0
0
mirror of https://gitlab.nic.cz/labs/bird.git synced 2024-12-22 09:41:54 +00:00

Merge branch 'master' into HEAD

This commit is contained in:
Pavel Tvrdík 2015-12-17 16:58:45 +01:00
commit 96871cd77a
46 changed files with 4793 additions and 1726 deletions

View File

@ -67,7 +67,7 @@ cmd_build_tree(void)
new->plastson = &new->son; new->plastson = &new->son;
new->len = c-d; new->len = c-d;
memcpy(new->token, d, c-d); memcpy(new->token, d, c-d);
new->prio = (new->len == 3 && !memcmp(new->token, "roa", 3)) ? 0 : 1; /* Hack */ new->prio = (new->len == 3 && (!memcmp(new->token, "roa", 3) || !memcmp(new->token, "rip", 3))) ? 0 : 1; /* Hack */
} }
old = new; old = new;
while (isspace(*c)) while (isspace(*c))

View File

@ -70,7 +70,7 @@ struct sym_scope {
static struct sym_scope *conf_this_scope; static struct sym_scope *conf_this_scope;
static int cf_hash(byte *c); static int cf_hash(byte *c);
static struct symbol *cf_find_sym(byte *c, unsigned int h0); static inline struct symbol * cf_get_sym(byte *c, uint h0);
linpool *cfg_mem; linpool *cfg_mem;
@ -194,7 +194,7 @@ else: {
} }
k=k->next; k=k->next;
} }
cf_lval.s = cf_find_sym(yytext, h); cf_lval.s = cf_get_sym(yytext, h);
return SYM; return SYM;
} }
@ -426,8 +426,9 @@ check_eof(void)
} }
static struct symbol * static struct symbol *
cf_new_sym(byte *c, unsigned int h) cf_new_sym(byte *c, uint h0)
{ {
uint h = h0 & (SYM_HASH_SIZE-1);
struct symbol *s, **ht; struct symbol *s, **ht;
int l; int l;
@ -449,56 +450,77 @@ cf_new_sym(byte *c, unsigned int h)
} }
static struct symbol * static struct symbol *
cf_find_sym(byte *c, unsigned int h0) cf_find_sym(struct config *cfg, byte *c, uint h0)
{ {
unsigned int h = h0 & (SYM_HASH_SIZE-1); uint h = h0 & (SYM_HASH_SIZE-1);
struct symbol *s, **ht; struct symbol *s, **ht;
if (ht = new_config->sym_hash) if (ht = cfg->sym_hash)
{ {
for(s = ht[h]; s; s=s->next) for(s = ht[h]; s; s=s->next)
if (!strcmp(s->name, c) && s->scope->active) if (!strcmp(s->name, c) && s->scope->active)
return s; return s;
} }
if (new_config->sym_fallback) if (ht = cfg->sym_fallback)
{ {
/* We know only top-level scope is active */ /* We know only top-level scope is active */
for(s = new_config->sym_fallback[h]; s; s=s->next) for(s = ht[h]; s; s=s->next)
if (!strcmp(s->name, c) && s->scope->active) if (!strcmp(s->name, c) && s->scope->active)
return s; return s;
} }
return cf_new_sym(c, h);
return NULL;
}
static inline struct symbol *
cf_get_sym(byte *c, uint h0)
{
return cf_find_sym(new_config, c, h0) ?: cf_new_sym(c, h0);
} }
/** /**
* cf_find_symbol - find a symbol by name * cf_find_symbol - find a symbol by name
* @cfg: specificed config
* @c: symbol name * @c: symbol name
* *
* This functions searches the symbol table for a symbol of given * This functions searches the symbol table in the config @cfg for a symbol of
* name. First it examines the current scope, then the second recent * given name. First it examines the current scope, then the second recent one
* one and so on until it either finds the symbol and returns a pointer * and so on until it either finds the symbol and returns a pointer to its
* to its &symbol structure or reaches the end of the scope chain * &symbol structure or reaches the end of the scope chain and returns %NULL to
* and returns %NULL to signify no match. * signify no match.
*/ */
struct symbol * struct symbol *
cf_find_symbol(byte *c) cf_find_symbol(struct config *cfg, byte *c)
{ {
return cf_find_sym(c, cf_hash(c)); return cf_find_sym(cfg, c, cf_hash(c));
}
/**
* cf_get_symbol - get a symbol by name
* @c: symbol name
*
* This functions searches the symbol table of the currently parsed config
* (@new_config) for a symbol of given name. It returns either the already
* existing symbol or a newly allocated undefined (%SYM_VOID) symbol if no
* existing symbol is found.
*/
struct symbol *
cf_get_symbol(byte *c)
{
return cf_get_sym(c, cf_hash(c));
} }
struct symbol * struct symbol *
cf_default_name(char *template, int *counter) cf_default_name(char *template, int *counter)
{ {
char buf[32]; char buf[SYM_MAX_LEN];
struct symbol *s; struct symbol *s;
char *perc = strchr(template, '%'); char *perc = strchr(template, '%');
for(;;) for(;;)
{ {
bsprintf(buf, template, ++(*counter)); bsprintf(buf, template, ++(*counter));
s = cf_find_sym(buf, cf_hash(buf)); s = cf_get_sym(buf, cf_hash(buf));
if (!s)
break;
if (s->class == SYM_VOID) if (s->class == SYM_VOID)
return s; return s;
if (!perc) if (!perc)
@ -529,7 +551,7 @@ cf_define_symbol(struct symbol *sym, int type, void *def)
{ {
if (sym->scope == conf_this_scope) if (sym->scope == conf_this_scope)
cf_error("Symbol already defined"); cf_error("Symbol already defined");
sym = cf_new_sym(sym->name, cf_hash(sym->name) & (SYM_HASH_SIZE-1)); sym = cf_new_sym(sym->name, cf_hash(sym->name));
} }
sym->class = type; sym->class = type;
sym->def = def; sym->def = def;

View File

@ -20,19 +20,19 @@
* *
* There can exist up to four different configurations at one time: an active * There can exist up to four different configurations at one time: an active
* one (pointed to by @config), configuration we are just switching from * one (pointed to by @config), configuration we are just switching from
* (@old_config), one queued for the next reconfiguration (@future_config; * (@old_config), one queued for the next reconfiguration (@future_config; if
* if there is one and the user wants to reconfigure once again, we just * there is one and the user wants to reconfigure once again, we just free the
* free the previous queued config and replace it with the new one) and * previous queued config and replace it with the new one) and finally a config
* finally a config being parsed (@new_config). The stored @old_config * being parsed (@new_config). The stored @old_config is also used for undo
* is also used for undo reconfiguration, which works in a similar way. * reconfiguration, which works in a similar way. Reconfiguration could also
* Reconfiguration could also have timeout (using @config_timer) and undo * have timeout (using @config_timer) and undo is automatically called if the
* is automatically called if the new configuration is not confirmed later. * new configuration is not confirmed later. The new config (@new_config) and
* associated linear pool (@cfg_mem) is non-NULL only during parsing.
* *
* Loading of new configuration is very simple: just call config_alloc() * Loading of new configuration is very simple: just call config_alloc() to get
* to get a new &config structure, then use config_parse() to parse a * a new &config structure, then use config_parse() to parse a configuration
* configuration file and fill all fields of the structure * file and fill all fields of the structure and finally ask the config manager
* and finally ask the config manager to switch to the new * to switch to the new config by calling config_commit().
* config by calling config_commit().
* *
* CLI commands are parsed in a very similar way -- there is also a stripped-down * CLI commands are parsed in a very similar way -- there is also a stripped-down
* &config structure associated with them and they are lex-ed and parsed by the * &config structure associated with them and they are lex-ed and parsed by the
@ -91,10 +91,15 @@ config_alloc(byte *name)
linpool *l = lp_new(p, 4080); linpool *l = lp_new(p, 4080);
struct config *c = lp_allocz(l, sizeof(struct config)); struct config *c = lp_allocz(l, sizeof(struct config));
/* Duplication of name string in local linear pool */
uint nlen = strlen(name) + 1;
char *ndup = lp_allocu(l, nlen);
memcpy(ndup, name, nlen);
c->mrtdump_file = -1; /* Hack, this should be sysdep-specific */ c->mrtdump_file = -1; /* Hack, this should be sysdep-specific */
c->pool = p; c->pool = p;
cfg_mem = c->mem = l; c->mem = l;
c->file_name = cfg_strdup(name); c->file_name = ndup;
c->load_time = now; c->load_time = now;
c->tf_route = c->tf_proto = (struct timeformat){"%T", "%F", 20*3600}; c->tf_route = c->tf_proto = (struct timeformat){"%T", "%F", 20*3600};
c->tf_base = c->tf_log = (struct timeformat){"%F %T", NULL, 0}; c->tf_base = c->tf_log = (struct timeformat){"%F %T", NULL, 0};
@ -119,11 +124,13 @@ config_alloc(byte *name)
int int
config_parse(struct config *c) config_parse(struct config *c)
{ {
int done = 0;
DBG("Parsing configuration file `%s'\n", c->file_name); DBG("Parsing configuration file `%s'\n", c->file_name);
new_config = c; new_config = c;
cfg_mem = c->mem; cfg_mem = c->mem;
if (setjmp(conf_jmpbuf)) if (setjmp(conf_jmpbuf))
return 0; goto cleanup;
cf_lex_init(0, c); cf_lex_init(0, c);
sysdep_preconfig(c); sysdep_preconfig(c);
protos_preconfig(c); protos_preconfig(c);
@ -137,7 +144,12 @@ config_parse(struct config *c)
if (!c->router_id) if (!c->router_id)
cf_error("Router ID must be configured manually on IPv6 routers"); cf_error("Router ID must be configured manually on IPv6 routers");
#endif #endif
return 1; done = 1;
cleanup:
new_config = NULL;
cfg_mem = NULL;
return done;
} }
/** /**
@ -150,14 +162,22 @@ config_parse(struct config *c)
int int
cli_parse(struct config *c) cli_parse(struct config *c)
{ {
new_config = c; int done = 0;
c->sym_fallback = config->sym_hash; c->sym_fallback = config->sym_hash;
new_config = c;
cfg_mem = c->mem; cfg_mem = c->mem;
if (setjmp(conf_jmpbuf)) if (setjmp(conf_jmpbuf))
return 0; goto cleanup;
cf_lex_init(1, c); cf_lex_init(1, c);
cf_parse(); cf_parse();
return 1; done = 1;
cleanup:
c->sym_fallback = NULL;
new_config = NULL;
cfg_mem = NULL;
return done;
} }
/** /**
@ -237,10 +257,6 @@ config_do_commit(struct config *c, int type)
if (old_config && !config->shutdown) if (old_config && !config->shutdown)
log(L_INFO "Reconfiguring"); log(L_INFO "Reconfiguring");
/* This should not be necessary, but it seems there are some
functions that access new_config instead of config */
new_config = config;
if (old_config) if (old_config)
old_config->obstacle_count++; old_config->obstacle_count++;
@ -254,9 +270,6 @@ config_do_commit(struct config *c, int type)
DBG("protos_commit\n"); DBG("protos_commit\n");
protos_commit(c, old_config, force_restart, type); protos_commit(c, old_config, force_restart, type);
/* Just to be sure nobody uses that now */
new_config = NULL;
int obs = 0; int obs = 0;
if (old_config) if (old_config)
obs = --old_config->obstacle_count; obs = --old_config->obstacle_count;

View File

@ -147,7 +147,9 @@ int cf_lex(void);
void cf_lex_init(int is_cli, struct config *c); void cf_lex_init(int is_cli, struct config *c);
void cf_lex_unwind(void); void cf_lex_unwind(void);
struct symbol *cf_find_symbol(byte *c); struct symbol *cf_find_symbol(struct config *cfg, byte *c);
struct symbol *cf_get_symbol(byte *c);
struct symbol *cf_default_name(char *template, int *counter); struct symbol *cf_default_name(char *template, int *counter);
struct symbol *cf_define_symbol(struct symbol *symbol, int type, void *def); struct symbol *cf_define_symbol(struct symbol *symbol, int type, void *def);
void cf_push_scope(struct symbol *); void cf_push_scope(struct symbol *);

View File

@ -2476,7 +2476,7 @@ protocol ospf <name> {
This option specifies whether OSPF is allowed to generate ECMP This option specifies whether OSPF is allowed to generate ECMP
(equal-cost multipath) routes. Such routes are used when there are (equal-cost multipath) routes. Such routes are used when there are
several directions to the destination, each with the same (computed) several directions to the destination, each with the same (computed)
cost. This option also allows to specify a limit on maximal number of cost. This option also allows to specify a limit on maximum number of
nexthops in one route. By default, ECMP is disabled. If enabled, nexthops in one route. By default, ECMP is disabled. If enabled,
default value of the limit is 16. default value of the limit is 16.
@ -3244,16 +3244,14 @@ one). After some time, the distance reaches infinity (that's 15 in RIP) and all
routers know that network is unreachable. RIP tries to minimize situations where routers know that network is unreachable. RIP tries to minimize situations where
counting to infinity is necessary, because it is slow. Due to infinity being 16, counting to infinity is necessary, because it is slow. Due to infinity being 16,
you can't use RIP on networks where maximal distance is higher than 15 you can't use RIP on networks where maximal distance is higher than 15
hosts. You can read more about RIP at hosts.
<HTMLURL URL="http://www.ietf.org/html.charters/rip-charter.html"
name="http://www.ietf.org/html.charters/rip-charter.html">. Both IPv4 <p>BIRD supports RIPv1
(RFC 1723 <htmlurl url="ftp://ftp.rfc-editor.org/in-notes/rfc1723.txt">) and IPv6 (RFC 1058<htmlurl url="http://www.rfc-editor.org/rfc/rfc1058.txt">),
(RFC 2080 <htmlurl url="ftp://ftp.rfc-editor.org/in-notes/rfc2080.txt">) versions RIPv2 (RFC 2453<htmlurl url="http://www.rfc-editor.org/rfc/rfc2453.txt">),
of RIP are supported by BIRD, historical RIPv1 RIPng (RFC 2080<htmlurl url="http://www.rfc-editor.org/rfc/rfc2080.txt">),
(RFC 1058 <htmlurl url="ftp://ftp.rfc-editor.org/in-notes/rfc1058.txt">) is not and RIP cryptographic authentication (SHA-1 not implemented)
currently supported. RIPv4 MD5 authentication (RFC 4822<htmlurl url="http://www.rfc-editor.org/rfc/rfc4822.txt">).
(RFC 2082 <htmlurl url="ftp://ftp.rfc-editor.org/in-notes/rfc2082.txt">) is
supported.
<p>RIP is a very simple protocol, and it has a lot of shortcomings. Slow <p>RIP is a very simple protocol, and it has a lot of shortcomings. Slow
convergence, big network load and inability to handle larger networks makes it convergence, big network load and inability to handle larger networks makes it
@ -3261,39 +3259,156 @@ pretty much obsolete. It is still usable on very small networks.
<sect1>Configuration <sect1>Configuration
<p>In addition to options common for all to other protocols, RIP supports the <p>RIP configuration consists mainly of common protocol options and interface
following ones: definitions, most RIP options are interface specific.
<code>
protocol rip [&lt;name&gt;] {
infinity &lt;number&gt;;
ecmp &lt;switch&gt; [limit &lt;number&gt;];
interface &lt;interface pattern&gt; {
metric &lt;number&gt;;
mode multicast|broadcast;
passive &lt;switch&gt;;
address &lt;ip&gt;;
port &lt;number&gt;;
version 1|2;
split horizon &lt;switch&gt;;
poison reverse &lt;switch&gt;;
check zero &lt;switch&gt;;
update time &lt;number&gt;;
timeout time &lt;number&gt;;
garbage time &lt;number&gt;;
ecmp weight &lt;number&gt;;
ttl security &lt;switch&gt;; | tx only;
tx class|dscp &lt;number&gt;;
tx priority &lt;number&gt;;
rx buffer &lt;number&gt;;
tx length &lt;number&gt;;
check link &lt;switch&gt;;
authentication none|plaintext|cryptographic;
password "&lt;text&gt;";
password "&lt;text&gt;" {
id &lt;num&gt;;
generate from "&lt;date&gt;";
generate to "&lt;date&gt;";
accept from "&lt;date&gt;";
accept to "&lt;date&gt;";
};
};
}
</code>
<descrip> <descrip>
<tag>authentication none|plaintext|md5</tag> <tag>infinity <M>number</M></tag>
Selects authentication method to be used. <cf/none/ means that packets Selects the distance of infinity. Bigger values will make
are not authenticated at all, <cf/plaintext/ means that a plaintext protocol convergence even slower. The default value is 16.
password is embedded into each packet, and <cf/md5/ means that packets
are authenticated using a MD5 cryptographic hash. If you set
authentication to not-none, it is a good idea to add <cf>password</cf>
section. Default: none.
<tag>honor always|neighbor|never</tag> <tag>ecmp <M>switch</M> [limit <M>number</M>]</tag>
Specifies when should requests for dumping routing table be honored. This option specifies whether RIP is allowed to generate ECMP
(Always, when sent from a host on a directly connected network or (equal-cost multipath) routes. Such routes are used when there are
never.) Routing table updates are honored only from neighbors, that is several directions to the destination, each with the same (computed)
not configurable. Default: never. cost. This option also allows to specify a limit on maximum number of
nexthops in one route. By default, ECMP is disabled. If enabled,
default value of the limit is 16.
<tag>interface <m/pattern [, ...]/ { <m/options/ }</tag>
Interface definitions specify a set of interfaces on which the
protocol is activated and contain interface specific options.
See <ref id="dsc-iface" name="interface"> common options for
detailed description.
</descrip> </descrip>
<p>There are some options that can be specified per-interface: <p>Interface specific options:
<descrip> <descrip>
<tag>metric <m/num/</tag> <tag>metric <m/num/</tag>
This option specifies the metric of the interface. Valid This option specifies the metric of the interface. When a route is
received from the interface, its metric is increased by this value
before further processing. Valid values are 1-255, but values higher
than infinity has no further meaning. Default: 1.
<tag>mode multicast|broadcast|quiet|nolisten|version1</tag> <tag>mode multicast|broadcast</tag>
This option selects the mode for RIP to use on the interface. If nothing This option selects the mode for RIP to use on the interface. The
is specified, RIP runs in multicast mode. <cf/version1/ is currently default is multicast mode for RIPv2 and broadcast mode for RIPv1.
equivalent to <cf/broadcast/, and it makes RIP talk to a broadcast RIPng always uses the multicast mode.
address even through multicast mode is possible. <cf/quiet/ option means
that RIP will not transmit any periodic messages to this interface and <tag>passive <m/switch/</tag>
<cf/nolisten/ means that RIP will send to this interface butnot listen Passive interfaces receive routing updates but do not transmit any
to it. messages. Default: no.
<tag>address <m/ip/</tag>
This option specifies a destination address used for multicast or
broadcast messages, the default is the official RIP (224.0.0.9) or RIPng
(ff02::9) multicast address, or an appropriate broadcast address in the
broadcast mode.
<tag>port <m/number/</tag>
This option selects an UDP port to operate on, the default is the
official RIP (520) or RIPng (521) port.
<tag>version 1|2</tag>
This option selects the version of RIP used on the interface. For RIPv1,
automatic subnet aggregation is not implemented, only classful network
routes and host routes are propagated. Note that BIRD allows RIPv1 to be
configured with features that are defined for RIPv2 only, like
authentication or using multicast sockets. The default is RIPv2 for IPv4
RIP, the option is not supported for RIPng, as no further versions are
defined.
<tag>split horizon <m/switch/</tag>
Split horizon is a scheme for preventing routing loops. When split
horizon is active, routes are not regularly propagated back to the
interface from which they were received. They are either not propagated
back at all (plain split horizon) or propagated back with an infinity
metric (split horizon with poisoned reverse). Therefore, other routers
on the interface will not consider the router as a part of an
independent path to the destination of the route. Default: yes.
<tag>poison reverse <m/switch/</tag>
When split horizon is active, this option specifies whether the poisoned
reverse variant (propagating routes back with an infinity metric) is
used. The poisoned reverse has some advantages in faster convergence,
but uses more network traffic. Default: yes.
<tag>check zero <m/switch/</tag>
Received RIPv1 packets with non-zero values in reserved fields should
be discarded. This option specifies whether the check is performed or
such packets are just processed as usual. Default: yes.
<tag>update time <m/number/</tag>
Specifies the number of seconds between periodic updates. A lower number
will mean faster convergence but bigger network load. Default: 30.
<tag>timeout time <m/number/</tag>
Specifies the time interval (in seconds) between the last received route
announcement and the route expiration. After that, the network is
considered unreachable, but still is propagated with infinity distance.
Default: 180.
<tag>garbage time <m/number/</tag>
Specifies the time interval (in seconds) between the route expiration
and the removal of the unreachable network entry. The garbage interval,
when a route with infinity metric is propagated, is used for both
internal (after expiration) and external (after withdrawal) routes.
Default: 120.
<tag>ecmp weight <m/number/</tag>
When ECMP (multipath) routes are allowed, this value specifies a
relative weight used for nexthops going through the iface. Valid
values are 1-256. Default value is 1.
<tag>authentication none|plaintext|cryptographic</tag>
Selects authentication method to be used. <cf/none/ means that packets
are not authenticated at all, <cf/plaintext/ means that a plaintext
password is embedded into each packet, and <cf/cryptographic/ means that
packets are authenticated using a MD5 cryptographic hash. If you set
authentication to not-none, it is a good idea to add <cf>password</cf>
section. Default: none.
<tag>password "<m/text/"</tag>
Specifies a password used for authentication. See <ref id="dsc-pass"
name="password"> common option for detailed description.
<tag>ttl security [<m/switch/ | tx only]</tag> <tag>ttl security [<m/switch/ | tx only]</tag>
TTL security is a feature that protects routing protocols from remote TTL security is a feature that protects routing protocols from remote
@ -3309,43 +3424,31 @@ following ones:
compatibility with neighbors regardless of whether they use ttl compatibility with neighbors regardless of whether they use ttl
security. security.
Note that for RIPng, TTL security is a standard behavior (required by For RIPng, TTL security is a standard behavior (required by RFC 2080)
RFC 2080), but BIRD uses <cf/tx only/ by default, for compatibility with and therefore default value is yes. For IPv4 RIP, default value is no.
older versions. For IPv4 RIP, default value is no.
<tag>tx class|dscp|priority <m/num/</tag> <tag>tx class|dscp|priority <m/number/</tag>
These options specify the ToS/DiffServ/Traffic class/Priority of the These options specify the ToS/DiffServ/Traffic class/Priority of the
outgoing RIP packets. See <ref id="dsc-prio" name="tx class"> common outgoing RIP packets. See <ref id="dsc-prio" name="tx class"> common
option for detailed description. option for detailed description.
</descrip>
<p>The following options generally override behavior specified in RFC. If you <tag>rx buffer <m/number/</tag>
use any of these options, BIRD will no longer be RFC-compliant, which means it This option specifies the size of buffers used for packet processing.
will not be able to talk to anything other than equally configured BIRD. I have The buffer size should be bigger than maximal size of received packets.
warned you. The default value is 532 for IPv4 RIP and interface MTU value for RIPng.
<descrip> <tag>tx length <m/number/</tag>
<tag>port <M>number</M></tag> This option specifies the maximum length of generated RIP packets. To
Selects IP port to operate on, default 520. (This is useful when testing avoid IP fragmentation, it should not exceed the interface MTU value.
BIRD, if you set this to an address &gt;1024, you will not need to run The default value is 532 for IPv4 RIP and interface MTU value for RIPng.
bird with UID==0).
<tag>infinity <M>number</M></tag> <tag>check link <m/switch/</tag>
Selects the value of infinity, default is 16. Bigger values will make If set, the hardware link state (as reported by OS) is taken into
protocol convergence even slower. consideration. When the link disappears (e.g. an ethernet cable is
unplugged), neighbors are immediately considered unreachable and all
<tag>period <M>number</M></tag> routes received from them are withdrawn. It is possible that some
Specifies the number of seconds between periodic updates. Default is 30 hardware drivers or platforms do not implement this feature. Default:
seconds. A lower number will mean faster convergence but bigger network no.
load. Do not use values lower than 12.
<tag>timeout time <M>number</M></tag>
Specifies how old route has to be to be considered unreachable.
Default is 4*<cf/period/.
<tag>garbage time <M>number</M></tag>
Specifies how old route has to be to be discarded. Default is
10*<cf/period/.
</descrip> </descrip>
<sect1>Attributes <sect1>Attributes
@ -3356,27 +3459,26 @@ warned you.
<tag>int <cf/rip_metric/</tag> <tag>int <cf/rip_metric/</tag>
RIP metric of the route (ranging from 0 to <cf/infinity/). When routes RIP metric of the route (ranging from 0 to <cf/infinity/). When routes
from different RIP instances are available and all of them have the same from different RIP instances are available and all of them have the same
preference, BIRD prefers the route with lowest <cf/rip_metric/. When preference, BIRD prefers the route with lowest <cf/rip_metric/. When a
importing a non-RIP route, the metric defaults to 5. non-RIP route is exported to RIP, the default metric is 1.
<tag>int <cf/rip_tag/</tag> <tag>int <cf/rip_tag/</tag>
RIP route tag: a 16-bit number which can be used to carry additional RIP route tag: a 16-bit number which can be used to carry additional
information with the route (for example, an originating AS number in information with the route (for example, an originating AS number in
case of external routes). When importing a non-RIP route, the tag case of external routes). When a non-RIP route is exported to RIP, the
defaults to 0. default tag is 0.
</descrip> </descrip>
<sect1>Example <sect1>Example
<p><code> <p><code>
protocol rip MyRIP_test { protocol rip {
debug all; debug all;
port 1520; port 1520;
period 12; period 12;
garbage time 60; garbage time 60;
interface "eth0" { metric 3; mode multicast; }; interface "eth0" { metric 3; mode multicast; };
interface "eth*" { metric 2; mode broadcast; }; interface "eth*" { metric 2; mode broadcast; };
honor neighbor;
authentication none; authentication none;
import filter { print "importing"; accept; }; import filter { print "importing"; accept; };
export filter { print "exporting"; accept; }; export filter { print "exporting"; accept; };

View File

@ -55,6 +55,8 @@ Reply codes of BIRD command-line interface
1018 Show memory 1018 Show memory
1019 Show ROA list 1019 Show ROA list
1020 Show BFD sessions 1020 Show BFD sessions
1021 Show RIP interface
1022 Show RIP neighbors
8000 Reply too long 8000 Reply too long
8001 Route not found 8001 Route not found

View File

@ -1,3 +1,9 @@
sha256.c
sha256.h
sha512.c
sha512.h
sha1.c
sha1.h
birdlib.h birdlib.h
bitops.c bitops.c
bitops.h bitops.h

View File

@ -30,6 +30,7 @@
#define MAX(a,b) MAX_(a,b) #define MAX(a,b) MAX_(a,b)
#endif #endif
#define U64(c) UINT64_C(c)
#define ABS(a) ((a)>=0 ? (a) : -(a)) #define ABS(a) ((a)>=0 ? (a) : -(a))
#define DELTA(a,b) (((a)>=(b))?(a)-(b):(b)-(a)) #define DELTA(a,b) (((a)>=(b))?(a)-(b):(b)-(a))
#define ARRAY_SIZE(a) (sizeof(a)/sizeof(*(a))) #define ARRAY_SIZE(a) (sizeof(a)/sizeof(*(a)))

View File

@ -233,7 +233,7 @@ ip6_ntop(ip6_addr a, char *b)
} }
int int
ip4_pton(char *a, ip4_addr *o) ip4_pton(const char *a, ip4_addr *o)
{ {
int i; int i;
unsigned long int l; unsigned long int l;
@ -258,11 +258,11 @@ ip4_pton(char *a, ip4_addr *o)
} }
int int
ip6_pton(char *a, ip6_addr *o) ip6_pton(const char *a, ip6_addr *o)
{ {
u16 words[8]; u16 words[8];
int i, j, k, l, hfil; int i, j, k, l, hfil;
char *start; const char *start;
if (a[0] == ':') /* Leading :: */ if (a[0] == ':') /* Leading :: */
{ {
@ -364,7 +364,9 @@ ip4_class_mask(ip4_addr ad)
{ {
u32 m, a = _I(ad); u32 m, a = _I(ad);
if (a < 0x80000000) if (a == 0x00000000)
m = 0x00000000;
else if (a < 0x80000000)
m = 0xff000000; m = 0xff000000;
else if (a < 0xc0000000) else if (a < 0xc0000000)
m = 0xffff0000; m = 0xffff0000;

View File

@ -15,8 +15,11 @@
#include "lib/unaligned.h" #include "lib/unaligned.h"
#define IP4_ALL_NODES ipa_build4(224, 0, 0, 1)
#define IP4_ALL_ROUTERS ipa_build4(224, 0, 0, 2)
#define IP4_OSPF_ALL_ROUTERS ipa_build4(224, 0, 0, 5) #define IP4_OSPF_ALL_ROUTERS ipa_build4(224, 0, 0, 5)
#define IP4_OSPF_DES_ROUTERS ipa_build4(224, 0, 0, 6) #define IP4_OSPF_DES_ROUTERS ipa_build4(224, 0, 0, 6)
#define IP4_RIP_ROUTERS ipa_build4(224, 0, 0, 9)
#define IP6_ALL_NODES ipa_build6(0xFF020000, 0, 0, 1) #define IP6_ALL_NODES ipa_build6(0xFF020000, 0, 0, 1)
#define IP6_ALL_ROUTERS ipa_build6(0xFF020000, 0, 0, 2) #define IP6_ALL_ROUTERS ipa_build6(0xFF020000, 0, 0, 2)
@ -32,6 +35,10 @@
#define IP_PREC_INTERNET_CONTROL 0xc0 #define IP_PREC_INTERNET_CONTROL 0xc0
#define IP4_HEADER_LENGTH 20
#define IP6_HEADER_LENGTH 40
#define UDP_HEADER_LENGTH 8
#ifdef IPV6 #ifdef IPV6
#define MAX_PREFIX_LENGTH 128 #define MAX_PREFIX_LENGTH 128
@ -446,8 +453,8 @@ static inline char * ip4_ntox(ip4_addr a, char *b)
static inline char * ip6_ntox(ip6_addr a, char *b) static inline char * ip6_ntox(ip6_addr a, char *b)
{ return b + bsprintf(b, "%08x.%08x.%08x.%08x", _I0(a), _I1(a), _I2(a), _I3(a)); } { return b + bsprintf(b, "%08x.%08x.%08x.%08x", _I0(a), _I1(a), _I2(a), _I3(a)); }
int ip4_pton(char *a, ip4_addr *o); int ip4_pton(const char *a, ip4_addr *o);
int ip6_pton(char *a, ip6_addr *o); int ip6_pton(const char *a, ip6_addr *o);
// XXXX these functions must be redesigned or removed // XXXX these functions must be redesigned or removed
#ifdef IPV6 #ifdef IPV6

160
lib/md5.c
View File

@ -1,53 +1,45 @@
/* /*
* This code implements the MD5 message-digest algorithm. * BIRD Library -- MD5 Hash Function and HMAC-MD5 Function
* The algorithm is due to Ron Rivest. This code was
* written by Colin Plumb in 1993, no copyright is claimed.
* This code is in the public domain; do with it what you wish.
* *
* Equivalent code is available from RSA Data Security, Inc. * (c) 2015 CZ.NIC z.s.p.o.
* This code has been tested against that, and is equivalent,
* except that you don't need to include two pages of legalese
* with every copy.
* *
* To compute the message digest of a chunk of bytes, declare an * The code was written by Colin Plumb in 1993, no copyright is claimed.
* MD5Context structure, pass it to MD5Init, call MD5Update as *
* needed on buffers full of bytes, and then call MD5Final, which * Adapted for BIRD by Martin Mares <mj@ucw.cz>
* will fill a supplied 16-byte array with the digest. *
* Can be freely distributed and used under the terms of the GNU GPL.
*/ */
/* #include "lib/md5.h"
* Adapted for BIRD by Martin Mares <mj@atrey.karlin.mff.cuni.cz>
*/
#include "nest/bird.h"
#include "lib/string.h"
#include "md5.h"
#ifdef CPU_LITTLE_ENDIAN #ifdef CPU_LITTLE_ENDIAN
#define byteReverse(buf, len) /* Nothing */ #define byteReverse(buf, len) /* Nothing */
#else #else
void byteReverse(unsigned char *buf, unsigned longs); void byteReverse(byte *buf, uint longs);
/* /*
* Note: this code is harmless on little-endian machines. * Note: this code is harmless on little-endian machines.
*/ */
void byteReverse(unsigned char *buf, unsigned longs) void byteReverse(byte *buf, uint longs)
{ {
u32 t; u32 t;
do { do {
t = (u32) ((unsigned) buf[3] << 8 | buf[2]) << 16 | t = (u32) ((uint) buf[3] << 8 | buf[2]) << 16 |
((unsigned) buf[1] << 8 | buf[0]); ((uint) buf[1] << 8 | buf[0]);
*(u32 *) buf = t; *(u32 *) buf = t;
buf += 4; buf += 4;
} while (--longs); } while (--longs);
} }
#endif #endif
static void md5_transform(u32 buf[4], u32 const in[16]);
/* /*
* Start MD5 accumulation. Set bit count to 0 and buffer to mysterious * Start MD5 accumulation. Set bit count to 0 and buffer to mysterious
* initialization constants. * initialization constants.
*/ */
void MD5Init(struct MD5Context *ctx) void
md5_init(struct md5_context *ctx)
{ {
ctx->buf[0] = 0x67452301; ctx->buf[0] = 0x67452301;
ctx->buf[1] = 0xefcdab89; ctx->buf[1] = 0xefcdab89;
@ -62,7 +54,8 @@ void MD5Init(struct MD5Context *ctx)
* Update context to reflect the concatenation of another buffer full * Update context to reflect the concatenation of another buffer full
* of bytes. * of bytes.
*/ */
void MD5Update(struct MD5Context *ctx, unsigned char const *buf, unsigned len) void
md5_update(struct md5_context *ctx, const byte *buf, uint len)
{ {
u32 t; u32 t;
@ -76,33 +69,34 @@ void MD5Update(struct MD5Context *ctx, unsigned char const *buf, unsigned len)
t = (t >> 3) & 0x3f; /* Bytes already in shsInfo->data */ t = (t >> 3) & 0x3f; /* Bytes already in shsInfo->data */
/* Handle any leading odd-sized chunks */ /* Handle any leading odd-sized chunks */
if (t)
if (t) { {
unsigned char *p = (unsigned char *) ctx->in + t; byte *p = (byte *) ctx->in + t;
t = 64 - t; t = 64 - t;
if (len < t) { if (len < t)
{
memcpy(p, buf, len); memcpy(p, buf, len);
return; return;
} }
memcpy(p, buf, t); memcpy(p, buf, t);
byteReverse(ctx->in, 16); byteReverse(ctx->in, 16);
MD5Transform(ctx->buf, (u32 *) ctx->in); md5_transform(ctx->buf, (u32 *) ctx->in);
buf += t; buf += t;
len -= t; len -= t;
} }
/* Process data in 64-byte chunks */
while (len >= 64) { /* Process data in 64-byte chunks */
while (len >= 64)
{
memcpy(ctx->in, buf, 64); memcpy(ctx->in, buf, 64);
byteReverse(ctx->in, 16); byteReverse(ctx->in, 16);
MD5Transform(ctx->buf, (u32 *) ctx->in); md5_transform(ctx->buf, (u32 *) ctx->in);
buf += 64; buf += 64;
len -= 64; len -= 64;
} }
/* Handle any remaining bytes of data. */ /* Handle any remaining bytes of data. */
memcpy(ctx->in, buf, len); memcpy(ctx->in, buf, len);
} }
@ -110,10 +104,11 @@ void MD5Update(struct MD5Context *ctx, unsigned char const *buf, unsigned len)
* Final wrapup - pad to 64-byte boundary with the bit pattern * Final wrapup - pad to 64-byte boundary with the bit pattern
* 1 0* (64-bit count of bits processed, MSB-first) * 1 0* (64-bit count of bits processed, MSB-first)
*/ */
void MD5Final(unsigned char digest[16], struct MD5Context *ctx) byte *
md5_final(struct md5_context *ctx)
{ {
unsigned count; uint count;
unsigned char *p; byte *p;
/* Compute number of bytes mod 64 */ /* Compute number of bytes mod 64 */
count = (ctx->bits[0] >> 3) & 0x3F; count = (ctx->bits[0] >> 3) & 0x3F;
@ -127,15 +122,18 @@ void MD5Final(unsigned char digest[16], struct MD5Context *ctx)
count = 64 - 1 - count; count = 64 - 1 - count;
/* Pad out to 56 mod 64 */ /* Pad out to 56 mod 64 */
if (count < 8) { if (count < 8)
{
/* Two lots of padding: Pad the first block to 64 bytes */ /* Two lots of padding: Pad the first block to 64 bytes */
memset(p, 0, count); memset(p, 0, count);
byteReverse(ctx->in, 16); byteReverse(ctx->in, 16);
MD5Transform(ctx->buf, (u32 *) ctx->in); md5_transform(ctx->buf, (u32 *) ctx->in);
/* Now fill the next block with 56 bytes */ /* Now fill the next block with 56 bytes */
memset(ctx->in, 0, 56); memset(ctx->in, 0, 56);
} else { }
else
{
/* Pad block to 56 bytes */ /* Pad block to 56 bytes */
memset(p, 0, count - 8); memset(p, 0, count - 8);
} }
@ -145,10 +143,17 @@ void MD5Final(unsigned char digest[16], struct MD5Context *ctx)
((u32 *) ctx->in)[14] = ctx->bits[0]; ((u32 *) ctx->in)[14] = ctx->bits[0];
((u32 *) ctx->in)[15] = ctx->bits[1]; ((u32 *) ctx->in)[15] = ctx->bits[1];
MD5Transform(ctx->buf, (u32 *) ctx->in); md5_transform(ctx->buf, (u32 *) ctx->in);
byteReverse((unsigned char *) ctx->buf, 4); byteReverse((byte *) ctx->buf, 4);
memcpy(digest, ctx->buf, 16);
memset((char *) ctx, 0, sizeof(ctx)); /* In case it's sensitive */ return (byte*) ctx->buf;
}
/* I am a hard paranoid */
void
md5_erase_ctx(struct md5_context *ctx)
{
memset((char *) ctx, 0, sizeof(*ctx)); /* In case it's sensitive */
} }
/* The four core functions - F1 is optimized somewhat */ /* The four core functions - F1 is optimized somewhat */
@ -168,7 +173,8 @@ void MD5Final(unsigned char digest[16], struct MD5Context *ctx)
* reflect the addition of 16 longwords of new data. MD5Update blocks * reflect the addition of 16 longwords of new data. MD5Update blocks
* the data and converts bytes into longwords for this routine. * the data and converts bytes into longwords for this routine.
*/ */
void MD5Transform(u32 buf[4], u32 const in[16]) void
md5_transform(u32 buf[4], u32 const in[16])
{ {
register u32 a, b, c, d; register u32 a, b, c, d;
@ -250,3 +256,67 @@ void MD5Transform(u32 buf[4], u32 const in[16])
buf[2] += c; buf[2] += c;
buf[3] += d; buf[3] += d;
} }
/*
* MD5-HMAC
*/
static void
md5_hash_buffer(byte *outbuf, const byte *buffer, size_t length)
{
struct md5_context hd_tmp;
md5_init(&hd_tmp);
md5_update(&hd_tmp, buffer, length);
memcpy(outbuf, md5_final(&hd_tmp), MD5_SIZE);
}
void
md5_hmac_init(struct md5_hmac_context *ctx, const byte *key, size_t keylen)
{
byte keybuf[MD5_BLOCK_SIZE], buf[MD5_BLOCK_SIZE];
/* Hash the key if necessary */
if (keylen <= MD5_BLOCK_SIZE)
{
memcpy(keybuf, key, keylen);
bzero(keybuf + keylen, MD5_BLOCK_SIZE - keylen);
}
else
{
md5_hash_buffer(keybuf, key, keylen);
bzero(keybuf + MD5_SIZE, MD5_BLOCK_SIZE - MD5_SIZE);
}
/* Initialize the inner digest */
md5_init(&ctx->ictx);
int i;
for (i = 0; i < MD5_BLOCK_SIZE; i++)
buf[i] = keybuf[i] ^ 0x36;
md5_update(&ctx->ictx, buf, MD5_BLOCK_SIZE);
/* Initialize the outer digest */
md5_init(&ctx->octx);
for (i = 0; i < MD5_BLOCK_SIZE; i++)
buf[i] = keybuf[i] ^ 0x5c;
md5_update(&ctx->octx, buf, MD5_BLOCK_SIZE);
}
void
md5_hmac_update(struct md5_hmac_context *ctx, const byte *buf, size_t buflen)
{
/* Just update the inner digest */
md5_update(&ctx->ictx, buf, buflen);
}
byte *
md5_hmac_final(struct md5_hmac_context *ctx)
{
/* Finish the inner digest */
byte *isha = md5_final(&ctx->ictx);
/* Finish the outer digest */
md5_update(&ctx->octx, isha, MD5_SIZE);
return md5_final(&ctx->octx);
}

View File

@ -1,16 +1,47 @@
#ifndef MD5_H /*
#define MD5_H * BIRD Library -- MD5 Hash Function and HMAC-MD5 Function
*
* (c) 2015 CZ.NIC z.s.p.o.
*
* Adapted for BIRD by Martin Mares <mj@ucw.cz>
*
* Can be freely distributed and used under the terms of the GNU GPL.
*/
struct MD5Context { #ifndef _BIRD_MD5_H_
#define _BIRD_MD5_H_
#include "nest/bird.h"
#define MD5_SIZE 16
#define MD5_HEX_SIZE 33
#define MD5_BLOCK_SIZE 64
struct md5_context {
u32 buf[4]; u32 buf[4];
u32 bits[2]; u32 bits[2];
unsigned char in[64]; byte in[64];
}; };
void MD5Init(struct MD5Context *context); void md5_init(struct md5_context *ctx);
void MD5Update(struct MD5Context *context, unsigned char const *buf, void md5_update(struct md5_context *ctx, const byte *buf, uint len);
unsigned len); byte *md5_final(struct md5_context *ctx);
void MD5Final(unsigned char digest[16], struct MD5Context *context);
void MD5Transform(u32 buf[4], u32 const in[16]);
#endif /* !MD5_H */
/*
* HMAC-MD5
*/
struct md5_hmac_context {
struct md5_context ictx;
struct md5_context octx;
};
void md5_hmac_init(struct md5_hmac_context *ctx, const byte *key, size_t keylen);
void md5_hmac_update(struct md5_hmac_context *ctx, const byte *buf, size_t buflen);
byte *md5_hmac_final(struct md5_hmac_context *ctx);
#endif /* _BIRD_MD5_H_ */

View File

@ -16,7 +16,7 @@
#endif #endif
int int
MATCH_FUNC_NAME(byte *p, byte *s) MATCH_FUNC_NAME(const byte *p, const byte *s)
{ {
while (*p) while (*p)
{ {

348
lib/sha1.c Normal file
View File

@ -0,0 +1,348 @@
/*
* BIRD Library -- SHA-1 Hash Function (FIPS 180-1, RFC 3174) and HMAC-SHA-1
*
* (c) 2015 CZ.NIC z.s.p.o.
*
* Based on the code from libucw-6.4
* (c) 2008--2009 Martin Mares <mj@ucw.cz>
*
* Based on the code from libgcrypt-1.2.3, which is
* (c) 1998, 2001, 2002, 2003 Free Software Foundation, Inc.
*
* Can be freely distributed and used under the terms of the GNU GPL.
*/
#include "lib/sha1.h"
#include "lib/unaligned.h"
void
sha1_init(struct sha1_context *ctx)
{
ctx->h0 = 0x67452301;
ctx->h1 = 0xefcdab89;
ctx->h2 = 0x98badcfe;
ctx->h3 = 0x10325476;
ctx->h4 = 0xc3d2e1f0;
ctx->nblocks = 0;
ctx->count = 0;
}
/*
* Transform the message X which consists of 16 32-bit-words
*/
static void
sha1_transform(struct sha1_context *ctx, const byte *data)
{
u32 a,b,c,d,e,tm;
u32 x[16];
/* Get values from the chaining vars. */
a = ctx->h0;
b = ctx->h1;
c = ctx->h2;
d = ctx->h3;
e = ctx->h4;
#ifdef CPU_BIG_ENDIAN
memcpy(x, data, 64);
#else
int i;
for (i = 0; i < 16; i++)
x[i] = get_u32(data+4*i);
#endif
#define K1 0x5A827999L
#define K2 0x6ED9EBA1L
#define K3 0x8F1BBCDCL
#define K4 0xCA62C1D6L
#define F1(x,y,z) ( z ^ ( x & ( y ^ z ) ) )
#define F2(x,y,z) ( x ^ y ^ z )
#define F3(x,y,z) ( ( x & y ) | ( z & ( x | y ) ) )
#define F4(x,y,z) ( x ^ y ^ z )
#define M(i) (tm = x[i&0x0f] ^ x[(i-14)&0x0f] ^ x[(i-8)&0x0f] ^ x[(i-3)&0x0f], (x[i&0x0f] = ROL(tm, 1)))
/* Bitwise rotation of an unsigned int to the left **/
#define ROL(x, bits) (((x) << (bits)) | ((uint)(x) >> (sizeof(uint)*8 - (bits))))
#define R(a, b, c, d, e, f, k, m) \
do \
{ \
e += ROL(a, 5) + f(b, c, d) + k + m; \
b = ROL(b, 30); \
} while(0)
R( a, b, c, d, e, F1, K1, x[ 0] );
R( e, a, b, c, d, F1, K1, x[ 1] );
R( d, e, a, b, c, F1, K1, x[ 2] );
R( c, d, e, a, b, F1, K1, x[ 3] );
R( b, c, d, e, a, F1, K1, x[ 4] );
R( a, b, c, d, e, F1, K1, x[ 5] );
R( e, a, b, c, d, F1, K1, x[ 6] );
R( d, e, a, b, c, F1, K1, x[ 7] );
R( c, d, e, a, b, F1, K1, x[ 8] );
R( b, c, d, e, a, F1, K1, x[ 9] );
R( a, b, c, d, e, F1, K1, x[10] );
R( e, a, b, c, d, F1, K1, x[11] );
R( d, e, a, b, c, F1, K1, x[12] );
R( c, d, e, a, b, F1, K1, x[13] );
R( b, c, d, e, a, F1, K1, x[14] );
R( a, b, c, d, e, F1, K1, x[15] );
R( e, a, b, c, d, F1, K1, M(16) );
R( d, e, a, b, c, F1, K1, M(17) );
R( c, d, e, a, b, F1, K1, M(18) );
R( b, c, d, e, a, F1, K1, M(19) );
R( a, b, c, d, e, F2, K2, M(20) );
R( e, a, b, c, d, F2, K2, M(21) );
R( d, e, a, b, c, F2, K2, M(22) );
R( c, d, e, a, b, F2, K2, M(23) );
R( b, c, d, e, a, F2, K2, M(24) );
R( a, b, c, d, e, F2, K2, M(25) );
R( e, a, b, c, d, F2, K2, M(26) );
R( d, e, a, b, c, F2, K2, M(27) );
R( c, d, e, a, b, F2, K2, M(28) );
R( b, c, d, e, a, F2, K2, M(29) );
R( a, b, c, d, e, F2, K2, M(30) );
R( e, a, b, c, d, F2, K2, M(31) );
R( d, e, a, b, c, F2, K2, M(32) );
R( c, d, e, a, b, F2, K2, M(33) );
R( b, c, d, e, a, F2, K2, M(34) );
R( a, b, c, d, e, F2, K2, M(35) );
R( e, a, b, c, d, F2, K2, M(36) );
R( d, e, a, b, c, F2, K2, M(37) );
R( c, d, e, a, b, F2, K2, M(38) );
R( b, c, d, e, a, F2, K2, M(39) );
R( a, b, c, d, e, F3, K3, M(40) );
R( e, a, b, c, d, F3, K3, M(41) );
R( d, e, a, b, c, F3, K3, M(42) );
R( c, d, e, a, b, F3, K3, M(43) );
R( b, c, d, e, a, F3, K3, M(44) );
R( a, b, c, d, e, F3, K3, M(45) );
R( e, a, b, c, d, F3, K3, M(46) );
R( d, e, a, b, c, F3, K3, M(47) );
R( c, d, e, a, b, F3, K3, M(48) );
R( b, c, d, e, a, F3, K3, M(49) );
R( a, b, c, d, e, F3, K3, M(50) );
R( e, a, b, c, d, F3, K3, M(51) );
R( d, e, a, b, c, F3, K3, M(52) );
R( c, d, e, a, b, F3, K3, M(53) );
R( b, c, d, e, a, F3, K3, M(54) );
R( a, b, c, d, e, F3, K3, M(55) );
R( e, a, b, c, d, F3, K3, M(56) );
R( d, e, a, b, c, F3, K3, M(57) );
R( c, d, e, a, b, F3, K3, M(58) );
R( b, c, d, e, a, F3, K3, M(59) );
R( a, b, c, d, e, F4, K4, M(60) );
R( e, a, b, c, d, F4, K4, M(61) );
R( d, e, a, b, c, F4, K4, M(62) );
R( c, d, e, a, b, F4, K4, M(63) );
R( b, c, d, e, a, F4, K4, M(64) );
R( a, b, c, d, e, F4, K4, M(65) );
R( e, a, b, c, d, F4, K4, M(66) );
R( d, e, a, b, c, F4, K4, M(67) );
R( c, d, e, a, b, F4, K4, M(68) );
R( b, c, d, e, a, F4, K4, M(69) );
R( a, b, c, d, e, F4, K4, M(70) );
R( e, a, b, c, d, F4, K4, M(71) );
R( d, e, a, b, c, F4, K4, M(72) );
R( c, d, e, a, b, F4, K4, M(73) );
R( b, c, d, e, a, F4, K4, M(74) );
R( a, b, c, d, e, F4, K4, M(75) );
R( e, a, b, c, d, F4, K4, M(76) );
R( d, e, a, b, c, F4, K4, M(77) );
R( c, d, e, a, b, F4, K4, M(78) );
R( b, c, d, e, a, F4, K4, M(79) );
/* Update chaining vars. */
ctx->h0 += a;
ctx->h1 += b;
ctx->h2 += c;
ctx->h3 += d;
ctx->h4 += e;
}
/*
* Update the message digest with the contents of BUF with length LEN.
*/
void
sha1_update(struct sha1_context *ctx, const byte *buf, uint len)
{
if (ctx->count)
{
/* Fill rest of internal buffer */
for (; len && ctx->count < SHA1_BLOCK_SIZE; len--)
ctx->buf[ctx->count++] = *buf++;
if (ctx->count < SHA1_BLOCK_SIZE)
return;
/* Process data from internal buffer */
sha1_transform(ctx, ctx->buf);
ctx->nblocks++;
ctx->count = 0;
}
if (!len)
return;
/* Process data from input buffer */
while (len >= SHA1_BLOCK_SIZE)
{
sha1_transform(ctx, buf);
ctx->nblocks++;
buf += SHA1_BLOCK_SIZE;
len -= SHA1_BLOCK_SIZE;
}
/* Copy remaining data to internal buffer */
memcpy(ctx->buf, buf, len);
ctx->count = len;
}
/*
* The routine final terminates the computation and returns the digest. The
* handle is prepared for a new cycle, but adding bytes to the handle will the
* destroy the returned buffer.
*
* Returns: 20 bytes representing the digest.
*/
byte *
sha1_final(struct sha1_context *ctx)
{
u32 t, msb, lsb;
sha1_update(ctx, NULL, 0); /* flush */
t = ctx->nblocks;
/* multiply by 64 to make a byte count */
lsb = t << 6;
msb = t >> 26;
/* add the count */
t = lsb;
if ((lsb += ctx->count) < t)
msb++;
/* multiply by 8 to make a bit count */
t = lsb;
lsb <<= 3;
msb <<= 3;
msb |= t >> 29;
if (ctx->count < 56)
{
/* enough room */
ctx->buf[ctx->count++] = 0x80; /* pad */
while (ctx->count < 56)
ctx->buf[ctx->count++] = 0; /* pad */
}
else
{
/* need one extra block */
ctx->buf[ctx->count++] = 0x80; /* pad character */
while (ctx->count < 64)
ctx->buf[ctx->count++] = 0;
sha1_update(ctx, NULL, 0); /* flush */
memset(ctx->buf, 0, 56); /* fill next block with zeroes */
}
/* append the 64 bit count */
ctx->buf[56] = msb >> 24;
ctx->buf[57] = msb >> 16;
ctx->buf[58] = msb >> 8;
ctx->buf[59] = msb;
ctx->buf[60] = lsb >> 24;
ctx->buf[61] = lsb >> 16;
ctx->buf[62] = lsb >> 8;
ctx->buf[63] = lsb;
sha1_transform(ctx, ctx->buf);
byte *p = ctx->buf;
#define X(a) do { put_u32(p, ctx->h##a); p += 4; } while(0)
X(0);
X(1);
X(2);
X(3);
X(4);
#undef X
return ctx->buf;
}
/*
* SHA1-HMAC
*/
/*
* Shortcut function which puts the hash value of the supplied buffer
* into outbuf which must have a size of 20 bytes.
*/
void
sha1_hash_buffer(byte *outbuf, const byte *buffer, uint length)
{
struct sha1_context ctx;
sha1_init(&ctx);
sha1_update(&ctx, buffer, length);
memcpy(outbuf, sha1_final(&ctx), SHA1_SIZE);
}
void
sha1_hmac_init(struct sha1_hmac_context *ctx, const byte *key, uint keylen)
{
byte keybuf[SHA1_BLOCK_SIZE], buf[SHA1_BLOCK_SIZE];
/* Hash the key if necessary */
if (keylen <= SHA1_BLOCK_SIZE)
{
memcpy(keybuf, key, keylen);
memset(keybuf + keylen, 0, SHA1_BLOCK_SIZE - keylen);
}
else
{
sha1_hash_buffer(keybuf, key, keylen);
memset(keybuf + SHA1_SIZE, 0, SHA1_BLOCK_SIZE - SHA1_SIZE);
}
/* Initialize the inner digest */
sha1_init(&ctx->ictx);
int i;
for (i = 0; i < SHA1_BLOCK_SIZE; i++)
buf[i] = keybuf[i] ^ 0x36;
sha1_update(&ctx->ictx, buf, SHA1_BLOCK_SIZE);
/* Initialize the outer digest */
sha1_init(&ctx->octx);
for (i = 0; i < SHA1_BLOCK_SIZE; i++)
buf[i] = keybuf[i] ^ 0x5c;
sha1_update(&ctx->octx, buf, SHA1_BLOCK_SIZE);
}
void
sha1_hmac_update(struct sha1_hmac_context *ctx, const byte *data, uint datalen)
{
/* Just update the inner digest */
sha1_update(&ctx->ictx, data, datalen);
}
byte *
sha1_hmac_final(struct sha1_hmac_context *ctx)
{
/* Finish the inner digest */
byte *isha = sha1_final(&ctx->ictx);
/* Finish the outer digest */
sha1_update(&ctx->octx, isha, SHA1_SIZE);
return sha1_final(&ctx->octx);
}
void
sha1_hmac(byte *outbuf, const byte *key, uint keylen, const byte *data, uint datalen)
{
struct sha1_hmac_context ctx;
sha1_hmac_init(&ctx, key, keylen);
sha1_hmac_update(&ctx, data, datalen);
memcpy(outbuf, sha1_hmac_final(&ctx), SHA1_SIZE);
}

86
lib/sha1.h Normal file
View File

@ -0,0 +1,86 @@
/*
* BIRD Library -- SHA-1 Hash Function (FIPS 180-1, RFC 3174) and HMAC-SHA-1
*
* (c) 2015 CZ.NIC z.s.p.o.
*
* Based on the code from libucw-6.4
* (c) 2008--2009 Martin Mares <mj@ucw.cz>
*
* Based on the code from libgcrypt-1.2.3, which is
* (c) 1998, 2001, 2002, 2003 Free Software Foundation, Inc.
*
* Can be freely distributed and used under the terms of the GNU GPL.
*/
#ifndef _BIRD_SHA1_H_
#define _BIRD_SHA1_H_
#include "nest/bird.h"
#define SHA1_SIZE 20 /* Size of the SHA1 hash in its binary representation */
#define SHA1_HEX_SIZE 41 /* Buffer length for a string containing SHA1 in hexadecimal format. */
#define SHA1_BLOCK_SIZE 64 /* SHA1 splits input to blocks of this size. */
/*
* Internal SHA1 state.
* You should use it just as an opaque handle only.
*/
struct sha1_context {
u32 h0, h1, h2, h3, h4;
byte buf[SHA1_BLOCK_SIZE];
uint nblocks;
uint count;
};
void sha1_init(struct sha1_context *ctx); /* Initialize new algorithm run in the @ctx context. **/
/*
* Push another @len bytes of data pointed to by @buf onto the SHA1 hash
* currently in @ctx. You can call this any times you want on the same hash (and
* you do not need to reinitialize it by @sha1_init()). It has the same effect
* as concatenating all the data together and passing them at once.
*/
void sha1_update(struct sha1_context *ctx, const byte *buf, uint len);
/*
* No more @sha1_update() calls will be done. This terminates the hash and
* returns a pointer to it.
*
* Note that the pointer points into data in the @ctx context. If it ceases to
* exist, the pointer becomes invalid.
*/
byte *sha1_final(struct sha1_context *ctx);
/*
* A convenience one-shot function for SHA1 hash. It is equivalent to this
* snippet of code:
*
* sha1_context ctx;
* sha1_init(&ctx);
* sha1_update(&ctx, buffer, length);
* memcpy(outbuf, sha1_final(&ctx), SHA1_SIZE);
*/
void sha1_hash_buffer(byte *outbuf, const byte *buffer, uint length);
/*
* SHA1 HMAC message authentication. If you provide @key and @data, the result
* will be stored in @outbuf.
*/
void sha1_hmac(byte *outbuf, const byte *key, uint keylen, const byte *data, uint datalen);
/*
* The HMAC also exists in a stream version in a way analogous to the plain
* SHA1. Pass this as a context.
*/
struct sha1_hmac_context {
struct sha1_context ictx;
struct sha1_context octx;
};
void sha1_hmac_init(struct sha1_hmac_context *ctx, const byte *key, uint keylen); /* Initialize HMAC with context @ctx and the given key. See sha1_init(). */
void sha1_hmac_update(struct sha1_hmac_context *ctx, const byte *data, uint datalen); /* Hash another @datalen bytes of data. See sha1_update(). */
byte *sha1_hmac_final(struct sha1_hmac_context *ctx); /* Terminate the HMAC and return a pointer to the allocated hash. See sha1_final(). */
#endif /* _BIRD_SHA1_H_ */

449
lib/sha256.c Normal file
View File

@ -0,0 +1,449 @@
/*
* BIRD Library -- SHA-256 and SHA-224 Hash Functions,
* HMAC-SHA-256 and HMAC-SHA-224 Functions
*
* (c) 2015 CZ.NIC z.s.p.o.
*
* Based on the code from libgcrypt-1.6.0, which is
* (c) 2003, 2006, 2008, 2009 Free Software Foundation, Inc.
*
* Can be freely distributed and used under the terms of the GNU GPL.
*/
#include "lib/sha256.h"
#include "lib/unaligned.h"
// #define SHA256_UNROLLED
void
sha256_init(struct sha256_context *ctx)
{
ctx->h0 = 0x6a09e667;
ctx->h1 = 0xbb67ae85;
ctx->h2 = 0x3c6ef372;
ctx->h3 = 0xa54ff53a;
ctx->h4 = 0x510e527f;
ctx->h5 = 0x9b05688c;
ctx->h6 = 0x1f83d9ab;
ctx->h7 = 0x5be0cd19;
ctx->nblocks = 0;
ctx->count = 0;
}
void
sha224_init(struct sha224_context *ctx)
{
ctx->h0 = 0xc1059ed8;
ctx->h1 = 0x367cd507;
ctx->h2 = 0x3070dd17;
ctx->h3 = 0xf70e5939;
ctx->h4 = 0xffc00b31;
ctx->h5 = 0x68581511;
ctx->h6 = 0x64f98fa7;
ctx->h7 = 0xbefa4fa4;
ctx->nblocks = 0;
ctx->count = 0;
}
/* (4.2) same as SHA-1's F1. */
static inline u32
f1(u32 x, u32 y, u32 z)
{
return (z ^ (x & (y ^ z)));
}
/* (4.3) same as SHA-1's F3 */
static inline u32
f3(u32 x, u32 y, u32 z)
{
return ((x & y) | (z & (x|y)));
}
/* Bitwise rotation of an uint to the right */
static inline u32 ror(u32 x, int n)
{
return ((x >> (n&(32-1))) | (x << ((32-n)&(32-1))));
}
/* (4.4) */
static inline u32
sum0(u32 x)
{
return (ror(x, 2) ^ ror(x, 13) ^ ror(x, 22));
}
/* (4.5) */
static inline u32
sum1(u32 x)
{
return (ror(x, 6) ^ ror(x, 11) ^ ror(x, 25));
}
/*
Transform the message X which consists of 16 32-bit-words. See FIPS
180-2 for details. */
#define S0(x) (ror((x), 7) ^ ror((x), 18) ^ ((x) >> 3)) /* (4.6) */
#define S1(x) (ror((x), 17) ^ ror((x), 19) ^ ((x) >> 10)) /* (4.7) */
#define R(a,b,c,d,e,f,g,h,k,w) \
do \
{ \
t1 = (h) + sum1((e)) + f1((e),(f),(g)) + (k) + (w); \
t2 = sum0((a)) + f3((a),(b),(c)); \
h = g; \
g = f; \
f = e; \
e = d + t1; \
d = c; \
c = b; \
b = a; \
a = t1 + t2; \
} while (0)
/*
The SHA-256 core: Transform the message X which consists of 16
32-bit-words. See FIPS 180-2 for details.
*/
static uint
sha256_transform(struct sha256_context *ctx, const byte *data)
{
static const u32 K[64] = {
0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5,
0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5,
0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3,
0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174,
0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc,
0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da,
0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7,
0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967,
0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13,
0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85,
0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3,
0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070,
0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5,
0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3,
0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208,
0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2
};
u32 a,b,c,d,e,f,g,h,t1,t2;
u32 w[64];
int i;
a = ctx->h0;
b = ctx->h1;
c = ctx->h2;
d = ctx->h3;
e = ctx->h4;
f = ctx->h5;
g = ctx->h6;
h = ctx->h7;
for (i = 0; i < 16; i++)
w[i] = get_u32(data + i * 4);
for (; i < 64; i++)
w[i] = S1(w[i-2]) + w[i-7] + S0(w[i-15]) + w[i-16];
for (i = 0; i < 64;)
{
#ifndef SHA256_UNROLLED
R(a,b,c,d,e,f,g,h,K[i],w[i]);
i++;
#else /* Unrolled */
t1 = h + sum1(e) + f1(e, f, g) + K[i] + w[i];
t2 = sum0(a) + f3(a, b, c);
d += t1;
h = t1 + t2;
t1 = g + sum1(d) + f1(d, e, f) + K[i+1] + w[i+1];
t2 = sum0(h) + f3(h, a, b);
c += t1;
g = t1 + t2;
t1 = f + sum1(c) + f1(c, d, e) + K[i+2] + w[i+2];
t2 = sum0(g) + f3(g, h, a);
b += t1;
f = t1 + t2;
t1 = e + sum1(b) + f1(b, c, d) + K[i+3] + w[i+3];
t2 = sum0(f) + f3(f, g, h);
a += t1;
e = t1 + t2;
t1 = d + sum1(a) + f1(a, b, c) + K[i+4] + w[i+4];
t2 = sum0(e) + f3(e, f, g);
h += t1;
d = t1 + t2;
t1 = c + sum1(h) + f1(h, a, b) + K[i+5] + w[i+5];
t2 = sum0(d) + f3(d, e, f);
g += t1;
c = t1 + t2;
t1 = b + sum1(g) + f1(g, h, a) + K[i+6] + w[i+6];
t2 = sum0(c) + f3(c, d, e);
f += t1;
b = t1 + t2;
t1 = a + sum1(f) + f1(f, g, h) + K[i+7] + w[i+7];
t2 = sum0(b) + f3(b, c, d);
e += t1;
a = t1 + t2;
i += 8;
#endif
}
ctx->h0 += a;
ctx->h1 += b;
ctx->h2 += c;
ctx->h3 += d;
ctx->h4 += e;
ctx->h5 += f;
ctx->h6 += g;
ctx->h7 += h;
return /*burn_stack*/ 74*4+32;
}
#undef S0
#undef S1
#undef R
/* Common function to write a chunk of data to the transform function
of a hash algorithm. Note that the use of the term "block" does
not imply a fixed size block. Note that we explicitly allow to use
this function after the context has been finalized; the result does
not have any meaning but writing after finalize is sometimes
helpful to mitigate timing attacks. */
void
sha256_update(struct sha256_context *ctx, const byte *buf, size_t len)
{
if (ctx->count)
{
/* Fill rest of internal buffer */
for (; len && ctx->count < SHA256_BLOCK_SIZE; len--)
ctx->buf[ctx->count++] = *buf++;
if (ctx->count < SHA256_BLOCK_SIZE)
return;
/* Process data from internal buffer */
sha256_transform(ctx, ctx->buf);
ctx->nblocks++;
ctx->count = 0;
}
if (!len)
return;
/* Process data from input buffer */
while (len >= SHA256_BLOCK_SIZE)
{
sha256_transform(ctx, buf);
ctx->nblocks++;
buf += SHA256_BLOCK_SIZE;
len -= SHA256_BLOCK_SIZE;
}
/* Copy remaining data to internal buffer */
memcpy(ctx->buf, buf, len);
ctx->count = len;
}
/*
* The routine finally terminates the computation and returns the digest. The
* handle is prepared for a new cycle, but adding bytes to the handle will the
* destroy the returned buffer.
*
* Returns: 32 bytes with the message the digest. 28 bytes for SHA-224.
*/
byte *
sha256_final(struct sha256_context *ctx)
{
u32 t, th, msb, lsb;
sha256_update(ctx, NULL, 0); /* flush */
t = ctx->nblocks;
th = 0;
/* multiply by 64 to make a byte count */
lsb = t << 6;
msb = (th << 6) | (t >> 26);
/* add the count */
t = lsb;
if ((lsb += ctx->count) < t)
msb++;
/* multiply by 8 to make a bit count */
t = lsb;
lsb <<= 3;
msb <<= 3;
msb |= t >> 29;
if (ctx->count < 56)
{
/* enough room */
ctx->buf[ctx->count++] = 0x80; /* pad */
while (ctx->count < 56)
ctx->buf[ctx->count++] = 0; /* pad */
}
else
{
/* need one extra block */
ctx->buf[ctx->count++] = 0x80; /* pad character */
while (ctx->count < 64)
ctx->buf[ctx->count++] = 0;
sha256_update(ctx, NULL, 0); /* flush */;
memset(ctx->buf, 0, 56 ); /* fill next block with zeroes */
}
/* append the 64 bit count */
put_u32(ctx->buf + 56, msb);
put_u32(ctx->buf + 60, lsb);
sha256_transform(ctx, ctx->buf);
byte *p = ctx->buf;
#define X(a) do { put_u32(p, ctx->h##a); p += 4; } while(0)
X(0);
X(1);
X(2);
X(3);
X(4);
X(5);
X(6);
X(7);
#undef X
return ctx->buf;
}
/*
* SHA256-HMAC
*/
static void
sha256_hash_buffer(byte *outbuf, const byte *buffer, size_t length)
{
struct sha256_context ctx;
sha256_init(&ctx);
sha256_update(&ctx, buffer, length);
memcpy(outbuf, sha256_final(&ctx), SHA256_SIZE);
}
void
sha256_hmac_init(struct sha256_hmac_context *ctx, const byte *key, size_t keylen)
{
byte keybuf[SHA256_BLOCK_SIZE], buf[SHA256_BLOCK_SIZE];
/* Hash the key if necessary */
if (keylen <= SHA256_BLOCK_SIZE)
{
memcpy(keybuf, key, keylen);
memset(keybuf + keylen, 0, SHA256_BLOCK_SIZE - keylen);
}
else
{
sha256_hash_buffer(keybuf, key, keylen);
memset(keybuf + SHA256_SIZE, 0, SHA256_BLOCK_SIZE - SHA256_SIZE);
}
/* Initialize the inner digest */
sha256_init(&ctx->ictx);
int i;
for (i = 0; i < SHA256_BLOCK_SIZE; i++)
buf[i] = keybuf[i] ^ 0x36;
sha256_update(&ctx->ictx, buf, SHA256_BLOCK_SIZE);
/* Initialize the outer digest */
sha256_init(&ctx->octx);
for (i = 0; i < SHA256_BLOCK_SIZE; i++)
buf[i] = keybuf[i] ^ 0x5c;
sha256_update(&ctx->octx, buf, SHA256_BLOCK_SIZE);
}
void
sha256_hmac_update(struct sha256_hmac_context *ctx, const byte *buf, size_t buflen)
{
/* Just update the inner digest */
sha256_update(&ctx->ictx, buf, buflen);
}
byte *
sha256_hmac_final(struct sha256_hmac_context *ctx)
{
/* Finish the inner digest */
byte *isha = sha256_final(&ctx->ictx);
/* Finish the outer digest */
sha256_update(&ctx->octx, isha, SHA256_SIZE);
return sha256_final(&ctx->octx);
}
/*
* SHA224-HMAC
*/
static void
sha224_hash_buffer(byte *outbuf, const byte *buffer, size_t length)
{
struct sha224_context ctx;
sha224_init(&ctx);
sha224_update(&ctx, buffer, length);
memcpy(outbuf, sha224_final(&ctx), SHA224_SIZE);
}
void
sha224_hmac_init(struct sha224_hmac_context *ctx, const byte *key, size_t keylen)
{
byte keybuf[SHA224_BLOCK_SIZE], buf[SHA224_BLOCK_SIZE];
/* Hash the key if necessary */
if (keylen <= SHA224_BLOCK_SIZE)
{
memcpy(keybuf, key, keylen);
memset(keybuf + keylen, 0, SHA224_BLOCK_SIZE - keylen);
}
else
{
sha224_hash_buffer(keybuf, key, keylen);
memset(keybuf + SHA224_SIZE, 0, SHA224_BLOCK_SIZE - SHA224_SIZE);
}
/* Initialize the inner digest */
sha224_init(&ctx->ictx);
int i;
for (i = 0; i < SHA224_BLOCK_SIZE; i++)
buf[i] = keybuf[i] ^ 0x36;
sha224_update(&ctx->ictx, buf, SHA224_BLOCK_SIZE);
/* Initialize the outer digest */
sha224_init(&ctx->octx);
for (i = 0; i < SHA224_BLOCK_SIZE; i++)
buf[i] = keybuf[i] ^ 0x5c;
sha224_update(&ctx->octx, buf, SHA224_BLOCK_SIZE);
}
void
sha224_hmac_update(struct sha224_hmac_context *ctx, const byte *buf, size_t buflen)
{
/* Just update the inner digest */
sha256_update(&ctx->ictx, buf, buflen);
}
byte *
sha224_hmac_final(struct sha224_hmac_context *ctx)
{
/* Finish the inner digest */
byte *isha = sha224_final(&ctx->ictx);
/* Finish the outer digest */
sha224_update(&ctx->octx, isha, SHA224_SIZE);
return sha224_final(&ctx->octx);
}

73
lib/sha256.h Normal file
View File

@ -0,0 +1,73 @@
/*
* BIRD Library -- SHA-256 and SHA-224 Hash Functions,
* HMAC-SHA-256 and HMAC-SHA-224 Functions
*
* (c) 2015 CZ.NIC z.s.p.o.
*
* Based on the code from libgcrypt-1.6.0, which is
* (c) 2003, 2006, 2008, 2009 Free Software Foundation, Inc.
*
* Can be freely distributed and used under the terms of the GNU GPL.
*/
#ifndef _BIRD_SHA256_H_
#define _BIRD_SHA256_H_
#include "nest/bird.h"
#define SHA224_SIZE 28
#define SHA224_HEX_SIZE 57
#define SHA224_BLOCK_SIZE 64
#define SHA256_SIZE 32
#define SHA256_HEX_SIZE 65
#define SHA256_BLOCK_SIZE 64
struct sha256_context {
u32 h0, h1, h2, h3, h4, h5, h6, h7;
byte buf[SHA256_BLOCK_SIZE];
uint nblocks;
uint count;
};
#define sha224_context sha256_context
void sha256_init(struct sha256_context *ctx);
void sha224_init(struct sha224_context *ctx);
void sha256_update(struct sha256_context *ctx, const byte *buf, size_t len);
static inline void sha224_update(struct sha224_context *ctx, const byte *buf, size_t len)
{ sha256_update(ctx, buf, len); }
byte *sha256_final(struct sha256_context *ctx);
static inline byte *sha224_final(struct sha224_context *ctx)
{ return sha256_final(ctx); }
/*
* HMAC-SHA256, HMAC-SHA224
*/
struct sha256_hmac_context
{
struct sha256_context ictx;
struct sha256_context octx;
};
#define sha224_hmac_context sha256_hmac_context
void sha256_hmac_init(struct sha256_hmac_context *ctx, const byte *key, size_t keylen);
void sha224_hmac_init(struct sha224_hmac_context *ctx, const byte *key, size_t keylen);
void sha256_hmac_update(struct sha256_hmac_context *ctx, const byte *buf, size_t buflen);
void sha224_hmac_update(struct sha224_hmac_context *ctx, const byte *buf, size_t buflen);
byte *sha256_hmac_final(struct sha256_hmac_context *ctx);
byte *sha224_hmac_final(struct sha224_hmac_context *ctx);
#endif /* _BIRD_SHA256_H_ */

620
lib/sha512.c Normal file
View File

@ -0,0 +1,620 @@
/*
* BIRD Library -- SHA-512 and SHA-384 Hash Functions,
* HMAC-SHA-512 and HMAC-SHA-384 Functions
*
* (c) 2015 CZ.NIC z.s.p.o.
*
* Based on the code from libgcrypt-1.6.0, which is
* (c) 2003, 2006, 2008, 2009 Free Software Foundation, Inc.
*
* Can be freely distributed and used under the terms of the GNU GPL.
*/
#include "lib/sha512.h"
#include "lib/unaligned.h"
// #define SHA512_UNROLLED
void
sha512_init(struct sha512_context *ctx)
{
ctx->h0 = U64(0x6a09e667f3bcc908);
ctx->h1 = U64(0xbb67ae8584caa73b);
ctx->h2 = U64(0x3c6ef372fe94f82b);
ctx->h3 = U64(0xa54ff53a5f1d36f1);
ctx->h4 = U64(0x510e527fade682d1);
ctx->h5 = U64(0x9b05688c2b3e6c1f);
ctx->h6 = U64(0x1f83d9abfb41bd6b);
ctx->h7 = U64(0x5be0cd19137e2179);
ctx->nblocks = 0;
ctx->count = 0;
}
void
sha384_init(struct sha384_context *ctx)
{
ctx->h0 = U64(0xcbbb9d5dc1059ed8);
ctx->h1 = U64(0x629a292a367cd507);
ctx->h2 = U64(0x9159015a3070dd17);
ctx->h3 = U64(0x152fecd8f70e5939);
ctx->h4 = U64(0x67332667ffc00b31);
ctx->h5 = U64(0x8eb44a8768581511);
ctx->h6 = U64(0xdb0c2e0d64f98fa7);
ctx->h7 = U64(0x47b5481dbefa4fa4);
ctx->nblocks = 0;
ctx->count = 0;
}
static inline u64
ROTR(u64 x, u64 n)
{
return ((x >> n) | (x << (64 - n)));
}
static inline u64
Ch(u64 x, u64 y, u64 z)
{
return ((x & y) ^ ( ~x & z));
}
static inline u64
Maj(u64 x, u64 y, u64 z)
{
return ((x & y) ^ (x & z) ^ (y & z));
}
static inline u64
sum0(u64 x)
{
return (ROTR(x, 28) ^ ROTR(x, 34) ^ ROTR(x, 39));
}
static inline u64
sum1(u64 x)
{
return (ROTR(x, 14) ^ ROTR(x, 18) ^ ROTR(x, 41));
}
static const u64 k[] =
{
U64(0x428a2f98d728ae22), U64(0x7137449123ef65cd),
U64(0xb5c0fbcfec4d3b2f), U64(0xe9b5dba58189dbbc),
U64(0x3956c25bf348b538), U64(0x59f111f1b605d019),
U64(0x923f82a4af194f9b), U64(0xab1c5ed5da6d8118),
U64(0xd807aa98a3030242), U64(0x12835b0145706fbe),
U64(0x243185be4ee4b28c), U64(0x550c7dc3d5ffb4e2),
U64(0x72be5d74f27b896f), U64(0x80deb1fe3b1696b1),
U64(0x9bdc06a725c71235), U64(0xc19bf174cf692694),
U64(0xe49b69c19ef14ad2), U64(0xefbe4786384f25e3),
U64(0x0fc19dc68b8cd5b5), U64(0x240ca1cc77ac9c65),
U64(0x2de92c6f592b0275), U64(0x4a7484aa6ea6e483),
U64(0x5cb0a9dcbd41fbd4), U64(0x76f988da831153b5),
U64(0x983e5152ee66dfab), U64(0xa831c66d2db43210),
U64(0xb00327c898fb213f), U64(0xbf597fc7beef0ee4),
U64(0xc6e00bf33da88fc2), U64(0xd5a79147930aa725),
U64(0x06ca6351e003826f), U64(0x142929670a0e6e70),
U64(0x27b70a8546d22ffc), U64(0x2e1b21385c26c926),
U64(0x4d2c6dfc5ac42aed), U64(0x53380d139d95b3df),
U64(0x650a73548baf63de), U64(0x766a0abb3c77b2a8),
U64(0x81c2c92e47edaee6), U64(0x92722c851482353b),
U64(0xa2bfe8a14cf10364), U64(0xa81a664bbc423001),
U64(0xc24b8b70d0f89791), U64(0xc76c51a30654be30),
U64(0xd192e819d6ef5218), U64(0xd69906245565a910),
U64(0xf40e35855771202a), U64(0x106aa07032bbd1b8),
U64(0x19a4c116b8d2d0c8), U64(0x1e376c085141ab53),
U64(0x2748774cdf8eeb99), U64(0x34b0bcb5e19b48a8),
U64(0x391c0cb3c5c95a63), U64(0x4ed8aa4ae3418acb),
U64(0x5b9cca4f7763e373), U64(0x682e6ff3d6b2b8a3),
U64(0x748f82ee5defb2fc), U64(0x78a5636f43172f60),
U64(0x84c87814a1f0ab72), U64(0x8cc702081a6439ec),
U64(0x90befffa23631e28), U64(0xa4506cebde82bde9),
U64(0xbef9a3f7b2c67915), U64(0xc67178f2e372532b),
U64(0xca273eceea26619c), U64(0xd186b8c721c0c207),
U64(0xeada7dd6cde0eb1e), U64(0xf57d4f7fee6ed178),
U64(0x06f067aa72176fba), U64(0x0a637dc5a2c898a6),
U64(0x113f9804bef90dae), U64(0x1b710b35131c471b),
U64(0x28db77f523047d84), U64(0x32caab7b40c72493),
U64(0x3c9ebe0a15c9bebc), U64(0x431d67c49c100d4c),
U64(0x4cc5d4becb3e42b6), U64(0x597f299cfc657e2a),
U64(0x5fcb6fab3ad6faec), U64(0x6c44198c4a475817)
};
/*
* Transform the message W which consists of 16 64-bit-words
*/
static uint
sha512_transform(struct sha512_context *ctx, const byte *data)
{
u64 a, b, c, d, e, f, g, h;
u64 w[16];
uint t;
/* get values from the chaining vars */
a = ctx->h0;
b = ctx->h1;
c = ctx->h2;
d = ctx->h3;
e = ctx->h4;
f = ctx->h5;
g = ctx->h6;
h = ctx->h7;
for (t = 0; t < 16; t++)
w[t] = get_u64(data + t * 8);
#define S0(x) (ROTR((x),1) ^ ROTR((x),8) ^ ((x)>>7))
#define S1(x) (ROTR((x),19) ^ ROTR((x),61) ^ ((x)>>6))
for (t = 0; t < 80 - 16; )
{
u64 t1, t2;
/* Performance on a AMD Athlon(tm) Dual Core Processor 4050e
with gcc 4.3.3 using gcry_md_hash_buffer of each 10000 bytes
initialized to 0,1,2,3...255,0,... and 1000 iterations:
Not unrolled with macros: 440ms
Unrolled with macros: 350ms
Unrolled with inline: 330ms
*/
#ifndef SHA512_UNROLLED
t1 = h + sum1(e) + Ch(e, f, g) + k[t] + w[t%16];
w[t%16] += S1(w[(t - 2)%16]) + w[(t - 7)%16] + S0(w[(t - 15)%16]);
t2 = sum0(a) + Maj(a, b, c);
h = g;
g = f;
f = e;
e = d + t1;
d = c;
c = b;
b = a;
a = t1 + t2;
t++;
#else /* Unrolled */
t1 = h + sum1(e) + Ch(e, f, g) + k[t] + w[0];
w[0] += S1(w[14]) + w[9] + S0(w[1]);
t2 = sum0(a) + Maj(a, b, c);
d += t1;
h = t1 + t2;
t1 = g + sum1(d) + Ch(d, e, f) + k[t+1] + w[1];
w[1] += S1(w[15]) + w[10] + S0(w[2]);
t2 = sum0(h) + Maj(h, a, b);
c += t1;
g = t1 + t2;
t1 = f + sum1(c) + Ch(c, d, e) + k[t+2] + w[2];
w[2] += S1(w[0]) + w[11] + S0(w[3]);
t2 = sum0(g) + Maj(g, h, a);
b += t1;
f = t1 + t2;
t1 = e + sum1(b) + Ch(b, c, d) + k[t+3] + w[3];
w[3] += S1(w[1]) + w[12] + S0(w[4]);
t2 = sum0(f) + Maj(f, g, h);
a += t1;
e = t1 + t2;
t1 = d + sum1(a) + Ch(a, b, c) + k[t+4] + w[4];
w[4] += S1(w[2]) + w[13] + S0(w[5]);
t2 = sum0(e) + Maj(e, f, g);
h += t1;
d = t1 + t2;
t1 = c + sum1(h) + Ch(h, a, b) + k[t+5] + w[5];
w[5] += S1(w[3]) + w[14] + S0(w[6]);
t2 = sum0(d) + Maj(d, e, f);
g += t1;
c = t1 + t2;
t1 = b + sum1(g) + Ch(g, h, a) + k[t+6] + w[6];
w[6] += S1(w[4]) + w[15] + S0(w[7]);
t2 = sum0(c) + Maj(c, d, e);
f += t1;
b = t1 + t2;
t1 = a + sum1(f) + Ch(f, g, h) + k[t+7] + w[7];
w[7] += S1(w[5]) + w[0] + S0(w[8]);
t2 = sum0(b) + Maj(b, c, d);
e += t1;
a = t1 + t2;
t1 = h + sum1(e) + Ch(e, f, g) + k[t+8] + w[8];
w[8] += S1(w[6]) + w[1] + S0(w[9]);
t2 = sum0(a) + Maj(a, b, c);
d += t1;
h = t1 + t2;
t1 = g + sum1(d) + Ch(d, e, f) + k[t+9] + w[9];
w[9] += S1(w[7]) + w[2] + S0(w[10]);
t2 = sum0(h) + Maj(h, a, b);
c += t1;
g = t1 + t2;
t1 = f + sum1(c) + Ch(c, d, e) + k[t+10] + w[10];
w[10] += S1(w[8]) + w[3] + S0(w[11]);
t2 = sum0(g) + Maj(g, h, a);
b += t1;
f = t1 + t2;
t1 = e + sum1(b) + Ch(b, c, d) + k[t+11] + w[11];
w[11] += S1(w[9]) + w[4] + S0(w[12]);
t2 = sum0(f) + Maj(f, g, h);
a += t1;
e = t1 + t2;
t1 = d + sum1(a) + Ch(a, b, c) + k[t+12] + w[12];
w[12] += S1(w[10]) + w[5] + S0(w[13]);
t2 = sum0(e) + Maj(e, f, g);
h += t1;
d = t1 + t2;
t1 = c + sum1(h) + Ch(h, a, b) + k[t+13] + w[13];
w[13] += S1(w[11]) + w[6] + S0(w[14]);
t2 = sum0(d) + Maj(d, e, f);
g += t1;
c = t1 + t2;
t1 = b + sum1(g) + Ch(g, h, a) + k[t+14] + w[14];
w[14] += S1(w[12]) + w[7] + S0(w[15]);
t2 = sum0(c) + Maj(c, d, e);
f += t1;
b = t1 + t2;
t1 = a + sum1(f) + Ch(f, g, h) + k[t+15] + w[15];
w[15] += S1(w[13]) + w[8] + S0(w[0]);
t2 = sum0(b) + Maj(b, c, d);
e += t1;
a = t1 + t2;
t += 16;
#endif
}
for (; t < 80; )
{
u64 t1, t2;
#ifndef SHA512_UNROLLED
t1 = h + sum1(e) + Ch(e, f, g) + k[t] + w[t%16];
t2 = sum0(a) + Maj(a, b, c);
h = g;
g = f;
f = e;
e = d + t1;
d = c;
c = b;
b = a;
a = t1 + t2;
t++;
#else /* Unrolled */
t1 = h + sum1(e) + Ch(e, f, g) + k[t] + w[0];
t2 = sum0(a) + Maj(a, b, c);
d += t1;
h = t1 + t2;
t1 = g + sum1(d) + Ch(d, e, f) + k[t+1] + w[1];
t2 = sum0(h) + Maj(h, a, b);
c += t1;
g = t1 + t2;
t1 = f + sum1(c) + Ch(c, d, e) + k[t+2] + w[2];
t2 = sum0(g) + Maj(g, h, a);
b += t1;
f = t1 + t2;
t1 = e + sum1(b) + Ch(b, c, d) + k[t+3] + w[3];
t2 = sum0(f) + Maj(f, g, h);
a += t1;
e = t1 + t2;
t1 = d + sum1(a) + Ch(a, b, c) + k[t+4] + w[4];
t2 = sum0(e) + Maj(e, f, g);
h += t1;
d = t1 + t2;
t1 = c + sum1(h) + Ch(h, a, b) + k[t+5] + w[5];
t2 = sum0(d) + Maj(d, e, f);
g += t1;
c = t1 + t2;
t1 = b + sum1(g) + Ch(g, h, a) + k[t+6] + w[6];
t2 = sum0(c) + Maj(c, d, e);
f += t1;
b = t1 + t2;
t1 = a + sum1(f) + Ch(f, g, h) + k[t+7] + w[7];
t2 = sum0(b) + Maj(b, c, d);
e += t1;
a = t1 + t2;
t1 = h + sum1(e) + Ch(e, f, g) + k[t+8] + w[8];
t2 = sum0(a) + Maj(a, b, c);
d += t1;
h = t1 + t2;
t1 = g + sum1(d) + Ch(d, e, f) + k[t+9] + w[9];
t2 = sum0(h) + Maj(h, a, b);
c += t1;
g = t1 + t2;
t1 = f + sum1(c) + Ch(c, d, e) + k[t+10] + w[10];
t2 = sum0(g) + Maj(g, h, a);
b += t1;
f = t1 + t2;
t1 = e + sum1(b) + Ch(b, c, d) + k[t+11] + w[11];
t2 = sum0(f) + Maj(f, g, h);
a += t1;
e = t1 + t2;
t1 = d + sum1(a) + Ch(a, b, c) + k[t+12] + w[12];
t2 = sum0(e) + Maj(e, f, g);
h += t1;
d = t1 + t2;
t1 = c + sum1(h) + Ch(h, a, b) + k[t+13] + w[13];
t2 = sum0(d) + Maj(d, e, f);
g += t1;
c = t1 + t2;
t1 = b + sum1(g) + Ch(g, h, a) + k[t+14] + w[14];
t2 = sum0(c) + Maj(c, d, e);
f += t1;
b = t1 + t2;
t1 = a + sum1(f) + Ch(f, g, h) + k[t+15] + w[15];
t2 = sum0(b) + Maj(b, c, d);
e += t1;
a = t1 + t2;
t += 16;
#endif
}
/* Update chaining vars. */
ctx->h0 += a;
ctx->h1 += b;
ctx->h2 += c;
ctx->h3 += d;
ctx->h4 += e;
ctx->h5 += f;
ctx->h6 += g;
ctx->h7 += h;
return /* burn_stack */ (8 + 16) * sizeof(u64) + sizeof(u32) + 3 * sizeof(void*);
}
void
sha512_update(struct sha512_context *ctx, const byte *buf, size_t len)
{
if (ctx->count)
{
/* Fill rest of internal buffer */
for (; len && ctx->count < SHA512_BLOCK_SIZE; len--)
ctx->buf[ctx->count++] = *buf++;
if (ctx->count < SHA512_BLOCK_SIZE)
return;
/* Process data from internal buffer */
sha512_transform(ctx, ctx->buf);
ctx->nblocks++;
ctx->count = 0;
}
if (!len)
return;
/* Process data from input buffer */
while (len >= SHA512_BLOCK_SIZE)
{
sha512_transform(ctx, buf);
ctx->nblocks++;
buf += SHA512_BLOCK_SIZE;
len -= SHA512_BLOCK_SIZE;
}
/* Copy remaining data to internal buffer */
memcpy(ctx->buf, buf, len);
ctx->count = len;
}
/*
* The routine final terminates the computation and returns the digest. The
* handle is prepared for a new cycle, but adding bytes to the handle will the
* destroy the returned buffer.
*
* Returns: 64 bytes representing the digest. When used for sha384, we take the
* first 48 of those bytes.
*/
byte *
sha512_final(struct sha512_context *ctx)
{
u64 t, th, msb, lsb;
sha512_update(ctx, NULL, 0); /* flush */
t = ctx->nblocks;
th = 0;
/* multiply by 128 to make a byte count */
lsb = t << 7;
msb = (th << 7) | (t >> 57);
/* add the count */
t = lsb;
if ((lsb += ctx->count) < t)
msb++;
/* multiply by 8 to make a bit count */
t = lsb;
lsb <<= 3;
msb <<= 3;
msb |= t >> 61;
if (ctx->count < 112)
{
/* enough room */
ctx->buf[ctx->count++] = 0x80; /* pad */
while(ctx->count < 112)
ctx->buf[ctx->count++] = 0; /* pad */
}
else
{
/* need one extra block */
ctx->buf[ctx->count++] = 0x80; /* pad character */
while(ctx->count < 128)
ctx->buf[ctx->count++] = 0;
sha512_update(ctx, NULL, 0); /* flush */
memset(ctx->buf, 0, 112); /* fill next block with zeroes */
}
/* append the 128 bit count */
put_u64(ctx->buf + 112, msb);
put_u64(ctx->buf + 120, lsb);
sha512_transform(ctx, ctx->buf);
byte *p = ctx->buf;
#define X(a) do { put_u64(p, ctx->h##a); p += 8; } while(0)
X(0);
X(1);
X(2);
X(3);
X(4);
X(5);
X(6);
X(7);
#undef X
return ctx->buf;
}
/*
* SHA512-HMAC
*/
static void
sha512_hash_buffer(byte *outbuf, const byte *buffer, size_t length)
{
struct sha512_context ctx;
sha512_init(&ctx);
sha512_update(&ctx, buffer, length);
memcpy(outbuf, sha512_final(&ctx), SHA512_SIZE);
}
void
sha512_hmac_init(struct sha512_hmac_context *ctx, const byte *key, size_t keylen)
{
byte keybuf[SHA512_BLOCK_SIZE], buf[SHA512_BLOCK_SIZE];
/* Hash the key if necessary */
if (keylen <= SHA512_BLOCK_SIZE)
{
memcpy(keybuf, key, keylen);
memset(keybuf + keylen, 0, SHA512_BLOCK_SIZE - keylen);
}
else
{
sha512_hash_buffer(keybuf, key, keylen);
memset(keybuf + SHA512_SIZE, 0, SHA512_BLOCK_SIZE - SHA512_SIZE);
}
/* Initialize the inner digest */
sha512_init(&ctx->ictx);
int i;
for (i = 0; i < SHA512_BLOCK_SIZE; i++)
buf[i] = keybuf[i] ^ 0x36;
sha512_update(&ctx->ictx, buf, SHA512_BLOCK_SIZE);
/* Initialize the outer digest */
sha512_init(&ctx->octx);
for (i = 0; i < SHA512_BLOCK_SIZE; i++)
buf[i] = keybuf[i] ^ 0x5c;
sha512_update(&ctx->octx, buf, SHA512_BLOCK_SIZE);
}
void
sha512_hmac_update(struct sha512_hmac_context *ctx, const byte *buf, size_t buflen)
{
/* Just update the inner digest */
sha512_update(&ctx->ictx, buf, buflen);
}
byte *
sha512_hmac_final(struct sha512_hmac_context *ctx)
{
/* Finish the inner digest */
byte *isha = sha512_final(&ctx->ictx);
/* Finish the outer digest */
sha512_update(&ctx->octx, isha, SHA512_SIZE);
return sha512_final(&ctx->octx);
}
/*
* SHA384-HMAC
*/
static void
sha384_hash_buffer(byte *outbuf, const byte *buffer, size_t length)
{
struct sha384_context ctx;
sha384_init(&ctx);
sha384_update(&ctx, buffer, length);
memcpy(outbuf, sha384_final(&ctx), SHA384_SIZE);
}
void
sha384_hmac_init(struct sha384_hmac_context *ctx, const byte *key, size_t keylen)
{
byte keybuf[SHA384_BLOCK_SIZE], buf[SHA384_BLOCK_SIZE];
/* Hash the key if necessary */
if (keylen <= SHA384_BLOCK_SIZE)
{
memcpy(keybuf, key, keylen);
memset(keybuf + keylen, 0, SHA384_BLOCK_SIZE - keylen);
}
else
{
sha384_hash_buffer(keybuf, key, keylen);
memset(keybuf + SHA384_SIZE, 0, SHA384_BLOCK_SIZE - SHA384_SIZE);
}
/* Initialize the inner digest */
sha384_init(&ctx->ictx);
int i;
for (i = 0; i < SHA384_BLOCK_SIZE; i++)
buf[i] = keybuf[i] ^ 0x36;
sha384_update(&ctx->ictx, buf, SHA384_BLOCK_SIZE);
/* Initialize the outer digest */
sha384_init(&ctx->octx);
for (i = 0; i < SHA384_BLOCK_SIZE; i++)
buf[i] = keybuf[i] ^ 0x5c;
sha384_update(&ctx->octx, buf, SHA384_BLOCK_SIZE);
}
void
sha384_hmac_update(struct sha384_hmac_context *ctx, const byte *buf, size_t buflen)
{
/* Just update the inner digest */
sha384_update(&ctx->ictx, buf, buflen);
}
byte *
sha384_hmac_final(struct sha384_hmac_context *ctx)
{
/* Finish the inner digest */
byte *isha = sha384_final(&ctx->ictx);
/* Finish the outer digest */
sha384_update(&ctx->octx, isha, SHA384_SIZE);
return sha384_final(&ctx->octx);
}

73
lib/sha512.h Normal file
View File

@ -0,0 +1,73 @@
/*
* BIRD Library -- SHA-512 and SHA-384 Hash Functions,
* HMAC-SHA-512 and HMAC-SHA-384 Functions
*
* (c) 2015 CZ.NIC z.s.p.o.
*
* Based on the code from libgcrypt-1.6.0, which is
* (c) 2003, 2006, 2008, 2009 Free Software Foundation, Inc.
*
* Can be freely distributed and used under the terms of the GNU GPL.
*/
#ifndef _BIRD_SHA512_H_
#define _BIRD_SHA512_H_
#include "nest/bird.h"
#define SHA384_SIZE 48
#define SHA384_HEX_SIZE 97
#define SHA384_BLOCK_SIZE 128
#define SHA512_SIZE 64
#define SHA512_HEX_SIZE 129
#define SHA512_BLOCK_SIZE 128
struct sha512_context {
u64 h0, h1, h2, h3, h4, h5, h6, h7;
byte buf[SHA512_BLOCK_SIZE];
uint nblocks;
uint count;
};
#define sha384_context sha512_context
void sha512_init(struct sha512_context *ctx);
void sha384_init(struct sha384_context *ctx);
void sha512_update(struct sha512_context *ctx, const byte *buf, size_t len);
static inline void sha384_update(struct sha384_context *ctx, const byte *buf, size_t len)
{ sha512_update(ctx, buf, len); }
byte *sha512_final(struct sha512_context *ctx);
static inline byte *sha384_final(struct sha384_context *ctx)
{ return sha512_final(ctx); }
/*
* HMAC-SHA512, HMAC-SHA384
*/
struct sha512_hmac_context
{
struct sha512_context ictx;
struct sha512_context octx;
};
#define sha384_hmac_context sha512_hmac_context
void sha512_hmac_init(struct sha512_hmac_context *ctx, const byte *key, size_t keylen);
void sha384_hmac_init(struct sha384_hmac_context *ctx, const byte *key, size_t keylen);
void sha512_hmac_update(struct sha512_hmac_context *ctx, const byte *buf, size_t buflen);
void sha384_hmac_update(struct sha384_hmac_context *ctx, const byte *buf, size_t buflen);
byte *sha512_hmac_final(struct sha512_hmac_context *ctx);
byte *sha384_hmac_final(struct sha384_hmac_context *ctx);
#endif /* _BIRD_SHA512_H_ */

View File

@ -22,6 +22,6 @@ int buffer_vprint(buffer *buf, const char *fmt, va_list args);
int buffer_print(buffer *buf, const char *fmt, ...); int buffer_print(buffer *buf, const char *fmt, ...);
void buffer_puts(buffer *buf, const char *str); void buffer_puts(buffer *buf, const char *str);
int patmatch(byte *pat, byte *str); int patmatch(const byte *pat, const byte *str);
#endif #endif

View File

@ -20,7 +20,7 @@
#include "lib/string.h" #include "lib/string.h"
static inline u16 static inline u16
get_u16(void *p) get_u16(const void *p)
{ {
u16 x; u16 x;
memcpy(&x, p, 2); memcpy(&x, p, 2);
@ -28,13 +28,22 @@ get_u16(void *p)
} }
static inline u32 static inline u32
get_u32(void *p) get_u32(const void *p)
{ {
u32 x; u32 x;
memcpy(&x, p, 4); memcpy(&x, p, 4);
return ntohl(x); return ntohl(x);
} }
static inline u64
get_u64(const void *p)
{
u32 xh, xl;
memcpy(&xh, p, 4);
memcpy(&xl, p+4, 4);
return (((u64) ntohl(xh)) << 32) | ntohl(xl);
}
static inline void static inline void
put_u16(void *p, u16 x) put_u16(void *p, u16 x)
{ {
@ -49,4 +58,14 @@ put_u32(void *p, u32 x)
memcpy(p, &x, 4); memcpy(p, &x, 4);
} }
static inline void
put_u64(void *p, u64 x)
{
u32 xh, xl;
xh = htonl(x >> 32);
xl = htonl((u32) x);
memcpy(p, &xh, 4);
memcpy(p+4, &xl, 4);
}
#endif #endif

View File

@ -51,3 +51,18 @@ password_find_by_id(list *l, int id)
return NULL; return NULL;
} }
struct password_item *
password_find_by_value(list *l, char *pass, uint size)
{
struct password_item *pi;
if (!l)
return NULL;
WALK_LIST(pi, *l)
if (password_verify(pi, pass, size) && (pi->accfrom <= now_real) && (now_real < pi->accto))
return pi;
return NULL;
}

View File

@ -11,8 +11,6 @@
#define PASSWORD_H #define PASSWORD_H
#include "lib/timer.h" #include "lib/timer.h"
#define MD5_AUTH_SIZE 16
struct password_item { struct password_item {
node n; node n;
char *password; char *password;
@ -24,6 +22,7 @@ extern struct password_item *last_password_item;
struct password_item *password_find(list *l, int first_fit); struct password_item *password_find(list *l, int first_fit);
struct password_item *password_find_by_id(list *l, int id); struct password_item *password_find_by_id(list *l, int id);
struct password_item *password_find_by_value(list *l, char *pass, uint size);
static inline int password_verify(struct password_item *p1, char *p2, uint size) static inline int password_verify(struct password_item *p1, char *p2, uint size)
{ {

View File

@ -521,7 +521,7 @@ protos_commit(struct config *new, struct config *old, int force_reconfig, int ty
WALK_LIST(oc, old->protos) WALK_LIST(oc, old->protos)
{ {
p = oc->proto; p = oc->proto;
sym = cf_find_symbol(oc->name); sym = cf_find_symbol(new, oc->name);
if (sym && sym->class == SYM_PROTO && !new->shutdown) if (sym && sym->class == SYM_PROTO && !new->shutdown)
{ {
/* Found match, let's check if we can smoothly switch to new configuration */ /* Found match, let's check if we can smoothly switch to new configuration */

View File

@ -75,6 +75,8 @@ void fib_check(struct fib *); /* Consistency check for debugging */
void fit_init(struct fib_iterator *, struct fib *); /* Internal functions, don't call */ void fit_init(struct fib_iterator *, struct fib *); /* Internal functions, don't call */
struct fib_node *fit_get(struct fib *, struct fib_iterator *); struct fib_node *fit_get(struct fib *, struct fib_iterator *);
void fit_put(struct fib_iterator *, struct fib_node *); void fit_put(struct fib_iterator *, struct fib_node *);
void fit_put_next(struct fib *f, struct fib_iterator *i, struct fib_node *n, uint hpos);
#define FIB_WALK(fib, z) do { \ #define FIB_WALK(fib, z) do { \
struct fib_node *z, **ff = (fib)->hash_table; \ struct fib_node *z, **ff = (fib)->hash_table; \
@ -103,6 +105,11 @@ void fit_put(struct fib_iterator *, struct fib_node *);
#define FIB_ITERATE_PUT(it, z) fit_put(it, z) #define FIB_ITERATE_PUT(it, z) fit_put(it, z)
#define FIB_ITERATE_PUT_NEXT(it, fib, z) fit_put_next(fib, it, z, hpos)
#define FIB_ITERATE_UNLINK(it, fib) fit_get(fib, it)
/* /*
* Master Routing Tables. Generally speaking, each of them contains a FIB * Master Routing Tables. Generally speaking, each of them contains a FIB
* with each entry pointing to a list of route entries representing routes * with each entry pointing to a list of route entries representing routes
@ -174,7 +181,7 @@ struct hostentry {
ip_addr addr; /* IP address of host, part of key */ ip_addr addr; /* IP address of host, part of key */
ip_addr link; /* (link-local) IP address of host, used as gw ip_addr link; /* (link-local) IP address of host, used as gw
if host is directly attached */ if host is directly attached */
struct rtable *tab; /* Dependent table, part of key*/ struct rtable *tab; /* Dependent table, part of key */
struct hostentry *next; /* Next in hash chain */ struct hostentry *next; /* Next in hash chain */
unsigned hash_key; /* Hash key */ unsigned hash_key; /* Hash key */
unsigned uc; /* Use count */ unsigned uc; /* Use count */
@ -196,10 +203,9 @@ typedef struct rte {
union { /* Protocol-dependent data (metrics etc.) */ union { /* Protocol-dependent data (metrics etc.) */
#ifdef CONFIG_RIP #ifdef CONFIG_RIP
struct { struct {
node garbage; /* List for garbage collection */ struct iface *from; /* Incoming iface */
byte metric; /* RIP metric */ u8 metric; /* RIP metric */
u16 tag; /* External route tag */ u16 tag; /* External route tag */
struct rip_entry *entry;
} rip; } rip;
#endif #endif
#ifdef CONFIG_OSPF #ifdef CONFIG_OSPF
@ -507,19 +513,25 @@ void rta_show(struct cli *, rta *, ea_list *);
void rta_set_recursive_next_hop(rtable *dep, rta *a, rtable *tab, ip_addr *gw, ip_addr *ll); void rta_set_recursive_next_hop(rtable *dep, rta *a, rtable *tab, ip_addr *gw, ip_addr *ll);
/* /*
* rta_set_recursive_next_hop() acquires hostentry from hostcache and * rta_set_recursive_next_hop() acquires hostentry from hostcache and fills
* fills rta->hostentry field. New hostentry has zero use * rta->hostentry field. New hostentry has zero use count. Cached rta locks its
* count. Cached rta locks its hostentry (increases its use count), * hostentry (increases its use count), uncached rta does not lock it. Hostentry
* uncached rta does not lock it. Hostentry with zero use count is * with zero use count is removed asynchronously during host cache update,
* removed asynchronously during host cache update, therefore it is * therefore it is safe to hold such hostentry temorarily. Hostentry holds a
* safe to hold such hostentry temorarily. Hostentry holds a lock for * lock for a 'source' rta, mainly to share multipath nexthops.
* a 'source' rta, mainly to share multipath nexthops. There is no *
* need to hold a lock for hostentry->dep table, because that table * There is no need to hold a lock for hostentry->dep table, because that table
* contains routes responsible for that hostentry, and therefore is * contains routes responsible for that hostentry, and therefore is non-empty if
* non-empty if given hostentry has non-zero use count. The protocol * given hostentry has non-zero use count. If the hostentry has zero use count,
* responsible for routes with recursive next hops should also hold a * the entry is removed before dep is referenced.
* lock for a table governing that routes (argument tab to *
* rta_set_recursive_next_hop()). * The protocol responsible for routes with recursive next hops should hold a
* lock for a 'source' table governing that routes (argument tab to
* rta_set_recursive_next_hop()), because its routes reference hostentries
* (through rta) related to the governing table. When all such routes are
* removed, rtas are immediately removed achieving zero uc. Then the 'source'
* table lock could be immediately released, although hostentries may still
* exist - they will be freed together with the 'source' table.
*/ */
static inline void rt_lock_hostentry(struct hostentry *he) { if (he) he->uc++; } static inline void rt_lock_hostentry(struct hostentry *he) { if (he) he->uc++; }

View File

@ -430,6 +430,25 @@ fit_put(struct fib_iterator *i, struct fib_node *n)
i->prev = (struct fib_iterator *) n; i->prev = (struct fib_iterator *) n;
} }
void
fit_put_next(struct fib *f, struct fib_iterator *i, struct fib_node *n, uint hpos)
{
if (n = n->next)
goto found;
while (++hpos < f->hash_size)
if (n = f->hash_table[hpos])
goto found;
/* We are at the end */
i->prev = i->next = NULL;
i->node = NULL;
return;
found:
fit_put(i, n);
}
#ifdef DEBUGGING #ifdef DEBUGGING
/** /**

View File

@ -311,7 +311,7 @@ roa_commit(struct config *new, struct config *old)
if (old) if (old)
WALK_LIST(t, roa_table_list) WALK_LIST(t, roa_table_list)
{ {
struct symbol *sym = cf_find_symbol(t->name); struct symbol *sym = cf_find_symbol(new, t->name);
if (sym && sym->class == SYM_ROA) if (sym && sym->class == SYM_ROA)
{ {
/* Found old table in new config */ /* Found old table in new config */

View File

@ -888,12 +888,6 @@ rte_recalculate(struct announce_hook *ah, net *net, rte *new, struct rte_src *sr
} }
rte_free_quick(new); rte_free_quick(new);
#ifdef CONFIG_RIP
/* lastmod is used internally by RIP as the last time
when the route was received. */
if (src->proto->proto == &proto_rip)
old->lastmod = now;
#endif
return; return;
} }
*k = old->next; *k = old->next;
@ -1663,7 +1657,7 @@ rt_prune_loop(void)
void void
rt_preconfig(struct config *c) rt_preconfig(struct config *c)
{ {
struct symbol *s = cf_find_symbol("master"); struct symbol *s = cf_get_symbol("master");
init_list(&c->tables); init_list(&c->tables);
c->master_rtc = rt_new_table(s); c->master_rtc = rt_new_table(s);
@ -1868,6 +1862,7 @@ rt_unlock_table(rtable *r)
{ {
struct config *conf = r->deleted; struct config *conf = r->deleted;
DBG("Deleting routing table %s\n", r->name); DBG("Deleting routing table %s\n", r->name);
r->config->table = NULL;
if (r->hostcache) if (r->hostcache)
rt_free_hostcache(r); rt_free_hostcache(r);
rem_node(&r->n); rem_node(&r->n);
@ -1903,7 +1898,7 @@ rt_commit(struct config *new, struct config *old)
rtable *ot = o->table; rtable *ot = o->table;
if (!ot->deleted) if (!ot->deleted)
{ {
struct symbol *sym = cf_find_symbol(o->name); struct symbol *sym = cf_find_symbol(new, o->name);
if (sym && sym->class == SYM_TABLE && !new->shutdown) if (sym && sym->class == SYM_TABLE && !new->shutdown)
{ {
DBG("\t%s: same\n", o->name); DBG("\t%s: same\n", o->name);

View File

@ -493,8 +493,11 @@ ospf_iface_add(struct object_lock *lock)
ifa->flood_queue = mb_allocz(ifa->pool, ifa->flood_queue_size * sizeof(void *)); ifa->flood_queue = mb_allocz(ifa->pool, ifa->flood_queue_size * sizeof(void *));
} }
/* Do iface UP, unless there is no link and we use link detection */ /* Do iface UP, unless there is no link (then wait in LOOP state) */
ospf_iface_sm(ifa, (ifa->check_link && !(ifa->iface->flags & IF_LINK_UP)) ? ISM_LOOP : ISM_UP); if (!ifa->check_link || (ifa->iface->flags & IF_LINK_UP))
ospf_iface_sm(ifa, ISM_UP);
else
ospf_iface_chstate(ifa, OSPF_IS_LOOP);
} }
static inline void static inline void

View File

@ -11,6 +11,7 @@
#include "ospf.h" #include "ospf.h"
#include "nest/password.h" #include "nest/password.h"
#include "lib/md5.h" #include "lib/md5.h"
#include "lib/socket.h"
void void
ospf_pkt_fill_hdr(struct ospf_iface *ifa, void *buf, u8 h_type) ospf_pkt_fill_hdr(struct ospf_iface *ifa, void *buf, u8 h_type)
@ -108,11 +109,11 @@ ospf_pkt_finalize(struct ospf_iface *ifa, struct ospf_packet *pkt)
char password[OSPF_AUTH_CRYPT_SIZE]; char password[OSPF_AUTH_CRYPT_SIZE];
strncpy(password, passwd->password, sizeof(password)); strncpy(password, passwd->password, sizeof(password));
struct MD5Context ctxt; struct md5_context ctx;
MD5Init(&ctxt); md5_init(&ctx);
MD5Update(&ctxt, (char *) pkt, plen); md5_update(&ctx, (char *) pkt, plen);
MD5Update(&ctxt, password, OSPF_AUTH_CRYPT_SIZE); md5_update(&ctx, password, OSPF_AUTH_CRYPT_SIZE);
MD5Final(tail, &ctxt); memcpy((byte *) tail, md5_final(&ctx), MD5_SIZE);
break; break;
default: default:
@ -174,19 +175,17 @@ ospf_pkt_checkauth(struct ospf_neighbor *n, struct ospf_iface *ifa, struct ospf_
if (!pass) if (!pass)
DROP("no suitable password found", auth->md5.keyid); DROP("no suitable password found", auth->md5.keyid);
void *tail = ((void *) pkt) + plen; byte *tail = ((byte *) pkt) + plen;
char passwd[OSPF_AUTH_CRYPT_SIZE]; char received[OSPF_AUTH_CRYPT_SIZE];
char md5sum[OSPF_AUTH_CRYPT_SIZE]; memcpy(received, tail, OSPF_AUTH_CRYPT_SIZE);
strncpy(tail, pass->password, OSPF_AUTH_CRYPT_SIZE);
strncpy(passwd, pass->password, OSPF_AUTH_CRYPT_SIZE); struct md5_context ctx;
md5_init(&ctx);
md5_update(&ctx, (byte *) pkt, plen + OSPF_AUTH_CRYPT_SIZE);
char *computed = md5_final(&ctx);
struct MD5Context ctxt; if (memcmp(received, computed, OSPF_AUTH_CRYPT_SIZE))
MD5Init(&ctxt);
MD5Update(&ctxt, (char *) pkt, plen);
MD5Update(&ctxt, passwd, OSPF_AUTH_CRYPT_SIZE);
MD5Final(md5sum, &ctxt);
if (memcmp(md5sum, tail, OSPF_AUTH_CRYPT_SIZE))
DROP("wrong MD5 digest", pass->id); DROP("wrong MD5 digest", pass->id);
if (n) if (n)
@ -223,7 +222,7 @@ ospf_rx_hook(sock *sk, int len)
return 1; return 1;
DBG("OSPF: RX hook called (iface %s, src %I, dst %I)\n", DBG("OSPF: RX hook called (iface %s, src %I, dst %I)\n",
sk->ifname, sk->faddr, sk->laddr); sk->iface->name, sk->faddr, sk->laddr);
/* Initially, the packet is associated with the 'master' iface */ /* Initially, the packet is associated with the 'master' iface */
struct ospf_iface *ifa = sk->data; struct ospf_iface *ifa = sk->data;
@ -231,6 +230,10 @@ ospf_rx_hook(sock *sk, int len)
const char *err_dsc = NULL; const char *err_dsc = NULL;
uint err_val = 0; uint err_val = 0;
/* Should not happen */
if (ifa->state <= OSPF_IS_LOOP)
return 1;
int src_local, dst_local, dst_mcast; int src_local, dst_local, dst_mcast;
src_local = ipa_in_net(sk->faddr, ifa->addr->prefix, ifa->addr->pxlen); src_local = ipa_in_net(sk->faddr, ifa->addr->prefix, ifa->addr->pxlen);
dst_local = ipa_equal(sk->laddr, ifa->addr->ip); dst_local = ipa_equal(sk->laddr, ifa->addr->ip);

View File

@ -1,2 +1,2 @@
S rip.c S rip.c
S auth.c S packets.c

View File

@ -1,4 +1,4 @@
source=rip.c auth.c source=rip.c packets.c
root-rel=../../ root-rel=../../
dir-name=proto/rip dir-name=proto/rip

View File

@ -1,168 +0,0 @@
/*
* Rest in pieces - RIP protocol
*
* Copyright (c) 1999 Pavel Machek <pavel@ucw.cz>
* Copyright (c) 2004 Ondrej Filip <feela@network.cz>
*
* Bug fixes by Eric Leblond <eleblond@init-sys.com>, April 2003
*
* Can be freely distributed and used under the terms of the GNU GPL.
*/
#undef LOCAL_DEBUG
#include "nest/bird.h"
#include "nest/iface.h"
#include "nest/protocol.h"
#include "nest/route.h"
#include "lib/socket.h"
#include "lib/resource.h"
#include "lib/lists.h"
#include "lib/timer.h"
#include "lib/md5.h"
#include "lib/string.h"
#include "rip.h"
#define P ((struct rip_proto *) p)
#define P_CF ((struct rip_proto_config *)p->cf)
#define PACKETLEN(num) (num * sizeof(struct rip_block) + sizeof(struct rip_packet_heading))
/*
* rip_incoming_authentication - check authentication of incomming packet and return 1 if there's problem.
*/
int
rip_incoming_authentication( struct proto *p, struct rip_block_auth *block, struct rip_packet *packet, int num, ip_addr whotoldme )
{
DBG( "Incoming authentication: " );
switch (ntohs(block->authtype)) { /* Authentication type */
case AT_PLAINTEXT:
{
struct password_item *passwd = password_find(P_CF->passwords, 1);
DBG( "Plaintext passwd" );
if (!passwd) {
log( L_AUTH "No passwords set and password authentication came" );
return 1;
}
if (strncmp( (char *) (&block->packetlen), passwd->password, 16)) {
log( L_AUTH "Passwd authentication failed!" );
DBG( "Expected %s, got %.16s\n", passwd->password, &block->packetlen );
return 1;
}
}
break;
case AT_MD5:
DBG( "md5 password" );
{
struct password_item *pass = NULL, *ptmp;
struct rip_md5_tail *tail;
struct MD5Context ctxt;
char md5sum_packet[16];
char md5sum_computed[16];
struct neighbor *neigh = neigh_find(p, &whotoldme, 0);
list *l = P_CF->passwords;
if (ntohs(block->packetlen) != PACKETLEN(num) - sizeof(struct rip_md5_tail) ) {
log( L_ERR "Packet length in MD5 does not match computed value" );
return 1;
}
tail = (struct rip_md5_tail *) ((char *) packet + (ntohs(block->packetlen) ));
if ((tail->mustbeFFFF != 0xffff) || (tail->mustbe0001 != 0x0100)) {
log( L_ERR "MD5 tail signature is not there" );
return 1;
}
WALK_LIST(ptmp, *l)
{
if (block->keyid != ptmp->id) continue;
if ((ptmp->genfrom > now_real) || (ptmp->gento < now_real)) continue;
pass = ptmp;
break;
}
if(!pass) return 1;
if (!neigh) {
log( L_AUTH "Non-neighbour MD5 checksummed packet?" );
} else {
if (neigh->aux > block->seq) {
log( L_AUTH "MD5 protected packet with lower numbers" );
return 1;
}
neigh->aux = block->seq;
}
memcpy(md5sum_packet, tail->md5, 16);
strncpy(tail->md5, pass->password, 16);
MD5Init(&ctxt);
MD5Update(&ctxt, (char *) packet, ntohs(block->packetlen) + sizeof(struct rip_block_auth) );
MD5Final(md5sum_computed, &ctxt);
if (memcmp(md5sum_packet, md5sum_computed, 16))
return 1;
}
}
return 0;
}
/*
* rip_outgoing_authentication - append authentication information to the packet.
* %num: number of rip_blocks already in packets. This function returns size of packet to send.
*/
int
rip_outgoing_authentication( struct proto *p, struct rip_block_auth *block, struct rip_packet *packet, int num )
{
struct password_item *passwd = password_find(P_CF->passwords, 1);
if (!P_CF->authtype)
return PACKETLEN(num);
DBG( "Outgoing authentication: " );
if (!passwd) {
log( L_ERR "No suitable password found for authentication" );
return PACKETLEN(num);
}
block->authtype = htons(P_CF->authtype);
block->mustbeFFFF = 0xffff;
switch (P_CF->authtype) {
case AT_PLAINTEXT:
strncpy( (char *) (&block->packetlen), passwd->password, 16);
return PACKETLEN(num);
case AT_MD5:
{
struct rip_md5_tail *tail;
struct MD5Context ctxt;
static u32 sequence = 0;
if (num > PACKET_MD5_MAX)
bug( "We can not add MD5 authentication to this long packet" );
/* need to preset the sequence number to a sane value */
if (!sequence)
sequence = (u32) time(NULL);
block->keyid = passwd->id;
block->authlen = sizeof(struct rip_block_auth);
block->seq = sequence++;
block->zero0 = 0;
block->zero1 = 0;
block->packetlen = htons(PACKETLEN(num));
tail = (struct rip_md5_tail *) ((char *) packet + PACKETLEN(num) );
tail->mustbeFFFF = 0xffff;
tail->mustbe0001 = 0x0100;
strncpy(tail->md5, passwd->password, 16);
MD5Init(&ctxt);
MD5Update(&ctxt, (char *) packet, PACKETLEN(num) + sizeof(struct rip_md5_tail));
MD5Final(tail->md5, &ctxt);
return PACKETLEN(num) + block->authlen;
}
default:
bug( "Unknown authtype in outgoing authentication?" );
}
}

View File

@ -1,17 +1,14 @@
/* /*
* BIRD -- RIP Configuration * BIRD -- RIP Configuration
* *
* (c) 1998--1999 Pavel Machek <pavel@ucw.cz>
* (c) 2004--2013 Ondrej Filip <feela@network.cz>
* (c) 2009--2015 Ondrej Zajicek <santiago@crfreenet.org>
* (c) 2009--2015 CZ.NIC z.s.p.o.
*
* Can be freely distributed and used under the terms of the GNU GPL. * Can be freely distributed and used under the terms of the GNU GPL.
*/ */
/*
To add:
version1 switch
*/
CF_HDR CF_HDR
#include "proto/rip/rip.h" #include "proto/rip/rip.h"
@ -19,73 +16,138 @@ CF_HDR
CF_DEFINES CF_DEFINES
#define RIP_CFG ((struct rip_proto_config *) this_proto) #define RIP_CFG ((struct rip_config *) this_proto)
#define RIP_IPATT ((struct rip_patt *) this_ipatt) #define RIP_IFACE ((struct rip_iface_config *) this_ipatt)
static inline int rip_cfg_is_v2(void) { return RIP_CFG->rip2; }
static inline int rip_cfg_is_ng(void) { return ! RIP_CFG->rip2; }
static inline void
rip_check_auth(void)
{
if (rip_cfg_is_ng())
cf_error("Authentication not supported in RIPng");
}
#ifdef IPV6
#define RIP_DEFAULT_TTL_SECURITY 2
#else
#define RIP_DEFAULT_TTL_SECURITY 0
#endif
CF_DECLS CF_DECLS
CF_KEYWORDS(RIP, INFINITY, METRIC, PORT, PERIOD, GARBAGE, TIMEOUT, CF_KEYWORDS(RIP, ECMP, LIMIT, WEIGHT, INFINITY, METRIC, UPDATE, TIMEOUT,
MODE, BROADCAST, MULTICAST, QUIET, NOLISTEN, VERSION1, GARBAGE, PORT, ADDRESS, MODE, BROADCAST, MULTICAST, PASSIVE,
AUTHENTICATION, NONE, PLAINTEXT, MD5, TTL, SECURITY, VERSION, SPLIT, HORIZON, POISON, REVERSE, CHECK, ZERO, TIME, BFD,
HONOR, NEVER, NEIGHBOR, ALWAYS, TX, PRIORITY, ONLY, AUTHENTICATION, NONE, PLAINTEXT, CRYPTOGRAPHIC, MD5, TTL, SECURITY,
RIP_METRIC, RIP_TAG) RX, TX, BUFFER, LENGTH, PRIORITY, ONLY, LINK, RIP_METRIC, RIP_TAG)
%type <i> rip_mode rip_auth %type <i> rip_auth
CF_GRAMMAR CF_GRAMMAR
CF_ADDTO(proto, rip_cfg '}' { RIP_CFG->passwords = get_passwords(); } ) CF_ADDTO(proto, rip_proto)
rip_cfg_start: proto_start RIP { rip_proto_start: proto_start RIP
{
this_proto = proto_config_new(&proto_rip, $1); this_proto = proto_config_new(&proto_rip, $1);
rip_init_config(RIP_CFG); init_list(&RIP_CFG->patt_list);
}
RIP_CFG->rip2 = RIP_IS_V2;
RIP_CFG->infinity = RIP_DEFAULT_INFINITY;
RIP_CFG->min_timeout_time = 60;
RIP_CFG->max_garbage_time = 60;
};
rip_proto_item:
proto_item
| ECMP bool { RIP_CFG->ecmp = $2 ? RIP_DEFAULT_ECMP_LIMIT : 0; }
| ECMP bool LIMIT expr { RIP_CFG->ecmp = $2 ? $4 : 0; if ($4 < 0) cf_error("ECMP limit cannot be negative"); }
| INFINITY expr { RIP_CFG->infinity = $2; }
| INTERFACE rip_iface
; ;
rip_cfg: rip_proto_opts:
rip_cfg_start proto_name '{' /* empty */
| rip_cfg proto_item ';' | rip_proto_opts rip_proto_item ';'
| rip_cfg INFINITY expr ';' { RIP_CFG->infinity = $3; }
| rip_cfg PORT expr ';' { RIP_CFG->port = $3; }
| rip_cfg PERIOD expr ';' { RIP_CFG->period = $3; }
| rip_cfg GARBAGE TIME expr ';' { RIP_CFG->garbage_time = $4; }
| rip_cfg TIMEOUT TIME expr ';' { RIP_CFG->timeout_time = $4; }
| rip_cfg AUTHENTICATION rip_auth ';' {RIP_CFG->authtype = $3; }
| rip_cfg password_list ';'
| rip_cfg HONOR ALWAYS ';' { RIP_CFG->honor = HO_ALWAYS; }
| rip_cfg HONOR NEIGHBOR ';' { RIP_CFG->honor = HO_NEIGHBOR; }
| rip_cfg HONOR NEVER ';' { RIP_CFG->honor = HO_NEVER; }
| rip_cfg INTERFACE rip_iface ';'
; ;
rip_auth: rip_proto:
PLAINTEXT { $$=AT_PLAINTEXT; } rip_proto_start proto_name '{' rip_proto_opts '}';
| MD5 { $$=AT_MD5; }
| NONE { $$=AT_NONE; }
;
rip_mode: rip_iface_start:
BROADCAST { $$=IM_BROADCAST; } {
| MULTICAST { $$=0; } this_ipatt = cfg_allocz(sizeof(struct rip_iface_config));
| QUIET { $$=IM_QUIET; } add_tail(&RIP_CFG->patt_list, NODE this_ipatt);
| NOLISTEN { $$=IM_NOLISTEN; } init_list(&this_ipatt->ipn_list);
| VERSION1 { $$=IM_VERSION1 | IM_BROADCAST; } reset_passwords();
;
RIP_IFACE->metric = 1;
RIP_IFACE->port = rip_cfg_is_v2() ? RIP_PORT : RIP_NG_PORT;
RIP_IFACE->version = rip_cfg_is_v2() ? RIP_V2 : RIP_V1;
RIP_IFACE->split_horizon = 1;
RIP_IFACE->poison_reverse = 1;
RIP_IFACE->check_zero = 1;
RIP_IFACE->ttl_security = rip_cfg_is_v2() ? 0 : 1;
RIP_IFACE->rx_buffer = rip_cfg_is_v2() ? RIP_MAX_PKT_LENGTH : 0;
RIP_IFACE->tx_length = rip_cfg_is_v2() ? RIP_MAX_PKT_LENGTH : 0;
RIP_IFACE->tx_tos = IP_PREC_INTERNET_CONTROL;
RIP_IFACE->tx_priority = sk_priority_control;
RIP_IFACE->update_time = RIP_DEFAULT_UPDATE_TIME;
RIP_IFACE->timeout_time = RIP_DEFAULT_TIMEOUT_TIME;
RIP_IFACE->garbage_time = RIP_DEFAULT_GARBAGE_TIME;
};
rip_iface_finish:
{
RIP_IFACE->passwords = get_passwords();
if (!RIP_IFACE->auth_type != !RIP_IFACE->passwords)
log(L_WARN "Authentication and password options should be used together");
/* Default mode is broadcast for RIPv1, multicast for RIPv2 and RIPng */
if (!RIP_IFACE->mode)
RIP_IFACE->mode = (rip_cfg_is_v2() && (RIP_IFACE->version == RIP_V1)) ?
RIP_IM_BROADCAST : RIP_IM_MULTICAST;
RIP_CFG->min_timeout_time = MIN_(RIP_CFG->min_timeout_time, RIP_IFACE->timeout_time);
RIP_CFG->max_garbage_time = MAX_(RIP_CFG->max_garbage_time, RIP_IFACE->garbage_time);
};
rip_iface_item: rip_iface_item:
| METRIC expr { RIP_IPATT->metric = $2; } METRIC expr { RIP_IFACE->metric = $2; if (($2<1) || ($2>255)) cf_error("Metric must be in range 1-255"); }
| MODE rip_mode { RIP_IPATT->mode |= $2; } | MODE MULTICAST { RIP_IFACE->mode = RIP_IM_MULTICAST; }
| TX tos { RIP_IPATT->tx_tos = $2; } | MODE BROADCAST { RIP_IFACE->mode = RIP_IM_BROADCAST; if (rip_cfg_is_ng()) cf_error("Broadcast not supported in RIPng"); }
| TX PRIORITY expr { RIP_IPATT->tx_priority = $3; } | PASSIVE bool { RIP_IFACE->passive = $2; }
| TTL SECURITY bool { RIP_IPATT->ttl_security = $3; } | ADDRESS ipa { RIP_IFACE->address = $2; }
| TTL SECURITY TX ONLY { RIP_IPATT->ttl_security = 2; } | PORT expr { RIP_IFACE->port = $2; if (($2<1) || ($2>65535)) cf_error("Invalid port number"); }
| VERSION expr { RIP_IFACE->version = $2;
if (rip_cfg_is_ng()) cf_error("Version not supported in RIPng");
if (($2 != RIP_V1) && ($2 != RIP_V2)) cf_error("Unsupported version");
}
| VERSION ONLY bool { RIP_IFACE->version_only = $3; }
| SPLIT HORIZON bool { RIP_IFACE->split_horizon = $3; }
| POISON REVERSE bool { RIP_IFACE->poison_reverse = $3; }
| CHECK ZERO bool { RIP_IFACE->check_zero = $3; }
| UPDATE TIME expr { RIP_IFACE->update_time = $3; if ($3<=0) cf_error("Update time must be positive"); }
| TIMEOUT TIME expr { RIP_IFACE->timeout_time = $3; if ($3<=0) cf_error("Timeout time must be positive"); }
| GARBAGE TIME expr { RIP_IFACE->garbage_time = $3; if ($3<=0) cf_error("Garbage time must be positive"); }
| ECMP WEIGHT expr { RIP_IFACE->ecmp_weight = $3 - 1; if (($3<1) || ($3>256)) cf_error("ECMP weight must be in range 1-256"); }
| RX BUFFER expr { RIP_IFACE->rx_buffer = $3; if (($3<256) || ($3>65535)) cf_error("TX length must be in range 256-65535"); }
| TX LENGTH expr { RIP_IFACE->tx_length = $3; if (($3<256) || ($3>65535)) cf_error("TX length must be in range 256-65535"); }
| TX tos { RIP_IFACE->tx_tos = $2; }
| TX PRIORITY expr { RIP_IFACE->tx_priority = $3; }
| TTL SECURITY bool { RIP_IFACE->ttl_security = $3; }
| TTL SECURITY TX ONLY { RIP_IFACE->ttl_security = 2; }
| CHECK LINK bool { RIP_IFACE->check_link = $3; }
| BFD bool { RIP_IFACE->bfd = $2; cf_check_bfd($2); }
| AUTHENTICATION rip_auth { RIP_IFACE->auth_type = $2; if ($2) rip_check_auth(); }
| password_list { rip_check_auth(); }
;
rip_auth:
NONE { $$ = RIP_AUTH_NONE; }
| PLAINTEXT { $$ = RIP_AUTH_PLAIN; }
| CRYPTOGRAPHIC { $$ = RIP_AUTH_CRYPTO; }
| MD5 { $$ = RIP_AUTH_CRYPTO; }
; ;
rip_iface_opts: rip_iface_opts:
@ -98,25 +160,22 @@ rip_iface_opt_list:
| '{' rip_iface_opts '}' | '{' rip_iface_opts '}'
; ;
rip_iface_init: rip_iface:
/* EMPTY */ { rip_iface_start iface_patt_list_nopx rip_iface_opt_list rip_iface_finish;
this_ipatt = cfg_allocz(sizeof(struct rip_patt));
add_tail(&RIP_CFG->iface_list, NODE this_ipatt);
init_list(&this_ipatt->ipn_list);
RIP_IPATT->metric = 1;
RIP_IPATT->tx_tos = IP_PREC_INTERNET_CONTROL;
RIP_IPATT->tx_priority = sk_priority_control;
RIP_IPATT->ttl_security = RIP_DEFAULT_TTL_SECURITY;
}
;
rip_iface: /* TODO: switch to iface_patt_list_nopx */
rip_iface_init iface_patt_list rip_iface_opt_list
;
CF_ADDTO(dynamic_attr, RIP_METRIC { $$ = f_new_dynamic_attr(EAF_TYPE_INT | EAF_TEMP, T_INT, EA_RIP_METRIC); }) CF_ADDTO(dynamic_attr, RIP_METRIC { $$ = f_new_dynamic_attr(EAF_TYPE_INT | EAF_TEMP, T_INT, EA_RIP_METRIC); })
CF_ADDTO(dynamic_attr, RIP_TAG { $$ = f_new_dynamic_attr(EAF_TYPE_INT | EAF_TEMP, T_INT, EA_RIP_TAG); }) CF_ADDTO(dynamic_attr, RIP_TAG { $$ = f_new_dynamic_attr(EAF_TYPE_INT | EAF_TEMP, T_INT, EA_RIP_TAG); })
CF_CLI_HELP(SHOW RIP, ..., [[Show information about RIP protocol]]);
CF_CLI(SHOW RIP INTERFACES, optsym opttext, [<name>] [\"<interface>\"], [[Show information about RIP interfaces]])
{ rip_show_interfaces(proto_get_named($4, &proto_rip), $5); };
CF_CLI(SHOW RIP NEIGHBORS, optsym opttext, [<name>] [\"<interface>\"], [[Show information about RIP neighbors]])
{ rip_show_neighbors(proto_get_named($4, &proto_rip), $5); };
CF_CODE CF_CODE
CF_END CF_END

770
proto/rip/packets.c Normal file
View File

@ -0,0 +1,770 @@
/*
* BIRD -- Routing Information Protocol (RIP)
*
* (c) 1998--1999 Pavel Machek <pavel@ucw.cz>
* (c) 2004--2013 Ondrej Filip <feela@network.cz>
* (c) 2009--2015 Ondrej Zajicek <santiago@crfreenet.org>
* (c) 2009--2015 CZ.NIC z.s.p.o.
*
* Can be freely distributed and used under the terms of the GNU GPL.
*/
#include "rip.h"
#include "lib/md5.h"
#define RIP_CMD_REQUEST 1 /* want info */
#define RIP_CMD_RESPONSE 2 /* responding to request */
#define RIP_BLOCK_LENGTH 20
#define RIP_PASSWD_LENGTH 16
#define RIP_MD5_LENGTH 16
#define RIP_AF_IPV4 2
#define RIP_AF_AUTH 0xffff
/* RIP packet header */
struct rip_packet
{
u8 command;
u8 version;
u16 unused;
};
/* RTE block for RIPv2 */
struct rip_block_v2
{
u16 family;
u16 tag;
ip4_addr network;
ip4_addr netmask;
ip4_addr next_hop;
u32 metric;
};
/* RTE block for RIPng */
struct rip_block_ng
{
ip6_addr prefix;
u16 tag;
u8 pxlen;
u8 metric;
};
/* Authentication block for RIPv2 */
struct rip_block_auth
{
u16 must_be_ffff;
u16 auth_type;
char password[0];
u16 packet_len;
u8 key_id;
u8 auth_len;
u32 seq_num;
u32 unused1;
u32 unused2;
};
/* Authentication tail, RFC 4822 */
struct rip_auth_tail
{
u16 must_be_ffff;
u16 must_be_0001;
byte auth_data[];
};
/* Internal representation of RTE block data */
struct rip_block
{
ip_addr prefix;
int pxlen;
u32 metric;
u16 tag;
u16 no_af;
ip_addr next_hop;
};
#define DROP(DSC,VAL) do { err_dsc = DSC; err_val = VAL; goto drop; } while(0)
#define DROP1(DSC) do { err_dsc = DSC; goto drop; } while(0)
#define SKIP(DSC) do { err_dsc = DSC; goto skip; } while(0)
#define LOG_PKT(msg, args...) \
log_rl(&p->log_pkt_tbf, L_REMOTE "%s: " msg, p->p.name, args)
#define LOG_PKT_AUTH(msg, args...) \
log_rl(&p->log_pkt_tbf, L_AUTH "%s: " msg, p->p.name, args)
#define LOG_RTE(msg, args...) \
log_rl(&p->log_rte_tbf, L_REMOTE "%s: " msg, p->p.name, args)
static inline void * rip_tx_buffer(struct rip_iface *ifa)
{ return ifa->sk->tbuf; }
static inline uint rip_pkt_hdrlen(struct rip_iface *ifa)
{ return sizeof(struct rip_packet) + (ifa->cf->auth_type ? RIP_BLOCK_LENGTH : 0); }
static inline void
rip_put_block(struct rip_proto *p, byte *pos, struct rip_block *rte)
{
if (rip_is_v2(p))
{
struct rip_block_v2 *block = (void *) pos;
block->family = rte->no_af ? 0 : htons(RIP_AF_IPV4);
block->tag = htons(rte->tag);
block->network = ip4_hton(ipa_to_ip4(rte->prefix));
block->netmask = ip4_hton(ip4_mkmask(rte->pxlen));
block->next_hop = ip4_hton(ipa_to_ip4(rte->next_hop));
block->metric = htonl(rte->metric);
}
else /* RIPng */
{
struct rip_block_ng *block = (void *) pos;
block->prefix = ip6_hton(ipa_to_ip6(rte->prefix));
block->tag = htons(rte->tag);
block->pxlen = rte->pxlen;
block->metric = rte->metric;
}
}
static inline void
rip_put_next_hop(struct rip_proto *p, byte *pos, struct rip_block *rte)
{
struct rip_block_ng *block = (void *) pos;
block->prefix = ip6_hton(ipa_to_ip6(rte->next_hop));
block->tag = 0;
block->pxlen = 0;
block->metric = 0xff;
}
static inline int
rip_get_block(struct rip_proto *p, byte *pos, struct rip_block *rte)
{
if (rip_is_v2(p))
{
struct rip_block_v2 *block = (void *) pos;
/* Skip blocks with strange AF, including authentication blocks */
if (block->family != (rte->no_af ? 0 : htons(RIP_AF_IPV4)))
return 0;
rte->prefix = ipa_from_ip4(ip4_ntoh(block->network));
rte->pxlen = ip4_masklen(ip4_ntoh(block->netmask));
rte->metric = ntohl(block->metric);
rte->tag = ntohs(block->tag);
rte->next_hop = ipa_from_ip4(ip4_ntoh(block->next_hop));
return 1;
}
else /* RIPng */
{
struct rip_block_ng *block = (void *) pos;
/* Handle and skip next hop blocks */
if (block->metric == 0xff)
{
rte->next_hop = ipa_from_ip6(ip6_ntoh(block->prefix));
if (!ipa_is_link_local(rte->next_hop)) rte->next_hop = IPA_NONE;
return 0;
}
rte->prefix = ipa_from_ip6(ip6_ntoh(block->prefix));
rte->pxlen = block->pxlen;
rte->metric = block->metric;
rte->tag = ntohs(block->tag);
/* rte->next_hop is deliberately kept unmodified */;
return 1;
}
}
static inline void
rip_update_csn(struct rip_proto *p UNUSED, struct rip_iface *ifa)
{
/*
* We update crypto sequence numbers at the beginning of update session to
* avoid issues with packet reordering, so packets inside one update session
* have the same CSN. We are using real time, but enforcing monotonicity.
*/
if (ifa->cf->auth_type == RIP_AUTH_CRYPTO)
ifa->csn = (ifa->csn < (u32) now_real) ? (u32) now_real : ifa->csn + 1;
}
static void
rip_fill_authentication(struct rip_proto *p, struct rip_iface *ifa, struct rip_packet *pkt, uint *plen)
{
struct rip_block_auth *auth = (void *) (pkt + 1);
struct password_item *pass = password_find(ifa->cf->passwords, 0);
if (!pass)
{
/* FIXME: This should not happen */
log(L_ERR "%s: No suitable password found for authentication", p->p.name);
memset(auth, 0, sizeof(struct rip_block_auth));
return;
}
switch (ifa->cf->auth_type)
{
case RIP_AUTH_PLAIN:
auth->must_be_ffff = htons(0xffff);
auth->auth_type = htons(RIP_AUTH_PLAIN);
strncpy(auth->password, pass->password, RIP_PASSWD_LENGTH);
return;
case RIP_AUTH_CRYPTO:
auth->must_be_ffff = htons(0xffff);
auth->auth_type = htons(RIP_AUTH_CRYPTO);
auth->packet_len = htons(*plen);
auth->key_id = pass->id;
auth->auth_len = sizeof(struct rip_auth_tail) + RIP_MD5_LENGTH;
auth->seq_num = ifa->csn_ready ? htonl(ifa->csn) : 0;
auth->unused1 = 0;
auth->unused2 = 0;
ifa->csn_ready = 1;
/*
* Note that RFC 4822 is unclear whether auth_len should cover whole
* authentication trailer or just auth_data length.
*
* Crypto sequence numbers are increased by sender in rip_update_csn().
* First CSN should be zero, this is handled by csn_ready.
*/
struct rip_auth_tail *tail = (void *) ((byte *) pkt + *plen);
tail->must_be_ffff = htons(0xffff);
tail->must_be_0001 = htons(0x0001);
strncpy(tail->auth_data, pass->password, RIP_MD5_LENGTH);
*plen += sizeof(struct rip_auth_tail) + RIP_MD5_LENGTH;
struct md5_context ctx;
md5_init(&ctx);
md5_update(&ctx, (byte *) pkt, *plen);
memcpy(tail->auth_data, md5_final(&ctx), RIP_MD5_LENGTH);
return;
default:
bug("Unknown authentication type");
}
}
static int
rip_check_authentication(struct rip_proto *p, struct rip_iface *ifa, struct rip_packet *pkt, uint *plen, struct rip_neighbor *n)
{
struct rip_block_auth *auth = (void *) (pkt + 1);
struct password_item *pass = NULL;
const char *err_dsc = NULL;
uint err_val = 0;
uint auth_type = 0;
/* Check for authentication entry */
if ((*plen >= (sizeof(struct rip_packet) + sizeof(struct rip_block_auth))) &&
(auth->must_be_ffff == htons(0xffff)))
auth_type = ntohs(auth->auth_type);
if (auth_type != ifa->cf->auth_type)
DROP("authentication method mismatch", auth_type);
switch (auth_type)
{
case RIP_AUTH_NONE:
return 1;
case RIP_AUTH_PLAIN:
pass = password_find_by_value(ifa->cf->passwords, auth->password, RIP_PASSWD_LENGTH);
if (!pass)
DROP1("wrong password");
return 1;
case RIP_AUTH_CRYPTO:
pass = password_find_by_id(ifa->cf->passwords, auth->key_id);
if (!pass)
DROP("no suitable password found", auth->key_id);
uint data_len = ntohs(auth->packet_len);
uint auth_len = sizeof(struct rip_auth_tail) + RIP_MD5_LENGTH;
if (data_len + auth_len != *plen)
DROP("packet length mismatch", data_len);
if ((auth->auth_len != RIP_MD5_LENGTH) && (auth->auth_len != auth_len))
DROP("authentication data length mismatch", auth->auth_len);
struct rip_auth_tail *tail = (void *) ((byte *) pkt + data_len);
if ((tail->must_be_ffff != htons(0xffff)) || (tail->must_be_0001 != htons(0x0001)))
DROP1("authentication trailer is missing");
/* Accept higher sequence number, or zero if connectivity is lost */
/* FIXME: sequence number must be password/SA specific */
u32 rcv_csn = ntohl(auth->seq_num);
if ((rcv_csn < n->csn) && (rcv_csn || n->uc))
{
/* We want to report both new and old CSN */
LOG_PKT_AUTH("Authentication failed for %I on %s - "
"lower sequence number (rcv %u, old %u)",
n->nbr->addr, ifa->iface->name, rcv_csn, n->csn);
return 0;
}
char received[RIP_MD5_LENGTH];
memcpy(received, tail->auth_data, RIP_MD5_LENGTH);
strncpy(tail->auth_data, pass->password, RIP_MD5_LENGTH);
struct md5_context ctx;
md5_init(&ctx);
md5_update(&ctx, (byte *) pkt, *plen);
char *computed = md5_final(&ctx);
if (memcmp(received, computed, RIP_MD5_LENGTH))
DROP("wrong MD5 digest", pass->id);
*plen = data_len;
n->csn = rcv_csn;
return 1;
}
drop:
LOG_PKT_AUTH("Authentication failed for %I on %s - %s (%u)",
n->nbr->addr, ifa->iface->name, err_dsc, err_val);
return 0;
}
static inline int
rip_send_to(struct rip_proto *p, struct rip_iface *ifa, struct rip_packet *pkt, uint plen, ip_addr dst)
{
if (ifa->cf->auth_type)
rip_fill_authentication(p, ifa, pkt, &plen);
return sk_send_to(ifa->sk, plen, dst, 0);
}
void
rip_send_request(struct rip_proto *p, struct rip_iface *ifa)
{
byte *pos = rip_tx_buffer(ifa);
struct rip_packet *pkt = (void *) pos;
pkt->command = RIP_CMD_REQUEST;
pkt->version = ifa->cf->version;
pkt->unused = 0;
pos += rip_pkt_hdrlen(ifa);
struct rip_block b = { .no_af = 1, .metric = p->infinity };
rip_put_block(p, pos, &b);
pos += RIP_BLOCK_LENGTH;
rip_update_csn(p, ifa);
TRACE(D_PACKETS, "Sending request via %s", ifa->iface->name);
rip_send_to(p, ifa, pkt, pos - (byte *) pkt, ifa->addr);
}
static void
rip_receive_request(struct rip_proto *p, struct rip_iface *ifa, struct rip_packet *pkt, uint plen, struct rip_neighbor *from)
{
TRACE(D_PACKETS, "Request received from %I on %s", from->nbr->addr, ifa->iface->name);
byte *pos = (byte *) pkt + rip_pkt_hdrlen(ifa);
/* We expect one regular block */
if (plen != (rip_pkt_hdrlen(ifa) + RIP_BLOCK_LENGTH))
return;
struct rip_block b = { .no_af = 1 };
if (!rip_get_block(p, pos, &b))
return;
/* Special case - zero prefix, infinity metric */
if (ipa_nonzero(b.prefix) || b.pxlen || (b.metric != p->infinity))
return;
/* We do nothing if TX is already active */
if (ifa->tx_active)
{
TRACE(D_EVENTS, "Skipping request from %I on %s, TX is busy", from->nbr->addr, ifa->iface->name);
return;
}
if (!ifa->cf->passive)
rip_send_table(p, ifa, from->nbr->addr, 0);
}
static int
rip_send_response(struct rip_proto *p, struct rip_iface *ifa)
{
if (! ifa->tx_active)
return 0;
byte *pos = rip_tx_buffer(ifa);
byte *max = rip_tx_buffer(ifa) + ifa->tx_plen -
(rip_is_v2(p) ? RIP_BLOCK_LENGTH : 2*RIP_BLOCK_LENGTH);
ip_addr last_next_hop = IPA_NONE;
int send = 0;
struct rip_packet *pkt = (void *) pos;
pkt->command = RIP_CMD_RESPONSE;
pkt->version = ifa->cf->version;
pkt->unused = 0;
pos += rip_pkt_hdrlen(ifa);
FIB_ITERATE_START(&p->rtable, &ifa->tx_fit, z)
{
struct rip_entry *en = (struct rip_entry *) z;
/* Dummy entries */
if (!en->valid)
goto next_entry;
/* Stale entries that should be removed */
if ((en->valid == RIP_ENTRY_STALE) &&
((en->changed + ifa->cf->garbage_time) <= now))
goto next_entry;
/* Triggered updates */
if (en->changed < ifa->tx_changed)
goto next_entry;
/* Not enough space for current entry */
if (pos > max)
{
FIB_ITERATE_PUT(&ifa->tx_fit, z);
goto break_loop;
}
struct rip_block rte = {
.prefix = en->n.prefix,
.pxlen = en->n.pxlen,
.metric = en->metric,
.tag = en->tag
};
if (en->iface == ifa->iface)
rte.next_hop = en->next_hop;
if (rip_is_v2(p) && (ifa->cf->version == RIP_V1))
{
/* Skipping subnets (i.e. not hosts, classful networks or default route) */
if (ip4_masklen(ip4_class_mask(ipa_to_ip4(en->n.prefix))) != en->n.pxlen)
goto next_entry;
rte.tag = 0;
rte.pxlen = 0;
rte.next_hop = IPA_NONE;
}
/* Split horizon */
if (en->from == ifa->iface && ifa->cf->split_horizon)
{
if (ifa->cf->poison_reverse)
{
rte.metric = p->infinity;
rte.next_hop = IPA_NONE;
}
else
goto next_entry;
}
// TRACE(D_PACKETS, " %I/%d -> %I metric %d", rte.prefix, rte.pxlen, rte.next_hop, rte.metric);
/* RIPng next hop entry */
if (rip_is_ng(p) && !ipa_equal(rte.next_hop, last_next_hop))
{
last_next_hop = rte.next_hop;
rip_put_next_hop(p, pos, &rte);
pos += RIP_BLOCK_LENGTH;
}
rip_put_block(p, pos, &rte);
pos += RIP_BLOCK_LENGTH;
send = 1;
next_entry: ;
}
FIB_ITERATE_END(z);
ifa->tx_active = 0;
/* Do not send empty packet */
if (!send)
return 0;
break_loop:
TRACE(D_PACKETS, "Sending response via %s", ifa->iface->name);
return rip_send_to(p, ifa, pkt, pos - (byte *) pkt, ifa->tx_addr);
}
/**
* rip_send_table - RIP interface timer hook
* @p: RIP instance
* @ifa: RIP interface
* @addr: destination IP address
* @changed: time limit for triggered updates
*
* The function activates an update session and starts sending routing update
* packets (using rip_send_response()). The session may be finished during the
* call or may continue in rip_tx_hook() until all appropriate routes are
* transmitted. Note that there may be at most one active update session per
* interface, the function will terminate the old active session before
* activating the new one.
*/
void
rip_send_table(struct rip_proto *p, struct rip_iface *ifa, ip_addr addr, bird_clock_t changed)
{
DBG("RIP: Opening TX session to %I on %s\n", dst, ifa->iface->name);
rip_reset_tx_session(p, ifa);
ifa->tx_active = 1;
ifa->tx_addr = addr;
ifa->tx_changed = changed;
FIB_ITERATE_INIT(&ifa->tx_fit, &p->rtable);
rip_update_csn(p, ifa);
while (rip_send_response(p, ifa) > 0)
;
}
static void
rip_tx_hook(sock *sk)
{
struct rip_iface *ifa = sk->data;
struct rip_proto *p = ifa->rip;
DBG("RIP: TX hook called (iface %s, src %I, dst %I)\n",
sk->iface->name, sk->saddr, sk->daddr);
while (rip_send_response(p, ifa) > 0)
;
}
static void
rip_err_hook(sock *sk, int err)
{
struct rip_iface *ifa = sk->data;
struct rip_proto *p = ifa->rip;
log(L_ERR "%s: Socket error on %s: %M", p->p.name, ifa->iface->name, err);
rip_reset_tx_session(p, ifa);
}
static void
rip_receive_response(struct rip_proto *p, struct rip_iface *ifa, struct rip_packet *pkt, uint plen, struct rip_neighbor *from)
{
struct rip_block rte = {};
const char *err_dsc = NULL;
TRACE(D_PACKETS, "Response received from %I on %s", from->nbr->addr, ifa->iface->name);
byte *pos = (byte *) pkt + sizeof(struct rip_packet);
byte *end = (byte *) pkt + plen;
for (; pos < end; pos += RIP_BLOCK_LENGTH)
{
/* Find next regular RTE */
if (!rip_get_block(p, pos, &rte))
continue;
int c = ipa_classify_net(rte.prefix);
if ((c < 0) || !(c & IADDR_HOST) || ((c & IADDR_SCOPE_MASK) <= SCOPE_LINK))
SKIP("invalid prefix");
if (rip_is_v2(p) && (pkt->version == RIP_V1))
{
if (ifa->cf->check_zero && (rte.tag || rte.pxlen || ipa_nonzero(rte.next_hop)))
SKIP("RIPv1 reserved field is nonzero");
rte.tag = 0;
rte.pxlen = ip4_masklen(ip4_class_mask(ipa_to_ip4(rte.prefix)));
rte.next_hop = IPA_NONE;
}
if ((rte.pxlen < 0) || (rte.pxlen > MAX_PREFIX_LENGTH))
SKIP("invalid prefix length");
if (rte.metric > p->infinity)
SKIP("invalid metric");
if (ipa_nonzero(rte.next_hop))
{
neighbor *nbr = neigh_find2(&p->p, &rte.next_hop, ifa->iface, 0);
if (!nbr || (nbr->scope <= 0))
rte.next_hop = IPA_NONE;
}
// TRACE(D_PACKETS, " %I/%d -> %I metric %d", rte.prefix, rte.pxlen, rte.next_hop, rte.metric);
rte.metric += ifa->cf->metric;
if (rte.metric < p->infinity)
{
struct rip_rte new = {
.from = from,
.next_hop = ipa_nonzero(rte.next_hop) ? rte.next_hop : from->nbr->addr,
.metric = rte.metric,
.tag = rte.tag,
.expires = now + ifa->cf->timeout_time
};
rip_update_rte(p, &rte.prefix, rte.pxlen, &new);
}
else
rip_withdraw_rte(p, &rte.prefix, rte.pxlen, from);
continue;
skip:
LOG_RTE("Ignoring route %I/%d received from %I - %s",
rte.prefix, rte.pxlen, from->nbr->addr, err_dsc);
}
}
static int
rip_rx_hook(sock *sk, int len)
{
struct rip_iface *ifa = sk->data;
struct rip_proto *p = ifa->rip;
const char *err_dsc = NULL;
uint err_val = 0;
if (sk->lifindex != sk->iface->index)
return 1;
DBG("RIP: RX hook called (iface %s, src %I, dst %I)\n",
sk->iface->name, sk->faddr, sk->laddr);
/* Silently ignore my own packets */
/* FIXME: Better local address check */
if (ipa_equal(ifa->iface->addr->ip, sk->faddr))
return 1;
if (rip_is_ng(p) && !ipa_is_link_local(sk->faddr))
DROP1("wrong src address");
struct rip_neighbor *n = rip_get_neighbor(p, &sk->faddr, ifa);
if (!n)
DROP1("not from neighbor");
if ((ifa->cf->ttl_security == 1) && (sk->rcv_ttl < 255))
DROP("wrong TTL", sk->rcv_ttl);
if (sk->fport != sk->dport)
DROP("wrong src port", sk->fport);
if (len < sizeof(struct rip_packet))
DROP("too short", len);
if (sk->flags & SKF_TRUNCATED)
DROP("truncated", len);
struct rip_packet *pkt = (struct rip_packet *) sk->rbuf;
uint plen = len;
if (!pkt->version || (ifa->cf->version_only && (pkt->version != ifa->cf->version)))
DROP("wrong version", pkt->version);
/* rip_check_authentication() has its own error logging */
if (rip_is_v2(p) && !rip_check_authentication(p, ifa, pkt, &plen, n))
return 1;
if ((plen - sizeof(struct rip_packet)) % RIP_BLOCK_LENGTH)
DROP("invalid length", plen);
n->last_seen = now;
rip_update_bfd(p, n);
switch (pkt->command)
{
case RIP_CMD_REQUEST:
rip_receive_request(p, ifa, pkt, plen, n);
break;
case RIP_CMD_RESPONSE:
rip_receive_response(p, ifa, pkt, plen, n);
break;
default:
DROP("unknown command", pkt->command);
}
return 1;
drop:
LOG_PKT("Bad packet from %I via %s - %s (%u)",
sk->faddr, sk->iface->name, err_dsc, err_val);
return 1;
}
int
rip_open_socket(struct rip_iface *ifa)
{
struct rip_proto *p = ifa->rip;
sock *sk = sk_new(p->p.pool);
sk->type = SK_UDP;
sk->sport = ifa->cf->port;
sk->dport = ifa->cf->port;
sk->iface = ifa->iface;
/*
* For RIPv2, we explicitly choose a primary address, mainly to ensure that
* RIP and BFD uses the same one. For RIPng, we left it to kernel, which
* should choose some link-local address based on the same scope rule.
*/
if (rip_is_v2(p))
sk->saddr = ifa->iface->addr->ip;
sk->rx_hook = rip_rx_hook;
sk->tx_hook = rip_tx_hook;
sk->err_hook = rip_err_hook;
sk->data = ifa;
sk->tos = ifa->cf->tx_tos;
sk->priority = ifa->cf->tx_priority;
sk->ttl = ifa->cf->ttl_security ? 255 : 1;
sk->flags = SKF_LADDR_RX | ((ifa->cf->ttl_security == 1) ? SKF_TTL_RX : 0);
/* sk->rbsize and sk->tbsize are handled in rip_iface_update_buffers() */
if (sk_open(sk) < 0)
goto err;
if (ifa->cf->mode == RIP_IM_MULTICAST)
{
if (sk_setup_multicast(sk) < 0)
goto err;
if (sk_join_group(sk, ifa->addr) < 0)
goto err;
}
else /* Broadcast */
{
if (sk_setup_broadcast(sk) < 0)
goto err;
if (ipa_zero(ifa->addr))
{
sk->err = "Missing broadcast address";
goto err;
}
}
ifa->sk = sk;
return 1;
err:
sk_log_error(sk, p->p.name);
rfree(sk);
return 0;
}

File diff suppressed because it is too large Load Diff

View File

@ -1,185 +1,227 @@
/* /*
* Structures for RIP protocol * BIRD -- Routing Information Protocol (RIP)
* *
FIXME: in V6, they insert additional entry whenever next hop differs. Such entry is identified by 0xff in metric. * (c) 1998--1999 Pavel Machek <pavel@ucw.cz>
* (c) 2004--2013 Ondrej Filip <feela@network.cz>
* (c) 2009--2015 Ondrej Zajicek <santiago@crfreenet.org>
* (c) 2009--2015 CZ.NIC z.s.p.o.
*
* Can be freely distributed and used under the terms of the GNU GPL.
*/ */
#ifndef _BIRD_RIP_H_
#define _BIRD_RIP_H_
#include "nest/bird.h"
#include "nest/cli.h"
#include "nest/iface.h"
#include "nest/protocol.h"
#include "nest/route.h" #include "nest/route.h"
#include "nest/password.h" #include "nest/password.h"
#include "nest/locks.h" #include "nest/locks.h"
#include "nest/bfd.h"
#include "lib/lists.h"
#include "lib/resource.h"
#include "lib/socket.h"
#include "lib/string.h"
#include "lib/timer.h"
#define EA_RIP_TAG EA_CODE(EAP_RIP, 0)
#define EA_RIP_METRIC EA_CODE(EAP_RIP, 1)
#define PACKET_MAX 25
#define PACKET_MD5_MAX 18 /* FIXME */
#ifdef IPV6
#define RIP_IS_V2 0
#else
#define RIP_IS_V2 1
#endif
#define RIP_V1 1 #define RIP_V1 1
#define RIP_V2 2 #define RIP_V2 2
#define RIP_NG 1 /* A new version numbering */
#ifndef IPV6
#define RIP_PORT 520 /* RIP for IPv4 */ #define RIP_PORT 520 /* RIP for IPv4 */
#else #define RIP_NG_PORT 521 /* RIPng */
#define RIP_PORT 521 /* RIPng */
#endif
struct rip_connection { #define RIP_MAX_PKT_LENGTH 532 /* 512 + IP4_HEADER_LENGTH */
node n; #define RIP_AUTH_TAIL_LENGTH 20 /* 4 + MD5 length */
int num; #define RIP_DEFAULT_ECMP_LIMIT 16
struct proto *proto; #define RIP_DEFAULT_INFINITY 16
ip_addr addr; #define RIP_DEFAULT_UPDATE_TIME 30
sock *send; #define RIP_DEFAULT_TIMEOUT_TIME 180
struct rip_interface *rif; #define RIP_DEFAULT_GARBAGE_TIME 120
struct fib_iterator iter;
ip_addr daddr;
int dport; struct rip_config
int done; {
struct proto_config c;
list patt_list; /* List of iface configs (struct rip_iface_config) */
u8 rip2; /* RIPv2 (IPv4) or RIPng (IPv6) */
u8 ecmp; /* Maximum number of nexthops in ECMP route, or 0 */
u8 infinity; /* Maximum metric value, representing infinity */
u32 min_timeout_time; /* Minimum of interface timeout_time */
u32 max_garbage_time; /* Maximum of interface garbage_time */
}; };
struct rip_packet_heading { /* 4 bytes */ struct rip_iface_config
u8 command; {
#define RIPCMD_REQUEST 1 /* want info */
#define RIPCMD_RESPONSE 2 /* responding to request */
#define RIPCMD_TRACEON 3 /* turn tracing on */
#define RIPCMD_TRACEOFF 4 /* turn it off */
#define RIPCMD_MAX 5
u8 version;
#define RIP_V1 1
#define RIP_V2 2
#define RIP_NG 1 /* this is verion 1 of RIPng */
u16 unused;
};
#ifndef IPV6
struct rip_block { /* 20 bytes */
u16 family; /* 0xffff on first message means this is authentication */
u16 tag;
ip_addr network;
ip_addr netmask;
ip_addr nexthop;
u32 metric;
};
#else
struct rip_block { /* IPv6 version!, 20 bytes, too */
ip_addr network;
u16 tag;
u8 pxlen;
u8 metric;
};
#endif
struct rip_block_auth { /* 20 bytes */
u16 mustbeFFFF;
u16 authtype;
u16 packetlen;
u8 keyid;
u8 authlen;
u32 seq;
u32 zero0;
u32 zero1;
};
struct rip_md5_tail { /* 20 bytes */
u16 mustbeFFFF;
u16 mustbe0001;
char md5[16];
};
struct rip_entry {
struct fib_node n;
ip_addr whotoldme;
ip_addr nexthop;
int metric;
u16 tag;
bird_clock_t updated, changed;
int flags;
};
struct rip_packet {
struct rip_packet_heading heading;
struct rip_block block[PACKET_MAX];
};
struct rip_interface {
node n;
struct proto *proto;
struct iface *iface;
sock *sock;
struct rip_connection *busy;
int metric; /* You don't want to put struct rip_patt *patt here -- think about reconfigure */
int mode;
int check_ttl; /* Check incoming packets for TTL 255 */
int triggered;
struct object_lock *lock;
int multicast;
};
struct rip_patt {
struct iface_patt i; struct iface_patt i;
ip_addr address; /* Configured dst address */
int metric; /* If you add entries here, don't forget to modify patt_compare! */ u16 port; /* Src+dst port */
int mode; u8 metric; /* Incoming metric */
#define IM_BROADCAST 2 u8 mode; /* Interface mode (RIP_IM_*) */
#define IM_QUIET 4 u8 passive; /* Passive iface - no packets are sent */
#define IM_NOLISTEN 8 u8 version; /* RIP version used for outgoing packets */
#define IM_VERSION1 16 u8 version_only; /* FIXXX */
u8 split_horizon; /* Split horizon is used in route updates */
u8 poison_reverse; /* Poisoned reverse is used in route updates */
u8 check_zero; /* Validation of RIPv1 reserved fields */
u8 ecmp_weight; /* Weight for ECMP routes*/
u8 auth_type; /* Authentication type (RIP_AUTH_*) */
u8 ttl_security; /* bool + 2 for TX only (send, but do not check on RX) */
u8 check_link; /* Whether iface link change is used */
u8 bfd; /* Use BFD on iface */
u16 rx_buffer; /* RX buffer size, 0 for MTU */
u16 tx_length; /* TX packet length limit (including headers), 0 for MTU */
int tx_tos; int tx_tos;
int tx_priority; int tx_priority;
int ttl_security; /* bool + 2 for TX only (send, but do not check on RX) */ u32 update_time; /* Periodic update interval */
u32 timeout_time; /* Route expiration timeout */
u32 garbage_time; /* Unreachable entry GC timeout */
list *passwords; /* Passwords for authentication */
}; };
struct rip_proto_config { struct rip_proto
struct proto_config c; {
list iface_list; /* Patterns configured -- keep it first; see rip_reconfigure why */ struct proto p;
list *passwords; /* Passwords, keep second */ struct fib rtable; /* Internal routing table */
list iface_list; /* List of interfaces (struct rip_iface) */
slab *rte_slab; /* Slab for internal routes (struct rip_rte) */
timer *timer; /* Main protocol timer */
int infinity; /* User configurable data; must be comparable with memcmp */ u8 ecmp; /* Maximum number of nexthops in ECMP route, or 0 */
int port; u8 infinity; /* Maximum metric value, representing infinity */
int period; u8 triggered; /* Logical AND of interface want_triggered values */
int garbage_time; u8 rt_reload; /* Route reload is scheduled */
int timeout_time;
int authtype; struct tbf log_pkt_tbf; /* TBF for packet messages */
#define AT_NONE 0 struct tbf log_rte_tbf; /* TBF for RTE messages */
#define AT_PLAINTEXT 2
#define AT_MD5 3
int honor;
#define HO_NEVER 0
#define HO_NEIGHBOR 1
#define HO_ALWAYS 2
}; };
struct rip_proto { struct rip_iface
struct proto inherited; {
timer *timer; node n;
list connections; struct rip_proto *rip;
struct fib rtable; struct iface *iface; /* Underyling core interface */
list garbage; struct rip_iface_config *cf; /* Related config, must be updated in reconfigure */
list interfaces; /* Interfaces we really know about */ struct object_lock *lock; /* Interface lock */
#ifdef LOCAL_DEBUG timer *timer; /* Interface timer */
int magic; sock *sk; /* UDP socket */
u8 up; /* Interface is active */
u8 csn_ready; /* Nonzero CSN can be used */
u16 tx_plen; /* Max TX packet data length */
u32 csn; /* Last used crypto sequence number */
ip_addr addr; /* Destination multicast/broadcast address */
list neigh_list; /* List of iface neighbors (struct rip_neighbor) */
/* Update scheduling */
bird_clock_t next_regular; /* Next time when regular update should be called */
bird_clock_t next_triggered; /* Next time when triggerd update may be called */
bird_clock_t want_triggered; /* Nonzero if triggered update is scheduled */
/* Active update */
int tx_active; /* Update session is active */
ip_addr tx_addr; /* Update session destination address */
bird_clock_t tx_changed; /* Minimal changed time for triggered update */
struct fib_iterator tx_fit; /* FIB iterator in RIP routing table (p.rtable) */
};
struct rip_neighbor
{
node n;
struct rip_iface *ifa; /* Associated interface, may be NULL if stale */
struct neighbor *nbr; /* Associaded core neighbor, may be NULL if stale */
struct bfd_request *bfd_req; /* BFD request, if BFD is used */
bird_clock_t last_seen; /* Time of last received and accepted message */
u32 uc; /* Use count, number of routes linking the neighbor */
u32 csn; /* Last received crypto sequence number */
};
struct rip_entry
{
struct fib_node n;
struct rip_rte *routes; /* List of incoming routes */
u8 valid; /* Entry validity state (RIP_ENTRY_*) */
u8 metric; /* Outgoing route metric */
u16 tag; /* Outgoing route tag */
struct iface *from; /* Outgoing route from, NULL if from proto */
struct iface *iface; /* Outgoing route iface (for next hop) */
ip_addr next_hop; /* Outgoing route next hop */
bird_clock_t changed; /* Last time when the outgoing route metric changed */
};
struct rip_rte
{
struct rip_rte *next;
struct rip_neighbor *from; /* Advertising router */
ip_addr next_hop; /* Route next hop (iface is from->nbr->iface) */
u16 metric; /* Route metric (after increase) */
u16 tag; /* Route tag */
bird_clock_t expires; /* Time of route expiration */
};
#define RIP_AUTH_NONE 0
#define RIP_AUTH_PLAIN 2
#define RIP_AUTH_CRYPTO 3
#define RIP_IM_MULTICAST 1
#define RIP_IM_BROADCAST 2
#define RIP_ENTRY_DUMMY 0 /* Only used to store list of incoming routes */
#define RIP_ENTRY_VALID 1 /* Valid outgoing route */
#define RIP_ENTRY_STALE 2 /* Stale outgoing route, waiting for GC */
#define EA_RIP_METRIC EA_CODE(EAP_RIP, 0)
#define EA_RIP_TAG EA_CODE(EAP_RIP, 1)
#define rip_is_v2(X) RIP_IS_V2
#define rip_is_ng(X) (!RIP_IS_V2)
/*
static inline int rip_is_v2(struct rip_proto *p)
{ return p->rip2; }
static inline int rip_is_ng(struct rip_proto *p)
{ return ! p->rip2; }
*/
static inline void
rip_reset_tx_session(struct rip_proto *p, struct rip_iface *ifa)
{
if (ifa->tx_active)
{
FIB_ITERATE_UNLINK(&ifa->tx_fit, &p->rtable);
ifa->tx_active = 0;
}
}
/* rip.c */
void rip_update_rte(struct rip_proto *p, ip_addr *prefix, int pxlen, struct rip_rte *new);
void rip_withdraw_rte(struct rip_proto *p, ip_addr *prefix, int pxlen, struct rip_neighbor *from);
struct rip_neighbor * rip_get_neighbor(struct rip_proto *p, ip_addr *a, struct rip_iface *ifa);
void rip_update_bfd(struct rip_proto *p, struct rip_neighbor *n);
void rip_show_interfaces(struct proto *P, char *iff);
void rip_show_neighbors(struct proto *P, char *iff);
/* packets.c */
void rip_send_request(struct rip_proto *p, struct rip_iface *ifa);
void rip_send_table(struct rip_proto *p, struct rip_iface *ifa, ip_addr addr, bird_clock_t changed);
int rip_open_socket(struct rip_iface *ifa);
#endif #endif
int tx_count; /* Do one regular update once in a while */
int rnd_count; /* Randomize sending time */
};
#ifdef LOCAL_DEBUG
#define RIP_MAGIC 81861253
#define CHK_MAGIC do { if (P->magic != RIP_MAGIC) bug( "Not enough magic" ); } while (0)
#else
#define CHK_MAGIC do { } while (0)
#endif
void rip_init_config(struct rip_proto_config *c);
/* Authentication functions */
int rip_incoming_authentication( struct proto *p, struct rip_block_auth *block, struct rip_packet *packet, int num, ip_addr whotoldme );
int rip_outgoing_authentication( struct proto *p, struct rip_block_auth *block, struct rip_packet *packet, int num );

View File

@ -970,13 +970,15 @@ krt_sock_close_shared(void)
} }
} }
void int
krt_sys_start(struct krt_proto *p) krt_sys_start(struct krt_proto *p)
{ {
krt_table_map[KRT_CF->sys.table_id] = p; krt_table_map[KRT_CF->sys.table_id] = p;
krt_sock_open_shared(); krt_sock_open_shared();
p->sys.sk = krt_sock; p->sys.sk = krt_sock;
return 1;
} }
void void
@ -992,10 +994,11 @@ krt_sys_shutdown(struct krt_proto *p)
#else #else
void int
krt_sys_start(struct krt_proto *p) krt_sys_start(struct krt_proto *p)
{ {
p->sys.sk = krt_sock_open(p->p.pool, p, KRT_CF->sys.table_id); p->sys.sk = krt_sock_open(p->p.pool, p, KRT_CF->sys.table_id);
return 1;
} }
void void

View File

@ -42,6 +42,7 @@ struct krt_state {
}; };
static inline void krt_sys_io_init(void) { }
static inline void krt_sys_init(struct krt_proto *p UNUSED) { } static inline void krt_sys_init(struct krt_proto *p UNUSED) { }
static inline int krt_sys_get_attr(eattr *a UNUSED, byte *buf UNUSED, int buflen UNUSED) { } static inline int krt_sys_get_attr(eattr *a UNUSED, byte *buf UNUSED, int buflen UNUSED) { }

View File

@ -84,18 +84,18 @@ static inline struct ifa * kif_get_primary_ip(struct iface *i) { return NULL; }
#define EA_KRT_FEATURE_ALLFRAG EA_KRT_FEATURES | EA_BIT(0x3) #define EA_KRT_FEATURE_ALLFRAG EA_KRT_FEATURES | EA_BIT(0x3)
#define NL_NUM_TABLES 256
struct krt_params { struct krt_params {
int table_id; /* Kernel table ID we sync with */ u32 table_id; /* Kernel table ID we sync with */
}; };
struct krt_state { struct krt_state {
struct krt_proto *hash_next;
}; };
static inline void krt_sys_init(struct krt_proto *p UNUSED) { } static inline void krt_sys_init(struct krt_proto *p UNUSED) { }
static inline void krt_sys_preconfig(struct config *c UNUSED) { }
static inline void krt_sys_postconfig(struct krt_config *x UNUSED) { }
#endif #endif

View File

@ -23,8 +23,6 @@ CF_ADDTO(kern_proto, kern_proto kern_sys_item ';')
kern_sys_item: kern_sys_item:
KERNEL TABLE expr { KERNEL TABLE expr {
if ($3 <= 0 || $3 >= NL_NUM_TABLES)
cf_error("Kernel routing table number out of range");
THIS_KRT->sys.table_id = $3; THIS_KRT->sys.table_id = $3;
} }
; ;

View File

@ -25,6 +25,7 @@
#include "lib/krt.h" #include "lib/krt.h"
#include "lib/socket.h" #include "lib/socket.h"
#include "lib/string.h" #include "lib/string.h"
#include "lib/hash.h"
#include "conf/conf.h" #include "conf/conf.h"
#include <asm/types.h> #include <asm/types.h>
@ -32,6 +33,7 @@
#include <linux/netlink.h> #include <linux/netlink.h>
#include <linux/rtnetlink.h> #include <linux/rtnetlink.h>
#ifndef MSG_TRUNC /* Hack: Several versions of glibc miss this one :( */ #ifndef MSG_TRUNC /* Hack: Several versions of glibc miss this one :( */
#define MSG_TRUNC 0x20 #define MSG_TRUNC 0x20
#endif #endif
@ -40,6 +42,11 @@
#define IFF_LOWER_UP 0x10000 #define IFF_LOWER_UP 0x10000
#endif #endif
#ifndef RTA_TABLE
#define RTA_TABLE 15
#endif
/* /*
* Synchronous Netlink interface * Synchronous Netlink interface
*/ */
@ -219,26 +226,110 @@ nl_checkin(struct nlmsghdr *h, int lsize)
return NLMSG_DATA(h); return NLMSG_DATA(h);
} }
struct nl_want_attrs {
u8 defined:1;
u8 checksize:1;
u8 size;
};
#define BIRD_IFLA_MAX (IFLA_WIRELESS+1)
static struct nl_want_attrs ifla_attr_want[BIRD_IFLA_MAX] = {
[IFLA_IFNAME] = { 1, 0, 0 },
[IFLA_MTU] = { 1, 1, sizeof(u32) },
[IFLA_WIRELESS] = { 1, 0, 0 },
};
#define BIRD_IFA_MAX (IFA_ANYCAST+1)
#ifndef IPV6
static struct nl_want_attrs ifa_attr_want4[BIRD_IFA_MAX] = {
[IFA_ADDRESS] = { 1, 1, sizeof(ip4_addr) },
[IFA_LOCAL] = { 1, 1, sizeof(ip4_addr) },
[IFA_BROADCAST] = { 1, 1, sizeof(ip4_addr) },
};
#else
static struct nl_want_attrs ifa_attr_want6[BIRD_IFA_MAX] = {
[IFA_ADDRESS] = { 1, 1, sizeof(ip6_addr) },
[IFA_LOCAL] = { 1, 1, sizeof(ip6_addr) },
};
#endif
#define BIRD_RTA_MAX (RTA_TABLE+1)
static struct nl_want_attrs mpnh_attr_want4[BIRD_RTA_MAX] = {
[RTA_GATEWAY] = { 1, 1, sizeof(ip4_addr) },
};
#ifndef IPV6
static struct nl_want_attrs rtm_attr_want4[BIRD_RTA_MAX] = {
[RTA_DST] = { 1, 1, sizeof(ip4_addr) },
[RTA_OIF] = { 1, 1, sizeof(u32) },
[RTA_GATEWAY] = { 1, 1, sizeof(ip4_addr) },
[RTA_PRIORITY] = { 1, 1, sizeof(u32) },
[RTA_PREFSRC] = { 1, 1, sizeof(ip4_addr) },
[RTA_METRICS] = { 1, 0, 0 },
[RTA_MULTIPATH] = { 1, 0, 0 },
[RTA_FLOW] = { 1, 1, sizeof(u32) },
[RTA_TABLE] = { 1, 1, sizeof(u32) },
};
#else
static struct nl_want_attrs rtm_attr_want6[BIRD_RTA_MAX] = {
[RTA_DST] = { 1, 1, sizeof(ip6_addr) },
[RTA_IIF] = { 1, 1, sizeof(u32) },
[RTA_OIF] = { 1, 1, sizeof(u32) },
[RTA_GATEWAY] = { 1, 1, sizeof(ip6_addr) },
[RTA_PRIORITY] = { 1, 1, sizeof(u32) },
[RTA_PREFSRC] = { 1, 1, sizeof(ip6_addr) },
[RTA_METRICS] = { 1, 0, 0 },
[RTA_FLOW] = { 1, 1, sizeof(u32) },
[RTA_TABLE] = { 1, 1, sizeof(u32) },
};
#endif
static int static int
nl_parse_attrs(struct rtattr *a, struct rtattr **k, int ksize) nl_parse_attrs(struct rtattr *a, struct nl_want_attrs *want, struct rtattr **k, int ksize)
{ {
int max = ksize / sizeof(struct rtattr *); int max = ksize / sizeof(struct rtattr *);
bzero(k, ksize); bzero(k, ksize);
while (RTA_OK(a, nl_attr_len))
for ( ; RTA_OK(a, nl_attr_len); a = RTA_NEXT(a, nl_attr_len))
{ {
if (a->rta_type < max) if ((a->rta_type >= max) || !want[a->rta_type].defined)
k[a->rta_type] = a; continue;
a = RTA_NEXT(a, nl_attr_len);
if (want[a->rta_type].checksize && (RTA_PAYLOAD(a) != want[a->rta_type].size))
{
log(L_ERR "nl_parse_attrs: Malformed message received");
return 0;
} }
k[a->rta_type] = a;
}
if (nl_attr_len) if (nl_attr_len)
{ {
log(L_ERR "nl_parse_attrs: remnant of size %d", nl_attr_len); log(L_ERR "nl_parse_attrs: remnant of size %d", nl_attr_len);
return 0; return 0;
} }
else
return 1; return 1;
} }
static inline u32 rta_get_u32(struct rtattr *a)
{ return *(u32 *) RTA_DATA(a); }
static inline ip4_addr rta_get_ip4(struct rtattr *a)
{ return ip4_ntoh(*(ip4_addr *) RTA_DATA(a)); }
static inline ip6_addr rta_get_ip6(struct rtattr *a)
{ return ip6_ntoh(*(ip6_addr *) RTA_DATA(a)); }
struct rtattr * struct rtattr *
nl_add_attr(struct nlmsghdr *h, uint bufsize, uint code, const void *data, uint dlen) nl_add_attr(struct nlmsghdr *h, uint bufsize, uint code, const void *data, uint dlen)
{ {
@ -333,7 +424,7 @@ nl_parse_multipath(struct krt_proto *p, struct rtattr *ra)
static int nh_buf_size; /* in number of structures */ static int nh_buf_size; /* in number of structures */
static int nh_buf_used; static int nh_buf_used;
struct rtattr *a[RTA_CACHEINFO+1]; struct rtattr *a[BIRD_RTA_MAX];
struct rtnexthop *nh = RTA_DATA(ra); struct rtnexthop *nh = RTA_DATA(ra);
struct mpnh *rv, *first, **last; struct mpnh *rv, *first, **last;
int len = RTA_PAYLOAD(ra); int len = RTA_PAYLOAD(ra);
@ -364,12 +455,9 @@ nl_parse_multipath(struct krt_proto *p, struct rtattr *ra)
/* Nonexistent RTNH_PAYLOAD ?? */ /* Nonexistent RTNH_PAYLOAD ?? */
nl_attr_len = nh->rtnh_len - RTNH_LENGTH(0); nl_attr_len = nh->rtnh_len - RTNH_LENGTH(0);
nl_parse_attrs(RTNH_DATA(nh), a, sizeof(a)); nl_parse_attrs(RTNH_DATA(nh), mpnh_attr_want4, a, sizeof(a));
if (a[RTA_GATEWAY]) if (a[RTA_GATEWAY])
{ {
if (RTA_PAYLOAD(a[RTA_GATEWAY]) != sizeof(ip_addr))
return NULL;
memcpy(&rv->gw, RTA_DATA(a[RTA_GATEWAY]), sizeof(ip_addr)); memcpy(&rv->gw, RTA_DATA(a[RTA_GATEWAY]), sizeof(ip_addr));
ipa_ntoh(rv->gw); ipa_ntoh(rv->gw);
@ -420,7 +508,7 @@ nl_parse_metrics(struct rtattr *hdr, u32 *metrics, int max)
return -1; return -1;
metrics[0] |= 1 << a->rta_type; metrics[0] |= 1 << a->rta_type;
metrics[a->rta_type] = *(u32 *)RTA_DATA(a); metrics[a->rta_type] = rta_get_u32(a);
} }
if (len > 0) if (len > 0)
@ -438,7 +526,7 @@ static void
nl_parse_link(struct nlmsghdr *h, int scan) nl_parse_link(struct nlmsghdr *h, int scan)
{ {
struct ifinfomsg *i; struct ifinfomsg *i;
struct rtattr *a[IFLA_WIRELESS+1]; struct rtattr *a[BIRD_IFLA_MAX];
int new = h->nlmsg_type == RTM_NEWLINK; int new = h->nlmsg_type == RTM_NEWLINK;
struct iface f = {}; struct iface f = {};
struct iface *ifi; struct iface *ifi;
@ -446,17 +534,25 @@ nl_parse_link(struct nlmsghdr *h, int scan)
u32 mtu; u32 mtu;
uint fl; uint fl;
if (!(i = nl_checkin(h, sizeof(*i))) || !nl_parse_attrs(IFLA_RTA(i), a, sizeof(a))) if (!(i = nl_checkin(h, sizeof(*i))) || !nl_parse_attrs(IFLA_RTA(i), ifla_attr_want, a, sizeof(a)))
return; return;
if (!a[IFLA_IFNAME] || RTA_PAYLOAD(a[IFLA_IFNAME]) < 2 || if (!a[IFLA_IFNAME] || (RTA_PAYLOAD(a[IFLA_IFNAME]) < 2) || !a[IFLA_MTU])
!a[IFLA_MTU] || RTA_PAYLOAD(a[IFLA_MTU]) != 4)
{ {
if (scan || !a[IFLA_WIRELESS]) /*
log(L_ERR "nl_parse_link: Malformed message received"); * IFLA_IFNAME and IFLA_MTU are required, in fact, but there may also come
* a message with IFLA_WIRELESS set, where (e.g.) no IFLA_IFNAME exists.
* We simply ignore all such messages with IFLA_WIRELESS without notice.
*/
if (a[IFLA_WIRELESS])
return;
log(L_ERR "KIF: Malformed message received");
return; return;
} }
name = RTA_DATA(a[IFLA_IFNAME]); name = RTA_DATA(a[IFLA_IFNAME]);
memcpy(&mtu, RTA_DATA(a[IFLA_MTU]), sizeof(u32)); mtu = rta_get_u32(a[IFLA_MTU]);
ifi = if_find_by_index(i->ifi_index); ifi = if_find_by_index(i->ifi_index);
if (!new) if (!new)
@ -505,26 +601,40 @@ static void
nl_parse_addr(struct nlmsghdr *h, int scan) nl_parse_addr(struct nlmsghdr *h, int scan)
{ {
struct ifaddrmsg *i; struct ifaddrmsg *i;
struct rtattr *a[IFA_ANYCAST+1]; struct rtattr *a[BIRD_IFA_MAX];
int new = h->nlmsg_type == RTM_NEWADDR; int new = h->nlmsg_type == RTM_NEWADDR;
struct ifa ifa; struct ifa ifa;
struct iface *ifi; struct iface *ifi;
int scope; int scope;
if (!(i = nl_checkin(h, sizeof(*i))) || !nl_parse_attrs(IFA_RTA(i), a, sizeof(a))) if (!(i = nl_checkin(h, sizeof(*i))))
return; return;
if (i->ifa_family != BIRD_AF)
return; switch (i->ifa_family)
if (!a[IFA_ADDRESS] || RTA_PAYLOAD(a[IFA_ADDRESS]) != sizeof(ip_addr)
#ifdef IPV6
|| a[IFA_LOCAL] && RTA_PAYLOAD(a[IFA_LOCAL]) != sizeof(ip_addr)
#else
|| !a[IFA_LOCAL] || RTA_PAYLOAD(a[IFA_LOCAL]) != sizeof(ip_addr)
|| (a[IFA_BROADCAST] && RTA_PAYLOAD(a[IFA_BROADCAST]) != sizeof(ip_addr))
#endif
)
{ {
log(L_ERR "nl_parse_addr: Malformed message received"); #ifndef IPV6
case AF_INET:
if (!nl_parse_attrs(IFA_RTA(i), ifa_attr_want4, a, sizeof(a)))
return;
if (!a[IFA_LOCAL])
{
log(L_ERR "KIF: Malformed message received (missing IFA_LOCAL)");
return;
}
break;
#else
case AF_INET6:
if (!nl_parse_attrs(IFA_RTA(i), ifa_attr_want6, a, sizeof(a)))
return;
break;
#endif
default:
return;
}
if (!a[IFA_ADDRESS])
{
log(L_ERR "KIF: Malformed message received (missing IFA_ADDRESS)");
return; return;
} }
@ -640,7 +750,23 @@ kif_do_scan(struct kif_proto *p UNUSED)
* Routes * Routes
*/ */
static struct krt_proto *nl_table_map[NL_NUM_TABLES]; static inline u32
krt_table_id(struct krt_proto *p)
{
return KRT_CF->sys.table_id;
}
static HASH(struct krt_proto) nl_table_map;
#define RTH_FN(k) u32_hash(k)
#define RTH_EQ(k1,k2) k1 == k2
#define RTH_KEY(p) krt_table_id(p)
#define RTH_NEXT(p) p->sys.hash_next
#define RTH_REHASH rth_rehash
#define RTH_PARAMS /8, *2, 2, 2, 6, 20
HASH_DEFINE_REHASH_FN(RTH, struct krt_proto)
int int
krt_capable(rte *e) krt_capable(rte *e)
@ -698,12 +824,15 @@ nl_send_route(struct krt_proto *p, rte *e, struct ea_list *eattrs, int new)
r.r.rtm_family = BIRD_AF; r.r.rtm_family = BIRD_AF;
r.r.rtm_dst_len = net->n.pxlen; r.r.rtm_dst_len = net->n.pxlen;
r.r.rtm_tos = 0;
r.r.rtm_table = KRT_CF->sys.table_id;
r.r.rtm_protocol = RTPROT_BIRD; r.r.rtm_protocol = RTPROT_BIRD;
r.r.rtm_scope = RT_SCOPE_UNIVERSE; r.r.rtm_scope = RT_SCOPE_UNIVERSE;
nl_add_attr_ipa(&r.h, sizeof(r), RTA_DST, net->n.prefix); nl_add_attr_ipa(&r.h, sizeof(r), RTA_DST, net->n.prefix);
if (krt_table_id(p) < 256)
r.r.rtm_table = krt_table_id(p);
else
nl_add_attr_u32(&r.h, sizeof(r), RTA_TABLE, krt_table_id(p));
/* For route delete, we do not specify route attributes */ /* For route delete, we do not specify route attributes */
if (!new) if (!new)
return nl_exchange(&r.h); return nl_exchange(&r.h);
@ -799,31 +928,35 @@ nl_parse_route(struct nlmsghdr *h, int scan)
{ {
struct krt_proto *p; struct krt_proto *p;
struct rtmsg *i; struct rtmsg *i;
struct rtattr *a[RTA_CACHEINFO+1]; struct rtattr *a[BIRD_RTA_MAX];
int new = h->nlmsg_type == RTM_NEWROUTE; int new = h->nlmsg_type == RTM_NEWROUTE;
ip_addr dst = IPA_NONE; ip_addr dst = IPA_NONE;
u32 oif = ~0; u32 oif = ~0;
u32 table;
int src; int src;
if (!(i = nl_checkin(h, sizeof(*i))) || !nl_parse_attrs(RTM_RTA(i), a, sizeof(a))) if (!(i = nl_checkin(h, sizeof(*i))))
return; return;
if (i->rtm_family != BIRD_AF)
return; switch (i->rtm_family)
if ((a[RTA_DST] && RTA_PAYLOAD(a[RTA_DST]) != sizeof(ip_addr)) ||
#ifdef IPV6
(a[RTA_IIF] && RTA_PAYLOAD(a[RTA_IIF]) != 4) ||
#endif
(a[RTA_OIF] && RTA_PAYLOAD(a[RTA_OIF]) != 4) ||
(a[RTA_GATEWAY] && RTA_PAYLOAD(a[RTA_GATEWAY]) != sizeof(ip_addr)) ||
(a[RTA_PRIORITY] && RTA_PAYLOAD(a[RTA_PRIORITY]) != 4) ||
(a[RTA_PREFSRC] && RTA_PAYLOAD(a[RTA_PREFSRC]) != sizeof(ip_addr)) ||
(a[RTA_FLOW] && RTA_PAYLOAD(a[RTA_FLOW]) != 4))
{ {
log(L_ERR "KRT: Malformed message received"); #ifndef IPV6
case AF_INET:
if (!nl_parse_attrs(RTM_RTA(i), rtm_attr_want4, a, sizeof(a)))
return;
break;
#else
case AF_INET6:
if (!nl_parse_attrs(RTM_RTA(i), rtm_attr_want6, a, sizeof(a)))
return;
break;
#endif
default:
return; return;
} }
if (a[RTA_DST]) if (a[RTA_DST])
{ {
memcpy(&dst, RTA_DATA(a[RTA_DST]), sizeof(dst)); memcpy(&dst, RTA_DATA(a[RTA_DST]), sizeof(dst));
@ -831,12 +964,17 @@ nl_parse_route(struct nlmsghdr *h, int scan)
} }
if (a[RTA_OIF]) if (a[RTA_OIF])
memcpy(&oif, RTA_DATA(a[RTA_OIF]), sizeof(oif)); oif = rta_get_u32(a[RTA_OIF]);
p = nl_table_map[i->rtm_table]; /* Do we know this table? */ if (a[RTA_TABLE])
DBG("KRT: Got %I/%d, type=%d, oif=%d, table=%d, prid=%d, proto=%s\n", dst, i->rtm_dst_len, i->rtm_type, oif, i->rtm_table, i->rtm_protocol, p ? p->p.name : "(none)"); table = rta_get_u32(a[RTA_TABLE]);
else
table = i->rtm_table;
p = HASH_FIND(nl_table_map, RTH, table); /* Do we know this table? */
DBG("KRT: Got %I/%d, type=%d, oif=%d, table=%d, prid=%d, proto=%s\n", dst, i->rtm_dst_len, i->rtm_type, oif, table, i->rtm_protocol, p ? p->p.name : "(none)");
if (!p) if (!p)
SKIP("unknown table %d\n", i->rtm_table); SKIP("unknown table %d\n", table);
#ifdef IPV6 #ifdef IPV6
@ -895,7 +1033,7 @@ nl_parse_route(struct nlmsghdr *h, int scan)
{ {
case RTN_UNICAST: case RTN_UNICAST:
if (a[RTA_MULTIPATH]) if (a[RTA_MULTIPATH] && (i->rtm_family == AF_INET))
{ {
ra.dest = RTD_MULTIPATH; ra.dest = RTD_MULTIPATH;
ra.nexthops = nl_parse_multipath(p, a[RTA_MULTIPATH]); ra.nexthops = nl_parse_multipath(p, a[RTA_MULTIPATH]);
@ -965,11 +1103,10 @@ nl_parse_route(struct nlmsghdr *h, int scan)
e->u.krt.src = src; e->u.krt.src = src;
e->u.krt.proto = i->rtm_protocol; e->u.krt.proto = i->rtm_protocol;
e->u.krt.type = i->rtm_type; e->u.krt.type = i->rtm_type;
e->u.krt.metric = 0;
if (a[RTA_PRIORITY]) if (a[RTA_PRIORITY])
memcpy(&e->u.krt.metric, RTA_DATA(a[RTA_PRIORITY]), sizeof(e->u.krt.metric)); e->u.krt.metric = rta_get_u32(a[RTA_PRIORITY]);
else
e->u.krt.metric = 0;
if (a[RTA_PREFSRC]) if (a[RTA_PREFSRC])
{ {
@ -1000,7 +1137,7 @@ nl_parse_route(struct nlmsghdr *h, int scan)
ea->attrs[0].id = EA_KRT_REALM; ea->attrs[0].id = EA_KRT_REALM;
ea->attrs[0].flags = 0; ea->attrs[0].flags = 0;
ea->attrs[0].type = EAF_TYPE_INT; ea->attrs[0].type = EAF_TYPE_INT;
memcpy(&ea->attrs[0].u.data, RTA_DATA(a[RTA_FLOW]), 4); ea->attrs[0].u.data = rta_get_u32(a[RTA_FLOW]);
} }
if (a[RTA_METRICS]) if (a[RTA_METRICS])
@ -1074,11 +1211,13 @@ nl_async_msg(struct nlmsghdr *h)
case RTM_NEWLINK: case RTM_NEWLINK:
case RTM_DELLINK: case RTM_DELLINK:
DBG("KRT: Received async link notification (%d)\n", h->nlmsg_type); DBG("KRT: Received async link notification (%d)\n", h->nlmsg_type);
if (kif_proto)
nl_parse_link(h, 0); nl_parse_link(h, 0);
break; break;
case RTM_NEWADDR: case RTM_NEWADDR:
case RTM_DELADDR: case RTM_DELADDR:
DBG("KRT: Received async address notification (%d)\n", h->nlmsg_type); DBG("KRT: Received async address notification (%d)\n", h->nlmsg_type);
if (kif_proto)
nl_parse_addr(h, 0); nl_parse_addr(h, 0);
break; break;
default: default:
@ -1177,25 +1316,41 @@ nl_open_async(void)
bug("Netlink: sk_open failed"); bug("Netlink: sk_open failed");
} }
/* /*
* Interface to the UNIX krt module * Interface to the UNIX krt module
*/ */
static u8 nl_cf_table[(NL_NUM_TABLES+7) / 8];
void void
krt_sys_io_init(void)
{
HASH_INIT(nl_table_map, krt_pool, 6);
}
int
krt_sys_start(struct krt_proto *p) krt_sys_start(struct krt_proto *p)
{ {
nl_table_map[KRT_CF->sys.table_id] = p; struct krt_proto *old = HASH_FIND(nl_table_map, RTH, krt_table_id(p));
if (old)
{
log(L_ERR "%s: Kernel table %u already registered by %s",
p->p.name, krt_table_id(p), old->p.name);
return 0;
}
HASH_INSERT2(nl_table_map, RTH, krt_pool, p);
nl_open(); nl_open();
nl_open_async(); nl_open_async();
return 1;
} }
void void
krt_sys_shutdown(struct krt_proto *p UNUSED) krt_sys_shutdown(struct krt_proto *p)
{ {
nl_table_map[KRT_CF->sys.table_id] = NULL; HASH_REMOVE2(nl_table_map, RTH, krt_pool, p);
} }
int int
@ -1204,23 +1359,6 @@ krt_sys_reconfigure(struct krt_proto *p UNUSED, struct krt_config *n, struct krt
return n->sys.table_id == o->sys.table_id; return n->sys.table_id == o->sys.table_id;
} }
void
krt_sys_preconfig(struct config *c UNUSED)
{
bzero(&nl_cf_table, sizeof(nl_cf_table));
}
void
krt_sys_postconfig(struct krt_config *x)
{
int id = x->sys.table_id;
if (nl_cf_table[id/8] & (1 << (id%8)))
cf_error("Multiple kernel syncers defined for table #%d", id);
nl_cf_table[id/8] |= (1 << (id%8));
}
void void
krt_sys_init_config(struct krt_config *cf) krt_sys_init_config(struct krt_config *cf)
{ {

View File

@ -1328,6 +1328,18 @@ sk_passive_connected(sock *s, int type)
log(L_WARN "SOCK: Cannot get remote IP address for TCP<"); log(L_WARN "SOCK: Cannot get remote IP address for TCP<");
} }
if (fd >= FD_SETSIZE)
{
/* FIXME: Call err_hook instead ? */
log(L_ERR "SOCK: Incoming connection from %I%J (port %d) %s",
t->daddr, ipa_is_link_local(t->daddr) ? t->iface : NULL,
t->dport, "rejected due to FD_SETSIZE limit");
close(fd);
t->fd = -1;
rfree(t);
return 1;
}
if (sk_setup(t) < 0) if (sk_setup(t) < 0)
{ {
/* FIXME: Call err_hook instead ? */ /* FIXME: Call err_hook instead ? */
@ -1404,6 +1416,9 @@ sk_open(sock *s)
if (fd < 0) if (fd < 0)
ERR("socket"); ERR("socket");
if (fd >= FD_SETSIZE)
ERR2("FD_SETSIZE limit reached");
s->af = af; s->af = af;
s->fd = fd; s->fd = fd;

View File

@ -77,14 +77,15 @@ krt_io_init(void)
krt_pool = rp_new(&root_pool, "Kernel Syncer"); krt_pool = rp_new(&root_pool, "Kernel Syncer");
krt_filter_lp = lp_new(krt_pool, 4080); krt_filter_lp = lp_new(krt_pool, 4080);
init_list(&krt_proto_list); init_list(&krt_proto_list);
krt_sys_io_init();
} }
/* /*
* Interfaces * Interfaces
*/ */
struct kif_proto *kif_proto;
static struct kif_config *kif_cf; static struct kif_config *kif_cf;
static struct kif_proto *kif_proto;
static timer *kif_scan_timer; static timer *kif_scan_timer;
static bird_clock_t kif_last_shot; static bird_clock_t kif_last_shot;
@ -1126,7 +1127,11 @@ krt_start(struct proto *P)
krt_learn_init(p); krt_learn_init(p);
#endif #endif
krt_sys_start(p); if (!krt_sys_start(p))
{
rem_node(&p->krt_node);
return PS_START;
}
krt_scan_timer_start(p); krt_scan_timer_start(p);
@ -1150,8 +1155,10 @@ krt_shutdown(struct proto *P)
p->ready = 0; p->ready = 0;
p->initialized = 0; p->initialized = 0;
krt_sys_shutdown(p); if (p->p.proto_state == PS_START)
return PS_DOWN;
krt_sys_shutdown(p);
rem_node(&p->krt_node); rem_node(&p->krt_node);
return PS_DOWN; return PS_DOWN;

View File

@ -112,6 +112,8 @@ struct kif_proto {
struct kif_state sys; /* Sysdep state */ struct kif_state sys; /* Sysdep state */
}; };
struct kif_proto *kif_proto;
#define KIF_CF ((struct kif_config *)p->p.cf) #define KIF_CF ((struct kif_config *)p->p.cf)
struct proto_config * krt_init_config(int class); struct proto_config * krt_init_config(int class);
@ -119,8 +121,9 @@ struct proto_config * krt_init_config(int class);
/* krt sysdep */ /* krt sysdep */
void krt_sys_io_init(void);
void krt_sys_init(struct krt_proto *); void krt_sys_init(struct krt_proto *);
void krt_sys_start(struct krt_proto *); int krt_sys_start(struct krt_proto *);
void krt_sys_shutdown(struct krt_proto *); void krt_sys_shutdown(struct krt_proto *);
int krt_sys_reconfigure(struct krt_proto *p UNUSED, struct krt_config *n, struct krt_config *o); int krt_sys_reconfigure(struct krt_proto *p UNUSED, struct krt_config *n, struct krt_config *o);

View File

@ -96,7 +96,7 @@ drop_gid(gid_t gid)
static inline void static inline void
add_num_const(char *name, int val) add_num_const(char *name, int val)
{ {
struct symbol *s = cf_find_symbol(name); struct symbol *s = cf_get_symbol(name);
s->class = SYM_CONSTANT | T_INT; s->class = SYM_CONSTANT | T_INT;
s->def = cfg_allocz(sizeof(struct f_val)); s->def = cfg_allocz(sizeof(struct f_val));
SYM_TYPE(s) = T_INT; SYM_TYPE(s) = T_INT;