From 53c997c90d7e20313bfb07d15d83b782d7a6530e Mon Sep 17 00:00:00 2001
From: hasso <hasso>
Date: Wed, 15 Sep 2004 16:21:59 +0000
Subject: Second part of fixes from Laurent Rabret.

---
 isisd/ChangeLog      | 12 ++++++++++
 isisd/isis_pdu.c     | 30 ++++++++++++-------------
 isisd/isis_tlv.c     |  3 ++-
 isisd/isisd.c        | 13 +++++++++++
 isisd/iso_checksum.c | 63 +++++++++++++++++++++++++++-------------------------
 5 files changed, 75 insertions(+), 46 deletions(-)

(limited to 'isisd')

diff --git a/isisd/ChangeLog b/isisd/ChangeLog
index 3dc341f0..abaa7e82 100644
--- a/isisd/ChangeLog
+++ b/isisd/ChangeLog
@@ -1,3 +1,15 @@
+2004-09-15 Laurent Rabret <laurent.rabret at francetelecom.com>
+
+	* isis_pdu.c: Fix error in same subnet comparison. The previous
+	  algorithm only worked when netmask % 8 == 0.
+	* isisd.c: Show domain and area passwords in configuration.
+	* iso_checksum.c: Fixed error in the checksum calculation. The previous
+	  algorithm could produce a bad checksum if the 2 complement's vs 1
+	  complement's adaptation was required.
+	* isis_pdu.c: Authentication in LSPs does not mean authentication in
+	  SNPs.
+	* isis_tlv.c: Fix errors in password checking.
+
 2004-09-14 Hasso Tepper <hasso at quagga.net>
 
 	* isis_circuit.c: Mostly cosmetical changes in isis_circuit_add_addr()
diff --git a/isisd/isis_pdu.c b/isisd/isis_pdu.c
index 1ecdab48..cd685286 100644
--- a/isisd/isis_pdu.c
+++ b/isisd/isis_pdu.c
@@ -106,7 +106,7 @@ int
 ip_same_subnet (struct prefix_ipv4 *ip1, struct in_addr *ip2)
 {
   u_char *addr1, *addr2;
-  int shift, offset;
+  int shift, offset, offsetloop;
   int len;
 
   addr1 = (u_char *) & ip1->prefix.s_addr;
@@ -114,23 +114,15 @@ ip_same_subnet (struct prefix_ipv4 *ip1, struct in_addr *ip2)
   len = ip1->prefixlen;
 
   shift = len % PNBBY;
-  offset = len / PNBBY;
+  offsetloop = offset = len / PNBBY;
 
-  while (offset--)
-    {
-      if (addr1[offset] != addr2[offset])
-	{
-	  return 0;
-	}
-    }
+  while (offsetloop--)
+    if (addr1[offsetloop] != addr2[offsetloop])
+      return 0;
 
   if (shift)
-    {
-      if (maskbit[shift] & (addr1[offset] ^ addr2[offset]))
-	{
-	  return 0;
-	}
-    }
+    if (maskbit[shift] & (addr1[offset] ^ addr2[offset]))
+      return 0;
 
   return 1;			/* match  */
 }
@@ -1414,6 +1406,13 @@ process_snp (int snp_type, int level, struct isis_circuit *circuit,
       return retval;
     }
 
+  /* FIXME: Authentication in LSPs does not mean authentication in SNPs...
+   * In fact by default IOS only deals with LSPs authentication!!
+   * To force authentication in SNPs, one must specify the 'authenticate
+   * snp' command after 'area-password WORD' or 'domain-password WORD'.
+   * This command is not supported for the moment.
+   */
+#if 0
   (level == 1) ? (passwd = &circuit->area->area_passwd) :
     (passwd = &circuit->area->domain_passwd);
   if (passwd->type)
@@ -1427,6 +1426,7 @@ process_snp (int snp_type, int level, struct isis_circuit *circuit,
 	  return ISIS_OK;
 	}
     }
+#endif /* 0 */
 
   /* debug isis snp-packets */
   if (isis->debugs & DEBUG_SNP_PACKETS)
diff --git a/isisd/isis_tlv.c b/isisd/isis_tlv.c
index 273d19c2..70b3c177 100644
--- a/isisd/isis_tlv.c
+++ b/isisd/isis_tlv.c
@@ -463,6 +463,7 @@ parse_tlvs (char *areatag, u_char * stream, int size, u_int32_t * expected,
 	  if (*expected & TLVFLAG_AUTH_INFO)
 	    {
 	      tlvs->auth_info.type = *pnt;
+	      tlvs->auth_info.len = length-1;
 	      pnt++;
 	      memcpy (tlvs->auth_info.passwd, pnt, length - 1);
 	      pnt += length - 1;
@@ -885,7 +886,7 @@ tlv_add_authinfo (char auth_type, char auth_len, char *auth_value,
 {
   u_char value[255];
   u_char *pos = value;
-  pos++;
+  *pos++ = ISIS_PASSWD_TYPE_CLEARTXT;
   memcpy (pos, auth_value, auth_len);
 
   return add_tlv (AUTH_INFO, auth_len + 1, value, stream);
diff --git a/isisd/isisd.c b/isisd/isisd.c
index 3c499dc3..3fbed0be 100644
--- a/isisd/isisd.c
+++ b/isisd/isisd.c
@@ -1901,6 +1901,19 @@ isis_config_write (struct vty *vty)
 		write++;
 	      }
 	  }
+	/* Authentication passwords. */
+	if (area->area_passwd.len > 0)
+	  {
+	    vty_out(vty, " area-password %s%s",
+		    area->area_passwd.passwd, VTY_NEWLINE);
+	    write++; 
+	  }  
+	if (area->domain_passwd.len > 0)
+	  {
+	    vty_out(vty, " domain-password %s%s",
+		    area->domain_passwd.passwd, VTY_NEWLINE);
+	    write++;
+	  }
 #ifdef TOPOLOGY_GENERATE
 	/* seems we save the whole command line here */
 	if (area->top_params)
diff --git a/isisd/iso_checksum.c b/isisd/iso_checksum.c
index e65f6ef6..eabe281f 100644
--- a/isisd/iso_checksum.c
+++ b/isisd/iso_checksum.c
@@ -42,7 +42,6 @@
  * Verifies that the checksum is correct.
  * Return 0 on correct and 1 on invalid checksum.
  * Based on Annex C.4 of ISO/IEC 8473
- * FIXME: Check for overflow 
  */
 
 int
@@ -52,7 +51,7 @@ iso_csum_verify (u_char * buffer, int len, uint16_t * csum)
   u_int32_t c0;
   u_int32_t c1;
   u_int16_t checksum;
-  int i;
+  int i, partial_len;
 
   p = buffer;
   checksum = 0;
@@ -77,14 +76,21 @@ iso_csum_verify (u_char * buffer, int len, uint16_t * csum)
   c0 = 0;
   c1 = 0;
 
-  for (i = 0; i < len; i++)
+  while (len)
     {
-      c0 = c0 + *(p++);
-      c1 += c0;
-    }
+      partial_len = MIN(len, 5803);
+
+      for (i = 0; i < partial_len; i++)
+	{
+	  c0 = c0 + *(p++);
+	  c1 += c0;
+	}
 
-  c0 = c0 % 255;
-  c1 = c1 % 255;
+      c0 = c0 % 255;
+      c1 = c1 % 255;
+
+      len -= partial_len;
+    }
 
   if (c0 == 0 && c1 == 0)
     return 0;
@@ -96,9 +102,6 @@ iso_csum_verify (u_char * buffer, int len, uint16_t * csum)
  * Creates the checksum. *csum points to the position of the checksum in the 
  * PDU. 
  * Based on Annex C.4 of ISO/IEC 8473
- * we will not overflow until about length of 6000,
- * which is the answer to (255+255n)*n/2 > 2^32
- * so if we have a length of over 5000 we will return zero (for now)
  */
 #define FIXED_CODE
 u_int16_t
@@ -113,7 +116,7 @@ iso_csum_create (u_char * buffer, int len, u_int16_t n)
   u_int32_t c1;
   u_int16_t checksum;
   u_int16_t *csum;
-  int i;
+  int i, init_len, partial_len;
 
   checksum = 0;
 
@@ -123,32 +126,34 @@ iso_csum_create (u_char * buffer, int len, u_int16_t n)
   csum = (u_int16_t *) (buffer + n);
   *(csum) = checksum;
 
-  /* for the limitation of our implementation */
-  if (len > 5000)
-    {
-      return 0;
-    }
-
   p = buffer;
   c0 = 0;
   c1 = 0;
+  init_len = len;
 
-  for (i = 0; i < len; i++)
+  while (len != 0)
     {
-      c0 = c0 + *(p++);
-      c1 += c0;
-    }
+      partial_len = MIN(len, 5803);
+
+      for (i = 0; i < partial_len; i++)
+	{
+	  c0 = c0 + *(p++);
+	  c1 += c0;
+	}
 
-  c0 = c0 % 255;
-  c1 = c1 % 255;
+      c0 = c0 % 255;
+      c1 = c1 % 255;
+
+      len -= partial_len;
+    }
 
-  mul = (len - n) * (c0);
+  mul = (init_len - n)*(c0);
 
 #ifdef FIXED_CODE
   x = mul - c0 - c1;
   y = c1 - mul - 1;
 
-  if (y >= 0)
+  if (y > 0)
     y++;
   if (x < 0)
     x--;
@@ -159,11 +164,9 @@ iso_csum_create (u_char * buffer, int len, u_int16_t n)
   if (x == 0)
     x = 255;
   if (y == 0)
-    y = 255;
-
-  x &= 0x00FF;
+    y = 1;
 
-  checksum = ((y << 8) | x);
+  checksum = (y << 8) | (x & 0xFF);
 
 #else
   x = mul - c0 - c1;
-- 
cgit v1.2.1