]> git.proxmox.com Git - mirror_frr.git/blame - ospfd/ospf_packet.c
projects / mirror_frr.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
ospfd: fix logging of what triggered the SPF run
[mirror_frr.git] / ospfd / ospf_packet.c
CommitLineData
718e3744 1/*
2 * OSPF Sending and Receiving OSPF Packets.
3 * Copyright (C) 1999, 2000 Toshiaki Takada
4 *
5 * This file is part of GNU Zebra.
6 *
7 * GNU Zebra is free software; you can redistribute it and/or modify it
8 * under the terms of the GNU General Public License as published by the
9 * Free Software Foundation; either version 2, or (at your option) any
10 * later version.
11 *
12 * GNU Zebra is distributed in the hope that it will be useful, but
13 * WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15 * General Public License for more details.
16 *
896014f4
DL		 17 * You should have received a copy of the GNU General Public License along
18 * with this program; see the file COPYING; if not, write to the Free Software
19 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
718e3744 20 */
21
22#include <zebra.h>
23
cbf3e3eb 24#include "monotime.h"
718e3744 25#include "thread.h"
26#include "memory.h"
27#include "linklist.h"
28#include "prefix.h"
29#include "if.h"
30#include "table.h"
31#include "sockunion.h"
32#include "stream.h"
33#include "log.h"
2dd8bb4e 34#include "sockopt.h"
484315fd 35#include "checksum.h"
0513a271 36#ifdef CRYPTO_INTERNAL
c1a03d47 37#include "md5.h"
0513a271 38#endif
7e2b7603 39#include "vrf.h"
c9cc11f6 40#include "lib_errors.h"
718e3744 41
42#include "ospfd/ospfd.h"
43#include "ospfd/ospf_network.h"
44#include "ospfd/ospf_interface.h"
45#include "ospfd/ospf_ism.h"
46#include "ospfd/ospf_asbr.h"
47#include "ospfd/ospf_lsa.h"
48#include "ospfd/ospf_lsdb.h"
49#include "ospfd/ospf_neighbor.h"
50#include "ospfd/ospf_nsm.h"
51#include "ospfd/ospf_packet.h"
52#include "ospfd/ospf_spf.h"
53#include "ospfd/ospf_flood.h"
54#include "ospfd/ospf_dump.h"
c9cc11f6 55#include "ospfd/ospf_errors.h"
aa530b62 56#include "ospfd/ospf_zebra.h"
5a77dd8f 57#include "ospfd/ospf_gr_helper.h"
718e3744 58
166b75c2
DS		 59/*
60 * OSPF Fragmentation / fragmented writes
61 *
62 * ospfd can support writing fragmented packets, for cases where
63 * kernel will not fragment IP_HDRINCL and/or multicast destined
64 * packets (ie TTBOMK all kernels, BSD, SunOS, Linux). However,
65 * SunOS, probably BSD too, clobber the user supplied IP ID and IP
66 * flags fields, hence user-space fragmentation will not work.
67 * Only Linux is known to leave IP header unmolested.
68 * Further, fragmentation really should be done the kernel, which already
69 * supports it, and which avoids nasty IP ID state problems.
70 *
71 * Fragmentation of OSPF packets can be required on networks with router
72 * with many many interfaces active in one area, or on networks with links
73 * with low MTUs.
74 */
75#ifdef GNU_LINUX
76#define WANT_OSPF_WRITE_FRAGMENT
77#endif
78
718e3744 79/* Packet Type String. */
d62a17ae 80const struct message ospf_packet_type_str[] = {
81 {OSPF_MSG_HELLO, "Hello"},
82 {OSPF_MSG_DB_DESC, "Database Description"},
83 {OSPF_MSG_LS_REQ, "Link State Request"},
84 {OSPF_MSG_LS_UPD, "Link State Update"},
85 {OSPF_MSG_LS_ACK, "Link State Acknowledgment"},
86 {0}};
718e3744 87
75c8eabb
DO		 88/* Minimum (besides OSPF_HEADER_SIZE) lengths for OSPF packets of
89 particular types, offset is the "type" field of a packet. */
d7c0a89a 90static const uint16_t ospf_packet_minlen[] = {
d62a17ae 91 0,
92 OSPF_HELLO_MIN_SIZE,
93 OSPF_DB_DESC_MIN_SIZE,
94 OSPF_LS_REQ_MIN_SIZE,
95 OSPF_LS_UPD_MIN_SIZE,
96 OSPF_LS_ACK_MIN_SIZE,
75c8eabb
DO		 97};
98
4e31de79
DO		 99/* Minimum (besides OSPF_LSA_HEADER_SIZE) lengths for LSAs of particular
100 types, offset is the "LSA type" field. */
d7c0a89a 101static const uint16_t ospf_lsa_minlen[] = {
d62a17ae 102 0,
103 OSPF_ROUTER_LSA_MIN_SIZE,
104 OSPF_NETWORK_LSA_MIN_SIZE,
105 OSPF_SUMMARY_LSA_MIN_SIZE,
106 OSPF_SUMMARY_LSA_MIN_SIZE,
107 OSPF_AS_EXTERNAL_LSA_MIN_SIZE,
108 0,
109 OSPF_AS_EXTERNAL_LSA_MIN_SIZE,
110 0,
111 0,
112 0,
113 0,
4e31de79
DO		 114};
115
bd5651f0 116/* for ospf_check_auth() */
d62a17ae 117static int ospf_check_sum(struct ospf_header *);
bd5651f0 118
718e3744 119/* OSPF authentication checking function */
d62a17ae 120static int ospf_auth_type(struct ospf_interface *oi)
718e3744 121{
d62a17ae 122 int auth_type;
718e3744 123
d62a17ae 124 if (OSPF_IF_PARAM(oi, auth_type) == OSPF_AUTH_NOTSET)
125 auth_type = oi->area->auth_type;
126 else
127 auth_type = OSPF_IF_PARAM(oi, auth_type);
718e3744 128
d62a17ae 129 /* Handle case where MD5 key list is not configured aka Cisco */
130 if (auth_type == OSPF_AUTH_CRYPTOGRAPHIC
131 && list_isempty(OSPF_IF_PARAM(oi, auth_crypt)))
132 return OSPF_AUTH_NULL;
718e3744 133
d62a17ae 134 return auth_type;
718e3744 135}
136
7cec50a5 137static struct ospf_packet *ospf_packet_new(size_t size)
718e3744 138{
d62a17ae 139 struct ospf_packet *new;
718e3744 140
d62a17ae 141 new = XCALLOC(MTYPE_OSPF_PACKET, sizeof(struct ospf_packet));
142 new->s = stream_new(size);
718e3744 143
d62a17ae 144 return new;
718e3744 145}
146
d62a17ae 147void ospf_packet_free(struct ospf_packet *op)
718e3744 148{
d62a17ae 149 if (op->s)
150 stream_free(op->s);
718e3744 151
d62a17ae 152 XFREE(MTYPE_OSPF_PACKET, op);
718e3744 153}
154
4d762f26 155struct ospf_fifo *ospf_fifo_new(void)
718e3744 156{
d62a17ae 157 struct ospf_fifo *new;
718e3744 158
d62a17ae 159 new = XCALLOC(MTYPE_OSPF_FIFO, sizeof(struct ospf_fifo));
160 return new;
718e3744 161}
162
163/* Add new packet to fifo. */
d62a17ae 164void ospf_fifo_push(struct ospf_fifo *fifo, struct ospf_packet *op)
718e3744 165{
d62a17ae 166 if (fifo->tail)
167 fifo->tail->next = op;
168 else
169 fifo->head = op;
718e3744 170
d62a17ae 171 fifo->tail = op;
718e3744 172
d62a17ae 173 fifo->count++;
718e3744 174}
175
aa276fd7 176/* Add new packet to head of fifo. */
d62a17ae 177static void ospf_fifo_push_head(struct ospf_fifo *fifo, struct ospf_packet *op)
aa276fd7 178{
d62a17ae 179 op->next = fifo->head;
180
181 if (fifo->tail == NULL)
182 fifo->tail = op;
183
184 fifo->head = op;
185
186 fifo->count++;
aa276fd7
PJ		 187}
188
718e3744 189/* Delete first packet from fifo. */
d62a17ae 190struct ospf_packet *ospf_fifo_pop(struct ospf_fifo *fifo)
718e3744 191{
d62a17ae 192 struct ospf_packet *op;
718e3744 193
d62a17ae 194 op = fifo->head;
718e3744 195
d62a17ae 196 if (op) {
197 fifo->head = op->next;
718e3744 198
d62a17ae 199 if (fifo->head == NULL)
200 fifo->tail = NULL;
718e3744 201
d62a17ae 202 fifo->count--;
203 }
718e3744 204
d62a17ae 205 return op;
718e3744 206}
207
208/* Return first fifo entry. */
d62a17ae 209struct ospf_packet *ospf_fifo_head(struct ospf_fifo *fifo)
718e3744 210{
d62a17ae 211 return fifo->head;
718e3744 212}
213
214/* Flush ospf packet fifo. */
d62a17ae 215void ospf_fifo_flush(struct ospf_fifo *fifo)
718e3744 216{
d62a17ae 217 struct ospf_packet *op;
218 struct ospf_packet *next;
718e3744 219
d62a17ae 220 for (op = fifo->head; op; op = next) {
221 next = op->next;
222 ospf_packet_free(op);
223 }
224 fifo->head = fifo->tail = NULL;
225 fifo->count = 0;
718e3744 226}
227
228/* Free ospf packet fifo. */
d62a17ae 229void ospf_fifo_free(struct ospf_fifo *fifo)
718e3744 230{
d62a17ae 231 ospf_fifo_flush(fifo);
718e3744 232
d62a17ae 233 XFREE(MTYPE_OSPF_FIFO, fifo);
718e3744 234}
235
7cec50a5 236static void ospf_packet_add(struct ospf_interface *oi, struct ospf_packet *op)
718e3744 237{
d62a17ae 238 /* Add packet to end of queue. */
239 ospf_fifo_push(oi->obuf, op);
718e3744 240
d62a17ae 241 /* Debug of packet fifo*/
242 /* ospf_fifo_debug (oi->obuf); */
718e3744 243}
244
d62a17ae 245static void ospf_packet_add_top(struct ospf_interface *oi,
246 struct ospf_packet *op)
aa276fd7 247{
d62a17ae 248 /* Add packet to head of queue. */
249 ospf_fifo_push_head(oi->obuf, op);
aa276fd7 250
d62a17ae 251 /* Debug of packet fifo*/
252 /* ospf_fifo_debug (oi->obuf); */
aa276fd7
PJ		 253}
254
7cec50a5 255static void ospf_packet_delete(struct ospf_interface *oi)
718e3744 256{
d62a17ae 257 struct ospf_packet *op;
258
259 op = ospf_fifo_pop(oi->obuf);
718e3744 260
d62a17ae 261 if (op)
262 ospf_packet_free(op);
718e3744 263}
264
7cec50a5 265static struct ospf_packet *ospf_packet_dup(struct ospf_packet *op)
718e3744 266{
d62a17ae 267 struct ospf_packet *new;
718e3744 268
d62a17ae 269 if (stream_get_endp(op->s) != op->length)
270 /* XXX size_t */
c9cc11f6 271 zlog_debug(
d62a17ae 272 "ospf_packet_dup stream %lu ospf_packet %u size mismatch",
d7c0a89a 273 (unsigned long)STREAM_SIZE(op->s), op->length);
30961a15 274
d62a17ae 275 /* Reserve space for MD5 authentication that may be added later. */
276 new = ospf_packet_new(stream_get_endp(op->s) + OSPF_AUTH_MD5_SIZE);
277 stream_copy(new->s, op->s);
718e3744 278
d62a17ae 279 new->dst = op->dst;
280 new->length = op->length;
718e3744 281
d62a17ae 282 return new;
718e3744 283}
284
86f1fd96 285/* XXX inline */
d62a17ae 286static unsigned int ospf_packet_authspace(struct ospf_interface *oi)
86f1fd96 287{
d62a17ae 288 int auth = 0;
86f1fd96 289
d62a17ae 290 if (ospf_auth_type(oi) == OSPF_AUTH_CRYPTOGRAPHIC)
291 auth = OSPF_AUTH_MD5_SIZE;
86f1fd96 292
d62a17ae 293 return auth;
86f1fd96 294}
295
d62a17ae 296static unsigned int ospf_packet_max(struct ospf_interface *oi)
718e3744 297{
d62a17ae 298 int max;
718e3744 299
d62a17ae 300 max = oi->ifp->mtu - ospf_packet_authspace(oi);
86f1fd96 301
d62a17ae 302 max -= (OSPF_HEADER_SIZE + sizeof(struct ip));
718e3744 303
d62a17ae 304 return max;
718e3744 305}
306
6b0655a2 307
d62a17ae 308static int ospf_check_md5_digest(struct ospf_interface *oi,
309 struct ospf_header *ospfh)
718e3744 310{
0513a271
MR		 311#ifdef CRYPTO_OPENSSL
312 EVP_MD_CTX *ctx;
313#elif CRYPTO_INTERNAL
d62a17ae 314 MD5_CTX ctx;
0513a271 315#endif
d62a17ae 316 unsigned char digest[OSPF_AUTH_MD5_SIZE];
317 struct crypt_key *ck;
318 struct ospf_neighbor *nbr;
d7c0a89a 319 uint16_t length = ntohs(ospfh->length);
d62a17ae 320
321 /* Get secret key. */
322 ck = ospf_crypt_key_lookup(OSPF_IF_PARAM(oi, auth_crypt),
323 ospfh->u.crypt.key_id);
324 if (ck == NULL) {
1c50c1c0
QY		 325 flog_warn(EC_OSPF_MD5, "interface %s: ospf_check_md5 no key %d",
326 IF_NAME(oi), ospfh->u.crypt.key_id);
d62a17ae 327 return 0;
328 }
718e3744 329
d62a17ae 330 /* check crypto seqnum. */
331 nbr = ospf_nbr_lookup_by_routerid(oi->nbrs, &ospfh->router_id);
718e3744 332
d62a17ae 333 if (nbr
334 && ntohl(nbr->crypt_seqnum) > ntohl(ospfh->u.crypt.crypt_seqnum)) {
c9cc11f6 335 flog_warn(
cf444bcf 336 EC_OSPF_MD5,
d62a17ae 337 "interface %s: ospf_check_md5 bad sequence %d (expect %d)",
338 IF_NAME(oi), ntohl(ospfh->u.crypt.crypt_seqnum),
339 ntohl(nbr->crypt_seqnum));
340 return 0;
341 }
718e3744 342
d62a17ae 343 /* Generate a digest for the ospf packet - their digest + our digest. */
0513a271
MR		 344#ifdef CRYPTO_OPENSSL
345 unsigned int md5_size = OSPF_AUTH_MD5_SIZE;
346 ctx = EVP_MD_CTX_new();
347 EVP_DigestInit(ctx, EVP_md5());
348 EVP_DigestUpdate(ctx, ospfh, length);
349 EVP_DigestUpdate(ctx, ck->auth_key, OSPF_AUTH_MD5_SIZE);
350 EVP_DigestFinal(ctx, digest, &md5_size);
351 EVP_MD_CTX_free(ctx);
352#elif CRYPTO_INTERNAL
d62a17ae 353 memset(&ctx, 0, sizeof(ctx));
354 MD5Init(&ctx);
355 MD5Update(&ctx, ospfh, length);
356 MD5Update(&ctx, ck->auth_key, OSPF_AUTH_MD5_SIZE);
357 MD5Final(digest, &ctx);
0513a271 358#endif
d62a17ae 359
360 /* compare the two */
361 if (memcmp((caddr_t)ospfh + length, digest, OSPF_AUTH_MD5_SIZE)) {
cf444bcf 362 flog_warn(EC_OSPF_MD5,
c9cc11f6 363 "interface %s: ospf_check_md5 checksum mismatch",
d62a17ae 364 IF_NAME(oi));
365 return 0;
366 }
718e3744 367
d62a17ae 368 /* save neighbor's crypt_seqnum */
369 if (nbr)
370 nbr->crypt_seqnum = ospfh->u.crypt.crypt_seqnum;
371 return 1;
718e3744 372}
373
374/* This function is called from ospf_write(), it will detect the
375 authentication scheme and if it is MD5, it will change the sequence
376 and update the MD5 digest. */
d62a17ae 377static int ospf_make_md5_digest(struct ospf_interface *oi,
378 struct ospf_packet *op)
379{
380 struct ospf_header *ospfh;
381 unsigned char digest[OSPF_AUTH_MD5_SIZE] = {0};
0513a271
MR		 382#ifdef CRYPTO_OPENSSL
383 EVP_MD_CTX *ctx;
384#elif CRYPTO_INTERNAL
d62a17ae 385 MD5_CTX ctx;
0513a271 386#endif
d62a17ae 387 void *ibuf;
d7c0a89a 388 uint32_t t;
d62a17ae 389 struct crypt_key *ck;
d7c0a89a 390 const uint8_t *auth_key;
d62a17ae 391
392 ibuf = STREAM_DATA(op->s);
393 ospfh = (struct ospf_header *)ibuf;
394
395 if (ntohs(ospfh->auth_type) != OSPF_AUTH_CRYPTOGRAPHIC)
396 return 0;
397
398 /* We do this here so when we dup a packet, we don't have to
399 waste CPU rewriting other headers.
400
401 Note that quagga_time /deliberately/ is not used here */
402 t = (time(NULL) & 0xFFFFFFFF);
403 if (t > oi->crypt_seqnum)
404 oi->crypt_seqnum = t;
405 else
406 oi->crypt_seqnum++;
407
408 ospfh->u.crypt.crypt_seqnum = htonl(oi->crypt_seqnum);
409
410 /* Get MD5 Authentication key from auth_key list. */
411 if (list_isempty(OSPF_IF_PARAM(oi, auth_crypt)))
d7c0a89a 412 auth_key = (const uint8_t *)digest;
d62a17ae 413 else {
414 ck = listgetdata(listtail(OSPF_IF_PARAM(oi, auth_crypt)));
415 auth_key = ck->auth_key;
416 }
718e3744 417
d62a17ae 418 /* Generate a digest for the entire packet + our secret key. */
0513a271
MR		 419#ifdef CRYPTO_OPENSSL
420 unsigned int md5_size = OSPF_AUTH_MD5_SIZE;
421 ctx = EVP_MD_CTX_new();
422 EVP_DigestInit(ctx, EVP_md5());
423 EVP_DigestUpdate(ctx, ibuf, ntohs(ospfh->length));
424 EVP_DigestUpdate(ctx, auth_key, OSPF_AUTH_MD5_SIZE);
425 EVP_DigestFinal(ctx, digest, &md5_size);
426 EVP_MD_CTX_free(ctx);
427#elif CRYPTO_INTERNAL
d62a17ae 428 memset(&ctx, 0, sizeof(ctx));
429 MD5Init(&ctx);
430 MD5Update(&ctx, ibuf, ntohs(ospfh->length));
431 MD5Update(&ctx, auth_key, OSPF_AUTH_MD5_SIZE);
432 MD5Final(digest, &ctx);
0513a271 433#endif
718e3744 434
d62a17ae 435 /* Append md5 digest to the end of the stream. */
436 stream_put(op->s, digest, OSPF_AUTH_MD5_SIZE);
718e3744 437
d62a17ae 438 /* We do *NOT* increment the OSPF header length. */
439 op->length = ntohs(ospfh->length) + OSPF_AUTH_MD5_SIZE;
30961a15 440
d62a17ae 441 if (stream_get_endp(op->s) != op->length)
442 /* XXX size_t */
c9cc11f6 443 flog_warn(
cf444bcf 444 EC_OSPF_MD5,
d62a17ae 445 "ospf_make_md5_digest: length mismatch stream %lu ospf_packet %u",
d7c0a89a 446 (unsigned long)stream_get_endp(op->s), op->length);
718e3744 447
d62a17ae 448 return OSPF_AUTH_MD5_SIZE;
718e3744 449}
450
6b0655a2 451
d62a17ae 452static int ospf_ls_req_timer(struct thread *thread)
718e3744 453{
d62a17ae 454 struct ospf_neighbor *nbr;
718e3744 455
d62a17ae 456 nbr = THREAD_ARG(thread);
457 nbr->t_ls_req = NULL;
718e3744 458
d62a17ae 459 /* Send Link State Request. */
460 if (ospf_ls_request_count(nbr))
461 ospf_ls_req_send(nbr);
718e3744 462
d62a17ae 463 /* Set Link State Request retransmission timer. */
464 OSPF_NSM_TIMER_ON(nbr->t_ls_req, ospf_ls_req_timer, nbr->v_ls_req);
718e3744 465
d62a17ae 466 return 0;
718e3744 467}
468
d62a17ae 469void ospf_ls_req_event(struct ospf_neighbor *nbr)
718e3744 470{
b3d6bc6e 471 thread_cancel(&nbr->t_ls_req);
d62a17ae 472 thread_add_event(master, ospf_ls_req_timer, nbr, 0, &nbr->t_ls_req);
718e3744 473}
474
475/* Cyclic timer function. Fist registered in ospf_nbr_new () in
476 ospf_neighbor.c */
d62a17ae 477int ospf_ls_upd_timer(struct thread *thread)
478{
479 struct ospf_neighbor *nbr;
480
481 nbr = THREAD_ARG(thread);
482 nbr->t_ls_upd = NULL;
483
484 /* Send Link State Update. */
485 if (ospf_ls_retransmit_count(nbr) > 0) {
486 struct list *update;
487 struct ospf_lsdb *lsdb;
488 int i;
489 int retransmit_interval;
490
491 retransmit_interval =
492 OSPF_IF_PARAM(nbr->oi, retransmit_interval);
493
494 lsdb = &nbr->ls_rxmt;
495 update = list_new();
496
497 for (i = OSPF_MIN_LSA; i < OSPF_MAX_LSA; i++) {
498 struct route_table *table = lsdb->type[i].db;
499 struct route_node *rn;
500
501 for (rn = route_top(table); rn; rn = route_next(rn)) {
502 struct ospf_lsa *lsa;
503
504 if ((lsa = rn->info) != NULL) {
505 /* Don't retransmit an LSA if we
506 received it within
507 the last RxmtInterval seconds - this
508 is to allow the
509 neighbour a chance to acknowledge the
510 LSA as it may
511 have ben just received before the
512 retransmit timer
513 fired. This is a small tweak to what
514 is in the RFC,
515 but it will cut out out a lot of
516 retransmit traffic
517 - MAG */
518 if (monotime_since(&lsa->tv_recv, NULL)
519 >= retransmit_interval * 1000000LL)
520 listnode_add(update, rn->info);
521 }
522 }
523 }
718e3744 524
d62a17ae 525 if (listcount(update) > 0)
996c9314
LB		 526 ospf_ls_upd_send(nbr, update, OSPF_SEND_PACKET_DIRECT,
527 0);
6a154c88 528 list_delete(&update);
718e3744 529 }
530
d62a17ae 531 /* Set LS Update retransmission timer. */
532 OSPF_NSM_TIMER_ON(nbr->t_ls_upd, ospf_ls_upd_timer, nbr->v_ls_upd);
718e3744 533
d62a17ae 534 return 0;
718e3744 535}
536
d62a17ae 537int ospf_ls_ack_timer(struct thread *thread)
718e3744 538{
d62a17ae 539 struct ospf_interface *oi;
718e3744 540
d62a17ae 541 oi = THREAD_ARG(thread);
542 oi->t_ls_ack = NULL;
718e3744 543
d62a17ae 544 /* Send Link State Acknowledgment. */
545 if (listcount(oi->ls_ack) > 0)
546 ospf_ls_ack_send_delayed(oi);
718e3744 547
d62a17ae 548 /* Set LS Ack timer. */
549 OSPF_ISM_TIMER_ON(oi->t_ls_ack, ospf_ls_ack_timer, oi->v_ls_ack);
718e3744 550
d62a17ae 551 return 0;
718e3744 552}
553
0bfeca3f 554#ifdef WANT_OSPF_WRITE_FRAGMENT
d62a17ae 555static void ospf_write_frags(int fd, struct ospf_packet *op, struct ip *iph,
556 struct msghdr *msg, unsigned int maxdatasize,
d7c0a89a 557 unsigned int mtu, int flags, uint8_t type)
0bfeca3f 558{
559#define OSPF_WRITE_FRAG_SHIFT 3
d7c0a89a 560 uint16_t offset;
d62a17ae 561 struct iovec *iovp;
562 int ret;
563
564 assert(op->length == stream_get_endp(op->s));
565 assert(msg->msg_iovlen == 2);
566
567 /* we can but try.
568 *
569 * SunOS, BSD and BSD derived kernels likely will clear ip_id, as
570 * well as the IP_MF flag, making this all quite pointless.
571 *
572 * However, for a system on which IP_MF is left alone, and ip_id left
573 * alone or else which sets same ip_id for each fragment this might
574 * work, eg linux.
575 *
576 * XXX-TODO: It would be much nicer to have the kernel's use their
577 * existing fragmentation support to do this for us. Bugs/RFEs need to
578 * be raised against the various kernels.
579 */
580
581 /* set More Frag */
582 iph->ip_off |= IP_MF;
583
584 /* ip frag offset is expressed in units of 8byte words */
585 offset = maxdatasize >> OSPF_WRITE_FRAG_SHIFT;
586
587 iovp = &msg->msg_iov[1];
588
589 while ((stream_get_endp(op->s) - stream_get_getp(op->s))
590 > maxdatasize) {
591 /* data length of this frag is to next offset value */
592 iovp->iov_len = offset << OSPF_WRITE_FRAG_SHIFT;
593 iph->ip_len = iovp->iov_len + sizeof(struct ip);
594 assert(iph->ip_len <= mtu);
595
596 sockopt_iphdrincl_swab_htosys(iph);
597
598 ret = sendmsg(fd, msg, flags);
599
600 sockopt_iphdrincl_swab_systoh(iph);
601
602 if (ret < 0)
c9cc11f6 603 flog_err(
450971aa 604 EC_LIB_SOCKET,
96b663a3
MS		 605 "*** ospf_write_frags: sendmsg failed to %pI4, id %d, off %d, len %d, mtu %u failed with %s",
606 &iph->ip_dst, iph->ip_id, iph->ip_off,
d62a17ae 607 iph->ip_len, mtu, safe_strerror(errno));
608
609 if (IS_DEBUG_OSPF_PACKET(type - 1, SEND)) {
610 zlog_debug(
96b663a3 611 "ospf_write_frags: sent id %d, off %d, len %d to %pI4",
d62a17ae 612 iph->ip_id, iph->ip_off, iph->ip_len,
96b663a3 613 &iph->ip_dst);
d62a17ae 614 }
615
616 iph->ip_off += offset;
617 stream_forward_getp(op->s, iovp->iov_len);
2d34fb80 618 iovp->iov_base = stream_pnt(op->s);
d62a17ae 619 }
620
621 /* setup for final fragment */
622 iovp->iov_len = stream_get_endp(op->s) - stream_get_getp(op->s);
623 iph->ip_len = iovp->iov_len + sizeof(struct ip);
624 iph->ip_off &= (~IP_MF);
0bfeca3f 625}
626#endif /* WANT_OSPF_WRITE_FRAGMENT */
627
d62a17ae 628static int ospf_write(struct thread *thread)
629{
630 struct ospf *ospf = THREAD_ARG(thread);
631 struct ospf_interface *oi;
632 struct ospf_interface *last_serviced_oi = NULL;
633 struct ospf_packet *op;
634 struct sockaddr_in sa_dst;
635 struct ip iph;
636 struct msghdr msg;
637 struct iovec iov[2];
d7c0a89a 638 uint8_t type;
d62a17ae 639 int ret;
640 int flags = 0;
641 struct listnode *node;
0bfeca3f 642#ifdef WANT_OSPF_WRITE_FRAGMENT
d7c0a89a
QY		 643 static uint16_t ipid = 0;
644 uint16_t maxdatasize;
9d303b37 645#endif /* WANT_OSPF_WRITE_FRAGMENT */
68b7339a 646#define OSPF_WRITE_IPHL_SHIFT 2
d62a17ae 647 int pkt_count = 0;
e1b18df1
CS		 648
649#ifdef GNU_LINUX
3e300703 650 unsigned char cmsgbuf[64] = {};
e7503eab
CS		 651 struct cmsghdr *cm = (struct cmsghdr *)cmsgbuf;
652 struct in_pktinfo *pi;
e1b18df1 653#endif
d62a17ae 654
c32eba04
CS		 655 if (ospf->fd < 0 || ospf->oi_running == 0) {
656 if (IS_DEBUG_OSPF_EVENT)
657 zlog_debug(
96b663a3
MS		 658 "ospf_write failed to send, fd %d, instance %u",
659 ospf->fd, ospf->oi_running);
c32eba04
CS		 660 return -1;
661 }
662
d62a17ae 663 node = listhead(ospf->oi_write_q);
664 assert(node);
665 oi = listgetdata(node);
0bfeca3f 666
667#ifdef WANT_OSPF_WRITE_FRAGMENT
d62a17ae 668 /* seed ipid static with low order bits of time */
669 if (ipid == 0)
670 ipid = (time(NULL) & 0xffff);
0bfeca3f 671#endif /* WANT_OSPF_WRITE_FRAGMENT */
672
d62a17ae 673 while ((pkt_count < ospf->write_oi_count) && oi
674 && (last_serviced_oi != oi)) {
675 /* If there is only packet in the queue, the oi is removed from
676 write-q, so fix up the last interface that was serviced */
677 if (last_serviced_oi == NULL) {
678 last_serviced_oi = oi;
679 }
680 pkt_count++;
233cc0fb 681#ifdef WANT_OSPF_WRITE_FRAGMENT
d62a17ae 682 /* convenience - max OSPF data per packet */
683 maxdatasize = oi->ifp->mtu - sizeof(struct ip);
233cc0fb 684#endif /* WANT_OSPF_WRITE_FRAGMENT */
d62a17ae 685 /* Get one packet from queue. */
686 op = ospf_fifo_head(oi->obuf);
687 assert(op);
688 assert(op->length >= OSPF_HEADER_SIZE);
689
690 if (op->dst.s_addr == htonl(OSPF_ALLSPFROUTERS)
691 || op->dst.s_addr == htonl(OSPF_ALLDROUTERS))
692 ospf_if_ipmulticast(ospf, oi->address,
693 oi->ifp->ifindex);
694
695 /* Rewrite the md5 signature & update the seq */
696 ospf_make_md5_digest(oi, op);
697
698 /* Retrieve OSPF packet type. */
699 stream_set_getp(op->s, 1);
700 type = stream_getc(op->s);
701
702 /* reset get pointer */
703 stream_set_getp(op->s, 0);
704
705 memset(&iph, 0, sizeof(struct ip));
706 memset(&sa_dst, 0, sizeof(sa_dst));
707
708 sa_dst.sin_family = AF_INET;
6f0e3f6e 709#ifdef HAVE_STRUCT_SOCKADDR_IN_SIN_LEN
d62a17ae 710 sa_dst.sin_len = sizeof(sa_dst);
6f0e3f6e 711#endif /* HAVE_STRUCT_SOCKADDR_IN_SIN_LEN */
d62a17ae 712 sa_dst.sin_addr = op->dst;
713 sa_dst.sin_port = htons(0);
714
715 /* Set DONTROUTE flag if dst is unicast. */
716 if (oi->type != OSPF_IFTYPE_VIRTUALLINK)
717 if (!IN_MULTICAST(htonl(op->dst.s_addr)))
718 flags = MSG_DONTROUTE;
719
720 iph.ip_hl = sizeof(struct ip) >> OSPF_WRITE_IPHL_SHIFT;
721 /* it'd be very strange for header to not be 4byte-word aligned
722 * but.. */
723 if (sizeof(struct ip)
724 > (unsigned int)(iph.ip_hl << OSPF_WRITE_IPHL_SHIFT))
0d6f7fd6 725 iph.ip_hl++; /* we presume sizeof(struct ip) cant
d62a17ae 726 overflow ip_hl.. */
727
728 iph.ip_v = IPVERSION;
729 iph.ip_tos = IPTOS_PREC_INTERNETCONTROL;
730 iph.ip_len = (iph.ip_hl << OSPF_WRITE_IPHL_SHIFT) + op->length;
68b7339a 731
0150c9c9 732#if defined(__DragonFly__)
d62a17ae 733 /*
734 * DragonFly's raw socket expects ip_len/ip_off in network byte
735 * order.
736 */
737 iph.ip_len = htons(iph.ip_len);
0150c9c9
DB		 738#endif
739
0bfeca3f 740#ifdef WANT_OSPF_WRITE_FRAGMENT
d62a17ae 741 /* XXX-MT: not thread-safe at all..
742 * XXX: this presumes this is only programme sending OSPF
743 * packets
744 * otherwise, no guarantee ipid will be unique
745 */
746 iph.ip_id = ++ipid;
0bfeca3f 747#endif /* WANT_OSPF_WRITE_FRAGMENT */
748
d62a17ae 749 iph.ip_off = 0;
750 if (oi->type == OSPF_IFTYPE_VIRTUALLINK)
751 iph.ip_ttl = OSPF_VL_IP_TTL;
752 else
753 iph.ip_ttl = OSPF_IP_TTL;
754 iph.ip_p = IPPROTO_OSPFIGP;
755 iph.ip_sum = 0;
756 iph.ip_src.s_addr = oi->address->u.prefix4.s_addr;
757 iph.ip_dst.s_addr = op->dst.s_addr;
758
759 memset(&msg, 0, sizeof(msg));
760 msg.msg_name = (caddr_t)&sa_dst;
761 msg.msg_namelen = sizeof(sa_dst);
762 msg.msg_iov = iov;
763 msg.msg_iovlen = 2;
e7503eab 764
d62a17ae 765 iov[0].iov_base = (char *)&iph;
766 iov[0].iov_len = iph.ip_hl << OSPF_WRITE_IPHL_SHIFT;
2d34fb80 767 iov[1].iov_base = stream_pnt(op->s);
d62a17ae 768 iov[1].iov_len = op->length;
769
e1b18df1
CS		 770#ifdef GNU_LINUX
771 msg.msg_control = (caddr_t)cm;
e7503eab
CS		 772 cm->cmsg_level = SOL_IP;
773 cm->cmsg_type = IP_PKTINFO;
774 cm->cmsg_len = CMSG_LEN(sizeof(struct in_pktinfo));
775 pi = (struct in_pktinfo *)CMSG_DATA(cm);
776 pi->ipi_ifindex = oi->ifp->ifindex;
777
778 msg.msg_controllen = cm->cmsg_len;
e1b18df1 779#endif
e7503eab 780
996c9314
LB		 781/* Sadly we can not rely on kernels to fragment packets
782 * because of either IP_HDRINCL and/or multicast
783 * destination being set.
784 */
e7503eab 785
0bfeca3f 786#ifdef WANT_OSPF_WRITE_FRAGMENT
d62a17ae 787 if (op->length > maxdatasize)
788 ospf_write_frags(ospf->fd, op, &iph, &msg, maxdatasize,
789 oi->ifp->mtu, flags, type);
0bfeca3f 790#endif /* WANT_OSPF_WRITE_FRAGMENT */
718e3744 791
d62a17ae 792 /* send final fragment (could be first) */
793 sockopt_iphdrincl_swab_htosys(&iph);
794 ret = sendmsg(ospf->fd, &msg, flags);
795 sockopt_iphdrincl_swab_systoh(&iph);
796 if (IS_DEBUG_OSPF_EVENT)
797 zlog_debug(
96b663a3
MS		 798 "ospf_write to %pI4, id %d, off %d, len %d, interface %s, mtu %u:",
799 &iph.ip_dst, iph.ip_id, iph.ip_off,
d62a17ae 800 iph.ip_len, oi->ifp->name, oi->ifp->mtu);
801
68696746
RD		 802 /* sendmsg will return EPERM if firewall is blocking sending.
803 * This is a normal situation when 'ip nhrp map multicast xxx'
804 * is being used to send multicast packets to DMVPN peers. In
805 * that case the original message is blocked with iptables rule
806 * causing the EPERM result
807 */
808 if (ret < 0 && errno != EPERM)
c9cc11f6 809 flog_err(
450971aa 810 EC_LIB_SOCKET,
96b663a3
MS		 811 "*** sendmsg in ospf_write failed to %pI4, id %d, off %d, len %d, interface %s, mtu %u: %s",
812 &iph.ip_dst, iph.ip_id, iph.ip_off,
d62a17ae 813 iph.ip_len, oi->ifp->name, oi->ifp->mtu,
814 safe_strerror(errno));
815
816 /* Show debug sending packet. */
817 if (IS_DEBUG_OSPF_PACKET(type - 1, SEND)) {
818 if (IS_DEBUG_OSPF_PACKET(type - 1, DETAIL)) {
819 zlog_debug(
820 "-----------------------------------------------------");
d62a17ae 821 stream_set_getp(op->s, 0);
822 ospf_packet_dump(op->s);
823 }
824
96b663a3 825 zlog_debug("%s sent to [%pI4] via [%s].",
d62a17ae 826 lookup_msg(ospf_packet_type_str, type, NULL),
96b663a3 827 &op->dst, IF_NAME(oi));
d62a17ae 828
829 if (IS_DEBUG_OSPF_PACKET(type - 1, DETAIL))
830 zlog_debug(
831 "-----------------------------------------------------");
832 }
833
c9339663 834 switch (type) {
996c9314
LB		 835 case OSPF_MSG_HELLO:
836 oi->hello_out++;
837 break;
838 case OSPF_MSG_DB_DESC:
839 oi->db_desc_out++;
840 break;
841 case OSPF_MSG_LS_REQ:
842 oi->ls_req_out++;
843 break;
844 case OSPF_MSG_LS_UPD:
845 oi->ls_upd_out++;
846 break;
847 case OSPF_MSG_LS_ACK:
848 oi->ls_ack_out++;
849 break;
850 default:
851 break;
c9339663
CS		 852 }
853
d62a17ae 854 /* Now delete packet from queue. */
855 ospf_packet_delete(oi);
856
857 /* Move this interface to the tail of write_q to
858 serve everyone in a round robin fashion */
859 list_delete_node(ospf->oi_write_q, node);
860 if (ospf_fifo_head(oi->obuf) == NULL) {
861 oi->on_write_q = 0;
862 last_serviced_oi = NULL;
863 oi = NULL;
864 } else {
865 listnode_add(ospf->oi_write_q, oi);
e8f45e82 866 }
d62a17ae 867
868 /* Setup to service from the head of the queue again */
869 if (!list_isempty(ospf->oi_write_q)) {
870 node = listhead(ospf->oi_write_q);
d62a17ae 871 oi = listgetdata(node);
d62a17ae 872 }
873 }
874
875 /* If packets still remain in queue, call write thread. */
4bb420ab 876 if (!list_isempty(ospf->oi_write_q))
d62a17ae 877 thread_add_write(master, ospf_write, ospf, ospf->fd,
878 &ospf->t_write);
718e3744 879
d62a17ae 880 return 0;
718e3744 881}
882
883/* OSPF Hello message read -- RFC2328 Section 10.5. */
d62a17ae 884static void ospf_hello(struct ip *iph, struct ospf_header *ospfh,
885 struct stream *s, struct ospf_interface *oi, int size)
886{
887 struct ospf_hello *hello;
888 struct ospf_neighbor *nbr;
889 int old_state;
890 struct prefix p;
891
892 /* increment statistics. */
893 oi->hello_in++;
894
2d34fb80 895 hello = (struct ospf_hello *)stream_pnt(s);
d62a17ae 896
897 /* If Hello is myself, silently discard. */
898 if (IPV4_ADDR_SAME(&ospfh->router_id, &oi->ospf->router_id)) {
899 if (IS_DEBUG_OSPF_PACKET(ospfh->type - 1, RECV)) {
900 zlog_debug(
96b663a3 901 "ospf_header[%s/%pI4]: selforiginated, dropping.",
d62a17ae 902 lookup_msg(ospf_packet_type_str, ospfh->type,
903 NULL),
96b663a3 904 &iph->ip_src);
d62a17ae 905 }
906 return;
907 }
908
909 /* get neighbor prefix. */
910 p.family = AF_INET;
911 p.prefixlen = ip_masklen(hello->network_mask);
912 p.u.prefix4 = iph->ip_src;
913
914 /* Compare network mask. */
915 /* Checking is ignored for Point-to-Point and Virtual link. */
0c5506a8 916 /* Checking is also ignored for Point-to-Multipoint with /32 prefix */
d62a17ae 917 if (oi->type != OSPF_IFTYPE_POINTOPOINT
0c5506a8
AL		 918 && oi->type != OSPF_IFTYPE_VIRTUALLINK
919 && !(oi->type == OSPF_IFTYPE_POINTOMULTIPOINT
920 && oi->address->prefixlen == IPV4_MAX_BITLEN))
d62a17ae 921 if (oi->address->prefixlen != p.prefixlen) {
c9cc11f6 922 flog_warn(
cf444bcf 923 EC_OSPF_PACKET,
96b663a3
MS		 924 "Packet %pI4 [Hello:RECV]: NetworkMask mismatch on %s (configured prefix length is %d, but hello packet indicates %d).",
925 &ospfh->router_id, IF_NAME(oi),
d62a17ae 926 (int)oi->address->prefixlen, (int)p.prefixlen);
927 return;
928 }
929
930 /* Compare Router Dead Interval. */
931 if (OSPF_IF_PARAM(oi, v_wait) != ntohl(hello->dead_interval)) {
cf444bcf 932 flog_warn(EC_OSPF_PACKET,
96b663a3
MS		 933 "Packet %pI4 [Hello:RECV]: RouterDeadInterval mismatch (expected %u, but received %u).",
934 &ospfh->router_id,
c9cc11f6
DS		 935 OSPF_IF_PARAM(oi, v_wait),
936 ntohl(hello->dead_interval));
d62a17ae 937 return;
938 }
939
940 /* Compare Hello Interval - ignored if fast-hellos are set. */
941 if (OSPF_IF_PARAM(oi, fast_hello) == 0) {
942 if (OSPF_IF_PARAM(oi, v_hello)
943 != ntohs(hello->hello_interval)) {
c9cc11f6 944 flog_warn(
cf444bcf 945 EC_OSPF_PACKET,
96b663a3
MS		 946 "Packet %pI4 [Hello:RECV]: HelloInterval mismatch (expected %u, but received %u).",
947 &ospfh->router_id,
d62a17ae 948 OSPF_IF_PARAM(oi, v_hello),
949 ntohs(hello->hello_interval));
950 return;
951 }
952 }
953
954 if (IS_DEBUG_OSPF_EVENT)
96b663a3
MS		 955 zlog_debug("Packet %pI4 [Hello:RECV]: Options %s vrf %s",
956 &ospfh->router_id,
b5a8894d
CS		 957 ospf_options_dump(hello->options),
958 ospf_vrf_id_to_name(oi->ospf->vrf_id));
d62a17ae 959
960/* Compare options. */
718e3744 961#define REJECT_IF_TBIT_ON 1 /* XXX */
962#ifdef REJECT_IF_TBIT_ON
d62a17ae 963 if (CHECK_FLAG(hello->options, OSPF_OPTION_MT)) {
964 /*
965 * This router does not support non-zero TOS.
966 * Drop this Hello packet not to establish neighbor
967 * relationship.
968 */
cf444bcf 969 flog_warn(EC_OSPF_PACKET,
96b663a3
MS		 970 "Packet %pI4 [Hello:RECV]: T-bit on, drop it.",
971 &ospfh->router_id);
d62a17ae 972 return;
973 }
718e3744 974#endif /* REJECT_IF_TBIT_ON */
975
d62a17ae 976 if (CHECK_FLAG(oi->ospf->config, OSPF_OPAQUE_CAPABLE)
977 && CHECK_FLAG(hello->options, OSPF_OPTION_O)) {
978 /*
979 * This router does know the correct usage of O-bit
980 * the bit should be set in DD packet only.
981 */
cf444bcf 982 flog_warn(EC_OSPF_PACKET,
96b663a3
MS		 983 "Packet %pI4 [Hello:RECV]: O-bit abuse?",
984 &ospfh->router_id);
718e3744 985#ifdef STRICT_OBIT_USAGE_CHECK
d62a17ae 986 return; /* Reject this packet. */
987#else /* STRICT_OBIT_USAGE_CHECK */
988 UNSET_FLAG(hello->options, OSPF_OPTION_O); /* Ignore O-bit. */
989#endif /* STRICT_OBIT_USAGE_CHECK */
990 }
718e3744 991
d62a17ae 992 /* new for NSSA is to ensure that NP is on and E is off */
993
994 if (oi->area->external_routing == OSPF_AREA_NSSA) {
995 if (!(CHECK_FLAG(OPTIONS(oi), OSPF_OPTION_NP)
996 && CHECK_FLAG(hello->options, OSPF_OPTION_NP)
997 && !CHECK_FLAG(OPTIONS(oi), OSPF_OPTION_E)
998 && !CHECK_FLAG(hello->options, OSPF_OPTION_E))) {
c9cc11f6 999 flog_warn(
cf444bcf 1000 EC_OSPF_PACKET,
96b663a3
MS		 1001 "NSSA-Packet-%pI4[Hello:RECV]: my options: %x, his options %x",
1002 &ospfh->router_id, OPTIONS(oi),
d62a17ae 1003 hello->options);
1004 return;
1005 }
1006 if (IS_DEBUG_OSPF_NSSA)
96b663a3
MS		 1007 zlog_debug("NSSA-Hello:RECV:Packet from %pI4:",
1008 &ospfh->router_id);
d62a17ae 1009 } else
1010 /* The setting of the E-bit found in the Hello Packet's Options
1011 field must match this area's ExternalRoutingCapability A
1012 mismatch causes processing to stop and the packet to be
1013 dropped. The setting of the rest of the bits in the Hello
1014 Packet's Options field should be ignored. */
1015 if (CHECK_FLAG(OPTIONS(oi), OSPF_OPTION_E)
1016 != CHECK_FLAG(hello->options, OSPF_OPTION_E)) {
c9cc11f6 1017 flog_warn(
cf444bcf 1018 EC_OSPF_PACKET,
96b663a3
MS		 1019 "Packet %pI4 [Hello:RECV]: my options: %x, his options %x",
1020 &ospfh->router_id, OPTIONS(oi),
d62a17ae 1021 hello->options);
1022 return;
1023 }
718e3744 1024
d62a17ae 1025 /* get neighbour struct */
1026 nbr = ospf_nbr_get(oi, ospfh, iph, &p);
1027
1028 /* neighbour must be valid, ospf_nbr_get creates if none existed */
1029 assert(nbr);
1030
1031 old_state = nbr->state;
1032
1033 /* Add event to thread. */
1034 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_PacketReceived);
1035
1036 /* RFC2328 Section 9.5.1
1037 If the router is not eligible to become Designated Router,
1038 (snip) It must also send an Hello Packet in reply to an
1039 Hello Packet received from any eligible neighbor (other than
1040 the current Designated Router and Backup Designated Router). */
1041 if (oi->type == OSPF_IFTYPE_NBMA)
1042 if (PRIORITY(oi) == 0 && hello->priority > 0
1043 && IPV4_ADDR_CMP(&DR(oi), &iph->ip_src)
1044 && IPV4_ADDR_CMP(&BDR(oi), &iph->ip_src))
1045 OSPF_NSM_TIMER_ON(nbr->t_hello_reply,
1046 ospf_hello_reply_timer,
1047 OSPF_HELLO_REPLY_DELAY);
1048
1049 /* on NBMA network type, it happens to receive bidirectional Hello
1050 packet
1051 without advance 1-Way Received event.
1052 To avoid incorrect DR-seletion, raise 1-Way Received event.*/
1053 if (oi->type == OSPF_IFTYPE_NBMA
1054 && (old_state == NSM_Down || old_state == NSM_Attempt)) {
1055 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_OneWayReceived);
1056 nbr->priority = hello->priority;
1057 nbr->d_router = hello->d_router;
1058 nbr->bd_router = hello->bd_router;
1059 return;
1060 }
1061
1062 if (ospf_nbr_bidirectional(&oi->ospf->router_id, hello->neighbors,
1063 size - OSPF_HELLO_MIN_SIZE)) {
1064 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_TwoWayReceived);
1065 nbr->options |= hello->options;
1066 } else {
5a77dd8f 1067 /* If the router is DR_OTHER, RESTARTER will not wait
1068 * until it receives the hello from it if it receives
1069 * from DR and BDR.
1070 * So, helper might receives ONW_WAY hello from
1071 * RESTARTER. So not allowing to change the state if it
1072 * receives one_way hellow when it acts as HELPER for
1073 * that specific neighbor.
1074 */
1075 if (!OSPF_GR_IS_ACTIVE_HELPER(nbr))
1076 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_OneWayReceived);
d62a17ae 1077 /* Set neighbor information. */
1078 nbr->priority = hello->priority;
1079 nbr->d_router = hello->d_router;
1080 nbr->bd_router = hello->bd_router;
1081 return;
1082 }
1083
1084 /* If neighbor itself declares DR and no BDR exists,
1085 cause event BackupSeen */
1086 if (IPV4_ADDR_SAME(&nbr->address.u.prefix4, &hello->d_router))
975a328e
DA		 1087 if (hello->bd_router.s_addr == INADDR_ANY
1088 && oi->state == ISM_Waiting)
d62a17ae 1089 OSPF_ISM_EVENT_SCHEDULE(oi, ISM_BackupSeen);
1090
1091 /* neighbor itself declares BDR. */
1092 if (oi->state == ISM_Waiting
1093 && IPV4_ADDR_SAME(&nbr->address.u.prefix4, &hello->bd_router))
1094 OSPF_ISM_EVENT_SCHEDULE(oi, ISM_BackupSeen);
1095
1096 /* had not previously. */
1097 if ((IPV4_ADDR_SAME(&nbr->address.u.prefix4, &hello->d_router)
1098 && IPV4_ADDR_CMP(&nbr->address.u.prefix4, &nbr->d_router))
1099 || (IPV4_ADDR_CMP(&nbr->address.u.prefix4, &hello->d_router)
1100 && IPV4_ADDR_SAME(&nbr->address.u.prefix4, &nbr->d_router)))
1101 OSPF_ISM_EVENT_SCHEDULE(oi, ISM_NeighborChange);
1102
1103 /* had not previously. */
1104 if ((IPV4_ADDR_SAME(&nbr->address.u.prefix4, &hello->bd_router)
1105 && IPV4_ADDR_CMP(&nbr->address.u.prefix4, &nbr->bd_router))
1106 || (IPV4_ADDR_CMP(&nbr->address.u.prefix4, &hello->bd_router)
1107 && IPV4_ADDR_SAME(&nbr->address.u.prefix4, &nbr->bd_router)))
1108 OSPF_ISM_EVENT_SCHEDULE(oi, ISM_NeighborChange);
1109
1110 /* Neighbor priority check. */
1111 if (nbr->priority >= 0 && nbr->priority != hello->priority)
1112 OSPF_ISM_EVENT_SCHEDULE(oi, ISM_NeighborChange);
1113
1114 /* Set neighbor information. */
1115 nbr->priority = hello->priority;
1116 nbr->d_router = hello->d_router;
1117 nbr->bd_router = hello->bd_router;
718e3744 1118}
1119
1120/* Save DD flags/options/Seqnum received. */
d62a17ae 1121static void ospf_db_desc_save_current(struct ospf_neighbor *nbr,
1122 struct ospf_db_desc *dd)
718e3744 1123{
d62a17ae 1124 nbr->last_recv.flags = dd->flags;
1125 nbr->last_recv.options = dd->options;
1126 nbr->last_recv.dd_seqnum = ntohl(dd->dd_seqnum);
718e3744 1127}
1128
1129/* Process rest of DD packet. */
d62a17ae 1130static void ospf_db_desc_proc(struct stream *s, struct ospf_interface *oi,
1131 struct ospf_neighbor *nbr,
d7c0a89a 1132 struct ospf_db_desc *dd, uint16_t size)
d62a17ae 1133{
1134 struct ospf_lsa *new, *find;
1135 struct lsa_header *lsah;
1136
1137 stream_forward_getp(s, OSPF_DB_DESC_MIN_SIZE);
1138 for (size -= OSPF_DB_DESC_MIN_SIZE; size >= OSPF_LSA_HEADER_SIZE;
1139 size -= OSPF_LSA_HEADER_SIZE) {
2d34fb80 1140 lsah = (struct lsa_header *)stream_pnt(s);
d62a17ae 1141 stream_forward_getp(s, OSPF_LSA_HEADER_SIZE);
1142
1143 /* Unknown LS type. */
1144 if (lsah->type < OSPF_MIN_LSA || lsah->type >= OSPF_MAX_LSA) {
cf444bcf 1145 flog_warn(EC_OSPF_PACKET,
c9cc11f6 1146 "Packet [DD:RECV]: Unknown LS type %d.",
d62a17ae 1147 lsah->type);
1148 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_SeqNumberMismatch);
1149 return;
1150 }
1151
1152 if (IS_OPAQUE_LSA(lsah->type)
1153 && !CHECK_FLAG(nbr->options, OSPF_OPTION_O)) {
cf444bcf 1154 flog_warn(EC_OSPF_PACKET,
96b663a3
MS		 1155 "LSA[Type%d:%pI4]: Opaque capability mismatch?",
1156 lsah->type, &lsah->id);
d62a17ae 1157 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_SeqNumberMismatch);
1158 return;
1159 }
1160
1161 switch (lsah->type) {
1162 case OSPF_AS_EXTERNAL_LSA:
1163 case OSPF_OPAQUE_AS_LSA:
1164 /* Check for stub area. Reject if AS-External from stub
1165 but
1166 allow if from NSSA. */
1167 if (oi->area->external_routing == OSPF_AREA_STUB) {
c9cc11f6 1168 flog_warn(
cf444bcf 1169 EC_OSPF_PACKET,
96b663a3
MS		 1170 "Packet [DD:RECV]: LSA[Type%d:%pI4] from %s area.",
1171 lsah->type, &lsah->id,
d62a17ae 1172 (oi->area->external_routing
1173 == OSPF_AREA_STUB)
1174 ? "STUB"
1175 : "NSSA");
1176 OSPF_NSM_EVENT_SCHEDULE(nbr,
1177 NSM_SeqNumberMismatch);
1178 return;
1179 }
1180 break;
1181 default:
1182 break;
1183 }
1184
1185 /* Create LS-request object. */
1186 new = ospf_ls_request_new(lsah);
1187
1188 /* Lookup received LSA, then add LS request list. */
1189 find = ospf_lsa_lookup_by_header(oi->area, lsah);
1190
1191 /* ospf_lsa_more_recent is fine with NULL pointers */
1192 switch (ospf_lsa_more_recent(find, new)) {
1193 case -1:
1194 /* Neighbour has a more recent LSA, we must request it
1195 */
1196 ospf_ls_request_add(nbr, new);
1197 /* fallthru */
1198 case 0:
1199 /* If we have a copy of this LSA, it's either less
1200 * recent
1201 * and we're requesting it from neighbour (the case
1202 * above), or
1203 * it's as recent and we both have same copy (this
1204 * case).
1205 *
1206 * In neither of these two cases is there any point in
1207 * describing our copy of the LSA to the neighbour in a
1208 * DB-Summary packet, if we're still intending to do so.
1209 *
1210 * See: draft-ogier-ospf-dbex-opt-00.txt, describing the
1211 * backward compatible optimisation to OSPF DB Exchange
1212 * /
1213 * DB Description process implemented here.
1214 */
1215 if (find)
1216 ospf_lsdb_delete(&nbr->db_sum, find);
1217 ospf_lsa_discard(new);
1218 break;
1219 default:
1220 /* We have the more recent copy, nothing specific to do:
1221 * - no need to request neighbours stale copy
1222 * - must leave DB summary list copy alone
1223 */
1224 if (IS_DEBUG_OSPF_EVENT)
1225 zlog_debug(
96b663a3
MS		 1226 "Packet [DD:RECV]: LSA received Type %d, ID %pI4 is not recent.",
1227 lsah->type, &lsah->id);
d62a17ae 1228 ospf_lsa_discard(new);
1229 }
1230 }
1231
1232 /* Master */
1233 if (IS_SET_DD_MS(nbr->dd_flags)) {
1234 nbr->dd_seqnum++;
1235
1236 /* Both sides have no More, then we're done with Exchange */
1237 if (!IS_SET_DD_M(dd->flags) && !IS_SET_DD_M(nbr->dd_flags))
1238 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_ExchangeDone);
1239 else
1240 ospf_db_desc_send(nbr);
1241 }
1242 /* Slave */
1243 else {
1244 nbr->dd_seqnum = ntohl(dd->dd_seqnum);
1245
1246 /* Send DD packet in reply.
1247 *
1248 * Must be done to acknowledge the Master's DD, regardless of
1249 * whether we have more LSAs ourselves to describe.
1250 *
1251 * This function will clear the 'More' bit, if after this DD
1252 * we have no more LSAs to describe to the master..
1253 */
1254 ospf_db_desc_send(nbr);
1255
1256 /* Slave can raise ExchangeDone now, if master is also done */
1257 if (!IS_SET_DD_M(dd->flags) && !IS_SET_DD_M(nbr->dd_flags))
1258 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_ExchangeDone);
1259 }
1260
1261 /* Save received neighbor values from DD. */
1262 ospf_db_desc_save_current(nbr, dd);
1263
1264 if (!nbr->t_ls_req)
1265 ospf_ls_req_send(nbr);
1266}
1267
1268static int ospf_db_desc_is_dup(struct ospf_db_desc *dd,
1269 struct ospf_neighbor *nbr)
1270{
1271 /* Is DD duplicated? */
1272 if (dd->options == nbr->last_recv.options
1273 && dd->flags == nbr->last_recv.flags
1274 && dd->dd_seqnum == htonl(nbr->last_recv.dd_seqnum))
1275 return 1;
1276
1277 return 0;
718e3744 1278}
1279
1280/* OSPF Database Description message read -- RFC2328 Section 10.6. */
d62a17ae 1281static void ospf_db_desc(struct ip *iph, struct ospf_header *ospfh,
1282 struct stream *s, struct ospf_interface *oi,
d7c0a89a 1283 uint16_t size)
d62a17ae 1284{
1285 struct ospf_db_desc *dd;
1286 struct ospf_neighbor *nbr;
d363df2c 1287
d62a17ae 1288 /* Increment statistics. */
1289 oi->db_desc_in++;
718e3744 1290
2d34fb80 1291 dd = (struct ospf_db_desc *)stream_pnt(s);
d62a17ae 1292
1293 nbr = ospf_nbr_lookup(oi, iph, ospfh);
1294 if (nbr == NULL) {
96b663a3
MS		 1295 flog_warn(EC_OSPF_PACKET, "Packet[DD]: Unknown Neighbor %pI4",
1296 &ospfh->router_id);
d62a17ae 1297 return;
718e3744 1298 }
d62a17ae 1299
1300 /* Check MTU. */
1301 if ((OSPF_IF_PARAM(oi, mtu_ignore) == 0)
1302 && (ntohs(dd->mtu) > oi->ifp->mtu)) {
c9cc11f6 1303 flog_warn(
cf444bcf 1304 EC_OSPF_PACKET,
96b663a3
MS		 1305 "Packet[DD]: Neighbor %pI4 MTU %u is larger than [%s]'s MTU %u",
1306 &nbr->router_id, ntohs(dd->mtu), IF_NAME(oi),
d62a17ae 1307 oi->ifp->mtu);
1308 return;
718e3744 1309 }
1310
d62a17ae 1311 /*
1312 * XXX HACK by Hasso Tepper. Setting N/P bit in NSSA area DD packets is
1313 * not
1314 * required. In fact at least JunOS sends DD packets with P bit clear.
1315 * Until proper solution is developped, this hack should help.
1316 *
1317 * Update: According to the RFCs, N bit is specified /only/ for Hello
1318 * options, unfortunately its use in DD options is not specified. Hence
1319 * some
1320 * implementations follow E-bit semantics and set it in DD options, and
1321 * some
1322 * treat it as unspecified and hence follow the directive "default for
1323 * options is clear", ie unset.
1324 *
1325 * Reset the flag, as ospfd follows E-bit semantics.
1326 */
1327 if ((oi->area->external_routing == OSPF_AREA_NSSA)
1328 && (CHECK_FLAG(nbr->options, OSPF_OPTION_NP))
1329 && (!CHECK_FLAG(dd->options, OSPF_OPTION_NP))) {
1330 if (IS_DEBUG_OSPF_EVENT)
1331 zlog_debug(
96b663a3
MS		 1332 "Packet[DD]: Neighbour %pI4: Has NSSA capability, sends with N bit clear in DD options",
1333 &nbr->router_id);
d62a17ae 1334 SET_FLAG(dd->options, OSPF_OPTION_NP);
718e3744 1335 }
1336
d62a17ae 1337#ifdef REJECT_IF_TBIT_ON
1338 if (CHECK_FLAG(dd->options, OSPF_OPTION_MT)) {
1339 /*
1340 * In Hello protocol, optional capability must have checked
1341 * to prevent this T-bit enabled router be my neighbor.
1342 */
96b663a3
MS		 1343 flog_warn(EC_OSPF_PACKET, "Packet[DD]: Neighbor %pI4: T-bit on?",
1344 &nbr->router_id);
d62a17ae 1345 return;
1346 }
1347#endif /* REJECT_IF_TBIT_ON */
1348
1349 if (CHECK_FLAG(dd->options, OSPF_OPTION_O)
1350 && !CHECK_FLAG(oi->ospf->config, OSPF_OPAQUE_CAPABLE)) {
1351 /*
1352 * This node is not configured to handle O-bit, for now.
1353 * Clear it to ignore unsupported capability proposed by
1354 * neighbor.
1355 */
1356 UNSET_FLAG(dd->options, OSPF_OPTION_O);
1357 }
1358
1359 /* Add event to thread. */
1360 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_PacketReceived);
1361
e6a22aeb
SK		 1362 if (CHECK_FLAG(oi->ospf->config, OSPF_LOG_ADJACENCY_DETAIL))
1363 zlog_info(
96b663a3 1364 "%s:Packet[DD]: Neighbor %pI4 state is %s, seq_num:0x%x, local:0x%x",
e6a22aeb 1365 (oi->ospf->name) ? oi->ospf->name : VRF_DEFAULT_NAME,
96b663a3 1366 &nbr->router_id,
e6a22aeb
SK		 1367 lookup_msg(ospf_nsm_state_msg, nbr->state, NULL),
1368 ntohl(dd->dd_seqnum), nbr->dd_seqnum);
1369
d62a17ae 1370 /* Process DD packet by neighbor status. */
1371 switch (nbr->state) {
1372 case NSM_Down:
1373 case NSM_Attempt:
1374 case NSM_TwoWay:
96db9cd3
DS		 1375 if (CHECK_FLAG(oi->ospf->config, OSPF_LOG_ADJACENCY_DETAIL))
1376 zlog_info(
96b663a3
MS		 1377 "Packet[DD]: Neighbor %pI4 state is %s, packet discarded.",
1378 &nbr->router_id,
96db9cd3
DS		 1379 lookup_msg(ospf_nsm_state_msg, nbr->state,
1380 NULL));
d62a17ae 1381 break;
1382 case NSM_Init:
1383 OSPF_NSM_EVENT_EXECUTE(nbr, NSM_TwoWayReceived);
1384 /* If the new state is ExStart, the processing of the current
1385 packet should then continue in this new state by falling
1386 through to case ExStart below. */
1387 if (nbr->state != NSM_ExStart)
1388 break;
1389 /* fallthru */
1390 case NSM_ExStart:
1391 /* Initial DBD */
1392 if ((IS_SET_DD_ALL(dd->flags) == OSPF_DD_FLAG_ALL)
1393 && (size == OSPF_DB_DESC_MIN_SIZE)) {
1394 if (IPV4_ADDR_CMP(&nbr->router_id, &oi->ospf->router_id)
1395 > 0) {
1396 /* We're Slave---obey */
05ba78e4
CS		 1397 if (CHECK_FLAG(oi->ospf->config,
1398 OSPF_LOG_ADJACENCY_DETAIL))
996c9314 1399 zlog_info(
96b663a3
MS		 1400 "Packet[DD]: Neighbor %pI4 Negotiation done (Slave).",
1401 &nbr->router_id);
05ba78e4 1402
d62a17ae 1403 nbr->dd_seqnum = ntohl(dd->dd_seqnum);
1404
1405 /* Reset I/MS */
1406 UNSET_FLAG(nbr->dd_flags,
1407 (OSPF_DD_FLAG_MS | OSPF_DD_FLAG_I));
1408 } else {
1409 /* We're Master, ignore the initial DBD from
1410 * Slave */
05ba78e4
CS		 1411 if (CHECK_FLAG(oi->ospf->config,
1412 OSPF_LOG_ADJACENCY_DETAIL))
1413 zlog_info(
96b663a3
MS		 1414 "Packet[DD]: Neighbor %pI4: Initial DBD from Slave, ignoring.",
1415 &nbr->router_id);
d62a17ae 1416 break;
1417 }
1418 }
1419 /* Ack from the Slave */
1420 else if (!IS_SET_DD_MS(dd->flags) && !IS_SET_DD_I(dd->flags)
1421 && ntohl(dd->dd_seqnum) == nbr->dd_seqnum
1422 && IPV4_ADDR_CMP(&nbr->router_id, &oi->ospf->router_id)
1423 < 0) {
1424 zlog_info(
96b663a3
MS		 1425 "Packet[DD]: Neighbor %pI4 Negotiation done (Master).",
1426 &nbr->router_id);
d62a17ae 1427 /* Reset I, leaving MS */
1428 UNSET_FLAG(nbr->dd_flags, OSPF_DD_FLAG_I);
1429 } else {
cf444bcf 1430 flog_warn(EC_OSPF_PACKET,
96b663a3
MS		 1431 "Packet[DD]: Neighbor %pI4 Negotiation fails.",
1432 &nbr->router_id);
d62a17ae 1433 break;
1434 }
1435
1436 /* This is where the real Options are saved */
1437 nbr->options = dd->options;
1438
1439 if (CHECK_FLAG(oi->ospf->config, OSPF_OPAQUE_CAPABLE)) {
1440 if (IS_DEBUG_OSPF_EVENT)
1441 zlog_debug(
96b663a3
MS		 1442 "Neighbor[%pI4] is %sOpaque-capable.",
1443 &nbr->router_id,
d62a17ae 1444 CHECK_FLAG(nbr->options, OSPF_OPTION_O)
1445 ? ""
1446 : "NOT ");
1447
1448 if (!CHECK_FLAG(nbr->options, OSPF_OPTION_O)
1449 && IPV4_ADDR_SAME(&DR(oi),
1450 &nbr->address.u.prefix4)) {
c9cc11f6 1451 flog_warn(
cf444bcf 1452 EC_OSPF_PACKET,
96b663a3
MS		 1453 "DR-neighbor[%pI4] is NOT opaque-capable; Opaque-LSAs cannot be reliably advertised in this network.",
1454 &nbr->router_id);
d62a17ae 1455 /* This situation is undesirable, but not a real
1456 * error. */
1457 }
1458 }
1459
1460 OSPF_NSM_EVENT_EXECUTE(nbr, NSM_NegotiationDone);
1461
1462 /* continue processing rest of packet. */
1463 ospf_db_desc_proc(s, oi, nbr, dd, size);
1464 break;
1465 case NSM_Exchange:
1466 if (ospf_db_desc_is_dup(dd, nbr)) {
1467 if (IS_SET_DD_MS(nbr->dd_flags))
1468 /* Master: discard duplicated DD packet. */
1469 zlog_info(
96b663a3
MS		 1470 "Packet[DD] (Master): Neighbor %pI4 packet duplicated.",
1471 &nbr->router_id);
d62a17ae 1472 else
1473 /* Slave: cause to retransmit the last Database
1474 Description. */
1475 {
1476 zlog_info(
96b663a3
MS		 1477 "Packet[DD] [Slave]: Neighbor %pI4 packet duplicated.",
1478 &nbr->router_id);
d62a17ae 1479 ospf_db_desc_resend(nbr);
1480 }
1481 break;
1482 }
1483
1484 /* Otherwise DD packet should be checked. */
1485 /* Check Master/Slave bit mismatch */
1486 if (IS_SET_DD_MS(dd->flags)
1487 != IS_SET_DD_MS(nbr->last_recv.flags)) {
cf444bcf 1488 flog_warn(EC_OSPF_PACKET,
96b663a3
MS		 1489 "Packet[DD]: Neighbor %pI4 MS-bit mismatch.",
1490 &nbr->router_id);
d62a17ae 1491 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_SeqNumberMismatch);
1492 if (IS_DEBUG_OSPF_EVENT)
1493 zlog_debug(
1494 "Packet[DD]: dd->flags=%d, nbr->dd_flags=%d",
1495 dd->flags, nbr->dd_flags);
1496 break;
1497 }
1498
1499 /* Check initialize bit is set. */
1500 if (IS_SET_DD_I(dd->flags)) {
96b663a3
MS		 1501 zlog_info("Packet[DD]: Neighbor %pI4 I-bit set.",
1502 &nbr->router_id);
d62a17ae 1503 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_SeqNumberMismatch);
1504 break;
1505 }
1506
1507 /* Check DD Options. */
1508 if (dd->options != nbr->options) {
cf444bcf 1509 flog_warn(EC_OSPF_PACKET,
96b663a3
MS		 1510 "Packet[DD]: Neighbor %pI4 options mismatch.",
1511 &nbr->router_id);
d62a17ae 1512 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_SeqNumberMismatch);
1513 break;
1514 }
718e3744 1515
d62a17ae 1516 /* Check DD sequence number. */
1517 if ((IS_SET_DD_MS(nbr->dd_flags)
1518 && ntohl(dd->dd_seqnum) != nbr->dd_seqnum)
1519 || (!IS_SET_DD_MS(nbr->dd_flags)
1520 && ntohl(dd->dd_seqnum) != nbr->dd_seqnum + 1)) {
c9cc11f6 1521 flog_warn(
cf444bcf 1522 EC_OSPF_PACKET,
96b663a3
MS		 1523 "Packet[DD]: Neighbor %pI4 sequence number mismatch.",
1524 &nbr->router_id);
d62a17ae 1525 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_SeqNumberMismatch);
1526 break;
1527 }
1528
1529 /* Continue processing rest of packet. */
1530 ospf_db_desc_proc(s, oi, nbr, dd, size);
1531 break;
1532 case NSM_Loading:
1533 case NSM_Full:
1534 if (ospf_db_desc_is_dup(dd, nbr)) {
1535 if (IS_SET_DD_MS(nbr->dd_flags)) {
1536 /* Master should discard duplicate DD packet. */
1537 zlog_info(
96b663a3
MS		 1538 "Packet[DD]: Neighbor %pI4 duplicated, packet discarded.",
1539 &nbr->router_id);
d62a17ae 1540 break;
1541 } else {
1542 if (monotime_since(&nbr->last_send_ts, NULL)
1543 < nbr->v_inactivity * 1000000LL) {
1544 /* In states Loading and Full the slave
1545 must resend
1546 its last Database Description packet
1547 in response to
1548 duplicate Database Description
1549 packets received
1550 from the master. For this reason the
1551 slave must
1552 wait RouterDeadInterval seconds
1553 before freeing the
1554 last Database Description packet.
1555 Reception of a
1556 Database Description packet from the
1557 master after
1558 this interval will generate a
1559 SeqNumberMismatch
1560 neighbor event. RFC2328 Section 10.8
1561 */
1562 ospf_db_desc_resend(nbr);
1563 break;
1564 }
1565 }
718e3744 1566 }
718e3744 1567
d62a17ae 1568 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_SeqNumberMismatch);
1569 break;
1570 default:
cf444bcf 1571 flog_warn(EC_OSPF_PACKET,
96b663a3
MS		 1572 "Packet[DD]: Neighbor %pI4 NSM illegal status %u.",
1573 &nbr->router_id, nbr->state);
d62a17ae 1574 break;
1575 }
718e3744 1576}
1577
1578#define OSPF_LSA_KEY_SIZE 12 /* type(4) + id(4) + ar(4) */
1579
1580/* OSPF Link State Request Read -- RFC2328 Section 10.7. */
d62a17ae 1581static void ospf_ls_req(struct ip *iph, struct ospf_header *ospfh,
1582 struct stream *s, struct ospf_interface *oi,
d7c0a89a 1583 uint16_t size)
d62a17ae 1584{
1585 struct ospf_neighbor *nbr;
d7c0a89a 1586 uint32_t ls_type;
d62a17ae 1587 struct in_addr ls_id;
1588 struct in_addr adv_router;
1589 struct ospf_lsa *find;
1590 struct list *ls_upd;
1591 unsigned int length;
1592
1593 /* Increment statistics. */
1594 oi->ls_req_in++;
1595
1596 nbr = ospf_nbr_lookup(oi, iph, ospfh);
1597 if (nbr == NULL) {
cf444bcf 1598 flog_warn(EC_OSPF_PACKET,
96b663a3
MS		 1599 "Link State Request: Unknown Neighbor %pI4",
1600 &ospfh->router_id);
d62a17ae 1601 return;
718e3744 1602 }
1603
d62a17ae 1604 /* Add event to thread. */
1605 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_PacketReceived);
1606
1607 /* Neighbor State should be Exchange or later. */
1608 if (nbr->state != NSM_Exchange && nbr->state != NSM_Loading
1609 && nbr->state != NSM_Full) {
c9cc11f6 1610 flog_warn(
cf444bcf 1611 EC_OSPF_PACKET,
96b663a3
MS		 1612 "Link State Request received from %pI4: Neighbor state is %s, packet discarded.",
1613 &ospfh->router_id,
d62a17ae 1614 lookup_msg(ospf_nsm_state_msg, nbr->state, NULL));
1615 return;
718e3744 1616 }
1617
d62a17ae 1618 /* Send Link State Update for ALL requested LSAs. */
1619 ls_upd = list_new();
1620 length = OSPF_HEADER_SIZE + OSPF_LS_UPD_MIN_SIZE;
1621
1622 while (size >= OSPF_LSA_KEY_SIZE) {
1623 /* Get one slice of Link State Request. */
1624 ls_type = stream_getl(s);
1625 ls_id.s_addr = stream_get_ipv4(s);
1626 adv_router.s_addr = stream_get_ipv4(s);
1627
1628 /* Verify LSA type. */
1629 if (ls_type < OSPF_MIN_LSA || ls_type >= OSPF_MAX_LSA) {
1630 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_BadLSReq);
6a154c88 1631 list_delete(&ls_upd);
d62a17ae 1632 return;
1633 }
718e3744 1634
d62a17ae 1635 /* Search proper LSA in LSDB. */
b5a8894d
CS		 1636 find = ospf_lsa_lookup(oi->ospf, oi->area, ls_type, ls_id,
1637 adv_router);
d62a17ae 1638 if (find == NULL) {
1639 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_BadLSReq);
6a154c88 1640 list_delete(&ls_upd);
d62a17ae 1641 return;
1642 }
718e3744 1643
d62a17ae 1644 /* Packet overflows MTU size, send immediately. */
1645 if (length + ntohs(find->data->length) > ospf_packet_max(oi)) {
1646 if (oi->type == OSPF_IFTYPE_NBMA)
1647 ospf_ls_upd_send(nbr, ls_upd,
046460a1 1648 OSPF_SEND_PACKET_DIRECT, 0);
d62a17ae 1649 else
1650 ospf_ls_upd_send(nbr, ls_upd,
046460a1 1651 OSPF_SEND_PACKET_INDIRECT, 0);
d62a17ae 1652
1653 /* Only remove list contents. Keep ls_upd. */
1654 list_delete_all_node(ls_upd);
718e3744 1655
d62a17ae 1656 length = OSPF_HEADER_SIZE + OSPF_LS_UPD_MIN_SIZE;
1657 }
1658
1659 /* Append LSA to update list. */
1660 listnode_add(ls_upd, find);
1661 length += ntohs(find->data->length);
718e3744 1662
d62a17ae 1663 size -= OSPF_LSA_KEY_SIZE;
1664 }
718e3744 1665
d62a17ae 1666 /* Send rest of Link State Update. */
1667 if (listcount(ls_upd) > 0) {
1668 if (oi->type == OSPF_IFTYPE_NBMA)
996c9314
LB		 1669 ospf_ls_upd_send(nbr, ls_upd, OSPF_SEND_PACKET_DIRECT,
1670 0);
d62a17ae 1671 else
996c9314
LB		 1672 ospf_ls_upd_send(nbr, ls_upd, OSPF_SEND_PACKET_INDIRECT,
1673 0);
718e3744 1674
6a154c88 1675 list_delete(&ls_upd);
d62a17ae 1676 } else
6a154c88 1677 list_delete(&ls_upd);
718e3744 1678}
1679
1680/* Get the list of LSAs from Link State Update packet.
1681 And process some validation -- RFC2328 Section 13. (1)-(2). */
d62a17ae 1682static struct list *ospf_ls_upd_list_lsa(struct ospf_neighbor *nbr,
1683 struct stream *s,
1684 struct ospf_interface *oi, size_t size)
1685{
d7c0a89a
QY		 1686 uint16_t count, sum;
1687 uint32_t length;
d62a17ae 1688 struct lsa_header *lsah;
1689 struct ospf_lsa *lsa;
1690 struct list *lsas;
1691
1692 lsas = list_new();
1693
1694 count = stream_getl(s);
1695 size -= OSPF_LS_UPD_MIN_SIZE; /* # LSAs */
1696
1697 for (; size >= OSPF_LSA_HEADER_SIZE && count > 0;
1698 size -= length, stream_forward_getp(s, length), count--) {
2d34fb80 1699 lsah = (struct lsa_header *)stream_pnt(s);
d62a17ae 1700 length = ntohs(lsah->length);
1701
1702 if (length > size) {
c9cc11f6 1703 flog_warn(
cf444bcf 1704 EC_OSPF_PACKET,
d62a17ae 1705 "Link State Update: LSA length exceeds packet size.");
1706 break;
1707 }
718e3744 1708
d62a17ae 1709 /* Validate the LSA's LS checksum. */
1710 sum = lsah->checksum;
1711 if (!ospf_lsa_checksum_valid(lsah)) {
1712 /* (bug #685) more details in a one-line message make it
1713 * possible
1714 * to identify problem source on the one hand and to
1715 * have a better
1716 * chance to compress repeated messages in syslog on the
1717 * other */
c9cc11f6 1718 flog_warn(
cf444bcf 1719 EC_OSPF_PACKET,
96b663a3
MS		 1720 "Link State Update: LSA checksum error %x/%x, ID=%pI4 from: nbr %pI4, router ID %pI4, adv router %pI4",
1721 sum, lsah->checksum, &lsah->id,
1722 &nbr->src, &nbr->router_id,
1723 &lsah->adv_router);
d62a17ae 1724 continue;
1725 }
718e3744 1726
d62a17ae 1727 /* Examine the LSA's LS type. */
1728 if (lsah->type < OSPF_MIN_LSA || lsah->type >= OSPF_MAX_LSA) {
cf444bcf 1729 flog_warn(EC_OSPF_PACKET,
c9cc11f6 1730 "Link State Update: Unknown LS type %d",
d62a17ae 1731 lsah->type);
1732 continue;
1733 }
718e3744 1734
d62a17ae 1735 /*
1736 * What if the received LSA's age is greater than MaxAge?
1737 * Treat it as a MaxAge case -- endo.
1738 */
1739 if (ntohs(lsah->ls_age) > OSPF_LSA_MAXAGE)
1740 lsah->ls_age = htons(OSPF_LSA_MAXAGE);
718e3744 1741
d62a17ae 1742 if (CHECK_FLAG(nbr->options, OSPF_OPTION_O)) {
1743#ifdef STRICT_OBIT_USAGE_CHECK
1744 if ((IS_OPAQUE_LSA(lsah->type)
1745 && !CHECK_FLAG(lsah->options, OSPF_OPTION_O))
1746 || (!IS_OPAQUE_LSA(lsah->type)
1747 && CHECK_FLAG(lsah->options, OSPF_OPTION_O))) {
1748 /*
1749 * This neighbor must know the exact usage of
1750 * O-bit;
1751 * the bit will be set in Type-9,10,11 LSAs
1752 * only.
1753 */
cf444bcf 1754 flog_warn(EC_OSPF_PACKET,
96b663a3
MS		 1755 "LSA[Type%d:%pI4]: O-bit abuse?",
1756 lsah->type, &lsah->id);
d62a17ae 1757 continue;
1758 }
1759#endif /* STRICT_OBIT_USAGE_CHECK */
718e3744 1760
d62a17ae 1761 /* Do not take in AS External Opaque-LSAs if we are a
1762 * stub. */
1763 if (lsah->type == OSPF_OPAQUE_AS_LSA
1764 && nbr->oi->area->external_routing
1765 != OSPF_AREA_DEFAULT) {
1766 if (IS_DEBUG_OSPF_EVENT)
1767 zlog_debug(
96b663a3 1768 "LSA[Type%d:%pI4]: We are a stub, don't take this LSA.",
d62a17ae 1769 lsah->type,
96b663a3 1770 &lsah->id);
d62a17ae 1771 continue;
1772 }
1773 } else if (IS_OPAQUE_LSA(lsah->type)) {
cf444bcf 1774 flog_warn(EC_OSPF_PACKET,
96b663a3
MS		 1775 "LSA[Type%d:%pI4]: Opaque capability mismatch?",
1776 lsah->type, &lsah->id);
d62a17ae 1777 continue;
1778 }
718e3744 1779
d62a17ae 1780 /* Create OSPF LSA instance. */
5b3d4186 1781 lsa = ospf_lsa_new_and_data(length);
d62a17ae 1782
b5a8894d 1783 lsa->vrf_id = oi->ospf->vrf_id;
d62a17ae 1784 /* We may wish to put some error checking if type NSSA comes in
1785 and area not in NSSA mode */
1786 switch (lsah->type) {
1787 case OSPF_AS_EXTERNAL_LSA:
1788 case OSPF_OPAQUE_AS_LSA:
1789 lsa->area = NULL;
1790 break;
1791 case OSPF_OPAQUE_LINK_LSA:
1792 lsa->oi = oi; /* Remember incoming interface for
1793 flooding control. */
1794 /* Fallthrough */
1795 default:
1796 lsa->area = oi->area;
1797 break;
1798 }
718e3744 1799
d62a17ae 1800 memcpy(lsa->data, lsah, length);
1801
1802 if (IS_DEBUG_OSPF_EVENT)
1803 zlog_debug(
96b663a3
MS		 1804 "LSA[Type%d:%pI4]: %p new LSA created with Link State Update",
1805 lsa->data->type, &lsa->data->id,
d62a17ae 1806 (void *)lsa);
1807 listnode_add(lsas, lsa);
1808 }
718e3744 1809
d62a17ae 1810 return lsas;
718e3744 1811}
1812
1813/* Cleanup Update list. */
d62a17ae 1814static void ospf_upd_list_clean(struct list *lsas)
718e3744 1815{
d62a17ae 1816 struct listnode *node, *nnode;
1817 struct ospf_lsa *lsa;
718e3744 1818
d62a17ae 1819 for (ALL_LIST_ELEMENTS(lsas, node, nnode, lsa))
1820 ospf_lsa_discard(lsa);
718e3744 1821
6a154c88 1822 list_delete(&lsas);
718e3744 1823}
1824
1825/* OSPF Link State Update message read -- RFC2328 Section 13. */
d62a17ae 1826static void ospf_ls_upd(struct ospf *ospf, struct ip *iph,
1827 struct ospf_header *ospfh, struct stream *s,
d7c0a89a 1828 struct ospf_interface *oi, uint16_t size)
d62a17ae 1829{
1830 struct ospf_neighbor *nbr;
1831 struct list *lsas;
1832 struct listnode *node, *nnode;
1833 struct ospf_lsa *lsa = NULL;
1834 /* unsigned long ls_req_found = 0; */
1835
1836 /* Dis-assemble the stream, update each entry, re-encapsulate for
1837 * flooding */
1838
1839 /* Increment statistics. */
1840 oi->ls_upd_in++;
1841
1842 /* Check neighbor. */
1843 nbr = ospf_nbr_lookup(oi, iph, ospfh);
1844 if (nbr == NULL) {
cf444bcf 1845 flog_warn(EC_OSPF_PACKET,
96b663a3
MS		 1846 "Link State Update: Unknown Neighbor %pI4 on int: %s",
1847 &ospfh->router_id, IF_NAME(oi));
d62a17ae 1848 return;
718e3744 1849 }
1850
d62a17ae 1851 /* Add event to thread. */
1852 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_PacketReceived);
1853
1854 /* Check neighbor state. */
1855 if (nbr->state < NSM_Exchange) {
1856 if (IS_DEBUG_OSPF(nsm, NSM_EVENTS))
1857 zlog_debug(
96b663a3
MS		 1858 "Link State Update: Neighbor[%pI4] state %s is less than Exchange",
1859 &ospfh->router_id,
d62a17ae 1860 lookup_msg(ospf_nsm_state_msg, nbr->state,
1861 NULL));
1862 return;
1863 }
718e3744 1864
d62a17ae 1865 /* Get list of LSAs from Link State Update packet. - Also perorms Stages
1866 * 1 (validate LSA checksum) and 2 (check for LSA consistent type)
1867 * of section 13.
1868 */
1869 lsas = ospf_ls_upd_list_lsa(nbr, s, oi, size);
1870
35955c14
CS		 1871 if (lsas == NULL)
1872 return;
d62a17ae 1873#define DISCARD_LSA(L, N) \
1874 { \
1875 if (IS_DEBUG_OSPF_EVENT) \
1876 zlog_debug( \
1877 "ospf_lsa_discard() in ospf_ls_upd() point %d: lsa %p" \
1878 " Type-%d", \
1879 N, (void *)lsa, (int)lsa->data->type); \
1880 ospf_lsa_discard(L); \
1881 continue; \
718e3744 1882 }
1883
d62a17ae 1884 /* Process each LSA received in the one packet.
1885 *
1886 * Numbers in parentheses, e.g. (1), (2), etc., and the corresponding
1887 * text below are from the steps in RFC 2328, Section 13.
1888 */
1889 for (ALL_LIST_ELEMENTS(lsas, node, nnode, lsa)) {
1890 struct ospf_lsa *ls_ret, *current;
1891 int ret = 1;
1892
c067e23e
DS		 1893 if (IS_DEBUG_OSPF_NSSA)
1894 zlog_debug("LSA Type-%d from %pI4, ID: %pI4, ADV: %pI4",
1895 lsa->data->type, &ospfh->router_id,
1896 &lsa->data->id, &lsa->data->adv_router);
718e3744 1897
d62a17ae 1898 listnode_delete(lsas,
1899 lsa); /* We don't need it in list anymore */
1900
1901 /* (1) Validate Checksum - Done above by ospf_ls_upd_list_lsa()
1902 */
1903
1904 /* (2) LSA Type - Done above by ospf_ls_upd_list_lsa() */
1905
1906 /* (3) Do not take in AS External LSAs if we are a stub or NSSA.
1907 */
1908
1909 /* Do not take in AS NSSA if this neighbor and we are not NSSA
1910 */
1911
1912 /* Do take in Type-7's if we are an NSSA */
1913
1914 /* If we are also an ABR, later translate them to a Type-5
1915 * packet */
1916
1917 /* Later, an NSSA Re-fresh can Re-fresh Type-7's and an ABR will
1918 translate them to a separate Type-5 packet. */
1919
1920 if (lsa->data->type == OSPF_AS_EXTERNAL_LSA)
1921 /* Reject from STUB or NSSA */
1922 if (nbr->oi->area->external_routing
1923 != OSPF_AREA_DEFAULT) {
1924 if (IS_DEBUG_OSPF_NSSA)
1925 zlog_debug(
1926 "Incoming External LSA Discarded: We are NSSA/STUB Area");
1927 DISCARD_LSA(lsa, 1);
1928 }
1929
1930 if (lsa->data->type == OSPF_AS_NSSA_LSA)
1931 if (nbr->oi->area->external_routing != OSPF_AREA_NSSA) {
1932 if (IS_DEBUG_OSPF_NSSA)
1933 zlog_debug(
1934 "Incoming NSSA LSA Discarded: Not NSSA Area");
1935 DISCARD_LSA(lsa, 2);
1936 }
1937
1938 /* VU229804: Router-LSA Adv-ID must be equal to LS-ID */
1939 if (lsa->data->type == OSPF_ROUTER_LSA)
1940 if (!IPV4_ADDR_SAME(&lsa->data->id,
1941 &lsa->data->adv_router)) {
c067e23e
DS		 1942 flog_err(
1943 EC_OSPF_ROUTER_LSA_MISMATCH,
1944 "Incoming Router-LSA from %pI4 with Adv-ID[%pI4] != LS-ID[%pI4]",
1945 &ospfh->router_id, &lsa->data->id,
1946 &lsa->data->adv_router);
af4c2728 1947 flog_err(
cf444bcf 1948 EC_OSPF_DOMAIN_CORRUPT,
3efd0893 1949 "OSPF domain compromised by attack or corruption. Verify correct operation of -ALL- OSPF routers.");
d62a17ae 1950 DISCARD_LSA(lsa, 0);
1951 }
1952
1953 /* Find the LSA in the current database. */
1954
1955 current = ospf_lsa_lookup_by_header(oi->area, lsa->data);
1956
1957 /* (4) If the LSA's LS age is equal to MaxAge, and there is
1958 currently
1959 no instance of the LSA in the router's link state database,
1960 and none of router's neighbors are in states Exchange or
1961 Loading,
1962 then take the following actions: */
1963
1964 if (IS_LSA_MAXAGE(lsa) && !current
1965 && ospf_check_nbr_status(oi->ospf)) {
1966 /* (4a) Response Link State Acknowledgment. */
1967 ospf_ls_ack_send(nbr, lsa);
1968
1969 /* (4b) Discard LSA. */
1970 if (IS_DEBUG_OSPF(lsa, LSA)) {
1971 zlog_debug(
1972 "Link State Update[%s]: LS age is equal to MaxAge.",
1973 dump_lsa_key(lsa));
1974 }
1975 DISCARD_LSA(lsa, 3);
1976 }
1977
1978 if (IS_OPAQUE_LSA(lsa->data->type)
1979 && IPV4_ADDR_SAME(&lsa->data->adv_router,
1980 &oi->ospf->router_id)) {
1981 /*
1982 * Even if initial flushing seems to be completed, there
1983 * might
1984 * be a case that self-originated LSA with MaxAge still
1985 * remain
1986 * in the routing domain.
1987 * Just send an LSAck message to cease retransmission.
1988 */
1989 if (IS_LSA_MAXAGE(lsa)) {
c9cc11f6 1990 zlog_info("LSA[%s]: Boomerang effect?",
d62a17ae 1991 dump_lsa_key(lsa));
1992 ospf_ls_ack_send(nbr, lsa);
1993 ospf_lsa_discard(lsa);
1994
1995 if (current != NULL && !IS_LSA_MAXAGE(current))
1996 ospf_opaque_lsa_refresh_schedule(
1997 current);
1998 continue;
1999 }
2000
2001 /*
2002 * If an instance of self-originated Opaque-LSA is not
2003 * found
2004 * in the LSDB, there are some possible cases here.
2005 *
2006 * 1) This node lost opaque-capability after restart.
2007 * 2) Else, a part of opaque-type is no more supported.
2008 * 3) Else, a part of opaque-id is no more supported.
2009 *
2010 * Anyway, it is still this node's responsibility to
2011 * flush it.
2012 * Otherwise, the LSA instance remains in the routing
2013 * domain
2014 * until its age reaches to MaxAge.
2015 */
2016 /* XXX: We should deal with this for *ALL* LSAs, not
2017 * just opaque */
2018 if (current == NULL) {
2019 if (IS_DEBUG_OSPF_EVENT)
2020 zlog_debug(
3efd0893 2021 "LSA[%s]: Previously originated Opaque-LSA,not found in the LSDB.",
d62a17ae 2022 dump_lsa_key(lsa));
2023
2024 SET_FLAG(lsa->flags, OSPF_LSA_SELF);
2025
d62a17ae 2026 ospf_ls_ack_send(nbr, lsa);
2027
f45be0e1
QY		 2028 ospf_opaque_self_originated_lsa_received(nbr,
2029 lsa);
d62a17ae 2030 continue;
2031 }
2032 }
2033
2034 /* It might be happen that received LSA is self-originated
2035 * network LSA, but
2036 * router ID is changed. So, we should check if LSA is a
2037 * network-LSA whose
2038 * Link State ID is one of the router's own IP interface
2039 * addresses but whose
2040 * Advertising Router is not equal to the router's own Router ID
2041 * According to RFC 2328 12.4.2 and 13.4 this LSA should be
2042 * flushed.
2043 */
2044
2045 if (lsa->data->type == OSPF_NETWORK_LSA) {
2046 struct listnode *oinode, *oinnode;
2047 struct ospf_interface *out_if;
2048 int Flag = 0;
2049
2050 for (ALL_LIST_ELEMENTS(oi->ospf->oiflist, oinode,
2051 oinnode, out_if)) {
2052 if (out_if == NULL)
2053 break;
2054
2055 if ((IPV4_ADDR_SAME(&out_if->address->u.prefix4,
2056 &lsa->data->id))
2057 && (!(IPV4_ADDR_SAME(
2058 &oi->ospf->router_id,
2059 &lsa->data->adv_router)))) {
2060 if (out_if->network_lsa_self) {
2061 ospf_lsa_flush_area(
2062 lsa, out_if->area);
2063 if (IS_DEBUG_OSPF_EVENT)
2064 zlog_debug(
2065 "ospf_lsa_discard() in ospf_ls_upd() point 9: lsa %p Type-%d",
2066 (void *)lsa,
2067 (int)lsa->data
2068 ->type);
2069 ospf_lsa_discard(lsa);
2070 Flag = 1;
2071 }
2072 break;
2073 }
2074 }
2075 if (Flag)
2076 continue;
2077 }
2078
2079 /* (5) Find the instance of this LSA that is currently contained
2080 in the router's link state database. If there is no
2081 database copy, or the received LSA is more recent than
2082 the database copy the following steps must be performed.
2083 (The sub steps from RFC 2328 section 13 step (5) will be
2084 performed in
2085 ospf_flood() ) */
2086
2087 if (current == NULL
2088 || (ret = ospf_lsa_more_recent(current, lsa)) < 0) {
76c1efd7
CS		 2089 /* CVE-2017-3224 */
2090 if (current && (lsa->data->ls_seqnum ==
2091 htonl(OSPF_MAX_SEQUENCE_NUMBER)
2092 && !IS_LSA_MAXAGE(lsa))) {
2093 zlog_debug(
2094 "Link State Update[%s]: has Max Seq but not MaxAge. Dropping it",
2095 dump_lsa_key(lsa));
2096
2097 DISCARD_LSA(lsa, 4);
76c1efd7
CS		 2098 }
2099
d62a17ae 2100 /* Actual flooding procedure. */
2101 if (ospf_flood(oi->ospf, nbr, current, lsa)
2102 < 0) /* Trap NSSA later. */
76c1efd7 2103 DISCARD_LSA(lsa, 5);
d62a17ae 2104 continue;
2105 }
2106
2107 /* (6) Else, If there is an instance of the LSA on the sending
2108 neighbor's Link state request list, an error has occurred in
2109 the Database Exchange process. In this case, restart the
2110 Database Exchange process by generating the neighbor event
2111 BadLSReq for the sending neighbor and stop processing the
2112 Link State Update packet. */
2113
2114 if (ospf_ls_request_lookup(nbr, lsa)) {
2115 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_BadLSReq);
c9cc11f6 2116 flog_warn(
cf444bcf 2117 EC_OSPF_PACKET,
d62a17ae 2118 "LSA[%s] instance exists on Link state request list",
2119 dump_lsa_key(lsa));
2120
2121 /* Clean list of LSAs. */
2122 ospf_upd_list_clean(lsas);
2123 /* this lsa is not on lsas list already. */
2124 ospf_lsa_discard(lsa);
2125 return;
2126 }
2127
2128 /* If the received LSA is the same instance as the database copy
2129 (i.e., neither one is more recent) the following two steps
2130 should be performed: */
2131
2132 if (ret == 0) {
2133 /* If the LSA is listed in the Link state retransmission
2134 list
2135 for the receiving adjacency, the router itself is
2136 expecting
2137 an acknowledgment for this LSA. The router should
2138 treat the
2139 received LSA as an acknowledgment by removing the LSA
2140 from
2141 the Link state retransmission list. This is termed
2142 an
2143 "implied acknowledgment". */
2144
2145 ls_ret = ospf_ls_retransmit_lookup(nbr, lsa);
2146
2147 if (ls_ret != NULL) {
2148 ospf_ls_retransmit_delete(nbr, ls_ret);
2149
2150 /* Delayed acknowledgment sent if advertisement
2151 received
2152 from Designated Router, otherwise do nothing.
2153 */
2154 if (oi->state == ISM_Backup)
2155 if (NBR_IS_DR(nbr))
2156 listnode_add(
2157 oi->ls_ack,
2158 ospf_lsa_lock(lsa));
2159
76c1efd7 2160 DISCARD_LSA(lsa, 6);
d62a17ae 2161 } else
2162 /* Acknowledge the receipt of the LSA by sending a
2163 Link State Acknowledgment packet back out the
2164 receiving
2165 interface. */
2166 {
2167 ospf_ls_ack_send(nbr, lsa);
76c1efd7 2168 DISCARD_LSA(lsa, 7);
d62a17ae 2169 }
2170 }
2171
2172 /* The database copy is more recent. If the database copy
2173 has LS age equal to MaxAge and LS sequence number equal to
2174 MaxSequenceNumber, simply discard the received LSA without
2175 acknowledging it. (In this case, the LSA's LS sequence number
2176 is
2177 wrapping, and the MaxSequenceNumber LSA must be completely
2178 flushed before any new LSA instance can be introduced). */
2179
2180 else if (ret > 0) /* Database copy is more recent */
2181 {
2182 if (IS_LSA_MAXAGE(current)
2183 && current->data->ls_seqnum
2184 == htonl(OSPF_MAX_SEQUENCE_NUMBER)) {
76c1efd7 2185 DISCARD_LSA(lsa, 8);
d62a17ae 2186 }
2187 /* Otherwise, as long as the database copy has not been
2188 sent in a
2189 Link State Update within the last MinLSArrival
2190 seconds, send the
2191 database copy back to the sending neighbor,
2192 encapsulated within
2193 a Link State Update Packet. The Link State Update
2194 Packet should
2195 be sent directly to the neighbor. In so doing, do not
2196 put the
2197 database copy of the LSA on the neighbor's link state
2198 retransmission list, and do not acknowledge the
2199 received (less
2200 recent) LSA instance. */
2201 else {
2202 if (monotime_since(&current->tv_orig, NULL)
2203 >= ospf->min_ls_arrival * 1000LL)
2204 /* Trap NSSA type later.*/
2205 ospf_ls_upd_send_lsa(
2206 nbr, current,
2207 OSPF_SEND_PACKET_DIRECT);
76c1efd7 2208 DISCARD_LSA(lsa, 9);
d62a17ae 2209 }
2210 }
2211 }
2cd754de
PJ		 2212#undef DISCARD_LSA
2213
d62a17ae 2214 assert(listcount(lsas) == 0);
6a154c88 2215 list_delete(&lsas);
718e3744 2216}
2217
2218/* OSPF Link State Acknowledgment message read -- RFC2328 Section 13.7. */
d62a17ae 2219static void ospf_ls_ack(struct ip *iph, struct ospf_header *ospfh,
2220 struct stream *s, struct ospf_interface *oi,
d7c0a89a 2221 uint16_t size)
d62a17ae 2222{
2223 struct ospf_neighbor *nbr;
2224
2225 /* increment statistics. */
2226 oi->ls_ack_in++;
2227
2228 nbr = ospf_nbr_lookup(oi, iph, ospfh);
2229 if (nbr == NULL) {
cf444bcf 2230 flog_warn(EC_OSPF_PACKET,
96b663a3
MS		 2231 "Link State Acknowledgment: Unknown Neighbor %pI4",
2232 &ospfh->router_id);
d62a17ae 2233 return;
2234 }
2235
2236 /* Add event to thread. */
2237 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_PacketReceived);
2238
2239 if (nbr->state < NSM_Exchange) {
2240 if (IS_DEBUG_OSPF(nsm, NSM_EVENTS))
2241 zlog_debug(
96b663a3
MS		 2242 "Link State Acknowledgment: Neighbor[%pI4] state %s is less than Exchange",
2243 &ospfh->router_id,
d62a17ae 2244 lookup_msg(ospf_nsm_state_msg, nbr->state,
2245 NULL));
2246 return;
2247 }
2248
2249 while (size >= OSPF_LSA_HEADER_SIZE) {
2250 struct ospf_lsa *lsa, *lsr;
2251
2252 lsa = ospf_lsa_new();
2d34fb80 2253 lsa->data = (struct lsa_header *)stream_pnt(s);
b5a8894d 2254 lsa->vrf_id = oi->ospf->vrf_id;
d62a17ae 2255
2d34fb80 2256 /* lsah = (struct lsa_header *) stream_pnt (s); */
d62a17ae 2257 size -= OSPF_LSA_HEADER_SIZE;
2258 stream_forward_getp(s, OSPF_LSA_HEADER_SIZE);
2259
2260 if (lsa->data->type < OSPF_MIN_LSA
2261 || lsa->data->type >= OSPF_MAX_LSA) {
2262 lsa->data = NULL;
2263 ospf_lsa_discard(lsa);
2264 continue;
2265 }
2266
2267 lsr = ospf_ls_retransmit_lookup(nbr, lsa);
2268
2269 if (lsr != NULL && ospf_lsa_more_recent(lsr, lsa) == 0)
2270 ospf_ls_retransmit_delete(nbr, lsr);
2271
2272 lsa->data = NULL;
2273 ospf_lsa_discard(lsa);
2274 }
2275
2276 return;
2277}
2278
b5a8894d
CS		 2279static struct stream *ospf_recv_packet(struct ospf *ospf, int fd,
2280 struct interface **ifp,
d62a17ae 2281 struct stream *ibuf)
2282{
2283 int ret;
2284 struct ip *iph;
d7c0a89a 2285 uint16_t ip_len;
d62a17ae 2286 ifindex_t ifindex = 0;
2287 struct iovec iov;
2288 /* Header and data both require alignment. */
2289 char buff[CMSG_SPACE(SOPT_SIZE_CMSG_IFINDEX_IPV4())];
2290 struct msghdr msgh;
2291
2292 memset(&msgh, 0, sizeof(struct msghdr));
2293 msgh.msg_iov = &iov;
2294 msgh.msg_iovlen = 1;
2295 msgh.msg_control = (caddr_t)buff;
2296 msgh.msg_controllen = sizeof(buff);
2297
4392cc43
DS		 2298 ret = stream_recvmsg(ibuf, fd, &msgh, MSG_DONTWAIT,
2299 OSPF_MAX_PACKET_SIZE + 1);
d62a17ae 2300 if (ret < 0) {
4392cc43
DS		 2301 if (errno != EAGAIN && errno != EWOULDBLOCK)
2302 flog_warn(EC_OSPF_PACKET, "stream_recvmsg failed: %s",
2303 safe_strerror(errno));
d62a17ae 2304 return NULL;
2305 }
e947b307 2306 if ((unsigned int)ret < sizeof(struct ip)) {
c9cc11f6 2307 flog_warn(
cf444bcf 2308 EC_OSPF_PACKET,
3efd0893 2309 "ospf_recv_packet: discarding runt packet of length %d (ip header size is %u)",
d7c0a89a 2310 ret, (unsigned int)sizeof(iph));
d62a17ae 2311 return NULL;
2312 }
2313
2314 /* Note that there should not be alignment problems with this assignment
2315 because this is at the beginning of the stream data buffer. */
2316 iph = (struct ip *)STREAM_DATA(ibuf);
2317 sockopt_iphdrincl_swab_systoh(iph);
2318
2319 ip_len = iph->ip_len;
2320
bdee8083 2321#if defined(__FreeBSD__) && (__FreeBSD_version < 1000000)
d62a17ae 2322 /*
2323 * Kernel network code touches incoming IP header parameters,
2324 * before protocol specific processing.
2325 *
2326 * 1) Convert byteorder to host representation.
2327 * --> ip_len, ip_id, ip_off
2328 *
2329 * 2) Adjust ip_len to strip IP header size!
2330 * --> If user process receives entire IP packet via RAW
2331 * socket, it must consider adding IP header size to
2332 * the "ip_len" field of "ip" structure.
2333 *
2334 * For more details, see <netinet/ip_input.c>.
2335 */
2336 ip_len = ip_len + (iph->ip_hl << 2);
718e3744 2337#endif
d62a17ae 2338
0150c9c9 2339#if defined(__DragonFly__)
d62a17ae 2340 /*
2341 * in DragonFly's raw socket, ip_len/ip_off are read
2342 * in network byte order.
2343 * As OpenBSD < 200311 adjust ip_len to strip IP header size!
2344 */
2345 ip_len = ntohs(iph->ip_len) + (iph->ip_hl << 2);
0150c9c9
DB		 2346#endif
2347
d62a17ae 2348 ifindex = getsockopt_ifindex(AF_INET, &msgh);
2349
b5a8894d 2350 *ifp = if_lookup_by_index(ifindex, ospf->vrf_id);
d62a17ae 2351
2352 if (ret != ip_len) {
c9cc11f6 2353 flog_warn(
cf444bcf 2354 EC_OSPF_PACKET,
3efd0893 2355 "ospf_recv_packet read length mismatch: ip_len is %d, but recvmsg returned %d",
d62a17ae 2356 ip_len, ret);
2357 return NULL;
2358 }
718e3744 2359
868a0861 2360 if (IS_DEBUG_OSPF_PACKET(0, RECV))
15569c58
DA		 2361 zlog_debug("%s: fd %d(%s) on interface %d(%s)", __func__, fd,
2362 ospf_get_name(ospf), ifindex,
2363 *ifp ? (*ifp)->name : "Unknown");
d62a17ae 2364 return ibuf;
718e3744 2365}
2366
4dadc291 2367static struct ospf_interface *
d62a17ae 2368ospf_associate_packet_vl(struct ospf *ospf, struct interface *ifp,
2369 struct ip *iph, struct ospf_header *ospfh)
2370{
2371 struct ospf_interface *rcv_oi;
2372 struct ospf_vl_data *vl_data;
2373 struct ospf_area *vl_area;
2374 struct listnode *node;
2375
2376 if (IN_MULTICAST(ntohl(iph->ip_dst.s_addr))
2377 || !OSPF_IS_AREA_BACKBONE(ospfh))
2378 return NULL;
2379
2380 /* look for local OSPF interface matching the destination
2381 * to determine Area ID. We presume therefore the destination address
2382 * is unique, or at least (for "unnumbered" links), not used in other
2383 * areas
2384 */
2385 if ((rcv_oi = ospf_if_lookup_by_local_addr(ospf, NULL, iph->ip_dst))
2386 == NULL)
2387 return NULL;
2388
2389 for (ALL_LIST_ELEMENTS_RO(ospf->vlinks, node, vl_data)) {
2390 vl_area =
2391 ospf_area_lookup_by_area_id(ospf, vl_data->vl_area_id);
2392 if (!vl_area)
2393 continue;
2394
2395 if (OSPF_AREA_SAME(&vl_area, &rcv_oi->area)
2396 && IPV4_ADDR_SAME(&vl_data->vl_peer, &ospfh->router_id)) {
2397 if (IS_DEBUG_OSPF_EVENT)
2398 zlog_debug("associating packet with %s",
2399 IF_NAME(vl_data->vl_oi));
2400 if (!CHECK_FLAG(vl_data->vl_oi->ifp->flags, IFF_UP)) {
2401 if (IS_DEBUG_OSPF_EVENT)
2402 zlog_debug(
2403 "This VL is not up yet, sorry");
2404 return NULL;
2405 }
2406
2407 return vl_data->vl_oi;
2408 }
718e3744 2409 }
718e3744 2410
d62a17ae 2411 if (IS_DEBUG_OSPF_EVENT)
2412 zlog_debug("couldn't find any VL to associate the packet with");
2413
2414 return NULL;
718e3744 2415}
2416
d62a17ae 2417static int ospf_check_area_id(struct ospf_interface *oi,
2418 struct ospf_header *ospfh)
718e3744 2419{
d62a17ae 2420 /* Check match the Area ID of the receiving interface. */
2421 if (OSPF_AREA_SAME(&oi->area, &ospfh))
2422 return 1;
718e3744 2423
d62a17ae 2424 return 0;
718e3744 2425}
2426
2427/* Unbound socket will accept any Raw IP packets if proto is matched.
2428 To prevent it, compare src IP address and i/f address with masking
2429 i/f network mask. */
d62a17ae 2430static int ospf_check_network_mask(struct ospf_interface *oi,
2431 struct in_addr ip_src)
718e3744 2432{
d62a17ae 2433 struct in_addr mask, me, him;
718e3744 2434
d62a17ae 2435 if (oi->type == OSPF_IFTYPE_POINTOPOINT
2436 || oi->type == OSPF_IFTYPE_VIRTUALLINK)
2437 return 1;
718e3744 2438
0c5506a8
AL		 2439 /* Ignore mask check for max prefix length (32) */
2440 if (oi->type == OSPF_IFTYPE_POINTOMULTIPOINT
2441 && oi->address->prefixlen == IPV4_MAX_BITLEN)
2442 return 1;
2443
d62a17ae 2444 masklen2ip(oi->address->prefixlen, &mask);
718e3744 2445
d62a17ae 2446 me.s_addr = oi->address->u.prefix4.s_addr & mask.s_addr;
2447 him.s_addr = ip_src.s_addr & mask.s_addr;
718e3744 2448
d62a17ae 2449 if (IPV4_ADDR_SAME(&me, &him))
2450 return 1;
718e3744 2451
d62a17ae 2452 return 0;
718e3744 2453}
2454
bd5651f0
DO		 2455/* Return 1, if the packet is properly authenticated and checksummed,
2456 0 otherwise. In particular, check that AuType header field is valid and
2457 matches the locally configured AuType, and that D.5 requirements are met. */
d62a17ae 2458static int ospf_check_auth(struct ospf_interface *oi, struct ospf_header *ospfh)
2459{
2460 struct crypt_key *ck;
d7c0a89a
QY		 2461 uint16_t iface_auth_type;
2462 uint16_t pkt_auth_type = ntohs(ospfh->auth_type);
d62a17ae 2463
2464 switch (pkt_auth_type) {
2465 case OSPF_AUTH_NULL: /* RFC2328 D.5.1 */
2466 if (OSPF_AUTH_NULL != (iface_auth_type = ospf_auth_type(oi))) {
2467 if (IS_DEBUG_OSPF_PACKET(ospfh->type - 1, RECV))
c9cc11f6 2468 flog_warn(
cf444bcf 2469 EC_OSPF_PACKET,
d62a17ae 2470 "interface %s: auth-type mismatch, local %s, rcvd Null",
2471 IF_NAME(oi),
2472 lookup_msg(ospf_auth_type_str,
2473 iface_auth_type, NULL));
2474 return 0;
2475 }
2476 if (!ospf_check_sum(ospfh)) {
2477 if (IS_DEBUG_OSPF_PACKET(ospfh->type - 1, RECV))
c9cc11f6 2478 flog_warn(
cf444bcf 2479 EC_OSPF_PACKET,
96b663a3 2480 "interface %s: Null auth OK, but checksum error, Router-ID %pI4",
d62a17ae 2481 IF_NAME(oi),
96b663a3 2482 &ospfh->router_id);
d62a17ae 2483 return 0;
2484 }
2485 return 1;
2486 case OSPF_AUTH_SIMPLE: /* RFC2328 D.5.2 */
2487 if (OSPF_AUTH_SIMPLE
2488 != (iface_auth_type = ospf_auth_type(oi))) {
2489 if (IS_DEBUG_OSPF_PACKET(ospfh->type - 1, RECV))
c9cc11f6 2490 flog_warn(
cf444bcf 2491 EC_OSPF_PACKET,
d62a17ae 2492 "interface %s: auth-type mismatch, local %s, rcvd Simple",
2493 IF_NAME(oi),
2494 lookup_msg(ospf_auth_type_str,
2495 iface_auth_type, NULL));
2496 return 0;
2497 }
2498 if (memcmp(OSPF_IF_PARAM(oi, auth_simple), ospfh->u.auth_data,
2499 OSPF_AUTH_SIMPLE_SIZE)) {
2500 if (IS_DEBUG_OSPF_PACKET(ospfh->type - 1, RECV))
cf444bcf 2501 flog_warn(EC_OSPF_PACKET,
c9cc11f6 2502 "interface %s: Simple auth failed",
d62a17ae 2503 IF_NAME(oi));
2504 return 0;
2505 }
2506 if (!ospf_check_sum(ospfh)) {
2507 if (IS_DEBUG_OSPF_PACKET(ospfh->type - 1, RECV))
c9cc11f6 2508 flog_warn(
cf444bcf 2509 EC_OSPF_PACKET,
96b663a3 2510 "interface %s: Simple auth OK, checksum error, Router-ID %pI4",
d62a17ae 2511 IF_NAME(oi),
96b663a3 2512 &ospfh->router_id);
d62a17ae 2513 return 0;
2514 }
2515 return 1;
2516 case OSPF_AUTH_CRYPTOGRAPHIC: /* RFC2328 D.5.3 */
2517 if (OSPF_AUTH_CRYPTOGRAPHIC
2518 != (iface_auth_type = ospf_auth_type(oi))) {
2519 if (IS_DEBUG_OSPF_PACKET(ospfh->type - 1, RECV))
c9cc11f6 2520 flog_warn(
cf444bcf 2521 EC_OSPF_PACKET,
d62a17ae 2522 "interface %s: auth-type mismatch, local %s, rcvd Cryptographic",
2523 IF_NAME(oi),
2524 lookup_msg(ospf_auth_type_str,
2525 iface_auth_type, NULL));
2526 return 0;
2527 }
2528 if (ospfh->checksum) {
2529 if (IS_DEBUG_OSPF_PACKET(ospfh->type - 1, RECV))
c9cc11f6 2530 flog_warn(
cf444bcf 2531 EC_OSPF_PACKET,
d62a17ae 2532 "interface %s: OSPF header checksum is not 0",
2533 IF_NAME(oi));
2534 return 0;
2535 }
2536 /* only MD5 crypto method can pass ospf_packet_examin() */
996c9314
LB		 2537 if (NULL == (ck = listgetdata(
2538 listtail(OSPF_IF_PARAM(oi, auth_crypt))))
2539 || ospfh->u.crypt.key_id != ck->key_id ||
2540 /* Condition above uses the last key ID on the list,
2541 which is
2542 different from what ospf_crypt_key_lookup() does. A
2543 bug? */
2544 !ospf_check_md5_digest(oi, ospfh)) {
d62a17ae 2545 if (IS_DEBUG_OSPF_PACKET(ospfh->type - 1, RECV))
cf444bcf 2546 flog_warn(EC_OSPF_MD5,
c9cc11f6 2547 "interface %s: MD5 auth failed",
d62a17ae 2548 IF_NAME(oi));
2549 return 0;
2550 }
2551 return 1;
2552 default:
2553 if (IS_DEBUG_OSPF_PACKET(ospfh->type - 1, RECV))
c9cc11f6 2554 flog_warn(
cf444bcf 2555 EC_OSPF_PACKET,
d62a17ae 2556 "interface %s: invalid packet auth-type (%02x)",
2557 IF_NAME(oi), pkt_auth_type);
2558 return 0;
2559 }
2560}
2561
2562static int ospf_check_sum(struct ospf_header *ospfh)
2563{
d7c0a89a
QY		 2564 uint32_t ret;
2565 uint16_t sum;
d62a17ae 2566
2567 /* clear auth_data for checksum. */
2568 memset(ospfh->u.auth_data, 0, OSPF_AUTH_SIMPLE_SIZE);
2569
2570 /* keep checksum and clear. */
2571 sum = ospfh->checksum;
d7c0a89a 2572 memset(&ospfh->checksum, 0, sizeof(uint16_t));
d62a17ae 2573
2574 /* calculate checksum. */
2575 ret = in_cksum(ospfh, ntohs(ospfh->length));
2576
2577 if (ret != sum) {
2578 zlog_info("ospf_check_sum(): checksum mismatch, my %X, his %X",
2579 ret, sum);
2580 return 0;
2581 }
2582
2583 return 1;
718e3744 2584}
2585
4e31de79
DO		 2586/* Verify, that given link/TOS records are properly sized/aligned and match
2587 Router-LSA "# links" and "# TOS" fields as specified in RFC2328 A.4.2. */
d62a17ae 2588static unsigned ospf_router_lsa_links_examin(struct router_lsa_link *link,
d7c0a89a
QY		 2589 uint16_t linkbytes,
2590 const uint16_t num_links)
d62a17ae 2591{
2592 unsigned counted_links = 0, thislinklen;
2593
04d6a0f8 2594 while (linkbytes >= OSPF_ROUTER_LSA_LINK_SIZE) {
d62a17ae 2595 thislinklen =
2596 OSPF_ROUTER_LSA_LINK_SIZE + 4 * link->m[0].tos_count;
2597 if (thislinklen > linkbytes) {
2598 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2599 zlog_debug("%s: length error in link block #%u",
2600 __func__, counted_links);
2601 return MSG_NG;
2602 }
2603 link = (struct router_lsa_link *)((caddr_t)link + thislinklen);
2604 linkbytes -= thislinklen;
2605 counted_links++;
2606 }
2607 if (counted_links != num_links) {
2608 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2609 zlog_debug("%s: %u link blocks declared, %u present",
2610 __func__, num_links, counted_links);
2611 return MSG_NG;
2612 }
2613 return MSG_OK;
4e31de79
DO		 2614}
2615
2616/* Verify, that the given LSA is properly sized/aligned (including type-specific
2617 minimum length constraint). */
d7c0a89a
QY		 2618static unsigned ospf_lsa_examin(struct lsa_header *lsah, const uint16_t lsalen,
2619 const uint8_t headeronly)
d62a17ae 2620{
2621 unsigned ret;
2622 struct router_lsa *rlsa;
2623 if (lsah->type < OSPF_MAX_LSA && ospf_lsa_minlen[lsah->type]
2624 && lsalen < OSPF_LSA_HEADER_SIZE + ospf_lsa_minlen[lsah->type]) {
2625 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2626 zlog_debug("%s: undersized (%u B) %s", __func__, lsalen,
2627 lookup_msg(ospf_lsa_type_msg, lsah->type,
2628 NULL));
2629 return MSG_NG;
2630 }
2631 switch (lsah->type) {
04d6a0f8
QY		 2632 case OSPF_ROUTER_LSA: {
2633 /*
2634 * RFC2328 A.4.2, LSA header + 4 bytes followed by N>=0
2635 * (12+)-byte link blocks
2636 */
2637 size_t linkbytes_len = lsalen - OSPF_LSA_HEADER_SIZE
2638 - OSPF_ROUTER_LSA_MIN_SIZE;
2639
2640 /*
2641 * LSA link blocks are variable length but always multiples of
2642 * 4; basic sanity check
2643 */
2644 if (linkbytes_len % 4 != 0)
2645 return MSG_NG;
2646
2647 if (headeronly)
2648 return MSG_OK;
2649
d62a17ae 2650 rlsa = (struct router_lsa *)lsah;
04d6a0f8 2651
d62a17ae 2652 ret = ospf_router_lsa_links_examin(
2653 (struct router_lsa_link *)rlsa->link,
04d6a0f8
QY		 2654 linkbytes_len,
2655 ntohs(rlsa->links));
d62a17ae 2656 break;
04d6a0f8 2657 }
d62a17ae 2658 case OSPF_AS_EXTERNAL_LSA:
2659 /* RFC2328 A.4.5, LSA header + 4 bytes followed by N>=1 12-bytes long
2660 * blocks */
2661 case OSPF_AS_NSSA_LSA:
2662 /* RFC3101 C, idem */
2663 ret = (lsalen - OSPF_LSA_HEADER_SIZE
2664 - OSPF_AS_EXTERNAL_LSA_MIN_SIZE)
2665 % 12
2666 ? MSG_NG
2667 : MSG_OK;
2668 break;
2669 /* Following LSA types are considered OK length-wise as soon as their
2670 * minimum
2671 * length constraint is met and length of the whole LSA is a multiple of
2672 * 4
2673 * (basic LSA header size is already a multiple of 4). */
2674 case OSPF_NETWORK_LSA:
2675 /* RFC2328 A.4.3, LSA header + 4 bytes followed by N>=1 router-IDs */
2676 case OSPF_SUMMARY_LSA:
2677 case OSPF_ASBR_SUMMARY_LSA:
2678 /* RFC2328 A.4.4, LSA header + 4 bytes followed by N>=1 4-bytes TOS
2679 * blocks */
2680 case OSPF_OPAQUE_LINK_LSA:
2681 case OSPF_OPAQUE_AREA_LSA:
2682 case OSPF_OPAQUE_AS_LSA:
2683 /* RFC5250 A.2, "some number of octets (of application-specific
2684 * data) padded to 32-bit alignment." This is considered
2685 * equivalent
2686 * to 4-byte alignment of all other LSA types, see
2687 * OSPF-ALIGNMENT.txt
2688 * file for the detailed analysis of this passage. */
2689 ret = lsalen % 4 ? MSG_NG : MSG_OK;
2690 break;
2691 default:
2692 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2693 zlog_debug("%s: unsupported LSA type 0x%02x", __func__,
2694 lsah->type);
2695 return MSG_NG;
2696 }
2697 if (ret != MSG_OK && IS_DEBUG_OSPF_PACKET(0, RECV))
2698 zlog_debug("%s: alignment error in %s", __func__,
2699 lookup_msg(ospf_lsa_type_msg, lsah->type, NULL));
2700 return ret;
4e31de79
DO		 2701}
2702
2703/* Verify if the provided input buffer is a valid sequence of LSAs. This
2704 includes verification of LSA blocks length/alignment and dispatching
2705 of deeper-level checks. */
2706static unsigned
d62a17ae 2707ospf_lsaseq_examin(struct lsa_header *lsah, /* start of buffered data */
d7c0a89a 2708 size_t length, const uint8_t headeronly,
d62a17ae 2709 /* When declared_num_lsas is not 0, compare it to the real
2710 number of LSAs
2711 and treat the difference as an error. */
d7c0a89a 2712 const uint32_t declared_num_lsas)
d62a17ae 2713{
d7c0a89a 2714 uint32_t counted_lsas = 0;
d62a17ae 2715
2716 while (length) {
d7c0a89a 2717 uint16_t lsalen;
d62a17ae 2718 if (length < OSPF_LSA_HEADER_SIZE) {
2719 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2720 zlog_debug(
2721 "%s: undersized (%zu B) trailing (#%u) LSA header",
2722 __func__, length, counted_lsas);
2723 return MSG_NG;
2724 }
2725 /* save on ntohs() calls here and in the LSA validator */
2726 lsalen = ntohs(lsah->length);
2727 if (lsalen < OSPF_LSA_HEADER_SIZE) {
2728 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2729 zlog_debug(
2730 "%s: malformed LSA header #%u, declared length is %u B",
2731 __func__, counted_lsas, lsalen);
2732 return MSG_NG;
2733 }
2734 if (headeronly) {
2735 /* less checks here and in ospf_lsa_examin() */
2736 if (MSG_OK != ospf_lsa_examin(lsah, lsalen, 1)) {
2737 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2738 zlog_debug(
2739 "%s: malformed header-only LSA #%u",
2740 __func__, counted_lsas);
2741 return MSG_NG;
2742 }
2743 lsah = (struct lsa_header *)((caddr_t)lsah
2744 + OSPF_LSA_HEADER_SIZE);
2745 length -= OSPF_LSA_HEADER_SIZE;
2746 } else {
2747 /* make sure the input buffer is deep enough before
2748 * further checks */
2749 if (lsalen > length) {
2750 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2751 zlog_debug(
2752 "%s: anomaly in LSA #%u: declared length is %u B, buffered length is %zu B",
2753 __func__, counted_lsas, lsalen,
2754 length);
2755 return MSG_NG;
2756 }
2757 if (MSG_OK != ospf_lsa_examin(lsah, lsalen, 0)) {
2758 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2759 zlog_debug("%s: malformed LSA #%u",
2760 __func__, counted_lsas);
2761 return MSG_NG;
2762 }
2763 lsah = (struct lsa_header *)((caddr_t)lsah + lsalen);
2764 length -= lsalen;
2765 }
2766 counted_lsas++;
2767 }
2768
2769 if (declared_num_lsas && counted_lsas != declared_num_lsas) {
2770 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2771 zlog_debug(
2772 "%s: #LSAs declared (%u) does not match actual (%u)",
2773 __func__, declared_num_lsas, counted_lsas);
2774 return MSG_NG;
2775 }
2776 return MSG_OK;
4e31de79
DO		 2777}
2778
75c8eabb 2779/* Verify a complete OSPF packet for proper sizing/alignment. */
d62a17ae 2780static unsigned ospf_packet_examin(struct ospf_header *oh,
2781 const unsigned bytesonwire)
2782{
d7c0a89a 2783 uint16_t bytesdeclared, bytesauth;
d62a17ae 2784 unsigned ret;
2785 struct ospf_ls_update *lsupd;
2786
2787 /* Length, 1st approximation. */
2788 if (bytesonwire < OSPF_HEADER_SIZE) {
2789 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2790 zlog_debug("%s: undersized (%u B) packet", __func__,
2791 bytesonwire);
2792 return MSG_NG;
2793 }
2794 /* Now it is safe to access header fields. Performing length check,
2795 * allow
2796 * for possible extra bytes of crypto auth/padding, which are not
2797 * counted
2798 * in the OSPF header "length" field. */
2799 if (oh->version != OSPF_VERSION) {
2800 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2801 zlog_debug("%s: invalid (%u) protocol version",
2802 __func__, oh->version);
2803 return MSG_NG;
2804 }
2805 bytesdeclared = ntohs(oh->length);
2806 if (ntohs(oh->auth_type) != OSPF_AUTH_CRYPTOGRAPHIC)
2807 bytesauth = 0;
2808 else {
2809 if (oh->u.crypt.auth_data_len != OSPF_AUTH_MD5_SIZE) {
2810 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2811 zlog_debug(
2812 "%s: unsupported crypto auth length (%u B)",
2813 __func__, oh->u.crypt.auth_data_len);
2814 return MSG_NG;
2815 }
2816 bytesauth = OSPF_AUTH_MD5_SIZE;
2817 }
2818 if (bytesdeclared + bytesauth > bytesonwire) {
2819 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2820 zlog_debug(
2821 "%s: packet length error (%u real, %u+%u declared)",
2822 __func__, bytesonwire, bytesdeclared,
2823 bytesauth);
2824 return MSG_NG;
2825 }
2826 /* Length, 2nd approximation. The type-specific constraint is checked
2827 against declared length, not amount of bytes on wire. */
2828 if (oh->type >= OSPF_MSG_HELLO && oh->type <= OSPF_MSG_LS_ACK
2829 && bytesdeclared
2830 < OSPF_HEADER_SIZE + ospf_packet_minlen[oh->type]) {
2831 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2832 zlog_debug("%s: undersized (%u B) %s packet", __func__,
2833 bytesdeclared,
2834 lookup_msg(ospf_packet_type_str, oh->type,
2835 NULL));
2836 return MSG_NG;
2837 }
2838 switch (oh->type) {
2839 case OSPF_MSG_HELLO:
2840 /* RFC2328 A.3.2, packet header + OSPF_HELLO_MIN_SIZE bytes
2841 followed
2842 by N>=0 router-IDs. */
2843 ret = (bytesdeclared - OSPF_HEADER_SIZE - OSPF_HELLO_MIN_SIZE)
2844 % 4
2845 ? MSG_NG
2846 : MSG_OK;
2847 break;
2848 case OSPF_MSG_DB_DESC:
2849 /* RFC2328 A.3.3, packet header + OSPF_DB_DESC_MIN_SIZE bytes
2850 followed
2851 by N>=0 header-only LSAs. */
2852 ret = ospf_lsaseq_examin(
2853 (struct lsa_header *)((caddr_t)oh + OSPF_HEADER_SIZE
2854 + OSPF_DB_DESC_MIN_SIZE),
2855 bytesdeclared - OSPF_HEADER_SIZE
2856 - OSPF_DB_DESC_MIN_SIZE,
2857 1, /* header-only LSAs */
2858 0);
2859 break;
2860 case OSPF_MSG_LS_REQ:
2861 /* RFC2328 A.3.4, packet header followed by N>=0 12-bytes
2862 * request blocks. */
2863 ret = (bytesdeclared - OSPF_HEADER_SIZE - OSPF_LS_REQ_MIN_SIZE)
2864 % OSPF_LSA_KEY_SIZE
2865 ? MSG_NG
2866 : MSG_OK;
2867 break;
2868 case OSPF_MSG_LS_UPD:
2869 /* RFC2328 A.3.5, packet header + OSPF_LS_UPD_MIN_SIZE bytes
2870 followed
2871 by N>=0 full LSAs (with N declared beforehand). */
2872 lsupd = (struct ospf_ls_update *)((caddr_t)oh
2873 + OSPF_HEADER_SIZE);
2874 ret = ospf_lsaseq_examin(
2875 (struct lsa_header *)((caddr_t)lsupd
2876 + OSPF_LS_UPD_MIN_SIZE),
2877 bytesdeclared - OSPF_HEADER_SIZE - OSPF_LS_UPD_MIN_SIZE,
2878 0, /* full LSAs */
2879 ntohl(lsupd->num_lsas) /* 32 bits */
9d303b37 2880 );
d62a17ae 2881 break;
2882 case OSPF_MSG_LS_ACK:
2883 /* RFC2328 A.3.6, packet header followed by N>=0 header-only
2884 * LSAs. */
2885 ret = ospf_lsaseq_examin(
2886 (struct lsa_header *)((caddr_t)oh + OSPF_HEADER_SIZE
2887 + OSPF_LS_ACK_MIN_SIZE),
2888 bytesdeclared - OSPF_HEADER_SIZE - OSPF_LS_ACK_MIN_SIZE,
2889 1, /* header-only LSAs */
2890 0);
2891 break;
2892 default:
2893 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2894 zlog_debug("%s: invalid packet type 0x%02x", __func__,
2895 oh->type);
2896 return MSG_NG;
2897 }
2898 if (ret != MSG_OK && IS_DEBUG_OSPF_PACKET(0, RECV))
2899 zlog_debug("%s: malformed %s packet", __func__,
2900 lookup_msg(ospf_packet_type_str, oh->type, NULL));
2901 return ret;
75c8eabb
DO		 2902}
2903
718e3744 2904/* OSPF Header verification. */
d62a17ae 2905static int ospf_verify_header(struct stream *ibuf, struct ospf_interface *oi,
2906 struct ip *iph, struct ospf_header *ospfh)
2907{
2908 /* Check Area ID. */
2909 if (!ospf_check_area_id(oi, ospfh)) {
cf444bcf 2910 flog_warn(EC_OSPF_PACKET,
96b663a3
MS		 2911 "interface %s: ospf_read invalid Area ID %pI4",
2912 IF_NAME(oi), &ospfh->area_id);
d62a17ae 2913 return -1;
2914 }
718e3744 2915
d62a17ae 2916 /* Check network mask, Silently discarded. */
2917 if (!ospf_check_network_mask(oi, iph->ip_src)) {
c9cc11f6 2918 flog_warn(
cf444bcf 2919 EC_OSPF_PACKET,
96b663a3
MS		 2920 "interface %s: ospf_read network address is not same [%pI4]",
2921 IF_NAME(oi), &iph->ip_src);
d62a17ae 2922 return -1;
2923 }
718e3744 2924
d62a17ae 2925 /* Check authentication. The function handles logging actions, where
2926 * required. */
2927 if (!ospf_check_auth(oi, ospfh))
2928 return -1;
718e3744 2929
d62a17ae 2930 return 0;
718e3744 2931}
2932
02637513
DS		 2933enum ospf_read_return_enum {
2934 OSPF_READ_ERROR,
2935 OSPF_READ_CONTINUE,
2936};
2937
2938static enum ospf_read_return_enum ospf_read_helper(struct ospf *ospf)
d62a17ae 2939{
2940 int ret;
2941 struct stream *ibuf;
d62a17ae 2942 struct ospf_interface *oi;
2943 struct ip *iph;
2944 struct ospf_header *ospfh;
d7c0a89a 2945 uint16_t length;
d62a17ae 2946 struct connected *c;
02637513 2947 struct interface *ifp = NULL;
d62a17ae 2948
02637513
DS		 2949 stream_reset(ospf->ibuf);
2950 ibuf = ospf_recv_packet(ospf, ospf->fd, &ifp, ospf->ibuf);
2951 if (ibuf == NULL)
2952 return OSPF_READ_ERROR;
d62a17ae 2953
02637513
DS		 2954 /*
2955 * This raw packet is known to be at least as big as its
2956 * IP header. Note that there should not be alignment problems with
2957 * this assignment because this is at the beginning of the
2958 * stream data buffer.
2959 */
2960 iph = (struct ip *)STREAM_DATA(ibuf);
2961 /*
2962 * Note that sockopt_iphdrincl_swab_systoh was called in
2963 * ospf_recv_packet.
2964 */
2965 if (ifp == NULL) {
4392cc43 2966 /*
02637513
DS		 2967 * Handle cases where the platform does not support
2968 * retrieving the ifindex, and also platforms (such as
2969 * Solaris 8) that claim to support ifindex retrieval but do
2970 * not.
4392cc43 2971 */
02637513
DS		 2972 c = if_lookup_address((void *)&iph->ip_src, AF_INET,
2973 ospf->vrf_id);
2974 if (c)
2975 ifp = c->ifp;
868a0861 2976 if (ifp == NULL) {
02637513 2977 if (IS_DEBUG_OSPF_PACKET(0, RECV))
4392cc43 2978 zlog_debug(
96b663a3
MS		 2979 "%s: Unable to determine incoming interface from: %pI4(%s)",
2980 __func__, &iph->ip_src,
02637513
DS		 2981 ospf_get_name(ospf));
2982 return OSPF_READ_CONTINUE;
d62a17ae 2983 }
02637513 2984 }
d62a17ae 2985
555691e9
DS		 2986 if (ospf->vrf_id == VRF_DEFAULT && ospf->vrf_id != ifp->vrf_id) {
2987 /*
2988 * We may have a situation where l3mdev_accept == 1
2989 * let's just kindly drop the packet and move on.
2990 * ospf really really really does not like when
2991 * we receive the same packet multiple times.
2992 */
2993 return OSPF_READ_CONTINUE;
2994 }
2995
02637513
DS		 2996 /* Self-originated packet should be discarded silently. */
2997 if (ospf_if_lookup_by_local_addr(ospf, NULL, iph->ip_src)) {
2998 if (IS_DEBUG_OSPF_PACKET(0, RECV)) {
2999 zlog_debug(
96b663a3
MS		 3000 "ospf_read[%pI4]: Dropping self-originated packet",
3001 &iph->ip_src);
02637513
DS		 3002 }
3003 return OSPF_READ_CONTINUE;
3004 }
d62a17ae 3005
01e3c376
QY		 3006 /* Check that we have enough for an IP header */
3007 if ((unsigned int)(iph->ip_hl << 2) >= STREAM_READABLE(ibuf)) {
3008 if ((unsigned int)(iph->ip_hl << 2) == STREAM_READABLE(ibuf)) {
3009 flog_warn(
3010 EC_OSPF_PACKET,
3011 "Rx'd IP packet with OSPF protocol number but no payload");
3012 } else {
3013 flog_warn(
3014 EC_OSPF_PACKET,
3015 "IP header length field claims header is %u bytes, but we only have %zu",
3016 (unsigned int)(iph->ip_hl << 2),
3017 STREAM_READABLE(ibuf));
3018 }
3019
3020 return OSPF_READ_ERROR;
3021 }
3022 stream_forward_getp(ibuf, iph->ip_hl << 2);
d62a17ae 3023
02637513
DS		 3024 ospfh = (struct ospf_header *)stream_pnt(ibuf);
3025 if (MSG_OK
3026 != ospf_packet_examin(ospfh, stream_get_endp(ibuf)
3027 - stream_get_getp(ibuf)))
3028 return OSPF_READ_CONTINUE;
3029 /* Now it is safe to access all fields of OSPF packet header. */
4392cc43 3030
02637513
DS		 3031 /* associate packet with ospf interface */
3032 oi = ospf_if_lookup_recv_if(ospf, iph->ip_src, ifp);
4392cc43 3033
02637513
DS		 3034 /*
3035 * ospf_verify_header() relies on a valid "oi" and thus can be called
3036 * only after the passive/backbone/other checks below are passed.
3037 * These checks in turn access the fields of unverified "ospfh"
3038 * structure for their own purposes and must remain very accurate
3039 * in doing this.
3040 */
4392cc43 3041
02637513
DS		 3042 /* If incoming interface is passive one, ignore it. */
3043 if (oi && OSPF_IF_PASSIVE_STATUS(oi) == OSPF_IF_PASSIVE) {
02637513
DS		 3044 if (IS_DEBUG_OSPF_EVENT)
3045 zlog_debug(
c067e23e
DS		 3046 "ignoring packet from router %pI4 sent to %pI4, received on a passive interface, %pI4",
3047 &ospfh->router_id, &iph->ip_dst,
3048 &oi->address->u.prefix4);
d62a17ae 3049
02637513
DS		 3050 if (iph->ip_dst.s_addr == htonl(OSPF_ALLSPFROUTERS)) {
3051 /* Try to fix multicast membership.
3052 * Some OS:es may have problems in this area,
3053 * make sure it is removed.
3054 */
3055 OI_MEMBER_JOINED(oi, MEMBER_ALLROUTERS);
d62a17ae 3056 ospf_if_set_multicast(oi);
3057 }
02637513
DS		 3058 return OSPF_READ_CONTINUE;
3059 }
d62a17ae 3060
02637513
DS		 3061
3062 /* if no local ospf_interface,
3063 * or header area is backbone but ospf_interface is not
3064 * check for VLINK interface
3065 */
3066 if ((oi == NULL)
3067 || (OSPF_IS_AREA_ID_BACKBONE(ospfh->area_id)
3068 && !OSPF_IS_AREA_ID_BACKBONE(oi->area->area_id))) {
3069 if ((oi = ospf_associate_packet_vl(ospf, ifp, iph, ospfh))
3070 == NULL) {
3071 if (!ospf->instance && IS_DEBUG_OSPF_EVENT)
d62a17ae 3072 zlog_debug(
96b663a3
MS		 3073 "Packet from [%pI4] received on link %s but no ospf_interface",
3074 &iph->ip_src, ifp->name);
02637513 3075 return OSPF_READ_CONTINUE;
d62a17ae 3076 }
02637513 3077 }
d62a17ae 3078
02637513
DS		 3079 /*
3080 * else it must be a local ospf interface, check it was
3081 * received on correct link
3082 */
3083 else if (oi->ifp != ifp) {
3084 if (IS_DEBUG_OSPF_EVENT)
3085 flog_warn(EC_OSPF_PACKET,
96b663a3
MS		 3086 "Packet from [%pI4] received on wrong link %s",
3087 &iph->ip_src, ifp->name);
02637513
DS		 3088 return OSPF_READ_CONTINUE;
3089 } else if (oi->state == ISM_Down) {
02637513
DS		 3090 flog_warn(
3091 EC_OSPF_PACKET,
c067e23e
DS		 3092 "Ignoring packet from %pI4 to %pI4 received on interface that is down [%s]; interface flags are %s",
3093 &iph->ip_src, &iph->ip_dst, ifp->name,
3094 if_flag_dump(ifp->flags));
02637513
DS		 3095 /* Fix multicast memberships? */
3096 if (iph->ip_dst.s_addr == htonl(OSPF_ALLSPFROUTERS))
3097 OI_MEMBER_JOINED(oi, MEMBER_ALLROUTERS);
3098 else if (iph->ip_dst.s_addr == htonl(OSPF_ALLDROUTERS))
3099 OI_MEMBER_JOINED(oi, MEMBER_DROUTERS);
3100 if (oi->multicast_memberships)
3101 ospf_if_set_multicast(oi);
3102 return OSPF_READ_CONTINUE;
3103 }
d62a17ae 3104
02637513
DS		 3105 /*
3106 * If the received packet is destined for AllDRouters, the
3107 * packet should be accepted only if the received ospf
3108 * interface state is either DR or Backup -- endo.
3109 *
3110 * I wonder who endo is?
3111 */
3112 if (iph->ip_dst.s_addr == htonl(OSPF_ALLDROUTERS)
3113 && (oi->state != ISM_DR && oi->state != ISM_Backup)) {
3114 flog_warn(
3115 EC_OSPF_PACKET,
96b663a3
MS		 3116 "Dropping packet for AllDRouters from [%pI4] via [%s] (ISM: %s)",
3117 &iph->ip_src, IF_NAME(oi),
02637513
DS		 3118 lookup_msg(ospf_ism_state_msg, oi->state, NULL));
3119 /* Try to fix multicast membership. */
3120 SET_FLAG(oi->multicast_memberships, MEMBER_DROUTERS);
3121 ospf_if_set_multicast(oi);
3122 return OSPF_READ_CONTINUE;
3123 }
3124
3125 /* Verify more OSPF header fields. */
3126 ret = ospf_verify_header(ibuf, oi, iph, ospfh);
3127 if (ret < 0) {
3128 if (IS_DEBUG_OSPF_PACKET(0, RECV))
3129 zlog_debug(
96b663a3
MS		 3130 "ospf_read[%pI4]: Header check failed, dropping.",
3131 &iph->ip_src);
02637513
DS		 3132 return OSPF_READ_CONTINUE;
3133 }
3134
3135 /* Show debug receiving packet. */
3136 if (IS_DEBUG_OSPF_PACKET(ospfh->type - 1, RECV)) {
3137 if (IS_DEBUG_OSPF_PACKET(ospfh->type - 1, DETAIL)) {
3138 zlog_debug(
3139 "-----------------------------------------------------");
3140 ospf_packet_dump(ibuf);
d62a17ae 3141 }
3142
96b663a3 3143 zlog_debug("%s received from [%pI4] via [%s]",
02637513 3144 lookup_msg(ospf_packet_type_str, ospfh->type, NULL),
96b663a3
MS		 3145 &ospfh->router_id, IF_NAME(oi));
3146 zlog_debug(" src [%pI4],", &iph->ip_src);
3147 zlog_debug(" dst [%pI4]", &iph->ip_dst);
d62a17ae 3148
02637513
DS		 3149 if (IS_DEBUG_OSPF_PACKET(ospfh->type - 1, DETAIL))
3150 zlog_debug(
3151 "-----------------------------------------------------");
3152 }
d62a17ae 3153
02637513
DS		 3154 stream_forward_getp(ibuf, OSPF_HEADER_SIZE);
3155
3156 /* Adjust size to message length. */
3157 length = ntohs(ospfh->length) - OSPF_HEADER_SIZE;
3158
3159 /* Read rest of the packet and call each sort of packet routine.
3160 */
3161 switch (ospfh->type) {
3162 case OSPF_MSG_HELLO:
3163 ospf_hello(iph, ospfh, ibuf, oi, length);
3164 break;
3165 case OSPF_MSG_DB_DESC:
3166 ospf_db_desc(iph, ospfh, ibuf, oi, length);
3167 break;
3168 case OSPF_MSG_LS_REQ:
3169 ospf_ls_req(iph, ospfh, ibuf, oi, length);
3170 break;
3171 case OSPF_MSG_LS_UPD:
3172 ospf_ls_upd(ospf, iph, ospfh, ibuf, oi, length);
3173 break;
3174 case OSPF_MSG_LS_ACK:
3175 ospf_ls_ack(iph, ospfh, ibuf, oi, length);
3176 break;
3177 default:
3178 flog_warn(
3179 EC_OSPF_PACKET,
3180 "interface %s(%s): OSPF packet header type %d is illegal",
3181 IF_NAME(oi), ospf_get_name(ospf), ospfh->type);
3182 break;
3183 }
3184
3185 return OSPF_READ_CONTINUE;
3186}
3187
3188/* Starting point of packet process function. */
3189int ospf_read(struct thread *thread)
3190{
3191 struct ospf *ospf;
3192 int32_t count = 0;
3193 enum ospf_read_return_enum ret;
3194
3195 /* first of all get interface pointer. */
3196 ospf = THREAD_ARG(thread);
3197
3198 /* prepare for next packet. */
3199 thread_add_read(master, ospf_read, ospf, ospf->fd, &ospf->t_read);
3200
3201 while (count < ospf->write_oi_count) {
3202 count++;
3203 ret = ospf_read_helper(ospf);
3204 switch (ret) {
3205 case OSPF_READ_ERROR:
3206 return -1;
02637513 3207 case OSPF_READ_CONTINUE:
4392cc43
DS		 3208 break;
3209 }
d62a17ae 3210 }
3211
b10ce841 3212 return 0;
718e3744 3213}
3214
3215/* Make OSPF header. */
d62a17ae 3216static void ospf_make_header(int type, struct ospf_interface *oi,
3217 struct stream *s)
718e3744 3218{
d62a17ae 3219 struct ospf_header *ospfh;
718e3744 3220
d62a17ae 3221 ospfh = (struct ospf_header *)STREAM_DATA(s);
718e3744 3222
d7c0a89a
QY		 3223 ospfh->version = (uint8_t)OSPF_VERSION;
3224 ospfh->type = (uint8_t)type;
718e3744 3225
d62a17ae 3226 ospfh->router_id = oi->ospf->router_id;
718e3744 3227
d62a17ae 3228 ospfh->checksum = 0;
3229 ospfh->area_id = oi->area->area_id;
3230 ospfh->auth_type = htons(ospf_auth_type(oi));
718e3744 3231
d62a17ae 3232 memset(ospfh->u.auth_data, 0, OSPF_AUTH_SIMPLE_SIZE);
718e3744 3233
d62a17ae 3234 stream_forward_endp(s, OSPF_HEADER_SIZE);
718e3744 3235}
3236
3237/* Make Authentication Data. */
d62a17ae 3238static int ospf_make_auth(struct ospf_interface *oi, struct ospf_header *ospfh)
3239{
3240 struct crypt_key *ck;
3241
3242 switch (ospf_auth_type(oi)) {
3243 case OSPF_AUTH_NULL:
0d6f7fd6 3244 /* memset (ospfh->u.auth_data, 0, sizeof(ospfh->u.auth_data));
d62a17ae 3245 */
3246 break;
3247 case OSPF_AUTH_SIMPLE:
3248 memcpy(ospfh->u.auth_data, OSPF_IF_PARAM(oi, auth_simple),
3249 OSPF_AUTH_SIMPLE_SIZE);
3250 break;
3251 case OSPF_AUTH_CRYPTOGRAPHIC:
3252 /* If key is not set, then set 0. */
3253 if (list_isempty(OSPF_IF_PARAM(oi, auth_crypt))) {
3254 ospfh->u.crypt.zero = 0;
3255 ospfh->u.crypt.key_id = 0;
3256 ospfh->u.crypt.auth_data_len = OSPF_AUTH_MD5_SIZE;
3257 } else {
3258 ck = listgetdata(
3259 listtail(OSPF_IF_PARAM(oi, auth_crypt)));
3260 ospfh->u.crypt.zero = 0;
3261 ospfh->u.crypt.key_id = ck->key_id;
3262 ospfh->u.crypt.auth_data_len = OSPF_AUTH_MD5_SIZE;
3263 }
3264 /* note: the seq is done in ospf_make_md5_digest() */
3265 break;
3266 default:
0d6f7fd6 3267 /* memset (ospfh->u.auth_data, 0, sizeof(ospfh->u.auth_data));
d62a17ae 3268 */
3269 break;
718e3744 3270 }
718e3744 3271
d62a17ae 3272 return 0;
718e3744 3273}
3274
3275/* Fill rest of OSPF header. */
d62a17ae 3276static void ospf_fill_header(struct ospf_interface *oi, struct stream *s,
d7c0a89a 3277 uint16_t length)
d62a17ae 3278{
3279 struct ospf_header *ospfh;
3280
3281 ospfh = (struct ospf_header *)STREAM_DATA(s);
3282
3283 /* Fill length. */
3284 ospfh->length = htons(length);
3285
3286 /* Calculate checksum. */
3287 if (ntohs(ospfh->auth_type) != OSPF_AUTH_CRYPTOGRAPHIC)
3288 ospfh->checksum = in_cksum(ospfh, length);
3289 else
3290 ospfh->checksum = 0;
3291
3292 /* Add Authentication Data. */
3293 ospf_make_auth(oi, ospfh);
3294}
3295
3296static int ospf_make_hello(struct ospf_interface *oi, struct stream *s)
3297{
3298 struct ospf_neighbor *nbr;
3299 struct route_node *rn;
d7c0a89a 3300 uint16_t length = OSPF_HELLO_MIN_SIZE;
d62a17ae 3301 struct in_addr mask;
3302 unsigned long p;
3303 int flag = 0;
3304
3305 /* Set netmask of interface. */
3306 if (!(CHECK_FLAG(oi->connected->flags, ZEBRA_IFA_UNNUMBERED)
3307 && oi->type == OSPF_IFTYPE_POINTOPOINT)
3308 && oi->type != OSPF_IFTYPE_VIRTUALLINK)
3309 masklen2ip(oi->address->prefixlen, &mask);
3310 else
3311 memset((char *)&mask, 0, sizeof(struct in_addr));
3312 stream_put_ipv4(s, mask.s_addr);
3313
3314 /* Set Hello Interval. */
3315 if (OSPF_IF_PARAM(oi, fast_hello) == 0)
3316 stream_putw(s, OSPF_IF_PARAM(oi, v_hello));
3317 else
3318 stream_putw(s, 0); /* hello-interval of 0 for fast-hellos */
3319
3320 if (IS_DEBUG_OSPF_EVENT)
3321 zlog_debug("make_hello: options: %x, int: %s", OPTIONS(oi),
3322 IF_NAME(oi));
3323
3324 /* Set Options. */
3325 stream_putc(s, OPTIONS(oi));
3326
3327 /* Set Router Priority. */
3328 stream_putc(s, PRIORITY(oi));
3329
3330 /* Set Router Dead Interval. */
3331 stream_putl(s, OSPF_IF_PARAM(oi, v_wait));
3332
3333 /* Set Designated Router. */
3334 stream_put_ipv4(s, DR(oi).s_addr);
3335
3336 p = stream_get_endp(s);
3337
3338 /* Set Backup Designated Router. */
3339 stream_put_ipv4(s, BDR(oi).s_addr);
3340
3341 /* Add neighbor seen. */
3342 for (rn = route_top(oi->nbrs); rn; rn = route_next(rn))
3343 if ((nbr = rn->info))
3344 if (nbr->router_id.s_addr
975a328e 3345 != INADDR_ANY) /* Ignore 0.0.0.0 node. */
d62a17ae 3346 if (nbr->state
3347 != NSM_Attempt) /* Ignore Down neighbor. */
3348 if (nbr->state
3349 != NSM_Down) /* This is myself for
3350 DR election. */
3351 if (!IPV4_ADDR_SAME(
3352 &nbr->router_id,
3353 &oi->ospf->router_id)) {
3354 /* Check neighbor is
3355 * sane? */
3356 if (nbr->d_router.s_addr
975a328e 3357 != INADDR_ANY
d62a17ae 3358 && IPV4_ADDR_SAME(
975a328e
DA		 3359 &nbr->d_router,
3360 &oi->address
3361 ->u
3362 .prefix4)
d62a17ae 3363 && IPV4_ADDR_SAME(
975a328e
DA		 3364 &nbr->bd_router,
3365 &oi->address
3366 ->u
3367 .prefix4))
d62a17ae 3368 flag = 1;
3369
9b18d58e
NS		 3370 /* Hello packet overflows interface MTU. */
3371 if (length + sizeof(uint32_t)
3372 > ospf_packet_max(oi)) {
3373 flog_err(
3374 EC_OSPF_LARGE_HELLO,
c531be7c 3375 "Oversized Hello packet! Larger than MTU. Not sending it out");
9b18d58e
NS		 3376 return 0;
3377 }
3378
d62a17ae 3379 stream_put_ipv4(
3380 s,
3381 nbr->router_id
3382 .s_addr);
3383 length += 4;
3384 }
3385
3386 /* Let neighbor generate BackupSeen. */
3387 if (flag == 1)
3388 stream_putl_at(s, p, 0); /* ipv4 address, normally */
3389
3390 return length;
3391}
3392
3393static int ospf_make_db_desc(struct ospf_interface *oi,
3394 struct ospf_neighbor *nbr, struct stream *s)
3395{
3396 struct ospf_lsa *lsa;
d7c0a89a
QY		 3397 uint16_t length = OSPF_DB_DESC_MIN_SIZE;
3398 uint8_t options;
d62a17ae 3399 unsigned long pp;
3400 int i;
3401 struct ospf_lsdb *lsdb;
3402
3403 /* Set Interface MTU. */
3404 if (oi->type == OSPF_IFTYPE_VIRTUALLINK)
3405 stream_putw(s, 0);
3406 else
3407 stream_putw(s, oi->ifp->mtu);
3408
3409 /* Set Options. */
3410 options = OPTIONS(oi);
3411 if (CHECK_FLAG(oi->ospf->config, OSPF_OPAQUE_CAPABLE))
3412 SET_FLAG(options, OSPF_OPTION_O);
3413 stream_putc(s, options);
3414
3415 /* DD flags */
3416 pp = stream_get_endp(s);
3417 stream_putc(s, nbr->dd_flags);
3418
3419 /* Set DD Sequence Number. */
3420 stream_putl(s, nbr->dd_seqnum);
3421
3422 /* shortcut unneeded walk of (empty) summary LSDBs */
3423 if (ospf_db_summary_isempty(nbr))
3424 goto empty;
3425
3426 /* Describe LSA Header from Database Summary List. */
3427 lsdb = &nbr->db_sum;
3428
3429 for (i = OSPF_MIN_LSA; i < OSPF_MAX_LSA; i++) {
3430 struct route_table *table = lsdb->type[i].db;
3431 struct route_node *rn;
3432
3433 for (rn = route_top(table); rn; rn = route_next(rn))
3434 if ((lsa = rn->info) != NULL) {
3435 if (IS_OPAQUE_LSA(lsa->data->type)
3436 && (!CHECK_FLAG(options, OSPF_OPTION_O))) {
3437 /* Suppress advertising
0437e105 3438 * opaque-information. */
d62a17ae 3439 /* Remove LSA from DB summary list. */
3440 ospf_lsdb_delete(lsdb, lsa);
3441 continue;
3442 }
3443
3444 if (!CHECK_FLAG(lsa->flags, OSPF_LSA_DISCARD)) {
3445 struct lsa_header *lsah;
d7c0a89a 3446 uint16_t ls_age;
d62a17ae 3447
3448 /* DD packet overflows interface MTU. */
3449 if (length + OSPF_LSA_HEADER_SIZE
3450 > ospf_packet_max(oi))
3451 break;
3452
3453 /* Keep pointer to LS age. */
3454 lsah = (struct lsa_header
3455 *)(STREAM_DATA(s)
3456 + stream_get_endp(
3457 s));
3458
3459 /* Proceed stream pointer. */
3460 stream_put(s, lsa->data,
3461 OSPF_LSA_HEADER_SIZE);
3462 length += OSPF_LSA_HEADER_SIZE;
3463
3464 /* Set LS age. */
3465 ls_age = LS_AGE(lsa);
3466 lsah->ls_age = htons(ls_age);
3467 }
3468
3469 /* Remove LSA from DB summary list. */
3470 ospf_lsdb_delete(lsdb, lsa);
3471 }
3472 }
718e3744 3473
d62a17ae 3474 /* Update 'More' bit */
3475 if (ospf_db_summary_isempty(nbr)) {
3476 empty:
3477 if (nbr->state >= NSM_Exchange) {
3478 UNSET_FLAG(nbr->dd_flags, OSPF_DD_FLAG_M);
3479 /* Rewrite DD flags */
3480 stream_putc_at(s, pp, nbr->dd_flags);
3481 } else {
3482 assert(IS_SET_DD_M(nbr->dd_flags));
3483 }
3484 }
3485 return length;
3486}
86f1fd96 3487
d7c0a89a 3488static int ospf_make_ls_req_func(struct stream *s, uint16_t *length,
d62a17ae 3489 unsigned long delta, struct ospf_neighbor *nbr,
3490 struct ospf_lsa *lsa)
3491{
3492 struct ospf_interface *oi;
718e3744 3493
d62a17ae 3494 oi = nbr->oi;
718e3744 3495
9570f737
S		 3496 /* LS Request packet overflows interface MTU
3497 * delta is just number of bytes required for 1 LS Req
3498 * ospf_packet_max will return the number of bytes can
3499 * be accomodated without ospf header. So length+delta
3500 * can be compared to ospf_packet_max
3501 * to check if it can fit another lsreq in the same packet.
3502 */
3503
d62a17ae 3504 if (*length + delta > ospf_packet_max(oi))
3505 return 0;
1eb8ef25 3506
d62a17ae 3507 stream_putl(s, lsa->data->type);
3508 stream_put_ipv4(s, lsa->data->id.s_addr);
3509 stream_put_ipv4(s, lsa->data->adv_router.s_addr);
718e3744 3510
d62a17ae 3511 ospf_lsa_unlock(&nbr->ls_req_last);
3512 nbr->ls_req_last = ospf_lsa_lock(lsa);
59ea14c6 3513
d62a17ae 3514 *length += 12;
3515 return 1;
3516}
718e3744 3517
d62a17ae 3518static int ospf_make_ls_req(struct ospf_neighbor *nbr, struct stream *s)
3519{
3520 struct ospf_lsa *lsa;
d7c0a89a 3521 uint16_t length = OSPF_LS_REQ_MIN_SIZE;
9570f737 3522 unsigned long delta = 12;
d62a17ae 3523 struct route_table *table;
3524 struct route_node *rn;
3525 int i;
3526 struct ospf_lsdb *lsdb;
718e3744 3527
d62a17ae 3528 lsdb = &nbr->ls_req;
718e3744 3529
d62a17ae 3530 for (i = OSPF_MIN_LSA; i < OSPF_MAX_LSA; i++) {
3531 table = lsdb->type[i].db;
3532 for (rn = route_top(table); rn; rn = route_next(rn))
3533 if ((lsa = (rn->info)) != NULL)
3534 if (ospf_make_ls_req_func(s, &length, delta,
3535 nbr, lsa)
3536 == 0) {
3537 route_unlock_node(rn);
3538 break;
3539 }
3540 }
3541 return length;
3542}
718e3744 3543
d62a17ae 3544static int ls_age_increment(struct ospf_lsa *lsa, int delay)
3545{
3546 int age;
718e3744 3547
d62a17ae 3548 age = IS_LSA_MAXAGE(lsa) ? OSPF_LSA_MAXAGE : LS_AGE(lsa) + delay;
718e3744 3549
d62a17ae 3550 return (age > OSPF_LSA_MAXAGE ? OSPF_LSA_MAXAGE : age);
718e3744 3551}
3552
d62a17ae 3553static int ospf_make_ls_upd(struct ospf_interface *oi, struct list *update,
3554 struct stream *s)
718e3744 3555{
d62a17ae 3556 struct ospf_lsa *lsa;
3557 struct listnode *node;
d7c0a89a 3558 uint16_t length = 0;
d62a17ae 3559 unsigned int size_noauth;
3560 unsigned long delta = stream_get_endp(s);
3561 unsigned long pp;
3562 int count = 0;
3563
3564 if (IS_DEBUG_OSPF_EVENT)
3565 zlog_debug("ospf_make_ls_upd: Start");
3566
3567 pp = stream_get_endp(s);
3568 stream_forward_endp(s, OSPF_LS_UPD_MIN_SIZE);
3569 length += OSPF_LS_UPD_MIN_SIZE;
3570
3571 /* Calculate amount of packet usable for data. */
3572 size_noauth = stream_get_size(s) - ospf_packet_authspace(oi);
3573
3574 while ((node = listhead(update)) != NULL) {
3575 struct lsa_header *lsah;
d7c0a89a 3576 uint16_t ls_age;
d62a17ae 3577
3578 if (IS_DEBUG_OSPF_EVENT)
3579 zlog_debug("ospf_make_ls_upd: List Iteration %d",
3580 count);
3581
3582 lsa = listgetdata(node);
3583
3584 assert(lsa->data);
3585
9570f737
S		 3586 /* Will it fit? Minimum it has to fit atleast one */
3587 if ((length + delta + ntohs(lsa->data->length) > size_noauth) &&
3588 (count > 0))
d62a17ae 3589 break;
3590
3591 /* Keep pointer to LS age. */
3592 lsah = (struct lsa_header *)(STREAM_DATA(s)
3593 + stream_get_endp(s));
3594
3595 /* Put LSA to Link State Request. */
3596 stream_put(s, lsa->data, ntohs(lsa->data->length));
718e3744 3597
d62a17ae 3598 /* Set LS age. */
3599 /* each hop must increment an lsa_age by transmit_delay
3600 of OSPF interface */
3601 ls_age = ls_age_increment(lsa,
3602 OSPF_IF_PARAM(oi, transmit_delay));
3603 lsah->ls_age = htons(ls_age);
3604
3605 length += ntohs(lsa->data->length);
3606 count++;
3607
3608 list_delete_node(update, node);
3609 ospf_lsa_unlock(&lsa); /* oi->ls_upd_queue */
3610 }
3611
3612 /* Now set #LSAs. */
3613 stream_putl_at(s, pp, count);
3614
3615 if (IS_DEBUG_OSPF_EVENT)
3616 zlog_debug("ospf_make_ls_upd: Stop");
3617 return length;
718e3744 3618}
3619
d62a17ae 3620static int ospf_make_ls_ack(struct ospf_interface *oi, struct list *ack,
3621 struct stream *s)
718e3744 3622{
d62a17ae 3623 struct listnode *node, *nnode;
d7c0a89a 3624 uint16_t length = OSPF_LS_ACK_MIN_SIZE;
9570f737 3625 unsigned long delta = OSPF_LSA_HEADER_SIZE;
d62a17ae 3626 struct ospf_lsa *lsa;
718e3744 3627
d62a17ae 3628 for (ALL_LIST_ELEMENTS(ack, node, nnode, lsa)) {
3629 assert(lsa);
718e3744 3630
9570f737
S		 3631 /* LS Ack packet overflows interface MTU
3632 * delta is just number of bytes required for
3633 * 1 LS Ack(1 LS Hdr) ospf_packet_max will return
3634 * the number of bytes can be accomodated without
3635 * ospf header. So length+delta can be compared
3636 * against ospf_packet_max to check if it can fit
3637 * another ls header in the same packet.
3638 */
3639 if ((length + delta) > ospf_packet_max(oi))
d62a17ae 3640 break;
718e3744 3641
d62a17ae 3642 stream_put(s, lsa->data, OSPF_LSA_HEADER_SIZE);
3643 length += OSPF_LSA_HEADER_SIZE;
3644
3645 listnode_delete(ack, lsa);
3646 ospf_lsa_unlock(&lsa); /* oi->ls_ack_direct.ls_ack */
3647 }
3648
3649 return length;
3650}
3651
3652static void ospf_hello_send_sub(struct ospf_interface *oi, in_addr_t addr)
3653{
3654 struct ospf_packet *op;
d7c0a89a 3655 uint16_t length = OSPF_HEADER_SIZE;
718e3744 3656
d62a17ae 3657 op = ospf_packet_new(oi->ifp->mtu);
718e3744 3658
d62a17ae 3659 /* Prepare OSPF common header. */
3660 ospf_make_header(OSPF_MSG_HELLO, oi, op->s);
718e3744 3661
d62a17ae 3662 /* Prepare OSPF Hello body. */
3663 length += ospf_make_hello(oi, op->s);
9b18d58e
NS		 3664 if (length == OSPF_HEADER_SIZE) {
3665 /* Hello overshooting MTU */
3666 ospf_packet_free(op);
3667 return;
3668 }
718e3744 3669
d62a17ae 3670 /* Fill OSPF header. */
3671 ospf_fill_header(oi, op->s, length);
718e3744 3672
d62a17ae 3673 /* Set packet length. */
3674 op->length = length;
3675
3676 op->dst.s_addr = addr;
3677
b5a8894d
CS		 3678 if (IS_DEBUG_OSPF_EVENT) {
3679 if (oi->ospf->vrf_id)
996c9314
LB		 3680 zlog_debug(
3681 "%s: Hello Tx interface %s ospf vrf %s id %u",
15569c58 3682 __func__, oi->ifp->name,
996c9314
LB		 3683 ospf_vrf_id_to_name(oi->ospf->vrf_id),
3684 oi->ospf->vrf_id);
b5a8894d 3685 }
d62a17ae 3686 /* Add packet to the top of the interface output queue, so that they
3687 * can't get delayed by things like long queues of LS Update packets
3688 */
3689 ospf_packet_add_top(oi, op);
3690
3691 /* Hook thread to write packet. */
3692 OSPF_ISM_WRITE_ON(oi->ospf);
718e3744 3693}
3694
d62a17ae 3695static void ospf_poll_send(struct ospf_nbr_nbma *nbr_nbma)
718e3744 3696{
d62a17ae 3697 struct ospf_interface *oi;
718e3744 3698
d62a17ae 3699 oi = nbr_nbma->oi;
3700 assert(oi);
718e3744 3701
d62a17ae 3702 /* If this is passive interface, do not send OSPF Hello. */
3703 if (OSPF_IF_PASSIVE_STATUS(oi) == OSPF_IF_PASSIVE)
3704 return;
718e3744 3705
d62a17ae 3706 if (oi->type != OSPF_IFTYPE_NBMA)
3707 return;
718e3744 3708
d62a17ae 3709 if (nbr_nbma->nbr != NULL && nbr_nbma->nbr->state != NSM_Down)
3710 return;
718e3744 3711
d62a17ae 3712 if (PRIORITY(oi) == 0)
3713 return;
718e3744 3714
d62a17ae 3715 if (nbr_nbma->priority == 0 && oi->state != ISM_DR
3716 && oi->state != ISM_Backup)
3717 return;
718e3744 3718
d62a17ae 3719 ospf_hello_send_sub(oi, nbr_nbma->addr.s_addr);
718e3744 3720}
3721
d62a17ae 3722int ospf_poll_timer(struct thread *thread)
718e3744 3723{
d62a17ae 3724 struct ospf_nbr_nbma *nbr_nbma;
718e3744 3725
d62a17ae 3726 nbr_nbma = THREAD_ARG(thread);
3727 nbr_nbma->t_poll = NULL;
718e3744 3728
d62a17ae 3729 if (IS_DEBUG_OSPF(nsm, NSM_TIMERS))
96b663a3
MS		 3730 zlog_debug("NSM[%s:%pI4]: Timer (Poll timer expire)",
3731 IF_NAME(nbr_nbma->oi), &nbr_nbma->addr);
718e3744 3732
d62a17ae 3733 ospf_poll_send(nbr_nbma);
718e3744 3734
d62a17ae 3735 if (nbr_nbma->v_poll > 0)
3736 OSPF_POLL_TIMER_ON(nbr_nbma->t_poll, ospf_poll_timer,
3737 nbr_nbma->v_poll);
718e3744 3738
d62a17ae 3739 return 0;
718e3744 3740}
3741
3742
d62a17ae 3743int ospf_hello_reply_timer(struct thread *thread)
718e3744 3744{
d62a17ae 3745 struct ospf_neighbor *nbr;
718e3744 3746
d62a17ae 3747 nbr = THREAD_ARG(thread);
3748 nbr->t_hello_reply = NULL;
718e3744 3749
d62a17ae 3750 if (IS_DEBUG_OSPF(nsm, NSM_TIMERS))
96b663a3
MS		 3751 zlog_debug("NSM[%s:%pI4]: Timer (hello-reply timer expire)",
3752 IF_NAME(nbr->oi), &nbr->router_id);
718e3744 3753
d62a17ae 3754 ospf_hello_send_sub(nbr->oi, nbr->address.u.prefix4.s_addr);
718e3744 3755
d62a17ae 3756 return 0;
718e3744 3757}
3758
3759/* Send OSPF Hello. */
d62a17ae 3760void ospf_hello_send(struct ospf_interface *oi)
3761{
3762 /* If this is passive interface, do not send OSPF Hello. */
3763 if (OSPF_IF_PASSIVE_STATUS(oi) == OSPF_IF_PASSIVE)
3764 return;
3765
3766 if (oi->type == OSPF_IFTYPE_NBMA) {
3767 struct ospf_neighbor *nbr;
3768 struct route_node *rn;
3769
3770 for (rn = route_top(oi->nbrs); rn; rn = route_next(rn))
3771 if ((nbr = rn->info))
3772 if (nbr != oi->nbr_self)
3773 if (nbr->state != NSM_Down) {
3774 /* RFC 2328 Section 9.5.1
3775 If the router is not
3776 eligible to become Designated
3777 Router,
3778 it must periodically send
3779 Hello Packets to both the
3780 Designated Router and the
3781 Backup Designated Router (if
3782 they
3783 exist). */
3784 if (PRIORITY(oi) == 0
3785 && IPV4_ADDR_CMP(
3786 &DR(oi),
3787 &nbr->address.u
3788 .prefix4)
3789 && IPV4_ADDR_CMP(
3790 &BDR(oi),
3791 &nbr->address.u
3792 .prefix4))
3793 continue;
3794
3795 /* If the router is eligible to
3796 become Designated Router, it
3797 must periodically send Hello
3798 Packets to all neighbors that
3799 are also eligible. In
3800 addition, if the router is
3801 itself the
3802 Designated Router or Backup
3803 Designated Router, it must
3804 also
3805 send periodic Hello Packets
3806 to all other neighbors. */
3807
3808 if (nbr->priority == 0
3809 && oi->state == ISM_DROther)
3810 continue;
3811 /* if oi->state == Waiting, send
3812 * hello to all neighbors */
3813 ospf_hello_send_sub(
3814 oi,
3815 nbr->address.u.prefix4
3816 .s_addr);
3817 }
3818 } else {
3819 /* Decide destination address. */
3820 if (oi->type == OSPF_IFTYPE_VIRTUALLINK)
3821 ospf_hello_send_sub(oi, oi->vl_data->peer_addr.s_addr);
3822 else
3823 ospf_hello_send_sub(oi, htonl(OSPF_ALLSPFROUTERS));
3824 }
718e3744 3825}
3826
3827/* Send OSPF Database Description. */
d62a17ae 3828void ospf_db_desc_send(struct ospf_neighbor *nbr)
718e3744 3829{
d62a17ae 3830 struct ospf_interface *oi;
3831 struct ospf_packet *op;
d7c0a89a 3832 uint16_t length = OSPF_HEADER_SIZE;
718e3744 3833
d62a17ae 3834 oi = nbr->oi;
3835 op = ospf_packet_new(oi->ifp->mtu);
718e3744 3836
d62a17ae 3837 /* Prepare OSPF common header. */
3838 ospf_make_header(OSPF_MSG_DB_DESC, oi, op->s);
718e3744 3839
d62a17ae 3840 /* Prepare OSPF Database Description body. */
3841 length += ospf_make_db_desc(oi, nbr, op->s);
718e3744 3842
d62a17ae 3843 /* Fill OSPF header. */
3844 ospf_fill_header(oi, op->s, length);
718e3744 3845
d62a17ae 3846 /* Set packet length. */
3847 op->length = length;
718e3744 3848
d62a17ae 3849 /* Decide destination address. */
3850 if (oi->type == OSPF_IFTYPE_POINTOPOINT)
3851 op->dst.s_addr = htonl(OSPF_ALLSPFROUTERS);
3852 else
3853 op->dst = nbr->address.u.prefix4;
718e3744 3854
d62a17ae 3855 /* Add packet to the interface output queue. */
3856 ospf_packet_add(oi, op);
718e3744 3857
d62a17ae 3858 /* Hook thread to write packet. */
3859 OSPF_ISM_WRITE_ON(oi->ospf);
718e3744 3860
d62a17ae 3861 /* Remove old DD packet, then copy new one and keep in neighbor
3862 * structure. */
3863 if (nbr->last_send)
3864 ospf_packet_free(nbr->last_send);
3865 nbr->last_send = ospf_packet_dup(op);
3866 monotime(&nbr->last_send_ts);
e6a22aeb
SK		 3867 if (CHECK_FLAG(oi->ospf->config, OSPF_LOG_ADJACENCY_DETAIL))
3868 zlog_info(
96b663a3 3869 "%s:Packet[DD]: %pI4 DB Desc send with seqnum:%x , flags:%x",
e6a22aeb 3870 (oi->ospf->name) ? oi->ospf->name : VRF_DEFAULT_NAME,
96b663a3 3871 &nbr->router_id, nbr->dd_seqnum,
e6a22aeb 3872 nbr->dd_flags);
718e3744 3873}
3874
3875/* Re-send Database Description. */
d62a17ae 3876void ospf_db_desc_resend(struct ospf_neighbor *nbr)
718e3744 3877{
d62a17ae 3878 struct ospf_interface *oi;
718e3744 3879
d62a17ae 3880 oi = nbr->oi;
718e3744 3881
d62a17ae 3882 /* Add packet to the interface output queue. */
3883 ospf_packet_add(oi, ospf_packet_dup(nbr->last_send));
718e3744 3884
d62a17ae 3885 /* Hook thread to write packet. */
3886 OSPF_ISM_WRITE_ON(oi->ospf);
e6a22aeb
SK		 3887 if (CHECK_FLAG(oi->ospf->config, OSPF_LOG_ADJACENCY_DETAIL))
3888 zlog_info(
96b663a3 3889 "%s:Packet[DD]: %pI4 DB Desc resend with seqnum:%x , flags:%x",
e6a22aeb 3890 (oi->ospf->name) ? oi->ospf->name : VRF_DEFAULT_NAME,
96b663a3 3891 &nbr->router_id, nbr->dd_seqnum,
e6a22aeb 3892 nbr->dd_flags);
718e3744 3893}
3894
3895/* Send Link State Request. */
d62a17ae 3896void ospf_ls_req_send(struct ospf_neighbor *nbr)
718e3744 3897{
d62a17ae 3898 struct ospf_interface *oi;
3899 struct ospf_packet *op;
d7c0a89a 3900 uint16_t length = OSPF_HEADER_SIZE;
718e3744 3901
d62a17ae 3902 oi = nbr->oi;
3903 op = ospf_packet_new(oi->ifp->mtu);
718e3744 3904
d62a17ae 3905 /* Prepare OSPF common header. */
3906 ospf_make_header(OSPF_MSG_LS_REQ, oi, op->s);
718e3744 3907
d62a17ae 3908 /* Prepare OSPF Link State Request body. */
3909 length += ospf_make_ls_req(nbr, op->s);
3910 if (length == OSPF_HEADER_SIZE) {
3911 ospf_packet_free(op);
3912 return;
3913 }
718e3744 3914
d62a17ae 3915 /* Fill OSPF header. */
3916 ospf_fill_header(oi, op->s, length);
718e3744 3917
d62a17ae 3918 /* Set packet length. */
3919 op->length = length;
718e3744 3920
d62a17ae 3921 /* Decide destination address. */
3922 if (oi->type == OSPF_IFTYPE_POINTOPOINT)
3923 op->dst.s_addr = htonl(OSPF_ALLSPFROUTERS);
3924 else
3925 op->dst = nbr->address.u.prefix4;
718e3744 3926
d62a17ae 3927 /* Add packet to the interface output queue. */
3928 ospf_packet_add(oi, op);
718e3744 3929
d62a17ae 3930 /* Hook thread to write packet. */
3931 OSPF_ISM_WRITE_ON(oi->ospf);
718e3744 3932
d62a17ae 3933 /* Add Link State Request Retransmission Timer. */
3934 OSPF_NSM_TIMER_ON(nbr->t_ls_req, ospf_ls_req_timer, nbr->v_ls_req);
718e3744 3935}
3936
3937/* Send Link State Update with an LSA. */
d62a17ae 3938void ospf_ls_upd_send_lsa(struct ospf_neighbor *nbr, struct ospf_lsa *lsa,
3939 int flag)
718e3744 3940{
d62a17ae 3941 struct list *update;
718e3744 3942
d62a17ae 3943 update = list_new();
718e3744 3944
d62a17ae 3945 listnode_add(update, lsa);
046460a1
CS		 3946
3947 /*ospf instance is going down, send self originated
3948 * MAXAGE LSA update to neighbors to remove from LSDB */
3949 if (nbr->oi->ospf->inst_shutdown && IS_LSA_MAXAGE(lsa))
3950 ospf_ls_upd_send(nbr, update, flag, 1);
3951 else
3952 ospf_ls_upd_send(nbr, update, flag, 0);
718e3744 3953
6a154c88 3954 list_delete(&update);
718e3744 3955}
3956
68b7339a 3957/* Determine size for packet. Must be at least big enough to accomodate next
3958 * LSA on list, which may be bigger than MTU size.
3959 *
3960 * Return pointer to new ospf_packet
3961 * NULL if we can not allocate, eg because LSA is bigger than imposed limit
3962 * on packet sizes (in which case offending LSA is deleted from update list)
3963 */
d62a17ae 3964static struct ospf_packet *ospf_ls_upd_packet_new(struct list *update,
3965 struct ospf_interface *oi)
3966{
3967 struct ospf_lsa *lsa;
3968 struct listnode *ln;
3969 size_t size;
3970 static char warned = 0;
3971
3972 lsa = listgetdata((ln = listhead(update)));
3973 assert(lsa->data);
3974
3975 if ((OSPF_LS_UPD_MIN_SIZE + ntohs(lsa->data->length))
3976 > ospf_packet_max(oi)) {
3977 if (!warned) {
c9cc11f6 3978 flog_warn(
cf444bcf 3979 EC_OSPF_LARGE_LSA,
3efd0893 3980 "ospf_ls_upd_packet_new: oversized LSA encountered!will need to fragment. Not optimal. Try divide up your network with areas. Use 'debug ospf packet send' to see details, or look at 'show ip ospf database ..'");
d62a17ae 3981 warned = 1;
3982 }
3983
3984 if (IS_DEBUG_OSPF_PACKET(0, SEND))
3985 zlog_debug(
96b663a3
MS		 3986 "ospf_ls_upd_packet_new: oversized LSA id:%pI4, %d bytes originated by %pI4, will be fragmented!",
3987 &lsa->data->id,
d62a17ae 3988 ntohs(lsa->data->length),
96b663a3 3989 &lsa->data->adv_router);
d62a17ae 3990
3991 /*
3992 * Allocate just enough to fit this LSA only, to avoid including
3993 * other
3994 * LSAs in fragmented LSA Updates.
3995 */
3996 size = ntohs(lsa->data->length)
3997 + (oi->ifp->mtu - ospf_packet_max(oi))
3998 + OSPF_LS_UPD_MIN_SIZE;
3999 } else
4000 size = oi->ifp->mtu;
4001
4002 if (size > OSPF_MAX_PACKET_SIZE) {
cf444bcf 4003 flog_warn(EC_OSPF_LARGE_LSA,
96b663a3
MS		 4004 "ospf_ls_upd_packet_new: oversized LSA id:%pI4 too big, %d bytes, packet size %ld, dropping it completely. OSPF routing is broken!",
4005 &lsa->data->id, ntohs(lsa->data->length),
c9cc11f6 4006 (long int)size);
d62a17ae 4007 list_delete_node(update, ln);
4008 return NULL;
4009 }
718e3744 4010
d62a17ae 4011 /* IP header is built up separately by ospf_write(). This means, that we
4012 * must
4013 * reduce the "affordable" size just calculated by length of an IP
4014 * header.
4015 * This makes sure, that even if we manage to fill the payload with LSA
4016 * data
4017 * completely, the final packet (our data plus IP header) still fits
4018 * into
4019 * outgoing interface MTU. This correction isn't really meaningful for
4020 * an
4021 * oversized LSA, but for consistency the correction is done for both
4022 * cases.
4023 *
4024 * P.S. OSPF_MAX_PACKET_SIZE above already includes IP header size
4025 */
4026 return ospf_packet_new(size - sizeof(struct ip));
718e3744 4027}
4028
d62a17ae 4029static void ospf_ls_upd_queue_send(struct ospf_interface *oi,
046460a1
CS		 4030 struct list *update, struct in_addr addr,
4031 int send_lsupd_now)
718e3744 4032{
d62a17ae 4033 struct ospf_packet *op;
d7c0a89a 4034 uint16_t length = OSPF_HEADER_SIZE;
d62a17ae 4035
4036 if (IS_DEBUG_OSPF_EVENT)
96b663a3
MS		 4037 zlog_debug("listcount = %d, [%s]dst %pI4", listcount(update),
4038 IF_NAME(oi), &addr);
d62a17ae 4039
19274fe8
OD		 4040 /* Check that we have really something to process */
4041 if (listcount(update) == 0)
4042 return;
4043
d62a17ae 4044 op = ospf_ls_upd_packet_new(update, oi);
718e3744 4045
d62a17ae 4046 /* Prepare OSPF common header. */
4047 ospf_make_header(OSPF_MSG_LS_UPD, oi, op->s);
718e3744 4048
d62a17ae 4049 /* Prepare OSPF Link State Update body.
4050 * Includes Type-7 translation.
4051 */
4052 length += ospf_make_ls_upd(oi, update, op->s);
4053
4054 /* Fill OSPF header. */
4055 ospf_fill_header(oi, op->s, length);
4056
4057 /* Set packet length. */
4058 op->length = length;
4059
4060 /* Decide destination address. */
4061 if (oi->type == OSPF_IFTYPE_POINTOPOINT)
4062 op->dst.s_addr = htonl(OSPF_ALLSPFROUTERS);
4063 else
4064 op->dst.s_addr = addr.s_addr;
4065
4066 /* Add packet to the interface output queue. */
4067 ospf_packet_add(oi, op);
046460a1
CS		 4068 /* Call ospf_write() right away to send ospf packets to neighbors */
4069 if (send_lsupd_now) {
4070 struct thread os_packet_thd;
4071
4072 os_packet_thd.arg = (void *)oi->ospf;
4073 if (oi->on_write_q == 0) {
4074 listnode_add(oi->ospf->oi_write_q, oi);
4075 oi->on_write_q = 1;
4076 }
4077 ospf_write(&os_packet_thd);
4173cc8e
DS		 4078 /*
4079 * We are fake calling ospf_write with a fake
4080 * thread. Imagine that we have oi_a already
4081 * enqueued and we have turned on the write
4082 * thread(t_write).
4083 * Now this function calls this for oi_b
4084 * so the on_write_q has oi_a and oi_b on
4085 * it, ospf_write runs and clears the packets
4086 * for both oi_a and oi_b. Removing them from
4087 * the on_write_q. After this thread of execution
4088 * finishes we will execute the t_write thread
4089 * with nothing in the on_write_q causing an
4090 * assert. So just make sure that the t_write
4091 * is actually turned off.
4092 */
4093 if (list_isempty(oi->ospf->oi_write_q))
4094 OSPF_TIMER_OFF(oi->ospf->t_write);
046460a1
CS		 4095 } else {
4096 /* Hook thread to write packet. */
4097 OSPF_ISM_WRITE_ON(oi->ospf);
4098 }
d62a17ae 4099}
4100
4101static int ospf_ls_upd_send_queue_event(struct thread *thread)
4102{
4103 struct ospf_interface *oi = THREAD_ARG(thread);
4104 struct route_node *rn;
4105 struct route_node *rnext;
4106 struct list *update;
4107 char again = 0;
4108
4109 oi->t_ls_upd_event = NULL;
4110
4111 if (IS_DEBUG_OSPF_EVENT)
4112 zlog_debug("ospf_ls_upd_send_queue start");
4113
4114 for (rn = route_top(oi->ls_upd_queue); rn; rn = rnext) {
4115 rnext = route_next(rn);
4116
4117 if (rn->info == NULL)
4118 continue;
4119
4120 update = (struct list *)rn->info;
4121
046460a1 4122 ospf_ls_upd_queue_send(oi, update, rn->p.u.prefix4, 0);
d62a17ae 4123
4124 /* list might not be empty. */
4125 if (listcount(update) == 0) {
6a154c88 4126 list_delete((struct list **)&rn->info);
d62a17ae 4127 route_unlock_node(rn);
4128 } else
4129 again = 1;
4130 }
4131
4132 if (again != 0) {
4133 if (IS_DEBUG_OSPF_EVENT)
4134 zlog_debug(
3efd0893 4135 "ospf_ls_upd_send_queue: update lists not cleared, %d nodes to try again, raising new event",
d62a17ae 4136 again);
4137 oi->t_ls_upd_event = NULL;
4138 thread_add_event(master, ospf_ls_upd_send_queue_event, oi, 0,
4139 &oi->t_ls_upd_event);
4140 }
4141
4142 if (IS_DEBUG_OSPF_EVENT)
4143 zlog_debug("ospf_ls_upd_send_queue stop");
4144
4145 return 0;
4146}
4147
046460a1
CS		 4148void ospf_ls_upd_send(struct ospf_neighbor *nbr, struct list *update, int flag,
4149 int send_lsupd_now)
d62a17ae 4150{
4151 struct ospf_interface *oi;
4152 struct ospf_lsa *lsa;
4153 struct prefix_ipv4 p;
4154 struct route_node *rn;
4155 struct listnode *node;
4156
4157 oi = nbr->oi;
4158
4159 p.family = AF_INET;
4160 p.prefixlen = IPV4_MAX_BITLEN;
4161
4162 /* Decide destination address. */
4163 if (oi->type == OSPF_IFTYPE_VIRTUALLINK)
4164 p.prefix = oi->vl_data->peer_addr;
4165 else if (oi->type == OSPF_IFTYPE_POINTOPOINT)
4166 p.prefix.s_addr = htonl(OSPF_ALLSPFROUTERS);
4167 else if (flag == OSPF_SEND_PACKET_DIRECT)
4168 p.prefix = nbr->address.u.prefix4;
4169 else if (oi->state == ISM_DR || oi->state == ISM_Backup)
4170 p.prefix.s_addr = htonl(OSPF_ALLSPFROUTERS);
4171 else if (oi->type == OSPF_IFTYPE_POINTOMULTIPOINT)
4172 p.prefix.s_addr = htonl(OSPF_ALLSPFROUTERS);
4173 else
4174 p.prefix.s_addr = htonl(OSPF_ALLDROUTERS);
4175
4176 if (oi->type == OSPF_IFTYPE_NBMA) {
4177 if (flag == OSPF_SEND_PACKET_INDIRECT)
c9cc11f6 4178 flog_warn(
cf444bcf 4179 EC_OSPF_PACKET,
d62a17ae 4180 "* LS-Update is directly sent on NBMA network.");
19aad877 4181 if (IPV4_ADDR_SAME(&oi->address->u.prefix4, &p.prefix))
cf444bcf 4182 flog_warn(EC_OSPF_PACKET,
c9cc11f6 4183 "* LS-Update is sent to myself.");
d62a17ae 4184 }
4185
4186 rn = route_node_get(oi->ls_upd_queue, (struct prefix *)&p);
4187
4188 if (rn->info == NULL)
4189 rn->info = list_new();
4190 else
4191 route_unlock_node(rn);
4192
4193 for (ALL_LIST_ELEMENTS_RO(update, node, lsa))
4194 listnode_add(rn->info,
4195 ospf_lsa_lock(lsa)); /* oi->ls_upd_queue */
046460a1
CS		 4196 if (send_lsupd_now) {
4197 struct list *send_update_list;
f7813c7c 4198 struct route_node *rnext;
d62a17ae 4199
046460a1
CS		 4200 for (rn = route_top(oi->ls_upd_queue); rn; rn = rnext) {
4201 rnext = route_next(rn);
4202
4203 if (rn->info == NULL)
4204 continue;
4205
4206 send_update_list = (struct list *)rn->info;
4207
4208 ospf_ls_upd_queue_send(oi, send_update_list,
4209 rn->p.u.prefix4, 1);
046460a1
CS		 4210 }
4211 } else
4212 thread_add_event(master, ospf_ls_upd_send_queue_event, oi, 0,
996c9314 4213 &oi->t_ls_upd_event);
718e3744 4214}
4215
d62a17ae 4216static void ospf_ls_ack_send_list(struct ospf_interface *oi, struct list *ack,
4217 struct in_addr dst)
718e3744 4218{
d62a17ae 4219 struct ospf_packet *op;
d7c0a89a 4220 uint16_t length = OSPF_HEADER_SIZE;
d62a17ae 4221
4222 op = ospf_packet_new(oi->ifp->mtu);
4223
4224 /* Prepare OSPF common header. */
4225 ospf_make_header(OSPF_MSG_LS_ACK, oi, op->s);
4226
4227 /* Prepare OSPF Link State Acknowledgment body. */
4228 length += ospf_make_ls_ack(oi, ack, op->s);
4229
4230 /* Fill OSPF header. */
4231 ospf_fill_header(oi, op->s, length);
718e3744 4232
d62a17ae 4233 /* Set packet length. */
4234 op->length = length;
4235
4236 /* Decide destination address. */
4237 if (oi->type == OSPF_IFTYPE_POINTOPOINT)
4238 op->dst.s_addr = htonl(OSPF_ALLSPFROUTERS);
4239 else
4240 op->dst.s_addr = dst.s_addr;
4241
4242 /* Add packet to the interface output queue. */
4243 ospf_packet_add(oi, op);
4244
4245 /* Hook thread to write packet. */
4246 OSPF_ISM_WRITE_ON(oi->ospf);
4247}
4248
4249static int ospf_ls_ack_send_event(struct thread *thread)
4250{
4251 struct ospf_interface *oi = THREAD_ARG(thread);
4252
4253 oi->t_ls_ack_direct = NULL;
4254
4255 while (listcount(oi->ls_ack_direct.ls_ack))
4256 ospf_ls_ack_send_list(oi, oi->ls_ack_direct.ls_ack,
4257 oi->ls_ack_direct.dst);
4258
4259 return 0;
4260}
4261
4262void ospf_ls_ack_send(struct ospf_neighbor *nbr, struct ospf_lsa *lsa)
4263{
4264 struct ospf_interface *oi = nbr->oi;
4265
5a77dd8f 4266 if (IS_GRACE_LSA(lsa)) {
4267 if (IS_DEBUG_OSPF_GR_HELPER)
4268 zlog_debug("%s, Sending GRACE ACK to Restarter.",
a4544597 4269 __func__);
5a77dd8f 4270 }
4271
d62a17ae 4272 if (listcount(oi->ls_ack_direct.ls_ack) == 0)
4273 oi->ls_ack_direct.dst = nbr->address.u.prefix4;
4274
4275 listnode_add(oi->ls_ack_direct.ls_ack, ospf_lsa_lock(lsa));
4276
4277 thread_add_event(master, ospf_ls_ack_send_event, oi, 0,
4278 &oi->t_ls_ack_direct);
718e3744 4279}
4280
4281/* Send Link State Acknowledgment delayed. */
d62a17ae 4282void ospf_ls_ack_send_delayed(struct ospf_interface *oi)
4283{
4284 struct in_addr dst;
4285
4286 /* Decide destination address. */
4287 /* RFC2328 Section 13.5 On non-broadcast
4288 networks, delayed Link State Acknowledgment packets must be
4289 unicast separately over each adjacency (i.e., neighbor whose
4290 state is >= Exchange). */
4291 if (oi->type == OSPF_IFTYPE_NBMA) {
4292 struct ospf_neighbor *nbr;
4293 struct route_node *rn;
4294
4295 for (rn = route_top(oi->nbrs); rn; rn = route_next(rn))
4296 if ((nbr = rn->info) != NULL)
4297 if (nbr != oi->nbr_self
4298 && nbr->state >= NSM_Exchange)
4299 while (listcount(oi->ls_ack))
4300 ospf_ls_ack_send_list(
4301 oi, oi->ls_ack,
4302 nbr->address.u.prefix4);
4303 return;
4304 }
4305 if (oi->type == OSPF_IFTYPE_VIRTUALLINK)
4306 dst.s_addr = oi->vl_data->peer_addr.s_addr;
4307 else if (oi->state == ISM_DR || oi->state == ISM_Backup)
4308 dst.s_addr = htonl(OSPF_ALLSPFROUTERS);
4309 else if (oi->type == OSPF_IFTYPE_POINTOPOINT)
4310 dst.s_addr = htonl(OSPF_ALLSPFROUTERS);
4311 else if (oi->type == OSPF_IFTYPE_POINTOMULTIPOINT)
4312 dst.s_addr = htonl(OSPF_ALLSPFROUTERS);
4313 else
4314 dst.s_addr = htonl(OSPF_ALLDROUTERS);
4315
4316 while (listcount(oi->ls_ack))
4317 ospf_ls_ack_send_list(oi, oi->ls_ack, dst);
718e3744 4318}
8b6912c2
DS		 4319
4320/*
4321 * On pt-to-pt links, all OSPF control packets are sent to the multicast
4322 * address. As a result, the kernel does not need to learn the interface
4323 * MAC of the OSPF neighbor. However, in our world, this will delay
4324 * convergence. Take the case when due to a link flap, all routes now
4325 * want to use an interface which was deemed to be costlier prior to this
4326 * event. For routes that will be installed, the missing MAC will have
4327 * punt-to-CPU set on them. This may overload the CPU control path that
4328 * can be avoided if the MAC was known apriori.
4329 */
d62a17ae 4330void ospf_proactively_arp(struct ospf_neighbor *nbr)
4331{
a92706bb 4332 if (!nbr || !nbr->oi->ospf->proactive_arp)
d62a17ae 4333 return;
4334
aa530b62 4335 ospf_zebra_send_arp(nbr->oi->ifp, &nbr->address);
8b6912c2 4336}
FRRouting mirror