Date: Mon, 11 Mar 2002 11:28:02 +0300 (MSK) From: Oleg Sharoiko <os@rsu.ru> To: freebsd-hackers@freebsd.org Subject: Patches to fix MD5 auth in routed Message-ID: <20020311104710.I48441-100000@brain.cc.rsu.ru>
next in thread | raw e-mail | index | archive | help
Hello!
The MD5 authentication of ripv2 packets calculated by routed is (for the
moment) incompatible with MD5 authentication calculated by cisco and zebra
routers. Routed skips two fields while running MD5_Update. Due to this routed
can not talk to cisco and cisco can not talk to routed. The patches bellow
will fix the problem. Could someone please review them and commit if they're
ok or send me comments if not. I've posted two messages on freebsd-net, but
nobody replied so I'm posting here. I really need cisco and routed to
communicate with auth enabled and thus I'm ready to spent some time on fixing
this part of routed in a way acceptable for the FreeBSD community.
Thanks in advance
--- include/protocols/routed.h Sun Sep 5 17:43:31 1999
+++ include/protocols/routed.h Wed Feb 27 11:58:16 2002
@@ -84,6 +84,7 @@
/* RIPv2 authentication */
struct netauth {
+#define RIP_AUTH_HDR_LEN 4
u_int16_t a_family; /* always RIP_AF_AUTH */
u_int16_t a_type;
#define RIP_AUTH_NONE 0
--- sbin/routed.org/input.c Wed Feb 20 10:48:56 2002
+++ sbin/routed/input.c Wed Feb 20 11:15:21 2002
@@ -967,7 +967,7 @@
*/
if (TRACEPACKETS) {
if (NA->au.a_md5.md5_auth_len
- != RIP_AUTH_MD5_LEN)
+ != RIP_AUTH_HDR_LEN + RIP_AUTH_MD5_LEN)
msglim(use_authp, from,
"unknown MD5 RIPv2 auth len %#x"
" instead of %#x from %s",
@@ -989,7 +989,7 @@
}
MD5Init(&md5_ctx);
- MD5Update(&md5_ctx, (u_char *)rip, len);
+ MD5Update(&md5_ctx, (u_char *)rip, len+RIP_AUTH_HDR_LEN);
MD5Update(&md5_ctx, ap->key, RIP_AUTH_MD5_LEN);
MD5Final(hash, &md5_ctx);
if (!memcmp(hash, na2->au.au_pw, sizeof(hash)))
--- sbin/routed.org/output.c Wed Feb 20 10:47:48 2002
+++ sbin/routed/output.c Wed Feb 20 10:50:01 2002
@@ -303,7 +303,7 @@
na2->a_type = htons(1);
na->au.a_md5.md5_pkt_len = htons(len);
MD5Init(&md5_ctx);
- MD5Update(&md5_ctx, (u_char *)wb->buf, len);
+ MD5Update(&md5_ctx, (u_char *)wb->buf, len + RIP_AUTH_HDR_LEN);
MD5Update(&md5_ctx, ap->key, RIP_AUTH_MD5_LEN);
MD5Final(na2->au.au_pw, &md5_ctx);
wb->n++;
--
Oleg Sharoiko.
Software and Network Engineer
Computer Center of Rostov State University.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020311104710.I48441-100000>