Hello, If it can help, the MD5 trailer modification appeared in the following message in bird mailing list : regards, Jean List: bird-users Subject: Re: RIP authentication problem with cisco From: Eric Leblond <eleblond () init-sys ! com> Date: 2003-04-04 8:46:53 [Download message RAW] On Fri, 2003-04-04 at 10:40, Eric Leblond wrote:
Hi,
I've modified the code to make RIP V2 with auth (passsword and md5) work.
Well the diff was not well done, I send you an other one. -- Eric Leblond <eleblond@init-sys.com> Init-Sys ["diff-bird-ripv2-auth" (diff-bird-ripv2-auth)] Only in bird/CVS: Root~ diff -ru bird/proto/rip/auth.c bird.auth/proto/rip/auth.c --- bird/proto/rip/auth.c Sat Sep 21 13:57:48 2002 +++ bird.auth/proto/rip/auth.c Fri Apr 4 08:44:44 2003 @@ -3,6 +3,9 @@ * * Copyright (c) 1999 Pavel Machek <pavel@ucw.cz> * + * Eric Leblond 04/04/2002 <eleblond@init-sys.com> : + * auth modifications + * * Can be freely distributed and used under the terms of the GNU GPL. */ @@ -33,7 +36,7 @@ rip_incoming_authentication( struct proto *p, struct rip_block_auth *block, struct \ rip_packet *packet, int num, ip_addr whotoldme ) { DBG( "Incoming authentication: " ); - switch (block->authtype) { /* Authentication type */ + switch (ntohs(block->authtype)) { /* Authentication type */ case AT_PLAINTEXT: { struct password_item *passwd = get_best_password( P_CF->passwords, 0 ); @@ -54,14 +57,13 @@ { struct password_item *head; struct rip_md5_tail *tail; - - if (block->packetlen != PACKETLEN(num)) { + if (ntohs(block->packetlen) != PACKETLEN(num) - sizeof(struct rip_md5_tail) ) \ { log( L_ERR "Packet length in MD5 does not match computed value" ); return 1; } - tail = (struct rip_md5_tail *) ((char *) packet + (block->packetlen - \ sizeof(struct rip_block_auth))); - if ((tail->mustbeFFFF != 0xffff) || (tail->mustbe0001 != 0x0001)) { + tail = (struct rip_md5_tail *) ((char *) packet + (ntohs(block->packetlen) )); + if ((tail->mustbeFFFF != 0xffff) || (tail->mustbe0001 != 0x0100)) { log( L_ERR "MD5 tail signature is not there" ); return 1; } @@ -89,13 +91,13 @@ char md5sum_packet[16]; char md5sum_computed[16]; + memset(md5sum_packet,0,16); memcpy(md5sum_packet, tail->md5, 16); password_strncpy(tail->md5, head->password, 16); MD5Init(&ctxt); - MD5Update(&ctxt, (char *) packet, block->packetlen ); + MD5Update(&ctxt, (char *) packet, ntohs(block->packetlen) + sizeof(struct \ rip_block_auth) ); MD5Final(md5sum_computed, &ctxt); - if (memcmp(md5sum_packet, md5sum_computed, 16)) return 1; return 0; @@ -129,7 +131,7 @@ return PACKETLEN(num); } - block->authtype = P_CF->authtype; + block->authtype = htons(P_CF->authtype); block->mustbeFFFF = 0xffff; switch (P_CF->authtype) { case AT_PLAINTEXT: @@ -139,26 +141,26 @@ { struct rip_md5_tail *tail; struct MD5Context ctxt; - static int sequence = 0; + static uint32_t sequence = 0; if (num > PACKET_MD5_MAX) bug( "We can not add MD5 authentication to this long packet" ); block->keyid = passwd->id; - block->authlen = 20; + block->authlen = sizeof(struct rip_block_auth); block->seq = sequence++; block->zero0 = 0; block->zero1 = 0; - block->packetlen = PACKETLEN(num) + block->authlen; - - tail = (struct rip_md5_tail *) ((char *) packet + (block->packetlen - \ sizeof(struct rip_block_auth))); + block->packetlen = htons(PACKETLEN(num)); + tail = (struct rip_md5_tail *) ((char *) packet + PACKETLEN(num) ); tail->mustbeFFFF = 0xffff; - tail->mustbe0001 = 0x0001; - password_strncpy( (char *) (&tail->md5), passwd->password, 16 ); + tail->mustbe0001 = 0x0100; + memset(tail->md5,0,16); + password_strncpy( tail->md5, passwd->password, 16 ); MD5Init(&ctxt); - MD5Update(&ctxt, (char *) packet, block->packetlen ); - MD5Final((char *) (&tail->md5), &ctxt); + MD5Update(&ctxt, (char *) packet, PACKETLEN(num) + sizeof(struct \ rip_md5_tail)); + MD5Final(tail->md5, &ctxt); return PACKETLEN(num) + block->authlen; } default: Le jeudi 08 avril 2010 à 10:20 +0200, Ondrej Zajicek a écrit :
On Fri, Apr 02, 2010 at 03:51:32PM +0200, jp wrote:
Hi all, I'm trying to use the RIP protocol of BIRD in MD5 authentication mode. I use bird version 1.2.1.
historically, the value "FFFF 0001" was used by bird but this was changed to "FFFF 0100" in a patch resolving "RIP authentication problem with cisco".
Hello Thank you for a note. Unfortunately, i don't know anything about that patch. I will check that to make it compatible with both Quagga and Cisco.