From owner-svn-src-all@FreeBSD.ORG  Thu Oct  9 23:49:38 2014
Return-Path: <owner-svn-src-all@FreeBSD.ORG>
Delivered-To: svn-src-all@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id D37DA2D2;
 Thu,  9 Oct 2014 23:49:38 +0000 (UTC)
Received: from svn.freebsd.org (svn.freebsd.org
 [IPv6:2001:1900:2254:2068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id B3E58E52;
 Thu,  9 Oct 2014 23:49:38 +0000 (UTC)
Received: from svn.freebsd.org ([127.0.1.70])
 by svn.freebsd.org (8.14.9/8.14.9) with ESMTP id s99NncwX086214;
 Thu, 9 Oct 2014 23:49:38 GMT (envelope-from hrs@FreeBSD.org)
Received: (from hrs@localhost)
 by svn.freebsd.org (8.14.9/8.14.9/Submit) id s99Nnbh1086208;
 Thu, 9 Oct 2014 23:49:37 GMT (envelope-from hrs@FreeBSD.org)
Message-Id: <201410092349.s99Nnbh1086208@svn.freebsd.org>
X-Authentication-Warning: svn.freebsd.org: hrs set sender to hrs@FreeBSD.org
 using -f
From: Hiroki Sato <hrs@FreeBSD.org>
Date: Thu, 9 Oct 2014 23:49:37 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
 svn-src-stable@freebsd.org, svn-src-stable-10@freebsd.org
Subject: svn commit: r272872 - stable/10/sbin/routed
X-SVN-Group: stable-10
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-src-all@freebsd.org
X-Mailman-Version: 2.1.18-1
Precedence: list
List-Id: "SVN commit messages for the entire src tree \(except for &quot;
 user&quot; and &quot; projects&quot; \)" <svn-src-all.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/svn-src-all>,
 <mailto:svn-src-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-all/>
List-Post: <mailto:svn-src-all@freebsd.org>
List-Help: <mailto:svn-src-all-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-all>,
 <mailto:svn-src-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 09 Oct 2014 23:49:39 -0000

Author: hrs
Date: Thu Oct  9 23:49:36 2014
New Revision: 272872
URL: https://svnweb.freebsd.org/changeset/base/272872

Log:
  MFC r271919:
  
    Fix a bug which could make routed(8) daemon exit by sending a special RIP
    query from a remote machine, and disable accepting it by default.  This
    requests a routed(8) daemon to dump routing information base for debugging
    purpose.  An -i flag to enable it has been added.

Modified:
  stable/10/sbin/routed/defs.h
  stable/10/sbin/routed/input.c
  stable/10/sbin/routed/main.c
  stable/10/sbin/routed/output.c
  stable/10/sbin/routed/routed.8
Directory Properties:
  stable/10/   (props changed)

Modified: stable/10/sbin/routed/defs.h
==============================================================================
--- stable/10/sbin/routed/defs.h	Thu Oct  9 23:48:20 2014	(r272871)
+++ stable/10/sbin/routed/defs.h	Thu Oct  9 23:49:36 2014	(r272872)
@@ -462,6 +462,7 @@ extern int	ridhosts;		/* 1=reduce host r
 extern int	mhome;			/* 1=want multi-homed host route */
 extern int	advertise_mhome;	/* 1=must continue advertising it */
 extern int	auth_ok;		/* 1=ignore auth if we do not care */
+extern int	insecure;		/* Reply to special queries or not */
 
 extern struct timeval clk;		/* system clock's idea of time */
 extern struct timeval epoch;		/* system clock when started */

Modified: stable/10/sbin/routed/input.c
==============================================================================
--- stable/10/sbin/routed/input.c	Thu Oct  9 23:48:20 2014	(r272871)
+++ stable/10/sbin/routed/input.c	Thu Oct  9 23:49:36 2014	(r272872)
@@ -289,8 +289,19 @@ input(struct sockaddr_in *from,		/* rece
 				 * with all we know.
 				 */
 				if (from->sin_port != htons(RIP_PORT)) {
-					supply(from, aifp, OUT_QUERY, 0,
-					       rip->rip_vers, ap != 0);
+					/*
+					 * insecure: query from non-router node
+					 *   > 1: allow from distant node
+					 *   > 0: allow from neighbor node
+					 *  == 0: deny
+					 */
+					if ((aifp != NULL && insecure > 0) ||
+					    (aifp == NULL && insecure > 1))
+						supply(from, aifp, OUT_QUERY, 0,
+						       rip->rip_vers, ap != 0);
+					else
+						trace_pkt("Warning: "
+						    "possible attack detected");
 					return;
 				}
 

Modified: stable/10/sbin/routed/main.c
==============================================================================
--- stable/10/sbin/routed/main.c	Thu Oct  9 23:48:20 2014	(r272871)
+++ stable/10/sbin/routed/main.c	Thu Oct  9 23:49:36 2014	(r272872)
@@ -68,6 +68,7 @@ int	ridhosts;			/* 1=reduce host routes 
 int	mhome;				/* 1=want multi-homed host route */
 int	advertise_mhome;		/* 1=must continue advertising it */
 int	auth_ok = 1;			/* 1=ignore auth if we do not care */
+int	insecure;			/* Reply to special queries or not */
 
 struct timeval epoch;			/* when started */
 struct timeval clk;
@@ -136,8 +137,11 @@ main(int argc,
 	(void)gethostname(myname, sizeof(myname)-1);
 	(void)gethost(myname, &myaddr);
 
-	while ((n = getopt(argc, argv, "sqdghmAtvT:F:P:")) != -1) {
+	while ((n = getopt(argc, argv, "isqdghmAtvT:F:P:")) != -1) {
 		switch (n) {
+		case 'i':
+			insecure++;
+			break;
 		case 's':
 			supplier = 1;
 			supplier_set = 1;

Modified: stable/10/sbin/routed/output.c
==============================================================================
--- stable/10/sbin/routed/output.c	Thu Oct  9 23:48:20 2014	(r272871)
+++ stable/10/sbin/routed/output.c	Thu Oct  9 23:49:36 2014	(r272872)
@@ -673,8 +673,6 @@ supply(struct sockaddr_in *dst,
 	struct rt_entry *rt;
 	int def_metric;
 
-	assert(ifp != NULL);
-
 	ws.state = 0;
 	ws.gen_limit = 1024;
 

Modified: stable/10/sbin/routed/routed.8
==============================================================================
--- stable/10/sbin/routed/routed.8	Thu Oct  9 23:48:20 2014	(r272871)
+++ stable/10/sbin/routed/routed.8	Thu Oct  9 23:49:36 2014	(r272872)
@@ -30,7 +30,7 @@
 .\"     @(#)routed.8	8.2 (Berkeley) 12/11/93
 .\" $FreeBSD$
 .\"
-.Dd June 1, 1996
+.Dd August 26, 2014
 .Dt ROUTED 8
 .Os
 .Sh NAME
@@ -39,7 +39,7 @@
 .Nd network RIP and router discovery routing daemon
 .Sh SYNOPSIS
 .Nm
-.Op Fl sqdghmpAtv
+.Op Fl isqdghmpAtv
 .Op Fl T Ar tracefile
 .Oo
 .Fl F
@@ -250,6 +250,20 @@ to infer the netmask used by the remote 
 .Pp
 The following options are available:
 .Bl -tag -width indent
+.It Fl i
+allow
+.Nm
+to accept a RIP request from non-router node.
+When specified once, 
+.Nm
+replies to a route information query from neighbor nodes.
+When specified twice,
+it replies to a query from remote nodes in addition.
+.Xr rtquery 8
+utility can be used to send a request.
+.Pp
+This feature is disabled by default because of a risk of reflection attack
+though it useful for debugging purpose,
 .It Fl s
 force
 .Nm