ripv2: adjust maximum number of RTEs when authentication is enabled

rwestphal · rwestphal · commit 070107f76abf · 2024-01-24T23:20:39.000-03:00
According to RFC 2453, a Response packet in RIPv2 can contain up
to 25 RTEs. However, when cryptographic authentication is used,
the authentication trailer is encoded as a regular RTE. In that
case, the effective maximum number of RTEs should be 23, not 24,
to accommodate both the authentication header and trailer.

It's worth noting that the authentication trailer may exceed 20 bytes
when using algorithms other than Keyed-MD5. That fact should be taken
into consideration when implementing those algorithms (e.g. HMAC-SHA1).

Signed-off-by: Renato Westphal &lt;renato@opensourcerouting.org&gt;
diff --git a/holo-rip/src/output.rs b/holo-rip/src/output.rs
@@ -129,11 +129,10 @@ pub(crate) fn send_response<V>(
     }
 
     // Send as many PDUs as necessary.
-    let mut max_entries = V::Pdu::max_entries(iface.core.system.mtu.unwrap());
-    if iface.core.config.auth_key.is_some() {
-        // Reserve space for the authentication header.
-        max_entries -= 1;
-    }
+    let max_entries = V::Pdu::max_entries(
+        iface.core.system.mtu.unwrap(),
+        iface.core.config.auth_algo,
+    );
     for rtes in rtes
         .into_iter()
         .chunks(max_entries)
diff --git a/holo-rip/src/packet.rs b/holo-rip/src/packet.rs
@@ -62,7 +62,7 @@ pub trait PduVersion<
     fn set_command(&mut self, command: Command);
 
     // Return maximum number of RTEs that can fit in the specified MTU size.
-    fn max_entries(mtu: u32) -> usize;
+    fn max_entries(mtu: u32, auth_algo: Option<CryptoAlgo>) -> usize;
 
     // Return a reference to the PDU's RTEs.
     fn rtes(&self) -> &Vec<Self::Rte>;
diff --git a/holo-rip/src/ripng/packet.rs b/holo-rip/src/ripng/packet.rs
@@ -9,6 +9,7 @@ use std::net::Ipv6Addr;
 use bytes::{Buf, BufMut, Bytes, BytesMut};
 use derive_new::new;
 use holo_utils::bytes::{BytesExt, BytesMutExt, TLS_BUF};
+use holo_utils::crypto::CryptoAlgo;
 use holo_utils::ip::Ipv6NetworkExt;
 use ipnetwork::Ipv6Network;
 use num_traits::FromPrimitive;
@@ -196,7 +197,7 @@ impl PduVersion<Ipv6Addr, Ipv6Network, DecodeError> for Pdu {
     // #RTEs = INT | --------------------------------------------------- |
     //             |                      RTE_size                       |
     //             +-                                                   -+"
-    fn max_entries(mtu: u32) -> usize {
+    fn max_entries(mtu: u32, _auth_algo: Option<CryptoAlgo>) -> usize {
         const IPV6_HDR_LENGTH: usize = 40;
         const UDP_HDR_LENGTH: usize = 8;
 
diff --git a/holo-rip/src/ripv2/packet.rs b/holo-rip/src/ripv2/packet.rs
@@ -360,8 +360,13 @@ impl PduVersion<Ipv4Addr, Ipv4Network, DecodeError> for Pdu {
         self.command = command;
     }
 
-    fn max_entries(_mtu: u32) -> usize {
-        Self::MAX_ENTRIES
+    fn max_entries(_mtu: u32, auth_algo: Option<CryptoAlgo>) -> usize {
+        let mut max_entries = Self::MAX_ENTRIES;
+        if auth_algo.is_some() {
+            // Reserve space for the authentication header and trailer.
+            max_entries -= 2;
+        }
+        max_entries
     }
 
     fn rtes(&self) -> &Vec<Self::Rte> {

Original file line number	Diff line number	Diff line change
`@@ -360,8 +360,13 @@ impl PduVersion<Ipv4Addr, Ipv4Network, DecodeError> for Pdu {`
`360`	`360`	`self.command = command;`
`361`	`361`	`}`
`362`	`362`
`363`		`- fn max_entries(_mtu: u32) -> usize {`
`364`		`- Self::MAX_ENTRIES`
	`363`	`+ fn max_entries(_mtu: u32, auth_algo: Option<CryptoAlgo>) -> usize {`
	`364`	`+ let mut max_entries = Self::MAX_ENTRIES;`
	`365`	`+ if auth_algo.is_some() {`
	`366`	`+ // Reserve space for the authentication header and trailer.`
	`367`	`+ max_entries -= 2;`
	`368`	`+ }`
	`369`	`+ max_entries`
`365`	`370`	`}`
`366`	`371`
`367`	`372`	`fn rtes(&self) -> &Vec<Self::Rte> {`