On Thu, Jun 20, 2013 at 12:32:18PM -0700, Simon Dickhoven wrote:
Alright. After a lot of digging I got a working RIPng hopcount check.
See attached patch file.
Thanks for the patch and the thorough description.
...
2.1.1) In order to actually receive this additional information I had to
increase the control message buffer size by 13 (a number I arrived at
through trial and error and certainly a hack, rather than the correct
way of doing this... FIXME!!!).
#define CMSG_RX_SPACE CMSG_SPACE(sizeof(struct in6_pktinfo) + 13)
Proper way would be:
#define CMSG_RX_SPACE (CMSG_SPACE(sizeof(struct in6_pktinfo)) +
CMSG_SPACE(sizeof(int
3) Finally, I modified proto/rip/rip.c to take advantage of this new
functionality.
3.1) In the new_iface function I set my newly created socket flag.
#ifndef IPV6
rif-sock-ttl = 1;
rif-sock-flags = SKF_LADDR_RX;
#else
rif-sock-ttl = 255;
rif-sock-flags = (SKF_LADDR_RX | SKF_HLIM_RX);
#endif
...
3.2) Once that was done, the rip_rx function had access to the HLIM info
via the socket struct (s-ttl).
if (s-ttl 255) {
log( L_REMOTE %s: Discarding packet with HLIM = %d 255 from %I on
%s., p-name, s-ttl, s-faddr, i-iface ? i-iface-name : (dummy) );
return 1;
}
BTW, did you notice my comment to your first patch -
http://www.mail-archive.com/bird-users@atrey.karlin.mff.cuni.cz/msg02685.html ?
According to RFC 2080, TTL 255 should be used (and checked)
just for multicast response packets, not for unicast response packets.
But BIRD don't send RIP[ng] requests so it should not receive
any unicast responses and ignoring unsolicited responses with
spoofed source address is probably a good idea anyway.
For compatibility purposes, the TTL checking should be optional.
As far as I can tell, the only thing that could possible affect other
protocols is 2.1.1). Other than that, all my changes exclusively apply
to RIPng since that's the only code that sets the SKF_HLIM_RX flag. As
long as this flag is not set, all my modifications are disabled and the
code is functionally equivalent to what it was before.
Please feel free to use the above modifications and also to give me
feedback on it.
I will do some minor modifications and merge it.
PS: I saw that my Cisco router sets the class for RIPng advertisements
to 0xe0 though I couldn't find any RFCs that call for that. The current
BIRD code (or at least version 1.3.7 of the code) doesn't set the class
at all because it hasn't (/hadn't) been defined by an RFC.
Well, this is not specified in RIP RFC, but it is consistent with RFC 2474
4.2.2.2. We use 0xc0 for IPv4 and we should probably use the same value
for IPv6. BTW, it seems that Linux ignores these values by default for
local tx queue purposes, so we should probably set SO_PRIORITY too.
--
Elen sila lumenn' omentielvo
Ondrej 'SanTiago' Zajicek (email: santi...@crfreenet.org)
OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net)
To err is human -- to blame it on a computer is even more so.
signature.asc
Description: Digital signature
