2004-06-06 Paul Jakma <paul.jakma@sun.com>
* ripd.h: Add define for the RIPv2 Authentication Data family
Move the auth type defines up to where other defines live.
Add RIP_AUTH_MD5_COMPAT_SIZE, for backwards compatible
md5->auth_len size. Add md5_auth_len field to struct
rip_interface: (rip_interface_new) Init md5_auth_len to compatible
size.
(ip_rip_authentication_mode_cmd) Extended to handle setting
md5 auth-length. Appropriate aliases added.
(no_ip_rip_authentication_mode_cmd) Reset md5_auth_len to
compatible size.
(rip_interface_config_write) Teach it about md5_auth_len.
_always_ write out the auth-length, so that everyone will get
the setting in their config file, and hence allow for a future
change of default for md5_auth_len to be less painful - every md5
user will have this setting in their config file.
ripd.c: (rip_packet_dump) Change nasty hard coded constants to
symbolic defines. Change various tests of 'ntoh.(variable) ==
constant' to test 'variable == ntoh.(constant)'. Clean up
indentation on some long lines.
(rip_auth_simple_password) ditto.
(rip_auth_md5) ditto, also add length argument and sanity check
md5 data offset field. Sanity check md5 auth length, accept RFC
or old-ripd/cisco lengths.
(rip_auth_md5_set) as per (rip_packet_dump), also write out
the configured md5 auth length for the interface (old-ripd or rfc)
(rip_read) as per (rip_packet_dump)
(rip_write_rte) ditto
(rip_response_process) ditto
(rip_write_rte) ditto
diff --git a/ripd/rip_interface.c b/ripd/rip_interface.c
index 3d69d6c..4daa5b3 100644
--- a/ripd/rip_interface.c
+++ b/ripd/rip_interface.c
@@ -125,6 +125,7 @@
compatibility. */
/* ri->auth_type = RIP_NO_AUTH; */
ri->auth_type = RIP_AUTH_SIMPLE_PASSWORD;
+ ri->md5_auth_len = RIP_AUTH_MD5_COMPAT_SIZE;
/* Set default split-horizon behavior. If the interface is Frame
Relay or SMDS is enabled, the default value for split-horizon is
@@ -1678,6 +1679,12 @@
ifp = (struct interface *)vty->index;
ri = ifp->info;
+ if ( (argc < 1) || (argc > 2) )
+ {
+ vty_out (vty, "incorrect argument count%s", VTY_NEWLINE);
+ return CMD_WARNING;
+ }
+
if (strncmp ("md5", argv[0], strlen (argv[0])) == 0)
ri->auth_type = RIP_AUTH_MD5;
else if (strncmp ("text", argv[0], strlen (argv[0])) == 0)
@@ -1688,9 +1695,38 @@
return CMD_WARNING;
}
+ if (argc == 1)
+ return CMD_SUCCESS;
+
+ if ( (argc == 2) && (ri->auth_type != RIP_AUTH_MD5) )
+ {
+ vty_out (vty, "auth length argument only valid for md5%s", VTY_NEWLINE);
+ return CMD_WARNING;
+}
+
+ if (strncmp ("r", argv[1], 1) == 0)
+ ri->md5_auth_len = RIP_AUTH_MD5_SIZE;
+ else if (strncmp ("o", argv[1], 1) == 0)
+ ri->md5_auth_len = RIP_AUTH_MD5_COMPAT_SIZE;
+ else
+ return CMD_WARNING;
+
return CMD_SUCCESS;
}
+ALIAS (ip_rip_authentication_mode,
+ ip_rip_authentication_mode_authlen_cmd,
+ "ip rip authentication mode (md5|text) auth-length (rfc|old-ripd)",
+ IP_STR
+ "Routing Information Protocol\n"
+ "Authentication control\n"
+ "Authentication mode\n"
+ "Keyed message digest\n"
+ "Clear text authentication\n"
+ "MD5 authentication data length\n"
+ "RFC compatible\n"
+ "Old ripd compatible\n")
+
DEFUN (no_ip_rip_authentication_mode,
no_ip_rip_authentication_mode_cmd,
"no ip rip authentication mode",
@@ -1708,6 +1744,7 @@
/* ri->auth_type = RIP_NO_AUTH; */
ri->auth_type = RIP_AUTH_SIMPLE_PASSWORD;
+ ri->md5_auth_len = RIP_AUTH_MD5_COMPAT_SIZE;
return CMD_SUCCESS;
}
@@ -1723,6 +1760,20 @@
"Keyed message digest\n"
"Clear text authentication\n")
+ALIAS (no_ip_rip_authentication_mode,
+ no_ip_rip_authentication_mode_type_authlen_cmd,
+ "no ip rip authentication mode (md5|text) auth-length (rfc|old-ripd)",
+ NO_STR
+ IP_STR
+ "Routing Information Protocol\n"
+ "Authentication control\n"
+ "Authentication mode\n"
+ "Keyed message digest\n"
+ "Clear text authentication\n"
+ "MD5 authentication data length\n"
+ "RFC compatible\n"
+ "Old ripd compatible\n")
+
DEFUN (ip_rip_authentication_string,
ip_rip_authentication_string_cmd,
"ip rip authentication string LINE",
@@ -1988,6 +2039,7 @@
(ri->ri_send == RI_RIP_UNSPEC) &&
(ri->ri_receive == RI_RIP_UNSPEC) &&
(ri->auth_type != RIP_AUTH_MD5) &&
+ (ri->md5_auth_len != RIP_AUTH_MD5_SIZE) &&
(!ri->auth_str) &&
(!ri->key_chain) )
continue;
@@ -2034,8 +2086,16 @@
if (ri->auth_type == RIP_AUTH_SIMPLE_PASSWORD)
vty_out (vty, " ip rip authentication mode text%s", VTY_NEWLINE);
#endif /* 0 */
+
if (ri->auth_type == RIP_AUTH_MD5)
- vty_out (vty, " ip rip authentication mode md5%s", VTY_NEWLINE);
+ {
+ vty_out (vty, " ip rip authentication mode md5");
+ if (ri->md5_auth_len == RIP_AUTH_MD5_COMPAT_SIZE)
+ vty_out (vty, " auth-length old-ripd");
+ else
+ vty_out (vty, " auth-length rfc");
+ vty_out (vty, "%s", VTY_NEWLINE);
+ }
if (ri->auth_str)
vty_out (vty, " ip rip authentication string %s%s",
@@ -2165,8 +2225,10 @@
install_element (INTERFACE_NODE, &no_ip_rip_receive_version_num_cmd);
install_element (INTERFACE_NODE, &ip_rip_authentication_mode_cmd);
+ install_element (INTERFACE_NODE, &ip_rip_authentication_mode_authlen_cmd);
install_element (INTERFACE_NODE, &no_ip_rip_authentication_mode_cmd);
install_element (INTERFACE_NODE, &no_ip_rip_authentication_mode_type_cmd);
+ install_element (INTERFACE_NODE, &no_ip_rip_authentication_mode_type_authlen_cmd);
install_element (INTERFACE_NODE, &ip_rip_authentication_key_chain_cmd);
install_element (INTERFACE_NODE, &no_ip_rip_authentication_key_chain_cmd);