]> git.proxmox.com Git - mirror_frr.git/blame - ospfd/ospf_packet.c
projects / mirror_frr.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
ospfd: Add/fix some debugs to handle vrf
[mirror_frr.git] / ospfd / ospf_packet.c
CommitLineData
718e3744 1/*
2 * OSPF Sending and Receiving OSPF Packets.
3 * Copyright (C) 1999, 2000 Toshiaki Takada
4 *
5 * This file is part of GNU Zebra.
6 *
7 * GNU Zebra is free software; you can redistribute it and/or modify it
8 * under the terms of the GNU General Public License as published by the
9 * Free Software Foundation; either version 2, or (at your option) any
10 * later version.
11 *
12 * GNU Zebra is distributed in the hope that it will be useful, but
13 * WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15 * General Public License for more details.
16 *
896014f4
DL		 17 * You should have received a copy of the GNU General Public License along
18 * with this program; see the file COPYING; if not, write to the Free Software
19 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
718e3744 20 */
21
22#include <zebra.h>
23
cbf3e3eb 24#include "monotime.h"
718e3744 25#include "thread.h"
26#include "memory.h"
27#include "linklist.h"
28#include "prefix.h"
29#include "if.h"
30#include "table.h"
31#include "sockunion.h"
32#include "stream.h"
33#include "log.h"
2dd8bb4e 34#include "sockopt.h"
484315fd 35#include "checksum.h"
0513a271 36#ifdef CRYPTO_INTERNAL
c1a03d47 37#include "md5.h"
0513a271 38#endif
7e2b7603 39#include "vrf.h"
c9cc11f6 40#include "lib_errors.h"
718e3744 41
42#include "ospfd/ospfd.h"
43#include "ospfd/ospf_network.h"
44#include "ospfd/ospf_interface.h"
45#include "ospfd/ospf_ism.h"
46#include "ospfd/ospf_asbr.h"
47#include "ospfd/ospf_lsa.h"
48#include "ospfd/ospf_lsdb.h"
49#include "ospfd/ospf_neighbor.h"
50#include "ospfd/ospf_nsm.h"
51#include "ospfd/ospf_packet.h"
52#include "ospfd/ospf_spf.h"
53#include "ospfd/ospf_flood.h"
54#include "ospfd/ospf_dump.h"
c9cc11f6 55#include "ospfd/ospf_errors.h"
718e3744 56
166b75c2
DS		 57/*
58 * OSPF Fragmentation / fragmented writes
59 *
60 * ospfd can support writing fragmented packets, for cases where
61 * kernel will not fragment IP_HDRINCL and/or multicast destined
62 * packets (ie TTBOMK all kernels, BSD, SunOS, Linux). However,
63 * SunOS, probably BSD too, clobber the user supplied IP ID and IP
64 * flags fields, hence user-space fragmentation will not work.
65 * Only Linux is known to leave IP header unmolested.
66 * Further, fragmentation really should be done the kernel, which already
67 * supports it, and which avoids nasty IP ID state problems.
68 *
69 * Fragmentation of OSPF packets can be required on networks with router
70 * with many many interfaces active in one area, or on networks with links
71 * with low MTUs.
72 */
73#ifdef GNU_LINUX
74#define WANT_OSPF_WRITE_FRAGMENT
75#endif
76
718e3744 77/* Packet Type String. */
d62a17ae 78const struct message ospf_packet_type_str[] = {
79 {OSPF_MSG_HELLO, "Hello"},
80 {OSPF_MSG_DB_DESC, "Database Description"},
81 {OSPF_MSG_LS_REQ, "Link State Request"},
82 {OSPF_MSG_LS_UPD, "Link State Update"},
83 {OSPF_MSG_LS_ACK, "Link State Acknowledgment"},
84 {0}};
718e3744 85
75c8eabb
DO		 86/* Minimum (besides OSPF_HEADER_SIZE) lengths for OSPF packets of
87 particular types, offset is the "type" field of a packet. */
d7c0a89a 88static const uint16_t ospf_packet_minlen[] = {
d62a17ae 89 0,
90 OSPF_HELLO_MIN_SIZE,
91 OSPF_DB_DESC_MIN_SIZE,
92 OSPF_LS_REQ_MIN_SIZE,
93 OSPF_LS_UPD_MIN_SIZE,
94 OSPF_LS_ACK_MIN_SIZE,
75c8eabb
DO		 95};
96
4e31de79
DO		 97/* Minimum (besides OSPF_LSA_HEADER_SIZE) lengths for LSAs of particular
98 types, offset is the "LSA type" field. */
d7c0a89a 99static const uint16_t ospf_lsa_minlen[] = {
d62a17ae 100 0,
101 OSPF_ROUTER_LSA_MIN_SIZE,
102 OSPF_NETWORK_LSA_MIN_SIZE,
103 OSPF_SUMMARY_LSA_MIN_SIZE,
104 OSPF_SUMMARY_LSA_MIN_SIZE,
105 OSPF_AS_EXTERNAL_LSA_MIN_SIZE,
106 0,
107 OSPF_AS_EXTERNAL_LSA_MIN_SIZE,
108 0,
109 0,
110 0,
111 0,
4e31de79
DO		 112};
113
bd5651f0 114/* for ospf_check_auth() */
d62a17ae 115static int ospf_check_sum(struct ospf_header *);
bd5651f0 116
718e3744 117/* OSPF authentication checking function */
d62a17ae 118static int ospf_auth_type(struct ospf_interface *oi)
718e3744 119{
d62a17ae 120 int auth_type;
718e3744 121
d62a17ae 122 if (OSPF_IF_PARAM(oi, auth_type) == OSPF_AUTH_NOTSET)
123 auth_type = oi->area->auth_type;
124 else
125 auth_type = OSPF_IF_PARAM(oi, auth_type);
718e3744 126
d62a17ae 127 /* Handle case where MD5 key list is not configured aka Cisco */
128 if (auth_type == OSPF_AUTH_CRYPTOGRAPHIC
129 && list_isempty(OSPF_IF_PARAM(oi, auth_crypt)))
130 return OSPF_AUTH_NULL;
718e3744 131
d62a17ae 132 return auth_type;
718e3744 133}
134
7cec50a5 135static struct ospf_packet *ospf_packet_new(size_t size)
718e3744 136{
d62a17ae 137 struct ospf_packet *new;
718e3744 138
d62a17ae 139 new = XCALLOC(MTYPE_OSPF_PACKET, sizeof(struct ospf_packet));
140 new->s = stream_new(size);
718e3744 141
d62a17ae 142 return new;
718e3744 143}
144
d62a17ae 145void ospf_packet_free(struct ospf_packet *op)
718e3744 146{
d62a17ae 147 if (op->s)
148 stream_free(op->s);
718e3744 149
d62a17ae 150 XFREE(MTYPE_OSPF_PACKET, op);
718e3744 151}
152
4d762f26 153struct ospf_fifo *ospf_fifo_new(void)
718e3744 154{
d62a17ae 155 struct ospf_fifo *new;
718e3744 156
d62a17ae 157 new = XCALLOC(MTYPE_OSPF_FIFO, sizeof(struct ospf_fifo));
158 return new;
718e3744 159}
160
161/* Add new packet to fifo. */
d62a17ae 162void ospf_fifo_push(struct ospf_fifo *fifo, struct ospf_packet *op)
718e3744 163{
d62a17ae 164 if (fifo->tail)
165 fifo->tail->next = op;
166 else
167 fifo->head = op;
718e3744 168
d62a17ae 169 fifo->tail = op;
718e3744 170
d62a17ae 171 fifo->count++;
718e3744 172}
173
aa276fd7 174/* Add new packet to head of fifo. */
d62a17ae 175static void ospf_fifo_push_head(struct ospf_fifo *fifo, struct ospf_packet *op)
aa276fd7 176{
d62a17ae 177 op->next = fifo->head;
178
179 if (fifo->tail == NULL)
180 fifo->tail = op;
181
182 fifo->head = op;
183
184 fifo->count++;
aa276fd7
PJ		 185}
186
718e3744 187/* Delete first packet from fifo. */
d62a17ae 188struct ospf_packet *ospf_fifo_pop(struct ospf_fifo *fifo)
718e3744 189{
d62a17ae 190 struct ospf_packet *op;
718e3744 191
d62a17ae 192 op = fifo->head;
718e3744 193
d62a17ae 194 if (op) {
195 fifo->head = op->next;
718e3744 196
d62a17ae 197 if (fifo->head == NULL)
198 fifo->tail = NULL;
718e3744 199
d62a17ae 200 fifo->count--;
201 }
718e3744 202
d62a17ae 203 return op;
718e3744 204}
205
206/* Return first fifo entry. */
d62a17ae 207struct ospf_packet *ospf_fifo_head(struct ospf_fifo *fifo)
718e3744 208{
d62a17ae 209 return fifo->head;
718e3744 210}
211
212/* Flush ospf packet fifo. */
d62a17ae 213void ospf_fifo_flush(struct ospf_fifo *fifo)
718e3744 214{
d62a17ae 215 struct ospf_packet *op;
216 struct ospf_packet *next;
718e3744 217
d62a17ae 218 for (op = fifo->head; op; op = next) {
219 next = op->next;
220 ospf_packet_free(op);
221 }
222 fifo->head = fifo->tail = NULL;
223 fifo->count = 0;
718e3744 224}
225
226/* Free ospf packet fifo. */
d62a17ae 227void ospf_fifo_free(struct ospf_fifo *fifo)
718e3744 228{
d62a17ae 229 ospf_fifo_flush(fifo);
718e3744 230
d62a17ae 231 XFREE(MTYPE_OSPF_FIFO, fifo);
718e3744 232}
233
7cec50a5 234static void ospf_packet_add(struct ospf_interface *oi, struct ospf_packet *op)
718e3744 235{
d62a17ae 236 /* Add packet to end of queue. */
237 ospf_fifo_push(oi->obuf, op);
718e3744 238
d62a17ae 239 /* Debug of packet fifo*/
240 /* ospf_fifo_debug (oi->obuf); */
718e3744 241}
242
d62a17ae 243static void ospf_packet_add_top(struct ospf_interface *oi,
244 struct ospf_packet *op)
aa276fd7 245{
d62a17ae 246 /* Add packet to head of queue. */
247 ospf_fifo_push_head(oi->obuf, op);
aa276fd7 248
d62a17ae 249 /* Debug of packet fifo*/
250 /* ospf_fifo_debug (oi->obuf); */
aa276fd7
PJ		 251}
252
7cec50a5 253static void ospf_packet_delete(struct ospf_interface *oi)
718e3744 254{
d62a17ae 255 struct ospf_packet *op;
256
257 op = ospf_fifo_pop(oi->obuf);
718e3744 258
d62a17ae 259 if (op)
260 ospf_packet_free(op);
718e3744 261}
262
7cec50a5 263static struct ospf_packet *ospf_packet_dup(struct ospf_packet *op)
718e3744 264{
d62a17ae 265 struct ospf_packet *new;
718e3744 266
d62a17ae 267 if (stream_get_endp(op->s) != op->length)
268 /* XXX size_t */
c9cc11f6 269 zlog_debug(
d62a17ae 270 "ospf_packet_dup stream %lu ospf_packet %u size mismatch",
d7c0a89a 271 (unsigned long)STREAM_SIZE(op->s), op->length);
30961a15 272
d62a17ae 273 /* Reserve space for MD5 authentication that may be added later. */
274 new = ospf_packet_new(stream_get_endp(op->s) + OSPF_AUTH_MD5_SIZE);
275 stream_copy(new->s, op->s);
718e3744 276
d62a17ae 277 new->dst = op->dst;
278 new->length = op->length;
718e3744 279
d62a17ae 280 return new;
718e3744 281}
282
86f1fd96 283/* XXX inline */
d62a17ae 284static unsigned int ospf_packet_authspace(struct ospf_interface *oi)
86f1fd96 285{
d62a17ae 286 int auth = 0;
86f1fd96 287
d62a17ae 288 if (ospf_auth_type(oi) == OSPF_AUTH_CRYPTOGRAPHIC)
289 auth = OSPF_AUTH_MD5_SIZE;
86f1fd96 290
d62a17ae 291 return auth;
86f1fd96 292}
293
d62a17ae 294static unsigned int ospf_packet_max(struct ospf_interface *oi)
718e3744 295{
d62a17ae 296 int max;
718e3744 297
d62a17ae 298 max = oi->ifp->mtu - ospf_packet_authspace(oi);
86f1fd96 299
d62a17ae 300 max -= (OSPF_HEADER_SIZE + sizeof(struct ip));
718e3744 301
d62a17ae 302 return max;
718e3744 303}
304
6b0655a2 305
d62a17ae 306static int ospf_check_md5_digest(struct ospf_interface *oi,
307 struct ospf_header *ospfh)
718e3744 308{
0513a271
MR		 309#ifdef CRYPTO_OPENSSL
310 EVP_MD_CTX *ctx;
311#elif CRYPTO_INTERNAL
d62a17ae 312 MD5_CTX ctx;
0513a271 313#endif
d62a17ae 314 unsigned char digest[OSPF_AUTH_MD5_SIZE];
315 struct crypt_key *ck;
316 struct ospf_neighbor *nbr;
d7c0a89a 317 uint16_t length = ntohs(ospfh->length);
d62a17ae 318
319 /* Get secret key. */
320 ck = ospf_crypt_key_lookup(OSPF_IF_PARAM(oi, auth_crypt),
321 ospfh->u.crypt.key_id);
322 if (ck == NULL) {
1c50c1c0
QY		 323 flog_warn(EC_OSPF_MD5, "interface %s: ospf_check_md5 no key %d",
324 IF_NAME(oi), ospfh->u.crypt.key_id);
d62a17ae 325 return 0;
326 }
718e3744 327
d62a17ae 328 /* check crypto seqnum. */
329 nbr = ospf_nbr_lookup_by_routerid(oi->nbrs, &ospfh->router_id);
718e3744 330
d62a17ae 331 if (nbr
332 && ntohl(nbr->crypt_seqnum) > ntohl(ospfh->u.crypt.crypt_seqnum)) {
c9cc11f6 333 flog_warn(
cf444bcf 334 EC_OSPF_MD5,
d62a17ae 335 "interface %s: ospf_check_md5 bad sequence %d (expect %d)",
336 IF_NAME(oi), ntohl(ospfh->u.crypt.crypt_seqnum),
337 ntohl(nbr->crypt_seqnum));
338 return 0;
339 }
718e3744 340
d62a17ae 341 /* Generate a digest for the ospf packet - their digest + our digest. */
0513a271
MR		 342#ifdef CRYPTO_OPENSSL
343 unsigned int md5_size = OSPF_AUTH_MD5_SIZE;
344 ctx = EVP_MD_CTX_new();
345 EVP_DigestInit(ctx, EVP_md5());
346 EVP_DigestUpdate(ctx, ospfh, length);
347 EVP_DigestUpdate(ctx, ck->auth_key, OSPF_AUTH_MD5_SIZE);
348 EVP_DigestFinal(ctx, digest, &md5_size);
349 EVP_MD_CTX_free(ctx);
350#elif CRYPTO_INTERNAL
d62a17ae 351 memset(&ctx, 0, sizeof(ctx));
352 MD5Init(&ctx);
353 MD5Update(&ctx, ospfh, length);
354 MD5Update(&ctx, ck->auth_key, OSPF_AUTH_MD5_SIZE);
355 MD5Final(digest, &ctx);
0513a271 356#endif
d62a17ae 357
358 /* compare the two */
359 if (memcmp((caddr_t)ospfh + length, digest, OSPF_AUTH_MD5_SIZE)) {
cf444bcf 360 flog_warn(EC_OSPF_MD5,
c9cc11f6 361 "interface %s: ospf_check_md5 checksum mismatch",
d62a17ae 362 IF_NAME(oi));
363 return 0;
364 }
718e3744 365
d62a17ae 366 /* save neighbor's crypt_seqnum */
367 if (nbr)
368 nbr->crypt_seqnum = ospfh->u.crypt.crypt_seqnum;
369 return 1;
718e3744 370}
371
372/* This function is called from ospf_write(), it will detect the
373 authentication scheme and if it is MD5, it will change the sequence
374 and update the MD5 digest. */
d62a17ae 375static int ospf_make_md5_digest(struct ospf_interface *oi,
376 struct ospf_packet *op)
377{
378 struct ospf_header *ospfh;
379 unsigned char digest[OSPF_AUTH_MD5_SIZE] = {0};
0513a271
MR		 380#ifdef CRYPTO_OPENSSL
381 EVP_MD_CTX *ctx;
382#elif CRYPTO_INTERNAL
d62a17ae 383 MD5_CTX ctx;
0513a271 384#endif
d62a17ae 385 void *ibuf;
d7c0a89a 386 uint32_t t;
d62a17ae 387 struct crypt_key *ck;
d7c0a89a 388 const uint8_t *auth_key;
d62a17ae 389
390 ibuf = STREAM_DATA(op->s);
391 ospfh = (struct ospf_header *)ibuf;
392
393 if (ntohs(ospfh->auth_type) != OSPF_AUTH_CRYPTOGRAPHIC)
394 return 0;
395
396 /* We do this here so when we dup a packet, we don't have to
397 waste CPU rewriting other headers.
398
399 Note that quagga_time /deliberately/ is not used here */
400 t = (time(NULL) & 0xFFFFFFFF);
401 if (t > oi->crypt_seqnum)
402 oi->crypt_seqnum = t;
403 else
404 oi->crypt_seqnum++;
405
406 ospfh->u.crypt.crypt_seqnum = htonl(oi->crypt_seqnum);
407
408 /* Get MD5 Authentication key from auth_key list. */
409 if (list_isempty(OSPF_IF_PARAM(oi, auth_crypt)))
d7c0a89a 410 auth_key = (const uint8_t *)digest;
d62a17ae 411 else {
412 ck = listgetdata(listtail(OSPF_IF_PARAM(oi, auth_crypt)));
413 auth_key = ck->auth_key;
414 }
718e3744 415
d62a17ae 416 /* Generate a digest for the entire packet + our secret key. */
0513a271
MR		 417#ifdef CRYPTO_OPENSSL
418 unsigned int md5_size = OSPF_AUTH_MD5_SIZE;
419 ctx = EVP_MD_CTX_new();
420 EVP_DigestInit(ctx, EVP_md5());
421 EVP_DigestUpdate(ctx, ibuf, ntohs(ospfh->length));
422 EVP_DigestUpdate(ctx, auth_key, OSPF_AUTH_MD5_SIZE);
423 EVP_DigestFinal(ctx, digest, &md5_size);
424 EVP_MD_CTX_free(ctx);
425#elif CRYPTO_INTERNAL
d62a17ae 426 memset(&ctx, 0, sizeof(ctx));
427 MD5Init(&ctx);
428 MD5Update(&ctx, ibuf, ntohs(ospfh->length));
429 MD5Update(&ctx, auth_key, OSPF_AUTH_MD5_SIZE);
430 MD5Final(digest, &ctx);
0513a271 431#endif
718e3744 432
d62a17ae 433 /* Append md5 digest to the end of the stream. */
434 stream_put(op->s, digest, OSPF_AUTH_MD5_SIZE);
718e3744 435
d62a17ae 436 /* We do *NOT* increment the OSPF header length. */
437 op->length = ntohs(ospfh->length) + OSPF_AUTH_MD5_SIZE;
30961a15 438
d62a17ae 439 if (stream_get_endp(op->s) != op->length)
440 /* XXX size_t */
c9cc11f6 441 flog_warn(
cf444bcf 442 EC_OSPF_MD5,
d62a17ae 443 "ospf_make_md5_digest: length mismatch stream %lu ospf_packet %u",
d7c0a89a 444 (unsigned long)stream_get_endp(op->s), op->length);
718e3744 445
d62a17ae 446 return OSPF_AUTH_MD5_SIZE;
718e3744 447}
448
6b0655a2 449
d62a17ae 450static int ospf_ls_req_timer(struct thread *thread)
718e3744 451{
d62a17ae 452 struct ospf_neighbor *nbr;
718e3744 453
d62a17ae 454 nbr = THREAD_ARG(thread);
455 nbr->t_ls_req = NULL;
718e3744 456
d62a17ae 457 /* Send Link State Request. */
458 if (ospf_ls_request_count(nbr))
459 ospf_ls_req_send(nbr);
718e3744 460
d62a17ae 461 /* Set Link State Request retransmission timer. */
462 OSPF_NSM_TIMER_ON(nbr->t_ls_req, ospf_ls_req_timer, nbr->v_ls_req);
718e3744 463
d62a17ae 464 return 0;
718e3744 465}
466
d62a17ae 467void ospf_ls_req_event(struct ospf_neighbor *nbr)
718e3744 468{
d62a17ae 469 if (nbr->t_ls_req) {
470 thread_cancel(nbr->t_ls_req);
471 nbr->t_ls_req = NULL;
472 }
473 nbr->t_ls_req = NULL;
474 thread_add_event(master, ospf_ls_req_timer, nbr, 0, &nbr->t_ls_req);
718e3744 475}
476
477/* Cyclic timer function. Fist registered in ospf_nbr_new () in
478 ospf_neighbor.c */
d62a17ae 479int ospf_ls_upd_timer(struct thread *thread)
480{
481 struct ospf_neighbor *nbr;
482
483 nbr = THREAD_ARG(thread);
484 nbr->t_ls_upd = NULL;
485
486 /* Send Link State Update. */
487 if (ospf_ls_retransmit_count(nbr) > 0) {
488 struct list *update;
489 struct ospf_lsdb *lsdb;
490 int i;
491 int retransmit_interval;
492
493 retransmit_interval =
494 OSPF_IF_PARAM(nbr->oi, retransmit_interval);
495
496 lsdb = &nbr->ls_rxmt;
497 update = list_new();
498
499 for (i = OSPF_MIN_LSA; i < OSPF_MAX_LSA; i++) {
500 struct route_table *table = lsdb->type[i].db;
501 struct route_node *rn;
502
503 for (rn = route_top(table); rn; rn = route_next(rn)) {
504 struct ospf_lsa *lsa;
505
506 if ((lsa = rn->info) != NULL) {
507 /* Don't retransmit an LSA if we
508 received it within
509 the last RxmtInterval seconds - this
510 is to allow the
511 neighbour a chance to acknowledge the
512 LSA as it may
513 have ben just received before the
514 retransmit timer
515 fired. This is a small tweak to what
516 is in the RFC,
517 but it will cut out out a lot of
518 retransmit traffic
519 - MAG */
520 if (monotime_since(&lsa->tv_recv, NULL)
521 >= retransmit_interval * 1000000LL)
522 listnode_add(update, rn->info);
523 }
524 }
525 }
718e3744 526
d62a17ae 527 if (listcount(update) > 0)
996c9314
LB		 528 ospf_ls_upd_send(nbr, update, OSPF_SEND_PACKET_DIRECT,
529 0);
6a154c88 530 list_delete(&update);
718e3744 531 }
532
d62a17ae 533 /* Set LS Update retransmission timer. */
534 OSPF_NSM_TIMER_ON(nbr->t_ls_upd, ospf_ls_upd_timer, nbr->v_ls_upd);
718e3744 535
d62a17ae 536 return 0;
718e3744 537}
538
d62a17ae 539int ospf_ls_ack_timer(struct thread *thread)
718e3744 540{
d62a17ae 541 struct ospf_interface *oi;
718e3744 542
d62a17ae 543 oi = THREAD_ARG(thread);
544 oi->t_ls_ack = NULL;
718e3744 545
d62a17ae 546 /* Send Link State Acknowledgment. */
547 if (listcount(oi->ls_ack) > 0)
548 ospf_ls_ack_send_delayed(oi);
718e3744 549
d62a17ae 550 /* Set LS Ack timer. */
551 OSPF_ISM_TIMER_ON(oi->t_ls_ack, ospf_ls_ack_timer, oi->v_ls_ack);
718e3744 552
d62a17ae 553 return 0;
718e3744 554}
555
0bfeca3f 556#ifdef WANT_OSPF_WRITE_FRAGMENT
d62a17ae 557static void ospf_write_frags(int fd, struct ospf_packet *op, struct ip *iph,
558 struct msghdr *msg, unsigned int maxdatasize,
d7c0a89a 559 unsigned int mtu, int flags, uint8_t type)
0bfeca3f 560{
561#define OSPF_WRITE_FRAG_SHIFT 3
d7c0a89a 562 uint16_t offset;
d62a17ae 563 struct iovec *iovp;
564 int ret;
565
566 assert(op->length == stream_get_endp(op->s));
567 assert(msg->msg_iovlen == 2);
568
569 /* we can but try.
570 *
571 * SunOS, BSD and BSD derived kernels likely will clear ip_id, as
572 * well as the IP_MF flag, making this all quite pointless.
573 *
574 * However, for a system on which IP_MF is left alone, and ip_id left
575 * alone or else which sets same ip_id for each fragment this might
576 * work, eg linux.
577 *
578 * XXX-TODO: It would be much nicer to have the kernel's use their
579 * existing fragmentation support to do this for us. Bugs/RFEs need to
580 * be raised against the various kernels.
581 */
582
583 /* set More Frag */
584 iph->ip_off |= IP_MF;
585
586 /* ip frag offset is expressed in units of 8byte words */
587 offset = maxdatasize >> OSPF_WRITE_FRAG_SHIFT;
588
589 iovp = &msg->msg_iov[1];
590
591 while ((stream_get_endp(op->s) - stream_get_getp(op->s))
592 > maxdatasize) {
593 /* data length of this frag is to next offset value */
594 iovp->iov_len = offset << OSPF_WRITE_FRAG_SHIFT;
595 iph->ip_len = iovp->iov_len + sizeof(struct ip);
596 assert(iph->ip_len <= mtu);
597
598 sockopt_iphdrincl_swab_htosys(iph);
599
600 ret = sendmsg(fd, msg, flags);
601
602 sockopt_iphdrincl_swab_systoh(iph);
603
604 if (ret < 0)
c9cc11f6 605 flog_err(
450971aa 606 EC_LIB_SOCKET,
d62a17ae 607 "*** ospf_write_frags: sendmsg failed to %s,"
608 " id %d, off %d, len %d, mtu %u failed with %s",
609 inet_ntoa(iph->ip_dst), iph->ip_id, iph->ip_off,
610 iph->ip_len, mtu, safe_strerror(errno));
611
612 if (IS_DEBUG_OSPF_PACKET(type - 1, SEND)) {
613 zlog_debug(
614 "ospf_write_frags: sent id %d, off %d, len %d to %s\n",
615 iph->ip_id, iph->ip_off, iph->ip_len,
616 inet_ntoa(iph->ip_dst));
617 if (IS_DEBUG_OSPF_PACKET(type - 1, DETAIL)) {
618 zlog_debug(
619 "-----------------IP Header Dump----------------------");
620 ospf_ip_header_dump(iph);
621 zlog_debug(
622 "-----------------------------------------------------");
623 }
624 }
625
626 iph->ip_off += offset;
627 stream_forward_getp(op->s, iovp->iov_len);
2d34fb80 628 iovp->iov_base = stream_pnt(op->s);
d62a17ae 629 }
630
631 /* setup for final fragment */
632 iovp->iov_len = stream_get_endp(op->s) - stream_get_getp(op->s);
633 iph->ip_len = iovp->iov_len + sizeof(struct ip);
634 iph->ip_off &= (~IP_MF);
0bfeca3f 635}
636#endif /* WANT_OSPF_WRITE_FRAGMENT */
637
d62a17ae 638static int ospf_write(struct thread *thread)
639{
640 struct ospf *ospf = THREAD_ARG(thread);
641 struct ospf_interface *oi;
642 struct ospf_interface *last_serviced_oi = NULL;
643 struct ospf_packet *op;
644 struct sockaddr_in sa_dst;
645 struct ip iph;
646 struct msghdr msg;
647 struct iovec iov[2];
d7c0a89a 648 uint8_t type;
d62a17ae 649 int ret;
650 int flags = 0;
651 struct listnode *node;
0bfeca3f 652#ifdef WANT_OSPF_WRITE_FRAGMENT
d7c0a89a
QY		 653 static uint16_t ipid = 0;
654 uint16_t maxdatasize;
9d303b37 655#endif /* WANT_OSPF_WRITE_FRAGMENT */
68b7339a 656#define OSPF_WRITE_IPHL_SHIFT 2
d62a17ae 657 int pkt_count = 0;
e1b18df1
CS		 658
659#ifdef GNU_LINUX
3e300703 660 unsigned char cmsgbuf[64] = {};
e7503eab
CS		 661 struct cmsghdr *cm = (struct cmsghdr *)cmsgbuf;
662 struct in_pktinfo *pi;
e1b18df1 663#endif
d62a17ae 664
c32eba04
CS		 665 if (ospf->fd < 0 || ospf->oi_running == 0) {
666 if (IS_DEBUG_OSPF_EVENT)
667 zlog_debug(
668 "ospf_write failed to send, fd %d, instance %u"
669 ,ospf->fd, ospf->oi_running);
670 return -1;
671 }
672
d62a17ae 673 node = listhead(ospf->oi_write_q);
674 assert(node);
675 oi = listgetdata(node);
0bfeca3f 676
677#ifdef WANT_OSPF_WRITE_FRAGMENT
d62a17ae 678 /* seed ipid static with low order bits of time */
679 if (ipid == 0)
680 ipid = (time(NULL) & 0xffff);
0bfeca3f 681#endif /* WANT_OSPF_WRITE_FRAGMENT */
682
d62a17ae 683 while ((pkt_count < ospf->write_oi_count) && oi
684 && (last_serviced_oi != oi)) {
685 /* If there is only packet in the queue, the oi is removed from
686 write-q, so fix up the last interface that was serviced */
687 if (last_serviced_oi == NULL) {
688 last_serviced_oi = oi;
689 }
690 pkt_count++;
233cc0fb 691#ifdef WANT_OSPF_WRITE_FRAGMENT
d62a17ae 692 /* convenience - max OSPF data per packet */
693 maxdatasize = oi->ifp->mtu - sizeof(struct ip);
233cc0fb 694#endif /* WANT_OSPF_WRITE_FRAGMENT */
d62a17ae 695 /* Get one packet from queue. */
696 op = ospf_fifo_head(oi->obuf);
697 assert(op);
698 assert(op->length >= OSPF_HEADER_SIZE);
699
700 if (op->dst.s_addr == htonl(OSPF_ALLSPFROUTERS)
701 || op->dst.s_addr == htonl(OSPF_ALLDROUTERS))
702 ospf_if_ipmulticast(ospf, oi->address,
703 oi->ifp->ifindex);
704
705 /* Rewrite the md5 signature & update the seq */
706 ospf_make_md5_digest(oi, op);
707
708 /* Retrieve OSPF packet type. */
709 stream_set_getp(op->s, 1);
710 type = stream_getc(op->s);
711
712 /* reset get pointer */
713 stream_set_getp(op->s, 0);
714
715 memset(&iph, 0, sizeof(struct ip));
716 memset(&sa_dst, 0, sizeof(sa_dst));
717
718 sa_dst.sin_family = AF_INET;
6f0e3f6e 719#ifdef HAVE_STRUCT_SOCKADDR_IN_SIN_LEN
d62a17ae 720 sa_dst.sin_len = sizeof(sa_dst);
6f0e3f6e 721#endif /* HAVE_STRUCT_SOCKADDR_IN_SIN_LEN */
d62a17ae 722 sa_dst.sin_addr = op->dst;
723 sa_dst.sin_port = htons(0);
724
725 /* Set DONTROUTE flag if dst is unicast. */
726 if (oi->type != OSPF_IFTYPE_VIRTUALLINK)
727 if (!IN_MULTICAST(htonl(op->dst.s_addr)))
728 flags = MSG_DONTROUTE;
729
730 iph.ip_hl = sizeof(struct ip) >> OSPF_WRITE_IPHL_SHIFT;
731 /* it'd be very strange for header to not be 4byte-word aligned
732 * but.. */
733 if (sizeof(struct ip)
734 > (unsigned int)(iph.ip_hl << OSPF_WRITE_IPHL_SHIFT))
735 iph.ip_hl++; /* we presume sizeof struct ip cant
736 overflow ip_hl.. */
737
738 iph.ip_v = IPVERSION;
739 iph.ip_tos = IPTOS_PREC_INTERNETCONTROL;
740 iph.ip_len = (iph.ip_hl << OSPF_WRITE_IPHL_SHIFT) + op->length;
68b7339a 741
0150c9c9 742#if defined(__DragonFly__)
d62a17ae 743 /*
744 * DragonFly's raw socket expects ip_len/ip_off in network byte
745 * order.
746 */
747 iph.ip_len = htons(iph.ip_len);
0150c9c9
DB		 748#endif
749
0bfeca3f 750#ifdef WANT_OSPF_WRITE_FRAGMENT
d62a17ae 751 /* XXX-MT: not thread-safe at all..
752 * XXX: this presumes this is only programme sending OSPF
753 * packets
754 * otherwise, no guarantee ipid will be unique
755 */
756 iph.ip_id = ++ipid;
0bfeca3f 757#endif /* WANT_OSPF_WRITE_FRAGMENT */
758
d62a17ae 759 iph.ip_off = 0;
760 if (oi->type == OSPF_IFTYPE_VIRTUALLINK)
761 iph.ip_ttl = OSPF_VL_IP_TTL;
762 else
763 iph.ip_ttl = OSPF_IP_TTL;
764 iph.ip_p = IPPROTO_OSPFIGP;
765 iph.ip_sum = 0;
766 iph.ip_src.s_addr = oi->address->u.prefix4.s_addr;
767 iph.ip_dst.s_addr = op->dst.s_addr;
768
769 memset(&msg, 0, sizeof(msg));
770 msg.msg_name = (caddr_t)&sa_dst;
771 msg.msg_namelen = sizeof(sa_dst);
772 msg.msg_iov = iov;
773 msg.msg_iovlen = 2;
e7503eab 774
d62a17ae 775 iov[0].iov_base = (char *)&iph;
776 iov[0].iov_len = iph.ip_hl << OSPF_WRITE_IPHL_SHIFT;
2d34fb80 777 iov[1].iov_base = stream_pnt(op->s);
d62a17ae 778 iov[1].iov_len = op->length;
779
e1b18df1
CS		 780#ifdef GNU_LINUX
781 msg.msg_control = (caddr_t)cm;
e7503eab
CS		 782 cm->cmsg_level = SOL_IP;
783 cm->cmsg_type = IP_PKTINFO;
784 cm->cmsg_len = CMSG_LEN(sizeof(struct in_pktinfo));
785 pi = (struct in_pktinfo *)CMSG_DATA(cm);
786 pi->ipi_ifindex = oi->ifp->ifindex;
787
788 msg.msg_controllen = cm->cmsg_len;
e1b18df1 789#endif
e7503eab 790
996c9314
LB		 791/* Sadly we can not rely on kernels to fragment packets
792 * because of either IP_HDRINCL and/or multicast
793 * destination being set.
794 */
e7503eab 795
0bfeca3f 796#ifdef WANT_OSPF_WRITE_FRAGMENT
d62a17ae 797 if (op->length > maxdatasize)
798 ospf_write_frags(ospf->fd, op, &iph, &msg, maxdatasize,
799 oi->ifp->mtu, flags, type);
0bfeca3f 800#endif /* WANT_OSPF_WRITE_FRAGMENT */
718e3744 801
d62a17ae 802 /* send final fragment (could be first) */
803 sockopt_iphdrincl_swab_htosys(&iph);
804 ret = sendmsg(ospf->fd, &msg, flags);
805 sockopt_iphdrincl_swab_systoh(&iph);
806 if (IS_DEBUG_OSPF_EVENT)
807 zlog_debug(
808 "ospf_write to %s, "
809 "id %d, off %d, len %d, interface %s, mtu %u:",
810 inet_ntoa(iph.ip_dst), iph.ip_id, iph.ip_off,
811 iph.ip_len, oi->ifp->name, oi->ifp->mtu);
812
813 if (ret < 0)
c9cc11f6 814 flog_err(
450971aa 815 EC_LIB_SOCKET,
d62a17ae 816 "*** sendmsg in ospf_write failed to %s, "
817 "id %d, off %d, len %d, interface %s, mtu %u: %s",
818 inet_ntoa(iph.ip_dst), iph.ip_id, iph.ip_off,
819 iph.ip_len, oi->ifp->name, oi->ifp->mtu,
820 safe_strerror(errno));
821
822 /* Show debug sending packet. */
823 if (IS_DEBUG_OSPF_PACKET(type - 1, SEND)) {
824 if (IS_DEBUG_OSPF_PACKET(type - 1, DETAIL)) {
825 zlog_debug(
826 "-----------------------------------------------------");
827 ospf_ip_header_dump(&iph);
828 stream_set_getp(op->s, 0);
829 ospf_packet_dump(op->s);
830 }
831
832 zlog_debug("%s sent to [%s] via [%s].",
833 lookup_msg(ospf_packet_type_str, type, NULL),
834 inet_ntoa(op->dst), IF_NAME(oi));
835
836 if (IS_DEBUG_OSPF_PACKET(type - 1, DETAIL))
837 zlog_debug(
838 "-----------------------------------------------------");
839 }
840
c9339663 841 switch (type) {
996c9314
LB		 842 case OSPF_MSG_HELLO:
843 oi->hello_out++;
844 break;
845 case OSPF_MSG_DB_DESC:
846 oi->db_desc_out++;
847 break;
848 case OSPF_MSG_LS_REQ:
849 oi->ls_req_out++;
850 break;
851 case OSPF_MSG_LS_UPD:
852 oi->ls_upd_out++;
853 break;
854 case OSPF_MSG_LS_ACK:
855 oi->ls_ack_out++;
856 break;
857 default:
858 break;
c9339663
CS		 859 }
860
d62a17ae 861 /* Now delete packet from queue. */
862 ospf_packet_delete(oi);
863
864 /* Move this interface to the tail of write_q to
865 serve everyone in a round robin fashion */
866 list_delete_node(ospf->oi_write_q, node);
867 if (ospf_fifo_head(oi->obuf) == NULL) {
868 oi->on_write_q = 0;
869 last_serviced_oi = NULL;
870 oi = NULL;
871 } else {
872 listnode_add(ospf->oi_write_q, oi);
e8f45e82 873 }
d62a17ae 874
875 /* Setup to service from the head of the queue again */
876 if (!list_isempty(ospf->oi_write_q)) {
877 node = listhead(ospf->oi_write_q);
d62a17ae 878 oi = listgetdata(node);
d62a17ae 879 }
880 }
881
882 /* If packets still remain in queue, call write thread. */
4bb420ab 883 if (!list_isempty(ospf->oi_write_q))
d62a17ae 884 thread_add_write(master, ospf_write, ospf, ospf->fd,
885 &ospf->t_write);
718e3744 886
d62a17ae 887 return 0;
718e3744 888}
889
890/* OSPF Hello message read -- RFC2328 Section 10.5. */
d62a17ae 891static void ospf_hello(struct ip *iph, struct ospf_header *ospfh,
892 struct stream *s, struct ospf_interface *oi, int size)
893{
894 struct ospf_hello *hello;
895 struct ospf_neighbor *nbr;
896 int old_state;
897 struct prefix p;
898
899 /* increment statistics. */
900 oi->hello_in++;
901
2d34fb80 902 hello = (struct ospf_hello *)stream_pnt(s);
d62a17ae 903
904 /* If Hello is myself, silently discard. */
905 if (IPV4_ADDR_SAME(&ospfh->router_id, &oi->ospf->router_id)) {
906 if (IS_DEBUG_OSPF_PACKET(ospfh->type - 1, RECV)) {
907 zlog_debug(
908 "ospf_header[%s/%s]: selforiginated, "
909 "dropping.",
910 lookup_msg(ospf_packet_type_str, ospfh->type,
911 NULL),
912 inet_ntoa(iph->ip_src));
913 }
914 return;
915 }
916
917 /* get neighbor prefix. */
918 p.family = AF_INET;
919 p.prefixlen = ip_masklen(hello->network_mask);
920 p.u.prefix4 = iph->ip_src;
921
922 /* Compare network mask. */
923 /* Checking is ignored for Point-to-Point and Virtual link. */
924 if (oi->type != OSPF_IFTYPE_POINTOPOINT
925 && oi->type != OSPF_IFTYPE_VIRTUALLINK)
926 if (oi->address->prefixlen != p.prefixlen) {
c9cc11f6 927 flog_warn(
cf444bcf 928 EC_OSPF_PACKET,
d62a17ae 929 "Packet %s [Hello:RECV]: NetworkMask mismatch on %s (configured prefix length is %d, but hello packet indicates %d).",
930 inet_ntoa(ospfh->router_id), IF_NAME(oi),
931 (int)oi->address->prefixlen, (int)p.prefixlen);
932 return;
933 }
934
935 /* Compare Router Dead Interval. */
936 if (OSPF_IF_PARAM(oi, v_wait) != ntohl(hello->dead_interval)) {
cf444bcf 937 flog_warn(EC_OSPF_PACKET,
c9cc11f6
DS		 938 "Packet %s [Hello:RECV]: RouterDeadInterval mismatch "
939 "(expected %u, but received %u).",
940 inet_ntoa(ospfh->router_id),
941 OSPF_IF_PARAM(oi, v_wait),
942 ntohl(hello->dead_interval));
d62a17ae 943 return;
944 }
945
946 /* Compare Hello Interval - ignored if fast-hellos are set. */
947 if (OSPF_IF_PARAM(oi, fast_hello) == 0) {
948 if (OSPF_IF_PARAM(oi, v_hello)
949 != ntohs(hello->hello_interval)) {
c9cc11f6 950 flog_warn(
cf444bcf 951 EC_OSPF_PACKET,
d62a17ae 952 "Packet %s [Hello:RECV]: HelloInterval mismatch "
953 "(expected %u, but received %u).",
954 inet_ntoa(ospfh->router_id),
955 OSPF_IF_PARAM(oi, v_hello),
956 ntohs(hello->hello_interval));
957 return;
958 }
959 }
960
961 if (IS_DEBUG_OSPF_EVENT)
b5a8894d 962 zlog_debug("Packet %s [Hello:RECV]: Options %s vrf %s",
d62a17ae 963 inet_ntoa(ospfh->router_id),
b5a8894d
CS		 964 ospf_options_dump(hello->options),
965 ospf_vrf_id_to_name(oi->ospf->vrf_id));
d62a17ae 966
967/* Compare options. */
718e3744 968#define REJECT_IF_TBIT_ON 1 /* XXX */
969#ifdef REJECT_IF_TBIT_ON
d62a17ae 970 if (CHECK_FLAG(hello->options, OSPF_OPTION_MT)) {
971 /*
972 * This router does not support non-zero TOS.
973 * Drop this Hello packet not to establish neighbor
974 * relationship.
975 */
cf444bcf 976 flog_warn(EC_OSPF_PACKET,
c9cc11f6 977 "Packet %s [Hello:RECV]: T-bit on, drop it.",
d62a17ae 978 inet_ntoa(ospfh->router_id));
979 return;
980 }
718e3744 981#endif /* REJECT_IF_TBIT_ON */
982
d62a17ae 983 if (CHECK_FLAG(oi->ospf->config, OSPF_OPAQUE_CAPABLE)
984 && CHECK_FLAG(hello->options, OSPF_OPTION_O)) {
985 /*
986 * This router does know the correct usage of O-bit
987 * the bit should be set in DD packet only.
988 */
cf444bcf 989 flog_warn(EC_OSPF_PACKET,
c9cc11f6 990 "Packet %s [Hello:RECV]: O-bit abuse?",
d62a17ae 991 inet_ntoa(ospfh->router_id));
718e3744 992#ifdef STRICT_OBIT_USAGE_CHECK
d62a17ae 993 return; /* Reject this packet. */
994#else /* STRICT_OBIT_USAGE_CHECK */
995 UNSET_FLAG(hello->options, OSPF_OPTION_O); /* Ignore O-bit. */
996#endif /* STRICT_OBIT_USAGE_CHECK */
997 }
718e3744 998
d62a17ae 999 /* new for NSSA is to ensure that NP is on and E is off */
1000
1001 if (oi->area->external_routing == OSPF_AREA_NSSA) {
1002 if (!(CHECK_FLAG(OPTIONS(oi), OSPF_OPTION_NP)
1003 && CHECK_FLAG(hello->options, OSPF_OPTION_NP)
1004 && !CHECK_FLAG(OPTIONS(oi), OSPF_OPTION_E)
1005 && !CHECK_FLAG(hello->options, OSPF_OPTION_E))) {
c9cc11f6 1006 flog_warn(
cf444bcf 1007 EC_OSPF_PACKET,
d62a17ae 1008 "NSSA-Packet-%s[Hello:RECV]: my options: %x, his options %x",
1009 inet_ntoa(ospfh->router_id), OPTIONS(oi),
1010 hello->options);
1011 return;
1012 }
1013 if (IS_DEBUG_OSPF_NSSA)
1014 zlog_debug("NSSA-Hello:RECV:Packet from %s:",
1015 inet_ntoa(ospfh->router_id));
1016 } else
1017 /* The setting of the E-bit found in the Hello Packet's Options
1018 field must match this area's ExternalRoutingCapability A
1019 mismatch causes processing to stop and the packet to be
1020 dropped. The setting of the rest of the bits in the Hello
1021 Packet's Options field should be ignored. */
1022 if (CHECK_FLAG(OPTIONS(oi), OSPF_OPTION_E)
1023 != CHECK_FLAG(hello->options, OSPF_OPTION_E)) {
c9cc11f6 1024 flog_warn(
cf444bcf 1025 EC_OSPF_PACKET,
d62a17ae 1026 "Packet %s [Hello:RECV]: my options: %x, his options %x",
1027 inet_ntoa(ospfh->router_id), OPTIONS(oi),
1028 hello->options);
1029 return;
1030 }
718e3744 1031
d62a17ae 1032 /* get neighbour struct */
1033 nbr = ospf_nbr_get(oi, ospfh, iph, &p);
1034
1035 /* neighbour must be valid, ospf_nbr_get creates if none existed */
1036 assert(nbr);
1037
1038 old_state = nbr->state;
1039
1040 /* Add event to thread. */
1041 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_PacketReceived);
1042
1043 /* RFC2328 Section 9.5.1
1044 If the router is not eligible to become Designated Router,
1045 (snip) It must also send an Hello Packet in reply to an
1046 Hello Packet received from any eligible neighbor (other than
1047 the current Designated Router and Backup Designated Router). */
1048 if (oi->type == OSPF_IFTYPE_NBMA)
1049 if (PRIORITY(oi) == 0 && hello->priority > 0
1050 && IPV4_ADDR_CMP(&DR(oi), &iph->ip_src)
1051 && IPV4_ADDR_CMP(&BDR(oi), &iph->ip_src))
1052 OSPF_NSM_TIMER_ON(nbr->t_hello_reply,
1053 ospf_hello_reply_timer,
1054 OSPF_HELLO_REPLY_DELAY);
1055
1056 /* on NBMA network type, it happens to receive bidirectional Hello
1057 packet
1058 without advance 1-Way Received event.
1059 To avoid incorrect DR-seletion, raise 1-Way Received event.*/
1060 if (oi->type == OSPF_IFTYPE_NBMA
1061 && (old_state == NSM_Down || old_state == NSM_Attempt)) {
1062 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_OneWayReceived);
1063 nbr->priority = hello->priority;
1064 nbr->d_router = hello->d_router;
1065 nbr->bd_router = hello->bd_router;
1066 return;
1067 }
1068
1069 if (ospf_nbr_bidirectional(&oi->ospf->router_id, hello->neighbors,
1070 size - OSPF_HELLO_MIN_SIZE)) {
1071 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_TwoWayReceived);
1072 nbr->options |= hello->options;
1073 } else {
1074 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_OneWayReceived);
1075 /* Set neighbor information. */
1076 nbr->priority = hello->priority;
1077 nbr->d_router = hello->d_router;
1078 nbr->bd_router = hello->bd_router;
1079 return;
1080 }
1081
1082 /* If neighbor itself declares DR and no BDR exists,
1083 cause event BackupSeen */
1084 if (IPV4_ADDR_SAME(&nbr->address.u.prefix4, &hello->d_router))
1085 if (hello->bd_router.s_addr == 0 && oi->state == ISM_Waiting)
1086 OSPF_ISM_EVENT_SCHEDULE(oi, ISM_BackupSeen);
1087
1088 /* neighbor itself declares BDR. */
1089 if (oi->state == ISM_Waiting
1090 && IPV4_ADDR_SAME(&nbr->address.u.prefix4, &hello->bd_router))
1091 OSPF_ISM_EVENT_SCHEDULE(oi, ISM_BackupSeen);
1092
1093 /* had not previously. */
1094 if ((IPV4_ADDR_SAME(&nbr->address.u.prefix4, &hello->d_router)
1095 && IPV4_ADDR_CMP(&nbr->address.u.prefix4, &nbr->d_router))
1096 || (IPV4_ADDR_CMP(&nbr->address.u.prefix4, &hello->d_router)
1097 && IPV4_ADDR_SAME(&nbr->address.u.prefix4, &nbr->d_router)))
1098 OSPF_ISM_EVENT_SCHEDULE(oi, ISM_NeighborChange);
1099
1100 /* had not previously. */
1101 if ((IPV4_ADDR_SAME(&nbr->address.u.prefix4, &hello->bd_router)
1102 && IPV4_ADDR_CMP(&nbr->address.u.prefix4, &nbr->bd_router))
1103 || (IPV4_ADDR_CMP(&nbr->address.u.prefix4, &hello->bd_router)
1104 && IPV4_ADDR_SAME(&nbr->address.u.prefix4, &nbr->bd_router)))
1105 OSPF_ISM_EVENT_SCHEDULE(oi, ISM_NeighborChange);
1106
1107 /* Neighbor priority check. */
1108 if (nbr->priority >= 0 && nbr->priority != hello->priority)
1109 OSPF_ISM_EVENT_SCHEDULE(oi, ISM_NeighborChange);
1110
1111 /* Set neighbor information. */
1112 nbr->priority = hello->priority;
1113 nbr->d_router = hello->d_router;
1114 nbr->bd_router = hello->bd_router;
718e3744 1115}
1116
1117/* Save DD flags/options/Seqnum received. */
d62a17ae 1118static void ospf_db_desc_save_current(struct ospf_neighbor *nbr,
1119 struct ospf_db_desc *dd)
718e3744 1120{
d62a17ae 1121 nbr->last_recv.flags = dd->flags;
1122 nbr->last_recv.options = dd->options;
1123 nbr->last_recv.dd_seqnum = ntohl(dd->dd_seqnum);
718e3744 1124}
1125
1126/* Process rest of DD packet. */
d62a17ae 1127static void ospf_db_desc_proc(struct stream *s, struct ospf_interface *oi,
1128 struct ospf_neighbor *nbr,
d7c0a89a 1129 struct ospf_db_desc *dd, uint16_t size)
d62a17ae 1130{
1131 struct ospf_lsa *new, *find;
1132 struct lsa_header *lsah;
1133
1134 stream_forward_getp(s, OSPF_DB_DESC_MIN_SIZE);
1135 for (size -= OSPF_DB_DESC_MIN_SIZE; size >= OSPF_LSA_HEADER_SIZE;
1136 size -= OSPF_LSA_HEADER_SIZE) {
2d34fb80 1137 lsah = (struct lsa_header *)stream_pnt(s);
d62a17ae 1138 stream_forward_getp(s, OSPF_LSA_HEADER_SIZE);
1139
1140 /* Unknown LS type. */
1141 if (lsah->type < OSPF_MIN_LSA || lsah->type >= OSPF_MAX_LSA) {
cf444bcf 1142 flog_warn(EC_OSPF_PACKET,
c9cc11f6 1143 "Packet [DD:RECV]: Unknown LS type %d.",
d62a17ae 1144 lsah->type);
1145 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_SeqNumberMismatch);
1146 return;
1147 }
1148
1149 if (IS_OPAQUE_LSA(lsah->type)
1150 && !CHECK_FLAG(nbr->options, OSPF_OPTION_O)) {
cf444bcf 1151 flog_warn(EC_OSPF_PACKET,
c9cc11f6 1152 "LSA[Type%d:%s]: Opaque capability mismatch?",
d62a17ae 1153 lsah->type, inet_ntoa(lsah->id));
1154 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_SeqNumberMismatch);
1155 return;
1156 }
1157
1158 switch (lsah->type) {
1159 case OSPF_AS_EXTERNAL_LSA:
1160 case OSPF_OPAQUE_AS_LSA:
1161 /* Check for stub area. Reject if AS-External from stub
1162 but
1163 allow if from NSSA. */
1164 if (oi->area->external_routing == OSPF_AREA_STUB) {
c9cc11f6 1165 flog_warn(
cf444bcf 1166 EC_OSPF_PACKET,
d62a17ae 1167 "Packet [DD:RECV]: LSA[Type%d:%s] from %s area.",
1168 lsah->type, inet_ntoa(lsah->id),
1169 (oi->area->external_routing
1170 == OSPF_AREA_STUB)
1171 ? "STUB"
1172 : "NSSA");
1173 OSPF_NSM_EVENT_SCHEDULE(nbr,
1174 NSM_SeqNumberMismatch);
1175 return;
1176 }
1177 break;
1178 default:
1179 break;
1180 }
1181
1182 /* Create LS-request object. */
1183 new = ospf_ls_request_new(lsah);
1184
1185 /* Lookup received LSA, then add LS request list. */
1186 find = ospf_lsa_lookup_by_header(oi->area, lsah);
1187
1188 /* ospf_lsa_more_recent is fine with NULL pointers */
1189 switch (ospf_lsa_more_recent(find, new)) {
1190 case -1:
1191 /* Neighbour has a more recent LSA, we must request it
1192 */
1193 ospf_ls_request_add(nbr, new);
1194 /* fallthru */
1195 case 0:
1196 /* If we have a copy of this LSA, it's either less
1197 * recent
1198 * and we're requesting it from neighbour (the case
1199 * above), or
1200 * it's as recent and we both have same copy (this
1201 * case).
1202 *
1203 * In neither of these two cases is there any point in
1204 * describing our copy of the LSA to the neighbour in a
1205 * DB-Summary packet, if we're still intending to do so.
1206 *
1207 * See: draft-ogier-ospf-dbex-opt-00.txt, describing the
1208 * backward compatible optimisation to OSPF DB Exchange
1209 * /
1210 * DB Description process implemented here.
1211 */
1212 if (find)
1213 ospf_lsdb_delete(&nbr->db_sum, find);
1214 ospf_lsa_discard(new);
1215 break;
1216 default:
1217 /* We have the more recent copy, nothing specific to do:
1218 * - no need to request neighbours stale copy
1219 * - must leave DB summary list copy alone
1220 */
1221 if (IS_DEBUG_OSPF_EVENT)
1222 zlog_debug(
1223 "Packet [DD:RECV]: LSA received Type %d, "
1224 "ID %s is not recent.",
1225 lsah->type, inet_ntoa(lsah->id));
1226 ospf_lsa_discard(new);
1227 }
1228 }
1229
1230 /* Master */
1231 if (IS_SET_DD_MS(nbr->dd_flags)) {
1232 nbr->dd_seqnum++;
1233
1234 /* Both sides have no More, then we're done with Exchange */
1235 if (!IS_SET_DD_M(dd->flags) && !IS_SET_DD_M(nbr->dd_flags))
1236 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_ExchangeDone);
1237 else
1238 ospf_db_desc_send(nbr);
1239 }
1240 /* Slave */
1241 else {
1242 nbr->dd_seqnum = ntohl(dd->dd_seqnum);
1243
1244 /* Send DD packet in reply.
1245 *
1246 * Must be done to acknowledge the Master's DD, regardless of
1247 * whether we have more LSAs ourselves to describe.
1248 *
1249 * This function will clear the 'More' bit, if after this DD
1250 * we have no more LSAs to describe to the master..
1251 */
1252 ospf_db_desc_send(nbr);
1253
1254 /* Slave can raise ExchangeDone now, if master is also done */
1255 if (!IS_SET_DD_M(dd->flags) && !IS_SET_DD_M(nbr->dd_flags))
1256 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_ExchangeDone);
1257 }
1258
1259 /* Save received neighbor values from DD. */
1260 ospf_db_desc_save_current(nbr, dd);
1261
1262 if (!nbr->t_ls_req)
1263 ospf_ls_req_send(nbr);
1264}
1265
1266static int ospf_db_desc_is_dup(struct ospf_db_desc *dd,
1267 struct ospf_neighbor *nbr)
1268{
1269 /* Is DD duplicated? */
1270 if (dd->options == nbr->last_recv.options
1271 && dd->flags == nbr->last_recv.flags
1272 && dd->dd_seqnum == htonl(nbr->last_recv.dd_seqnum))
1273 return 1;
1274
1275 return 0;
718e3744 1276}
1277
1278/* OSPF Database Description message read -- RFC2328 Section 10.6. */
d62a17ae 1279static void ospf_db_desc(struct ip *iph, struct ospf_header *ospfh,
1280 struct stream *s, struct ospf_interface *oi,
d7c0a89a 1281 uint16_t size)
d62a17ae 1282{
1283 struct ospf_db_desc *dd;
1284 struct ospf_neighbor *nbr;
d363df2c 1285
d62a17ae 1286 /* Increment statistics. */
1287 oi->db_desc_in++;
718e3744 1288
2d34fb80 1289 dd = (struct ospf_db_desc *)stream_pnt(s);
d62a17ae 1290
1291 nbr = ospf_nbr_lookup(oi, iph, ospfh);
1292 if (nbr == NULL) {
cf444bcf 1293 flog_warn(EC_OSPF_PACKET, "Packet[DD]: Unknown Neighbor %s",
d62a17ae 1294 inet_ntoa(ospfh->router_id));
1295 return;
718e3744 1296 }
d62a17ae 1297
1298 /* Check MTU. */
1299 if ((OSPF_IF_PARAM(oi, mtu_ignore) == 0)
1300 && (ntohs(dd->mtu) > oi->ifp->mtu)) {
c9cc11f6 1301 flog_warn(
cf444bcf 1302 EC_OSPF_PACKET,
d62a17ae 1303 "Packet[DD]: Neighbor %s MTU %u is larger than [%s]'s MTU %u",
1304 inet_ntoa(nbr->router_id), ntohs(dd->mtu), IF_NAME(oi),
1305 oi->ifp->mtu);
1306 return;
718e3744 1307 }
1308
d62a17ae 1309 /*
1310 * XXX HACK by Hasso Tepper. Setting N/P bit in NSSA area DD packets is
1311 * not
1312 * required. In fact at least JunOS sends DD packets with P bit clear.
1313 * Until proper solution is developped, this hack should help.
1314 *
1315 * Update: According to the RFCs, N bit is specified /only/ for Hello
1316 * options, unfortunately its use in DD options is not specified. Hence
1317 * some
1318 * implementations follow E-bit semantics and set it in DD options, and
1319 * some
1320 * treat it as unspecified and hence follow the directive "default for
1321 * options is clear", ie unset.
1322 *
1323 * Reset the flag, as ospfd follows E-bit semantics.
1324 */
1325 if ((oi->area->external_routing == OSPF_AREA_NSSA)
1326 && (CHECK_FLAG(nbr->options, OSPF_OPTION_NP))
1327 && (!CHECK_FLAG(dd->options, OSPF_OPTION_NP))) {
1328 if (IS_DEBUG_OSPF_EVENT)
1329 zlog_debug(
1330 "Packet[DD]: Neighbour %s: Has NSSA capability, sends with N bit clear in DD options",
1331 inet_ntoa(nbr->router_id));
1332 SET_FLAG(dd->options, OSPF_OPTION_NP);
718e3744 1333 }
1334
d62a17ae 1335#ifdef REJECT_IF_TBIT_ON
1336 if (CHECK_FLAG(dd->options, OSPF_OPTION_MT)) {
1337 /*
1338 * In Hello protocol, optional capability must have checked
1339 * to prevent this T-bit enabled router be my neighbor.
1340 */
1c50c1c0 1341 flog_warn(EC_OSPF_PACKET, "Packet[DD]: Neighbor %s: T-bit on?",
d62a17ae 1342 inet_ntoa(nbr->router_id));
1343 return;
1344 }
1345#endif /* REJECT_IF_TBIT_ON */
1346
1347 if (CHECK_FLAG(dd->options, OSPF_OPTION_O)
1348 && !CHECK_FLAG(oi->ospf->config, OSPF_OPAQUE_CAPABLE)) {
1349 /*
1350 * This node is not configured to handle O-bit, for now.
1351 * Clear it to ignore unsupported capability proposed by
1352 * neighbor.
1353 */
1354 UNSET_FLAG(dd->options, OSPF_OPTION_O);
1355 }
1356
1357 /* Add event to thread. */
1358 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_PacketReceived);
1359
e6a22aeb
SK		 1360 if (CHECK_FLAG(oi->ospf->config, OSPF_LOG_ADJACENCY_DETAIL))
1361 zlog_info(
1362 "%s:Packet[DD]: Neighbor %s state is %s, seq_num:0x%x, local:0x%x",
1363 (oi->ospf->name) ? oi->ospf->name : VRF_DEFAULT_NAME,
1364 inet_ntoa(nbr->router_id),
1365 lookup_msg(ospf_nsm_state_msg, nbr->state, NULL),
1366 ntohl(dd->dd_seqnum), nbr->dd_seqnum);
1367
d62a17ae 1368 /* Process DD packet by neighbor status. */
1369 switch (nbr->state) {
1370 case NSM_Down:
1371 case NSM_Attempt:
1372 case NSM_TwoWay:
96db9cd3
DS		 1373 if (CHECK_FLAG(oi->ospf->config, OSPF_LOG_ADJACENCY_DETAIL))
1374 zlog_info(
1375 "Packet[DD]: Neighbor %s state is %s, packet discarded.",
1376 inet_ntoa(nbr->router_id),
1377 lookup_msg(ospf_nsm_state_msg, nbr->state,
1378 NULL));
d62a17ae 1379 break;
1380 case NSM_Init:
1381 OSPF_NSM_EVENT_EXECUTE(nbr, NSM_TwoWayReceived);
1382 /* If the new state is ExStart, the processing of the current
1383 packet should then continue in this new state by falling
1384 through to case ExStart below. */
1385 if (nbr->state != NSM_ExStart)
1386 break;
1387 /* fallthru */
1388 case NSM_ExStart:
1389 /* Initial DBD */
1390 if ((IS_SET_DD_ALL(dd->flags) == OSPF_DD_FLAG_ALL)
1391 && (size == OSPF_DB_DESC_MIN_SIZE)) {
1392 if (IPV4_ADDR_CMP(&nbr->router_id, &oi->ospf->router_id)
1393 > 0) {
1394 /* We're Slave---obey */
05ba78e4
CS		 1395 if (CHECK_FLAG(oi->ospf->config,
1396 OSPF_LOG_ADJACENCY_DETAIL))
996c9314
LB		 1397 zlog_info(
1398 "Packet[DD]: Neighbor %s Negotiation done (Slave).",
1399 inet_ntoa(nbr->router_id));
05ba78e4 1400
d62a17ae 1401 nbr->dd_seqnum = ntohl(dd->dd_seqnum);
1402
1403 /* Reset I/MS */
1404 UNSET_FLAG(nbr->dd_flags,
1405 (OSPF_DD_FLAG_MS | OSPF_DD_FLAG_I));
1406 } else {
1407 /* We're Master, ignore the initial DBD from
1408 * Slave */
05ba78e4
CS		 1409 if (CHECK_FLAG(oi->ospf->config,
1410 OSPF_LOG_ADJACENCY_DETAIL))
1411 zlog_info(
1412 "Packet[DD]: Neighbor %s: Initial DBD from Slave, "
1413 "ignoring.",
1414 inet_ntoa(nbr->router_id));
d62a17ae 1415 break;
1416 }
1417 }
1418 /* Ack from the Slave */
1419 else if (!IS_SET_DD_MS(dd->flags) && !IS_SET_DD_I(dd->flags)
1420 && ntohl(dd->dd_seqnum) == nbr->dd_seqnum
1421 && IPV4_ADDR_CMP(&nbr->router_id, &oi->ospf->router_id)
1422 < 0) {
1423 zlog_info(
1424 "Packet[DD]: Neighbor %s Negotiation done (Master).",
1425 inet_ntoa(nbr->router_id));
1426 /* Reset I, leaving MS */
1427 UNSET_FLAG(nbr->dd_flags, OSPF_DD_FLAG_I);
1428 } else {
cf444bcf 1429 flog_warn(EC_OSPF_PACKET,
c9cc11f6 1430 "Packet[DD]: Neighbor %s Negotiation fails.",
d62a17ae 1431 inet_ntoa(nbr->router_id));
1432 break;
1433 }
1434
1435 /* This is where the real Options are saved */
1436 nbr->options = dd->options;
1437
1438 if (CHECK_FLAG(oi->ospf->config, OSPF_OPAQUE_CAPABLE)) {
1439 if (IS_DEBUG_OSPF_EVENT)
1440 zlog_debug(
1441 "Neighbor[%s] is %sOpaque-capable.",
1442 inet_ntoa(nbr->router_id),
1443 CHECK_FLAG(nbr->options, OSPF_OPTION_O)
1444 ? ""
1445 : "NOT ");
1446
1447 if (!CHECK_FLAG(nbr->options, OSPF_OPTION_O)
1448 && IPV4_ADDR_SAME(&DR(oi),
1449 &nbr->address.u.prefix4)) {
c9cc11f6 1450 flog_warn(
cf444bcf 1451 EC_OSPF_PACKET,
c9cc11f6 1452 "DR-neighbor[%s] is NOT opaque-capable; Opaque-LSAs cannot be reliably advertised in this network.",
d62a17ae 1453 inet_ntoa(nbr->router_id));
1454 /* This situation is undesirable, but not a real
1455 * error. */
1456 }
1457 }
1458
1459 OSPF_NSM_EVENT_EXECUTE(nbr, NSM_NegotiationDone);
1460
1461 /* continue processing rest of packet. */
1462 ospf_db_desc_proc(s, oi, nbr, dd, size);
1463 break;
1464 case NSM_Exchange:
1465 if (ospf_db_desc_is_dup(dd, nbr)) {
1466 if (IS_SET_DD_MS(nbr->dd_flags))
1467 /* Master: discard duplicated DD packet. */
1468 zlog_info(
1469 "Packet[DD] (Master): Neighbor %s packet duplicated.",
1470 inet_ntoa(nbr->router_id));
1471 else
1472 /* Slave: cause to retransmit the last Database
1473 Description. */
1474 {
1475 zlog_info(
1476 "Packet[DD] [Slave]: Neighbor %s packet duplicated.",
1477 inet_ntoa(nbr->router_id));
1478 ospf_db_desc_resend(nbr);
1479 }
1480 break;
1481 }
1482
1483 /* Otherwise DD packet should be checked. */
1484 /* Check Master/Slave bit mismatch */
1485 if (IS_SET_DD_MS(dd->flags)
1486 != IS_SET_DD_MS(nbr->last_recv.flags)) {
cf444bcf 1487 flog_warn(EC_OSPF_PACKET,
c9cc11f6 1488 "Packet[DD]: Neighbor %s MS-bit mismatch.",
d62a17ae 1489 inet_ntoa(nbr->router_id));
1490 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_SeqNumberMismatch);
1491 if (IS_DEBUG_OSPF_EVENT)
1492 zlog_debug(
1493 "Packet[DD]: dd->flags=%d, nbr->dd_flags=%d",
1494 dd->flags, nbr->dd_flags);
1495 break;
1496 }
1497
1498 /* Check initialize bit is set. */
1499 if (IS_SET_DD_I(dd->flags)) {
1500 zlog_info("Packet[DD]: Neighbor %s I-bit set.",
1501 inet_ntoa(nbr->router_id));
1502 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_SeqNumberMismatch);
1503 break;
1504 }
1505
1506 /* Check DD Options. */
1507 if (dd->options != nbr->options) {
cf444bcf 1508 flog_warn(EC_OSPF_PACKET,
c9cc11f6 1509 "Packet[DD]: Neighbor %s options mismatch.",
d62a17ae 1510 inet_ntoa(nbr->router_id));
1511 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_SeqNumberMismatch);
1512 break;
1513 }
718e3744 1514
d62a17ae 1515 /* Check DD sequence number. */
1516 if ((IS_SET_DD_MS(nbr->dd_flags)
1517 && ntohl(dd->dd_seqnum) != nbr->dd_seqnum)
1518 || (!IS_SET_DD_MS(nbr->dd_flags)
1519 && ntohl(dd->dd_seqnum) != nbr->dd_seqnum + 1)) {
c9cc11f6 1520 flog_warn(
cf444bcf 1521 EC_OSPF_PACKET,
d62a17ae 1522 "Packet[DD]: Neighbor %s sequence number mismatch.",
1523 inet_ntoa(nbr->router_id));
1524 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_SeqNumberMismatch);
1525 break;
1526 }
1527
1528 /* Continue processing rest of packet. */
1529 ospf_db_desc_proc(s, oi, nbr, dd, size);
1530 break;
1531 case NSM_Loading:
1532 case NSM_Full:
1533 if (ospf_db_desc_is_dup(dd, nbr)) {
1534 if (IS_SET_DD_MS(nbr->dd_flags)) {
1535 /* Master should discard duplicate DD packet. */
1536 zlog_info(
1537 "Packet[DD]: Neighbor %s duplicated, "
1538 "packet discarded.",
1539 inet_ntoa(nbr->router_id));
1540 break;
1541 } else {
1542 if (monotime_since(&nbr->last_send_ts, NULL)
1543 < nbr->v_inactivity * 1000000LL) {
1544 /* In states Loading and Full the slave
1545 must resend
1546 its last Database Description packet
1547 in response to
1548 duplicate Database Description
1549 packets received
1550 from the master. For this reason the
1551 slave must
1552 wait RouterDeadInterval seconds
1553 before freeing the
1554 last Database Description packet.
1555 Reception of a
1556 Database Description packet from the
1557 master after
1558 this interval will generate a
1559 SeqNumberMismatch
1560 neighbor event. RFC2328 Section 10.8
1561 */
1562 ospf_db_desc_resend(nbr);
1563 break;
1564 }
1565 }
718e3744 1566 }
718e3744 1567
d62a17ae 1568 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_SeqNumberMismatch);
1569 break;
1570 default:
cf444bcf 1571 flog_warn(EC_OSPF_PACKET,
c9cc11f6 1572 "Packet[DD]: Neighbor %s NSM illegal status %u.",
d62a17ae 1573 inet_ntoa(nbr->router_id), nbr->state);
1574 break;
1575 }
718e3744 1576}
1577
1578#define OSPF_LSA_KEY_SIZE 12 /* type(4) + id(4) + ar(4) */
1579
1580/* OSPF Link State Request Read -- RFC2328 Section 10.7. */
d62a17ae 1581static void ospf_ls_req(struct ip *iph, struct ospf_header *ospfh,
1582 struct stream *s, struct ospf_interface *oi,
d7c0a89a 1583 uint16_t size)
d62a17ae 1584{
1585 struct ospf_neighbor *nbr;
d7c0a89a 1586 uint32_t ls_type;
d62a17ae 1587 struct in_addr ls_id;
1588 struct in_addr adv_router;
1589 struct ospf_lsa *find;
1590 struct list *ls_upd;
1591 unsigned int length;
1592
1593 /* Increment statistics. */
1594 oi->ls_req_in++;
1595
1596 nbr = ospf_nbr_lookup(oi, iph, ospfh);
1597 if (nbr == NULL) {
cf444bcf 1598 flog_warn(EC_OSPF_PACKET,
c9cc11f6 1599 "Link State Request: Unknown Neighbor %s.",
d62a17ae 1600 inet_ntoa(ospfh->router_id));
1601 return;
718e3744 1602 }
1603
d62a17ae 1604 /* Add event to thread. */
1605 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_PacketReceived);
1606
1607 /* Neighbor State should be Exchange or later. */
1608 if (nbr->state != NSM_Exchange && nbr->state != NSM_Loading
1609 && nbr->state != NSM_Full) {
c9cc11f6 1610 flog_warn(
cf444bcf 1611 EC_OSPF_PACKET,
c9cc11f6 1612 "Link State Request received from %s: Neighbor state is %s, packet discarded.",
d62a17ae 1613 inet_ntoa(ospfh->router_id),
1614 lookup_msg(ospf_nsm_state_msg, nbr->state, NULL));
1615 return;
718e3744 1616 }
1617
d62a17ae 1618 /* Send Link State Update for ALL requested LSAs. */
1619 ls_upd = list_new();
1620 length = OSPF_HEADER_SIZE + OSPF_LS_UPD_MIN_SIZE;
1621
1622 while (size >= OSPF_LSA_KEY_SIZE) {
1623 /* Get one slice of Link State Request. */
1624 ls_type = stream_getl(s);
1625 ls_id.s_addr = stream_get_ipv4(s);
1626 adv_router.s_addr = stream_get_ipv4(s);
1627
1628 /* Verify LSA type. */
1629 if (ls_type < OSPF_MIN_LSA || ls_type >= OSPF_MAX_LSA) {
1630 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_BadLSReq);
6a154c88 1631 list_delete(&ls_upd);
d62a17ae 1632 return;
1633 }
718e3744 1634
d62a17ae 1635 /* Search proper LSA in LSDB. */
b5a8894d
CS		 1636 find = ospf_lsa_lookup(oi->ospf, oi->area, ls_type, ls_id,
1637 adv_router);
d62a17ae 1638 if (find == NULL) {
1639 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_BadLSReq);
6a154c88 1640 list_delete(&ls_upd);
d62a17ae 1641 return;
1642 }
718e3744 1643
d62a17ae 1644 /* Packet overflows MTU size, send immediately. */
1645 if (length + ntohs(find->data->length) > ospf_packet_max(oi)) {
1646 if (oi->type == OSPF_IFTYPE_NBMA)
1647 ospf_ls_upd_send(nbr, ls_upd,
046460a1 1648 OSPF_SEND_PACKET_DIRECT, 0);
d62a17ae 1649 else
1650 ospf_ls_upd_send(nbr, ls_upd,
046460a1 1651 OSPF_SEND_PACKET_INDIRECT, 0);
d62a17ae 1652
1653 /* Only remove list contents. Keep ls_upd. */
1654 list_delete_all_node(ls_upd);
718e3744 1655
d62a17ae 1656 length = OSPF_HEADER_SIZE + OSPF_LS_UPD_MIN_SIZE;
1657 }
1658
1659 /* Append LSA to update list. */
1660 listnode_add(ls_upd, find);
1661 length += ntohs(find->data->length);
718e3744 1662
d62a17ae 1663 size -= OSPF_LSA_KEY_SIZE;
1664 }
718e3744 1665
d62a17ae 1666 /* Send rest of Link State Update. */
1667 if (listcount(ls_upd) > 0) {
1668 if (oi->type == OSPF_IFTYPE_NBMA)
996c9314
LB		 1669 ospf_ls_upd_send(nbr, ls_upd, OSPF_SEND_PACKET_DIRECT,
1670 0);
d62a17ae 1671 else
996c9314
LB		 1672 ospf_ls_upd_send(nbr, ls_upd, OSPF_SEND_PACKET_INDIRECT,
1673 0);
718e3744 1674
6a154c88 1675 list_delete(&ls_upd);
d62a17ae 1676 } else
6a154c88 1677 list_delete(&ls_upd);
718e3744 1678}
1679
1680/* Get the list of LSAs from Link State Update packet.
1681 And process some validation -- RFC2328 Section 13. (1)-(2). */
d62a17ae 1682static struct list *ospf_ls_upd_list_lsa(struct ospf_neighbor *nbr,
1683 struct stream *s,
1684 struct ospf_interface *oi, size_t size)
1685{
d7c0a89a
QY		 1686 uint16_t count, sum;
1687 uint32_t length;
d62a17ae 1688 struct lsa_header *lsah;
1689 struct ospf_lsa *lsa;
1690 struct list *lsas;
1691
1692 lsas = list_new();
1693
1694 count = stream_getl(s);
1695 size -= OSPF_LS_UPD_MIN_SIZE; /* # LSAs */
1696
1697 for (; size >= OSPF_LSA_HEADER_SIZE && count > 0;
1698 size -= length, stream_forward_getp(s, length), count--) {
2d34fb80 1699 lsah = (struct lsa_header *)stream_pnt(s);
d62a17ae 1700 length = ntohs(lsah->length);
1701
1702 if (length > size) {
c9cc11f6 1703 flog_warn(
cf444bcf 1704 EC_OSPF_PACKET,
d62a17ae 1705 "Link State Update: LSA length exceeds packet size.");
1706 break;
1707 }
718e3744 1708
d62a17ae 1709 /* Validate the LSA's LS checksum. */
1710 sum = lsah->checksum;
1711 if (!ospf_lsa_checksum_valid(lsah)) {
1712 /* (bug #685) more details in a one-line message make it
1713 * possible
1714 * to identify problem source on the one hand and to
1715 * have a better
1716 * chance to compress repeated messages in syslog on the
1717 * other */
c9cc11f6 1718 flog_warn(
cf444bcf 1719 EC_OSPF_PACKET,
d62a17ae 1720 "Link State Update: LSA checksum error %x/%x, ID=%s from: nbr %s, router ID %s, adv router %s",
1721 sum, lsah->checksum, inet_ntoa(lsah->id),
1722 inet_ntoa(nbr->src), inet_ntoa(nbr->router_id),
1723 inet_ntoa(lsah->adv_router));
1724 continue;
1725 }
718e3744 1726
d62a17ae 1727 /* Examine the LSA's LS type. */
1728 if (lsah->type < OSPF_MIN_LSA || lsah->type >= OSPF_MAX_LSA) {
cf444bcf 1729 flog_warn(EC_OSPF_PACKET,
c9cc11f6 1730 "Link State Update: Unknown LS type %d",
d62a17ae 1731 lsah->type);
1732 continue;
1733 }
718e3744 1734
d62a17ae 1735 /*
1736 * What if the received LSA's age is greater than MaxAge?
1737 * Treat it as a MaxAge case -- endo.
1738 */
1739 if (ntohs(lsah->ls_age) > OSPF_LSA_MAXAGE)
1740 lsah->ls_age = htons(OSPF_LSA_MAXAGE);
718e3744 1741
d62a17ae 1742 if (CHECK_FLAG(nbr->options, OSPF_OPTION_O)) {
1743#ifdef STRICT_OBIT_USAGE_CHECK
1744 if ((IS_OPAQUE_LSA(lsah->type)
1745 && !CHECK_FLAG(lsah->options, OSPF_OPTION_O))
1746 || (!IS_OPAQUE_LSA(lsah->type)
1747 && CHECK_FLAG(lsah->options, OSPF_OPTION_O))) {
1748 /*
1749 * This neighbor must know the exact usage of
1750 * O-bit;
1751 * the bit will be set in Type-9,10,11 LSAs
1752 * only.
1753 */
cf444bcf 1754 flog_warn(EC_OSPF_PACKET,
c9cc11f6 1755 "LSA[Type%d:%s]: O-bit abuse?",
d62a17ae 1756 lsah->type, inet_ntoa(lsah->id));
1757 continue;
1758 }
1759#endif /* STRICT_OBIT_USAGE_CHECK */
718e3744 1760
d62a17ae 1761 /* Do not take in AS External Opaque-LSAs if we are a
1762 * stub. */
1763 if (lsah->type == OSPF_OPAQUE_AS_LSA
1764 && nbr->oi->area->external_routing
1765 != OSPF_AREA_DEFAULT) {
1766 if (IS_DEBUG_OSPF_EVENT)
1767 zlog_debug(
1768 "LSA[Type%d:%s]: We are a stub, don't take this LSA.",
1769 lsah->type,
1770 inet_ntoa(lsah->id));
1771 continue;
1772 }
1773 } else if (IS_OPAQUE_LSA(lsah->type)) {
cf444bcf 1774 flog_warn(EC_OSPF_PACKET,
c9cc11f6 1775 "LSA[Type%d:%s]: Opaque capability mismatch?",
d62a17ae 1776 lsah->type, inet_ntoa(lsah->id));
1777 continue;
1778 }
718e3744 1779
d62a17ae 1780 /* Create OSPF LSA instance. */
5b3d4186 1781 lsa = ospf_lsa_new_and_data(length);
d62a17ae 1782
b5a8894d 1783 lsa->vrf_id = oi->ospf->vrf_id;
d62a17ae 1784 /* We may wish to put some error checking if type NSSA comes in
1785 and area not in NSSA mode */
1786 switch (lsah->type) {
1787 case OSPF_AS_EXTERNAL_LSA:
1788 case OSPF_OPAQUE_AS_LSA:
1789 lsa->area = NULL;
1790 break;
1791 case OSPF_OPAQUE_LINK_LSA:
1792 lsa->oi = oi; /* Remember incoming interface for
1793 flooding control. */
1794 /* Fallthrough */
1795 default:
1796 lsa->area = oi->area;
1797 break;
1798 }
718e3744 1799
d62a17ae 1800 memcpy(lsa->data, lsah, length);
1801
1802 if (IS_DEBUG_OSPF_EVENT)
1803 zlog_debug(
1804 "LSA[Type%d:%s]: %p new LSA created with Link State Update",
1805 lsa->data->type, inet_ntoa(lsa->data->id),
1806 (void *)lsa);
1807 listnode_add(lsas, lsa);
1808 }
718e3744 1809
d62a17ae 1810 return lsas;
718e3744 1811}
1812
1813/* Cleanup Update list. */
d62a17ae 1814static void ospf_upd_list_clean(struct list *lsas)
718e3744 1815{
d62a17ae 1816 struct listnode *node, *nnode;
1817 struct ospf_lsa *lsa;
718e3744 1818
d62a17ae 1819 for (ALL_LIST_ELEMENTS(lsas, node, nnode, lsa))
1820 ospf_lsa_discard(lsa);
718e3744 1821
6a154c88 1822 list_delete(&lsas);
718e3744 1823}
1824
1825/* OSPF Link State Update message read -- RFC2328 Section 13. */
d62a17ae 1826static void ospf_ls_upd(struct ospf *ospf, struct ip *iph,
1827 struct ospf_header *ospfh, struct stream *s,
d7c0a89a 1828 struct ospf_interface *oi, uint16_t size)
d62a17ae 1829{
1830 struct ospf_neighbor *nbr;
1831 struct list *lsas;
1832 struct listnode *node, *nnode;
1833 struct ospf_lsa *lsa = NULL;
1834 /* unsigned long ls_req_found = 0; */
1835
1836 /* Dis-assemble the stream, update each entry, re-encapsulate for
1837 * flooding */
1838
1839 /* Increment statistics. */
1840 oi->ls_upd_in++;
1841
1842 /* Check neighbor. */
1843 nbr = ospf_nbr_lookup(oi, iph, ospfh);
1844 if (nbr == NULL) {
cf444bcf 1845 flog_warn(EC_OSPF_PACKET,
c9cc11f6 1846 "Link State Update: Unknown Neighbor %s on int: %s",
d62a17ae 1847 inet_ntoa(ospfh->router_id), IF_NAME(oi));
1848 return;
718e3744 1849 }
1850
d62a17ae 1851 /* Add event to thread. */
1852 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_PacketReceived);
1853
1854 /* Check neighbor state. */
1855 if (nbr->state < NSM_Exchange) {
1856 if (IS_DEBUG_OSPF(nsm, NSM_EVENTS))
1857 zlog_debug(
1858 "Link State Update: "
1859 "Neighbor[%s] state %s is less than Exchange",
1860 inet_ntoa(ospfh->router_id),
1861 lookup_msg(ospf_nsm_state_msg, nbr->state,
1862 NULL));
1863 return;
1864 }
718e3744 1865
d62a17ae 1866 /* Get list of LSAs from Link State Update packet. - Also perorms Stages
1867 * 1 (validate LSA checksum) and 2 (check for LSA consistent type)
1868 * of section 13.
1869 */
1870 lsas = ospf_ls_upd_list_lsa(nbr, s, oi, size);
1871
35955c14
CS		 1872 if (lsas == NULL)
1873 return;
d62a17ae 1874#define DISCARD_LSA(L, N) \
1875 { \
1876 if (IS_DEBUG_OSPF_EVENT) \
1877 zlog_debug( \
1878 "ospf_lsa_discard() in ospf_ls_upd() point %d: lsa %p" \
1879 " Type-%d", \
1880 N, (void *)lsa, (int)lsa->data->type); \
1881 ospf_lsa_discard(L); \
1882 continue; \
718e3744 1883 }
1884
d62a17ae 1885 /* Process each LSA received in the one packet.
1886 *
1887 * Numbers in parentheses, e.g. (1), (2), etc., and the corresponding
1888 * text below are from the steps in RFC 2328, Section 13.
1889 */
1890 for (ALL_LIST_ELEMENTS(lsas, node, nnode, lsa)) {
1891 struct ospf_lsa *ls_ret, *current;
1892 int ret = 1;
1893
1894 if (IS_DEBUG_OSPF_NSSA) {
1895 char buf1[INET_ADDRSTRLEN];
1896 char buf2[INET_ADDRSTRLEN];
1897 char buf3[INET_ADDRSTRLEN];
1898
1899 zlog_debug("LSA Type-%d from %s, ID: %s, ADV: %s",
1900 lsa->data->type,
1901 inet_ntop(AF_INET, &ospfh->router_id, buf1,
1902 INET_ADDRSTRLEN),
1903 inet_ntop(AF_INET, &lsa->data->id, buf2,
1904 INET_ADDRSTRLEN),
1905 inet_ntop(AF_INET, &lsa->data->adv_router,
1906 buf3, INET_ADDRSTRLEN));
1907 }
718e3744 1908
d62a17ae 1909 listnode_delete(lsas,
1910 lsa); /* We don't need it in list anymore */
1911
1912 /* (1) Validate Checksum - Done above by ospf_ls_upd_list_lsa()
1913 */
1914
1915 /* (2) LSA Type - Done above by ospf_ls_upd_list_lsa() */
1916
1917 /* (3) Do not take in AS External LSAs if we are a stub or NSSA.
1918 */
1919
1920 /* Do not take in AS NSSA if this neighbor and we are not NSSA
1921 */
1922
1923 /* Do take in Type-7's if we are an NSSA */
1924
1925 /* If we are also an ABR, later translate them to a Type-5
1926 * packet */
1927
1928 /* Later, an NSSA Re-fresh can Re-fresh Type-7's and an ABR will
1929 translate them to a separate Type-5 packet. */
1930
1931 if (lsa->data->type == OSPF_AS_EXTERNAL_LSA)
1932 /* Reject from STUB or NSSA */
1933 if (nbr->oi->area->external_routing
1934 != OSPF_AREA_DEFAULT) {
1935 if (IS_DEBUG_OSPF_NSSA)
1936 zlog_debug(
1937 "Incoming External LSA Discarded: We are NSSA/STUB Area");
1938 DISCARD_LSA(lsa, 1);
1939 }
1940
1941 if (lsa->data->type == OSPF_AS_NSSA_LSA)
1942 if (nbr->oi->area->external_routing != OSPF_AREA_NSSA) {
1943 if (IS_DEBUG_OSPF_NSSA)
1944 zlog_debug(
1945 "Incoming NSSA LSA Discarded: Not NSSA Area");
1946 DISCARD_LSA(lsa, 2);
1947 }
1948
1949 /* VU229804: Router-LSA Adv-ID must be equal to LS-ID */
1950 if (lsa->data->type == OSPF_ROUTER_LSA)
1951 if (!IPV4_ADDR_SAME(&lsa->data->id,
1952 &lsa->data->adv_router)) {
1953 char buf1[INET_ADDRSTRLEN];
1954 char buf2[INET_ADDRSTRLEN];
1955 char buf3[INET_ADDRSTRLEN];
1956
cf444bcf 1957 flog_err(EC_OSPF_ROUTER_LSA_MISMATCH,
1c50c1c0
QY		 1958 "Incoming Router-LSA from %s with "
1959 "Adv-ID[%s] != LS-ID[%s]",
1960 inet_ntop(AF_INET, &ospfh->router_id,
1961 buf1, INET_ADDRSTRLEN),
1962 inet_ntop(AF_INET, &lsa->data->id,
1963 buf2, INET_ADDRSTRLEN),
1964 inet_ntop(AF_INET,
1965 &lsa->data->adv_router, buf3,
1966 INET_ADDRSTRLEN));
af4c2728 1967 flog_err(
cf444bcf 1968 EC_OSPF_DOMAIN_CORRUPT,
d62a17ae 1969 "OSPF domain compromised by attack or corruption. "
1970 "Verify correct operation of -ALL- OSPF routers.");
1971 DISCARD_LSA(lsa, 0);
1972 }
1973
1974 /* Find the LSA in the current database. */
1975
1976 current = ospf_lsa_lookup_by_header(oi->area, lsa->data);
1977
1978 /* (4) If the LSA's LS age is equal to MaxAge, and there is
1979 currently
1980 no instance of the LSA in the router's link state database,
1981 and none of router's neighbors are in states Exchange or
1982 Loading,
1983 then take the following actions: */
1984
1985 if (IS_LSA_MAXAGE(lsa) && !current
1986 && ospf_check_nbr_status(oi->ospf)) {
1987 /* (4a) Response Link State Acknowledgment. */
1988 ospf_ls_ack_send(nbr, lsa);
1989
1990 /* (4b) Discard LSA. */
1991 if (IS_DEBUG_OSPF(lsa, LSA)) {
1992 zlog_debug(
1993 "Link State Update[%s]: LS age is equal to MaxAge.",
1994 dump_lsa_key(lsa));
1995 }
1996 DISCARD_LSA(lsa, 3);
1997 }
1998
1999 if (IS_OPAQUE_LSA(lsa->data->type)
2000 && IPV4_ADDR_SAME(&lsa->data->adv_router,
2001 &oi->ospf->router_id)) {
2002 /*
2003 * Even if initial flushing seems to be completed, there
2004 * might
2005 * be a case that self-originated LSA with MaxAge still
2006 * remain
2007 * in the routing domain.
2008 * Just send an LSAck message to cease retransmission.
2009 */
2010 if (IS_LSA_MAXAGE(lsa)) {
c9cc11f6 2011 zlog_info("LSA[%s]: Boomerang effect?",
d62a17ae 2012 dump_lsa_key(lsa));
2013 ospf_ls_ack_send(nbr, lsa);
2014 ospf_lsa_discard(lsa);
2015
2016 if (current != NULL && !IS_LSA_MAXAGE(current))
2017 ospf_opaque_lsa_refresh_schedule(
2018 current);
2019 continue;
2020 }
2021
2022 /*
2023 * If an instance of self-originated Opaque-LSA is not
2024 * found
2025 * in the LSDB, there are some possible cases here.
2026 *
2027 * 1) This node lost opaque-capability after restart.
2028 * 2) Else, a part of opaque-type is no more supported.
2029 * 3) Else, a part of opaque-id is no more supported.
2030 *
2031 * Anyway, it is still this node's responsibility to
2032 * flush it.
2033 * Otherwise, the LSA instance remains in the routing
2034 * domain
2035 * until its age reaches to MaxAge.
2036 */
2037 /* XXX: We should deal with this for *ALL* LSAs, not
2038 * just opaque */
2039 if (current == NULL) {
2040 if (IS_DEBUG_OSPF_EVENT)
2041 zlog_debug(
2042 "LSA[%s]: Previously originated Opaque-LSA,"
2043 "not found in the LSDB.",
2044 dump_lsa_key(lsa));
2045
2046 SET_FLAG(lsa->flags, OSPF_LSA_SELF);
2047
2048 ospf_opaque_self_originated_lsa_received(nbr,
2049 lsa);
2050 ospf_ls_ack_send(nbr, lsa);
2051
2052 continue;
2053 }
2054 }
2055
2056 /* It might be happen that received LSA is self-originated
2057 * network LSA, but
2058 * router ID is changed. So, we should check if LSA is a
2059 * network-LSA whose
2060 * Link State ID is one of the router's own IP interface
2061 * addresses but whose
2062 * Advertising Router is not equal to the router's own Router ID
2063 * According to RFC 2328 12.4.2 and 13.4 this LSA should be
2064 * flushed.
2065 */
2066
2067 if (lsa->data->type == OSPF_NETWORK_LSA) {
2068 struct listnode *oinode, *oinnode;
2069 struct ospf_interface *out_if;
2070 int Flag = 0;
2071
2072 for (ALL_LIST_ELEMENTS(oi->ospf->oiflist, oinode,
2073 oinnode, out_if)) {
2074 if (out_if == NULL)
2075 break;
2076
2077 if ((IPV4_ADDR_SAME(&out_if->address->u.prefix4,
2078 &lsa->data->id))
2079 && (!(IPV4_ADDR_SAME(
2080 &oi->ospf->router_id,
2081 &lsa->data->adv_router)))) {
2082 if (out_if->network_lsa_self) {
2083 ospf_lsa_flush_area(
2084 lsa, out_if->area);
2085 if (IS_DEBUG_OSPF_EVENT)
2086 zlog_debug(
2087 "ospf_lsa_discard() in ospf_ls_upd() point 9: lsa %p Type-%d",
2088 (void *)lsa,
2089 (int)lsa->data
2090 ->type);
2091 ospf_lsa_discard(lsa);
2092 Flag = 1;
2093 }
2094 break;
2095 }
2096 }
2097 if (Flag)
2098 continue;
2099 }
2100
2101 /* (5) Find the instance of this LSA that is currently contained
2102 in the router's link state database. If there is no
2103 database copy, or the received LSA is more recent than
2104 the database copy the following steps must be performed.
2105 (The sub steps from RFC 2328 section 13 step (5) will be
2106 performed in
2107 ospf_flood() ) */
2108
2109 if (current == NULL
2110 || (ret = ospf_lsa_more_recent(current, lsa)) < 0) {
76c1efd7
CS		 2111 /* CVE-2017-3224 */
2112 if (current && (lsa->data->ls_seqnum ==
2113 htonl(OSPF_MAX_SEQUENCE_NUMBER)
2114 && !IS_LSA_MAXAGE(lsa))) {
2115 zlog_debug(
2116 "Link State Update[%s]: has Max Seq but not MaxAge. Dropping it",
2117 dump_lsa_key(lsa));
2118
2119 DISCARD_LSA(lsa, 4);
76c1efd7
CS		 2120 }
2121
d62a17ae 2122 /* Actual flooding procedure. */
2123 if (ospf_flood(oi->ospf, nbr, current, lsa)
2124 < 0) /* Trap NSSA later. */
76c1efd7 2125 DISCARD_LSA(lsa, 5);
d62a17ae 2126 continue;
2127 }
2128
2129 /* (6) Else, If there is an instance of the LSA on the sending
2130 neighbor's Link state request list, an error has occurred in
2131 the Database Exchange process. In this case, restart the
2132 Database Exchange process by generating the neighbor event
2133 BadLSReq for the sending neighbor and stop processing the
2134 Link State Update packet. */
2135
2136 if (ospf_ls_request_lookup(nbr, lsa)) {
2137 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_BadLSReq);
c9cc11f6 2138 flog_warn(
cf444bcf 2139 EC_OSPF_PACKET,
d62a17ae 2140 "LSA[%s] instance exists on Link state request list",
2141 dump_lsa_key(lsa));
2142
2143 /* Clean list of LSAs. */
2144 ospf_upd_list_clean(lsas);
2145 /* this lsa is not on lsas list already. */
2146 ospf_lsa_discard(lsa);
2147 return;
2148 }
2149
2150 /* If the received LSA is the same instance as the database copy
2151 (i.e., neither one is more recent) the following two steps
2152 should be performed: */
2153
2154 if (ret == 0) {
2155 /* If the LSA is listed in the Link state retransmission
2156 list
2157 for the receiving adjacency, the router itself is
2158 expecting
2159 an acknowledgment for this LSA. The router should
2160 treat the
2161 received LSA as an acknowledgment by removing the LSA
2162 from
2163 the Link state retransmission list. This is termed
2164 an
2165 "implied acknowledgment". */
2166
2167 ls_ret = ospf_ls_retransmit_lookup(nbr, lsa);
2168
2169 if (ls_ret != NULL) {
2170 ospf_ls_retransmit_delete(nbr, ls_ret);
2171
2172 /* Delayed acknowledgment sent if advertisement
2173 received
2174 from Designated Router, otherwise do nothing.
2175 */
2176 if (oi->state == ISM_Backup)
2177 if (NBR_IS_DR(nbr))
2178 listnode_add(
2179 oi->ls_ack,
2180 ospf_lsa_lock(lsa));
2181
76c1efd7 2182 DISCARD_LSA(lsa, 6);
d62a17ae 2183 } else
2184 /* Acknowledge the receipt of the LSA by sending a
2185 Link State Acknowledgment packet back out the
2186 receiving
2187 interface. */
2188 {
2189 ospf_ls_ack_send(nbr, lsa);
76c1efd7 2190 DISCARD_LSA(lsa, 7);
d62a17ae 2191 }
2192 }
2193
2194 /* The database copy is more recent. If the database copy
2195 has LS age equal to MaxAge and LS sequence number equal to
2196 MaxSequenceNumber, simply discard the received LSA without
2197 acknowledging it. (In this case, the LSA's LS sequence number
2198 is
2199 wrapping, and the MaxSequenceNumber LSA must be completely
2200 flushed before any new LSA instance can be introduced). */
2201
2202 else if (ret > 0) /* Database copy is more recent */
2203 {
2204 if (IS_LSA_MAXAGE(current)
2205 && current->data->ls_seqnum
2206 == htonl(OSPF_MAX_SEQUENCE_NUMBER)) {
76c1efd7 2207 DISCARD_LSA(lsa, 8);
d62a17ae 2208 }
2209 /* Otherwise, as long as the database copy has not been
2210 sent in a
2211 Link State Update within the last MinLSArrival
2212 seconds, send the
2213 database copy back to the sending neighbor,
2214 encapsulated within
2215 a Link State Update Packet. The Link State Update
2216 Packet should
2217 be sent directly to the neighbor. In so doing, do not
2218 put the
2219 database copy of the LSA on the neighbor's link state
2220 retransmission list, and do not acknowledge the
2221 received (less
2222 recent) LSA instance. */
2223 else {
2224 if (monotime_since(&current->tv_orig, NULL)
2225 >= ospf->min_ls_arrival * 1000LL)
2226 /* Trap NSSA type later.*/
2227 ospf_ls_upd_send_lsa(
2228 nbr, current,
2229 OSPF_SEND_PACKET_DIRECT);
76c1efd7 2230 DISCARD_LSA(lsa, 9);
d62a17ae 2231 }
2232 }
2233 }
2cd754de
PJ		 2234#undef DISCARD_LSA
2235
d62a17ae 2236 assert(listcount(lsas) == 0);
6a154c88 2237 list_delete(&lsas);
718e3744 2238}
2239
2240/* OSPF Link State Acknowledgment message read -- RFC2328 Section 13.7. */
d62a17ae 2241static void ospf_ls_ack(struct ip *iph, struct ospf_header *ospfh,
2242 struct stream *s, struct ospf_interface *oi,
d7c0a89a 2243 uint16_t size)
d62a17ae 2244{
2245 struct ospf_neighbor *nbr;
2246
2247 /* increment statistics. */
2248 oi->ls_ack_in++;
2249
2250 nbr = ospf_nbr_lookup(oi, iph, ospfh);
2251 if (nbr == NULL) {
cf444bcf 2252 flog_warn(EC_OSPF_PACKET,
c9cc11f6 2253 "Link State Acknowledgment: Unknown Neighbor %s.",
d62a17ae 2254 inet_ntoa(ospfh->router_id));
2255 return;
2256 }
2257
2258 /* Add event to thread. */
2259 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_PacketReceived);
2260
2261 if (nbr->state < NSM_Exchange) {
2262 if (IS_DEBUG_OSPF(nsm, NSM_EVENTS))
2263 zlog_debug(
2264 "Link State Acknowledgment: "
2265 "Neighbor[%s] state %s is less than Exchange",
2266 inet_ntoa(ospfh->router_id),
2267 lookup_msg(ospf_nsm_state_msg, nbr->state,
2268 NULL));
2269 return;
2270 }
2271
2272 while (size >= OSPF_LSA_HEADER_SIZE) {
2273 struct ospf_lsa *lsa, *lsr;
2274
2275 lsa = ospf_lsa_new();
2d34fb80 2276 lsa->data = (struct lsa_header *)stream_pnt(s);
b5a8894d 2277 lsa->vrf_id = oi->ospf->vrf_id;
d62a17ae 2278
2d34fb80 2279 /* lsah = (struct lsa_header *) stream_pnt (s); */
d62a17ae 2280 size -= OSPF_LSA_HEADER_SIZE;
2281 stream_forward_getp(s, OSPF_LSA_HEADER_SIZE);
2282
2283 if (lsa->data->type < OSPF_MIN_LSA
2284 || lsa->data->type >= OSPF_MAX_LSA) {
2285 lsa->data = NULL;
2286 ospf_lsa_discard(lsa);
2287 continue;
2288 }
2289
2290 lsr = ospf_ls_retransmit_lookup(nbr, lsa);
2291
2292 if (lsr != NULL && ospf_lsa_more_recent(lsr, lsa) == 0)
2293 ospf_ls_retransmit_delete(nbr, lsr);
2294
2295 lsa->data = NULL;
2296 ospf_lsa_discard(lsa);
2297 }
2298
2299 return;
2300}
2301
b5a8894d
CS		 2302static struct stream *ospf_recv_packet(struct ospf *ospf, int fd,
2303 struct interface **ifp,
d62a17ae 2304 struct stream *ibuf)
2305{
2306 int ret;
2307 struct ip *iph;
d7c0a89a 2308 uint16_t ip_len;
d62a17ae 2309 ifindex_t ifindex = 0;
2310 struct iovec iov;
2311 /* Header and data both require alignment. */
2312 char buff[CMSG_SPACE(SOPT_SIZE_CMSG_IFINDEX_IPV4())];
2313 struct msghdr msgh;
2314
2315 memset(&msgh, 0, sizeof(struct msghdr));
2316 msgh.msg_iov = &iov;
2317 msgh.msg_iovlen = 1;
2318 msgh.msg_control = (caddr_t)buff;
2319 msgh.msg_controllen = sizeof(buff);
2320
2321 ret = stream_recvmsg(ibuf, fd, &msgh, 0, OSPF_MAX_PACKET_SIZE + 1);
2322 if (ret < 0) {
cf444bcf 2323 flog_warn(EC_OSPF_PACKET, "stream_recvmsg failed: %s",
c9cc11f6 2324 safe_strerror(errno));
d62a17ae 2325 return NULL;
2326 }
2327 if ((unsigned int)ret < sizeof(iph)) /* ret must be > 0 now */
718e3744 2328 {
c9cc11f6 2329 flog_warn(
cf444bcf 2330 EC_OSPF_PACKET,
d62a17ae 2331 "ospf_recv_packet: discarding runt packet of length %d "
2332 "(ip header size is %u)",
d7c0a89a 2333 ret, (unsigned int)sizeof(iph));
d62a17ae 2334 return NULL;
2335 }
2336
2337 /* Note that there should not be alignment problems with this assignment
2338 because this is at the beginning of the stream data buffer. */
2339 iph = (struct ip *)STREAM_DATA(ibuf);
2340 sockopt_iphdrincl_swab_systoh(iph);
2341
2342 ip_len = iph->ip_len;
2343
de5ccb96 2344#if !defined(GNU_LINUX) && (OpenBSD < 200311) && (__FreeBSD_version < 1000000)
d62a17ae 2345 /*
2346 * Kernel network code touches incoming IP header parameters,
2347 * before protocol specific processing.
2348 *
2349 * 1) Convert byteorder to host representation.
2350 * --> ip_len, ip_id, ip_off
2351 *
2352 * 2) Adjust ip_len to strip IP header size!
2353 * --> If user process receives entire IP packet via RAW
2354 * socket, it must consider adding IP header size to
2355 * the "ip_len" field of "ip" structure.
2356 *
2357 * For more details, see <netinet/ip_input.c>.
2358 */
2359 ip_len = ip_len + (iph->ip_hl << 2);
718e3744 2360#endif
d62a17ae 2361
0150c9c9 2362#if defined(__DragonFly__)
d62a17ae 2363 /*
2364 * in DragonFly's raw socket, ip_len/ip_off are read
2365 * in network byte order.
2366 * As OpenBSD < 200311 adjust ip_len to strip IP header size!
2367 */
2368 ip_len = ntohs(iph->ip_len) + (iph->ip_hl << 2);
0150c9c9
DB		 2369#endif
2370
d62a17ae 2371 ifindex = getsockopt_ifindex(AF_INET, &msgh);
2372
b5a8894d 2373 *ifp = if_lookup_by_index(ifindex, ospf->vrf_id);
d62a17ae 2374
2375 if (ret != ip_len) {
c9cc11f6 2376 flog_warn(
cf444bcf 2377 EC_OSPF_PACKET,
d62a17ae 2378 "ospf_recv_packet read length mismatch: ip_len is %d, "
2379 "but recvmsg returned %d",
2380 ip_len, ret);
2381 return NULL;
2382 }
718e3744 2383
868a0861
DS		 2384 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2385 zlog_debug("%s: fd %d(%s) on interface %d(%s)",
2386 __PRETTY_FUNCTION__, fd, ospf_get_name(ospf),
2387 ifindex, *ifp ? (*ifp)->name : "Unknown");
d62a17ae 2388 return ibuf;
718e3744 2389}
2390
4dadc291 2391static struct ospf_interface *
d62a17ae 2392ospf_associate_packet_vl(struct ospf *ospf, struct interface *ifp,
2393 struct ip *iph, struct ospf_header *ospfh)
2394{
2395 struct ospf_interface *rcv_oi;
2396 struct ospf_vl_data *vl_data;
2397 struct ospf_area *vl_area;
2398 struct listnode *node;
2399
2400 if (IN_MULTICAST(ntohl(iph->ip_dst.s_addr))
2401 || !OSPF_IS_AREA_BACKBONE(ospfh))
2402 return NULL;
2403
2404 /* look for local OSPF interface matching the destination
2405 * to determine Area ID. We presume therefore the destination address
2406 * is unique, or at least (for "unnumbered" links), not used in other
2407 * areas
2408 */
2409 if ((rcv_oi = ospf_if_lookup_by_local_addr(ospf, NULL, iph->ip_dst))
2410 == NULL)
2411 return NULL;
2412
2413 for (ALL_LIST_ELEMENTS_RO(ospf->vlinks, node, vl_data)) {
2414 vl_area =
2415 ospf_area_lookup_by_area_id(ospf, vl_data->vl_area_id);
2416 if (!vl_area)
2417 continue;
2418
2419 if (OSPF_AREA_SAME(&vl_area, &rcv_oi->area)
2420 && IPV4_ADDR_SAME(&vl_data->vl_peer, &ospfh->router_id)) {
2421 if (IS_DEBUG_OSPF_EVENT)
2422 zlog_debug("associating packet with %s",
2423 IF_NAME(vl_data->vl_oi));
2424 if (!CHECK_FLAG(vl_data->vl_oi->ifp->flags, IFF_UP)) {
2425 if (IS_DEBUG_OSPF_EVENT)
2426 zlog_debug(
2427 "This VL is not up yet, sorry");
2428 return NULL;
2429 }
2430
2431 return vl_data->vl_oi;
2432 }
718e3744 2433 }
718e3744 2434
d62a17ae 2435 if (IS_DEBUG_OSPF_EVENT)
2436 zlog_debug("couldn't find any VL to associate the packet with");
2437
2438 return NULL;
718e3744 2439}
2440
d62a17ae 2441static int ospf_check_area_id(struct ospf_interface *oi,
2442 struct ospf_header *ospfh)
718e3744 2443{
d62a17ae 2444 /* Check match the Area ID of the receiving interface. */
2445 if (OSPF_AREA_SAME(&oi->area, &ospfh))
2446 return 1;
718e3744 2447
d62a17ae 2448 return 0;
718e3744 2449}
2450
2451/* Unbound socket will accept any Raw IP packets if proto is matched.
2452 To prevent it, compare src IP address and i/f address with masking
2453 i/f network mask. */
d62a17ae 2454static int ospf_check_network_mask(struct ospf_interface *oi,
2455 struct in_addr ip_src)
718e3744 2456{
d62a17ae 2457 struct in_addr mask, me, him;
718e3744 2458
d62a17ae 2459 if (oi->type == OSPF_IFTYPE_POINTOPOINT
2460 || oi->type == OSPF_IFTYPE_VIRTUALLINK)
2461 return 1;
718e3744 2462
d62a17ae 2463 masklen2ip(oi->address->prefixlen, &mask);
718e3744 2464
d62a17ae 2465 me.s_addr = oi->address->u.prefix4.s_addr & mask.s_addr;
2466 him.s_addr = ip_src.s_addr & mask.s_addr;
718e3744 2467
d62a17ae 2468 if (IPV4_ADDR_SAME(&me, &him))
2469 return 1;
718e3744 2470
d62a17ae 2471 return 0;
718e3744 2472}
2473
bd5651f0
DO		 2474/* Return 1, if the packet is properly authenticated and checksummed,
2475 0 otherwise. In particular, check that AuType header field is valid and
2476 matches the locally configured AuType, and that D.5 requirements are met. */
d62a17ae 2477static int ospf_check_auth(struct ospf_interface *oi, struct ospf_header *ospfh)
2478{
2479 struct crypt_key *ck;
d7c0a89a
QY		 2480 uint16_t iface_auth_type;
2481 uint16_t pkt_auth_type = ntohs(ospfh->auth_type);
d62a17ae 2482
2483 switch (pkt_auth_type) {
2484 case OSPF_AUTH_NULL: /* RFC2328 D.5.1 */
2485 if (OSPF_AUTH_NULL != (iface_auth_type = ospf_auth_type(oi))) {
2486 if (IS_DEBUG_OSPF_PACKET(ospfh->type - 1, RECV))
c9cc11f6 2487 flog_warn(
cf444bcf 2488 EC_OSPF_PACKET,
d62a17ae 2489 "interface %s: auth-type mismatch, local %s, rcvd Null",
2490 IF_NAME(oi),
2491 lookup_msg(ospf_auth_type_str,
2492 iface_auth_type, NULL));
2493 return 0;
2494 }
2495 if (!ospf_check_sum(ospfh)) {
2496 if (IS_DEBUG_OSPF_PACKET(ospfh->type - 1, RECV))
c9cc11f6 2497 flog_warn(
cf444bcf 2498 EC_OSPF_PACKET,
d62a17ae 2499 "interface %s: Null auth OK, but checksum error, Router-ID %s",
2500 IF_NAME(oi),
2501 inet_ntoa(ospfh->router_id));
2502 return 0;
2503 }
2504 return 1;
2505 case OSPF_AUTH_SIMPLE: /* RFC2328 D.5.2 */
2506 if (OSPF_AUTH_SIMPLE
2507 != (iface_auth_type = ospf_auth_type(oi))) {
2508 if (IS_DEBUG_OSPF_PACKET(ospfh->type - 1, RECV))
c9cc11f6 2509 flog_warn(
cf444bcf 2510 EC_OSPF_PACKET,
d62a17ae 2511 "interface %s: auth-type mismatch, local %s, rcvd Simple",
2512 IF_NAME(oi),
2513 lookup_msg(ospf_auth_type_str,
2514 iface_auth_type, NULL));
2515 return 0;
2516 }
2517 if (memcmp(OSPF_IF_PARAM(oi, auth_simple), ospfh->u.auth_data,
2518 OSPF_AUTH_SIMPLE_SIZE)) {
2519 if (IS_DEBUG_OSPF_PACKET(ospfh->type - 1, RECV))
cf444bcf 2520 flog_warn(EC_OSPF_PACKET,
c9cc11f6 2521 "interface %s: Simple auth failed",
d62a17ae 2522 IF_NAME(oi));
2523 return 0;
2524 }
2525 if (!ospf_check_sum(ospfh)) {
2526 if (IS_DEBUG_OSPF_PACKET(ospfh->type - 1, RECV))
c9cc11f6 2527 flog_warn(
cf444bcf 2528 EC_OSPF_PACKET,
d62a17ae 2529 "interface %s: Simple auth OK, checksum error, Router-ID %s",
2530 IF_NAME(oi),
2531 inet_ntoa(ospfh->router_id));
2532 return 0;
2533 }
2534 return 1;
2535 case OSPF_AUTH_CRYPTOGRAPHIC: /* RFC2328 D.5.3 */
2536 if (OSPF_AUTH_CRYPTOGRAPHIC
2537 != (iface_auth_type = ospf_auth_type(oi))) {
2538 if (IS_DEBUG_OSPF_PACKET(ospfh->type - 1, RECV))
c9cc11f6 2539 flog_warn(
cf444bcf 2540 EC_OSPF_PACKET,
d62a17ae 2541 "interface %s: auth-type mismatch, local %s, rcvd Cryptographic",
2542 IF_NAME(oi),
2543 lookup_msg(ospf_auth_type_str,
2544 iface_auth_type, NULL));
2545 return 0;
2546 }
2547 if (ospfh->checksum) {
2548 if (IS_DEBUG_OSPF_PACKET(ospfh->type - 1, RECV))
c9cc11f6 2549 flog_warn(
cf444bcf 2550 EC_OSPF_PACKET,
d62a17ae 2551 "interface %s: OSPF header checksum is not 0",
2552 IF_NAME(oi));
2553 return 0;
2554 }
2555 /* only MD5 crypto method can pass ospf_packet_examin() */
996c9314
LB		 2556 if (NULL == (ck = listgetdata(
2557 listtail(OSPF_IF_PARAM(oi, auth_crypt))))
2558 || ospfh->u.crypt.key_id != ck->key_id ||
2559 /* Condition above uses the last key ID on the list,
2560 which is
2561 different from what ospf_crypt_key_lookup() does. A
2562 bug? */
2563 !ospf_check_md5_digest(oi, ospfh)) {
d62a17ae 2564 if (IS_DEBUG_OSPF_PACKET(ospfh->type - 1, RECV))
cf444bcf 2565 flog_warn(EC_OSPF_MD5,
c9cc11f6 2566 "interface %s: MD5 auth failed",
d62a17ae 2567 IF_NAME(oi));
2568 return 0;
2569 }
2570 return 1;
2571 default:
2572 if (IS_DEBUG_OSPF_PACKET(ospfh->type - 1, RECV))
c9cc11f6 2573 flog_warn(
cf444bcf 2574 EC_OSPF_PACKET,
d62a17ae 2575 "interface %s: invalid packet auth-type (%02x)",
2576 IF_NAME(oi), pkt_auth_type);
2577 return 0;
2578 }
2579}
2580
2581static int ospf_check_sum(struct ospf_header *ospfh)
2582{
d7c0a89a
QY		 2583 uint32_t ret;
2584 uint16_t sum;
d62a17ae 2585
2586 /* clear auth_data for checksum. */
2587 memset(ospfh->u.auth_data, 0, OSPF_AUTH_SIMPLE_SIZE);
2588
2589 /* keep checksum and clear. */
2590 sum = ospfh->checksum;
d7c0a89a 2591 memset(&ospfh->checksum, 0, sizeof(uint16_t));
d62a17ae 2592
2593 /* calculate checksum. */
2594 ret = in_cksum(ospfh, ntohs(ospfh->length));
2595
2596 if (ret != sum) {
2597 zlog_info("ospf_check_sum(): checksum mismatch, my %X, his %X",
2598 ret, sum);
2599 return 0;
2600 }
2601
2602 return 1;
718e3744 2603}
2604
4e31de79
DO		 2605/* Verify, that given link/TOS records are properly sized/aligned and match
2606 Router-LSA "# links" and "# TOS" fields as specified in RFC2328 A.4.2. */
d62a17ae 2607static unsigned ospf_router_lsa_links_examin(struct router_lsa_link *link,
d7c0a89a
QY		 2608 uint16_t linkbytes,
2609 const uint16_t num_links)
d62a17ae 2610{
2611 unsigned counted_links = 0, thislinklen;
2612
2613 while (linkbytes) {
2614 thislinklen =
2615 OSPF_ROUTER_LSA_LINK_SIZE + 4 * link->m[0].tos_count;
2616 if (thislinklen > linkbytes) {
2617 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2618 zlog_debug("%s: length error in link block #%u",
2619 __func__, counted_links);
2620 return MSG_NG;
2621 }
2622 link = (struct router_lsa_link *)((caddr_t)link + thislinklen);
2623 linkbytes -= thislinklen;
2624 counted_links++;
2625 }
2626 if (counted_links != num_links) {
2627 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2628 zlog_debug("%s: %u link blocks declared, %u present",
2629 __func__, num_links, counted_links);
2630 return MSG_NG;
2631 }
2632 return MSG_OK;
4e31de79
DO		 2633}
2634
2635/* Verify, that the given LSA is properly sized/aligned (including type-specific
2636 minimum length constraint). */
d7c0a89a
QY		 2637static unsigned ospf_lsa_examin(struct lsa_header *lsah, const uint16_t lsalen,
2638 const uint8_t headeronly)
d62a17ae 2639{
2640 unsigned ret;
2641 struct router_lsa *rlsa;
2642 if (lsah->type < OSPF_MAX_LSA && ospf_lsa_minlen[lsah->type]
2643 && lsalen < OSPF_LSA_HEADER_SIZE + ospf_lsa_minlen[lsah->type]) {
2644 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2645 zlog_debug("%s: undersized (%u B) %s", __func__, lsalen,
2646 lookup_msg(ospf_lsa_type_msg, lsah->type,
2647 NULL));
2648 return MSG_NG;
2649 }
2650 switch (lsah->type) {
2651 case OSPF_ROUTER_LSA:
2652 /* RFC2328 A.4.2, LSA header + 4 bytes followed by N>=1
2653 * (12+)-byte link blocks */
2654 if (headeronly) {
2655 ret = (lsalen - OSPF_LSA_HEADER_SIZE
2656 - OSPF_ROUTER_LSA_MIN_SIZE)
2657 % 4
2658 ? MSG_NG
2659 : MSG_OK;
2660 break;
2661 }
2662 rlsa = (struct router_lsa *)lsah;
2663 ret = ospf_router_lsa_links_examin(
2664 (struct router_lsa_link *)rlsa->link,
2665 lsalen - OSPF_LSA_HEADER_SIZE - 4, /* skip: basic
2666 header, "flags",
2667 0, "# links" */
2668 ntohs(rlsa->links) /* 16 bits */
9d303b37 2669 );
d62a17ae 2670 break;
2671 case OSPF_AS_EXTERNAL_LSA:
2672 /* RFC2328 A.4.5, LSA header + 4 bytes followed by N>=1 12-bytes long
2673 * blocks */
2674 case OSPF_AS_NSSA_LSA:
2675 /* RFC3101 C, idem */
2676 ret = (lsalen - OSPF_LSA_HEADER_SIZE
2677 - OSPF_AS_EXTERNAL_LSA_MIN_SIZE)
2678 % 12
2679 ? MSG_NG
2680 : MSG_OK;
2681 break;
2682 /* Following LSA types are considered OK length-wise as soon as their
2683 * minimum
2684 * length constraint is met and length of the whole LSA is a multiple of
2685 * 4
2686 * (basic LSA header size is already a multiple of 4). */
2687 case OSPF_NETWORK_LSA:
2688 /* RFC2328 A.4.3, LSA header + 4 bytes followed by N>=1 router-IDs */
2689 case OSPF_SUMMARY_LSA:
2690 case OSPF_ASBR_SUMMARY_LSA:
2691 /* RFC2328 A.4.4, LSA header + 4 bytes followed by N>=1 4-bytes TOS
2692 * blocks */
2693 case OSPF_OPAQUE_LINK_LSA:
2694 case OSPF_OPAQUE_AREA_LSA:
2695 case OSPF_OPAQUE_AS_LSA:
2696 /* RFC5250 A.2, "some number of octets (of application-specific
2697 * data) padded to 32-bit alignment." This is considered
2698 * equivalent
2699 * to 4-byte alignment of all other LSA types, see
2700 * OSPF-ALIGNMENT.txt
2701 * file for the detailed analysis of this passage. */
2702 ret = lsalen % 4 ? MSG_NG : MSG_OK;
2703 break;
2704 default:
2705 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2706 zlog_debug("%s: unsupported LSA type 0x%02x", __func__,
2707 lsah->type);
2708 return MSG_NG;
2709 }
2710 if (ret != MSG_OK && IS_DEBUG_OSPF_PACKET(0, RECV))
2711 zlog_debug("%s: alignment error in %s", __func__,
2712 lookup_msg(ospf_lsa_type_msg, lsah->type, NULL));
2713 return ret;
4e31de79
DO		 2714}
2715
2716/* Verify if the provided input buffer is a valid sequence of LSAs. This
2717 includes verification of LSA blocks length/alignment and dispatching
2718 of deeper-level checks. */
2719static unsigned
d62a17ae 2720ospf_lsaseq_examin(struct lsa_header *lsah, /* start of buffered data */
d7c0a89a 2721 size_t length, const uint8_t headeronly,
d62a17ae 2722 /* When declared_num_lsas is not 0, compare it to the real
2723 number of LSAs
2724 and treat the difference as an error. */
d7c0a89a 2725 const uint32_t declared_num_lsas)
d62a17ae 2726{
d7c0a89a 2727 uint32_t counted_lsas = 0;
d62a17ae 2728
2729 while (length) {
d7c0a89a 2730 uint16_t lsalen;
d62a17ae 2731 if (length < OSPF_LSA_HEADER_SIZE) {
2732 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2733 zlog_debug(
2734 "%s: undersized (%zu B) trailing (#%u) LSA header",
2735 __func__, length, counted_lsas);
2736 return MSG_NG;
2737 }
2738 /* save on ntohs() calls here and in the LSA validator */
2739 lsalen = ntohs(lsah->length);
2740 if (lsalen < OSPF_LSA_HEADER_SIZE) {
2741 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2742 zlog_debug(
2743 "%s: malformed LSA header #%u, declared length is %u B",
2744 __func__, counted_lsas, lsalen);
2745 return MSG_NG;
2746 }
2747 if (headeronly) {
2748 /* less checks here and in ospf_lsa_examin() */
2749 if (MSG_OK != ospf_lsa_examin(lsah, lsalen, 1)) {
2750 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2751 zlog_debug(
2752 "%s: malformed header-only LSA #%u",
2753 __func__, counted_lsas);
2754 return MSG_NG;
2755 }
2756 lsah = (struct lsa_header *)((caddr_t)lsah
2757 + OSPF_LSA_HEADER_SIZE);
2758 length -= OSPF_LSA_HEADER_SIZE;
2759 } else {
2760 /* make sure the input buffer is deep enough before
2761 * further checks */
2762 if (lsalen > length) {
2763 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2764 zlog_debug(
2765 "%s: anomaly in LSA #%u: declared length is %u B, buffered length is %zu B",
2766 __func__, counted_lsas, lsalen,
2767 length);
2768 return MSG_NG;
2769 }
2770 if (MSG_OK != ospf_lsa_examin(lsah, lsalen, 0)) {
2771 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2772 zlog_debug("%s: malformed LSA #%u",
2773 __func__, counted_lsas);
2774 return MSG_NG;
2775 }
2776 lsah = (struct lsa_header *)((caddr_t)lsah + lsalen);
2777 length -= lsalen;
2778 }
2779 counted_lsas++;
2780 }
2781
2782 if (declared_num_lsas && counted_lsas != declared_num_lsas) {
2783 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2784 zlog_debug(
2785 "%s: #LSAs declared (%u) does not match actual (%u)",
2786 __func__, declared_num_lsas, counted_lsas);
2787 return MSG_NG;
2788 }
2789 return MSG_OK;
4e31de79
DO		 2790}
2791
75c8eabb 2792/* Verify a complete OSPF packet for proper sizing/alignment. */
d62a17ae 2793static unsigned ospf_packet_examin(struct ospf_header *oh,
2794 const unsigned bytesonwire)
2795{
d7c0a89a 2796 uint16_t bytesdeclared, bytesauth;
d62a17ae 2797 unsigned ret;
2798 struct ospf_ls_update *lsupd;
2799
2800 /* Length, 1st approximation. */
2801 if (bytesonwire < OSPF_HEADER_SIZE) {
2802 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2803 zlog_debug("%s: undersized (%u B) packet", __func__,
2804 bytesonwire);
2805 return MSG_NG;
2806 }
2807 /* Now it is safe to access header fields. Performing length check,
2808 * allow
2809 * for possible extra bytes of crypto auth/padding, which are not
2810 * counted
2811 * in the OSPF header "length" field. */
2812 if (oh->version != OSPF_VERSION) {
2813 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2814 zlog_debug("%s: invalid (%u) protocol version",
2815 __func__, oh->version);
2816 return MSG_NG;
2817 }
2818 bytesdeclared = ntohs(oh->length);
2819 if (ntohs(oh->auth_type) != OSPF_AUTH_CRYPTOGRAPHIC)
2820 bytesauth = 0;
2821 else {
2822 if (oh->u.crypt.auth_data_len != OSPF_AUTH_MD5_SIZE) {
2823 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2824 zlog_debug(
2825 "%s: unsupported crypto auth length (%u B)",
2826 __func__, oh->u.crypt.auth_data_len);
2827 return MSG_NG;
2828 }
2829 bytesauth = OSPF_AUTH_MD5_SIZE;
2830 }
2831 if (bytesdeclared + bytesauth > bytesonwire) {
2832 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2833 zlog_debug(
2834 "%s: packet length error (%u real, %u+%u declared)",
2835 __func__, bytesonwire, bytesdeclared,
2836 bytesauth);
2837 return MSG_NG;
2838 }
2839 /* Length, 2nd approximation. The type-specific constraint is checked
2840 against declared length, not amount of bytes on wire. */
2841 if (oh->type >= OSPF_MSG_HELLO && oh->type <= OSPF_MSG_LS_ACK
2842 && bytesdeclared
2843 < OSPF_HEADER_SIZE + ospf_packet_minlen[oh->type]) {
2844 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2845 zlog_debug("%s: undersized (%u B) %s packet", __func__,
2846 bytesdeclared,
2847 lookup_msg(ospf_packet_type_str, oh->type,
2848 NULL));
2849 return MSG_NG;
2850 }
2851 switch (oh->type) {
2852 case OSPF_MSG_HELLO:
2853 /* RFC2328 A.3.2, packet header + OSPF_HELLO_MIN_SIZE bytes
2854 followed
2855 by N>=0 router-IDs. */
2856 ret = (bytesdeclared - OSPF_HEADER_SIZE - OSPF_HELLO_MIN_SIZE)
2857 % 4
2858 ? MSG_NG
2859 : MSG_OK;
2860 break;
2861 case OSPF_MSG_DB_DESC:
2862 /* RFC2328 A.3.3, packet header + OSPF_DB_DESC_MIN_SIZE bytes
2863 followed
2864 by N>=0 header-only LSAs. */
2865 ret = ospf_lsaseq_examin(
2866 (struct lsa_header *)((caddr_t)oh + OSPF_HEADER_SIZE
2867 + OSPF_DB_DESC_MIN_SIZE),
2868 bytesdeclared - OSPF_HEADER_SIZE
2869 - OSPF_DB_DESC_MIN_SIZE,
2870 1, /* header-only LSAs */
2871 0);
2872 break;
2873 case OSPF_MSG_LS_REQ:
2874 /* RFC2328 A.3.4, packet header followed by N>=0 12-bytes
2875 * request blocks. */
2876 ret = (bytesdeclared - OSPF_HEADER_SIZE - OSPF_LS_REQ_MIN_SIZE)
2877 % OSPF_LSA_KEY_SIZE
2878 ? MSG_NG
2879 : MSG_OK;
2880 break;
2881 case OSPF_MSG_LS_UPD:
2882 /* RFC2328 A.3.5, packet header + OSPF_LS_UPD_MIN_SIZE bytes
2883 followed
2884 by N>=0 full LSAs (with N declared beforehand). */
2885 lsupd = (struct ospf_ls_update *)((caddr_t)oh
2886 + OSPF_HEADER_SIZE);
2887 ret = ospf_lsaseq_examin(
2888 (struct lsa_header *)((caddr_t)lsupd
2889 + OSPF_LS_UPD_MIN_SIZE),
2890 bytesdeclared - OSPF_HEADER_SIZE - OSPF_LS_UPD_MIN_SIZE,
2891 0, /* full LSAs */
2892 ntohl(lsupd->num_lsas) /* 32 bits */
9d303b37 2893 );
d62a17ae 2894 break;
2895 case OSPF_MSG_LS_ACK:
2896 /* RFC2328 A.3.6, packet header followed by N>=0 header-only
2897 * LSAs. */
2898 ret = ospf_lsaseq_examin(
2899 (struct lsa_header *)((caddr_t)oh + OSPF_HEADER_SIZE
2900 + OSPF_LS_ACK_MIN_SIZE),
2901 bytesdeclared - OSPF_HEADER_SIZE - OSPF_LS_ACK_MIN_SIZE,
2902 1, /* header-only LSAs */
2903 0);
2904 break;
2905 default:
2906 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2907 zlog_debug("%s: invalid packet type 0x%02x", __func__,
2908 oh->type);
2909 return MSG_NG;
2910 }
2911 if (ret != MSG_OK && IS_DEBUG_OSPF_PACKET(0, RECV))
2912 zlog_debug("%s: malformed %s packet", __func__,
2913 lookup_msg(ospf_packet_type_str, oh->type, NULL));
2914 return ret;
75c8eabb
DO		 2915}
2916
718e3744 2917/* OSPF Header verification. */
d62a17ae 2918static int ospf_verify_header(struct stream *ibuf, struct ospf_interface *oi,
2919 struct ip *iph, struct ospf_header *ospfh)
2920{
2921 /* Check Area ID. */
2922 if (!ospf_check_area_id(oi, ospfh)) {
cf444bcf 2923 flog_warn(EC_OSPF_PACKET,
c9cc11f6 2924 "interface %s: ospf_read invalid Area ID %s.",
d62a17ae 2925 IF_NAME(oi), inet_ntoa(ospfh->area_id));
2926 return -1;
2927 }
718e3744 2928
d62a17ae 2929 /* Check network mask, Silently discarded. */
2930 if (!ospf_check_network_mask(oi, iph->ip_src)) {
c9cc11f6 2931 flog_warn(
cf444bcf 2932 EC_OSPF_PACKET,
d62a17ae 2933 "interface %s: ospf_read network address is not same [%s]",
2934 IF_NAME(oi), inet_ntoa(iph->ip_src));
2935 return -1;
2936 }
718e3744 2937
d62a17ae 2938 /* Check authentication. The function handles logging actions, where
2939 * required. */
2940 if (!ospf_check_auth(oi, ospfh))
2941 return -1;
718e3744 2942
d62a17ae 2943 return 0;
718e3744 2944}
2945
2946/* Starting point of packet process function. */
d62a17ae 2947int ospf_read(struct thread *thread)
2948{
2949 int ret;
2950 struct stream *ibuf;
2951 struct ospf *ospf;
2952 struct ospf_interface *oi;
2953 struct ip *iph;
2954 struct ospf_header *ospfh;
d7c0a89a 2955 uint16_t length;
b5a8894d 2956 struct interface *ifp = NULL;
d62a17ae 2957 struct connected *c;
2958
2959 /* first of all get interface pointer. */
2960 ospf = THREAD_ARG(thread);
2961
2962 /* prepare for next packet. */
2963 ospf->t_read = NULL;
2964 thread_add_read(master, ospf_read, ospf, ospf->fd, &ospf->t_read);
2965
2966 stream_reset(ospf->ibuf);
b5a8894d
CS		 2967 ibuf = ospf_recv_packet(ospf, ospf->fd, &ifp, ospf->ibuf);
2968 if (ibuf == NULL)
d62a17ae 2969 return -1;
2970 /* This raw packet is known to be at least as big as its IP header. */
2971
2972 /* Note that there should not be alignment problems with this assignment
2973 because this is at the beginning of the stream data buffer. */
2974 iph = (struct ip *)STREAM_DATA(ibuf);
2975 /* Note that sockopt_iphdrincl_swab_systoh was called in
2976 * ospf_recv_packet. */
2977
2978 if (ifp == NULL) {
2979 /* Handle cases where the platform does not support retrieving
2980 the ifindex,
2981 and also platforms (such as Solaris 8) that claim to support
2982 ifindex
2983 retrieval but do not. */
2984 c = if_lookup_address((void *)&iph->ip_src, AF_INET,
b5a8894d 2985 ospf->vrf_id);
d62a17ae 2986 if (c)
2987 ifp = c->ifp;
868a0861
DS		 2988 if (ifp == NULL) {
2989 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2990 zlog_debug(
2991 "%s: Unable to determine incoming interface from: %s(%s)",
2992 __PRETTY_FUNCTION__,
2993 inet_ntoa(iph->ip_src),
2994 ospf_get_name(ospf));
d62a17ae 2995 return 0;
868a0861 2996 }
d62a17ae 2997 }
2998
2999 /* IP Header dump. */
3000 if (IS_DEBUG_OSPF_PACKET(0, RECV))
3001 ospf_ip_header_dump(iph);
3002
3003 /* Self-originated packet should be discarded silently. */
3004 if (ospf_if_lookup_by_local_addr(ospf, NULL, iph->ip_src)) {
3005 if (IS_DEBUG_OSPF_PACKET(0, RECV)) {
3006 zlog_debug(
3007 "ospf_read[%s]: Dropping self-originated packet",
3008 inet_ntoa(iph->ip_src));
3009 }
3010 return 0;
3011 }
3012
3013 /* Advance from IP header to OSPF header (iph->ip_hl has been verified
3014 by ospf_recv_packet() to be correct). */
3015 stream_forward_getp(ibuf, iph->ip_hl * 4);
3016
2d34fb80 3017 ospfh = (struct ospf_header *)stream_pnt(ibuf);
d62a17ae 3018 if (MSG_OK
9d303b37
DL		 3019 != ospf_packet_examin(
3020 ospfh, stream_get_endp(ibuf) - stream_get_getp(ibuf)))
d62a17ae 3021 return -1;
3022 /* Now it is safe to access all fields of OSPF packet header. */
3023
3024 /* associate packet with ospf interface */
3025 oi = ospf_if_lookup_recv_if(ospf, iph->ip_src, ifp);
3026
3027 /* ospf_verify_header() relies on a valid "oi" and thus can be called
3028 only
3029 after the passive/backbone/other checks below are passed. These
3030 checks
3031 in turn access the fields of unverified "ospfh" structure for their
3032 own
3033 purposes and must remain very accurate in doing this. */
3034
3035 /* If incoming interface is passive one, ignore it. */
3036 if (oi && OSPF_IF_PASSIVE_STATUS(oi) == OSPF_IF_PASSIVE) {
3037 char buf[3][INET_ADDRSTRLEN];
3038
3039 if (IS_DEBUG_OSPF_EVENT)
3040 zlog_debug(
3041 "ignoring packet from router %s sent to %s, "
3042 "received on a passive interface, %s",
3043 inet_ntop(AF_INET, &ospfh->router_id, buf[0],
3044 sizeof(buf[0])),
3045 inet_ntop(AF_INET, &iph->ip_dst, buf[1],
3046 sizeof(buf[1])),
3047 inet_ntop(AF_INET, &oi->address->u.prefix4,
3048 buf[2], sizeof(buf[2])));
3049
3050 if (iph->ip_dst.s_addr == htonl(OSPF_ALLSPFROUTERS)) {
3051 /* Try to fix multicast membership.
3052 * Some OS:es may have problems in this area,
3053 * make sure it is removed.
3054 */
3055 OI_MEMBER_JOINED(oi, MEMBER_ALLROUTERS);
3056 ospf_if_set_multicast(oi);
3057 }
3058 return 0;
3059 }
3060
3061
3062 /* if no local ospf_interface,
3063 * or header area is backbone but ospf_interface is not
3064 * check for VLINK interface
3065 */
9d303b37
DL		 3066 if ((oi == NULL) || (OSPF_IS_AREA_ID_BACKBONE(ospfh->area_id)
3067 && !OSPF_IS_AREA_ID_BACKBONE(oi->area->area_id))) {
d62a17ae 3068 if ((oi = ospf_associate_packet_vl(ospf, ifp, iph, ospfh))
3069 == NULL) {
3070 if (!ospf->instance && IS_DEBUG_OSPF_EVENT)
3071 zlog_debug(
3072 "Packet from [%s] received on link %s"
3073 " but no ospf_interface",
3074 inet_ntoa(iph->ip_src), ifp->name);
3075 return 0;
3076 }
3077 }
3078
3079 /* else it must be a local ospf interface, check it was received on
3080 * correct link
3081 */
3082 else if (oi->ifp != ifp) {
3083 if (IS_DEBUG_OSPF_EVENT)
cf444bcf 3084 flog_warn(EC_OSPF_PACKET,
c9cc11f6 3085 "Packet from [%s] received on wrong link %s",
d62a17ae 3086 inet_ntoa(iph->ip_src), ifp->name);
3087 return 0;
3088 } else if (oi->state == ISM_Down) {
3089 char buf[2][INET_ADDRSTRLEN];
c9cc11f6 3090 flog_warn(
cf444bcf 3091 EC_OSPF_PACKET,
d62a17ae 3092 "Ignoring packet from %s to %s received on interface that is "
3093 "down [%s]; interface flags are %s",
3094 inet_ntop(AF_INET, &iph->ip_src, buf[0],
3095 sizeof(buf[0])),
3096 inet_ntop(AF_INET, &iph->ip_dst, buf[1],
3097 sizeof(buf[1])),
3098 ifp->name, if_flag_dump(ifp->flags));
3099 /* Fix multicast memberships? */
3100 if (iph->ip_dst.s_addr == htonl(OSPF_ALLSPFROUTERS))
3101 OI_MEMBER_JOINED(oi, MEMBER_ALLROUTERS);
3102 else if (iph->ip_dst.s_addr == htonl(OSPF_ALLDROUTERS))
3103 OI_MEMBER_JOINED(oi, MEMBER_DROUTERS);
3104 if (oi->multicast_memberships)
3105 ospf_if_set_multicast(oi);
3106 return 0;
3107 }
3108
3109 /*
3110 * If the received packet is destined for AllDRouters, the packet
3111 * should be accepted only if the received ospf interface state is
3112 * either DR or Backup -- endo.
3113 */
3114 if (iph->ip_dst.s_addr == htonl(OSPF_ALLDROUTERS)
3115 && (oi->state != ISM_DR && oi->state != ISM_Backup)) {
c9cc11f6 3116 flog_warn(
cf444bcf 3117 EC_OSPF_PACKET,
d62a17ae 3118 "Dropping packet for AllDRouters from [%s] via [%s] (ISM: %s)",
3119 inet_ntoa(iph->ip_src), IF_NAME(oi),
3120 lookup_msg(ospf_ism_state_msg, oi->state, NULL));
3121 /* Try to fix multicast membership. */
3122 SET_FLAG(oi->multicast_memberships, MEMBER_DROUTERS);
3123 ospf_if_set_multicast(oi);
3124 return 0;
3125 }
3126
3127 /* Verify more OSPF header fields. */
3128 ret = ospf_verify_header(ibuf, oi, iph, ospfh);
3129 if (ret < 0) {
3130 if (IS_DEBUG_OSPF_PACKET(0, RECV))
3131 zlog_debug(
3132 "ospf_read[%s]: Header check failed, "
3133 "dropping.",
3134 inet_ntoa(iph->ip_src));
3135 return ret;
3136 }
3137
3138 /* Show debug receiving packet. */
3139 if (IS_DEBUG_OSPF_PACKET(ospfh->type - 1, RECV)) {
3140 if (IS_DEBUG_OSPF_PACKET(ospfh->type - 1, DETAIL)) {
3141 zlog_debug(
3142 "-----------------------------------------------------");
3143 ospf_packet_dump(ibuf);
3144 }
3145
3146 zlog_debug("%s received from [%s] via [%s]",
3147 lookup_msg(ospf_packet_type_str, ospfh->type, NULL),
3148 inet_ntoa(ospfh->router_id), IF_NAME(oi));
3149 zlog_debug(" src [%s],", inet_ntoa(iph->ip_src));
3150 zlog_debug(" dst [%s]", inet_ntoa(iph->ip_dst));
3151
3152 if (IS_DEBUG_OSPF_PACKET(ospfh->type - 1, DETAIL))
3153 zlog_debug(
3154 "-----------------------------------------------------");
3155 }
3156
3157 stream_forward_getp(ibuf, OSPF_HEADER_SIZE);
3158
3159 /* Adjust size to message length. */
3160 length = ntohs(ospfh->length) - OSPF_HEADER_SIZE;
3161
3162 /* Read rest of the packet and call each sort of packet routine. */
3163 switch (ospfh->type) {
3164 case OSPF_MSG_HELLO:
3165 ospf_hello(iph, ospfh, ibuf, oi, length);
3166 break;
3167 case OSPF_MSG_DB_DESC:
3168 ospf_db_desc(iph, ospfh, ibuf, oi, length);
3169 break;
3170 case OSPF_MSG_LS_REQ:
3171 ospf_ls_req(iph, ospfh, ibuf, oi, length);
3172 break;
3173 case OSPF_MSG_LS_UPD:
3174 ospf_ls_upd(ospf, iph, ospfh, ibuf, oi, length);
3175 break;
3176 case OSPF_MSG_LS_ACK:
3177 ospf_ls_ack(iph, ospfh, ibuf, oi, length);
3178 break;
3179 default:
cf444bcf 3180 flog_warn(EC_OSPF_PACKET,
c9cc11f6 3181 "interface %s: OSPF packet header type %d is illegal",
d62a17ae 3182 IF_NAME(oi), ospfh->type);
3183 break;
3184 }
3185
b10ce841 3186 return 0;
718e3744 3187}
3188
3189/* Make OSPF header. */
d62a17ae 3190static void ospf_make_header(int type, struct ospf_interface *oi,
3191 struct stream *s)
718e3744 3192{
d62a17ae 3193 struct ospf_header *ospfh;
718e3744 3194
d62a17ae 3195 ospfh = (struct ospf_header *)STREAM_DATA(s);
718e3744 3196
d7c0a89a
QY		 3197 ospfh->version = (uint8_t)OSPF_VERSION;
3198 ospfh->type = (uint8_t)type;
718e3744 3199
d62a17ae 3200 ospfh->router_id = oi->ospf->router_id;
718e3744 3201
d62a17ae 3202 ospfh->checksum = 0;
3203 ospfh->area_id = oi->area->area_id;
3204 ospfh->auth_type = htons(ospf_auth_type(oi));
718e3744 3205
d62a17ae 3206 memset(ospfh->u.auth_data, 0, OSPF_AUTH_SIMPLE_SIZE);
718e3744 3207
d62a17ae 3208 stream_forward_endp(s, OSPF_HEADER_SIZE);
718e3744 3209}
3210
3211/* Make Authentication Data. */
d62a17ae 3212static int ospf_make_auth(struct ospf_interface *oi, struct ospf_header *ospfh)
3213{
3214 struct crypt_key *ck;
3215
3216 switch (ospf_auth_type(oi)) {
3217 case OSPF_AUTH_NULL:
3218 /* memset (ospfh->u.auth_data, 0, sizeof (ospfh->u.auth_data));
3219 */
3220 break;
3221 case OSPF_AUTH_SIMPLE:
3222 memcpy(ospfh->u.auth_data, OSPF_IF_PARAM(oi, auth_simple),
3223 OSPF_AUTH_SIMPLE_SIZE);
3224 break;
3225 case OSPF_AUTH_CRYPTOGRAPHIC:
3226 /* If key is not set, then set 0. */
3227 if (list_isempty(OSPF_IF_PARAM(oi, auth_crypt))) {
3228 ospfh->u.crypt.zero = 0;
3229 ospfh->u.crypt.key_id = 0;
3230 ospfh->u.crypt.auth_data_len = OSPF_AUTH_MD5_SIZE;
3231 } else {
3232 ck = listgetdata(
3233 listtail(OSPF_IF_PARAM(oi, auth_crypt)));
3234 ospfh->u.crypt.zero = 0;
3235 ospfh->u.crypt.key_id = ck->key_id;
3236 ospfh->u.crypt.auth_data_len = OSPF_AUTH_MD5_SIZE;
3237 }
3238 /* note: the seq is done in ospf_make_md5_digest() */
3239 break;
3240 default:
3241 /* memset (ospfh->u.auth_data, 0, sizeof (ospfh->u.auth_data));
3242 */
3243 break;
718e3744 3244 }
718e3744 3245
d62a17ae 3246 return 0;
718e3744 3247}
3248
3249/* Fill rest of OSPF header. */
d62a17ae 3250static void ospf_fill_header(struct ospf_interface *oi, struct stream *s,
d7c0a89a 3251 uint16_t length)
d62a17ae 3252{
3253 struct ospf_header *ospfh;
3254
3255 ospfh = (struct ospf_header *)STREAM_DATA(s);
3256
3257 /* Fill length. */
3258 ospfh->length = htons(length);
3259
3260 /* Calculate checksum. */
3261 if (ntohs(ospfh->auth_type) != OSPF_AUTH_CRYPTOGRAPHIC)
3262 ospfh->checksum = in_cksum(ospfh, length);
3263 else
3264 ospfh->checksum = 0;
3265
3266 /* Add Authentication Data. */
3267 ospf_make_auth(oi, ospfh);
3268}
3269
3270static int ospf_make_hello(struct ospf_interface *oi, struct stream *s)
3271{
3272 struct ospf_neighbor *nbr;
3273 struct route_node *rn;
d7c0a89a 3274 uint16_t length = OSPF_HELLO_MIN_SIZE;
d62a17ae 3275 struct in_addr mask;
3276 unsigned long p;
3277 int flag = 0;
3278
3279 /* Set netmask of interface. */
3280 if (!(CHECK_FLAG(oi->connected->flags, ZEBRA_IFA_UNNUMBERED)
3281 && oi->type == OSPF_IFTYPE_POINTOPOINT)
3282 && oi->type != OSPF_IFTYPE_VIRTUALLINK)
3283 masklen2ip(oi->address->prefixlen, &mask);
3284 else
3285 memset((char *)&mask, 0, sizeof(struct in_addr));
3286 stream_put_ipv4(s, mask.s_addr);
3287
3288 /* Set Hello Interval. */
3289 if (OSPF_IF_PARAM(oi, fast_hello) == 0)
3290 stream_putw(s, OSPF_IF_PARAM(oi, v_hello));
3291 else
3292 stream_putw(s, 0); /* hello-interval of 0 for fast-hellos */
3293
3294 if (IS_DEBUG_OSPF_EVENT)
3295 zlog_debug("make_hello: options: %x, int: %s", OPTIONS(oi),
3296 IF_NAME(oi));
3297
3298 /* Set Options. */
3299 stream_putc(s, OPTIONS(oi));
3300
3301 /* Set Router Priority. */
3302 stream_putc(s, PRIORITY(oi));
3303
3304 /* Set Router Dead Interval. */
3305 stream_putl(s, OSPF_IF_PARAM(oi, v_wait));
3306
3307 /* Set Designated Router. */
3308 stream_put_ipv4(s, DR(oi).s_addr);
3309
3310 p = stream_get_endp(s);
3311
3312 /* Set Backup Designated Router. */
3313 stream_put_ipv4(s, BDR(oi).s_addr);
3314
3315 /* Add neighbor seen. */
3316 for (rn = route_top(oi->nbrs); rn; rn = route_next(rn))
3317 if ((nbr = rn->info))
3318 if (nbr->router_id.s_addr
3319 != 0) /* Ignore 0.0.0.0 node. */
3320 if (nbr->state
3321 != NSM_Attempt) /* Ignore Down neighbor. */
3322 if (nbr->state
3323 != NSM_Down) /* This is myself for
3324 DR election. */
3325 if (!IPV4_ADDR_SAME(
3326 &nbr->router_id,
3327 &oi->ospf->router_id)) {
3328 /* Check neighbor is
3329 * sane? */
3330 if (nbr->d_router.s_addr
3331 != 0
3332 && IPV4_ADDR_SAME(
3333 &nbr->d_router,
3334 &oi->address
3335 ->u
3336 .prefix4)
3337 && IPV4_ADDR_SAME(
3338 &nbr->bd_router,
3339 &oi->address
3340 ->u
3341 .prefix4))
3342 flag = 1;
3343
9b18d58e
NS		 3344 /* Hello packet overflows interface MTU. */
3345 if (length + sizeof(uint32_t)
3346 > ospf_packet_max(oi)) {
3347 flog_err(
3348 EC_OSPF_LARGE_HELLO,
c531be7c 3349 "Oversized Hello packet! Larger than MTU. Not sending it out");
9b18d58e
NS		 3350 return 0;
3351 }
3352
d62a17ae 3353 stream_put_ipv4(
3354 s,
3355 nbr->router_id
3356 .s_addr);
3357 length += 4;
3358 }
3359
3360 /* Let neighbor generate BackupSeen. */
3361 if (flag == 1)
3362 stream_putl_at(s, p, 0); /* ipv4 address, normally */
3363
3364 return length;
3365}
3366
3367static int ospf_make_db_desc(struct ospf_interface *oi,
3368 struct ospf_neighbor *nbr, struct stream *s)
3369{
3370 struct ospf_lsa *lsa;
d7c0a89a
QY		 3371 uint16_t length = OSPF_DB_DESC_MIN_SIZE;
3372 uint8_t options;
d62a17ae 3373 unsigned long pp;
3374 int i;
3375 struct ospf_lsdb *lsdb;
3376
3377 /* Set Interface MTU. */
3378 if (oi->type == OSPF_IFTYPE_VIRTUALLINK)
3379 stream_putw(s, 0);
3380 else
3381 stream_putw(s, oi->ifp->mtu);
3382
3383 /* Set Options. */
3384 options = OPTIONS(oi);
3385 if (CHECK_FLAG(oi->ospf->config, OSPF_OPAQUE_CAPABLE))
3386 SET_FLAG(options, OSPF_OPTION_O);
3387 stream_putc(s, options);
3388
3389 /* DD flags */
3390 pp = stream_get_endp(s);
3391 stream_putc(s, nbr->dd_flags);
3392
3393 /* Set DD Sequence Number. */
3394 stream_putl(s, nbr->dd_seqnum);
3395
3396 /* shortcut unneeded walk of (empty) summary LSDBs */
3397 if (ospf_db_summary_isempty(nbr))
3398 goto empty;
3399
3400 /* Describe LSA Header from Database Summary List. */
3401 lsdb = &nbr->db_sum;
3402
3403 for (i = OSPF_MIN_LSA; i < OSPF_MAX_LSA; i++) {
3404 struct route_table *table = lsdb->type[i].db;
3405 struct route_node *rn;
3406
3407 for (rn = route_top(table); rn; rn = route_next(rn))
3408 if ((lsa = rn->info) != NULL) {
3409 if (IS_OPAQUE_LSA(lsa->data->type)
3410 && (!CHECK_FLAG(options, OSPF_OPTION_O))) {
3411 /* Suppress advertising
0437e105 3412 * opaque-information. */
d62a17ae 3413 /* Remove LSA from DB summary list. */
3414 ospf_lsdb_delete(lsdb, lsa);
3415 continue;
3416 }
3417
3418 if (!CHECK_FLAG(lsa->flags, OSPF_LSA_DISCARD)) {
3419 struct lsa_header *lsah;
d7c0a89a 3420 uint16_t ls_age;
d62a17ae 3421
3422 /* DD packet overflows interface MTU. */
3423 if (length + OSPF_LSA_HEADER_SIZE
3424 > ospf_packet_max(oi))
3425 break;
3426
3427 /* Keep pointer to LS age. */
3428 lsah = (struct lsa_header
3429 *)(STREAM_DATA(s)
3430 + stream_get_endp(
3431 s));
3432
3433 /* Proceed stream pointer. */
3434 stream_put(s, lsa->data,
3435 OSPF_LSA_HEADER_SIZE);
3436 length += OSPF_LSA_HEADER_SIZE;
3437
3438 /* Set LS age. */
3439 ls_age = LS_AGE(lsa);
3440 lsah->ls_age = htons(ls_age);
3441 }
3442
3443 /* Remove LSA from DB summary list. */
3444 ospf_lsdb_delete(lsdb, lsa);
3445 }
3446 }
718e3744 3447
d62a17ae 3448 /* Update 'More' bit */
3449 if (ospf_db_summary_isempty(nbr)) {
3450 empty:
3451 if (nbr->state >= NSM_Exchange) {
3452 UNSET_FLAG(nbr->dd_flags, OSPF_DD_FLAG_M);
3453 /* Rewrite DD flags */
3454 stream_putc_at(s, pp, nbr->dd_flags);
3455 } else {
3456 assert(IS_SET_DD_M(nbr->dd_flags));
3457 }
3458 }
3459 return length;
3460}
86f1fd96 3461
d7c0a89a 3462static int ospf_make_ls_req_func(struct stream *s, uint16_t *length,
d62a17ae 3463 unsigned long delta, struct ospf_neighbor *nbr,
3464 struct ospf_lsa *lsa)
3465{
3466 struct ospf_interface *oi;
718e3744 3467
d62a17ae 3468 oi = nbr->oi;
718e3744 3469
9570f737
S		 3470 /* LS Request packet overflows interface MTU
3471 * delta is just number of bytes required for 1 LS Req
3472 * ospf_packet_max will return the number of bytes can
3473 * be accomodated without ospf header. So length+delta
3474 * can be compared to ospf_packet_max
3475 * to check if it can fit another lsreq in the same packet.
3476 */
3477
d62a17ae 3478 if (*length + delta > ospf_packet_max(oi))
3479 return 0;
1eb8ef25 3480
d62a17ae 3481 stream_putl(s, lsa->data->type);
3482 stream_put_ipv4(s, lsa->data->id.s_addr);
3483 stream_put_ipv4(s, lsa->data->adv_router.s_addr);
718e3744 3484
d62a17ae 3485 ospf_lsa_unlock(&nbr->ls_req_last);
3486 nbr->ls_req_last = ospf_lsa_lock(lsa);
59ea14c6 3487
d62a17ae 3488 *length += 12;
3489 return 1;
3490}
718e3744 3491
d62a17ae 3492static int ospf_make_ls_req(struct ospf_neighbor *nbr, struct stream *s)
3493{
3494 struct ospf_lsa *lsa;
d7c0a89a 3495 uint16_t length = OSPF_LS_REQ_MIN_SIZE;
9570f737 3496 unsigned long delta = 12;
d62a17ae 3497 struct route_table *table;
3498 struct route_node *rn;
3499 int i;
3500 struct ospf_lsdb *lsdb;
718e3744 3501
d62a17ae 3502 lsdb = &nbr->ls_req;
718e3744 3503
d62a17ae 3504 for (i = OSPF_MIN_LSA; i < OSPF_MAX_LSA; i++) {
3505 table = lsdb->type[i].db;
3506 for (rn = route_top(table); rn; rn = route_next(rn))
3507 if ((lsa = (rn->info)) != NULL)
3508 if (ospf_make_ls_req_func(s, &length, delta,
3509 nbr, lsa)
3510 == 0) {
3511 route_unlock_node(rn);
3512 break;
3513 }
3514 }
3515 return length;
3516}
718e3744 3517
d62a17ae 3518static int ls_age_increment(struct ospf_lsa *lsa, int delay)
3519{
3520 int age;
718e3744 3521
d62a17ae 3522 age = IS_LSA_MAXAGE(lsa) ? OSPF_LSA_MAXAGE : LS_AGE(lsa) + delay;
718e3744 3523
d62a17ae 3524 return (age > OSPF_LSA_MAXAGE ? OSPF_LSA_MAXAGE : age);
718e3744 3525}
3526
d62a17ae 3527static int ospf_make_ls_upd(struct ospf_interface *oi, struct list *update,
3528 struct stream *s)
718e3744 3529{
d62a17ae 3530 struct ospf_lsa *lsa;
3531 struct listnode *node;
d7c0a89a 3532 uint16_t length = 0;
d62a17ae 3533 unsigned int size_noauth;
3534 unsigned long delta = stream_get_endp(s);
3535 unsigned long pp;
3536 int count = 0;
3537
3538 if (IS_DEBUG_OSPF_EVENT)
3539 zlog_debug("ospf_make_ls_upd: Start");
3540
3541 pp = stream_get_endp(s);
3542 stream_forward_endp(s, OSPF_LS_UPD_MIN_SIZE);
3543 length += OSPF_LS_UPD_MIN_SIZE;
3544
3545 /* Calculate amount of packet usable for data. */
3546 size_noauth = stream_get_size(s) - ospf_packet_authspace(oi);
3547
3548 while ((node = listhead(update)) != NULL) {
3549 struct lsa_header *lsah;
d7c0a89a 3550 uint16_t ls_age;
d62a17ae 3551
3552 if (IS_DEBUG_OSPF_EVENT)
3553 zlog_debug("ospf_make_ls_upd: List Iteration %d",
3554 count);
3555
3556 lsa = listgetdata(node);
3557
3558 assert(lsa->data);
3559
9570f737
S		 3560 /* Will it fit? Minimum it has to fit atleast one */
3561 if ((length + delta + ntohs(lsa->data->length) > size_noauth) &&
3562 (count > 0))
d62a17ae 3563 break;
3564
3565 /* Keep pointer to LS age. */
3566 lsah = (struct lsa_header *)(STREAM_DATA(s)
3567 + stream_get_endp(s));
3568
3569 /* Put LSA to Link State Request. */
3570 stream_put(s, lsa->data, ntohs(lsa->data->length));
718e3744 3571
d62a17ae 3572 /* Set LS age. */
3573 /* each hop must increment an lsa_age by transmit_delay
3574 of OSPF interface */
3575 ls_age = ls_age_increment(lsa,
3576 OSPF_IF_PARAM(oi, transmit_delay));
3577 lsah->ls_age = htons(ls_age);
3578
3579 length += ntohs(lsa->data->length);
3580 count++;
3581
3582 list_delete_node(update, node);
3583 ospf_lsa_unlock(&lsa); /* oi->ls_upd_queue */
3584 }
3585
3586 /* Now set #LSAs. */
3587 stream_putl_at(s, pp, count);
3588
3589 if (IS_DEBUG_OSPF_EVENT)
3590 zlog_debug("ospf_make_ls_upd: Stop");
3591 return length;
718e3744 3592}
3593
d62a17ae 3594static int ospf_make_ls_ack(struct ospf_interface *oi, struct list *ack,
3595 struct stream *s)
718e3744 3596{
d62a17ae 3597 struct listnode *node, *nnode;
d7c0a89a 3598 uint16_t length = OSPF_LS_ACK_MIN_SIZE;
9570f737 3599 unsigned long delta = OSPF_LSA_HEADER_SIZE;
d62a17ae 3600 struct ospf_lsa *lsa;
718e3744 3601
d62a17ae 3602 for (ALL_LIST_ELEMENTS(ack, node, nnode, lsa)) {
3603 assert(lsa);
718e3744 3604
9570f737
S		 3605 /* LS Ack packet overflows interface MTU
3606 * delta is just number of bytes required for
3607 * 1 LS Ack(1 LS Hdr) ospf_packet_max will return
3608 * the number of bytes can be accomodated without
3609 * ospf header. So length+delta can be compared
3610 * against ospf_packet_max to check if it can fit
3611 * another ls header in the same packet.
3612 */
3613 if ((length + delta) > ospf_packet_max(oi))
d62a17ae 3614 break;
718e3744 3615
d62a17ae 3616 stream_put(s, lsa->data, OSPF_LSA_HEADER_SIZE);
3617 length += OSPF_LSA_HEADER_SIZE;
3618
3619 listnode_delete(ack, lsa);
3620 ospf_lsa_unlock(&lsa); /* oi->ls_ack_direct.ls_ack */
3621 }
3622
3623 return length;
3624}
3625
3626static void ospf_hello_send_sub(struct ospf_interface *oi, in_addr_t addr)
3627{
3628 struct ospf_packet *op;
d7c0a89a 3629 uint16_t length = OSPF_HEADER_SIZE;
718e3744 3630
d62a17ae 3631 op = ospf_packet_new(oi->ifp->mtu);
718e3744 3632
d62a17ae 3633 /* Prepare OSPF common header. */
3634 ospf_make_header(OSPF_MSG_HELLO, oi, op->s);
718e3744 3635
d62a17ae 3636 /* Prepare OSPF Hello body. */
3637 length += ospf_make_hello(oi, op->s);
9b18d58e
NS		 3638 if (length == OSPF_HEADER_SIZE) {
3639 /* Hello overshooting MTU */
3640 ospf_packet_free(op);
3641 return;
3642 }
718e3744 3643
d62a17ae 3644 /* Fill OSPF header. */
3645 ospf_fill_header(oi, op->s, length);
718e3744 3646
d62a17ae 3647 /* Set packet length. */
3648 op->length = length;
3649
3650 op->dst.s_addr = addr;
3651
b5a8894d
CS		 3652 if (IS_DEBUG_OSPF_EVENT) {
3653 if (oi->ospf->vrf_id)
996c9314
LB		 3654 zlog_debug(
3655 "%s: Hello Tx interface %s ospf vrf %s id %u",
3656 __PRETTY_FUNCTION__, oi->ifp->name,
3657 ospf_vrf_id_to_name(oi->ospf->vrf_id),
3658 oi->ospf->vrf_id);
b5a8894d 3659 }
d62a17ae 3660 /* Add packet to the top of the interface output queue, so that they
3661 * can't get delayed by things like long queues of LS Update packets
3662 */
3663 ospf_packet_add_top(oi, op);
3664
3665 /* Hook thread to write packet. */
3666 OSPF_ISM_WRITE_ON(oi->ospf);
718e3744 3667}
3668
d62a17ae 3669static void ospf_poll_send(struct ospf_nbr_nbma *nbr_nbma)
718e3744 3670{
d62a17ae 3671 struct ospf_interface *oi;
718e3744 3672
d62a17ae 3673 oi = nbr_nbma->oi;
3674 assert(oi);
718e3744 3675
d62a17ae 3676 /* If this is passive interface, do not send OSPF Hello. */
3677 if (OSPF_IF_PASSIVE_STATUS(oi) == OSPF_IF_PASSIVE)
3678 return;
718e3744 3679
d62a17ae 3680 if (oi->type != OSPF_IFTYPE_NBMA)
3681 return;
718e3744 3682
d62a17ae 3683 if (nbr_nbma->nbr != NULL && nbr_nbma->nbr->state != NSM_Down)
3684 return;
718e3744 3685
d62a17ae 3686 if (PRIORITY(oi) == 0)
3687 return;
718e3744 3688
d62a17ae 3689 if (nbr_nbma->priority == 0 && oi->state != ISM_DR
3690 && oi->state != ISM_Backup)
3691 return;
718e3744 3692
d62a17ae 3693 ospf_hello_send_sub(oi, nbr_nbma->addr.s_addr);
718e3744 3694}
3695
d62a17ae 3696int ospf_poll_timer(struct thread *thread)
718e3744 3697{
d62a17ae 3698 struct ospf_nbr_nbma *nbr_nbma;
718e3744 3699
d62a17ae 3700 nbr_nbma = THREAD_ARG(thread);
3701 nbr_nbma->t_poll = NULL;
718e3744 3702
d62a17ae 3703 if (IS_DEBUG_OSPF(nsm, NSM_TIMERS))
3704 zlog_debug("NSM[%s:%s]: Timer (Poll timer expire)",
3705 IF_NAME(nbr_nbma->oi), inet_ntoa(nbr_nbma->addr));
718e3744 3706
d62a17ae 3707 ospf_poll_send(nbr_nbma);
718e3744 3708
d62a17ae 3709 if (nbr_nbma->v_poll > 0)
3710 OSPF_POLL_TIMER_ON(nbr_nbma->t_poll, ospf_poll_timer,
3711 nbr_nbma->v_poll);
718e3744 3712
d62a17ae 3713 return 0;
718e3744 3714}
3715
3716
d62a17ae 3717int ospf_hello_reply_timer(struct thread *thread)
718e3744 3718{
d62a17ae 3719 struct ospf_neighbor *nbr;
718e3744 3720
d62a17ae 3721 nbr = THREAD_ARG(thread);
3722 nbr->t_hello_reply = NULL;
718e3744 3723
d62a17ae 3724 assert(nbr->oi);
718e3744 3725
d62a17ae 3726 if (IS_DEBUG_OSPF(nsm, NSM_TIMERS))
3727 zlog_debug("NSM[%s:%s]: Timer (hello-reply timer expire)",
3728 IF_NAME(nbr->oi), inet_ntoa(nbr->router_id));
718e3744 3729
d62a17ae 3730 ospf_hello_send_sub(nbr->oi, nbr->address.u.prefix4.s_addr);
718e3744 3731
d62a17ae 3732 return 0;
718e3744 3733}
3734
3735/* Send OSPF Hello. */
d62a17ae 3736void ospf_hello_send(struct ospf_interface *oi)
3737{
3738 /* If this is passive interface, do not send OSPF Hello. */
3739 if (OSPF_IF_PASSIVE_STATUS(oi) == OSPF_IF_PASSIVE)
3740 return;
3741
3742 if (oi->type == OSPF_IFTYPE_NBMA) {
3743 struct ospf_neighbor *nbr;
3744 struct route_node *rn;
3745
3746 for (rn = route_top(oi->nbrs); rn; rn = route_next(rn))
3747 if ((nbr = rn->info))
3748 if (nbr != oi->nbr_self)
3749 if (nbr->state != NSM_Down) {
3750 /* RFC 2328 Section 9.5.1
3751 If the router is not
3752 eligible to become Designated
3753 Router,
3754 it must periodically send
3755 Hello Packets to both the
3756 Designated Router and the
3757 Backup Designated Router (if
3758 they
3759 exist). */
3760 if (PRIORITY(oi) == 0
3761 && IPV4_ADDR_CMP(
3762 &DR(oi),
3763 &nbr->address.u
3764 .prefix4)
3765 && IPV4_ADDR_CMP(
3766 &BDR(oi),
3767 &nbr->address.u
3768 .prefix4))
3769 continue;
3770
3771 /* If the router is eligible to
3772 become Designated Router, it
3773 must periodically send Hello
3774 Packets to all neighbors that
3775 are also eligible. In
3776 addition, if the router is
3777 itself the
3778 Designated Router or Backup
3779 Designated Router, it must
3780 also
3781 send periodic Hello Packets
3782 to all other neighbors. */
3783
3784 if (nbr->priority == 0
3785 && oi->state == ISM_DROther)
3786 continue;
3787 /* if oi->state == Waiting, send
3788 * hello to all neighbors */
3789 ospf_hello_send_sub(
3790 oi,
3791 nbr->address.u.prefix4
3792 .s_addr);
3793 }
3794 } else {
3795 /* Decide destination address. */
3796 if (oi->type == OSPF_IFTYPE_VIRTUALLINK)
3797 ospf_hello_send_sub(oi, oi->vl_data->peer_addr.s_addr);
3798 else
3799 ospf_hello_send_sub(oi, htonl(OSPF_ALLSPFROUTERS));
3800 }
718e3744 3801}
3802
3803/* Send OSPF Database Description. */
d62a17ae 3804void ospf_db_desc_send(struct ospf_neighbor *nbr)
718e3744 3805{
d62a17ae 3806 struct ospf_interface *oi;
3807 struct ospf_packet *op;
d7c0a89a 3808 uint16_t length = OSPF_HEADER_SIZE;
718e3744 3809
d62a17ae 3810 oi = nbr->oi;
3811 op = ospf_packet_new(oi->ifp->mtu);
718e3744 3812
d62a17ae 3813 /* Prepare OSPF common header. */
3814 ospf_make_header(OSPF_MSG_DB_DESC, oi, op->s);
718e3744 3815
d62a17ae 3816 /* Prepare OSPF Database Description body. */
3817 length += ospf_make_db_desc(oi, nbr, op->s);
718e3744 3818
d62a17ae 3819 /* Fill OSPF header. */
3820 ospf_fill_header(oi, op->s, length);
718e3744 3821
d62a17ae 3822 /* Set packet length. */
3823 op->length = length;
718e3744 3824
d62a17ae 3825 /* Decide destination address. */
3826 if (oi->type == OSPF_IFTYPE_POINTOPOINT)
3827 op->dst.s_addr = htonl(OSPF_ALLSPFROUTERS);
3828 else
3829 op->dst = nbr->address.u.prefix4;
718e3744 3830
d62a17ae 3831 /* Add packet to the interface output queue. */
3832 ospf_packet_add(oi, op);
718e3744 3833
d62a17ae 3834 /* Hook thread to write packet. */
3835 OSPF_ISM_WRITE_ON(oi->ospf);
718e3744 3836
d62a17ae 3837 /* Remove old DD packet, then copy new one and keep in neighbor
3838 * structure. */
3839 if (nbr->last_send)
3840 ospf_packet_free(nbr->last_send);
3841 nbr->last_send = ospf_packet_dup(op);
3842 monotime(&nbr->last_send_ts);
e6a22aeb
SK		 3843 if (CHECK_FLAG(oi->ospf->config, OSPF_LOG_ADJACENCY_DETAIL))
3844 zlog_info(
3845 "%s:Packet[DD]: %s DB Desc send with seqnum:%x , flags:%x",
3846 (oi->ospf->name) ? oi->ospf->name : VRF_DEFAULT_NAME,
3847 inet_ntoa(nbr->router_id), nbr->dd_seqnum,
3848 nbr->dd_flags);
718e3744 3849}
3850
3851/* Re-send Database Description. */
d62a17ae 3852void ospf_db_desc_resend(struct ospf_neighbor *nbr)
718e3744 3853{
d62a17ae 3854 struct ospf_interface *oi;
718e3744 3855
d62a17ae 3856 oi = nbr->oi;
718e3744 3857
d62a17ae 3858 /* Add packet to the interface output queue. */
3859 ospf_packet_add(oi, ospf_packet_dup(nbr->last_send));
718e3744 3860
d62a17ae 3861 /* Hook thread to write packet. */
3862 OSPF_ISM_WRITE_ON(oi->ospf);
e6a22aeb
SK		 3863 if (CHECK_FLAG(oi->ospf->config, OSPF_LOG_ADJACENCY_DETAIL))
3864 zlog_info(
3865 "%s:Packet[DD]: %s DB Desc resend with seqnum:%x , flags:%x",
3866 (oi->ospf->name) ? oi->ospf->name : VRF_DEFAULT_NAME,
3867 inet_ntoa(nbr->router_id), nbr->dd_seqnum,
3868 nbr->dd_flags);
718e3744 3869}
3870
3871/* Send Link State Request. */
d62a17ae 3872void ospf_ls_req_send(struct ospf_neighbor *nbr)
718e3744 3873{
d62a17ae 3874 struct ospf_interface *oi;
3875 struct ospf_packet *op;
d7c0a89a 3876 uint16_t length = OSPF_HEADER_SIZE;
718e3744 3877
d62a17ae 3878 oi = nbr->oi;
3879 op = ospf_packet_new(oi->ifp->mtu);
718e3744 3880
d62a17ae 3881 /* Prepare OSPF common header. */
3882 ospf_make_header(OSPF_MSG_LS_REQ, oi, op->s);
718e3744 3883
d62a17ae 3884 /* Prepare OSPF Link State Request body. */
3885 length += ospf_make_ls_req(nbr, op->s);
3886 if (length == OSPF_HEADER_SIZE) {
3887 ospf_packet_free(op);
3888 return;
3889 }
718e3744 3890
d62a17ae 3891 /* Fill OSPF header. */
3892 ospf_fill_header(oi, op->s, length);
718e3744 3893
d62a17ae 3894 /* Set packet length. */
3895 op->length = length;
718e3744 3896
d62a17ae 3897 /* Decide destination address. */
3898 if (oi->type == OSPF_IFTYPE_POINTOPOINT)
3899 op->dst.s_addr = htonl(OSPF_ALLSPFROUTERS);
3900 else
3901 op->dst = nbr->address.u.prefix4;
718e3744 3902
d62a17ae 3903 /* Add packet to the interface output queue. */
3904 ospf_packet_add(oi, op);
718e3744 3905
d62a17ae 3906 /* Hook thread to write packet. */
3907 OSPF_ISM_WRITE_ON(oi->ospf);
718e3744 3908
d62a17ae 3909 /* Add Link State Request Retransmission Timer. */
3910 OSPF_NSM_TIMER_ON(nbr->t_ls_req, ospf_ls_req_timer, nbr->v_ls_req);
718e3744 3911}
3912
3913/* Send Link State Update with an LSA. */
d62a17ae 3914void ospf_ls_upd_send_lsa(struct ospf_neighbor *nbr, struct ospf_lsa *lsa,
3915 int flag)
718e3744 3916{
d62a17ae 3917 struct list *update;
718e3744 3918
d62a17ae 3919 update = list_new();
718e3744 3920
d62a17ae 3921 listnode_add(update, lsa);
046460a1
CS		 3922
3923 /*ospf instance is going down, send self originated
3924 * MAXAGE LSA update to neighbors to remove from LSDB */
3925 if (nbr->oi->ospf->inst_shutdown && IS_LSA_MAXAGE(lsa))
3926 ospf_ls_upd_send(nbr, update, flag, 1);
3927 else
3928 ospf_ls_upd_send(nbr, update, flag, 0);
718e3744 3929
6a154c88 3930 list_delete(&update);
718e3744 3931}
3932
68b7339a 3933/* Determine size for packet. Must be at least big enough to accomodate next
3934 * LSA on list, which may be bigger than MTU size.
3935 *
3936 * Return pointer to new ospf_packet
3937 * NULL if we can not allocate, eg because LSA is bigger than imposed limit
3938 * on packet sizes (in which case offending LSA is deleted from update list)
3939 */
d62a17ae 3940static struct ospf_packet *ospf_ls_upd_packet_new(struct list *update,
3941 struct ospf_interface *oi)
3942{
3943 struct ospf_lsa *lsa;
3944 struct listnode *ln;
3945 size_t size;
3946 static char warned = 0;
3947
3948 lsa = listgetdata((ln = listhead(update)));
3949 assert(lsa->data);
3950
3951 if ((OSPF_LS_UPD_MIN_SIZE + ntohs(lsa->data->length))
3952 > ospf_packet_max(oi)) {
3953 if (!warned) {
c9cc11f6 3954 flog_warn(
cf444bcf 3955 EC_OSPF_LARGE_LSA,
d62a17ae 3956 "ospf_ls_upd_packet_new: oversized LSA encountered!"
3957 "will need to fragment. Not optimal. Try divide up"
3958 " your network with areas. Use 'debug ospf packet send'"
3959 " to see details, or look at 'show ip ospf database ..'");
3960 warned = 1;
3961 }
3962
3963 if (IS_DEBUG_OSPF_PACKET(0, SEND))
3964 zlog_debug(
3965 "ospf_ls_upd_packet_new: oversized LSA id:%s,"
3966 " %d bytes originated by %s, will be fragmented!",
3967 inet_ntoa(lsa->data->id),
3968 ntohs(lsa->data->length),
3969 inet_ntoa(lsa->data->adv_router));
3970
3971 /*
3972 * Allocate just enough to fit this LSA only, to avoid including
3973 * other
3974 * LSAs in fragmented LSA Updates.
3975 */
3976 size = ntohs(lsa->data->length)
3977 + (oi->ifp->mtu - ospf_packet_max(oi))
3978 + OSPF_LS_UPD_MIN_SIZE;
3979 } else
3980 size = oi->ifp->mtu;
3981
3982 if (size > OSPF_MAX_PACKET_SIZE) {
cf444bcf 3983 flog_warn(EC_OSPF_LARGE_LSA,
c9cc11f6
DS		 3984 "ospf_ls_upd_packet_new: oversized LSA id:%s too big,"
3985 " %d bytes, packet size %ld, dropping it completely."
3986 " OSPF routing is broken!",
3987 inet_ntoa(lsa->data->id), ntohs(lsa->data->length),
3988 (long int)size);
d62a17ae 3989 list_delete_node(update, ln);
3990 return NULL;
3991 }
718e3744 3992
d62a17ae 3993 /* IP header is built up separately by ospf_write(). This means, that we
3994 * must
3995 * reduce the "affordable" size just calculated by length of an IP
3996 * header.
3997 * This makes sure, that even if we manage to fill the payload with LSA
3998 * data
3999 * completely, the final packet (our data plus IP header) still fits
4000 * into
4001 * outgoing interface MTU. This correction isn't really meaningful for
4002 * an
4003 * oversized LSA, but for consistency the correction is done for both
4004 * cases.
4005 *
4006 * P.S. OSPF_MAX_PACKET_SIZE above already includes IP header size
4007 */
4008 return ospf_packet_new(size - sizeof(struct ip));
718e3744 4009}
4010
d62a17ae 4011static void ospf_ls_upd_queue_send(struct ospf_interface *oi,
046460a1
CS		 4012 struct list *update, struct in_addr addr,
4013 int send_lsupd_now)
718e3744 4014{
d62a17ae 4015 struct ospf_packet *op;
d7c0a89a 4016 uint16_t length = OSPF_HEADER_SIZE;
d62a17ae 4017
4018 if (IS_DEBUG_OSPF_EVENT)
4019 zlog_debug("listcount = %d, [%s]dst %s", listcount(update),
4020 IF_NAME(oi), inet_ntoa(addr));
4021
19274fe8
OD		 4022 /* Check that we have really something to process */
4023 if (listcount(update) == 0)
4024 return;
4025
d62a17ae 4026 op = ospf_ls_upd_packet_new(update, oi);
718e3744 4027
d62a17ae 4028 /* Prepare OSPF common header. */
4029 ospf_make_header(OSPF_MSG_LS_UPD, oi, op->s);
718e3744 4030
d62a17ae 4031 /* Prepare OSPF Link State Update body.
4032 * Includes Type-7 translation.
4033 */
4034 length += ospf_make_ls_upd(oi, update, op->s);
4035
4036 /* Fill OSPF header. */
4037 ospf_fill_header(oi, op->s, length);
4038
4039 /* Set packet length. */
4040 op->length = length;
4041
4042 /* Decide destination address. */
4043 if (oi->type == OSPF_IFTYPE_POINTOPOINT)
4044 op->dst.s_addr = htonl(OSPF_ALLSPFROUTERS);
4045 else
4046 op->dst.s_addr = addr.s_addr;
4047
4048 /* Add packet to the interface output queue. */
4049 ospf_packet_add(oi, op);
046460a1
CS		 4050 /* Call ospf_write() right away to send ospf packets to neighbors */
4051 if (send_lsupd_now) {
4052 struct thread os_packet_thd;
4053
4054 os_packet_thd.arg = (void *)oi->ospf;
4055 if (oi->on_write_q == 0) {
4056 listnode_add(oi->ospf->oi_write_q, oi);
4057 oi->on_write_q = 1;
4058 }
4059 ospf_write(&os_packet_thd);
4173cc8e
DS		 4060 /*
4061 * We are fake calling ospf_write with a fake
4062 * thread. Imagine that we have oi_a already
4063 * enqueued and we have turned on the write
4064 * thread(t_write).
4065 * Now this function calls this for oi_b
4066 * so the on_write_q has oi_a and oi_b on
4067 * it, ospf_write runs and clears the packets
4068 * for both oi_a and oi_b. Removing them from
4069 * the on_write_q. After this thread of execution
4070 * finishes we will execute the t_write thread
4071 * with nothing in the on_write_q causing an
4072 * assert. So just make sure that the t_write
4073 * is actually turned off.
4074 */
4075 if (list_isempty(oi->ospf->oi_write_q))
4076 OSPF_TIMER_OFF(oi->ospf->t_write);
046460a1
CS		 4077 } else {
4078 /* Hook thread to write packet. */
4079 OSPF_ISM_WRITE_ON(oi->ospf);
4080 }
d62a17ae 4081}
4082
4083static int ospf_ls_upd_send_queue_event(struct thread *thread)
4084{
4085 struct ospf_interface *oi = THREAD_ARG(thread);
4086 struct route_node *rn;
4087 struct route_node *rnext;
4088 struct list *update;
4089 char again = 0;
4090
4091 oi->t_ls_upd_event = NULL;
4092
4093 if (IS_DEBUG_OSPF_EVENT)
4094 zlog_debug("ospf_ls_upd_send_queue start");
4095
4096 for (rn = route_top(oi->ls_upd_queue); rn; rn = rnext) {
4097 rnext = route_next(rn);
4098
4099 if (rn->info == NULL)
4100 continue;
4101
4102 update = (struct list *)rn->info;
4103
046460a1 4104 ospf_ls_upd_queue_send(oi, update, rn->p.u.prefix4, 0);
d62a17ae 4105
4106 /* list might not be empty. */
4107 if (listcount(update) == 0) {
6a154c88 4108 list_delete((struct list **)&rn->info);
d62a17ae 4109 route_unlock_node(rn);
4110 } else
4111 again = 1;
4112 }
4113
4114 if (again != 0) {
4115 if (IS_DEBUG_OSPF_EVENT)
4116 zlog_debug(
4117 "ospf_ls_upd_send_queue: update lists not cleared,"
4118 " %d nodes to try again, raising new event",
4119 again);
4120 oi->t_ls_upd_event = NULL;
4121 thread_add_event(master, ospf_ls_upd_send_queue_event, oi, 0,
4122 &oi->t_ls_upd_event);
4123 }
4124
4125 if (IS_DEBUG_OSPF_EVENT)
4126 zlog_debug("ospf_ls_upd_send_queue stop");
4127
4128 return 0;
4129}
4130
046460a1
CS		 4131void ospf_ls_upd_send(struct ospf_neighbor *nbr, struct list *update, int flag,
4132 int send_lsupd_now)
d62a17ae 4133{
4134 struct ospf_interface *oi;
4135 struct ospf_lsa *lsa;
4136 struct prefix_ipv4 p;
4137 struct route_node *rn;
4138 struct listnode *node;
4139
4140 oi = nbr->oi;
4141
4142 p.family = AF_INET;
4143 p.prefixlen = IPV4_MAX_BITLEN;
4144
4145 /* Decide destination address. */
4146 if (oi->type == OSPF_IFTYPE_VIRTUALLINK)
4147 p.prefix = oi->vl_data->peer_addr;
4148 else if (oi->type == OSPF_IFTYPE_POINTOPOINT)
4149 p.prefix.s_addr = htonl(OSPF_ALLSPFROUTERS);
4150 else if (flag == OSPF_SEND_PACKET_DIRECT)
4151 p.prefix = nbr->address.u.prefix4;
4152 else if (oi->state == ISM_DR || oi->state == ISM_Backup)
4153 p.prefix.s_addr = htonl(OSPF_ALLSPFROUTERS);
4154 else if (oi->type == OSPF_IFTYPE_POINTOMULTIPOINT)
4155 p.prefix.s_addr = htonl(OSPF_ALLSPFROUTERS);
4156 else
4157 p.prefix.s_addr = htonl(OSPF_ALLDROUTERS);
4158
4159 if (oi->type == OSPF_IFTYPE_NBMA) {
4160 if (flag == OSPF_SEND_PACKET_INDIRECT)
c9cc11f6 4161 flog_warn(
cf444bcf 4162 EC_OSPF_PACKET,
d62a17ae 4163 "* LS-Update is directly sent on NBMA network.");
19aad877 4164 if (IPV4_ADDR_SAME(&oi->address->u.prefix4, &p.prefix))
cf444bcf 4165 flog_warn(EC_OSPF_PACKET,
c9cc11f6 4166 "* LS-Update is sent to myself.");
d62a17ae 4167 }
4168
4169 rn = route_node_get(oi->ls_upd_queue, (struct prefix *)&p);
4170
4171 if (rn->info == NULL)
4172 rn->info = list_new();
4173 else
4174 route_unlock_node(rn);
4175
4176 for (ALL_LIST_ELEMENTS_RO(update, node, lsa))
4177 listnode_add(rn->info,
4178 ospf_lsa_lock(lsa)); /* oi->ls_upd_queue */
046460a1
CS		 4179 if (send_lsupd_now) {
4180 struct list *send_update_list;
f7813c7c 4181 struct route_node *rnext;
d62a17ae 4182
046460a1
CS		 4183 for (rn = route_top(oi->ls_upd_queue); rn; rn = rnext) {
4184 rnext = route_next(rn);
4185
4186 if (rn->info == NULL)
4187 continue;
4188
4189 send_update_list = (struct list *)rn->info;
4190
4191 ospf_ls_upd_queue_send(oi, send_update_list,
4192 rn->p.u.prefix4, 1);
046460a1
CS		 4193 }
4194 } else
4195 thread_add_event(master, ospf_ls_upd_send_queue_event, oi, 0,
996c9314 4196 &oi->t_ls_upd_event);
718e3744 4197}
4198
d62a17ae 4199static void ospf_ls_ack_send_list(struct ospf_interface *oi, struct list *ack,
4200 struct in_addr dst)
718e3744 4201{
d62a17ae 4202 struct ospf_packet *op;
d7c0a89a 4203 uint16_t length = OSPF_HEADER_SIZE;
d62a17ae 4204
4205 op = ospf_packet_new(oi->ifp->mtu);
4206
4207 /* Prepare OSPF common header. */
4208 ospf_make_header(OSPF_MSG_LS_ACK, oi, op->s);
4209
4210 /* Prepare OSPF Link State Acknowledgment body. */
4211 length += ospf_make_ls_ack(oi, ack, op->s);
4212
4213 /* Fill OSPF header. */
4214 ospf_fill_header(oi, op->s, length);
718e3744 4215
d62a17ae 4216 /* Set packet length. */
4217 op->length = length;
4218
4219 /* Decide destination address. */
4220 if (oi->type == OSPF_IFTYPE_POINTOPOINT)
4221 op->dst.s_addr = htonl(OSPF_ALLSPFROUTERS);
4222 else
4223 op->dst.s_addr = dst.s_addr;
4224
4225 /* Add packet to the interface output queue. */
4226 ospf_packet_add(oi, op);
4227
4228 /* Hook thread to write packet. */
4229 OSPF_ISM_WRITE_ON(oi->ospf);
4230}
4231
4232static int ospf_ls_ack_send_event(struct thread *thread)
4233{
4234 struct ospf_interface *oi = THREAD_ARG(thread);
4235
4236 oi->t_ls_ack_direct = NULL;
4237
4238 while (listcount(oi->ls_ack_direct.ls_ack))
4239 ospf_ls_ack_send_list(oi, oi->ls_ack_direct.ls_ack,
4240 oi->ls_ack_direct.dst);
4241
4242 return 0;
4243}
4244
4245void ospf_ls_ack_send(struct ospf_neighbor *nbr, struct ospf_lsa *lsa)
4246{
4247 struct ospf_interface *oi = nbr->oi;
4248
4249 if (listcount(oi->ls_ack_direct.ls_ack) == 0)
4250 oi->ls_ack_direct.dst = nbr->address.u.prefix4;
4251
4252 listnode_add(oi->ls_ack_direct.ls_ack, ospf_lsa_lock(lsa));
4253
4254 thread_add_event(master, ospf_ls_ack_send_event, oi, 0,
4255 &oi->t_ls_ack_direct);
718e3744 4256}
4257
4258/* Send Link State Acknowledgment delayed. */
d62a17ae 4259void ospf_ls_ack_send_delayed(struct ospf_interface *oi)
4260{
4261 struct in_addr dst;
4262
4263 /* Decide destination address. */
4264 /* RFC2328 Section 13.5 On non-broadcast
4265 networks, delayed Link State Acknowledgment packets must be
4266 unicast separately over each adjacency (i.e., neighbor whose
4267 state is >= Exchange). */
4268 if (oi->type == OSPF_IFTYPE_NBMA) {
4269 struct ospf_neighbor *nbr;
4270 struct route_node *rn;
4271
4272 for (rn = route_top(oi->nbrs); rn; rn = route_next(rn))
4273 if ((nbr = rn->info) != NULL)
4274 if (nbr != oi->nbr_self
4275 && nbr->state >= NSM_Exchange)
4276 while (listcount(oi->ls_ack))
4277 ospf_ls_ack_send_list(
4278 oi, oi->ls_ack,
4279 nbr->address.u.prefix4);
4280 return;
4281 }
4282 if (oi->type == OSPF_IFTYPE_VIRTUALLINK)
4283 dst.s_addr = oi->vl_data->peer_addr.s_addr;
4284 else if (oi->state == ISM_DR || oi->state == ISM_Backup)
4285 dst.s_addr = htonl(OSPF_ALLSPFROUTERS);
4286 else if (oi->type == OSPF_IFTYPE_POINTOPOINT)
4287 dst.s_addr = htonl(OSPF_ALLSPFROUTERS);
4288 else if (oi->type == OSPF_IFTYPE_POINTOMULTIPOINT)
4289 dst.s_addr = htonl(OSPF_ALLSPFROUTERS);
4290 else
4291 dst.s_addr = htonl(OSPF_ALLDROUTERS);
4292
4293 while (listcount(oi->ls_ack))
4294 ospf_ls_ack_send_list(oi, oi->ls_ack, dst);
718e3744 4295}
8b6912c2
DS		 4296
4297/*
4298 * On pt-to-pt links, all OSPF control packets are sent to the multicast
4299 * address. As a result, the kernel does not need to learn the interface
4300 * MAC of the OSPF neighbor. However, in our world, this will delay
4301 * convergence. Take the case when due to a link flap, all routes now
4302 * want to use an interface which was deemed to be costlier prior to this
4303 * event. For routes that will be installed, the missing MAC will have
4304 * punt-to-CPU set on them. This may overload the CPU control path that
4305 * can be avoided if the MAC was known apriori.
4306 */
89a48046 4307#define OSPF_PING_NBR_STR_MAX (BUFSIZ)
d62a17ae 4308void ospf_proactively_arp(struct ospf_neighbor *nbr)
4309{
4310 char ping_nbr[OSPF_PING_NBR_STR_MAX];
d62a17ae 4311 int ret;
4312
4313 if (!nbr || !nbr->oi || !nbr->oi->ifp)
4314 return;
4315
89a48046 4316 snprintf(ping_nbr, sizeof(ping_nbr),
996c9314
LB		 4317 "ping -c 1 -I %s %s > /dev/null 2>&1 &", nbr->oi->ifp->name,
4318 inet_ntoa(nbr->address.u.prefix4));
89a48046 4319
d62a17ae 4320 ret = system(ping_nbr);
4321 if (IS_DEBUG_OSPF_EVENT)
4322 zlog_debug("Executed %s %s", ping_nbr,
4323 ((ret == 0) ? "successfully" : "but failed"));
8b6912c2 4324}
FRRouting mirror