Date: Wed, 20 Feb 2002 14:23:28 +0300 (MSK) From: Oleg Sharoiko <os@rsu.ru> To: freebsd-net@freebsd.org Subject: routed md5 authentication Message-ID: <20020220135720.V256-100000@brain.cc.rsu.ru>
next in thread | raw e-mail | index | archive | help
Hello!
I was trying to make routed (4.5 stable) and cisco 3640 (12.1(5)T) RIPv2 work
together. I discovered that MD5 authentications are not compatible. In
particular routed skips 4 bytes (family and type fields of auth data record)
of packet while computing hash for packet. This seems to be wrong according
to rfc 2082. I made a patch to fix this problem.
Could someone please revise it and commit if it's ok.
BTW: Is it correct that first RIP request is always sent without
authentication?
p.s. Please CC to my email when reply, cause I'm not on the list.
1. For include/protocols/routed.h (additional constant)
--- protocols/routed.h.org Wed Feb 20 14:08:07 2002
+++ protocols/routed.h Wed Feb 20 13:03:49 2002
@@ -98,7 +98,8 @@
int8_t md5_auth_len; /* 16 */
u_int32_t md5_seqno; /* sequence number */
u_int32_t rsvd[2]; /* must be 0 */
-#define RIP_AUTH_MD5_LEN RIP_AUTH_PW_LEN
+#define RIP_AUTH_HDR_LEN 4
+#define RIP_AUTH_MD5_LEN 16
} a_md5;
} au;
};
2. For sources of routed
diff -u routed.org/input.c routed/input.c
--- routed.org/input.c Wed Feb 20 10:48:56 2002
+++ routed/input.c Wed Feb 20 11:15:21 2002
@@ -967,7 +967,7 @@
*/
if (TRACEPACKETS) {
if (NA->au.a_md5.md5_auth_len
- != RIP_AUTH_MD5_LEN)
+ != RIP_AUTH_HDR_LEN + RIP_AUTH_MD5_LEN)
msglim(use_authp, from,
"unknown MD5 RIPv2 auth len %#x"
" instead of %#x from %s",
@@ -989,7 +989,7 @@
}
MD5Init(&md5_ctx);
- MD5Update(&md5_ctx, (u_char *)rip, len);
+ MD5Update(&md5_ctx, (u_char *)rip, len+RIP_AUTH_HDR_LEN);
MD5Update(&md5_ctx, ap->key, RIP_AUTH_MD5_LEN);
MD5Final(hash, &md5_ctx);
if (!memcmp(hash, na2->au.au_pw, sizeof(hash)))
--- routed.org/output.c Wed Feb 20 10:47:48 2002
+++ routed/output.c Wed Feb 20 10:50:01 2002
@@ -303,7 +303,7 @@
na2->a_type = htons(1);
na->au.a_md5.md5_pkt_len = htons(len);
MD5Init(&md5_ctx);
- MD5Update(&md5_ctx, (u_char *)wb->buf, len);
+ MD5Update(&md5_ctx, (u_char *)wb->buf, len + RIP_AUTH_HDR_LEN);
MD5Update(&md5_ctx, ap->key, RIP_AUTH_MD5_LEN);
MD5Final(na2->au.au_pw, &md5_ctx);
wb->n++;
--
Oleg Sharoiko.
Software and Network Engineer
Computer Center of Rostov State University.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020220135720.V256-100000>