diff options
author | wollman <wollman@FreeBSD.org> | 1996-11-19 20:42:43 +0000 |
---|---|---|
committer | wollman <wollman@FreeBSD.org> | 1996-11-19 20:42:43 +0000 |
commit | b91551e88365a1a4ef273e599fe34d6f77871fa0 (patch) | |
tree | f1f14ad5f16bf46af2a45b6ee7cea62b68242de0 /sbin | |
parent | fce827276a44ea79290a5de5c4d5a5ea905d83d6 (diff) | |
download | FreeBSD-src-b91551e88365a1a4ef273e599fe34d6f77871fa0.zip FreeBSD-src-b91551e88365a1a4ef273e599fe34d6f77871fa0.tar.gz |
Merge from vendor branch and use system MD5 library.
Diffstat (limited to 'sbin')
-rw-r--r-- | sbin/routed/Makefile | 7 | ||||
-rw-r--r-- | sbin/routed/defs.h | 99 | ||||
-rw-r--r-- | sbin/routed/md5.c | 325 | ||||
-rw-r--r-- | sbin/routed/routed.8 | 77 | ||||
-rw-r--r-- | sbin/routed/routed.h | 174 | ||||
-rw-r--r-- | sbin/routed/rtquery/Makefile | 4 | ||||
-rw-r--r-- | sbin/routed/rtquery/md5.c | 325 | ||||
-rw-r--r-- | sbin/routed/rtquery/rtquery.c | 14 | ||||
-rw-r--r-- | sbin/routed/table.c | 100 |
9 files changed, 203 insertions, 922 deletions
diff --git a/sbin/routed/Makefile b/sbin/routed/Makefile index b17fd70..4d6ea8f 100644 --- a/sbin/routed/Makefile +++ b/sbin/routed/Makefile @@ -1,10 +1,13 @@ # From: @(#)Makefile 8.1 (Berkeley) 6/19/93 -# $Id$ +# $Id: Makefile,v 1.2 1996/09/16 17:03:27 wollman Exp $ PROG= routed -SRCS= if.c input.c main.c output.c parms.c radix.c rdisc.c table.c trace.c +SRCS= if.c input.c main.c output.c parms.c radix.c rdisc.c table.c \ + trace.c MAN8= routed.8 SUBDIR= rtquery +LDADD+= -lmd +DPADD+= ${LIBMD} #COPTS= -g -DDEBUG -Wall .include <bsd.prog.mk> diff --git a/sbin/routed/defs.h b/sbin/routed/defs.h index 8dcf6ae..5dd0b8b 100644 --- a/sbin/routed/defs.h +++ b/sbin/routed/defs.h @@ -31,13 +31,9 @@ * SUCH DAMAGE. * * @(#)defs.h 8.1 (Berkeley) 6/5/93 - * $Id$ + * $Id: defs.h,v 1.2 1996/09/16 17:03:29 wollman Exp $ */ -#ifndef __NetBSD__ -#ident "$Revision: 1.1.1.1 $" -#endif - /* Definitions for RIPv2 routing process. * * This code is based on the 4.4BSD `routed` daemon, with extensions to @@ -94,6 +90,10 @@ #define RIPVERSION RIPv2 #include <protocols/routed.h> +#ifdef sgi +#define USE_PASSIFNAME +#endif + /* Type of an IP address. * Some systems do not like to pass structures, so do not use in_addr. @@ -130,6 +130,13 @@ #define LIM_SEC(s,l) ((s).tv_sec = MIN((s).tv_sec, (l))) +/* Metric used for fake default routes. It ought to be 15, but when + * processing advertised routes, previous versions of `routed` added + * to the received metric and discarded the route if the total was 16 + * or larger. + */ +#define FAKE_METRIC (HOPCNT_INFINITY-2) + /* Router Discovery parameters */ #ifndef sgi @@ -150,15 +157,19 @@ #define MAX_SOLICITATIONS 3 +/* Bloated packet size for systems that simply add authentication to + * full-sized packets + */ +#define OVER_MAXPACKETSIZE (MAXPACKETSIZE+sizeof(struct netinfo)*2) /* typical packet buffers */ union pkt_buf { - char packet[MAXPACKETSIZE+1]; + char packet[OVER_MAXPACKETSIZE*2]; struct rip rip; }; -/* no more routes than this, to protect ourself in case something goes - * whacko and starts broadcast zillions of bogus routes. +/* No more routes than this, to protect ourself in case something goes + * whacko and starts broadcasting zillions of bogus routes. */ #define MAX_ROUTES (128*1024) extern int total_routes; @@ -242,7 +253,11 @@ struct rt_entry { * handles "logical" or "IS_REMOTE" interfaces (remote gateways). */ struct interface { - struct interface *int_next, *int_prev; + struct interface *int_next, **int_prev; + struct interface *int_ahash, **int_ahash_prev; + struct interface *int_bhash, **int_bhash_prev; + struct interface *int_rlink, **int_rlink_prev; + struct interface *int_nhash, **int_nhash_prev; char int_name[IFNAMSIZ+15+1]; /* big enough for IS_REMOTE */ u_short int_index; naddr int_addr; /* address on this host (net order) */ @@ -258,6 +273,7 @@ struct interface { int int_if_flags; /* some bits copied from kernel */ u_int int_state; time_t int_act_time; /* last thought healthy */ + time_t int_query_time; u_short int_transitions; /* times gone up-down */ char int_metric; char int_d_metric; /* for faked default route */ @@ -271,7 +287,15 @@ struct interface { #endif time_t ts; /* timestamp on network stats */ } int_data; - char int_passwd[RIP_AUTH_PW_LEN]; /* RIPv2 password */ + struct auth { /* authentication info */ + u_char type; +# define MAX_AUTH_KEYS 3 + struct auth_key { + u_char key[RIP_AUTH_PW_LEN]; + u_char keyid; + time_t start, end; + } keys[MAX_AUTH_KEYS]; + } int_auth; int int_rdisc_pref; /* advertised rdisc preference */ int int_rdisc_int; /* MaxAdvertiseInterval */ int int_rdisc_cnt; @@ -287,11 +311,11 @@ struct interface { #define IS_CHECKED 0x0000020 /* still exists */ #define IS_ALL_HOSTS 0x0000040 /* in INADDR_ALLHOSTS_GROUP */ #define IS_ALL_ROUTERS 0x0000080 /* in INADDR_ALLROUTERS_GROUP */ -#define IS_RIP_QUERIED 0x0000100 /* query broadcast */ +#define IS_DISTRUST 0x0000100 /* ignore untrusted routers */ #define IS_BROKE 0x0000200 /* seems to be broken */ #define IS_SICK 0x0000400 /* seems to be broken */ #define IS_DUP 0x0000800 /* has a duplicate address */ -#define IS_ACTIVE 0x0001000 /* heard from it at least once */ +/* 0x0001000 spare */ #define IS_NEED_NET_SYN 0x0002000 /* need RS_NET_SYN route */ #define IS_NO_AG 0x0004000 /* do not aggregate subnets */ #define IS_NO_SUPER_AG 0x0008000 /* do not aggregate networks */ @@ -363,14 +387,14 @@ struct ag_info { extern struct parm { struct parm *parm_next; char parm_name[IFNAMSIZ+1]; - naddr parm_addr_h; + naddr parm_net; naddr parm_mask; char parm_d_metric; u_int parm_int_state; int parm_rdisc_pref; int parm_rdisc_int; - char parm_passwd[RIP_AUTH_PW_LEN+1]; + struct auth parm_auth; } *parms; /* authority for internal networks */ @@ -381,7 +405,23 @@ extern struct intnet { char intnet_metric; } *intnets; +/* trusted routers */ +extern struct tgate { + struct tgate *tgate_next; + naddr tgate_addr; +} *tgates; +enum output_type {OUT_QUERY, OUT_UNICAST, OUT_BROADCAST, OUT_MULTICAST, + NO_OUT_MULTICAST, NO_OUT_RIPV2}; + +/* common output buffers */ +extern struct ws_buf { + struct rip *buf; + struct netinfo *n; + struct netinfo *base; + struct netinfo *lim; + enum output_type type; +} v12buf, v2buf; extern pid_t mypid; extern naddr myaddr; /* main address of this system */ @@ -404,7 +444,8 @@ extern int mhome; /* 1=want multi-homed host route */ extern int advertise_mhome; /* 1=must continue adverising it */ extern int auth_ok; /* 1=ignore auth if we do not care */ -extern struct timeval epoch; /* when started */ +extern struct timeval clk; /* system clock's idea of time */ +extern struct timeval epoch; /* system clock when started */ extern struct timeval now; /* current idea of time */ extern time_t now_stale; extern time_t now_expire; @@ -422,6 +463,7 @@ extern naddr loopaddr; /* our address on loopback */ extern int tot_interfaces; /* # of remote and local interfaces */ extern int rip_interfaces; /* # of interfaces doing RIP */ extern struct interface *ifnet; /* all interfaces */ +extern struct interface *remote_if; /* remote interfaces */ extern int have_ripv1_out; /* have a RIPv1 interface */ extern int have_ripv1_in; extern int need_flash; /* flash update needed */ @@ -449,16 +491,21 @@ extern void fix_select(void); extern void rip_off(void); extern void rip_on(struct interface *); -enum output_type {OUT_QUERY, OUT_UNICAST, OUT_BROADCAST, OUT_MULTICAST, - NO_OUT_MULTICAST, NO_OUT_RIPV2}; -extern int output(enum output_type, struct sockaddr_in *, - struct interface *, struct rip *, int); +extern void bufinit(void); +extern int output(enum output_type, struct sockaddr_in *, + struct interface *, struct rip *, int); +extern void clr_ws_buf(struct ws_buf *, struct auth_key *, struct interface *); extern void rip_query(void); extern void rip_bcast(int); extern void supply(struct sockaddr_in *, struct interface *, - enum output_type, int, int); + enum output_type, int, int, int); extern void msglog(char *, ...); +struct msg_limit { + naddr addr; + time_t until; +}; +extern void msglim(struct msg_limit *, naddr, char *, ...); #define LOGERR(msg) msglog(msg ": %s", strerror(errno)) extern void logbad(int, char *, ...); #define BADERR(dump,msg) logbad(dump,msg ": %s", strerror(errno)) @@ -484,7 +531,7 @@ extern void lastlog(void); extern void trace_on(char *, int); extern void trace_off(char*, ...); extern void trace_flush(void); -extern void set_tracelevel(void); +extern void set_tracelevel(int); extern void trace_kernel(char *, ...); extern void trace_act(char *, ...); extern void trace_pkt(char *, ...); @@ -553,13 +600,21 @@ extern naddr ripv1_mask_net(naddr, struct interface *); extern naddr ripv1_mask_host(naddr,struct interface *); #define on_net(a,net,mask) (((ntohl(a) ^ (net)) & (mask)) == 0) extern int check_dst(naddr); -extern void addrouteforif(register struct interface *); +extern struct interface *check_dup(naddr, naddr, naddr, int); +extern int check_remote(struct interface *); +extern int addrouteforif(register struct interface *); extern void ifinit(void); extern int walk_bad(struct radix_node *, struct walkarg *); extern int if_ok(struct interface *, char *); extern void if_sick(struct interface *); extern void if_bad(struct interface *); +extern void if_link(struct interface *); extern struct interface *ifwithaddr(naddr, int, int); extern struct interface *ifwithname(char *, naddr); extern struct interface *ifwithindex(u_short); extern struct interface *iflookup(naddr); + +extern struct auth_key *find_auth(struct interface *); +extern void end_md5_auth(struct ws_buf *, struct auth_key *); + +#include <md5.h> diff --git a/sbin/routed/md5.c b/sbin/routed/md5.c deleted file mode 100644 index a6fcf16..0000000 --- a/sbin/routed/md5.c +++ /dev/null @@ -1,325 +0,0 @@ -/* This code could be made a lot faster for PPP */ - -/* Copyright (C) 1991-2, RSA Data Security, Inc. Created 1991. All - * rights reserved. - * - * License to copy and use this software is granted provided that it - * is identified as the "RSA Data Security, Inc. MD5 Message-Digest - * Algorithm" in all material mentioning or referencing this software - * or this function. - * - * License is also granted to make and use derivative works provided - * that such works are identified as "derived from the RSA Data - * Security, Inc. MD5 Message-Digest Algorithm" in all material - * mentioning or referencing the derived work. - * - * RSA Data Security, Inc. makes no representations concerning either - * the merchantability of this software or the suitability of this - * software for any particular purpose. It is provided "as is" - * without express or implied warranty of any kind. - * - * These notices must be retained in any copies of any part of this - * documentation and/or software. - */ - -#ident "$Revision: 1.2 $" - -#ifdef sgi -#include <strings.h> -#include <bstring.h> -#endif -#include <sys/types.h> - -#define MD5_DIGEST_LEN 16 -typedef struct { - u_int32_t state[4]; /* state (ABCD) */ - u_int32_t count[2]; /* # of bits, modulo 2^64 (LSB 1st) */ - unsigned char buffer[64]; /* input buffer */ -} MD5_CTX; -extern void MD5Init(MD5_CTX*); -extern void MD5Update(MD5_CTX*, u_char*, u_int); -extern void MD5Final(u_char[MD5_DIGEST_LEN], MD5_CTX*); - -/* UINT4 defines a four byte word */ -#define UINT4 u_int32_t - - -#define MD5_memcpy(d,s,l) bcopy(s,d,l) - -/* Constants for MD5Transform routine. - */ -#define S11 7 -#define S12 12 -#define S13 17 -#define S14 22 -#define S21 5 -#define S22 9 -#define S23 14 -#define S24 20 -#define S31 4 -#define S32 11 -#define S33 16 -#define S34 23 -#define S41 6 -#define S42 10 -#define S43 15 -#define S44 21 - -static void MD5Transform(UINT4[4], unsigned char [64]); -static void Encode(unsigned char *, UINT4 *, unsigned int); -static void Decode(UINT4 *, unsigned char *, unsigned int); - -static unsigned char PADDING[64] = { - 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 -}; - - -/* F, G, H and I are basic MD5 functions. - */ -#define F(x, y, z) (((x) & (y)) | ((~x) & (z))) -#define G(x, y, z) (((x) & (z)) | ((y) & (~z))) -#define H(x, y, z) ((x) ^ (y) ^ (z)) -#define I(x, y, z) ((y) ^ ((x) | (~z))) - -/* ROTATE_LEFT rotates x left n bits. - */ -#define ROTATE_LEFT(x, n) (((x) << (n)) | ((x) >> (32-(n)))) - -/* FF, GG, HH, and II transformations for rounds 1, 2, 3, and 4. - * Rotation is separate from addition to prevent recomputation. - */ -#define FF(a, b, c, d, x, s, ac) { \ - (a) += F ((b), (c), (d)) + (x) + (UINT4)(ac); \ - (a) = ROTATE_LEFT ((a), (s)); \ - (a) += (b); \ -} -#define GG(a, b, c, d, x, s, ac) { \ - (a) += G ((b), (c), (d)) + (x) + (UINT4)(ac); \ - (a) = ROTATE_LEFT ((a), (s)); \ - (a) += (b); \ -} -#define HH(a, b, c, d, x, s, ac) { \ - (a) += H ((b), (c), (d)) + (x) + (UINT4)(ac); \ - (a) = ROTATE_LEFT ((a), (s)); \ - (a) += (b); \ -} -#define II(a, b, c, d, x, s, ac) { \ - (a) += I ((b), (c), (d)) + (x) + (UINT4)(ac); \ - (a) = ROTATE_LEFT ((a), (s)); \ - (a) += (b); \ -} - -/* MD5 initialization. Begins an MD5 operation, writing a new context. - */ -void -MD5Init(MD5_CTX *context) -{ - context->count[0] = context->count[1] = 0; - /* Load magic initialization constants. - */ - context->state[0] = 0x67452301; - context->state[1] = 0xefcdab89; - context->state[2] = 0x98badcfe; - context->state[3] = 0x10325476; -} - -/* MD5 block update operation. Continues an MD5 message-digest - * operation, processing another message block, and updating the - * context. - */ -void -MD5Update(MD5_CTX *context, /* context */ - unsigned char *input, /* input block */ - unsigned int inputLen) /* length of input block */ -{ - unsigned int i, indx, partLen; - - /* Compute number of bytes mod 64 */ - indx = ((context->count[0] >> 3) & 0x3F); - - /* Update number of bits */ - if ((context->count[0] += ((UINT4)inputLen << 3)) - < ((UINT4)inputLen << 3)) - context->count[1]++; - context->count[1] += ((UINT4)inputLen >> 29); - - partLen = 64 - indx; - - /* Transform as many times as possible. - */ - if (inputLen >= partLen) { - bcopy(input, &context->buffer[indx], partLen); - MD5Transform (context->state, context->buffer); - - for (i = partLen; i + 63 < inputLen; i += 64) - MD5Transform (context->state, &input[i]); - - indx = 0; - } else { - i = 0; - } - - /* Buffer remaining input */ - bcopy(&input[i], &context->buffer[indx], inputLen-i); -} - - -/* MD5 finalization. Ends an MD5 message-digest operation, writing the - the message digest and zeroizing the context. - */ -void -MD5Final(unsigned char digest[MD5_DIGEST_LEN], /* message digest */ - MD5_CTX *context) /* context */ -{ - unsigned char bits[8]; - unsigned int indx, padLen; - - /* Save number of bits */ - Encode (bits, context->count, 8); - - /* Pad out to 56 mod 64. - */ - indx = (unsigned int)((context->count[0] >> 3) & 0x3f); - padLen = (indx < 56) ? (56 - indx) : (120 - indx); - MD5Update(context, PADDING, padLen); - - /* Append length (before padding) */ - MD5Update(context, bits, 8); - - /* Store state in digest */ - Encode(digest, context->state, MD5_DIGEST_LEN); - - /* Zeroize sensitive information. - */ - bzero(context, sizeof(*context)); -} - - -/* MD5 basic transformation. Transforms state based on block. - */ -static void -MD5Transform(UINT4 state[4], - unsigned char block[64]) -{ - UINT4 a = state[0], b = state[1], c = state[2], d = state[3], x[16]; - - Decode (x, block, 64); - - /* Round 1 */ - FF (a, b, c, d, x[ 0], S11, 0xd76aa478); /* 1 */ - FF (d, a, b, c, x[ 1], S12, 0xe8c7b756); /* 2 */ - FF (c, d, a, b, x[ 2], S13, 0x242070db); /* 3 */ - FF (b, c, d, a, x[ 3], S14, 0xc1bdceee); /* 4 */ - FF (a, b, c, d, x[ 4], S11, 0xf57c0faf); /* 5 */ - FF (d, a, b, c, x[ 5], S12, 0x4787c62a); /* 6 */ - FF (c, d, a, b, x[ 6], S13, 0xa8304613); /* 7 */ - FF (b, c, d, a, x[ 7], S14, 0xfd469501); /* 8 */ - FF (a, b, c, d, x[ 8], S11, 0x698098d8); /* 9 */ - FF (d, a, b, c, x[ 9], S12, 0x8b44f7af); /* 10 */ - FF (c, d, a, b, x[10], S13, 0xffff5bb1); /* 11 */ - FF (b, c, d, a, x[11], S14, 0x895cd7be); /* 12 */ - FF (a, b, c, d, x[12], S11, 0x6b901122); /* 13 */ - FF (d, a, b, c, x[13], S12, 0xfd987193); /* 14 */ - FF (c, d, a, b, x[14], S13, 0xa679438e); /* 15 */ - FF (b, c, d, a, x[15], S14, 0x49b40821); /* 16 */ - - /* Round 2 */ - GG (a, b, c, d, x[ 1], S21, 0xf61e2562); /* 17 */ - GG (d, a, b, c, x[ 6], S22, 0xc040b340); /* 18 */ - GG (c, d, a, b, x[11], S23, 0x265e5a51); /* 19 */ - GG (b, c, d, a, x[ 0], S24, 0xe9b6c7aa); /* 20 */ - GG (a, b, c, d, x[ 5], S21, 0xd62f105d); /* 21 */ - GG (d, a, b, c, x[10], S22, 0x2441453); /* 22 */ - GG (c, d, a, b, x[15], S23, 0xd8a1e681); /* 23 */ - GG (b, c, d, a, x[ 4], S24, 0xe7d3fbc8); /* 24 */ - GG (a, b, c, d, x[ 9], S21, 0x21e1cde6); /* 25 */ - GG (d, a, b, c, x[14], S22, 0xc33707d6); /* 26 */ - GG (c, d, a, b, x[ 3], S23, 0xf4d50d87); /* 27 */ - GG (b, c, d, a, x[ 8], S24, 0x455a14ed); /* 28 */ - GG (a, b, c, d, x[13], S21, 0xa9e3e905); /* 29 */ - GG (d, a, b, c, x[ 2], S22, 0xfcefa3f8); /* 30 */ - GG (c, d, a, b, x[ 7], S23, 0x676f02d9); /* 31 */ - GG (b, c, d, a, x[12], S24, 0x8d2a4c8a); /* 32 */ - - /* Round 3 */ - HH (a, b, c, d, x[ 5], S31, 0xfffa3942); /* 33 */ - HH (d, a, b, c, x[ 8], S32, 0x8771f681); /* 34 */ - HH (c, d, a, b, x[11], S33, 0x6d9d6122); /* 35 */ - HH (b, c, d, a, x[14], S34, 0xfde5380c); /* 36 */ - HH (a, b, c, d, x[ 1], S31, 0xa4beea44); /* 37 */ - HH (d, a, b, c, x[ 4], S32, 0x4bdecfa9); /* 38 */ - HH (c, d, a, b, x[ 7], S33, 0xf6bb4b60); /* 39 */ - HH (b, c, d, a, x[10], S34, 0xbebfbc70); /* 40 */ - HH (a, b, c, d, x[13], S31, 0x289b7ec6); /* 41 */ - HH (d, a, b, c, x[ 0], S32, 0xeaa127fa); /* 42 */ - HH (c, d, a, b, x[ 3], S33, 0xd4ef3085); /* 43 */ - HH (b, c, d, a, x[ 6], S34, 0x4881d05); /* 44 */ - HH (a, b, c, d, x[ 9], S31, 0xd9d4d039); /* 45 */ - HH (d, a, b, c, x[12], S32, 0xe6db99e5); /* 46 */ - HH (c, d, a, b, x[15], S33, 0x1fa27cf8); /* 47 */ - HH (b, c, d, a, x[ 2], S34, 0xc4ac5665); /* 48 */ - - /* Round 4 */ - II (a, b, c, d, x[ 0], S41, 0xf4292244); /* 49 */ - II (d, a, b, c, x[ 7], S42, 0x432aff97); /* 50 */ - II (c, d, a, b, x[14], S43, 0xab9423a7); /* 51 */ - II (b, c, d, a, x[ 5], S44, 0xfc93a039); /* 52 */ - II (a, b, c, d, x[12], S41, 0x655b59c3); /* 53 */ - II (d, a, b, c, x[ 3], S42, 0x8f0ccc92); /* 54 */ - II (c, d, a, b, x[10], S43, 0xffeff47d); /* 55 */ - II (b, c, d, a, x[ 1], S44, 0x85845dd1); /* 56 */ - II (a, b, c, d, x[ 8], S41, 0x6fa87e4f); /* 57 */ - II (d, a, b, c, x[15], S42, 0xfe2ce6e0); /* 58 */ - II (c, d, a, b, x[ 6], S43, 0xa3014314); /* 59 */ - II (b, c, d, a, x[13], S44, 0x4e0811a1); /* 60 */ - II (a, b, c, d, x[ 4], S41, 0xf7537e82); /* 61 */ - II (d, a, b, c, x[11], S42, 0xbd3af235); /* 62 */ - II (c, d, a, b, x[ 2], S43, 0x2ad7d2bb); /* 63 */ - II (b, c, d, a, x[ 9], S44, 0xeb86d391); /* 64 */ - - state[0] += a; - state[1] += b; - state[2] += c; - state[3] += d; - - /* Zeroize sensitive information. - */ - bzero(x, sizeof(x)); -} - - -/* Encodes input (UINT4) into output (unsigned char). Assumes len is - * a multiple of 4. - */ -static void -Encode(unsigned char *output, - UINT4 *input, - unsigned int len) -{ - unsigned int i, j; - - for (i = 0, j = 0; j < len; i++, j += 4) { - output[j] = (unsigned char)(input[i] & 0xff); - output[j+1] = (unsigned char)((input[i] >> 8) & 0xff); - output[j+2] = (unsigned char)((input[i] >> 16) & 0xff); - output[j+3] = (unsigned char)((input[i] >> 24) & 0xff); - } -} - - -/* Decodes input (unsigned char) into output (UINT4). Assumes len is - * a multiple of 4. - */ -static void -Decode (UINT4 *output, - unsigned char *input, - unsigned int len) -{ - unsigned int i, j; - - for (i = 0, j = 0; j < len; i++, j += 4) - output[i] = ((UINT4)input[j]) | (((UINT4)input[j+1]) << 8) | - (((UINT4)input[j+2]) << 16) | (((UINT4)input[j+3]) << 24); -} diff --git a/sbin/routed/routed.8 b/sbin/routed/routed.8 index 4d203a7..5eaaff2 100644 --- a/sbin/routed/routed.8 +++ b/sbin/routed/routed.8 @@ -96,7 +96,7 @@ After transmitting a RIP and Router Discovery Advertisements or Solicitations on a new interface, the daemon enters a loop, listening for -RIP request and response and Router Discover packets from other hosts. +RIP request and response and Router Discovery packets from other hosts. .Pp When a .Em request @@ -137,7 +137,7 @@ When an update is applied, .Nm records the change in its own tables and updates the kernel routing table if the best route to the destination changes. -The change in the kernel routing tableis reflected in the next batch of +The change in the kernel routing table is reflected in the next batch of .Em response packets sent. If the next response is not scheduled for a while, a @@ -199,11 +199,11 @@ If all discovered routers disappear, the daemon resumes listening to RIP responses. .Pp While using Router Discovery (which happens by default when -the system has a single network interface and a Router Discover Advertisement +the system has a single network interface and a Router Discovery Advertisement is received), there is a single default route and a variable number of redirected host routes in the kernel table. .Pp -The Router Discover standard requires that advertisements +The Router Discovery standard requires that advertisements have a default "lifetime" of 30 minutes. That means should something happen, a client can be without a good route for 30 minutes. It is a good idea to reduce the default to 45 @@ -219,14 +219,23 @@ While using Router Discovery (which happens by default when the system has a single network interface and a Router Discover Advertisement is received), there is a single default route and a variable number of redirected host routes in the kernel table. +On a host with more than one network interface, +this default route will be via only one of the interfaces. +Thus, multi-homed hosts running with \f3\-q\f1 might need +.Cm no_rdisc +described below. .Pp See the .Cm pm_rdisc facility described below to support "legacy" systems that can handle neither RIPv2 nor Router Discovery. .Pp -By default, neither Router Discovery advertisements nor solicications +By default, neither Router Discovery advertisements nor solicitations are sent over point to point links (e.g. PPP). +The netmask associated with point-to-point links (such as SLIP +or PPP, with the IFF_POINTOPOINT flag) is used by +.Nm routed +to infer the netmask used by the remote system when RIPv1 is used. .Pp Options supported by @@ -243,6 +252,7 @@ ipforwarding=1. is the opposite of the .Fl s option. +This is the default when only one interface is present. .It Fl d Do not run in the background. This option is meant for interactive use. @@ -266,7 +276,7 @@ This is typically used on a gateway to the Internet, or on a gateway that uses another routing protocol whose routes are not reported to other local routers. Notice that because a metric of 1 is used, this feature is -dangerous. It is more commonly accidently used to create chaos with routing +dangerous. It is more commonly accidentally used to create chaos with routing loop than to solve problems. .It Fl h This causes host or point-to-point routes to not be advertised, @@ -401,7 +411,7 @@ are also passive, but are not placed in the kernel routing table nor are they included in routing updates. The function of external entries is to indicate that another routing process -will install such a route if ncessary, +will install such a route if necessary, and that alternate routes to that destination should not be installed by .Nm routed . @@ -504,21 +514,41 @@ specifies a RIPv2 password that will be included on all RIPv2 responses sent and checked on all RIPv2 responses received. The password must not contain any blanks, tab characters, commas or '#' characters. +.It Cm passwd Ns \&= Ns Ar XXX1[|KeyID[start|stop]][XXX2...] +specifies one or more RIPv2 cleartext passwords that will be included on +all RIPv2 responses sent, and checked on all RIPv2 responses received. +Any blanks, tab characters, commas, or '#' or '|' characters in the +password must be escaped with a backslash (\\). +The +.Cm KeyID +must be unique but is ignored for cleartext passwords. +If present, +.Cm start +and +.Cm stop +are timestamps in the form year/month/day@hour:minute. +They specify when the password is valid. +The first valid password is used on output packets. +Incoming packets can carry any password that is valid, will +be valid within 24 hours, or that was valid within 24 hours. +.It Cm md5_passwd Ns \&= Ns Ar XXX1|KeyID[start|stop][XXX2...] +specifes one or more RIPv2 MD5 passwords. +Except that a +.Cm KeyID +is required, this keyword is the similar to +.Cm passwd . .It Cm no_ag turns off aggregation of subnets in RIPv1 and RIPv2 responses. .It Cm no_super_ag turns off aggregation of networks into supernets in RIPv2 responses. .It Cm passive -is equivalent -.Cm no_rip Cm no_rdisc . +marks the interface to not be advertised in updates sent via other +interfaces, and turns off all RIP and router discovery through the interface. .It Cm no_rip disables all RIP processing on the specified interface. If no interfaces are allowed to process RIP packets, .Nm acts purely as a router discovery daemon. -.Cm No_rip -is equivalent to -.Cm no_ripv1_in no_ripv2_in no_ripv1_out no_ripv2_out . Note that turning off RIP without explicitly turning on router discovery advertisements with @@ -527,7 +557,7 @@ or .Fl s causes .Nm routed -to act as a client router discovery daemon, not adveritising. +to act as a client router discovery daemon, not advertising. .It Cm no_ripv1_in causes RIPv1 received responses to be ignored. .It Cm no_ripv2_in @@ -535,10 +565,15 @@ causes RIPv2 received responses to be ignored. .It Cm ripv2_out turns off RIPv1 output and causes RIPv2 advertisements to be multicast when possible. +.It Cm ripv2 +is equivalent to +.Cm no_ripv1_in +and +.Cm no_ripv1_out . .It Cm no_rdisc disables the Internet Router Discovery Protocol. .It Cm no_solicit -disables the tranmission of Router Discovery Solicitations. +disables the transmission of Router Discovery Solicitations. .It Cm send_solicit specifies that Router Discovery solicitations should be sent, even on point-to-point links, @@ -546,7 +581,7 @@ which by default only listen to Router Discovery messages. .It Cm no_rdisc_adv disables the transmission of Router Discovery Advertisements .It Cm rdisc_adv -specifies that Router Discovery advertisements should be sent, +specifies that Router Discovery Advertisements should be sent, even on point-to-point links, which by default only listen to Router Discovery messages .It Cm bcast_rdisc @@ -560,7 +595,7 @@ sets the nominal interval with which Router Discovery Advertisements are transmitted to N seconds and their lifetime to 3*N. .It Cm fake_default Ns \&= Ns Ar metric has an identical effect to -.Fl F Ar net[/mask][,metric] +.Fl F Ar net[/mask][=metric] with the network and mask coming from the sepcified interface. .It Cm pm_rdisc is similar to @@ -572,13 +607,13 @@ Unless modified with .Cm fake_default , the default route is broadcast with a metric of 14. That serves as a "poor man's router discovery" protocol. +.It Cm trust_gateway Ns \&= Ns Ar rname +causes RIP packets from that router and other routers named in +other +.Cm trust_gateway +keywords to be accept, and packets from other routers to be ignored. .El .Pp -Note that the netmask associated with point-to-point links (such as SLIP -or PPP, with the IFF_POINTOPOINT flag) is used by -.Nm routed -to infer the netmask used by the remote system when RIPv1 is used. -.Pp .Sh FILES .Bl -tag -width /etc/gateways -compact .It Pa /etc/gateways diff --git a/sbin/routed/routed.h b/sbin/routed/routed.h deleted file mode 100644 index 3981d99..0000000 --- a/sbin/routed/routed.h +++ /dev/null @@ -1,174 +0,0 @@ -/*- - * Copyright (c) 1983, 1989, 1993 - * The Regents of the University of California. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * @(#)routed.h 8.1 (Berkeley) 6/2/93 - * - * $NetBSD$ - */ - -#ifndef _ROUTED_H_ -#define _ROUTED_H_ -#ifdef __cplusplus -extern "C" { -#endif -#ident "$Revision: 1.10 $" - -/* - * Routing Information Protocol - * - * Derived from Xerox NS Routing Information Protocol - * by changing 32-bit net numbers to sockaddr's and - * padding stuff to 32-bit boundaries. - */ - -#define RIPv1 1 -#define RIPv2 2 -#ifndef RIPVERSION -#define RIPVERSION RIPv1 -#endif - -#define RIP_PORT 520 - -#if RIPVERSION == 1 -/* Note that this so called sockaddr has a 2-byte sa_family and no sa_len. - * It is not a UNIX sockaddr, but the shape of an address as defined - * in RIPv1. It is still defined to allow old versions of programs - * such as `gated` to use this file to define RIPv1. - */ -struct netinfo { - struct sockaddr rip_dst; /* destination net/host */ - u_int32_t rip_metric; /* cost of route */ -}; -#else -struct netinfo { - u_int16_t n_family; -#define RIP_AF_INET htons(AF_INET) -#define RIP_AF_UNSPEC 0 -#define RIP_AF_AUTH 0xffff - u_int16_t n_tag; /* optional in RIPv2 */ - u_int32_t n_dst; /* destination net or host */ -#define RIP_DEFAULT 0 - u_int32_t n_mask; /* netmask in RIPv2 */ - u_int32_t n_nhop; /* optional next hop in RIPv2 */ - u_int32_t n_metric; /* cost of route */ -}; -#endif - -/* RIPv2 authentication */ -struct netauth { - u_int16_t a_family; /* always RIP_AF_AUTH */ - u_int16_t a_type; -#define RIP_AUTH_NONE 0 -#define RIP_AUTH_PW htons(2) /* password type */ -#define RIP_AUTH_MD5 htons(3) /* Keyed MD5 */ - union { -#define RIP_AUTH_PW_LEN 16 - u_int8_t au_pw[RIP_AUTH_PW_LEN]; - struct a_md5 { - int16_t md5_pkt_len; /* RIP-II packet length */ - int8_t md5_keyid; /* key ID and auth data len */ - int8_t md5_auth_len; /* 16 */ - u_int32_t md5_seqno; /* sequence number */ - u_int32_t rsvd[2]; /* must be 0 */ -#define RIP_AUTH_MD5_LEN RIP_AUTH_PW_LEN - } a_md5; - } au; -}; - -struct rip { - u_int8_t rip_cmd; /* request/response */ - u_int8_t rip_vers; /* protocol version # */ - u_int16_t rip_res1; /* pad to 32-bit boundary */ - union { /* variable length... */ - struct netinfo ru_nets[1]; - int8_t ru_tracefile[1]; - struct netauth ru_auth[1]; - } ripun; -#define rip_nets ripun.ru_nets -#define rip_auths ripun.ru_auth -#define rip_tracefile ripun.ru_tracefile -}; - -/* Packet types. - */ -#define RIPCMD_REQUEST 1 /* want info */ -#define RIPCMD_RESPONSE 2 /* responding to request */ -#define RIPCMD_TRACEON 3 /* turn tracing on */ -#define RIPCMD_TRACEOFF 4 /* turn it off */ - -/* Gated extended RIP to include a "poll" command instead of using - * RIPCMD_REQUEST with (RIP_AF_UNSPEC, RIP_DEFAULT). RFC 1058 says - * command 5 is used by Sun Microsystems for its own purposes. - */ -#define RIPCMD_POLL 5 - -#define RIPCMD_MAX 6 - -#ifdef RIPCMDS -char *ripcmds[RIPCMD_MAX] = { - "#0", "REQUEST", "RESPONSE", "TRACEON", "TRACEOFF" -}; -#endif - -#define HOPCNT_INFINITY 16 -#define MAXPACKETSIZE 512 /* max broadcast size */ -#define NETS_LEN ((MAXPACKETSIZE-sizeof(struct rip)) \ - / sizeof(struct netinfo) +1) - -#define INADDR_RIP_GROUP (u_int32_t)0xe0000009 /* 224.0.0.9 */ - - -/* Timer values used in managing the routing table. - * - * Complete tables are broadcast every SUPPLY_INTERVAL seconds. - * If changes occur between updates, dynamic updates containing only changes - * may be sent. When these are sent, a timer is set for a random value - * between MIN_WAITTIME and MAX_WAITTIME, and no additional dynamic updates - * are sent until the timer expires. - * - * Every update of a routing entry forces an entry's timer to be reset. - * After EXPIRE_TIME without updates, the entry is marked invalid, - * but held onto until GARBAGE_TIME so that others may see it, to - * "poison" the bad route. - */ -#define SUPPLY_INTERVAL 30 /* time to supply tables */ -#define MIN_WAITTIME 2 /* min sec until next flash updates */ -#define MAX_WAITTIME 5 /* max sec until flash update */ - -#define STALE_TIME 90 /* switch to a new gateway */ -#define EXPIRE_TIME 180 /* time to mark entry invalid */ -#define GARBAGE_TIME 240 /* time to garbage collect */ - -#ifdef __cplusplus -} -#endif -#endif /* !_ROUTED_H_ */ diff --git a/sbin/routed/rtquery/Makefile b/sbin/routed/rtquery/Makefile index e748e73..e69c3e7 100644 --- a/sbin/routed/rtquery/Makefile +++ b/sbin/routed/rtquery/Makefile @@ -1,8 +1,10 @@ # From: @(#)Makefile 8.1 (Berkeley) 6/5/93 -# $Id$ +# $Id: Makefile,v 1.2 1996/09/16 17:04:22 wollman Exp $ PROG= rtquery MAN8= rtquery.8 +LDADD+= -lmd +DPADD+= ${LIBMD} #COPTS= -g -DDEBUG -Wall .include <bsd.prog.mk> diff --git a/sbin/routed/rtquery/md5.c b/sbin/routed/rtquery/md5.c deleted file mode 100644 index a6fcf16..0000000 --- a/sbin/routed/rtquery/md5.c +++ /dev/null @@ -1,325 +0,0 @@ -/* This code could be made a lot faster for PPP */ - -/* Copyright (C) 1991-2, RSA Data Security, Inc. Created 1991. All - * rights reserved. - * - * License to copy and use this software is granted provided that it - * is identified as the "RSA Data Security, Inc. MD5 Message-Digest - * Algorithm" in all material mentioning or referencing this software - * or this function. - * - * License is also granted to make and use derivative works provided - * that such works are identified as "derived from the RSA Data - * Security, Inc. MD5 Message-Digest Algorithm" in all material - * mentioning or referencing the derived work. - * - * RSA Data Security, Inc. makes no representations concerning either - * the merchantability of this software or the suitability of this - * software for any particular purpose. It is provided "as is" - * without express or implied warranty of any kind. - * - * These notices must be retained in any copies of any part of this - * documentation and/or software. - */ - -#ident "$Revision: 1.2 $" - -#ifdef sgi -#include <strings.h> -#include <bstring.h> -#endif -#include <sys/types.h> - -#define MD5_DIGEST_LEN 16 -typedef struct { - u_int32_t state[4]; /* state (ABCD) */ - u_int32_t count[2]; /* # of bits, modulo 2^64 (LSB 1st) */ - unsigned char buffer[64]; /* input buffer */ -} MD5_CTX; -extern void MD5Init(MD5_CTX*); -extern void MD5Update(MD5_CTX*, u_char*, u_int); -extern void MD5Final(u_char[MD5_DIGEST_LEN], MD5_CTX*); - -/* UINT4 defines a four byte word */ -#define UINT4 u_int32_t - - -#define MD5_memcpy(d,s,l) bcopy(s,d,l) - -/* Constants for MD5Transform routine. - */ -#define S11 7 -#define S12 12 -#define S13 17 -#define S14 22 -#define S21 5 -#define S22 9 -#define S23 14 -#define S24 20 -#define S31 4 -#define S32 11 -#define S33 16 -#define S34 23 -#define S41 6 -#define S42 10 -#define S43 15 -#define S44 21 - -static void MD5Transform(UINT4[4], unsigned char [64]); -static void Encode(unsigned char *, UINT4 *, unsigned int); -static void Decode(UINT4 *, unsigned char *, unsigned int); - -static unsigned char PADDING[64] = { - 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 -}; - - -/* F, G, H and I are basic MD5 functions. - */ -#define F(x, y, z) (((x) & (y)) | ((~x) & (z))) -#define G(x, y, z) (((x) & (z)) | ((y) & (~z))) -#define H(x, y, z) ((x) ^ (y) ^ (z)) -#define I(x, y, z) ((y) ^ ((x) | (~z))) - -/* ROTATE_LEFT rotates x left n bits. - */ -#define ROTATE_LEFT(x, n) (((x) << (n)) | ((x) >> (32-(n)))) - -/* FF, GG, HH, and II transformations for rounds 1, 2, 3, and 4. - * Rotation is separate from addition to prevent recomputation. - */ -#define FF(a, b, c, d, x, s, ac) { \ - (a) += F ((b), (c), (d)) + (x) + (UINT4)(ac); \ - (a) = ROTATE_LEFT ((a), (s)); \ - (a) += (b); \ -} -#define GG(a, b, c, d, x, s, ac) { \ - (a) += G ((b), (c), (d)) + (x) + (UINT4)(ac); \ - (a) = ROTATE_LEFT ((a), (s)); \ - (a) += (b); \ -} -#define HH(a, b, c, d, x, s, ac) { \ - (a) += H ((b), (c), (d)) + (x) + (UINT4)(ac); \ - (a) = ROTATE_LEFT ((a), (s)); \ - (a) += (b); \ -} -#define II(a, b, c, d, x, s, ac) { \ - (a) += I ((b), (c), (d)) + (x) + (UINT4)(ac); \ - (a) = ROTATE_LEFT ((a), (s)); \ - (a) += (b); \ -} - -/* MD5 initialization. Begins an MD5 operation, writing a new context. - */ -void -MD5Init(MD5_CTX *context) -{ - context->count[0] = context->count[1] = 0; - /* Load magic initialization constants. - */ - context->state[0] = 0x67452301; - context->state[1] = 0xefcdab89; - context->state[2] = 0x98badcfe; - context->state[3] = 0x10325476; -} - -/* MD5 block update operation. Continues an MD5 message-digest - * operation, processing another message block, and updating the - * context. - */ -void -MD5Update(MD5_CTX *context, /* context */ - unsigned char *input, /* input block */ - unsigned int inputLen) /* length of input block */ -{ - unsigned int i, indx, partLen; - - /* Compute number of bytes mod 64 */ - indx = ((context->count[0] >> 3) & 0x3F); - - /* Update number of bits */ - if ((context->count[0] += ((UINT4)inputLen << 3)) - < ((UINT4)inputLen << 3)) - context->count[1]++; - context->count[1] += ((UINT4)inputLen >> 29); - - partLen = 64 - indx; - - /* Transform as many times as possible. - */ - if (inputLen >= partLen) { - bcopy(input, &context->buffer[indx], partLen); - MD5Transform (context->state, context->buffer); - - for (i = partLen; i + 63 < inputLen; i += 64) - MD5Transform (context->state, &input[i]); - - indx = 0; - } else { - i = 0; - } - - /* Buffer remaining input */ - bcopy(&input[i], &context->buffer[indx], inputLen-i); -} - - -/* MD5 finalization. Ends an MD5 message-digest operation, writing the - the message digest and zeroizing the context. - */ -void -MD5Final(unsigned char digest[MD5_DIGEST_LEN], /* message digest */ - MD5_CTX *context) /* context */ -{ - unsigned char bits[8]; - unsigned int indx, padLen; - - /* Save number of bits */ - Encode (bits, context->count, 8); - - /* Pad out to 56 mod 64. - */ - indx = (unsigned int)((context->count[0] >> 3) & 0x3f); - padLen = (indx < 56) ? (56 - indx) : (120 - indx); - MD5Update(context, PADDING, padLen); - - /* Append length (before padding) */ - MD5Update(context, bits, 8); - - /* Store state in digest */ - Encode(digest, context->state, MD5_DIGEST_LEN); - - /* Zeroize sensitive information. - */ - bzero(context, sizeof(*context)); -} - - -/* MD5 basic transformation. Transforms state based on block. - */ -static void -MD5Transform(UINT4 state[4], - unsigned char block[64]) -{ - UINT4 a = state[0], b = state[1], c = state[2], d = state[3], x[16]; - - Decode (x, block, 64); - - /* Round 1 */ - FF (a, b, c, d, x[ 0], S11, 0xd76aa478); /* 1 */ - FF (d, a, b, c, x[ 1], S12, 0xe8c7b756); /* 2 */ - FF (c, d, a, b, x[ 2], S13, 0x242070db); /* 3 */ - FF (b, c, d, a, x[ 3], S14, 0xc1bdceee); /* 4 */ - FF (a, b, c, d, x[ 4], S11, 0xf57c0faf); /* 5 */ - FF (d, a, b, c, x[ 5], S12, 0x4787c62a); /* 6 */ - FF (c, d, a, b, x[ 6], S13, 0xa8304613); /* 7 */ - FF (b, c, d, a, x[ 7], S14, 0xfd469501); /* 8 */ - FF (a, b, c, d, x[ 8], S11, 0x698098d8); /* 9 */ - FF (d, a, b, c, x[ 9], S12, 0x8b44f7af); /* 10 */ - FF (c, d, a, b, x[10], S13, 0xffff5bb1); /* 11 */ - FF (b, c, d, a, x[11], S14, 0x895cd7be); /* 12 */ - FF (a, b, c, d, x[12], S11, 0x6b901122); /* 13 */ - FF (d, a, b, c, x[13], S12, 0xfd987193); /* 14 */ - FF (c, d, a, b, x[14], S13, 0xa679438e); /* 15 */ - FF (b, c, d, a, x[15], S14, 0x49b40821); /* 16 */ - - /* Round 2 */ - GG (a, b, c, d, x[ 1], S21, 0xf61e2562); /* 17 */ - GG (d, a, b, c, x[ 6], S22, 0xc040b340); /* 18 */ - GG (c, d, a, b, x[11], S23, 0x265e5a51); /* 19 */ - GG (b, c, d, a, x[ 0], S24, 0xe9b6c7aa); /* 20 */ - GG (a, b, c, d, x[ 5], S21, 0xd62f105d); /* 21 */ - GG (d, a, b, c, x[10], S22, 0x2441453); /* 22 */ - GG (c, d, a, b, x[15], S23, 0xd8a1e681); /* 23 */ - GG (b, c, d, a, x[ 4], S24, 0xe7d3fbc8); /* 24 */ - GG (a, b, c, d, x[ 9], S21, 0x21e1cde6); /* 25 */ - GG (d, a, b, c, x[14], S22, 0xc33707d6); /* 26 */ - GG (c, d, a, b, x[ 3], S23, 0xf4d50d87); /* 27 */ - GG (b, c, d, a, x[ 8], S24, 0x455a14ed); /* 28 */ - GG (a, b, c, d, x[13], S21, 0xa9e3e905); /* 29 */ - GG (d, a, b, c, x[ 2], S22, 0xfcefa3f8); /* 30 */ - GG (c, d, a, b, x[ 7], S23, 0x676f02d9); /* 31 */ - GG (b, c, d, a, x[12], S24, 0x8d2a4c8a); /* 32 */ - - /* Round 3 */ - HH (a, b, c, d, x[ 5], S31, 0xfffa3942); /* 33 */ - HH (d, a, b, c, x[ 8], S32, 0x8771f681); /* 34 */ - HH (c, d, a, b, x[11], S33, 0x6d9d6122); /* 35 */ - HH (b, c, d, a, x[14], S34, 0xfde5380c); /* 36 */ - HH (a, b, c, d, x[ 1], S31, 0xa4beea44); /* 37 */ - HH (d, a, b, c, x[ 4], S32, 0x4bdecfa9); /* 38 */ - HH (c, d, a, b, x[ 7], S33, 0xf6bb4b60); /* 39 */ - HH (b, c, d, a, x[10], S34, 0xbebfbc70); /* 40 */ - HH (a, b, c, d, x[13], S31, 0x289b7ec6); /* 41 */ - HH (d, a, b, c, x[ 0], S32, 0xeaa127fa); /* 42 */ - HH (c, d, a, b, x[ 3], S33, 0xd4ef3085); /* 43 */ - HH (b, c, d, a, x[ 6], S34, 0x4881d05); /* 44 */ - HH (a, b, c, d, x[ 9], S31, 0xd9d4d039); /* 45 */ - HH (d, a, b, c, x[12], S32, 0xe6db99e5); /* 46 */ - HH (c, d, a, b, x[15], S33, 0x1fa27cf8); /* 47 */ - HH (b, c, d, a, x[ 2], S34, 0xc4ac5665); /* 48 */ - - /* Round 4 */ - II (a, b, c, d, x[ 0], S41, 0xf4292244); /* 49 */ - II (d, a, b, c, x[ 7], S42, 0x432aff97); /* 50 */ - II (c, d, a, b, x[14], S43, 0xab9423a7); /* 51 */ - II (b, c, d, a, x[ 5], S44, 0xfc93a039); /* 52 */ - II (a, b, c, d, x[12], S41, 0x655b59c3); /* 53 */ - II (d, a, b, c, x[ 3], S42, 0x8f0ccc92); /* 54 */ - II (c, d, a, b, x[10], S43, 0xffeff47d); /* 55 */ - II (b, c, d, a, x[ 1], S44, 0x85845dd1); /* 56 */ - II (a, b, c, d, x[ 8], S41, 0x6fa87e4f); /* 57 */ - II (d, a, b, c, x[15], S42, 0xfe2ce6e0); /* 58 */ - II (c, d, a, b, x[ 6], S43, 0xa3014314); /* 59 */ - II (b, c, d, a, x[13], S44, 0x4e0811a1); /* 60 */ - II (a, b, c, d, x[ 4], S41, 0xf7537e82); /* 61 */ - II (d, a, b, c, x[11], S42, 0xbd3af235); /* 62 */ - II (c, d, a, b, x[ 2], S43, 0x2ad7d2bb); /* 63 */ - II (b, c, d, a, x[ 9], S44, 0xeb86d391); /* 64 */ - - state[0] += a; - state[1] += b; - state[2] += c; - state[3] += d; - - /* Zeroize sensitive information. - */ - bzero(x, sizeof(x)); -} - - -/* Encodes input (UINT4) into output (unsigned char). Assumes len is - * a multiple of 4. - */ -static void -Encode(unsigned char *output, - UINT4 *input, - unsigned int len) -{ - unsigned int i, j; - - for (i = 0, j = 0; j < len; i++, j += 4) { - output[j] = (unsigned char)(input[i] & 0xff); - output[j+1] = (unsigned char)((input[i] >> 8) & 0xff); - output[j+2] = (unsigned char)((input[i] >> 16) & 0xff); - output[j+3] = (unsigned char)((input[i] >> 24) & 0xff); - } -} - - -/* Decodes input (unsigned char) into output (UINT4). Assumes len is - * a multiple of 4. - */ -static void -Decode (UINT4 *output, - unsigned char *input, - unsigned int len) -{ - unsigned int i, j; - - for (i = 0, j = 0; j < len; i++, j += 4) - output[i] = ((UINT4)input[j]) | (((UINT4)input[j+1]) << 8) | - (((UINT4)input[j+2]) << 16) | (((UINT4)input[j+3]) << 24); -} diff --git a/sbin/routed/rtquery/rtquery.c b/sbin/routed/rtquery/rtquery.c index 0579141..42d4d6e 100644 --- a/sbin/routed/rtquery/rtquery.c +++ b/sbin/routed/rtquery/rtquery.c @@ -40,7 +40,7 @@ static char sccsid[] = "@(#)query.c 8.1 (Berkeley) 6/5/93"; #elif defined(__NetBSD__) static char rcsid[] = "$NetBSD$"; #endif -#ident "$Revision: 1.9 $" +#ident "$Revision: 1.1.1.2 $" #include <sys/param.h> #include <sys/protosw.h> @@ -65,17 +65,7 @@ static char rcsid[] = "$NetBSD$"; #define _HAVE_SIN_LEN #endif -#define MD5_DIGEST_LEN 16 -typedef struct { - u_int32_t state[4]; /* state (ABCD) */ - u_int32_t count[2]; /* # of bits, modulo 2^64 (LSB 1st) */ - unsigned char buffer[64]; /* input buffer */ -} MD5_CTX; -extern void MD5Init(MD5_CTX*); -extern void MD5Update(MD5_CTX*, u_char*, u_int); -extern void MD5Final(u_char[MD5_DIGEST_LEN], MD5_CTX*); - - +#include <md5.h> #define WTIME 15 /* Time to wait for all responses */ #define STIME (250*1000) /* usec to wait for another response */ diff --git a/sbin/routed/table.c b/sbin/routed/table.c index cef0f90..dda559a 100644 --- a/sbin/routed/table.c +++ b/sbin/routed/table.c @@ -36,7 +36,6 @@ static char sccsid[] = "@(#)tables.c 8.1 (Berkeley) 6/5/93"; #elif defined(__NetBSD__) static char rcsid[] = "$NetBSD$"; #endif -#ident "$Revision: 1.1.1.1 $" #include "defs.h" @@ -57,6 +56,7 @@ int stopint; int total_routes; +/* zap any old routes through this gateway */ naddr age_bad_gate; @@ -704,7 +704,7 @@ again: if (cc < 0) { if (errno == ESRCH && (action == RTM_CHANGE || action == RTM_DELETE)) { - trace_act("route to %s disappeared before %s\n", + trace_act("route to %s disappeared before %s", addrname(dst, mask, 0), rtm_type_name(action)); if (action == RTM_CHANGE) { @@ -831,14 +831,14 @@ rtm_add(struct rt_msghdr *rtm, } else if (INFO_MASK(info) != 0) { mask = ntohl(S_ADDR(INFO_MASK(info))); } else { - msglog("punt %s without mask", + msglog("ignore %s without mask", rtm_type_name(rtm->rtm_type)); return; } if (INFO_GATE(info) == 0 || INFO_GATE(info)->sa_family != AF_INET) { - msglog("punt %s without gateway", + msglog("ignore %s without gateway", rtm_type_name(rtm->rtm_type)); return; } @@ -867,7 +867,7 @@ rtm_add(struct rt_msghdr *rtm, k->k_state |= KS_DELETE; LIM_SEC(need_kern, 0); trace_act("mark redirected %s --> %s for deletion" - " since this is a router\n", + " since this is a router", addrname(k->k_dst, k->k_mask, 0), naddr_ntoa(k->k_gate)); } else { @@ -889,7 +889,7 @@ rtm_add(struct rt_msghdr *rtm, /* Put static routes with real metrics into the daemon table so * they can be advertised. * - * Find the interface concerned + * Find the interface toward the gateway. */ ifp = iflookup(k->k_gate); if (ifp == 0) { @@ -916,7 +916,7 @@ rtm_lose(struct rt_msghdr *rtm, { if (INFO_GATE(info) == 0 || INFO_GATE(info)->sa_family != AF_INET) { - msglog("punt %s without gateway", + msglog("ignore %s without gateway", rtm_type_name(rtm->rtm_type)); return; } @@ -1065,12 +1065,12 @@ read_rt(void) ifp = ifwithindex(m.ifm.ifm_index); if (ifp == 0) trace_act("note %s with flags %#x" - " for index #%d\n", + " for index #%d", rtm_type_name(m.r.rtm.rtm_type), m.ifm.ifm_flags, m.ifm.ifm_index); else - trace_act("note %s with flags %#x for %s\n", + trace_act("note %s with flags %#x for %s", rtm_type_name(m.r.rtm.rtm_type), m.ifm.ifm_flags, ifp->int_name); @@ -1098,12 +1098,12 @@ read_rt(void) m.r.rtm.rtm_addrs); if (INFO_DST(&info) == 0) { - trace_act("ignore %s without dst\n", str); + trace_act("ignore %s without dst", str); continue; } if (INFO_DST(&info)->sa_family != AF_INET) { - trace_act("ignore %s for AF %d\n", str, + trace_act("ignore %s for AF %d", str, INFO_DST(&info)->sa_family); continue; } @@ -1118,7 +1118,7 @@ read_rt(void) addrname(S_ADDR(INFO_DST(&info)), mask, 0)); if (IN_MULTICAST(ntohl(S_ADDR(INFO_DST(&info))))) { - trace_act("ignore multicast %s\n", str); + trace_act("ignore multicast %s", str); continue; } @@ -1136,31 +1136,31 @@ read_rt(void) case RTM_CHANGE: case RTM_REDIRECT: if (m.r.rtm.rtm_errno != 0) { - trace_act("ignore %s with \"%s\" error\n", + trace_act("ignore %s with \"%s\" error", str, strerror(m.r.rtm.rtm_errno)); } else { - trace_act("%s\n", str); + trace_act("%s", str); rtm_add(&m.r.rtm,&info,0); } break; case RTM_DELETE: if (m.r.rtm.rtm_errno != 0) { - trace_act("ignore %s with \"%s\" error\n", + trace_act("ignore %s with \"%s\" error", str, strerror(m.r.rtm.rtm_errno)); } else { - trace_act("%s\n", str); + trace_act("%s", str); del_static(S_ADDR(INFO_DST(&info)), mask, 1); } break; case RTM_LOSING: - trace_act("%s\n", str); + trace_act("%s", str); rtm_lose(&m.r.rtm,&info); break; default: - trace_act("ignore %s\n", str); + trace_act("ignore %s", str); break; } } @@ -1268,8 +1268,7 @@ walk_kern(struct radix_node *rn, * the kernel if is not a alias. */ if (RT->rt_ifp == 0 - || ((RT->rt_ifp->int_state & IS_REMOTE) - && RT->rt_ifp->int_metric == 0)) + || (RT->rt_ifp->int_state & IS_REMOTE)) ags |= (AGS_GATEWAY | AGS_SUPPRESS | AGS_PROMOTE); } @@ -1431,7 +1430,7 @@ del_redirects(naddr bad_gate, k->k_state |= KS_DELETE; k->k_state &= ~KS_DYNAMIC; need_kern.tv_sec = now.tv_sec; - trace_act("mark redirected %s --> %s for deletion\n", + trace_act("mark redirected %s --> %s for deletion", addrname(k->k_dst, k->k_mask, 0), naddr_ntoa(k->k_gate)); } @@ -1942,29 +1941,46 @@ void age(naddr bad_gate) { struct interface *ifp; + int need_query = 0; + /* If not listening to RIP, there is no need to age the routes in + * the table. + */ + age_timer.tv_sec = (now.tv_sec + + ((rip_sock < 0) ? NEVER : SUPPLY_INTERVAL)); - age_timer.tv_sec = now.tv_sec + (rip_sock < 0 - ? NEVER - : SUPPLY_INTERVAL); - + /* Check for dead IS_REMOTE interfaces by timing their + * transmissions. + */ for (ifp = ifnet; ifp; ifp = ifp->int_next) { - /* Check for dead IS_REMOTE interfaces by timing their - * transmissions. + if (!(ifp->int_state & IS_REMOTE)) + continue; + + /* ignore unreachable remote interfaces */ + if (!check_remote(ifp)) + continue; + /* Restore remote interface that has become reachable */ - if ((ifp->int_state & IS_REMOTE) - && !(ifp->int_state & IS_PASSIVE) - && (ifp->int_state & IS_ACTIVE)) { - LIM_SEC(age_timer, now.tv_sec+SUPPLY_INTERVAL); - - if (now.tv_sec - ifp->int_act_time > EXPIRE_TIME - && !(ifp->int_state & IS_BROKE)) { - msglog("remote interface %s to %s timed out" - "--turned off", - ifp->int_name, - naddr_ntoa(ifp->int_addr)); - if_bad(ifp); - } + if (ifp->int_state & IS_BROKE) + if_ok(ifp, "remote "); + + if (ifp->int_act_time != NEVER + && now.tv_sec - ifp->int_act_time > EXPIRE_TIME) { + msglog("remote interface %s to %s timed out after" + " %d:%d", + ifp->int_name, + naddr_ntoa(ifp->int_dstaddr), + (now.tv_sec - ifp->int_act_time)/60, + (now.tv_sec - ifp->int_act_time)%60); + if_sick(ifp); + } + + /* If we have not heard from the other router + * recently, ask it. + */ + if (now.tv_sec >= ifp->int_query_time) { + ifp->int_query_time = NEVER; + need_query = 1; } } @@ -1974,4 +1990,8 @@ age(naddr bad_gate) /* Update the kernel routing table. */ fix_kern(); + + /* poke reticent remote gateways */ + if (need_query) + rip_query(); } |