]> git.proxmox.com Git - mirror_frr.git/blame - ospfd/ospf_packet.c
projects / mirror_frr.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Merge pull request #5468 from qlyoung/bgpd-remove-bgp-attr-dup
[mirror_frr.git] / ospfd / ospf_packet.c
CommitLineData
718e3744 1/*
2 * OSPF Sending and Receiving OSPF Packets.
3 * Copyright (C) 1999, 2000 Toshiaki Takada
4 *
5 * This file is part of GNU Zebra.
6 *
7 * GNU Zebra is free software; you can redistribute it and/or modify it
8 * under the terms of the GNU General Public License as published by the
9 * Free Software Foundation; either version 2, or (at your option) any
10 * later version.
11 *
12 * GNU Zebra is distributed in the hope that it will be useful, but
13 * WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15 * General Public License for more details.
16 *
896014f4
DL		 17 * You should have received a copy of the GNU General Public License along
18 * with this program; see the file COPYING; if not, write to the Free Software
19 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
718e3744 20 */
21
22#include <zebra.h>
23
cbf3e3eb 24#include "monotime.h"
718e3744 25#include "thread.h"
26#include "memory.h"
27#include "linklist.h"
28#include "prefix.h"
29#include "if.h"
30#include "table.h"
31#include "sockunion.h"
32#include "stream.h"
33#include "log.h"
2dd8bb4e 34#include "sockopt.h"
484315fd 35#include "checksum.h"
0513a271 36#ifdef CRYPTO_INTERNAL
c1a03d47 37#include "md5.h"
0513a271 38#endif
7e2b7603 39#include "vrf.h"
c9cc11f6 40#include "lib_errors.h"
718e3744 41
42#include "ospfd/ospfd.h"
43#include "ospfd/ospf_network.h"
44#include "ospfd/ospf_interface.h"
45#include "ospfd/ospf_ism.h"
46#include "ospfd/ospf_asbr.h"
47#include "ospfd/ospf_lsa.h"
48#include "ospfd/ospf_lsdb.h"
49#include "ospfd/ospf_neighbor.h"
50#include "ospfd/ospf_nsm.h"
51#include "ospfd/ospf_packet.h"
52#include "ospfd/ospf_spf.h"
53#include "ospfd/ospf_flood.h"
54#include "ospfd/ospf_dump.h"
c9cc11f6 55#include "ospfd/ospf_errors.h"
718e3744 56
166b75c2
DS		 57/*
58 * OSPF Fragmentation / fragmented writes
59 *
60 * ospfd can support writing fragmented packets, for cases where
61 * kernel will not fragment IP_HDRINCL and/or multicast destined
62 * packets (ie TTBOMK all kernels, BSD, SunOS, Linux). However,
63 * SunOS, probably BSD too, clobber the user supplied IP ID and IP
64 * flags fields, hence user-space fragmentation will not work.
65 * Only Linux is known to leave IP header unmolested.
66 * Further, fragmentation really should be done the kernel, which already
67 * supports it, and which avoids nasty IP ID state problems.
68 *
69 * Fragmentation of OSPF packets can be required on networks with router
70 * with many many interfaces active in one area, or on networks with links
71 * with low MTUs.
72 */
73#ifdef GNU_LINUX
74#define WANT_OSPF_WRITE_FRAGMENT
75#endif
76
718e3744 77/* Packet Type String. */
d62a17ae 78const struct message ospf_packet_type_str[] = {
79 {OSPF_MSG_HELLO, "Hello"},
80 {OSPF_MSG_DB_DESC, "Database Description"},
81 {OSPF_MSG_LS_REQ, "Link State Request"},
82 {OSPF_MSG_LS_UPD, "Link State Update"},
83 {OSPF_MSG_LS_ACK, "Link State Acknowledgment"},
84 {0}};
718e3744 85
75c8eabb
DO		 86/* Minimum (besides OSPF_HEADER_SIZE) lengths for OSPF packets of
87 particular types, offset is the "type" field of a packet. */
d7c0a89a 88static const uint16_t ospf_packet_minlen[] = {
d62a17ae 89 0,
90 OSPF_HELLO_MIN_SIZE,
91 OSPF_DB_DESC_MIN_SIZE,
92 OSPF_LS_REQ_MIN_SIZE,
93 OSPF_LS_UPD_MIN_SIZE,
94 OSPF_LS_ACK_MIN_SIZE,
75c8eabb
DO		 95};
96
4e31de79
DO		 97/* Minimum (besides OSPF_LSA_HEADER_SIZE) lengths for LSAs of particular
98 types, offset is the "LSA type" field. */
d7c0a89a 99static const uint16_t ospf_lsa_minlen[] = {
d62a17ae 100 0,
101 OSPF_ROUTER_LSA_MIN_SIZE,
102 OSPF_NETWORK_LSA_MIN_SIZE,
103 OSPF_SUMMARY_LSA_MIN_SIZE,
104 OSPF_SUMMARY_LSA_MIN_SIZE,
105 OSPF_AS_EXTERNAL_LSA_MIN_SIZE,
106 0,
107 OSPF_AS_EXTERNAL_LSA_MIN_SIZE,
108 0,
109 0,
110 0,
111 0,
4e31de79
DO		 112};
113
bd5651f0 114/* for ospf_check_auth() */
d62a17ae 115static int ospf_check_sum(struct ospf_header *);
bd5651f0 116
718e3744 117/* OSPF authentication checking function */
d62a17ae 118static int ospf_auth_type(struct ospf_interface *oi)
718e3744 119{
d62a17ae 120 int auth_type;
718e3744 121
d62a17ae 122 if (OSPF_IF_PARAM(oi, auth_type) == OSPF_AUTH_NOTSET)
123 auth_type = oi->area->auth_type;
124 else
125 auth_type = OSPF_IF_PARAM(oi, auth_type);
718e3744 126
d62a17ae 127 /* Handle case where MD5 key list is not configured aka Cisco */
128 if (auth_type == OSPF_AUTH_CRYPTOGRAPHIC
129 && list_isempty(OSPF_IF_PARAM(oi, auth_crypt)))
130 return OSPF_AUTH_NULL;
718e3744 131
d62a17ae 132 return auth_type;
718e3744 133}
134
7cec50a5 135static struct ospf_packet *ospf_packet_new(size_t size)
718e3744 136{
d62a17ae 137 struct ospf_packet *new;
718e3744 138
d62a17ae 139 new = XCALLOC(MTYPE_OSPF_PACKET, sizeof(struct ospf_packet));
140 new->s = stream_new(size);
718e3744 141
d62a17ae 142 return new;
718e3744 143}
144
d62a17ae 145void ospf_packet_free(struct ospf_packet *op)
718e3744 146{
d62a17ae 147 if (op->s)
148 stream_free(op->s);
718e3744 149
d62a17ae 150 XFREE(MTYPE_OSPF_PACKET, op);
718e3744 151}
152
4d762f26 153struct ospf_fifo *ospf_fifo_new(void)
718e3744 154{
d62a17ae 155 struct ospf_fifo *new;
718e3744 156
d62a17ae 157 new = XCALLOC(MTYPE_OSPF_FIFO, sizeof(struct ospf_fifo));
158 return new;
718e3744 159}
160
161/* Add new packet to fifo. */
d62a17ae 162void ospf_fifo_push(struct ospf_fifo *fifo, struct ospf_packet *op)
718e3744 163{
d62a17ae 164 if (fifo->tail)
165 fifo->tail->next = op;
166 else
167 fifo->head = op;
718e3744 168
d62a17ae 169 fifo->tail = op;
718e3744 170
d62a17ae 171 fifo->count++;
718e3744 172}
173
aa276fd7 174/* Add new packet to head of fifo. */
d62a17ae 175static void ospf_fifo_push_head(struct ospf_fifo *fifo, struct ospf_packet *op)
aa276fd7 176{
d62a17ae 177 op->next = fifo->head;
178
179 if (fifo->tail == NULL)
180 fifo->tail = op;
181
182 fifo->head = op;
183
184 fifo->count++;
aa276fd7
PJ		 185}
186
718e3744 187/* Delete first packet from fifo. */
d62a17ae 188struct ospf_packet *ospf_fifo_pop(struct ospf_fifo *fifo)
718e3744 189{
d62a17ae 190 struct ospf_packet *op;
718e3744 191
d62a17ae 192 op = fifo->head;
718e3744 193
d62a17ae 194 if (op) {
195 fifo->head = op->next;
718e3744 196
d62a17ae 197 if (fifo->head == NULL)
198 fifo->tail = NULL;
718e3744 199
d62a17ae 200 fifo->count--;
201 }
718e3744 202
d62a17ae 203 return op;
718e3744 204}
205
206/* Return first fifo entry. */
d62a17ae 207struct ospf_packet *ospf_fifo_head(struct ospf_fifo *fifo)
718e3744 208{
d62a17ae 209 return fifo->head;
718e3744 210}
211
212/* Flush ospf packet fifo. */
d62a17ae 213void ospf_fifo_flush(struct ospf_fifo *fifo)
718e3744 214{
d62a17ae 215 struct ospf_packet *op;
216 struct ospf_packet *next;
718e3744 217
d62a17ae 218 for (op = fifo->head; op; op = next) {
219 next = op->next;
220 ospf_packet_free(op);
221 }
222 fifo->head = fifo->tail = NULL;
223 fifo->count = 0;
718e3744 224}
225
226/* Free ospf packet fifo. */
d62a17ae 227void ospf_fifo_free(struct ospf_fifo *fifo)
718e3744 228{
d62a17ae 229 ospf_fifo_flush(fifo);
718e3744 230
d62a17ae 231 XFREE(MTYPE_OSPF_FIFO, fifo);
718e3744 232}
233
7cec50a5 234static void ospf_packet_add(struct ospf_interface *oi, struct ospf_packet *op)
718e3744 235{
d62a17ae 236 /* Add packet to end of queue. */
237 ospf_fifo_push(oi->obuf, op);
718e3744 238
d62a17ae 239 /* Debug of packet fifo*/
240 /* ospf_fifo_debug (oi->obuf); */
718e3744 241}
242
d62a17ae 243static void ospf_packet_add_top(struct ospf_interface *oi,
244 struct ospf_packet *op)
aa276fd7 245{
d62a17ae 246 /* Add packet to head of queue. */
247 ospf_fifo_push_head(oi->obuf, op);
aa276fd7 248
d62a17ae 249 /* Debug of packet fifo*/
250 /* ospf_fifo_debug (oi->obuf); */
aa276fd7
PJ		 251}
252
7cec50a5 253static void ospf_packet_delete(struct ospf_interface *oi)
718e3744 254{
d62a17ae 255 struct ospf_packet *op;
256
257 op = ospf_fifo_pop(oi->obuf);
718e3744 258
d62a17ae 259 if (op)
260 ospf_packet_free(op);
718e3744 261}
262
7cec50a5 263static struct ospf_packet *ospf_packet_dup(struct ospf_packet *op)
718e3744 264{
d62a17ae 265 struct ospf_packet *new;
718e3744 266
d62a17ae 267 if (stream_get_endp(op->s) != op->length)
268 /* XXX size_t */
c9cc11f6 269 zlog_debug(
d62a17ae 270 "ospf_packet_dup stream %lu ospf_packet %u size mismatch",
d7c0a89a 271 (unsigned long)STREAM_SIZE(op->s), op->length);
30961a15 272
d62a17ae 273 /* Reserve space for MD5 authentication that may be added later. */
274 new = ospf_packet_new(stream_get_endp(op->s) + OSPF_AUTH_MD5_SIZE);
275 stream_copy(new->s, op->s);
718e3744 276
d62a17ae 277 new->dst = op->dst;
278 new->length = op->length;
718e3744 279
d62a17ae 280 return new;
718e3744 281}
282
86f1fd96 283/* XXX inline */
d62a17ae 284static unsigned int ospf_packet_authspace(struct ospf_interface *oi)
86f1fd96 285{
d62a17ae 286 int auth = 0;
86f1fd96 287
d62a17ae 288 if (ospf_auth_type(oi) == OSPF_AUTH_CRYPTOGRAPHIC)
289 auth = OSPF_AUTH_MD5_SIZE;
86f1fd96 290
d62a17ae 291 return auth;
86f1fd96 292}
293
d62a17ae 294static unsigned int ospf_packet_max(struct ospf_interface *oi)
718e3744 295{
d62a17ae 296 int max;
718e3744 297
d62a17ae 298 max = oi->ifp->mtu - ospf_packet_authspace(oi);
86f1fd96 299
d62a17ae 300 max -= (OSPF_HEADER_SIZE + sizeof(struct ip));
718e3744 301
d62a17ae 302 return max;
718e3744 303}
304
6b0655a2 305
d62a17ae 306static int ospf_check_md5_digest(struct ospf_interface *oi,
307 struct ospf_header *ospfh)
718e3744 308{
0513a271
MR		 309#ifdef CRYPTO_OPENSSL
310 EVP_MD_CTX *ctx;
311#elif CRYPTO_INTERNAL
d62a17ae 312 MD5_CTX ctx;
0513a271 313#endif
d62a17ae 314 unsigned char digest[OSPF_AUTH_MD5_SIZE];
315 struct crypt_key *ck;
316 struct ospf_neighbor *nbr;
d7c0a89a 317 uint16_t length = ntohs(ospfh->length);
d62a17ae 318
319 /* Get secret key. */
320 ck = ospf_crypt_key_lookup(OSPF_IF_PARAM(oi, auth_crypt),
321 ospfh->u.crypt.key_id);
322 if (ck == NULL) {
1c50c1c0
QY		 323 flog_warn(EC_OSPF_MD5, "interface %s: ospf_check_md5 no key %d",
324 IF_NAME(oi), ospfh->u.crypt.key_id);
d62a17ae 325 return 0;
326 }
718e3744 327
d62a17ae 328 /* check crypto seqnum. */
329 nbr = ospf_nbr_lookup_by_routerid(oi->nbrs, &ospfh->router_id);
718e3744 330
d62a17ae 331 if (nbr
332 && ntohl(nbr->crypt_seqnum) > ntohl(ospfh->u.crypt.crypt_seqnum)) {
c9cc11f6 333 flog_warn(
cf444bcf 334 EC_OSPF_MD5,
d62a17ae 335 "interface %s: ospf_check_md5 bad sequence %d (expect %d)",
336 IF_NAME(oi), ntohl(ospfh->u.crypt.crypt_seqnum),
337 ntohl(nbr->crypt_seqnum));
338 return 0;
339 }
718e3744 340
d62a17ae 341 /* Generate a digest for the ospf packet - their digest + our digest. */
0513a271
MR		 342#ifdef CRYPTO_OPENSSL
343 unsigned int md5_size = OSPF_AUTH_MD5_SIZE;
344 ctx = EVP_MD_CTX_new();
345 EVP_DigestInit(ctx, EVP_md5());
346 EVP_DigestUpdate(ctx, ospfh, length);
347 EVP_DigestUpdate(ctx, ck->auth_key, OSPF_AUTH_MD5_SIZE);
348 EVP_DigestFinal(ctx, digest, &md5_size);
349 EVP_MD_CTX_free(ctx);
350#elif CRYPTO_INTERNAL
d62a17ae 351 memset(&ctx, 0, sizeof(ctx));
352 MD5Init(&ctx);
353 MD5Update(&ctx, ospfh, length);
354 MD5Update(&ctx, ck->auth_key, OSPF_AUTH_MD5_SIZE);
355 MD5Final(digest, &ctx);
0513a271 356#endif
d62a17ae 357
358 /* compare the two */
359 if (memcmp((caddr_t)ospfh + length, digest, OSPF_AUTH_MD5_SIZE)) {
cf444bcf 360 flog_warn(EC_OSPF_MD5,
c9cc11f6 361 "interface %s: ospf_check_md5 checksum mismatch",
d62a17ae 362 IF_NAME(oi));
363 return 0;
364 }
718e3744 365
d62a17ae 366 /* save neighbor's crypt_seqnum */
367 if (nbr)
368 nbr->crypt_seqnum = ospfh->u.crypt.crypt_seqnum;
369 return 1;
718e3744 370}
371
372/* This function is called from ospf_write(), it will detect the
373 authentication scheme and if it is MD5, it will change the sequence
374 and update the MD5 digest. */
d62a17ae 375static int ospf_make_md5_digest(struct ospf_interface *oi,
376 struct ospf_packet *op)
377{
378 struct ospf_header *ospfh;
379 unsigned char digest[OSPF_AUTH_MD5_SIZE] = {0};
0513a271
MR		 380#ifdef CRYPTO_OPENSSL
381 EVP_MD_CTX *ctx;
382#elif CRYPTO_INTERNAL
d62a17ae 383 MD5_CTX ctx;
0513a271 384#endif
d62a17ae 385 void *ibuf;
d7c0a89a 386 uint32_t t;
d62a17ae 387 struct crypt_key *ck;
d7c0a89a 388 const uint8_t *auth_key;
d62a17ae 389
390 ibuf = STREAM_DATA(op->s);
391 ospfh = (struct ospf_header *)ibuf;
392
393 if (ntohs(ospfh->auth_type) != OSPF_AUTH_CRYPTOGRAPHIC)
394 return 0;
395
396 /* We do this here so when we dup a packet, we don't have to
397 waste CPU rewriting other headers.
398
399 Note that quagga_time /deliberately/ is not used here */
400 t = (time(NULL) & 0xFFFFFFFF);
401 if (t > oi->crypt_seqnum)
402 oi->crypt_seqnum = t;
403 else
404 oi->crypt_seqnum++;
405
406 ospfh->u.crypt.crypt_seqnum = htonl(oi->crypt_seqnum);
407
408 /* Get MD5 Authentication key from auth_key list. */
409 if (list_isempty(OSPF_IF_PARAM(oi, auth_crypt)))
d7c0a89a 410 auth_key = (const uint8_t *)digest;
d62a17ae 411 else {
412 ck = listgetdata(listtail(OSPF_IF_PARAM(oi, auth_crypt)));
413 auth_key = ck->auth_key;
414 }
718e3744 415
d62a17ae 416 /* Generate a digest for the entire packet + our secret key. */
0513a271
MR		 417#ifdef CRYPTO_OPENSSL
418 unsigned int md5_size = OSPF_AUTH_MD5_SIZE;
419 ctx = EVP_MD_CTX_new();
420 EVP_DigestInit(ctx, EVP_md5());
421 EVP_DigestUpdate(ctx, ibuf, ntohs(ospfh->length));
422 EVP_DigestUpdate(ctx, auth_key, OSPF_AUTH_MD5_SIZE);
423 EVP_DigestFinal(ctx, digest, &md5_size);
424 EVP_MD_CTX_free(ctx);
425#elif CRYPTO_INTERNAL
d62a17ae 426 memset(&ctx, 0, sizeof(ctx));
427 MD5Init(&ctx);
428 MD5Update(&ctx, ibuf, ntohs(ospfh->length));
429 MD5Update(&ctx, auth_key, OSPF_AUTH_MD5_SIZE);
430 MD5Final(digest, &ctx);
0513a271 431#endif
718e3744 432
d62a17ae 433 /* Append md5 digest to the end of the stream. */
434 stream_put(op->s, digest, OSPF_AUTH_MD5_SIZE);
718e3744 435
d62a17ae 436 /* We do *NOT* increment the OSPF header length. */
437 op->length = ntohs(ospfh->length) + OSPF_AUTH_MD5_SIZE;
30961a15 438
d62a17ae 439 if (stream_get_endp(op->s) != op->length)
440 /* XXX size_t */
c9cc11f6 441 flog_warn(
cf444bcf 442 EC_OSPF_MD5,
d62a17ae 443 "ospf_make_md5_digest: length mismatch stream %lu ospf_packet %u",
d7c0a89a 444 (unsigned long)stream_get_endp(op->s), op->length);
718e3744 445
d62a17ae 446 return OSPF_AUTH_MD5_SIZE;
718e3744 447}
448
6b0655a2 449
d62a17ae 450static int ospf_ls_req_timer(struct thread *thread)
718e3744 451{
d62a17ae 452 struct ospf_neighbor *nbr;
718e3744 453
d62a17ae 454 nbr = THREAD_ARG(thread);
455 nbr->t_ls_req = NULL;
718e3744 456
d62a17ae 457 /* Send Link State Request. */
458 if (ospf_ls_request_count(nbr))
459 ospf_ls_req_send(nbr);
718e3744 460
d62a17ae 461 /* Set Link State Request retransmission timer. */
462 OSPF_NSM_TIMER_ON(nbr->t_ls_req, ospf_ls_req_timer, nbr->v_ls_req);
718e3744 463
d62a17ae 464 return 0;
718e3744 465}
466
d62a17ae 467void ospf_ls_req_event(struct ospf_neighbor *nbr)
718e3744 468{
d62a17ae 469 if (nbr->t_ls_req) {
470 thread_cancel(nbr->t_ls_req);
471 nbr->t_ls_req = NULL;
472 }
473 nbr->t_ls_req = NULL;
474 thread_add_event(master, ospf_ls_req_timer, nbr, 0, &nbr->t_ls_req);
718e3744 475}
476
477/* Cyclic timer function. Fist registered in ospf_nbr_new () in
478 ospf_neighbor.c */
d62a17ae 479int ospf_ls_upd_timer(struct thread *thread)
480{
481 struct ospf_neighbor *nbr;
482
483 nbr = THREAD_ARG(thread);
484 nbr->t_ls_upd = NULL;
485
486 /* Send Link State Update. */
487 if (ospf_ls_retransmit_count(nbr) > 0) {
488 struct list *update;
489 struct ospf_lsdb *lsdb;
490 int i;
491 int retransmit_interval;
492
493 retransmit_interval =
494 OSPF_IF_PARAM(nbr->oi, retransmit_interval);
495
496 lsdb = &nbr->ls_rxmt;
497 update = list_new();
498
499 for (i = OSPF_MIN_LSA; i < OSPF_MAX_LSA; i++) {
500 struct route_table *table = lsdb->type[i].db;
501 struct route_node *rn;
502
503 for (rn = route_top(table); rn; rn = route_next(rn)) {
504 struct ospf_lsa *lsa;
505
506 if ((lsa = rn->info) != NULL) {
507 /* Don't retransmit an LSA if we
508 received it within
509 the last RxmtInterval seconds - this
510 is to allow the
511 neighbour a chance to acknowledge the
512 LSA as it may
513 have ben just received before the
514 retransmit timer
515 fired. This is a small tweak to what
516 is in the RFC,
517 but it will cut out out a lot of
518 retransmit traffic
519 - MAG */
520 if (monotime_since(&lsa->tv_recv, NULL)
521 >= retransmit_interval * 1000000LL)
522 listnode_add(update, rn->info);
523 }
524 }
525 }
718e3744 526
d62a17ae 527 if (listcount(update) > 0)
996c9314
LB		 528 ospf_ls_upd_send(nbr, update, OSPF_SEND_PACKET_DIRECT,
529 0);
6a154c88 530 list_delete(&update);
718e3744 531 }
532
d62a17ae 533 /* Set LS Update retransmission timer. */
534 OSPF_NSM_TIMER_ON(nbr->t_ls_upd, ospf_ls_upd_timer, nbr->v_ls_upd);
718e3744 535
d62a17ae 536 return 0;
718e3744 537}
538
d62a17ae 539int ospf_ls_ack_timer(struct thread *thread)
718e3744 540{
d62a17ae 541 struct ospf_interface *oi;
718e3744 542
d62a17ae 543 oi = THREAD_ARG(thread);
544 oi->t_ls_ack = NULL;
718e3744 545
d62a17ae 546 /* Send Link State Acknowledgment. */
547 if (listcount(oi->ls_ack) > 0)
548 ospf_ls_ack_send_delayed(oi);
718e3744 549
d62a17ae 550 /* Set LS Ack timer. */
551 OSPF_ISM_TIMER_ON(oi->t_ls_ack, ospf_ls_ack_timer, oi->v_ls_ack);
718e3744 552
d62a17ae 553 return 0;
718e3744 554}
555
0bfeca3f 556#ifdef WANT_OSPF_WRITE_FRAGMENT
d62a17ae 557static void ospf_write_frags(int fd, struct ospf_packet *op, struct ip *iph,
558 struct msghdr *msg, unsigned int maxdatasize,
d7c0a89a 559 unsigned int mtu, int flags, uint8_t type)
0bfeca3f 560{
561#define OSPF_WRITE_FRAG_SHIFT 3
d7c0a89a 562 uint16_t offset;
d62a17ae 563 struct iovec *iovp;
564 int ret;
565
566 assert(op->length == stream_get_endp(op->s));
567 assert(msg->msg_iovlen == 2);
568
569 /* we can but try.
570 *
571 * SunOS, BSD and BSD derived kernels likely will clear ip_id, as
572 * well as the IP_MF flag, making this all quite pointless.
573 *
574 * However, for a system on which IP_MF is left alone, and ip_id left
575 * alone or else which sets same ip_id for each fragment this might
576 * work, eg linux.
577 *
578 * XXX-TODO: It would be much nicer to have the kernel's use their
579 * existing fragmentation support to do this for us. Bugs/RFEs need to
580 * be raised against the various kernels.
581 */
582
583 /* set More Frag */
584 iph->ip_off |= IP_MF;
585
586 /* ip frag offset is expressed in units of 8byte words */
587 offset = maxdatasize >> OSPF_WRITE_FRAG_SHIFT;
588
589 iovp = &msg->msg_iov[1];
590
591 while ((stream_get_endp(op->s) - stream_get_getp(op->s))
592 > maxdatasize) {
593 /* data length of this frag is to next offset value */
594 iovp->iov_len = offset << OSPF_WRITE_FRAG_SHIFT;
595 iph->ip_len = iovp->iov_len + sizeof(struct ip);
596 assert(iph->ip_len <= mtu);
597
598 sockopt_iphdrincl_swab_htosys(iph);
599
600 ret = sendmsg(fd, msg, flags);
601
602 sockopt_iphdrincl_swab_systoh(iph);
603
604 if (ret < 0)
c9cc11f6 605 flog_err(
450971aa 606 EC_LIB_SOCKET,
d62a17ae 607 "*** ospf_write_frags: sendmsg failed to %s,"
608 " id %d, off %d, len %d, mtu %u failed with %s",
609 inet_ntoa(iph->ip_dst), iph->ip_id, iph->ip_off,
610 iph->ip_len, mtu, safe_strerror(errno));
611
612 if (IS_DEBUG_OSPF_PACKET(type - 1, SEND)) {
613 zlog_debug(
614 "ospf_write_frags: sent id %d, off %d, len %d to %s\n",
615 iph->ip_id, iph->ip_off, iph->ip_len,
616 inet_ntoa(iph->ip_dst));
d62a17ae 617 }
618
619 iph->ip_off += offset;
620 stream_forward_getp(op->s, iovp->iov_len);
2d34fb80 621 iovp->iov_base = stream_pnt(op->s);
d62a17ae 622 }
623
624 /* setup for final fragment */
625 iovp->iov_len = stream_get_endp(op->s) - stream_get_getp(op->s);
626 iph->ip_len = iovp->iov_len + sizeof(struct ip);
627 iph->ip_off &= (~IP_MF);
0bfeca3f 628}
629#endif /* WANT_OSPF_WRITE_FRAGMENT */
630
d62a17ae 631static int ospf_write(struct thread *thread)
632{
633 struct ospf *ospf = THREAD_ARG(thread);
634 struct ospf_interface *oi;
635 struct ospf_interface *last_serviced_oi = NULL;
636 struct ospf_packet *op;
637 struct sockaddr_in sa_dst;
638 struct ip iph;
639 struct msghdr msg;
640 struct iovec iov[2];
d7c0a89a 641 uint8_t type;
d62a17ae 642 int ret;
643 int flags = 0;
644 struct listnode *node;
0bfeca3f 645#ifdef WANT_OSPF_WRITE_FRAGMENT
d7c0a89a
QY		 646 static uint16_t ipid = 0;
647 uint16_t maxdatasize;
9d303b37 648#endif /* WANT_OSPF_WRITE_FRAGMENT */
68b7339a 649#define OSPF_WRITE_IPHL_SHIFT 2
d62a17ae 650 int pkt_count = 0;
e1b18df1
CS		 651
652#ifdef GNU_LINUX
3e300703 653 unsigned char cmsgbuf[64] = {};
e7503eab
CS		 654 struct cmsghdr *cm = (struct cmsghdr *)cmsgbuf;
655 struct in_pktinfo *pi;
e1b18df1 656#endif
d62a17ae 657
c32eba04
CS		 658 if (ospf->fd < 0 || ospf->oi_running == 0) {
659 if (IS_DEBUG_OSPF_EVENT)
660 zlog_debug(
661 "ospf_write failed to send, fd %d, instance %u"
662 ,ospf->fd, ospf->oi_running);
663 return -1;
664 }
665
d62a17ae 666 node = listhead(ospf->oi_write_q);
667 assert(node);
668 oi = listgetdata(node);
0bfeca3f 669
670#ifdef WANT_OSPF_WRITE_FRAGMENT
d62a17ae 671 /* seed ipid static with low order bits of time */
672 if (ipid == 0)
673 ipid = (time(NULL) & 0xffff);
0bfeca3f 674#endif /* WANT_OSPF_WRITE_FRAGMENT */
675
d62a17ae 676 while ((pkt_count < ospf->write_oi_count) && oi
677 && (last_serviced_oi != oi)) {
678 /* If there is only packet in the queue, the oi is removed from
679 write-q, so fix up the last interface that was serviced */
680 if (last_serviced_oi == NULL) {
681 last_serviced_oi = oi;
682 }
683 pkt_count++;
233cc0fb 684#ifdef WANT_OSPF_WRITE_FRAGMENT
d62a17ae 685 /* convenience - max OSPF data per packet */
686 maxdatasize = oi->ifp->mtu - sizeof(struct ip);
233cc0fb 687#endif /* WANT_OSPF_WRITE_FRAGMENT */
d62a17ae 688 /* Get one packet from queue. */
689 op = ospf_fifo_head(oi->obuf);
690 assert(op);
691 assert(op->length >= OSPF_HEADER_SIZE);
692
693 if (op->dst.s_addr == htonl(OSPF_ALLSPFROUTERS)
694 || op->dst.s_addr == htonl(OSPF_ALLDROUTERS))
695 ospf_if_ipmulticast(ospf, oi->address,
696 oi->ifp->ifindex);
697
698 /* Rewrite the md5 signature & update the seq */
699 ospf_make_md5_digest(oi, op);
700
701 /* Retrieve OSPF packet type. */
702 stream_set_getp(op->s, 1);
703 type = stream_getc(op->s);
704
705 /* reset get pointer */
706 stream_set_getp(op->s, 0);
707
708 memset(&iph, 0, sizeof(struct ip));
709 memset(&sa_dst, 0, sizeof(sa_dst));
710
711 sa_dst.sin_family = AF_INET;
6f0e3f6e 712#ifdef HAVE_STRUCT_SOCKADDR_IN_SIN_LEN
d62a17ae 713 sa_dst.sin_len = sizeof(sa_dst);
6f0e3f6e 714#endif /* HAVE_STRUCT_SOCKADDR_IN_SIN_LEN */
d62a17ae 715 sa_dst.sin_addr = op->dst;
716 sa_dst.sin_port = htons(0);
717
718 /* Set DONTROUTE flag if dst is unicast. */
719 if (oi->type != OSPF_IFTYPE_VIRTUALLINK)
720 if (!IN_MULTICAST(htonl(op->dst.s_addr)))
721 flags = MSG_DONTROUTE;
722
723 iph.ip_hl = sizeof(struct ip) >> OSPF_WRITE_IPHL_SHIFT;
724 /* it'd be very strange for header to not be 4byte-word aligned
725 * but.. */
726 if (sizeof(struct ip)
727 > (unsigned int)(iph.ip_hl << OSPF_WRITE_IPHL_SHIFT))
728 iph.ip_hl++; /* we presume sizeof struct ip cant
729 overflow ip_hl.. */
730
731 iph.ip_v = IPVERSION;
732 iph.ip_tos = IPTOS_PREC_INTERNETCONTROL;
733 iph.ip_len = (iph.ip_hl << OSPF_WRITE_IPHL_SHIFT) + op->length;
68b7339a 734
0150c9c9 735#if defined(__DragonFly__)
d62a17ae 736 /*
737 * DragonFly's raw socket expects ip_len/ip_off in network byte
738 * order.
739 */
740 iph.ip_len = htons(iph.ip_len);
0150c9c9
DB		 741#endif
742
0bfeca3f 743#ifdef WANT_OSPF_WRITE_FRAGMENT
d62a17ae 744 /* XXX-MT: not thread-safe at all..
745 * XXX: this presumes this is only programme sending OSPF
746 * packets
747 * otherwise, no guarantee ipid will be unique
748 */
749 iph.ip_id = ++ipid;
0bfeca3f 750#endif /* WANT_OSPF_WRITE_FRAGMENT */
751
d62a17ae 752 iph.ip_off = 0;
753 if (oi->type == OSPF_IFTYPE_VIRTUALLINK)
754 iph.ip_ttl = OSPF_VL_IP_TTL;
755 else
756 iph.ip_ttl = OSPF_IP_TTL;
757 iph.ip_p = IPPROTO_OSPFIGP;
758 iph.ip_sum = 0;
759 iph.ip_src.s_addr = oi->address->u.prefix4.s_addr;
760 iph.ip_dst.s_addr = op->dst.s_addr;
761
762 memset(&msg, 0, sizeof(msg));
763 msg.msg_name = (caddr_t)&sa_dst;
764 msg.msg_namelen = sizeof(sa_dst);
765 msg.msg_iov = iov;
766 msg.msg_iovlen = 2;
e7503eab 767
d62a17ae 768 iov[0].iov_base = (char *)&iph;
769 iov[0].iov_len = iph.ip_hl << OSPF_WRITE_IPHL_SHIFT;
2d34fb80 770 iov[1].iov_base = stream_pnt(op->s);
d62a17ae 771 iov[1].iov_len = op->length;
772
e1b18df1
CS		 773#ifdef GNU_LINUX
774 msg.msg_control = (caddr_t)cm;
e7503eab
CS		 775 cm->cmsg_level = SOL_IP;
776 cm->cmsg_type = IP_PKTINFO;
777 cm->cmsg_len = CMSG_LEN(sizeof(struct in_pktinfo));
778 pi = (struct in_pktinfo *)CMSG_DATA(cm);
779 pi->ipi_ifindex = oi->ifp->ifindex;
780
781 msg.msg_controllen = cm->cmsg_len;
e1b18df1 782#endif
e7503eab 783
996c9314
LB		 784/* Sadly we can not rely on kernels to fragment packets
785 * because of either IP_HDRINCL and/or multicast
786 * destination being set.
787 */
e7503eab 788
0bfeca3f 789#ifdef WANT_OSPF_WRITE_FRAGMENT
d62a17ae 790 if (op->length > maxdatasize)
791 ospf_write_frags(ospf->fd, op, &iph, &msg, maxdatasize,
792 oi->ifp->mtu, flags, type);
0bfeca3f 793#endif /* WANT_OSPF_WRITE_FRAGMENT */
718e3744 794
d62a17ae 795 /* send final fragment (could be first) */
796 sockopt_iphdrincl_swab_htosys(&iph);
797 ret = sendmsg(ospf->fd, &msg, flags);
798 sockopt_iphdrincl_swab_systoh(&iph);
799 if (IS_DEBUG_OSPF_EVENT)
800 zlog_debug(
801 "ospf_write to %s, "
802 "id %d, off %d, len %d, interface %s, mtu %u:",
803 inet_ntoa(iph.ip_dst), iph.ip_id, iph.ip_off,
804 iph.ip_len, oi->ifp->name, oi->ifp->mtu);
805
806 if (ret < 0)
c9cc11f6 807 flog_err(
450971aa 808 EC_LIB_SOCKET,
d62a17ae 809 "*** sendmsg in ospf_write failed to %s, "
810 "id %d, off %d, len %d, interface %s, mtu %u: %s",
811 inet_ntoa(iph.ip_dst), iph.ip_id, iph.ip_off,
812 iph.ip_len, oi->ifp->name, oi->ifp->mtu,
813 safe_strerror(errno));
814
815 /* Show debug sending packet. */
816 if (IS_DEBUG_OSPF_PACKET(type - 1, SEND)) {
817 if (IS_DEBUG_OSPF_PACKET(type - 1, DETAIL)) {
818 zlog_debug(
819 "-----------------------------------------------------");
d62a17ae 820 stream_set_getp(op->s, 0);
821 ospf_packet_dump(op->s);
822 }
823
824 zlog_debug("%s sent to [%s] via [%s].",
825 lookup_msg(ospf_packet_type_str, type, NULL),
826 inet_ntoa(op->dst), IF_NAME(oi));
827
828 if (IS_DEBUG_OSPF_PACKET(type - 1, DETAIL))
829 zlog_debug(
830 "-----------------------------------------------------");
831 }
832
c9339663 833 switch (type) {
996c9314
LB		 834 case OSPF_MSG_HELLO:
835 oi->hello_out++;
836 break;
837 case OSPF_MSG_DB_DESC:
838 oi->db_desc_out++;
839 break;
840 case OSPF_MSG_LS_REQ:
841 oi->ls_req_out++;
842 break;
843 case OSPF_MSG_LS_UPD:
844 oi->ls_upd_out++;
845 break;
846 case OSPF_MSG_LS_ACK:
847 oi->ls_ack_out++;
848 break;
849 default:
850 break;
c9339663
CS		 851 }
852
d62a17ae 853 /* Now delete packet from queue. */
854 ospf_packet_delete(oi);
855
856 /* Move this interface to the tail of write_q to
857 serve everyone in a round robin fashion */
858 list_delete_node(ospf->oi_write_q, node);
859 if (ospf_fifo_head(oi->obuf) == NULL) {
860 oi->on_write_q = 0;
861 last_serviced_oi = NULL;
862 oi = NULL;
863 } else {
864 listnode_add(ospf->oi_write_q, oi);
e8f45e82 865 }
d62a17ae 866
867 /* Setup to service from the head of the queue again */
868 if (!list_isempty(ospf->oi_write_q)) {
869 node = listhead(ospf->oi_write_q);
d62a17ae 870 oi = listgetdata(node);
d62a17ae 871 }
872 }
873
874 /* If packets still remain in queue, call write thread. */
4bb420ab 875 if (!list_isempty(ospf->oi_write_q))
d62a17ae 876 thread_add_write(master, ospf_write, ospf, ospf->fd,
877 &ospf->t_write);
718e3744 878
d62a17ae 879 return 0;
718e3744 880}
881
882/* OSPF Hello message read -- RFC2328 Section 10.5. */
d62a17ae 883static void ospf_hello(struct ip *iph, struct ospf_header *ospfh,
884 struct stream *s, struct ospf_interface *oi, int size)
885{
886 struct ospf_hello *hello;
887 struct ospf_neighbor *nbr;
888 int old_state;
889 struct prefix p;
890
891 /* increment statistics. */
892 oi->hello_in++;
893
2d34fb80 894 hello = (struct ospf_hello *)stream_pnt(s);
d62a17ae 895
896 /* If Hello is myself, silently discard. */
897 if (IPV4_ADDR_SAME(&ospfh->router_id, &oi->ospf->router_id)) {
898 if (IS_DEBUG_OSPF_PACKET(ospfh->type - 1, RECV)) {
899 zlog_debug(
900 "ospf_header[%s/%s]: selforiginated, "
901 "dropping.",
902 lookup_msg(ospf_packet_type_str, ospfh->type,
903 NULL),
904 inet_ntoa(iph->ip_src));
905 }
906 return;
907 }
908
909 /* get neighbor prefix. */
910 p.family = AF_INET;
911 p.prefixlen = ip_masklen(hello->network_mask);
912 p.u.prefix4 = iph->ip_src;
913
914 /* Compare network mask. */
915 /* Checking is ignored for Point-to-Point and Virtual link. */
916 if (oi->type != OSPF_IFTYPE_POINTOPOINT
917 && oi->type != OSPF_IFTYPE_VIRTUALLINK)
918 if (oi->address->prefixlen != p.prefixlen) {
c9cc11f6 919 flog_warn(
cf444bcf 920 EC_OSPF_PACKET,
d62a17ae 921 "Packet %s [Hello:RECV]: NetworkMask mismatch on %s (configured prefix length is %d, but hello packet indicates %d).",
922 inet_ntoa(ospfh->router_id), IF_NAME(oi),
923 (int)oi->address->prefixlen, (int)p.prefixlen);
924 return;
925 }
926
927 /* Compare Router Dead Interval. */
928 if (OSPF_IF_PARAM(oi, v_wait) != ntohl(hello->dead_interval)) {
cf444bcf 929 flog_warn(EC_OSPF_PACKET,
c9cc11f6
DS		 930 "Packet %s [Hello:RECV]: RouterDeadInterval mismatch "
931 "(expected %u, but received %u).",
932 inet_ntoa(ospfh->router_id),
933 OSPF_IF_PARAM(oi, v_wait),
934 ntohl(hello->dead_interval));
d62a17ae 935 return;
936 }
937
938 /* Compare Hello Interval - ignored if fast-hellos are set. */
939 if (OSPF_IF_PARAM(oi, fast_hello) == 0) {
940 if (OSPF_IF_PARAM(oi, v_hello)
941 != ntohs(hello->hello_interval)) {
c9cc11f6 942 flog_warn(
cf444bcf 943 EC_OSPF_PACKET,
d62a17ae 944 "Packet %s [Hello:RECV]: HelloInterval mismatch "
945 "(expected %u, but received %u).",
946 inet_ntoa(ospfh->router_id),
947 OSPF_IF_PARAM(oi, v_hello),
948 ntohs(hello->hello_interval));
949 return;
950 }
951 }
952
953 if (IS_DEBUG_OSPF_EVENT)
b5a8894d 954 zlog_debug("Packet %s [Hello:RECV]: Options %s vrf %s",
d62a17ae 955 inet_ntoa(ospfh->router_id),
b5a8894d
CS		 956 ospf_options_dump(hello->options),
957 ospf_vrf_id_to_name(oi->ospf->vrf_id));
d62a17ae 958
959/* Compare options. */
718e3744 960#define REJECT_IF_TBIT_ON 1 /* XXX */
961#ifdef REJECT_IF_TBIT_ON
d62a17ae 962 if (CHECK_FLAG(hello->options, OSPF_OPTION_MT)) {
963 /*
964 * This router does not support non-zero TOS.
965 * Drop this Hello packet not to establish neighbor
966 * relationship.
967 */
cf444bcf 968 flog_warn(EC_OSPF_PACKET,
c9cc11f6 969 "Packet %s [Hello:RECV]: T-bit on, drop it.",
d62a17ae 970 inet_ntoa(ospfh->router_id));
971 return;
972 }
718e3744 973#endif /* REJECT_IF_TBIT_ON */
974
d62a17ae 975 if (CHECK_FLAG(oi->ospf->config, OSPF_OPAQUE_CAPABLE)
976 && CHECK_FLAG(hello->options, OSPF_OPTION_O)) {
977 /*
978 * This router does know the correct usage of O-bit
979 * the bit should be set in DD packet only.
980 */
cf444bcf 981 flog_warn(EC_OSPF_PACKET,
c9cc11f6 982 "Packet %s [Hello:RECV]: O-bit abuse?",
d62a17ae 983 inet_ntoa(ospfh->router_id));
718e3744 984#ifdef STRICT_OBIT_USAGE_CHECK
d62a17ae 985 return; /* Reject this packet. */
986#else /* STRICT_OBIT_USAGE_CHECK */
987 UNSET_FLAG(hello->options, OSPF_OPTION_O); /* Ignore O-bit. */
988#endif /* STRICT_OBIT_USAGE_CHECK */
989 }
718e3744 990
d62a17ae 991 /* new for NSSA is to ensure that NP is on and E is off */
992
993 if (oi->area->external_routing == OSPF_AREA_NSSA) {
994 if (!(CHECK_FLAG(OPTIONS(oi), OSPF_OPTION_NP)
995 && CHECK_FLAG(hello->options, OSPF_OPTION_NP)
996 && !CHECK_FLAG(OPTIONS(oi), OSPF_OPTION_E)
997 && !CHECK_FLAG(hello->options, OSPF_OPTION_E))) {
c9cc11f6 998 flog_warn(
cf444bcf 999 EC_OSPF_PACKET,
d62a17ae 1000 "NSSA-Packet-%s[Hello:RECV]: my options: %x, his options %x",
1001 inet_ntoa(ospfh->router_id), OPTIONS(oi),
1002 hello->options);
1003 return;
1004 }
1005 if (IS_DEBUG_OSPF_NSSA)
1006 zlog_debug("NSSA-Hello:RECV:Packet from %s:",
1007 inet_ntoa(ospfh->router_id));
1008 } else
1009 /* The setting of the E-bit found in the Hello Packet's Options
1010 field must match this area's ExternalRoutingCapability A
1011 mismatch causes processing to stop and the packet to be
1012 dropped. The setting of the rest of the bits in the Hello
1013 Packet's Options field should be ignored. */
1014 if (CHECK_FLAG(OPTIONS(oi), OSPF_OPTION_E)
1015 != CHECK_FLAG(hello->options, OSPF_OPTION_E)) {
c9cc11f6 1016 flog_warn(
cf444bcf 1017 EC_OSPF_PACKET,
d62a17ae 1018 "Packet %s [Hello:RECV]: my options: %x, his options %x",
1019 inet_ntoa(ospfh->router_id), OPTIONS(oi),
1020 hello->options);
1021 return;
1022 }
718e3744 1023
d62a17ae 1024 /* get neighbour struct */
1025 nbr = ospf_nbr_get(oi, ospfh, iph, &p);
1026
1027 /* neighbour must be valid, ospf_nbr_get creates if none existed */
1028 assert(nbr);
1029
1030 old_state = nbr->state;
1031
1032 /* Add event to thread. */
1033 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_PacketReceived);
1034
1035 /* RFC2328 Section 9.5.1
1036 If the router is not eligible to become Designated Router,
1037 (snip) It must also send an Hello Packet in reply to an
1038 Hello Packet received from any eligible neighbor (other than
1039 the current Designated Router and Backup Designated Router). */
1040 if (oi->type == OSPF_IFTYPE_NBMA)
1041 if (PRIORITY(oi) == 0 && hello->priority > 0
1042 && IPV4_ADDR_CMP(&DR(oi), &iph->ip_src)
1043 && IPV4_ADDR_CMP(&BDR(oi), &iph->ip_src))
1044 OSPF_NSM_TIMER_ON(nbr->t_hello_reply,
1045 ospf_hello_reply_timer,
1046 OSPF_HELLO_REPLY_DELAY);
1047
1048 /* on NBMA network type, it happens to receive bidirectional Hello
1049 packet
1050 without advance 1-Way Received event.
1051 To avoid incorrect DR-seletion, raise 1-Way Received event.*/
1052 if (oi->type == OSPF_IFTYPE_NBMA
1053 && (old_state == NSM_Down || old_state == NSM_Attempt)) {
1054 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_OneWayReceived);
1055 nbr->priority = hello->priority;
1056 nbr->d_router = hello->d_router;
1057 nbr->bd_router = hello->bd_router;
1058 return;
1059 }
1060
1061 if (ospf_nbr_bidirectional(&oi->ospf->router_id, hello->neighbors,
1062 size - OSPF_HELLO_MIN_SIZE)) {
1063 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_TwoWayReceived);
1064 nbr->options |= hello->options;
1065 } else {
1066 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_OneWayReceived);
1067 /* Set neighbor information. */
1068 nbr->priority = hello->priority;
1069 nbr->d_router = hello->d_router;
1070 nbr->bd_router = hello->bd_router;
1071 return;
1072 }
1073
1074 /* If neighbor itself declares DR and no BDR exists,
1075 cause event BackupSeen */
1076 if (IPV4_ADDR_SAME(&nbr->address.u.prefix4, &hello->d_router))
1077 if (hello->bd_router.s_addr == 0 && oi->state == ISM_Waiting)
1078 OSPF_ISM_EVENT_SCHEDULE(oi, ISM_BackupSeen);
1079
1080 /* neighbor itself declares BDR. */
1081 if (oi->state == ISM_Waiting
1082 && IPV4_ADDR_SAME(&nbr->address.u.prefix4, &hello->bd_router))
1083 OSPF_ISM_EVENT_SCHEDULE(oi, ISM_BackupSeen);
1084
1085 /* had not previously. */
1086 if ((IPV4_ADDR_SAME(&nbr->address.u.prefix4, &hello->d_router)
1087 && IPV4_ADDR_CMP(&nbr->address.u.prefix4, &nbr->d_router))
1088 || (IPV4_ADDR_CMP(&nbr->address.u.prefix4, &hello->d_router)
1089 && IPV4_ADDR_SAME(&nbr->address.u.prefix4, &nbr->d_router)))
1090 OSPF_ISM_EVENT_SCHEDULE(oi, ISM_NeighborChange);
1091
1092 /* had not previously. */
1093 if ((IPV4_ADDR_SAME(&nbr->address.u.prefix4, &hello->bd_router)
1094 && IPV4_ADDR_CMP(&nbr->address.u.prefix4, &nbr->bd_router))
1095 || (IPV4_ADDR_CMP(&nbr->address.u.prefix4, &hello->bd_router)
1096 && IPV4_ADDR_SAME(&nbr->address.u.prefix4, &nbr->bd_router)))
1097 OSPF_ISM_EVENT_SCHEDULE(oi, ISM_NeighborChange);
1098
1099 /* Neighbor priority check. */
1100 if (nbr->priority >= 0 && nbr->priority != hello->priority)
1101 OSPF_ISM_EVENT_SCHEDULE(oi, ISM_NeighborChange);
1102
1103 /* Set neighbor information. */
1104 nbr->priority = hello->priority;
1105 nbr->d_router = hello->d_router;
1106 nbr->bd_router = hello->bd_router;
718e3744 1107}
1108
1109/* Save DD flags/options/Seqnum received. */
d62a17ae 1110static void ospf_db_desc_save_current(struct ospf_neighbor *nbr,
1111 struct ospf_db_desc *dd)
718e3744 1112{
d62a17ae 1113 nbr->last_recv.flags = dd->flags;
1114 nbr->last_recv.options = dd->options;
1115 nbr->last_recv.dd_seqnum = ntohl(dd->dd_seqnum);
718e3744 1116}
1117
1118/* Process rest of DD packet. */
d62a17ae 1119static void ospf_db_desc_proc(struct stream *s, struct ospf_interface *oi,
1120 struct ospf_neighbor *nbr,
d7c0a89a 1121 struct ospf_db_desc *dd, uint16_t size)
d62a17ae 1122{
1123 struct ospf_lsa *new, *find;
1124 struct lsa_header *lsah;
1125
1126 stream_forward_getp(s, OSPF_DB_DESC_MIN_SIZE);
1127 for (size -= OSPF_DB_DESC_MIN_SIZE; size >= OSPF_LSA_HEADER_SIZE;
1128 size -= OSPF_LSA_HEADER_SIZE) {
2d34fb80 1129 lsah = (struct lsa_header *)stream_pnt(s);
d62a17ae 1130 stream_forward_getp(s, OSPF_LSA_HEADER_SIZE);
1131
1132 /* Unknown LS type. */
1133 if (lsah->type < OSPF_MIN_LSA || lsah->type >= OSPF_MAX_LSA) {
cf444bcf 1134 flog_warn(EC_OSPF_PACKET,
c9cc11f6 1135 "Packet [DD:RECV]: Unknown LS type %d.",
d62a17ae 1136 lsah->type);
1137 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_SeqNumberMismatch);
1138 return;
1139 }
1140
1141 if (IS_OPAQUE_LSA(lsah->type)
1142 && !CHECK_FLAG(nbr->options, OSPF_OPTION_O)) {
cf444bcf 1143 flog_warn(EC_OSPF_PACKET,
c9cc11f6 1144 "LSA[Type%d:%s]: Opaque capability mismatch?",
d62a17ae 1145 lsah->type, inet_ntoa(lsah->id));
1146 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_SeqNumberMismatch);
1147 return;
1148 }
1149
1150 switch (lsah->type) {
1151 case OSPF_AS_EXTERNAL_LSA:
1152 case OSPF_OPAQUE_AS_LSA:
1153 /* Check for stub area. Reject if AS-External from stub
1154 but
1155 allow if from NSSA. */
1156 if (oi->area->external_routing == OSPF_AREA_STUB) {
c9cc11f6 1157 flog_warn(
cf444bcf 1158 EC_OSPF_PACKET,
d62a17ae 1159 "Packet [DD:RECV]: LSA[Type%d:%s] from %s area.",
1160 lsah->type, inet_ntoa(lsah->id),
1161 (oi->area->external_routing
1162 == OSPF_AREA_STUB)
1163 ? "STUB"
1164 : "NSSA");
1165 OSPF_NSM_EVENT_SCHEDULE(nbr,
1166 NSM_SeqNumberMismatch);
1167 return;
1168 }
1169 break;
1170 default:
1171 break;
1172 }
1173
1174 /* Create LS-request object. */
1175 new = ospf_ls_request_new(lsah);
1176
1177 /* Lookup received LSA, then add LS request list. */
1178 find = ospf_lsa_lookup_by_header(oi->area, lsah);
1179
1180 /* ospf_lsa_more_recent is fine with NULL pointers */
1181 switch (ospf_lsa_more_recent(find, new)) {
1182 case -1:
1183 /* Neighbour has a more recent LSA, we must request it
1184 */
1185 ospf_ls_request_add(nbr, new);
1186 /* fallthru */
1187 case 0:
1188 /* If we have a copy of this LSA, it's either less
1189 * recent
1190 * and we're requesting it from neighbour (the case
1191 * above), or
1192 * it's as recent and we both have same copy (this
1193 * case).
1194 *
1195 * In neither of these two cases is there any point in
1196 * describing our copy of the LSA to the neighbour in a
1197 * DB-Summary packet, if we're still intending to do so.
1198 *
1199 * See: draft-ogier-ospf-dbex-opt-00.txt, describing the
1200 * backward compatible optimisation to OSPF DB Exchange
1201 * /
1202 * DB Description process implemented here.
1203 */
1204 if (find)
1205 ospf_lsdb_delete(&nbr->db_sum, find);
1206 ospf_lsa_discard(new);
1207 break;
1208 default:
1209 /* We have the more recent copy, nothing specific to do:
1210 * - no need to request neighbours stale copy
1211 * - must leave DB summary list copy alone
1212 */
1213 if (IS_DEBUG_OSPF_EVENT)
1214 zlog_debug(
1215 "Packet [DD:RECV]: LSA received Type %d, "
1216 "ID %s is not recent.",
1217 lsah->type, inet_ntoa(lsah->id));
1218 ospf_lsa_discard(new);
1219 }
1220 }
1221
1222 /* Master */
1223 if (IS_SET_DD_MS(nbr->dd_flags)) {
1224 nbr->dd_seqnum++;
1225
1226 /* Both sides have no More, then we're done with Exchange */
1227 if (!IS_SET_DD_M(dd->flags) && !IS_SET_DD_M(nbr->dd_flags))
1228 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_ExchangeDone);
1229 else
1230 ospf_db_desc_send(nbr);
1231 }
1232 /* Slave */
1233 else {
1234 nbr->dd_seqnum = ntohl(dd->dd_seqnum);
1235
1236 /* Send DD packet in reply.
1237 *
1238 * Must be done to acknowledge the Master's DD, regardless of
1239 * whether we have more LSAs ourselves to describe.
1240 *
1241 * This function will clear the 'More' bit, if after this DD
1242 * we have no more LSAs to describe to the master..
1243 */
1244 ospf_db_desc_send(nbr);
1245
1246 /* Slave can raise ExchangeDone now, if master is also done */
1247 if (!IS_SET_DD_M(dd->flags) && !IS_SET_DD_M(nbr->dd_flags))
1248 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_ExchangeDone);
1249 }
1250
1251 /* Save received neighbor values from DD. */
1252 ospf_db_desc_save_current(nbr, dd);
1253
1254 if (!nbr->t_ls_req)
1255 ospf_ls_req_send(nbr);
1256}
1257
1258static int ospf_db_desc_is_dup(struct ospf_db_desc *dd,
1259 struct ospf_neighbor *nbr)
1260{
1261 /* Is DD duplicated? */
1262 if (dd->options == nbr->last_recv.options
1263 && dd->flags == nbr->last_recv.flags
1264 && dd->dd_seqnum == htonl(nbr->last_recv.dd_seqnum))
1265 return 1;
1266
1267 return 0;
718e3744 1268}
1269
1270/* OSPF Database Description message read -- RFC2328 Section 10.6. */
d62a17ae 1271static void ospf_db_desc(struct ip *iph, struct ospf_header *ospfh,
1272 struct stream *s, struct ospf_interface *oi,
d7c0a89a 1273 uint16_t size)
d62a17ae 1274{
1275 struct ospf_db_desc *dd;
1276 struct ospf_neighbor *nbr;
d363df2c 1277
d62a17ae 1278 /* Increment statistics. */
1279 oi->db_desc_in++;
718e3744 1280
2d34fb80 1281 dd = (struct ospf_db_desc *)stream_pnt(s);
d62a17ae 1282
1283 nbr = ospf_nbr_lookup(oi, iph, ospfh);
1284 if (nbr == NULL) {
cf444bcf 1285 flog_warn(EC_OSPF_PACKET, "Packet[DD]: Unknown Neighbor %s",
d62a17ae 1286 inet_ntoa(ospfh->router_id));
1287 return;
718e3744 1288 }
d62a17ae 1289
1290 /* Check MTU. */
1291 if ((OSPF_IF_PARAM(oi, mtu_ignore) == 0)
1292 && (ntohs(dd->mtu) > oi->ifp->mtu)) {
c9cc11f6 1293 flog_warn(
cf444bcf 1294 EC_OSPF_PACKET,
d62a17ae 1295 "Packet[DD]: Neighbor %s MTU %u is larger than [%s]'s MTU %u",
1296 inet_ntoa(nbr->router_id), ntohs(dd->mtu), IF_NAME(oi),
1297 oi->ifp->mtu);
1298 return;
718e3744 1299 }
1300
d62a17ae 1301 /*
1302 * XXX HACK by Hasso Tepper. Setting N/P bit in NSSA area DD packets is
1303 * not
1304 * required. In fact at least JunOS sends DD packets with P bit clear.
1305 * Until proper solution is developped, this hack should help.
1306 *
1307 * Update: According to the RFCs, N bit is specified /only/ for Hello
1308 * options, unfortunately its use in DD options is not specified. Hence
1309 * some
1310 * implementations follow E-bit semantics and set it in DD options, and
1311 * some
1312 * treat it as unspecified and hence follow the directive "default for
1313 * options is clear", ie unset.
1314 *
1315 * Reset the flag, as ospfd follows E-bit semantics.
1316 */
1317 if ((oi->area->external_routing == OSPF_AREA_NSSA)
1318 && (CHECK_FLAG(nbr->options, OSPF_OPTION_NP))
1319 && (!CHECK_FLAG(dd->options, OSPF_OPTION_NP))) {
1320 if (IS_DEBUG_OSPF_EVENT)
1321 zlog_debug(
1322 "Packet[DD]: Neighbour %s: Has NSSA capability, sends with N bit clear in DD options",
1323 inet_ntoa(nbr->router_id));
1324 SET_FLAG(dd->options, OSPF_OPTION_NP);
718e3744 1325 }
1326
d62a17ae 1327#ifdef REJECT_IF_TBIT_ON
1328 if (CHECK_FLAG(dd->options, OSPF_OPTION_MT)) {
1329 /*
1330 * In Hello protocol, optional capability must have checked
1331 * to prevent this T-bit enabled router be my neighbor.
1332 */
1c50c1c0 1333 flog_warn(EC_OSPF_PACKET, "Packet[DD]: Neighbor %s: T-bit on?",
d62a17ae 1334 inet_ntoa(nbr->router_id));
1335 return;
1336 }
1337#endif /* REJECT_IF_TBIT_ON */
1338
1339 if (CHECK_FLAG(dd->options, OSPF_OPTION_O)
1340 && !CHECK_FLAG(oi->ospf->config, OSPF_OPAQUE_CAPABLE)) {
1341 /*
1342 * This node is not configured to handle O-bit, for now.
1343 * Clear it to ignore unsupported capability proposed by
1344 * neighbor.
1345 */
1346 UNSET_FLAG(dd->options, OSPF_OPTION_O);
1347 }
1348
1349 /* Add event to thread. */
1350 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_PacketReceived);
1351
e6a22aeb
SK		 1352 if (CHECK_FLAG(oi->ospf->config, OSPF_LOG_ADJACENCY_DETAIL))
1353 zlog_info(
1354 "%s:Packet[DD]: Neighbor %s state is %s, seq_num:0x%x, local:0x%x",
1355 (oi->ospf->name) ? oi->ospf->name : VRF_DEFAULT_NAME,
1356 inet_ntoa(nbr->router_id),
1357 lookup_msg(ospf_nsm_state_msg, nbr->state, NULL),
1358 ntohl(dd->dd_seqnum), nbr->dd_seqnum);
1359
d62a17ae 1360 /* Process DD packet by neighbor status. */
1361 switch (nbr->state) {
1362 case NSM_Down:
1363 case NSM_Attempt:
1364 case NSM_TwoWay:
96db9cd3
DS		 1365 if (CHECK_FLAG(oi->ospf->config, OSPF_LOG_ADJACENCY_DETAIL))
1366 zlog_info(
1367 "Packet[DD]: Neighbor %s state is %s, packet discarded.",
1368 inet_ntoa(nbr->router_id),
1369 lookup_msg(ospf_nsm_state_msg, nbr->state,
1370 NULL));
d62a17ae 1371 break;
1372 case NSM_Init:
1373 OSPF_NSM_EVENT_EXECUTE(nbr, NSM_TwoWayReceived);
1374 /* If the new state is ExStart, the processing of the current
1375 packet should then continue in this new state by falling
1376 through to case ExStart below. */
1377 if (nbr->state != NSM_ExStart)
1378 break;
1379 /* fallthru */
1380 case NSM_ExStart:
1381 /* Initial DBD */
1382 if ((IS_SET_DD_ALL(dd->flags) == OSPF_DD_FLAG_ALL)
1383 && (size == OSPF_DB_DESC_MIN_SIZE)) {
1384 if (IPV4_ADDR_CMP(&nbr->router_id, &oi->ospf->router_id)
1385 > 0) {
1386 /* We're Slave---obey */
05ba78e4
CS		 1387 if (CHECK_FLAG(oi->ospf->config,
1388 OSPF_LOG_ADJACENCY_DETAIL))
996c9314
LB		 1389 zlog_info(
1390 "Packet[DD]: Neighbor %s Negotiation done (Slave).",
1391 inet_ntoa(nbr->router_id));
05ba78e4 1392
d62a17ae 1393 nbr->dd_seqnum = ntohl(dd->dd_seqnum);
1394
1395 /* Reset I/MS */
1396 UNSET_FLAG(nbr->dd_flags,
1397 (OSPF_DD_FLAG_MS | OSPF_DD_FLAG_I));
1398 } else {
1399 /* We're Master, ignore the initial DBD from
1400 * Slave */
05ba78e4
CS		 1401 if (CHECK_FLAG(oi->ospf->config,
1402 OSPF_LOG_ADJACENCY_DETAIL))
1403 zlog_info(
1404 "Packet[DD]: Neighbor %s: Initial DBD from Slave, "
1405 "ignoring.",
1406 inet_ntoa(nbr->router_id));
d62a17ae 1407 break;
1408 }
1409 }
1410 /* Ack from the Slave */
1411 else if (!IS_SET_DD_MS(dd->flags) && !IS_SET_DD_I(dd->flags)
1412 && ntohl(dd->dd_seqnum) == nbr->dd_seqnum
1413 && IPV4_ADDR_CMP(&nbr->router_id, &oi->ospf->router_id)
1414 < 0) {
1415 zlog_info(
1416 "Packet[DD]: Neighbor %s Negotiation done (Master).",
1417 inet_ntoa(nbr->router_id));
1418 /* Reset I, leaving MS */
1419 UNSET_FLAG(nbr->dd_flags, OSPF_DD_FLAG_I);
1420 } else {
cf444bcf 1421 flog_warn(EC_OSPF_PACKET,
c9cc11f6 1422 "Packet[DD]: Neighbor %s Negotiation fails.",
d62a17ae 1423 inet_ntoa(nbr->router_id));
1424 break;
1425 }
1426
1427 /* This is where the real Options are saved */
1428 nbr->options = dd->options;
1429
1430 if (CHECK_FLAG(oi->ospf->config, OSPF_OPAQUE_CAPABLE)) {
1431 if (IS_DEBUG_OSPF_EVENT)
1432 zlog_debug(
1433 "Neighbor[%s] is %sOpaque-capable.",
1434 inet_ntoa(nbr->router_id),
1435 CHECK_FLAG(nbr->options, OSPF_OPTION_O)
1436 ? ""
1437 : "NOT ");
1438
1439 if (!CHECK_FLAG(nbr->options, OSPF_OPTION_O)
1440 && IPV4_ADDR_SAME(&DR(oi),
1441 &nbr->address.u.prefix4)) {
c9cc11f6 1442 flog_warn(
cf444bcf 1443 EC_OSPF_PACKET,
c9cc11f6 1444 "DR-neighbor[%s] is NOT opaque-capable; Opaque-LSAs cannot be reliably advertised in this network.",
d62a17ae 1445 inet_ntoa(nbr->router_id));
1446 /* This situation is undesirable, but not a real
1447 * error. */
1448 }
1449 }
1450
1451 OSPF_NSM_EVENT_EXECUTE(nbr, NSM_NegotiationDone);
1452
1453 /* continue processing rest of packet. */
1454 ospf_db_desc_proc(s, oi, nbr, dd, size);
1455 break;
1456 case NSM_Exchange:
1457 if (ospf_db_desc_is_dup(dd, nbr)) {
1458 if (IS_SET_DD_MS(nbr->dd_flags))
1459 /* Master: discard duplicated DD packet. */
1460 zlog_info(
1461 "Packet[DD] (Master): Neighbor %s packet duplicated.",
1462 inet_ntoa(nbr->router_id));
1463 else
1464 /* Slave: cause to retransmit the last Database
1465 Description. */
1466 {
1467 zlog_info(
1468 "Packet[DD] [Slave]: Neighbor %s packet duplicated.",
1469 inet_ntoa(nbr->router_id));
1470 ospf_db_desc_resend(nbr);
1471 }
1472 break;
1473 }
1474
1475 /* Otherwise DD packet should be checked. */
1476 /* Check Master/Slave bit mismatch */
1477 if (IS_SET_DD_MS(dd->flags)
1478 != IS_SET_DD_MS(nbr->last_recv.flags)) {
cf444bcf 1479 flog_warn(EC_OSPF_PACKET,
c9cc11f6 1480 "Packet[DD]: Neighbor %s MS-bit mismatch.",
d62a17ae 1481 inet_ntoa(nbr->router_id));
1482 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_SeqNumberMismatch);
1483 if (IS_DEBUG_OSPF_EVENT)
1484 zlog_debug(
1485 "Packet[DD]: dd->flags=%d, nbr->dd_flags=%d",
1486 dd->flags, nbr->dd_flags);
1487 break;
1488 }
1489
1490 /* Check initialize bit is set. */
1491 if (IS_SET_DD_I(dd->flags)) {
1492 zlog_info("Packet[DD]: Neighbor %s I-bit set.",
1493 inet_ntoa(nbr->router_id));
1494 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_SeqNumberMismatch);
1495 break;
1496 }
1497
1498 /* Check DD Options. */
1499 if (dd->options != nbr->options) {
cf444bcf 1500 flog_warn(EC_OSPF_PACKET,
c9cc11f6 1501 "Packet[DD]: Neighbor %s options mismatch.",
d62a17ae 1502 inet_ntoa(nbr->router_id));
1503 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_SeqNumberMismatch);
1504 break;
1505 }
718e3744 1506
d62a17ae 1507 /* Check DD sequence number. */
1508 if ((IS_SET_DD_MS(nbr->dd_flags)
1509 && ntohl(dd->dd_seqnum) != nbr->dd_seqnum)
1510 || (!IS_SET_DD_MS(nbr->dd_flags)
1511 && ntohl(dd->dd_seqnum) != nbr->dd_seqnum + 1)) {
c9cc11f6 1512 flog_warn(
cf444bcf 1513 EC_OSPF_PACKET,
d62a17ae 1514 "Packet[DD]: Neighbor %s sequence number mismatch.",
1515 inet_ntoa(nbr->router_id));
1516 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_SeqNumberMismatch);
1517 break;
1518 }
1519
1520 /* Continue processing rest of packet. */
1521 ospf_db_desc_proc(s, oi, nbr, dd, size);
1522 break;
1523 case NSM_Loading:
1524 case NSM_Full:
1525 if (ospf_db_desc_is_dup(dd, nbr)) {
1526 if (IS_SET_DD_MS(nbr->dd_flags)) {
1527 /* Master should discard duplicate DD packet. */
1528 zlog_info(
1529 "Packet[DD]: Neighbor %s duplicated, "
1530 "packet discarded.",
1531 inet_ntoa(nbr->router_id));
1532 break;
1533 } else {
1534 if (monotime_since(&nbr->last_send_ts, NULL)
1535 < nbr->v_inactivity * 1000000LL) {
1536 /* In states Loading and Full the slave
1537 must resend
1538 its last Database Description packet
1539 in response to
1540 duplicate Database Description
1541 packets received
1542 from the master. For this reason the
1543 slave must
1544 wait RouterDeadInterval seconds
1545 before freeing the
1546 last Database Description packet.
1547 Reception of a
1548 Database Description packet from the
1549 master after
1550 this interval will generate a
1551 SeqNumberMismatch
1552 neighbor event. RFC2328 Section 10.8
1553 */
1554 ospf_db_desc_resend(nbr);
1555 break;
1556 }
1557 }
718e3744 1558 }
718e3744 1559
d62a17ae 1560 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_SeqNumberMismatch);
1561 break;
1562 default:
cf444bcf 1563 flog_warn(EC_OSPF_PACKET,
c9cc11f6 1564 "Packet[DD]: Neighbor %s NSM illegal status %u.",
d62a17ae 1565 inet_ntoa(nbr->router_id), nbr->state);
1566 break;
1567 }
718e3744 1568}
1569
1570#define OSPF_LSA_KEY_SIZE 12 /* type(4) + id(4) + ar(4) */
1571
1572/* OSPF Link State Request Read -- RFC2328 Section 10.7. */
d62a17ae 1573static void ospf_ls_req(struct ip *iph, struct ospf_header *ospfh,
1574 struct stream *s, struct ospf_interface *oi,
d7c0a89a 1575 uint16_t size)
d62a17ae 1576{
1577 struct ospf_neighbor *nbr;
d7c0a89a 1578 uint32_t ls_type;
d62a17ae 1579 struct in_addr ls_id;
1580 struct in_addr adv_router;
1581 struct ospf_lsa *find;
1582 struct list *ls_upd;
1583 unsigned int length;
1584
1585 /* Increment statistics. */
1586 oi->ls_req_in++;
1587
1588 nbr = ospf_nbr_lookup(oi, iph, ospfh);
1589 if (nbr == NULL) {
cf444bcf 1590 flog_warn(EC_OSPF_PACKET,
c9cc11f6 1591 "Link State Request: Unknown Neighbor %s.",
d62a17ae 1592 inet_ntoa(ospfh->router_id));
1593 return;
718e3744 1594 }
1595
d62a17ae 1596 /* Add event to thread. */
1597 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_PacketReceived);
1598
1599 /* Neighbor State should be Exchange or later. */
1600 if (nbr->state != NSM_Exchange && nbr->state != NSM_Loading
1601 && nbr->state != NSM_Full) {
c9cc11f6 1602 flog_warn(
cf444bcf 1603 EC_OSPF_PACKET,
c9cc11f6 1604 "Link State Request received from %s: Neighbor state is %s, packet discarded.",
d62a17ae 1605 inet_ntoa(ospfh->router_id),
1606 lookup_msg(ospf_nsm_state_msg, nbr->state, NULL));
1607 return;
718e3744 1608 }
1609
d62a17ae 1610 /* Send Link State Update for ALL requested LSAs. */
1611 ls_upd = list_new();
1612 length = OSPF_HEADER_SIZE + OSPF_LS_UPD_MIN_SIZE;
1613
1614 while (size >= OSPF_LSA_KEY_SIZE) {
1615 /* Get one slice of Link State Request. */
1616 ls_type = stream_getl(s);
1617 ls_id.s_addr = stream_get_ipv4(s);
1618 adv_router.s_addr = stream_get_ipv4(s);
1619
1620 /* Verify LSA type. */
1621 if (ls_type < OSPF_MIN_LSA || ls_type >= OSPF_MAX_LSA) {
1622 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_BadLSReq);
6a154c88 1623 list_delete(&ls_upd);
d62a17ae 1624 return;
1625 }
718e3744 1626
d62a17ae 1627 /* Search proper LSA in LSDB. */
b5a8894d
CS		 1628 find = ospf_lsa_lookup(oi->ospf, oi->area, ls_type, ls_id,
1629 adv_router);
d62a17ae 1630 if (find == NULL) {
1631 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_BadLSReq);
6a154c88 1632 list_delete(&ls_upd);
d62a17ae 1633 return;
1634 }
718e3744 1635
d62a17ae 1636 /* Packet overflows MTU size, send immediately. */
1637 if (length + ntohs(find->data->length) > ospf_packet_max(oi)) {
1638 if (oi->type == OSPF_IFTYPE_NBMA)
1639 ospf_ls_upd_send(nbr, ls_upd,
046460a1 1640 OSPF_SEND_PACKET_DIRECT, 0);
d62a17ae 1641 else
1642 ospf_ls_upd_send(nbr, ls_upd,
046460a1 1643 OSPF_SEND_PACKET_INDIRECT, 0);
d62a17ae 1644
1645 /* Only remove list contents. Keep ls_upd. */
1646 list_delete_all_node(ls_upd);
718e3744 1647
d62a17ae 1648 length = OSPF_HEADER_SIZE + OSPF_LS_UPD_MIN_SIZE;
1649 }
1650
1651 /* Append LSA to update list. */
1652 listnode_add(ls_upd, find);
1653 length += ntohs(find->data->length);
718e3744 1654
d62a17ae 1655 size -= OSPF_LSA_KEY_SIZE;
1656 }
718e3744 1657
d62a17ae 1658 /* Send rest of Link State Update. */
1659 if (listcount(ls_upd) > 0) {
1660 if (oi->type == OSPF_IFTYPE_NBMA)
996c9314
LB		 1661 ospf_ls_upd_send(nbr, ls_upd, OSPF_SEND_PACKET_DIRECT,
1662 0);
d62a17ae 1663 else
996c9314
LB		 1664 ospf_ls_upd_send(nbr, ls_upd, OSPF_SEND_PACKET_INDIRECT,
1665 0);
718e3744 1666
6a154c88 1667 list_delete(&ls_upd);
d62a17ae 1668 } else
6a154c88 1669 list_delete(&ls_upd);
718e3744 1670}
1671
1672/* Get the list of LSAs from Link State Update packet.
1673 And process some validation -- RFC2328 Section 13. (1)-(2). */
d62a17ae 1674static struct list *ospf_ls_upd_list_lsa(struct ospf_neighbor *nbr,
1675 struct stream *s,
1676 struct ospf_interface *oi, size_t size)
1677{
d7c0a89a
QY		 1678 uint16_t count, sum;
1679 uint32_t length;
d62a17ae 1680 struct lsa_header *lsah;
1681 struct ospf_lsa *lsa;
1682 struct list *lsas;
1683
1684 lsas = list_new();
1685
1686 count = stream_getl(s);
1687 size -= OSPF_LS_UPD_MIN_SIZE; /* # LSAs */
1688
1689 for (; size >= OSPF_LSA_HEADER_SIZE && count > 0;
1690 size -= length, stream_forward_getp(s, length), count--) {
2d34fb80 1691 lsah = (struct lsa_header *)stream_pnt(s);
d62a17ae 1692 length = ntohs(lsah->length);
1693
1694 if (length > size) {
c9cc11f6 1695 flog_warn(
cf444bcf 1696 EC_OSPF_PACKET,
d62a17ae 1697 "Link State Update: LSA length exceeds packet size.");
1698 break;
1699 }
718e3744 1700
d62a17ae 1701 /* Validate the LSA's LS checksum. */
1702 sum = lsah->checksum;
1703 if (!ospf_lsa_checksum_valid(lsah)) {
1704 /* (bug #685) more details in a one-line message make it
1705 * possible
1706 * to identify problem source on the one hand and to
1707 * have a better
1708 * chance to compress repeated messages in syslog on the
1709 * other */
c9cc11f6 1710 flog_warn(
cf444bcf 1711 EC_OSPF_PACKET,
d62a17ae 1712 "Link State Update: LSA checksum error %x/%x, ID=%s from: nbr %s, router ID %s, adv router %s",
1713 sum, lsah->checksum, inet_ntoa(lsah->id),
1714 inet_ntoa(nbr->src), inet_ntoa(nbr->router_id),
1715 inet_ntoa(lsah->adv_router));
1716 continue;
1717 }
718e3744 1718
d62a17ae 1719 /* Examine the LSA's LS type. */
1720 if (lsah->type < OSPF_MIN_LSA || lsah->type >= OSPF_MAX_LSA) {
cf444bcf 1721 flog_warn(EC_OSPF_PACKET,
c9cc11f6 1722 "Link State Update: Unknown LS type %d",
d62a17ae 1723 lsah->type);
1724 continue;
1725 }
718e3744 1726
d62a17ae 1727 /*
1728 * What if the received LSA's age is greater than MaxAge?
1729 * Treat it as a MaxAge case -- endo.
1730 */
1731 if (ntohs(lsah->ls_age) > OSPF_LSA_MAXAGE)
1732 lsah->ls_age = htons(OSPF_LSA_MAXAGE);
718e3744 1733
d62a17ae 1734 if (CHECK_FLAG(nbr->options, OSPF_OPTION_O)) {
1735#ifdef STRICT_OBIT_USAGE_CHECK
1736 if ((IS_OPAQUE_LSA(lsah->type)
1737 && !CHECK_FLAG(lsah->options, OSPF_OPTION_O))
1738 || (!IS_OPAQUE_LSA(lsah->type)
1739 && CHECK_FLAG(lsah->options, OSPF_OPTION_O))) {
1740 /*
1741 * This neighbor must know the exact usage of
1742 * O-bit;
1743 * the bit will be set in Type-9,10,11 LSAs
1744 * only.
1745 */
cf444bcf 1746 flog_warn(EC_OSPF_PACKET,
c9cc11f6 1747 "LSA[Type%d:%s]: O-bit abuse?",
d62a17ae 1748 lsah->type, inet_ntoa(lsah->id));
1749 continue;
1750 }
1751#endif /* STRICT_OBIT_USAGE_CHECK */
718e3744 1752
d62a17ae 1753 /* Do not take in AS External Opaque-LSAs if we are a
1754 * stub. */
1755 if (lsah->type == OSPF_OPAQUE_AS_LSA
1756 && nbr->oi->area->external_routing
1757 != OSPF_AREA_DEFAULT) {
1758 if (IS_DEBUG_OSPF_EVENT)
1759 zlog_debug(
1760 "LSA[Type%d:%s]: We are a stub, don't take this LSA.",
1761 lsah->type,
1762 inet_ntoa(lsah->id));
1763 continue;
1764 }
1765 } else if (IS_OPAQUE_LSA(lsah->type)) {
cf444bcf 1766 flog_warn(EC_OSPF_PACKET,
c9cc11f6 1767 "LSA[Type%d:%s]: Opaque capability mismatch?",
d62a17ae 1768 lsah->type, inet_ntoa(lsah->id));
1769 continue;
1770 }
718e3744 1771
d62a17ae 1772 /* Create OSPF LSA instance. */
5b3d4186 1773 lsa = ospf_lsa_new_and_data(length);
d62a17ae 1774
b5a8894d 1775 lsa->vrf_id = oi->ospf->vrf_id;
d62a17ae 1776 /* We may wish to put some error checking if type NSSA comes in
1777 and area not in NSSA mode */
1778 switch (lsah->type) {
1779 case OSPF_AS_EXTERNAL_LSA:
1780 case OSPF_OPAQUE_AS_LSA:
1781 lsa->area = NULL;
1782 break;
1783 case OSPF_OPAQUE_LINK_LSA:
1784 lsa->oi = oi; /* Remember incoming interface for
1785 flooding control. */
1786 /* Fallthrough */
1787 default:
1788 lsa->area = oi->area;
1789 break;
1790 }
718e3744 1791
d62a17ae 1792 memcpy(lsa->data, lsah, length);
1793
1794 if (IS_DEBUG_OSPF_EVENT)
1795 zlog_debug(
1796 "LSA[Type%d:%s]: %p new LSA created with Link State Update",
1797 lsa->data->type, inet_ntoa(lsa->data->id),
1798 (void *)lsa);
1799 listnode_add(lsas, lsa);
1800 }
718e3744 1801
d62a17ae 1802 return lsas;
718e3744 1803}
1804
1805/* Cleanup Update list. */
d62a17ae 1806static void ospf_upd_list_clean(struct list *lsas)
718e3744 1807{
d62a17ae 1808 struct listnode *node, *nnode;
1809 struct ospf_lsa *lsa;
718e3744 1810
d62a17ae 1811 for (ALL_LIST_ELEMENTS(lsas, node, nnode, lsa))
1812 ospf_lsa_discard(lsa);
718e3744 1813
6a154c88 1814 list_delete(&lsas);
718e3744 1815}
1816
1817/* OSPF Link State Update message read -- RFC2328 Section 13. */
d62a17ae 1818static void ospf_ls_upd(struct ospf *ospf, struct ip *iph,
1819 struct ospf_header *ospfh, struct stream *s,
d7c0a89a 1820 struct ospf_interface *oi, uint16_t size)
d62a17ae 1821{
1822 struct ospf_neighbor *nbr;
1823 struct list *lsas;
1824 struct listnode *node, *nnode;
1825 struct ospf_lsa *lsa = NULL;
1826 /* unsigned long ls_req_found = 0; */
1827
1828 /* Dis-assemble the stream, update each entry, re-encapsulate for
1829 * flooding */
1830
1831 /* Increment statistics. */
1832 oi->ls_upd_in++;
1833
1834 /* Check neighbor. */
1835 nbr = ospf_nbr_lookup(oi, iph, ospfh);
1836 if (nbr == NULL) {
cf444bcf 1837 flog_warn(EC_OSPF_PACKET,
c9cc11f6 1838 "Link State Update: Unknown Neighbor %s on int: %s",
d62a17ae 1839 inet_ntoa(ospfh->router_id), IF_NAME(oi));
1840 return;
718e3744 1841 }
1842
d62a17ae 1843 /* Add event to thread. */
1844 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_PacketReceived);
1845
1846 /* Check neighbor state. */
1847 if (nbr->state < NSM_Exchange) {
1848 if (IS_DEBUG_OSPF(nsm, NSM_EVENTS))
1849 zlog_debug(
1850 "Link State Update: "
1851 "Neighbor[%s] state %s is less than Exchange",
1852 inet_ntoa(ospfh->router_id),
1853 lookup_msg(ospf_nsm_state_msg, nbr->state,
1854 NULL));
1855 return;
1856 }
718e3744 1857
d62a17ae 1858 /* Get list of LSAs from Link State Update packet. - Also perorms Stages
1859 * 1 (validate LSA checksum) and 2 (check for LSA consistent type)
1860 * of section 13.
1861 */
1862 lsas = ospf_ls_upd_list_lsa(nbr, s, oi, size);
1863
35955c14
CS		 1864 if (lsas == NULL)
1865 return;
d62a17ae 1866#define DISCARD_LSA(L, N) \
1867 { \
1868 if (IS_DEBUG_OSPF_EVENT) \
1869 zlog_debug( \
1870 "ospf_lsa_discard() in ospf_ls_upd() point %d: lsa %p" \
1871 " Type-%d", \
1872 N, (void *)lsa, (int)lsa->data->type); \
1873 ospf_lsa_discard(L); \
1874 continue; \
718e3744 1875 }
1876
d62a17ae 1877 /* Process each LSA received in the one packet.
1878 *
1879 * Numbers in parentheses, e.g. (1), (2), etc., and the corresponding
1880 * text below are from the steps in RFC 2328, Section 13.
1881 */
1882 for (ALL_LIST_ELEMENTS(lsas, node, nnode, lsa)) {
1883 struct ospf_lsa *ls_ret, *current;
1884 int ret = 1;
1885
1886 if (IS_DEBUG_OSPF_NSSA) {
1887 char buf1[INET_ADDRSTRLEN];
1888 char buf2[INET_ADDRSTRLEN];
1889 char buf3[INET_ADDRSTRLEN];
1890
1891 zlog_debug("LSA Type-%d from %s, ID: %s, ADV: %s",
1892 lsa->data->type,
1893 inet_ntop(AF_INET, &ospfh->router_id, buf1,
1894 INET_ADDRSTRLEN),
1895 inet_ntop(AF_INET, &lsa->data->id, buf2,
1896 INET_ADDRSTRLEN),
1897 inet_ntop(AF_INET, &lsa->data->adv_router,
1898 buf3, INET_ADDRSTRLEN));
1899 }
718e3744 1900
d62a17ae 1901 listnode_delete(lsas,
1902 lsa); /* We don't need it in list anymore */
1903
1904 /* (1) Validate Checksum - Done above by ospf_ls_upd_list_lsa()
1905 */
1906
1907 /* (2) LSA Type - Done above by ospf_ls_upd_list_lsa() */
1908
1909 /* (3) Do not take in AS External LSAs if we are a stub or NSSA.
1910 */
1911
1912 /* Do not take in AS NSSA if this neighbor and we are not NSSA
1913 */
1914
1915 /* Do take in Type-7's if we are an NSSA */
1916
1917 /* If we are also an ABR, later translate them to a Type-5
1918 * packet */
1919
1920 /* Later, an NSSA Re-fresh can Re-fresh Type-7's and an ABR will
1921 translate them to a separate Type-5 packet. */
1922
1923 if (lsa->data->type == OSPF_AS_EXTERNAL_LSA)
1924 /* Reject from STUB or NSSA */
1925 if (nbr->oi->area->external_routing
1926 != OSPF_AREA_DEFAULT) {
1927 if (IS_DEBUG_OSPF_NSSA)
1928 zlog_debug(
1929 "Incoming External LSA Discarded: We are NSSA/STUB Area");
1930 DISCARD_LSA(lsa, 1);
1931 }
1932
1933 if (lsa->data->type == OSPF_AS_NSSA_LSA)
1934 if (nbr->oi->area->external_routing != OSPF_AREA_NSSA) {
1935 if (IS_DEBUG_OSPF_NSSA)
1936 zlog_debug(
1937 "Incoming NSSA LSA Discarded: Not NSSA Area");
1938 DISCARD_LSA(lsa, 2);
1939 }
1940
1941 /* VU229804: Router-LSA Adv-ID must be equal to LS-ID */
1942 if (lsa->data->type == OSPF_ROUTER_LSA)
1943 if (!IPV4_ADDR_SAME(&lsa->data->id,
1944 &lsa->data->adv_router)) {
1945 char buf1[INET_ADDRSTRLEN];
1946 char buf2[INET_ADDRSTRLEN];
1947 char buf3[INET_ADDRSTRLEN];
1948
cf444bcf 1949 flog_err(EC_OSPF_ROUTER_LSA_MISMATCH,
1c50c1c0
QY		 1950 "Incoming Router-LSA from %s with "
1951 "Adv-ID[%s] != LS-ID[%s]",
1952 inet_ntop(AF_INET, &ospfh->router_id,
1953 buf1, INET_ADDRSTRLEN),
1954 inet_ntop(AF_INET, &lsa->data->id,
1955 buf2, INET_ADDRSTRLEN),
1956 inet_ntop(AF_INET,
1957 &lsa->data->adv_router, buf3,
1958 INET_ADDRSTRLEN));
af4c2728 1959 flog_err(
cf444bcf 1960 EC_OSPF_DOMAIN_CORRUPT,
d62a17ae 1961 "OSPF domain compromised by attack or corruption. "
1962 "Verify correct operation of -ALL- OSPF routers.");
1963 DISCARD_LSA(lsa, 0);
1964 }
1965
1966 /* Find the LSA in the current database. */
1967
1968 current = ospf_lsa_lookup_by_header(oi->area, lsa->data);
1969
1970 /* (4) If the LSA's LS age is equal to MaxAge, and there is
1971 currently
1972 no instance of the LSA in the router's link state database,
1973 and none of router's neighbors are in states Exchange or
1974 Loading,
1975 then take the following actions: */
1976
1977 if (IS_LSA_MAXAGE(lsa) && !current
1978 && ospf_check_nbr_status(oi->ospf)) {
1979 /* (4a) Response Link State Acknowledgment. */
1980 ospf_ls_ack_send(nbr, lsa);
1981
1982 /* (4b) Discard LSA. */
1983 if (IS_DEBUG_OSPF(lsa, LSA)) {
1984 zlog_debug(
1985 "Link State Update[%s]: LS age is equal to MaxAge.",
1986 dump_lsa_key(lsa));
1987 }
1988 DISCARD_LSA(lsa, 3);
1989 }
1990
1991 if (IS_OPAQUE_LSA(lsa->data->type)
1992 && IPV4_ADDR_SAME(&lsa->data->adv_router,
1993 &oi->ospf->router_id)) {
1994 /*
1995 * Even if initial flushing seems to be completed, there
1996 * might
1997 * be a case that self-originated LSA with MaxAge still
1998 * remain
1999 * in the routing domain.
2000 * Just send an LSAck message to cease retransmission.
2001 */
2002 if (IS_LSA_MAXAGE(lsa)) {
c9cc11f6 2003 zlog_info("LSA[%s]: Boomerang effect?",
d62a17ae 2004 dump_lsa_key(lsa));
2005 ospf_ls_ack_send(nbr, lsa);
2006 ospf_lsa_discard(lsa);
2007
2008 if (current != NULL && !IS_LSA_MAXAGE(current))
2009 ospf_opaque_lsa_refresh_schedule(
2010 current);
2011 continue;
2012 }
2013
2014 /*
2015 * If an instance of self-originated Opaque-LSA is not
2016 * found
2017 * in the LSDB, there are some possible cases here.
2018 *
2019 * 1) This node lost opaque-capability after restart.
2020 * 2) Else, a part of opaque-type is no more supported.
2021 * 3) Else, a part of opaque-id is no more supported.
2022 *
2023 * Anyway, it is still this node's responsibility to
2024 * flush it.
2025 * Otherwise, the LSA instance remains in the routing
2026 * domain
2027 * until its age reaches to MaxAge.
2028 */
2029 /* XXX: We should deal with this for *ALL* LSAs, not
2030 * just opaque */
2031 if (current == NULL) {
2032 if (IS_DEBUG_OSPF_EVENT)
2033 zlog_debug(
2034 "LSA[%s]: Previously originated Opaque-LSA,"
2035 "not found in the LSDB.",
2036 dump_lsa_key(lsa));
2037
2038 SET_FLAG(lsa->flags, OSPF_LSA_SELF);
2039
2040 ospf_opaque_self_originated_lsa_received(nbr,
2041 lsa);
2042 ospf_ls_ack_send(nbr, lsa);
2043
2044 continue;
2045 }
2046 }
2047
2048 /* It might be happen that received LSA is self-originated
2049 * network LSA, but
2050 * router ID is changed. So, we should check if LSA is a
2051 * network-LSA whose
2052 * Link State ID is one of the router's own IP interface
2053 * addresses but whose
2054 * Advertising Router is not equal to the router's own Router ID
2055 * According to RFC 2328 12.4.2 and 13.4 this LSA should be
2056 * flushed.
2057 */
2058
2059 if (lsa->data->type == OSPF_NETWORK_LSA) {
2060 struct listnode *oinode, *oinnode;
2061 struct ospf_interface *out_if;
2062 int Flag = 0;
2063
2064 for (ALL_LIST_ELEMENTS(oi->ospf->oiflist, oinode,
2065 oinnode, out_if)) {
2066 if (out_if == NULL)
2067 break;
2068
2069 if ((IPV4_ADDR_SAME(&out_if->address->u.prefix4,
2070 &lsa->data->id))
2071 && (!(IPV4_ADDR_SAME(
2072 &oi->ospf->router_id,
2073 &lsa->data->adv_router)))) {
2074 if (out_if->network_lsa_self) {
2075 ospf_lsa_flush_area(
2076 lsa, out_if->area);
2077 if (IS_DEBUG_OSPF_EVENT)
2078 zlog_debug(
2079 "ospf_lsa_discard() in ospf_ls_upd() point 9: lsa %p Type-%d",
2080 (void *)lsa,
2081 (int)lsa->data
2082 ->type);
2083 ospf_lsa_discard(lsa);
2084 Flag = 1;
2085 }
2086 break;
2087 }
2088 }
2089 if (Flag)
2090 continue;
2091 }
2092
2093 /* (5) Find the instance of this LSA that is currently contained
2094 in the router's link state database. If there is no
2095 database copy, or the received LSA is more recent than
2096 the database copy the following steps must be performed.
2097 (The sub steps from RFC 2328 section 13 step (5) will be
2098 performed in
2099 ospf_flood() ) */
2100
2101 if (current == NULL
2102 || (ret = ospf_lsa_more_recent(current, lsa)) < 0) {
76c1efd7
CS		 2103 /* CVE-2017-3224 */
2104 if (current && (lsa->data->ls_seqnum ==
2105 htonl(OSPF_MAX_SEQUENCE_NUMBER)
2106 && !IS_LSA_MAXAGE(lsa))) {
2107 zlog_debug(
2108 "Link State Update[%s]: has Max Seq but not MaxAge. Dropping it",
2109 dump_lsa_key(lsa));
2110
2111 DISCARD_LSA(lsa, 4);
76c1efd7
CS		 2112 }
2113
d62a17ae 2114 /* Actual flooding procedure. */
2115 if (ospf_flood(oi->ospf, nbr, current, lsa)
2116 < 0) /* Trap NSSA later. */
76c1efd7 2117 DISCARD_LSA(lsa, 5);
d62a17ae 2118 continue;
2119 }
2120
2121 /* (6) Else, If there is an instance of the LSA on the sending
2122 neighbor's Link state request list, an error has occurred in
2123 the Database Exchange process. In this case, restart the
2124 Database Exchange process by generating the neighbor event
2125 BadLSReq for the sending neighbor and stop processing the
2126 Link State Update packet. */
2127
2128 if (ospf_ls_request_lookup(nbr, lsa)) {
2129 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_BadLSReq);
c9cc11f6 2130 flog_warn(
cf444bcf 2131 EC_OSPF_PACKET,
d62a17ae 2132 "LSA[%s] instance exists on Link state request list",
2133 dump_lsa_key(lsa));
2134
2135 /* Clean list of LSAs. */
2136 ospf_upd_list_clean(lsas);
2137 /* this lsa is not on lsas list already. */
2138 ospf_lsa_discard(lsa);
2139 return;
2140 }
2141
2142 /* If the received LSA is the same instance as the database copy
2143 (i.e., neither one is more recent) the following two steps
2144 should be performed: */
2145
2146 if (ret == 0) {
2147 /* If the LSA is listed in the Link state retransmission
2148 list
2149 for the receiving adjacency, the router itself is
2150 expecting
2151 an acknowledgment for this LSA. The router should
2152 treat the
2153 received LSA as an acknowledgment by removing the LSA
2154 from
2155 the Link state retransmission list. This is termed
2156 an
2157 "implied acknowledgment". */
2158
2159 ls_ret = ospf_ls_retransmit_lookup(nbr, lsa);
2160
2161 if (ls_ret != NULL) {
2162 ospf_ls_retransmit_delete(nbr, ls_ret);
2163
2164 /* Delayed acknowledgment sent if advertisement
2165 received
2166 from Designated Router, otherwise do nothing.
2167 */
2168 if (oi->state == ISM_Backup)
2169 if (NBR_IS_DR(nbr))
2170 listnode_add(
2171 oi->ls_ack,
2172 ospf_lsa_lock(lsa));
2173
76c1efd7 2174 DISCARD_LSA(lsa, 6);
d62a17ae 2175 } else
2176 /* Acknowledge the receipt of the LSA by sending a
2177 Link State Acknowledgment packet back out the
2178 receiving
2179 interface. */
2180 {
2181 ospf_ls_ack_send(nbr, lsa);
76c1efd7 2182 DISCARD_LSA(lsa, 7);
d62a17ae 2183 }
2184 }
2185
2186 /* The database copy is more recent. If the database copy
2187 has LS age equal to MaxAge and LS sequence number equal to
2188 MaxSequenceNumber, simply discard the received LSA without
2189 acknowledging it. (In this case, the LSA's LS sequence number
2190 is
2191 wrapping, and the MaxSequenceNumber LSA must be completely
2192 flushed before any new LSA instance can be introduced). */
2193
2194 else if (ret > 0) /* Database copy is more recent */
2195 {
2196 if (IS_LSA_MAXAGE(current)
2197 && current->data->ls_seqnum
2198 == htonl(OSPF_MAX_SEQUENCE_NUMBER)) {
76c1efd7 2199 DISCARD_LSA(lsa, 8);
d62a17ae 2200 }
2201 /* Otherwise, as long as the database copy has not been
2202 sent in a
2203 Link State Update within the last MinLSArrival
2204 seconds, send the
2205 database copy back to the sending neighbor,
2206 encapsulated within
2207 a Link State Update Packet. The Link State Update
2208 Packet should
2209 be sent directly to the neighbor. In so doing, do not
2210 put the
2211 database copy of the LSA on the neighbor's link state
2212 retransmission list, and do not acknowledge the
2213 received (less
2214 recent) LSA instance. */
2215 else {
2216 if (monotime_since(&current->tv_orig, NULL)
2217 >= ospf->min_ls_arrival * 1000LL)
2218 /* Trap NSSA type later.*/
2219 ospf_ls_upd_send_lsa(
2220 nbr, current,
2221 OSPF_SEND_PACKET_DIRECT);
76c1efd7 2222 DISCARD_LSA(lsa, 9);
d62a17ae 2223 }
2224 }
2225 }
2cd754de
PJ		 2226#undef DISCARD_LSA
2227
d62a17ae 2228 assert(listcount(lsas) == 0);
6a154c88 2229 list_delete(&lsas);
718e3744 2230}
2231
2232/* OSPF Link State Acknowledgment message read -- RFC2328 Section 13.7. */
d62a17ae 2233static void ospf_ls_ack(struct ip *iph, struct ospf_header *ospfh,
2234 struct stream *s, struct ospf_interface *oi,
d7c0a89a 2235 uint16_t size)
d62a17ae 2236{
2237 struct ospf_neighbor *nbr;
2238
2239 /* increment statistics. */
2240 oi->ls_ack_in++;
2241
2242 nbr = ospf_nbr_lookup(oi, iph, ospfh);
2243 if (nbr == NULL) {
cf444bcf 2244 flog_warn(EC_OSPF_PACKET,
c9cc11f6 2245 "Link State Acknowledgment: Unknown Neighbor %s.",
d62a17ae 2246 inet_ntoa(ospfh->router_id));
2247 return;
2248 }
2249
2250 /* Add event to thread. */
2251 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_PacketReceived);
2252
2253 if (nbr->state < NSM_Exchange) {
2254 if (IS_DEBUG_OSPF(nsm, NSM_EVENTS))
2255 zlog_debug(
2256 "Link State Acknowledgment: "
2257 "Neighbor[%s] state %s is less than Exchange",
2258 inet_ntoa(ospfh->router_id),
2259 lookup_msg(ospf_nsm_state_msg, nbr->state,
2260 NULL));
2261 return;
2262 }
2263
2264 while (size >= OSPF_LSA_HEADER_SIZE) {
2265 struct ospf_lsa *lsa, *lsr;
2266
2267 lsa = ospf_lsa_new();
2d34fb80 2268 lsa->data = (struct lsa_header *)stream_pnt(s);
b5a8894d 2269 lsa->vrf_id = oi->ospf->vrf_id;
d62a17ae 2270
2d34fb80 2271 /* lsah = (struct lsa_header *) stream_pnt (s); */
d62a17ae 2272 size -= OSPF_LSA_HEADER_SIZE;
2273 stream_forward_getp(s, OSPF_LSA_HEADER_SIZE);
2274
2275 if (lsa->data->type < OSPF_MIN_LSA
2276 || lsa->data->type >= OSPF_MAX_LSA) {
2277 lsa->data = NULL;
2278 ospf_lsa_discard(lsa);
2279 continue;
2280 }
2281
2282 lsr = ospf_ls_retransmit_lookup(nbr, lsa);
2283
2284 if (lsr != NULL && ospf_lsa_more_recent(lsr, lsa) == 0)
2285 ospf_ls_retransmit_delete(nbr, lsr);
2286
2287 lsa->data = NULL;
2288 ospf_lsa_discard(lsa);
2289 }
2290
2291 return;
2292}
2293
b5a8894d
CS		 2294static struct stream *ospf_recv_packet(struct ospf *ospf, int fd,
2295 struct interface **ifp,
d62a17ae 2296 struct stream *ibuf)
2297{
2298 int ret;
2299 struct ip *iph;
d7c0a89a 2300 uint16_t ip_len;
d62a17ae 2301 ifindex_t ifindex = 0;
2302 struct iovec iov;
2303 /* Header and data both require alignment. */
2304 char buff[CMSG_SPACE(SOPT_SIZE_CMSG_IFINDEX_IPV4())];
2305 struct msghdr msgh;
2306
2307 memset(&msgh, 0, sizeof(struct msghdr));
2308 msgh.msg_iov = &iov;
2309 msgh.msg_iovlen = 1;
2310 msgh.msg_control = (caddr_t)buff;
2311 msgh.msg_controllen = sizeof(buff);
2312
4392cc43
DS		 2313 ret = stream_recvmsg(ibuf, fd, &msgh, MSG_DONTWAIT,
2314 OSPF_MAX_PACKET_SIZE + 1);
d62a17ae 2315 if (ret < 0) {
4392cc43
DS		 2316 if (errno != EAGAIN && errno != EWOULDBLOCK)
2317 flog_warn(EC_OSPF_PACKET, "stream_recvmsg failed: %s",
2318 safe_strerror(errno));
d62a17ae 2319 return NULL;
2320 }
2321 if ((unsigned int)ret < sizeof(iph)) /* ret must be > 0 now */
718e3744 2322 {
c9cc11f6 2323 flog_warn(
cf444bcf 2324 EC_OSPF_PACKET,
d62a17ae 2325 "ospf_recv_packet: discarding runt packet of length %d "
2326 "(ip header size is %u)",
d7c0a89a 2327 ret, (unsigned int)sizeof(iph));
d62a17ae 2328 return NULL;
2329 }
2330
2331 /* Note that there should not be alignment problems with this assignment
2332 because this is at the beginning of the stream data buffer. */
2333 iph = (struct ip *)STREAM_DATA(ibuf);
2334 sockopt_iphdrincl_swab_systoh(iph);
2335
2336 ip_len = iph->ip_len;
2337
de5ccb96 2338#if !defined(GNU_LINUX) && (OpenBSD < 200311) && (__FreeBSD_version < 1000000)
d62a17ae 2339 /*
2340 * Kernel network code touches incoming IP header parameters,
2341 * before protocol specific processing.
2342 *
2343 * 1) Convert byteorder to host representation.
2344 * --> ip_len, ip_id, ip_off
2345 *
2346 * 2) Adjust ip_len to strip IP header size!
2347 * --> If user process receives entire IP packet via RAW
2348 * socket, it must consider adding IP header size to
2349 * the "ip_len" field of "ip" structure.
2350 *
2351 * For more details, see <netinet/ip_input.c>.
2352 */
2353 ip_len = ip_len + (iph->ip_hl << 2);
718e3744 2354#endif
d62a17ae 2355
0150c9c9 2356#if defined(__DragonFly__)
d62a17ae 2357 /*
2358 * in DragonFly's raw socket, ip_len/ip_off are read
2359 * in network byte order.
2360 * As OpenBSD < 200311 adjust ip_len to strip IP header size!
2361 */
2362 ip_len = ntohs(iph->ip_len) + (iph->ip_hl << 2);
0150c9c9
DB		 2363#endif
2364
d62a17ae 2365 ifindex = getsockopt_ifindex(AF_INET, &msgh);
2366
b5a8894d 2367 *ifp = if_lookup_by_index(ifindex, ospf->vrf_id);
d62a17ae 2368
2369 if (ret != ip_len) {
c9cc11f6 2370 flog_warn(
cf444bcf 2371 EC_OSPF_PACKET,
d62a17ae 2372 "ospf_recv_packet read length mismatch: ip_len is %d, "
2373 "but recvmsg returned %d",
2374 ip_len, ret);
2375 return NULL;
2376 }
718e3744 2377
868a0861
DS		 2378 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2379 zlog_debug("%s: fd %d(%s) on interface %d(%s)",
2380 __PRETTY_FUNCTION__, fd, ospf_get_name(ospf),
2381 ifindex, *ifp ? (*ifp)->name : "Unknown");
d62a17ae 2382 return ibuf;
718e3744 2383}
2384
4dadc291 2385static struct ospf_interface *
d62a17ae 2386ospf_associate_packet_vl(struct ospf *ospf, struct interface *ifp,
2387 struct ip *iph, struct ospf_header *ospfh)
2388{
2389 struct ospf_interface *rcv_oi;
2390 struct ospf_vl_data *vl_data;
2391 struct ospf_area *vl_area;
2392 struct listnode *node;
2393
2394 if (IN_MULTICAST(ntohl(iph->ip_dst.s_addr))
2395 || !OSPF_IS_AREA_BACKBONE(ospfh))
2396 return NULL;
2397
2398 /* look for local OSPF interface matching the destination
2399 * to determine Area ID. We presume therefore the destination address
2400 * is unique, or at least (for "unnumbered" links), not used in other
2401 * areas
2402 */
2403 if ((rcv_oi = ospf_if_lookup_by_local_addr(ospf, NULL, iph->ip_dst))
2404 == NULL)
2405 return NULL;
2406
2407 for (ALL_LIST_ELEMENTS_RO(ospf->vlinks, node, vl_data)) {
2408 vl_area =
2409 ospf_area_lookup_by_area_id(ospf, vl_data->vl_area_id);
2410 if (!vl_area)
2411 continue;
2412
2413 if (OSPF_AREA_SAME(&vl_area, &rcv_oi->area)
2414 && IPV4_ADDR_SAME(&vl_data->vl_peer, &ospfh->router_id)) {
2415 if (IS_DEBUG_OSPF_EVENT)
2416 zlog_debug("associating packet with %s",
2417 IF_NAME(vl_data->vl_oi));
2418 if (!CHECK_FLAG(vl_data->vl_oi->ifp->flags, IFF_UP)) {
2419 if (IS_DEBUG_OSPF_EVENT)
2420 zlog_debug(
2421 "This VL is not up yet, sorry");
2422 return NULL;
2423 }
2424
2425 return vl_data->vl_oi;
2426 }
718e3744 2427 }
718e3744 2428
d62a17ae 2429 if (IS_DEBUG_OSPF_EVENT)
2430 zlog_debug("couldn't find any VL to associate the packet with");
2431
2432 return NULL;
718e3744 2433}
2434
d62a17ae 2435static int ospf_check_area_id(struct ospf_interface *oi,
2436 struct ospf_header *ospfh)
718e3744 2437{
d62a17ae 2438 /* Check match the Area ID of the receiving interface. */
2439 if (OSPF_AREA_SAME(&oi->area, &ospfh))
2440 return 1;
718e3744 2441
d62a17ae 2442 return 0;
718e3744 2443}
2444
2445/* Unbound socket will accept any Raw IP packets if proto is matched.
2446 To prevent it, compare src IP address and i/f address with masking
2447 i/f network mask. */
d62a17ae 2448static int ospf_check_network_mask(struct ospf_interface *oi,
2449 struct in_addr ip_src)
718e3744 2450{
d62a17ae 2451 struct in_addr mask, me, him;
718e3744 2452
d62a17ae 2453 if (oi->type == OSPF_IFTYPE_POINTOPOINT
2454 || oi->type == OSPF_IFTYPE_VIRTUALLINK)
2455 return 1;
718e3744 2456
d62a17ae 2457 masklen2ip(oi->address->prefixlen, &mask);
718e3744 2458
d62a17ae 2459 me.s_addr = oi->address->u.prefix4.s_addr & mask.s_addr;
2460 him.s_addr = ip_src.s_addr & mask.s_addr;
718e3744 2461
d62a17ae 2462 if (IPV4_ADDR_SAME(&me, &him))
2463 return 1;
718e3744 2464
d62a17ae 2465 return 0;
718e3744 2466}
2467
bd5651f0
DO		 2468/* Return 1, if the packet is properly authenticated and checksummed,
2469 0 otherwise. In particular, check that AuType header field is valid and
2470 matches the locally configured AuType, and that D.5 requirements are met. */
d62a17ae 2471static int ospf_check_auth(struct ospf_interface *oi, struct ospf_header *ospfh)
2472{
2473 struct crypt_key *ck;
d7c0a89a
QY		 2474 uint16_t iface_auth_type;
2475 uint16_t pkt_auth_type = ntohs(ospfh->auth_type);
d62a17ae 2476
2477 switch (pkt_auth_type) {
2478 case OSPF_AUTH_NULL: /* RFC2328 D.5.1 */
2479 if (OSPF_AUTH_NULL != (iface_auth_type = ospf_auth_type(oi))) {
2480 if (IS_DEBUG_OSPF_PACKET(ospfh->type - 1, RECV))
c9cc11f6 2481 flog_warn(
cf444bcf 2482 EC_OSPF_PACKET,
d62a17ae 2483 "interface %s: auth-type mismatch, local %s, rcvd Null",
2484 IF_NAME(oi),
2485 lookup_msg(ospf_auth_type_str,
2486 iface_auth_type, NULL));
2487 return 0;
2488 }
2489 if (!ospf_check_sum(ospfh)) {
2490 if (IS_DEBUG_OSPF_PACKET(ospfh->type - 1, RECV))
c9cc11f6 2491 flog_warn(
cf444bcf 2492 EC_OSPF_PACKET,
d62a17ae 2493 "interface %s: Null auth OK, but checksum error, Router-ID %s",
2494 IF_NAME(oi),
2495 inet_ntoa(ospfh->router_id));
2496 return 0;
2497 }
2498 return 1;
2499 case OSPF_AUTH_SIMPLE: /* RFC2328 D.5.2 */
2500 if (OSPF_AUTH_SIMPLE
2501 != (iface_auth_type = ospf_auth_type(oi))) {
2502 if (IS_DEBUG_OSPF_PACKET(ospfh->type - 1, RECV))
c9cc11f6 2503 flog_warn(
cf444bcf 2504 EC_OSPF_PACKET,
d62a17ae 2505 "interface %s: auth-type mismatch, local %s, rcvd Simple",
2506 IF_NAME(oi),
2507 lookup_msg(ospf_auth_type_str,
2508 iface_auth_type, NULL));
2509 return 0;
2510 }
2511 if (memcmp(OSPF_IF_PARAM(oi, auth_simple), ospfh->u.auth_data,
2512 OSPF_AUTH_SIMPLE_SIZE)) {
2513 if (IS_DEBUG_OSPF_PACKET(ospfh->type - 1, RECV))
cf444bcf 2514 flog_warn(EC_OSPF_PACKET,
c9cc11f6 2515 "interface %s: Simple auth failed",
d62a17ae 2516 IF_NAME(oi));
2517 return 0;
2518 }
2519 if (!ospf_check_sum(ospfh)) {
2520 if (IS_DEBUG_OSPF_PACKET(ospfh->type - 1, RECV))
c9cc11f6 2521 flog_warn(
cf444bcf 2522 EC_OSPF_PACKET,
d62a17ae 2523 "interface %s: Simple auth OK, checksum error, Router-ID %s",
2524 IF_NAME(oi),
2525 inet_ntoa(ospfh->router_id));
2526 return 0;
2527 }
2528 return 1;
2529 case OSPF_AUTH_CRYPTOGRAPHIC: /* RFC2328 D.5.3 */
2530 if (OSPF_AUTH_CRYPTOGRAPHIC
2531 != (iface_auth_type = ospf_auth_type(oi))) {
2532 if (IS_DEBUG_OSPF_PACKET(ospfh->type - 1, RECV))
c9cc11f6 2533 flog_warn(
cf444bcf 2534 EC_OSPF_PACKET,
d62a17ae 2535 "interface %s: auth-type mismatch, local %s, rcvd Cryptographic",
2536 IF_NAME(oi),
2537 lookup_msg(ospf_auth_type_str,
2538 iface_auth_type, NULL));
2539 return 0;
2540 }
2541 if (ospfh->checksum) {
2542 if (IS_DEBUG_OSPF_PACKET(ospfh->type - 1, RECV))
c9cc11f6 2543 flog_warn(
cf444bcf 2544 EC_OSPF_PACKET,
d62a17ae 2545 "interface %s: OSPF header checksum is not 0",
2546 IF_NAME(oi));
2547 return 0;
2548 }
2549 /* only MD5 crypto method can pass ospf_packet_examin() */
996c9314
LB		 2550 if (NULL == (ck = listgetdata(
2551 listtail(OSPF_IF_PARAM(oi, auth_crypt))))
2552 || ospfh->u.crypt.key_id != ck->key_id ||
2553 /* Condition above uses the last key ID on the list,
2554 which is
2555 different from what ospf_crypt_key_lookup() does. A
2556 bug? */
2557 !ospf_check_md5_digest(oi, ospfh)) {
d62a17ae 2558 if (IS_DEBUG_OSPF_PACKET(ospfh->type - 1, RECV))
cf444bcf 2559 flog_warn(EC_OSPF_MD5,
c9cc11f6 2560 "interface %s: MD5 auth failed",
d62a17ae 2561 IF_NAME(oi));
2562 return 0;
2563 }
2564 return 1;
2565 default:
2566 if (IS_DEBUG_OSPF_PACKET(ospfh->type - 1, RECV))
c9cc11f6 2567 flog_warn(
cf444bcf 2568 EC_OSPF_PACKET,
d62a17ae 2569 "interface %s: invalid packet auth-type (%02x)",
2570 IF_NAME(oi), pkt_auth_type);
2571 return 0;
2572 }
2573}
2574
2575static int ospf_check_sum(struct ospf_header *ospfh)
2576{
d7c0a89a
QY		 2577 uint32_t ret;
2578 uint16_t sum;
d62a17ae 2579
2580 /* clear auth_data for checksum. */
2581 memset(ospfh->u.auth_data, 0, OSPF_AUTH_SIMPLE_SIZE);
2582
2583 /* keep checksum and clear. */
2584 sum = ospfh->checksum;
d7c0a89a 2585 memset(&ospfh->checksum, 0, sizeof(uint16_t));
d62a17ae 2586
2587 /* calculate checksum. */
2588 ret = in_cksum(ospfh, ntohs(ospfh->length));
2589
2590 if (ret != sum) {
2591 zlog_info("ospf_check_sum(): checksum mismatch, my %X, his %X",
2592 ret, sum);
2593 return 0;
2594 }
2595
2596 return 1;
718e3744 2597}
2598
4e31de79
DO		 2599/* Verify, that given link/TOS records are properly sized/aligned and match
2600 Router-LSA "# links" and "# TOS" fields as specified in RFC2328 A.4.2. */
d62a17ae 2601static unsigned ospf_router_lsa_links_examin(struct router_lsa_link *link,
d7c0a89a
QY		 2602 uint16_t linkbytes,
2603 const uint16_t num_links)
d62a17ae 2604{
2605 unsigned counted_links = 0, thislinklen;
2606
2607 while (linkbytes) {
2608 thislinklen =
2609 OSPF_ROUTER_LSA_LINK_SIZE + 4 * link->m[0].tos_count;
2610 if (thislinklen > linkbytes) {
2611 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2612 zlog_debug("%s: length error in link block #%u",
2613 __func__, counted_links);
2614 return MSG_NG;
2615 }
2616 link = (struct router_lsa_link *)((caddr_t)link + thislinklen);
2617 linkbytes -= thislinklen;
2618 counted_links++;
2619 }
2620 if (counted_links != num_links) {
2621 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2622 zlog_debug("%s: %u link blocks declared, %u present",
2623 __func__, num_links, counted_links);
2624 return MSG_NG;
2625 }
2626 return MSG_OK;
4e31de79
DO		 2627}
2628
2629/* Verify, that the given LSA is properly sized/aligned (including type-specific
2630 minimum length constraint). */
d7c0a89a
QY		 2631static unsigned ospf_lsa_examin(struct lsa_header *lsah, const uint16_t lsalen,
2632 const uint8_t headeronly)
d62a17ae 2633{
2634 unsigned ret;
2635 struct router_lsa *rlsa;
2636 if (lsah->type < OSPF_MAX_LSA && ospf_lsa_minlen[lsah->type]
2637 && lsalen < OSPF_LSA_HEADER_SIZE + ospf_lsa_minlen[lsah->type]) {
2638 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2639 zlog_debug("%s: undersized (%u B) %s", __func__, lsalen,
2640 lookup_msg(ospf_lsa_type_msg, lsah->type,
2641 NULL));
2642 return MSG_NG;
2643 }
2644 switch (lsah->type) {
2645 case OSPF_ROUTER_LSA:
2646 /* RFC2328 A.4.2, LSA header + 4 bytes followed by N>=1
2647 * (12+)-byte link blocks */
2648 if (headeronly) {
2649 ret = (lsalen - OSPF_LSA_HEADER_SIZE
2650 - OSPF_ROUTER_LSA_MIN_SIZE)
2651 % 4
2652 ? MSG_NG
2653 : MSG_OK;
2654 break;
2655 }
2656 rlsa = (struct router_lsa *)lsah;
2657 ret = ospf_router_lsa_links_examin(
2658 (struct router_lsa_link *)rlsa->link,
2659 lsalen - OSPF_LSA_HEADER_SIZE - 4, /* skip: basic
2660 header, "flags",
2661 0, "# links" */
2662 ntohs(rlsa->links) /* 16 bits */
9d303b37 2663 );
d62a17ae 2664 break;
2665 case OSPF_AS_EXTERNAL_LSA:
2666 /* RFC2328 A.4.5, LSA header + 4 bytes followed by N>=1 12-bytes long
2667 * blocks */
2668 case OSPF_AS_NSSA_LSA:
2669 /* RFC3101 C, idem */
2670 ret = (lsalen - OSPF_LSA_HEADER_SIZE
2671 - OSPF_AS_EXTERNAL_LSA_MIN_SIZE)
2672 % 12
2673 ? MSG_NG
2674 : MSG_OK;
2675 break;
2676 /* Following LSA types are considered OK length-wise as soon as their
2677 * minimum
2678 * length constraint is met and length of the whole LSA is a multiple of
2679 * 4
2680 * (basic LSA header size is already a multiple of 4). */
2681 case OSPF_NETWORK_LSA:
2682 /* RFC2328 A.4.3, LSA header + 4 bytes followed by N>=1 router-IDs */
2683 case OSPF_SUMMARY_LSA:
2684 case OSPF_ASBR_SUMMARY_LSA:
2685 /* RFC2328 A.4.4, LSA header + 4 bytes followed by N>=1 4-bytes TOS
2686 * blocks */
2687 case OSPF_OPAQUE_LINK_LSA:
2688 case OSPF_OPAQUE_AREA_LSA:
2689 case OSPF_OPAQUE_AS_LSA:
2690 /* RFC5250 A.2, "some number of octets (of application-specific
2691 * data) padded to 32-bit alignment." This is considered
2692 * equivalent
2693 * to 4-byte alignment of all other LSA types, see
2694 * OSPF-ALIGNMENT.txt
2695 * file for the detailed analysis of this passage. */
2696 ret = lsalen % 4 ? MSG_NG : MSG_OK;
2697 break;
2698 default:
2699 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2700 zlog_debug("%s: unsupported LSA type 0x%02x", __func__,
2701 lsah->type);
2702 return MSG_NG;
2703 }
2704 if (ret != MSG_OK && IS_DEBUG_OSPF_PACKET(0, RECV))
2705 zlog_debug("%s: alignment error in %s", __func__,
2706 lookup_msg(ospf_lsa_type_msg, lsah->type, NULL));
2707 return ret;
4e31de79
DO		 2708}
2709
2710/* Verify if the provided input buffer is a valid sequence of LSAs. This
2711 includes verification of LSA blocks length/alignment and dispatching
2712 of deeper-level checks. */
2713static unsigned
d62a17ae 2714ospf_lsaseq_examin(struct lsa_header *lsah, /* start of buffered data */
d7c0a89a 2715 size_t length, const uint8_t headeronly,
d62a17ae 2716 /* When declared_num_lsas is not 0, compare it to the real
2717 number of LSAs
2718 and treat the difference as an error. */
d7c0a89a 2719 const uint32_t declared_num_lsas)
d62a17ae 2720{
d7c0a89a 2721 uint32_t counted_lsas = 0;
d62a17ae 2722
2723 while (length) {
d7c0a89a 2724 uint16_t lsalen;
d62a17ae 2725 if (length < OSPF_LSA_HEADER_SIZE) {
2726 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2727 zlog_debug(
2728 "%s: undersized (%zu B) trailing (#%u) LSA header",
2729 __func__, length, counted_lsas);
2730 return MSG_NG;
2731 }
2732 /* save on ntohs() calls here and in the LSA validator */
2733 lsalen = ntohs(lsah->length);
2734 if (lsalen < OSPF_LSA_HEADER_SIZE) {
2735 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2736 zlog_debug(
2737 "%s: malformed LSA header #%u, declared length is %u B",
2738 __func__, counted_lsas, lsalen);
2739 return MSG_NG;
2740 }
2741 if (headeronly) {
2742 /* less checks here and in ospf_lsa_examin() */
2743 if (MSG_OK != ospf_lsa_examin(lsah, lsalen, 1)) {
2744 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2745 zlog_debug(
2746 "%s: malformed header-only LSA #%u",
2747 __func__, counted_lsas);
2748 return MSG_NG;
2749 }
2750 lsah = (struct lsa_header *)((caddr_t)lsah
2751 + OSPF_LSA_HEADER_SIZE);
2752 length -= OSPF_LSA_HEADER_SIZE;
2753 } else {
2754 /* make sure the input buffer is deep enough before
2755 * further checks */
2756 if (lsalen > length) {
2757 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2758 zlog_debug(
2759 "%s: anomaly in LSA #%u: declared length is %u B, buffered length is %zu B",
2760 __func__, counted_lsas, lsalen,
2761 length);
2762 return MSG_NG;
2763 }
2764 if (MSG_OK != ospf_lsa_examin(lsah, lsalen, 0)) {
2765 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2766 zlog_debug("%s: malformed LSA #%u",
2767 __func__, counted_lsas);
2768 return MSG_NG;
2769 }
2770 lsah = (struct lsa_header *)((caddr_t)lsah + lsalen);
2771 length -= lsalen;
2772 }
2773 counted_lsas++;
2774 }
2775
2776 if (declared_num_lsas && counted_lsas != declared_num_lsas) {
2777 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2778 zlog_debug(
2779 "%s: #LSAs declared (%u) does not match actual (%u)",
2780 __func__, declared_num_lsas, counted_lsas);
2781 return MSG_NG;
2782 }
2783 return MSG_OK;
4e31de79
DO		 2784}
2785
75c8eabb 2786/* Verify a complete OSPF packet for proper sizing/alignment. */
d62a17ae 2787static unsigned ospf_packet_examin(struct ospf_header *oh,
2788 const unsigned bytesonwire)
2789{
d7c0a89a 2790 uint16_t bytesdeclared, bytesauth;
d62a17ae 2791 unsigned ret;
2792 struct ospf_ls_update *lsupd;
2793
2794 /* Length, 1st approximation. */
2795 if (bytesonwire < OSPF_HEADER_SIZE) {
2796 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2797 zlog_debug("%s: undersized (%u B) packet", __func__,
2798 bytesonwire);
2799 return MSG_NG;
2800 }
2801 /* Now it is safe to access header fields. Performing length check,
2802 * allow
2803 * for possible extra bytes of crypto auth/padding, which are not
2804 * counted
2805 * in the OSPF header "length" field. */
2806 if (oh->version != OSPF_VERSION) {
2807 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2808 zlog_debug("%s: invalid (%u) protocol version",
2809 __func__, oh->version);
2810 return MSG_NG;
2811 }
2812 bytesdeclared = ntohs(oh->length);
2813 if (ntohs(oh->auth_type) != OSPF_AUTH_CRYPTOGRAPHIC)
2814 bytesauth = 0;
2815 else {
2816 if (oh->u.crypt.auth_data_len != OSPF_AUTH_MD5_SIZE) {
2817 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2818 zlog_debug(
2819 "%s: unsupported crypto auth length (%u B)",
2820 __func__, oh->u.crypt.auth_data_len);
2821 return MSG_NG;
2822 }
2823 bytesauth = OSPF_AUTH_MD5_SIZE;
2824 }
2825 if (bytesdeclared + bytesauth > bytesonwire) {
2826 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2827 zlog_debug(
2828 "%s: packet length error (%u real, %u+%u declared)",
2829 __func__, bytesonwire, bytesdeclared,
2830 bytesauth);
2831 return MSG_NG;
2832 }
2833 /* Length, 2nd approximation. The type-specific constraint is checked
2834 against declared length, not amount of bytes on wire. */
2835 if (oh->type >= OSPF_MSG_HELLO && oh->type <= OSPF_MSG_LS_ACK
2836 && bytesdeclared
2837 < OSPF_HEADER_SIZE + ospf_packet_minlen[oh->type]) {
2838 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2839 zlog_debug("%s: undersized (%u B) %s packet", __func__,
2840 bytesdeclared,
2841 lookup_msg(ospf_packet_type_str, oh->type,
2842 NULL));
2843 return MSG_NG;
2844 }
2845 switch (oh->type) {
2846 case OSPF_MSG_HELLO:
2847 /* RFC2328 A.3.2, packet header + OSPF_HELLO_MIN_SIZE bytes
2848 followed
2849 by N>=0 router-IDs. */
2850 ret = (bytesdeclared - OSPF_HEADER_SIZE - OSPF_HELLO_MIN_SIZE)
2851 % 4
2852 ? MSG_NG
2853 : MSG_OK;
2854 break;
2855 case OSPF_MSG_DB_DESC:
2856 /* RFC2328 A.3.3, packet header + OSPF_DB_DESC_MIN_SIZE bytes
2857 followed
2858 by N>=0 header-only LSAs. */
2859 ret = ospf_lsaseq_examin(
2860 (struct lsa_header *)((caddr_t)oh + OSPF_HEADER_SIZE
2861 + OSPF_DB_DESC_MIN_SIZE),
2862 bytesdeclared - OSPF_HEADER_SIZE
2863 - OSPF_DB_DESC_MIN_SIZE,
2864 1, /* header-only LSAs */
2865 0);
2866 break;
2867 case OSPF_MSG_LS_REQ:
2868 /* RFC2328 A.3.4, packet header followed by N>=0 12-bytes
2869 * request blocks. */
2870 ret = (bytesdeclared - OSPF_HEADER_SIZE - OSPF_LS_REQ_MIN_SIZE)
2871 % OSPF_LSA_KEY_SIZE
2872 ? MSG_NG
2873 : MSG_OK;
2874 break;
2875 case OSPF_MSG_LS_UPD:
2876 /* RFC2328 A.3.5, packet header + OSPF_LS_UPD_MIN_SIZE bytes
2877 followed
2878 by N>=0 full LSAs (with N declared beforehand). */
2879 lsupd = (struct ospf_ls_update *)((caddr_t)oh
2880 + OSPF_HEADER_SIZE);
2881 ret = ospf_lsaseq_examin(
2882 (struct lsa_header *)((caddr_t)lsupd
2883 + OSPF_LS_UPD_MIN_SIZE),
2884 bytesdeclared - OSPF_HEADER_SIZE - OSPF_LS_UPD_MIN_SIZE,
2885 0, /* full LSAs */
2886 ntohl(lsupd->num_lsas) /* 32 bits */
9d303b37 2887 );
d62a17ae 2888 break;
2889 case OSPF_MSG_LS_ACK:
2890 /* RFC2328 A.3.6, packet header followed by N>=0 header-only
2891 * LSAs. */
2892 ret = ospf_lsaseq_examin(
2893 (struct lsa_header *)((caddr_t)oh + OSPF_HEADER_SIZE
2894 + OSPF_LS_ACK_MIN_SIZE),
2895 bytesdeclared - OSPF_HEADER_SIZE - OSPF_LS_ACK_MIN_SIZE,
2896 1, /* header-only LSAs */
2897 0);
2898 break;
2899 default:
2900 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2901 zlog_debug("%s: invalid packet type 0x%02x", __func__,
2902 oh->type);
2903 return MSG_NG;
2904 }
2905 if (ret != MSG_OK && IS_DEBUG_OSPF_PACKET(0, RECV))
2906 zlog_debug("%s: malformed %s packet", __func__,
2907 lookup_msg(ospf_packet_type_str, oh->type, NULL));
2908 return ret;
75c8eabb
DO		 2909}
2910
718e3744 2911/* OSPF Header verification. */
d62a17ae 2912static int ospf_verify_header(struct stream *ibuf, struct ospf_interface *oi,
2913 struct ip *iph, struct ospf_header *ospfh)
2914{
2915 /* Check Area ID. */
2916 if (!ospf_check_area_id(oi, ospfh)) {
cf444bcf 2917 flog_warn(EC_OSPF_PACKET,
c9cc11f6 2918 "interface %s: ospf_read invalid Area ID %s.",
d62a17ae 2919 IF_NAME(oi), inet_ntoa(ospfh->area_id));
2920 return -1;
2921 }
718e3744 2922
d62a17ae 2923 /* Check network mask, Silently discarded. */
2924 if (!ospf_check_network_mask(oi, iph->ip_src)) {
c9cc11f6 2925 flog_warn(
cf444bcf 2926 EC_OSPF_PACKET,
d62a17ae 2927 "interface %s: ospf_read network address is not same [%s]",
2928 IF_NAME(oi), inet_ntoa(iph->ip_src));
2929 return -1;
2930 }
718e3744 2931
d62a17ae 2932 /* Check authentication. The function handles logging actions, where
2933 * required. */
2934 if (!ospf_check_auth(oi, ospfh))
2935 return -1;
718e3744 2936
d62a17ae 2937 return 0;
718e3744 2938}
2939
02637513
DS		 2940enum ospf_read_return_enum {
2941 OSPF_READ_ERROR,
2942 OSPF_READ_CONTINUE,
2943};
2944
2945static enum ospf_read_return_enum ospf_read_helper(struct ospf *ospf)
d62a17ae 2946{
2947 int ret;
2948 struct stream *ibuf;
d62a17ae 2949 struct ospf_interface *oi;
2950 struct ip *iph;
2951 struct ospf_header *ospfh;
d7c0a89a 2952 uint16_t length;
d62a17ae 2953 struct connected *c;
02637513 2954 struct interface *ifp = NULL;
d62a17ae 2955
02637513
DS		 2956 stream_reset(ospf->ibuf);
2957 ibuf = ospf_recv_packet(ospf, ospf->fd, &ifp, ospf->ibuf);
2958 if (ibuf == NULL)
2959 return OSPF_READ_ERROR;
d62a17ae 2960
02637513
DS		 2961 /*
2962 * This raw packet is known to be at least as big as its
2963 * IP header. Note that there should not be alignment problems with
2964 * this assignment because this is at the beginning of the
2965 * stream data buffer.
2966 */
2967 iph = (struct ip *)STREAM_DATA(ibuf);
2968 /*
2969 * Note that sockopt_iphdrincl_swab_systoh was called in
2970 * ospf_recv_packet.
2971 */
2972 if (ifp == NULL) {
4392cc43 2973 /*
02637513
DS		 2974 * Handle cases where the platform does not support
2975 * retrieving the ifindex, and also platforms (such as
2976 * Solaris 8) that claim to support ifindex retrieval but do
2977 * not.
4392cc43 2978 */
02637513
DS		 2979 c = if_lookup_address((void *)&iph->ip_src, AF_INET,
2980 ospf->vrf_id);
2981 if (c)
2982 ifp = c->ifp;
868a0861 2983 if (ifp == NULL) {
02637513 2984 if (IS_DEBUG_OSPF_PACKET(0, RECV))
4392cc43 2985 zlog_debug(
02637513
DS		 2986 "%s: Unable to determine incoming interface from: %s(%s)",
2987 __PRETTY_FUNCTION__,
2988 inet_ntoa(iph->ip_src),
2989 ospf_get_name(ospf));
2990 return OSPF_READ_CONTINUE;
d62a17ae 2991 }
02637513 2992 }
d62a17ae 2993
02637513
DS		 2994 /* Self-originated packet should be discarded silently. */
2995 if (ospf_if_lookup_by_local_addr(ospf, NULL, iph->ip_src)) {
2996 if (IS_DEBUG_OSPF_PACKET(0, RECV)) {
2997 zlog_debug(
2998 "ospf_read[%s]: Dropping self-originated packet",
2999 inet_ntoa(iph->ip_src));
3000 }
3001 return OSPF_READ_CONTINUE;
3002 }
d62a17ae 3003
02637513
DS		 3004 /*
3005 * Advance from IP header to OSPF header (iph->ip_hl has
3006 * been verified by ospf_recv_packet() to be correct).
3007 */
3008 stream_forward_getp(ibuf, iph->ip_hl * 4);
d62a17ae 3009
02637513
DS		 3010 ospfh = (struct ospf_header *)stream_pnt(ibuf);
3011 if (MSG_OK
3012 != ospf_packet_examin(ospfh, stream_get_endp(ibuf)
3013 - stream_get_getp(ibuf)))
3014 return OSPF_READ_CONTINUE;
3015 /* Now it is safe to access all fields of OSPF packet header. */
4392cc43 3016
02637513
DS		 3017 /* associate packet with ospf interface */
3018 oi = ospf_if_lookup_recv_if(ospf, iph->ip_src, ifp);
4392cc43 3019
02637513
DS		 3020 /*
3021 * ospf_verify_header() relies on a valid "oi" and thus can be called
3022 * only after the passive/backbone/other checks below are passed.
3023 * These checks in turn access the fields of unverified "ospfh"
3024 * structure for their own purposes and must remain very accurate
3025 * in doing this.
3026 */
4392cc43 3027
02637513
DS		 3028 /* If incoming interface is passive one, ignore it. */
3029 if (oi && OSPF_IF_PASSIVE_STATUS(oi) == OSPF_IF_PASSIVE) {
3030 char buf[3][INET_ADDRSTRLEN];
4392cc43 3031
02637513
DS		 3032 if (IS_DEBUG_OSPF_EVENT)
3033 zlog_debug(
3034 "ignoring packet from router %s sent to %s, received on a passive interface, %s",
3035 inet_ntop(AF_INET, &ospfh->router_id, buf[0],
d62a17ae 3036 sizeof(buf[0])),
3037 inet_ntop(AF_INET, &iph->ip_dst, buf[1],
3038 sizeof(buf[1])),
02637513
DS		 3039 inet_ntop(AF_INET, &oi->address->u.prefix4,
3040 buf[2], sizeof(buf[2])));
d62a17ae 3041
02637513
DS		 3042 if (iph->ip_dst.s_addr == htonl(OSPF_ALLSPFROUTERS)) {
3043 /* Try to fix multicast membership.
3044 * Some OS:es may have problems in this area,
3045 * make sure it is removed.
3046 */
3047 OI_MEMBER_JOINED(oi, MEMBER_ALLROUTERS);
d62a17ae 3048 ospf_if_set_multicast(oi);
3049 }
02637513
DS		 3050 return OSPF_READ_CONTINUE;
3051 }
d62a17ae 3052
02637513
DS		 3053
3054 /* if no local ospf_interface,
3055 * or header area is backbone but ospf_interface is not
3056 * check for VLINK interface
3057 */
3058 if ((oi == NULL)
3059 || (OSPF_IS_AREA_ID_BACKBONE(ospfh->area_id)
3060 && !OSPF_IS_AREA_ID_BACKBONE(oi->area->area_id))) {
3061 if ((oi = ospf_associate_packet_vl(ospf, ifp, iph, ospfh))
3062 == NULL) {
3063 if (!ospf->instance && IS_DEBUG_OSPF_EVENT)
d62a17ae 3064 zlog_debug(
02637513
DS		 3065 "Packet from [%s] received on link %s but no ospf_interface",
3066 inet_ntoa(iph->ip_src), ifp->name);
3067 return OSPF_READ_CONTINUE;
d62a17ae 3068 }
02637513 3069 }
d62a17ae 3070
02637513
DS		 3071 /*
3072 * else it must be a local ospf interface, check it was
3073 * received on correct link
3074 */
3075 else if (oi->ifp != ifp) {
3076 if (IS_DEBUG_OSPF_EVENT)
3077 flog_warn(EC_OSPF_PACKET,
3078 "Packet from [%s] received on wrong link %s",
3079 inet_ntoa(iph->ip_src), ifp->name);
3080 return OSPF_READ_CONTINUE;
3081 } else if (oi->state == ISM_Down) {
3082 char buf[2][INET_ADDRSTRLEN];
d62a17ae 3083
02637513
DS		 3084 flog_warn(
3085 EC_OSPF_PACKET,
3086 "Ignoring packet from %s to %s received on interface that is down [%s]; interface flags are %s",
3087 inet_ntop(AF_INET, &iph->ip_src, buf[0],
3088 sizeof(buf[0])),
3089 inet_ntop(AF_INET, &iph->ip_dst, buf[1],
3090 sizeof(buf[1])),
3091 ifp->name, if_flag_dump(ifp->flags));
3092 /* Fix multicast memberships? */
3093 if (iph->ip_dst.s_addr == htonl(OSPF_ALLSPFROUTERS))
3094 OI_MEMBER_JOINED(oi, MEMBER_ALLROUTERS);
3095 else if (iph->ip_dst.s_addr == htonl(OSPF_ALLDROUTERS))
3096 OI_MEMBER_JOINED(oi, MEMBER_DROUTERS);
3097 if (oi->multicast_memberships)
3098 ospf_if_set_multicast(oi);
3099 return OSPF_READ_CONTINUE;
3100 }
d62a17ae 3101
02637513
DS		 3102 /*
3103 * If the received packet is destined for AllDRouters, the
3104 * packet should be accepted only if the received ospf
3105 * interface state is either DR or Backup -- endo.
3106 *
3107 * I wonder who endo is?
3108 */
3109 if (iph->ip_dst.s_addr == htonl(OSPF_ALLDROUTERS)
3110 && (oi->state != ISM_DR && oi->state != ISM_Backup)) {
3111 flog_warn(
3112 EC_OSPF_PACKET,
3113 "Dropping packet for AllDRouters from [%s] via [%s] (ISM: %s)",
3114 inet_ntoa(iph->ip_src), IF_NAME(oi),
3115 lookup_msg(ospf_ism_state_msg, oi->state, NULL));
3116 /* Try to fix multicast membership. */
3117 SET_FLAG(oi->multicast_memberships, MEMBER_DROUTERS);
3118 ospf_if_set_multicast(oi);
3119 return OSPF_READ_CONTINUE;
3120 }
3121
3122 /* Verify more OSPF header fields. */
3123 ret = ospf_verify_header(ibuf, oi, iph, ospfh);
3124 if (ret < 0) {
3125 if (IS_DEBUG_OSPF_PACKET(0, RECV))
3126 zlog_debug(
3127 "ospf_read[%s]: Header check failed, "
3128 "dropping.",
3129 inet_ntoa(iph->ip_src));
3130 return OSPF_READ_CONTINUE;
3131 }
3132
3133 /* Show debug receiving packet. */
3134 if (IS_DEBUG_OSPF_PACKET(ospfh->type - 1, RECV)) {
3135 if (IS_DEBUG_OSPF_PACKET(ospfh->type - 1, DETAIL)) {
3136 zlog_debug(
3137 "-----------------------------------------------------");
3138 ospf_packet_dump(ibuf);
d62a17ae 3139 }
3140
02637513
DS		 3141 zlog_debug("%s received from [%s] via [%s]",
3142 lookup_msg(ospf_packet_type_str, ospfh->type, NULL),
3143 inet_ntoa(ospfh->router_id), IF_NAME(oi));
3144 zlog_debug(" src [%s],", inet_ntoa(iph->ip_src));
3145 zlog_debug(" dst [%s]", inet_ntoa(iph->ip_dst));
d62a17ae 3146
02637513
DS		 3147 if (IS_DEBUG_OSPF_PACKET(ospfh->type - 1, DETAIL))
3148 zlog_debug(
3149 "-----------------------------------------------------");
3150 }
d62a17ae 3151
02637513
DS		 3152 stream_forward_getp(ibuf, OSPF_HEADER_SIZE);
3153
3154 /* Adjust size to message length. */
3155 length = ntohs(ospfh->length) - OSPF_HEADER_SIZE;
3156
3157 /* Read rest of the packet and call each sort of packet routine.
3158 */
3159 switch (ospfh->type) {
3160 case OSPF_MSG_HELLO:
3161 ospf_hello(iph, ospfh, ibuf, oi, length);
3162 break;
3163 case OSPF_MSG_DB_DESC:
3164 ospf_db_desc(iph, ospfh, ibuf, oi, length);
3165 break;
3166 case OSPF_MSG_LS_REQ:
3167 ospf_ls_req(iph, ospfh, ibuf, oi, length);
3168 break;
3169 case OSPF_MSG_LS_UPD:
3170 ospf_ls_upd(ospf, iph, ospfh, ibuf, oi, length);
3171 break;
3172 case OSPF_MSG_LS_ACK:
3173 ospf_ls_ack(iph, ospfh, ibuf, oi, length);
3174 break;
3175 default:
3176 flog_warn(
3177 EC_OSPF_PACKET,
3178 "interface %s(%s): OSPF packet header type %d is illegal",
3179 IF_NAME(oi), ospf_get_name(ospf), ospfh->type);
3180 break;
3181 }
3182
3183 return OSPF_READ_CONTINUE;
3184}
3185
3186/* Starting point of packet process function. */
3187int ospf_read(struct thread *thread)
3188{
3189 struct ospf *ospf;
3190 int32_t count = 0;
3191 enum ospf_read_return_enum ret;
3192
3193 /* first of all get interface pointer. */
3194 ospf = THREAD_ARG(thread);
3195
3196 /* prepare for next packet. */
3197 thread_add_read(master, ospf_read, ospf, ospf->fd, &ospf->t_read);
3198
3199 while (count < ospf->write_oi_count) {
3200 count++;
3201 ret = ospf_read_helper(ospf);
3202 switch (ret) {
3203 case OSPF_READ_ERROR:
3204 return -1;
4392cc43 3205 break;
02637513 3206 case OSPF_READ_CONTINUE:
4392cc43
DS		 3207 break;
3208 }
d62a17ae 3209 }
3210
b10ce841 3211 return 0;
718e3744 3212}
3213
3214/* Make OSPF header. */
d62a17ae 3215static void ospf_make_header(int type, struct ospf_interface *oi,
3216 struct stream *s)
718e3744 3217{
d62a17ae 3218 struct ospf_header *ospfh;
718e3744 3219
d62a17ae 3220 ospfh = (struct ospf_header *)STREAM_DATA(s);
718e3744 3221
d7c0a89a
QY		 3222 ospfh->version = (uint8_t)OSPF_VERSION;
3223 ospfh->type = (uint8_t)type;
718e3744 3224
d62a17ae 3225 ospfh->router_id = oi->ospf->router_id;
718e3744 3226
d62a17ae 3227 ospfh->checksum = 0;
3228 ospfh->area_id = oi->area->area_id;
3229 ospfh->auth_type = htons(ospf_auth_type(oi));
718e3744 3230
d62a17ae 3231 memset(ospfh->u.auth_data, 0, OSPF_AUTH_SIMPLE_SIZE);
718e3744 3232
d62a17ae 3233 stream_forward_endp(s, OSPF_HEADER_SIZE);
718e3744 3234}
3235
3236/* Make Authentication Data. */
d62a17ae 3237static int ospf_make_auth(struct ospf_interface *oi, struct ospf_header *ospfh)
3238{
3239 struct crypt_key *ck;
3240
3241 switch (ospf_auth_type(oi)) {
3242 case OSPF_AUTH_NULL:
3243 /* memset (ospfh->u.auth_data, 0, sizeof (ospfh->u.auth_data));
3244 */
3245 break;
3246 case OSPF_AUTH_SIMPLE:
3247 memcpy(ospfh->u.auth_data, OSPF_IF_PARAM(oi, auth_simple),
3248 OSPF_AUTH_SIMPLE_SIZE);
3249 break;
3250 case OSPF_AUTH_CRYPTOGRAPHIC:
3251 /* If key is not set, then set 0. */
3252 if (list_isempty(OSPF_IF_PARAM(oi, auth_crypt))) {
3253 ospfh->u.crypt.zero = 0;
3254 ospfh->u.crypt.key_id = 0;
3255 ospfh->u.crypt.auth_data_len = OSPF_AUTH_MD5_SIZE;
3256 } else {
3257 ck = listgetdata(
3258 listtail(OSPF_IF_PARAM(oi, auth_crypt)));
3259 ospfh->u.crypt.zero = 0;
3260 ospfh->u.crypt.key_id = ck->key_id;
3261 ospfh->u.crypt.auth_data_len = OSPF_AUTH_MD5_SIZE;
3262 }
3263 /* note: the seq is done in ospf_make_md5_digest() */
3264 break;
3265 default:
3266 /* memset (ospfh->u.auth_data, 0, sizeof (ospfh->u.auth_data));
3267 */
3268 break;
718e3744 3269 }
718e3744 3270
d62a17ae 3271 return 0;
718e3744 3272}
3273
3274/* Fill rest of OSPF header. */
d62a17ae 3275static void ospf_fill_header(struct ospf_interface *oi, struct stream *s,
d7c0a89a 3276 uint16_t length)
d62a17ae 3277{
3278 struct ospf_header *ospfh;
3279
3280 ospfh = (struct ospf_header *)STREAM_DATA(s);
3281
3282 /* Fill length. */
3283 ospfh->length = htons(length);
3284
3285 /* Calculate checksum. */
3286 if (ntohs(ospfh->auth_type) != OSPF_AUTH_CRYPTOGRAPHIC)
3287 ospfh->checksum = in_cksum(ospfh, length);
3288 else
3289 ospfh->checksum = 0;
3290
3291 /* Add Authentication Data. */
3292 ospf_make_auth(oi, ospfh);
3293}
3294
3295static int ospf_make_hello(struct ospf_interface *oi, struct stream *s)
3296{
3297 struct ospf_neighbor *nbr;
3298 struct route_node *rn;
d7c0a89a 3299 uint16_t length = OSPF_HELLO_MIN_SIZE;
d62a17ae 3300 struct in_addr mask;
3301 unsigned long p;
3302 int flag = 0;
3303
3304 /* Set netmask of interface. */
3305 if (!(CHECK_FLAG(oi->connected->flags, ZEBRA_IFA_UNNUMBERED)
3306 && oi->type == OSPF_IFTYPE_POINTOPOINT)
3307 && oi->type != OSPF_IFTYPE_VIRTUALLINK)
3308 masklen2ip(oi->address->prefixlen, &mask);
3309 else
3310 memset((char *)&mask, 0, sizeof(struct in_addr));
3311 stream_put_ipv4(s, mask.s_addr);
3312
3313 /* Set Hello Interval. */
3314 if (OSPF_IF_PARAM(oi, fast_hello) == 0)
3315 stream_putw(s, OSPF_IF_PARAM(oi, v_hello));
3316 else
3317 stream_putw(s, 0); /* hello-interval of 0 for fast-hellos */
3318
3319 if (IS_DEBUG_OSPF_EVENT)
3320 zlog_debug("make_hello: options: %x, int: %s", OPTIONS(oi),
3321 IF_NAME(oi));
3322
3323 /* Set Options. */
3324 stream_putc(s, OPTIONS(oi));
3325
3326 /* Set Router Priority. */
3327 stream_putc(s, PRIORITY(oi));
3328
3329 /* Set Router Dead Interval. */
3330 stream_putl(s, OSPF_IF_PARAM(oi, v_wait));
3331
3332 /* Set Designated Router. */
3333 stream_put_ipv4(s, DR(oi).s_addr);
3334
3335 p = stream_get_endp(s);
3336
3337 /* Set Backup Designated Router. */
3338 stream_put_ipv4(s, BDR(oi).s_addr);
3339
3340 /* Add neighbor seen. */
3341 for (rn = route_top(oi->nbrs); rn; rn = route_next(rn))
3342 if ((nbr = rn->info))
3343 if (nbr->router_id.s_addr
3344 != 0) /* Ignore 0.0.0.0 node. */
3345 if (nbr->state
3346 != NSM_Attempt) /* Ignore Down neighbor. */
3347 if (nbr->state
3348 != NSM_Down) /* This is myself for
3349 DR election. */
3350 if (!IPV4_ADDR_SAME(
3351 &nbr->router_id,
3352 &oi->ospf->router_id)) {
3353 /* Check neighbor is
3354 * sane? */
3355 if (nbr->d_router.s_addr
3356 != 0
3357 && IPV4_ADDR_SAME(
3358 &nbr->d_router,
3359 &oi->address
3360 ->u
3361 .prefix4)
3362 && IPV4_ADDR_SAME(
3363 &nbr->bd_router,
3364 &oi->address
3365 ->u
3366 .prefix4))
3367 flag = 1;
3368
9b18d58e
NS		 3369 /* Hello packet overflows interface MTU. */
3370 if (length + sizeof(uint32_t)
3371 > ospf_packet_max(oi)) {
3372 flog_err(
3373 EC_OSPF_LARGE_HELLO,
c531be7c 3374 "Oversized Hello packet! Larger than MTU. Not sending it out");
9b18d58e
NS		 3375 return 0;
3376 }
3377
d62a17ae 3378 stream_put_ipv4(
3379 s,
3380 nbr->router_id
3381 .s_addr);
3382 length += 4;
3383 }
3384
3385 /* Let neighbor generate BackupSeen. */
3386 if (flag == 1)
3387 stream_putl_at(s, p, 0); /* ipv4 address, normally */
3388
3389 return length;
3390}
3391
3392static int ospf_make_db_desc(struct ospf_interface *oi,
3393 struct ospf_neighbor *nbr, struct stream *s)
3394{
3395 struct ospf_lsa *lsa;
d7c0a89a
QY		 3396 uint16_t length = OSPF_DB_DESC_MIN_SIZE;
3397 uint8_t options;
d62a17ae 3398 unsigned long pp;
3399 int i;
3400 struct ospf_lsdb *lsdb;
3401
3402 /* Set Interface MTU. */
3403 if (oi->type == OSPF_IFTYPE_VIRTUALLINK)
3404 stream_putw(s, 0);
3405 else
3406 stream_putw(s, oi->ifp->mtu);
3407
3408 /* Set Options. */
3409 options = OPTIONS(oi);
3410 if (CHECK_FLAG(oi->ospf->config, OSPF_OPAQUE_CAPABLE))
3411 SET_FLAG(options, OSPF_OPTION_O);
3412 stream_putc(s, options);
3413
3414 /* DD flags */
3415 pp = stream_get_endp(s);
3416 stream_putc(s, nbr->dd_flags);
3417
3418 /* Set DD Sequence Number. */
3419 stream_putl(s, nbr->dd_seqnum);
3420
3421 /* shortcut unneeded walk of (empty) summary LSDBs */
3422 if (ospf_db_summary_isempty(nbr))
3423 goto empty;
3424
3425 /* Describe LSA Header from Database Summary List. */
3426 lsdb = &nbr->db_sum;
3427
3428 for (i = OSPF_MIN_LSA; i < OSPF_MAX_LSA; i++) {
3429 struct route_table *table = lsdb->type[i].db;
3430 struct route_node *rn;
3431
3432 for (rn = route_top(table); rn; rn = route_next(rn))
3433 if ((lsa = rn->info) != NULL) {
3434 if (IS_OPAQUE_LSA(lsa->data->type)
3435 && (!CHECK_FLAG(options, OSPF_OPTION_O))) {
3436 /* Suppress advertising
0437e105 3437 * opaque-information. */
d62a17ae 3438 /* Remove LSA from DB summary list. */
3439 ospf_lsdb_delete(lsdb, lsa);
3440 continue;
3441 }
3442
3443 if (!CHECK_FLAG(lsa->flags, OSPF_LSA_DISCARD)) {
3444 struct lsa_header *lsah;
d7c0a89a 3445 uint16_t ls_age;
d62a17ae 3446
3447 /* DD packet overflows interface MTU. */
3448 if (length + OSPF_LSA_HEADER_SIZE
3449 > ospf_packet_max(oi))
3450 break;
3451
3452 /* Keep pointer to LS age. */
3453 lsah = (struct lsa_header
3454 *)(STREAM_DATA(s)
3455 + stream_get_endp(
3456 s));
3457
3458 /* Proceed stream pointer. */
3459 stream_put(s, lsa->data,
3460 OSPF_LSA_HEADER_SIZE);
3461 length += OSPF_LSA_HEADER_SIZE;
3462
3463 /* Set LS age. */
3464 ls_age = LS_AGE(lsa);
3465 lsah->ls_age = htons(ls_age);
3466 }
3467
3468 /* Remove LSA from DB summary list. */
3469 ospf_lsdb_delete(lsdb, lsa);
3470 }
3471 }
718e3744 3472
d62a17ae 3473 /* Update 'More' bit */
3474 if (ospf_db_summary_isempty(nbr)) {
3475 empty:
3476 if (nbr->state >= NSM_Exchange) {
3477 UNSET_FLAG(nbr->dd_flags, OSPF_DD_FLAG_M);
3478 /* Rewrite DD flags */
3479 stream_putc_at(s, pp, nbr->dd_flags);
3480 } else {
3481 assert(IS_SET_DD_M(nbr->dd_flags));
3482 }
3483 }
3484 return length;
3485}
86f1fd96 3486
d7c0a89a 3487static int ospf_make_ls_req_func(struct stream *s, uint16_t *length,
d62a17ae 3488 unsigned long delta, struct ospf_neighbor *nbr,
3489 struct ospf_lsa *lsa)
3490{
3491 struct ospf_interface *oi;
718e3744 3492
d62a17ae 3493 oi = nbr->oi;
718e3744 3494
9570f737
S		 3495 /* LS Request packet overflows interface MTU
3496 * delta is just number of bytes required for 1 LS Req
3497 * ospf_packet_max will return the number of bytes can
3498 * be accomodated without ospf header. So length+delta
3499 * can be compared to ospf_packet_max
3500 * to check if it can fit another lsreq in the same packet.
3501 */
3502
d62a17ae 3503 if (*length + delta > ospf_packet_max(oi))
3504 return 0;
1eb8ef25 3505
d62a17ae 3506 stream_putl(s, lsa->data->type);
3507 stream_put_ipv4(s, lsa->data->id.s_addr);
3508 stream_put_ipv4(s, lsa->data->adv_router.s_addr);
718e3744 3509
d62a17ae 3510 ospf_lsa_unlock(&nbr->ls_req_last);
3511 nbr->ls_req_last = ospf_lsa_lock(lsa);
59ea14c6 3512
d62a17ae 3513 *length += 12;
3514 return 1;
3515}
718e3744 3516
d62a17ae 3517static int ospf_make_ls_req(struct ospf_neighbor *nbr, struct stream *s)
3518{
3519 struct ospf_lsa *lsa;
d7c0a89a 3520 uint16_t length = OSPF_LS_REQ_MIN_SIZE;
9570f737 3521 unsigned long delta = 12;
d62a17ae 3522 struct route_table *table;
3523 struct route_node *rn;
3524 int i;
3525 struct ospf_lsdb *lsdb;
718e3744 3526
d62a17ae 3527 lsdb = &nbr->ls_req;
718e3744 3528
d62a17ae 3529 for (i = OSPF_MIN_LSA; i < OSPF_MAX_LSA; i++) {
3530 table = lsdb->type[i].db;
3531 for (rn = route_top(table); rn; rn = route_next(rn))
3532 if ((lsa = (rn->info)) != NULL)
3533 if (ospf_make_ls_req_func(s, &length, delta,
3534 nbr, lsa)
3535 == 0) {
3536 route_unlock_node(rn);
3537 break;
3538 }
3539 }
3540 return length;
3541}
718e3744 3542
d62a17ae 3543static int ls_age_increment(struct ospf_lsa *lsa, int delay)
3544{
3545 int age;
718e3744 3546
d62a17ae 3547 age = IS_LSA_MAXAGE(lsa) ? OSPF_LSA_MAXAGE : LS_AGE(lsa) + delay;
718e3744 3548
d62a17ae 3549 return (age > OSPF_LSA_MAXAGE ? OSPF_LSA_MAXAGE : age);
718e3744 3550}
3551
d62a17ae 3552static int ospf_make_ls_upd(struct ospf_interface *oi, struct list *update,
3553 struct stream *s)
718e3744 3554{
d62a17ae 3555 struct ospf_lsa *lsa;
3556 struct listnode *node;
d7c0a89a 3557 uint16_t length = 0;
d62a17ae 3558 unsigned int size_noauth;
3559 unsigned long delta = stream_get_endp(s);
3560 unsigned long pp;
3561 int count = 0;
3562
3563 if (IS_DEBUG_OSPF_EVENT)
3564 zlog_debug("ospf_make_ls_upd: Start");
3565
3566 pp = stream_get_endp(s);
3567 stream_forward_endp(s, OSPF_LS_UPD_MIN_SIZE);
3568 length += OSPF_LS_UPD_MIN_SIZE;
3569
3570 /* Calculate amount of packet usable for data. */
3571 size_noauth = stream_get_size(s) - ospf_packet_authspace(oi);
3572
3573 while ((node = listhead(update)) != NULL) {
3574 struct lsa_header *lsah;
d7c0a89a 3575 uint16_t ls_age;
d62a17ae 3576
3577 if (IS_DEBUG_OSPF_EVENT)
3578 zlog_debug("ospf_make_ls_upd: List Iteration %d",
3579 count);
3580
3581 lsa = listgetdata(node);
3582
3583 assert(lsa->data);
3584
9570f737
S		 3585 /* Will it fit? Minimum it has to fit atleast one */
3586 if ((length + delta + ntohs(lsa->data->length) > size_noauth) &&
3587 (count > 0))
d62a17ae 3588 break;
3589
3590 /* Keep pointer to LS age. */
3591 lsah = (struct lsa_header *)(STREAM_DATA(s)
3592 + stream_get_endp(s));
3593
3594 /* Put LSA to Link State Request. */
3595 stream_put(s, lsa->data, ntohs(lsa->data->length));
718e3744 3596
d62a17ae 3597 /* Set LS age. */
3598 /* each hop must increment an lsa_age by transmit_delay
3599 of OSPF interface */
3600 ls_age = ls_age_increment(lsa,
3601 OSPF_IF_PARAM(oi, transmit_delay));
3602 lsah->ls_age = htons(ls_age);
3603
3604 length += ntohs(lsa->data->length);
3605 count++;
3606
3607 list_delete_node(update, node);
3608 ospf_lsa_unlock(&lsa); /* oi->ls_upd_queue */
3609 }
3610
3611 /* Now set #LSAs. */
3612 stream_putl_at(s, pp, count);
3613
3614 if (IS_DEBUG_OSPF_EVENT)
3615 zlog_debug("ospf_make_ls_upd: Stop");
3616 return length;
718e3744 3617}
3618
d62a17ae 3619static int ospf_make_ls_ack(struct ospf_interface *oi, struct list *ack,
3620 struct stream *s)
718e3744 3621{
d62a17ae 3622 struct listnode *node, *nnode;
d7c0a89a 3623 uint16_t length = OSPF_LS_ACK_MIN_SIZE;
9570f737 3624 unsigned long delta = OSPF_LSA_HEADER_SIZE;
d62a17ae 3625 struct ospf_lsa *lsa;
718e3744 3626
d62a17ae 3627 for (ALL_LIST_ELEMENTS(ack, node, nnode, lsa)) {
3628 assert(lsa);
718e3744 3629
9570f737
S		 3630 /* LS Ack packet overflows interface MTU
3631 * delta is just number of bytes required for
3632 * 1 LS Ack(1 LS Hdr) ospf_packet_max will return
3633 * the number of bytes can be accomodated without
3634 * ospf header. So length+delta can be compared
3635 * against ospf_packet_max to check if it can fit
3636 * another ls header in the same packet.
3637 */
3638 if ((length + delta) > ospf_packet_max(oi))
d62a17ae 3639 break;
718e3744 3640
d62a17ae 3641 stream_put(s, lsa->data, OSPF_LSA_HEADER_SIZE);
3642 length += OSPF_LSA_HEADER_SIZE;
3643
3644 listnode_delete(ack, lsa);
3645 ospf_lsa_unlock(&lsa); /* oi->ls_ack_direct.ls_ack */
3646 }
3647
3648 return length;
3649}
3650
3651static void ospf_hello_send_sub(struct ospf_interface *oi, in_addr_t addr)
3652{
3653 struct ospf_packet *op;
d7c0a89a 3654 uint16_t length = OSPF_HEADER_SIZE;
718e3744 3655
d62a17ae 3656 op = ospf_packet_new(oi->ifp->mtu);
718e3744 3657
d62a17ae 3658 /* Prepare OSPF common header. */
3659 ospf_make_header(OSPF_MSG_HELLO, oi, op->s);
718e3744 3660
d62a17ae 3661 /* Prepare OSPF Hello body. */
3662 length += ospf_make_hello(oi, op->s);
9b18d58e
NS		 3663 if (length == OSPF_HEADER_SIZE) {
3664 /* Hello overshooting MTU */
3665 ospf_packet_free(op);
3666 return;
3667 }
718e3744 3668
d62a17ae 3669 /* Fill OSPF header. */
3670 ospf_fill_header(oi, op->s, length);
718e3744 3671
d62a17ae 3672 /* Set packet length. */
3673 op->length = length;
3674
3675 op->dst.s_addr = addr;
3676
b5a8894d
CS		 3677 if (IS_DEBUG_OSPF_EVENT) {
3678 if (oi->ospf->vrf_id)
996c9314
LB		 3679 zlog_debug(
3680 "%s: Hello Tx interface %s ospf vrf %s id %u",
3681 __PRETTY_FUNCTION__, oi->ifp->name,
3682 ospf_vrf_id_to_name(oi->ospf->vrf_id),
3683 oi->ospf->vrf_id);
b5a8894d 3684 }
d62a17ae 3685 /* Add packet to the top of the interface output queue, so that they
3686 * can't get delayed by things like long queues of LS Update packets
3687 */
3688 ospf_packet_add_top(oi, op);
3689
3690 /* Hook thread to write packet. */
3691 OSPF_ISM_WRITE_ON(oi->ospf);
718e3744 3692}
3693
d62a17ae 3694static void ospf_poll_send(struct ospf_nbr_nbma *nbr_nbma)
718e3744 3695{
d62a17ae 3696 struct ospf_interface *oi;
718e3744 3697
d62a17ae 3698 oi = nbr_nbma->oi;
3699 assert(oi);
718e3744 3700
d62a17ae 3701 /* If this is passive interface, do not send OSPF Hello. */
3702 if (OSPF_IF_PASSIVE_STATUS(oi) == OSPF_IF_PASSIVE)
3703 return;
718e3744 3704
d62a17ae 3705 if (oi->type != OSPF_IFTYPE_NBMA)
3706 return;
718e3744 3707
d62a17ae 3708 if (nbr_nbma->nbr != NULL && nbr_nbma->nbr->state != NSM_Down)
3709 return;
718e3744 3710
d62a17ae 3711 if (PRIORITY(oi) == 0)
3712 return;
718e3744 3713
d62a17ae 3714 if (nbr_nbma->priority == 0 && oi->state != ISM_DR
3715 && oi->state != ISM_Backup)
3716 return;
718e3744 3717
d62a17ae 3718 ospf_hello_send_sub(oi, nbr_nbma->addr.s_addr);
718e3744 3719}
3720
d62a17ae 3721int ospf_poll_timer(struct thread *thread)
718e3744 3722{
d62a17ae 3723 struct ospf_nbr_nbma *nbr_nbma;
718e3744 3724
d62a17ae 3725 nbr_nbma = THREAD_ARG(thread);
3726 nbr_nbma->t_poll = NULL;
718e3744 3727
d62a17ae 3728 if (IS_DEBUG_OSPF(nsm, NSM_TIMERS))
3729 zlog_debug("NSM[%s:%s]: Timer (Poll timer expire)",
3730 IF_NAME(nbr_nbma->oi), inet_ntoa(nbr_nbma->addr));
718e3744 3731
d62a17ae 3732 ospf_poll_send(nbr_nbma);
718e3744 3733
d62a17ae 3734 if (nbr_nbma->v_poll > 0)
3735 OSPF_POLL_TIMER_ON(nbr_nbma->t_poll, ospf_poll_timer,
3736 nbr_nbma->v_poll);
718e3744 3737
d62a17ae 3738 return 0;
718e3744 3739}
3740
3741
d62a17ae 3742int ospf_hello_reply_timer(struct thread *thread)
718e3744 3743{
d62a17ae 3744 struct ospf_neighbor *nbr;
718e3744 3745
d62a17ae 3746 nbr = THREAD_ARG(thread);
3747 nbr->t_hello_reply = NULL;
718e3744 3748
d62a17ae 3749 if (IS_DEBUG_OSPF(nsm, NSM_TIMERS))
3750 zlog_debug("NSM[%s:%s]: Timer (hello-reply timer expire)",
3751 IF_NAME(nbr->oi), inet_ntoa(nbr->router_id));
718e3744 3752
d62a17ae 3753 ospf_hello_send_sub(nbr->oi, nbr->address.u.prefix4.s_addr);
718e3744 3754
d62a17ae 3755 return 0;
718e3744 3756}
3757
3758/* Send OSPF Hello. */
d62a17ae 3759void ospf_hello_send(struct ospf_interface *oi)
3760{
3761 /* If this is passive interface, do not send OSPF Hello. */
3762 if (OSPF_IF_PASSIVE_STATUS(oi) == OSPF_IF_PASSIVE)
3763 return;
3764
3765 if (oi->type == OSPF_IFTYPE_NBMA) {
3766 struct ospf_neighbor *nbr;
3767 struct route_node *rn;
3768
3769 for (rn = route_top(oi->nbrs); rn; rn = route_next(rn))
3770 if ((nbr = rn->info))
3771 if (nbr != oi->nbr_self)
3772 if (nbr->state != NSM_Down) {
3773 /* RFC 2328 Section 9.5.1
3774 If the router is not
3775 eligible to become Designated
3776 Router,
3777 it must periodically send
3778 Hello Packets to both the
3779 Designated Router and the
3780 Backup Designated Router (if
3781 they
3782 exist). */
3783 if (PRIORITY(oi) == 0
3784 && IPV4_ADDR_CMP(
3785 &DR(oi),
3786 &nbr->address.u
3787 .prefix4)
3788 && IPV4_ADDR_CMP(
3789 &BDR(oi),
3790 &nbr->address.u
3791 .prefix4))
3792 continue;
3793
3794 /* If the router is eligible to
3795 become Designated Router, it
3796 must periodically send Hello
3797 Packets to all neighbors that
3798 are also eligible. In
3799 addition, if the router is
3800 itself the
3801 Designated Router or Backup
3802 Designated Router, it must
3803 also
3804 send periodic Hello Packets
3805 to all other neighbors. */
3806
3807 if (nbr->priority == 0
3808 && oi->state == ISM_DROther)
3809 continue;
3810 /* if oi->state == Waiting, send
3811 * hello to all neighbors */
3812 ospf_hello_send_sub(
3813 oi,
3814 nbr->address.u.prefix4
3815 .s_addr);
3816 }
3817 } else {
3818 /* Decide destination address. */
3819 if (oi->type == OSPF_IFTYPE_VIRTUALLINK)
3820 ospf_hello_send_sub(oi, oi->vl_data->peer_addr.s_addr);
3821 else
3822 ospf_hello_send_sub(oi, htonl(OSPF_ALLSPFROUTERS));
3823 }
718e3744 3824}
3825
3826/* Send OSPF Database Description. */
d62a17ae 3827void ospf_db_desc_send(struct ospf_neighbor *nbr)
718e3744 3828{
d62a17ae 3829 struct ospf_interface *oi;
3830 struct ospf_packet *op;
d7c0a89a 3831 uint16_t length = OSPF_HEADER_SIZE;
718e3744 3832
d62a17ae 3833 oi = nbr->oi;
3834 op = ospf_packet_new(oi->ifp->mtu);
718e3744 3835
d62a17ae 3836 /* Prepare OSPF common header. */
3837 ospf_make_header(OSPF_MSG_DB_DESC, oi, op->s);
718e3744 3838
d62a17ae 3839 /* Prepare OSPF Database Description body. */
3840 length += ospf_make_db_desc(oi, nbr, op->s);
718e3744 3841
d62a17ae 3842 /* Fill OSPF header. */
3843 ospf_fill_header(oi, op->s, length);
718e3744 3844
d62a17ae 3845 /* Set packet length. */
3846 op->length = length;
718e3744 3847
d62a17ae 3848 /* Decide destination address. */
3849 if (oi->type == OSPF_IFTYPE_POINTOPOINT)
3850 op->dst.s_addr = htonl(OSPF_ALLSPFROUTERS);
3851 else
3852 op->dst = nbr->address.u.prefix4;
718e3744 3853
d62a17ae 3854 /* Add packet to the interface output queue. */
3855 ospf_packet_add(oi, op);
718e3744 3856
d62a17ae 3857 /* Hook thread to write packet. */
3858 OSPF_ISM_WRITE_ON(oi->ospf);
718e3744 3859
d62a17ae 3860 /* Remove old DD packet, then copy new one and keep in neighbor
3861 * structure. */
3862 if (nbr->last_send)
3863 ospf_packet_free(nbr->last_send);
3864 nbr->last_send = ospf_packet_dup(op);
3865 monotime(&nbr->last_send_ts);
e6a22aeb
SK		 3866 if (CHECK_FLAG(oi->ospf->config, OSPF_LOG_ADJACENCY_DETAIL))
3867 zlog_info(
3868 "%s:Packet[DD]: %s DB Desc send with seqnum:%x , flags:%x",
3869 (oi->ospf->name) ? oi->ospf->name : VRF_DEFAULT_NAME,
3870 inet_ntoa(nbr->router_id), nbr->dd_seqnum,
3871 nbr->dd_flags);
718e3744 3872}
3873
3874/* Re-send Database Description. */
d62a17ae 3875void ospf_db_desc_resend(struct ospf_neighbor *nbr)
718e3744 3876{
d62a17ae 3877 struct ospf_interface *oi;
718e3744 3878
d62a17ae 3879 oi = nbr->oi;
718e3744 3880
d62a17ae 3881 /* Add packet to the interface output queue. */
3882 ospf_packet_add(oi, ospf_packet_dup(nbr->last_send));
718e3744 3883
d62a17ae 3884 /* Hook thread to write packet. */
3885 OSPF_ISM_WRITE_ON(oi->ospf);
e6a22aeb
SK		 3886 if (CHECK_FLAG(oi->ospf->config, OSPF_LOG_ADJACENCY_DETAIL))
3887 zlog_info(
3888 "%s:Packet[DD]: %s DB Desc resend with seqnum:%x , flags:%x",
3889 (oi->ospf->name) ? oi->ospf->name : VRF_DEFAULT_NAME,
3890 inet_ntoa(nbr->router_id), nbr->dd_seqnum,
3891 nbr->dd_flags);
718e3744 3892}
3893
3894/* Send Link State Request. */
d62a17ae 3895void ospf_ls_req_send(struct ospf_neighbor *nbr)
718e3744 3896{
d62a17ae 3897 struct ospf_interface *oi;
3898 struct ospf_packet *op;
d7c0a89a 3899 uint16_t length = OSPF_HEADER_SIZE;
718e3744 3900
d62a17ae 3901 oi = nbr->oi;
3902 op = ospf_packet_new(oi->ifp->mtu);
718e3744 3903
d62a17ae 3904 /* Prepare OSPF common header. */
3905 ospf_make_header(OSPF_MSG_LS_REQ, oi, op->s);
718e3744 3906
d62a17ae 3907 /* Prepare OSPF Link State Request body. */
3908 length += ospf_make_ls_req(nbr, op->s);
3909 if (length == OSPF_HEADER_SIZE) {
3910 ospf_packet_free(op);
3911 return;
3912 }
718e3744 3913
d62a17ae 3914 /* Fill OSPF header. */
3915 ospf_fill_header(oi, op->s, length);
718e3744 3916
d62a17ae 3917 /* Set packet length. */
3918 op->length = length;
718e3744 3919
d62a17ae 3920 /* Decide destination address. */
3921 if (oi->type == OSPF_IFTYPE_POINTOPOINT)
3922 op->dst.s_addr = htonl(OSPF_ALLSPFROUTERS);
3923 else
3924 op->dst = nbr->address.u.prefix4;
718e3744 3925
d62a17ae 3926 /* Add packet to the interface output queue. */
3927 ospf_packet_add(oi, op);
718e3744 3928
d62a17ae 3929 /* Hook thread to write packet. */
3930 OSPF_ISM_WRITE_ON(oi->ospf);
718e3744 3931
d62a17ae 3932 /* Add Link State Request Retransmission Timer. */
3933 OSPF_NSM_TIMER_ON(nbr->t_ls_req, ospf_ls_req_timer, nbr->v_ls_req);
718e3744 3934}
3935
3936/* Send Link State Update with an LSA. */
d62a17ae 3937void ospf_ls_upd_send_lsa(struct ospf_neighbor *nbr, struct ospf_lsa *lsa,
3938 int flag)
718e3744 3939{
d62a17ae 3940 struct list *update;
718e3744 3941
d62a17ae 3942 update = list_new();
718e3744 3943
d62a17ae 3944 listnode_add(update, lsa);
046460a1
CS		 3945
3946 /*ospf instance is going down, send self originated
3947 * MAXAGE LSA update to neighbors to remove from LSDB */
3948 if (nbr->oi->ospf->inst_shutdown && IS_LSA_MAXAGE(lsa))
3949 ospf_ls_upd_send(nbr, update, flag, 1);
3950 else
3951 ospf_ls_upd_send(nbr, update, flag, 0);
718e3744 3952
6a154c88 3953 list_delete(&update);
718e3744 3954}
3955
68b7339a 3956/* Determine size for packet. Must be at least big enough to accomodate next
3957 * LSA on list, which may be bigger than MTU size.
3958 *
3959 * Return pointer to new ospf_packet
3960 * NULL if we can not allocate, eg because LSA is bigger than imposed limit
3961 * on packet sizes (in which case offending LSA is deleted from update list)
3962 */
d62a17ae 3963static struct ospf_packet *ospf_ls_upd_packet_new(struct list *update,
3964 struct ospf_interface *oi)
3965{
3966 struct ospf_lsa *lsa;
3967 struct listnode *ln;
3968 size_t size;
3969 static char warned = 0;
3970
3971 lsa = listgetdata((ln = listhead(update)));
3972 assert(lsa->data);
3973
3974 if ((OSPF_LS_UPD_MIN_SIZE + ntohs(lsa->data->length))
3975 > ospf_packet_max(oi)) {
3976 if (!warned) {
c9cc11f6 3977 flog_warn(
cf444bcf 3978 EC_OSPF_LARGE_LSA,
d62a17ae 3979 "ospf_ls_upd_packet_new: oversized LSA encountered!"
3980 "will need to fragment. Not optimal. Try divide up"
3981 " your network with areas. Use 'debug ospf packet send'"
3982 " to see details, or look at 'show ip ospf database ..'");
3983 warned = 1;
3984 }
3985
3986 if (IS_DEBUG_OSPF_PACKET(0, SEND))
3987 zlog_debug(
3988 "ospf_ls_upd_packet_new: oversized LSA id:%s,"
3989 " %d bytes originated by %s, will be fragmented!",
3990 inet_ntoa(lsa->data->id),
3991 ntohs(lsa->data->length),
3992 inet_ntoa(lsa->data->adv_router));
3993
3994 /*
3995 * Allocate just enough to fit this LSA only, to avoid including
3996 * other
3997 * LSAs in fragmented LSA Updates.
3998 */
3999 size = ntohs(lsa->data->length)
4000 + (oi->ifp->mtu - ospf_packet_max(oi))
4001 + OSPF_LS_UPD_MIN_SIZE;
4002 } else
4003 size = oi->ifp->mtu;
4004
4005 if (size > OSPF_MAX_PACKET_SIZE) {
cf444bcf 4006 flog_warn(EC_OSPF_LARGE_LSA,
c9cc11f6
DS		 4007 "ospf_ls_upd_packet_new: oversized LSA id:%s too big,"
4008 " %d bytes, packet size %ld, dropping it completely."
4009 " OSPF routing is broken!",
4010 inet_ntoa(lsa->data->id), ntohs(lsa->data->length),
4011 (long int)size);
d62a17ae 4012 list_delete_node(update, ln);
4013 return NULL;
4014 }
718e3744 4015
d62a17ae 4016 /* IP header is built up separately by ospf_write(). This means, that we
4017 * must
4018 * reduce the "affordable" size just calculated by length of an IP
4019 * header.
4020 * This makes sure, that even if we manage to fill the payload with LSA
4021 * data
4022 * completely, the final packet (our data plus IP header) still fits
4023 * into
4024 * outgoing interface MTU. This correction isn't really meaningful for
4025 * an
4026 * oversized LSA, but for consistency the correction is done for both
4027 * cases.
4028 *
4029 * P.S. OSPF_MAX_PACKET_SIZE above already includes IP header size
4030 */
4031 return ospf_packet_new(size - sizeof(struct ip));
718e3744 4032}
4033
d62a17ae 4034static void ospf_ls_upd_queue_send(struct ospf_interface *oi,
046460a1
CS		 4035 struct list *update, struct in_addr addr,
4036 int send_lsupd_now)
718e3744 4037{
d62a17ae 4038 struct ospf_packet *op;
d7c0a89a 4039 uint16_t length = OSPF_HEADER_SIZE;
d62a17ae 4040
4041 if (IS_DEBUG_OSPF_EVENT)
4042 zlog_debug("listcount = %d, [%s]dst %s", listcount(update),
4043 IF_NAME(oi), inet_ntoa(addr));
4044
19274fe8
OD		 4045 /* Check that we have really something to process */
4046 if (listcount(update) == 0)
4047 return;
4048
d62a17ae 4049 op = ospf_ls_upd_packet_new(update, oi);
718e3744 4050
d62a17ae 4051 /* Prepare OSPF common header. */
4052 ospf_make_header(OSPF_MSG_LS_UPD, oi, op->s);
718e3744 4053
d62a17ae 4054 /* Prepare OSPF Link State Update body.
4055 * Includes Type-7 translation.
4056 */
4057 length += ospf_make_ls_upd(oi, update, op->s);
4058
4059 /* Fill OSPF header. */
4060 ospf_fill_header(oi, op->s, length);
4061
4062 /* Set packet length. */
4063 op->length = length;
4064
4065 /* Decide destination address. */
4066 if (oi->type == OSPF_IFTYPE_POINTOPOINT)
4067 op->dst.s_addr = htonl(OSPF_ALLSPFROUTERS);
4068 else
4069 op->dst.s_addr = addr.s_addr;
4070
4071 /* Add packet to the interface output queue. */
4072 ospf_packet_add(oi, op);
046460a1
CS		 4073 /* Call ospf_write() right away to send ospf packets to neighbors */
4074 if (send_lsupd_now) {
4075 struct thread os_packet_thd;
4076
4077 os_packet_thd.arg = (void *)oi->ospf;
4078 if (oi->on_write_q == 0) {
4079 listnode_add(oi->ospf->oi_write_q, oi);
4080 oi->on_write_q = 1;
4081 }
4082 ospf_write(&os_packet_thd);
4173cc8e
DS		 4083 /*
4084 * We are fake calling ospf_write with a fake
4085 * thread. Imagine that we have oi_a already
4086 * enqueued and we have turned on the write
4087 * thread(t_write).
4088 * Now this function calls this for oi_b
4089 * so the on_write_q has oi_a and oi_b on
4090 * it, ospf_write runs and clears the packets
4091 * for both oi_a and oi_b. Removing them from
4092 * the on_write_q. After this thread of execution
4093 * finishes we will execute the t_write thread
4094 * with nothing in the on_write_q causing an
4095 * assert. So just make sure that the t_write
4096 * is actually turned off.
4097 */
4098 if (list_isempty(oi->ospf->oi_write_q))
4099 OSPF_TIMER_OFF(oi->ospf->t_write);
046460a1
CS		 4100 } else {
4101 /* Hook thread to write packet. */
4102 OSPF_ISM_WRITE_ON(oi->ospf);
4103 }
d62a17ae 4104}
4105
4106static int ospf_ls_upd_send_queue_event(struct thread *thread)
4107{
4108 struct ospf_interface *oi = THREAD_ARG(thread);
4109 struct route_node *rn;
4110 struct route_node *rnext;
4111 struct list *update;
4112 char again = 0;
4113
4114 oi->t_ls_upd_event = NULL;
4115
4116 if (IS_DEBUG_OSPF_EVENT)
4117 zlog_debug("ospf_ls_upd_send_queue start");
4118
4119 for (rn = route_top(oi->ls_upd_queue); rn; rn = rnext) {
4120 rnext = route_next(rn);
4121
4122 if (rn->info == NULL)
4123 continue;
4124
4125 update = (struct list *)rn->info;
4126
046460a1 4127 ospf_ls_upd_queue_send(oi, update, rn->p.u.prefix4, 0);
d62a17ae 4128
4129 /* list might not be empty. */
4130 if (listcount(update) == 0) {
6a154c88 4131 list_delete((struct list **)&rn->info);
d62a17ae 4132 route_unlock_node(rn);
4133 } else
4134 again = 1;
4135 }
4136
4137 if (again != 0) {
4138 if (IS_DEBUG_OSPF_EVENT)
4139 zlog_debug(
4140 "ospf_ls_upd_send_queue: update lists not cleared,"
4141 " %d nodes to try again, raising new event",
4142 again);
4143 oi->t_ls_upd_event = NULL;
4144 thread_add_event(master, ospf_ls_upd_send_queue_event, oi, 0,
4145 &oi->t_ls_upd_event);
4146 }
4147
4148 if (IS_DEBUG_OSPF_EVENT)
4149 zlog_debug("ospf_ls_upd_send_queue stop");
4150
4151 return 0;
4152}
4153
046460a1
CS		 4154void ospf_ls_upd_send(struct ospf_neighbor *nbr, struct list *update, int flag,
4155 int send_lsupd_now)
d62a17ae 4156{
4157 struct ospf_interface *oi;
4158 struct ospf_lsa *lsa;
4159 struct prefix_ipv4 p;
4160 struct route_node *rn;
4161 struct listnode *node;
4162
4163 oi = nbr->oi;
4164
4165 p.family = AF_INET;
4166 p.prefixlen = IPV4_MAX_BITLEN;
4167
4168 /* Decide destination address. */
4169 if (oi->type == OSPF_IFTYPE_VIRTUALLINK)
4170 p.prefix = oi->vl_data->peer_addr;
4171 else if (oi->type == OSPF_IFTYPE_POINTOPOINT)
4172 p.prefix.s_addr = htonl(OSPF_ALLSPFROUTERS);
4173 else if (flag == OSPF_SEND_PACKET_DIRECT)
4174 p.prefix = nbr->address.u.prefix4;
4175 else if (oi->state == ISM_DR || oi->state == ISM_Backup)
4176 p.prefix.s_addr = htonl(OSPF_ALLSPFROUTERS);
4177 else if (oi->type == OSPF_IFTYPE_POINTOMULTIPOINT)
4178 p.prefix.s_addr = htonl(OSPF_ALLSPFROUTERS);
4179 else
4180 p.prefix.s_addr = htonl(OSPF_ALLDROUTERS);
4181
4182 if (oi->type == OSPF_IFTYPE_NBMA) {
4183 if (flag == OSPF_SEND_PACKET_INDIRECT)
c9cc11f6 4184 flog_warn(
cf444bcf 4185 EC_OSPF_PACKET,
d62a17ae 4186 "* LS-Update is directly sent on NBMA network.");
19aad877 4187 if (IPV4_ADDR_SAME(&oi->address->u.prefix4, &p.prefix))
cf444bcf 4188 flog_warn(EC_OSPF_PACKET,
c9cc11f6 4189 "* LS-Update is sent to myself.");
d62a17ae 4190 }
4191
4192 rn = route_node_get(oi->ls_upd_queue, (struct prefix *)&p);
4193
4194 if (rn->info == NULL)
4195 rn->info = list_new();
4196 else
4197 route_unlock_node(rn);
4198
4199 for (ALL_LIST_ELEMENTS_RO(update, node, lsa))
4200 listnode_add(rn->info,
4201 ospf_lsa_lock(lsa)); /* oi->ls_upd_queue */
046460a1
CS		 4202 if (send_lsupd_now) {
4203 struct list *send_update_list;
f7813c7c 4204 struct route_node *rnext;
d62a17ae 4205
046460a1
CS		 4206 for (rn = route_top(oi->ls_upd_queue); rn; rn = rnext) {
4207 rnext = route_next(rn);
4208
4209 if (rn->info == NULL)
4210 continue;
4211
4212 send_update_list = (struct list *)rn->info;
4213
4214 ospf_ls_upd_queue_send(oi, send_update_list,
4215 rn->p.u.prefix4, 1);
046460a1
CS		 4216 }
4217 } else
4218 thread_add_event(master, ospf_ls_upd_send_queue_event, oi, 0,
996c9314 4219 &oi->t_ls_upd_event);
718e3744 4220}
4221
d62a17ae 4222static void ospf_ls_ack_send_list(struct ospf_interface *oi, struct list *ack,
4223 struct in_addr dst)
718e3744 4224{
d62a17ae 4225 struct ospf_packet *op;
d7c0a89a 4226 uint16_t length = OSPF_HEADER_SIZE;
d62a17ae 4227
4228 op = ospf_packet_new(oi->ifp->mtu);
4229
4230 /* Prepare OSPF common header. */
4231 ospf_make_header(OSPF_MSG_LS_ACK, oi, op->s);
4232
4233 /* Prepare OSPF Link State Acknowledgment body. */
4234 length += ospf_make_ls_ack(oi, ack, op->s);
4235
4236 /* Fill OSPF header. */
4237 ospf_fill_header(oi, op->s, length);
718e3744 4238
d62a17ae 4239 /* Set packet length. */
4240 op->length = length;
4241
4242 /* Decide destination address. */
4243 if (oi->type == OSPF_IFTYPE_POINTOPOINT)
4244 op->dst.s_addr = htonl(OSPF_ALLSPFROUTERS);
4245 else
4246 op->dst.s_addr = dst.s_addr;
4247
4248 /* Add packet to the interface output queue. */
4249 ospf_packet_add(oi, op);
4250
4251 /* Hook thread to write packet. */
4252 OSPF_ISM_WRITE_ON(oi->ospf);
4253}
4254
4255static int ospf_ls_ack_send_event(struct thread *thread)
4256{
4257 struct ospf_interface *oi = THREAD_ARG(thread);
4258
4259 oi->t_ls_ack_direct = NULL;
4260
4261 while (listcount(oi->ls_ack_direct.ls_ack))
4262 ospf_ls_ack_send_list(oi, oi->ls_ack_direct.ls_ack,
4263 oi->ls_ack_direct.dst);
4264
4265 return 0;
4266}
4267
4268void ospf_ls_ack_send(struct ospf_neighbor *nbr, struct ospf_lsa *lsa)
4269{
4270 struct ospf_interface *oi = nbr->oi;
4271
4272 if (listcount(oi->ls_ack_direct.ls_ack) == 0)
4273 oi->ls_ack_direct.dst = nbr->address.u.prefix4;
4274
4275 listnode_add(oi->ls_ack_direct.ls_ack, ospf_lsa_lock(lsa));
4276
4277 thread_add_event(master, ospf_ls_ack_send_event, oi, 0,
4278 &oi->t_ls_ack_direct);
718e3744 4279}
4280
4281/* Send Link State Acknowledgment delayed. */
d62a17ae 4282void ospf_ls_ack_send_delayed(struct ospf_interface *oi)
4283{
4284 struct in_addr dst;
4285
4286 /* Decide destination address. */
4287 /* RFC2328 Section 13.5 On non-broadcast
4288 networks, delayed Link State Acknowledgment packets must be
4289 unicast separately over each adjacency (i.e., neighbor whose
4290 state is >= Exchange). */
4291 if (oi->type == OSPF_IFTYPE_NBMA) {
4292 struct ospf_neighbor *nbr;
4293 struct route_node *rn;
4294
4295 for (rn = route_top(oi->nbrs); rn; rn = route_next(rn))
4296 if ((nbr = rn->info) != NULL)
4297 if (nbr != oi->nbr_self
4298 && nbr->state >= NSM_Exchange)
4299 while (listcount(oi->ls_ack))
4300 ospf_ls_ack_send_list(
4301 oi, oi->ls_ack,
4302 nbr->address.u.prefix4);
4303 return;
4304 }
4305 if (oi->type == OSPF_IFTYPE_VIRTUALLINK)
4306 dst.s_addr = oi->vl_data->peer_addr.s_addr;
4307 else if (oi->state == ISM_DR || oi->state == ISM_Backup)
4308 dst.s_addr = htonl(OSPF_ALLSPFROUTERS);
4309 else if (oi->type == OSPF_IFTYPE_POINTOPOINT)
4310 dst.s_addr = htonl(OSPF_ALLSPFROUTERS);
4311 else if (oi->type == OSPF_IFTYPE_POINTOMULTIPOINT)
4312 dst.s_addr = htonl(OSPF_ALLSPFROUTERS);
4313 else
4314 dst.s_addr = htonl(OSPF_ALLDROUTERS);
4315
4316 while (listcount(oi->ls_ack))
4317 ospf_ls_ack_send_list(oi, oi->ls_ack, dst);
718e3744 4318}
8b6912c2
DS		 4319
4320/*
4321 * On pt-to-pt links, all OSPF control packets are sent to the multicast
4322 * address. As a result, the kernel does not need to learn the interface
4323 * MAC of the OSPF neighbor. However, in our world, this will delay
4324 * convergence. Take the case when due to a link flap, all routes now
4325 * want to use an interface which was deemed to be costlier prior to this
4326 * event. For routes that will be installed, the missing MAC will have
4327 * punt-to-CPU set on them. This may overload the CPU control path that
4328 * can be avoided if the MAC was known apriori.
4329 */
89a48046 4330#define OSPF_PING_NBR_STR_MAX (BUFSIZ)
d62a17ae 4331void ospf_proactively_arp(struct ospf_neighbor *nbr)
4332{
4333 char ping_nbr[OSPF_PING_NBR_STR_MAX];
d62a17ae 4334 int ret;
4335
45559c4d 4336 if (!nbr)
d62a17ae 4337 return;
4338
89a48046 4339 snprintf(ping_nbr, sizeof(ping_nbr),
996c9314
LB		 4340 "ping -c 1 -I %s %s > /dev/null 2>&1 &", nbr->oi->ifp->name,
4341 inet_ntoa(nbr->address.u.prefix4));
89a48046 4342
d62a17ae 4343 ret = system(ping_nbr);
4344 if (IS_DEBUG_OSPF_EVENT)
4345 zlog_debug("Executed %s %s", ping_nbr,
4346 ((ret == 0) ? "successfully" : "but failed"));
8b6912c2 4347}
FRRouting mirror