rip_vers != RIPv1)) {
542 trace_pkt(" discard RIPv%d response",
543 rip->rip_vers);
544 return;
547 /* Ignore routes via dead interface.
549 if (aifp->int_state & IS_BROKE) {
550 trace_pkt("discard response via broken interface %s",
551 aifp->int_name);
552 return;
555 /* If the interface cares, ignore bad routers.
556 * Trace but do not log this problem, because where it
557 * happens, it happens frequently.
559 if (aifp->int_state & IS_DISTRUST) {
560 tg = tgates;
561 while (tg->tgate_addr != FROM_NADDR) {
562 tg = tg->tgate_next;
563 if (tg == NULL) {
564 trace_pkt(" discard RIP response"
565 " from untrusted router %s",
566 naddr_ntoa(FROM_NADDR));
567 return;
572 /* Authenticate the packet if we have a secret.
573 * If we do not have any secrets, ignore the error in
574 * RFC 1723 and accept it regardless.
576 if (aifp->int_auth[0].type != RIP_AUTH_NONE
577 && rip->rip_vers != RIPv1
578 && !ck_passwd(aifp,rip,lim,FROM_NADDR,&use_auth))
579 return;
581 do {
582 if (n->n_family == RIP_AF_AUTH)
583 continue;
585 n->n_metric = ntohl(n->n_metric);
586 dst = n->n_dst;
587 if (n->n_family != RIP_AF_INET
588 && (n->n_family != RIP_AF_UNSPEC
589 || dst != RIP_DEFAULT)) {
590 msglim(&bad_router, FROM_NADDR,
591 "route from %s to unsupported"
592 " address family=%d destination=%s",
593 naddr_ntoa(FROM_NADDR),
594 n->n_family,
595 naddr_ntoa(dst));
596 continue;
598 if (!check_dst(dst)) {
599 msglim(&bad_router, FROM_NADDR,
600 "bad destination %s from %s",
601 naddr_ntoa(dst),
602 naddr_ntoa(FROM_NADDR));
603 return;
605 if (n->n_metric == 0
606 || n->n_metric > HOPCNT_INFINITY) {
607 msglim(&bad_router, FROM_NADDR,
608 "bad metric %d from %s"
609 " for destination %s",
610 n->n_metric,
611 naddr_ntoa(FROM_NADDR),
612 naddr_ntoa(dst));
613 return;
616 /* Notice the next-hop.
618 gate = FROM_NADDR;
619 if (n->n_nhop != 0) {
620 if (rip->rip_vers == RIPv1) {
621 n->n_nhop = 0;
622 } else {
623 /* Use it only if it is valid. */
624 if (on_net(n->n_nhop,
625 aifp->int_net, aifp->int_mask)
626 && check_dst(n->n_nhop)) {
627 gate = n->n_nhop;
628 } else {
629 msglim(&bad_nhop, FROM_NADDR,
630 "router %s to %s"
631 " has bad next hop %s",
632 naddr_ntoa(FROM_NADDR),
633 naddr_ntoa(dst),
634 naddr_ntoa(n->n_nhop));
635 n->n_nhop = 0;
640 if (rip->rip_vers == RIPv1
641 || 0 == (mask = ntohl(n->n_mask))) {
642 mask = ripv1_mask_host(dst,aifp);
643 } else if ((ntohl(dst) & ~mask) != 0) {
644 msglim(&bad_mask, FROM_NADDR,
645 "router %s sent bad netmask"
646 " %#lx with %s",
647 naddr_ntoa(FROM_NADDR),
648 (u_long)mask,
649 naddr_ntoa(dst));
650 continue;
652 if (rip->rip_vers == RIPv1)
653 n->n_tag = 0;
655 /* Adjust metric according to incoming interface..
657 n->n_metric += aifp->int_metric;
658 if (n->n_metric > HOPCNT_INFINITY)
659 n->n_metric = HOPCNT_INFINITY;
661 /* Should we trust this route from this router? */
662 if (tg && (tn = tg->tgate_nets)->mask != 0) {
663 for (i = 0; i < MAX_TGATE_NETS; i++, tn++) {
664 if (on_net(dst, tn->net, tn->mask)
665 && tn->mask <= mask)
666 break;
668 if (i >= MAX_TGATE_NETS || tn->mask == 0) {
669 trace_pkt(" ignored unauthorized %s",
670 addrname(dst,mask,0));
671 continue;
675 /* Recognize and ignore a default route we faked
676 * which is being sent back to us by a machine with
677 * broken split-horizon.
678 * Be a little more paranoid than that, and reject
679 * default routes with the same metric we advertised.
681 if (aifp->int_d_metric != 0
682 && dst == RIP_DEFAULT
683 && (int)n->n_metric >= aifp->int_d_metric)
684 continue;
686 /* We can receive aggregated RIPv2 routes that must
687 * be broken down before they are transmitted by
688 * RIPv1 via an interface on a subnet.
689 * We might also receive the same routes aggregated
690 * via other RIPv2 interfaces.
691 * This could cause duplicate routes to be sent on
692 * the RIPv1 interfaces. "Longest matching variable
693 * length netmasks" lets RIPv2 listeners understand,
694 * but breaking down the aggregated routes for RIPv1
695 * listeners can produce duplicate routes.
697 * Breaking down aggregated routes here bloats
698 * the daemon table, but does not hurt the kernel
699 * table, since routes are always aggregated for
700 * the kernel.
702 * Notice that this does not break down network
703 * routes corresponding to subnets. This is part
704 * of the defense against RS_NET_SYN.
706 if (have_ripv1_out
707 && (((rt = rtget(dst,mask)) == NULL
708 || !(rt->rt_state & RS_NET_SYN)))
709 && (v1_mask = ripv1_mask_net(dst,0)) > mask) {
710 ddst_h = v1_mask & -v1_mask;
711 i = (v1_mask & ~mask)/ddst_h;
712 if (i >= 511) {
713 /* Punt if we would have to generate
714 * an unreasonable number of routes.
716 if (TRACECONTENTS)
717 trace_misc("accept %s-->%s as 1"
718 " instead of %d routes",
719 addrname(dst,mask,0),
720 naddr_ntoa(FROM_NADDR),
721 i+1);
722 i = 0;
723 } else {
724 mask = v1_mask;
726 } else {
727 i = 0;
730 new.rts_gate = gate;
731 new.rts_router = FROM_NADDR;
732 new.rts_metric = n->n_metric;
733 new.rts_tag = n->n_tag;
734 new.rts_time = now.tv_sec;
735 new.rts_ifp = aifp;
736 new.rts_de_ag = i;
737 j = 0;
738 for (;;) {
739 input_route(dst, mask, &new, n);
740 if (++j > i)
741 break;
742 dst = htonl(ntohl(dst) + ddst_h);
744 } while (++n < lim);
745 break;
747 #undef FROM_NADDR
751 /* Process a single input route.
753 static void
754 input_route(naddr dst, /* network order */
755 naddr mask,
756 struct rt_spare *new,
757 struct netinfo *n)
759 int i;
760 struct rt_entry *rt;
761 struct rt_spare *rts, *rts0;
762 struct interface *ifp1;
765 /* See if the other guy is telling us to send our packets to him.
766 * Sometimes network routes arrive over a point-to-point link for
767 * the network containing the address(es) of the link.
769 * If our interface is broken, switch to using the other guy.
771 ifp1 = ifwithaddr(dst, 1, 1);
772 if (ifp1 != NULL
773 && (!(ifp1->int_state & IS_BROKE)
774 || (ifp1->int_state & IS_PASSIVE)))
775 return;
777 /* Look for the route in our table.
779 rt = rtget(dst, mask);
781 /* Consider adding the route if we do not already have it.
783 if (rt == NULL) {
784 /* Ignore unknown routes being poisoned.
786 if (new->rts_metric == HOPCNT_INFINITY)
787 return;
789 /* Ignore the route if it points to us */
790 if (n->n_nhop != 0
791 && 0 != ifwithaddr(n->n_nhop, 1, 0))
792 return;
794 /* If something has not gone crazy and tried to fill
795 * our memory, accept the new route.
797 if (total_routes < MAX_ROUTES)
798 rtadd(dst, mask, 0, new);
799 return;
802 /* We already know about the route. Consider this update.
804 * If (rt->rt_state & RS_NET_SYN), then this route
805 * is the same as a network route we have inferred
806 * for subnets we know, in order to tell RIPv1 routers
807 * about the subnets.
809 * It is impossible to tell if the route is coming
810 * from a distant RIPv2 router with the standard
811 * netmask because that router knows about the entire
812 * network, or if it is a round-about echo of a
813 * synthetic, RIPv1 network route of our own.
814 * The worst is that both kinds of routes might be
815 * received, and the bad one might have the smaller
816 * metric. Partly solve this problem by never
817 * aggregating into such a route. Also keep it
818 * around as long as the interface exists.
821 rts0 = rt->rt_spares;
822 for (rts = rts0, i = NUM_SPARES; i != 0; i--, rts++) {
823 if (rts->rts_router == new->rts_router)
824 break;
825 /* Note the worst slot to reuse,
826 * other than the current slot.
828 if (rts0 == rt->rt_spares
829 || BETTER_LINK(rt, rts0, rts))
830 rts0 = rts;
832 if (i != 0) {
833 /* Found a route from the router already in the table.
836 /* If the new route is a route broken down from an
837 * aggregated route, and if the previous route is either
838 * not a broken down route or was broken down from a finer
839 * netmask, and if the previous route is current,
840 * then forget this one.
842 if (new->rts_de_ag > rts->rts_de_ag
843 && now_stale <= rts->rts_time)
844 return;
846 /* Keep poisoned routes around only long enough to pass
847 * the poison on. Use a new timestamp for good routes.
849 if (rts->rts_metric == HOPCNT_INFINITY
850 && new->rts_metric == HOPCNT_INFINITY)
851 new->rts_time = rts->rts_time;
853 /* If this is an update for the router we currently prefer,
854 * then note it.
856 if (i == NUM_SPARES) {
857 rtchange(rt, rt->rt_state, new, 0);
858 /* If the route got worse, check for something better.
860 if (new->rts_metric > rts->rts_metric)
861 rtswitch(rt, 0);
862 return;
865 /* This is an update for a spare route.
866 * Finished if the route is unchanged.
868 if (rts->rts_gate == new->rts_gate
869 && rts->rts_metric == new->rts_metric
870 && rts->rts_tag == new->rts_tag) {
871 trace_upslot(rt, rts, new);
872 *rts = *new;
873 return;
875 /* Forget it if it has gone bad.
877 if (new->rts_metric == HOPCNT_INFINITY) {
878 rts_delete(rt, rts);
879 return;
882 } else {
883 /* The update is for a route we know about,
884 * but not from a familiar router.
886 * Ignore the route if it points to us.
888 if (n->n_nhop != 0
889 && 0 != ifwithaddr(n->n_nhop, 1, 0))
890 return;
892 /* the loop above set rts0=worst spare */
893 rts = rts0;
895 /* Save the route as a spare only if it has
896 * a better metric than our worst spare.
897 * This also ignores poisoned routes (those
898 * received with metric HOPCNT_INFINITY).
900 if (new->rts_metric >= rts->rts_metric)
901 return;
904 trace_upslot(rt, rts, new);
905 *rts = *new;
907 /* try to switch to a better route */
908 rtswitch(rt, rts);
912 static int /* 0 if bad */
913 ck_passwd(struct interface *aifp,
914 struct rip *rip,
915 void *lim,
916 naddr from,
917 struct msg_limit *use_authp)
919 # define NA (rip->rip_auths)
920 struct netauth *na2;
921 struct auth *ap;
922 MD5_CTX md5_ctx;
923 u_char hash[RIP_AUTH_PW_LEN];
924 int i, len;
927 if ((void *)NA >= lim || NA->a_family != RIP_AF_AUTH) {
928 msglim(use_authp, from, "missing password from %s",
929 naddr_ntoa(from));
930 return 0;
933 /* accept any current (+/- 24 hours) password
935 for (ap = aifp->int_auth, i = 0; i < MAX_AUTH_KEYS; i++, ap++) {
936 if (ap->type != NA->a_type
937 || (u_long)ap->start > (u_long)clk.tv_sec+DAY
938 || (u_long)ap->end+DAY < (u_long)clk.tv_sec)
939 continue;
941 if (NA->a_type == RIP_AUTH_PW) {
942 if (!memcmp(NA->au.au_pw, ap->key, RIP_AUTH_PW_LEN))
943 return 1;
945 } else {
946 /* accept MD5 secret with the right key ID
948 if (NA->au.a_md5.md5_keyid != ap->keyid)
949 continue;
951 len = ntohs(NA->au.a_md5.md5_pkt_len);
952 if ((len-sizeof(*rip)) % sizeof(*NA) != 0
953 || len != (char *)lim-(char*)rip-(int)sizeof(*NA)) {
954 msglim(use_authp, from,
955 "wrong MD5 RIPv2 packet length of %d"
956 " instead of %d from %s",
957 len, (int)((char *)lim-(char *)rip
958 -sizeof(*NA)),
959 naddr_ntoa(from));
960 return 0;
962 na2 = (struct netauth *)((char *)rip+len);
964 /* Given a good hash value, these are not security
965 * problems so be generous and accept the routes,
966 * after complaining.
968 if (TRACEPACKETS) {
969 if (NA->au.a_md5.md5_auth_len
970 != RIP_AUTH_MD5_LEN)
971 msglim(use_authp, from,
972 "unknown MD5 RIPv2 auth len %#x"
973 " instead of %#x from %s",
974 NA->au.a_md5.md5_auth_len,
975 RIP_AUTH_MD5_LEN,
976 naddr_ntoa(from));
977 if (na2->a_family != RIP_AF_AUTH)
978 msglim(use_authp, from,
979 "unknown MD5 RIPv2 family %#x"
980 " instead of %#x from %s",
981 na2->a_family, RIP_AF_AUTH,
982 naddr_ntoa(from));
983 if (na2->a_type != ntohs(1))
984 msglim(use_authp, from,
985 "MD5 RIPv2 hash has %#x"
986 " instead of %#x from %s",
987 na2->a_type, ntohs(1),
988 naddr_ntoa(from));
991 MD5Init(&md5_ctx);
992 MD5Update(&md5_ctx, (u_char *)rip, len);
993 MD5Update(&md5_ctx, ap->key, RIP_AUTH_MD5_LEN);
994 MD5Final(hash, &md5_ctx);
995 if (!memcmp(hash, na2->au.au_pw, sizeof(hash)))
996 return 1;
1000 msglim(use_authp, from, "bad password from %s",
1001 naddr_ntoa(from));
1002 return 0;
1003 #undef NA