2 * Copyright (c) 1983, 1988, 1993
3 * The Regents of the University of California. All rights reserved.
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
13 * 3. All advertising materials mentioning features or use of this software
14 * must display the following acknowledgment:
15 * This product includes software developed by the University of
16 * California, Berkeley and its contributors.
17 * 4. Neither the name of the University nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
21 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
33 * $FreeBSD: src/sbin/routed/input.c,v 1.7.2.1 2001/08/01 09:01:45 obrien Exp $
38 #if !defined(sgi) && !defined(__NetBSD__)
39 static char sccsid[] __attribute__((unused)) = "@(#)input.c 8.1 (Berkeley) 6/5/93";
40 #elif defined(__NetBSD__)
41 #include <sys/cdefs.h>
45 static void input(struct sockaddr_in *, struct interface *, struct interface *,
47 static void input_route(naddr, naddr, struct rt_spare *, struct netinfo *);
48 static int ck_passwd(struct interface *, struct rip *, void *,
49 naddr, struct msg_limit *);
56 struct interface *sifp)
58 struct sockaddr_in from;
59 struct interface *aifp;
62 static struct msg_limit bad_name;
64 char ifname[IFNAMSIZ];
75 fromlen = sizeof(from);
76 cc = recvfrom(sock, &inbuf, sizeof(inbuf), 0,
77 (struct sockaddr*)&from, &fromlen);
79 if (cc < 0 && errno != EWOULDBLOCK)
80 LOGERR("recvfrom(rip)");
83 if (fromlen != sizeof(struct sockaddr_in))
84 logbad(1,"impossible recvfrom(rip) fromlen=%d",
87 /* aifp is the "authenticated" interface via which the packet
88 * arrived. In fact, it is only the interface on which
89 * the packet should have arrived based on is source
91 * sifp is interface associated with the socket through which
92 * the packet was received.
95 if ((cc -= sizeof(inbuf.ifname)) < 0)
96 logbad(0,"missing USE_PASSIFNAME; only %d bytes",
97 cc+sizeof(inbuf.ifname));
99 /* check the remote interfaces first */
100 for (aifp = remote_if; aifp; aifp = aifp->int_rlink) {
101 if (aifp->int_addr == from.sin_addr.s_addr)
105 aifp = ifwithname(inbuf.ifname, 0);
107 msglim(&bad_name, from.sin_addr.s_addr,
108 "impossible interface name %.*s",
109 IFNAMSIZ, inbuf.ifname);
110 } else if (((aifp->int_if_flags & IFF_POINTOPOINT)
111 && aifp->int_dstaddr!=from.sin_addr.s_addr)
112 || (!(aifp->int_if_flags & IFF_POINTOPOINT)
113 && !on_net(from.sin_addr.s_addr,
116 /* If it came via the wrong interface, do not
123 aifp = iflookup(from.sin_addr.s_addr);
128 input(&from, sifp, aifp, &inbuf.pbuf.rip, cc);
133 /* Process a RIP packet
136 input(struct sockaddr_in *from, /* received from this IP address */
137 struct interface *sifp, /* interface of incoming socket */
138 struct interface *aifp, /* "authenticated" interface */
142 # define FROM_NADDR from->sin_addr.s_addr
143 static struct msg_limit use_auth, bad_len, bad_mask;
144 static struct msg_limit unk_router, bad_router, bad_nhop;
148 struct netinfo *n, *lim;
149 struct interface *ifp1;
150 naddr gate, mask, v1_mask, dst, ddst_h = 0;
152 struct tgate *tg = NULL;
153 struct tgate_net *tn;
156 /* Notice when we hear from a remote gateway
159 && (aifp->int_state & IS_REMOTE))
160 aifp->int_act_time = now.tv_sec;
162 trace_rip("Recv", "from", from, sifp, rip, cc);
164 if (rip->rip_vers == 0) {
165 msglim(&bad_router, FROM_NADDR,
166 "RIP version 0, cmd %d, packet received from %s",
167 rip->rip_cmd, naddr_ntoa(FROM_NADDR));
169 } else if (rip->rip_vers > RIPv2) {
170 rip->rip_vers = RIPv2;
172 if (cc > (int)OVER_MAXPACKETSIZE) {
173 msglim(&bad_router, FROM_NADDR,
174 "packet at least %d bytes too long received from %s",
175 cc-MAXPACKETSIZE, naddr_ntoa(FROM_NADDR));
180 lim = (struct netinfo *)((char*)rip + cc);
182 /* Notice authentication.
183 * As required by section 4.2 in RFC 1723, discard authenticated
184 * RIPv2 messages, but only if configured for that silliness.
186 * RIPv2 authentication is lame. Why authenticate queries?
187 * Why should a RIPv2 implementation with authentication disabled
188 * not be able to listen to RIPv2 packets with authentication, while
189 * RIPv1 systems will listen? Crazy!
192 && rip->rip_vers == RIPv2
193 && n < lim && n->n_family == RIP_AF_AUTH) {
194 msglim(&use_auth, FROM_NADDR,
195 "RIPv2 message with authentication from %s discarded",
196 naddr_ntoa(FROM_NADDR));
200 switch (rip->rip_cmd) {
202 /* For mere requests, be a little sloppy about the source
207 /* Are we talking to ourself or a remote gateway?
209 ifp1 = ifwithaddr(FROM_NADDR, 0, 1);
211 if (ifp1->int_state & IS_REMOTE) {
214 if (check_remote(aifp)) {
215 aifp->int_act_time = now.tv_sec;
216 if_ok(aifp, "remote ");
218 } else if (from->sin_port == htons(RIP_PORT)) {
219 trace_pkt(" discard our own RIP request");
224 /* did the request come from a router?
226 if (from->sin_port == htons(RIP_PORT)) {
227 /* yes, ignore the request if RIP is off so that
228 * the router does not depend on us.
232 && IS_RIP_OUT_OFF(aifp->int_state))) {
233 trace_pkt(" discard request while RIP off");
238 /* According to RFC 1723, we should ignore unauthenticated
239 * queries. That is too silly to bother with. Sheesh!
240 * Are forwarding tables supposed to be secret, when
241 * a bad guy can infer them with test traffic? When RIP
242 * is still the most common router-discovery protocol
243 * and so hosts need to send queries that will be answered?
244 * What about `rtquery`?
245 * Maybe on firewalls you'd care, but not enough to
246 * give up the diagnostic facilities of remote probing.
250 msglim(&bad_len, FROM_NADDR, "empty request from %s",
251 naddr_ntoa(FROM_NADDR));
254 if (cc%sizeof(*n) != sizeof(struct rip)%sizeof(*n)) {
255 msglim(&bad_len, FROM_NADDR,
256 "request of bad length (%d) from %s",
257 cc, naddr_ntoa(FROM_NADDR));
260 if (rip->rip_vers == RIPv2
261 && (aifp == NULL || (aifp->int_state & IS_NO_RIPV1_OUT))) {
262 v12buf.buf->rip_vers = RIPv2;
263 /* If we have a secret but it is a cleartext secret,
264 * do not disclose our secret unless the other guy
267 ap = find_auth(aifp);
268 if (ap != NULL && ap->type == RIP_AUTH_PW
269 && n->n_family == RIP_AF_AUTH
270 && !ck_passwd(aifp,rip,lim,FROM_NADDR,&use_auth))
273 v12buf.buf->rip_vers = RIPv1;
276 clr_ws_buf(&v12buf, ap);
279 n->n_metric = ntohl(n->n_metric);
281 /* A single entry with family RIP_AF_UNSPEC and
282 * metric HOPCNT_INFINITY means "all routes".
283 * We respond to routers only if we are acting
284 * as a supplier, or to anyone other than a router
287 if (n->n_family == RIP_AF_UNSPEC
288 && n->n_metric == HOPCNT_INFINITY) {
289 /* Answer a query from a utility program
292 if (from->sin_port != htons(RIP_PORT)) {
293 supply(from, aifp, OUT_QUERY, 0,
294 rip->rip_vers, ap != NULL);
298 /* A router trying to prime its tables.
299 * Filter the answer in the about same way
300 * broadcasts are filtered.
302 * Only answer a router if we are a supplier
303 * to keep an unwary host that is just starting
304 * from picking us as a router.
307 trace_pkt("ignore distant router");
311 || IS_RIP_OFF(aifp->int_state)) {
312 trace_pkt("ignore; not supplying");
316 /* Do not answer a RIPv1 router if
317 * we are sending RIPv2. But do offer
318 * poor man's router discovery.
320 if ((aifp->int_state & IS_NO_RIPV1_OUT)
321 && rip->rip_vers == RIPv1) {
322 if (!(aifp->int_state & IS_PM_RDISC)) {
323 trace_pkt("ignore; sending RIPv2");
327 v12buf.n->n_family = RIP_AF_INET;
328 v12buf.n->n_dst = RIP_DEFAULT;
329 i = aifp->int_d_metric;
330 if (NULL != (rt = rtget(RIP_DEFAULT, 0)))
331 i = MIN(i, (rt->rt_metric
332 +aifp->int_metric+1));
333 v12buf.n->n_metric = htonl(i);
338 /* Respond with RIPv1 instead of RIPv2 if
339 * that is what we are broadcasting on the
340 * interface to keep the remote router from
341 * getting the wrong initial idea of the
344 supply(from, aifp, OUT_UNICAST, 0,
345 (aifp->int_state & IS_NO_RIPV1_OUT)
351 /* Ignore authentication */
352 if (n->n_family == RIP_AF_AUTH)
355 if (n->n_family != RIP_AF_INET) {
356 msglim(&bad_router, FROM_NADDR,
357 "request from %s for unsupported"
359 naddr_ntoa(FROM_NADDR),
361 naddr_ntoa(n->n_dst));
365 /* We are being asked about a specific destination.
368 if (!check_dst(dst)) {
369 msglim(&bad_router, FROM_NADDR,
370 "bad queried destination %s from %s",
372 naddr_ntoa(FROM_NADDR));
376 /* decide what mask was intended */
377 if (rip->rip_vers == RIPv1
378 || 0 == (mask = ntohl(n->n_mask))
379 || 0 != (ntohl(dst) & ~mask))
380 mask = ripv1_mask_host(dst, aifp);
382 /* try to find the answer */
383 rt = rtget(dst, mask);
384 if (!rt && dst != RIP_DEFAULT)
385 rt = rtfind(n->n_dst);
387 if (v12buf.buf->rip_vers != RIPv1)
388 v12buf.n->n_mask = mask;
390 /* we do not have the answer */
391 v12buf.n->n_metric = HOPCNT_INFINITY;
393 /* we have the answer, so compute the
394 * right metric and next hop.
396 v12buf.n->n_family = RIP_AF_INET;
397 v12buf.n->n_dst = dst;
398 v12buf.n->n_metric = (rt->rt_metric+1
402 if (v12buf.n->n_metric > HOPCNT_INFINITY)
403 v12buf.n->n_metric = HOPCNT_INFINITY;
404 if (v12buf.buf->rip_vers != RIPv1) {
405 v12buf.n->n_tag = rt->rt_tag;
406 v12buf.n->n_mask = mask;
408 && on_net(rt->rt_gate,
411 && rt->rt_gate != aifp->int_addr)
412 v12buf.n->n_nhop = rt->rt_gate;
415 v12buf.n->n_metric = htonl(v12buf.n->n_metric);
417 /* Stop paying attention if we fill the output buffer.
419 if (++v12buf.n >= v12buf.lim)
423 /* Send the answer about specific routes.
425 if (ap != NULL && ap->type == RIP_AUTH_MD5)
426 end_md5_auth(&v12buf, ap);
428 if (from->sin_port != htons(RIP_PORT)) {
430 output(OUT_QUERY, from, aifp,
432 ((char *)v12buf.n - (char*)v12buf.buf));
433 } else if (supplier) {
434 output(OUT_UNICAST, from, aifp,
436 ((char *)v12buf.n - (char*)v12buf.buf));
438 /* Only answer a router if we are a supplier
439 * to keep an unwary host that is just starting
440 * from picking us an a router.
447 case RIPCMD_TRACEOFF:
448 /* Notice that trace messages are turned off for all possible
449 * abuse if _PATH_TRACE is undefined in pathnames.h.
450 * Notice also that because of the way the trace file is
451 * handled in trace.c, no abuse is plausible even if
452 * _PATH_TRACE_ is defined.
454 * First verify message came from a privileged port. */
455 if (ntohs(from->sin_port) > IPPORT_RESERVED) {
456 msglog("trace command from untrusted port on %s",
457 naddr_ntoa(FROM_NADDR));
461 msglog("trace command from unknown router %s",
462 naddr_ntoa(FROM_NADDR));
465 if (rip->rip_cmd == RIPCMD_TRACEON) {
466 rip->rip_tracefile[cc-4] = '\0';
467 set_tracefile((char*)rip->rip_tracefile,
468 "trace command: %s\n", 0);
470 trace_off("tracing turned off by %s",
471 naddr_ntoa(FROM_NADDR));
475 case RIPCMD_RESPONSE:
476 if (cc%sizeof(*n) != sizeof(struct rip)%sizeof(*n)) {
477 msglim(&bad_len, FROM_NADDR,
478 "response of bad length (%d) from %s",
479 cc, naddr_ntoa(FROM_NADDR));
482 /* verify message came from a router */
483 if (from->sin_port != ntohs(RIP_PORT)) {
484 msglim(&bad_router, FROM_NADDR,
485 " discard RIP response from unknown port"
486 " %d on host %s", ntohs(from->sin_port),
487 naddr_ntoa(FROM_NADDR));
492 trace_pkt(" discard response while RIP off");
496 /* Are we talking to ourself or a remote gateway?
498 ifp1 = ifwithaddr(FROM_NADDR, 0, 1);
500 if (ifp1->int_state & IS_REMOTE) {
503 if (check_remote(aifp)) {
504 aifp->int_act_time = now.tv_sec;
505 if_ok(aifp, "remote ");
508 trace_pkt(" discard our own RIP response");
513 /* Accept routing packets from routers directly connected
514 * via broadcast or point-to-point networks, and from
515 * those listed in /etc/gateways.
518 msglim(&unk_router, FROM_NADDR,
519 " discard response from %s"
520 " via unexpected interface",
521 naddr_ntoa(FROM_NADDR));
524 if (IS_RIP_IN_OFF(aifp->int_state)) {
525 trace_pkt(" discard RIPv%d response"
526 " via disabled interface %s",
527 rip->rip_vers, aifp->int_name);
532 msglim(&bad_len, FROM_NADDR, "empty response from %s",
533 naddr_ntoa(FROM_NADDR));
537 if (((aifp->int_state & IS_NO_RIPV1_IN)
538 && rip->rip_vers == RIPv1)
539 || ((aifp->int_state & IS_NO_RIPV2_IN)
540 && rip->rip_vers != RIPv1)) {
541 trace_pkt(" discard RIPv%d response",
546 /* Ignore routes via dead interface.
548 if (aifp->int_state & IS_BROKE) {
549 trace_pkt("discard response via broken interface %s",
554 /* If the interface cares, ignore bad routers.
555 * Trace but do not log this problem, because where it
556 * happens, it happens frequently.
558 if (aifp->int_state & IS_DISTRUST) {
560 while (tg->tgate_addr != FROM_NADDR) {
563 trace_pkt(" discard RIP response"
564 " from untrusted router %s",
565 naddr_ntoa(FROM_NADDR));
571 /* Authenticate the packet if we have a secret.
572 * If we do not have any secrets, ignore the error in
573 * RFC 1723 and accept it regardless.
575 if (aifp->int_auth[0].type != RIP_AUTH_NONE
576 && rip->rip_vers != RIPv1
577 && !ck_passwd(aifp,rip,lim,FROM_NADDR,&use_auth))
581 if (n->n_family == RIP_AF_AUTH)
584 n->n_metric = ntohl(n->n_metric);
586 if (n->n_family != RIP_AF_INET
587 && (n->n_family != RIP_AF_UNSPEC
588 || dst != RIP_DEFAULT)) {
589 msglim(&bad_router, FROM_NADDR,
590 "route from %s to unsupported"
591 " address family=%d destination=%s",
592 naddr_ntoa(FROM_NADDR),
597 if (!check_dst(dst)) {
598 msglim(&bad_router, FROM_NADDR,
599 "bad destination %s from %s",
601 naddr_ntoa(FROM_NADDR));
605 || n->n_metric > HOPCNT_INFINITY) {
606 msglim(&bad_router, FROM_NADDR,
607 "bad metric %d from %s"
608 " for destination %s",
610 naddr_ntoa(FROM_NADDR),
615 /* Notice the next-hop.
618 if (n->n_nhop != 0) {
619 if (rip->rip_vers == RIPv1) {
622 /* Use it only if it is valid. */
623 if (on_net(n->n_nhop,
624 aifp->int_net, aifp->int_mask)
625 && check_dst(n->n_nhop)) {
628 msglim(&bad_nhop, FROM_NADDR,
630 " has bad next hop %s",
631 naddr_ntoa(FROM_NADDR),
633 naddr_ntoa(n->n_nhop));
639 if (rip->rip_vers == RIPv1
640 || 0 == (mask = ntohl(n->n_mask))) {
641 mask = ripv1_mask_host(dst,aifp);
642 } else if ((ntohl(dst) & ~mask) != 0) {
643 msglim(&bad_mask, FROM_NADDR,
644 "router %s sent bad netmask"
646 naddr_ntoa(FROM_NADDR),
651 if (rip->rip_vers == RIPv1)
654 /* Adjust metric according to incoming interface..
656 n->n_metric += aifp->int_metric;
657 if (n->n_metric > HOPCNT_INFINITY)
658 n->n_metric = HOPCNT_INFINITY;
660 /* Should we trust this route from this router? */
661 if (tg && (tn = tg->tgate_nets)->mask != 0) {
662 for (i = 0; i < MAX_TGATE_NETS; i++, tn++) {
663 if (on_net(dst, tn->net, tn->mask)
667 if (i >= MAX_TGATE_NETS || tn->mask == 0) {
668 trace_pkt(" ignored unauthorized %s",
669 addrname(dst,mask,0));
674 /* Recognize and ignore a default route we faked
675 * which is being sent back to us by a machine with
676 * broken split-horizon.
677 * Be a little more paranoid than that, and reject
678 * default routes with the same metric we advertised.
680 if (aifp->int_d_metric != 0
681 && dst == RIP_DEFAULT
682 && (int)n->n_metric >= aifp->int_d_metric)
685 /* We can receive aggregated RIPv2 routes that must
686 * be broken down before they are transmitted by
687 * RIPv1 via an interface on a subnet.
688 * We might also receive the same routes aggregated
689 * via other RIPv2 interfaces.
690 * This could cause duplicate routes to be sent on
691 * the RIPv1 interfaces. "Longest matching variable
692 * length netmasks" lets RIPv2 listeners understand,
693 * but breaking down the aggregated routes for RIPv1
694 * listeners can produce duplicate routes.
696 * Breaking down aggregated routes here bloats
697 * the daemon table, but does not hurt the kernel
698 * table, since routes are always aggregated for
701 * Notice that this does not break down network
702 * routes corresponding to subnets. This is part
703 * of the defense against RS_NET_SYN.
706 && (((rt = rtget(dst,mask)) == NULL
707 || !(rt->rt_state & RS_NET_SYN)))
708 && (v1_mask = ripv1_mask_net(dst,0)) > mask) {
709 ddst_h = v1_mask & -v1_mask;
710 i = (v1_mask & ~mask)/ddst_h;
712 /* Punt if we would have to generate
713 * an unreasonable number of routes.
716 trace_misc("accept %s-->%s as 1"
717 " instead of %d routes",
718 addrname(dst,mask,0),
719 naddr_ntoa(FROM_NADDR),
730 new.rts_router = FROM_NADDR;
731 new.rts_metric = n->n_metric;
732 new.rts_tag = n->n_tag;
733 new.rts_time = now.tv_sec;
738 input_route(dst, mask, &new, n);
741 dst = htonl(ntohl(dst) + ddst_h);
750 /* Process a single input route.
753 input_route(naddr dst, /* network order */
755 struct rt_spare *new,
760 struct rt_spare *rts, *rts0;
761 struct interface *ifp1;
764 /* See if the other guy is telling us to send our packets to him.
765 * Sometimes network routes arrive over a point-to-point link for
766 * the network containing the address(es) of the link.
768 * If our interface is broken, switch to using the other guy.
770 ifp1 = ifwithaddr(dst, 1, 1);
772 && (!(ifp1->int_state & IS_BROKE)
773 || (ifp1->int_state & IS_PASSIVE)))
776 /* Look for the route in our table.
778 rt = rtget(dst, mask);
780 /* Consider adding the route if we do not already have it.
783 /* Ignore unknown routes being poisoned.
785 if (new->rts_metric == HOPCNT_INFINITY)
788 /* Ignore the route if it points to us */
790 && 0 != ifwithaddr(n->n_nhop, 1, 0))
793 /* If something has not gone crazy and tried to fill
794 * our memory, accept the new route.
796 if (total_routes < MAX_ROUTES)
797 rtadd(dst, mask, 0, new);
801 /* We already know about the route. Consider this update.
803 * If (rt->rt_state & RS_NET_SYN), then this route
804 * is the same as a network route we have inferred
805 * for subnets we know, in order to tell RIPv1 routers
808 * It is impossible to tell if the route is coming
809 * from a distant RIPv2 router with the standard
810 * netmask because that router knows about the entire
811 * network, or if it is a round-about echo of a
812 * synthetic, RIPv1 network route of our own.
813 * The worst is that both kinds of routes might be
814 * received, and the bad one might have the smaller
815 * metric. Partly solve this problem by never
816 * aggregating into such a route. Also keep it
817 * around as long as the interface exists.
820 rts0 = rt->rt_spares;
821 for (rts = rts0, i = NUM_SPARES; i != 0; i--, rts++) {
822 if (rts->rts_router == new->rts_router)
824 /* Note the worst slot to reuse,
825 * other than the current slot.
827 if (rts0 == rt->rt_spares
828 || BETTER_LINK(rt, rts0, rts))
832 /* Found a route from the router already in the table.
835 /* If the new route is a route broken down from an
836 * aggregated route, and if the previous route is either
837 * not a broken down route or was broken down from a finer
838 * netmask, and if the previous route is current,
839 * then forget this one.
841 if (new->rts_de_ag > rts->rts_de_ag
842 && now_stale <= rts->rts_time)
845 /* Keep poisoned routes around only long enough to pass
846 * the poison on. Use a new timestamp for good routes.
848 if (rts->rts_metric == HOPCNT_INFINITY
849 && new->rts_metric == HOPCNT_INFINITY)
850 new->rts_time = rts->rts_time;
852 /* If this is an update for the router we currently prefer,
855 if (i == NUM_SPARES) {
856 rtchange(rt, rt->rt_state, new, 0);
857 /* If the route got worse, check for something better.
859 if (new->rts_metric > rts->rts_metric)
864 /* This is an update for a spare route.
865 * Finished if the route is unchanged.
867 if (rts->rts_gate == new->rts_gate
868 && rts->rts_metric == new->rts_metric
869 && rts->rts_tag == new->rts_tag) {
870 trace_upslot(rt, rts, new);
874 /* Forget it if it has gone bad.
876 if (new->rts_metric == HOPCNT_INFINITY) {
882 /* The update is for a route we know about,
883 * but not from a familiar router.
885 * Ignore the route if it points to us.
888 && 0 != ifwithaddr(n->n_nhop, 1, 0))
891 /* the loop above set rts0=worst spare */
894 /* Save the route as a spare only if it has
895 * a better metric than our worst spare.
896 * This also ignores poisoned routes (those
897 * received with metric HOPCNT_INFINITY).
899 if (new->rts_metric >= rts->rts_metric)
903 trace_upslot(rt, rts, new);
906 /* try to switch to a better route */
911 static int /* 0 if bad */
912 ck_passwd(struct interface *aifp,
916 struct msg_limit *use_authp)
918 # define NA (rip->rip_auths)
922 u_char hash[RIP_AUTH_PW_LEN];
926 if ((void *)NA >= lim || NA->a_family != RIP_AF_AUTH) {
927 msglim(use_authp, from, "missing password from %s",
932 /* accept any current (+/- 24 hours) password
934 for (ap = aifp->int_auth, i = 0; i < MAX_AUTH_KEYS; i++, ap++) {
935 if (ap->type != NA->a_type
936 || (u_long)ap->start > (u_long)clk.tv_sec+DAY
937 || (u_long)ap->end+DAY < (u_long)clk.tv_sec)
940 if (NA->a_type == RIP_AUTH_PW) {
941 if (!memcmp(NA->au.au_pw, ap->key, RIP_AUTH_PW_LEN))
945 /* accept MD5 secret with the right key ID
947 if (NA->au.a_md5.md5_keyid != ap->keyid)
950 len = ntohs(NA->au.a_md5.md5_pkt_len);
951 if ((len-sizeof(*rip)) % sizeof(*NA) != 0
952 || len != (char *)lim-(char*)rip-(int)sizeof(*NA)) {
953 msglim(use_authp, from,
954 "wrong MD5 RIPv2 packet length of %d"
955 " instead of %d from %s",
956 len, (int)((char *)lim-(char *)rip
961 na2 = (struct netauth *)((char *)rip+len);
963 /* Given a good hash value, these are not security
964 * problems so be generous and accept the routes,
968 if (NA->au.a_md5.md5_auth_len
970 msglim(use_authp, from,
971 "unknown MD5 RIPv2 auth len %#x"
972 " instead of %#x from %s",
973 NA->au.a_md5.md5_auth_len,
976 if (na2->a_family != RIP_AF_AUTH)
977 msglim(use_authp, from,
978 "unknown MD5 RIPv2 family %#x"
979 " instead of %#x from %s",
980 na2->a_family, RIP_AF_AUTH,
982 if (na2->a_type != ntohs(1))
983 msglim(use_authp, from,
984 "MD5 RIPv2 hash has %#x"
985 " instead of %#x from %s",
986 na2->a_type, ntohs(1),
991 MD5Update(&md5_ctx, (u_char *)rip, len);
992 MD5Update(&md5_ctx, ap->key, RIP_AUTH_MD5_LEN);
993 MD5Final(hash, &md5_ctx);
994 if (!memcmp(hash, na2->au.au_pw, sizeof(hash)))
999 msglim(use_authp, from, "bad password from %s",