]> git.proxmox.com Git - mirror_frr.git/blame - ospfd/ospf_packet.c
projects / mirror_frr.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
ospfd: Grace LSA processing
[mirror_frr.git] / ospfd / ospf_packet.c
CommitLineData
718e3744 1/*
2 * OSPF Sending and Receiving OSPF Packets.
3 * Copyright (C) 1999, 2000 Toshiaki Takada
4 *
5 * This file is part of GNU Zebra.
6 *
7 * GNU Zebra is free software; you can redistribute it and/or modify it
8 * under the terms of the GNU General Public License as published by the
9 * Free Software Foundation; either version 2, or (at your option) any
10 * later version.
11 *
12 * GNU Zebra is distributed in the hope that it will be useful, but
13 * WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15 * General Public License for more details.
16 *
896014f4
DL		 17 * You should have received a copy of the GNU General Public License along
18 * with this program; see the file COPYING; if not, write to the Free Software
19 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
718e3744 20 */
21
22#include <zebra.h>
23
cbf3e3eb 24#include "monotime.h"
718e3744 25#include "thread.h"
26#include "memory.h"
27#include "linklist.h"
28#include "prefix.h"
29#include "if.h"
30#include "table.h"
31#include "sockunion.h"
32#include "stream.h"
33#include "log.h"
2dd8bb4e 34#include "sockopt.h"
484315fd 35#include "checksum.h"
0513a271 36#ifdef CRYPTO_INTERNAL
c1a03d47 37#include "md5.h"
0513a271 38#endif
7e2b7603 39#include "vrf.h"
c9cc11f6 40#include "lib_errors.h"
718e3744 41
42#include "ospfd/ospfd.h"
43#include "ospfd/ospf_network.h"
44#include "ospfd/ospf_interface.h"
45#include "ospfd/ospf_ism.h"
46#include "ospfd/ospf_asbr.h"
47#include "ospfd/ospf_lsa.h"
48#include "ospfd/ospf_lsdb.h"
49#include "ospfd/ospf_neighbor.h"
50#include "ospfd/ospf_nsm.h"
51#include "ospfd/ospf_packet.h"
52#include "ospfd/ospf_spf.h"
53#include "ospfd/ospf_flood.h"
54#include "ospfd/ospf_dump.h"
c9cc11f6 55#include "ospfd/ospf_errors.h"
aa530b62 56#include "ospfd/ospf_zebra.h"
718e3744 57
166b75c2
DS		 58/*
59 * OSPF Fragmentation / fragmented writes
60 *
61 * ospfd can support writing fragmented packets, for cases where
62 * kernel will not fragment IP_HDRINCL and/or multicast destined
63 * packets (ie TTBOMK all kernels, BSD, SunOS, Linux). However,
64 * SunOS, probably BSD too, clobber the user supplied IP ID and IP
65 * flags fields, hence user-space fragmentation will not work.
66 * Only Linux is known to leave IP header unmolested.
67 * Further, fragmentation really should be done the kernel, which already
68 * supports it, and which avoids nasty IP ID state problems.
69 *
70 * Fragmentation of OSPF packets can be required on networks with router
71 * with many many interfaces active in one area, or on networks with links
72 * with low MTUs.
73 */
74#ifdef GNU_LINUX
75#define WANT_OSPF_WRITE_FRAGMENT
76#endif
77
718e3744 78/* Packet Type String. */
d62a17ae 79const struct message ospf_packet_type_str[] = {
80 {OSPF_MSG_HELLO, "Hello"},
81 {OSPF_MSG_DB_DESC, "Database Description"},
82 {OSPF_MSG_LS_REQ, "Link State Request"},
83 {OSPF_MSG_LS_UPD, "Link State Update"},
84 {OSPF_MSG_LS_ACK, "Link State Acknowledgment"},
85 {0}};
718e3744 86
75c8eabb
DO		 87/* Minimum (besides OSPF_HEADER_SIZE) lengths for OSPF packets of
88 particular types, offset is the "type" field of a packet. */
d7c0a89a 89static const uint16_t ospf_packet_minlen[] = {
d62a17ae 90 0,
91 OSPF_HELLO_MIN_SIZE,
92 OSPF_DB_DESC_MIN_SIZE,
93 OSPF_LS_REQ_MIN_SIZE,
94 OSPF_LS_UPD_MIN_SIZE,
95 OSPF_LS_ACK_MIN_SIZE,
75c8eabb
DO		 96};
97
4e31de79
DO		 98/* Minimum (besides OSPF_LSA_HEADER_SIZE) lengths for LSAs of particular
99 types, offset is the "LSA type" field. */
d7c0a89a 100static const uint16_t ospf_lsa_minlen[] = {
d62a17ae 101 0,
102 OSPF_ROUTER_LSA_MIN_SIZE,
103 OSPF_NETWORK_LSA_MIN_SIZE,
104 OSPF_SUMMARY_LSA_MIN_SIZE,
105 OSPF_SUMMARY_LSA_MIN_SIZE,
106 OSPF_AS_EXTERNAL_LSA_MIN_SIZE,
107 0,
108 OSPF_AS_EXTERNAL_LSA_MIN_SIZE,
109 0,
110 0,
111 0,
112 0,
4e31de79
DO		 113};
114
bd5651f0 115/* for ospf_check_auth() */
d62a17ae 116static int ospf_check_sum(struct ospf_header *);
bd5651f0 117
718e3744 118/* OSPF authentication checking function */
d62a17ae 119static int ospf_auth_type(struct ospf_interface *oi)
718e3744 120{
d62a17ae 121 int auth_type;
718e3744 122
d62a17ae 123 if (OSPF_IF_PARAM(oi, auth_type) == OSPF_AUTH_NOTSET)
124 auth_type = oi->area->auth_type;
125 else
126 auth_type = OSPF_IF_PARAM(oi, auth_type);
718e3744 127
d62a17ae 128 /* Handle case where MD5 key list is not configured aka Cisco */
129 if (auth_type == OSPF_AUTH_CRYPTOGRAPHIC
130 && list_isempty(OSPF_IF_PARAM(oi, auth_crypt)))
131 return OSPF_AUTH_NULL;
718e3744 132
d62a17ae 133 return auth_type;
718e3744 134}
135
7cec50a5 136static struct ospf_packet *ospf_packet_new(size_t size)
718e3744 137{
d62a17ae 138 struct ospf_packet *new;
718e3744 139
d62a17ae 140 new = XCALLOC(MTYPE_OSPF_PACKET, sizeof(struct ospf_packet));
141 new->s = stream_new(size);
718e3744 142
d62a17ae 143 return new;
718e3744 144}
145
d62a17ae 146void ospf_packet_free(struct ospf_packet *op)
718e3744 147{
d62a17ae 148 if (op->s)
149 stream_free(op->s);
718e3744 150
d62a17ae 151 XFREE(MTYPE_OSPF_PACKET, op);
718e3744 152}
153
4d762f26 154struct ospf_fifo *ospf_fifo_new(void)
718e3744 155{
d62a17ae 156 struct ospf_fifo *new;
718e3744 157
d62a17ae 158 new = XCALLOC(MTYPE_OSPF_FIFO, sizeof(struct ospf_fifo));
159 return new;
718e3744 160}
161
162/* Add new packet to fifo. */
d62a17ae 163void ospf_fifo_push(struct ospf_fifo *fifo, struct ospf_packet *op)
718e3744 164{
d62a17ae 165 if (fifo->tail)
166 fifo->tail->next = op;
167 else
168 fifo->head = op;
718e3744 169
d62a17ae 170 fifo->tail = op;
718e3744 171
d62a17ae 172 fifo->count++;
718e3744 173}
174
aa276fd7 175/* Add new packet to head of fifo. */
d62a17ae 176static void ospf_fifo_push_head(struct ospf_fifo *fifo, struct ospf_packet *op)
aa276fd7 177{
d62a17ae 178 op->next = fifo->head;
179
180 if (fifo->tail == NULL)
181 fifo->tail = op;
182
183 fifo->head = op;
184
185 fifo->count++;
aa276fd7
PJ		 186}
187
718e3744 188/* Delete first packet from fifo. */
d62a17ae 189struct ospf_packet *ospf_fifo_pop(struct ospf_fifo *fifo)
718e3744 190{
d62a17ae 191 struct ospf_packet *op;
718e3744 192
d62a17ae 193 op = fifo->head;
718e3744 194
d62a17ae 195 if (op) {
196 fifo->head = op->next;
718e3744 197
d62a17ae 198 if (fifo->head == NULL)
199 fifo->tail = NULL;
718e3744 200
d62a17ae 201 fifo->count--;
202 }
718e3744 203
d62a17ae 204 return op;
718e3744 205}
206
207/* Return first fifo entry. */
d62a17ae 208struct ospf_packet *ospf_fifo_head(struct ospf_fifo *fifo)
718e3744 209{
d62a17ae 210 return fifo->head;
718e3744 211}
212
213/* Flush ospf packet fifo. */
d62a17ae 214void ospf_fifo_flush(struct ospf_fifo *fifo)
718e3744 215{
d62a17ae 216 struct ospf_packet *op;
217 struct ospf_packet *next;
718e3744 218
d62a17ae 219 for (op = fifo->head; op; op = next) {
220 next = op->next;
221 ospf_packet_free(op);
222 }
223 fifo->head = fifo->tail = NULL;
224 fifo->count = 0;
718e3744 225}
226
227/* Free ospf packet fifo. */
d62a17ae 228void ospf_fifo_free(struct ospf_fifo *fifo)
718e3744 229{
d62a17ae 230 ospf_fifo_flush(fifo);
718e3744 231
d62a17ae 232 XFREE(MTYPE_OSPF_FIFO, fifo);
718e3744 233}
234
7cec50a5 235static void ospf_packet_add(struct ospf_interface *oi, struct ospf_packet *op)
718e3744 236{
d62a17ae 237 /* Add packet to end of queue. */
238 ospf_fifo_push(oi->obuf, op);
718e3744 239
d62a17ae 240 /* Debug of packet fifo*/
241 /* ospf_fifo_debug (oi->obuf); */
718e3744 242}
243
d62a17ae 244static void ospf_packet_add_top(struct ospf_interface *oi,
245 struct ospf_packet *op)
aa276fd7 246{
d62a17ae 247 /* Add packet to head of queue. */
248 ospf_fifo_push_head(oi->obuf, op);
aa276fd7 249
d62a17ae 250 /* Debug of packet fifo*/
251 /* ospf_fifo_debug (oi->obuf); */
aa276fd7
PJ		 252}
253
7cec50a5 254static void ospf_packet_delete(struct ospf_interface *oi)
718e3744 255{
d62a17ae 256 struct ospf_packet *op;
257
258 op = ospf_fifo_pop(oi->obuf);
718e3744 259
d62a17ae 260 if (op)
261 ospf_packet_free(op);
718e3744 262}
263
7cec50a5 264static struct ospf_packet *ospf_packet_dup(struct ospf_packet *op)
718e3744 265{
d62a17ae 266 struct ospf_packet *new;
718e3744 267
d62a17ae 268 if (stream_get_endp(op->s) != op->length)
269 /* XXX size_t */
c9cc11f6 270 zlog_debug(
d62a17ae 271 "ospf_packet_dup stream %lu ospf_packet %u size mismatch",
d7c0a89a 272 (unsigned long)STREAM_SIZE(op->s), op->length);
30961a15 273
d62a17ae 274 /* Reserve space for MD5 authentication that may be added later. */
275 new = ospf_packet_new(stream_get_endp(op->s) + OSPF_AUTH_MD5_SIZE);
276 stream_copy(new->s, op->s);
718e3744 277
d62a17ae 278 new->dst = op->dst;
279 new->length = op->length;
718e3744 280
d62a17ae 281 return new;
718e3744 282}
283
86f1fd96 284/* XXX inline */
d62a17ae 285static unsigned int ospf_packet_authspace(struct ospf_interface *oi)
86f1fd96 286{
d62a17ae 287 int auth = 0;
86f1fd96 288
d62a17ae 289 if (ospf_auth_type(oi) == OSPF_AUTH_CRYPTOGRAPHIC)
290 auth = OSPF_AUTH_MD5_SIZE;
86f1fd96 291
d62a17ae 292 return auth;
86f1fd96 293}
294
d62a17ae 295static unsigned int ospf_packet_max(struct ospf_interface *oi)
718e3744 296{
d62a17ae 297 int max;
718e3744 298
d62a17ae 299 max = oi->ifp->mtu - ospf_packet_authspace(oi);
86f1fd96 300
d62a17ae 301 max -= (OSPF_HEADER_SIZE + sizeof(struct ip));
718e3744 302
d62a17ae 303 return max;
718e3744 304}
305
6b0655a2 306
d62a17ae 307static int ospf_check_md5_digest(struct ospf_interface *oi,
308 struct ospf_header *ospfh)
718e3744 309{
0513a271
MR		 310#ifdef CRYPTO_OPENSSL
311 EVP_MD_CTX *ctx;
312#elif CRYPTO_INTERNAL
d62a17ae 313 MD5_CTX ctx;
0513a271 314#endif
d62a17ae 315 unsigned char digest[OSPF_AUTH_MD5_SIZE];
316 struct crypt_key *ck;
317 struct ospf_neighbor *nbr;
d7c0a89a 318 uint16_t length = ntohs(ospfh->length);
d62a17ae 319
320 /* Get secret key. */
321 ck = ospf_crypt_key_lookup(OSPF_IF_PARAM(oi, auth_crypt),
322 ospfh->u.crypt.key_id);
323 if (ck == NULL) {
1c50c1c0
QY		 324 flog_warn(EC_OSPF_MD5, "interface %s: ospf_check_md5 no key %d",
325 IF_NAME(oi), ospfh->u.crypt.key_id);
d62a17ae 326 return 0;
327 }
718e3744 328
d62a17ae 329 /* check crypto seqnum. */
330 nbr = ospf_nbr_lookup_by_routerid(oi->nbrs, &ospfh->router_id);
718e3744 331
d62a17ae 332 if (nbr
333 && ntohl(nbr->crypt_seqnum) > ntohl(ospfh->u.crypt.crypt_seqnum)) {
c9cc11f6 334 flog_warn(
cf444bcf 335 EC_OSPF_MD5,
d62a17ae 336 "interface %s: ospf_check_md5 bad sequence %d (expect %d)",
337 IF_NAME(oi), ntohl(ospfh->u.crypt.crypt_seqnum),
338 ntohl(nbr->crypt_seqnum));
339 return 0;
340 }
718e3744 341
d62a17ae 342 /* Generate a digest for the ospf packet - their digest + our digest. */
0513a271
MR		 343#ifdef CRYPTO_OPENSSL
344 unsigned int md5_size = OSPF_AUTH_MD5_SIZE;
345 ctx = EVP_MD_CTX_new();
346 EVP_DigestInit(ctx, EVP_md5());
347 EVP_DigestUpdate(ctx, ospfh, length);
348 EVP_DigestUpdate(ctx, ck->auth_key, OSPF_AUTH_MD5_SIZE);
349 EVP_DigestFinal(ctx, digest, &md5_size);
350 EVP_MD_CTX_free(ctx);
351#elif CRYPTO_INTERNAL
d62a17ae 352 memset(&ctx, 0, sizeof(ctx));
353 MD5Init(&ctx);
354 MD5Update(&ctx, ospfh, length);
355 MD5Update(&ctx, ck->auth_key, OSPF_AUTH_MD5_SIZE);
356 MD5Final(digest, &ctx);
0513a271 357#endif
d62a17ae 358
359 /* compare the two */
360 if (memcmp((caddr_t)ospfh + length, digest, OSPF_AUTH_MD5_SIZE)) {
cf444bcf 361 flog_warn(EC_OSPF_MD5,
c9cc11f6 362 "interface %s: ospf_check_md5 checksum mismatch",
d62a17ae 363 IF_NAME(oi));
364 return 0;
365 }
718e3744 366
d62a17ae 367 /* save neighbor's crypt_seqnum */
368 if (nbr)
369 nbr->crypt_seqnum = ospfh->u.crypt.crypt_seqnum;
370 return 1;
718e3744 371}
372
373/* This function is called from ospf_write(), it will detect the
374 authentication scheme and if it is MD5, it will change the sequence
375 and update the MD5 digest. */
d62a17ae 376static int ospf_make_md5_digest(struct ospf_interface *oi,
377 struct ospf_packet *op)
378{
379 struct ospf_header *ospfh;
380 unsigned char digest[OSPF_AUTH_MD5_SIZE] = {0};
0513a271
MR		 381#ifdef CRYPTO_OPENSSL
382 EVP_MD_CTX *ctx;
383#elif CRYPTO_INTERNAL
d62a17ae 384 MD5_CTX ctx;
0513a271 385#endif
d62a17ae 386 void *ibuf;
d7c0a89a 387 uint32_t t;
d62a17ae 388 struct crypt_key *ck;
d7c0a89a 389 const uint8_t *auth_key;
d62a17ae 390
391 ibuf = STREAM_DATA(op->s);
392 ospfh = (struct ospf_header *)ibuf;
393
394 if (ntohs(ospfh->auth_type) != OSPF_AUTH_CRYPTOGRAPHIC)
395 return 0;
396
397 /* We do this here so when we dup a packet, we don't have to
398 waste CPU rewriting other headers.
399
400 Note that quagga_time /deliberately/ is not used here */
401 t = (time(NULL) & 0xFFFFFFFF);
402 if (t > oi->crypt_seqnum)
403 oi->crypt_seqnum = t;
404 else
405 oi->crypt_seqnum++;
406
407 ospfh->u.crypt.crypt_seqnum = htonl(oi->crypt_seqnum);
408
409 /* Get MD5 Authentication key from auth_key list. */
410 if (list_isempty(OSPF_IF_PARAM(oi, auth_crypt)))
d7c0a89a 411 auth_key = (const uint8_t *)digest;
d62a17ae 412 else {
413 ck = listgetdata(listtail(OSPF_IF_PARAM(oi, auth_crypt)));
414 auth_key = ck->auth_key;
415 }
718e3744 416
d62a17ae 417 /* Generate a digest for the entire packet + our secret key. */
0513a271
MR		 418#ifdef CRYPTO_OPENSSL
419 unsigned int md5_size = OSPF_AUTH_MD5_SIZE;
420 ctx = EVP_MD_CTX_new();
421 EVP_DigestInit(ctx, EVP_md5());
422 EVP_DigestUpdate(ctx, ibuf, ntohs(ospfh->length));
423 EVP_DigestUpdate(ctx, auth_key, OSPF_AUTH_MD5_SIZE);
424 EVP_DigestFinal(ctx, digest, &md5_size);
425 EVP_MD_CTX_free(ctx);
426#elif CRYPTO_INTERNAL
d62a17ae 427 memset(&ctx, 0, sizeof(ctx));
428 MD5Init(&ctx);
429 MD5Update(&ctx, ibuf, ntohs(ospfh->length));
430 MD5Update(&ctx, auth_key, OSPF_AUTH_MD5_SIZE);
431 MD5Final(digest, &ctx);
0513a271 432#endif
718e3744 433
d62a17ae 434 /* Append md5 digest to the end of the stream. */
435 stream_put(op->s, digest, OSPF_AUTH_MD5_SIZE);
718e3744 436
d62a17ae 437 /* We do *NOT* increment the OSPF header length. */
438 op->length = ntohs(ospfh->length) + OSPF_AUTH_MD5_SIZE;
30961a15 439
d62a17ae 440 if (stream_get_endp(op->s) != op->length)
441 /* XXX size_t */
c9cc11f6 442 flog_warn(
cf444bcf 443 EC_OSPF_MD5,
d62a17ae 444 "ospf_make_md5_digest: length mismatch stream %lu ospf_packet %u",
d7c0a89a 445 (unsigned long)stream_get_endp(op->s), op->length);
718e3744 446
d62a17ae 447 return OSPF_AUTH_MD5_SIZE;
718e3744 448}
449
6b0655a2 450
d62a17ae 451static int ospf_ls_req_timer(struct thread *thread)
718e3744 452{
d62a17ae 453 struct ospf_neighbor *nbr;
718e3744 454
d62a17ae 455 nbr = THREAD_ARG(thread);
456 nbr->t_ls_req = NULL;
718e3744 457
d62a17ae 458 /* Send Link State Request. */
459 if (ospf_ls_request_count(nbr))
460 ospf_ls_req_send(nbr);
718e3744 461
d62a17ae 462 /* Set Link State Request retransmission timer. */
463 OSPF_NSM_TIMER_ON(nbr->t_ls_req, ospf_ls_req_timer, nbr->v_ls_req);
718e3744 464
d62a17ae 465 return 0;
718e3744 466}
467
d62a17ae 468void ospf_ls_req_event(struct ospf_neighbor *nbr)
718e3744 469{
d62a17ae 470 if (nbr->t_ls_req) {
471 thread_cancel(nbr->t_ls_req);
472 nbr->t_ls_req = NULL;
473 }
474 nbr->t_ls_req = NULL;
475 thread_add_event(master, ospf_ls_req_timer, nbr, 0, &nbr->t_ls_req);
718e3744 476}
477
478/* Cyclic timer function. Fist registered in ospf_nbr_new () in
479 ospf_neighbor.c */
d62a17ae 480int ospf_ls_upd_timer(struct thread *thread)
481{
482 struct ospf_neighbor *nbr;
483
484 nbr = THREAD_ARG(thread);
485 nbr->t_ls_upd = NULL;
486
487 /* Send Link State Update. */
488 if (ospf_ls_retransmit_count(nbr) > 0) {
489 struct list *update;
490 struct ospf_lsdb *lsdb;
491 int i;
492 int retransmit_interval;
493
494 retransmit_interval =
495 OSPF_IF_PARAM(nbr->oi, retransmit_interval);
496
497 lsdb = &nbr->ls_rxmt;
498 update = list_new();
499
500 for (i = OSPF_MIN_LSA; i < OSPF_MAX_LSA; i++) {
501 struct route_table *table = lsdb->type[i].db;
502 struct route_node *rn;
503
504 for (rn = route_top(table); rn; rn = route_next(rn)) {
505 struct ospf_lsa *lsa;
506
507 if ((lsa = rn->info) != NULL) {
508 /* Don't retransmit an LSA if we
509 received it within
510 the last RxmtInterval seconds - this
511 is to allow the
512 neighbour a chance to acknowledge the
513 LSA as it may
514 have ben just received before the
515 retransmit timer
516 fired. This is a small tweak to what
517 is in the RFC,
518 but it will cut out out a lot of
519 retransmit traffic
520 - MAG */
521 if (monotime_since(&lsa->tv_recv, NULL)
522 >= retransmit_interval * 1000000LL)
523 listnode_add(update, rn->info);
524 }
525 }
526 }
718e3744 527
d62a17ae 528 if (listcount(update) > 0)
996c9314
LB		 529 ospf_ls_upd_send(nbr, update, OSPF_SEND_PACKET_DIRECT,
530 0);
6a154c88 531 list_delete(&update);
718e3744 532 }
533
d62a17ae 534 /* Set LS Update retransmission timer. */
535 OSPF_NSM_TIMER_ON(nbr->t_ls_upd, ospf_ls_upd_timer, nbr->v_ls_upd);
718e3744 536
d62a17ae 537 return 0;
718e3744 538}
539
d62a17ae 540int ospf_ls_ack_timer(struct thread *thread)
718e3744 541{
d62a17ae 542 struct ospf_interface *oi;
718e3744 543
d62a17ae 544 oi = THREAD_ARG(thread);
545 oi->t_ls_ack = NULL;
718e3744 546
d62a17ae 547 /* Send Link State Acknowledgment. */
548 if (listcount(oi->ls_ack) > 0)
549 ospf_ls_ack_send_delayed(oi);
718e3744 550
d62a17ae 551 /* Set LS Ack timer. */
552 OSPF_ISM_TIMER_ON(oi->t_ls_ack, ospf_ls_ack_timer, oi->v_ls_ack);
718e3744 553
d62a17ae 554 return 0;
718e3744 555}
556
0bfeca3f 557#ifdef WANT_OSPF_WRITE_FRAGMENT
d62a17ae 558static void ospf_write_frags(int fd, struct ospf_packet *op, struct ip *iph,
559 struct msghdr *msg, unsigned int maxdatasize,
d7c0a89a 560 unsigned int mtu, int flags, uint8_t type)
0bfeca3f 561{
562#define OSPF_WRITE_FRAG_SHIFT 3
d7c0a89a 563 uint16_t offset;
d62a17ae 564 struct iovec *iovp;
565 int ret;
566
567 assert(op->length == stream_get_endp(op->s));
568 assert(msg->msg_iovlen == 2);
569
570 /* we can but try.
571 *
572 * SunOS, BSD and BSD derived kernels likely will clear ip_id, as
573 * well as the IP_MF flag, making this all quite pointless.
574 *
575 * However, for a system on which IP_MF is left alone, and ip_id left
576 * alone or else which sets same ip_id for each fragment this might
577 * work, eg linux.
578 *
579 * XXX-TODO: It would be much nicer to have the kernel's use their
580 * existing fragmentation support to do this for us. Bugs/RFEs need to
581 * be raised against the various kernels.
582 */
583
584 /* set More Frag */
585 iph->ip_off |= IP_MF;
586
587 /* ip frag offset is expressed in units of 8byte words */
588 offset = maxdatasize >> OSPF_WRITE_FRAG_SHIFT;
589
590 iovp = &msg->msg_iov[1];
591
592 while ((stream_get_endp(op->s) - stream_get_getp(op->s))
593 > maxdatasize) {
594 /* data length of this frag is to next offset value */
595 iovp->iov_len = offset << OSPF_WRITE_FRAG_SHIFT;
596 iph->ip_len = iovp->iov_len + sizeof(struct ip);
597 assert(iph->ip_len <= mtu);
598
599 sockopt_iphdrincl_swab_htosys(iph);
600
601 ret = sendmsg(fd, msg, flags);
602
603 sockopt_iphdrincl_swab_systoh(iph);
604
605 if (ret < 0)
c9cc11f6 606 flog_err(
450971aa 607 EC_LIB_SOCKET,
3efd0893 608 "*** ospf_write_frags: sendmsg failed to %s, id %d, off %d, len %d, mtu %u failed with %s",
d62a17ae 609 inet_ntoa(iph->ip_dst), iph->ip_id, iph->ip_off,
610 iph->ip_len, mtu, safe_strerror(errno));
611
612 if (IS_DEBUG_OSPF_PACKET(type - 1, SEND)) {
613 zlog_debug(
63efca0e 614 "ospf_write_frags: sent id %d, off %d, len %d to %s",
d62a17ae 615 iph->ip_id, iph->ip_off, iph->ip_len,
616 inet_ntoa(iph->ip_dst));
d62a17ae 617 }
618
619 iph->ip_off += offset;
620 stream_forward_getp(op->s, iovp->iov_len);
2d34fb80 621 iovp->iov_base = stream_pnt(op->s);
d62a17ae 622 }
623
624 /* setup for final fragment */
625 iovp->iov_len = stream_get_endp(op->s) - stream_get_getp(op->s);
626 iph->ip_len = iovp->iov_len + sizeof(struct ip);
627 iph->ip_off &= (~IP_MF);
0bfeca3f 628}
629#endif /* WANT_OSPF_WRITE_FRAGMENT */
630
d62a17ae 631static int ospf_write(struct thread *thread)
632{
633 struct ospf *ospf = THREAD_ARG(thread);
634 struct ospf_interface *oi;
635 struct ospf_interface *last_serviced_oi = NULL;
636 struct ospf_packet *op;
637 struct sockaddr_in sa_dst;
638 struct ip iph;
639 struct msghdr msg;
640 struct iovec iov[2];
d7c0a89a 641 uint8_t type;
d62a17ae 642 int ret;
643 int flags = 0;
644 struct listnode *node;
0bfeca3f 645#ifdef WANT_OSPF_WRITE_FRAGMENT
d7c0a89a
QY		 646 static uint16_t ipid = 0;
647 uint16_t maxdatasize;
9d303b37 648#endif /* WANT_OSPF_WRITE_FRAGMENT */
68b7339a 649#define OSPF_WRITE_IPHL_SHIFT 2
d62a17ae 650 int pkt_count = 0;
e1b18df1
CS		 651
652#ifdef GNU_LINUX
3e300703 653 unsigned char cmsgbuf[64] = {};
e7503eab
CS		 654 struct cmsghdr *cm = (struct cmsghdr *)cmsgbuf;
655 struct in_pktinfo *pi;
e1b18df1 656#endif
d62a17ae 657
c32eba04
CS		 658 if (ospf->fd < 0 || ospf->oi_running == 0) {
659 if (IS_DEBUG_OSPF_EVENT)
660 zlog_debug(
661 "ospf_write failed to send, fd %d, instance %u"
662 ,ospf->fd, ospf->oi_running);
663 return -1;
664 }
665
d62a17ae 666 node = listhead(ospf->oi_write_q);
667 assert(node);
668 oi = listgetdata(node);
0bfeca3f 669
670#ifdef WANT_OSPF_WRITE_FRAGMENT
d62a17ae 671 /* seed ipid static with low order bits of time */
672 if (ipid == 0)
673 ipid = (time(NULL) & 0xffff);
0bfeca3f 674#endif /* WANT_OSPF_WRITE_FRAGMENT */
675
d62a17ae 676 while ((pkt_count < ospf->write_oi_count) && oi
677 && (last_serviced_oi != oi)) {
678 /* If there is only packet in the queue, the oi is removed from
679 write-q, so fix up the last interface that was serviced */
680 if (last_serviced_oi == NULL) {
681 last_serviced_oi = oi;
682 }
683 pkt_count++;
233cc0fb 684#ifdef WANT_OSPF_WRITE_FRAGMENT
d62a17ae 685 /* convenience - max OSPF data per packet */
686 maxdatasize = oi->ifp->mtu - sizeof(struct ip);
233cc0fb 687#endif /* WANT_OSPF_WRITE_FRAGMENT */
d62a17ae 688 /* Get one packet from queue. */
689 op = ospf_fifo_head(oi->obuf);
690 assert(op);
691 assert(op->length >= OSPF_HEADER_SIZE);
692
693 if (op->dst.s_addr == htonl(OSPF_ALLSPFROUTERS)
694 || op->dst.s_addr == htonl(OSPF_ALLDROUTERS))
695 ospf_if_ipmulticast(ospf, oi->address,
696 oi->ifp->ifindex);
697
698 /* Rewrite the md5 signature & update the seq */
699 ospf_make_md5_digest(oi, op);
700
701 /* Retrieve OSPF packet type. */
702 stream_set_getp(op->s, 1);
703 type = stream_getc(op->s);
704
705 /* reset get pointer */
706 stream_set_getp(op->s, 0);
707
708 memset(&iph, 0, sizeof(struct ip));
709 memset(&sa_dst, 0, sizeof(sa_dst));
710
711 sa_dst.sin_family = AF_INET;
6f0e3f6e 712#ifdef HAVE_STRUCT_SOCKADDR_IN_SIN_LEN
d62a17ae 713 sa_dst.sin_len = sizeof(sa_dst);
6f0e3f6e 714#endif /* HAVE_STRUCT_SOCKADDR_IN_SIN_LEN */
d62a17ae 715 sa_dst.sin_addr = op->dst;
716 sa_dst.sin_port = htons(0);
717
718 /* Set DONTROUTE flag if dst is unicast. */
719 if (oi->type != OSPF_IFTYPE_VIRTUALLINK)
720 if (!IN_MULTICAST(htonl(op->dst.s_addr)))
721 flags = MSG_DONTROUTE;
722
723 iph.ip_hl = sizeof(struct ip) >> OSPF_WRITE_IPHL_SHIFT;
724 /* it'd be very strange for header to not be 4byte-word aligned
725 * but.. */
726 if (sizeof(struct ip)
727 > (unsigned int)(iph.ip_hl << OSPF_WRITE_IPHL_SHIFT))
0d6f7fd6 728 iph.ip_hl++; /* we presume sizeof(struct ip) cant
d62a17ae 729 overflow ip_hl.. */
730
731 iph.ip_v = IPVERSION;
732 iph.ip_tos = IPTOS_PREC_INTERNETCONTROL;
733 iph.ip_len = (iph.ip_hl << OSPF_WRITE_IPHL_SHIFT) + op->length;
68b7339a 734
0150c9c9 735#if defined(__DragonFly__)
d62a17ae 736 /*
737 * DragonFly's raw socket expects ip_len/ip_off in network byte
738 * order.
739 */
740 iph.ip_len = htons(iph.ip_len);
0150c9c9
DB		 741#endif
742
0bfeca3f 743#ifdef WANT_OSPF_WRITE_FRAGMENT
d62a17ae 744 /* XXX-MT: not thread-safe at all..
745 * XXX: this presumes this is only programme sending OSPF
746 * packets
747 * otherwise, no guarantee ipid will be unique
748 */
749 iph.ip_id = ++ipid;
0bfeca3f 750#endif /* WANT_OSPF_WRITE_FRAGMENT */
751
d62a17ae 752 iph.ip_off = 0;
753 if (oi->type == OSPF_IFTYPE_VIRTUALLINK)
754 iph.ip_ttl = OSPF_VL_IP_TTL;
755 else
756 iph.ip_ttl = OSPF_IP_TTL;
757 iph.ip_p = IPPROTO_OSPFIGP;
758 iph.ip_sum = 0;
759 iph.ip_src.s_addr = oi->address->u.prefix4.s_addr;
760 iph.ip_dst.s_addr = op->dst.s_addr;
761
762 memset(&msg, 0, sizeof(msg));
763 msg.msg_name = (caddr_t)&sa_dst;
764 msg.msg_namelen = sizeof(sa_dst);
765 msg.msg_iov = iov;
766 msg.msg_iovlen = 2;
e7503eab 767
d62a17ae 768 iov[0].iov_base = (char *)&iph;
769 iov[0].iov_len = iph.ip_hl << OSPF_WRITE_IPHL_SHIFT;
2d34fb80 770 iov[1].iov_base = stream_pnt(op->s);
d62a17ae 771 iov[1].iov_len = op->length;
772
e1b18df1
CS		 773#ifdef GNU_LINUX
774 msg.msg_control = (caddr_t)cm;
e7503eab
CS		 775 cm->cmsg_level = SOL_IP;
776 cm->cmsg_type = IP_PKTINFO;
777 cm->cmsg_len = CMSG_LEN(sizeof(struct in_pktinfo));
778 pi = (struct in_pktinfo *)CMSG_DATA(cm);
779 pi->ipi_ifindex = oi->ifp->ifindex;
780
781 msg.msg_controllen = cm->cmsg_len;
e1b18df1 782#endif
e7503eab 783
996c9314
LB		 784/* Sadly we can not rely on kernels to fragment packets
785 * because of either IP_HDRINCL and/or multicast
786 * destination being set.
787 */
e7503eab 788
0bfeca3f 789#ifdef WANT_OSPF_WRITE_FRAGMENT
d62a17ae 790 if (op->length > maxdatasize)
791 ospf_write_frags(ospf->fd, op, &iph, &msg, maxdatasize,
792 oi->ifp->mtu, flags, type);
0bfeca3f 793#endif /* WANT_OSPF_WRITE_FRAGMENT */
718e3744 794
d62a17ae 795 /* send final fragment (could be first) */
796 sockopt_iphdrincl_swab_htosys(&iph);
797 ret = sendmsg(ospf->fd, &msg, flags);
798 sockopt_iphdrincl_swab_systoh(&iph);
799 if (IS_DEBUG_OSPF_EVENT)
800 zlog_debug(
3efd0893 801 "ospf_write to %s, id %d, off %d, len %d, interface %s, mtu %u:",
d62a17ae 802 inet_ntoa(iph.ip_dst), iph.ip_id, iph.ip_off,
803 iph.ip_len, oi->ifp->name, oi->ifp->mtu);
804
805 if (ret < 0)
c9cc11f6 806 flog_err(
450971aa 807 EC_LIB_SOCKET,
3efd0893 808 "*** sendmsg in ospf_write failed to %s, id %d, off %d, len %d, interface %s, mtu %u: %s",
d62a17ae 809 inet_ntoa(iph.ip_dst), iph.ip_id, iph.ip_off,
810 iph.ip_len, oi->ifp->name, oi->ifp->mtu,
811 safe_strerror(errno));
812
813 /* Show debug sending packet. */
814 if (IS_DEBUG_OSPF_PACKET(type - 1, SEND)) {
815 if (IS_DEBUG_OSPF_PACKET(type - 1, DETAIL)) {
816 zlog_debug(
817 "-----------------------------------------------------");
d62a17ae 818 stream_set_getp(op->s, 0);
819 ospf_packet_dump(op->s);
820 }
821
822 zlog_debug("%s sent to [%s] via [%s].",
823 lookup_msg(ospf_packet_type_str, type, NULL),
824 inet_ntoa(op->dst), IF_NAME(oi));
825
826 if (IS_DEBUG_OSPF_PACKET(type - 1, DETAIL))
827 zlog_debug(
828 "-----------------------------------------------------");
829 }
830
c9339663 831 switch (type) {
996c9314
LB		 832 case OSPF_MSG_HELLO:
833 oi->hello_out++;
834 break;
835 case OSPF_MSG_DB_DESC:
836 oi->db_desc_out++;
837 break;
838 case OSPF_MSG_LS_REQ:
839 oi->ls_req_out++;
840 break;
841 case OSPF_MSG_LS_UPD:
842 oi->ls_upd_out++;
843 break;
844 case OSPF_MSG_LS_ACK:
845 oi->ls_ack_out++;
846 break;
847 default:
848 break;
c9339663
CS		 849 }
850
d62a17ae 851 /* Now delete packet from queue. */
852 ospf_packet_delete(oi);
853
854 /* Move this interface to the tail of write_q to
855 serve everyone in a round robin fashion */
856 list_delete_node(ospf->oi_write_q, node);
857 if (ospf_fifo_head(oi->obuf) == NULL) {
858 oi->on_write_q = 0;
859 last_serviced_oi = NULL;
860 oi = NULL;
861 } else {
862 listnode_add(ospf->oi_write_q, oi);
e8f45e82 863 }
d62a17ae 864
865 /* Setup to service from the head of the queue again */
866 if (!list_isempty(ospf->oi_write_q)) {
867 node = listhead(ospf->oi_write_q);
d62a17ae 868 oi = listgetdata(node);
d62a17ae 869 }
870 }
871
872 /* If packets still remain in queue, call write thread. */
4bb420ab 873 if (!list_isempty(ospf->oi_write_q))
d62a17ae 874 thread_add_write(master, ospf_write, ospf, ospf->fd,
875 &ospf->t_write);
718e3744 876
d62a17ae 877 return 0;
718e3744 878}
879
880/* OSPF Hello message read -- RFC2328 Section 10.5. */
d62a17ae 881static void ospf_hello(struct ip *iph, struct ospf_header *ospfh,
882 struct stream *s, struct ospf_interface *oi, int size)
883{
884 struct ospf_hello *hello;
885 struct ospf_neighbor *nbr;
886 int old_state;
887 struct prefix p;
888
889 /* increment statistics. */
890 oi->hello_in++;
891
2d34fb80 892 hello = (struct ospf_hello *)stream_pnt(s);
d62a17ae 893
894 /* If Hello is myself, silently discard. */
895 if (IPV4_ADDR_SAME(&ospfh->router_id, &oi->ospf->router_id)) {
896 if (IS_DEBUG_OSPF_PACKET(ospfh->type - 1, RECV)) {
897 zlog_debug(
3efd0893 898 "ospf_header[%s/%s]: selforiginated, dropping.",
d62a17ae 899 lookup_msg(ospf_packet_type_str, ospfh->type,
900 NULL),
901 inet_ntoa(iph->ip_src));
902 }
903 return;
904 }
905
906 /* get neighbor prefix. */
907 p.family = AF_INET;
908 p.prefixlen = ip_masklen(hello->network_mask);
909 p.u.prefix4 = iph->ip_src;
910
911 /* Compare network mask. */
912 /* Checking is ignored for Point-to-Point and Virtual link. */
913 if (oi->type != OSPF_IFTYPE_POINTOPOINT
914 && oi->type != OSPF_IFTYPE_VIRTUALLINK)
915 if (oi->address->prefixlen != p.prefixlen) {
c9cc11f6 916 flog_warn(
cf444bcf 917 EC_OSPF_PACKET,
d62a17ae 918 "Packet %s [Hello:RECV]: NetworkMask mismatch on %s (configured prefix length is %d, but hello packet indicates %d).",
919 inet_ntoa(ospfh->router_id), IF_NAME(oi),
920 (int)oi->address->prefixlen, (int)p.prefixlen);
921 return;
922 }
923
924 /* Compare Router Dead Interval. */
925 if (OSPF_IF_PARAM(oi, v_wait) != ntohl(hello->dead_interval)) {
cf444bcf 926 flog_warn(EC_OSPF_PACKET,
3efd0893 927 "Packet %s [Hello:RECV]: RouterDeadInterval mismatch (expected %u, but received %u).",
c9cc11f6
DS		 928 inet_ntoa(ospfh->router_id),
929 OSPF_IF_PARAM(oi, v_wait),
930 ntohl(hello->dead_interval));
d62a17ae 931 return;
932 }
933
934 /* Compare Hello Interval - ignored if fast-hellos are set. */
935 if (OSPF_IF_PARAM(oi, fast_hello) == 0) {
936 if (OSPF_IF_PARAM(oi, v_hello)
937 != ntohs(hello->hello_interval)) {
c9cc11f6 938 flog_warn(
cf444bcf 939 EC_OSPF_PACKET,
3efd0893 940 "Packet %s [Hello:RECV]: HelloInterval mismatch (expected %u, but received %u).",
d62a17ae 941 inet_ntoa(ospfh->router_id),
942 OSPF_IF_PARAM(oi, v_hello),
943 ntohs(hello->hello_interval));
944 return;
945 }
946 }
947
948 if (IS_DEBUG_OSPF_EVENT)
b5a8894d 949 zlog_debug("Packet %s [Hello:RECV]: Options %s vrf %s",
d62a17ae 950 inet_ntoa(ospfh->router_id),
b5a8894d
CS		 951 ospf_options_dump(hello->options),
952 ospf_vrf_id_to_name(oi->ospf->vrf_id));
d62a17ae 953
954/* Compare options. */
718e3744 955#define REJECT_IF_TBIT_ON 1 /* XXX */
956#ifdef REJECT_IF_TBIT_ON
d62a17ae 957 if (CHECK_FLAG(hello->options, OSPF_OPTION_MT)) {
958 /*
959 * This router does not support non-zero TOS.
960 * Drop this Hello packet not to establish neighbor
961 * relationship.
962 */
cf444bcf 963 flog_warn(EC_OSPF_PACKET,
c9cc11f6 964 "Packet %s [Hello:RECV]: T-bit on, drop it.",
d62a17ae 965 inet_ntoa(ospfh->router_id));
966 return;
967 }
718e3744 968#endif /* REJECT_IF_TBIT_ON */
969
d62a17ae 970 if (CHECK_FLAG(oi->ospf->config, OSPF_OPAQUE_CAPABLE)
971 && CHECK_FLAG(hello->options, OSPF_OPTION_O)) {
972 /*
973 * This router does know the correct usage of O-bit
974 * the bit should be set in DD packet only.
975 */
cf444bcf 976 flog_warn(EC_OSPF_PACKET,
c9cc11f6 977 "Packet %s [Hello:RECV]: O-bit abuse?",
d62a17ae 978 inet_ntoa(ospfh->router_id));
718e3744 979#ifdef STRICT_OBIT_USAGE_CHECK
d62a17ae 980 return; /* Reject this packet. */
981#else /* STRICT_OBIT_USAGE_CHECK */
982 UNSET_FLAG(hello->options, OSPF_OPTION_O); /* Ignore O-bit. */
983#endif /* STRICT_OBIT_USAGE_CHECK */
984 }
718e3744 985
d62a17ae 986 /* new for NSSA is to ensure that NP is on and E is off */
987
988 if (oi->area->external_routing == OSPF_AREA_NSSA) {
989 if (!(CHECK_FLAG(OPTIONS(oi), OSPF_OPTION_NP)
990 && CHECK_FLAG(hello->options, OSPF_OPTION_NP)
991 && !CHECK_FLAG(OPTIONS(oi), OSPF_OPTION_E)
992 && !CHECK_FLAG(hello->options, OSPF_OPTION_E))) {
c9cc11f6 993 flog_warn(
cf444bcf 994 EC_OSPF_PACKET,
d62a17ae 995 "NSSA-Packet-%s[Hello:RECV]: my options: %x, his options %x",
996 inet_ntoa(ospfh->router_id), OPTIONS(oi),
997 hello->options);
998 return;
999 }
1000 if (IS_DEBUG_OSPF_NSSA)
1001 zlog_debug("NSSA-Hello:RECV:Packet from %s:",
1002 inet_ntoa(ospfh->router_id));
1003 } else
1004 /* The setting of the E-bit found in the Hello Packet's Options
1005 field must match this area's ExternalRoutingCapability A
1006 mismatch causes processing to stop and the packet to be
1007 dropped. The setting of the rest of the bits in the Hello
1008 Packet's Options field should be ignored. */
1009 if (CHECK_FLAG(OPTIONS(oi), OSPF_OPTION_E)
1010 != CHECK_FLAG(hello->options, OSPF_OPTION_E)) {
c9cc11f6 1011 flog_warn(
cf444bcf 1012 EC_OSPF_PACKET,
d62a17ae 1013 "Packet %s [Hello:RECV]: my options: %x, his options %x",
1014 inet_ntoa(ospfh->router_id), OPTIONS(oi),
1015 hello->options);
1016 return;
1017 }
718e3744 1018
d62a17ae 1019 /* get neighbour struct */
1020 nbr = ospf_nbr_get(oi, ospfh, iph, &p);
1021
1022 /* neighbour must be valid, ospf_nbr_get creates if none existed */
1023 assert(nbr);
1024
1025 old_state = nbr->state;
1026
1027 /* Add event to thread. */
1028 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_PacketReceived);
1029
1030 /* RFC2328 Section 9.5.1
1031 If the router is not eligible to become Designated Router,
1032 (snip) It must also send an Hello Packet in reply to an
1033 Hello Packet received from any eligible neighbor (other than
1034 the current Designated Router and Backup Designated Router). */
1035 if (oi->type == OSPF_IFTYPE_NBMA)
1036 if (PRIORITY(oi) == 0 && hello->priority > 0
1037 && IPV4_ADDR_CMP(&DR(oi), &iph->ip_src)
1038 && IPV4_ADDR_CMP(&BDR(oi), &iph->ip_src))
1039 OSPF_NSM_TIMER_ON(nbr->t_hello_reply,
1040 ospf_hello_reply_timer,
1041 OSPF_HELLO_REPLY_DELAY);
1042
1043 /* on NBMA network type, it happens to receive bidirectional Hello
1044 packet
1045 without advance 1-Way Received event.
1046 To avoid incorrect DR-seletion, raise 1-Way Received event.*/
1047 if (oi->type == OSPF_IFTYPE_NBMA
1048 && (old_state == NSM_Down || old_state == NSM_Attempt)) {
1049 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_OneWayReceived);
1050 nbr->priority = hello->priority;
1051 nbr->d_router = hello->d_router;
1052 nbr->bd_router = hello->bd_router;
1053 return;
1054 }
1055
1056 if (ospf_nbr_bidirectional(&oi->ospf->router_id, hello->neighbors,
1057 size - OSPF_HELLO_MIN_SIZE)) {
1058 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_TwoWayReceived);
1059 nbr->options |= hello->options;
1060 } else {
1061 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_OneWayReceived);
1062 /* Set neighbor information. */
1063 nbr->priority = hello->priority;
1064 nbr->d_router = hello->d_router;
1065 nbr->bd_router = hello->bd_router;
1066 return;
1067 }
1068
1069 /* If neighbor itself declares DR and no BDR exists,
1070 cause event BackupSeen */
1071 if (IPV4_ADDR_SAME(&nbr->address.u.prefix4, &hello->d_router))
975a328e
DA		 1072 if (hello->bd_router.s_addr == INADDR_ANY
1073 && oi->state == ISM_Waiting)
d62a17ae 1074 OSPF_ISM_EVENT_SCHEDULE(oi, ISM_BackupSeen);
1075
1076 /* neighbor itself declares BDR. */
1077 if (oi->state == ISM_Waiting
1078 && IPV4_ADDR_SAME(&nbr->address.u.prefix4, &hello->bd_router))
1079 OSPF_ISM_EVENT_SCHEDULE(oi, ISM_BackupSeen);
1080
1081 /* had not previously. */
1082 if ((IPV4_ADDR_SAME(&nbr->address.u.prefix4, &hello->d_router)
1083 && IPV4_ADDR_CMP(&nbr->address.u.prefix4, &nbr->d_router))
1084 || (IPV4_ADDR_CMP(&nbr->address.u.prefix4, &hello->d_router)
1085 && IPV4_ADDR_SAME(&nbr->address.u.prefix4, &nbr->d_router)))
1086 OSPF_ISM_EVENT_SCHEDULE(oi, ISM_NeighborChange);
1087
1088 /* had not previously. */
1089 if ((IPV4_ADDR_SAME(&nbr->address.u.prefix4, &hello->bd_router)
1090 && IPV4_ADDR_CMP(&nbr->address.u.prefix4, &nbr->bd_router))
1091 || (IPV4_ADDR_CMP(&nbr->address.u.prefix4, &hello->bd_router)
1092 && IPV4_ADDR_SAME(&nbr->address.u.prefix4, &nbr->bd_router)))
1093 OSPF_ISM_EVENT_SCHEDULE(oi, ISM_NeighborChange);
1094
1095 /* Neighbor priority check. */
1096 if (nbr->priority >= 0 && nbr->priority != hello->priority)
1097 OSPF_ISM_EVENT_SCHEDULE(oi, ISM_NeighborChange);
1098
1099 /* Set neighbor information. */
1100 nbr->priority = hello->priority;
1101 nbr->d_router = hello->d_router;
1102 nbr->bd_router = hello->bd_router;
718e3744 1103}
1104
1105/* Save DD flags/options/Seqnum received. */
d62a17ae 1106static void ospf_db_desc_save_current(struct ospf_neighbor *nbr,
1107 struct ospf_db_desc *dd)
718e3744 1108{
d62a17ae 1109 nbr->last_recv.flags = dd->flags;
1110 nbr->last_recv.options = dd->options;
1111 nbr->last_recv.dd_seqnum = ntohl(dd->dd_seqnum);
718e3744 1112}
1113
1114/* Process rest of DD packet. */
d62a17ae 1115static void ospf_db_desc_proc(struct stream *s, struct ospf_interface *oi,
1116 struct ospf_neighbor *nbr,
d7c0a89a 1117 struct ospf_db_desc *dd, uint16_t size)
d62a17ae 1118{
1119 struct ospf_lsa *new, *find;
1120 struct lsa_header *lsah;
1121
1122 stream_forward_getp(s, OSPF_DB_DESC_MIN_SIZE);
1123 for (size -= OSPF_DB_DESC_MIN_SIZE; size >= OSPF_LSA_HEADER_SIZE;
1124 size -= OSPF_LSA_HEADER_SIZE) {
2d34fb80 1125 lsah = (struct lsa_header *)stream_pnt(s);
d62a17ae 1126 stream_forward_getp(s, OSPF_LSA_HEADER_SIZE);
1127
1128 /* Unknown LS type. */
1129 if (lsah->type < OSPF_MIN_LSA || lsah->type >= OSPF_MAX_LSA) {
cf444bcf 1130 flog_warn(EC_OSPF_PACKET,
c9cc11f6 1131 "Packet [DD:RECV]: Unknown LS type %d.",
d62a17ae 1132 lsah->type);
1133 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_SeqNumberMismatch);
1134 return;
1135 }
1136
1137 if (IS_OPAQUE_LSA(lsah->type)
1138 && !CHECK_FLAG(nbr->options, OSPF_OPTION_O)) {
cf444bcf 1139 flog_warn(EC_OSPF_PACKET,
c9cc11f6 1140 "LSA[Type%d:%s]: Opaque capability mismatch?",
d62a17ae 1141 lsah->type, inet_ntoa(lsah->id));
1142 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_SeqNumberMismatch);
1143 return;
1144 }
1145
1146 switch (lsah->type) {
1147 case OSPF_AS_EXTERNAL_LSA:
1148 case OSPF_OPAQUE_AS_LSA:
1149 /* Check for stub area. Reject if AS-External from stub
1150 but
1151 allow if from NSSA. */
1152 if (oi->area->external_routing == OSPF_AREA_STUB) {
c9cc11f6 1153 flog_warn(
cf444bcf 1154 EC_OSPF_PACKET,
d62a17ae 1155 "Packet [DD:RECV]: LSA[Type%d:%s] from %s area.",
1156 lsah->type, inet_ntoa(lsah->id),
1157 (oi->area->external_routing
1158 == OSPF_AREA_STUB)
1159 ? "STUB"
1160 : "NSSA");
1161 OSPF_NSM_EVENT_SCHEDULE(nbr,
1162 NSM_SeqNumberMismatch);
1163 return;
1164 }
1165 break;
1166 default:
1167 break;
1168 }
1169
1170 /* Create LS-request object. */
1171 new = ospf_ls_request_new(lsah);
1172
1173 /* Lookup received LSA, then add LS request list. */
1174 find = ospf_lsa_lookup_by_header(oi->area, lsah);
1175
1176 /* ospf_lsa_more_recent is fine with NULL pointers */
1177 switch (ospf_lsa_more_recent(find, new)) {
1178 case -1:
1179 /* Neighbour has a more recent LSA, we must request it
1180 */
1181 ospf_ls_request_add(nbr, new);
1182 /* fallthru */
1183 case 0:
1184 /* If we have a copy of this LSA, it's either less
1185 * recent
1186 * and we're requesting it from neighbour (the case
1187 * above), or
1188 * it's as recent and we both have same copy (this
1189 * case).
1190 *
1191 * In neither of these two cases is there any point in
1192 * describing our copy of the LSA to the neighbour in a
1193 * DB-Summary packet, if we're still intending to do so.
1194 *
1195 * See: draft-ogier-ospf-dbex-opt-00.txt, describing the
1196 * backward compatible optimisation to OSPF DB Exchange
1197 * /
1198 * DB Description process implemented here.
1199 */
1200 if (find)
1201 ospf_lsdb_delete(&nbr->db_sum, find);
1202 ospf_lsa_discard(new);
1203 break;
1204 default:
1205 /* We have the more recent copy, nothing specific to do:
1206 * - no need to request neighbours stale copy
1207 * - must leave DB summary list copy alone
1208 */
1209 if (IS_DEBUG_OSPF_EVENT)
1210 zlog_debug(
3efd0893 1211 "Packet [DD:RECV]: LSA received Type %d, ID %s is not recent.",
d62a17ae 1212 lsah->type, inet_ntoa(lsah->id));
1213 ospf_lsa_discard(new);
1214 }
1215 }
1216
1217 /* Master */
1218 if (IS_SET_DD_MS(nbr->dd_flags)) {
1219 nbr->dd_seqnum++;
1220
1221 /* Both sides have no More, then we're done with Exchange */
1222 if (!IS_SET_DD_M(dd->flags) && !IS_SET_DD_M(nbr->dd_flags))
1223 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_ExchangeDone);
1224 else
1225 ospf_db_desc_send(nbr);
1226 }
1227 /* Slave */
1228 else {
1229 nbr->dd_seqnum = ntohl(dd->dd_seqnum);
1230
1231 /* Send DD packet in reply.
1232 *
1233 * Must be done to acknowledge the Master's DD, regardless of
1234 * whether we have more LSAs ourselves to describe.
1235 *
1236 * This function will clear the 'More' bit, if after this DD
1237 * we have no more LSAs to describe to the master..
1238 */
1239 ospf_db_desc_send(nbr);
1240
1241 /* Slave can raise ExchangeDone now, if master is also done */
1242 if (!IS_SET_DD_M(dd->flags) && !IS_SET_DD_M(nbr->dd_flags))
1243 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_ExchangeDone);
1244 }
1245
1246 /* Save received neighbor values from DD. */
1247 ospf_db_desc_save_current(nbr, dd);
1248
1249 if (!nbr->t_ls_req)
1250 ospf_ls_req_send(nbr);
1251}
1252
1253static int ospf_db_desc_is_dup(struct ospf_db_desc *dd,
1254 struct ospf_neighbor *nbr)
1255{
1256 /* Is DD duplicated? */
1257 if (dd->options == nbr->last_recv.options
1258 && dd->flags == nbr->last_recv.flags
1259 && dd->dd_seqnum == htonl(nbr->last_recv.dd_seqnum))
1260 return 1;
1261
1262 return 0;
718e3744 1263}
1264
1265/* OSPF Database Description message read -- RFC2328 Section 10.6. */
d62a17ae 1266static void ospf_db_desc(struct ip *iph, struct ospf_header *ospfh,
1267 struct stream *s, struct ospf_interface *oi,
d7c0a89a 1268 uint16_t size)
d62a17ae 1269{
1270 struct ospf_db_desc *dd;
1271 struct ospf_neighbor *nbr;
d363df2c 1272
d62a17ae 1273 /* Increment statistics. */
1274 oi->db_desc_in++;
718e3744 1275
2d34fb80 1276 dd = (struct ospf_db_desc *)stream_pnt(s);
d62a17ae 1277
1278 nbr = ospf_nbr_lookup(oi, iph, ospfh);
1279 if (nbr == NULL) {
cf444bcf 1280 flog_warn(EC_OSPF_PACKET, "Packet[DD]: Unknown Neighbor %s",
d62a17ae 1281 inet_ntoa(ospfh->router_id));
1282 return;
718e3744 1283 }
d62a17ae 1284
1285 /* Check MTU. */
1286 if ((OSPF_IF_PARAM(oi, mtu_ignore) == 0)
1287 && (ntohs(dd->mtu) > oi->ifp->mtu)) {
c9cc11f6 1288 flog_warn(
cf444bcf 1289 EC_OSPF_PACKET,
d62a17ae 1290 "Packet[DD]: Neighbor %s MTU %u is larger than [%s]'s MTU %u",
1291 inet_ntoa(nbr->router_id), ntohs(dd->mtu), IF_NAME(oi),
1292 oi->ifp->mtu);
1293 return;
718e3744 1294 }
1295
d62a17ae 1296 /*
1297 * XXX HACK by Hasso Tepper. Setting N/P bit in NSSA area DD packets is
1298 * not
1299 * required. In fact at least JunOS sends DD packets with P bit clear.
1300 * Until proper solution is developped, this hack should help.
1301 *
1302 * Update: According to the RFCs, N bit is specified /only/ for Hello
1303 * options, unfortunately its use in DD options is not specified. Hence
1304 * some
1305 * implementations follow E-bit semantics and set it in DD options, and
1306 * some
1307 * treat it as unspecified and hence follow the directive "default for
1308 * options is clear", ie unset.
1309 *
1310 * Reset the flag, as ospfd follows E-bit semantics.
1311 */
1312 if ((oi->area->external_routing == OSPF_AREA_NSSA)
1313 && (CHECK_FLAG(nbr->options, OSPF_OPTION_NP))
1314 && (!CHECK_FLAG(dd->options, OSPF_OPTION_NP))) {
1315 if (IS_DEBUG_OSPF_EVENT)
1316 zlog_debug(
1317 "Packet[DD]: Neighbour %s: Has NSSA capability, sends with N bit clear in DD options",
1318 inet_ntoa(nbr->router_id));
1319 SET_FLAG(dd->options, OSPF_OPTION_NP);
718e3744 1320 }
1321
d62a17ae 1322#ifdef REJECT_IF_TBIT_ON
1323 if (CHECK_FLAG(dd->options, OSPF_OPTION_MT)) {
1324 /*
1325 * In Hello protocol, optional capability must have checked
1326 * to prevent this T-bit enabled router be my neighbor.
1327 */
1c50c1c0 1328 flog_warn(EC_OSPF_PACKET, "Packet[DD]: Neighbor %s: T-bit on?",
d62a17ae 1329 inet_ntoa(nbr->router_id));
1330 return;
1331 }
1332#endif /* REJECT_IF_TBIT_ON */
1333
1334 if (CHECK_FLAG(dd->options, OSPF_OPTION_O)
1335 && !CHECK_FLAG(oi->ospf->config, OSPF_OPAQUE_CAPABLE)) {
1336 /*
1337 * This node is not configured to handle O-bit, for now.
1338 * Clear it to ignore unsupported capability proposed by
1339 * neighbor.
1340 */
1341 UNSET_FLAG(dd->options, OSPF_OPTION_O);
1342 }
1343
1344 /* Add event to thread. */
1345 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_PacketReceived);
1346
e6a22aeb
SK		 1347 if (CHECK_FLAG(oi->ospf->config, OSPF_LOG_ADJACENCY_DETAIL))
1348 zlog_info(
1349 "%s:Packet[DD]: Neighbor %s state is %s, seq_num:0x%x, local:0x%x",
1350 (oi->ospf->name) ? oi->ospf->name : VRF_DEFAULT_NAME,
1351 inet_ntoa(nbr->router_id),
1352 lookup_msg(ospf_nsm_state_msg, nbr->state, NULL),
1353 ntohl(dd->dd_seqnum), nbr->dd_seqnum);
1354
d62a17ae 1355 /* Process DD packet by neighbor status. */
1356 switch (nbr->state) {
1357 case NSM_Down:
1358 case NSM_Attempt:
1359 case NSM_TwoWay:
96db9cd3
DS		 1360 if (CHECK_FLAG(oi->ospf->config, OSPF_LOG_ADJACENCY_DETAIL))
1361 zlog_info(
1362 "Packet[DD]: Neighbor %s state is %s, packet discarded.",
1363 inet_ntoa(nbr->router_id),
1364 lookup_msg(ospf_nsm_state_msg, nbr->state,
1365 NULL));
d62a17ae 1366 break;
1367 case NSM_Init:
1368 OSPF_NSM_EVENT_EXECUTE(nbr, NSM_TwoWayReceived);
1369 /* If the new state is ExStart, the processing of the current
1370 packet should then continue in this new state by falling
1371 through to case ExStart below. */
1372 if (nbr->state != NSM_ExStart)
1373 break;
1374 /* fallthru */
1375 case NSM_ExStart:
1376 /* Initial DBD */
1377 if ((IS_SET_DD_ALL(dd->flags) == OSPF_DD_FLAG_ALL)
1378 && (size == OSPF_DB_DESC_MIN_SIZE)) {
1379 if (IPV4_ADDR_CMP(&nbr->router_id, &oi->ospf->router_id)
1380 > 0) {
1381 /* We're Slave---obey */
05ba78e4
CS		 1382 if (CHECK_FLAG(oi->ospf->config,
1383 OSPF_LOG_ADJACENCY_DETAIL))
996c9314
LB		 1384 zlog_info(
1385 "Packet[DD]: Neighbor %s Negotiation done (Slave).",
1386 inet_ntoa(nbr->router_id));
05ba78e4 1387
d62a17ae 1388 nbr->dd_seqnum = ntohl(dd->dd_seqnum);
1389
1390 /* Reset I/MS */
1391 UNSET_FLAG(nbr->dd_flags,
1392 (OSPF_DD_FLAG_MS | OSPF_DD_FLAG_I));
1393 } else {
1394 /* We're Master, ignore the initial DBD from
1395 * Slave */
05ba78e4
CS		 1396 if (CHECK_FLAG(oi->ospf->config,
1397 OSPF_LOG_ADJACENCY_DETAIL))
1398 zlog_info(
3efd0893 1399 "Packet[DD]: Neighbor %s: Initial DBD from Slave, ignoring.",
05ba78e4 1400 inet_ntoa(nbr->router_id));
d62a17ae 1401 break;
1402 }
1403 }
1404 /* Ack from the Slave */
1405 else if (!IS_SET_DD_MS(dd->flags) && !IS_SET_DD_I(dd->flags)
1406 && ntohl(dd->dd_seqnum) == nbr->dd_seqnum
1407 && IPV4_ADDR_CMP(&nbr->router_id, &oi->ospf->router_id)
1408 < 0) {
1409 zlog_info(
1410 "Packet[DD]: Neighbor %s Negotiation done (Master).",
1411 inet_ntoa(nbr->router_id));
1412 /* Reset I, leaving MS */
1413 UNSET_FLAG(nbr->dd_flags, OSPF_DD_FLAG_I);
1414 } else {
cf444bcf 1415 flog_warn(EC_OSPF_PACKET,
c9cc11f6 1416 "Packet[DD]: Neighbor %s Negotiation fails.",
d62a17ae 1417 inet_ntoa(nbr->router_id));
1418 break;
1419 }
1420
1421 /* This is where the real Options are saved */
1422 nbr->options = dd->options;
1423
1424 if (CHECK_FLAG(oi->ospf->config, OSPF_OPAQUE_CAPABLE)) {
1425 if (IS_DEBUG_OSPF_EVENT)
1426 zlog_debug(
1427 "Neighbor[%s] is %sOpaque-capable.",
1428 inet_ntoa(nbr->router_id),
1429 CHECK_FLAG(nbr->options, OSPF_OPTION_O)
1430 ? ""
1431 : "NOT ");
1432
1433 if (!CHECK_FLAG(nbr->options, OSPF_OPTION_O)
1434 && IPV4_ADDR_SAME(&DR(oi),
1435 &nbr->address.u.prefix4)) {
c9cc11f6 1436 flog_warn(
cf444bcf 1437 EC_OSPF_PACKET,
c9cc11f6 1438 "DR-neighbor[%s] is NOT opaque-capable; Opaque-LSAs cannot be reliably advertised in this network.",
d62a17ae 1439 inet_ntoa(nbr->router_id));
1440 /* This situation is undesirable, but not a real
1441 * error. */
1442 }
1443 }
1444
1445 OSPF_NSM_EVENT_EXECUTE(nbr, NSM_NegotiationDone);
1446
1447 /* continue processing rest of packet. */
1448 ospf_db_desc_proc(s, oi, nbr, dd, size);
1449 break;
1450 case NSM_Exchange:
1451 if (ospf_db_desc_is_dup(dd, nbr)) {
1452 if (IS_SET_DD_MS(nbr->dd_flags))
1453 /* Master: discard duplicated DD packet. */
1454 zlog_info(
1455 "Packet[DD] (Master): Neighbor %s packet duplicated.",
1456 inet_ntoa(nbr->router_id));
1457 else
1458 /* Slave: cause to retransmit the last Database
1459 Description. */
1460 {
1461 zlog_info(
1462 "Packet[DD] [Slave]: Neighbor %s packet duplicated.",
1463 inet_ntoa(nbr->router_id));
1464 ospf_db_desc_resend(nbr);
1465 }
1466 break;
1467 }
1468
1469 /* Otherwise DD packet should be checked. */
1470 /* Check Master/Slave bit mismatch */
1471 if (IS_SET_DD_MS(dd->flags)
1472 != IS_SET_DD_MS(nbr->last_recv.flags)) {
cf444bcf 1473 flog_warn(EC_OSPF_PACKET,
c9cc11f6 1474 "Packet[DD]: Neighbor %s MS-bit mismatch.",
d62a17ae 1475 inet_ntoa(nbr->router_id));
1476 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_SeqNumberMismatch);
1477 if (IS_DEBUG_OSPF_EVENT)
1478 zlog_debug(
1479 "Packet[DD]: dd->flags=%d, nbr->dd_flags=%d",
1480 dd->flags, nbr->dd_flags);
1481 break;
1482 }
1483
1484 /* Check initialize bit is set. */
1485 if (IS_SET_DD_I(dd->flags)) {
1486 zlog_info("Packet[DD]: Neighbor %s I-bit set.",
1487 inet_ntoa(nbr->router_id));
1488 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_SeqNumberMismatch);
1489 break;
1490 }
1491
1492 /* Check DD Options. */
1493 if (dd->options != nbr->options) {
cf444bcf 1494 flog_warn(EC_OSPF_PACKET,
c9cc11f6 1495 "Packet[DD]: Neighbor %s options mismatch.",
d62a17ae 1496 inet_ntoa(nbr->router_id));
1497 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_SeqNumberMismatch);
1498 break;
1499 }
718e3744 1500
d62a17ae 1501 /* Check DD sequence number. */
1502 if ((IS_SET_DD_MS(nbr->dd_flags)
1503 && ntohl(dd->dd_seqnum) != nbr->dd_seqnum)
1504 || (!IS_SET_DD_MS(nbr->dd_flags)
1505 && ntohl(dd->dd_seqnum) != nbr->dd_seqnum + 1)) {
c9cc11f6 1506 flog_warn(
cf444bcf 1507 EC_OSPF_PACKET,
d62a17ae 1508 "Packet[DD]: Neighbor %s sequence number mismatch.",
1509 inet_ntoa(nbr->router_id));
1510 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_SeqNumberMismatch);
1511 break;
1512 }
1513
1514 /* Continue processing rest of packet. */
1515 ospf_db_desc_proc(s, oi, nbr, dd, size);
1516 break;
1517 case NSM_Loading:
1518 case NSM_Full:
1519 if (ospf_db_desc_is_dup(dd, nbr)) {
1520 if (IS_SET_DD_MS(nbr->dd_flags)) {
1521 /* Master should discard duplicate DD packet. */
1522 zlog_info(
3efd0893 1523 "Packet[DD]: Neighbor %s duplicated, packet discarded.",
d62a17ae 1524 inet_ntoa(nbr->router_id));
1525 break;
1526 } else {
1527 if (monotime_since(&nbr->last_send_ts, NULL)
1528 < nbr->v_inactivity * 1000000LL) {
1529 /* In states Loading and Full the slave
1530 must resend
1531 its last Database Description packet
1532 in response to
1533 duplicate Database Description
1534 packets received
1535 from the master. For this reason the
1536 slave must
1537 wait RouterDeadInterval seconds
1538 before freeing the
1539 last Database Description packet.
1540 Reception of a
1541 Database Description packet from the
1542 master after
1543 this interval will generate a
1544 SeqNumberMismatch
1545 neighbor event. RFC2328 Section 10.8
1546 */
1547 ospf_db_desc_resend(nbr);
1548 break;
1549 }
1550 }
718e3744 1551 }
718e3744 1552
d62a17ae 1553 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_SeqNumberMismatch);
1554 break;
1555 default:
cf444bcf 1556 flog_warn(EC_OSPF_PACKET,
c9cc11f6 1557 "Packet[DD]: Neighbor %s NSM illegal status %u.",
d62a17ae 1558 inet_ntoa(nbr->router_id), nbr->state);
1559 break;
1560 }
718e3744 1561}
1562
1563#define OSPF_LSA_KEY_SIZE 12 /* type(4) + id(4) + ar(4) */
1564
1565/* OSPF Link State Request Read -- RFC2328 Section 10.7. */
d62a17ae 1566static void ospf_ls_req(struct ip *iph, struct ospf_header *ospfh,
1567 struct stream *s, struct ospf_interface *oi,
d7c0a89a 1568 uint16_t size)
d62a17ae 1569{
1570 struct ospf_neighbor *nbr;
d7c0a89a 1571 uint32_t ls_type;
d62a17ae 1572 struct in_addr ls_id;
1573 struct in_addr adv_router;
1574 struct ospf_lsa *find;
1575 struct list *ls_upd;
1576 unsigned int length;
1577
1578 /* Increment statistics. */
1579 oi->ls_req_in++;
1580
1581 nbr = ospf_nbr_lookup(oi, iph, ospfh);
1582 if (nbr == NULL) {
cf444bcf 1583 flog_warn(EC_OSPF_PACKET,
c9cc11f6 1584 "Link State Request: Unknown Neighbor %s.",
d62a17ae 1585 inet_ntoa(ospfh->router_id));
1586 return;
718e3744 1587 }
1588
d62a17ae 1589 /* Add event to thread. */
1590 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_PacketReceived);
1591
1592 /* Neighbor State should be Exchange or later. */
1593 if (nbr->state != NSM_Exchange && nbr->state != NSM_Loading
1594 && nbr->state != NSM_Full) {
c9cc11f6 1595 flog_warn(
cf444bcf 1596 EC_OSPF_PACKET,
c9cc11f6 1597 "Link State Request received from %s: Neighbor state is %s, packet discarded.",
d62a17ae 1598 inet_ntoa(ospfh->router_id),
1599 lookup_msg(ospf_nsm_state_msg, nbr->state, NULL));
1600 return;
718e3744 1601 }
1602
d62a17ae 1603 /* Send Link State Update for ALL requested LSAs. */
1604 ls_upd = list_new();
1605 length = OSPF_HEADER_SIZE + OSPF_LS_UPD_MIN_SIZE;
1606
1607 while (size >= OSPF_LSA_KEY_SIZE) {
1608 /* Get one slice of Link State Request. */
1609 ls_type = stream_getl(s);
1610 ls_id.s_addr = stream_get_ipv4(s);
1611 adv_router.s_addr = stream_get_ipv4(s);
1612
1613 /* Verify LSA type. */
1614 if (ls_type < OSPF_MIN_LSA || ls_type >= OSPF_MAX_LSA) {
1615 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_BadLSReq);
6a154c88 1616 list_delete(&ls_upd);
d62a17ae 1617 return;
1618 }
718e3744 1619
d62a17ae 1620 /* Search proper LSA in LSDB. */
b5a8894d
CS		 1621 find = ospf_lsa_lookup(oi->ospf, oi->area, ls_type, ls_id,
1622 adv_router);
d62a17ae 1623 if (find == NULL) {
1624 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_BadLSReq);
6a154c88 1625 list_delete(&ls_upd);
d62a17ae 1626 return;
1627 }
718e3744 1628
d62a17ae 1629 /* Packet overflows MTU size, send immediately. */
1630 if (length + ntohs(find->data->length) > ospf_packet_max(oi)) {
1631 if (oi->type == OSPF_IFTYPE_NBMA)
1632 ospf_ls_upd_send(nbr, ls_upd,
046460a1 1633 OSPF_SEND_PACKET_DIRECT, 0);
d62a17ae 1634 else
1635 ospf_ls_upd_send(nbr, ls_upd,
046460a1 1636 OSPF_SEND_PACKET_INDIRECT, 0);
d62a17ae 1637
1638 /* Only remove list contents. Keep ls_upd. */
1639 list_delete_all_node(ls_upd);
718e3744 1640
d62a17ae 1641 length = OSPF_HEADER_SIZE + OSPF_LS_UPD_MIN_SIZE;
1642 }
1643
1644 /* Append LSA to update list. */
1645 listnode_add(ls_upd, find);
1646 length += ntohs(find->data->length);
718e3744 1647
d62a17ae 1648 size -= OSPF_LSA_KEY_SIZE;
1649 }
718e3744 1650
d62a17ae 1651 /* Send rest of Link State Update. */
1652 if (listcount(ls_upd) > 0) {
1653 if (oi->type == OSPF_IFTYPE_NBMA)
996c9314
LB		 1654 ospf_ls_upd_send(nbr, ls_upd, OSPF_SEND_PACKET_DIRECT,
1655 0);
d62a17ae 1656 else
996c9314
LB		 1657 ospf_ls_upd_send(nbr, ls_upd, OSPF_SEND_PACKET_INDIRECT,
1658 0);
718e3744 1659
6a154c88 1660 list_delete(&ls_upd);
d62a17ae 1661 } else
6a154c88 1662 list_delete(&ls_upd);
718e3744 1663}
1664
1665/* Get the list of LSAs from Link State Update packet.
1666 And process some validation -- RFC2328 Section 13. (1)-(2). */
d62a17ae 1667static struct list *ospf_ls_upd_list_lsa(struct ospf_neighbor *nbr,
1668 struct stream *s,
1669 struct ospf_interface *oi, size_t size)
1670{
d7c0a89a
QY		 1671 uint16_t count, sum;
1672 uint32_t length;
d62a17ae 1673 struct lsa_header *lsah;
1674 struct ospf_lsa *lsa;
1675 struct list *lsas;
1676
1677 lsas = list_new();
1678
1679 count = stream_getl(s);
1680 size -= OSPF_LS_UPD_MIN_SIZE; /* # LSAs */
1681
1682 for (; size >= OSPF_LSA_HEADER_SIZE && count > 0;
1683 size -= length, stream_forward_getp(s, length), count--) {
2d34fb80 1684 lsah = (struct lsa_header *)stream_pnt(s);
d62a17ae 1685 length = ntohs(lsah->length);
1686
1687 if (length > size) {
c9cc11f6 1688 flog_warn(
cf444bcf 1689 EC_OSPF_PACKET,
d62a17ae 1690 "Link State Update: LSA length exceeds packet size.");
1691 break;
1692 }
718e3744 1693
d62a17ae 1694 /* Validate the LSA's LS checksum. */
1695 sum = lsah->checksum;
1696 if (!ospf_lsa_checksum_valid(lsah)) {
1697 /* (bug #685) more details in a one-line message make it
1698 * possible
1699 * to identify problem source on the one hand and to
1700 * have a better
1701 * chance to compress repeated messages in syslog on the
1702 * other */
c9cc11f6 1703 flog_warn(
cf444bcf 1704 EC_OSPF_PACKET,
d62a17ae 1705 "Link State Update: LSA checksum error %x/%x, ID=%s from: nbr %s, router ID %s, adv router %s",
1706 sum, lsah->checksum, inet_ntoa(lsah->id),
1707 inet_ntoa(nbr->src), inet_ntoa(nbr->router_id),
1708 inet_ntoa(lsah->adv_router));
1709 continue;
1710 }
718e3744 1711
d62a17ae 1712 /* Examine the LSA's LS type. */
1713 if (lsah->type < OSPF_MIN_LSA || lsah->type >= OSPF_MAX_LSA) {
cf444bcf 1714 flog_warn(EC_OSPF_PACKET,
c9cc11f6 1715 "Link State Update: Unknown LS type %d",
d62a17ae 1716 lsah->type);
1717 continue;
1718 }
718e3744 1719
d62a17ae 1720 /*
1721 * What if the received LSA's age is greater than MaxAge?
1722 * Treat it as a MaxAge case -- endo.
1723 */
1724 if (ntohs(lsah->ls_age) > OSPF_LSA_MAXAGE)
1725 lsah->ls_age = htons(OSPF_LSA_MAXAGE);
718e3744 1726
d62a17ae 1727 if (CHECK_FLAG(nbr->options, OSPF_OPTION_O)) {
1728#ifdef STRICT_OBIT_USAGE_CHECK
1729 if ((IS_OPAQUE_LSA(lsah->type)
1730 && !CHECK_FLAG(lsah->options, OSPF_OPTION_O))
1731 || (!IS_OPAQUE_LSA(lsah->type)
1732 && CHECK_FLAG(lsah->options, OSPF_OPTION_O))) {
1733 /*
1734 * This neighbor must know the exact usage of
1735 * O-bit;
1736 * the bit will be set in Type-9,10,11 LSAs
1737 * only.
1738 */
cf444bcf 1739 flog_warn(EC_OSPF_PACKET,
c9cc11f6 1740 "LSA[Type%d:%s]: O-bit abuse?",
d62a17ae 1741 lsah->type, inet_ntoa(lsah->id));
1742 continue;
1743 }
1744#endif /* STRICT_OBIT_USAGE_CHECK */
718e3744 1745
d62a17ae 1746 /* Do not take in AS External Opaque-LSAs if we are a
1747 * stub. */
1748 if (lsah->type == OSPF_OPAQUE_AS_LSA
1749 && nbr->oi->area->external_routing
1750 != OSPF_AREA_DEFAULT) {
1751 if (IS_DEBUG_OSPF_EVENT)
1752 zlog_debug(
1753 "LSA[Type%d:%s]: We are a stub, don't take this LSA.",
1754 lsah->type,
1755 inet_ntoa(lsah->id));
1756 continue;
1757 }
1758 } else if (IS_OPAQUE_LSA(lsah->type)) {
cf444bcf 1759 flog_warn(EC_OSPF_PACKET,
c9cc11f6 1760 "LSA[Type%d:%s]: Opaque capability mismatch?",
d62a17ae 1761 lsah->type, inet_ntoa(lsah->id));
1762 continue;
1763 }
718e3744 1764
d62a17ae 1765 /* Create OSPF LSA instance. */
5b3d4186 1766 lsa = ospf_lsa_new_and_data(length);
d62a17ae 1767
b5a8894d 1768 lsa->vrf_id = oi->ospf->vrf_id;
d62a17ae 1769 /* We may wish to put some error checking if type NSSA comes in
1770 and area not in NSSA mode */
1771 switch (lsah->type) {
1772 case OSPF_AS_EXTERNAL_LSA:
1773 case OSPF_OPAQUE_AS_LSA:
1774 lsa->area = NULL;
1775 break;
1776 case OSPF_OPAQUE_LINK_LSA:
1777 lsa->oi = oi; /* Remember incoming interface for
1778 flooding control. */
1779 /* Fallthrough */
1780 default:
1781 lsa->area = oi->area;
1782 break;
1783 }
718e3744 1784
d62a17ae 1785 memcpy(lsa->data, lsah, length);
1786
1787 if (IS_DEBUG_OSPF_EVENT)
1788 zlog_debug(
1789 "LSA[Type%d:%s]: %p new LSA created with Link State Update",
1790 lsa->data->type, inet_ntoa(lsa->data->id),
1791 (void *)lsa);
1792 listnode_add(lsas, lsa);
1793 }
718e3744 1794
d62a17ae 1795 return lsas;
718e3744 1796}
1797
1798/* Cleanup Update list. */
d62a17ae 1799static void ospf_upd_list_clean(struct list *lsas)
718e3744 1800{
d62a17ae 1801 struct listnode *node, *nnode;
1802 struct ospf_lsa *lsa;
718e3744 1803
d62a17ae 1804 for (ALL_LIST_ELEMENTS(lsas, node, nnode, lsa))
1805 ospf_lsa_discard(lsa);
718e3744 1806
6a154c88 1807 list_delete(&lsas);
718e3744 1808}
1809
1810/* OSPF Link State Update message read -- RFC2328 Section 13. */
d62a17ae 1811static void ospf_ls_upd(struct ospf *ospf, struct ip *iph,
1812 struct ospf_header *ospfh, struct stream *s,
d7c0a89a 1813 struct ospf_interface *oi, uint16_t size)
d62a17ae 1814{
1815 struct ospf_neighbor *nbr;
1816 struct list *lsas;
1817 struct listnode *node, *nnode;
1818 struct ospf_lsa *lsa = NULL;
1819 /* unsigned long ls_req_found = 0; */
1820
1821 /* Dis-assemble the stream, update each entry, re-encapsulate for
1822 * flooding */
1823
1824 /* Increment statistics. */
1825 oi->ls_upd_in++;
1826
1827 /* Check neighbor. */
1828 nbr = ospf_nbr_lookup(oi, iph, ospfh);
1829 if (nbr == NULL) {
cf444bcf 1830 flog_warn(EC_OSPF_PACKET,
c9cc11f6 1831 "Link State Update: Unknown Neighbor %s on int: %s",
d62a17ae 1832 inet_ntoa(ospfh->router_id), IF_NAME(oi));
1833 return;
718e3744 1834 }
1835
d62a17ae 1836 /* Add event to thread. */
1837 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_PacketReceived);
1838
1839 /* Check neighbor state. */
1840 if (nbr->state < NSM_Exchange) {
1841 if (IS_DEBUG_OSPF(nsm, NSM_EVENTS))
1842 zlog_debug(
3efd0893 1843 "Link State Update: Neighbor[%s] state %s is less than Exchange",
d62a17ae 1844 inet_ntoa(ospfh->router_id),
1845 lookup_msg(ospf_nsm_state_msg, nbr->state,
1846 NULL));
1847 return;
1848 }
718e3744 1849
d62a17ae 1850 /* Get list of LSAs from Link State Update packet. - Also perorms Stages
1851 * 1 (validate LSA checksum) and 2 (check for LSA consistent type)
1852 * of section 13.
1853 */
1854 lsas = ospf_ls_upd_list_lsa(nbr, s, oi, size);
1855
35955c14
CS		 1856 if (lsas == NULL)
1857 return;
d62a17ae 1858#define DISCARD_LSA(L, N) \
1859 { \
1860 if (IS_DEBUG_OSPF_EVENT) \
1861 zlog_debug( \
1862 "ospf_lsa_discard() in ospf_ls_upd() point %d: lsa %p" \
1863 " Type-%d", \
1864 N, (void *)lsa, (int)lsa->data->type); \
1865 ospf_lsa_discard(L); \
1866 continue; \
718e3744 1867 }
1868
d62a17ae 1869 /* Process each LSA received in the one packet.
1870 *
1871 * Numbers in parentheses, e.g. (1), (2), etc., and the corresponding
1872 * text below are from the steps in RFC 2328, Section 13.
1873 */
1874 for (ALL_LIST_ELEMENTS(lsas, node, nnode, lsa)) {
1875 struct ospf_lsa *ls_ret, *current;
1876 int ret = 1;
1877
1878 if (IS_DEBUG_OSPF_NSSA) {
1879 char buf1[INET_ADDRSTRLEN];
1880 char buf2[INET_ADDRSTRLEN];
1881 char buf3[INET_ADDRSTRLEN];
1882
1883 zlog_debug("LSA Type-%d from %s, ID: %s, ADV: %s",
1884 lsa->data->type,
1885 inet_ntop(AF_INET, &ospfh->router_id, buf1,
1886 INET_ADDRSTRLEN),
1887 inet_ntop(AF_INET, &lsa->data->id, buf2,
1888 INET_ADDRSTRLEN),
1889 inet_ntop(AF_INET, &lsa->data->adv_router,
1890 buf3, INET_ADDRSTRLEN));
1891 }
718e3744 1892
d62a17ae 1893 listnode_delete(lsas,
1894 lsa); /* We don't need it in list anymore */
1895
1896 /* (1) Validate Checksum - Done above by ospf_ls_upd_list_lsa()
1897 */
1898
1899 /* (2) LSA Type - Done above by ospf_ls_upd_list_lsa() */
1900
1901 /* (3) Do not take in AS External LSAs if we are a stub or NSSA.
1902 */
1903
1904 /* Do not take in AS NSSA if this neighbor and we are not NSSA
1905 */
1906
1907 /* Do take in Type-7's if we are an NSSA */
1908
1909 /* If we are also an ABR, later translate them to a Type-5
1910 * packet */
1911
1912 /* Later, an NSSA Re-fresh can Re-fresh Type-7's and an ABR will
1913 translate them to a separate Type-5 packet. */
1914
1915 if (lsa->data->type == OSPF_AS_EXTERNAL_LSA)
1916 /* Reject from STUB or NSSA */
1917 if (nbr->oi->area->external_routing
1918 != OSPF_AREA_DEFAULT) {
1919 if (IS_DEBUG_OSPF_NSSA)
1920 zlog_debug(
1921 "Incoming External LSA Discarded: We are NSSA/STUB Area");
1922 DISCARD_LSA(lsa, 1);
1923 }
1924
1925 if (lsa->data->type == OSPF_AS_NSSA_LSA)
1926 if (nbr->oi->area->external_routing != OSPF_AREA_NSSA) {
1927 if (IS_DEBUG_OSPF_NSSA)
1928 zlog_debug(
1929 "Incoming NSSA LSA Discarded: Not NSSA Area");
1930 DISCARD_LSA(lsa, 2);
1931 }
1932
1933 /* VU229804: Router-LSA Adv-ID must be equal to LS-ID */
1934 if (lsa->data->type == OSPF_ROUTER_LSA)
1935 if (!IPV4_ADDR_SAME(&lsa->data->id,
1936 &lsa->data->adv_router)) {
1937 char buf1[INET_ADDRSTRLEN];
1938 char buf2[INET_ADDRSTRLEN];
1939 char buf3[INET_ADDRSTRLEN];
1940
cf444bcf 1941 flog_err(EC_OSPF_ROUTER_LSA_MISMATCH,
3efd0893 1942 "Incoming Router-LSA from %s with Adv-ID[%s] != LS-ID[%s]",
1c50c1c0
QY		 1943 inet_ntop(AF_INET, &ospfh->router_id,
1944 buf1, INET_ADDRSTRLEN),
1945 inet_ntop(AF_INET, &lsa->data->id,
1946 buf2, INET_ADDRSTRLEN),
1947 inet_ntop(AF_INET,
1948 &lsa->data->adv_router, buf3,
1949 INET_ADDRSTRLEN));
af4c2728 1950 flog_err(
cf444bcf 1951 EC_OSPF_DOMAIN_CORRUPT,
3efd0893 1952 "OSPF domain compromised by attack or corruption. Verify correct operation of -ALL- OSPF routers.");
d62a17ae 1953 DISCARD_LSA(lsa, 0);
1954 }
1955
1956 /* Find the LSA in the current database. */
1957
1958 current = ospf_lsa_lookup_by_header(oi->area, lsa->data);
1959
1960 /* (4) If the LSA's LS age is equal to MaxAge, and there is
1961 currently
1962 no instance of the LSA in the router's link state database,
1963 and none of router's neighbors are in states Exchange or
1964 Loading,
1965 then take the following actions: */
1966
1967 if (IS_LSA_MAXAGE(lsa) && !current
1968 && ospf_check_nbr_status(oi->ospf)) {
1969 /* (4a) Response Link State Acknowledgment. */
1970 ospf_ls_ack_send(nbr, lsa);
1971
1972 /* (4b) Discard LSA. */
1973 if (IS_DEBUG_OSPF(lsa, LSA)) {
1974 zlog_debug(
1975 "Link State Update[%s]: LS age is equal to MaxAge.",
1976 dump_lsa_key(lsa));
1977 }
1978 DISCARD_LSA(lsa, 3);
1979 }
1980
1981 if (IS_OPAQUE_LSA(lsa->data->type)
1982 && IPV4_ADDR_SAME(&lsa->data->adv_router,
1983 &oi->ospf->router_id)) {
1984 /*
1985 * Even if initial flushing seems to be completed, there
1986 * might
1987 * be a case that self-originated LSA with MaxAge still
1988 * remain
1989 * in the routing domain.
1990 * Just send an LSAck message to cease retransmission.
1991 */
1992 if (IS_LSA_MAXAGE(lsa)) {
c9cc11f6 1993 zlog_info("LSA[%s]: Boomerang effect?",
d62a17ae 1994 dump_lsa_key(lsa));
1995 ospf_ls_ack_send(nbr, lsa);
1996 ospf_lsa_discard(lsa);
1997
1998 if (current != NULL && !IS_LSA_MAXAGE(current))
1999 ospf_opaque_lsa_refresh_schedule(
2000 current);
2001 continue;
2002 }
2003
2004 /*
2005 * If an instance of self-originated Opaque-LSA is not
2006 * found
2007 * in the LSDB, there are some possible cases here.
2008 *
2009 * 1) This node lost opaque-capability after restart.
2010 * 2) Else, a part of opaque-type is no more supported.
2011 * 3) Else, a part of opaque-id is no more supported.
2012 *
2013 * Anyway, it is still this node's responsibility to
2014 * flush it.
2015 * Otherwise, the LSA instance remains in the routing
2016 * domain
2017 * until its age reaches to MaxAge.
2018 */
2019 /* XXX: We should deal with this for *ALL* LSAs, not
2020 * just opaque */
2021 if (current == NULL) {
2022 if (IS_DEBUG_OSPF_EVENT)
2023 zlog_debug(
3efd0893 2024 "LSA[%s]: Previously originated Opaque-LSA,not found in the LSDB.",
d62a17ae 2025 dump_lsa_key(lsa));
2026
2027 SET_FLAG(lsa->flags, OSPF_LSA_SELF);
2028
d62a17ae 2029 ospf_ls_ack_send(nbr, lsa);
2030
f45be0e1
QY		 2031 ospf_opaque_self_originated_lsa_received(nbr,
2032 lsa);
d62a17ae 2033 continue;
2034 }
2035 }
2036
2037 /* It might be happen that received LSA is self-originated
2038 * network LSA, but
2039 * router ID is changed. So, we should check if LSA is a
2040 * network-LSA whose
2041 * Link State ID is one of the router's own IP interface
2042 * addresses but whose
2043 * Advertising Router is not equal to the router's own Router ID
2044 * According to RFC 2328 12.4.2 and 13.4 this LSA should be
2045 * flushed.
2046 */
2047
2048 if (lsa->data->type == OSPF_NETWORK_LSA) {
2049 struct listnode *oinode, *oinnode;
2050 struct ospf_interface *out_if;
2051 int Flag = 0;
2052
2053 for (ALL_LIST_ELEMENTS(oi->ospf->oiflist, oinode,
2054 oinnode, out_if)) {
2055 if (out_if == NULL)
2056 break;
2057
2058 if ((IPV4_ADDR_SAME(&out_if->address->u.prefix4,
2059 &lsa->data->id))
2060 && (!(IPV4_ADDR_SAME(
2061 &oi->ospf->router_id,
2062 &lsa->data->adv_router)))) {
2063 if (out_if->network_lsa_self) {
2064 ospf_lsa_flush_area(
2065 lsa, out_if->area);
2066 if (IS_DEBUG_OSPF_EVENT)
2067 zlog_debug(
2068 "ospf_lsa_discard() in ospf_ls_upd() point 9: lsa %p Type-%d",
2069 (void *)lsa,
2070 (int)lsa->data
2071 ->type);
2072 ospf_lsa_discard(lsa);
2073 Flag = 1;
2074 }
2075 break;
2076 }
2077 }
2078 if (Flag)
2079 continue;
2080 }
2081
2082 /* (5) Find the instance of this LSA that is currently contained
2083 in the router's link state database. If there is no
2084 database copy, or the received LSA is more recent than
2085 the database copy the following steps must be performed.
2086 (The sub steps from RFC 2328 section 13 step (5) will be
2087 performed in
2088 ospf_flood() ) */
2089
2090 if (current == NULL
2091 || (ret = ospf_lsa_more_recent(current, lsa)) < 0) {
76c1efd7
CS		 2092 /* CVE-2017-3224 */
2093 if (current && (lsa->data->ls_seqnum ==
2094 htonl(OSPF_MAX_SEQUENCE_NUMBER)
2095 && !IS_LSA_MAXAGE(lsa))) {
2096 zlog_debug(
2097 "Link State Update[%s]: has Max Seq but not MaxAge. Dropping it",
2098 dump_lsa_key(lsa));
2099
2100 DISCARD_LSA(lsa, 4);
76c1efd7
CS		 2101 }
2102
d62a17ae 2103 /* Actual flooding procedure. */
2104 if (ospf_flood(oi->ospf, nbr, current, lsa)
2105 < 0) /* Trap NSSA later. */
76c1efd7 2106 DISCARD_LSA(lsa, 5);
d62a17ae 2107 continue;
2108 }
2109
2110 /* (6) Else, If there is an instance of the LSA on the sending
2111 neighbor's Link state request list, an error has occurred in
2112 the Database Exchange process. In this case, restart the
2113 Database Exchange process by generating the neighbor event
2114 BadLSReq for the sending neighbor and stop processing the
2115 Link State Update packet. */
2116
2117 if (ospf_ls_request_lookup(nbr, lsa)) {
2118 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_BadLSReq);
c9cc11f6 2119 flog_warn(
cf444bcf 2120 EC_OSPF_PACKET,
d62a17ae 2121 "LSA[%s] instance exists on Link state request list",
2122 dump_lsa_key(lsa));
2123
2124 /* Clean list of LSAs. */
2125 ospf_upd_list_clean(lsas);
2126 /* this lsa is not on lsas list already. */
2127 ospf_lsa_discard(lsa);
2128 return;
2129 }
2130
2131 /* If the received LSA is the same instance as the database copy
2132 (i.e., neither one is more recent) the following two steps
2133 should be performed: */
2134
2135 if (ret == 0) {
2136 /* If the LSA is listed in the Link state retransmission
2137 list
2138 for the receiving adjacency, the router itself is
2139 expecting
2140 an acknowledgment for this LSA. The router should
2141 treat the
2142 received LSA as an acknowledgment by removing the LSA
2143 from
2144 the Link state retransmission list. This is termed
2145 an
2146 "implied acknowledgment". */
2147
2148 ls_ret = ospf_ls_retransmit_lookup(nbr, lsa);
2149
2150 if (ls_ret != NULL) {
2151 ospf_ls_retransmit_delete(nbr, ls_ret);
2152
2153 /* Delayed acknowledgment sent if advertisement
2154 received
2155 from Designated Router, otherwise do nothing.
2156 */
2157 if (oi->state == ISM_Backup)
2158 if (NBR_IS_DR(nbr))
2159 listnode_add(
2160 oi->ls_ack,
2161 ospf_lsa_lock(lsa));
2162
76c1efd7 2163 DISCARD_LSA(lsa, 6);
d62a17ae 2164 } else
2165 /* Acknowledge the receipt of the LSA by sending a
2166 Link State Acknowledgment packet back out the
2167 receiving
2168 interface. */
2169 {
2170 ospf_ls_ack_send(nbr, lsa);
76c1efd7 2171 DISCARD_LSA(lsa, 7);
d62a17ae 2172 }
2173 }
2174
2175 /* The database copy is more recent. If the database copy
2176 has LS age equal to MaxAge and LS sequence number equal to
2177 MaxSequenceNumber, simply discard the received LSA without
2178 acknowledging it. (In this case, the LSA's LS sequence number
2179 is
2180 wrapping, and the MaxSequenceNumber LSA must be completely
2181 flushed before any new LSA instance can be introduced). */
2182
2183 else if (ret > 0) /* Database copy is more recent */
2184 {
2185 if (IS_LSA_MAXAGE(current)
2186 && current->data->ls_seqnum
2187 == htonl(OSPF_MAX_SEQUENCE_NUMBER)) {
76c1efd7 2188 DISCARD_LSA(lsa, 8);
d62a17ae 2189 }
2190 /* Otherwise, as long as the database copy has not been
2191 sent in a
2192 Link State Update within the last MinLSArrival
2193 seconds, send the
2194 database copy back to the sending neighbor,
2195 encapsulated within
2196 a Link State Update Packet. The Link State Update
2197 Packet should
2198 be sent directly to the neighbor. In so doing, do not
2199 put the
2200 database copy of the LSA on the neighbor's link state
2201 retransmission list, and do not acknowledge the
2202 received (less
2203 recent) LSA instance. */
2204 else {
2205 if (monotime_since(&current->tv_orig, NULL)
2206 >= ospf->min_ls_arrival * 1000LL)
2207 /* Trap NSSA type later.*/
2208 ospf_ls_upd_send_lsa(
2209 nbr, current,
2210 OSPF_SEND_PACKET_DIRECT);
76c1efd7 2211 DISCARD_LSA(lsa, 9);
d62a17ae 2212 }
2213 }
2214 }
2cd754de
PJ		 2215#undef DISCARD_LSA
2216
d62a17ae 2217 assert(listcount(lsas) == 0);
6a154c88 2218 list_delete(&lsas);
718e3744 2219}
2220
2221/* OSPF Link State Acknowledgment message read -- RFC2328 Section 13.7. */
d62a17ae 2222static void ospf_ls_ack(struct ip *iph, struct ospf_header *ospfh,
2223 struct stream *s, struct ospf_interface *oi,
d7c0a89a 2224 uint16_t size)
d62a17ae 2225{
2226 struct ospf_neighbor *nbr;
2227
2228 /* increment statistics. */
2229 oi->ls_ack_in++;
2230
2231 nbr = ospf_nbr_lookup(oi, iph, ospfh);
2232 if (nbr == NULL) {
cf444bcf 2233 flog_warn(EC_OSPF_PACKET,
c9cc11f6 2234 "Link State Acknowledgment: Unknown Neighbor %s.",
d62a17ae 2235 inet_ntoa(ospfh->router_id));
2236 return;
2237 }
2238
2239 /* Add event to thread. */
2240 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_PacketReceived);
2241
2242 if (nbr->state < NSM_Exchange) {
2243 if (IS_DEBUG_OSPF(nsm, NSM_EVENTS))
2244 zlog_debug(
3efd0893 2245 "Link State Acknowledgment: Neighbor[%s] state %s is less than Exchange",
d62a17ae 2246 inet_ntoa(ospfh->router_id),
2247 lookup_msg(ospf_nsm_state_msg, nbr->state,
2248 NULL));
2249 return;
2250 }
2251
2252 while (size >= OSPF_LSA_HEADER_SIZE) {
2253 struct ospf_lsa *lsa, *lsr;
2254
2255 lsa = ospf_lsa_new();
2d34fb80 2256 lsa->data = (struct lsa_header *)stream_pnt(s);
b5a8894d 2257 lsa->vrf_id = oi->ospf->vrf_id;
d62a17ae 2258
2d34fb80 2259 /* lsah = (struct lsa_header *) stream_pnt (s); */
d62a17ae 2260 size -= OSPF_LSA_HEADER_SIZE;
2261 stream_forward_getp(s, OSPF_LSA_HEADER_SIZE);
2262
2263 if (lsa->data->type < OSPF_MIN_LSA
2264 || lsa->data->type >= OSPF_MAX_LSA) {
2265 lsa->data = NULL;
2266 ospf_lsa_discard(lsa);
2267 continue;
2268 }
2269
2270 lsr = ospf_ls_retransmit_lookup(nbr, lsa);
2271
2272 if (lsr != NULL && ospf_lsa_more_recent(lsr, lsa) == 0)
2273 ospf_ls_retransmit_delete(nbr, lsr);
2274
2275 lsa->data = NULL;
2276 ospf_lsa_discard(lsa);
2277 }
2278
2279 return;
2280}
2281
b5a8894d
CS		 2282static struct stream *ospf_recv_packet(struct ospf *ospf, int fd,
2283 struct interface **ifp,
d62a17ae 2284 struct stream *ibuf)
2285{
2286 int ret;
2287 struct ip *iph;
d7c0a89a 2288 uint16_t ip_len;
d62a17ae 2289 ifindex_t ifindex = 0;
2290 struct iovec iov;
2291 /* Header and data both require alignment. */
2292 char buff[CMSG_SPACE(SOPT_SIZE_CMSG_IFINDEX_IPV4())];
2293 struct msghdr msgh;
2294
2295 memset(&msgh, 0, sizeof(struct msghdr));
2296 msgh.msg_iov = &iov;
2297 msgh.msg_iovlen = 1;
2298 msgh.msg_control = (caddr_t)buff;
2299 msgh.msg_controllen = sizeof(buff);
2300
4392cc43
DS		 2301 ret = stream_recvmsg(ibuf, fd, &msgh, MSG_DONTWAIT,
2302 OSPF_MAX_PACKET_SIZE + 1);
d62a17ae 2303 if (ret < 0) {
4392cc43
DS		 2304 if (errno != EAGAIN && errno != EWOULDBLOCK)
2305 flog_warn(EC_OSPF_PACKET, "stream_recvmsg failed: %s",
2306 safe_strerror(errno));
d62a17ae 2307 return NULL;
2308 }
e947b307 2309 if ((unsigned int)ret < sizeof(struct ip)) {
c9cc11f6 2310 flog_warn(
cf444bcf 2311 EC_OSPF_PACKET,
3efd0893 2312 "ospf_recv_packet: discarding runt packet of length %d (ip header size is %u)",
d7c0a89a 2313 ret, (unsigned int)sizeof(iph));
d62a17ae 2314 return NULL;
2315 }
2316
2317 /* Note that there should not be alignment problems with this assignment
2318 because this is at the beginning of the stream data buffer. */
2319 iph = (struct ip *)STREAM_DATA(ibuf);
2320 sockopt_iphdrincl_swab_systoh(iph);
2321
2322 ip_len = iph->ip_len;
2323
bdee8083 2324#if defined(__FreeBSD__) && (__FreeBSD_version < 1000000)
d62a17ae 2325 /*
2326 * Kernel network code touches incoming IP header parameters,
2327 * before protocol specific processing.
2328 *
2329 * 1) Convert byteorder to host representation.
2330 * --> ip_len, ip_id, ip_off
2331 *
2332 * 2) Adjust ip_len to strip IP header size!
2333 * --> If user process receives entire IP packet via RAW
2334 * socket, it must consider adding IP header size to
2335 * the "ip_len" field of "ip" structure.
2336 *
2337 * For more details, see <netinet/ip_input.c>.
2338 */
2339 ip_len = ip_len + (iph->ip_hl << 2);
718e3744 2340#endif
d62a17ae 2341
0150c9c9 2342#if defined(__DragonFly__)
d62a17ae 2343 /*
2344 * in DragonFly's raw socket, ip_len/ip_off are read
2345 * in network byte order.
2346 * As OpenBSD < 200311 adjust ip_len to strip IP header size!
2347 */
2348 ip_len = ntohs(iph->ip_len) + (iph->ip_hl << 2);
0150c9c9
DB		 2349#endif
2350
d62a17ae 2351 ifindex = getsockopt_ifindex(AF_INET, &msgh);
2352
b5a8894d 2353 *ifp = if_lookup_by_index(ifindex, ospf->vrf_id);
d62a17ae 2354
2355 if (ret != ip_len) {
c9cc11f6 2356 flog_warn(
cf444bcf 2357 EC_OSPF_PACKET,
3efd0893 2358 "ospf_recv_packet read length mismatch: ip_len is %d, but recvmsg returned %d",
d62a17ae 2359 ip_len, ret);
2360 return NULL;
2361 }
718e3744 2362
868a0861 2363 if (IS_DEBUG_OSPF_PACKET(0, RECV))
15569c58
DA		 2364 zlog_debug("%s: fd %d(%s) on interface %d(%s)", __func__, fd,
2365 ospf_get_name(ospf), ifindex,
2366 *ifp ? (*ifp)->name : "Unknown");
d62a17ae 2367 return ibuf;
718e3744 2368}
2369
4dadc291 2370static struct ospf_interface *
d62a17ae 2371ospf_associate_packet_vl(struct ospf *ospf, struct interface *ifp,
2372 struct ip *iph, struct ospf_header *ospfh)
2373{
2374 struct ospf_interface *rcv_oi;
2375 struct ospf_vl_data *vl_data;
2376 struct ospf_area *vl_area;
2377 struct listnode *node;
2378
2379 if (IN_MULTICAST(ntohl(iph->ip_dst.s_addr))
2380 || !OSPF_IS_AREA_BACKBONE(ospfh))
2381 return NULL;
2382
2383 /* look for local OSPF interface matching the destination
2384 * to determine Area ID. We presume therefore the destination address
2385 * is unique, or at least (for "unnumbered" links), not used in other
2386 * areas
2387 */
2388 if ((rcv_oi = ospf_if_lookup_by_local_addr(ospf, NULL, iph->ip_dst))
2389 == NULL)
2390 return NULL;
2391
2392 for (ALL_LIST_ELEMENTS_RO(ospf->vlinks, node, vl_data)) {
2393 vl_area =
2394 ospf_area_lookup_by_area_id(ospf, vl_data->vl_area_id);
2395 if (!vl_area)
2396 continue;
2397
2398 if (OSPF_AREA_SAME(&vl_area, &rcv_oi->area)
2399 && IPV4_ADDR_SAME(&vl_data->vl_peer, &ospfh->router_id)) {
2400 if (IS_DEBUG_OSPF_EVENT)
2401 zlog_debug("associating packet with %s",
2402 IF_NAME(vl_data->vl_oi));
2403 if (!CHECK_FLAG(vl_data->vl_oi->ifp->flags, IFF_UP)) {
2404 if (IS_DEBUG_OSPF_EVENT)
2405 zlog_debug(
2406 "This VL is not up yet, sorry");
2407 return NULL;
2408 }
2409
2410 return vl_data->vl_oi;
2411 }
718e3744 2412 }
718e3744 2413
d62a17ae 2414 if (IS_DEBUG_OSPF_EVENT)
2415 zlog_debug("couldn't find any VL to associate the packet with");
2416
2417 return NULL;
718e3744 2418}
2419
d62a17ae 2420static int ospf_check_area_id(struct ospf_interface *oi,
2421 struct ospf_header *ospfh)
718e3744 2422{
d62a17ae 2423 /* Check match the Area ID of the receiving interface. */
2424 if (OSPF_AREA_SAME(&oi->area, &ospfh))
2425 return 1;
718e3744 2426
d62a17ae 2427 return 0;
718e3744 2428}
2429
2430/* Unbound socket will accept any Raw IP packets if proto is matched.
2431 To prevent it, compare src IP address and i/f address with masking
2432 i/f network mask. */
d62a17ae 2433static int ospf_check_network_mask(struct ospf_interface *oi,
2434 struct in_addr ip_src)
718e3744 2435{
d62a17ae 2436 struct in_addr mask, me, him;
718e3744 2437
d62a17ae 2438 if (oi->type == OSPF_IFTYPE_POINTOPOINT
2439 || oi->type == OSPF_IFTYPE_VIRTUALLINK)
2440 return 1;
718e3744 2441
d62a17ae 2442 masklen2ip(oi->address->prefixlen, &mask);
718e3744 2443
d62a17ae 2444 me.s_addr = oi->address->u.prefix4.s_addr & mask.s_addr;
2445 him.s_addr = ip_src.s_addr & mask.s_addr;
718e3744 2446
d62a17ae 2447 if (IPV4_ADDR_SAME(&me, &him))
2448 return 1;
718e3744 2449
d62a17ae 2450 return 0;
718e3744 2451}
2452
bd5651f0
DO		 2453/* Return 1, if the packet is properly authenticated and checksummed,
2454 0 otherwise. In particular, check that AuType header field is valid and
2455 matches the locally configured AuType, and that D.5 requirements are met. */
d62a17ae 2456static int ospf_check_auth(struct ospf_interface *oi, struct ospf_header *ospfh)
2457{
2458 struct crypt_key *ck;
d7c0a89a
QY		 2459 uint16_t iface_auth_type;
2460 uint16_t pkt_auth_type = ntohs(ospfh->auth_type);
d62a17ae 2461
2462 switch (pkt_auth_type) {
2463 case OSPF_AUTH_NULL: /* RFC2328 D.5.1 */
2464 if (OSPF_AUTH_NULL != (iface_auth_type = ospf_auth_type(oi))) {
2465 if (IS_DEBUG_OSPF_PACKET(ospfh->type - 1, RECV))
c9cc11f6 2466 flog_warn(
cf444bcf 2467 EC_OSPF_PACKET,
d62a17ae 2468 "interface %s: auth-type mismatch, local %s, rcvd Null",
2469 IF_NAME(oi),
2470 lookup_msg(ospf_auth_type_str,
2471 iface_auth_type, NULL));
2472 return 0;
2473 }
2474 if (!ospf_check_sum(ospfh)) {
2475 if (IS_DEBUG_OSPF_PACKET(ospfh->type - 1, RECV))
c9cc11f6 2476 flog_warn(
cf444bcf 2477 EC_OSPF_PACKET,
d62a17ae 2478 "interface %s: Null auth OK, but checksum error, Router-ID %s",
2479 IF_NAME(oi),
2480 inet_ntoa(ospfh->router_id));
2481 return 0;
2482 }
2483 return 1;
2484 case OSPF_AUTH_SIMPLE: /* RFC2328 D.5.2 */
2485 if (OSPF_AUTH_SIMPLE
2486 != (iface_auth_type = ospf_auth_type(oi))) {
2487 if (IS_DEBUG_OSPF_PACKET(ospfh->type - 1, RECV))
c9cc11f6 2488 flog_warn(
cf444bcf 2489 EC_OSPF_PACKET,
d62a17ae 2490 "interface %s: auth-type mismatch, local %s, rcvd Simple",
2491 IF_NAME(oi),
2492 lookup_msg(ospf_auth_type_str,
2493 iface_auth_type, NULL));
2494 return 0;
2495 }
2496 if (memcmp(OSPF_IF_PARAM(oi, auth_simple), ospfh->u.auth_data,
2497 OSPF_AUTH_SIMPLE_SIZE)) {
2498 if (IS_DEBUG_OSPF_PACKET(ospfh->type - 1, RECV))
cf444bcf 2499 flog_warn(EC_OSPF_PACKET,
c9cc11f6 2500 "interface %s: Simple auth failed",
d62a17ae 2501 IF_NAME(oi));
2502 return 0;
2503 }
2504 if (!ospf_check_sum(ospfh)) {
2505 if (IS_DEBUG_OSPF_PACKET(ospfh->type - 1, RECV))
c9cc11f6 2506 flog_warn(
cf444bcf 2507 EC_OSPF_PACKET,
d62a17ae 2508 "interface %s: Simple auth OK, checksum error, Router-ID %s",
2509 IF_NAME(oi),
2510 inet_ntoa(ospfh->router_id));
2511 return 0;
2512 }
2513 return 1;
2514 case OSPF_AUTH_CRYPTOGRAPHIC: /* RFC2328 D.5.3 */
2515 if (OSPF_AUTH_CRYPTOGRAPHIC
2516 != (iface_auth_type = ospf_auth_type(oi))) {
2517 if (IS_DEBUG_OSPF_PACKET(ospfh->type - 1, RECV))
c9cc11f6 2518 flog_warn(
cf444bcf 2519 EC_OSPF_PACKET,
d62a17ae 2520 "interface %s: auth-type mismatch, local %s, rcvd Cryptographic",
2521 IF_NAME(oi),
2522 lookup_msg(ospf_auth_type_str,
2523 iface_auth_type, NULL));
2524 return 0;
2525 }
2526 if (ospfh->checksum) {
2527 if (IS_DEBUG_OSPF_PACKET(ospfh->type - 1, RECV))
c9cc11f6 2528 flog_warn(
cf444bcf 2529 EC_OSPF_PACKET,
d62a17ae 2530 "interface %s: OSPF header checksum is not 0",
2531 IF_NAME(oi));
2532 return 0;
2533 }
2534 /* only MD5 crypto method can pass ospf_packet_examin() */
996c9314
LB		 2535 if (NULL == (ck = listgetdata(
2536 listtail(OSPF_IF_PARAM(oi, auth_crypt))))
2537 || ospfh->u.crypt.key_id != ck->key_id ||
2538 /* Condition above uses the last key ID on the list,
2539 which is
2540 different from what ospf_crypt_key_lookup() does. A
2541 bug? */
2542 !ospf_check_md5_digest(oi, ospfh)) {
d62a17ae 2543 if (IS_DEBUG_OSPF_PACKET(ospfh->type - 1, RECV))
cf444bcf 2544 flog_warn(EC_OSPF_MD5,
c9cc11f6 2545 "interface %s: MD5 auth failed",
d62a17ae 2546 IF_NAME(oi));
2547 return 0;
2548 }
2549 return 1;
2550 default:
2551 if (IS_DEBUG_OSPF_PACKET(ospfh->type - 1, RECV))
c9cc11f6 2552 flog_warn(
cf444bcf 2553 EC_OSPF_PACKET,
d62a17ae 2554 "interface %s: invalid packet auth-type (%02x)",
2555 IF_NAME(oi), pkt_auth_type);
2556 return 0;
2557 }
2558}
2559
2560static int ospf_check_sum(struct ospf_header *ospfh)
2561{
d7c0a89a
QY		 2562 uint32_t ret;
2563 uint16_t sum;
d62a17ae 2564
2565 /* clear auth_data for checksum. */
2566 memset(ospfh->u.auth_data, 0, OSPF_AUTH_SIMPLE_SIZE);
2567
2568 /* keep checksum and clear. */
2569 sum = ospfh->checksum;
d7c0a89a 2570 memset(&ospfh->checksum, 0, sizeof(uint16_t));
d62a17ae 2571
2572 /* calculate checksum. */
2573 ret = in_cksum(ospfh, ntohs(ospfh->length));
2574
2575 if (ret != sum) {
2576 zlog_info("ospf_check_sum(): checksum mismatch, my %X, his %X",
2577 ret, sum);
2578 return 0;
2579 }
2580
2581 return 1;
718e3744 2582}
2583
4e31de79
DO		 2584/* Verify, that given link/TOS records are properly sized/aligned and match
2585 Router-LSA "# links" and "# TOS" fields as specified in RFC2328 A.4.2. */
d62a17ae 2586static unsigned ospf_router_lsa_links_examin(struct router_lsa_link *link,
d7c0a89a
QY		 2587 uint16_t linkbytes,
2588 const uint16_t num_links)
d62a17ae 2589{
2590 unsigned counted_links = 0, thislinklen;
2591
04d6a0f8 2592 while (linkbytes >= OSPF_ROUTER_LSA_LINK_SIZE) {
d62a17ae 2593 thislinklen =
2594 OSPF_ROUTER_LSA_LINK_SIZE + 4 * link->m[0].tos_count;
2595 if (thislinklen > linkbytes) {
2596 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2597 zlog_debug("%s: length error in link block #%u",
2598 __func__, counted_links);
2599 return MSG_NG;
2600 }
2601 link = (struct router_lsa_link *)((caddr_t)link + thislinklen);
2602 linkbytes -= thislinklen;
2603 counted_links++;
2604 }
2605 if (counted_links != num_links) {
2606 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2607 zlog_debug("%s: %u link blocks declared, %u present",
2608 __func__, num_links, counted_links);
2609 return MSG_NG;
2610 }
2611 return MSG_OK;
4e31de79
DO		 2612}
2613
2614/* Verify, that the given LSA is properly sized/aligned (including type-specific
2615 minimum length constraint). */
d7c0a89a
QY		 2616static unsigned ospf_lsa_examin(struct lsa_header *lsah, const uint16_t lsalen,
2617 const uint8_t headeronly)
d62a17ae 2618{
2619 unsigned ret;
2620 struct router_lsa *rlsa;
2621 if (lsah->type < OSPF_MAX_LSA && ospf_lsa_minlen[lsah->type]
2622 && lsalen < OSPF_LSA_HEADER_SIZE + ospf_lsa_minlen[lsah->type]) {
2623 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2624 zlog_debug("%s: undersized (%u B) %s", __func__, lsalen,
2625 lookup_msg(ospf_lsa_type_msg, lsah->type,
2626 NULL));
2627 return MSG_NG;
2628 }
2629 switch (lsah->type) {
04d6a0f8
QY		 2630 case OSPF_ROUTER_LSA: {
2631 /*
2632 * RFC2328 A.4.2, LSA header + 4 bytes followed by N>=0
2633 * (12+)-byte link blocks
2634 */
2635 size_t linkbytes_len = lsalen - OSPF_LSA_HEADER_SIZE
2636 - OSPF_ROUTER_LSA_MIN_SIZE;
2637
2638 /*
2639 * LSA link blocks are variable length but always multiples of
2640 * 4; basic sanity check
2641 */
2642 if (linkbytes_len % 4 != 0)
2643 return MSG_NG;
2644
2645 if (headeronly)
2646 return MSG_OK;
2647
d62a17ae 2648 rlsa = (struct router_lsa *)lsah;
04d6a0f8 2649
d62a17ae 2650 ret = ospf_router_lsa_links_examin(
2651 (struct router_lsa_link *)rlsa->link,
04d6a0f8
QY		 2652 linkbytes_len,
2653 ntohs(rlsa->links));
d62a17ae 2654 break;
04d6a0f8 2655 }
d62a17ae 2656 case OSPF_AS_EXTERNAL_LSA:
2657 /* RFC2328 A.4.5, LSA header + 4 bytes followed by N>=1 12-bytes long
2658 * blocks */
2659 case OSPF_AS_NSSA_LSA:
2660 /* RFC3101 C, idem */
2661 ret = (lsalen - OSPF_LSA_HEADER_SIZE
2662 - OSPF_AS_EXTERNAL_LSA_MIN_SIZE)
2663 % 12
2664 ? MSG_NG
2665 : MSG_OK;
2666 break;
2667 /* Following LSA types are considered OK length-wise as soon as their
2668 * minimum
2669 * length constraint is met and length of the whole LSA is a multiple of
2670 * 4
2671 * (basic LSA header size is already a multiple of 4). */
2672 case OSPF_NETWORK_LSA:
2673 /* RFC2328 A.4.3, LSA header + 4 bytes followed by N>=1 router-IDs */
2674 case OSPF_SUMMARY_LSA:
2675 case OSPF_ASBR_SUMMARY_LSA:
2676 /* RFC2328 A.4.4, LSA header + 4 bytes followed by N>=1 4-bytes TOS
2677 * blocks */
2678 case OSPF_OPAQUE_LINK_LSA:
2679 case OSPF_OPAQUE_AREA_LSA:
2680 case OSPF_OPAQUE_AS_LSA:
2681 /* RFC5250 A.2, "some number of octets (of application-specific
2682 * data) padded to 32-bit alignment." This is considered
2683 * equivalent
2684 * to 4-byte alignment of all other LSA types, see
2685 * OSPF-ALIGNMENT.txt
2686 * file for the detailed analysis of this passage. */
2687 ret = lsalen % 4 ? MSG_NG : MSG_OK;
2688 break;
2689 default:
2690 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2691 zlog_debug("%s: unsupported LSA type 0x%02x", __func__,
2692 lsah->type);
2693 return MSG_NG;
2694 }
2695 if (ret != MSG_OK && IS_DEBUG_OSPF_PACKET(0, RECV))
2696 zlog_debug("%s: alignment error in %s", __func__,
2697 lookup_msg(ospf_lsa_type_msg, lsah->type, NULL));
2698 return ret;
4e31de79
DO		 2699}
2700
2701/* Verify if the provided input buffer is a valid sequence of LSAs. This
2702 includes verification of LSA blocks length/alignment and dispatching
2703 of deeper-level checks. */
2704static unsigned
d62a17ae 2705ospf_lsaseq_examin(struct lsa_header *lsah, /* start of buffered data */
d7c0a89a 2706 size_t length, const uint8_t headeronly,
d62a17ae 2707 /* When declared_num_lsas is not 0, compare it to the real
2708 number of LSAs
2709 and treat the difference as an error. */
d7c0a89a 2710 const uint32_t declared_num_lsas)
d62a17ae 2711{
d7c0a89a 2712 uint32_t counted_lsas = 0;
d62a17ae 2713
2714 while (length) {
d7c0a89a 2715 uint16_t lsalen;
d62a17ae 2716 if (length < OSPF_LSA_HEADER_SIZE) {
2717 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2718 zlog_debug(
2719 "%s: undersized (%zu B) trailing (#%u) LSA header",
2720 __func__, length, counted_lsas);
2721 return MSG_NG;
2722 }
2723 /* save on ntohs() calls here and in the LSA validator */
2724 lsalen = ntohs(lsah->length);
2725 if (lsalen < OSPF_LSA_HEADER_SIZE) {
2726 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2727 zlog_debug(
2728 "%s: malformed LSA header #%u, declared length is %u B",
2729 __func__, counted_lsas, lsalen);
2730 return MSG_NG;
2731 }
2732 if (headeronly) {
2733 /* less checks here and in ospf_lsa_examin() */
2734 if (MSG_OK != ospf_lsa_examin(lsah, lsalen, 1)) {
2735 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2736 zlog_debug(
2737 "%s: malformed header-only LSA #%u",
2738 __func__, counted_lsas);
2739 return MSG_NG;
2740 }
2741 lsah = (struct lsa_header *)((caddr_t)lsah
2742 + OSPF_LSA_HEADER_SIZE);
2743 length -= OSPF_LSA_HEADER_SIZE;
2744 } else {
2745 /* make sure the input buffer is deep enough before
2746 * further checks */
2747 if (lsalen > length) {
2748 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2749 zlog_debug(
2750 "%s: anomaly in LSA #%u: declared length is %u B, buffered length is %zu B",
2751 __func__, counted_lsas, lsalen,
2752 length);
2753 return MSG_NG;
2754 }
2755 if (MSG_OK != ospf_lsa_examin(lsah, lsalen, 0)) {
2756 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2757 zlog_debug("%s: malformed LSA #%u",
2758 __func__, counted_lsas);
2759 return MSG_NG;
2760 }
2761 lsah = (struct lsa_header *)((caddr_t)lsah + lsalen);
2762 length -= lsalen;
2763 }
2764 counted_lsas++;
2765 }
2766
2767 if (declared_num_lsas && counted_lsas != declared_num_lsas) {
2768 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2769 zlog_debug(
2770 "%s: #LSAs declared (%u) does not match actual (%u)",
2771 __func__, declared_num_lsas, counted_lsas);
2772 return MSG_NG;
2773 }
2774 return MSG_OK;
4e31de79
DO		 2775}
2776
75c8eabb 2777/* Verify a complete OSPF packet for proper sizing/alignment. */
d62a17ae 2778static unsigned ospf_packet_examin(struct ospf_header *oh,
2779 const unsigned bytesonwire)
2780{
d7c0a89a 2781 uint16_t bytesdeclared, bytesauth;
d62a17ae 2782 unsigned ret;
2783 struct ospf_ls_update *lsupd;
2784
2785 /* Length, 1st approximation. */
2786 if (bytesonwire < OSPF_HEADER_SIZE) {
2787 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2788 zlog_debug("%s: undersized (%u B) packet", __func__,
2789 bytesonwire);
2790 return MSG_NG;
2791 }
2792 /* Now it is safe to access header fields. Performing length check,
2793 * allow
2794 * for possible extra bytes of crypto auth/padding, which are not
2795 * counted
2796 * in the OSPF header "length" field. */
2797 if (oh->version != OSPF_VERSION) {
2798 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2799 zlog_debug("%s: invalid (%u) protocol version",
2800 __func__, oh->version);
2801 return MSG_NG;
2802 }
2803 bytesdeclared = ntohs(oh->length);
2804 if (ntohs(oh->auth_type) != OSPF_AUTH_CRYPTOGRAPHIC)
2805 bytesauth = 0;
2806 else {
2807 if (oh->u.crypt.auth_data_len != OSPF_AUTH_MD5_SIZE) {
2808 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2809 zlog_debug(
2810 "%s: unsupported crypto auth length (%u B)",
2811 __func__, oh->u.crypt.auth_data_len);
2812 return MSG_NG;
2813 }
2814 bytesauth = OSPF_AUTH_MD5_SIZE;
2815 }
2816 if (bytesdeclared + bytesauth > bytesonwire) {
2817 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2818 zlog_debug(
2819 "%s: packet length error (%u real, %u+%u declared)",
2820 __func__, bytesonwire, bytesdeclared,
2821 bytesauth);
2822 return MSG_NG;
2823 }
2824 /* Length, 2nd approximation. The type-specific constraint is checked
2825 against declared length, not amount of bytes on wire. */
2826 if (oh->type >= OSPF_MSG_HELLO && oh->type <= OSPF_MSG_LS_ACK
2827 && bytesdeclared
2828 < OSPF_HEADER_SIZE + ospf_packet_minlen[oh->type]) {
2829 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2830 zlog_debug("%s: undersized (%u B) %s packet", __func__,
2831 bytesdeclared,
2832 lookup_msg(ospf_packet_type_str, oh->type,
2833 NULL));
2834 return MSG_NG;
2835 }
2836 switch (oh->type) {
2837 case OSPF_MSG_HELLO:
2838 /* RFC2328 A.3.2, packet header + OSPF_HELLO_MIN_SIZE bytes
2839 followed
2840 by N>=0 router-IDs. */
2841 ret = (bytesdeclared - OSPF_HEADER_SIZE - OSPF_HELLO_MIN_SIZE)
2842 % 4
2843 ? MSG_NG
2844 : MSG_OK;
2845 break;
2846 case OSPF_MSG_DB_DESC:
2847 /* RFC2328 A.3.3, packet header + OSPF_DB_DESC_MIN_SIZE bytes
2848 followed
2849 by N>=0 header-only LSAs. */
2850 ret = ospf_lsaseq_examin(
2851 (struct lsa_header *)((caddr_t)oh + OSPF_HEADER_SIZE
2852 + OSPF_DB_DESC_MIN_SIZE),
2853 bytesdeclared - OSPF_HEADER_SIZE
2854 - OSPF_DB_DESC_MIN_SIZE,
2855 1, /* header-only LSAs */
2856 0);
2857 break;
2858 case OSPF_MSG_LS_REQ:
2859 /* RFC2328 A.3.4, packet header followed by N>=0 12-bytes
2860 * request blocks. */
2861 ret = (bytesdeclared - OSPF_HEADER_SIZE - OSPF_LS_REQ_MIN_SIZE)
2862 % OSPF_LSA_KEY_SIZE
2863 ? MSG_NG
2864 : MSG_OK;
2865 break;
2866 case OSPF_MSG_LS_UPD:
2867 /* RFC2328 A.3.5, packet header + OSPF_LS_UPD_MIN_SIZE bytes
2868 followed
2869 by N>=0 full LSAs (with N declared beforehand). */
2870 lsupd = (struct ospf_ls_update *)((caddr_t)oh
2871 + OSPF_HEADER_SIZE);
2872 ret = ospf_lsaseq_examin(
2873 (struct lsa_header *)((caddr_t)lsupd
2874 + OSPF_LS_UPD_MIN_SIZE),
2875 bytesdeclared - OSPF_HEADER_SIZE - OSPF_LS_UPD_MIN_SIZE,
2876 0, /* full LSAs */
2877 ntohl(lsupd->num_lsas) /* 32 bits */
9d303b37 2878 );
d62a17ae 2879 break;
2880 case OSPF_MSG_LS_ACK:
2881 /* RFC2328 A.3.6, packet header followed by N>=0 header-only
2882 * LSAs. */
2883 ret = ospf_lsaseq_examin(
2884 (struct lsa_header *)((caddr_t)oh + OSPF_HEADER_SIZE
2885 + OSPF_LS_ACK_MIN_SIZE),
2886 bytesdeclared - OSPF_HEADER_SIZE - OSPF_LS_ACK_MIN_SIZE,
2887 1, /* header-only LSAs */
2888 0);
2889 break;
2890 default:
2891 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2892 zlog_debug("%s: invalid packet type 0x%02x", __func__,
2893 oh->type);
2894 return MSG_NG;
2895 }
2896 if (ret != MSG_OK && IS_DEBUG_OSPF_PACKET(0, RECV))
2897 zlog_debug("%s: malformed %s packet", __func__,
2898 lookup_msg(ospf_packet_type_str, oh->type, NULL));
2899 return ret;
75c8eabb
DO		 2900}
2901
718e3744 2902/* OSPF Header verification. */
d62a17ae 2903static int ospf_verify_header(struct stream *ibuf, struct ospf_interface *oi,
2904 struct ip *iph, struct ospf_header *ospfh)
2905{
2906 /* Check Area ID. */
2907 if (!ospf_check_area_id(oi, ospfh)) {
cf444bcf 2908 flog_warn(EC_OSPF_PACKET,
c9cc11f6 2909 "interface %s: ospf_read invalid Area ID %s.",
d62a17ae 2910 IF_NAME(oi), inet_ntoa(ospfh->area_id));
2911 return -1;
2912 }
718e3744 2913
d62a17ae 2914 /* Check network mask, Silently discarded. */
2915 if (!ospf_check_network_mask(oi, iph->ip_src)) {
c9cc11f6 2916 flog_warn(
cf444bcf 2917 EC_OSPF_PACKET,
d62a17ae 2918 "interface %s: ospf_read network address is not same [%s]",
2919 IF_NAME(oi), inet_ntoa(iph->ip_src));
2920 return -1;
2921 }
718e3744 2922
d62a17ae 2923 /* Check authentication. The function handles logging actions, where
2924 * required. */
2925 if (!ospf_check_auth(oi, ospfh))
2926 return -1;
718e3744 2927
d62a17ae 2928 return 0;
718e3744 2929}
2930
02637513
DS		 2931enum ospf_read_return_enum {
2932 OSPF_READ_ERROR,
2933 OSPF_READ_CONTINUE,
2934};
2935
2936static enum ospf_read_return_enum ospf_read_helper(struct ospf *ospf)
d62a17ae 2937{
2938 int ret;
2939 struct stream *ibuf;
d62a17ae 2940 struct ospf_interface *oi;
2941 struct ip *iph;
2942 struct ospf_header *ospfh;
d7c0a89a 2943 uint16_t length;
d62a17ae 2944 struct connected *c;
02637513 2945 struct interface *ifp = NULL;
d62a17ae 2946
02637513
DS		 2947 stream_reset(ospf->ibuf);
2948 ibuf = ospf_recv_packet(ospf, ospf->fd, &ifp, ospf->ibuf);
2949 if (ibuf == NULL)
2950 return OSPF_READ_ERROR;
d62a17ae 2951
02637513
DS		 2952 /*
2953 * This raw packet is known to be at least as big as its
2954 * IP header. Note that there should not be alignment problems with
2955 * this assignment because this is at the beginning of the
2956 * stream data buffer.
2957 */
2958 iph = (struct ip *)STREAM_DATA(ibuf);
2959 /*
2960 * Note that sockopt_iphdrincl_swab_systoh was called in
2961 * ospf_recv_packet.
2962 */
2963 if (ifp == NULL) {
4392cc43 2964 /*
02637513
DS		 2965 * Handle cases where the platform does not support
2966 * retrieving the ifindex, and also platforms (such as
2967 * Solaris 8) that claim to support ifindex retrieval but do
2968 * not.
4392cc43 2969 */
02637513
DS		 2970 c = if_lookup_address((void *)&iph->ip_src, AF_INET,
2971 ospf->vrf_id);
2972 if (c)
2973 ifp = c->ifp;
868a0861 2974 if (ifp == NULL) {
02637513 2975 if (IS_DEBUG_OSPF_PACKET(0, RECV))
4392cc43 2976 zlog_debug(
02637513 2977 "%s: Unable to determine incoming interface from: %s(%s)",
15569c58 2978 __func__, inet_ntoa(iph->ip_src),
02637513
DS		 2979 ospf_get_name(ospf));
2980 return OSPF_READ_CONTINUE;
d62a17ae 2981 }
02637513 2982 }
d62a17ae 2983
02637513
DS		 2984 /* Self-originated packet should be discarded silently. */
2985 if (ospf_if_lookup_by_local_addr(ospf, NULL, iph->ip_src)) {
2986 if (IS_DEBUG_OSPF_PACKET(0, RECV)) {
2987 zlog_debug(
2988 "ospf_read[%s]: Dropping self-originated packet",
2989 inet_ntoa(iph->ip_src));
2990 }
2991 return OSPF_READ_CONTINUE;
2992 }
d62a17ae 2993
01e3c376
QY		 2994 /* Check that we have enough for an IP header */
2995 if ((unsigned int)(iph->ip_hl << 2) >= STREAM_READABLE(ibuf)) {
2996 if ((unsigned int)(iph->ip_hl << 2) == STREAM_READABLE(ibuf)) {
2997 flog_warn(
2998 EC_OSPF_PACKET,
2999 "Rx'd IP packet with OSPF protocol number but no payload");
3000 } else {
3001 flog_warn(
3002 EC_OSPF_PACKET,
3003 "IP header length field claims header is %u bytes, but we only have %zu",
3004 (unsigned int)(iph->ip_hl << 2),
3005 STREAM_READABLE(ibuf));
3006 }
3007
3008 return OSPF_READ_ERROR;
3009 }
3010 stream_forward_getp(ibuf, iph->ip_hl << 2);
d62a17ae 3011
02637513
DS		 3012 ospfh = (struct ospf_header *)stream_pnt(ibuf);
3013 if (MSG_OK
3014 != ospf_packet_examin(ospfh, stream_get_endp(ibuf)
3015 - stream_get_getp(ibuf)))
3016 return OSPF_READ_CONTINUE;
3017 /* Now it is safe to access all fields of OSPF packet header. */
4392cc43 3018
02637513
DS		 3019 /* associate packet with ospf interface */
3020 oi = ospf_if_lookup_recv_if(ospf, iph->ip_src, ifp);
4392cc43 3021
02637513
DS		 3022 /*
3023 * ospf_verify_header() relies on a valid "oi" and thus can be called
3024 * only after the passive/backbone/other checks below are passed.
3025 * These checks in turn access the fields of unverified "ospfh"
3026 * structure for their own purposes and must remain very accurate
3027 * in doing this.
3028 */
4392cc43 3029
02637513
DS		 3030 /* If incoming interface is passive one, ignore it. */
3031 if (oi && OSPF_IF_PASSIVE_STATUS(oi) == OSPF_IF_PASSIVE) {
3032 char buf[3][INET_ADDRSTRLEN];
4392cc43 3033
02637513
DS		 3034 if (IS_DEBUG_OSPF_EVENT)
3035 zlog_debug(
3036 "ignoring packet from router %s sent to %s, received on a passive interface, %s",
3037 inet_ntop(AF_INET, &ospfh->router_id, buf[0],
d62a17ae 3038 sizeof(buf[0])),
3039 inet_ntop(AF_INET, &iph->ip_dst, buf[1],
3040 sizeof(buf[1])),
02637513
DS		 3041 inet_ntop(AF_INET, &oi->address->u.prefix4,
3042 buf[2], sizeof(buf[2])));
d62a17ae 3043
02637513
DS		 3044 if (iph->ip_dst.s_addr == htonl(OSPF_ALLSPFROUTERS)) {
3045 /* Try to fix multicast membership.
3046 * Some OS:es may have problems in this area,
3047 * make sure it is removed.
3048 */
3049 OI_MEMBER_JOINED(oi, MEMBER_ALLROUTERS);
d62a17ae 3050 ospf_if_set_multicast(oi);
3051 }
02637513
DS		 3052 return OSPF_READ_CONTINUE;
3053 }
d62a17ae 3054
02637513
DS		 3055
3056 /* if no local ospf_interface,
3057 * or header area is backbone but ospf_interface is not
3058 * check for VLINK interface
3059 */
3060 if ((oi == NULL)
3061 || (OSPF_IS_AREA_ID_BACKBONE(ospfh->area_id)
3062 && !OSPF_IS_AREA_ID_BACKBONE(oi->area->area_id))) {
3063 if ((oi = ospf_associate_packet_vl(ospf, ifp, iph, ospfh))
3064 == NULL) {
3065 if (!ospf->instance && IS_DEBUG_OSPF_EVENT)
d62a17ae 3066 zlog_debug(
02637513
DS		 3067 "Packet from [%s] received on link %s but no ospf_interface",
3068 inet_ntoa(iph->ip_src), ifp->name);
3069 return OSPF_READ_CONTINUE;
d62a17ae 3070 }
02637513 3071 }
d62a17ae 3072
02637513
DS		 3073 /*
3074 * else it must be a local ospf interface, check it was
3075 * received on correct link
3076 */
3077 else if (oi->ifp != ifp) {
3078 if (IS_DEBUG_OSPF_EVENT)
3079 flog_warn(EC_OSPF_PACKET,
3080 "Packet from [%s] received on wrong link %s",
3081 inet_ntoa(iph->ip_src), ifp->name);
3082 return OSPF_READ_CONTINUE;
3083 } else if (oi->state == ISM_Down) {
3084 char buf[2][INET_ADDRSTRLEN];
d62a17ae 3085
02637513
DS		 3086 flog_warn(
3087 EC_OSPF_PACKET,
3088 "Ignoring packet from %s to %s received on interface that is down [%s]; interface flags are %s",
3089 inet_ntop(AF_INET, &iph->ip_src, buf[0],
3090 sizeof(buf[0])),
3091 inet_ntop(AF_INET, &iph->ip_dst, buf[1],
3092 sizeof(buf[1])),
3093 ifp->name, if_flag_dump(ifp->flags));
3094 /* Fix multicast memberships? */
3095 if (iph->ip_dst.s_addr == htonl(OSPF_ALLSPFROUTERS))
3096 OI_MEMBER_JOINED(oi, MEMBER_ALLROUTERS);
3097 else if (iph->ip_dst.s_addr == htonl(OSPF_ALLDROUTERS))
3098 OI_MEMBER_JOINED(oi, MEMBER_DROUTERS);
3099 if (oi->multicast_memberships)
3100 ospf_if_set_multicast(oi);
3101 return OSPF_READ_CONTINUE;
3102 }
d62a17ae 3103
02637513
DS		 3104 /*
3105 * If the received packet is destined for AllDRouters, the
3106 * packet should be accepted only if the received ospf
3107 * interface state is either DR or Backup -- endo.
3108 *
3109 * I wonder who endo is?
3110 */
3111 if (iph->ip_dst.s_addr == htonl(OSPF_ALLDROUTERS)
3112 && (oi->state != ISM_DR && oi->state != ISM_Backup)) {
3113 flog_warn(
3114 EC_OSPF_PACKET,
3115 "Dropping packet for AllDRouters from [%s] via [%s] (ISM: %s)",
3116 inet_ntoa(iph->ip_src), IF_NAME(oi),
3117 lookup_msg(ospf_ism_state_msg, oi->state, NULL));
3118 /* Try to fix multicast membership. */
3119 SET_FLAG(oi->multicast_memberships, MEMBER_DROUTERS);
3120 ospf_if_set_multicast(oi);
3121 return OSPF_READ_CONTINUE;
3122 }
3123
3124 /* Verify more OSPF header fields. */
3125 ret = ospf_verify_header(ibuf, oi, iph, ospfh);
3126 if (ret < 0) {
3127 if (IS_DEBUG_OSPF_PACKET(0, RECV))
3128 zlog_debug(
3efd0893 3129 "ospf_read[%s]: Header check failed, dropping.",
02637513
DS		 3130 inet_ntoa(iph->ip_src));
3131 return OSPF_READ_CONTINUE;
3132 }
3133
3134 /* Show debug receiving packet. */
3135 if (IS_DEBUG_OSPF_PACKET(ospfh->type - 1, RECV)) {
3136 if (IS_DEBUG_OSPF_PACKET(ospfh->type - 1, DETAIL)) {
3137 zlog_debug(
3138 "-----------------------------------------------------");
3139 ospf_packet_dump(ibuf);
d62a17ae 3140 }
3141
02637513
DS		 3142 zlog_debug("%s received from [%s] via [%s]",
3143 lookup_msg(ospf_packet_type_str, ospfh->type, NULL),
3144 inet_ntoa(ospfh->router_id), IF_NAME(oi));
3145 zlog_debug(" src [%s],", inet_ntoa(iph->ip_src));
3146 zlog_debug(" dst [%s]", inet_ntoa(iph->ip_dst));
d62a17ae 3147
02637513
DS		 3148 if (IS_DEBUG_OSPF_PACKET(ospfh->type - 1, DETAIL))
3149 zlog_debug(
3150 "-----------------------------------------------------");
3151 }
d62a17ae 3152
02637513
DS		 3153 stream_forward_getp(ibuf, OSPF_HEADER_SIZE);
3154
3155 /* Adjust size to message length. */
3156 length = ntohs(ospfh->length) - OSPF_HEADER_SIZE;
3157
3158 /* Read rest of the packet and call each sort of packet routine.
3159 */
3160 switch (ospfh->type) {
3161 case OSPF_MSG_HELLO:
3162 ospf_hello(iph, ospfh, ibuf, oi, length);
3163 break;
3164 case OSPF_MSG_DB_DESC:
3165 ospf_db_desc(iph, ospfh, ibuf, oi, length);
3166 break;
3167 case OSPF_MSG_LS_REQ:
3168 ospf_ls_req(iph, ospfh, ibuf, oi, length);
3169 break;
3170 case OSPF_MSG_LS_UPD:
3171 ospf_ls_upd(ospf, iph, ospfh, ibuf, oi, length);
3172 break;
3173 case OSPF_MSG_LS_ACK:
3174 ospf_ls_ack(iph, ospfh, ibuf, oi, length);
3175 break;
3176 default:
3177 flog_warn(
3178 EC_OSPF_PACKET,
3179 "interface %s(%s): OSPF packet header type %d is illegal",
3180 IF_NAME(oi), ospf_get_name(ospf), ospfh->type);
3181 break;
3182 }
3183
3184 return OSPF_READ_CONTINUE;
3185}
3186
3187/* Starting point of packet process function. */
3188int ospf_read(struct thread *thread)
3189{
3190 struct ospf *ospf;
3191 int32_t count = 0;
3192 enum ospf_read_return_enum ret;
3193
3194 /* first of all get interface pointer. */
3195 ospf = THREAD_ARG(thread);
3196
3197 /* prepare for next packet. */
3198 thread_add_read(master, ospf_read, ospf, ospf->fd, &ospf->t_read);
3199
3200 while (count < ospf->write_oi_count) {
3201 count++;
3202 ret = ospf_read_helper(ospf);
3203 switch (ret) {
3204 case OSPF_READ_ERROR:
3205 return -1;
02637513 3206 case OSPF_READ_CONTINUE:
4392cc43
DS		 3207 break;
3208 }
d62a17ae 3209 }
3210
b10ce841 3211 return 0;
718e3744 3212}
3213
3214/* Make OSPF header. */
d62a17ae 3215static void ospf_make_header(int type, struct ospf_interface *oi,
3216 struct stream *s)
718e3744 3217{
d62a17ae 3218 struct ospf_header *ospfh;
718e3744 3219
d62a17ae 3220 ospfh = (struct ospf_header *)STREAM_DATA(s);
718e3744 3221
d7c0a89a
QY		 3222 ospfh->version = (uint8_t)OSPF_VERSION;
3223 ospfh->type = (uint8_t)type;
718e3744 3224
d62a17ae 3225 ospfh->router_id = oi->ospf->router_id;
718e3744 3226
d62a17ae 3227 ospfh->checksum = 0;
3228 ospfh->area_id = oi->area->area_id;
3229 ospfh->auth_type = htons(ospf_auth_type(oi));
718e3744 3230
d62a17ae 3231 memset(ospfh->u.auth_data, 0, OSPF_AUTH_SIMPLE_SIZE);
718e3744 3232
d62a17ae 3233 stream_forward_endp(s, OSPF_HEADER_SIZE);
718e3744 3234}
3235
3236/* Make Authentication Data. */
d62a17ae 3237static int ospf_make_auth(struct ospf_interface *oi, struct ospf_header *ospfh)
3238{
3239 struct crypt_key *ck;
3240
3241 switch (ospf_auth_type(oi)) {
3242 case OSPF_AUTH_NULL:
0d6f7fd6 3243 /* memset (ospfh->u.auth_data, 0, sizeof(ospfh->u.auth_data));
d62a17ae 3244 */
3245 break;
3246 case OSPF_AUTH_SIMPLE:
3247 memcpy(ospfh->u.auth_data, OSPF_IF_PARAM(oi, auth_simple),
3248 OSPF_AUTH_SIMPLE_SIZE);
3249 break;
3250 case OSPF_AUTH_CRYPTOGRAPHIC:
3251 /* If key is not set, then set 0. */
3252 if (list_isempty(OSPF_IF_PARAM(oi, auth_crypt))) {
3253 ospfh->u.crypt.zero = 0;
3254 ospfh->u.crypt.key_id = 0;
3255 ospfh->u.crypt.auth_data_len = OSPF_AUTH_MD5_SIZE;
3256 } else {
3257 ck = listgetdata(
3258 listtail(OSPF_IF_PARAM(oi, auth_crypt)));
3259 ospfh->u.crypt.zero = 0;
3260 ospfh->u.crypt.key_id = ck->key_id;
3261 ospfh->u.crypt.auth_data_len = OSPF_AUTH_MD5_SIZE;
3262 }
3263 /* note: the seq is done in ospf_make_md5_digest() */
3264 break;
3265 default:
0d6f7fd6 3266 /* memset (ospfh->u.auth_data, 0, sizeof(ospfh->u.auth_data));
d62a17ae 3267 */
3268 break;
718e3744 3269 }
718e3744 3270
d62a17ae 3271 return 0;
718e3744 3272}
3273
3274/* Fill rest of OSPF header. */
d62a17ae 3275static void ospf_fill_header(struct ospf_interface *oi, struct stream *s,
d7c0a89a 3276 uint16_t length)
d62a17ae 3277{
3278 struct ospf_header *ospfh;
3279
3280 ospfh = (struct ospf_header *)STREAM_DATA(s);
3281
3282 /* Fill length. */
3283 ospfh->length = htons(length);
3284
3285 /* Calculate checksum. */
3286 if (ntohs(ospfh->auth_type) != OSPF_AUTH_CRYPTOGRAPHIC)
3287 ospfh->checksum = in_cksum(ospfh, length);
3288 else
3289 ospfh->checksum = 0;
3290
3291 /* Add Authentication Data. */
3292 ospf_make_auth(oi, ospfh);
3293}
3294
3295static int ospf_make_hello(struct ospf_interface *oi, struct stream *s)
3296{
3297 struct ospf_neighbor *nbr;
3298 struct route_node *rn;
d7c0a89a 3299 uint16_t length = OSPF_HELLO_MIN_SIZE;
d62a17ae 3300 struct in_addr mask;
3301 unsigned long p;
3302 int flag = 0;
3303
3304 /* Set netmask of interface. */
3305 if (!(CHECK_FLAG(oi->connected->flags, ZEBRA_IFA_UNNUMBERED)
3306 && oi->type == OSPF_IFTYPE_POINTOPOINT)
3307 && oi->type != OSPF_IFTYPE_VIRTUALLINK)
3308 masklen2ip(oi->address->prefixlen, &mask);
3309 else
3310 memset((char *)&mask, 0, sizeof(struct in_addr));
3311 stream_put_ipv4(s, mask.s_addr);
3312
3313 /* Set Hello Interval. */
3314 if (OSPF_IF_PARAM(oi, fast_hello) == 0)
3315 stream_putw(s, OSPF_IF_PARAM(oi, v_hello));
3316 else
3317 stream_putw(s, 0); /* hello-interval of 0 for fast-hellos */
3318
3319 if (IS_DEBUG_OSPF_EVENT)
3320 zlog_debug("make_hello: options: %x, int: %s", OPTIONS(oi),
3321 IF_NAME(oi));
3322
3323 /* Set Options. */
3324 stream_putc(s, OPTIONS(oi));
3325
3326 /* Set Router Priority. */
3327 stream_putc(s, PRIORITY(oi));
3328
3329 /* Set Router Dead Interval. */
3330 stream_putl(s, OSPF_IF_PARAM(oi, v_wait));
3331
3332 /* Set Designated Router. */
3333 stream_put_ipv4(s, DR(oi).s_addr);
3334
3335 p = stream_get_endp(s);
3336
3337 /* Set Backup Designated Router. */
3338 stream_put_ipv4(s, BDR(oi).s_addr);
3339
3340 /* Add neighbor seen. */
3341 for (rn = route_top(oi->nbrs); rn; rn = route_next(rn))
3342 if ((nbr = rn->info))
3343 if (nbr->router_id.s_addr
975a328e 3344 != INADDR_ANY) /* Ignore 0.0.0.0 node. */
d62a17ae 3345 if (nbr->state
3346 != NSM_Attempt) /* Ignore Down neighbor. */
3347 if (nbr->state
3348 != NSM_Down) /* This is myself for
3349 DR election. */
3350 if (!IPV4_ADDR_SAME(
3351 &nbr->router_id,
3352 &oi->ospf->router_id)) {
3353 /* Check neighbor is
3354 * sane? */
3355 if (nbr->d_router.s_addr
975a328e 3356 != INADDR_ANY
d62a17ae 3357 && IPV4_ADDR_SAME(
975a328e
DA		 3358 &nbr->d_router,
3359 &oi->address
3360 ->u
3361 .prefix4)
d62a17ae 3362 && IPV4_ADDR_SAME(
975a328e
DA		 3363 &nbr->bd_router,
3364 &oi->address
3365 ->u
3366 .prefix4))
d62a17ae 3367 flag = 1;
3368
9b18d58e
NS		 3369 /* Hello packet overflows interface MTU. */
3370 if (length + sizeof(uint32_t)
3371 > ospf_packet_max(oi)) {
3372 flog_err(
3373 EC_OSPF_LARGE_HELLO,
c531be7c 3374 "Oversized Hello packet! Larger than MTU. Not sending it out");
9b18d58e
NS		 3375 return 0;
3376 }
3377
d62a17ae 3378 stream_put_ipv4(
3379 s,
3380 nbr->router_id
3381 .s_addr);
3382 length += 4;
3383 }
3384
3385 /* Let neighbor generate BackupSeen. */
3386 if (flag == 1)
3387 stream_putl_at(s, p, 0); /* ipv4 address, normally */
3388
3389 return length;
3390}
3391
3392static int ospf_make_db_desc(struct ospf_interface *oi,
3393 struct ospf_neighbor *nbr, struct stream *s)
3394{
3395 struct ospf_lsa *lsa;
d7c0a89a
QY		 3396 uint16_t length = OSPF_DB_DESC_MIN_SIZE;
3397 uint8_t options;
d62a17ae 3398 unsigned long pp;
3399 int i;
3400 struct ospf_lsdb *lsdb;
3401
3402 /* Set Interface MTU. */
3403 if (oi->type == OSPF_IFTYPE_VIRTUALLINK)
3404 stream_putw(s, 0);
3405 else
3406 stream_putw(s, oi->ifp->mtu);
3407
3408 /* Set Options. */
3409 options = OPTIONS(oi);
3410 if (CHECK_FLAG(oi->ospf->config, OSPF_OPAQUE_CAPABLE))
3411 SET_FLAG(options, OSPF_OPTION_O);
3412 stream_putc(s, options);
3413
3414 /* DD flags */
3415 pp = stream_get_endp(s);
3416 stream_putc(s, nbr->dd_flags);
3417
3418 /* Set DD Sequence Number. */
3419 stream_putl(s, nbr->dd_seqnum);
3420
3421 /* shortcut unneeded walk of (empty) summary LSDBs */
3422 if (ospf_db_summary_isempty(nbr))
3423 goto empty;
3424
3425 /* Describe LSA Header from Database Summary List. */
3426 lsdb = &nbr->db_sum;
3427
3428 for (i = OSPF_MIN_LSA; i < OSPF_MAX_LSA; i++) {
3429 struct route_table *table = lsdb->type[i].db;
3430 struct route_node *rn;
3431
3432 for (rn = route_top(table); rn; rn = route_next(rn))
3433 if ((lsa = rn->info) != NULL) {
3434 if (IS_OPAQUE_LSA(lsa->data->type)
3435 && (!CHECK_FLAG(options, OSPF_OPTION_O))) {
3436 /* Suppress advertising
0437e105 3437 * opaque-information. */
d62a17ae 3438 /* Remove LSA from DB summary list. */
3439 ospf_lsdb_delete(lsdb, lsa);
3440 continue;
3441 }
3442
3443 if (!CHECK_FLAG(lsa->flags, OSPF_LSA_DISCARD)) {
3444 struct lsa_header *lsah;
d7c0a89a 3445 uint16_t ls_age;
d62a17ae 3446
3447 /* DD packet overflows interface MTU. */
3448 if (length + OSPF_LSA_HEADER_SIZE
3449 > ospf_packet_max(oi))
3450 break;
3451
3452 /* Keep pointer to LS age. */
3453 lsah = (struct lsa_header
3454 *)(STREAM_DATA(s)
3455 + stream_get_endp(
3456 s));
3457
3458 /* Proceed stream pointer. */
3459 stream_put(s, lsa->data,
3460 OSPF_LSA_HEADER_SIZE);
3461 length += OSPF_LSA_HEADER_SIZE;
3462
3463 /* Set LS age. */
3464 ls_age = LS_AGE(lsa);
3465 lsah->ls_age = htons(ls_age);
3466 }
3467
3468 /* Remove LSA from DB summary list. */
3469 ospf_lsdb_delete(lsdb, lsa);
3470 }
3471 }
718e3744 3472
d62a17ae 3473 /* Update 'More' bit */
3474 if (ospf_db_summary_isempty(nbr)) {
3475 empty:
3476 if (nbr->state >= NSM_Exchange) {
3477 UNSET_FLAG(nbr->dd_flags, OSPF_DD_FLAG_M);
3478 /* Rewrite DD flags */
3479 stream_putc_at(s, pp, nbr->dd_flags);
3480 } else {
3481 assert(IS_SET_DD_M(nbr->dd_flags));
3482 }
3483 }
3484 return length;
3485}
86f1fd96 3486
d7c0a89a 3487static int ospf_make_ls_req_func(struct stream *s, uint16_t *length,
d62a17ae 3488 unsigned long delta, struct ospf_neighbor *nbr,
3489 struct ospf_lsa *lsa)
3490{
3491 struct ospf_interface *oi;
718e3744 3492
d62a17ae 3493 oi = nbr->oi;
718e3744 3494
9570f737
S		 3495 /* LS Request packet overflows interface MTU
3496 * delta is just number of bytes required for 1 LS Req
3497 * ospf_packet_max will return the number of bytes can
3498 * be accomodated without ospf header. So length+delta
3499 * can be compared to ospf_packet_max
3500 * to check if it can fit another lsreq in the same packet.
3501 */
3502
d62a17ae 3503 if (*length + delta > ospf_packet_max(oi))
3504 return 0;
1eb8ef25 3505
d62a17ae 3506 stream_putl(s, lsa->data->type);
3507 stream_put_ipv4(s, lsa->data->id.s_addr);
3508 stream_put_ipv4(s, lsa->data->adv_router.s_addr);
718e3744 3509
d62a17ae 3510 ospf_lsa_unlock(&nbr->ls_req_last);
3511 nbr->ls_req_last = ospf_lsa_lock(lsa);
59ea14c6 3512
d62a17ae 3513 *length += 12;
3514 return 1;
3515}
718e3744 3516
d62a17ae 3517static int ospf_make_ls_req(struct ospf_neighbor *nbr, struct stream *s)
3518{
3519 struct ospf_lsa *lsa;
d7c0a89a 3520 uint16_t length = OSPF_LS_REQ_MIN_SIZE;
9570f737 3521 unsigned long delta = 12;
d62a17ae 3522 struct route_table *table;
3523 struct route_node *rn;
3524 int i;
3525 struct ospf_lsdb *lsdb;
718e3744 3526
d62a17ae 3527 lsdb = &nbr->ls_req;
718e3744 3528
d62a17ae 3529 for (i = OSPF_MIN_LSA; i < OSPF_MAX_LSA; i++) {
3530 table = lsdb->type[i].db;
3531 for (rn = route_top(table); rn; rn = route_next(rn))
3532 if ((lsa = (rn->info)) != NULL)
3533 if (ospf_make_ls_req_func(s, &length, delta,
3534 nbr, lsa)
3535 == 0) {
3536 route_unlock_node(rn);
3537 break;
3538 }
3539 }
3540 return length;
3541}
718e3744 3542
d62a17ae 3543static int ls_age_increment(struct ospf_lsa *lsa, int delay)
3544{
3545 int age;
718e3744 3546
d62a17ae 3547 age = IS_LSA_MAXAGE(lsa) ? OSPF_LSA_MAXAGE : LS_AGE(lsa) + delay;
718e3744 3548
d62a17ae 3549 return (age > OSPF_LSA_MAXAGE ? OSPF_LSA_MAXAGE : age);
718e3744 3550}
3551
d62a17ae 3552static int ospf_make_ls_upd(struct ospf_interface *oi, struct list *update,
3553 struct stream *s)
718e3744 3554{
d62a17ae 3555 struct ospf_lsa *lsa;
3556 struct listnode *node;
d7c0a89a 3557 uint16_t length = 0;
d62a17ae 3558 unsigned int size_noauth;
3559 unsigned long delta = stream_get_endp(s);
3560 unsigned long pp;
3561 int count = 0;
3562
3563 if (IS_DEBUG_OSPF_EVENT)
3564 zlog_debug("ospf_make_ls_upd: Start");
3565
3566 pp = stream_get_endp(s);
3567 stream_forward_endp(s, OSPF_LS_UPD_MIN_SIZE);
3568 length += OSPF_LS_UPD_MIN_SIZE;
3569
3570 /* Calculate amount of packet usable for data. */
3571 size_noauth = stream_get_size(s) - ospf_packet_authspace(oi);
3572
3573 while ((node = listhead(update)) != NULL) {
3574 struct lsa_header *lsah;
d7c0a89a 3575 uint16_t ls_age;
d62a17ae 3576
3577 if (IS_DEBUG_OSPF_EVENT)
3578 zlog_debug("ospf_make_ls_upd: List Iteration %d",
3579 count);
3580
3581 lsa = listgetdata(node);
3582
3583 assert(lsa->data);
3584
9570f737
S		 3585 /* Will it fit? Minimum it has to fit atleast one */
3586 if ((length + delta + ntohs(lsa->data->length) > size_noauth) &&
3587 (count > 0))
d62a17ae 3588 break;
3589
3590 /* Keep pointer to LS age. */
3591 lsah = (struct lsa_header *)(STREAM_DATA(s)
3592 + stream_get_endp(s));
3593
3594 /* Put LSA to Link State Request. */
3595 stream_put(s, lsa->data, ntohs(lsa->data->length));
718e3744 3596
d62a17ae 3597 /* Set LS age. */
3598 /* each hop must increment an lsa_age by transmit_delay
3599 of OSPF interface */
3600 ls_age = ls_age_increment(lsa,
3601 OSPF_IF_PARAM(oi, transmit_delay));
3602 lsah->ls_age = htons(ls_age);
3603
3604 length += ntohs(lsa->data->length);
3605 count++;
3606
3607 list_delete_node(update, node);
3608 ospf_lsa_unlock(&lsa); /* oi->ls_upd_queue */
3609 }
3610
3611 /* Now set #LSAs. */
3612 stream_putl_at(s, pp, count);
3613
3614 if (IS_DEBUG_OSPF_EVENT)
3615 zlog_debug("ospf_make_ls_upd: Stop");
3616 return length;
718e3744 3617}
3618
d62a17ae 3619static int ospf_make_ls_ack(struct ospf_interface *oi, struct list *ack,
3620 struct stream *s)
718e3744 3621{
d62a17ae 3622 struct listnode *node, *nnode;
d7c0a89a 3623 uint16_t length = OSPF_LS_ACK_MIN_SIZE;
9570f737 3624 unsigned long delta = OSPF_LSA_HEADER_SIZE;
d62a17ae 3625 struct ospf_lsa *lsa;
718e3744 3626
d62a17ae 3627 for (ALL_LIST_ELEMENTS(ack, node, nnode, lsa)) {
3628 assert(lsa);
718e3744 3629
9570f737
S		 3630 /* LS Ack packet overflows interface MTU
3631 * delta is just number of bytes required for
3632 * 1 LS Ack(1 LS Hdr) ospf_packet_max will return
3633 * the number of bytes can be accomodated without
3634 * ospf header. So length+delta can be compared
3635 * against ospf_packet_max to check if it can fit
3636 * another ls header in the same packet.
3637 */
3638 if ((length + delta) > ospf_packet_max(oi))
d62a17ae 3639 break;
718e3744 3640
d62a17ae 3641 stream_put(s, lsa->data, OSPF_LSA_HEADER_SIZE);
3642 length += OSPF_LSA_HEADER_SIZE;
3643
3644 listnode_delete(ack, lsa);
3645 ospf_lsa_unlock(&lsa); /* oi->ls_ack_direct.ls_ack */
3646 }
3647
3648 return length;
3649}
3650
3651static void ospf_hello_send_sub(struct ospf_interface *oi, in_addr_t addr)
3652{
3653 struct ospf_packet *op;
d7c0a89a 3654 uint16_t length = OSPF_HEADER_SIZE;
718e3744 3655
d62a17ae 3656 op = ospf_packet_new(oi->ifp->mtu);
718e3744 3657
d62a17ae 3658 /* Prepare OSPF common header. */
3659 ospf_make_header(OSPF_MSG_HELLO, oi, op->s);
718e3744 3660
d62a17ae 3661 /* Prepare OSPF Hello body. */
3662 length += ospf_make_hello(oi, op->s);
9b18d58e
NS		 3663 if (length == OSPF_HEADER_SIZE) {
3664 /* Hello overshooting MTU */
3665 ospf_packet_free(op);
3666 return;
3667 }
718e3744 3668
d62a17ae 3669 /* Fill OSPF header. */
3670 ospf_fill_header(oi, op->s, length);
718e3744 3671
d62a17ae 3672 /* Set packet length. */
3673 op->length = length;
3674
3675 op->dst.s_addr = addr;
3676
b5a8894d
CS		 3677 if (IS_DEBUG_OSPF_EVENT) {
3678 if (oi->ospf->vrf_id)
996c9314
LB		 3679 zlog_debug(
3680 "%s: Hello Tx interface %s ospf vrf %s id %u",
15569c58 3681 __func__, oi->ifp->name,
996c9314
LB		 3682 ospf_vrf_id_to_name(oi->ospf->vrf_id),
3683 oi->ospf->vrf_id);
b5a8894d 3684 }
d62a17ae 3685 /* Add packet to the top of the interface output queue, so that they
3686 * can't get delayed by things like long queues of LS Update packets
3687 */
3688 ospf_packet_add_top(oi, op);
3689
3690 /* Hook thread to write packet. */
3691 OSPF_ISM_WRITE_ON(oi->ospf);
718e3744 3692}
3693
d62a17ae 3694static void ospf_poll_send(struct ospf_nbr_nbma *nbr_nbma)
718e3744 3695{
d62a17ae 3696 struct ospf_interface *oi;
718e3744 3697
d62a17ae 3698 oi = nbr_nbma->oi;
3699 assert(oi);
718e3744 3700
d62a17ae 3701 /* If this is passive interface, do not send OSPF Hello. */
3702 if (OSPF_IF_PASSIVE_STATUS(oi) == OSPF_IF_PASSIVE)
3703 return;
718e3744 3704
d62a17ae 3705 if (oi->type != OSPF_IFTYPE_NBMA)
3706 return;
718e3744 3707
d62a17ae 3708 if (nbr_nbma->nbr != NULL && nbr_nbma->nbr->state != NSM_Down)
3709 return;
718e3744 3710
d62a17ae 3711 if (PRIORITY(oi) == 0)
3712 return;
718e3744 3713
d62a17ae 3714 if (nbr_nbma->priority == 0 && oi->state != ISM_DR
3715 && oi->state != ISM_Backup)
3716 return;
718e3744 3717
d62a17ae 3718 ospf_hello_send_sub(oi, nbr_nbma->addr.s_addr);
718e3744 3719}
3720
d62a17ae 3721int ospf_poll_timer(struct thread *thread)
718e3744 3722{
d62a17ae 3723 struct ospf_nbr_nbma *nbr_nbma;
718e3744 3724
d62a17ae 3725 nbr_nbma = THREAD_ARG(thread);
3726 nbr_nbma->t_poll = NULL;
718e3744 3727
d62a17ae 3728 if (IS_DEBUG_OSPF(nsm, NSM_TIMERS))
3729 zlog_debug("NSM[%s:%s]: Timer (Poll timer expire)",
3730 IF_NAME(nbr_nbma->oi), inet_ntoa(nbr_nbma->addr));
718e3744 3731
d62a17ae 3732 ospf_poll_send(nbr_nbma);
718e3744 3733
d62a17ae 3734 if (nbr_nbma->v_poll > 0)
3735 OSPF_POLL_TIMER_ON(nbr_nbma->t_poll, ospf_poll_timer,
3736 nbr_nbma->v_poll);
718e3744 3737
d62a17ae 3738 return 0;
718e3744 3739}
3740
3741
d62a17ae 3742int ospf_hello_reply_timer(struct thread *thread)
718e3744 3743{
d62a17ae 3744 struct ospf_neighbor *nbr;
718e3744 3745
d62a17ae 3746 nbr = THREAD_ARG(thread);
3747 nbr->t_hello_reply = NULL;
718e3744 3748
d62a17ae 3749 if (IS_DEBUG_OSPF(nsm, NSM_TIMERS))
3750 zlog_debug("NSM[%s:%s]: Timer (hello-reply timer expire)",
3751 IF_NAME(nbr->oi), inet_ntoa(nbr->router_id));
718e3744 3752
d62a17ae 3753 ospf_hello_send_sub(nbr->oi, nbr->address.u.prefix4.s_addr);
718e3744 3754
d62a17ae 3755 return 0;
718e3744 3756}
3757
3758/* Send OSPF Hello. */
d62a17ae 3759void ospf_hello_send(struct ospf_interface *oi)
3760{
3761 /* If this is passive interface, do not send OSPF Hello. */
3762 if (OSPF_IF_PASSIVE_STATUS(oi) == OSPF_IF_PASSIVE)
3763 return;
3764
3765 if (oi->type == OSPF_IFTYPE_NBMA) {
3766 struct ospf_neighbor *nbr;
3767 struct route_node *rn;
3768
3769 for (rn = route_top(oi->nbrs); rn; rn = route_next(rn))
3770 if ((nbr = rn->info))
3771 if (nbr != oi->nbr_self)
3772 if (nbr->state != NSM_Down) {
3773 /* RFC 2328 Section 9.5.1
3774 If the router is not
3775 eligible to become Designated
3776 Router,
3777 it must periodically send
3778 Hello Packets to both the
3779 Designated Router and the
3780 Backup Designated Router (if
3781 they
3782 exist). */
3783 if (PRIORITY(oi) == 0
3784 && IPV4_ADDR_CMP(
3785 &DR(oi),
3786 &nbr->address.u
3787 .prefix4)
3788 && IPV4_ADDR_CMP(
3789 &BDR(oi),
3790 &nbr->address.u
3791 .prefix4))
3792 continue;
3793
3794 /* If the router is eligible to
3795 become Designated Router, it
3796 must periodically send Hello
3797 Packets to all neighbors that
3798 are also eligible. In
3799 addition, if the router is
3800 itself the
3801 Designated Router or Backup
3802 Designated Router, it must
3803 also
3804 send periodic Hello Packets
3805 to all other neighbors. */
3806
3807 if (nbr->priority == 0
3808 && oi->state == ISM_DROther)
3809 continue;
3810 /* if oi->state == Waiting, send
3811 * hello to all neighbors */
3812 ospf_hello_send_sub(
3813 oi,
3814 nbr->address.u.prefix4
3815 .s_addr);
3816 }
3817 } else {
3818 /* Decide destination address. */
3819 if (oi->type == OSPF_IFTYPE_VIRTUALLINK)
3820 ospf_hello_send_sub(oi, oi->vl_data->peer_addr.s_addr);
3821 else
3822 ospf_hello_send_sub(oi, htonl(OSPF_ALLSPFROUTERS));
3823 }
718e3744 3824}
3825
3826/* Send OSPF Database Description. */
d62a17ae 3827void ospf_db_desc_send(struct ospf_neighbor *nbr)
718e3744 3828{
d62a17ae 3829 struct ospf_interface *oi;
3830 struct ospf_packet *op;
d7c0a89a 3831 uint16_t length = OSPF_HEADER_SIZE;
718e3744 3832
d62a17ae 3833 oi = nbr->oi;
3834 op = ospf_packet_new(oi->ifp->mtu);
718e3744 3835
d62a17ae 3836 /* Prepare OSPF common header. */
3837 ospf_make_header(OSPF_MSG_DB_DESC, oi, op->s);
718e3744 3838
d62a17ae 3839 /* Prepare OSPF Database Description body. */
3840 length += ospf_make_db_desc(oi, nbr, op->s);
718e3744 3841
d62a17ae 3842 /* Fill OSPF header. */
3843 ospf_fill_header(oi, op->s, length);
718e3744 3844
d62a17ae 3845 /* Set packet length. */
3846 op->length = length;
718e3744 3847
d62a17ae 3848 /* Decide destination address. */
3849 if (oi->type == OSPF_IFTYPE_POINTOPOINT)
3850 op->dst.s_addr = htonl(OSPF_ALLSPFROUTERS);
3851 else
3852 op->dst = nbr->address.u.prefix4;
718e3744 3853
d62a17ae 3854 /* Add packet to the interface output queue. */
3855 ospf_packet_add(oi, op);
718e3744 3856
d62a17ae 3857 /* Hook thread to write packet. */
3858 OSPF_ISM_WRITE_ON(oi->ospf);
718e3744 3859
d62a17ae 3860 /* Remove old DD packet, then copy new one and keep in neighbor
3861 * structure. */
3862 if (nbr->last_send)
3863 ospf_packet_free(nbr->last_send);
3864 nbr->last_send = ospf_packet_dup(op);
3865 monotime(&nbr->last_send_ts);
e6a22aeb
SK		 3866 if (CHECK_FLAG(oi->ospf->config, OSPF_LOG_ADJACENCY_DETAIL))
3867 zlog_info(
3868 "%s:Packet[DD]: %s DB Desc send with seqnum:%x , flags:%x",
3869 (oi->ospf->name) ? oi->ospf->name : VRF_DEFAULT_NAME,
3870 inet_ntoa(nbr->router_id), nbr->dd_seqnum,
3871 nbr->dd_flags);
718e3744 3872}
3873
3874/* Re-send Database Description. */
d62a17ae 3875void ospf_db_desc_resend(struct ospf_neighbor *nbr)
718e3744 3876{
d62a17ae 3877 struct ospf_interface *oi;
718e3744 3878
d62a17ae 3879 oi = nbr->oi;
718e3744 3880
d62a17ae 3881 /* Add packet to the interface output queue. */
3882 ospf_packet_add(oi, ospf_packet_dup(nbr->last_send));
718e3744 3883
d62a17ae 3884 /* Hook thread to write packet. */
3885 OSPF_ISM_WRITE_ON(oi->ospf);
e6a22aeb
SK		 3886 if (CHECK_FLAG(oi->ospf->config, OSPF_LOG_ADJACENCY_DETAIL))
3887 zlog_info(
3888 "%s:Packet[DD]: %s DB Desc resend with seqnum:%x , flags:%x",
3889 (oi->ospf->name) ? oi->ospf->name : VRF_DEFAULT_NAME,
3890 inet_ntoa(nbr->router_id), nbr->dd_seqnum,
3891 nbr->dd_flags);
718e3744 3892}
3893
3894/* Send Link State Request. */
d62a17ae 3895void ospf_ls_req_send(struct ospf_neighbor *nbr)
718e3744 3896{
d62a17ae 3897 struct ospf_interface *oi;
3898 struct ospf_packet *op;
d7c0a89a 3899 uint16_t length = OSPF_HEADER_SIZE;
718e3744 3900
d62a17ae 3901 oi = nbr->oi;
3902 op = ospf_packet_new(oi->ifp->mtu);
718e3744 3903
d62a17ae 3904 /* Prepare OSPF common header. */
3905 ospf_make_header(OSPF_MSG_LS_REQ, oi, op->s);
718e3744 3906
d62a17ae 3907 /* Prepare OSPF Link State Request body. */
3908 length += ospf_make_ls_req(nbr, op->s);
3909 if (length == OSPF_HEADER_SIZE) {
3910 ospf_packet_free(op);
3911 return;
3912 }
718e3744 3913
d62a17ae 3914 /* Fill OSPF header. */
3915 ospf_fill_header(oi, op->s, length);
718e3744 3916
d62a17ae 3917 /* Set packet length. */
3918 op->length = length;
718e3744 3919
d62a17ae 3920 /* Decide destination address. */
3921 if (oi->type == OSPF_IFTYPE_POINTOPOINT)
3922 op->dst.s_addr = htonl(OSPF_ALLSPFROUTERS);
3923 else
3924 op->dst = nbr->address.u.prefix4;
718e3744 3925
d62a17ae 3926 /* Add packet to the interface output queue. */
3927 ospf_packet_add(oi, op);
718e3744 3928
d62a17ae 3929 /* Hook thread to write packet. */
3930 OSPF_ISM_WRITE_ON(oi->ospf);
718e3744 3931
d62a17ae 3932 /* Add Link State Request Retransmission Timer. */
3933 OSPF_NSM_TIMER_ON(nbr->t_ls_req, ospf_ls_req_timer, nbr->v_ls_req);
718e3744 3934}
3935
3936/* Send Link State Update with an LSA. */
d62a17ae 3937void ospf_ls_upd_send_lsa(struct ospf_neighbor *nbr, struct ospf_lsa *lsa,
3938 int flag)
718e3744 3939{
d62a17ae 3940 struct list *update;
718e3744 3941
d62a17ae 3942 update = list_new();
718e3744 3943
d62a17ae 3944 listnode_add(update, lsa);
046460a1
CS		 3945
3946 /*ospf instance is going down, send self originated
3947 * MAXAGE LSA update to neighbors to remove from LSDB */
3948 if (nbr->oi->ospf->inst_shutdown && IS_LSA_MAXAGE(lsa))
3949 ospf_ls_upd_send(nbr, update, flag, 1);
3950 else
3951 ospf_ls_upd_send(nbr, update, flag, 0);
718e3744 3952
6a154c88 3953 list_delete(&update);
718e3744 3954}
3955
68b7339a 3956/* Determine size for packet. Must be at least big enough to accomodate next
3957 * LSA on list, which may be bigger than MTU size.
3958 *
3959 * Return pointer to new ospf_packet
3960 * NULL if we can not allocate, eg because LSA is bigger than imposed limit
3961 * on packet sizes (in which case offending LSA is deleted from update list)
3962 */
d62a17ae 3963static struct ospf_packet *ospf_ls_upd_packet_new(struct list *update,
3964 struct ospf_interface *oi)
3965{
3966 struct ospf_lsa *lsa;
3967 struct listnode *ln;
3968 size_t size;
3969 static char warned = 0;
3970
3971 lsa = listgetdata((ln = listhead(update)));
3972 assert(lsa->data);
3973
3974 if ((OSPF_LS_UPD_MIN_SIZE + ntohs(lsa->data->length))
3975 > ospf_packet_max(oi)) {
3976 if (!warned) {
c9cc11f6 3977 flog_warn(
cf444bcf 3978 EC_OSPF_LARGE_LSA,
3efd0893 3979 "ospf_ls_upd_packet_new: oversized LSA encountered!will need to fragment. Not optimal. Try divide up your network with areas. Use 'debug ospf packet send' to see details, or look at 'show ip ospf database ..'");
d62a17ae 3980 warned = 1;
3981 }
3982
3983 if (IS_DEBUG_OSPF_PACKET(0, SEND))
3984 zlog_debug(
3efd0893 3985 "ospf_ls_upd_packet_new: oversized LSA id:%s, %d bytes originated by %s, will be fragmented!",
d62a17ae 3986 inet_ntoa(lsa->data->id),
3987 ntohs(lsa->data->length),
3988 inet_ntoa(lsa->data->adv_router));
3989
3990 /*
3991 * Allocate just enough to fit this LSA only, to avoid including
3992 * other
3993 * LSAs in fragmented LSA Updates.
3994 */
3995 size = ntohs(lsa->data->length)
3996 + (oi->ifp->mtu - ospf_packet_max(oi))
3997 + OSPF_LS_UPD_MIN_SIZE;
3998 } else
3999 size = oi->ifp->mtu;
4000
4001 if (size > OSPF_MAX_PACKET_SIZE) {
cf444bcf 4002 flog_warn(EC_OSPF_LARGE_LSA,
3efd0893 4003 "ospf_ls_upd_packet_new: oversized LSA id:%s too big, %d bytes, packet size %ld, dropping it completely. OSPF routing is broken!",
c9cc11f6
DS		 4004 inet_ntoa(lsa->data->id), ntohs(lsa->data->length),
4005 (long int)size);
d62a17ae 4006 list_delete_node(update, ln);
4007 return NULL;
4008 }
718e3744 4009
d62a17ae 4010 /* IP header is built up separately by ospf_write(). This means, that we
4011 * must
4012 * reduce the "affordable" size just calculated by length of an IP
4013 * header.
4014 * This makes sure, that even if we manage to fill the payload with LSA
4015 * data
4016 * completely, the final packet (our data plus IP header) still fits
4017 * into
4018 * outgoing interface MTU. This correction isn't really meaningful for
4019 * an
4020 * oversized LSA, but for consistency the correction is done for both
4021 * cases.
4022 *
4023 * P.S. OSPF_MAX_PACKET_SIZE above already includes IP header size
4024 */
4025 return ospf_packet_new(size - sizeof(struct ip));
718e3744 4026}
4027
d62a17ae 4028static void ospf_ls_upd_queue_send(struct ospf_interface *oi,
046460a1
CS		 4029 struct list *update, struct in_addr addr,
4030 int send_lsupd_now)
718e3744 4031{
d62a17ae 4032 struct ospf_packet *op;
d7c0a89a 4033 uint16_t length = OSPF_HEADER_SIZE;
d62a17ae 4034
4035 if (IS_DEBUG_OSPF_EVENT)
4036 zlog_debug("listcount = %d, [%s]dst %s", listcount(update),
4037 IF_NAME(oi), inet_ntoa(addr));
4038
19274fe8
OD		 4039 /* Check that we have really something to process */
4040 if (listcount(update) == 0)
4041 return;
4042
d62a17ae 4043 op = ospf_ls_upd_packet_new(update, oi);
718e3744 4044
d62a17ae 4045 /* Prepare OSPF common header. */
4046 ospf_make_header(OSPF_MSG_LS_UPD, oi, op->s);
718e3744 4047
d62a17ae 4048 /* Prepare OSPF Link State Update body.
4049 * Includes Type-7 translation.
4050 */
4051 length += ospf_make_ls_upd(oi, update, op->s);
4052
4053 /* Fill OSPF header. */
4054 ospf_fill_header(oi, op->s, length);
4055
4056 /* Set packet length. */
4057 op->length = length;
4058
4059 /* Decide destination address. */
4060 if (oi->type == OSPF_IFTYPE_POINTOPOINT)
4061 op->dst.s_addr = htonl(OSPF_ALLSPFROUTERS);
4062 else
4063 op->dst.s_addr = addr.s_addr;
4064
4065 /* Add packet to the interface output queue. */
4066 ospf_packet_add(oi, op);
046460a1
CS		 4067 /* Call ospf_write() right away to send ospf packets to neighbors */
4068 if (send_lsupd_now) {
4069 struct thread os_packet_thd;
4070
4071 os_packet_thd.arg = (void *)oi->ospf;
4072 if (oi->on_write_q == 0) {
4073 listnode_add(oi->ospf->oi_write_q, oi);
4074 oi->on_write_q = 1;
4075 }
4076 ospf_write(&os_packet_thd);
4173cc8e
DS		 4077 /*
4078 * We are fake calling ospf_write with a fake
4079 * thread. Imagine that we have oi_a already
4080 * enqueued and we have turned on the write
4081 * thread(t_write).
4082 * Now this function calls this for oi_b
4083 * so the on_write_q has oi_a and oi_b on
4084 * it, ospf_write runs and clears the packets
4085 * for both oi_a and oi_b. Removing them from
4086 * the on_write_q. After this thread of execution
4087 * finishes we will execute the t_write thread
4088 * with nothing in the on_write_q causing an
4089 * assert. So just make sure that the t_write
4090 * is actually turned off.
4091 */
4092 if (list_isempty(oi->ospf->oi_write_q))
4093 OSPF_TIMER_OFF(oi->ospf->t_write);
046460a1
CS		 4094 } else {
4095 /* Hook thread to write packet. */
4096 OSPF_ISM_WRITE_ON(oi->ospf);
4097 }
d62a17ae 4098}
4099
4100static int ospf_ls_upd_send_queue_event(struct thread *thread)
4101{
4102 struct ospf_interface *oi = THREAD_ARG(thread);
4103 struct route_node *rn;
4104 struct route_node *rnext;
4105 struct list *update;
4106 char again = 0;
4107
4108 oi->t_ls_upd_event = NULL;
4109
4110 if (IS_DEBUG_OSPF_EVENT)
4111 zlog_debug("ospf_ls_upd_send_queue start");
4112
4113 for (rn = route_top(oi->ls_upd_queue); rn; rn = rnext) {
4114 rnext = route_next(rn);
4115
4116 if (rn->info == NULL)
4117 continue;
4118
4119 update = (struct list *)rn->info;
4120
046460a1 4121 ospf_ls_upd_queue_send(oi, update, rn->p.u.prefix4, 0);
d62a17ae 4122
4123 /* list might not be empty. */
4124 if (listcount(update) == 0) {
6a154c88 4125 list_delete((struct list **)&rn->info);
d62a17ae 4126 route_unlock_node(rn);
4127 } else
4128 again = 1;
4129 }
4130
4131 if (again != 0) {
4132 if (IS_DEBUG_OSPF_EVENT)
4133 zlog_debug(
3efd0893 4134 "ospf_ls_upd_send_queue: update lists not cleared, %d nodes to try again, raising new event",
d62a17ae 4135 again);
4136 oi->t_ls_upd_event = NULL;
4137 thread_add_event(master, ospf_ls_upd_send_queue_event, oi, 0,
4138 &oi->t_ls_upd_event);
4139 }
4140
4141 if (IS_DEBUG_OSPF_EVENT)
4142 zlog_debug("ospf_ls_upd_send_queue stop");
4143
4144 return 0;
4145}
4146
046460a1
CS		 4147void ospf_ls_upd_send(struct ospf_neighbor *nbr, struct list *update, int flag,
4148 int send_lsupd_now)
d62a17ae 4149{
4150 struct ospf_interface *oi;
4151 struct ospf_lsa *lsa;
4152 struct prefix_ipv4 p;
4153 struct route_node *rn;
4154 struct listnode *node;
4155
4156 oi = nbr->oi;
4157
4158 p.family = AF_INET;
4159 p.prefixlen = IPV4_MAX_BITLEN;
4160
4161 /* Decide destination address. */
4162 if (oi->type == OSPF_IFTYPE_VIRTUALLINK)
4163 p.prefix = oi->vl_data->peer_addr;
4164 else if (oi->type == OSPF_IFTYPE_POINTOPOINT)
4165 p.prefix.s_addr = htonl(OSPF_ALLSPFROUTERS);
4166 else if (flag == OSPF_SEND_PACKET_DIRECT)
4167 p.prefix = nbr->address.u.prefix4;
4168 else if (oi->state == ISM_DR || oi->state == ISM_Backup)
4169 p.prefix.s_addr = htonl(OSPF_ALLSPFROUTERS);
4170 else if (oi->type == OSPF_IFTYPE_POINTOMULTIPOINT)
4171 p.prefix.s_addr = htonl(OSPF_ALLSPFROUTERS);
4172 else
4173 p.prefix.s_addr = htonl(OSPF_ALLDROUTERS);
4174
4175 if (oi->type == OSPF_IFTYPE_NBMA) {
4176 if (flag == OSPF_SEND_PACKET_INDIRECT)
c9cc11f6 4177 flog_warn(
cf444bcf 4178 EC_OSPF_PACKET,
d62a17ae 4179 "* LS-Update is directly sent on NBMA network.");
19aad877 4180 if (IPV4_ADDR_SAME(&oi->address->u.prefix4, &p.prefix))
cf444bcf 4181 flog_warn(EC_OSPF_PACKET,
c9cc11f6 4182 "* LS-Update is sent to myself.");
d62a17ae 4183 }
4184
4185 rn = route_node_get(oi->ls_upd_queue, (struct prefix *)&p);
4186
4187 if (rn->info == NULL)
4188 rn->info = list_new();
4189 else
4190 route_unlock_node(rn);
4191
4192 for (ALL_LIST_ELEMENTS_RO(update, node, lsa))
4193 listnode_add(rn->info,
4194 ospf_lsa_lock(lsa)); /* oi->ls_upd_queue */
046460a1
CS		 4195 if (send_lsupd_now) {
4196 struct list *send_update_list;
f7813c7c 4197 struct route_node *rnext;
d62a17ae 4198
046460a1
CS		 4199 for (rn = route_top(oi->ls_upd_queue); rn; rn = rnext) {
4200 rnext = route_next(rn);
4201
4202 if (rn->info == NULL)
4203 continue;
4204
4205 send_update_list = (struct list *)rn->info;
4206
4207 ospf_ls_upd_queue_send(oi, send_update_list,
4208 rn->p.u.prefix4, 1);
046460a1
CS		 4209 }
4210 } else
4211 thread_add_event(master, ospf_ls_upd_send_queue_event, oi, 0,
996c9314 4212 &oi->t_ls_upd_event);
718e3744 4213}
4214
d62a17ae 4215static void ospf_ls_ack_send_list(struct ospf_interface *oi, struct list *ack,
4216 struct in_addr dst)
718e3744 4217{
d62a17ae 4218 struct ospf_packet *op;
d7c0a89a 4219 uint16_t length = OSPF_HEADER_SIZE;
d62a17ae 4220
4221 op = ospf_packet_new(oi->ifp->mtu);
4222
4223 /* Prepare OSPF common header. */
4224 ospf_make_header(OSPF_MSG_LS_ACK, oi, op->s);
4225
4226 /* Prepare OSPF Link State Acknowledgment body. */
4227 length += ospf_make_ls_ack(oi, ack, op->s);
4228
4229 /* Fill OSPF header. */
4230 ospf_fill_header(oi, op->s, length);
718e3744 4231
d62a17ae 4232 /* Set packet length. */
4233 op->length = length;
4234
4235 /* Decide destination address. */
4236 if (oi->type == OSPF_IFTYPE_POINTOPOINT)
4237 op->dst.s_addr = htonl(OSPF_ALLSPFROUTERS);
4238 else
4239 op->dst.s_addr = dst.s_addr;
4240
4241 /* Add packet to the interface output queue. */
4242 ospf_packet_add(oi, op);
4243
4244 /* Hook thread to write packet. */
4245 OSPF_ISM_WRITE_ON(oi->ospf);
4246}
4247
4248static int ospf_ls_ack_send_event(struct thread *thread)
4249{
4250 struct ospf_interface *oi = THREAD_ARG(thread);
4251
4252 oi->t_ls_ack_direct = NULL;
4253
4254 while (listcount(oi->ls_ack_direct.ls_ack))
4255 ospf_ls_ack_send_list(oi, oi->ls_ack_direct.ls_ack,
4256 oi->ls_ack_direct.dst);
4257
4258 return 0;
4259}
4260
4261void ospf_ls_ack_send(struct ospf_neighbor *nbr, struct ospf_lsa *lsa)
4262{
4263 struct ospf_interface *oi = nbr->oi;
4264
4265 if (listcount(oi->ls_ack_direct.ls_ack) == 0)
4266 oi->ls_ack_direct.dst = nbr->address.u.prefix4;
4267
4268 listnode_add(oi->ls_ack_direct.ls_ack, ospf_lsa_lock(lsa));
4269
4270 thread_add_event(master, ospf_ls_ack_send_event, oi, 0,
4271 &oi->t_ls_ack_direct);
718e3744 4272}
4273
4274/* Send Link State Acknowledgment delayed. */
d62a17ae 4275void ospf_ls_ack_send_delayed(struct ospf_interface *oi)
4276{
4277 struct in_addr dst;
4278
4279 /* Decide destination address. */
4280 /* RFC2328 Section 13.5 On non-broadcast
4281 networks, delayed Link State Acknowledgment packets must be
4282 unicast separately over each adjacency (i.e., neighbor whose
4283 state is >= Exchange). */
4284 if (oi->type == OSPF_IFTYPE_NBMA) {
4285 struct ospf_neighbor *nbr;
4286 struct route_node *rn;
4287
4288 for (rn = route_top(oi->nbrs); rn; rn = route_next(rn))
4289 if ((nbr = rn->info) != NULL)
4290 if (nbr != oi->nbr_self
4291 && nbr->state >= NSM_Exchange)
4292 while (listcount(oi->ls_ack))
4293 ospf_ls_ack_send_list(
4294 oi, oi->ls_ack,
4295 nbr->address.u.prefix4);
4296 return;
4297 }
4298 if (oi->type == OSPF_IFTYPE_VIRTUALLINK)
4299 dst.s_addr = oi->vl_data->peer_addr.s_addr;
4300 else if (oi->state == ISM_DR || oi->state == ISM_Backup)
4301 dst.s_addr = htonl(OSPF_ALLSPFROUTERS);
4302 else if (oi->type == OSPF_IFTYPE_POINTOPOINT)
4303 dst.s_addr = htonl(OSPF_ALLSPFROUTERS);
4304 else if (oi->type == OSPF_IFTYPE_POINTOMULTIPOINT)
4305 dst.s_addr = htonl(OSPF_ALLSPFROUTERS);
4306 else
4307 dst.s_addr = htonl(OSPF_ALLDROUTERS);
4308
4309 while (listcount(oi->ls_ack))
4310 ospf_ls_ack_send_list(oi, oi->ls_ack, dst);
718e3744 4311}
8b6912c2
DS		 4312
4313/*
4314 * On pt-to-pt links, all OSPF control packets are sent to the multicast
4315 * address. As a result, the kernel does not need to learn the interface
4316 * MAC of the OSPF neighbor. However, in our world, this will delay
4317 * convergence. Take the case when due to a link flap, all routes now
4318 * want to use an interface which was deemed to be costlier prior to this
4319 * event. For routes that will be installed, the missing MAC will have
4320 * punt-to-CPU set on them. This may overload the CPU control path that
4321 * can be avoided if the MAC was known apriori.
4322 */
d62a17ae 4323void ospf_proactively_arp(struct ospf_neighbor *nbr)
4324{
a92706bb 4325 if (!nbr || !nbr->oi->ospf->proactive_arp)
d62a17ae 4326 return;
4327
aa530b62 4328 ospf_zebra_send_arp(nbr->oi->ifp, &nbr->address);
8b6912c2 4329}
FRRouting mirror