17c478bdstevel@tonic-gate/*
2982ec2cRishi Srivatsavai * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
37c478bdstevel@tonic-gate * Use is subject to license terms.
47c478bdstevel@tonic-gate *
57c478bdstevel@tonic-gate * Copyright (c) 1983, 1988, 1993
67c478bdstevel@tonic-gate *	The Regents of the University of California.  All rights reserved.
77c478bdstevel@tonic-gate *
87c478bdstevel@tonic-gate * Redistribution and use in source and binary forms, with or without
97c478bdstevel@tonic-gate * modification, are permitted provided that the following conditions
107c478bdstevel@tonic-gate * are met:
117c478bdstevel@tonic-gate * 1. Redistributions of source code must retain the above copyright
127c478bdstevel@tonic-gate *    notice, this list of conditions and the following disclaimer.
137c478bdstevel@tonic-gate * 2. Redistributions in binary form must reproduce the above copyright
147c478bdstevel@tonic-gate *    notice, this list of conditions and the following disclaimer in the
157c478bdstevel@tonic-gate *    documentation and/or other materials provided with the distribution.
167c478bdstevel@tonic-gate * 3. All advertising materials mentioning features or use of this software
177c478bdstevel@tonic-gate *    must display the following acknowledgment:
187c478bdstevel@tonic-gate *	This product includes software developed by the University of
197c478bdstevel@tonic-gate *	California, Berkeley and its contributors.
207c478bdstevel@tonic-gate * 4. Neither the name of the University nor the names of its contributors
217c478bdstevel@tonic-gate *    may be used to endorse or promote products derived from this software
227c478bdstevel@tonic-gate *    without specific prior written permission.
237c478bdstevel@tonic-gate *
247c478bdstevel@tonic-gate * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
257c478bdstevel@tonic-gate * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
267c478bdstevel@tonic-gate * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
277c478bdstevel@tonic-gate * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
287c478bdstevel@tonic-gate * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
297c478bdstevel@tonic-gate * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
307c478bdstevel@tonic-gate * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
317c478bdstevel@tonic-gate * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
327c478bdstevel@tonic-gate * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
337c478bdstevel@tonic-gate * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
347c478bdstevel@tonic-gate * SUCH DAMAGE.
357c478bdstevel@tonic-gate *
367c478bdstevel@tonic-gate * $FreeBSD: src/sbin/routed/input.c,v 1.9 2001/06/06 20:52:30 phk Exp $
377c478bdstevel@tonic-gate */
387c478bdstevel@tonic-gate
397c478bdstevel@tonic-gate#include "defs.h"
407c478bdstevel@tonic-gate#include <md5.h>
417c478bdstevel@tonic-gate
427c478bdstevel@tonic-gate/*
437c478bdstevel@tonic-gate * The size of the control buffer passed to recvmsg() used to receive
447c478bdstevel@tonic-gate * ancillary data.
457c478bdstevel@tonic-gate */
467c478bdstevel@tonic-gate#define	CONTROL_BUFSIZE	1024
477c478bdstevel@tonic-gate
487c478bdstevel@tonic-gatestatic void input(struct sockaddr_in *, struct interface *, struct rip *, int);
497c478bdstevel@tonic-gatestatic boolean_t ck_passwd(struct interface *, struct rip *, uint8_t *,
507c478bdstevel@tonic-gate    in_addr_t, struct msg_limit *);
517c478bdstevel@tonic-gate
527c478bdstevel@tonic-gate
537c478bdstevel@tonic-gate/*
547c478bdstevel@tonic-gate * Find the interface which received the given message.
557c478bdstevel@tonic-gate */
567c478bdstevel@tonic-gatestruct interface *
577c478bdstevel@tonic-gatereceiving_interface(struct msghdr *msg, boolean_t findremote)
587c478bdstevel@tonic-gate{
597c478bdstevel@tonic-gate	struct interface *ifp, *ifp1, *ifp2;
607c478bdstevel@tonic-gate	struct sockaddr_in *from;
617c478bdstevel@tonic-gate	void *opt;
627c478bdstevel@tonic-gate	uint_t ifindex;
637c478bdstevel@tonic-gate
647c478bdstevel@tonic-gate	from = (struct sockaddr_in *)msg->msg_name;
657c478bdstevel@tonic-gate
667c478bdstevel@tonic-gate	/* First see if this packet came from a remote gateway. */
677c478bdstevel@tonic-gate	if (findremote && ((ifp = findremoteif(from->sin_addr.s_addr)) != NULL))
687c478bdstevel@tonic-gate		return (ifp);
697c478bdstevel@tonic-gate
707c478bdstevel@tonic-gate	/*
717c478bdstevel@tonic-gate	 * It did not come from a remote gateway.  Determine which
727c478bdstevel@tonic-gate	 * physical interface this packet was received on by
737c478bdstevel@tonic-gate	 * processing the message's ancillary data to find the
747c478bdstevel@tonic-gate	 * IP_RECVIF option we requested.
757c478bdstevel@tonic-gate	 */
767c478bdstevel@tonic-gate	if ((opt = find_ancillary(msg, IP_RECVIF)) == NULL) {
777c478bdstevel@tonic-gate		msglog("unable to retrieve IP_RECVIF");
787c478bdstevel@tonic-gate	} else {
797c478bdstevel@tonic-gate		ifindex = *(uint_t *)opt;
807c478bdstevel@tonic-gate		if ((ifp = ifwithindex(ifindex, _B_TRUE)) != NULL) {
817c478bdstevel@tonic-gate			/* Find the best match of the aliases */
827c478bdstevel@tonic-gate			ifp2 = NULL;
837c478bdstevel@tonic-gate			for (ifp1 = ifp; ifp1 != NULL;
847c478bdstevel@tonic-gate			    ifp1 = ifp1->int_ilist.hl_next) {
857c478bdstevel@tonic-gate				if (ifp1->int_addr == from->sin_addr.s_addr)
867c478bdstevel@tonic-gate					return (ifp1);
877c478bdstevel@tonic-gate				if ((ifp2 == NULL ||
88f9aa3e1kcpoon				    (ifp2->int_state & IS_ALIAS)) &&
897c478bdstevel@tonic-gate				    on_net(from->sin_addr.s_addr, ifp1->int_net,
90f9aa3e1kcpoon				    ifp1->int_mask)) {
917c478bdstevel@tonic-gate					ifp2 = ifp1;
92f9aa3e1kcpoon				}
937c478bdstevel@tonic-gate			}
947c478bdstevel@tonic-gate			if (ifp2 != NULL)
957c478bdstevel@tonic-gate				ifp = ifp2;
967c478bdstevel@tonic-gate			return (ifp);
977c478bdstevel@tonic-gate		}
987c478bdstevel@tonic-gate	}
997c478bdstevel@tonic-gate
1007c478bdstevel@tonic-gate	/*
1017c478bdstevel@tonic-gate	 * As a last resort (for some reason, ip didn't give us the
1027c478bdstevel@tonic-gate	 * IP_RECVIF index we requested), try to deduce the receiving
1037c478bdstevel@tonic-gate	 * interface based on the source address of the packet.
1047c478bdstevel@tonic-gate	 */
105982ec2cRishi Srivatsavai	return (iflookup(from->sin_addr.s_addr));
1067c478bdstevel@tonic-gate}
1077c478bdstevel@tonic-gate
1087c478bdstevel@tonic-gate/*
1097c478bdstevel@tonic-gate * Process RIP input on rip_sock.  Returns 0 for success, -1 for failure.
1107c478bdstevel@tonic-gate */
1117c478bdstevel@tonic-gateint
1127c478bdstevel@tonic-gateread_rip()
1137c478bdstevel@tonic-gate{
1147c478bdstevel@tonic-gate	struct sockaddr_in from;
1157c478bdstevel@tonic-gate	struct interface *ifp;
1167c478bdstevel@tonic-gate	int cc;
1177c478bdstevel@tonic-gate	union pkt_buf inbuf;
1187c478bdstevel@tonic-gate	struct msghdr msg;
1197c478bdstevel@tonic-gate	struct iovec iov;
1207c478bdstevel@tonic-gate	uint8_t ancillary_data[CONTROL_BUFSIZE];
1217c478bdstevel@tonic-gate
1227c478bdstevel@tonic-gate	iov.iov_base = &inbuf;
1237c478bdstevel@tonic-gate	iov.iov_len = sizeof (inbuf);
1247c478bdstevel@tonic-gate	msg.msg_iov = &iov;
1257c478bdstevel@tonic-gate	msg.msg_iovlen = 1;
1267c478bdstevel@tonic-gate	msg.msg_name = &from;
1277c478bdstevel@tonic-gate	msg.msg_control = &ancillary_data;
1287c478bdstevel@tonic-gate
1297c478bdstevel@tonic-gate	for (;;) {
1307c478bdstevel@tonic-gate		msg.msg_namelen = sizeof (from);
1317c478bdstevel@tonic-gate		msg.msg_controllen = sizeof (ancillary_data);
1327c478bdstevel@tonic-gate		cc = recvmsg(rip_sock, &msg, 0);
1337c478bdstevel@tonic-gate		if (cc == 0)
1347c478bdstevel@tonic-gate			return (-1);
1357c478bdstevel@tonic-gate		if (cc < 0) {
1367c478bdstevel@tonic-gate			if (errno == EWOULDBLOCK || errno == EINTR)
1377c478bdstevel@tonic-gate				return (0);
1387c478bdstevel@tonic-gate			LOGERR("recvmsg(rip_sock)");
1397c478bdstevel@tonic-gate			return (-1);
1407c478bdstevel@tonic-gate		}
1417c478bdstevel@tonic-gate
1427c478bdstevel@tonic-gate		/*
1437c478bdstevel@tonic-gate		 * ifp is the interface via which the packet arrived.
1447c478bdstevel@tonic-gate		 */
1457c478bdstevel@tonic-gate		ifp = receiving_interface(&msg, _B_TRUE);
1467c478bdstevel@tonic-gate
1477c478bdstevel@tonic-gate		input(&from, ifp, &inbuf.rip, cc);
1487c478bdstevel@tonic-gate	}
1497c478bdstevel@tonic-gate}
1507c478bdstevel@tonic-gate
1517c478bdstevel@tonic-gate
1527c478bdstevel@tonic-gate/* Process a RIP packet */
1537c478bdstevel@tonic-gatestatic void
1547c478bdstevel@tonic-gateinput(struct sockaddr_in *from,		/* received from this IP address */
1557c478bdstevel@tonic-gate    struct interface *ifp,		/* interface of incoming socket */
1567c478bdstevel@tonic-gate    struct rip *rip,
1577c478bdstevel@tonic-gate    int cc)
1587c478bdstevel@tonic-gate{
1597c478bdstevel@tonic-gate#define	FROM_NADDR from->sin_addr.s_addr
1607c478bdstevel@tonic-gate	static struct msg_limit use_auth, bad_len, bad_mask;
1617c478bdstevel@tonic-gate	static struct msg_limit unk_router, bad_router, bad_nhop;
1627c478bdstevel@tonic-gate
1637c478bdstevel@tonic-gate	struct rt_entry *rt;
1647c478bdstevel@tonic-gate	struct rt_spare new;
1657c478bdstevel@tonic-gate	struct netinfo *n, *lim;
1667c478bdstevel@tonic-gate	struct interface *ifp1;
1677c478bdstevel@tonic-gate	in_addr_t gate, mask, v1_mask, dst, ddst_h = 0;
1687c478bdstevel@tonic-gate	struct auth *ap;
1697c478bdstevel@tonic-gate	struct tgate *tg = NULL;
1707c478bdstevel@tonic-gate	struct tgate_net *tn;
1717c478bdstevel@tonic-gate	int i, j;
1727c478bdstevel@tonic-gate	boolean_t poll_answer = _B_FALSE; /* Set to _B_TRUE if RIPCMD_POLL */
1737c478bdstevel@tonic-gate	uint16_t rt_state = 0;	/* Extra route state to pass to input_route() */
1747c478bdstevel@tonic-gate	uint8_t metric;
1757c478bdstevel@tonic-gate
1767c478bdstevel@tonic-gate	(void) memset(&new, 0, sizeof (new));
1777c478bdstevel@tonic-gate	/* Notice when we hear from a remote gateway */
1787c478bdstevel@tonic-gate	if (ifp != NULL && (ifp->int_state & IS_REMOTE))
1797c478bdstevel@tonic-gate		ifp->int_act_time = now.tv_sec;
1807c478bdstevel@tonic-gate
1817c478bdstevel@tonic-gate	trace_rip("Recv", "from", from, ifp, rip, cc);
1827c478bdstevel@tonic-gate
1837c478bdstevel@tonic-gate	if (ifp != NULL && (ifp->int_if_flags & IFF_NORTEXCH)) {
1847c478bdstevel@tonic-gate		trace_misc("discard RIP packet received over %s (IFF_NORTEXCH)",
1857c478bdstevel@tonic-gate		    ifp->int_name);
1867c478bdstevel@tonic-gate		return;
1877c478bdstevel@tonic-gate	}
1887c478bdstevel@tonic-gate
1897c478bdstevel@tonic-gate	gate = ntohl(FROM_NADDR);
1902a9459bsangeeta	if (IN_CLASSD(gate) || (gate >> IN_CLASSA_NSHIFT) == 0) {
1917c478bdstevel@tonic-gate		msglim(&bad_router, FROM_NADDR, "source address %s unusable",
1927c478bdstevel@tonic-gate		    naddr_ntoa(FROM_NADDR));
1937c478bdstevel@tonic-gate		return;
1947c478bdstevel@tonic-gate	}
1957c478bdstevel@tonic-gate
1967c478bdstevel@tonic-gate	if (rip->rip_vers == 0) {
1977c478bdstevel@tonic-gate		msglim(&bad_router, FROM_NADDR,
1987c478bdstevel@tonic-gate		    "RIP version 0, cmd %d, packet received from %s",
1997c478bdstevel@tonic-gate		    rip->rip_cmd, naddr_ntoa(FROM_NADDR));
2007c478bdstevel@tonic-gate		return;
2017c478bdstevel@tonic-gate	}
2027c478bdstevel@tonic-gate
2037c478bdstevel@tonic-gate	if (rip->rip_vers > RIPv2) {
2047c478bdstevel@tonic-gate		msglim(&bad_router, FROM_NADDR,
2057c478bdstevel@tonic-gate		    "Treating RIP version %d packet received from %s as "
2067c478bdstevel@tonic-gate		    "version %d", rip->rip_vers, naddr_ntoa(FROM_NADDR),
2077c478bdstevel@tonic-gate		    RIPv2);
2087c478bdstevel@tonic-gate		rip->rip_vers = RIPv2;
2097c478bdstevel@tonic-gate	}
2107c478bdstevel@tonic-gate
2117c478bdstevel@tonic-gate	if (cc > (int)OVER_MAXPACKETSIZE) {
2127c478bdstevel@tonic-gate		msglim(&bad_router, FROM_NADDR,
2137c478bdstevel@tonic-gate		    "packet at least %d bytes too long received from %s",
2147c478bdstevel@tonic-gate		    cc-MAXPACKETSIZE, naddr_ntoa(FROM_NADDR));
2157c478bdstevel@tonic-gate	}
2167c478bdstevel@tonic-gate
2177c478bdstevel@tonic-gate	n = rip->rip_nets;
2187c478bdstevel@tonic-gate	lim = n + (cc - 4) / sizeof (struct netinfo);
2197c478bdstevel@tonic-gate
2207c478bdstevel@tonic-gate	/*
2217c478bdstevel@tonic-gate	 * Notice authentication.
2227c478bdstevel@tonic-gate	 * As required by section 5.2 of RFC 2453, discard authenticated
2237c478bdstevel@tonic-gate	 * RIPv2 messages, but only if configured for that silliness.
2247c478bdstevel@tonic-gate	 *
2257c478bdstevel@tonic-gate	 * RIPv2 authentication is lame.  Why authenticate queries?
2267c478bdstevel@tonic-gate	 * Why should a RIPv2 implementation with authentication disabled
2277c478bdstevel@tonic-gate	 * not be able to listen to RIPv2 packets with authentication, while
2287c478bdstevel@tonic-gate	 * RIPv1 systems will listen?  Crazy!
2297c478bdstevel@tonic-gate	 */
2307c478bdstevel@tonic-gate	if (!auth_ok && rip->rip_vers == RIPv2 && n < lim &&
2317c478bdstevel@tonic-gate	    n->n_family == RIP_AF_AUTH) {
2327c478bdstevel@tonic-gate		msglim(&use_auth, FROM_NADDR,
2337c478bdstevel@tonic-gate		    "RIPv2 message with authentication from %s discarded",
2347c478bdstevel@tonic-gate		    naddr_ntoa(FROM_NADDR));
2357c478bdstevel@tonic-gate		return;
2367c478bdstevel@tonic-gate	}
2377c478bdstevel@tonic-gate
2387c478bdstevel@tonic-gate	switch (rip->rip_cmd) {
2397c478bdstevel@tonic-gate	case RIPCMD_POLL:
2407c478bdstevel@tonic-gate		/*
2417c478bdstevel@tonic-gate		 * Similar to RIPCMD_REQUEST, this command is used to
2427c478bdstevel@tonic-gate		 * request either a full-table or a set of entries.  Both
2437c478bdstevel@tonic-gate		 * silent processes and routers can respond to this
2447c478bdstevel@tonic-gate		 * command.
2457c478bdstevel@tonic-gate		 */
2467c478bdstevel@tonic-gate		poll_answer = _B_TRUE;
2477c478bdstevel@tonic-gate		/* FALLTHRU */
2487c478bdstevel@tonic-gate	case RIPCMD_REQUEST:
2497c478bdstevel@tonic-gate		/* Are we talking to ourself or a remote gateway? */
2507c478bdstevel@tonic-gate		ifp1 = ifwithaddr(FROM_NADDR, _B_FALSE, _B_TRUE);
2517c478bdstevel@tonic-gate		if (ifp1 != NULL) {
2527c478bdstevel@tonic-gate			if (ifp1->int_state & IS_REMOTE) {
2537c478bdstevel@tonic-gate				/* remote gateway */
2547c478bdstevel@tonic-gate				ifp = ifp1;
2557c478bdstevel@tonic-gate				if (check_remote(ifp)) {
2567c478bdstevel@tonic-gate					ifp->int_act_time = now.tv_sec;
2577c478bdstevel@tonic-gate					if_ok(ifp, "remote ", _B_FALSE);
2587c478bdstevel@tonic-gate				}
2597c478bdstevel@tonic-gate			} else if (from->sin_port == htons(RIP_PORT)) {
2607c478bdstevel@tonic-gate				trace_pkt("    discard our own RIP request");
2617c478bdstevel@tonic-gate				return;
2627c478bdstevel@tonic-gate			}
2637c478bdstevel@tonic-gate		}
2647c478bdstevel@tonic-gate
2657c478bdstevel@tonic-gate		/* did the request come from a router? */
2667c478bdstevel@tonic-gate		if (!poll_answer && (from->sin_port == htons(RIP_PORT))) {
2677c478bdstevel@tonic-gate			/*
2687c478bdstevel@tonic-gate			 * yes, ignore the request if RIP is off so that
2697c478bdstevel@tonic-gate			 * the router does not depend on us.
2707c478bdstevel@tonic-gate			 */
2717c478bdstevel@tonic-gate			if (ripout_interfaces == 0 ||
2727c478bdstevel@tonic-gate			    (ifp != NULL && (IS_RIP_OUT_OFF(ifp->int_state) ||
2737c478bdstevel@tonic-gate			    !IS_IFF_ROUTING(ifp->int_if_flags)))) {
2747c478bdstevel@tonic-gate				trace_pkt("    discard request while RIP off");
2757c478bdstevel@tonic-gate				return;
2767c478bdstevel@tonic-gate			}
2777c478bdstevel@tonic-gate		}
2787c478bdstevel@tonic-gate
2797c478bdstevel@tonic-gate		/*
2807c478bdstevel@tonic-gate		 * According to RFC 2453 section 5.2, we should ignore
2817c478bdstevel@tonic-gate		 * unauthenticated queries when authentication is
2827c478bdstevel@tonic-gate		 * configured.  That is too silly to bother with.  Sheesh!
2837c478bdstevel@tonic-gate		 * Are forwarding tables supposed to be secret even though
2847c478bdstevel@tonic-gate		 * a bad guy can infer them with test traffic?  RIP is
2857c478bdstevel@tonic-gate		 * still the most common router-discovery protocol, so
2867c478bdstevel@tonic-gate		 * hosts need to send queries that will be answered.  What
2877c478bdstevel@tonic-gate		 * about `rtquery`?  Maybe on firewalls you'd care, but not
2887c478bdstevel@tonic-gate		 * enough to give up the diagnostic facilities of remote
2897c478bdstevel@tonic-gate		 * probing.
2907c478bdstevel@tonic-gate		 */
2917c478bdstevel@tonic-gate
2927c478bdstevel@tonic-gate		if (n >= lim) {
2937c478bdstevel@tonic-gate			msglim(&bad_len, FROM_NADDR, "empty request from %s",
2947c478bdstevel@tonic-gate			    naddr_ntoa(FROM_NADDR));
2957c478bdstevel@tonic-gate			return;
2967c478bdstevel@tonic-gate		}
2977c478bdstevel@tonic-gate		if (cc%sizeof (*n) != sizeof (struct rip)%sizeof (*n)) {
2987c478bdstevel@tonic-gate			msglim(&bad_len, FROM_NADDR,
2997c478bdstevel@tonic-gate			    "request of bad length (%d) from %s",
3007c478bdstevel@tonic-gate			    cc, naddr_ntoa(FROM_NADDR));
3017c478bdstevel@tonic-gate		}
3027c478bdstevel@tonic-gate
3037c478bdstevel@tonic-gate		if (rip->rip_vers == RIPv2 && (ifp == NULL ||
3047c478bdstevel@tonic-gate		    (ifp->int_state & IS_NO_RIPV1_OUT))) {
3057c478bdstevel@tonic-gate			v12buf.buf->rip_vers = RIPv2;
3067c478bdstevel@tonic-gate			/*
3077c478bdstevel@tonic-gate			 * If we have a secret but it is a cleartext secret,
3087c478bdstevel@tonic-gate			 * do not disclose our secret unless the other guy
3097c478bdstevel@tonic-gate			 * already knows it.
3107c478bdstevel@tonic-gate			 */
3117c478bdstevel@tonic-gate			ap = find_auth(ifp);
3127c478bdstevel@tonic-gate			if (ap != NULL &&
3137c478bdstevel@tonic-gate			    (ulong_t)ap->end < (ulong_t)clk.tv_sec) {
3147c478bdstevel@tonic-gate				/*
3157c478bdstevel@tonic-gate				 * Don't authenticate incoming packets
3167c478bdstevel@tonic-gate				 * using an expired key.
3177c478bdstevel@tonic-gate				 */
3187c478bdstevel@tonic-gate				msglim(&use_auth, FROM_NADDR,
3197c478bdstevel@tonic-gate				    "%s attempting to authenticate using "
3207c478bdstevel@tonic-gate				    "an expired password.",
3217c478bdstevel@tonic-gate				    naddr_ntoa(FROM_NADDR));
3227c478bdstevel@tonic-gate				ap = NULL;
3237c478bdstevel@tonic-gate			}
3247c478bdstevel@tonic-gate			if (ap != NULL && ap->type == RIP_AUTH_PW &&
3257c478bdstevel@tonic-gate			    (n->n_family != RIP_AF_AUTH ||
3267c478bdstevel@tonic-gate			    !ck_passwd(ifp, rip, (uint8_t *)lim, FROM_NADDR,
3277c478bdstevel@tonic-gate			    &use_auth)))
3287c478bdstevel@tonic-gate				ap = NULL;
3297c478bdstevel@tonic-gate		} else {
3307c478bdstevel@tonic-gate			v12buf.buf->rip_vers = RIPv1;
3317c478bdstevel@tonic-gate			ap = NULL;
3327c478bdstevel@tonic-gate		}
3337c478bdstevel@tonic-gate		clr_ws_buf(&v12buf, ap);
3347c478bdstevel@tonic-gate
3357c478bdstevel@tonic-gate		do {
3367c478bdstevel@tonic-gate			n->n_metric = ntohl(n->n_metric);
3377c478bdstevel@tonic-gate
3387c478bdstevel@tonic-gate			/*
3397c478bdstevel@tonic-gate			 * A single entry with family RIP_AF_UNSPEC and
3407c478bdstevel@tonic-gate			 * metric HOPCNT_INFINITY means "all routes".
3417c478bdstevel@tonic-gate			 * We respond to routers only if we are acting
3427c478bdstevel@tonic-gate			 * as a supplier, or to anyone other than a router
3437c478bdstevel@tonic-gate			 * (i.e. a query).
3447c478bdstevel@tonic-gate			 */
3457c478bdstevel@tonic-gate			if (n->n_family == RIP_AF_UNSPEC &&
3467c478bdstevel@tonic-gate			    n->n_metric == HOPCNT_INFINITY) {
3477c478bdstevel@tonic-gate				/*
3487c478bdstevel@tonic-gate				 * Answer a full-table query from a utility
3497c478bdstevel@tonic-gate				 * program with all we know.
3507c478bdstevel@tonic-gate				 */
3517c478bdstevel@tonic-gate				if (poll_answer ||
3527c478bdstevel@tonic-gate				    (from->sin_port != htons(RIP_PORT))) {
3537c478bdstevel@tonic-gate					supply(from, ifp, OUT_QUERY, 0,
3547c478bdstevel@tonic-gate					    rip->rip_vers, ap != NULL);
3557c478bdstevel@tonic-gate					return;
3567c478bdstevel@tonic-gate				}
3577c478bdstevel@tonic-gate
3587c478bdstevel@tonic-gate				/*
3597c478bdstevel@tonic-gate				 * A router is trying to prime its tables.
3607c478bdstevel@tonic-gate				 * Filter the answer in the same way
3617c478bdstevel@tonic-gate				 * broadcasts are filtered.
3627c478bdstevel@tonic-gate				 *
3637c478bdstevel@tonic-gate				 * Only answer a router if we are a supplier
3647c478bdstevel@tonic-gate				 * to keep an unwary host that is just starting
3657c478bdstevel@tonic-gate				 * from picking us as a router.
3667c478bdstevel@tonic-gate				 */
3677c478bdstevel@tonic-gate				if (ifp == NULL) {
3687c478bdstevel@tonic-gate					trace_pkt("ignore distant router");
3697c478bdstevel@tonic-gate					return;
3707c478bdstevel@tonic-gate				}
3717c478bdstevel@tonic-gate				if (IS_RIP_OFF(ifp->int_state) ||
3727c478bdstevel@tonic-gate				    !should_supply(ifp)) {
3737c478bdstevel@tonic-gate					trace_pkt("ignore; not supplying");
3747c478bdstevel@tonic-gate					return;
3757c478bdstevel@tonic-gate				}
3767c478bdstevel@tonic-gate
3777c478bdstevel@tonic-gate				/*
3787c478bdstevel@tonic-gate				 * Do not answer a RIPv1 router if
3797c478bdstevel@tonic-gate				 * we are sending RIPv2.  But do offer
3807c478bdstevel@tonic-gate				 * poor man's router discovery.
3817c478bdstevel@tonic-gate				 */
3827c478bdstevel@tonic-gate				if ((ifp->int_state & IS_NO_RIPV1_OUT) &&
3837c478bdstevel@tonic-gate				    rip->rip_vers == RIPv1) {
3847c478bdstevel@tonic-gate					if (!(ifp->int_state & IS_PM_RDISC)) {
385f9aa3e1kcpoon						trace_pkt("ignore; sending "
386f9aa3e1kcpoon						    "RIPv2");
387f9aa3e1kcpoon						return;
3887c478bdstevel@tonic-gate					}
3897c478bdstevel@tonic-gate
3907c478bdstevel@tonic-gate					v12buf.n->n_family = RIP_AF_INET;
3917c478bdstevel@tonic-gate					v12buf.n->n_dst = RIP_DEFAULT;
3927c478bdstevel@tonic-gate					metric = ifp->int_d_metric;
3937c478bdstevel@tonic-gate					if (NULL !=
3947c478bdstevel@tonic-gate					    (rt = rtget(RIP_DEFAULT, 0)))
3957c478bdstevel@tonic-gate						metric = MIN(metric,
3967c478bdstevel@tonic-gate						    (rt->rt_metric + 1));
3977c478bdstevel@tonic-gate					v12buf.n->n_metric = htonl(metric);
3987c478bdstevel@tonic-gate					v12buf.n++;
3997c478bdstevel@tonic-gate					break;
4007c478bdstevel@tonic-gate				}
4017c478bdstevel@tonic-gate
4027c478bdstevel@tonic-gate				/*
4037c478bdstevel@tonic-gate				 * Respond with RIPv1 instead of RIPv2 if
4047c478bdstevel@tonic-gate				 * that is what we are broadcasting on the
4057c478bdstevel@tonic-gate				 * interface to keep the remote router from
4067c478bdstevel@tonic-gate				 * getting the wrong initial idea of the
4077c478bdstevel@tonic-gate				 * routes we send.
4087c478bdstevel@tonic-gate				 */
4097c478bdstevel@tonic-gate				supply(from, ifp, OUT_UNICAST, 0,
4107c478bdstevel@tonic-gate				    (ifp->int_state & IS_NO_RIPV1_OUT)
4117c478bdstevel@tonic-gate				    ? RIPv2 : RIPv1,
4127c478bdstevel@tonic-gate				    ap != NULL);
4137c478bdstevel@tonic-gate				return;
4147c478bdstevel@tonic-gate			}
4157c478bdstevel@tonic-gate
4167c478bdstevel@tonic-gate			/* Ignore authentication */
4177c478bdstevel@tonic-gate			if (n->n_family == RIP_AF_AUTH)
4187c478bdstevel@tonic-gate				continue;
4197c478bdstevel@tonic-gate
4207c478bdstevel@tonic-gate			if (n->n_family != RIP_AF_INET) {
4217c478bdstevel@tonic-gate				msglim(&bad_router, FROM_NADDR,
4227c478bdstevel@tonic-gate				    "request from %s for unsupported"
4237c478bdstevel@tonic-gate				    " (af %d) %s",
4247c478bdstevel@tonic-gate				    naddr_ntoa(FROM_NADDR),
4257c478bdstevel@tonic-gate				    ntohs(n->n_family),
4267c478bdstevel@tonic-gate				    naddr_ntoa(n->n_dst));
4277c478bdstevel@tonic-gate				return;
4287c478bdstevel@tonic-gate			}
4297c478bdstevel@tonic-gate
4307c478bdstevel@tonic-gate			/* We are being asked about a specific destination. */
4317c478bdstevel@tonic-gate			v12buf.n->n_dst = dst = n->n_dst;
4327c478bdstevel@tonic-gate			v12buf.n->n_family = RIP_AF_INET;
4337c478bdstevel@tonic-gate			if (!check_dst(dst)) {
4347c478bdstevel@tonic-gate				msglim(&bad_router, FROM_NADDR,
4357c478bdstevel@tonic-gate				    "bad queried destination %s from %s",
4367c478bdstevel@tonic-gate				    naddr_ntoa(dst),
4377c478bdstevel@tonic-gate				    naddr_ntoa(FROM_NADDR));
4387c478bdstevel@tonic-gate				v12buf.n->n_metric = HOPCNT_INFINITY;
4397c478bdstevel@tonic-gate				goto rte_done;
4407c478bdstevel@tonic-gate			}
4417c478bdstevel@tonic-gate
4427c478bdstevel@tonic-gate			/* decide what mask was intended */
4437c478bdstevel@tonic-gate			if (rip->rip_vers == RIPv1 ||
4447c478bdstevel@tonic-gate			    0 == (mask = ntohl(n->n_mask)) ||
4457c478bdstevel@tonic-gate			    0 != (ntohl(dst) & ~mask))
4467c478bdstevel@tonic-gate				mask = ripv1_mask_host(dst, ifp);
4477c478bdstevel@tonic-gate
4487c478bdstevel@tonic-gate			/*
4497c478bdstevel@tonic-gate			 * Try to find the answer.  If we don't have an
4507c478bdstevel@tonic-gate			 * explicit route for the destination, use the best
4517c478bdstevel@tonic-gate			 * route to the destination.
4527c478bdstevel@tonic-gate			 */
4537c478bdstevel@tonic-gate			rt = rtget(dst, mask);
4547c478bdstevel@tonic-gate			if (rt == NULL && dst != RIP_DEFAULT)
4557c478bdstevel@tonic-gate				rt = rtfind(n->n_dst);
4567c478bdstevel@tonic-gate
4577c478bdstevel@tonic-gate			if (v12buf.buf->rip_vers != RIPv1)
4587c478bdstevel@tonic-gate				v12buf.n->n_mask = htonl(mask);
4597c478bdstevel@tonic-gate			if (rt == NULL) {
4607c478bdstevel@tonic-gate				/* we do not have the answer */
4617c478bdstevel@tonic-gate				v12buf.n->n_metric = HOPCNT_INFINITY;
4627c478bdstevel@tonic-gate				goto rte_done;
4637c478bdstevel@tonic-gate			}
4647c478bdstevel@tonic-gate
4657c478bdstevel@tonic-gate			/*
4667c478bdstevel@tonic-gate			 * we have the answer, so compute the right metric
4677c478bdstevel@tonic-gate			 * and next hop.
4687c478bdstevel@tonic-gate			 */
4697c478bdstevel@tonic-gate			v12buf.n->n_metric = rt->rt_metric + 1;
4707c478bdstevel@tonic-gate			if (v12buf.n->n_metric > HOPCNT_INFINITY)
4717c478bdstevel@tonic-gate				v12buf.n->n_metric = HOPCNT_INFINITY;
4727c478bdstevel@tonic-gate			if (v12buf.buf->rip_vers != RIPv1) {
4737c478bdstevel@tonic-gate				v12buf.n->n_tag = rt->rt_tag;
4747c478bdstevel@tonic-gate				if (ifp != NULL &&
4757c478bdstevel@tonic-gate				    on_net(rt->rt_gate, ifp->int_net,
4767c478bdstevel@tonic-gate				    ifp->int_mask) &&
4777c478bdstevel@tonic-gate				    rt->rt_gate != ifp->int_addr)
4787c478bdstevel@tonic-gate					v12buf.n->n_nhop = rt->rt_gate;
4797c478bdstevel@tonic-gate			}
4807c478bdstevel@tonic-gaterte_done:
4817c478bdstevel@tonic-gate			v12buf.n->n_metric = htonl(v12buf.n->n_metric);
4827c478bdstevel@tonic-gate
4837c478bdstevel@tonic-gate			/*
4847c478bdstevel@tonic-gate			 * Stop paying attention if we fill the output buffer.
4857c478bdstevel@tonic-gate			 */
4867c478bdstevel@tonic-gate			if (++v12buf.n >= v12buf.lim)
4877c478bdstevel@tonic-gate				break;
4887c478bdstevel@tonic-gate		} while (++n < lim);
4897c478bdstevel@tonic-gate
4907c478bdstevel@tonic-gate		/*
4917c478bdstevel@tonic-gate		 * If our response is authenticated with md5, complete the
4927c478bdstevel@tonic-gate		 * md5 computation.
4937c478bdstevel@tonic-gate		 */
4947c478bdstevel@tonic-gate		if (ap != NULL && ap->type == RIP_AUTH_MD5)
4957c478bdstevel@tonic-gate			end_md5_auth(&v12buf, ap);
4967c478bdstevel@tonic-gate
4977c478bdstevel@tonic-gate		/*
4987c478bdstevel@tonic-gate		 * Diagnostic programs make specific requests
4997c478bdstevel@tonic-gate		 * from ports other than 520.  Log other types
5007c478bdstevel@tonic-gate		 * of specific requests as suspicious.
5017c478bdstevel@tonic-gate		 */
5027c478bdstevel@tonic-gate		if (!poll_answer && (from->sin_port == htons(RIP_PORT))) {
5037c478bdstevel@tonic-gate			writelog(LOG_WARNING,
5047c478bdstevel@tonic-gate			    "Received suspicious request from %s port %d",
5057c478bdstevel@tonic-gate			    naddr_ntoa(FROM_NADDR), RIP_PORT);
5067c478bdstevel@tonic-gate		}
5077c478bdstevel@tonic-gate		if (poll_answer || (from->sin_port != htons(RIP_PORT))) {
5087c478bdstevel@tonic-gate			/* query */
5097c478bdstevel@tonic-gate			(void) output(OUT_QUERY, from, ifp, v12buf.buf,
5107c478bdstevel@tonic-gate			    ((char *)v12buf.n - (char *)v12buf.buf));
5117c478bdstevel@tonic-gate		} else {
5127c478bdstevel@tonic-gate			(void) output(OUT_UNICAST, from, ifp,
5137c478bdstevel@tonic-gate			    v12buf.buf, ((char *)v12buf.n -
5147c478bdstevel@tonic-gate			    (char *)v12buf.buf));
5157c478bdstevel@tonic-gate		}
5167c478bdstevel@tonic-gate		return;
5177c478bdstevel@tonic-gate
5187c478bdstevel@tonic-gate	case RIPCMD_TRACEON:
5197c478bdstevel@tonic-gate	case RIPCMD_TRACEOFF:
5207c478bdstevel@tonic-gate		/*
5217c478bdstevel@tonic-gate		 * Notice that trace messages are turned off for all possible
5227c478bdstevel@tonic-gate		 * abuse if PATH_TRACE is undefined in pathnames.h.
5237c478bdstevel@tonic-gate		 * Notice also that because of the way the trace file is
5247c478bdstevel@tonic-gate		 * handled in trace.c, no abuse is plausible even if
5257c478bdstevel@tonic-gate		 * PATH_TRACE is defined.
5267c478bdstevel@tonic-gate		 *
5277c478bdstevel@tonic-gate		 * First verify message came from a privileged port.
5287c478bdstevel@tonic-gate		 */
5297c478bdstevel@tonic-gate		if (ntohs(from->sin_port) > IPPORT_RESERVED) {
5307c478bdstevel@tonic-gate			trace_pkt("trace command from untrusted port %d on %s",
5317c478bdstevel@tonic-gate			    ntohs(from->sin_port), naddr_ntoa(FROM_NADDR));
5327c478bdstevel@tonic-gate			return;
5337c478bdstevel@tonic-gate		}
5347c478bdstevel@tonic-gate		if (ifp == NULL || !remote_address_ok(ifp, FROM_NADDR)) {
5357c478bdstevel@tonic-gate			/*
5367c478bdstevel@tonic-gate			 * Use a message here to warn about strange
5377c478bdstevel@tonic-gate			 * messages from remote systems.
5387c478bdstevel@tonic-gate			 */
5397c478bdstevel@tonic-gate			msglim(&bad_router, FROM_NADDR,
5407c478bdstevel@tonic-gate			    "trace command from non-local host %s",
5417c478bdstevel@tonic-gate			    naddr_ntoa(FROM_NADDR));
5427c478bdstevel@tonic-gate			return;
5437c478bdstevel@tonic-gate		}
5447c478bdstevel@tonic-gate		if (ifp->int_state & IS_DISTRUST) {
5457c478bdstevel@tonic-gate			tg = tgates;
5467c478bdstevel@tonic-gate			while (tg->tgate_addr != FROM_NADDR) {
5477c478bdstevel@tonic-gate				tg = tg->tgate_next;
5487c478bdstevel@tonic-gate				if (tg == NULL) {
5497c478bdstevel@tonic-gate					trace_pkt("trace command from "
5507c478bdstevel@tonic-gate					    "untrusted host %s",
5517c478bdstevel@tonic-gate					    naddr_ntoa(FROM_NADDR));
5527c478bdstevel@tonic-gate					return;
5537c478bdstevel@tonic-gate				}
5547c478bdstevel@tonic-gate			}
5557c478bdstevel@tonic-gate		}
5567c478bdstevel@tonic-gate		if (ifp->int_auth[0].type != RIP_AUTH_NONE) {
5577c478bdstevel@tonic-gate			/*
5587c478bdstevel@tonic-gate			 * Technically, it would be fairly easy to add
5597c478bdstevel@tonic-gate			 * standard authentication to the existing
5607c478bdstevel@tonic-gate			 * trace commands -- just bracket the payload
5617c478bdstevel@tonic-gate			 * with the authentication information.
5627c478bdstevel@tonic-gate			 * However, the tracing message behavior
5637c478bdstevel@tonic-gate			 * itself is marginal enough that we don't
5647c478bdstevel@tonic-gate			 * actually care.  Just discard if
5657c478bdstevel@tonic-gate			 * authentication is needed.
5667c478bdstevel@tonic-gate			 */
5677c478bdstevel@tonic-gate			trace_pkt("trace command unauthenticated from %s",
5687c478bdstevel@tonic-gate			    naddr_ntoa(FROM_NADDR));
5697c478bdstevel@tonic-gate			return;
5707c478bdstevel@tonic-gate		}
5717c478bdstevel@tonic-gate		if (rip->rip_cmd == RIPCMD_TRACEON) {
5727c478bdstevel@tonic-gate			rip->rip_tracefile[cc-4] = '\0';
5737c478bdstevel@tonic-gate			set_tracefile(rip->rip_tracefile,
5747c478bdstevel@tonic-gate			    "trace command: %s\n", 0);
5757c478bdstevel@tonic-gate		} else {
5767c478bdstevel@tonic-gate			trace_off("tracing turned off by %s",
5777c478bdstevel@tonic-gate			    naddr_ntoa(FROM_NADDR));
5787c478bdstevel@tonic-gate		}
5797c478bdstevel@tonic-gate		return;
5807c478bdstevel@tonic-gate
5817c478bdstevel@tonic-gate	case RIPCMD_RESPONSE:
5827c478bdstevel@tonic-gate		if (ifp != NULL && (ifp->int_if_flags & IFF_NOXMIT)) {
5837c478bdstevel@tonic-gate			trace_misc("discard RIP response received over %s "
5847c478bdstevel@tonic-gate			    "(IFF_NOXMIT)", ifp->int_name);
5857c478bdstevel@tonic-gate			return;
5867c478bdstevel@tonic-gate		}
5877c478bdstevel@tonic-gate
5887c478bdstevel@tonic-gate		if (cc%sizeof (*n) != sizeof (struct rip)%sizeof (*n)) {
5897c478bdstevel@tonic-gate			msglim(&bad_len, FROM_NADDR,
5907c478bdstevel@tonic-gate			    "response of bad length (%d) from %s",
5917c478bdstevel@tonic-gate			    cc, naddr_ntoa(FROM_NADDR));
5927c478bdstevel@tonic-gate		}
5937c478bdstevel@tonic-gate
594f9aa3e1kcpoon		if ((gate >> IN_CLASSA_NSHIFT) == IN_LOOPBACKNET ||
595f9aa3e1kcpoon		    IN_LINKLOCAL(gate)) {
5967c478bdstevel@tonic-gate			msglim(&bad_router, FROM_NADDR,
5977c478bdstevel@tonic-gate			    "discard RIP response from bad source address %s",
5987c478bdstevel@tonic-gate			    naddr_ntoa(FROM_NADDR));
5997c478bdstevel@tonic-gate			return;
6007c478bdstevel@tonic-gate		}
6017c478bdstevel@tonic-gate
6027c478bdstevel@tonic-gate		/* verify message came from a router */
6037c478bdstevel@tonic-gate		if (from->sin_port != htons(RIP_PORT)) {
6047c478bdstevel@tonic-gate			msglim(&bad_router, FROM_NADDR,
6057c478bdstevel@tonic-gate			    "    discard RIP response from unknown port"
6067c478bdstevel@tonic-gate			    " %d on host %s", ntohs(from->sin_port),
6077c478bdstevel@tonic-gate			    naddr_ntoa(FROM_NADDR));
6087c478bdstevel@tonic-gate			return;
6097c478bdstevel@tonic-gate		}
6107c478bdstevel@tonic-gate
6117c478bdstevel@tonic-gate		if (!rip_enabled) {
6127c478bdstevel@tonic-gate			trace_pkt("    discard response while RIP off");
6137c478bdstevel@tonic-gate			return;
6147c478bdstevel@tonic-gate		}
6157c478bdstevel@tonic-gate
6167c478bdstevel@tonic-gate		/* Are we talking to ourself or a remote gateway? */
6177c478bdstevel@tonic-gate		ifp1 = ifwithaddr(FROM_NADDR, _B_FALSE, _B_TRUE);
6187c478bdstevel@tonic-gate		if (ifp1 != NULL) {
6197c478bdstevel@tonic-gate			if (ifp1->int_state & IS_REMOTE) {
6207c478bdstevel@tonic-gate				/* remote gateway */
6217c478bdstevel@tonic-gate				ifp = ifp1;
6227c478bdstevel@tonic-gate				if (check_remote(ifp)) {
6237c478bdstevel@tonic-gate					ifp->int_act_time = now.tv_sec;
6247c478bdstevel@tonic-gate					if_ok(ifp, "remote ", _B_FALSE);
6257c478bdstevel@tonic-gate				}
6267c478bdstevel@tonic-gate			} else {
6277c478bdstevel@tonic-gate				trace_pkt("    discard our own RIP response");
6287c478bdstevel@tonic-gate				return;
6297c478bdstevel@tonic-gate			}
6307c478bdstevel@tonic-gate		} else {
6317c478bdstevel@tonic-gate			/*
6327c478bdstevel@tonic-gate			 * If it's not a remote gateway, then the
6337c478bdstevel@tonic-gate			 * remote address *must* be directly
6347c478bdstevel@tonic-gate			 * connected.  Make sure that it is.
6357c478bdstevel@tonic-gate			 */
6367c478bdstevel@tonic-gate			if (ifp != NULL &&
6377c478bdstevel@tonic-gate			    !remote_address_ok(ifp, FROM_NADDR)) {
6387c478bdstevel@tonic-gate				msglim(&bad_router, FROM_NADDR,
6397c478bdstevel@tonic-gate				    "discard RIP response; source %s not on "
6407c478bdstevel@tonic-gate				    "interface %s", naddr_ntoa(FROM_NADDR),
6417c478bdstevel@tonic-gate				    ifp->int_name);
6427c478bdstevel@tonic-gate				return;
6437c478bdstevel@tonic-gate			}
6447c478bdstevel@tonic-gate		}
6457c478bdstevel@tonic-gate
6467c478bdstevel@tonic-gate		/*
6477c478bdstevel@tonic-gate		 * Accept routing packets from routers directly connected
6487c478bdstevel@tonic-gate		 * via broadcast or point-to-point networks, and from
6497c478bdstevel@tonic-gate		 * those listed in /etc/gateways.
6507c478bdstevel@tonic-gate		 */
6517c478bdstevel@tonic-gate		if (ifp == NULL) {
6527c478bdstevel@tonic-gate			msglim(&unk_router, FROM_NADDR,
6537c478bdstevel@tonic-gate			    "   discard response from %s"
6547c478bdstevel@tonic-gate			    " via unexpected interface",
6557c478bdstevel@tonic-gate			    naddr_ntoa(FROM_NADDR));
6567c478bdstevel@tonic-gate			return;
6577c478bdstevel@tonic-gate		}
6587c478bdstevel@tonic-gate
6597c478bdstevel@tonic-gate		if (IS_RIP_IN_OFF(ifp->int_state)) {
6607c478bdstevel@tonic-gate			trace_pkt("    discard RIPv%d response"
6617c478bdstevel@tonic-gate			    " via disabled interface %s",
6627c478bdstevel@tonic-gate			    rip->rip_vers, ifp->int_name);
6637c478bdstevel@tonic-gate			return;
6647c478bdstevel@tonic-gate		}
6657c478bdstevel@tonic-gate
6667c478bdstevel@tonic-gate		if (n >= lim) {
6677c478bdstevel@tonic-gate			msglim(&bad_len, FROM_NADDR, "empty response from %s",
6687c478bdstevel@tonic-gate			    naddr_ntoa(FROM_NADDR));
6697c478bdstevel@tonic-gate			return;
6707c478bdstevel@tonic-gate		}
6717c478bdstevel@tonic-gate
6727c478bdstevel@tonic-gate		if (((ifp->int_state & IS_NO_RIPV1_IN) &&
6737c478bdstevel@tonic-gate		    rip->rip_vers == RIPv1) ||
6747c478bdstevel@tonic-gate		    ((ifp->int_state & IS_NO_RIPV2_IN) &&
6757c478bdstevel@tonic-gate		    rip->rip_vers != RIPv1)) {
6767c478bdstevel@tonic-gate			trace_pkt("    discard RIPv%d response",
6777c478bdstevel@tonic-gate			    rip->rip_vers);
6787c478bdstevel@tonic-gate			return;
6797c478bdstevel@tonic-gate		}
6807c478bdstevel@tonic-gate
6817c478bdstevel@tonic-gate		/*
6827c478bdstevel@tonic-gate		 * Continue to listen to routes via broken interfaces
6837c478bdstevel@tonic-gate		 * which might be declared IS_BROKE because of
6847c478bdstevel@tonic-gate		 * device-driver idiosyncracies, but might otherwise
6857c478bdstevel@tonic-gate		 * be perfectly healthy.
6867c478bdstevel@tonic-gate		 */
6877c478bdstevel@tonic-gate		if (ifp->int_state & IS_BROKE) {
6887c478bdstevel@tonic-gate			trace_pkt("response via broken interface %s",
6897c478bdstevel@tonic-gate			    ifp->int_name);
6907c478bdstevel@tonic-gate		}
6917c478bdstevel@tonic-gate
6927c478bdstevel@tonic-gate		/*
6937c478bdstevel@tonic-gate		 * If the interface cares, ignore bad routers.
6947c478bdstevel@tonic-gate		 * Trace but do not log this problem, because where it
6957c478bdstevel@tonic-gate		 * happens, it happens frequently.
6967c478bdstevel@tonic-gate		 */
6977c478bdstevel@tonic-gate		if (ifp->int_state & IS_DISTRUST) {
6987c478bdstevel@tonic-gate			tg = tgates;
6997c478bdstevel@tonic-gate			while (tg->tgate_addr != FROM_NADDR) {
7007c478bdstevel@tonic-gate				tg = tg->tgate_next;
7017c478bdstevel@tonic-gate				if (tg == NULL) {
7027c478bdstevel@tonic-gate					trace_pkt("    discard RIP response"
7037c478bdstevel@tonic-gate					    " from untrusted router %s",
7047c478bdstevel@tonic-gate					    naddr_ntoa(FROM_NADDR));
7057c478bdstevel@tonic-gate					return;
7067c478bdstevel@tonic-gate				}
7077c478bdstevel@tonic-gate			}
7087c478bdstevel@tonic-gate		}
7097c478bdstevel@tonic-gate
7107c478bdstevel@tonic-gate		/*
7117c478bdstevel@tonic-gate		 * Authenticate the packet if we have a secret.
7127c478bdstevel@tonic-gate		 * If we do not have any secrets, ignore the error in
7137c478bdstevel@tonic-gate		 * RFC 1723 and accept it regardless.
7147c478bdstevel@tonic-gate		 */
7157c478bdstevel@tonic-gate		if (ifp->int_auth[0].type != RIP_AUTH_NONE &&
7167c478bdstevel@tonic-gate		    rip->rip_vers != RIPv1 &&
7177c478bdstevel@tonic-gate		    !ck_passwd(ifp, rip, (uint8_t *)lim, FROM_NADDR, &use_auth))
7187c478bdstevel@tonic-gate			return;
7197c478bdstevel@tonic-gate
7207c478bdstevel@tonic-gate		/*
7217c478bdstevel@tonic-gate		 * Do this only if we're supplying routes to *nobody*.
7227c478bdstevel@tonic-gate		 */
7237c478bdstevel@tonic-gate		if (!should_supply(NULL) && save_space) {
7247c478bdstevel@tonic-gate			/*
7257c478bdstevel@tonic-gate			 * "-S" option.  Instead of entering all routes,
7267c478bdstevel@tonic-gate			 * only enter a default route for the sender of
7277c478bdstevel@tonic-gate			 * this RESPONSE message
7287c478bdstevel@tonic-gate			 */
7297c478bdstevel@tonic-gate
7307c478bdstevel@tonic-gate			/* Should we trust this route from this router? */
7317c478bdstevel@tonic-gate			if (tg != NULL && tg->tgate_nets->mask != 0) {
7327c478bdstevel@tonic-gate				trace_pkt("   ignored unauthorized %s",
7337c478bdstevel@tonic-gate				    addrname(RIP_DEFAULT, 0, 0));
7347c478bdstevel@tonic-gate				break;
7357c478bdstevel@tonic-gate			}
7367c478bdstevel@tonic-gate
7377c478bdstevel@tonic-gate			new.rts_gate = FROM_NADDR;
7387c478bdstevel@tonic-gate			new.rts_router = FROM_NADDR;
7397c478bdstevel@tonic-gate			new.rts_metric = HOPCNT_INFINITY-1;
7407c478bdstevel@tonic-gate			new.rts_tag = n->n_tag;
7417c478bdstevel@tonic-gate			new.rts_time = now.tv_sec;
7427c478bdstevel@tonic-gate			new.rts_ifp = ifp;
7437c478bdstevel@tonic-gate			new.rts_de_ag = 0;
7447c478bdstevel@tonic-gate			new.rts_origin = RO_RIP;
7457c478bdstevel@tonic-gate			/*
7467c478bdstevel@tonic-gate			 * Add the newly generated default route, but don't
7477c478bdstevel@tonic-gate			 * propagate the madness.  Treat it the same way as
7487c478bdstevel@tonic-gate			 * default routes learned from Router Discovery.
7497c478bdstevel@tonic-gate			 */
7507c478bdstevel@tonic-gate			input_route(RIP_DEFAULT, 0, &new, n, RS_NOPROPAGATE);
7517c478bdstevel@tonic-gate			return;
7527c478bdstevel@tonic-gate		}
7537c478bdstevel@tonic-gate
7547c478bdstevel@tonic-gate		if (!IS_IFF_ROUTING(ifp->int_if_flags)) {
7557c478bdstevel@tonic-gate			/*
7567c478bdstevel@tonic-gate			 * We don't want to propagate routes which would
7577c478bdstevel@tonic-gate			 * result in a black-hole.
7587c478bdstevel@tonic-gate			 */
7597c478bdstevel@tonic-gate			rt_state = RS_NOPROPAGATE;
7607c478bdstevel@tonic-gate		}
7617c478bdstevel@tonic-gate
7627c478bdstevel@tonic-gate		do {
7637c478bdstevel@tonic-gate			if (n->n_family == RIP_AF_AUTH)
7647c478bdstevel@tonic-gate				continue;
7657c478bdstevel@tonic-gate
7667c478bdstevel@tonic-gate			n->n_metric = ntohl(n->n_metric);
7677c478bdstevel@tonic-gate			dst = n->n_dst;
7687c478bdstevel@tonic-gate			if (n->n_family != RIP_AF_INET &&
7697c478bdstevel@tonic-gate			    (n->n_family != RIP_AF_UNSPEC ||
7707c478bdstevel@tonic-gate			    dst != RIP_DEFAULT)) {
7717c478bdstevel@tonic-gate				msglim(&bad_router, FROM_NADDR,
7727c478bdstevel@tonic-gate				    "route from %s to unsupported"
7737c478bdstevel@tonic-gate				    " address family=%d destination=%s",
7747c478bdstevel@tonic-gate				    naddr_ntoa(FROM_NADDR), n->n_family,
7757c478bdstevel@tonic-gate				    naddr_ntoa(dst));
7767c478bdstevel@tonic-gate				continue;
7777c478bdstevel@tonic-gate			}
7787c478bdstevel@tonic-gate			if (!check_dst(dst)) {
7797c478bdstevel@tonic-gate				msglim(&bad_router, FROM_NADDR,
7807c478bdstevel@tonic-gate				    "bad destination %s from %s",
7817c478bdstevel@tonic-gate				    naddr_ntoa(dst),
7827c478bdstevel@tonic-gate				    naddr_ntoa(FROM_NADDR));
7837c478bdstevel@tonic-gate				continue;
7847c478bdstevel@tonic-gate			}
7857c478bdstevel@tonic-gate			if (n->n_metric == 0 || n->n_metric > HOPCNT_INFINITY) {
7867c478bdstevel@tonic-gate				msglim(&bad_router, FROM_NADDR,
7877c478bdstevel@tonic-gate				    "bad metric %d from %s"
7887c478bdstevel@tonic-gate				    " for destination %s",
7897c478bdstevel@tonic-gate				    n->n_metric, naddr_ntoa(FROM_NADDR),
7907c478bdstevel@tonic-gate				    naddr_ntoa(dst));
7917c478bdstevel@tonic-gate				continue;
7927c478bdstevel@tonic-gate			}
7937c478bdstevel@tonic-gate
7947c478bdstevel@tonic-gate			/*
7957c478bdstevel@tonic-gate			 * Notice the next-hop.
7967c478bdstevel@tonic-gate			 */
7977c478bdstevel@tonic-gate			gate = FROM_NADDR;
7987c478bdstevel@tonic-gate			if (n->n_nhop != 0) {
7997c478bdstevel@tonic-gate				if (rip->rip_vers == RIPv1) {
8007c478bdstevel@tonic-gate					n->n_nhop = 0;
8017c478bdstevel@tonic-gate				} else {
8027c478bdstevel@tonic-gate					/* Use it only if it is valid. */
8037c478bdstevel@tonic-gate					if (on_net(n->n_nhop,
8047c478bdstevel@tonic-gate					    ifp->int_net, ifp->int_mask) &&
8057c478bdstevel@tonic-gate					    check_dst(n->n_nhop)) {
8067c478bdstevel@tonic-gate						gate = n->n_nhop;
8077c478bdstevel@tonic-gate					} else {
8087c478bdstevel@tonic-gate						msglim(&bad_nhop,
8097c478bdstevel@tonic-gate						    FROM_NADDR,
8107c478bdstevel@tonic-gate						    "router %s to %s"
8117c478bdstevel@tonic-gate						    " has bad next hop %s",
8127c478bdstevel@tonic-gate						    naddr_ntoa(FROM_NADDR),
8137c478bdstevel@tonic-gate						    naddr_ntoa(dst),
8147c478bdstevel@tonic-gate						    naddr_ntoa(n->n_nhop));
8157c478bdstevel@tonic-gate						n->n_nhop = 0;
8167c478bdstevel@tonic-gate					}
8177c478bdstevel@tonic-gate				}
8187c478bdstevel@tonic-gate			}
8197c478bdstevel@tonic-gate
8207c478bdstevel@tonic-gate			if (rip->rip_vers == RIPv1 ||
8217c478bdstevel@tonic-gate			    0 == (mask = ntohl(n->n_mask))) {
8227c478bdstevel@tonic-gate				mask = ripv1_mask_host(dst, ifp);
8237c478bdstevel@tonic-gate			} else if ((ntohl(dst) & ~mask) != 0) {
8247c478bdstevel@tonic-gate				msglim(&bad_mask, FROM_NADDR,
8257c478bdstevel@tonic-gate				    "router %s sent bad netmask %s with %s",
8267c478bdstevel@tonic-gate				    naddr_ntoa(FROM_NADDR),
8277c478bdstevel@tonic-gate				    naddr_ntoa(htonl(mask)),
8287c478bdstevel@tonic-gate				    naddr_ntoa(dst));
8297c478bdstevel@tonic-gate				continue;
8307c478bdstevel@tonic-gate			}
8317c478bdstevel@tonic-gate
8327c478bdstevel@tonic-gate			if (mask == HOST_MASK &&
8337c478bdstevel@tonic-gate			    (ifp->int_state & IS_NO_HOST)) {
8347c478bdstevel@tonic-gate				trace_pkt("   ignored host route %s",
8357c478bdstevel@tonic-gate				    addrname(dst, mask, 0));
8367c478bdstevel@tonic-gate				continue;
8377c478bdstevel@tonic-gate			}
8387c478bdstevel@tonic-gate
8397c478bdstevel@tonic-gate			if (rip->rip_vers == RIPv1)
8407c478bdstevel@tonic-gate				n->n_tag = 0;
8417c478bdstevel@tonic-gate
8427c478bdstevel@tonic-gate			/*
8437c478bdstevel@tonic-gate			 * Adjust metric according to incoming interface cost.
8447c478bdstevel@tonic-gate			 * We intentionally don't drop incoming routes with
8457c478bdstevel@tonic-gate			 * metric 15 on the floor even though they will
8467c478bdstevel@tonic-gate			 * not be advertised to other routers.  We can use
8477c478bdstevel@tonic-gate			 * such routes locally, resulting in a network with
8487c478bdstevel@tonic-gate			 * a maximum width of 15 hops rather than 14.
8497c478bdstevel@tonic-gate			 */
8507c478bdstevel@tonic-gate			n->n_metric += ifp->int_metric;
8517c478bdstevel@tonic-gate			if (n->n_metric > HOPCNT_INFINITY)
8527c478bdstevel@tonic-gate				n->n_metric = HOPCNT_INFINITY;
8537c478bdstevel@tonic-gate
8547c478bdstevel@tonic-gate			/*
8557c478bdstevel@tonic-gate			 * Should we trust this route from this router?
8567c478bdstevel@tonic-gate			 */
8577c478bdstevel@tonic-gate			if (tg != NULL && (tn = tg->tgate_nets)->mask != 0) {
8587c478bdstevel@tonic-gate				for (i = 0; i < MAX_TGATE_NETS; i++, tn++) {
8597c478bdstevel@tonic-gate					if (on_net(dst, tn->net, tn->mask) &&
8607c478bdstevel@tonic-gate					    tn->mask <= mask)
8617c478bdstevel@tonic-gate						break;
8627c478bdstevel@tonic-gate				}
8637c478bdstevel@tonic-gate				if (i >= MAX_TGATE_NETS || tn->mask == 0) {
8647c478bdstevel@tonic-gate					trace_pkt("   ignored unauthorized %s",
8657c478bdstevel@tonic-gate					    addrname(dst, mask, 0));
8667c478bdstevel@tonic-gate					continue;
8677c478bdstevel@tonic-gate				}
8687c478bdstevel@tonic-gate			}
8697c478bdstevel@tonic-gate
8707c478bdstevel@tonic-gate			/*
8717c478bdstevel@tonic-gate			 * Recognize and ignore a default route we faked
8727c478bdstevel@tonic-gate			 * which is being sent back to us by a machine with
8737c478bdstevel@tonic-gate			 * broken split-horizon. Be a little more paranoid
8747c478bdstevel@tonic-gate			 * than that, and reject default routes with the
8757c478bdstevel@tonic-gate			 * same metric we advertised.
8767c478bdstevel@tonic-gate			 */
8777c478bdstevel@tonic-gate			if (ifp->int_d_metric != 0 && dst == RIP_DEFAULT &&
8787c478bdstevel@tonic-gate			    n->n_metric >= ifp->int_d_metric)
8797c478bdstevel@tonic-gate				continue;
8807c478bdstevel@tonic-gate
8817c478bdstevel@tonic-gate			/*
8827c478bdstevel@tonic-gate			 * We can receive aggregated RIPv2 routes that must
8837c478bdstevel@tonic-gate			 * be broken down before they are transmitted by
8847c478bdstevel@tonic-gate			 * RIPv1 via an interface on a subnet. We might
8857c478bdstevel@tonic-gate			 * also receive the same routes aggregated via
8867c478bdstevel@tonic-gate			 * other RIPv2 interfaces.  This could cause
8877c478bdstevel@tonic-gate			 * duplicate routes to be sent on the RIPv1
8887c478bdstevel@tonic-gate			 * interfaces. "Longest matching variable length
8897c478bdstevel@tonic-gate			 * netmasks" lets RIPv2 listeners understand, but
8907c478bdstevel@tonic-gate			 * breaking down the aggregated routes for RIPv1
8917c478bdstevel@tonic-gate			 * listeners can produce duplicate routes.
8927c478bdstevel@tonic-gate			 *
8937c478bdstevel@tonic-gate			 * Breaking down aggregated routes here bloats the
8947c478bdstevel@tonic-gate			 * daemon table, but does not hurt the kernel
8957c478bdstevel@tonic-gate			 * table, since routes are always aggregated for
8967c478bdstevel@tonic-gate			 * the kernel.
8977c478bdstevel@tonic-gate			 *
8987c478bdstevel@tonic-gate			 * Notice that this does not break down network
8997c478bdstevel@tonic-gate			 * routes corresponding to subnets. This is part of
9007c478bdstevel@tonic-gate			 * the defense against RS_NET_SYN.
9017c478bdstevel@tonic-gate			 */
9027c478bdstevel@tonic-gate			if (have_ripv1_out &&
9037c478bdstevel@tonic-gate			    (((rt = rtget(dst, mask)) == NULL ||
9047c478bdstevel@tonic-gate			    !(rt->rt_state & RS_NET_SYN))) &&
9057c478bdstevel@tonic-gate			    (v1_mask = ripv1_mask_net(dst, 0)) > mask) {
9067c478bdstevel@tonic-gate				/* Get least significant set bit */
9077c478bdstevel@tonic-gate				ddst_h = v1_mask & -v1_mask;
9087c478bdstevel@tonic-gate				i = (v1_mask & ~mask)/ddst_h;
9097c478bdstevel@tonic-gate				/*
9107c478bdstevel@tonic-gate				 * If you're going to make 512 or more
9117c478bdstevel@tonic-gate				 * routes, then that's just too many.  The
9127c478bdstevel@tonic-gate				 * reason here is that breaking an old
9137c478bdstevel@tonic-gate				 * class B into /24 allocations is common
9147c478bdstevel@tonic-gate				 * enough that allowing for the creation of
9157c478bdstevel@tonic-gate				 * at least 256 deaggregated routes is
9167c478bdstevel@tonic-gate				 * good.  The next power of 2 is 512.
9177c478bdstevel@tonic-gate				 */
9187c478bdstevel@tonic-gate				if (i >= 511) {
9197c478bdstevel@tonic-gate					/*
9207c478bdstevel@tonic-gate					 * Punt if we would have to
9217c478bdstevel@tonic-gate					 * generate an unreasonable number
9227c478bdstevel@tonic-gate					 * of routes.
9237c478bdstevel@tonic-gate					 */
9247c478bdstevel@tonic-gate					if (TRACECONTENTS)
9257c478bdstevel@tonic-gate						trace_misc("accept %s-->%s as 1"
9267c478bdstevel@tonic-gate						    " instead of %d routes",
9277c478bdstevel@tonic-gate						    addrname(dst, mask, 0),
9287c478bdstevel@tonic-gate						    naddr_ntoa(FROM_NADDR),
9297c478bdstevel@tonic-gate						    i + 1);
9307c478bdstevel@tonic-gate					i = 0;
9317c478bdstevel@tonic-gate				} else {
9327c478bdstevel@tonic-gate					mask = v1_mask;
9337c478bdstevel@tonic-gate				}
9347c478bdstevel@tonic-gate			} else {
9357c478bdstevel@tonic-gate				i = 0;
9367c478bdstevel@tonic-gate			}
9377c478bdstevel@tonic-gate
9387c478bdstevel@tonic-gate			new.rts_gate = gate;
9397c478bdstevel@tonic-gate			new.rts_router = FROM_NADDR;
9407c478bdstevel@tonic-gate			new.rts_metric = n->n_metric;
9417c478bdstevel@tonic-gate			new.rts_tag = n->n_tag;
9427c478bdstevel@tonic-gate			new.rts_time = now.tv_sec;
9437c478bdstevel@tonic-gate			new.rts_ifp = ifp;
9447c478bdstevel@tonic-gate			new.rts_de_ag = i;
9457c478bdstevel@tonic-gate			new.rts_origin = RO_RIP;
9467c478bdstevel@tonic-gate			j = 0;
9477c478bdstevel@tonic-gate			for (;;) {
9487c478bdstevel@tonic-gate				input_route(dst, mask, &new, n, rt_state);
9497c478bdstevel@tonic-gate				if (++j > i)
9507c478bdstevel@tonic-gate					break;
9517c478bdstevel@tonic-gate				dst = htonl(ntohl(dst) + ddst_h);
9527c478bdstevel@tonic-gate			}
9537c478bdstevel@tonic-gate		} while (++n < lim);
9547c478bdstevel@tonic-gate		return;
9557c478bdstevel@tonic-gate	case RIPCMD_POLLENTRY:
9567c478bdstevel@tonic-gate		/*
9577c478bdstevel@tonic-gate		 * With this command one can request a single entry.
9587c478bdstevel@tonic-gate		 * Both silent processes and routers can respond to this
9597c478bdstevel@tonic-gate		 * command
9607c478bdstevel@tonic-gate		 */
9617c478bdstevel@tonic-gate
9627c478bdstevel@tonic-gate		if (n >= lim) {
9637c478bdstevel@tonic-gate			msglim(&bad_len, FROM_NADDR, "empty request from %s",
9647c478bdstevel@tonic-gate			    naddr_ntoa(FROM_NADDR));
9657c478bdstevel@tonic-gate			return;
9667c478bdstevel@tonic-gate		}
9677c478bdstevel@tonic-gate		if (cc%sizeof (*n) != sizeof (struct rip)%sizeof (*n)) {
9687c478bdstevel@tonic-gate			msglim(&bad_len, FROM_NADDR,
9697c478bdstevel@tonic-gate			    "request of bad length (%d) from %s",
9707c478bdstevel@tonic-gate			    cc, naddr_ntoa(FROM_NADDR));
9717c478bdstevel@tonic-gate		}
9727c478bdstevel@tonic-gate
9737c478bdstevel@tonic-gate		if (rip->rip_vers == RIPv2 && (ifp == NULL ||
9747c478bdstevel@tonic-gate		    (ifp->int_state & IS_NO_RIPV1_OUT))) {
9757c478bdstevel@tonic-gate			v12buf.buf->rip_vers = RIPv2;
9767c478bdstevel@tonic-gate		} else {
9777c478bdstevel@tonic-gate			v12buf.buf->rip_vers = RIPv1;
9787c478bdstevel@tonic-gate		}
9797c478bdstevel@tonic-gate		/* Dont bother with md5 authentication with POLLENTRY */
9807c478bdstevel@tonic-gate		ap = NULL;
9817c478bdstevel@tonic-gate		clr_ws_buf(&v12buf, ap);
9827c478bdstevel@tonic-gate
9837c478bdstevel@tonic-gate		n->n_metric = ntohl(n->n_metric);
9847c478bdstevel@tonic-gate
9857c478bdstevel@tonic-gate		if (n->n_family != RIP_AF_INET) {
9867c478bdstevel@tonic-gate			msglim(&bad_router, FROM_NADDR,
9877c478bdstevel@tonic-gate			    "POLLENTRY request from %s for unsupported"
9887c478bdstevel@tonic-gate			    " (af %d) %s",
9897c478bdstevel@tonic-gate			    naddr_ntoa(FROM_NADDR),
9907c478bdstevel@tonic-gate			    ntohs(n->n_family),
9917c478bdstevel@tonic-gate			    naddr_ntoa(n->n_dst));
9927c478bdstevel@tonic-gate			return;
9937c478bdstevel@tonic-gate		}
9947c478bdstevel@tonic-gate
9957c478bdstevel@tonic-gate		/* We are being asked about a specific destination. */
9967c478bdstevel@tonic-gate		v12buf.n->n_dst = dst = n->n_dst;
9977c478bdstevel@tonic-gate		v12buf.n->n_family = RIP_AF_INET;
9987c478bdstevel@tonic-gate		if (!check_dst(dst)) {
9997c478bdstevel@tonic-gate			msglim(&bad_router, FROM_NADDR,
10007c478bdstevel@tonic-gate			    "bad queried destination %s from %s",
10017c478bdstevel@tonic-gate			    naddr_ntoa(dst),
10027c478bdstevel@tonic-gate			    naddr_ntoa(FROM_NADDR));
10037c478bdstevel@tonic-gate			v12buf.n->n_metric = HOPCNT_INFINITY;
10047c478bdstevel@tonic-gate			goto pollentry_done;
10057c478bdstevel@tonic-gate		}
10067c478bdstevel@tonic-gate
10077c478bdstevel@tonic-gate		/* decide what mask was intended */
10087c478bdstevel@tonic-gate		if (rip->rip_vers == RIPv1 ||
10097c478bdstevel@tonic-gate		    0 == (mask = ntohl(n->n_mask)) ||
10107c478bdstevel@tonic-gate		    0 != (ntohl(dst) & ~mask))
10117c478bdstevel@tonic-gate			mask = ripv1_mask_host(dst, ifp);
10127c478bdstevel@tonic-gate
10137c478bdstevel@tonic-gate		/* try to find the answer */
10147c478bdstevel@tonic-gate		rt = rtget(dst, mask);
10157c478bdstevel@tonic-gate		if (rt == NULL && dst != RIP_DEFAULT)
10167c478bdstevel@tonic-gate			rt = rtfind(n->n_dst);
10177c478bdstevel@tonic-gate
10187c478bdstevel@tonic-gate		if (v12buf.buf->rip_vers != RIPv1)
10197c478bdstevel@tonic-gate			v12buf.n->n_mask = htonl(mask);
10207c478bdstevel@tonic-gate		if (rt == NULL) {
10217c478bdstevel@tonic-gate			/* we do not have the answer */
10227c478bdstevel@tonic-gate			v12buf.n->n_metric = HOPCNT_INFINITY;
10237c478bdstevel@tonic-gate			goto pollentry_done;
10247c478bdstevel@tonic-gate		}
10257c478bdstevel@tonic-gate
10267c478bdstevel@tonic-gate
10277c478bdstevel@tonic-gate		/*
10287c478bdstevel@tonic-gate		 * we have the answer, so compute the right metric and next
10297c478bdstevel@tonic-gate		 * hop.
10307c478bdstevel@tonic-gate		 */
10317c478bdstevel@tonic-gate		v12buf.n->n_metric = rt->rt_metric + 1;
10327c478bdstevel@tonic-gate		if (v12buf.n->n_metric > HOPCNT_INFINITY)
10337c478bdstevel@tonic-gate			v12buf.n->n_metric = HOPCNT_INFINITY;
10347c478bdstevel@tonic-gate		if (v12buf.buf->rip_vers != RIPv1) {
10357c478bdstevel@tonic-gate			v12buf.n->n_tag = rt->rt_tag;
10367c478bdstevel@tonic-gate			if (ifp != NULL &&
10377c478bdstevel@tonic-gate			    on_net(rt->rt_gate, ifp->int_net, ifp->int_mask) &&
10387c478bdstevel@tonic-gate			    rt->rt_gate != ifp->int_addr)
10397c478bdstevel@tonic-gate				v12buf.n->n_nhop = rt->rt_gate;
10407c478bdstevel@tonic-gate		}
10417c478bdstevel@tonic-gatepollentry_done:
10427c478bdstevel@tonic-gate		v12buf.n->n_metric = htonl(v12buf.n->n_metric);
10437c478bdstevel@tonic-gate
10447c478bdstevel@tonic-gate		/*
10457c478bdstevel@tonic-gate		 * Send the answer about specific routes.
10467c478bdstevel@tonic-gate		 */
10477c478bdstevel@tonic-gate		(void) output(OUT_QUERY, from, ifp, v12buf.buf,
10487c478bdstevel@tonic-gate		    ((char *)v12buf.n - (char *)v12buf.buf));
10497c478bdstevel@tonic-gate		break;
10507c478bdstevel@tonic-gate	}
10517c478bdstevel@tonic-gate#undef FROM_NADDR
10527c478bdstevel@tonic-gate}
10537c478bdstevel@tonic-gate
10547c478bdstevel@tonic-gate
10557c478bdstevel@tonic-gate/*
10567c478bdstevel@tonic-gate * Process a single input route.
10577c478bdstevel@tonic-gate */
10587c478bdstevel@tonic-gatevoid
10597c478bdstevel@tonic-gateinput_route(in_addr_t dst,			/* network order */
10607c478bdstevel@tonic-gate    in_addr_t mask,
10617c478bdstevel@tonic-gate    struct rt_spare *new,
10627c478bdstevel@tonic-gate    struct netinfo *n,
10637c478bdstevel@tonic-gate    uint16_t rt_state)
10647c478bdstevel@tonic-gate{
10657c478bdstevel@tonic-gate	int i;
10667c478bdstevel@tonic-gate	struct rt_entry *rt;
10677c478bdstevel@tonic-gate	struct rt_spare *rts, *rts0;
10687c478bdstevel@tonic-gate	struct interface *ifp1;
10697c478bdstevel@tonic-gate	struct rt_spare *ptr;
10707c478bdstevel@tonic-gate	size_t ptrsize;
10717c478bdstevel@tonic-gate
10727c478bdstevel@tonic-gate	/*
10737c478bdstevel@tonic-gate	 * See if we can already get there by a working interface.  Ignore
10747c478bdstevel@tonic-gate	 * if so.
10757c478bdstevel@tonic-gate	 */
10767c478bdstevel@tonic-gate	ifp1 = ifwithaddr(dst, _B_TRUE, _B_FALSE);
10777c478bdstevel@tonic-gate	if (ifp1 != NULL && (ifp1->int_state & IS_PASSIVE))
10787c478bdstevel@tonic-gate		return;
10797c478bdstevel@tonic-gate
10807c478bdstevel@tonic-gate	/*
10817c478bdstevel@tonic-gate	 * Look for the route in our table.
10827c478bdstevel@tonic-gate	 */
10837c478bdstevel@tonic-gate	rt = rtget(dst, mask);
10847c478bdstevel@tonic-gate
10857c478bdstevel@tonic-gate	/* Consider adding the route if we do not already have it. */
10867c478bdstevel@tonic-gate	if (rt == NULL) {
10877c478bdstevel@tonic-gate		/* Ignore unknown routes being poisoned. */
10887c478bdstevel@tonic-gate		if (new->rts_metric == HOPCNT_INFINITY)
10897c478bdstevel@tonic-gate			return;
10907c478bdstevel@tonic-gate
10917c478bdstevel@tonic-gate		/* Ignore the route if it points to us */
10927c478bdstevel@tonic-gate		if (n != NULL && n->n_nhop != 0 &&
10937c478bdstevel@tonic-gate		    NULL != ifwithaddr(n->n_nhop, _B_TRUE, _B_FALSE))
10947c478bdstevel@tonic-gate			return;
10957c478bdstevel@tonic-gate
10967c478bdstevel@tonic-gate		/*
10977c478bdstevel@tonic-gate		 * If something has not gone crazy and tried to fill
10987c478bdstevel@tonic-gate		 * our memory, accept the new route.
10997c478bdstevel@tonic-gate		 */
11007c478bdstevel@tonic-gate		rtadd(dst, mask, rt_state, new);
11017c478bdstevel@tonic-gate		return;
11027c478bdstevel@tonic-gate	}
11037c478bdstevel@tonic-gate
11047c478bdstevel@tonic-gate	/*
11057c478bdstevel@tonic-gate	 * We already know about the route.  Consider this update.
11067c478bdstevel@tonic-gate	 *
11077c478bdstevel@tonic-gate	 * If (rt->rt_state & RS_NET_SYN), then this route
11087c478bdstevel@tonic-gate	 * is the same as a network route we have inferred
11097c478bdstevel@tonic-gate	 * for subnets we know, in order to tell RIPv1 routers
11107c478bdstevel@tonic-gate	 * about the subnets.
11117c478bdstevel@tonic-gate	 *
11127c478bdstevel@tonic-gate	 * It is impossible to tell if the route is coming
11137c478bdstevel@tonic-gate	 * from a distant RIPv2 router with the standard
11147c478bdstevel@tonic-gate	 * netmask because that router knows about the entire
11157c478bdstevel@tonic-gate	 * network, or if it is a round-about echo of a
11167c478bdstevel@tonic-gate	 * synthetic, RIPv1 network route of our own.
11177c478bdstevel@tonic-gate	 * The worst is that both kinds of routes might be
11187c478bdstevel@tonic-gate	 * received, and the bad one might have the smaller
11197c478bdstevel@tonic-gate	 * metric.  Partly solve this problem by never
11207c478bdstevel@tonic-gate	 * aggregating into such a route.  Also keep it
11217c478bdstevel@tonic-gate	 * around as long as the interface exists.
11227c478bdstevel@tonic-gate	 */
11237c478bdstevel@tonic-gate
11247c478bdstevel@tonic-gate	rts0 = rt->rt_spares;
11257c478bdstevel@tonic-gate	for (rts = rts0, i = rt->rt_num_spares; i != 0; i--, rts++) {
11267c478bdstevel@tonic-gate		if (rts->rts_router == new->rts_router)
11277c478bdstevel@tonic-gate			break;
11287c478bdstevel@tonic-gate		/*
11297c478bdstevel@tonic-gate		 * Note the worst slot to reuse,
11307c478bdstevel@tonic-gate		 * other than the current slot.
11317c478bdstevel@tonic-gate		 */
11327c478bdstevel@tonic-gate		if (BETTER_LINK(rt, rts0, rts))
11337c478bdstevel@tonic-gate			rts0 = rts;
11347c478bdstevel@tonic-gate	}
11357c478bdstevel@tonic-gate	if (i != 0) {
11367c478bdstevel@tonic-gate		/*
11377c478bdstevel@tonic-gate		 * Found a route from the router already in the table.
11387c478bdstevel@tonic-gate		 */
11397c478bdstevel@tonic-gate
11407c478bdstevel@tonic-gate		/*
11417c478bdstevel@tonic-gate		 * If the new route is a route broken down from an
11427c478bdstevel@tonic-gate		 * aggregated route, and if the previous route is either
11437c478bdstevel@tonic-gate		 * not a broken down route or was broken down from a finer
11447c478bdstevel@tonic-gate		 * netmask, and if the previous route is current,
11457c478bdstevel@tonic-gate		 * then forget this one.
11467c478bdstevel@tonic-gate		 */
11477c478bdstevel@tonic-gate		if (new->rts_de_ag > rts->rts_de_ag &&
11487c478bdstevel@tonic-gate		    now_stale <= rts->rts_time)
11497c478bdstevel@tonic-gate			return;
11507c478bdstevel@tonic-gate
11517c478bdstevel@tonic-gate		/*
11527c478bdstevel@tonic-gate		 * Keep poisoned routes around only long enough to pass
11537c478bdstevel@tonic-gate		 * the poison on.  Use a new timestamp for good routes.
11547c478bdstevel@tonic-gate		 */
11557c478bdstevel@tonic-gate		if (rts->rts_metric == HOPCNT_INFINITY &&
11567c478bdstevel@tonic-gate		    new->rts_metric == HOPCNT_INFINITY)
11577c478bdstevel@tonic-gate			new->rts_time = rts->rts_time;
11587c478bdstevel@tonic-gate
11597c478bdstevel@tonic-gate		/*
11607c478bdstevel@tonic-gate		 * If this is an update for the router we currently prefer,
11617c478bdstevel@tonic-gate		 * then note it.
11627c478bdstevel@tonic-gate		 */
11637c478bdstevel@tonic-gate		if (i == rt->rt_num_spares) {
1164d6b3210sowmini			uint8_t old_metric = rts->rts_metric;
1165d6b3210sowmini
11667c478bdstevel@tonic-gate			rtchange(rt, rt->rt_state | rt_state, new, 0);
11677c478bdstevel@tonic-gate			/*
11687c478bdstevel@tonic-gate			 * If the route got worse, check for something better.
11697c478bdstevel@tonic-gate			 */
1170d6b3210sowmini			if (new->rts_metric != old_metric)
11717c478bdstevel@tonic-gate				rtswitch(rt, 0);
11727c478bdstevel@tonic-gate			return;
11737c478bdstevel@tonic-gate		}
11747c478bdstevel@tonic-gate
11757c478bdstevel@tonic-gate		/*
11767c478bdstevel@tonic-gate		 * This is an update for a spare route.
11777c478bdstevel@tonic-gate		 * Finished if the route is unchanged.
11787c478bdstevel@tonic-gate		 */
11797c478bdstevel@tonic-gate		if (rts->rts_gate == new->rts_gate &&
11807c478bdstevel@tonic-gate		    rts->rts_metric == new->rts_metric &&
11817c478bdstevel@tonic-gate		    rts->rts_tag == new->rts_tag) {
11827c478bdstevel@tonic-gate			if ((rt->rt_dst == RIP_DEFAULT) &&
11837c478bdstevel@tonic-gate			    (rts->rts_ifp != new->rts_ifp))
11847c478bdstevel@tonic-gate				trace_misc("input_route update for spare");
11857c478bdstevel@tonic-gate			trace_upslot(rt, rts, new);
11867c478bdstevel@tonic-gate			*rts = *new;
11877c478bdstevel@tonic-gate			return;
11887c478bdstevel@tonic-gate		}
11897c478bdstevel@tonic-gate
11907c478bdstevel@tonic-gate		/*
11917c478bdstevel@tonic-gate		 * Forget it if it has gone bad.
11927c478bdstevel@tonic-gate		 */
11937c478bdstevel@tonic-gate		if (new->rts_metric == HOPCNT_INFINITY) {
11947c478bdstevel@tonic-gate			rts_delete(rt, rts);
11957c478bdstevel@tonic-gate			return;
11967c478bdstevel@tonic-gate		}
11977c478bdstevel@tonic-gate
11987c478bdstevel@tonic-gate	} else {
11997c478bdstevel@tonic-gate		/*
12007c478bdstevel@tonic-gate		 * The update is for a route we know about,
12017c478bdstevel@tonic-gate		 * but not from a familiar router.
12027c478bdstevel@tonic-gate		 *
12037c478bdstevel@tonic-gate		 * Ignore the route if it points to us.
12047c478bdstevel@tonic-gate		 */
12057c478bdstevel@tonic-gate		if (n != NULL && n->n_nhop != 0 &&
12067c478bdstevel@tonic-gate		    NULL != ifwithaddr(n->n_nhop, _B_TRUE, _B_FALSE))
12077c478bdstevel@tonic-gate			return;
12087c478bdstevel@tonic-gate
12097c478bdstevel@tonic-gate		/* the loop above set rts0=worst spare */
12107c478bdstevel@tonic-gate		if (rts0->rts_metric < HOPCNT_INFINITY) {
12117c478bdstevel@tonic-gate			ptrsize = (rt->rt_num_spares + SPARE_INC) *
12127c478bdstevel@tonic-gate			    sizeof (struct rt_spare);
12137c478bdstevel@tonic-gate			ptr = realloc(rt->rt_spares, ptrsize);
12147c478bdstevel@tonic-gate			if (ptr != NULL) {
12157c478bdstevel@tonic-gate
12167c478bdstevel@tonic-gate				rt->rt_spares = ptr;
12177c478bdstevel@tonic-gate				rts0 = &rt->rt_spares[rt->rt_num_spares];
12187c478bdstevel@tonic-gate				(void) memset(rts0, 0,
12197c478bdstevel@tonic-gate				    SPARE_INC * sizeof (struct rt_spare));
12207c478bdstevel@tonic-gate				rt->rt_num_spares += SPARE_INC;
12217c478bdstevel@tonic-gate				for (rts = rts0, i = SPARE_INC;
12227c478bdstevel@tonic-gate				    i != 0; i--, rts++)
12237c478bdstevel@tonic-gate					rts->rts_metric = HOPCNT_INFINITY;
12247c478bdstevel@tonic-gate			}
12257c478bdstevel@tonic-gate		}
12267c478bdstevel@tonic-gate		rts = rts0;
12277c478bdstevel@tonic-gate
12287c478bdstevel@tonic-gate		/*
12297c478bdstevel@tonic-gate		 * Save the route as a spare only if it has
12307c478bdstevel@tonic-gate		 * a better metric than our worst spare.
12317c478bdstevel@tonic-gate		 * This also ignores poisoned routes (those
12327c478bdstevel@tonic-gate		 * received with metric HOPCNT_INFINITY).
12337c478bdstevel@tonic-gate		 */
12347c478bdstevel@tonic-gate		if (new->rts_metric >= rts->rts_metric)
12357c478bdstevel@tonic-gate			return;
12367c478bdstevel@tonic-gate	}
12377c478bdstevel@tonic-gate	trace_upslot(rt, rts, new);
12387c478bdstevel@tonic-gate	*rts = *new;
12397c478bdstevel@tonic-gate
12407c478bdstevel@tonic-gate	/* try to switch to a better route */
12417c478bdstevel@tonic-gate	rtswitch(rt, rts);
12427c478bdstevel@tonic-gate}
12437c478bdstevel@tonic-gate
12447c478bdstevel@tonic-gate/*
12457c478bdstevel@tonic-gate * Recorded information about peer's MD5 sequence numbers.  This is
12467c478bdstevel@tonic-gate * used to validate that received sequence numbers are in
12477c478bdstevel@tonic-gate * non-decreasing order as per the RFC.
12487c478bdstevel@tonic-gate */
12497c478bdstevel@tonic-gatestruct peer_hash {
12507c478bdstevel@tonic-gate	struct peer_hash *ph_next;
12517c478bdstevel@tonic-gate	in_addr_t ph_addr;
12527c478bdstevel@tonic-gate	time_t ph_heard;
12537c478bdstevel@tonic-gate	uint32_t ph_seqno;
12547c478bdstevel@tonic-gate};
12557c478bdstevel@tonic-gate
12567c478bdstevel@tonic-gatestatic struct peer_hash **peer_hashes;
12577c478bdstevel@tonic-gatestatic int ph_index;
12587c478bdstevel@tonic-gatestatic int ph_num_peers;
12597c478bdstevel@tonic-gate
12607c478bdstevel@tonic-gate/*
12617c478bdstevel@tonic-gate * Get a peer_hash structure from the hash of known peers.  Create a
12627c478bdstevel@tonic-gate * new one if not found.  Returns NULL on unrecoverable allocation
12637c478bdstevel@tonic-gate * failure.
12647c478bdstevel@tonic-gate */
12657c478bdstevel@tonic-gatestatic struct peer_hash *
12667c478bdstevel@tonic-gateget_peer_info(in_addr_t from)
12677c478bdstevel@tonic-gate{
12687c478bdstevel@tonic-gate	struct peer_hash *php;
12697c478bdstevel@tonic-gate	struct peer_hash *pnhp;
12707c478bdstevel@tonic-gate	struct peer_hash **ph_pp;
12717c478bdstevel@tonic-gate	struct peer_hash **ph2_pp;
12727c478bdstevel@tonic-gate	struct peer_hash **ph3_pp;
12737c478bdstevel@tonic-gate	int i;
12747c478bdstevel@tonic-gate	static uint_t failed_count;
12757c478bdstevel@tonic-gate
12767c478bdstevel@tonic-gate	if (peer_hashes == NULL) {
12777c478bdstevel@tonic-gate		peer_hashes = calloc(hash_table_sizes[0],
12787c478bdstevel@tonic-gate		    sizeof (peer_hashes[0]));
12797c478bdstevel@tonic-gate		if (peer_hashes == NULL) {
12807c478bdstevel@tonic-gate			if (++failed_count % 100 == 1)
12817c478bdstevel@tonic-gate				msglog("no memory for peer hash");
12827c478bdstevel@tonic-gate			return (NULL);
12837c478bdstevel@tonic-gate		}
12847c478bdstevel@tonic-gate	}
12857c478bdstevel@tonic-gate	/* Search for peer in existing hash table */
12867c478bdstevel@tonic-gate	ph_pp = peer_hashes + (from % hash_table_sizes[ph_index]);
12877c478bdstevel@tonic-gate	for (php = ph_pp[0]; php != NULL; php = php->ph_next) {
12887c478bdstevel@tonic-gate		if (php->ph_addr == from)
12897c478bdstevel@tonic-gate			return (php);
12907c478bdstevel@tonic-gate	}
12917c478bdstevel@tonic-gate	/*
12927c478bdstevel@tonic-gate	 * Not found; we need to add this peer to the table.  If there
12937c478bdstevel@tonic-gate	 * are already too many peers, then try to expand the table
12947c478bdstevel@tonic-gate	 * first.  It's not a big deal if we can't expand the table
12957c478bdstevel@tonic-gate	 * right now due to memory constraints.  We'll try again
12967c478bdstevel@tonic-gate	 * later.
12977c478bdstevel@tonic-gate	 */
12987c478bdstevel@tonic-gate	if (ph_num_peers >= hash_table_sizes[ph_index] * 5 &&
12997c478bdstevel@tonic-gate	    hash_table_sizes[ph_index + 1] != 0 &&
13007c478bdstevel@tonic-gate	    (ph_pp = calloc(hash_table_sizes[ph_index + 1],
1301f9aa3e1kcpoon	    sizeof (peer_hashes[0]))) != NULL) {
13027c478bdstevel@tonic-gate		ph2_pp = peer_hashes;
13037c478bdstevel@tonic-gate		for (i = hash_table_sizes[ph_index] - 1; i >= 0; i--) {
13047c478bdstevel@tonic-gate			for (php = ph2_pp[i]; php != NULL; php = pnhp) {
13057c478bdstevel@tonic-gate				pnhp = php->ph_next;
13067c478bdstevel@tonic-gate				ph3_pp = ph_pp + (php->ph_addr %
13077c478bdstevel@tonic-gate				    hash_table_sizes[ph_index + 1]);
13087c478bdstevel@tonic-gate				php->ph_next = ph3_pp[0];
13097c478bdstevel@tonic-gate				ph3_pp[0] = php;
13107c478bdstevel@tonic-gate			}
13117c478bdstevel@tonic-gate		}
13127c478bdstevel@tonic-gate		ph_index++;
13137c478bdstevel@tonic-gate		free(peer_hashes);
13147c478bdstevel@tonic-gate		peer_hashes = ph_pp;
13157c478bdstevel@tonic-gate		ph_pp += from % hash_table_sizes[ph_index];
13167c478bdstevel@tonic-gate	}
13177c478bdstevel@tonic-gate	php = calloc(sizeof (*php), 1);
13187c478bdstevel@tonic-gate	if (php == NULL) {
13197c478bdstevel@tonic-gate		if (++failed_count % 100 == 1)
13207c478bdstevel@tonic-gate			msglog("no memory for peer hash entry");
13217c478bdstevel@tonic-gate	} else {
13227c478bdstevel@tonic-gate		php->ph_addr = from;
13237c478bdstevel@tonic-gate		php->ph_heard = now.tv_sec;
13247c478bdstevel@tonic-gate		php->ph_next = ph_pp[0];
13257c478bdstevel@tonic-gate		ph_pp[0] = php;
13267c478bdstevel@tonic-gate		ph_num_peers++;
13277c478bdstevel@tonic-gate	}
13287c478bdstevel@tonic-gate	return (php);
13297c478bdstevel@tonic-gate}
13307c478bdstevel@tonic-gate
13317c478bdstevel@tonic-gate/*
13327c478bdstevel@tonic-gate * Age out entries in the peer table.  This is called every time we do
13337c478bdstevel@tonic-gate * a normal 30 second broadcast.
13347c478bdstevel@tonic-gate */
13357c478bdstevel@tonic-gatevoid
13367c478bdstevel@tonic-gateage_peer_info(void)
13377c478bdstevel@tonic-gate{
13387c478bdstevel@tonic-gate	struct peer_hash *php;
13397c478bdstevel@tonic-gate	struct peer_hash *next_ph;
13407c478bdstevel@tonic-gate	struct peer_hash *prev_ph;
13417c478bdstevel@tonic-gate	struct peer_hash **ph_pp;
13427c478bdstevel@tonic-gate	int i;
13437c478bdstevel@tonic-gate
13447c478bdstevel@tonic-gate	/*
13457c478bdstevel@tonic-gate	 * Scan through the list and remove peers that should not
13467c478bdstevel@tonic-gate	 * still have valid authenticated entries in the routing
13477c478bdstevel@tonic-gate	 * table.
13487c478bdstevel@tonic-gate	 */
13497c478bdstevel@tonic-gate	if ((ph_pp = peer_hashes) == NULL || ph_num_peers == 0)
13507c478bdstevel@tonic-gate		return;
13517c478bdstevel@tonic-gate	for (i = hash_table_sizes[ph_index] - 1; i >= 0; i--) {
13527c478bdstevel@tonic-gate		prev_ph = NULL;
13537c478bdstevel@tonic-gate		for (php = ph_pp[i]; php != NULL; php = next_ph) {
13547c478bdstevel@tonic-gate			next_ph = php->ph_next;
13557c478bdstevel@tonic-gate			if (php->ph_heard <= now_expire) {
13567c478bdstevel@tonic-gate				if (prev_ph == NULL)
13577c478bdstevel@tonic-gate					ph_pp[i] = next_ph;
13587c478bdstevel@tonic-gate				else
13597c478bdstevel@tonic-gate					prev_ph->ph_next = next_ph;
13607c478bdstevel@tonic-gate				free(php);
13617c478bdstevel@tonic-gate				if (--ph_num_peers == 0)
13627c478bdstevel@tonic-gate					return;
13637c478bdstevel@tonic-gate			} else {
13647c478bdstevel@tonic-gate				prev_ph = php;
13657c478bdstevel@tonic-gate			}
13667c478bdstevel@tonic-gate		}
13677c478bdstevel@tonic-gate	}
13687c478bdstevel@tonic-gate}
13697c478bdstevel@tonic-gate
13707c478bdstevel@tonic-gatestatic boolean_t		/* _B_FALSE if bad, _B_TRUE if good */
13717c478bdstevel@tonic-gateck_passwd(struct interface *aifp,
13727c478bdstevel@tonic-gate    struct rip *rip,
13737c478bdstevel@tonic-gate    uint8_t *lim,
13747c478bdstevel@tonic-gate    in_addr_t from,
13757c478bdstevel@tonic-gate    struct msg_limit *use_authp)
13767c478bdstevel@tonic-gate{
13777c478bdstevel@tonic-gate#define	NA (rip->rip_auths)
13787c478bdstevel@tonic-gate	struct netauth *na2;
13797c478bdstevel@tonic-gate	struct auth *ap;
13807c478bdstevel@tonic-gate	MD5_CTX md5_ctx;
13817c478bdstevel@tonic-gate	uchar_t hash[RIP_AUTH_PW_LEN];
13827c478bdstevel@tonic-gate	int i, len;
13837c478bdstevel@tonic-gate	struct peer_hash *php;
13847c478bdstevel@tonic-gate	uint32_t seqno;
13857c478bdstevel@tonic-gate
13867c478bdstevel@tonic-gate	if ((uint8_t *)NA >= lim || NA->a_family != RIP_AF_AUTH) {
13877c478bdstevel@tonic-gate		msglim(use_authp, from, "missing auth data from %s",
13887c478bdstevel@tonic-gate		    naddr_ntoa(from));
13897c478bdstevel@tonic-gate		return (_B_FALSE);
13907c478bdstevel@tonic-gate	}
13917c478bdstevel@tonic-gate
13927c478bdstevel@tonic-gate	/*
13937c478bdstevel@tonic-gate	 * Validate sequence number on RIPv2 responses using keyed MD5
13947c478bdstevel@tonic-gate	 * authentication per RFC 2082 section 3.2.2.  Note that if we
13957c478bdstevel@tonic-gate	 * can't locate the peer information (due to transient
13967c478bdstevel@tonic-gate	 * allocation problems), then we don't do the test.  Also note
13977c478bdstevel@tonic-gate	 * that we assume that all sequence numbers 0x80000000 or more
13987c478bdstevel@tonic-gate	 * away are "less than."
13997c478bdstevel@tonic-gate	 *
14007c478bdstevel@tonic-gate	 * We intentionally violate RFC 2082 with respect to one case:
14017c478bdstevel@tonic-gate	 * restablishing contact.  The RFC says that you should
14027c478bdstevel@tonic-gate	 * continue to ignore old sequence numbers in this case but
14037c478bdstevel@tonic-gate	 * make a special allowance for 0.  This is extremely foolish.
14047c478bdstevel@tonic-gate	 * The problem is that if the router has crashed, it's
14057c478bdstevel@tonic-gate	 * entirely possible that either we'll miss sequence zero (or
14067c478bdstevel@tonic-gate	 * that it might not even send it!) or that the peer doesn't
14077c478bdstevel@tonic-gate	 * remember what it last used for a sequence number.  In
14087c478bdstevel@tonic-gate	 * either case, we'll create a failure state that persists
14097c478bdstevel@tonic-gate	 * until the sequence number happens to advance past the last
14107c478bdstevel@tonic-gate	 * one we saw.  This is bad because it means that we may have
14117c478bdstevel@tonic-gate	 * to wait until the router has been up for at least as long
14127c478bdstevel@tonic-gate	 * as it was last time before we even pay attention to it.
14137c478bdstevel@tonic-gate	 * Meanwhile, other routers may listen to it if they hadn't
14147c478bdstevel@tonic-gate	 * seen it before (i.e., if they crashed in the meantime).
14157c478bdstevel@tonic-gate	 * This means -- perversely -- that stable systems that stay
14167c478bdstevel@tonic-gate	 * "up" for a long time pay a penalty for doing so.
14177c478bdstevel@tonic-gate	 */
14187c478bdstevel@tonic-gate	if (rip->rip_cmd == RIPCMD_RESPONSE && NA->a_type == RIP_AUTH_MD5 &&
14197c478bdstevel@tonic-gate	    (php = get_peer_info(from)) != NULL) {
14207c478bdstevel@tonic-gate		/*
14217c478bdstevel@tonic-gate		 * If the entry that we find has been updated
14227c478bdstevel@tonic-gate		 * recently enough that the routes are known
14237c478bdstevel@tonic-gate		 * to still be good, but the sequence number
14247c478bdstevel@tonic-gate		 * looks bad, then discard the packet.
14257c478bdstevel@tonic-gate		 */
14267c478bdstevel@tonic-gate		seqno = ntohl(NA->au.a_md5.md5_seqno);
14277c478bdstevel@tonic-gate		if (php->ph_heard > now_expire && php->ph_seqno != 0 &&
14287c478bdstevel@tonic-gate		    (seqno == 0 || ((seqno - php->ph_seqno) & 0x80000000ul))) {
14297c478bdstevel@tonic-gate			msglim(use_authp, from,
14307c478bdstevel@tonic-gate			    "discarding sequence %x (older than %x)",
14317c478bdstevel@tonic-gate			    (unsigned)seqno, (unsigned)php->ph_seqno);
14327c478bdstevel@tonic-gate			return (_B_FALSE);
14337c478bdstevel@tonic-gate		}
14347c478bdstevel@tonic-gate		php->ph_heard = now.tv_sec;
14357c478bdstevel@tonic-gate		php->ph_seqno = seqno;
14367c478bdstevel@tonic-gate	}
14377c478bdstevel@tonic-gate
14387c478bdstevel@tonic-gate	/*
14397c478bdstevel@tonic-gate	 * accept any current (+/- 24 hours) password
14407c478bdstevel@tonic-gate	 */
14417c478bdstevel@tonic-gate	for (ap = aifp->int_auth, i = 0; i < MAX_AUTH_KEYS; i++, ap++) {
14427c478bdstevel@tonic-gate		if (ap->type != NA->a_type ||
14437c478bdstevel@tonic-gate		    (ulong_t)ap->start > (ulong_t)clk.tv_sec+DAY ||
14447c478bdstevel@tonic-gate		    (ulong_t)ap->end+DAY < (ulong_t)clk.tv_sec)
14457c478bdstevel@tonic-gate			continue;
14467c478bdstevel@tonic-gate
14477c478bdstevel@tonic-gate		if (NA->a_type == RIP_AUTH_PW) {
14487c478bdstevel@tonic-gate			if (0 == memcmp(NA->au.au_pw, ap->key, RIP_AUTH_PW_LEN))
14497c478bdstevel@tonic-gate				return (_B_TRUE);
14507c478bdstevel@tonic-gate
14517c478bdstevel@tonic-gate		} else {
14527c478bdstevel@tonic-gate			/*
14537c478bdstevel@tonic-gate			 * accept MD5 secret with the right key ID
14547c478bdstevel@tonic-gate			 */
14557c478bdstevel@tonic-gate			if (NA->au.a_md5.md5_keyid != ap->keyid)
14567c478bdstevel@tonic-gate				continue;
14577c478bdstevel@tonic-gate
14587c478bdstevel@tonic-gate			len = ntohs(NA->au.a_md5.md5_pkt_len);
14597c478bdstevel@tonic-gate			if ((len - sizeof (*rip)) % sizeof (*NA) != 0 ||
14607c478bdstevel@tonic-gate			    len > (lim - (uint8_t *)rip - sizeof (*NA))) {
14617c478bdstevel@tonic-gate				msglim(use_authp, from,
14627c478bdstevel@tonic-gate				    "wrong MD5 RIPv2 packet length of %d"
14637c478bdstevel@tonic-gate				    " instead of %d from %s",
14647c478bdstevel@tonic-gate				    len, lim - (uint8_t *)rip - sizeof (*NA),
14657c478bdstevel@tonic-gate				    naddr_ntoa(from));
14667c478bdstevel@tonic-gate				return (_B_FALSE);
14677c478bdstevel@tonic-gate			}
14687c478bdstevel@tonic-gate			na2 = (struct netauth *)(rip->rip_nets +
14697c478bdstevel@tonic-gate			    (len - 4) / sizeof (struct netinfo));
14707c478bdstevel@tonic-gate
14717c478bdstevel@tonic-gate			/*
14727c478bdstevel@tonic-gate			 * Given a good hash value, these are not security
14737c478bdstevel@tonic-gate			 * problems so be generous and accept the routes,
14747c478bdstevel@tonic-gate			 * after complaining.
14757c478bdstevel@tonic-gate			 */
14767c478bdstevel@tonic-gate			if (TRACEPACKETS) {
14777c478bdstevel@tonic-gate				if (NA->au.a_md5.md5_auth_len !=
14787c478bdstevel@tonic-gate				    RIP_AUTH_MD5_LEN)
14797c478bdstevel@tonic-gate					msglim(use_authp, from,
14807c478bdstevel@tonic-gate					    "unknown MD5 RIPv2 auth len %#x"
14817c478bdstevel@tonic-gate					    " instead of %#x from %s",
14827c478bdstevel@tonic-gate					    NA->au.a_md5.md5_auth_len,
14837c478bdstevel@tonic-gate					    RIP_AUTH_MD5_LEN,
14847c478bdstevel@tonic-gate					    naddr_ntoa(from));
14857c478bdstevel@tonic-gate				if (na2->a_family != RIP_AF_AUTH)
14867c478bdstevel@tonic-gate					msglim(use_authp, from,
14877c478bdstevel@tonic-gate					    "unknown MD5 RIPv2 family %#x"
14887c478bdstevel@tonic-gate					    " instead of %#x from %s",
14897c478bdstevel@tonic-gate					    na2->a_family, RIP_AF_AUTH,
14907c478bdstevel@tonic-gate					    naddr_ntoa(from));
14917c478bdstevel@tonic-gate				if (na2->a_type != RIP_AUTH_TRAILER)
14927c478bdstevel@tonic-gate					msglim(use_authp, from,
14937c478bdstevel@tonic-gate					    "MD5 RIPv2 hash has %#x"
14947c478bdstevel@tonic-gate					    " instead of %#x from %s",
14957c478bdstevel@tonic-gate					    ntohs(na2->a_type),
14967c478bdstevel@tonic-gate					    ntohs(RIP_AUTH_TRAILER),
14977c478bdstevel@tonic-gate					    naddr_ntoa(from));
14987c478bdstevel@tonic-gate			}
14997c478bdstevel@tonic-gate
15007c478bdstevel@tonic-gate			MD5Init(&md5_ctx);
15017c478bdstevel@tonic-gate			/*
15027c478bdstevel@tonic-gate			 * len+4 to include auth trailer's family/type in
15037c478bdstevel@tonic-gate			 * MD5 sum
15047c478bdstevel@tonic-gate			 */
15057c478bdstevel@tonic-gate			MD5Update(&md5_ctx, (uchar_t *)rip, len + 4);
15067c478bdstevel@tonic-gate			MD5Update(&md5_ctx, ap->key, RIP_AUTH_MD5_LEN);
15077c478bdstevel@tonic-gate			MD5Final(hash, &md5_ctx);
15087c478bdstevel@tonic-gate			if (0 == memcmp(hash, na2->au.au_pw, sizeof (hash)))
15097c478bdstevel@tonic-gate				return (_B_TRUE);
15107c478bdstevel@tonic-gate		}
15117c478bdstevel@tonic-gate	}
15127c478bdstevel@tonic-gate
15137c478bdstevel@tonic-gate	msglim(use_authp, from, "bad auth data from %s",
15147c478bdstevel@tonic-gate	    naddr_ntoa(from));
15157c478bdstevel@tonic-gate	return (_B_FALSE);
15167c478bdstevel@tonic-gate#undef NA
15177c478bdstevel@tonic-gate}
1518