[Midnightbsd-cvs] src [10488] trunk/sbin/routed: insecure flag
laffer1 at midnightbsd.org
laffer1 at midnightbsd.org
Wed Jun 6 21:11:41 EDT 2018
Revision: 10488
http://svnweb.midnightbsd.org/src/?rev=10488
Author: laffer1
Date: 2018-06-06 21:11:40 -0400 (Wed, 06 Jun 2018)
Log Message:
-----------
insecure flag
Modified Paths:
--------------
trunk/sbin/routed/input.c
trunk/sbin/routed/main.c
Modified: trunk/sbin/routed/input.c
===================================================================
--- trunk/sbin/routed/input.c 2018-06-07 01:09:56 UTC (rev 10487)
+++ trunk/sbin/routed/input.c 2018-06-07 01:11:40 UTC (rev 10488)
@@ -26,7 +26,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * $MidnightBSD$
+ * $FreeBSD: stable/10/sbin/routed/input.c 286348 2015-08-05 22:05:02Z delphij $
*/
#include "defs.h"
@@ -33,7 +33,7 @@
#ifdef __NetBSD__
__RCSID("$NetBSD$");
-#elif defined(__FreeBSD__)
+#elif defined(__MidnightBSD__)
__RCSID("$MidnightBSD$");
#else
__RCSID("$Revision: 2.26 $");
@@ -294,13 +294,20 @@
/* Answer a query from a utility program
* with all we know.
*/
- if (aifp == NULL) {
- trace_pkt("ignore remote query");
- return;
- }
if (from->sin_port != htons(RIP_PORT)) {
- supply(from, aifp, OUT_QUERY, 0,
- rip->rip_vers, ap != 0);
+ /*
+ * insecure: query from non-router node
+ * > 1: allow from distant node
+ * > 0: allow from neighbor node
+ * == 0: deny
+ */
+ if ((aifp != NULL && insecure > 0) ||
+ (aifp == NULL && insecure > 1))
+ supply(from, aifp, OUT_QUERY, 0,
+ rip->rip_vers, ap != 0);
+ else
+ trace_pkt("Warning: "
+ "possible attack detected");
return;
}
Modified: trunk/sbin/routed/main.c
===================================================================
--- trunk/sbin/routed/main.c 2018-06-07 01:09:56 UTC (rev 10487)
+++ trunk/sbin/routed/main.c 2018-06-07 01:11:40 UTC (rev 10488)
@@ -26,7 +26,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * $MidnightBSD$
+ * $FreeBSD: stable/10/sbin/routed/main.c 272872 2014-10-09 23:49:36Z hrs $
*/
#include "defs.h"
@@ -44,7 +44,7 @@
#ifdef __NetBSD__
__RCSID("$NetBSD$");
#include <util.h>
-#elif defined(__FreeBSD__)
+#elif defined(__MidnightSD__)
__RCSID("$MidnightBSD$");
#else
__RCSID("$Revision: 2.31 $");
@@ -68,6 +68,7 @@
int mhome; /* 1=want multi-homed host route */
int advertise_mhome; /* 1=must continue advertising it */
int auth_ok = 1; /* 1=ignore auth if we do not care */
+int insecure; /* Reply to special queries or not */
struct timeval epoch; /* when started */
struct timeval clk;
@@ -136,8 +137,11 @@
(void)gethostname(myname, sizeof(myname)-1);
(void)gethost(myname, &myaddr);
- while ((n = getopt(argc, argv, "sqdghmAtvT:F:P:")) != -1) {
+ while ((n = getopt(argc, argv, "isqdghmAtvT:F:P:")) != -1) {
switch (n) {
+ case 'i':
+ insecure++;
+ break;
case 's':
supplier = 1;
supplier_set = 1;
@@ -414,7 +418,7 @@
continue;
}
- /* Check the kernel table occassionally for mysteriously
+ /* Check the kernel table occasionally for mysteriously
* evaporated routes
*/
timevalsub(&t2, &flush_kern_timer, &now);
@@ -446,7 +450,7 @@
* the previous update was finished.
* Even if we just started after discovering
* a 2nd interface or were otherwise delayed,
- * pick a 30-second aniversary of the
+ * pick a 30-second anniversary of the
* original broadcast time.
*/
n = 1 + (0-t2.tv_sec)/SUPPLY_INTERVAL;
More information about the Midnightbsd-cvs
mailing list