Author: hrs
Date: Thu Oct 9 23:49:36 2014
New Revision: 272872
URL: https://svnweb.freebsd.org/changeset/base/272872
Log:
MFC r271919:
Fix a bug which could make routed(8) daemon exit by sending a special RIP
query from a remote machine, and disable accepting it by default. This
requests a routed(8) daemon to dump routing information base for debugging
purpose. An -i flag to enable it has been added.
Modified:
stable/10/sbin/routed/defs.h
stable/10/sbin/routed/input.c
stable/10/sbin/routed/main.c
stable/10/sbin/routed/output.c
stable/10/sbin/routed/routed.8
Directory Properties:
stable/10/ (props changed)
Modified: stable/10/sbin/routed/defs.h
==============================================================================
--- stable/10/sbin/routed/defs.h Thu Oct 9 23:48:20 2014
(r272871)
+++ stable/10/sbin/routed/defs.h Thu Oct 9 23:49:36 2014
(r272872)
@@ -462,6 +462,7 @@ extern int ridhosts; /* 1=reduce host r
extern int mhome; /* 1=want multi-homed host route */
extern int advertise_mhome; /* 1=must continue advertising it */
extern int auth_ok; /* 1=ignore auth if we do not care */
+extern int insecure; /* Reply to special queries or not */
extern struct timeval clk; /* system clock's idea of time */
extern struct timeval epoch; /* system clock when started */
Modified: stable/10/sbin/routed/input.c
==============================================================================
--- stable/10/sbin/routed/input.c Thu Oct 9 23:48:20 2014
(r272871)
+++ stable/10/sbin/routed/input.c Thu Oct 9 23:49:36 2014
(r272872)
@@ -289,8 +289,19 @@ input(struct sockaddr_in *from, /* rece
* with all we know.
*/
if (from->sin_port != htons(RIP_PORT)) {
- supply(from, aifp, OUT_QUERY, 0,
- rip->rip_vers, ap != 0);
+ /*
+ * insecure: query from non-router node
+ * > 1: allow from distant node
+ * > 0: allow from neighbor node
+ * == 0: deny
+ */
+ if ((aifp != NULL && insecure > 0) ||
+ (aifp == NULL && insecure > 1))
+ supply(from, aifp, OUT_QUERY, 0,
+ rip->rip_vers, ap != 0);
+ else
+ trace_pkt("Warning: "
+ "possible attack detected");
return;
}
Modified: stable/10/sbin/routed/main.c
==============================================================================
--- stable/10/sbin/routed/main.c Thu Oct 9 23:48:20 2014
(r272871)
+++ stable/10/sbin/routed/main.c Thu Oct 9 23:49:36 2014
(r272872)
@@ -68,6 +68,7 @@ int ridhosts; /* 1=reduce host routes
int mhome; /* 1=want multi-homed host route */
int advertise_mhome; /* 1=must continue advertising it */
int auth_ok = 1; /* 1=ignore auth if we do not care */
+int insecure; /* Reply to special queries or not */
struct timeval epoch; /* when started */
struct timeval clk;
@@ -136,8 +137,11 @@ main(int argc,
(void)gethostname(myname, sizeof(myname)-1);
(void)gethost(myname, &myaddr);
- while ((n = getopt(argc, argv, "sqdghmAtvT:F:P:")) != -1) {
+ while ((n = getopt(argc, argv, "isqdghmAtvT:F:P:")) != -1) {
switch (n) {
+ case 'i':
+ insecure++;
+ break;
case 's':
supplier = 1;
supplier_set = 1;
Modified: stable/10/sbin/routed/output.c
==============================================================================
--- stable/10/sbin/routed/output.c Thu Oct 9 23:48:20 2014
(r272871)
+++ stable/10/sbin/routed/output.c Thu Oct 9 23:49:36 2014
(r272872)
@@ -673,8 +673,6 @@ supply(struct sockaddr_in *dst,
struct rt_entry *rt;
int def_metric;
- assert(ifp != NULL);
-
ws.state = 0;
ws.gen_limit = 1024;
Modified: stable/10/sbin/routed/routed.8
==============================================================================
--- stable/10/sbin/routed/routed.8 Thu Oct 9 23:48:20 2014
(r272871)
+++ stable/10/sbin/routed/routed.8 Thu Oct 9 23:49:36 2014
(r272872)
@@ -30,7 +30,7 @@
.\" @(#)routed.8 8.2 (Berkeley) 12/11/93
.\" $FreeBSD$
.\"
-.Dd June 1, 1996
+.Dd August 26, 2014
.Dt ROUTED 8
.Os
.Sh NAME
@@ -39,7 +39,7 @@
.Nd network RIP and router discovery routing daemon
.Sh SYNOPSIS
.Nm
-.Op Fl sqdghmpAtv
+.Op Fl isqdghmpAtv
.Op Fl T Ar tracefile
.Oo
.Fl F
@@ -250,6 +250,20 @@ to infer the netmask used by the remote
.Pp
The following options are available:
.Bl -tag -width indent
+.It Fl i
+allow
+.Nm
+to accept a RIP request from non-router node.
+When specified once,
+.Nm
+replies to a route information query from neighbor nodes.
+When specified twice,
+it replies to a query from remote nodes in addition.
+.Xr rtquery 8
+utility can be used to send a request.
+.Pp
+This feature is disabled by default because of a risk of reflection attack
+though it useful for debugging purpose,
.It Fl s
force
.Nm
_______________________________________________
svn-src-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
