Annotation of embedaddon/bird2/proto/rip/packets.c, revision 1.1
1.1 ! misho 1: /*
! 2: * BIRD -- Routing Information Protocol (RIP)
! 3: *
! 4: * (c) 1998--1999 Pavel Machek <pavel@ucw.cz>
! 5: * (c) 2004--2013 Ondrej Filip <feela@network.cz>
! 6: * (c) 2009--2015 Ondrej Zajicek <santiago@crfreenet.org>
! 7: * (c) 2009--2015 CZ.NIC z.s.p.o.
! 8: *
! 9: * Can be freely distributed and used under the terms of the GNU GPL.
! 10: */
! 11:
! 12: #undef LOCAL_DEBUG
! 13:
! 14: #include "rip.h"
! 15: #include "lib/mac.h"
! 16:
! 17:
! 18: #define RIP_CMD_REQUEST 1 /* want info */
! 19: #define RIP_CMD_RESPONSE 2 /* responding to request */
! 20:
! 21: #define RIP_BLOCK_LENGTH 20
! 22: #define RIP_PASSWD_LENGTH 16
! 23:
! 24: #define RIP_AF_IPV4 2
! 25: #define RIP_AF_AUTH 0xffff
! 26:
! 27:
! 28: /* RIP packet header */
! 29: struct rip_packet
! 30: {
! 31: u8 command;
! 32: u8 version;
! 33: u16 unused;
! 34: };
! 35:
! 36: /* RTE block for RIPv2 */
! 37: struct rip_block_v2
! 38: {
! 39: u16 family;
! 40: u16 tag;
! 41: ip4_addr network;
! 42: ip4_addr netmask;
! 43: ip4_addr next_hop;
! 44: u32 metric;
! 45: };
! 46:
! 47: /* RTE block for RIPng */
! 48: struct rip_block_ng
! 49: {
! 50: ip6_addr prefix;
! 51: u16 tag;
! 52: u8 pxlen;
! 53: u8 metric;
! 54: };
! 55:
! 56: /* Authentication block for RIPv2 */
! 57: struct rip_block_auth
! 58: {
! 59: u16 must_be_ffff;
! 60: u16 auth_type;
! 61: union {
! 62: char password[16];
! 63: struct {
! 64: u16 packet_len;
! 65: u8 key_id;
! 66: u8 auth_len;
! 67: u32 seq_num;
! 68: u32 unused1;
! 69: u32 unused2;
! 70: };
! 71: };
! 72: };
! 73:
! 74: /* Authentication tail, RFC 4822 */
! 75: struct rip_auth_tail
! 76: {
! 77: u16 must_be_ffff;
! 78: u16 must_be_0001;
! 79: byte auth_data[0];
! 80: };
! 81:
! 82: /* Internal representation of RTE block data */
! 83: struct rip_block
! 84: {
! 85: net_addr net;
! 86: u32 metric;
! 87: u16 tag;
! 88: u16 no_af;
! 89: ip_addr next_hop;
! 90: };
! 91:
! 92:
! 93: #define DROP(DSC,VAL) do { err_dsc = DSC; err_val = VAL; goto drop; } while(0)
! 94: #define DROP1(DSC) do { err_dsc = DSC; goto drop; } while(0)
! 95: #define SKIP(DSC) do { err_dsc = DSC; goto skip; } while(0)
! 96:
! 97: #define LOG_PKT(msg, args...) \
! 98: log_rl(&p->log_pkt_tbf, L_REMOTE "%s: " msg, p->p.name, args)
! 99:
! 100: #define LOG_PKT_AUTH(msg, args...) \
! 101: log_rl(&p->log_pkt_tbf, L_AUTH "%s: " msg, p->p.name, args)
! 102:
! 103: #define LOG_RTE(msg, args...) \
! 104: log_rl(&p->log_rte_tbf, L_REMOTE "%s: " msg, p->p.name, args)
! 105:
! 106:
! 107: static inline void * rip_tx_buffer(struct rip_iface *ifa)
! 108: { return ifa->sk->tbuf; }
! 109:
! 110: static inline uint rip_pkt_hdrlen(struct rip_iface *ifa)
! 111: { return sizeof(struct rip_packet) + (ifa->cf->auth_type ? RIP_BLOCK_LENGTH : 0); }
! 112:
! 113: static inline void
! 114: rip_put_block(struct rip_proto *p, byte *pos, struct rip_block *rte)
! 115: {
! 116: if (rip_is_v2(p))
! 117: {
! 118: struct rip_block_v2 *block = (void *) pos;
! 119: block->family = rte->no_af ? 0 : htons(RIP_AF_IPV4);
! 120: block->tag = htons(rte->tag);
! 121: block->network = ip4_hton(net4_prefix(&rte->net));
! 122: block->netmask = ip4_hton(ip4_mkmask(net4_pxlen(&rte->net)));
! 123: block->next_hop = ip4_hton(ipa_to_ip4(rte->next_hop));
! 124: block->metric = htonl(rte->metric);
! 125: }
! 126: else /* RIPng */
! 127: {
! 128: struct rip_block_ng *block = (void *) pos;
! 129: block->prefix = ip6_hton(net6_prefix(&rte->net));
! 130: block->tag = htons(rte->tag);
! 131: block->pxlen = net6_pxlen(&rte->net);
! 132: block->metric = rte->metric;
! 133: }
! 134: }
! 135:
! 136: static inline void
! 137: rip_put_next_hop(struct rip_proto *p UNUSED, byte *pos, struct rip_block *rte)
! 138: {
! 139: struct rip_block_ng *block = (void *) pos;
! 140: block->prefix = ip6_hton(ipa_to_ip6(rte->next_hop));
! 141: block->tag = 0;
! 142: block->pxlen = 0;
! 143: block->metric = 0xff;
! 144: }
! 145:
! 146: static inline int
! 147: rip_get_block(struct rip_proto *p, byte *pos, struct rip_block *rte)
! 148: {
! 149: if (rip_is_v2(p))
! 150: {
! 151: struct rip_block_v2 *block = (void *) pos;
! 152:
! 153: /* Skip blocks with strange AF, including authentication blocks */
! 154: if (block->family != (rte->no_af ? 0 : htons(RIP_AF_IPV4)))
! 155: return 0;
! 156:
! 157: uint pxlen = ip4_masklen(ip4_ntoh(block->netmask));
! 158: net_fill_ip4(&rte->net, ip4_ntoh(block->network), pxlen);
! 159: rte->metric = ntohl(block->metric);
! 160: rte->tag = ntohs(block->tag);
! 161: rte->next_hop = ipa_from_ip4(ip4_ntoh(block->next_hop));
! 162:
! 163: return 1;
! 164: }
! 165: else /* RIPng */
! 166: {
! 167: struct rip_block_ng *block = (void *) pos;
! 168:
! 169: /* Handle and skip next hop blocks */
! 170: if (block->metric == 0xff)
! 171: {
! 172: rte->next_hop = ipa_from_ip6(ip6_ntoh(block->prefix));
! 173: if (!ipa_is_link_local(rte->next_hop)) rte->next_hop = IPA_NONE;
! 174: return 0;
! 175: }
! 176:
! 177: uint pxlen = (block->pxlen <= IP6_MAX_PREFIX_LENGTH) ? block->pxlen : 255;
! 178: net_fill_ip6(&rte->net, ip6_ntoh(block->prefix), pxlen);
! 179: rte->metric = block->metric;
! 180: rte->tag = ntohs(block->tag);
! 181: /* rte->next_hop is deliberately kept unmodified */;
! 182:
! 183: return 1;
! 184: }
! 185: }
! 186:
! 187: static inline void
! 188: rip_update_csn(struct rip_proto *p UNUSED, struct rip_iface *ifa)
! 189: {
! 190: /*
! 191: * We update crypto sequence numbers at the beginning of update session to
! 192: * avoid issues with packet reordering, so packets inside one update session
! 193: * have the same CSN. We are using real time, but enforcing monotonicity.
! 194: */
! 195: if (ifa->cf->auth_type == RIP_AUTH_CRYPTO)
! 196: {
! 197: u32 now_real = (u32) (current_real_time() TO_S);
! 198: ifa->csn = (ifa->csn < now_real) ? now_real : ifa->csn + 1;
! 199: }
! 200: }
! 201:
! 202: static void
! 203: rip_fill_authentication(struct rip_proto *p, struct rip_iface *ifa, struct rip_packet *pkt, uint *plen)
! 204: {
! 205: struct rip_block_auth *auth = (void *) (pkt + 1);
! 206: struct password_item *pass = password_find(ifa->cf->passwords, 0);
! 207:
! 208: if (!pass)
! 209: {
! 210: /* FIXME: This should not happen */
! 211: log(L_ERR "%s: No suitable password found for authentication", p->p.name);
! 212: memset(auth, 0, sizeof(struct rip_block_auth));
! 213: return;
! 214: }
! 215:
! 216: switch (ifa->cf->auth_type)
! 217: {
! 218: case RIP_AUTH_PLAIN:
! 219: auth->must_be_ffff = htons(0xffff);
! 220: auth->auth_type = htons(RIP_AUTH_PLAIN);
! 221: strncpy(auth->password, pass->password, RIP_PASSWD_LENGTH);
! 222: return;
! 223:
! 224: case RIP_AUTH_CRYPTO:
! 225: auth->must_be_ffff = htons(0xffff);
! 226: auth->auth_type = htons(RIP_AUTH_CRYPTO);
! 227: auth->packet_len = htons(*plen);
! 228: auth->key_id = pass->id;
! 229: auth->auth_len = mac_type_length(pass->alg);
! 230: auth->seq_num = ifa->csn_ready ? htonl(ifa->csn) : 0;
! 231: auth->unused1 = 0;
! 232: auth->unused2 = 0;
! 233: ifa->csn_ready = 1;
! 234:
! 235: if (pass->alg < ALG_HMAC)
! 236: auth->auth_len += sizeof(struct rip_auth_tail);
! 237:
! 238: /*
! 239: * Note that RFC 4822 is unclear whether auth_len should cover whole
! 240: * authentication trailer or just auth_data length.
! 241: *
! 242: * FIXME: We should use just auth_data length by default. Currently we put
! 243: * the whole auth trailer length in keyed hash case to keep old behavior,
! 244: * but we put just auth_data length in the new HMAC case. Note that Quagga
! 245: * has config option for this.
! 246: *
! 247: * Crypto sequence numbers are increased by sender in rip_update_csn().
! 248: * First CSN should be zero, this is handled by csn_ready.
! 249: */
! 250:
! 251: struct rip_auth_tail *tail = (void *) ((byte *) pkt + *plen);
! 252: tail->must_be_ffff = htons(0xffff);
! 253: tail->must_be_0001 = htons(0x0001);
! 254:
! 255: uint auth_len = mac_type_length(pass->alg);
! 256: *plen += sizeof(struct rip_auth_tail) + auth_len;
! 257:
! 258: /* Append key for keyed hash, append padding for HMAC (RFC 4822 2.5) */
! 259: if (pass->alg < ALG_HMAC)
! 260: strncpy(tail->auth_data, pass->password, auth_len);
! 261: else
! 262: memset32(tail->auth_data, HMAC_MAGIC, auth_len / 4);
! 263:
! 264: mac_fill(pass->alg, pass->password, pass->length,
! 265: (byte *) pkt, *plen, tail->auth_data);
! 266: return;
! 267:
! 268: default:
! 269: bug("Unknown authentication type");
! 270: }
! 271: }
! 272:
! 273: static int
! 274: rip_check_authentication(struct rip_proto *p, struct rip_iface *ifa, struct rip_packet *pkt, uint *plen, struct rip_neighbor *n)
! 275: {
! 276: struct rip_block_auth *auth = (void *) (pkt + 1);
! 277: struct password_item *pass = NULL;
! 278: const char *err_dsc = NULL;
! 279: uint err_val = 0;
! 280: uint auth_type = 0;
! 281:
! 282: /* Check for authentication entry */
! 283: if ((*plen >= (sizeof(struct rip_packet) + sizeof(struct rip_block_auth))) &&
! 284: (auth->must_be_ffff == htons(0xffff)))
! 285: auth_type = ntohs(auth->auth_type);
! 286:
! 287: if (auth_type != ifa->cf->auth_type)
! 288: DROP("authentication method mismatch", auth_type);
! 289:
! 290: switch (auth_type)
! 291: {
! 292: case RIP_AUTH_NONE:
! 293: return 1;
! 294:
! 295: case RIP_AUTH_PLAIN:
! 296: pass = password_find_by_value(ifa->cf->passwords, auth->password, RIP_PASSWD_LENGTH);
! 297: if (!pass)
! 298: DROP1("wrong password");
! 299:
! 300: return 1;
! 301:
! 302: case RIP_AUTH_CRYPTO:
! 303: pass = password_find_by_id(ifa->cf->passwords, auth->key_id);
! 304: if (!pass)
! 305: DROP("no suitable password found", auth->key_id);
! 306:
! 307: uint data_len = ntohs(auth->packet_len);
! 308: uint auth_len = mac_type_length(pass->alg);
! 309: uint auth_len2 = sizeof(struct rip_auth_tail) + auth_len;
! 310:
! 311: /*
! 312: * Ideally, first check should be check for internal consistency:
! 313: * (data_len + sizeof(struct rip_auth_tail) + auth->auth_len) != *plen
! 314: *
! 315: * Second one should check expected code length:
! 316: * auth->auth_len != auth_len
! 317: *
! 318: * But as auth->auth_len has two interpretations, we simplify this
! 319: */
! 320:
! 321: if (data_len + auth_len2 != *plen)
! 322: DROP("packet length mismatch", *plen);
! 323:
! 324: /* Warning: two interpretations of auth_len field */
! 325: if ((auth->auth_len != auth_len) && (auth->auth_len != auth_len2))
! 326: DROP("wrong authentication length", auth->auth_len);
! 327:
! 328: struct rip_auth_tail *tail = (void *) ((byte *) pkt + data_len);
! 329: if ((tail->must_be_ffff != htons(0xffff)) || (tail->must_be_0001 != htons(0x0001)))
! 330: DROP1("authentication trailer is missing");
! 331:
! 332: /* Accept higher sequence number, or zero if connectivity is lost */
! 333: /* FIXME: sequence number must be password/SA specific */
! 334: u32 rcv_csn = ntohl(auth->seq_num);
! 335: if ((rcv_csn < n->csn) && (rcv_csn || n->uc))
! 336: {
! 337: /* We want to report both new and old CSN */
! 338: LOG_PKT_AUTH("Authentication failed for %I on %s - "
! 339: "lower sequence number (rcv %u, old %u)",
! 340: n->nbr->addr, ifa->iface->name, rcv_csn, n->csn);
! 341: return 0;
! 342: }
! 343:
! 344: byte *auth_data = alloca(auth_len);
! 345: memcpy(auth_data, tail->auth_data, auth_len);
! 346:
! 347: /* Append key for keyed hash, append padding for HMAC (RFC 4822 2.5) */
! 348: if (pass->alg < ALG_HMAC)
! 349: strncpy(tail->auth_data, pass->password, auth_len);
! 350: else
! 351: memset32(tail->auth_data, HMAC_MAGIC, auth_len / 4);
! 352:
! 353: if (!mac_verify(pass->alg, pass->password, pass->length,
! 354: (byte *) pkt, *plen, auth_data))
! 355: DROP("wrong authentication code", pass->id);
! 356:
! 357: *plen = data_len;
! 358: n->csn = rcv_csn;
! 359:
! 360: return 1;
! 361: }
! 362:
! 363: drop:
! 364: LOG_PKT_AUTH("Authentication failed for %I on %s - %s (%u)",
! 365: n->nbr->addr, ifa->iface->name, err_dsc, err_val);
! 366:
! 367: return 0;
! 368: }
! 369:
! 370: static inline int
! 371: rip_send_to(struct rip_proto *p, struct rip_iface *ifa, struct rip_packet *pkt, uint plen, ip_addr dst)
! 372: {
! 373: if (ifa->cf->auth_type)
! 374: rip_fill_authentication(p, ifa, pkt, &plen);
! 375:
! 376: return sk_send_to(ifa->sk, plen, dst, 0);
! 377: }
! 378:
! 379:
! 380: void
! 381: rip_send_request(struct rip_proto *p, struct rip_iface *ifa)
! 382: {
! 383: byte *pos = rip_tx_buffer(ifa);
! 384:
! 385: struct rip_packet *pkt = (void *) pos;
! 386: pkt->command = RIP_CMD_REQUEST;
! 387: pkt->version = ifa->cf->version;
! 388: pkt->unused = 0;
! 389: pos += rip_pkt_hdrlen(ifa);
! 390:
! 391: struct rip_block b = { .no_af = 1, .metric = p->infinity };
! 392: rip_put_block(p, pos, &b);
! 393: pos += RIP_BLOCK_LENGTH;
! 394:
! 395: rip_update_csn(p, ifa);
! 396:
! 397: TRACE(D_PACKETS, "Sending request via %s", ifa->iface->name);
! 398: rip_send_to(p, ifa, pkt, pos - (byte *) pkt, ifa->addr);
! 399: }
! 400:
! 401: static void
! 402: rip_receive_request(struct rip_proto *p, struct rip_iface *ifa, struct rip_packet *pkt, uint plen, struct rip_neighbor *from)
! 403: {
! 404: TRACE(D_PACKETS, "Request received from %I on %s", from->nbr->addr, ifa->iface->name);
! 405:
! 406: byte *pos = (byte *) pkt + rip_pkt_hdrlen(ifa);
! 407:
! 408: /* We expect one regular block */
! 409: if (plen != (rip_pkt_hdrlen(ifa) + RIP_BLOCK_LENGTH))
! 410: return;
! 411:
! 412: struct rip_block b = { .no_af = 1 };
! 413:
! 414: if (!rip_get_block(p, pos, &b))
! 415: return;
! 416:
! 417: /* Special case - infinity metric, for RIPng also zero prefix */
! 418: if ((b.metric != p->infinity) ||
! 419: (rip_is_ng(p) && !net_zero_ip6((net_addr_ip6 *) &b.net)))
! 420: return;
! 421:
! 422: /* We do nothing if TX is already active */
! 423: if (ifa->tx_active)
! 424: {
! 425: TRACE(D_EVENTS, "Skipping request from %I on %s, TX is busy", from->nbr->addr, ifa->iface->name);
! 426: return;
! 427: }
! 428:
! 429: if (!ifa->cf->passive)
! 430: rip_send_table(p, ifa, from->nbr->addr, 0);
! 431: }
! 432:
! 433:
! 434: static int
! 435: rip_send_response(struct rip_proto *p, struct rip_iface *ifa)
! 436: {
! 437: if (! ifa->tx_active)
! 438: return 0;
! 439:
! 440: byte *pos = rip_tx_buffer(ifa);
! 441: byte *max = rip_tx_buffer(ifa) + ifa->tx_plen -
! 442: (rip_is_v2(p) ? RIP_BLOCK_LENGTH : 2*RIP_BLOCK_LENGTH);
! 443: ip_addr last_next_hop = IPA_NONE;
! 444: btime now_ = current_time();
! 445: int send = 0;
! 446:
! 447: struct rip_packet *pkt = (void *) pos;
! 448: pkt->command = RIP_CMD_RESPONSE;
! 449: pkt->version = ifa->cf->version;
! 450: pkt->unused = 0;
! 451: pos += rip_pkt_hdrlen(ifa);
! 452:
! 453: FIB_ITERATE_START(&p->rtable, &ifa->tx_fit, struct rip_entry, en)
! 454: {
! 455: /* Dummy entries */
! 456: if (!en->valid)
! 457: goto next_entry;
! 458:
! 459: /* Stale entries that should be removed */
! 460: if ((en->valid == RIP_ENTRY_STALE) &&
! 461: ((en->changed + ifa->cf->garbage_time) <= now_))
! 462: goto next_entry;
! 463:
! 464: /* Triggered updates */
! 465: if (en->changed < ifa->tx_changed)
! 466: goto next_entry;
! 467:
! 468: /* Not enough space for current entry */
! 469: if (pos > max)
! 470: {
! 471: FIB_ITERATE_PUT(&ifa->tx_fit);
! 472: goto break_loop;
! 473: }
! 474:
! 475: struct rip_block rte = {
! 476: .metric = en->metric,
! 477: .tag = en->tag
! 478: };
! 479:
! 480: net_copy(&rte.net, en->n.addr);
! 481:
! 482: if (en->iface == ifa->iface)
! 483: rte.next_hop = en->next_hop;
! 484:
! 485: if (rip_is_v2(p) && (ifa->cf->version == RIP_V1))
! 486: {
! 487: /* Skipping subnets (i.e. not hosts, classful networks or default route) */
! 488: if (ip4_masklen(ip4_class_mask(net4_prefix(&rte.net))) != rte.net.pxlen)
! 489: goto next_entry;
! 490:
! 491: rte.tag = 0;
! 492: rte.net.pxlen = 0;
! 493: rte.next_hop = IPA_NONE;
! 494: }
! 495:
! 496: /* Split horizon */
! 497: if (en->from == ifa->iface && ifa->cf->split_horizon)
! 498: {
! 499: if (ifa->cf->poison_reverse)
! 500: {
! 501: rte.metric = p->infinity;
! 502: rte.next_hop = IPA_NONE;
! 503: }
! 504: else
! 505: goto next_entry;
! 506: }
! 507:
! 508: // TRACE(D_PACKETS, " %N -> %I metric %d", &rte.net, rte.next_hop, rte.metric);
! 509:
! 510: /* RIPng next hop entry */
! 511: if (rip_is_ng(p) && !ipa_equal(rte.next_hop, last_next_hop))
! 512: {
! 513: last_next_hop = rte.next_hop;
! 514: rip_put_next_hop(p, pos, &rte);
! 515: pos += RIP_BLOCK_LENGTH;
! 516: }
! 517:
! 518: rip_put_block(p, pos, &rte);
! 519: pos += RIP_BLOCK_LENGTH;
! 520: send = 1;
! 521:
! 522: next_entry: ;
! 523: }
! 524: FIB_ITERATE_END;
! 525: ifa->tx_active = 0;
! 526:
! 527: /* Do not send empty packet */
! 528: if (!send)
! 529: return 0;
! 530:
! 531: break_loop:
! 532: TRACE(D_PACKETS, "Sending response via %s", ifa->iface->name);
! 533: return rip_send_to(p, ifa, pkt, pos - (byte *) pkt, ifa->tx_addr);
! 534: }
! 535:
! 536: /**
! 537: * rip_send_table - RIP interface timer hook
! 538: * @p: RIP instance
! 539: * @ifa: RIP interface
! 540: * @addr: destination IP address
! 541: * @changed: time limit for triggered updates
! 542: *
! 543: * The function activates an update session and starts sending routing update
! 544: * packets (using rip_send_response()). The session may be finished during the
! 545: * call or may continue in rip_tx_hook() until all appropriate routes are
! 546: * transmitted. Note that there may be at most one active update session per
! 547: * interface, the function will terminate the old active session before
! 548: * activating the new one.
! 549: */
! 550: void
! 551: rip_send_table(struct rip_proto *p, struct rip_iface *ifa, ip_addr addr, btime changed)
! 552: {
! 553: DBG("RIP: Opening TX session to %I on %s\n", addr, ifa->iface->name);
! 554:
! 555: rip_reset_tx_session(p, ifa);
! 556:
! 557: ifa->tx_active = 1;
! 558: ifa->tx_addr = addr;
! 559: ifa->tx_changed = changed;
! 560: FIB_ITERATE_INIT(&ifa->tx_fit, &p->rtable);
! 561:
! 562: rip_update_csn(p, ifa);
! 563:
! 564: while (rip_send_response(p, ifa) > 0)
! 565: ;
! 566: }
! 567:
! 568: static void
! 569: rip_tx_hook(sock *sk)
! 570: {
! 571: struct rip_iface *ifa = sk->data;
! 572: struct rip_proto *p = ifa->rip;
! 573:
! 574: DBG("RIP: TX hook called (iface %s, src %I, dst %I)\n",
! 575: sk->iface->name, sk->saddr, sk->daddr);
! 576:
! 577: while (rip_send_response(p, ifa) > 0)
! 578: ;
! 579: }
! 580:
! 581: static void
! 582: rip_err_hook(sock *sk, int err)
! 583: {
! 584: struct rip_iface *ifa = sk->data;
! 585: struct rip_proto *p = ifa->rip;
! 586:
! 587: log(L_ERR "%s: Socket error on %s: %M", p->p.name, ifa->iface->name, err);
! 588:
! 589: rip_reset_tx_session(p, ifa);
! 590: }
! 591:
! 592: static void
! 593: rip_receive_response(struct rip_proto *p, struct rip_iface *ifa, struct rip_packet *pkt, uint plen, struct rip_neighbor *from)
! 594: {
! 595: struct rip_block rte = {};
! 596: const char *err_dsc = NULL;
! 597:
! 598: TRACE(D_PACKETS, "Response received from %I on %s", from->nbr->addr, ifa->iface->name);
! 599:
! 600: byte *pos = (byte *) pkt + sizeof(struct rip_packet);
! 601: byte *end = (byte *) pkt + plen;
! 602: btime now_ = current_time();
! 603:
! 604: for (; pos < end; pos += RIP_BLOCK_LENGTH)
! 605: {
! 606: /* Find next regular RTE */
! 607: if (!rip_get_block(p, pos, &rte))
! 608: continue;
! 609:
! 610: if (rip_is_v2(p) && (pkt->version == RIP_V1))
! 611: {
! 612: if (ifa->cf->check_zero && (rte.tag || rte.net.pxlen || ipa_nonzero(rte.next_hop)))
! 613: SKIP("RIPv1 reserved field is nonzero");
! 614:
! 615: rte.tag = 0;
! 616: rte.net.pxlen = ip4_masklen(ip4_class_mask(net4_prefix(&rte.net)));
! 617: rte.next_hop = IPA_NONE;
! 618: }
! 619:
! 620: if (rte.net.pxlen == 255)
! 621: SKIP("invalid prefix length");
! 622:
! 623: net_normalize(&rte.net);
! 624:
! 625: int c = net_classify(&rte.net);
! 626: if ((c < 0) || !(c & IADDR_HOST) || ((c & IADDR_SCOPE_MASK) <= SCOPE_LINK))
! 627: SKIP("invalid prefix");
! 628:
! 629: if (rte.metric > p->infinity)
! 630: SKIP("invalid metric");
! 631:
! 632: if (ipa_nonzero(rte.next_hop))
! 633: {
! 634: neighbor *nbr = neigh_find(&p->p, rte.next_hop, ifa->iface, 0);
! 635: if (!nbr || (nbr->scope <= 0))
! 636: rte.next_hop = IPA_NONE;
! 637: }
! 638:
! 639: // TRACE(D_PACKETS, " %N -> %I metric %d", &rte.net.n, rte.next_hop, rte.metric);
! 640:
! 641: rte.metric += ifa->cf->metric;
! 642:
! 643: if (rte.metric < p->infinity)
! 644: {
! 645: struct rip_rte new = {
! 646: .from = from,
! 647: .next_hop = ipa_nonzero(rte.next_hop) ? rte.next_hop : from->nbr->addr,
! 648: .metric = rte.metric,
! 649: .tag = rte.tag,
! 650: .expires = now_ + ifa->cf->timeout_time
! 651: };
! 652:
! 653: rip_update_rte(p, &rte.net, &new);
! 654: }
! 655: else
! 656: rip_withdraw_rte(p, &rte.net, from);
! 657:
! 658: continue;
! 659:
! 660: skip:
! 661: LOG_RTE("Ignoring route %N received from %I - %s",
! 662: &rte.net, from->nbr->addr, err_dsc);
! 663: }
! 664: }
! 665:
! 666: static int
! 667: rip_rx_hook(sock *sk, uint len)
! 668: {
! 669: struct rip_iface *ifa = sk->data;
! 670: struct rip_proto *p = ifa->rip;
! 671: const char *err_dsc = NULL;
! 672: uint err_val = 0;
! 673:
! 674: if (sk->lifindex != sk->iface->index)
! 675: return 1;
! 676:
! 677: DBG("RIP: RX hook called (iface %s, src %I, dst %I)\n",
! 678: sk->iface->name, sk->faddr, sk->laddr);
! 679:
! 680: /* Silently ignore my own packets */
! 681: if (ipa_equal(sk->faddr, sk->saddr))
! 682: return 1;
! 683:
! 684: if (rip_is_ng(p) && !ipa_is_link_local(sk->faddr))
! 685: DROP1("wrong src address");
! 686:
! 687: struct rip_neighbor *n = rip_get_neighbor(p, &sk->faddr, ifa);
! 688:
! 689: if (!n)
! 690: DROP1("not from neighbor");
! 691:
! 692: if ((ifa->cf->ttl_security == 1) && (sk->rcv_ttl < 255))
! 693: DROP("wrong TTL", sk->rcv_ttl);
! 694:
! 695: if (sk->fport != sk->dport)
! 696: DROP("wrong src port", sk->fport);
! 697:
! 698: if (len < sizeof(struct rip_packet))
! 699: DROP("too short", len);
! 700:
! 701: if (sk->flags & SKF_TRUNCATED)
! 702: DROP("truncated", len);
! 703:
! 704: struct rip_packet *pkt = (struct rip_packet *) sk->rbuf;
! 705: uint plen = len;
! 706:
! 707: if (!pkt->version || (ifa->cf->version_only && (pkt->version != ifa->cf->version)))
! 708: DROP("wrong version", pkt->version);
! 709:
! 710: /* rip_check_authentication() has its own error logging */
! 711: if (rip_is_v2(p) && !rip_check_authentication(p, ifa, pkt, &plen, n))
! 712: return 1;
! 713:
! 714: if ((plen - sizeof(struct rip_packet)) % RIP_BLOCK_LENGTH)
! 715: DROP("invalid length", plen);
! 716:
! 717: n->last_seen = current_time();
! 718: rip_update_bfd(p, n);
! 719:
! 720: switch (pkt->command)
! 721: {
! 722: case RIP_CMD_REQUEST:
! 723: rip_receive_request(p, ifa, pkt, plen, n);
! 724: break;
! 725:
! 726: case RIP_CMD_RESPONSE:
! 727: rip_receive_response(p, ifa, pkt, plen, n);
! 728: break;
! 729:
! 730: default:
! 731: DROP("unknown command", pkt->command);
! 732: }
! 733: return 1;
! 734:
! 735: drop:
! 736: LOG_PKT("Bad packet from %I via %s - %s (%u)",
! 737: sk->faddr, sk->iface->name, err_dsc, err_val);
! 738:
! 739: return 1;
! 740: }
! 741:
! 742: int
! 743: rip_open_socket(struct rip_iface *ifa)
! 744: {
! 745: struct rip_proto *p = ifa->rip;
! 746:
! 747: sock *sk = sk_new(p->p.pool);
! 748: sk->type = SK_UDP;
! 749: sk->subtype = rip_is_v2(p) ? SK_IPV4 : SK_IPV6;
! 750: sk->sport = ifa->cf->port;
! 751: sk->dport = ifa->cf->port;
! 752: sk->iface = ifa->iface;
! 753: sk->saddr = rip_is_v2(p) ? ifa->iface->addr4->ip : ifa->iface->llv6->ip;
! 754: sk->vrf = p->p.vrf;
! 755:
! 756: sk->rx_hook = rip_rx_hook;
! 757: sk->tx_hook = rip_tx_hook;
! 758: sk->err_hook = rip_err_hook;
! 759: sk->data = ifa;
! 760:
! 761: sk->tos = ifa->cf->tx_tos;
! 762: sk->priority = ifa->cf->tx_priority;
! 763: sk->ttl = ifa->cf->ttl_security ? 255 : 1;
! 764: sk->flags = SKF_LADDR_RX | ((ifa->cf->ttl_security == 1) ? SKF_TTL_RX : 0);
! 765:
! 766: /* sk->rbsize and sk->tbsize are handled in rip_iface_update_buffers() */
! 767:
! 768: if (sk_open(sk) < 0)
! 769: goto err;
! 770:
! 771: if (ifa->cf->mode == RIP_IM_MULTICAST)
! 772: {
! 773: if (sk_setup_multicast(sk) < 0)
! 774: goto err;
! 775:
! 776: if (sk_join_group(sk, ifa->addr) < 0)
! 777: goto err;
! 778: }
! 779: else /* Broadcast */
! 780: {
! 781: if (sk_setup_broadcast(sk) < 0)
! 782: goto err;
! 783:
! 784: if (ipa_zero(ifa->addr))
! 785: {
! 786: sk->err = "Missing broadcast address";
! 787: goto err;
! 788: }
! 789: }
! 790:
! 791: ifa->sk = sk;
! 792: return 1;
! 793:
! 794: err:
! 795: sk_log_error(sk, p->p.name);
! 796: rfree(sk);
! 797: return 0;
! 798: }
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to packets.c CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / bird2 / proto / rip