Add no_hmac_verify flag.

Flag to allow empty or wrong hmac in the packet trailer.

Add no_hmac_verify flag.
Flag to allow empty or wrong hmac in the packet trailer.
a1afd51b · Etienne MARAIS · Juliusz Chroboczek · b4e28f27 · a1afd51b · a1afd51b
Commit a1afd51b authored Jun 24, 2019 by Etienne MARAIS Committed by Juliusz Chroboczek May 20, 2021
Hide whitespace changes
Inline Side-by-side

Showing with 19 additions and 4 deletions

babeld.man babeld.man +5 -0

configuration.c configuration.c +7 -0

interface.c interface.c +2 -1

interface.h interface.h +3 -0

message.c message.c +2 -3

No files found.
--- a/babeld.man
+++ b/babeld.man
@@ -404,6 +404,11 @@ otherwise.
 Send multiple copies of TLVs other than Hellos to all neighbours rather
 than sending a single multicast packet.  The default is false.
 .TP
+.BR no_hmac_verify " {" true | false }
+Do not check packet signatures, accept unsigned or incorrectly signed packets
+even if one or more keys are configured on the interface.  The default is
+.BR false .
+.TP
 .BR rfc6126\-compatible " {" true | false }
 Disable some features that are incompatible with RFC 6126 (the older
 version of the Babel protocol), such as source-specific routing and RTT

--- a/configuration.c
+++ b/configuration.c
@@ -606,6 +606,12 @@ parse_anonymous_ifconf(int c, gnc_t gnc, void *closure,
            if(c < -1)
                goto error;
            if_conf->unicast = v;
+        } else if(strcmp(token, "no_hmac_verify") == 0) { 
+            int v;
+            c = getbool(c, &v, gnc, closure);
+            if(c < -1)
+                goto error;
+            if_conf->no_hmac_verify = v;
        } else if(strcmp(token, "link-quality") == 0) {
            int v;
            c = getbool(c, &v, gnc, closure);
@@ -831,6 +837,7 @@ merge_ifconf(struct interface_conf *dest,
    MERGE(lq);
    MERGE(faraway);
    MERGE(unicast);
+    MERGE(no_hmac_verify);
    MERGE(channel);
    MERGE(enable_timestamps);
    MERGE(rfc6126);

--- a/interface.c
+++ b/interface.c
@@ -397,7 +397,8 @@ interface_updown(struct interface *ifp, int up)
        if(IF_CONF(ifp, unicast) == CONFIG_YES)
            ifp->flags |= IF_UNICAST;
+        if(IF_CONF(ifp, no_hmac_verify) == CONFIG_YES)
+            ifp->flags |= IF_NO_HMAC_VERIFY;
        if(IF_CONF(ifp, hello_interval) > 0)
            ifp->hello_interval = IF_CONF(ifp, hello_interval);
        else if(type == IF_TYPE_WIRELESS)

--- a/interface.h
+++ b/interface.h
@@ -55,6 +55,7 @@ struct interface_conf {
    char unicast;
    char enable_timestamps;
    char rfc6126;
+    char no_hmac_verify;
    int channel;
    unsigned int rtt_decay;
    unsigned int rtt_min;
@@ -84,6 +85,8 @@ struct interface_conf {
 #define IF_TIMESTAMPS (1 << 6)
 /* Remain compatible with RFC 6126. */
 #define IF_RFC6126 (1 << 7)
+/* Packets with a wrong or empty packet trailer are accepted */
+#define IF_NO_HMAC_VERIFY (1 << 8)
 /* Use Babel over DTLS on this interface. */
 #define IF_DTLS (1 << 9)

--- a/message.c
+++ b/message.c
@@ -593,9 +593,8 @@ parse_packet(const unsigned char *from, struct interface *ifp,
        return;
    }
-    if(ifp->key != NULL) {
+    if(ifp->key != NULL && !(ifp->flags & IF_NO_HMAC_VERIFY)) {
-        if(check_hmac(packet, packetlen, bodylen, neigh->address,
+        if(check_hmac(packet, packetlen, bodylen, neigh->address, to) != 1) {
-                      to) != 1) {
            fprintf(stderr, "Received wrong hmac.\n");
            return;
        }