/* 1 == failed, 0 == ok */
int
-rip_incoming_authentication( struct proto *p, struct rip_block_auth *block, struct rip_packet *packet, int num )
+rip_incoming_authentication( struct proto *p, struct rip_block_auth *block, struct rip_packet *packet, int num, ip_addr whotoldme )
{
DBG( "Incoming authentication: " );
switch (block->authtype) { /* Authentication type */
DBG( "time, " );
if ((head->from > now) || (head->to < now))
goto skip;
+ if (block->seq) {
+ struct neighbor *neigh = neigh_find(p, &whotoldme, 0);
+ if (!neigh) {
+ log( L_AUTH "Non-neighbour md5 checksummed packet?\n" );
+ } else {
+ if (neigh->aux > block->seq) {
+ log( L_AUTH "md5 prottected packet with lower numbers\n" );
+ return 0;
+ }
+ neigh->aux = block->seq;
+ }
+ }
DBG( "check, " );
if (head->id == block->keyid) {
struct MD5Context ctxt;
FIXME: IpV6 support: use right address for broadcasts
FIXME: IpV6 support: receive "route using" blocks
- FIXME: fold rip_connection into rip_interface?
+ FIXME (nonurgent): fold rip_connection into rip_interface?
We are not going to honour requests for sending part of
routing table. That would need to turn split horizont off,
if (block->family == 0xffff) {
if (i)
continue; /* md5 tail has this family */
- if (rip_incoming_authentication(p, (void *) block, packet, num))
+ if (rip_incoming_authentication(p, (void *) block, packet, num, whotoldme))
BAD( "Authentication failed" );
authenticated = 1;
continue;
}
}
- /* FIXME: we need to do triggered updates */
-
DBG( "RIP: Broadcasting routing tables\n" );
{
struct rip_interface *rif;
/* Authentication functions */
-int rip_incoming_authentication( struct proto *p, struct rip_block_auth *block, struct rip_packet *packet, int num );
+int rip_incoming_authentication( struct proto *p, struct rip_block_auth *block, struct rip_packet *packet, int num, ip_addr whotoldme );
int rip_outgoing_authentication( struct proto *p, struct rip_block_auth *block, struct rip_packet *packet, int num );
projects / thirdparty / bird.git / commitdiff
