From ca5e516c84cc2d35b6f6cd29f8ba9e835d3b72ba Mon Sep 17 00:00:00 2001 From: paul Date: Sun, 6 Jun 2004 22:06:33 +0000 Subject: 2004-06-06 Paul Jakma * ripd.h: Add define for the RIPv2 Authentication Data family Move the auth type defines up to where other defines live. Add RIP_AUTH_MD5_COMPAT_SIZE, for backwards compatible md5->auth_len size. Add md5_auth_len field to struct rip_interface: (rip_interface_new) Init md5_auth_len to compatible size. (ip_rip_authentication_mode_cmd) Extended to handle setting md5 auth-length. Appropriate aliases added. (no_ip_rip_authentication_mode_cmd) Reset md5_auth_len to compatible size. (rip_interface_config_write) Teach it about md5_auth_len. _always_ write out the auth-length, so that everyone will get the setting in their config file, and hence allow for a future change of default for md5_auth_len to be less painful - every md5 user will have this setting in their config file. ripd.c: (rip_packet_dump) Change nasty hard coded constants to symbolic defines. Change various tests of 'ntoh.(variable) == constant' to test 'variable == ntoh.(constant)'. Clean up indentation on some long lines. (rip_auth_simple_password) ditto. (rip_auth_md5) ditto, also add length argument and sanity check md5 data offset field. Sanity check md5 auth length, accept RFC or old-ripd/cisco lengths. (rip_auth_md5_set) as per (rip_packet_dump), also write out the configured md5 auth length for the interface (old-ripd or rfc) (rip_read) as per (rip_packet_dump) (rip_write_rte) ditto (rip_response_process) ditto (rip_write_rte) ditto --- ripd/rip_interface.c | 64 +++++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 63 insertions(+), 1 deletion(-) (limited to 'ripd/rip_interface.c') diff --git a/ripd/rip_interface.c b/ripd/rip_interface.c index 3d69d6c6..4daa5b38 100644 --- a/ripd/rip_interface.c +++ b/ripd/rip_interface.c @@ -125,6 +125,7 @@ rip_interface_new () compatibility. */ /* ri->auth_type = RIP_NO_AUTH; */ ri->auth_type = RIP_AUTH_SIMPLE_PASSWORD; + ri->md5_auth_len = RIP_AUTH_MD5_COMPAT_SIZE; /* Set default split-horizon behavior. If the interface is Frame Relay or SMDS is enabled, the default value for split-horizon is @@ -1678,6 +1679,12 @@ DEFUN (ip_rip_authentication_mode, ifp = (struct interface *)vty->index; ri = ifp->info; + if ( (argc < 1) || (argc > 2) ) + { + vty_out (vty, "incorrect argument count%s", VTY_NEWLINE); + return CMD_WARNING; + } + if (strncmp ("md5", argv[0], strlen (argv[0])) == 0) ri->auth_type = RIP_AUTH_MD5; else if (strncmp ("text", argv[0], strlen (argv[0])) == 0) @@ -1688,9 +1695,38 @@ DEFUN (ip_rip_authentication_mode, return CMD_WARNING; } + if (argc == 1) + return CMD_SUCCESS; + + if ( (argc == 2) && (ri->auth_type != RIP_AUTH_MD5) ) + { + vty_out (vty, "auth length argument only valid for md5%s", VTY_NEWLINE); + return CMD_WARNING; +} + + if (strncmp ("r", argv[1], 1) == 0) + ri->md5_auth_len = RIP_AUTH_MD5_SIZE; + else if (strncmp ("o", argv[1], 1) == 0) + ri->md5_auth_len = RIP_AUTH_MD5_COMPAT_SIZE; + else + return CMD_WARNING; + return CMD_SUCCESS; } +ALIAS (ip_rip_authentication_mode, + ip_rip_authentication_mode_authlen_cmd, + "ip rip authentication mode (md5|text) auth-length (rfc|old-ripd)", + IP_STR + "Routing Information Protocol\n" + "Authentication control\n" + "Authentication mode\n" + "Keyed message digest\n" + "Clear text authentication\n" + "MD5 authentication data length\n" + "RFC compatible\n" + "Old ripd compatible\n") + DEFUN (no_ip_rip_authentication_mode, no_ip_rip_authentication_mode_cmd, "no ip rip authentication mode", @@ -1708,6 +1744,7 @@ DEFUN (no_ip_rip_authentication_mode, /* ri->auth_type = RIP_NO_AUTH; */ ri->auth_type = RIP_AUTH_SIMPLE_PASSWORD; + ri->md5_auth_len = RIP_AUTH_MD5_COMPAT_SIZE; return CMD_SUCCESS; } @@ -1723,6 +1760,20 @@ ALIAS (no_ip_rip_authentication_mode, "Keyed message digest\n" "Clear text authentication\n") +ALIAS (no_ip_rip_authentication_mode, + no_ip_rip_authentication_mode_type_authlen_cmd, + "no ip rip authentication mode (md5|text) auth-length (rfc|old-ripd)", + NO_STR + IP_STR + "Routing Information Protocol\n" + "Authentication control\n" + "Authentication mode\n" + "Keyed message digest\n" + "Clear text authentication\n" + "MD5 authentication data length\n" + "RFC compatible\n" + "Old ripd compatible\n") + DEFUN (ip_rip_authentication_string, ip_rip_authentication_string_cmd, "ip rip authentication string LINE", @@ -1988,6 +2039,7 @@ rip_interface_config_write (struct vty *vty) (ri->ri_send == RI_RIP_UNSPEC) && (ri->ri_receive == RI_RIP_UNSPEC) && (ri->auth_type != RIP_AUTH_MD5) && + (ri->md5_auth_len != RIP_AUTH_MD5_SIZE) && (!ri->auth_str) && (!ri->key_chain) ) continue; @@ -2034,8 +2086,16 @@ rip_interface_config_write (struct vty *vty) if (ri->auth_type == RIP_AUTH_SIMPLE_PASSWORD) vty_out (vty, " ip rip authentication mode text%s", VTY_NEWLINE); #endif /* 0 */ + if (ri->auth_type == RIP_AUTH_MD5) - vty_out (vty, " ip rip authentication mode md5%s", VTY_NEWLINE); + { + vty_out (vty, " ip rip authentication mode md5"); + if (ri->md5_auth_len == RIP_AUTH_MD5_COMPAT_SIZE) + vty_out (vty, " auth-length old-ripd"); + else + vty_out (vty, " auth-length rfc"); + vty_out (vty, "%s", VTY_NEWLINE); + } if (ri->auth_str) vty_out (vty, " ip rip authentication string %s%s", @@ -2165,8 +2225,10 @@ rip_if_init () install_element (INTERFACE_NODE, &no_ip_rip_receive_version_num_cmd); install_element (INTERFACE_NODE, &ip_rip_authentication_mode_cmd); + install_element (INTERFACE_NODE, &ip_rip_authentication_mode_authlen_cmd); install_element (INTERFACE_NODE, &no_ip_rip_authentication_mode_cmd); install_element (INTERFACE_NODE, &no_ip_rip_authentication_mode_type_cmd); + install_element (INTERFACE_NODE, &no_ip_rip_authentication_mode_type_authlen_cmd); install_element (INTERFACE_NODE, &ip_rip_authentication_key_chain_cmd); install_element (INTERFACE_NODE, &no_ip_rip_authentication_key_chain_cmd); -- cgit v1.2.1