xorp

MD5AuthHandler Class Reference

OSPFv2 Authentication handler for MD5 scheme. More...

#include <auth.hh>

Inheritance diagram for MD5AuthHandler:
AuthHandlerBase AuthHandlerBase

List of all members.

Classes

class  MD5Key
 Class to hold MD5 key information. More...

Public Types

typedef list< MD5KeyKeyChain
typedef list< MD5KeyKeyChain

Public Member Functions

 MD5AuthHandler (EventLoop &eventloop)
 Constructor.
const char * effective_name () const
 Get the effective name of the authentication scheme.
void reset ()
 Reset the authentication state.
uint32_t additional_payload () const
 Additional bytes that will be added to the payload.
bool authenticate_inbound (const vector< uint8_t > &packet, const IPv4 &src_addr, bool new_peer)
 Inbound authentication method.
bool authenticate_outbound (vector< uint8_t > &packet)
 Outbound authentication method.
bool add_key (uint8_t key_id, const string &key, const TimeVal &start_timeval, const TimeVal &end_timeval, const TimeVal &max_time_drift, string &error_msg)
 Add a key to the MD5 key chain.
bool remove_key (uint8_t key_id, string &error_msg)
 Remove a key from the MD5 key chain.
void key_start_cb (uint8_t key_id)
 A callback that a key from the MD5 key chain has become valid.
void key_stop_cb (uint8_t key_id)
 A callback that a key from the MD5 key chain has expired and is invalid.
MD5Keybest_outbound_key (const TimeVal &now)
 Select the best key for outbound messages.
void reset_keys ()
 Reset the keys for all sources.
const KeyChain & valid_key_chain () const
 Get all valid keys managed by the MD5AuthHandler.
const KeyChain & invalid_key_chain () const
 Get all invalid keys managed by the MD5AuthHandler.
bool empty () const
 Test where the MD5AuthHandler contains any keys.
 MD5AuthHandler (EventLoop &eventloop)
 Constructor.
const char * effective_name () const
 Get the effective name of the authentication scheme.
void reset ()
 Reset the authentication state.
uint32_t head_entries () const
 Get number of routing entries used by authentication scheme at the head of the RIP packet.
uint32_t max_routing_entries () const
 Get maximum number of non-authentication scheme use routing entries in a RIP packet.
bool authenticate_inbound (const uint8_t *packet, size_t packet_bytes, const uint8_t *&entries_ptr, uint32_t &n_entries, const IPv4 &src_addr, bool new_peer)
 Inbound authentication method.
bool authenticate_outbound (RipPacket< IPv4 > &packet, list< RipPacket< IPv4 > * > &auth_packets, size_t &n_routes)
 Outbound authentication method.
bool add_key (uint8_t key_id, const string &key, const TimeVal &start_timeval, const TimeVal &end_timeval, string &error_msg)
 Add a key to the MD5 key chain.
bool remove_key (uint8_t key_id, string &error_msg)
 Remove a key from the MD5 key chain.
void key_start_cb (uint8_t key_id)
 A callback that a key from the MD5 key chain has become valid.
void key_stop_cb (uint8_t key_id)
 A callback that a key from the MD5 key chain has expired and is invalid.
void reset_keys ()
 Reset the keys for all sources.
const KeyChain & valid_key_chain () const
 Get all valid keys managed by the MD5AuthHandler.
const KeyChain & invalid_key_chain () const
 Get all invalid keys managed by the MD5AuthHandler.
bool empty () const
 Test where the MD5AuthHandler contains any keys.

Static Public Member Functions

static const char * auth_type_name ()
 Get the method-specific name of the authentication scheme.
static const char * auth_type_name ()
 Get the method-specific name of the authentication scheme.

Static Public Attributes

static const OspfTypes::AuType AUTH_TYPE

Protected Attributes

EventLoop_eventloop
KeyChain _valid_key_chain
KeyChain _invalid_key_chain
NullAuthHandler _null_handler

Detailed Description

OSPFv2 Authentication handler for MD5 scheme.

RIPv2 Authentication handler for MD5 scheme.

Class to check inbound MD5 authenticated packets and add authentication data to outbound OSPF packets. The OSPFv2 MD5 authentication scheme is described in Section D.3 of RFC 2328.

Class to check inbound MD5 authenticated packets and add authentication data to outbound RIP packets. The RIP MD5 authentication scheme is described in RFC 2082.


Constructor & Destructor Documentation

MD5AuthHandler::MD5AuthHandler ( EventLoop eventloop)

Constructor.

Parameters:
eventloopthe EventLoop instance to used for time reference.
MD5AuthHandler::MD5AuthHandler ( EventLoop eventloop)

Constructor.

Parameters:
eventloopthe EventLoop instance to used for time reference.

Member Function Documentation

bool MD5AuthHandler::add_key ( uint8_t  key_id,
const string &  key,
const TimeVal start_timeval,
const TimeVal end_timeval,
const TimeVal max_time_drift,
string &  error_msg 
)

Add a key to the MD5 key chain.

If the key already exists, it is updated with the new settings.

Parameters:
key_idunique ID associated with key.
keyphrase used for MD5 digest computation.
start_timevalstart time when key becomes valid.
end_timevalend time when key becomes invalid.
max_time_driftthe maximum time drift among all routers.
error_msgthe error message (if error).
Returns:
true on success, false if end time is less than start time or key has already expired.
bool MD5AuthHandler::add_key ( uint8_t  key_id,
const string &  key,
const TimeVal start_timeval,
const TimeVal end_timeval,
string &  error_msg 
)

Add a key to the MD5 key chain.

If the key already exists, it is updated with the new settings.

Parameters:
key_idunique ID associated with key.
keyphrase used for MD5 digest computation.
start_timevalstart time when key becomes valid.
end_timevalend time when key becomes invalid.
error_msgthe error message (if error).
Returns:
true on success, false if end time is less than start time or key has already expired.
uint32_t MD5AuthHandler::additional_payload ( ) const [virtual]

Additional bytes that will be added to the payload.

Returns:
the number of additional bytes that need to be added to the payload.

Implements AuthHandlerBase.

static const char* MD5AuthHandler::auth_type_name ( ) [static]

Get the method-specific name of the authentication scheme.

Returns:
the method-specific name of the authentication scheme.
const char * MD5AuthHandler::auth_type_name ( ) [static]

Get the method-specific name of the authentication scheme.

Returns:
the method-specific name of the authentication scheme.
bool MD5AuthHandler::authenticate_inbound ( const uint8_t *  packet,
size_t  packet_bytes,
const uint8_t *&  entries_ptr,
uint32_t &  n_entries,
const IPv4 src_addr,
bool  new_peer 
) [virtual]

Inbound authentication method.

Parameters:
packetpointer to first byte of RIP packet.
packet_bytesnumber of bytes in RIP packet.
entries_ptroutput variable set to point to first entry in packet. Set to NULL if there are no entries, or on authentication failure.
n_entriesnumber of entries in the packet.
src_addrthe source address of the packet.
new_peertrue if this is a new peer.
Returns:
true if packet passes authentication checks, false otherwise.

Implements AuthHandlerBase.

bool MD5AuthHandler::authenticate_inbound ( const vector< uint8_t > &  packet,
const IPv4 src_addr,
bool  new_peer 
) [virtual]

Inbound authentication method.

Parameters:
packetthe packet to verify.
src_addrthe source address of the packet.
new_peertrue if this is a new peer.
Returns:
true if packet passes authentication checks, false otherwise.

Implements AuthHandlerBase.

bool MD5AuthHandler::authenticate_outbound ( RipPacket< IPv4 > &  packet,
list< RipPacket< IPv4 > * > &  auth_packets,
size_t &  n_routes 
) [virtual]

Outbound authentication method.

Create a list of authenticated packets (one for each valid authentication key). Note that the original packet is also modified and authenticated with the first valid key.

Parameters:
packetthe RIP packet to authenticate.
auth_packetsa return-by-reference list with the authenticated RIP packets (one for each valid authentication key).
n_routesthe return-by-reference number of routes in the packet.
Returns:
true if packet was successfully authenticated, false when no valid keys are present.

Implements AuthHandlerBase.

bool MD5AuthHandler::authenticate_outbound ( vector< uint8_t > &  packet) [virtual]

Outbound authentication method.

Parameters:
packetthe packet to authenticate.
Returns:
true if packet was successfully authenticated, false when no valid keys are present.

Implements AuthHandlerBase.

MD5AuthHandler::MD5Key * MD5AuthHandler::best_outbound_key ( const TimeVal now)

Select the best key for outbound messages.

The chosen key is the one with most recent start-time in the past. If there is more than one key that matches the criteria, then select the key with greatest ID.

Parameters:
nowcurrent time.
const char * MD5AuthHandler::effective_name ( ) const [virtual]

Get the effective name of the authentication scheme.

Returns:
the name of the authentication scheme.

Implements AuthHandlerBase.

bool MD5AuthHandler::empty ( ) const

Test where the MD5AuthHandler contains any keys.

Returns:
if the MD5AuthHandler contains any keys, otherwise false.
bool MD5AuthHandler::empty ( ) const

Test where the MD5AuthHandler contains any keys.

Returns:
if the MD5AuthHandler contains any keys, otherwise false.
uint32_t MD5AuthHandler::head_entries ( ) const [virtual]

Get number of routing entries used by authentication scheme at the head of the RIP packet.

Returns:
the number of routing entries used by the authentication scheme at the head of the RIP packet: 0 for unauthenticated packets, 1 otherwise.

Implements AuthHandlerBase.

const KeyChain& MD5AuthHandler::invalid_key_chain ( ) const [inline]

Get all invalid keys managed by the MD5AuthHandler.

Returns:
list of all invalid keys.
const KeyChain& MD5AuthHandler::invalid_key_chain ( ) const [inline]

Get all invalid keys managed by the MD5AuthHandler.

Returns:
list of all invalid keys.
void MD5AuthHandler::key_start_cb ( uint8_t  key_id)

A callback that a key from the MD5 key chain has become valid.

Parameters:
key_idunique ID of the key that has become valid.
void MD5AuthHandler::key_start_cb ( uint8_t  key_id)

A callback that a key from the MD5 key chain has become valid.

Parameters:
key_idunique ID of the key that has become valid.
void MD5AuthHandler::key_stop_cb ( uint8_t  key_id)

A callback that a key from the MD5 key chain has expired and is invalid.

Parameters:
key_idunique ID of the key that has expired.
void MD5AuthHandler::key_stop_cb ( uint8_t  key_id)

A callback that a key from the MD5 key chain has expired and is invalid.

Parameters:
key_idunique ID of the key that has expired.
bool MD5AuthHandler::remove_key ( uint8_t  key_id,
string &  error_msg 
)

Remove a key from the MD5 key chain.

Parameters:
key_idunique ID of key to be removed.
error_msgthe error message (if error).
Returns:
true if the key was found and removed, otherwise false.
bool MD5AuthHandler::remove_key ( uint8_t  key_id,
string &  error_msg 
)

Remove a key from the MD5 key chain.

Parameters:
key_idunique ID of key to be removed.
error_msgthe error message (if error).
Returns:
true if the key was found and removed, otherwise false.
const KeyChain& MD5AuthHandler::valid_key_chain ( ) const [inline]

Get all valid keys managed by the MD5AuthHandler.

Returns:
list of all valid keys.
const KeyChain& MD5AuthHandler::valid_key_chain ( ) const [inline]

Get all valid keys managed by the MD5AuthHandler.

Returns:
list of all valid keys.

Member Data Documentation

const OspfTypes::AuType MD5AuthHandler::AUTH_TYPE [static]
Initial value:
    OspfTypes::CRYPTOGRAPHIC_AUTHENTICATION

The documentation for this class was generated from the following files:
 All Classes Namespaces Functions Variables Typedefs Enumerations