From owner-freebsd-bugs Wed Mar 13 0: 0:30 2002 Delivered-To: freebsd-bugs@hub.freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id 06A7537B419 for ; Wed, 13 Mar 2002 00:00:09 -0800 (PST) Received: (from gnats@localhost) by freefall.freebsd.org (8.11.6/8.11.6) id g2D808l45011; Wed, 13 Mar 2002 00:00:08 -0800 (PST) (envelope-from gnats) Received: from brain.cc.rsu.ru (brain.cc.rsu.ru [195.208.252.154]) by hub.freebsd.org (Postfix) with ESMTP id 623D237B404 for ; Tue, 12 Mar 2002 23:51:53 -0800 (PST) Received: (from os@localhost) by brain.cc.rsu.ru (8.11.6/8.11.4) id g2D7pfb06812; Wed, 13 Mar 2002 10:51:41 +0300 (MSK) (envelope-from os) Message-Id: <200203130751.g2D7pfb06812@brain.cc.rsu.ru> Date: Wed, 13 Mar 2002 10:51:41 +0300 (MSK) From: Oleg Sharoiko Reply-To: Oleg Sharoiko To: FreeBSD-gnats-submit@freebsd.org X-Send-Pr-Version: 3.113 Subject: bin/35843: [PATCH] MD5 auth implemented in routed is incompatible with cisco's/zebra'a/rfc Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org >Number: 35843 >Category: bin >Synopsis: [PATCH] MD5 auth implemented in routed is incompatible with cisco's/zebra'a/rfc >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Wed Mar 13 00:00:08 PST 2002 >Closed-Date: >Last-Modified: >Originator: Oleg Sharoiko >Release: FreeBSD 4.5-STABLE i386 >Organization: Computer Center of Rostov State University >Environment: System: FreeBSD brain.cc.rsu.ru 4.5-STABLE FreeBSD 4.5-STABLE #0: Tue Feb 19 08:52:13 GMT 2002 os@make.cc.rsu.ru:/usr/obj/usr/src/sys/brain.k7.RELENG_4.2002-02-19 i386 >Description: While computing MD5 digest of RIPv2 packet routed skips two fileds. Due to this routed is unable to communicate with cisco and zebra routers if the authenticaction is enabled. >How-To-Repeat: Enable RIPv2 with MD5 auth in cisco router similar to the following: key chain RIPKey key 0 key-string SomePass interface FastEthernet0/0.1 ip rip authentication mode md5 ip rip authentication key-chain RIPKey router rip version 2 network 10.0.0.0 The enable RIPv2 with MD5 auth in routed. Sample /etc/gateways (don't forget to chmod 0600 /etc/gateways as routed checks file mode): md5_passwd=SomePass|0 ripv2 check the debug of cisco and routed cisco: debug ip rip routed: routed -d -t -t -t -t -t >Fix: Patches bellow solve the problem. One adds #define RIP_AUTH_HDR_LEN 4 to the include/protocols/routed.h Another one modifies routed. --- routed.diff begins here --- --- include/protocols/routed.h Sun Sep 5 17:43:31 1999 +++ include/protocols/routed.h Wed Feb 27 11:58:16 2002 @@ -84,6 +84,7 @@ /* RIPv2 authentication */ struct netauth { +#define RIP_AUTH_HDR_LEN 4 u_int16_t a_family; /* always RIP_AF_AUTH */ u_int16_t a_type; #define RIP_AUTH_NONE 0 --- sbin/routed.org/input.c Wed Feb 20 10:48:56 2002 +++ sbin/routed/input.c Wed Feb 20 11:15:21 2002 @@ -967,7 +967,7 @@ */ if (TRACEPACKETS) { if (NA->au.a_md5.md5_auth_len - != RIP_AUTH_MD5_LEN) + != RIP_AUTH_HDR_LEN + RIP_AUTH_MD5_LEN) msglim(use_authp, from, "unknown MD5 RIPv2 auth len %#x" " instead of %#x from %s", @@ -989,7 +989,7 @@ } MD5Init(&md5_ctx); - MD5Update(&md5_ctx, (u_char *)rip, len); + MD5Update(&md5_ctx, (u_char *)rip, len+RIP_AUTH_HDR_LEN); MD5Update(&md5_ctx, ap->key, RIP_AUTH_MD5_LEN); MD5Final(hash, &md5_ctx); if (!memcmp(hash, na2->au.au_pw, sizeof(hash))) --- sbin/routed.org/output.c Wed Feb 20 10:47:48 2002 +++ sbin/routed/output.c Wed Feb 20 10:50:01 2002 @@ -303,7 +303,7 @@ na2->a_type = htons(1); na->au.a_md5.md5_pkt_len = htons(len); MD5Init(&md5_ctx); - MD5Update(&md5_ctx, (u_char *)wb->buf, len); + MD5Update(&md5_ctx, (u_char *)wb->buf, len + RIP_AUTH_HDR_LEN); MD5Update(&md5_ctx, ap->key, RIP_AUTH_MD5_LEN); MD5Final(na2->au.au_pw, &md5_ctx); wb->n++; --- routed.diff ends here --- >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message