2 * Copyright (c) 1983, 1988, 1993
3 * The Regents of the University of California. All rights reserved.
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
13 * 3. Neither the name of the University nor the names of its contributors
14 * may be used to endorse or promote products derived from this software
15 * without specific prior written permission.
17 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
18 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
19 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
20 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
21 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
22 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
23 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
25 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
26 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29 * $FreeBSD: src/sbin/routed/input.c,v 1.7.2.1 2001/08/01 09:01:45 obrien Exp $
34 #if !defined(__NetBSD__)
35 static char sccsid
[] __attribute__((unused
)) = "@(#)input.c 8.1 (Berkeley) 6/5/93";
36 #elif defined(__NetBSD__)
37 #include <sys/cdefs.h>
41 static void input(struct sockaddr_in
*, struct interface
*, struct interface
*,
43 static void input_route(naddr
, naddr
, struct rt_spare
*, struct netinfo
*);
44 static int ck_passwd(struct interface
*, struct rip
*, void *,
45 naddr
, struct msg_limit
*);
52 struct interface
*sifp
)
54 struct sockaddr_in from
;
55 struct interface
*aifp
;
59 static struct msg_limit bad_name
;
61 char ifname
[IFNAMSIZ
];
72 fromlen
= sizeof(from
);
73 cc
= recvfrom(sock
, &inbuf
, sizeof(inbuf
), 0,
74 (struct sockaddr
*)&from
, &fromlen
);
76 if (cc
< 0 && errno
!= EWOULDBLOCK
)
77 LOGERR("recvfrom(rip)");
80 if (fromlen
!= sizeof(struct sockaddr_in
))
81 logbad(1,"impossible recvfrom(rip) fromlen=%d",
84 /* aifp is the "authenticated" interface via which the packet
85 * arrived. In fact, it is only the interface on which
86 * the packet should have arrived based on is source
88 * sifp is interface associated with the socket through which
89 * the packet was received.
92 if ((cc
-= sizeof(inbuf
.ifname
)) < 0)
93 logbad(0,"missing USE_PASSIFNAME; only %d bytes",
94 cc
+sizeof(inbuf
.ifname
));
96 /* check the remote interfaces first */
97 for (aifp
= remote_if
; aifp
; aifp
= aifp
->int_rlink
) {
98 if (aifp
->int_addr
== from
.sin_addr
.s_addr
)
102 aifp
= ifwithname(inbuf
.ifname
, 0);
104 msglim(&bad_name
, from
.sin_addr
.s_addr
,
105 "impossible interface name %.*s",
106 IFNAMSIZ
, inbuf
.ifname
);
107 } else if (((aifp
->int_if_flags
& IFF_POINTOPOINT
)
108 && aifp
->int_dstaddr
!=from
.sin_addr
.s_addr
)
109 || (!(aifp
->int_if_flags
& IFF_POINTOPOINT
)
110 && !on_net(from
.sin_addr
.s_addr
,
113 /* If it came via the wrong interface, do not
120 aifp
= iflookup(from
.sin_addr
.s_addr
);
125 input(&from
, sifp
, aifp
, &inbuf
.pbuf
.rip
, cc
);
130 /* Process a RIP packet
133 input(struct sockaddr_in
*from
, /* received from this IP address */
134 struct interface
*sifp
, /* interface of incoming socket */
135 struct interface
*aifp
, /* "authenticated" interface */
139 # define FROM_NADDR from->sin_addr.s_addr
140 static struct msg_limit use_auth
, bad_len
, bad_mask
;
141 static struct msg_limit unk_router
, bad_router
, bad_nhop
;
145 struct netinfo
*n
, *lim
;
146 struct interface
*ifp1
;
147 naddr gate
, mask
, v1_mask
, dst
, ddst_h
= 0;
149 struct tgate
*tg
= NULL
;
150 struct tgate_net
*tn
;
153 /* Notice when we hear from a remote gateway
156 && (aifp
->int_state
& IS_REMOTE
))
157 aifp
->int_act_time
= now
.tv_sec
;
159 trace_rip("Recv", "from", from
, sifp
, rip
, cc
);
161 if (rip
->rip_vers
== 0) {
162 msglim(&bad_router
, FROM_NADDR
,
163 "RIP version 0, cmd %d, packet received from %s",
164 rip
->rip_cmd
, naddr_ntoa(FROM_NADDR
));
166 } else if (rip
->rip_vers
> RIPv2
) {
167 rip
->rip_vers
= RIPv2
;
169 if (cc
> (int)OVER_MAXPACKETSIZE
) {
170 msglim(&bad_router
, FROM_NADDR
,
171 "packet at least %d bytes too long received from %s",
172 cc
-MAXPACKETSIZE
, naddr_ntoa(FROM_NADDR
));
177 lim
= (struct netinfo
*)((char*)rip
+ cc
);
179 /* Notice authentication.
180 * As required by section 4.2 in RFC 1723, discard authenticated
181 * RIPv2 messages, but only if configured for that silliness.
183 * RIPv2 authentication is lame. Why authenticate queries?
184 * Why should a RIPv2 implementation with authentication disabled
185 * not be able to listen to RIPv2 packets with authentication, while
186 * RIPv1 systems will listen? Crazy!
189 && rip
->rip_vers
== RIPv2
190 && n
< lim
&& n
->n_family
== RIP_AF_AUTH
) {
191 msglim(&use_auth
, FROM_NADDR
,
192 "RIPv2 message with authentication from %s discarded",
193 naddr_ntoa(FROM_NADDR
));
197 switch (rip
->rip_cmd
) {
199 /* For mere requests, be a little sloppy about the source
204 /* Are we talking to ourself or a remote gateway?
206 ifp1
= ifwithaddr(FROM_NADDR
, 0, 1);
208 if (ifp1
->int_state
& IS_REMOTE
) {
211 if (check_remote(aifp
)) {
212 aifp
->int_act_time
= now
.tv_sec
;
213 if_ok(aifp
, "remote ");
215 } else if (from
->sin_port
== htons(RIP_PORT
)) {
216 trace_pkt(" discard our own RIP request");
221 /* did the request come from a router?
223 if (from
->sin_port
== htons(RIP_PORT
)) {
224 /* yes, ignore the request if RIP is off so that
225 * the router does not depend on us.
229 && IS_RIP_OUT_OFF(aifp
->int_state
))) {
230 trace_pkt(" discard request while RIP off");
235 /* According to RFC 1723, we should ignore unauthenticated
236 * queries. That is too silly to bother with. Sheesh!
237 * Are forwarding tables supposed to be secret, when
238 * a bad guy can infer them with test traffic? When RIP
239 * is still the most common router-discovery protocol
240 * and so hosts need to send queries that will be answered?
241 * What about `rtquery`?
242 * Maybe on firewalls you'd care, but not enough to
243 * give up the diagnostic facilities of remote probing.
247 msglim(&bad_len
, FROM_NADDR
, "empty request from %s",
248 naddr_ntoa(FROM_NADDR
));
251 if (cc
%sizeof(*n
) != sizeof(struct rip
)%sizeof(*n
)) {
252 msglim(&bad_len
, FROM_NADDR
,
253 "request of bad length (%d) from %s",
254 cc
, naddr_ntoa(FROM_NADDR
));
257 if (rip
->rip_vers
== RIPv2
258 && (aifp
== NULL
|| (aifp
->int_state
& IS_NO_RIPV1_OUT
))) {
259 v12buf
.buf
->rip_vers
= RIPv2
;
260 /* If we have a secret but it is a cleartext secret,
261 * do not disclose our secret unless the other guy
264 ap
= find_auth(aifp
);
265 if (ap
!= NULL
&& ap
->type
== RIP_AUTH_PW
266 && n
->n_family
== RIP_AF_AUTH
267 && !ck_passwd(aifp
,rip
,lim
,FROM_NADDR
,&use_auth
))
270 v12buf
.buf
->rip_vers
= RIPv1
;
273 clr_ws_buf(&v12buf
, ap
);
276 n
->n_metric
= ntohl(n
->n_metric
);
278 /* A single entry with family RIP_AF_UNSPEC and
279 * metric HOPCNT_INFINITY means "all routes".
280 * We respond to routers only if we are acting
281 * as a supplier, or to anyone other than a router
284 if (n
->n_family
== RIP_AF_UNSPEC
285 && n
->n_metric
== HOPCNT_INFINITY
) {
286 /* Answer a query from a utility program
290 trace_pkt("ignore remote query");
293 if (from
->sin_port
!= htons(RIP_PORT
)) {
294 supply(from
, aifp
, OUT_QUERY
, 0,
295 rip
->rip_vers
, ap
!= NULL
);
299 /* A router trying to prime its tables.
300 * Filter the answer in the about same way
301 * broadcasts are filtered.
303 * Only answer a router if we are a supplier
304 * to keep an unwary host that is just starting
305 * from picking us as a router.
308 trace_pkt("ignore distant router");
312 || IS_RIP_OFF(aifp
->int_state
)) {
313 trace_pkt("ignore; not supplying");
317 /* Do not answer a RIPv1 router if
318 * we are sending RIPv2. But do offer
319 * poor man's router discovery.
321 if ((aifp
->int_state
& IS_NO_RIPV1_OUT
)
322 && rip
->rip_vers
== RIPv1
) {
323 if (!(aifp
->int_state
& IS_PM_RDISC
)) {
324 trace_pkt("ignore; sending RIPv2");
328 v12buf
.n
->n_family
= RIP_AF_INET
;
329 v12buf
.n
->n_dst
= RIP_DEFAULT
;
330 i
= aifp
->int_d_metric
;
331 if (NULL
!= (rt
= rtget(RIP_DEFAULT
, 0)))
332 i
= MIN(i
, (rt
->rt_metric
333 +aifp
->int_metric
+1));
334 v12buf
.n
->n_metric
= htonl(i
);
339 /* Respond with RIPv1 instead of RIPv2 if
340 * that is what we are broadcasting on the
341 * interface to keep the remote router from
342 * getting the wrong initial idea of the
345 supply(from
, aifp
, OUT_UNICAST
, 0,
346 (aifp
->int_state
& IS_NO_RIPV1_OUT
)
352 /* Ignore authentication */
353 if (n
->n_family
== RIP_AF_AUTH
)
356 if (n
->n_family
!= RIP_AF_INET
) {
357 msglim(&bad_router
, FROM_NADDR
,
358 "request from %s for unsupported"
360 naddr_ntoa(FROM_NADDR
),
362 naddr_ntoa(n
->n_dst
));
366 /* We are being asked about a specific destination.
369 if (!check_dst(dst
)) {
370 msglim(&bad_router
, FROM_NADDR
,
371 "bad queried destination %s from %s",
373 naddr_ntoa(FROM_NADDR
));
377 /* decide what mask was intended */
378 if (rip
->rip_vers
== RIPv1
379 || 0 == (mask
= ntohl(n
->n_mask
))
380 || 0 != (ntohl(dst
) & ~mask
))
381 mask
= ripv1_mask_host(dst
, aifp
);
383 /* try to find the answer */
384 rt
= rtget(dst
, mask
);
385 if (!rt
&& dst
!= RIP_DEFAULT
)
386 rt
= rtfind(n
->n_dst
);
388 if (v12buf
.buf
->rip_vers
!= RIPv1
)
389 v12buf
.n
->n_mask
= mask
;
391 /* we do not have the answer */
392 v12buf
.n
->n_metric
= HOPCNT_INFINITY
;
394 /* we have the answer, so compute the
395 * right metric and next hop.
397 v12buf
.n
->n_family
= RIP_AF_INET
;
398 v12buf
.n
->n_dst
= dst
;
399 v12buf
.n
->n_metric
= (rt
->rt_metric
+1
403 if (v12buf
.n
->n_metric
> HOPCNT_INFINITY
)
404 v12buf
.n
->n_metric
= HOPCNT_INFINITY
;
405 if (v12buf
.buf
->rip_vers
!= RIPv1
) {
406 v12buf
.n
->n_tag
= rt
->rt_tag
;
407 v12buf
.n
->n_mask
= mask
;
409 && on_net(rt
->rt_gate
,
412 && rt
->rt_gate
!= aifp
->int_addr
)
413 v12buf
.n
->n_nhop
= rt
->rt_gate
;
416 v12buf
.n
->n_metric
= htonl(v12buf
.n
->n_metric
);
418 /* Stop paying attention if we fill the output buffer.
420 if (++v12buf
.n
>= v12buf
.lim
)
424 /* Send the answer about specific routes.
426 if (ap
!= NULL
&& ap
->type
== RIP_AUTH_MD5
)
427 end_md5_auth(&v12buf
, ap
);
429 if (from
->sin_port
!= htons(RIP_PORT
)) {
431 output(OUT_QUERY
, from
, aifp
,
433 ((char *)v12buf
.n
- (char*)v12buf
.buf
));
434 } else if (supplier
) {
435 output(OUT_UNICAST
, from
, aifp
,
437 ((char *)v12buf
.n
- (char*)v12buf
.buf
));
439 /* Only answer a router if we are a supplier
440 * to keep an unwary host that is just starting
441 * from picking us an a router.
448 case RIPCMD_TRACEOFF
:
449 /* Notice that trace messages are turned off for all possible
450 * abuse if _PATH_TRACE is undefined in pathnames.h.
451 * Notice also that because of the way the trace file is
452 * handled in trace.c, no abuse is plausible even if
453 * _PATH_TRACE_ is defined.
455 * First verify message came from a privileged port. */
456 if (ntohs(from
->sin_port
) > IPPORT_RESERVED
) {
457 msglog("trace command from untrusted port on %s",
458 naddr_ntoa(FROM_NADDR
));
462 msglog("trace command from unknown router %s",
463 naddr_ntoa(FROM_NADDR
));
466 if (rip
->rip_cmd
== RIPCMD_TRACEON
) {
467 rip
->rip_tracefile
[cc
-4] = '\0';
468 set_tracefile((char*)rip
->rip_tracefile
,
469 "trace command: %s\n", 0);
471 trace_off("tracing turned off by %s",
472 naddr_ntoa(FROM_NADDR
));
476 case RIPCMD_RESPONSE
:
477 if (cc
%sizeof(*n
) != sizeof(struct rip
)%sizeof(*n
)) {
478 msglim(&bad_len
, FROM_NADDR
,
479 "response of bad length (%d) from %s",
480 cc
, naddr_ntoa(FROM_NADDR
));
483 /* verify message came from a router */
484 if (from
->sin_port
!= ntohs(RIP_PORT
)) {
485 msglim(&bad_router
, FROM_NADDR
,
486 " discard RIP response from unknown port"
487 " %d on host %s", ntohs(from
->sin_port
),
488 naddr_ntoa(FROM_NADDR
));
493 trace_pkt(" discard response while RIP off");
497 /* Are we talking to ourself or a remote gateway?
499 ifp1
= ifwithaddr(FROM_NADDR
, 0, 1);
501 if (ifp1
->int_state
& IS_REMOTE
) {
504 if (check_remote(aifp
)) {
505 aifp
->int_act_time
= now
.tv_sec
;
506 if_ok(aifp
, "remote ");
509 trace_pkt(" discard our own RIP response");
514 /* Accept routing packets from routers directly connected
515 * via broadcast or point-to-point networks, and from
516 * those listed in /etc/gateways.
519 msglim(&unk_router
, FROM_NADDR
,
520 " discard response from %s"
521 " via unexpected interface",
522 naddr_ntoa(FROM_NADDR
));
525 if (IS_RIP_IN_OFF(aifp
->int_state
)) {
526 trace_pkt(" discard RIPv%d response"
527 " via disabled interface %s",
528 rip
->rip_vers
, aifp
->int_name
);
533 msglim(&bad_len
, FROM_NADDR
, "empty response from %s",
534 naddr_ntoa(FROM_NADDR
));
538 if (((aifp
->int_state
& IS_NO_RIPV1_IN
)
539 && rip
->rip_vers
== RIPv1
)
540 || ((aifp
->int_state
& IS_NO_RIPV2_IN
)
541 && rip
->rip_vers
!= RIPv1
)) {
542 trace_pkt(" discard RIPv%d response",
547 /* Ignore routes via dead interface.
549 if (aifp
->int_state
& IS_BROKE
) {
550 trace_pkt("discard response via broken interface %s",
555 /* If the interface cares, ignore bad routers.
556 * Trace but do not log this problem, because where it
557 * happens, it happens frequently.
559 if (aifp
->int_state
& IS_DISTRUST
) {
561 while (tg
->tgate_addr
!= FROM_NADDR
) {
564 trace_pkt(" discard RIP response"
565 " from untrusted router %s",
566 naddr_ntoa(FROM_NADDR
));
572 /* Authenticate the packet if we have a secret.
573 * If we do not have any secrets, ignore the error in
574 * RFC 1723 and accept it regardless.
576 if (aifp
->int_auth
[0].type
!= RIP_AUTH_NONE
577 && rip
->rip_vers
!= RIPv1
578 && !ck_passwd(aifp
,rip
,lim
,FROM_NADDR
,&use_auth
))
582 if (n
->n_family
== RIP_AF_AUTH
)
585 n
->n_metric
= ntohl(n
->n_metric
);
587 if (n
->n_family
!= RIP_AF_INET
588 && (n
->n_family
!= RIP_AF_UNSPEC
589 || dst
!= RIP_DEFAULT
)) {
590 msglim(&bad_router
, FROM_NADDR
,
591 "route from %s to unsupported"
592 " address family=%d destination=%s",
593 naddr_ntoa(FROM_NADDR
),
598 if (!check_dst(dst
)) {
599 msglim(&bad_router
, FROM_NADDR
,
600 "bad destination %s from %s",
602 naddr_ntoa(FROM_NADDR
));
606 || n
->n_metric
> HOPCNT_INFINITY
) {
607 msglim(&bad_router
, FROM_NADDR
,
608 "bad metric %d from %s"
609 " for destination %s",
611 naddr_ntoa(FROM_NADDR
),
616 /* Notice the next-hop.
619 if (n
->n_nhop
!= 0) {
620 if (rip
->rip_vers
== RIPv1
) {
623 /* Use it only if it is valid. */
624 if (on_net(n
->n_nhop
,
625 aifp
->int_net
, aifp
->int_mask
)
626 && check_dst(n
->n_nhop
)) {
629 msglim(&bad_nhop
, FROM_NADDR
,
631 " has bad next hop %s",
632 naddr_ntoa(FROM_NADDR
),
634 naddr_ntoa(n
->n_nhop
));
640 if (rip
->rip_vers
== RIPv1
641 || 0 == (mask
= ntohl(n
->n_mask
))) {
642 mask
= ripv1_mask_host(dst
,aifp
);
643 } else if ((ntohl(dst
) & ~mask
) != 0) {
644 msglim(&bad_mask
, FROM_NADDR
,
645 "router %s sent bad netmask"
647 naddr_ntoa(FROM_NADDR
),
652 if (rip
->rip_vers
== RIPv1
)
655 /* Adjust metric according to incoming interface..
657 n
->n_metric
+= aifp
->int_metric
;
658 if (n
->n_metric
> HOPCNT_INFINITY
)
659 n
->n_metric
= HOPCNT_INFINITY
;
661 /* Should we trust this route from this router? */
662 if (tg
&& (tn
= tg
->tgate_nets
)->mask
!= 0) {
663 for (i
= 0; i
< MAX_TGATE_NETS
; i
++, tn
++) {
664 if (on_net(dst
, tn
->net
, tn
->mask
)
668 if (i
>= MAX_TGATE_NETS
|| tn
->mask
== 0) {
669 trace_pkt(" ignored unauthorized %s",
670 addrname(dst
,mask
,0));
675 /* Recognize and ignore a default route we faked
676 * which is being sent back to us by a machine with
677 * broken split-horizon.
678 * Be a little more paranoid than that, and reject
679 * default routes with the same metric we advertised.
681 if (aifp
->int_d_metric
!= 0
682 && dst
== RIP_DEFAULT
683 && (int)n
->n_metric
>= aifp
->int_d_metric
)
686 /* We can receive aggregated RIPv2 routes that must
687 * be broken down before they are transmitted by
688 * RIPv1 via an interface on a subnet.
689 * We might also receive the same routes aggregated
690 * via other RIPv2 interfaces.
691 * This could cause duplicate routes to be sent on
692 * the RIPv1 interfaces. "Longest matching variable
693 * length netmasks" lets RIPv2 listeners understand,
694 * but breaking down the aggregated routes for RIPv1
695 * listeners can produce duplicate routes.
697 * Breaking down aggregated routes here bloats
698 * the daemon table, but does not hurt the kernel
699 * table, since routes are always aggregated for
702 * Notice that this does not break down network
703 * routes corresponding to subnets. This is part
704 * of the defense against RS_NET_SYN.
707 && (((rt
= rtget(dst
,mask
)) == NULL
708 || !(rt
->rt_state
& RS_NET_SYN
)))
709 && (v1_mask
= ripv1_mask_net(dst
,0)) > mask
) {
710 ddst_h
= v1_mask
& -v1_mask
;
711 i
= (v1_mask
& ~mask
)/ddst_h
;
713 /* Punt if we would have to generate
714 * an unreasonable number of routes.
717 trace_misc("accept %s-->%s as 1"
718 " instead of %d routes",
719 addrname(dst
,mask
,0),
720 naddr_ntoa(FROM_NADDR
),
731 new.rts_router
= FROM_NADDR
;
732 new.rts_metric
= n
->n_metric
;
733 new.rts_tag
= n
->n_tag
;
734 new.rts_time
= now
.tv_sec
;
739 input_route(dst
, mask
, &new, n
);
742 dst
= htonl(ntohl(dst
) + ddst_h
);
751 /* Process a single input route.
754 input_route(naddr dst
, /* network order */
756 struct rt_spare
*new,
761 struct rt_spare
*rts
, *rts0
;
762 struct interface
*ifp1
;
765 /* See if the other guy is telling us to send our packets to him.
766 * Sometimes network routes arrive over a point-to-point link for
767 * the network containing the address(es) of the link.
769 * If our interface is broken, switch to using the other guy.
771 ifp1
= ifwithaddr(dst
, 1, 1);
773 && (!(ifp1
->int_state
& IS_BROKE
)
774 || (ifp1
->int_state
& IS_PASSIVE
)))
777 /* Look for the route in our table.
779 rt
= rtget(dst
, mask
);
781 /* Consider adding the route if we do not already have it.
784 /* Ignore unknown routes being poisoned.
786 if (new->rts_metric
== HOPCNT_INFINITY
)
789 /* Ignore the route if it points to us */
791 && 0 != ifwithaddr(n
->n_nhop
, 1, 0))
794 /* If something has not gone crazy and tried to fill
795 * our memory, accept the new route.
797 if (total_routes
< MAX_ROUTES
)
798 rtadd(dst
, mask
, 0, new);
802 /* We already know about the route. Consider this update.
804 * If (rt->rt_state & RS_NET_SYN), then this route
805 * is the same as a network route we have inferred
806 * for subnets we know, in order to tell RIPv1 routers
809 * It is impossible to tell if the route is coming
810 * from a distant RIPv2 router with the standard
811 * netmask because that router knows about the entire
812 * network, or if it is a round-about echo of a
813 * synthetic, RIPv1 network route of our own.
814 * The worst is that both kinds of routes might be
815 * received, and the bad one might have the smaller
816 * metric. Partly solve this problem by never
817 * aggregating into such a route. Also keep it
818 * around as long as the interface exists.
821 rts0
= rt
->rt_spares
;
822 for (rts
= rts0
, i
= NUM_SPARES
; i
!= 0; i
--, rts
++) {
823 if (rts
->rts_router
== new->rts_router
)
825 /* Note the worst slot to reuse,
826 * other than the current slot.
828 if (rts0
== rt
->rt_spares
829 || BETTER_LINK(rt
, rts0
, rts
))
833 /* Found a route from the router already in the table.
836 /* If the new route is a route broken down from an
837 * aggregated route, and if the previous route is either
838 * not a broken down route or was broken down from a finer
839 * netmask, and if the previous route is current,
840 * then forget this one.
842 if (new->rts_de_ag
> rts
->rts_de_ag
843 && now_stale
<= rts
->rts_time
)
846 /* Keep poisoned routes around only long enough to pass
847 * the poison on. Use a new timestamp for good routes.
849 if (rts
->rts_metric
== HOPCNT_INFINITY
850 && new->rts_metric
== HOPCNT_INFINITY
)
851 new->rts_time
= rts
->rts_time
;
853 /* If this is an update for the router we currently prefer,
856 if (i
== NUM_SPARES
) {
857 rtchange(rt
, rt
->rt_state
, new, 0);
858 /* If the route got worse, check for something better.
860 if (new->rts_metric
> rts
->rts_metric
)
865 /* This is an update for a spare route.
866 * Finished if the route is unchanged.
868 if (rts
->rts_gate
== new->rts_gate
869 && rts
->rts_metric
== new->rts_metric
870 && rts
->rts_tag
== new->rts_tag
) {
871 trace_upslot(rt
, rts
, new);
875 /* Forget it if it has gone bad.
877 if (new->rts_metric
== HOPCNT_INFINITY
) {
883 /* The update is for a route we know about,
884 * but not from a familiar router.
886 * Ignore the route if it points to us.
889 && 0 != ifwithaddr(n
->n_nhop
, 1, 0))
892 /* the loop above set rts0=worst spare */
895 /* Save the route as a spare only if it has
896 * a better metric than our worst spare.
897 * This also ignores poisoned routes (those
898 * received with metric HOPCNT_INFINITY).
900 if (new->rts_metric
>= rts
->rts_metric
)
904 trace_upslot(rt
, rts
, new);
907 /* try to switch to a better route */
912 static int /* 0 if bad */
913 ck_passwd(struct interface
*aifp
,
917 struct msg_limit
*use_authp
)
919 # define NA (rip->rip_auths)
923 u_char hash
[RIP_AUTH_PW_LEN
];
927 if ((void *)NA
>= lim
|| NA
->a_family
!= RIP_AF_AUTH
) {
928 msglim(use_authp
, from
, "missing password from %s",
933 /* accept any current (+/- 24 hours) password
935 for (ap
= aifp
->int_auth
, i
= 0; i
< MAX_AUTH_KEYS
; i
++, ap
++) {
936 if (ap
->type
!= NA
->a_type
937 || (u_long
)ap
->start
> (u_long
)clk
.tv_sec
+DAY
938 || (u_long
)ap
->end
+DAY
< (u_long
)clk
.tv_sec
)
941 if (NA
->a_type
== RIP_AUTH_PW
) {
942 if (!memcmp(NA
->au
.au_pw
, ap
->key
, RIP_AUTH_PW_LEN
))
946 /* accept MD5 secret with the right key ID
948 if (NA
->au
.a_md5
.md5_keyid
!= ap
->keyid
)
951 len
= ntohs(NA
->au
.a_md5
.md5_pkt_len
);
952 if ((len
-sizeof(*rip
)) % sizeof(*NA
) != 0
953 || len
!= (char *)lim
-(char*)rip
-(int)sizeof(*NA
)) {
954 msglim(use_authp
, from
,
955 "wrong MD5 RIPv2 packet length of %d"
956 " instead of %d from %s",
957 len
, (int)((char *)lim
-(char *)rip
962 na2
= (struct netauth
*)((char *)rip
+len
);
964 /* Given a good hash value, these are not security
965 * problems so be generous and accept the routes,
969 if (NA
->au
.a_md5
.md5_auth_len
971 msglim(use_authp
, from
,
972 "unknown MD5 RIPv2 auth len %#x"
973 " instead of %#x from %s",
974 NA
->au
.a_md5
.md5_auth_len
,
977 if (na2
->a_family
!= RIP_AF_AUTH
)
978 msglim(use_authp
, from
,
979 "unknown MD5 RIPv2 family %#x"
980 " instead of %#x from %s",
981 na2
->a_family
, RIP_AF_AUTH
,
983 if (na2
->a_type
!= ntohs(1))
984 msglim(use_authp
, from
,
985 "MD5 RIPv2 hash has %#x"
986 " instead of %#x from %s",
987 na2
->a_type
, ntohs(1),
992 MD5Update(&md5_ctx
, (u_char
*)rip
, len
);
993 MD5Update(&md5_ctx
, ap
->key
, RIP_AUTH_MD5_LEN
);
994 MD5Final(hash
, &md5_ctx
);
995 if (!memcmp(hash
, na2
->au
.au_pw
, sizeof(hash
)))
1000 msglim(use_authp
, from
, "bad password from %s",