From owner-svn-src-stable-10@FreeBSD.ORG Thu Oct 9 23:49:38 2014 Return-Path: Delivered-To: svn-src-stable-10@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id D37DA2D2; Thu, 9 Oct 2014 23:49:38 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id B3E58E52; Thu, 9 Oct 2014 23:49:38 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.9/8.14.9) with ESMTP id s99NncwX086214; Thu, 9 Oct 2014 23:49:38 GMT (envelope-from hrs@FreeBSD.org) Received: (from hrs@localhost) by svn.freebsd.org (8.14.9/8.14.9/Submit) id s99Nnbh1086208; Thu, 9 Oct 2014 23:49:37 GMT (envelope-from hrs@FreeBSD.org) Message-Id: <201410092349.s99Nnbh1086208@svn.freebsd.org> X-Authentication-Warning: svn.freebsd.org: hrs set sender to hrs@FreeBSD.org using -f From: Hiroki Sato Date: Thu, 9 Oct 2014 23:49:37 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-10@freebsd.org Subject: svn commit: r272872 - stable/10/sbin/routed X-SVN-Group: stable-10 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-stable-10@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: SVN commit messages for only the 10-stable src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 09 Oct 2014 23:49:38 -0000 Author: hrs Date: Thu Oct 9 23:49:36 2014 New Revision: 272872 URL: https://svnweb.freebsd.org/changeset/base/272872 Log: MFC r271919: Fix a bug which could make routed(8) daemon exit by sending a special RIP query from a remote machine, and disable accepting it by default. This requests a routed(8) daemon to dump routing information base for debugging purpose. An -i flag to enable it has been added. Modified: stable/10/sbin/routed/defs.h stable/10/sbin/routed/input.c stable/10/sbin/routed/main.c stable/10/sbin/routed/output.c stable/10/sbin/routed/routed.8 Directory Properties: stable/10/ (props changed) Modified: stable/10/sbin/routed/defs.h ============================================================================== --- stable/10/sbin/routed/defs.h Thu Oct 9 23:48:20 2014 (r272871) +++ stable/10/sbin/routed/defs.h Thu Oct 9 23:49:36 2014 (r272872) @@ -462,6 +462,7 @@ extern int ridhosts; /* 1=reduce host r extern int mhome; /* 1=want multi-homed host route */ extern int advertise_mhome; /* 1=must continue advertising it */ extern int auth_ok; /* 1=ignore auth if we do not care */ +extern int insecure; /* Reply to special queries or not */ extern struct timeval clk; /* system clock's idea of time */ extern struct timeval epoch; /* system clock when started */ Modified: stable/10/sbin/routed/input.c ============================================================================== --- stable/10/sbin/routed/input.c Thu Oct 9 23:48:20 2014 (r272871) +++ stable/10/sbin/routed/input.c Thu Oct 9 23:49:36 2014 (r272872) @@ -289,8 +289,19 @@ input(struct sockaddr_in *from, /* rece * with all we know. */ if (from->sin_port != htons(RIP_PORT)) { - supply(from, aifp, OUT_QUERY, 0, - rip->rip_vers, ap != 0); + /* + * insecure: query from non-router node + * > 1: allow from distant node + * > 0: allow from neighbor node + * == 0: deny + */ + if ((aifp != NULL && insecure > 0) || + (aifp == NULL && insecure > 1)) + supply(from, aifp, OUT_QUERY, 0, + rip->rip_vers, ap != 0); + else + trace_pkt("Warning: " + "possible attack detected"); return; } Modified: stable/10/sbin/routed/main.c ============================================================================== --- stable/10/sbin/routed/main.c Thu Oct 9 23:48:20 2014 (r272871) +++ stable/10/sbin/routed/main.c Thu Oct 9 23:49:36 2014 (r272872) @@ -68,6 +68,7 @@ int ridhosts; /* 1=reduce host routes int mhome; /* 1=want multi-homed host route */ int advertise_mhome; /* 1=must continue advertising it */ int auth_ok = 1; /* 1=ignore auth if we do not care */ +int insecure; /* Reply to special queries or not */ struct timeval epoch; /* when started */ struct timeval clk; @@ -136,8 +137,11 @@ main(int argc, (void)gethostname(myname, sizeof(myname)-1); (void)gethost(myname, &myaddr); - while ((n = getopt(argc, argv, "sqdghmAtvT:F:P:")) != -1) { + while ((n = getopt(argc, argv, "isqdghmAtvT:F:P:")) != -1) { switch (n) { + case 'i': + insecure++; + break; case 's': supplier = 1; supplier_set = 1; Modified: stable/10/sbin/routed/output.c ============================================================================== --- stable/10/sbin/routed/output.c Thu Oct 9 23:48:20 2014 (r272871) +++ stable/10/sbin/routed/output.c Thu Oct 9 23:49:36 2014 (r272872) @@ -673,8 +673,6 @@ supply(struct sockaddr_in *dst, struct rt_entry *rt; int def_metric; - assert(ifp != NULL); - ws.state = 0; ws.gen_limit = 1024; Modified: stable/10/sbin/routed/routed.8 ============================================================================== --- stable/10/sbin/routed/routed.8 Thu Oct 9 23:48:20 2014 (r272871) +++ stable/10/sbin/routed/routed.8 Thu Oct 9 23:49:36 2014 (r272872) @@ -30,7 +30,7 @@ .\" @(#)routed.8 8.2 (Berkeley) 12/11/93 .\" $FreeBSD$ .\" -.Dd June 1, 1996 +.Dd August 26, 2014 .Dt ROUTED 8 .Os .Sh NAME @@ -39,7 +39,7 @@ .Nd network RIP and router discovery routing daemon .Sh SYNOPSIS .Nm -.Op Fl sqdghmpAtv +.Op Fl isqdghmpAtv .Op Fl T Ar tracefile .Oo .Fl F @@ -250,6 +250,20 @@ to infer the netmask used by the remote .Pp The following options are available: .Bl -tag -width indent +.It Fl i +allow +.Nm +to accept a RIP request from non-router node. +When specified once, +.Nm +replies to a route information query from neighbor nodes. +When specified twice, +it replies to a query from remote nodes in addition. +.Xr rtquery 8 +utility can be used to send a request. +.Pp +This feature is disabled by default because of a risk of reflection attack +though it useful for debugging purpose, .It Fl s force .Nm