0
0
mirror of https://gitlab.nic.cz/labs/bird.git synced 2024-12-22 09:41:54 +00:00

Reject packets which are not authenticated.

Set correct nexthop on outgoing packets.
This commit is contained in:
Pavel Machek 1999-11-04 14:26:18 +00:00
parent 3c989eb4a7
commit 7bf19253d0

View File

@ -9,6 +9,7 @@
FIXME: IpV6 support: use right address for broadcasts FIXME: IpV6 support: use right address for broadcasts
FIXME: IpV6 support: receive "route using" blocks FIXME: IpV6 support: receive "route using" blocks
FIXME: be able to transmit "route using" blocks [Is this possible?] FIXME: be able to transmit "route using" blocks [Is this possible?]
6 FIXMEs in code
*/ */
#define LOCAL_DEBUG #define LOCAL_DEBUG
@ -93,7 +94,16 @@ rip_tx( sock *s )
#ifndef IPV6 #ifndef IPV6
packet->block[i].netmask = ipa_mkmask( e->n.pxlen ); packet->block[i].netmask = ipa_mkmask( e->n.pxlen );
ipa_hton( packet->block[i].netmask ); ipa_hton( packet->block[i].netmask );
packet->block[i].nexthop = IPA_NONE; /* FIXME: does it make sense to set this to not-me in some cases? */ packet->block[i].nexthop = IPA_NONE;
{
neighbor *n1, *n2;
n1 = neigh_find( p, &s->daddr, 0 );
n2 = neigh_find( p, &e->nexthop, 0 );
if (n1->iface == n2->iface)
packet->block[i].nexthop = e->nexthop;
else
packet->block[i].nexthop = IPA_NONE;
}
ipa_hton( packet->block[i].nexthop ); ipa_hton( packet->block[i].nexthop );
#else #else
packet->block[i].pxlen = e->n.pxlen; packet->block[i].pxlen = e->n.pxlen;
@ -101,7 +111,6 @@ rip_tx( sock *s )
packet->block[i].metric = htonl( e->metric ); packet->block[i].metric = htonl( e->metric );
if (ipa_equal(e->whotoldme, s->daddr)) { if (ipa_equal(e->whotoldme, s->daddr)) {
DBG( "(split horizont)" ); DBG( "(split horizont)" );
/* FIXME: should we do it in all cases? */
packet->block[i].metric = P_CF->infinity; packet->block[i].metric = P_CF->infinity;
} }
ipa_hton( packet->block[i].network ); ipa_hton( packet->block[i].network );
@ -249,7 +258,6 @@ advertise_entry( struct proto *p, struct rip_block *b, ip_addr whotoldme )
static void static void
process_block( struct proto *p, struct rip_block *block, ip_addr whotoldme ) process_block( struct proto *p, struct rip_block *block, ip_addr whotoldme )
{ {
struct rip_entry *e;
int metric = ntohl( block->metric ); int metric = ntohl( block->metric );
ip_addr network = block->network; ip_addr network = block->network;
@ -270,7 +278,7 @@ static int
rip_process_packet( struct proto *p, struct rip_packet *packet, int num, ip_addr whotoldme, int port ) rip_process_packet( struct proto *p, struct rip_packet *packet, int num, ip_addr whotoldme, int port )
{ {
int i; int i;
int native_class = 0; int native_class = 0, authenticated = 0;
switch( packet->heading.version ) { switch( packet->heading.version ) {
case RIP_V1: DBG( "Rip1: " ); break; case RIP_V1: DBG( "Rip1: " ); break;
@ -315,8 +323,10 @@ rip_process_packet( struct proto *p, struct rip_packet *packet, int num, ip_addr
if (!i) { if (!i) {
if (rip_incoming_authentication(p, (void *) block, packet, num)) if (rip_incoming_authentication(p, (void *) block, packet, num))
BAD( "Authentication failed" ); BAD( "Authentication failed" );
authenticated = 1;
} }
/* FIXME: Need to reject packets which have no authentication */ if ((!authenticated) && (P_CF->authtype != AT_NONE))
BAD( "Packet is not authenticated and it should be" );
ipa_ntoh( block->network ); ipa_ntoh( block->network );
#ifndef IPV6 #ifndef IPV6
ipa_ntoh( block->netmask ); ipa_ntoh( block->netmask );