#include "defs.h"
#include <md5.h>
#define CONTROL_BUFSIZE 1024
static void input(struct sockaddr_in *, struct interface *, struct rip *, int);
static boolean_t ck_passwd(struct interface *, struct rip *, uint8_t *,
in_addr_t, struct msg_limit *);
struct interface *
receiving_interface(struct msghdr *msg, boolean_t findremote)
{
struct interface *ifp, *ifp1, *ifp2;
struct sockaddr_in *from;
void *opt;
uint_t ifindex;
from = (struct sockaddr_in *)msg->msg_name;
if (findremote && ((ifp = findremoteif(from->sin_addr.s_addr)) != NULL))
return (ifp);
if ((opt = find_ancillary(msg, IP_RECVIF)) == NULL) {
msglog("unable to retrieve IP_RECVIF");
} else {
ifindex = *(uint_t *)opt;
if ((ifp = ifwithindex(ifindex, _B_TRUE)) != NULL) {
ifp2 = NULL;
for (ifp1 = ifp; ifp1 != NULL;
ifp1 = ifp1->int_ilist.hl_next) {
if (ifp1->int_addr == from->sin_addr.s_addr)
return (ifp1);
if ((ifp2 == NULL ||
(ifp2->int_state & IS_ALIAS)) &&
on_net(from->sin_addr.s_addr, ifp1->int_net,
ifp1->int_mask)) {
ifp2 = ifp1;
}
}
if (ifp2 != NULL)
ifp = ifp2;
return (ifp);
}
}
return (iflookup(from->sin_addr.s_addr));
}
int
read_rip()
{
struct sockaddr_in from;
struct interface *ifp;
int cc;
union pkt_buf inbuf;
struct msghdr msg;
struct iovec iov;
uint8_t ancillary_data[CONTROL_BUFSIZE];
iov.iov_base = &inbuf;
iov.iov_len = sizeof (inbuf);
msg.msg_iov = &iov;
msg.msg_iovlen = 1;
msg.msg_name = &from;
msg.msg_control = &ancillary_data;
for (;;) {
msg.msg_namelen = sizeof (from);
msg.msg_controllen = sizeof (ancillary_data);
cc = recvmsg(rip_sock, &msg, 0);
if (cc == 0)
return (-1);
if (cc < 0) {
if (errno == EWOULDBLOCK || errno == EINTR)
return (0);
LOGERR("recvmsg(rip_sock)");
return (-1);
}
ifp = receiving_interface(&msg, _B_TRUE);
input(&from, ifp, &inbuf.rip, cc);
}
}
static void
input(struct sockaddr_in *from,
struct interface *ifp,
struct rip *rip,
int cc)
{
#define FROM_NADDR from->sin_addr.s_addr
static struct msg_limit use_auth, bad_len, bad_mask;
static struct msg_limit unk_router, bad_router, bad_nhop;
struct rt_entry *rt;
struct rt_spare new;
struct netinfo *n, *lim;
struct interface *ifp1;
in_addr_t gate, mask, v1_mask, dst, ddst_h = 0;
struct auth *ap;
struct tgate *tg = NULL;
struct tgate_net *tn;
int i, j;
boolean_t poll_answer = _B_FALSE;
uint16_t rt_state = 0;
uint8_t metric;
(void) memset(&new, 0, sizeof (new));
if (ifp != NULL && (ifp->int_state & IS_REMOTE))
ifp->int_act_time = now.tv_sec;
trace_rip("Recv", "from", from, ifp, rip, cc);
if (ifp != NULL && (ifp->int_if_flags & IFF_NORTEXCH)) {
trace_misc("discard RIP packet received over %s (IFF_NORTEXCH)",
ifp->int_name);
return;
}
gate = ntohl(FROM_NADDR);
if (IN_CLASSD(gate) || (gate >> IN_CLASSA_NSHIFT) == 0) {
msglim(&bad_router, FROM_NADDR, "source address %s unusable",
naddr_ntoa(FROM_NADDR));
return;
}
if (rip->rip_vers == 0) {
msglim(&bad_router, FROM_NADDR,
"RIP version 0, cmd %d, packet received from %s",
rip->rip_cmd, naddr_ntoa(FROM_NADDR));
return;
}
if (rip->rip_vers > RIPv2) {
msglim(&bad_router, FROM_NADDR,
"Treating RIP version %d packet received from %s as "
"version %d", rip->rip_vers, naddr_ntoa(FROM_NADDR),
RIPv2);
rip->rip_vers = RIPv2;
}
if (cc > (int)OVER_MAXPACKETSIZE) {
msglim(&bad_router, FROM_NADDR,
"packet at least %d bytes too long received from %s",
cc-MAXPACKETSIZE, naddr_ntoa(FROM_NADDR));
}
n = rip->rip_nets;
lim = n + (cc - 4) / sizeof (struct netinfo);
if (!auth_ok && rip->rip_vers == RIPv2 && n < lim &&
n->n_family == RIP_AF_AUTH) {
msglim(&use_auth, FROM_NADDR,
"RIPv2 message with authentication from %s discarded",
naddr_ntoa(FROM_NADDR));
return;
}
switch (rip->rip_cmd) {
case RIPCMD_POLL:
poll_answer = _B_TRUE;
case RIPCMD_REQUEST:
ifp1 = ifwithaddr(FROM_NADDR, _B_FALSE, _B_TRUE);
if (ifp1 != NULL) {
if (ifp1->int_state & IS_REMOTE) {
ifp = ifp1;
if (check_remote(ifp)) {
ifp->int_act_time = now.tv_sec;
if_ok(ifp, "remote ", _B_FALSE);
}
} else if (from->sin_port == htons(RIP_PORT)) {
trace_pkt(" discard our own RIP request");
return;
}
}
if (!poll_answer && (from->sin_port == htons(RIP_PORT))) {
if (ripout_interfaces == 0 ||
(ifp != NULL && (IS_RIP_OUT_OFF(ifp->int_state) ||
!IS_IFF_ROUTING(ifp->int_if_flags)))) {
trace_pkt(" discard request while RIP off");
return;
}
}
if (n >= lim) {
msglim(&bad_len, FROM_NADDR, "empty request from %s",
naddr_ntoa(FROM_NADDR));
return;
}
if (cc%sizeof (*n) != sizeof (struct rip)%sizeof (*n)) {
msglim(&bad_len, FROM_NADDR,
"request of bad length (%d) from %s",
cc, naddr_ntoa(FROM_NADDR));
}
if (rip->rip_vers == RIPv2 && (ifp == NULL ||
(ifp->int_state & IS_NO_RIPV1_OUT))) {
v12buf.buf->rip_vers = RIPv2;
ap = find_auth(ifp);
if (ap != NULL &&
(ulong_t)ap->end < (ulong_t)clk.tv_sec) {
msglim(&use_auth, FROM_NADDR,
"%s attempting to authenticate using "
"an expired password.",
naddr_ntoa(FROM_NADDR));
ap = NULL;
}
if (ap != NULL && ap->type == RIP_AUTH_PW &&
(n->n_family != RIP_AF_AUTH ||
!ck_passwd(ifp, rip, (uint8_t *)lim, FROM_NADDR,
&use_auth)))
ap = NULL;
} else {
v12buf.buf->rip_vers = RIPv1;
ap = NULL;
}
clr_ws_buf(&v12buf, ap);
do {
n->n_metric = ntohl(n->n_metric);
if (n->n_family == RIP_AF_UNSPEC &&
n->n_metric == HOPCNT_INFINITY) {
if (poll_answer ||
(from->sin_port != htons(RIP_PORT))) {
supply(from, ifp, OUT_QUERY, 0,
rip->rip_vers, ap != NULL);
return;
}
if (ifp == NULL) {
trace_pkt("ignore distant router");
return;
}
if (IS_RIP_OFF(ifp->int_state) ||
!should_supply(ifp)) {
trace_pkt("ignore; not supplying");
return;
}
if ((ifp->int_state & IS_NO_RIPV1_OUT) &&
rip->rip_vers == RIPv1) {
if (!(ifp->int_state & IS_PM_RDISC)) {
trace_pkt("ignore; sending "
"RIPv2");
return;
}
v12buf.n->n_family = RIP_AF_INET;
v12buf.n->n_dst = RIP_DEFAULT;
metric = ifp->int_d_metric;
if (NULL !=
(rt = rtget(RIP_DEFAULT, 0)))
metric = MIN(metric,
(rt->rt_metric + 1));
v12buf.n->n_metric = htonl(metric);
v12buf.n++;
break;
}
supply(from, ifp, OUT_UNICAST, 0,
(ifp->int_state & IS_NO_RIPV1_OUT)
? RIPv2 : RIPv1,
ap != NULL);
return;
}
if (n->n_family == RIP_AF_AUTH)
continue;
if (n->n_family != RIP_AF_INET) {
msglim(&bad_router, FROM_NADDR,
"request from %s for unsupported"
" (af %d) %s",
naddr_ntoa(FROM_NADDR),
ntohs(n->n_family),
naddr_ntoa(n->n_dst));
return;
}
v12buf.n->n_dst = dst = n->n_dst;
v12buf.n->n_family = RIP_AF_INET;
if (!check_dst(dst)) {
msglim(&bad_router, FROM_NADDR,
"bad queried destination %s from %s",
naddr_ntoa(dst),
naddr_ntoa(FROM_NADDR));
v12buf.n->n_metric = HOPCNT_INFINITY;
goto rte_done;
}
if (rip->rip_vers == RIPv1 ||
0 == (mask = ntohl(n->n_mask)) ||
0 != (ntohl(dst) & ~mask))
mask = ripv1_mask_host(dst, ifp);
rt = rtget(dst, mask);
if (rt == NULL && dst != RIP_DEFAULT)
rt = rtfind(n->n_dst);
if (v12buf.buf->rip_vers != RIPv1)
v12buf.n->n_mask = htonl(mask);
if (rt == NULL) {
v12buf.n->n_metric = HOPCNT_INFINITY;
goto rte_done;
}
v12buf.n->n_metric = rt->rt_metric + 1;
if (v12buf.n->n_metric > HOPCNT_INFINITY)
v12buf.n->n_metric = HOPCNT_INFINITY;
if (v12buf.buf->rip_vers != RIPv1) {
v12buf.n->n_tag = rt->rt_tag;
if (ifp != NULL &&
on_net(rt->rt_gate, ifp->int_net,
ifp->int_mask) &&
rt->rt_gate != ifp->int_addr)
v12buf.n->n_nhop = rt->rt_gate;
}
rte_done:
v12buf.n->n_metric = htonl(v12buf.n->n_metric);
if (++v12buf.n >= v12buf.lim)
break;
} while (++n < lim);
if (ap != NULL && ap->type == RIP_AUTH_MD5)
end_md5_auth(&v12buf, ap);
if (!poll_answer && (from->sin_port == htons(RIP_PORT))) {
writelog(LOG_WARNING,
"Received suspicious request from %s port %d",
naddr_ntoa(FROM_NADDR), RIP_PORT);
}
if (poll_answer || (from->sin_port != htons(RIP_PORT))) {
(void) output(OUT_QUERY, from, ifp, v12buf.buf,
((char *)v12buf.n - (char *)v12buf.buf));
} else {
(void) output(OUT_UNICAST, from, ifp,
v12buf.buf, ((char *)v12buf.n -
(char *)v12buf.buf));
}
return;
case RIPCMD_TRACEON:
case RIPCMD_TRACEOFF:
if (ntohs(from->sin_port) > IPPORT_RESERVED) {
trace_pkt("trace command from untrusted port %d on %s",
ntohs(from->sin_port), naddr_ntoa(FROM_NADDR));
return;
}
if (ifp == NULL || !remote_address_ok(ifp, FROM_NADDR)) {
msglim(&bad_router, FROM_NADDR,
"trace command from non-local host %s",
naddr_ntoa(FROM_NADDR));
return;
}
if (ifp->int_state & IS_DISTRUST) {
tg = tgates;
while (tg->tgate_addr != FROM_NADDR) {
tg = tg->tgate_next;
if (tg == NULL) {
trace_pkt("trace command from "
"untrusted host %s",
naddr_ntoa(FROM_NADDR));
return;
}
}
}
if (ifp->int_auth[0].type != RIP_AUTH_NONE) {
trace_pkt("trace command unauthenticated from %s",
naddr_ntoa(FROM_NADDR));
return;
}
if (rip->rip_cmd == RIPCMD_TRACEON) {
rip->rip_tracefile[cc-4] = '\0';
set_tracefile(rip->rip_tracefile,
"trace command: %s\n", 0);
} else {
trace_off("tracing turned off by %s",
naddr_ntoa(FROM_NADDR));
}
return;
case RIPCMD_RESPONSE:
if (ifp != NULL && (ifp->int_if_flags & IFF_NOXMIT)) {
trace_misc("discard RIP response received over %s "
"(IFF_NOXMIT)", ifp->int_name);
return;
}
if (cc%sizeof (*n) != sizeof (struct rip)%sizeof (*n)) {
msglim(&bad_len, FROM_NADDR,
"response of bad length (%d) from %s",
cc, naddr_ntoa(FROM_NADDR));
}
if ((gate >> IN_CLASSA_NSHIFT) == IN_LOOPBACKNET ||
IN_LINKLOCAL(gate)) {
msglim(&bad_router, FROM_NADDR,
"discard RIP response from bad source address %s",
naddr_ntoa(FROM_NADDR));
return;
}
if (from->sin_port != htons(RIP_PORT)) {
msglim(&bad_router, FROM_NADDR,
" discard RIP response from unknown port"
" %d on host %s", ntohs(from->sin_port),
naddr_ntoa(FROM_NADDR));
return;
}
if (!rip_enabled) {
trace_pkt(" discard response while RIP off");
return;
}
ifp1 = ifwithaddr(FROM_NADDR, _B_FALSE, _B_TRUE);
if (ifp1 != NULL) {
if (ifp1->int_state & IS_REMOTE) {
ifp = ifp1;
if (check_remote(ifp)) {
ifp->int_act_time = now.tv_sec;
if_ok(ifp, "remote ", _B_FALSE);
}
} else {
trace_pkt(" discard our own RIP response");
return;
}
} else {
if (ifp != NULL &&
!remote_address_ok(ifp, FROM_NADDR)) {
msglim(&bad_router, FROM_NADDR,
"discard RIP response; source %s not on "
"interface %s", naddr_ntoa(FROM_NADDR),
ifp->int_name);
return;
}
}
if (ifp == NULL) {
msglim(&unk_router, FROM_NADDR,
" discard response from %s"
" via unexpected interface",
naddr_ntoa(FROM_NADDR));
return;
}
if (IS_RIP_IN_OFF(ifp->int_state)) {
trace_pkt(" discard RIPv%d response"
" via disabled interface %s",
rip->rip_vers, ifp->int_name);
return;
}
if (n >= lim) {
msglim(&bad_len, FROM_NADDR, "empty response from %s",
naddr_ntoa(FROM_NADDR));
return;
}
if (((ifp->int_state & IS_NO_RIPV1_IN) &&
rip->rip_vers == RIPv1) ||
((ifp->int_state & IS_NO_RIPV2_IN) &&
rip->rip_vers != RIPv1)) {
trace_pkt(" discard RIPv%d response",
rip->rip_vers);
return;
}
if (ifp->int_state & IS_BROKE) {
trace_pkt("response via broken interface %s",
ifp->int_name);
}
if (ifp->int_state & IS_DISTRUST) {
tg = tgates;
while (tg->tgate_addr != FROM_NADDR) {
tg = tg->tgate_next;
if (tg == NULL) {
trace_pkt(" discard RIP response"
" from untrusted router %s",
naddr_ntoa(FROM_NADDR));
return;
}
}
}
if (ifp->int_auth[0].type != RIP_AUTH_NONE &&
rip->rip_vers != RIPv1 &&
!ck_passwd(ifp, rip, (uint8_t *)lim, FROM_NADDR, &use_auth))
return;
if (!should_supply(NULL) && save_space) {
if (tg != NULL && tg->tgate_nets->mask != 0) {
trace_pkt(" ignored unauthorized %s",
addrname(RIP_DEFAULT, 0, 0));
break;
}
new.rts_gate = FROM_NADDR;
new.rts_router = FROM_NADDR;
new.rts_metric = HOPCNT_INFINITY-1;
new.rts_tag = n->n_tag;
new.rts_time = now.tv_sec;
new.rts_ifp = ifp;
new.rts_de_ag = 0;
new.rts_origin = RO_RIP;
input_route(RIP_DEFAULT, 0, &new, n, RS_NOPROPAGATE);
return;
}
if (!IS_IFF_ROUTING(ifp->int_if_flags)) {
rt_state = RS_NOPROPAGATE;
}
do {
if (n->n_family == RIP_AF_AUTH)
continue;
n->n_metric = ntohl(n->n_metric);
dst = n->n_dst;
if (n->n_family != RIP_AF_INET &&
(n->n_family != RIP_AF_UNSPEC ||
dst != RIP_DEFAULT)) {
msglim(&bad_router, FROM_NADDR,
"route from %s to unsupported"
" address family=%d destination=%s",
naddr_ntoa(FROM_NADDR), n->n_family,
naddr_ntoa(dst));
continue;
}
if (!check_dst(dst)) {
msglim(&bad_router, FROM_NADDR,
"bad destination %s from %s",
naddr_ntoa(dst),
naddr_ntoa(FROM_NADDR));
continue;
}
if (n->n_metric == 0 || n->n_metric > HOPCNT_INFINITY) {
msglim(&bad_router, FROM_NADDR,
"bad metric %d from %s"
" for destination %s",
n->n_metric, naddr_ntoa(FROM_NADDR),
naddr_ntoa(dst));
continue;
}
gate = FROM_NADDR;
if (n->n_nhop != 0) {
if (rip->rip_vers == RIPv1) {
n->n_nhop = 0;
} else {
if (on_net(n->n_nhop,
ifp->int_net, ifp->int_mask) &&
check_dst(n->n_nhop)) {
gate = n->n_nhop;
} else {
msglim(&bad_nhop,
FROM_NADDR,
"router %s to %s"
" has bad next hop %s",
naddr_ntoa(FROM_NADDR),
naddr_ntoa(dst),
naddr_ntoa(n->n_nhop));
n->n_nhop = 0;
}
}
}
if (rip->rip_vers == RIPv1 ||
0 == (mask = ntohl(n->n_mask))) {
mask = ripv1_mask_host(dst, ifp);
} else if ((ntohl(dst) & ~mask) != 0) {
msglim(&bad_mask, FROM_NADDR,
"router %s sent bad netmask %s with %s",
naddr_ntoa(FROM_NADDR),
naddr_ntoa(htonl(mask)),
naddr_ntoa(dst));
continue;
}
if (mask == HOST_MASK &&
(ifp->int_state & IS_NO_HOST)) {
trace_pkt(" ignored host route %s",
addrname(dst, mask, 0));
continue;
}
if (rip->rip_vers == RIPv1)
n->n_tag = 0;
n->n_metric += ifp->int_metric;
if (n->n_metric > HOPCNT_INFINITY)
n->n_metric = HOPCNT_INFINITY;
if (tg != NULL && (tn = tg->tgate_nets)->mask != 0) {
for (i = 0; i < MAX_TGATE_NETS; i++, tn++) {
if (on_net(dst, tn->net, tn->mask) &&
tn->mask <= mask)
break;
}
if (i >= MAX_TGATE_NETS || tn->mask == 0) {
trace_pkt(" ignored unauthorized %s",
addrname(dst, mask, 0));
continue;
}
}
if (ifp->int_d_metric != 0 && dst == RIP_DEFAULT &&
n->n_metric >= ifp->int_d_metric)
continue;
if (have_ripv1_out &&
(((rt = rtget(dst, mask)) == NULL ||
!(rt->rt_state & RS_NET_SYN))) &&
(v1_mask = ripv1_mask_net(dst, 0)) > mask) {
ddst_h = v1_mask & -v1_mask;
i = (v1_mask & ~mask)/ddst_h;
if (i >= 511) {
if (TRACECONTENTS)
trace_misc("accept %s-->%s as 1"
" instead of %d routes",
addrname(dst, mask, 0),
naddr_ntoa(FROM_NADDR),
i + 1);
i = 0;
} else {
mask = v1_mask;
}
} else {
i = 0;
}
new.rts_gate = gate;
new.rts_router = FROM_NADDR;
new.rts_metric = n->n_metric;
new.rts_tag = n->n_tag;
new.rts_time = now.tv_sec;
new.rts_ifp = ifp;
new.rts_de_ag = i;
new.rts_origin = RO_RIP;
j = 0;
for (;;) {
input_route(dst, mask, &new, n, rt_state);
if (++j > i)
break;
dst = htonl(ntohl(dst) + ddst_h);
}
} while (++n < lim);
return;
case RIPCMD_POLLENTRY:
if (n >= lim) {
msglim(&bad_len, FROM_NADDR, "empty request from %s",
naddr_ntoa(FROM_NADDR));
return;
}
if (cc%sizeof (*n) != sizeof (struct rip)%sizeof (*n)) {
msglim(&bad_len, FROM_NADDR,
"request of bad length (%d) from %s",
cc, naddr_ntoa(FROM_NADDR));
}
if (rip->rip_vers == RIPv2 && (ifp == NULL ||
(ifp->int_state & IS_NO_RIPV1_OUT))) {
v12buf.buf->rip_vers = RIPv2;
} else {
v12buf.buf->rip_vers = RIPv1;
}
ap = NULL;
clr_ws_buf(&v12buf, ap);
n->n_metric = ntohl(n->n_metric);
if (n->n_family != RIP_AF_INET) {
msglim(&bad_router, FROM_NADDR,
"POLLENTRY request from %s for unsupported"
" (af %d) %s",
naddr_ntoa(FROM_NADDR),
ntohs(n->n_family),
naddr_ntoa(n->n_dst));
return;
}
v12buf.n->n_dst = dst = n->n_dst;
v12buf.n->n_family = RIP_AF_INET;
if (!check_dst(dst)) {
msglim(&bad_router, FROM_NADDR,
"bad queried destination %s from %s",
naddr_ntoa(dst),
naddr_ntoa(FROM_NADDR));
v12buf.n->n_metric = HOPCNT_INFINITY;
goto pollentry_done;
}
if (rip->rip_vers == RIPv1 ||
0 == (mask = ntohl(n->n_mask)) ||
0 != (ntohl(dst) & ~mask))
mask = ripv1_mask_host(dst, ifp);
rt = rtget(dst, mask);
if (rt == NULL && dst != RIP_DEFAULT)
rt = rtfind(n->n_dst);
if (v12buf.buf->rip_vers != RIPv1)
v12buf.n->n_mask = htonl(mask);
if (rt == NULL) {
v12buf.n->n_metric = HOPCNT_INFINITY;
goto pollentry_done;
}
v12buf.n->n_metric = rt->rt_metric + 1;
if (v12buf.n->n_metric > HOPCNT_INFINITY)
v12buf.n->n_metric = HOPCNT_INFINITY;
if (v12buf.buf->rip_vers != RIPv1) {
v12buf.n->n_tag = rt->rt_tag;
if (ifp != NULL &&
on_net(rt->rt_gate, ifp->int_net, ifp->int_mask) &&
rt->rt_gate != ifp->int_addr)
v12buf.n->n_nhop = rt->rt_gate;
}
pollentry_done:
v12buf.n->n_metric = htonl(v12buf.n->n_metric);
(void) output(OUT_QUERY, from, ifp, v12buf.buf,
((char *)v12buf.n - (char *)v12buf.buf));
break;
}
#undef FROM_NADDR
}
void
input_route(in_addr_t dst,
in_addr_t mask,
struct rt_spare *new,
struct netinfo *n,
uint16_t rt_state)
{
int i;
struct rt_entry *rt;
struct rt_spare *rts, *rts0;
struct interface *ifp1;
struct rt_spare *ptr;
size_t ptrsize;
ifp1 = ifwithaddr(dst, _B_TRUE, _B_FALSE);
if (ifp1 != NULL && (ifp1->int_state & IS_PASSIVE))
return;
rt = rtget(dst, mask);
if (rt == NULL) {
if (new->rts_metric == HOPCNT_INFINITY)
return;
if (n != NULL && n->n_nhop != 0 &&
NULL != ifwithaddr(n->n_nhop, _B_TRUE, _B_FALSE))
return;
rtadd(dst, mask, rt_state, new);
return;
}
rts0 = rt->rt_spares;
for (rts = rts0, i = rt->rt_num_spares; i != 0; i--, rts++) {
if (rts->rts_router == new->rts_router)
break;
if (BETTER_LINK(rt, rts0, rts))
rts0 = rts;
}
if (i != 0) {
if (new->rts_de_ag > rts->rts_de_ag &&
now_stale <= rts->rts_time)
return;
if (rts->rts_metric == HOPCNT_INFINITY &&
new->rts_metric == HOPCNT_INFINITY)
new->rts_time = rts->rts_time;
if (i == rt->rt_num_spares) {
uint8_t old_metric = rts->rts_metric;
rtchange(rt, rt->rt_state | rt_state, new, 0);
if (new->rts_metric != old_metric)
rtswitch(rt, 0);
return;
}
if (rts->rts_gate == new->rts_gate &&
rts->rts_metric == new->rts_metric &&
rts->rts_tag == new->rts_tag) {
if ((rt->rt_dst == RIP_DEFAULT) &&
(rts->rts_ifp != new->rts_ifp))
trace_misc("input_route update for spare");
trace_upslot(rt, rts, new);
*rts = *new;
return;
}
if (new->rts_metric == HOPCNT_INFINITY) {
rts_delete(rt, rts);
return;
}
} else {
if (n != NULL && n->n_nhop != 0 &&
NULL != ifwithaddr(n->n_nhop, _B_TRUE, _B_FALSE))
return;
if (rts0->rts_metric < HOPCNT_INFINITY) {
ptrsize = (rt->rt_num_spares + SPARE_INC) *
sizeof (struct rt_spare);
ptr = realloc(rt->rt_spares, ptrsize);
if (ptr != NULL) {
rt->rt_spares = ptr;
rts0 = &rt->rt_spares[rt->rt_num_spares];
(void) memset(rts0, 0,
SPARE_INC * sizeof (struct rt_spare));
rt->rt_num_spares += SPARE_INC;
for (rts = rts0, i = SPARE_INC;
i != 0; i--, rts++)
rts->rts_metric = HOPCNT_INFINITY;
}
}
rts = rts0;
if (new->rts_metric >= rts->rts_metric)
return;
}
trace_upslot(rt, rts, new);
*rts = *new;
rtswitch(rt, rts);
}
struct peer_hash {
struct peer_hash *ph_next;
in_addr_t ph_addr;
time_t ph_heard;
uint32_t ph_seqno;
};
static struct peer_hash **peer_hashes;
static int ph_index;
static int ph_num_peers;
static struct peer_hash *
get_peer_info(in_addr_t from)
{
struct peer_hash *php;
struct peer_hash *pnhp;
struct peer_hash **ph_pp;
struct peer_hash **ph2_pp;
struct peer_hash **ph3_pp;
int i;
static uint_t failed_count;
if (peer_hashes == NULL) {
peer_hashes = calloc(hash_table_sizes[0],
sizeof (peer_hashes[0]));
if (peer_hashes == NULL) {
if (++failed_count % 100 == 1)
msglog("no memory for peer hash");
return (NULL);
}
}
ph_pp = peer_hashes + (from % hash_table_sizes[ph_index]);
for (php = ph_pp[0]; php != NULL; php = php->ph_next) {
if (php->ph_addr == from)
return (php);
}
if (ph_num_peers >= hash_table_sizes[ph_index] * 5 &&
hash_table_sizes[ph_index + 1] != 0 &&
(ph_pp = calloc(hash_table_sizes[ph_index + 1],
sizeof (peer_hashes[0]))) != NULL) {
ph2_pp = peer_hashes;
for (i = hash_table_sizes[ph_index] - 1; i >= 0; i--) {
for (php = ph2_pp[i]; php != NULL; php = pnhp) {
pnhp = php->ph_next;
ph3_pp = ph_pp + (php->ph_addr %
hash_table_sizes[ph_index + 1]);
php->ph_next = ph3_pp[0];
ph3_pp[0] = php;
}
}
ph_index++;
free(peer_hashes);
peer_hashes = ph_pp;
ph_pp += from % hash_table_sizes[ph_index];
}
php = calloc(sizeof (*php), 1);
if (php == NULL) {
if (++failed_count % 100 == 1)
msglog("no memory for peer hash entry");
} else {
php->ph_addr = from;
php->ph_heard = now.tv_sec;
php->ph_next = ph_pp[0];
ph_pp[0] = php;
ph_num_peers++;
}
return (php);
}
void
age_peer_info(void)
{
struct peer_hash *php;
struct peer_hash *next_ph;
struct peer_hash *prev_ph;
struct peer_hash **ph_pp;
int i;
if ((ph_pp = peer_hashes) == NULL || ph_num_peers == 0)
return;
for (i = hash_table_sizes[ph_index] - 1; i >= 0; i--) {
prev_ph = NULL;
for (php = ph_pp[i]; php != NULL; php = next_ph) {
next_ph = php->ph_next;
if (php->ph_heard <= now_expire) {
if (prev_ph == NULL)
ph_pp[i] = next_ph;
else
prev_ph->ph_next = next_ph;
free(php);
if (--ph_num_peers == 0)
return;
} else {
prev_ph = php;
}
}
}
}
static boolean_t
ck_passwd(struct interface *aifp,
struct rip *rip,
uint8_t *lim,
in_addr_t from,
struct msg_limit *use_authp)
{
#define NA (rip->rip_auths)
struct netauth *na2;
struct auth *ap;
MD5_CTX md5_ctx;
uchar_t hash[RIP_AUTH_PW_LEN];
int i, len;
struct peer_hash *php;
uint32_t seqno;
if ((uint8_t *)NA >= lim || NA->a_family != RIP_AF_AUTH) {
msglim(use_authp, from, "missing auth data from %s",
naddr_ntoa(from));
return (_B_FALSE);
}
if (rip->rip_cmd == RIPCMD_RESPONSE && NA->a_type == RIP_AUTH_MD5 &&
(php = get_peer_info(from)) != NULL) {
seqno = ntohl(NA->au.a_md5.md5_seqno);
if (php->ph_heard > now_expire && php->ph_seqno != 0 &&
(seqno == 0 || ((seqno - php->ph_seqno) & 0x80000000ul))) {
msglim(use_authp, from,
"discarding sequence %x (older than %x)",
(unsigned)seqno, (unsigned)php->ph_seqno);
return (_B_FALSE);
}
php->ph_heard = now.tv_sec;
php->ph_seqno = seqno;
}
for (ap = aifp->int_auth, i = 0; i < MAX_AUTH_KEYS; i++, ap++) {
if (ap->type != NA->a_type ||
(ulong_t)ap->start > (ulong_t)clk.tv_sec+DAY ||
(ulong_t)ap->end+DAY < (ulong_t)clk.tv_sec)
continue;
if (NA->a_type == RIP_AUTH_PW) {
if (0 == memcmp(NA->au.au_pw, ap->key, RIP_AUTH_PW_LEN))
return (_B_TRUE);
} else {
if (NA->au.a_md5.md5_keyid != ap->keyid)
continue;
len = ntohs(NA->au.a_md5.md5_pkt_len);
if ((len - sizeof (*rip)) % sizeof (*NA) != 0 ||
len > (lim - (uint8_t *)rip - sizeof (*NA))) {
msglim(use_authp, from,
"wrong MD5 RIPv2 packet length of %d"
" instead of %d from %s",
len, lim - (uint8_t *)rip - sizeof (*NA),
naddr_ntoa(from));
return (_B_FALSE);
}
na2 = (struct netauth *)(rip->rip_nets +
(len - 4) / sizeof (struct netinfo));
if (TRACEPACKETS) {
if (NA->au.a_md5.md5_auth_len !=
RIP_AUTH_MD5_LEN)
msglim(use_authp, from,
"unknown MD5 RIPv2 auth len %#x"
" instead of %#x from %s",
NA->au.a_md5.md5_auth_len,
RIP_AUTH_MD5_LEN,
naddr_ntoa(from));
if (na2->a_family != RIP_AF_AUTH)
msglim(use_authp, from,
"unknown MD5 RIPv2 family %#x"
" instead of %#x from %s",
na2->a_family, RIP_AF_AUTH,
naddr_ntoa(from));
if (na2->a_type != RIP_AUTH_TRAILER)
msglim(use_authp, from,
"MD5 RIPv2 hash has %#x"
" instead of %#x from %s",
ntohs(na2->a_type),
ntohs(RIP_AUTH_TRAILER),
naddr_ntoa(from));
}
MD5Init(&md5_ctx);
MD5Update(&md5_ctx, (uchar_t *)rip, len + 4);
MD5Update(&md5_ctx, ap->key, RIP_AUTH_MD5_LEN);
MD5Final(hash, &md5_ctx);
if (0 == memcmp(hash, na2->au.au_pw, sizeof (hash)))
return (_B_TRUE);
}
}
msglim(use_authp, from, "bad auth data from %s",
naddr_ntoa(from));
return (_B_FALSE);
#undef NA
}
