1 /* $NetBSD: input.c,v 1.26 2000/03/02 20:58:55 christos Exp $ */ 2 3 /* 4 * Copyright (c) 1983, 1988, 1993 5 * The Regents of the University of California. All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 3. All advertising materials mentioning features or use of this software 16 * must display the following acknowledgment: 17 * This product includes software developed by the University of 18 * California, Berkeley and its contributors. 19 * 4. Neither the name of the University nor the names of its contributors 20 * may be used to endorse or promote products derived from this software 21 * without specific prior written permission. 22 * 23 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 24 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 25 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 26 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 27 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 28 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 29 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 30 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 31 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 32 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 33 * SUCH DAMAGE. 34 */ 35 36 #if !defined(lint) && !defined(sgi) && !defined(__NetBSD__) 37 static char sccsid[] __attribute__((unused)) = "@(#)input.c 8.1 (Berkeley) 6/5/93"; 38 #elif defined(__NetBSD__) 39 #include <sys/cdefs.h> 40 __RCSID("$NetBSD: input.c,v 1.26 2000/03/02 20:58:55 christos Exp $"); 41 #endif 42 43 #include "defs.h" 44 45 static void input(struct sockaddr_in *, struct interface *, struct interface *, 46 struct rip *, int); 47 static void input_route(naddr, naddr, struct rt_spare *, struct netinfo *); 48 static int ck_passwd(struct interface *, struct rip *, void *, 49 naddr, struct msg_limit *); 50 51 52 /* process RIP input 53 */ 54 void 55 read_rip(int sock, 56 struct interface *sifp) 57 { 58 struct sockaddr_in from; 59 struct interface *aifp; 60 int fromlen, cc; 61 #ifdef USE_PASSIFNAME 62 static struct msg_limit bad_name; 63 struct { 64 char ifname[IFNAMSIZ]; 65 union pkt_buf pbuf; 66 } inbuf; 67 #else 68 struct { 69 union pkt_buf pbuf; 70 } inbuf; 71 #endif 72 73 74 for (;;) { 75 fromlen = sizeof(from); 76 cc = recvfrom(sock, &inbuf, sizeof(inbuf), 0, 77 (struct sockaddr*)&from, &fromlen); 78 if (cc <= 0) { 79 if (cc < 0 && errno != EWOULDBLOCK) 80 LOGERR("recvfrom(rip)"); 81 break; 82 } 83 if (fromlen != sizeof(struct sockaddr_in)) 84 logbad(1,"impossible recvfrom(rip) fromlen=%d", 85 fromlen); 86 87 /* aifp is the "authenticated" interface via which the packet 88 * arrived. In fact, it is only the interface on which 89 * the packet should have arrived based on is source 90 * address. 91 * sifp is interface associated with the socket through which 92 * the packet was received. 93 */ 94 #ifdef USE_PASSIFNAME 95 if ((cc -= sizeof(inbuf.ifname)) < 0) 96 logbad(0,"missing USE_PASSIFNAME; only %d bytes", 97 cc+sizeof(inbuf.ifname)); 98 99 /* check the remote interfaces first */ 100 for (aifp = remote_if; aifp; aifp = aifp->int_rlink) { 101 if (aifp->int_addr == from.sin_addr.s_addr) 102 break; 103 } 104 if (aifp == 0) { 105 aifp = ifwithname(inbuf.ifname, 0); 106 if (aifp == 0) { 107 msglim(&bad_name, from.sin_addr.s_addr, 108 "impossible interface name %.*s", 109 IFNAMSIZ, inbuf.ifname); 110 } else if (((aifp->int_if_flags & IFF_POINTOPOINT) 111 && aifp->int_dstaddr!=from.sin_addr.s_addr) 112 || (!(aifp->int_if_flags & IFF_POINTOPOINT) 113 && !on_net(from.sin_addr.s_addr, 114 aifp->int_net, 115 aifp->int_mask))) { 116 /* If it came via the wrong interface, do not 117 * trust it. 118 */ 119 aifp = 0; 120 } 121 } 122 #else 123 aifp = iflookup(from.sin_addr.s_addr); 124 #endif 125 if (sifp == 0) 126 sifp = aifp; 127 128 input(&from, sifp, aifp, &inbuf.pbuf.rip, cc); 129 } 130 } 131 132 133 /* Process a RIP packet 134 */ 135 static void 136 input(struct sockaddr_in *from, /* received from this IP address */ 137 struct interface *sifp, /* interface of incoming socket */ 138 struct interface *aifp, /* "authenticated" interface */ 139 struct rip *rip, 140 int cc) 141 { 142 # define FROM_NADDR from->sin_addr.s_addr 143 static struct msg_limit use_auth, bad_len, bad_mask; 144 static struct msg_limit unk_router, bad_router, bad_nhop; 145 146 struct rt_entry *rt; 147 struct rt_spare new; 148 struct netinfo *n, *lim; 149 struct interface *ifp1; 150 naddr gate, mask, v1_mask, dst, ddst_h = 0; 151 struct auth *ap; 152 struct tgate *tg = 0; 153 struct tgate_net *tn; 154 int i, j; 155 156 /* Notice when we hear from a remote gateway 157 */ 158 if (aifp != 0 159 && (aifp->int_state & IS_REMOTE)) 160 aifp->int_act_time = now.tv_sec; 161 162 trace_rip("Recv", "from", from, sifp, rip, cc); 163 164 if (rip->rip_vers == 0) { 165 msglim(&bad_router, FROM_NADDR, 166 "RIP version 0, cmd %d, packet received from %s", 167 rip->rip_cmd, naddr_ntoa(FROM_NADDR)); 168 return; 169 } else if (rip->rip_vers > RIPv2) { 170 rip->rip_vers = RIPv2; 171 } 172 if (cc > (int)OVER_MAXPACKETSIZE) { 173 msglim(&bad_router, FROM_NADDR, 174 "packet at least %d bytes too long received from %s", 175 cc-MAXPACKETSIZE, naddr_ntoa(FROM_NADDR)); 176 return; 177 } 178 179 n = rip->rip_nets; 180 lim = (struct netinfo *)((char*)rip + cc); 181 182 /* Notice authentication. 183 * As required by section 4.2 in RFC 1723, discard authenticated 184 * RIPv2 messages, but only if configured for that silliness. 185 * 186 * RIPv2 authentication is lame. Why authenticate queries? 187 * Why should a RIPv2 implementation with authentication disabled 188 * not be able to listen to RIPv2 packets with authentication, while 189 * RIPv1 systems will listen? Crazy! 190 */ 191 if (!auth_ok 192 && rip->rip_vers == RIPv2 193 && n < lim && n->n_family == RIP_AF_AUTH) { 194 msglim(&use_auth, FROM_NADDR, 195 "RIPv2 message with authentication from %s discarded", 196 naddr_ntoa(FROM_NADDR)); 197 return; 198 } 199 200 switch (rip->rip_cmd) { 201 case RIPCMD_REQUEST: 202 /* For mere requests, be a little sloppy about the source 203 */ 204 if (aifp == 0) 205 aifp = sifp; 206 207 /* Are we talking to ourself or a remote gateway? 208 */ 209 ifp1 = ifwithaddr(FROM_NADDR, 0, 1); 210 if (ifp1) { 211 if (ifp1->int_state & IS_REMOTE) { 212 /* remote gateway */ 213 aifp = ifp1; 214 if (check_remote(aifp)) { 215 aifp->int_act_time = now.tv_sec; 216 (void)if_ok(aifp, "remote "); 217 } 218 } else if (from->sin_port == htons(RIP_PORT)) { 219 trace_pkt(" discard our own RIP request"); 220 return; 221 } 222 } 223 224 /* did the request come from a router? 225 */ 226 if (from->sin_port == htons(RIP_PORT)) { 227 /* yes, ignore the request if RIP is off so that 228 * the router does not depend on us. 229 */ 230 if (rip_sock < 0 231 || (aifp != 0 232 && IS_RIP_OUT_OFF(aifp->int_state))) { 233 trace_pkt(" discard request while RIP off"); 234 return; 235 } 236 } 237 238 /* According to RFC 1723, we should ignore unauthenticated 239 * queries. That is too silly to bother with. Sheesh! 240 * Are forwarding tables supposed to be secret, when 241 * a bad guy can infer them with test traffic? When RIP 242 * is still the most common router-discovery protocol 243 * and so hosts need to send queries that will be answered? 244 * What about `rtquery`? 245 * Maybe on firewalls you'd care, but not enough to 246 * give up the diagnostic facilities of remote probing. 247 */ 248 249 if (n >= lim) { 250 msglim(&bad_len, FROM_NADDR, "empty request from %s", 251 naddr_ntoa(FROM_NADDR)); 252 return; 253 } 254 if (cc%sizeof(*n) != sizeof(struct rip)%sizeof(*n)) { 255 msglim(&bad_len, FROM_NADDR, 256 "request of bad length (%d) from %s", 257 cc, naddr_ntoa(FROM_NADDR)); 258 } 259 260 if (rip->rip_vers == RIPv2 261 && (aifp == 0 || (aifp->int_state & IS_NO_RIPV1_OUT))) { 262 v12buf.buf->rip_vers = RIPv2; 263 /* If we have a secret but it is a cleartext secret, 264 * do not disclose our secret unless the other guy 265 * already knows it. 266 */ 267 ap = find_auth(aifp); 268 if (ap != 0 && ap->type == RIP_AUTH_PW 269 && n->n_family == RIP_AF_AUTH 270 && !ck_passwd(aifp,rip,lim,FROM_NADDR,&use_auth)) 271 ap = 0; 272 } else { 273 v12buf.buf->rip_vers = RIPv1; 274 ap = 0; 275 } 276 clr_ws_buf(&v12buf, ap); 277 278 do { 279 NTOHL(n->n_metric); 280 281 /* A single entry with family RIP_AF_UNSPEC and 282 * metric HOPCNT_INFINITY means "all routes". 283 * We respond to routers only if we are acting 284 * as a supplier, or to anyone other than a router 285 * (i.e. a query). 286 */ 287 if (n->n_family == RIP_AF_UNSPEC 288 && n->n_metric == HOPCNT_INFINITY) { 289 /* Answer a query from a utility program 290 * with all we know. 291 */ 292 if (from->sin_port != htons(RIP_PORT)) { 293 supply(from, aifp, OUT_QUERY, 0, 294 rip->rip_vers, ap != 0); 295 return; 296 } 297 298 /* A router trying to prime its tables. 299 * Filter the answer in the about same way 300 * broadcasts are filtered. 301 * 302 * Only answer a router if we are a supplier 303 * to keep an unwary host that is just starting 304 * from picking us as a router. 305 */ 306 if (aifp == 0) { 307 trace_pkt("ignore distant router"); 308 return; 309 } 310 if (!supplier 311 || IS_RIP_OFF(aifp->int_state)) { 312 trace_pkt("ignore; not supplying"); 313 return; 314 } 315 316 /* Do not answer a RIPv1 router if 317 * we are sending RIPv2. But do offer 318 * poor man's router discovery. 319 */ 320 if ((aifp->int_state & IS_NO_RIPV1_OUT) 321 && rip->rip_vers == RIPv1) { 322 if (!(aifp->int_state & IS_PM_RDISC)) { 323 trace_pkt("ignore; sending RIPv2"); 324 return; 325 } 326 327 v12buf.n->n_family = RIP_AF_INET; 328 v12buf.n->n_dst = RIP_DEFAULT; 329 i = aifp->int_d_metric; 330 if (0 != (rt = rtget(RIP_DEFAULT, 0))) 331 i = MIN(i, (rt->rt_metric 332 +aifp->int_metric+1)); 333 v12buf.n->n_metric = htonl(i); 334 v12buf.n++; 335 break; 336 } 337 338 /* Respond with RIPv1 instead of RIPv2 if 339 * that is what we are broadcasting on the 340 * interface to keep the remote router from 341 * getting the wrong initial idea of the 342 * routes we send. 343 */ 344 supply(from, aifp, OUT_UNICAST, 0, 345 (aifp->int_state & IS_NO_RIPV1_OUT) 346 ? RIPv2 : RIPv1, 347 ap != 0); 348 return; 349 } 350 351 /* Ignore authentication */ 352 if (n->n_family == RIP_AF_AUTH) 353 continue; 354 355 if (n->n_family != RIP_AF_INET) { 356 msglim(&bad_router, FROM_NADDR, 357 "request from %s for unsupported" 358 " (af %d) %s", 359 naddr_ntoa(FROM_NADDR), 360 ntohs(n->n_family), 361 naddr_ntoa(n->n_dst)); 362 return; 363 } 364 365 /* We are being asked about a specific destination. 366 */ 367 dst = n->n_dst; 368 if (!check_dst(dst)) { 369 msglim(&bad_router, FROM_NADDR, 370 "bad queried destination %s from %s", 371 naddr_ntoa(dst), 372 naddr_ntoa(FROM_NADDR)); 373 return; 374 } 375 376 /* decide what mask was intended */ 377 if (rip->rip_vers == RIPv1 378 || 0 == (mask = ntohl(n->n_mask)) 379 || 0 != (ntohl(dst) & ~mask)) 380 mask = ripv1_mask_host(dst, aifp); 381 382 /* try to find the answer */ 383 rt = rtget(dst, mask); 384 if (!rt && dst != RIP_DEFAULT) 385 rt = rtfind(n->n_dst); 386 387 if (v12buf.buf->rip_vers != RIPv1) 388 v12buf.n->n_mask = mask; 389 if (rt == 0) { 390 /* we do not have the answer */ 391 v12buf.n->n_metric = HOPCNT_INFINITY; 392 } else { 393 /* we have the answer, so compute the 394 * right metric and next hop. 395 */ 396 v12buf.n->n_family = RIP_AF_INET; 397 v12buf.n->n_dst = dst; 398 v12buf.n->n_metric = (rt->rt_metric+1 399 + ((aifp!=0) 400 ? aifp->int_metric 401 : 1)); 402 if (v12buf.n->n_metric > HOPCNT_INFINITY) 403 v12buf.n->n_metric = HOPCNT_INFINITY; 404 if (v12buf.buf->rip_vers != RIPv1) { 405 v12buf.n->n_tag = rt->rt_tag; 406 v12buf.n->n_mask = mask; 407 if (aifp != 0 408 && on_net(rt->rt_gate, 409 aifp->int_net, 410 aifp->int_mask) 411 && rt->rt_gate != aifp->int_addr) 412 v12buf.n->n_nhop = rt->rt_gate; 413 } 414 } 415 HTONL(v12buf.n->n_metric); 416 417 /* Stop paying attention if we fill the output buffer. 418 */ 419 if (++v12buf.n >= v12buf.lim) 420 break; 421 } while (++n < lim); 422 423 /* Send the answer about specific routes. 424 */ 425 if (ap != 0 && ap->type == RIP_AUTH_MD5) 426 end_md5_auth(&v12buf, ap); 427 428 if (from->sin_port != htons(RIP_PORT)) { 429 /* query */ 430 (void)output(OUT_QUERY, from, aifp, 431 v12buf.buf, 432 ((char *)v12buf.n - (char*)v12buf.buf)); 433 } else if (supplier) { 434 (void)output(OUT_UNICAST, from, aifp, 435 v12buf.buf, 436 ((char *)v12buf.n - (char*)v12buf.buf)); 437 } else { 438 /* Only answer a router if we are a supplier 439 * to keep an unwary host that is just starting 440 * from picking us an a router. 441 */ 442 ; 443 } 444 return; 445 446 case RIPCMD_TRACEON: 447 case RIPCMD_TRACEOFF: 448 /* Notice that trace messages are turned off for all possible 449 * abuse if _PATH_TRACE is undefined in pathnames.h. 450 * Notice also that because of the way the trace file is 451 * handled in trace.c, no abuse is plausible even if 452 * _PATH_TRACE_ is defined. 453 * 454 * First verify message came from a privileged port. */ 455 if (ntohs(from->sin_port) > IPPORT_RESERVED) { 456 msglog("trace command from untrusted port on %s", 457 naddr_ntoa(FROM_NADDR)); 458 return; 459 } 460 if (aifp == 0) { 461 msglog("trace command from unknown router %s", 462 naddr_ntoa(FROM_NADDR)); 463 return; 464 } 465 if (rip->rip_cmd == RIPCMD_TRACEON) { 466 rip->rip_tracefile[cc-4] = '\0'; 467 #ifndef __NetBSD__ 468 set_tracefile((char*)rip->rip_tracefile, 469 "trace command: %s\n", 0); 470 #else 471 msglog("RIP_TRACEON for `%s' from %s ignored", 472 (char *) rip->rip_tracefile, 473 naddr_ntoa(FROM_NADDR)); 474 #endif 475 } else { 476 #ifndef __NetBSD__ 477 trace_off("tracing turned off by %s", 478 naddr_ntoa(FROM_NADDR)); 479 #else 480 msglog("RIP_TRACEOFF from %s ignored", 481 naddr_ntoa(FROM_NADDR)); 482 #endif 483 } 484 return; 485 486 case RIPCMD_RESPONSE: 487 if (cc%sizeof(*n) != sizeof(struct rip)%sizeof(*n)) { 488 msglim(&bad_len, FROM_NADDR, 489 "response of bad length (%d) from %s", 490 cc, naddr_ntoa(FROM_NADDR)); 491 } 492 493 /* verify message came from a router */ 494 if (from->sin_port != ntohs(RIP_PORT)) { 495 msglim(&bad_router, FROM_NADDR, 496 " discard RIP response from unknown port" 497 " %d", from->sin_port); 498 return; 499 } 500 501 if (rip_sock < 0) { 502 trace_pkt(" discard response while RIP off"); 503 return; 504 } 505 506 /* Are we talking to ourself or a remote gateway? 507 */ 508 ifp1 = ifwithaddr(FROM_NADDR, 0, 1); 509 if (ifp1) { 510 if (ifp1->int_state & IS_REMOTE) { 511 /* remote gateway */ 512 aifp = ifp1; 513 if (check_remote(aifp)) { 514 aifp->int_act_time = now.tv_sec; 515 (void)if_ok(aifp, "remote "); 516 } 517 } else { 518 trace_pkt(" discard our own RIP response"); 519 return; 520 } 521 } 522 523 /* Accept routing packets from routers directly connected 524 * via broadcast or point-to-point networks, and from 525 * those listed in /etc/gateways. 526 */ 527 if (aifp == 0) { 528 msglim(&unk_router, FROM_NADDR, 529 " discard response from %s" 530 " via unexpected interface", 531 naddr_ntoa(FROM_NADDR)); 532 return; 533 } 534 if (IS_RIP_IN_OFF(aifp->int_state)) { 535 trace_pkt(" discard RIPv%d response" 536 " via disabled interface %s", 537 rip->rip_vers, aifp->int_name); 538 return; 539 } 540 541 if (n >= lim) { 542 msglim(&bad_len, FROM_NADDR, "empty response from %s", 543 naddr_ntoa(FROM_NADDR)); 544 return; 545 } 546 547 if (((aifp->int_state & IS_NO_RIPV1_IN) 548 && rip->rip_vers == RIPv1) 549 || ((aifp->int_state & IS_NO_RIPV2_IN) 550 && rip->rip_vers != RIPv1)) { 551 trace_pkt(" discard RIPv%d response", 552 rip->rip_vers); 553 return; 554 } 555 556 /* Ignore routes via dead interface. 557 */ 558 if (aifp->int_state & IS_BROKE) { 559 trace_pkt("discard response via broken interface %s", 560 aifp->int_name); 561 return; 562 } 563 564 /* If the interface cares, ignore bad routers. 565 * Trace but do not log this problem, because where it 566 * happens, it happens frequently. 567 */ 568 if (aifp->int_state & IS_DISTRUST) { 569 tg = tgates; 570 while (tg->tgate_addr != FROM_NADDR) { 571 tg = tg->tgate_next; 572 if (tg == 0) { 573 trace_pkt(" discard RIP response" 574 " from untrusted router %s", 575 naddr_ntoa(FROM_NADDR)); 576 return; 577 } 578 } 579 } 580 581 /* Authenticate the packet if we have a secret. 582 * If we do not have any secrets, ignore the error in 583 * RFC 1723 and accept it regardless. 584 */ 585 if (aifp->int_auth[0].type != RIP_AUTH_NONE 586 && rip->rip_vers != RIPv1 587 && !ck_passwd(aifp,rip,lim,FROM_NADDR,&use_auth)) 588 return; 589 590 do { 591 if (n->n_family == RIP_AF_AUTH) 592 continue; 593 594 NTOHL(n->n_metric); 595 dst = n->n_dst; 596 if (n->n_family != RIP_AF_INET 597 && (n->n_family != RIP_AF_UNSPEC 598 || dst != RIP_DEFAULT)) { 599 msglim(&bad_router, FROM_NADDR, 600 "route from %s to unsupported" 601 " address family=%d destination=%s", 602 naddr_ntoa(FROM_NADDR), 603 n->n_family, 604 naddr_ntoa(dst)); 605 continue; 606 } 607 if (!check_dst(dst)) { 608 msglim(&bad_router, FROM_NADDR, 609 "bad destination %s from %s", 610 naddr_ntoa(dst), 611 naddr_ntoa(FROM_NADDR)); 612 return; 613 } 614 if (n->n_metric == 0 615 || n->n_metric > HOPCNT_INFINITY) { 616 msglim(&bad_router, FROM_NADDR, 617 "bad metric %d from %s" 618 " for destination %s", 619 n->n_metric, 620 naddr_ntoa(FROM_NADDR), 621 naddr_ntoa(dst)); 622 return; 623 } 624 625 /* Notice the next-hop. 626 */ 627 gate = FROM_NADDR; 628 if (n->n_nhop != 0) { 629 if (rip->rip_vers == RIPv1) { 630 n->n_nhop = 0; 631 } else { 632 /* Use it only if it is valid. */ 633 if (on_net(n->n_nhop, 634 aifp->int_net, aifp->int_mask) 635 && check_dst(n->n_nhop)) { 636 gate = n->n_nhop; 637 } else { 638 msglim(&bad_nhop, FROM_NADDR, 639 "router %s to %s" 640 " has bad next hop %s", 641 naddr_ntoa(FROM_NADDR), 642 naddr_ntoa(dst), 643 naddr_ntoa(n->n_nhop)); 644 n->n_nhop = 0; 645 } 646 } 647 } 648 649 if (rip->rip_vers == RIPv1 650 || 0 == (mask = ntohl(n->n_mask))) { 651 mask = ripv1_mask_host(dst,aifp); 652 } else if ((ntohl(dst) & ~mask) != 0) { 653 msglim(&bad_mask, FROM_NADDR, 654 "router %s sent bad netmask" 655 " %#lx with %s", 656 naddr_ntoa(FROM_NADDR), 657 (u_long)mask, 658 naddr_ntoa(dst)); 659 continue; 660 } 661 if (rip->rip_vers == RIPv1) 662 n->n_tag = 0; 663 664 /* Adjust metric according to incoming interface.. 665 */ 666 n->n_metric += aifp->int_metric; 667 if (n->n_metric > HOPCNT_INFINITY) 668 n->n_metric = HOPCNT_INFINITY; 669 670 /* Should we trust this route from this router? */ 671 if (tg && (tn = tg->tgate_nets)->mask != 0) { 672 for (i = 0; i < MAX_TGATE_NETS; i++, tn++) { 673 if (on_net(dst, tn->net, tn->mask) 674 && tn->mask <= mask) 675 break; 676 } 677 if (i >= MAX_TGATE_NETS || tn->mask == 0) { 678 trace_pkt(" ignored unauthorized %s", 679 addrname(dst,mask,0)); 680 continue; 681 } 682 } 683 684 /* Recognize and ignore a default route we faked 685 * which is being sent back to us by a machine with 686 * broken split-horizon. 687 * Be a little more paranoid than that, and reject 688 * default routes with the same metric we advertised. 689 */ 690 if (aifp->int_d_metric != 0 691 && dst == RIP_DEFAULT 692 && (int)n->n_metric >= aifp->int_d_metric) 693 continue; 694 695 /* We can receive aggregated RIPv2 routes that must 696 * be broken down before they are transmitted by 697 * RIPv1 via an interface on a subnet. 698 * We might also receive the same routes aggregated 699 * via other RIPv2 interfaces. 700 * This could cause duplicate routes to be sent on 701 * the RIPv1 interfaces. "Longest matching variable 702 * length netmasks" lets RIPv2 listeners understand, 703 * but breaking down the aggregated routes for RIPv1 704 * listeners can produce duplicate routes. 705 * 706 * Breaking down aggregated routes here bloats 707 * the daemon table, but does not hurt the kernel 708 * table, since routes are always aggregated for 709 * the kernel. 710 * 711 * Notice that this does not break down network 712 * routes corresponding to subnets. This is part 713 * of the defense against RS_NET_SYN. 714 */ 715 if (have_ripv1_out 716 && (((rt = rtget(dst,mask)) == 0 717 || !(rt->rt_state & RS_NET_SYN))) 718 && (v1_mask = ripv1_mask_net(dst,0)) > mask) { 719 ddst_h = v1_mask & -v1_mask; 720 i = (v1_mask & ~mask)/ddst_h; 721 if (i >= 511) { 722 /* Punt if we would have to generate 723 * an unreasonable number of routes. 724 */ 725 if (TRACECONTENTS) 726 trace_misc("accept %s-->%s as 1" 727 " instead of %d routes", 728 addrname(dst,mask,0), 729 naddr_ntoa(FROM_NADDR), 730 i+1); 731 i = 0; 732 } else { 733 mask = v1_mask; 734 } 735 } else { 736 i = 0; 737 } 738 739 new.rts_gate = gate; 740 new.rts_router = FROM_NADDR; 741 new.rts_metric = n->n_metric; 742 new.rts_tag = n->n_tag; 743 new.rts_time = now.tv_sec; 744 new.rts_ifp = aifp; 745 new.rts_de_ag = i; 746 j = 0; 747 for (;;) { 748 input_route(dst, mask, &new, n); 749 if (++j > i) 750 break; 751 dst = htonl(ntohl(dst) + ddst_h); 752 } 753 } while (++n < lim); 754 break; 755 } 756 #undef FROM_NADDR 757 } 758 759 760 /* Process a single input route. 761 */ 762 static void 763 input_route(naddr dst, /* network order */ 764 naddr mask, 765 struct rt_spare *new, 766 struct netinfo *n) 767 { 768 int i; 769 struct rt_entry *rt; 770 struct rt_spare *rts, *rts0; 771 struct interface *ifp1; 772 773 774 /* See if the other guy is telling us to send our packets to him. 775 * Sometimes network routes arrive over a point-to-point link for 776 * the network containing the address(es) of the link. 777 * 778 * If our interface is broken, switch to using the other guy. 779 */ 780 ifp1 = ifwithaddr(dst, 1, 1); 781 if (ifp1 != 0 782 && (!(ifp1->int_state & IS_BROKE) 783 || (ifp1->int_state & IS_PASSIVE))) 784 return; 785 786 /* Look for the route in our table. 787 */ 788 rt = rtget(dst, mask); 789 790 /* Consider adding the route if we do not already have it. 791 */ 792 if (rt == 0) { 793 /* Ignore unknown routes being poisoned. 794 */ 795 if (new->rts_metric == HOPCNT_INFINITY) 796 return; 797 798 /* Ignore the route if it points to us */ 799 if (n->n_nhop != 0 800 && 0 != ifwithaddr(n->n_nhop, 1, 0)) 801 return; 802 803 /* If something has not gone crazy and tried to fill 804 * our memory, accept the new route. 805 */ 806 if (total_routes < MAX_ROUTES) 807 rtadd(dst, mask, 0, new); 808 return; 809 } 810 811 /* We already know about the route. Consider this update. 812 * 813 * If (rt->rt_state & RS_NET_SYN), then this route 814 * is the same as a network route we have inferred 815 * for subnets we know, in order to tell RIPv1 routers 816 * about the subnets. 817 * 818 * It is impossible to tell if the route is coming 819 * from a distant RIPv2 router with the standard 820 * netmask because that router knows about the entire 821 * network, or if it is a round-about echo of a 822 * synthetic, RIPv1 network route of our own. 823 * The worst is that both kinds of routes might be 824 * received, and the bad one might have the smaller 825 * metric. Partly solve this problem by never 826 * aggregating into such a route. Also keep it 827 * around as long as the interface exists. 828 */ 829 830 rts0 = rt->rt_spares; 831 for (rts = rts0, i = NUM_SPARES; i != 0; i--, rts++) { 832 if (rts->rts_router == new->rts_router) 833 break; 834 /* Note the worst slot to reuse, 835 * other than the current slot. 836 */ 837 if (rts0 == rt->rt_spares 838 || BETTER_LINK(rt, rts0, rts)) 839 rts0 = rts; 840 } 841 if (i != 0) { 842 /* Found a route from the router already in the table. 843 */ 844 845 /* If the new route is a route broken down from an 846 * aggregated route, and if the previous route is either 847 * not a broken down route or was broken down from a finer 848 * netmask, and if the previous route is current, 849 * then forget this one. 850 */ 851 if (new->rts_de_ag > rts->rts_de_ag 852 && now_stale <= rts->rts_time) 853 return; 854 855 /* Keep poisoned routes around only long enough to pass 856 * the poison on. Use a new timestamp for good routes. 857 */ 858 if (rts->rts_metric == HOPCNT_INFINITY 859 && new->rts_metric == HOPCNT_INFINITY) 860 new->rts_time = rts->rts_time; 861 862 /* If this is an update for the router we currently prefer, 863 * then note it. 864 */ 865 if (i == NUM_SPARES) { 866 rtchange(rt, rt->rt_state, new, 0); 867 /* If the route got worse, check for something better. 868 */ 869 if (new->rts_metric > rts->rts_metric) 870 rtswitch(rt, 0); 871 return; 872 } 873 874 /* This is an update for a spare route. 875 * Finished if the route is unchanged. 876 */ 877 if (rts->rts_gate == new->rts_gate 878 && rts->rts_metric == new->rts_metric 879 && rts->rts_tag == new->rts_tag) { 880 trace_upslot(rt, rts, new); 881 *rts = *new; 882 return; 883 } 884 /* Forget it if it has gone bad. 885 */ 886 if (new->rts_metric == HOPCNT_INFINITY) { 887 rts_delete(rt, rts); 888 return; 889 } 890 891 } else { 892 /* The update is for a route we know about, 893 * but not from a familiar router. 894 * 895 * Ignore the route if it points to us. 896 */ 897 if (n->n_nhop != 0 898 && 0 != ifwithaddr(n->n_nhop, 1, 0)) 899 return; 900 901 /* the loop above set rts0=worst spare */ 902 rts = rts0; 903 904 /* Save the route as a spare only if it has 905 * a better metric than our worst spare. 906 * This also ignores poisoned routes (those 907 * received with metric HOPCNT_INFINITY). 908 */ 909 if (new->rts_metric >= rts->rts_metric) 910 return; 911 } 912 913 trace_upslot(rt, rts, new); 914 *rts = *new; 915 916 /* try to switch to a better route */ 917 rtswitch(rt, rts); 918 } 919 920 921 static int /* 0 if bad */ 922 ck_passwd(struct interface *aifp, 923 struct rip *rip, 924 void *lim, 925 naddr from, 926 struct msg_limit *use_authp) 927 { 928 # define NA (rip->rip_auths) 929 struct netauth *na2; 930 struct auth *ap; 931 MD5_CTX md5_ctx; 932 u_char hash[RIP_AUTH_PW_LEN]; 933 int i, len; 934 935 936 if ((void *)NA >= lim || NA->a_family != RIP_AF_AUTH) { 937 msglim(use_authp, from, "missing password from %s", 938 naddr_ntoa(from)); 939 return 0; 940 } 941 942 /* accept any current (+/- 24 hours) password 943 */ 944 for (ap = aifp->int_auth, i = 0; i < MAX_AUTH_KEYS; i++, ap++) { 945 if (ap->type != NA->a_type 946 || (u_long)ap->start > (u_long)clk.tv_sec+DAY 947 || (u_long)ap->end+DAY < (u_long)clk.tv_sec) 948 continue; 949 950 if (NA->a_type == RIP_AUTH_PW) { 951 if (!memcmp(NA->au.au_pw, ap->key, RIP_AUTH_PW_LEN)) 952 return 1; 953 954 } else { 955 /* accept MD5 secret with the right key ID 956 */ 957 if (NA->au.a_md5.md5_keyid != ap->keyid) 958 continue; 959 960 len = ntohs(NA->au.a_md5.md5_pkt_len); 961 if ((len-sizeof(*rip)) % sizeof(*NA) != 0 962 || len != (char *)lim-(char*)rip-(int)sizeof(*NA)) { 963 msglim(use_authp, from, 964 "wrong MD5 RIPv2 packet length of %d" 965 " instead of %d from %s", 966 len, (int)((char *)lim-(char *)rip 967 -sizeof(*NA)), 968 naddr_ntoa(from)); 969 return 0; 970 } 971 na2 = (struct netauth *)((char *)rip+len); 972 973 /* Given a good hash value, these are not security 974 * problems so be generous and accept the routes, 975 * after complaining. 976 */ 977 if (TRACEPACKETS) { 978 if (NA->au.a_md5.md5_auth_len 979 != RIP_AUTH_MD5_LEN) 980 msglim(use_authp, from, 981 "unknown MD5 RIPv2 auth len %#x" 982 " instead of %#x from %s", 983 NA->au.a_md5.md5_auth_len, 984 RIP_AUTH_MD5_LEN, 985 naddr_ntoa(from)); 986 if (na2->a_family != RIP_AF_AUTH) 987 msglim(use_authp, from, 988 "unknown MD5 RIPv2 family %#x" 989 " instead of %#x from %s", 990 na2->a_family, RIP_AF_AUTH, 991 naddr_ntoa(from)); 992 if (na2->a_type != ntohs(1)) 993 msglim(use_authp, from, 994 "MD5 RIPv2 hash has %#x" 995 " instead of %#x from %s", 996 na2->a_type, ntohs(1), 997 naddr_ntoa(from)); 998 } 999 1000 MD5Init(&md5_ctx); 1001 MD5Update(&md5_ctx, (u_char *)rip, len); 1002 MD5Update(&md5_ctx, ap->key, RIP_AUTH_MD5_LEN); 1003 MD5Final(hash, &md5_ctx); 1004 if (!memcmp(hash, na2->au.au_pw, sizeof(hash))) 1005 return 1; 1006 } 1007 } 1008 1009 msglim(use_authp, from, "bad password from %s", 1010 naddr_ntoa(from)); 1011 return 0; 1012 #undef NA 1013 } 1014