summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--proto/rip/auth.c14
-rw-r--r--proto/rip/rip.c6
-rw-r--r--proto/rip/rip.h2
3 files changed, 16 insertions, 6 deletions
diff --git a/proto/rip/auth.c b/proto/rip/auth.c
index 17c8d3a6..5337268c 100644
--- a/proto/rip/auth.c
+++ b/proto/rip/auth.c
@@ -31,7 +31,7 @@
/* 1 == failed, 0 == ok */
int
-rip_incoming_authentication( struct proto *p, struct rip_block_auth *block, struct rip_packet *packet, int num )
+rip_incoming_authentication( struct proto *p, struct rip_block_auth *block, struct rip_packet *packet, int num, ip_addr whotoldme )
{
DBG( "Incoming authentication: " );
switch (block->authtype) { /* Authentication type */
@@ -73,6 +73,18 @@ rip_incoming_authentication( struct proto *p, struct rip_block_auth *block, stru
DBG( "time, " );
if ((head->from > now) || (head->to < now))
goto skip;
+ if (block->seq) {
+ struct neighbor *neigh = neigh_find(p, &whotoldme, 0);
+ if (!neigh) {
+ log( L_AUTH "Non-neighbour md5 checksummed packet?\n" );
+ } else {
+ if (neigh->aux > block->seq) {
+ log( L_AUTH "md5 prottected packet with lower numbers\n" );
+ return 0;
+ }
+ neigh->aux = block->seq;
+ }
+ }
DBG( "check, " );
if (head->id == block->keyid) {
struct MD5Context ctxt;
diff --git a/proto/rip/rip.c b/proto/rip/rip.c
index cca329ec..63401337 100644
--- a/proto/rip/rip.c
+++ b/proto/rip/rip.c
@@ -9,7 +9,7 @@
FIXME: IpV6 support: use right address for broadcasts
FIXME: IpV6 support: receive "route using" blocks
- FIXME: fold rip_connection into rip_interface?
+ FIXME (nonurgent): fold rip_connection into rip_interface?
We are not going to honour requests for sending part of
routing table. That would need to turn split horizont off,
@@ -353,7 +353,7 @@ rip_process_packet( struct proto *p, struct rip_packet *packet, int num, ip_addr
if (block->family == 0xffff) {
if (i)
continue; /* md5 tail has this family */
- if (rip_incoming_authentication(p, (void *) block, packet, num))
+ if (rip_incoming_authentication(p, (void *) block, packet, num, whotoldme))
BAD( "Authentication failed" );
authenticated = 1;
continue;
@@ -437,8 +437,6 @@ rip_timer(timer *t)
}
}
- /* FIXME: we need to do triggered updates */
-
DBG( "RIP: Broadcasting routing tables\n" );
{
struct rip_interface *rif;
diff --git a/proto/rip/rip.h b/proto/rip/rip.h
index fb066b5d..8e759c45 100644
--- a/proto/rip/rip.h
+++ b/proto/rip/rip.h
@@ -157,5 +157,5 @@ void rip_init_config(struct rip_proto_config *c);
/* Authentication functions */
-int rip_incoming_authentication( struct proto *p, struct rip_block_auth *block, struct rip_packet *packet, int num );
+int rip_incoming_authentication( struct proto *p, struct rip_block_auth *block, struct rip_packet *packet, int num, ip_addr whotoldme );
int rip_outgoing_authentication( struct proto *p, struct rip_block_auth *block, struct rip_packet *packet, int num );