Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 21 Sep 2014 04:00:29 +0000 (UTC)
From:      Hiroki Sato <hrs@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org
Subject:   svn commit: r271919 - head/sbin/routed
Message-ID:  <201409210400.s8L40Tu8017645@svn.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: hrs
Date: Sun Sep 21 04:00:28 2014
New Revision: 271919
URL: http://svnweb.freebsd.org/changeset/base/271919

Log:
  Fix a bug which could make routed(8) daemon exit by sending a special RIP
  query from a remote machine, and disable accepting it by default.  This
  requests a routed(8) daemon to dump routing information base for debugging
  purpose.  An -i flag to enable it has been added.

Modified:
  head/sbin/routed/defs.h
  head/sbin/routed/input.c
  head/sbin/routed/main.c
  head/sbin/routed/output.c
  head/sbin/routed/routed.8

Modified: head/sbin/routed/defs.h
==============================================================================
--- head/sbin/routed/defs.h	Sun Sep 21 03:56:06 2014	(r271918)
+++ head/sbin/routed/defs.h	Sun Sep 21 04:00:28 2014	(r271919)
@@ -462,6 +462,7 @@ extern int	ridhosts;		/* 1=reduce host r
 extern int	mhome;			/* 1=want multi-homed host route */
 extern int	advertise_mhome;	/* 1=must continue advertising it */
 extern int	auth_ok;		/* 1=ignore auth if we do not care */
+extern int	insecure;		/* Reply to special queries or not */
 
 extern struct timeval clk;		/* system clock's idea of time */
 extern struct timeval epoch;		/* system clock when started */

Modified: head/sbin/routed/input.c
==============================================================================
--- head/sbin/routed/input.c	Sun Sep 21 03:56:06 2014	(r271918)
+++ head/sbin/routed/input.c	Sun Sep 21 04:00:28 2014	(r271919)
@@ -289,8 +289,19 @@ input(struct sockaddr_in *from,		/* rece
 				 * with all we know.
 				 */
 				if (from->sin_port != htons(RIP_PORT)) {
-					supply(from, aifp, OUT_QUERY, 0,
-					       rip->rip_vers, ap != 0);
+					/*
+					 * insecure: query from non-router node
+					 *   > 1: allow from distant node
+					 *   > 0: allow from neighbor node
+					 *  == 0: deny
+					 */
+					if ((aifp != NULL && insecure > 0) ||
+					    (aifp == NULL && insecure > 1))
+						supply(from, aifp, OUT_QUERY, 0,
+						       rip->rip_vers, ap != 0);
+					else
+						trace_pkt("Warning: "
+						    "possible attack detected");
 					return;
 				}
 

Modified: head/sbin/routed/main.c
==============================================================================
--- head/sbin/routed/main.c	Sun Sep 21 03:56:06 2014	(r271918)
+++ head/sbin/routed/main.c	Sun Sep 21 04:00:28 2014	(r271919)
@@ -68,6 +68,7 @@ int	ridhosts;			/* 1=reduce host routes 
 int	mhome;				/* 1=want multi-homed host route */
 int	advertise_mhome;		/* 1=must continue advertising it */
 int	auth_ok = 1;			/* 1=ignore auth if we do not care */
+int	insecure;			/* Reply to special queries or not */
 
 struct timeval epoch;			/* when started */
 struct timeval clk;
@@ -136,8 +137,11 @@ main(int argc,
 	(void)gethostname(myname, sizeof(myname)-1);
 	(void)gethost(myname, &myaddr);
 
-	while ((n = getopt(argc, argv, "sqdghmAtvT:F:P:")) != -1) {
+	while ((n = getopt(argc, argv, "isqdghmAtvT:F:P:")) != -1) {
 		switch (n) {
+		case 'i':
+			insecure++;
+			break;
 		case 's':
 			supplier = 1;
 			supplier_set = 1;

Modified: head/sbin/routed/output.c
==============================================================================
--- head/sbin/routed/output.c	Sun Sep 21 03:56:06 2014	(r271918)
+++ head/sbin/routed/output.c	Sun Sep 21 04:00:28 2014	(r271919)
@@ -673,8 +673,6 @@ supply(struct sockaddr_in *dst,
 	struct rt_entry *rt;
 	int def_metric;
 
-	assert(ifp != NULL);
-
 	ws.state = 0;
 	ws.gen_limit = 1024;
 

Modified: head/sbin/routed/routed.8
==============================================================================
--- head/sbin/routed/routed.8	Sun Sep 21 03:56:06 2014	(r271918)
+++ head/sbin/routed/routed.8	Sun Sep 21 04:00:28 2014	(r271919)
@@ -30,7 +30,7 @@
 .\"     @(#)routed.8	8.2 (Berkeley) 12/11/93
 .\" $FreeBSD$
 .\"
-.Dd June 1, 1996
+.Dd August 26, 2014
 .Dt ROUTED 8
 .Os
 .Sh NAME
@@ -39,7 +39,7 @@
 .Nd network RIP and router discovery routing daemon
 .Sh SYNOPSIS
 .Nm
-.Op Fl sqdghmpAtv
+.Op Fl isqdghmpAtv
 .Op Fl T Ar tracefile
 .Oo
 .Fl F
@@ -250,6 +250,20 @@ to infer the netmask used by the remote 
 .Pp
 The following options are available:
 .Bl -tag -width indent
+.It Fl i
+allow
+.Nm
+to accept a RIP request from non-router node.
+When specified once, 
+.Nm
+replies to a route information query from neighbor nodes.
+When specified twice,
+it replies to a query from remote nodes in addition.
+.Xr rtquery 8
+utility can be used to send a request.
+.Pp
+This feature is disabled by default because of a risk of reflection attack
+though it useful for debugging purpose,
 .It Fl s
 force
 .Nm



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201409210400.s8L40Tu8017645>