From owner-freebsd-hackers  Mon Mar 11  0:28:40 2002
Delivered-To: freebsd-hackers@freebsd.org
Received: from brain.cc.rsu.ru (brain.cc.rsu.ru [195.208.252.154])
	by hub.freebsd.org (Postfix) with ESMTP id C1BBD37B417
	for <freebsd-hackers@freebsd.org>; Mon, 11 Mar 2002 00:28:16 -0800 (PST)
Received: from localhost (os@localhost [127.0.0.1])
	by brain.cc.rsu.ru (8.11.6/8.11.4) with ESMTP id g2B8S3b51223
	for <freebsd-hackers@freebsd.org>; Mon, 11 Mar 2002 11:28:06 +0300 (MSK)
	(envelope-from os@rsu.ru)
Date: Mon, 11 Mar 2002 11:28:02 +0300 (MSK)
From: Oleg Sharoiko <os@rsu.ru>
X-X-Sender: os@brain.cc.rsu.ru
To: freebsd-hackers@freebsd.org
Subject: Patches to fix MD5 auth in routed
Message-ID: <20020311104710.I48441-100000@brain.cc.rsu.ru>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-hackers.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-hackers>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-hackers>
X-Loop: FreeBSD.ORG

Hello!

The MD5 authentication of ripv2 packets calculated by routed is (for the
moment) incompatible with MD5 authentication calculated by cisco and zebra
routers. Routed skips two fields while running MD5_Update. Due to this routed
can not talk to cisco and cisco can not talk to routed. The patches bellow
will fix the problem. Could someone please review them and commit if they're
ok or send me comments if not. I've posted two messages on freebsd-net, but
nobody replied so I'm posting here. I really need cisco and routed to
communicate with auth enabled and thus I'm ready to spent some time on fixing
this part of routed in a way acceptable for the FreeBSD community.

Thanks in advance

--- include/protocols/routed.h	Sun Sep  5 17:43:31 1999
+++ include/protocols/routed.h	Wed Feb 27 11:58:16 2002
@@ -84,6 +84,7 @@

 /* RIPv2 authentication */
 struct netauth {
+#define     RIP_AUTH_HDR_LEN 4
 	u_int16_t   a_family;		/* always RIP_AF_AUTH */
 	u_int16_t   a_type;
 #define	    RIP_AUTH_NONE   0
--- sbin/routed.org/input.c	Wed Feb 20 10:48:56 2002
+++ sbin/routed/input.c	Wed Feb 20 11:15:21 2002
@@ -967,7 +967,7 @@
 			 */
 			if (TRACEPACKETS) {
 				if (NA->au.a_md5.md5_auth_len
-				    != RIP_AUTH_MD5_LEN)
+				    != RIP_AUTH_HDR_LEN + RIP_AUTH_MD5_LEN)
 					msglim(use_authp, from,
 					       "unknown MD5 RIPv2 auth len %#x"
 					       " instead of %#x from %s",
@@ -989,7 +989,7 @@
 			}

 			MD5Init(&md5_ctx);
-			MD5Update(&md5_ctx, (u_char *)rip, len);
+			MD5Update(&md5_ctx, (u_char *)rip, len+RIP_AUTH_HDR_LEN);
 			MD5Update(&md5_ctx, ap->key, RIP_AUTH_MD5_LEN);
 			MD5Final(hash, &md5_ctx);
 			if (!memcmp(hash, na2->au.au_pw, sizeof(hash)))
--- sbin/routed.org/output.c	Wed Feb 20 10:47:48 2002
+++ sbin/routed/output.c	Wed Feb 20 10:50:01 2002
@@ -303,7 +303,7 @@
 	na2->a_type = htons(1);
 	na->au.a_md5.md5_pkt_len = htons(len);
 	MD5Init(&md5_ctx);
-	MD5Update(&md5_ctx, (u_char *)wb->buf, len);
+	MD5Update(&md5_ctx, (u_char *)wb->buf, len + RIP_AUTH_HDR_LEN);
 	MD5Update(&md5_ctx, ap->key, RIP_AUTH_MD5_LEN);
 	MD5Final(na2->au.au_pw, &md5_ctx);
 	wb->n++;

-- 
Oleg Sharoiko.
Software and Network Engineer
Computer Center of Rostov State University.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message