]> git.proxmox.com Git - mirror_frr.git/blob - ospfd/ospf_packet.c
projects / mirror_frr.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
doc: Add `show ipv6 rpf X:X::X:X` command to docs
[mirror_frr.git] / ospfd / ospf_packet.c
1 /*
2 * OSPF Sending and Receiving OSPF Packets.
3 * Copyright (C) 1999, 2000 Toshiaki Takada
4 *
5 * This file is part of GNU Zebra.
6 *
7 * GNU Zebra is free software; you can redistribute it and/or modify it
8 * under the terms of the GNU General Public License as published by the
9 * Free Software Foundation; either version 2, or (at your option) any
10 * later version.
11 *
12 * GNU Zebra is distributed in the hope that it will be useful, but
13 * WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15 * General Public License for more details.
16 *
17 * You should have received a copy of the GNU General Public License along
18 * with this program; see the file COPYING; if not, write to the Free Software
19 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
20 */
21
22 #include <zebra.h>
23
24 #include "monotime.h"
25 #include "thread.h"
26 #include "memory.h"
27 #include "linklist.h"
28 #include "prefix.h"
29 #include "if.h"
30 #include "table.h"
31 #include "sockunion.h"
32 #include "stream.h"
33 #include "log.h"
34 #include "sockopt.h"
35 #include "checksum.h"
36 #ifdef CRYPTO_INTERNAL
37 #include "md5.h"
38 #endif
39 #include "vrf.h"
40 #include "lib_errors.h"
41
42 #include "ospfd/ospfd.h"
43 #include "ospfd/ospf_network.h"
44 #include "ospfd/ospf_interface.h"
45 #include "ospfd/ospf_ism.h"
46 #include "ospfd/ospf_asbr.h"
47 #include "ospfd/ospf_lsa.h"
48 #include "ospfd/ospf_lsdb.h"
49 #include "ospfd/ospf_neighbor.h"
50 #include "ospfd/ospf_nsm.h"
51 #include "ospfd/ospf_packet.h"
52 #include "ospfd/ospf_spf.h"
53 #include "ospfd/ospf_flood.h"
54 #include "ospfd/ospf_dump.h"
55 #include "ospfd/ospf_errors.h"
56 #include "ospfd/ospf_zebra.h"
57 #include "ospfd/ospf_gr.h"
58
59 /*
60 * OSPF Fragmentation / fragmented writes
61 *
62 * ospfd can support writing fragmented packets, for cases where
63 * kernel will not fragment IP_HDRINCL and/or multicast destined
64 * packets (ie TTBOMK all kernels, BSD, SunOS, Linux). However,
65 * SunOS, probably BSD too, clobber the user supplied IP ID and IP
66 * flags fields, hence user-space fragmentation will not work.
67 * Only Linux is known to leave IP header unmolested.
68 * Further, fragmentation really should be done the kernel, which already
69 * supports it, and which avoids nasty IP ID state problems.
70 *
71 * Fragmentation of OSPF packets can be required on networks with router
72 * with many many interfaces active in one area, or on networks with links
73 * with low MTUs.
74 */
75 #ifdef GNU_LINUX
76 #define WANT_OSPF_WRITE_FRAGMENT
77 #endif
78
79 /* Packet Type String. */
80 const struct message ospf_packet_type_str[] = {
81 {OSPF_MSG_HELLO, "Hello"},
82 {OSPF_MSG_DB_DESC, "Database Description"},
83 {OSPF_MSG_LS_REQ, "Link State Request"},
84 {OSPF_MSG_LS_UPD, "Link State Update"},
85 {OSPF_MSG_LS_ACK, "Link State Acknowledgment"},
86 {0}};
87
88 /* Minimum (besides OSPF_HEADER_SIZE) lengths for OSPF packets of
89 particular types, offset is the "type" field of a packet. */
90 static const uint16_t ospf_packet_minlen[] = {
91 0,
92 OSPF_HELLO_MIN_SIZE,
93 OSPF_DB_DESC_MIN_SIZE,
94 OSPF_LS_REQ_MIN_SIZE,
95 OSPF_LS_UPD_MIN_SIZE,
96 OSPF_LS_ACK_MIN_SIZE,
97 };
98
99 /* Minimum (besides OSPF_LSA_HEADER_SIZE) lengths for LSAs of particular
100 types, offset is the "LSA type" field. */
101 static const uint16_t ospf_lsa_minlen[] = {
102 0, /* OSPF_UNKNOWN_LSA */
103 OSPF_ROUTER_LSA_MIN_SIZE, /* OSPF_ROUTER_LSA */
104 OSPF_NETWORK_LSA_MIN_SIZE, /* OSPF_NETWORK_LSA */
105 OSPF_SUMMARY_LSA_MIN_SIZE, /* OSPF_SUMMARY_LSA */
106 OSPF_SUMMARY_LSA_MIN_SIZE, /* OSPF_ASBR_SUMMARY_LSA */
107 OSPF_AS_EXTERNAL_LSA_MIN_SIZE, /* OSPF_AS_EXTERNAL_LSA */
108 0, /* Unsupported, OSPF_GROUP_MEMBER_LSA */
109 OSPF_AS_EXTERNAL_LSA_MIN_SIZE, /* OSPF_AS_NSSA_LSA */
110 0, /* Unsupported, OSPF_EXTERNAL_ATTRIBURES_LSA */
111 OSPF_OPAQUE_LSA_MIN_SIZE, /* OSPF_OPAQUE_LINK_LSA */
112 OSPF_OPAQUE_LSA_MIN_SIZE, /* OSPF_OPAQUE_AREA_LSA */
113 OSPF_OPAQUE_LSA_MIN_SIZE, /* OSPF_OPAQUE_AS_LSA */
114 };
115
116 /* for ospf_check_auth() */
117 static int ospf_check_sum(struct ospf_header *);
118
119 /* OSPF authentication checking function */
120 static int ospf_auth_type(struct ospf_interface *oi)
121 {
122 int auth_type;
123
124 if (OSPF_IF_PARAM(oi, auth_type) == OSPF_AUTH_NOTSET)
125 auth_type = oi->area->auth_type;
126 else
127 auth_type = OSPF_IF_PARAM(oi, auth_type);
128
129 /* Handle case where MD5 key list is not configured aka Cisco */
130 if (auth_type == OSPF_AUTH_CRYPTOGRAPHIC
131 && list_isempty(OSPF_IF_PARAM(oi, auth_crypt)))
132 return OSPF_AUTH_NULL;
133
134 return auth_type;
135 }
136
137 static struct ospf_packet *ospf_packet_new(size_t size)
138 {
139 struct ospf_packet *new;
140
141 new = XCALLOC(MTYPE_OSPF_PACKET, sizeof(struct ospf_packet));
142 new->s = stream_new(size);
143
144 return new;
145 }
146
147 void ospf_packet_free(struct ospf_packet *op)
148 {
149 if (op->s)
150 stream_free(op->s);
151
152 XFREE(MTYPE_OSPF_PACKET, op);
153 }
154
155 struct ospf_fifo *ospf_fifo_new(void)
156 {
157 struct ospf_fifo *new;
158
159 new = XCALLOC(MTYPE_OSPF_FIFO, sizeof(struct ospf_fifo));
160 return new;
161 }
162
163 /* Add new packet to fifo. */
164 void ospf_fifo_push(struct ospf_fifo *fifo, struct ospf_packet *op)
165 {
166 if (fifo->tail)
167 fifo->tail->next = op;
168 else
169 fifo->head = op;
170
171 fifo->tail = op;
172
173 fifo->count++;
174 }
175
176 /* Add new packet to head of fifo. */
177 static void ospf_fifo_push_head(struct ospf_fifo *fifo, struct ospf_packet *op)
178 {
179 op->next = fifo->head;
180
181 if (fifo->tail == NULL)
182 fifo->tail = op;
183
184 fifo->head = op;
185
186 fifo->count++;
187 }
188
189 /* Delete first packet from fifo. */
190 struct ospf_packet *ospf_fifo_pop(struct ospf_fifo *fifo)
191 {
192 struct ospf_packet *op;
193
194 op = fifo->head;
195
196 if (op) {
197 fifo->head = op->next;
198
199 if (fifo->head == NULL)
200 fifo->tail = NULL;
201
202 fifo->count--;
203 }
204
205 return op;
206 }
207
208 /* Return first fifo entry. */
209 struct ospf_packet *ospf_fifo_head(struct ospf_fifo *fifo)
210 {
211 return fifo->head;
212 }
213
214 /* Flush ospf packet fifo. */
215 void ospf_fifo_flush(struct ospf_fifo *fifo)
216 {
217 struct ospf_packet *op;
218 struct ospf_packet *next;
219
220 for (op = fifo->head; op; op = next) {
221 next = op->next;
222 ospf_packet_free(op);
223 }
224 fifo->head = fifo->tail = NULL;
225 fifo->count = 0;
226 }
227
228 /* Free ospf packet fifo. */
229 void ospf_fifo_free(struct ospf_fifo *fifo)
230 {
231 ospf_fifo_flush(fifo);
232
233 XFREE(MTYPE_OSPF_FIFO, fifo);
234 }
235
236 static void ospf_packet_add(struct ospf_interface *oi, struct ospf_packet *op)
237 {
238 /* Add packet to end of queue. */
239 ospf_fifo_push(oi->obuf, op);
240
241 /* Debug of packet fifo*/
242 /* ospf_fifo_debug (oi->obuf); */
243 }
244
245 static void ospf_packet_add_top(struct ospf_interface *oi,
246 struct ospf_packet *op)
247 {
248 /* Add packet to head of queue. */
249 ospf_fifo_push_head(oi->obuf, op);
250
251 /* Debug of packet fifo*/
252 /* ospf_fifo_debug (oi->obuf); */
253 }
254
255 static void ospf_packet_delete(struct ospf_interface *oi)
256 {
257 struct ospf_packet *op;
258
259 op = ospf_fifo_pop(oi->obuf);
260
261 if (op)
262 ospf_packet_free(op);
263 }
264
265 static struct ospf_packet *ospf_packet_dup(struct ospf_packet *op)
266 {
267 struct ospf_packet *new;
268
269 if (stream_get_endp(op->s) != op->length)
270 /* XXX size_t */
271 zlog_debug(
272 "ospf_packet_dup stream %lu ospf_packet %u size mismatch",
273 (unsigned long)STREAM_SIZE(op->s), op->length);
274
275 /* Reserve space for MD5 authentication that may be added later. */
276 new = ospf_packet_new(stream_get_endp(op->s) + OSPF_AUTH_MD5_SIZE);
277 stream_copy(new->s, op->s);
278
279 new->dst = op->dst;
280 new->length = op->length;
281
282 return new;
283 }
284
285 /* XXX inline */
286 static unsigned int ospf_packet_authspace(struct ospf_interface *oi)
287 {
288 int auth = 0;
289
290 if (ospf_auth_type(oi) == OSPF_AUTH_CRYPTOGRAPHIC)
291 auth = OSPF_AUTH_MD5_SIZE;
292
293 return auth;
294 }
295
296 static unsigned int ospf_packet_max(struct ospf_interface *oi)
297 {
298 int max;
299
300 max = oi->ifp->mtu - ospf_packet_authspace(oi);
301
302 max -= (OSPF_HEADER_SIZE + sizeof(struct ip));
303
304 return max;
305 }
306
307
308 static int ospf_check_md5_digest(struct ospf_interface *oi,
309 struct ospf_header *ospfh)
310 {
311 #ifdef CRYPTO_OPENSSL
312 EVP_MD_CTX *ctx;
313 #elif CRYPTO_INTERNAL
314 MD5_CTX ctx;
315 #endif
316 unsigned char digest[OSPF_AUTH_MD5_SIZE];
317 struct crypt_key *ck;
318 struct ospf_neighbor *nbr;
319 uint16_t length = ntohs(ospfh->length);
320
321 /* Get secret key. */
322 ck = ospf_crypt_key_lookup(OSPF_IF_PARAM(oi, auth_crypt),
323 ospfh->u.crypt.key_id);
324 if (ck == NULL) {
325 flog_warn(EC_OSPF_MD5, "interface %s: ospf_check_md5 no key %d",
326 IF_NAME(oi), ospfh->u.crypt.key_id);
327 return 0;
328 }
329
330 /* check crypto seqnum. */
331 nbr = ospf_nbr_lookup_by_routerid(oi->nbrs, &ospfh->router_id);
332
333 if (nbr
334 && ntohl(nbr->crypt_seqnum) > ntohl(ospfh->u.crypt.crypt_seqnum)) {
335 flog_warn(
336 EC_OSPF_MD5,
337 "interface %s: ospf_check_md5 bad sequence %d (expect %d)",
338 IF_NAME(oi), ntohl(ospfh->u.crypt.crypt_seqnum),
339 ntohl(nbr->crypt_seqnum));
340 return 0;
341 }
342
343 /* Generate a digest for the ospf packet - their digest + our digest. */
344 #ifdef CRYPTO_OPENSSL
345 unsigned int md5_size = OSPF_AUTH_MD5_SIZE;
346 ctx = EVP_MD_CTX_new();
347 EVP_DigestInit(ctx, EVP_md5());
348 EVP_DigestUpdate(ctx, ospfh, length);
349 EVP_DigestUpdate(ctx, ck->auth_key, OSPF_AUTH_MD5_SIZE);
350 EVP_DigestFinal(ctx, digest, &md5_size);
351 EVP_MD_CTX_free(ctx);
352 #elif CRYPTO_INTERNAL
353 memset(&ctx, 0, sizeof(ctx));
354 MD5Init(&ctx);
355 MD5Update(&ctx, ospfh, length);
356 MD5Update(&ctx, ck->auth_key, OSPF_AUTH_MD5_SIZE);
357 MD5Final(digest, &ctx);
358 #endif
359
360 /* compare the two */
361 if (memcmp((caddr_t)ospfh + length, digest, OSPF_AUTH_MD5_SIZE)) {
362 flog_warn(EC_OSPF_MD5,
363 "interface %s: ospf_check_md5 checksum mismatch",
364 IF_NAME(oi));
365 return 0;
366 }
367
368 /* save neighbor's crypt_seqnum */
369 if (nbr)
370 nbr->crypt_seqnum = ospfh->u.crypt.crypt_seqnum;
371 return 1;
372 }
373
374 /* This function is called from ospf_write(), it will detect the
375 authentication scheme and if it is MD5, it will change the sequence
376 and update the MD5 digest. */
377 static int ospf_make_md5_digest(struct ospf_interface *oi,
378 struct ospf_packet *op)
379 {
380 struct ospf_header *ospfh;
381 unsigned char digest[OSPF_AUTH_MD5_SIZE] = {0};
382 #ifdef CRYPTO_OPENSSL
383 EVP_MD_CTX *ctx;
384 #elif CRYPTO_INTERNAL
385 MD5_CTX ctx;
386 #endif
387 void *ibuf;
388 uint32_t t;
389 struct crypt_key *ck;
390 const uint8_t *auth_key;
391
392 ibuf = STREAM_DATA(op->s);
393 ospfh = (struct ospf_header *)ibuf;
394
395 if (ntohs(ospfh->auth_type) != OSPF_AUTH_CRYPTOGRAPHIC)
396 return 0;
397
398 /* We do this here so when we dup a packet, we don't have to
399 waste CPU rewriting other headers.
400
401 Note that frr_time /deliberately/ is not used here */
402 t = (time(NULL) & 0xFFFFFFFF);
403 if (t > oi->crypt_seqnum)
404 oi->crypt_seqnum = t;
405 else
406 oi->crypt_seqnum++;
407
408 ospfh->u.crypt.crypt_seqnum = htonl(oi->crypt_seqnum);
409
410 /* Get MD5 Authentication key from auth_key list. */
411 if (list_isempty(OSPF_IF_PARAM(oi, auth_crypt)))
412 auth_key = (const uint8_t *)digest;
413 else {
414 ck = listgetdata(listtail(OSPF_IF_PARAM(oi, auth_crypt)));
415 auth_key = ck->auth_key;
416 }
417
418 /* Generate a digest for the entire packet + our secret key. */
419 #ifdef CRYPTO_OPENSSL
420 unsigned int md5_size = OSPF_AUTH_MD5_SIZE;
421 ctx = EVP_MD_CTX_new();
422 EVP_DigestInit(ctx, EVP_md5());
423 EVP_DigestUpdate(ctx, ibuf, ntohs(ospfh->length));
424 EVP_DigestUpdate(ctx, auth_key, OSPF_AUTH_MD5_SIZE);
425 EVP_DigestFinal(ctx, digest, &md5_size);
426 EVP_MD_CTX_free(ctx);
427 #elif CRYPTO_INTERNAL
428 memset(&ctx, 0, sizeof(ctx));
429 MD5Init(&ctx);
430 MD5Update(&ctx, ibuf, ntohs(ospfh->length));
431 MD5Update(&ctx, auth_key, OSPF_AUTH_MD5_SIZE);
432 MD5Final(digest, &ctx);
433 #endif
434
435 /* Append md5 digest to the end of the stream. */
436 stream_put(op->s, digest, OSPF_AUTH_MD5_SIZE);
437
438 /* We do *NOT* increment the OSPF header length. */
439 op->length = ntohs(ospfh->length) + OSPF_AUTH_MD5_SIZE;
440
441 if (stream_get_endp(op->s) != op->length)
442 /* XXX size_t */
443 flog_warn(EC_OSPF_MD5,
444 "%s: length mismatch stream %lu ospf_packet %u",
445 __func__, (unsigned long)stream_get_endp(op->s),
446 op->length);
447
448 return OSPF_AUTH_MD5_SIZE;
449 }
450
451
452 static void ospf_ls_req_timer(struct thread *thread)
453 {
454 struct ospf_neighbor *nbr;
455
456 nbr = THREAD_ARG(thread);
457 nbr->t_ls_req = NULL;
458
459 /* Send Link State Request. */
460 if (ospf_ls_request_count(nbr))
461 ospf_ls_req_send(nbr);
462
463 /* Set Link State Request retransmission timer. */
464 OSPF_NSM_TIMER_ON(nbr->t_ls_req, ospf_ls_req_timer, nbr->v_ls_req);
465 }
466
467 void ospf_ls_req_event(struct ospf_neighbor *nbr)
468 {
469 THREAD_OFF(nbr->t_ls_req);
470 thread_add_event(master, ospf_ls_req_timer, nbr, 0, &nbr->t_ls_req);
471 }
472
473 /* Cyclic timer function. Fist registered in ospf_nbr_new () in
474 ospf_neighbor.c */
475 void ospf_ls_upd_timer(struct thread *thread)
476 {
477 struct ospf_neighbor *nbr;
478
479 nbr = THREAD_ARG(thread);
480 nbr->t_ls_upd = NULL;
481
482 /* Send Link State Update. */
483 if (ospf_ls_retransmit_count(nbr) > 0) {
484 struct list *update;
485 struct ospf_lsdb *lsdb;
486 int i;
487 int retransmit_interval;
488
489 retransmit_interval =
490 OSPF_IF_PARAM(nbr->oi, retransmit_interval);
491
492 lsdb = &nbr->ls_rxmt;
493 update = list_new();
494
495 for (i = OSPF_MIN_LSA; i < OSPF_MAX_LSA; i++) {
496 struct route_table *table = lsdb->type[i].db;
497 struct route_node *rn;
498
499 for (rn = route_top(table); rn; rn = route_next(rn)) {
500 struct ospf_lsa *lsa;
501
502 if ((lsa = rn->info) != NULL) {
503 /* Don't retransmit an LSA if we
504 received it within
505 the last RxmtInterval seconds - this
506 is to allow the
507 neighbour a chance to acknowledge the
508 LSA as it may
509 have ben just received before the
510 retransmit timer
511 fired. This is a small tweak to what
512 is in the RFC,
513 but it will cut out out a lot of
514 retransmit traffic
515 - MAG */
516 if (monotime_since(&lsa->tv_recv, NULL)
517 >= retransmit_interval * 1000000LL)
518 listnode_add(update, rn->info);
519 }
520 }
521 }
522
523 if (listcount(update) > 0)
524 ospf_ls_upd_send(nbr, update, OSPF_SEND_PACKET_DIRECT,
525 0);
526 list_delete(&update);
527 }
528
529 /* Set LS Update retransmission timer. */
530 OSPF_NSM_TIMER_ON(nbr->t_ls_upd, ospf_ls_upd_timer, nbr->v_ls_upd);
531 }
532
533 void ospf_ls_ack_timer(struct thread *thread)
534 {
535 struct ospf_interface *oi;
536
537 oi = THREAD_ARG(thread);
538 oi->t_ls_ack = NULL;
539
540 /* Send Link State Acknowledgment. */
541 if (listcount(oi->ls_ack) > 0)
542 ospf_ls_ack_send_delayed(oi);
543
544 /* Set LS Ack timer. */
545 OSPF_ISM_TIMER_ON(oi->t_ls_ack, ospf_ls_ack_timer, oi->v_ls_ack);
546 }
547
548 #ifdef WANT_OSPF_WRITE_FRAGMENT
549 static void ospf_write_frags(int fd, struct ospf_packet *op, struct ip *iph,
550 struct msghdr *msg, unsigned int maxdatasize,
551 unsigned int mtu, int flags, uint8_t type)
552 {
553 #define OSPF_WRITE_FRAG_SHIFT 3
554 uint16_t offset;
555 struct iovec *iovp;
556 int ret;
557
558 assert(op->length == stream_get_endp(op->s));
559 assert(msg->msg_iovlen == 2);
560
561 /* we can but try.
562 *
563 * SunOS, BSD and BSD derived kernels likely will clear ip_id, as
564 * well as the IP_MF flag, making this all quite pointless.
565 *
566 * However, for a system on which IP_MF is left alone, and ip_id left
567 * alone or else which sets same ip_id for each fragment this might
568 * work, eg linux.
569 *
570 * XXX-TODO: It would be much nicer to have the kernel's use their
571 * existing fragmentation support to do this for us. Bugs/RFEs need to
572 * be raised against the various kernels.
573 */
574
575 /* set More Frag */
576 iph->ip_off |= IP_MF;
577
578 /* ip frag offset is expressed in units of 8byte words */
579 offset = maxdatasize >> OSPF_WRITE_FRAG_SHIFT;
580
581 iovp = &msg->msg_iov[1];
582
583 while ((stream_get_endp(op->s) - stream_get_getp(op->s))
584 > maxdatasize) {
585 /* data length of this frag is to next offset value */
586 iovp->iov_len = offset << OSPF_WRITE_FRAG_SHIFT;
587 iph->ip_len = iovp->iov_len + sizeof(struct ip);
588 assert(iph->ip_len <= mtu);
589
590 sockopt_iphdrincl_swab_htosys(iph);
591
592 ret = sendmsg(fd, msg, flags);
593
594 sockopt_iphdrincl_swab_systoh(iph);
595
596 if (ret < 0)
597 flog_err(
598 EC_LIB_SOCKET,
599 "*** %s: sendmsg failed to %pI4, id %d, off %d, len %d, mtu %u failed with %s",
600 __func__, &iph->ip_dst, iph->ip_id, iph->ip_off,
601 iph->ip_len, mtu, safe_strerror(errno));
602
603 if (IS_DEBUG_OSPF_PACKET(type - 1, SEND)) {
604 zlog_debug("%s: sent id %d, off %d, len %d to %pI4",
605 __func__, iph->ip_id, iph->ip_off,
606 iph->ip_len, &iph->ip_dst);
607 }
608
609 iph->ip_off += offset;
610 stream_forward_getp(op->s, iovp->iov_len);
611 iovp->iov_base = stream_pnt(op->s);
612 }
613
614 /* setup for final fragment */
615 iovp->iov_len = stream_get_endp(op->s) - stream_get_getp(op->s);
616 iph->ip_len = iovp->iov_len + sizeof(struct ip);
617 iph->ip_off &= (~IP_MF);
618 }
619 #endif /* WANT_OSPF_WRITE_FRAGMENT */
620
621 static void ospf_write(struct thread *thread)
622 {
623 struct ospf *ospf = THREAD_ARG(thread);
624 struct ospf_interface *oi;
625 struct ospf_packet *op;
626 struct sockaddr_in sa_dst;
627 struct ip iph;
628 struct msghdr msg;
629 struct iovec iov[2];
630 uint8_t type;
631 int ret;
632 int flags = 0;
633 struct listnode *node;
634 #ifdef WANT_OSPF_WRITE_FRAGMENT
635 static uint16_t ipid = 0;
636 uint16_t maxdatasize;
637 #endif /* WANT_OSPF_WRITE_FRAGMENT */
638 #define OSPF_WRITE_IPHL_SHIFT 2
639 int pkt_count = 0;
640
641 #ifdef GNU_LINUX
642 unsigned char cmsgbuf[64] = {};
643 struct cmsghdr *cm = (struct cmsghdr *)cmsgbuf;
644 struct in_pktinfo *pi;
645 #endif
646
647 if (ospf->fd < 0 || ospf->oi_running == 0) {
648 if (IS_DEBUG_OSPF_EVENT)
649 zlog_debug("%s failed to send, fd %d, instance %u",
650 __func__, ospf->fd, ospf->oi_running);
651 return;
652 }
653
654 node = listhead(ospf->oi_write_q);
655 assert(node);
656 oi = listgetdata(node);
657
658 #ifdef WANT_OSPF_WRITE_FRAGMENT
659 /* seed ipid static with low order bits of time */
660 if (ipid == 0)
661 ipid = (time(NULL) & 0xffff);
662 #endif /* WANT_OSPF_WRITE_FRAGMENT */
663
664 while ((pkt_count < ospf->write_oi_count) && oi) {
665 pkt_count++;
666 #ifdef WANT_OSPF_WRITE_FRAGMENT
667 /* convenience - max OSPF data per packet */
668 maxdatasize = oi->ifp->mtu - sizeof(struct ip);
669 #endif /* WANT_OSPF_WRITE_FRAGMENT */
670 /* Get one packet from queue. */
671 op = ospf_fifo_head(oi->obuf);
672 assert(op);
673 assert(op->length >= OSPF_HEADER_SIZE);
674
675 if (op->dst.s_addr == htonl(OSPF_ALLSPFROUTERS)
676 || op->dst.s_addr == htonl(OSPF_ALLDROUTERS))
677 ospf_if_ipmulticast(ospf, oi->address,
678 oi->ifp->ifindex);
679
680 /* Rewrite the md5 signature & update the seq */
681 ospf_make_md5_digest(oi, op);
682
683 /* Retrieve OSPF packet type. */
684 stream_set_getp(op->s, 1);
685 type = stream_getc(op->s);
686
687 /* reset get pointer */
688 stream_set_getp(op->s, 0);
689
690 memset(&iph, 0, sizeof(iph));
691 memset(&sa_dst, 0, sizeof(sa_dst));
692
693 sa_dst.sin_family = AF_INET;
694 #ifdef HAVE_STRUCT_SOCKADDR_IN_SIN_LEN
695 sa_dst.sin_len = sizeof(sa_dst);
696 #endif /* HAVE_STRUCT_SOCKADDR_IN_SIN_LEN */
697 sa_dst.sin_addr = op->dst;
698 sa_dst.sin_port = htons(0);
699
700 /* Set DONTROUTE flag if dst is unicast. */
701 if (oi->type != OSPF_IFTYPE_VIRTUALLINK)
702 if (!IN_MULTICAST(htonl(op->dst.s_addr)))
703 flags = MSG_DONTROUTE;
704
705 iph.ip_hl = sizeof(struct ip) >> OSPF_WRITE_IPHL_SHIFT;
706 /* it'd be very strange for header to not be 4byte-word aligned
707 * but.. */
708 if (sizeof(struct ip)
709 > (unsigned int)(iph.ip_hl << OSPF_WRITE_IPHL_SHIFT))
710 iph.ip_hl++; /* we presume sizeof(struct ip) cant
711 overflow ip_hl.. */
712
713 iph.ip_v = IPVERSION;
714 iph.ip_tos = IPTOS_PREC_INTERNETCONTROL;
715 iph.ip_len = (iph.ip_hl << OSPF_WRITE_IPHL_SHIFT) + op->length;
716
717 #if defined(__DragonFly__)
718 /*
719 * DragonFly's raw socket expects ip_len/ip_off in network byte
720 * order.
721 */
722 iph.ip_len = htons(iph.ip_len);
723 #endif
724
725 #ifdef WANT_OSPF_WRITE_FRAGMENT
726 /* XXX-MT: not thread-safe at all..
727 * XXX: this presumes this is only programme sending OSPF
728 * packets
729 * otherwise, no guarantee ipid will be unique
730 */
731 iph.ip_id = ++ipid;
732 #endif /* WANT_OSPF_WRITE_FRAGMENT */
733
734 iph.ip_off = 0;
735 if (oi->type == OSPF_IFTYPE_VIRTUALLINK)
736 iph.ip_ttl = OSPF_VL_IP_TTL;
737 else
738 iph.ip_ttl = OSPF_IP_TTL;
739 iph.ip_p = IPPROTO_OSPFIGP;
740 iph.ip_sum = 0;
741 iph.ip_src.s_addr = oi->address->u.prefix4.s_addr;
742 iph.ip_dst.s_addr = op->dst.s_addr;
743
744 memset(&msg, 0, sizeof(msg));
745 msg.msg_name = (caddr_t)&sa_dst;
746 msg.msg_namelen = sizeof(sa_dst);
747 msg.msg_iov = iov;
748 msg.msg_iovlen = 2;
749
750 iov[0].iov_base = (char *)&iph;
751 iov[0].iov_len = iph.ip_hl << OSPF_WRITE_IPHL_SHIFT;
752 iov[1].iov_base = stream_pnt(op->s);
753 iov[1].iov_len = op->length;
754
755 #ifdef GNU_LINUX
756 msg.msg_control = (caddr_t)cm;
757 cm->cmsg_level = SOL_IP;
758 cm->cmsg_type = IP_PKTINFO;
759 cm->cmsg_len = CMSG_LEN(sizeof(struct in_pktinfo));
760 pi = (struct in_pktinfo *)CMSG_DATA(cm);
761 pi->ipi_ifindex = oi->ifp->ifindex;
762
763 msg.msg_controllen = cm->cmsg_len;
764 #endif
765
766 /* Sadly we can not rely on kernels to fragment packets
767 * because of either IP_HDRINCL and/or multicast
768 * destination being set.
769 */
770
771 #ifdef WANT_OSPF_WRITE_FRAGMENT
772 if (op->length > maxdatasize)
773 ospf_write_frags(ospf->fd, op, &iph, &msg, maxdatasize,
774 oi->ifp->mtu, flags, type);
775 #endif /* WANT_OSPF_WRITE_FRAGMENT */
776
777 /* send final fragment (could be first) */
778 sockopt_iphdrincl_swab_htosys(&iph);
779 ret = sendmsg(ospf->fd, &msg, flags);
780 sockopt_iphdrincl_swab_systoh(&iph);
781 if (IS_DEBUG_OSPF_EVENT)
782 zlog_debug(
783 "%s to %pI4, id %d, off %d, len %d, interface %s, mtu %u:",
784 __func__, &iph.ip_dst, iph.ip_id, iph.ip_off,
785 iph.ip_len, oi->ifp->name, oi->ifp->mtu);
786
787 /* sendmsg will return EPERM if firewall is blocking sending.
788 * This is a normal situation when 'ip nhrp map multicast xxx'
789 * is being used to send multicast packets to DMVPN peers. In
790 * that case the original message is blocked with iptables rule
791 * causing the EPERM result
792 */
793 if (ret < 0 && errno != EPERM)
794 flog_err(
795 EC_LIB_SOCKET,
796 "*** sendmsg in %s failed to %pI4, id %d, off %d, len %d, interface %s, mtu %u: %s",
797 __func__, &iph.ip_dst, iph.ip_id, iph.ip_off,
798 iph.ip_len, oi->ifp->name, oi->ifp->mtu,
799 safe_strerror(errno));
800
801 /* Show debug sending packet. */
802 if (IS_DEBUG_OSPF_PACKET(type - 1, SEND)) {
803 if (IS_DEBUG_OSPF_PACKET(type - 1, DETAIL)) {
804 zlog_debug(
805 "-----------------------------------------------------");
806 stream_set_getp(op->s, 0);
807 ospf_packet_dump(op->s);
808 }
809
810 zlog_debug("%s sent to [%pI4] via [%s].",
811 lookup_msg(ospf_packet_type_str, type, NULL),
812 &op->dst, IF_NAME(oi));
813
814 if (IS_DEBUG_OSPF_PACKET(type - 1, DETAIL))
815 zlog_debug(
816 "-----------------------------------------------------");
817 }
818
819 switch (type) {
820 case OSPF_MSG_HELLO:
821 oi->hello_out++;
822 break;
823 case OSPF_MSG_DB_DESC:
824 oi->db_desc_out++;
825 break;
826 case OSPF_MSG_LS_REQ:
827 oi->ls_req_out++;
828 break;
829 case OSPF_MSG_LS_UPD:
830 oi->ls_upd_out++;
831 break;
832 case OSPF_MSG_LS_ACK:
833 oi->ls_ack_out++;
834 break;
835 default:
836 break;
837 }
838
839 /* Now delete packet from queue. */
840 ospf_packet_delete(oi);
841
842 /* Move this interface to the tail of write_q to
843 serve everyone in a round robin fashion */
844 list_delete_node(ospf->oi_write_q, node);
845 if (ospf_fifo_head(oi->obuf) == NULL) {
846 oi->on_write_q = 0;
847 oi = NULL;
848 } else
849 listnode_add(ospf->oi_write_q, oi);
850
851 /* Setup to service from the head of the queue again */
852 if (!list_isempty(ospf->oi_write_q)) {
853 node = listhead(ospf->oi_write_q);
854 oi = listgetdata(node);
855 }
856 }
857
858 /* If packets still remain in queue, call write thread. */
859 if (!list_isempty(ospf->oi_write_q))
860 thread_add_write(master, ospf_write, ospf, ospf->fd,
861 &ospf->t_write);
862 }
863
864 /* OSPF Hello message read -- RFC2328 Section 10.5. */
865 static void ospf_hello(struct ip *iph, struct ospf_header *ospfh,
866 struct stream *s, struct ospf_interface *oi, int size)
867 {
868 struct ospf_hello *hello;
869 struct ospf_neighbor *nbr;
870 int old_state;
871 struct prefix p;
872
873 /* increment statistics. */
874 oi->hello_in++;
875
876 hello = (struct ospf_hello *)stream_pnt(s);
877
878 /* If Hello is myself, silently discard. */
879 if (IPV4_ADDR_SAME(&ospfh->router_id, &oi->ospf->router_id)) {
880 if (IS_DEBUG_OSPF_PACKET(ospfh->type - 1, RECV)) {
881 zlog_debug(
882 "ospf_header[%s/%pI4]: selforiginated, dropping.",
883 lookup_msg(ospf_packet_type_str, ospfh->type,
884 NULL),
885 &iph->ip_src);
886 }
887 return;
888 }
889
890 /* get neighbor prefix. */
891 p.family = AF_INET;
892 p.prefixlen = ip_masklen(hello->network_mask);
893 p.u.prefix4 = iph->ip_src;
894
895 /* Compare network mask. */
896 /* Checking is ignored for Point-to-Point and Virtual link. */
897 /* Checking is also ignored for Point-to-Multipoint with /32 prefix */
898 if (oi->type != OSPF_IFTYPE_POINTOPOINT
899 && oi->type != OSPF_IFTYPE_VIRTUALLINK
900 && !(oi->type == OSPF_IFTYPE_POINTOMULTIPOINT
901 && oi->address->prefixlen == IPV4_MAX_BITLEN))
902 if (oi->address->prefixlen != p.prefixlen) {
903 flog_warn(
904 EC_OSPF_PACKET,
905 "Packet %pI4 [Hello:RECV]: NetworkMask mismatch on %s (configured prefix length is %d, but hello packet indicates %d).",
906 &ospfh->router_id, IF_NAME(oi),
907 (int)oi->address->prefixlen, (int)p.prefixlen);
908 return;
909 }
910
911 /* Compare Router Dead Interval. */
912 if (OSPF_IF_PARAM(oi, v_wait) != ntohl(hello->dead_interval)) {
913 flog_warn(EC_OSPF_PACKET,
914 "Packet %pI4 [Hello:RECV]: RouterDeadInterval mismatch (expected %u, but received %u).",
915 &ospfh->router_id,
916 OSPF_IF_PARAM(oi, v_wait),
917 ntohl(hello->dead_interval));
918 return;
919 }
920
921 /* Compare Hello Interval - ignored if fast-hellos are set. */
922 if (OSPF_IF_PARAM(oi, fast_hello) == 0) {
923 if (OSPF_IF_PARAM(oi, v_hello)
924 != ntohs(hello->hello_interval)) {
925 flog_warn(
926 EC_OSPF_PACKET,
927 "Packet %pI4 [Hello:RECV]: HelloInterval mismatch (expected %u, but received %u).",
928 &ospfh->router_id,
929 OSPF_IF_PARAM(oi, v_hello),
930 ntohs(hello->hello_interval));
931 return;
932 }
933 }
934
935 if (IS_DEBUG_OSPF_EVENT)
936 zlog_debug("Packet %pI4 [Hello:RECV]: Options %s vrf %s",
937 &ospfh->router_id,
938 ospf_options_dump(hello->options),
939 ospf_vrf_id_to_name(oi->ospf->vrf_id));
940
941 /* Compare options. */
942 #define REJECT_IF_TBIT_ON 1 /* XXX */
943 #ifdef REJECT_IF_TBIT_ON
944 if (CHECK_FLAG(hello->options, OSPF_OPTION_MT)) {
945 /*
946 * This router does not support non-zero TOS.
947 * Drop this Hello packet not to establish neighbor
948 * relationship.
949 */
950 flog_warn(EC_OSPF_PACKET,
951 "Packet %pI4 [Hello:RECV]: T-bit on, drop it.",
952 &ospfh->router_id);
953 return;
954 }
955 #endif /* REJECT_IF_TBIT_ON */
956
957 if (CHECK_FLAG(oi->ospf->config, OSPF_OPAQUE_CAPABLE)
958 && CHECK_FLAG(hello->options, OSPF_OPTION_O)) {
959 /*
960 * This router does know the correct usage of O-bit
961 * the bit should be set in DD packet only.
962 */
963 flog_warn(EC_OSPF_PACKET,
964 "Packet %pI4 [Hello:RECV]: O-bit abuse?",
965 &ospfh->router_id);
966 #ifdef STRICT_OBIT_USAGE_CHECK
967 return; /* Reject this packet. */
968 #else /* STRICT_OBIT_USAGE_CHECK */
969 UNSET_FLAG(hello->options, OSPF_OPTION_O); /* Ignore O-bit. */
970 #endif /* STRICT_OBIT_USAGE_CHECK */
971 }
972
973 /* new for NSSA is to ensure that NP is on and E is off */
974
975 if (oi->area->external_routing == OSPF_AREA_NSSA) {
976 if (!(CHECK_FLAG(OPTIONS(oi), OSPF_OPTION_NP)
977 && CHECK_FLAG(hello->options, OSPF_OPTION_NP)
978 && !CHECK_FLAG(OPTIONS(oi), OSPF_OPTION_E)
979 && !CHECK_FLAG(hello->options, OSPF_OPTION_E))) {
980 flog_warn(
981 EC_OSPF_PACKET,
982 "NSSA-Packet-%pI4[Hello:RECV]: my options: %x, his options %x",
983 &ospfh->router_id, OPTIONS(oi),
984 hello->options);
985 return;
986 }
987 if (IS_DEBUG_OSPF_NSSA)
988 zlog_debug("NSSA-Hello:RECV:Packet from %pI4:",
989 &ospfh->router_id);
990 } else
991 /* The setting of the E-bit found in the Hello Packet's Options
992 field must match this area's ExternalRoutingCapability A
993 mismatch causes processing to stop and the packet to be
994 dropped. The setting of the rest of the bits in the Hello
995 Packet's Options field should be ignored. */
996 if (CHECK_FLAG(OPTIONS(oi), OSPF_OPTION_E)
997 != CHECK_FLAG(hello->options, OSPF_OPTION_E)) {
998 flog_warn(
999 EC_OSPF_PACKET,
1000 "Packet %pI4 [Hello:RECV]: my options: %x, his options %x",
1001 &ospfh->router_id, OPTIONS(oi),
1002 hello->options);
1003 return;
1004 }
1005
1006 /* get neighbour struct */
1007 nbr = ospf_nbr_get(oi, ospfh, iph, &p);
1008
1009 /* neighbour must be valid, ospf_nbr_get creates if none existed */
1010 assert(nbr);
1011
1012 old_state = nbr->state;
1013
1014 /* Add event to thread. */
1015 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_HelloReceived);
1016
1017 /* RFC2328 Section 9.5.1
1018 If the router is not eligible to become Designated Router,
1019 (snip) It must also send an Hello Packet in reply to an
1020 Hello Packet received from any eligible neighbor (other than
1021 the current Designated Router and Backup Designated Router). */
1022 if (oi->type == OSPF_IFTYPE_NBMA)
1023 if (PRIORITY(oi) == 0 && hello->priority > 0
1024 && IPV4_ADDR_CMP(&DR(oi), &iph->ip_src)
1025 && IPV4_ADDR_CMP(&BDR(oi), &iph->ip_src))
1026 OSPF_NSM_TIMER_ON(nbr->t_hello_reply,
1027 ospf_hello_reply_timer,
1028 OSPF_HELLO_REPLY_DELAY);
1029
1030 /* on NBMA network type, it happens to receive bidirectional Hello
1031 packet
1032 without advance 1-Way Received event.
1033 To avoid incorrect DR-seletion, raise 1-Way Received event.*/
1034 if (oi->type == OSPF_IFTYPE_NBMA
1035 && (old_state == NSM_Down || old_state == NSM_Attempt)) {
1036 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_OneWayReceived);
1037 nbr->priority = hello->priority;
1038 nbr->d_router = hello->d_router;
1039 nbr->bd_router = hello->bd_router;
1040 return;
1041 }
1042
1043 if (ospf_nbr_bidirectional(&oi->ospf->router_id, hello->neighbors,
1044 size - OSPF_HELLO_MIN_SIZE)) {
1045 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_TwoWayReceived);
1046 nbr->options |= hello->options;
1047 } else {
1048 /* If the router is DR_OTHER, RESTARTER will not wait
1049 * until it receives the hello from it if it receives
1050 * from DR and BDR.
1051 * So, helper might receives ONW_WAY hello from
1052 * RESTARTER. So not allowing to change the state if it
1053 * receives one_way hellow when it acts as HELPER for
1054 * that specific neighbor.
1055 */
1056 if (!OSPF_GR_IS_ACTIVE_HELPER(nbr))
1057 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_OneWayReceived);
1058 /* Set neighbor information. */
1059 nbr->priority = hello->priority;
1060 nbr->d_router = hello->d_router;
1061 nbr->bd_router = hello->bd_router;
1062 return;
1063 }
1064
1065 if (OSPF_GR_IS_ACTIVE_HELPER(nbr)) {
1066 /* As per the GR Conformance Test Case 7.2. Section 3
1067 * "Also, if X was the Designated Router on network segment S
1068 * when the helping relationship began, Y maintains X as the
1069 * Designated Router until the helping relationship is
1070 * terminated."
1071 * When I am helper for this neighbor, I should not trigger the
1072 * ISM Events. Also Intentionally not setting the priority and
1073 * other fields so that when the neighbor exits the Grace
1074 * period, it can handle if there is any change before GR and
1075 * after GR. */
1076 if (IS_DEBUG_OSPF_GR)
1077 zlog_debug(
1078 "%s, Neighbor is under GR Restart, hence ignoring the ISM Events",
1079 __PRETTY_FUNCTION__);
1080 } else {
1081 /* If neighbor itself declares DR and no BDR exists,
1082 cause event BackupSeen */
1083 if (IPV4_ADDR_SAME(&nbr->address.u.prefix4, &hello->d_router))
1084 if (hello->bd_router.s_addr == INADDR_ANY
1085 && oi->state == ISM_Waiting)
1086 OSPF_ISM_EVENT_SCHEDULE(oi, ISM_BackupSeen);
1087
1088 /* neighbor itself declares BDR. */
1089 if (oi->state == ISM_Waiting
1090 && IPV4_ADDR_SAME(&nbr->address.u.prefix4,
1091 &hello->bd_router))
1092 OSPF_ISM_EVENT_SCHEDULE(oi, ISM_BackupSeen);
1093
1094 /* had not previously. */
1095 if ((IPV4_ADDR_SAME(&nbr->address.u.prefix4, &hello->d_router)
1096 && IPV4_ADDR_CMP(&nbr->address.u.prefix4, &nbr->d_router))
1097 || (IPV4_ADDR_CMP(&nbr->address.u.prefix4, &hello->d_router)
1098 && IPV4_ADDR_SAME(&nbr->address.u.prefix4,
1099 &nbr->d_router)))
1100 OSPF_ISM_EVENT_SCHEDULE(oi, ISM_NeighborChange);
1101
1102 /* had not previously. */
1103 if ((IPV4_ADDR_SAME(&nbr->address.u.prefix4, &hello->bd_router)
1104 && IPV4_ADDR_CMP(&nbr->address.u.prefix4, &nbr->bd_router))
1105 || (IPV4_ADDR_CMP(&nbr->address.u.prefix4,
1106 &hello->bd_router)
1107 && IPV4_ADDR_SAME(&nbr->address.u.prefix4,
1108 &nbr->bd_router)))
1109 OSPF_ISM_EVENT_SCHEDULE(oi, ISM_NeighborChange);
1110
1111 /* Neighbor priority check. */
1112 if (nbr->priority >= 0 && nbr->priority != hello->priority)
1113 OSPF_ISM_EVENT_SCHEDULE(oi, ISM_NeighborChange);
1114 }
1115
1116 /* Set neighbor information. */
1117 nbr->priority = hello->priority;
1118 nbr->d_router = hello->d_router;
1119 nbr->bd_router = hello->bd_router;
1120
1121 /*
1122 * RFC 3623 - Section 2:
1123 * "If the restarting router determines that it was the Designated
1124 * Router on a given segment prior to the restart, it elects
1125 * itself as the Designated Router again. The restarting router
1126 * knows that it was the Designated Router if, while the
1127 * associated interface is in Waiting state, a Hello packet is
1128 * received from a neighbor listing the router as the Designated
1129 * Router".
1130 */
1131 if (oi->area->ospf->gr_info.restart_in_progress
1132 && oi->state == ISM_Waiting
1133 && IPV4_ADDR_SAME(&hello->d_router, &oi->address->u.prefix4))
1134 DR(oi) = hello->d_router;
1135 }
1136
1137 /* Save DD flags/options/Seqnum received. */
1138 static void ospf_db_desc_save_current(struct ospf_neighbor *nbr,
1139 struct ospf_db_desc *dd)
1140 {
1141 nbr->last_recv.flags = dd->flags;
1142 nbr->last_recv.options = dd->options;
1143 nbr->last_recv.dd_seqnum = ntohl(dd->dd_seqnum);
1144 }
1145
1146 /* Process rest of DD packet. */
1147 static void ospf_db_desc_proc(struct stream *s, struct ospf_interface *oi,
1148 struct ospf_neighbor *nbr,
1149 struct ospf_db_desc *dd, uint16_t size)
1150 {
1151 struct ospf_lsa *new, *find;
1152 struct lsa_header *lsah;
1153
1154 stream_forward_getp(s, OSPF_DB_DESC_MIN_SIZE);
1155 for (size -= OSPF_DB_DESC_MIN_SIZE; size >= OSPF_LSA_HEADER_SIZE;
1156 size -= OSPF_LSA_HEADER_SIZE) {
1157 lsah = (struct lsa_header *)stream_pnt(s);
1158 stream_forward_getp(s, OSPF_LSA_HEADER_SIZE);
1159
1160 /* Unknown LS type. */
1161 if (lsah->type < OSPF_MIN_LSA || lsah->type >= OSPF_MAX_LSA) {
1162 flog_warn(EC_OSPF_PACKET,
1163 "Packet [DD:RECV]: Unknown LS type %d.",
1164 lsah->type);
1165 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_SeqNumberMismatch);
1166 return;
1167 }
1168
1169 if (IS_OPAQUE_LSA(lsah->type)
1170 && !CHECK_FLAG(nbr->options, OSPF_OPTION_O)) {
1171 flog_warn(EC_OSPF_PACKET,
1172 "LSA[Type%d:%pI4] from %pI4: Opaque capability mismatch?",
1173 lsah->type, &lsah->id, &lsah->adv_router);
1174 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_SeqNumberMismatch);
1175 return;
1176 }
1177
1178 switch (lsah->type) {
1179 case OSPF_AS_EXTERNAL_LSA:
1180 case OSPF_OPAQUE_AS_LSA:
1181 /* Check for stub area. Reject if AS-External from stub
1182 but
1183 allow if from NSSA. */
1184 if (oi->area->external_routing == OSPF_AREA_STUB) {
1185 flog_warn(
1186 EC_OSPF_PACKET,
1187 "Packet [DD:RECV]: LSA[Type%d:%pI4] from %s area.",
1188 lsah->type, &lsah->id,
1189 (oi->area->external_routing
1190 == OSPF_AREA_STUB)
1191 ? "STUB"
1192 : "NSSA");
1193 OSPF_NSM_EVENT_SCHEDULE(nbr,
1194 NSM_SeqNumberMismatch);
1195 return;
1196 }
1197 break;
1198 default:
1199 break;
1200 }
1201
1202 /* Create LS-request object. */
1203 new = ospf_ls_request_new(lsah);
1204
1205 /* Lookup received LSA, then add LS request list. */
1206 find = ospf_lsa_lookup_by_header(oi->area, lsah);
1207
1208 /* ospf_lsa_more_recent is fine with NULL pointers */
1209 switch (ospf_lsa_more_recent(find, new)) {
1210 case -1:
1211 /* Neighbour has a more recent LSA, we must request it
1212 */
1213 ospf_ls_request_add(nbr, new);
1214 /* fallthru */
1215 case 0:
1216 /* If we have a copy of this LSA, it's either less
1217 * recent
1218 * and we're requesting it from neighbour (the case
1219 * above), or
1220 * it's as recent and we both have same copy (this
1221 * case).
1222 *
1223 * In neither of these two cases is there any point in
1224 * describing our copy of the LSA to the neighbour in a
1225 * DB-Summary packet, if we're still intending to do so.
1226 *
1227 * See: draft-ogier-ospf-dbex-opt-00.txt, describing the
1228 * backward compatible optimisation to OSPF DB Exchange
1229 * /
1230 * DB Description process implemented here.
1231 */
1232 if (find)
1233 ospf_lsdb_delete(&nbr->db_sum, find);
1234 ospf_lsa_discard(new);
1235 break;
1236 default:
1237 /* We have the more recent copy, nothing specific to do:
1238 * - no need to request neighbours stale copy
1239 * - must leave DB summary list copy alone
1240 */
1241 if (IS_DEBUG_OSPF_EVENT)
1242 zlog_debug(
1243 "Packet [DD:RECV]: LSA received Type %d, ID %pI4 is not recent.",
1244 lsah->type, &lsah->id);
1245 ospf_lsa_discard(new);
1246 }
1247 }
1248
1249 /* Master */
1250 if (IS_SET_DD_MS(nbr->dd_flags)) {
1251 nbr->dd_seqnum++;
1252
1253 /* Both sides have no More, then we're done with Exchange */
1254 if (!IS_SET_DD_M(dd->flags) && !IS_SET_DD_M(nbr->dd_flags))
1255 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_ExchangeDone);
1256 else
1257 ospf_db_desc_send(nbr);
1258 }
1259 /* Slave */
1260 else {
1261 nbr->dd_seqnum = ntohl(dd->dd_seqnum);
1262
1263 /* Send DD packet in reply.
1264 *
1265 * Must be done to acknowledge the Master's DD, regardless of
1266 * whether we have more LSAs ourselves to describe.
1267 *
1268 * This function will clear the 'More' bit, if after this DD
1269 * we have no more LSAs to describe to the master..
1270 */
1271 ospf_db_desc_send(nbr);
1272
1273 /* Slave can raise ExchangeDone now, if master is also done */
1274 if (!IS_SET_DD_M(dd->flags) && !IS_SET_DD_M(nbr->dd_flags))
1275 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_ExchangeDone);
1276 }
1277
1278 /* Save received neighbor values from DD. */
1279 ospf_db_desc_save_current(nbr, dd);
1280
1281 if (!nbr->t_ls_req)
1282 ospf_ls_req_send(nbr);
1283 }
1284
1285 static int ospf_db_desc_is_dup(struct ospf_db_desc *dd,
1286 struct ospf_neighbor *nbr)
1287 {
1288 /* Is DD duplicated? */
1289 if (dd->options == nbr->last_recv.options
1290 && dd->flags == nbr->last_recv.flags
1291 && dd->dd_seqnum == htonl(nbr->last_recv.dd_seqnum))
1292 return 1;
1293
1294 return 0;
1295 }
1296
1297 /* OSPF Database Description message read -- RFC2328 Section 10.6. */
1298 static void ospf_db_desc(struct ip *iph, struct ospf_header *ospfh,
1299 struct stream *s, struct ospf_interface *oi,
1300 uint16_t size)
1301 {
1302 struct ospf_db_desc *dd;
1303 struct ospf_neighbor *nbr;
1304
1305 /* Increment statistics. */
1306 oi->db_desc_in++;
1307
1308 dd = (struct ospf_db_desc *)stream_pnt(s);
1309
1310 nbr = ospf_nbr_lookup(oi, iph, ospfh);
1311 if (nbr == NULL) {
1312 flog_warn(EC_OSPF_PACKET, "Packet[DD]: Unknown Neighbor %pI4",
1313 &ospfh->router_id);
1314 return;
1315 }
1316
1317 /* Check MTU. */
1318 if ((OSPF_IF_PARAM(oi, mtu_ignore) == 0)
1319 && (ntohs(dd->mtu) > oi->ifp->mtu)) {
1320 flog_warn(
1321 EC_OSPF_PACKET,
1322 "Packet[DD]: Neighbor %pI4 MTU %u is larger than [%s]'s MTU %u",
1323 &nbr->router_id, ntohs(dd->mtu), IF_NAME(oi),
1324 oi->ifp->mtu);
1325 return;
1326 }
1327
1328 /*
1329 * XXX HACK by Hasso Tepper. Setting N/P bit in NSSA area DD packets is
1330 * not
1331 * required. In fact at least JunOS sends DD packets with P bit clear.
1332 * Until proper solution is developped, this hack should help.
1333 *
1334 * Update: According to the RFCs, N bit is specified /only/ for Hello
1335 * options, unfortunately its use in DD options is not specified. Hence
1336 * some
1337 * implementations follow E-bit semantics and set it in DD options, and
1338 * some
1339 * treat it as unspecified and hence follow the directive "default for
1340 * options is clear", ie unset.
1341 *
1342 * Reset the flag, as ospfd follows E-bit semantics.
1343 */
1344 if ((oi->area->external_routing == OSPF_AREA_NSSA)
1345 && (CHECK_FLAG(nbr->options, OSPF_OPTION_NP))
1346 && (!CHECK_FLAG(dd->options, OSPF_OPTION_NP))) {
1347 if (IS_DEBUG_OSPF_EVENT)
1348 zlog_debug(
1349 "Packet[DD]: Neighbour %pI4: Has NSSA capability, sends with N bit clear in DD options",
1350 &nbr->router_id);
1351 SET_FLAG(dd->options, OSPF_OPTION_NP);
1352 }
1353
1354 #ifdef REJECT_IF_TBIT_ON
1355 if (CHECK_FLAG(dd->options, OSPF_OPTION_MT)) {
1356 /*
1357 * In Hello protocol, optional capability must have checked
1358 * to prevent this T-bit enabled router be my neighbor.
1359 */
1360 flog_warn(EC_OSPF_PACKET, "Packet[DD]: Neighbor %pI4: T-bit on?",
1361 &nbr->router_id);
1362 return;
1363 }
1364 #endif /* REJECT_IF_TBIT_ON */
1365
1366 if (CHECK_FLAG(dd->options, OSPF_OPTION_O)
1367 && !CHECK_FLAG(oi->ospf->config, OSPF_OPAQUE_CAPABLE)) {
1368 /*
1369 * This node is not configured to handle O-bit, for now.
1370 * Clear it to ignore unsupported capability proposed by
1371 * neighbor.
1372 */
1373 UNSET_FLAG(dd->options, OSPF_OPTION_O);
1374 }
1375
1376 if (CHECK_FLAG(oi->ospf->config, OSPF_LOG_ADJACENCY_DETAIL))
1377 zlog_info(
1378 "%s:Packet[DD]: Neighbor %pI4 state is %s, seq_num:0x%x, local:0x%x",
1379 ospf_get_name(oi->ospf), &nbr->router_id,
1380 lookup_msg(ospf_nsm_state_msg, nbr->state, NULL),
1381 ntohl(dd->dd_seqnum), nbr->dd_seqnum);
1382
1383 /* Process DD packet by neighbor status. */
1384 switch (nbr->state) {
1385 case NSM_Down:
1386 case NSM_Attempt:
1387 case NSM_TwoWay:
1388 if (CHECK_FLAG(oi->ospf->config, OSPF_LOG_ADJACENCY_DETAIL))
1389 zlog_info(
1390 "Packet[DD]: Neighbor %pI4 state is %s, packet discarded.",
1391 &nbr->router_id,
1392 lookup_msg(ospf_nsm_state_msg, nbr->state,
1393 NULL));
1394 break;
1395 case NSM_Init:
1396 OSPF_NSM_EVENT_EXECUTE(nbr, NSM_TwoWayReceived);
1397 /* If the new state is ExStart, the processing of the current
1398 packet should then continue in this new state by falling
1399 through to case ExStart below. */
1400 if (nbr->state != NSM_ExStart)
1401 break;
1402 /* fallthru */
1403 case NSM_ExStart:
1404 /* Initial DBD */
1405 if ((IS_SET_DD_ALL(dd->flags) == OSPF_DD_FLAG_ALL)
1406 && (size == OSPF_DB_DESC_MIN_SIZE)) {
1407 if (IPV4_ADDR_CMP(&nbr->router_id, &oi->ospf->router_id)
1408 > 0) {
1409 /* We're Slave---obey */
1410 if (CHECK_FLAG(oi->ospf->config,
1411 OSPF_LOG_ADJACENCY_DETAIL))
1412 zlog_info(
1413 "Packet[DD]: Neighbor %pI4 Negotiation done (Slave).",
1414 &nbr->router_id);
1415
1416 nbr->dd_seqnum = ntohl(dd->dd_seqnum);
1417
1418 /* Reset I/MS */
1419 UNSET_FLAG(nbr->dd_flags,
1420 (OSPF_DD_FLAG_MS | OSPF_DD_FLAG_I));
1421 } else {
1422 /* We're Master, ignore the initial DBD from
1423 * Slave */
1424 if (CHECK_FLAG(oi->ospf->config,
1425 OSPF_LOG_ADJACENCY_DETAIL))
1426 zlog_info(
1427 "Packet[DD]: Neighbor %pI4: Initial DBD from Slave, ignoring.",
1428 &nbr->router_id);
1429 break;
1430 }
1431 }
1432 /* Ack from the Slave */
1433 else if (!IS_SET_DD_MS(dd->flags) && !IS_SET_DD_I(dd->flags)
1434 && ntohl(dd->dd_seqnum) == nbr->dd_seqnum
1435 && IPV4_ADDR_CMP(&nbr->router_id, &oi->ospf->router_id)
1436 < 0) {
1437 zlog_info(
1438 "Packet[DD]: Neighbor %pI4 Negotiation done (Master).",
1439 &nbr->router_id);
1440 /* Reset I, leaving MS */
1441 UNSET_FLAG(nbr->dd_flags, OSPF_DD_FLAG_I);
1442 } else {
1443 flog_warn(EC_OSPF_PACKET,
1444 "Packet[DD]: Neighbor %pI4 Negotiation fails.",
1445 &nbr->router_id);
1446 break;
1447 }
1448
1449 /* This is where the real Options are saved */
1450 nbr->options = dd->options;
1451
1452 if (CHECK_FLAG(oi->ospf->config, OSPF_OPAQUE_CAPABLE)) {
1453 if (IS_DEBUG_OSPF_EVENT)
1454 zlog_debug(
1455 "Neighbor[%pI4] is %sOpaque-capable.",
1456 &nbr->router_id,
1457 CHECK_FLAG(nbr->options, OSPF_OPTION_O)
1458 ? ""
1459 : "NOT ");
1460
1461 if (!CHECK_FLAG(nbr->options, OSPF_OPTION_O)
1462 && IPV4_ADDR_SAME(&DR(oi),
1463 &nbr->address.u.prefix4)) {
1464 flog_warn(
1465 EC_OSPF_PACKET,
1466 "DR-neighbor[%pI4] is NOT opaque-capable; Opaque-LSAs cannot be reliably advertised in this network.",
1467 &nbr->router_id);
1468 /* This situation is undesirable, but not a real
1469 * error. */
1470 }
1471 }
1472
1473 OSPF_NSM_EVENT_EXECUTE(nbr, NSM_NegotiationDone);
1474
1475 /* continue processing rest of packet. */
1476 ospf_db_desc_proc(s, oi, nbr, dd, size);
1477 break;
1478 case NSM_Exchange:
1479 if (ospf_db_desc_is_dup(dd, nbr)) {
1480 if (IS_SET_DD_MS(nbr->dd_flags))
1481 /* Master: discard duplicated DD packet. */
1482 zlog_info(
1483 "Packet[DD] (Master): Neighbor %pI4 packet duplicated.",
1484 &nbr->router_id);
1485 else
1486 /* Slave: cause to retransmit the last Database
1487 Description. */
1488 {
1489 zlog_info(
1490 "Packet[DD] [Slave]: Neighbor %pI4 packet duplicated.",
1491 &nbr->router_id);
1492 ospf_db_desc_resend(nbr);
1493 }
1494 break;
1495 }
1496
1497 /* Otherwise DD packet should be checked. */
1498 /* Check Master/Slave bit mismatch */
1499 if (IS_SET_DD_MS(dd->flags)
1500 != IS_SET_DD_MS(nbr->last_recv.flags)) {
1501 flog_warn(EC_OSPF_PACKET,
1502 "Packet[DD]: Neighbor %pI4 MS-bit mismatch.",
1503 &nbr->router_id);
1504 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_SeqNumberMismatch);
1505 if (IS_DEBUG_OSPF_EVENT)
1506 zlog_debug(
1507 "Packet[DD]: dd->flags=%d, nbr->dd_flags=%d",
1508 dd->flags, nbr->dd_flags);
1509 break;
1510 }
1511
1512 /* Check initialize bit is set. */
1513 if (IS_SET_DD_I(dd->flags)) {
1514 zlog_info("Packet[DD]: Neighbor %pI4 I-bit set.",
1515 &nbr->router_id);
1516 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_SeqNumberMismatch);
1517 break;
1518 }
1519
1520 /* Check DD Options. */
1521 if (dd->options != nbr->options) {
1522 flog_warn(EC_OSPF_PACKET,
1523 "Packet[DD]: Neighbor %pI4 options mismatch.",
1524 &nbr->router_id);
1525 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_SeqNumberMismatch);
1526 break;
1527 }
1528
1529 /* Check DD sequence number. */
1530 if ((IS_SET_DD_MS(nbr->dd_flags)
1531 && ntohl(dd->dd_seqnum) != nbr->dd_seqnum)
1532 || (!IS_SET_DD_MS(nbr->dd_flags)
1533 && ntohl(dd->dd_seqnum) != nbr->dd_seqnum + 1)) {
1534 flog_warn(
1535 EC_OSPF_PACKET,
1536 "Packet[DD]: Neighbor %pI4 sequence number mismatch.",
1537 &nbr->router_id);
1538 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_SeqNumberMismatch);
1539 break;
1540 }
1541
1542 /* Continue processing rest of packet. */
1543 ospf_db_desc_proc(s, oi, nbr, dd, size);
1544 break;
1545 case NSM_Loading:
1546 case NSM_Full:
1547 if (ospf_db_desc_is_dup(dd, nbr)) {
1548 if (IS_SET_DD_MS(nbr->dd_flags)) {
1549 /* Master should discard duplicate DD packet. */
1550 zlog_info(
1551 "Packet[DD]: Neighbor %pI4 duplicated, packet discarded.",
1552 &nbr->router_id);
1553 break;
1554 } else {
1555 if (monotime_since(&nbr->last_send_ts, NULL)
1556 < nbr->v_inactivity * 1000000LL) {
1557 /* In states Loading and Full the slave
1558 must resend
1559 its last Database Description packet
1560 in response to
1561 duplicate Database Description
1562 packets received
1563 from the master. For this reason the
1564 slave must
1565 wait RouterDeadInterval seconds
1566 before freeing the
1567 last Database Description packet.
1568 Reception of a
1569 Database Description packet from the
1570 master after
1571 this interval will generate a
1572 SeqNumberMismatch
1573 neighbor event. RFC2328 Section 10.8
1574 */
1575 ospf_db_desc_resend(nbr);
1576 break;
1577 }
1578 }
1579 }
1580
1581 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_SeqNumberMismatch);
1582 break;
1583 default:
1584 flog_warn(EC_OSPF_PACKET,
1585 "Packet[DD]: Neighbor %pI4 NSM illegal status %u.",
1586 &nbr->router_id, nbr->state);
1587 break;
1588 }
1589 }
1590
1591 #define OSPF_LSA_KEY_SIZE 12 /* type(4) + id(4) + ar(4) */
1592
1593 /* OSPF Link State Request Read -- RFC2328 Section 10.7. */
1594 static void ospf_ls_req(struct ip *iph, struct ospf_header *ospfh,
1595 struct stream *s, struct ospf_interface *oi,
1596 uint16_t size)
1597 {
1598 struct ospf_neighbor *nbr;
1599 uint32_t ls_type;
1600 struct in_addr ls_id;
1601 struct in_addr adv_router;
1602 struct ospf_lsa *find;
1603 struct list *ls_upd;
1604 unsigned int length;
1605
1606 /* Increment statistics. */
1607 oi->ls_req_in++;
1608
1609 nbr = ospf_nbr_lookup(oi, iph, ospfh);
1610 if (nbr == NULL) {
1611 flog_warn(EC_OSPF_PACKET,
1612 "Link State Request: Unknown Neighbor %pI4",
1613 &ospfh->router_id);
1614 return;
1615 }
1616
1617 /* Neighbor State should be Exchange or later. */
1618 if (nbr->state != NSM_Exchange && nbr->state != NSM_Loading
1619 && nbr->state != NSM_Full) {
1620 flog_warn(
1621 EC_OSPF_PACKET,
1622 "Link State Request received from %pI4: Neighbor state is %s, packet discarded.",
1623 &ospfh->router_id,
1624 lookup_msg(ospf_nsm_state_msg, nbr->state, NULL));
1625 return;
1626 }
1627
1628 /* Send Link State Update for ALL requested LSAs. */
1629 ls_upd = list_new();
1630 length = OSPF_HEADER_SIZE + OSPF_LS_UPD_MIN_SIZE;
1631
1632 while (size >= OSPF_LSA_KEY_SIZE) {
1633 /* Get one slice of Link State Request. */
1634 ls_type = stream_getl(s);
1635 ls_id.s_addr = stream_get_ipv4(s);
1636 adv_router.s_addr = stream_get_ipv4(s);
1637
1638 /* Verify LSA type. */
1639 if (ls_type < OSPF_MIN_LSA || ls_type >= OSPF_MAX_LSA) {
1640 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_BadLSReq);
1641 list_delete(&ls_upd);
1642 return;
1643 }
1644
1645 /* Search proper LSA in LSDB. */
1646 find = ospf_lsa_lookup(oi->ospf, oi->area, ls_type, ls_id,
1647 adv_router);
1648 if (find == NULL) {
1649 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_BadLSReq);
1650 list_delete(&ls_upd);
1651 return;
1652 }
1653
1654 /* Packet overflows MTU size, send immediately. */
1655 if (length + ntohs(find->data->length) > ospf_packet_max(oi)) {
1656 if (oi->type == OSPF_IFTYPE_NBMA)
1657 ospf_ls_upd_send(nbr, ls_upd,
1658 OSPF_SEND_PACKET_DIRECT, 0);
1659 else
1660 ospf_ls_upd_send(nbr, ls_upd,
1661 OSPF_SEND_PACKET_INDIRECT, 0);
1662
1663 /* Only remove list contents. Keep ls_upd. */
1664 list_delete_all_node(ls_upd);
1665
1666 length = OSPF_HEADER_SIZE + OSPF_LS_UPD_MIN_SIZE;
1667 }
1668
1669 /* Append LSA to update list. */
1670 listnode_add(ls_upd, find);
1671 length += ntohs(find->data->length);
1672
1673 size -= OSPF_LSA_KEY_SIZE;
1674 }
1675
1676 /* Send rest of Link State Update. */
1677 if (listcount(ls_upd) > 0) {
1678 if (oi->type == OSPF_IFTYPE_NBMA)
1679 ospf_ls_upd_send(nbr, ls_upd, OSPF_SEND_PACKET_DIRECT,
1680 0);
1681 else
1682 ospf_ls_upd_send(nbr, ls_upd, OSPF_SEND_PACKET_INDIRECT,
1683 0);
1684
1685 list_delete(&ls_upd);
1686 } else
1687 list_delete(&ls_upd);
1688 }
1689
1690 /* Get the list of LSAs from Link State Update packet.
1691 And process some validation -- RFC2328 Section 13. (1)-(2). */
1692 static struct list *ospf_ls_upd_list_lsa(struct ospf_neighbor *nbr,
1693 struct stream *s,
1694 struct ospf_interface *oi, size_t size)
1695 {
1696 uint16_t count, sum;
1697 uint32_t length;
1698 struct lsa_header *lsah;
1699 struct ospf_lsa *lsa;
1700 struct list *lsas;
1701
1702 lsas = list_new();
1703
1704 count = stream_getl(s);
1705 size -= OSPF_LS_UPD_MIN_SIZE; /* # LSAs */
1706
1707 for (; size >= OSPF_LSA_HEADER_SIZE && count > 0;
1708 size -= length, stream_forward_getp(s, length), count--) {
1709 lsah = (struct lsa_header *)stream_pnt(s);
1710 length = ntohs(lsah->length);
1711
1712 if (length > size) {
1713 flog_warn(
1714 EC_OSPF_PACKET,
1715 "Link State Update: LSA length exceeds packet size.");
1716 break;
1717 }
1718
1719 if (length < OSPF_LSA_HEADER_SIZE) {
1720 flog_warn(EC_OSPF_PACKET,
1721 "Link State Update: LSA length too small.");
1722 break;
1723 }
1724
1725 /* Validate the LSA's LS checksum. */
1726 sum = lsah->checksum;
1727 if (!ospf_lsa_checksum_valid(lsah)) {
1728 /* (bug #685) more details in a one-line message make it
1729 * possible
1730 * to identify problem source on the one hand and to
1731 * have a better
1732 * chance to compress repeated messages in syslog on the
1733 * other */
1734 flog_warn(
1735 EC_OSPF_PACKET,
1736 "Link State Update: LSA checksum error %x/%x, ID=%pI4 from: nbr %pI4, router ID %pI4, adv router %pI4",
1737 sum, lsah->checksum, &lsah->id,
1738 &nbr->src, &nbr->router_id,
1739 &lsah->adv_router);
1740 continue;
1741 }
1742
1743 /* Examine the LSA's LS type. */
1744 if (lsah->type < OSPF_MIN_LSA || lsah->type >= OSPF_MAX_LSA) {
1745 flog_warn(EC_OSPF_PACKET,
1746 "Link State Update: Unknown LS type %d",
1747 lsah->type);
1748 continue;
1749 }
1750
1751 /*
1752 * What if the received LSA's age is greater than MaxAge?
1753 * Treat it as a MaxAge case -- endo.
1754 */
1755 if (ntohs(lsah->ls_age) > OSPF_LSA_MAXAGE)
1756 lsah->ls_age = htons(OSPF_LSA_MAXAGE);
1757
1758 if (CHECK_FLAG(nbr->options, OSPF_OPTION_O)) {
1759 #ifdef STRICT_OBIT_USAGE_CHECK
1760 if ((IS_OPAQUE_LSA(lsah->type)
1761 && !CHECK_FLAG(lsah->options, OSPF_OPTION_O))
1762 || (!IS_OPAQUE_LSA(lsah->type)
1763 && CHECK_FLAG(lsah->options, OSPF_OPTION_O))) {
1764 /*
1765 * This neighbor must know the exact usage of
1766 * O-bit;
1767 * the bit will be set in Type-9,10,11 LSAs
1768 * only.
1769 */
1770 flog_warn(EC_OSPF_PACKET,
1771 "LSA[Type%d:%pI4]: O-bit abuse?",
1772 lsah->type, &lsah->id);
1773 continue;
1774 }
1775 #endif /* STRICT_OBIT_USAGE_CHECK */
1776
1777 /* Do not take in AS External Opaque-LSAs if we are a
1778 * stub. */
1779 if (lsah->type == OSPF_OPAQUE_AS_LSA
1780 && nbr->oi->area->external_routing
1781 != OSPF_AREA_DEFAULT) {
1782 if (IS_DEBUG_OSPF_EVENT)
1783 zlog_debug(
1784 "LSA[Type%d:%pI4]: We are a stub, don't take this LSA.",
1785 lsah->type,
1786 &lsah->id);
1787 continue;
1788 }
1789 } else if (IS_OPAQUE_LSA(lsah->type)) {
1790 flog_warn(
1791 EC_OSPF_PACKET,
1792 "LSA[Type%d:%pI4] from %pI4: Opaque capability mismatch?",
1793 lsah->type, &lsah->id, &lsah->adv_router);
1794 continue;
1795 }
1796
1797 /* Create OSPF LSA instance. */
1798 lsa = ospf_lsa_new_and_data(length);
1799
1800 lsa->vrf_id = oi->ospf->vrf_id;
1801 /* We may wish to put some error checking if type NSSA comes in
1802 and area not in NSSA mode */
1803 switch (lsah->type) {
1804 case OSPF_AS_EXTERNAL_LSA:
1805 case OSPF_OPAQUE_AS_LSA:
1806 lsa->area = NULL;
1807 break;
1808 case OSPF_OPAQUE_LINK_LSA:
1809 lsa->oi = oi; /* Remember incoming interface for
1810 flooding control. */
1811 /* Fallthrough */
1812 default:
1813 lsa->area = oi->area;
1814 break;
1815 }
1816
1817 memcpy(lsa->data, lsah, length);
1818
1819 if (IS_DEBUG_OSPF_EVENT)
1820 zlog_debug(
1821 "LSA[Type%d:%pI4]: %p new LSA created with Link State Update",
1822 lsa->data->type, &lsa->data->id,
1823 (void *)lsa);
1824 listnode_add(lsas, lsa);
1825 }
1826
1827 return lsas;
1828 }
1829
1830 /* Cleanup Update list. */
1831 static void ospf_upd_list_clean(struct list *lsas)
1832 {
1833 struct listnode *node, *nnode;
1834 struct ospf_lsa *lsa;
1835
1836 for (ALL_LIST_ELEMENTS(lsas, node, nnode, lsa))
1837 ospf_lsa_discard(lsa);
1838
1839 list_delete(&lsas);
1840 }
1841
1842 /* OSPF Link State Update message read -- RFC2328 Section 13. */
1843 static void ospf_ls_upd(struct ospf *ospf, struct ip *iph,
1844 struct ospf_header *ospfh, struct stream *s,
1845 struct ospf_interface *oi, uint16_t size)
1846 {
1847 struct ospf_neighbor *nbr;
1848 struct list *lsas;
1849 struct listnode *node, *nnode;
1850 struct ospf_lsa *lsa = NULL;
1851 /* unsigned long ls_req_found = 0; */
1852
1853 /* Dis-assemble the stream, update each entry, re-encapsulate for
1854 * flooding */
1855
1856 /* Increment statistics. */
1857 oi->ls_upd_in++;
1858
1859 /* Check neighbor. */
1860 nbr = ospf_nbr_lookup(oi, iph, ospfh);
1861 if (nbr == NULL) {
1862 flog_warn(EC_OSPF_PACKET,
1863 "Link State Update: Unknown Neighbor %pI4 on int: %s",
1864 &ospfh->router_id, IF_NAME(oi));
1865 return;
1866 }
1867
1868 /* Check neighbor state. */
1869 if (nbr->state < NSM_Exchange) {
1870 if (IS_DEBUG_OSPF(nsm, NSM_EVENTS))
1871 zlog_debug(
1872 "Link State Update: Neighbor[%pI4] state %s is less than Exchange",
1873 &ospfh->router_id,
1874 lookup_msg(ospf_nsm_state_msg, nbr->state,
1875 NULL));
1876 return;
1877 }
1878
1879 /* Get list of LSAs from Link State Update packet. - Also performs
1880 * Stages 1 (validate LSA checksum) and 2 (check for LSA consistent
1881 * type) of section 13.
1882 */
1883 lsas = ospf_ls_upd_list_lsa(nbr, s, oi, size);
1884
1885 if (lsas == NULL)
1886 return;
1887 #define DISCARD_LSA(L, N) \
1888 { \
1889 if (IS_DEBUG_OSPF_EVENT) \
1890 zlog_debug( \
1891 "ospf_lsa_discard() in ospf_ls_upd() point %d: lsa %p" \
1892 " Type-%d", \
1893 N, (void *)lsa, (int)lsa->data->type); \
1894 ospf_lsa_discard(L); \
1895 continue; \
1896 }
1897
1898 /* Process each LSA received in the one packet.
1899 *
1900 * Numbers in parentheses, e.g. (1), (2), etc., and the corresponding
1901 * text below are from the steps in RFC 2328, Section 13.
1902 */
1903 for (ALL_LIST_ELEMENTS(lsas, node, nnode, lsa)) {
1904 struct ospf_lsa *ls_ret, *current;
1905 int ret = 1;
1906
1907 if (IS_DEBUG_OSPF(lsa, LSA))
1908 zlog_debug("LSA Type-%d from %pI4, ID: %pI4, ADV: %pI4",
1909 lsa->data->type, &ospfh->router_id,
1910 &lsa->data->id, &lsa->data->adv_router);
1911
1912 listnode_delete(lsas,
1913 lsa); /* We don't need it in list anymore */
1914
1915 /* (1) Validate Checksum - Done above by ospf_ls_upd_list_lsa()
1916 */
1917
1918 /* (2) LSA Type - Done above by ospf_ls_upd_list_lsa() */
1919
1920 /* (3) Do not take in AS External LSAs if we are a stub or NSSA.
1921 */
1922
1923 /* Do not take in AS NSSA if this neighbor and we are not NSSA
1924 */
1925
1926 /* Do take in Type-7's if we are an NSSA */
1927
1928 /* If we are also an ABR, later translate them to a Type-5
1929 * packet */
1930
1931 /* Later, an NSSA Re-fresh can Re-fresh Type-7's and an ABR will
1932 translate them to a separate Type-5 packet. */
1933
1934 if (lsa->data->type == OSPF_AS_EXTERNAL_LSA)
1935 /* Reject from STUB or NSSA */
1936 if (nbr->oi->area->external_routing
1937 != OSPF_AREA_DEFAULT) {
1938 if (IS_DEBUG_OSPF_NSSA)
1939 zlog_debug(
1940 "Incoming External LSA Discarded: We are NSSA/STUB Area");
1941 DISCARD_LSA(lsa, 1);
1942 }
1943
1944 if (lsa->data->type == OSPF_AS_NSSA_LSA)
1945 if (nbr->oi->area->external_routing != OSPF_AREA_NSSA) {
1946 if (IS_DEBUG_OSPF_NSSA)
1947 zlog_debug(
1948 "Incoming NSSA LSA Discarded: Not NSSA Area");
1949 DISCARD_LSA(lsa, 2);
1950 }
1951
1952 /* VU229804: Router-LSA Adv-ID must be equal to LS-ID */
1953 if (lsa->data->type == OSPF_ROUTER_LSA)
1954 if (!IPV4_ADDR_SAME(&lsa->data->id,
1955 &lsa->data->adv_router)) {
1956 flog_err(
1957 EC_OSPF_ROUTER_LSA_MISMATCH,
1958 "Incoming Router-LSA from %pI4 with Adv-ID[%pI4] != LS-ID[%pI4]",
1959 &ospfh->router_id, &lsa->data->id,
1960 &lsa->data->adv_router);
1961 flog_err(
1962 EC_OSPF_DOMAIN_CORRUPT,
1963 "OSPF domain compromised by attack or corruption. Verify correct operation of -ALL- OSPF routers.");
1964 DISCARD_LSA(lsa, 0);
1965 }
1966
1967 /* Find the LSA in the current database. */
1968
1969 current = ospf_lsa_lookup_by_header(oi->area, lsa->data);
1970
1971 /* (4) If the LSA's LS age is equal to MaxAge, and there is
1972 currently
1973 no instance of the LSA in the router's link state database,
1974 and none of router's neighbors are in states Exchange or
1975 Loading,
1976 then take the following actions: */
1977
1978 if (IS_LSA_MAXAGE(lsa) && !current
1979 && ospf_check_nbr_status(oi->ospf)) {
1980 /* (4a) Response Link State Acknowledgment. */
1981 ospf_ls_ack_send(nbr, lsa);
1982
1983 /* (4b) Discard LSA. */
1984 if (IS_DEBUG_OSPF(lsa, LSA)) {
1985 zlog_debug(
1986 "Link State Update[%s]: LS age is equal to MaxAge.",
1987 dump_lsa_key(lsa));
1988 }
1989 DISCARD_LSA(lsa, 3);
1990 }
1991
1992 if (IS_OPAQUE_LSA(lsa->data->type)
1993 && IPV4_ADDR_SAME(&lsa->data->adv_router,
1994 &oi->ospf->router_id)) {
1995 /*
1996 * Even if initial flushing seems to be completed, there
1997 * might
1998 * be a case that self-originated LSA with MaxAge still
1999 * remain
2000 * in the routing domain.
2001 * Just send an LSAck message to cease retransmission.
2002 */
2003 if (IS_LSA_MAXAGE(lsa)) {
2004 zlog_info("LSA[%s]: Boomerang effect?",
2005 dump_lsa_key(lsa));
2006 ospf_ls_ack_send(nbr, lsa);
2007 ospf_lsa_discard(lsa);
2008
2009 if (current != NULL && !IS_LSA_MAXAGE(current))
2010 ospf_opaque_lsa_refresh_schedule(
2011 current);
2012 continue;
2013 }
2014
2015 /*
2016 * If an instance of self-originated Opaque-LSA is not
2017 * found
2018 * in the LSDB, there are some possible cases here.
2019 *
2020 * 1) This node lost opaque-capability after restart.
2021 * 2) Else, a part of opaque-type is no more supported.
2022 * 3) Else, a part of opaque-id is no more supported.
2023 *
2024 * Anyway, it is still this node's responsibility to
2025 * flush it.
2026 * Otherwise, the LSA instance remains in the routing
2027 * domain
2028 * until its age reaches to MaxAge.
2029 */
2030 /* XXX: We should deal with this for *ALL* LSAs, not
2031 * just opaque */
2032 if (current == NULL) {
2033 if (IS_DEBUG_OSPF_EVENT)
2034 zlog_debug(
2035 "LSA[%s]: Previously originated Opaque-LSA,not found in the LSDB.",
2036 dump_lsa_key(lsa));
2037
2038 SET_FLAG(lsa->flags, OSPF_LSA_SELF);
2039
2040 ospf_ls_ack_send(nbr, lsa);
2041
2042 if (!ospf->gr_info.restart_in_progress) {
2043 ospf_opaque_self_originated_lsa_received(
2044 nbr, lsa);
2045 continue;
2046 }
2047 }
2048 }
2049
2050 /* It might be happen that received LSA is self-originated
2051 * network LSA, but
2052 * router ID is changed. So, we should check if LSA is a
2053 * network-LSA whose
2054 * Link State ID is one of the router's own IP interface
2055 * addresses but whose
2056 * Advertising Router is not equal to the router's own Router ID
2057 * According to RFC 2328 12.4.2 and 13.4 this LSA should be
2058 * flushed.
2059 */
2060
2061 if (lsa->data->type == OSPF_NETWORK_LSA) {
2062 struct listnode *oinode, *oinnode;
2063 struct ospf_interface *out_if;
2064 int Flag = 0;
2065
2066 for (ALL_LIST_ELEMENTS(oi->ospf->oiflist, oinode,
2067 oinnode, out_if)) {
2068 if (out_if == NULL)
2069 break;
2070
2071 if ((IPV4_ADDR_SAME(&out_if->address->u.prefix4,
2072 &lsa->data->id))
2073 && (!(IPV4_ADDR_SAME(
2074 &oi->ospf->router_id,
2075 &lsa->data->adv_router)))) {
2076 if (out_if->network_lsa_self) {
2077 ospf_lsa_flush_area(
2078 lsa, out_if->area);
2079 if (IS_DEBUG_OSPF_EVENT)
2080 zlog_debug(
2081 "ospf_lsa_discard() in ospf_ls_upd() point 9: lsa %p Type-%d",
2082 (void *)lsa,
2083 (int)lsa->data
2084 ->type);
2085 ospf_lsa_discard(lsa);
2086 Flag = 1;
2087 }
2088 break;
2089 }
2090 }
2091 if (Flag)
2092 continue;
2093 }
2094
2095 /* (5) Find the instance of this LSA that is currently contained
2096 in the router's link state database. If there is no
2097 database copy, or the received LSA is more recent than
2098 the database copy the following steps must be performed.
2099 (The sub steps from RFC 2328 section 13 step (5) will be
2100 performed in
2101 ospf_flood() ) */
2102
2103 if (current == NULL
2104 || (ret = ospf_lsa_more_recent(current, lsa)) < 0) {
2105 /* CVE-2017-3224 */
2106 if (current && (IS_LSA_MAX_SEQ(current))
2107 && (IS_LSA_MAX_SEQ(lsa)) && !IS_LSA_MAXAGE(lsa)) {
2108 zlog_debug(
2109 "Link State Update[%s]: has Max Seq and higher checksum but not MaxAge. Dropping it",
2110 dump_lsa_key(lsa));
2111
2112 DISCARD_LSA(lsa, 4);
2113 }
2114
2115 /* Actual flooding procedure. */
2116 if (ospf_flood(oi->ospf, nbr, current, lsa)
2117 < 0) /* Trap NSSA later. */
2118 DISCARD_LSA(lsa, 5);
2119 continue;
2120 }
2121
2122 /* (6) Else, If there is an instance of the LSA on the sending
2123 neighbor's Link state request list, an error has occurred in
2124 the Database Exchange process. In this case, restart the
2125 Database Exchange process by generating the neighbor event
2126 BadLSReq for the sending neighbor and stop processing the
2127 Link State Update packet. */
2128
2129 if (ospf_ls_request_lookup(nbr, lsa)) {
2130 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_BadLSReq);
2131 flog_warn(
2132 EC_OSPF_PACKET,
2133 "LSA[%s] instance exists on Link state request list",
2134 dump_lsa_key(lsa));
2135
2136 /* Clean list of LSAs. */
2137 ospf_upd_list_clean(lsas);
2138 /* this lsa is not on lsas list already. */
2139 ospf_lsa_discard(lsa);
2140 return;
2141 }
2142
2143 /* If the received LSA is the same instance as the database copy
2144 (i.e., neither one is more recent) the following two steps
2145 should be performed: */
2146
2147 if (ret == 0) {
2148 /* If the LSA is listed in the Link state retransmission
2149 list
2150 for the receiving adjacency, the router itself is
2151 expecting
2152 an acknowledgment for this LSA. The router should
2153 treat the
2154 received LSA as an acknowledgment by removing the LSA
2155 from
2156 the Link state retransmission list. This is termed
2157 an
2158 "implied acknowledgment". */
2159
2160 ls_ret = ospf_ls_retransmit_lookup(nbr, lsa);
2161
2162 if (ls_ret != NULL) {
2163 ospf_ls_retransmit_delete(nbr, ls_ret);
2164
2165 /* Delayed acknowledgment sent if advertisement
2166 received
2167 from Designated Router, otherwise do nothing.
2168 */
2169 if (oi->state == ISM_Backup)
2170 if (NBR_IS_DR(nbr))
2171 listnode_add(
2172 oi->ls_ack,
2173 ospf_lsa_lock(lsa));
2174
2175 DISCARD_LSA(lsa, 6);
2176 } else
2177 /* Acknowledge the receipt of the LSA by sending a
2178 Link State Acknowledgment packet back out the
2179 receiving
2180 interface. */
2181 {
2182 ospf_ls_ack_send(nbr, lsa);
2183 DISCARD_LSA(lsa, 7);
2184 }
2185 }
2186
2187 /* The database copy is more recent. If the database copy
2188 has LS age equal to MaxAge and LS sequence number equal to
2189 MaxSequenceNumber, simply discard the received LSA without
2190 acknowledging it. (In this case, the LSA's LS sequence number
2191 is
2192 wrapping, and the MaxSequenceNumber LSA must be completely
2193 flushed before any new LSA instance can be introduced). */
2194
2195 else if (ret > 0) /* Database copy is more recent */
2196 {
2197 if (IS_LSA_MAXAGE(current)
2198 && current->data->ls_seqnum
2199 == htonl(OSPF_MAX_SEQUENCE_NUMBER)) {
2200 DISCARD_LSA(lsa, 8);
2201 }
2202 /* Otherwise, as long as the database copy has not been
2203 sent in a
2204 Link State Update within the last MinLSArrival
2205 seconds, send the
2206 database copy back to the sending neighbor,
2207 encapsulated within
2208 a Link State Update Packet. The Link State Update
2209 Packet should
2210 be sent directly to the neighbor. In so doing, do not
2211 put the
2212 database copy of the LSA on the neighbor's link state
2213 retransmission list, and do not acknowledge the
2214 received (less
2215 recent) LSA instance. */
2216 else {
2217 if (monotime_since(&current->tv_orig, NULL)
2218 >= ospf->min_ls_arrival * 1000LL)
2219 /* Trap NSSA type later.*/
2220 ospf_ls_upd_send_lsa(
2221 nbr, current,
2222 OSPF_SEND_PACKET_DIRECT);
2223 DISCARD_LSA(lsa, 9);
2224 }
2225 }
2226 }
2227 #undef DISCARD_LSA
2228
2229 assert(listcount(lsas) == 0);
2230 list_delete(&lsas);
2231
2232 if (ospf->gr_info.restart_in_progress)
2233 ospf_gr_check_lsdb_consistency(oi->ospf, oi->area);
2234 }
2235
2236 /* OSPF Link State Acknowledgment message read -- RFC2328 Section 13.7. */
2237 static void ospf_ls_ack(struct ip *iph, struct ospf_header *ospfh,
2238 struct stream *s, struct ospf_interface *oi,
2239 uint16_t size)
2240 {
2241 struct ospf_neighbor *nbr;
2242
2243 /* increment statistics. */
2244 oi->ls_ack_in++;
2245
2246 nbr = ospf_nbr_lookup(oi, iph, ospfh);
2247 if (nbr == NULL) {
2248 flog_warn(EC_OSPF_PACKET,
2249 "Link State Acknowledgment: Unknown Neighbor %pI4",
2250 &ospfh->router_id);
2251 return;
2252 }
2253
2254 if (nbr->state < NSM_Exchange) {
2255 if (IS_DEBUG_OSPF(nsm, NSM_EVENTS))
2256 zlog_debug(
2257 "Link State Acknowledgment: Neighbor[%pI4] state %s is less than Exchange",
2258 &ospfh->router_id,
2259 lookup_msg(ospf_nsm_state_msg, nbr->state,
2260 NULL));
2261 return;
2262 }
2263
2264 while (size >= OSPF_LSA_HEADER_SIZE) {
2265 struct ospf_lsa *lsa, *lsr;
2266
2267 lsa = ospf_lsa_new();
2268 lsa->data = (struct lsa_header *)stream_pnt(s);
2269 lsa->vrf_id = oi->ospf->vrf_id;
2270
2271 /* lsah = (struct lsa_header *) stream_pnt (s); */
2272 size -= OSPF_LSA_HEADER_SIZE;
2273 stream_forward_getp(s, OSPF_LSA_HEADER_SIZE);
2274
2275 if (lsa->data->type < OSPF_MIN_LSA
2276 || lsa->data->type >= OSPF_MAX_LSA) {
2277 lsa->data = NULL;
2278 ospf_lsa_discard(lsa);
2279 continue;
2280 }
2281
2282 lsr = ospf_ls_retransmit_lookup(nbr, lsa);
2283
2284 if (lsr != NULL && ospf_lsa_more_recent(lsr, lsa) == 0) {
2285 ospf_ls_retransmit_delete(nbr, lsr);
2286 ospf_check_and_gen_init_seq_lsa(oi, lsa);
2287 }
2288
2289 lsa->data = NULL;
2290 ospf_lsa_discard(lsa);
2291 }
2292
2293 return;
2294 }
2295
2296 static struct stream *ospf_recv_packet(struct ospf *ospf, int fd,
2297 struct interface **ifp,
2298 struct stream *ibuf)
2299 {
2300 int ret;
2301 struct ip *iph;
2302 uint16_t ip_len;
2303 ifindex_t ifindex = 0;
2304 struct iovec iov;
2305 /* Header and data both require alignment. */
2306 char buff[CMSG_SPACE(SOPT_SIZE_CMSG_IFINDEX_IPV4())];
2307 struct msghdr msgh;
2308
2309 memset(&msgh, 0, sizeof(msgh));
2310 msgh.msg_iov = &iov;
2311 msgh.msg_iovlen = 1;
2312 msgh.msg_control = (caddr_t)buff;
2313 msgh.msg_controllen = sizeof(buff);
2314
2315 ret = stream_recvmsg(ibuf, fd, &msgh, MSG_DONTWAIT,
2316 OSPF_MAX_PACKET_SIZE + 1);
2317 if (ret < 0) {
2318 if (errno != EAGAIN && errno != EWOULDBLOCK)
2319 flog_warn(EC_OSPF_PACKET, "stream_recvmsg failed: %s",
2320 safe_strerror(errno));
2321 return NULL;
2322 }
2323 if ((unsigned int)ret < sizeof(struct ip)) {
2324 flog_warn(
2325 EC_OSPF_PACKET,
2326 "%s: discarding runt packet of length %d (ip header size is %u)",
2327 __func__, ret, (unsigned int)sizeof(iph));
2328 return NULL;
2329 }
2330
2331 /* Note that there should not be alignment problems with this assignment
2332 because this is at the beginning of the stream data buffer. */
2333 iph = (struct ip *)STREAM_DATA(ibuf);
2334 sockopt_iphdrincl_swab_systoh(iph);
2335
2336 ip_len = iph->ip_len;
2337
2338 #if defined(__FreeBSD__) && (__FreeBSD_version < 1000000)
2339 /*
2340 * Kernel network code touches incoming IP header parameters,
2341 * before protocol specific processing.
2342 *
2343 * 1) Convert byteorder to host representation.
2344 * --> ip_len, ip_id, ip_off
2345 *
2346 * 2) Adjust ip_len to strip IP header size!
2347 * --> If user process receives entire IP packet via RAW
2348 * socket, it must consider adding IP header size to
2349 * the "ip_len" field of "ip" structure.
2350 *
2351 * For more details, see <netinet/ip_input.c>.
2352 */
2353 ip_len = ip_len + (iph->ip_hl << 2);
2354 #endif
2355
2356 #if defined(__DragonFly__)
2357 /*
2358 * in DragonFly's raw socket, ip_len/ip_off are read
2359 * in network byte order.
2360 * As OpenBSD < 200311 adjust ip_len to strip IP header size!
2361 */
2362 ip_len = ntohs(iph->ip_len) + (iph->ip_hl << 2);
2363 #endif
2364
2365 ifindex = getsockopt_ifindex(AF_INET, &msgh);
2366
2367 *ifp = if_lookup_by_index(ifindex, ospf->vrf_id);
2368
2369 if (ret != ip_len) {
2370 flog_warn(
2371 EC_OSPF_PACKET,
2372 "%s read length mismatch: ip_len is %d, but recvmsg returned %d",
2373 __func__, ip_len, ret);
2374 return NULL;
2375 }
2376
2377 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2378 zlog_debug("%s: fd %d(%s) on interface %d(%s)", __func__, fd,
2379 ospf_get_name(ospf), ifindex,
2380 *ifp ? (*ifp)->name : "Unknown");
2381 return ibuf;
2382 }
2383
2384 static struct ospf_interface *
2385 ospf_associate_packet_vl(struct ospf *ospf, struct interface *ifp,
2386 struct ip *iph, struct ospf_header *ospfh)
2387 {
2388 struct ospf_interface *rcv_oi;
2389 struct ospf_vl_data *vl_data;
2390 struct ospf_area *vl_area;
2391 struct listnode *node;
2392
2393 if (IN_MULTICAST(ntohl(iph->ip_dst.s_addr))
2394 || !OSPF_IS_AREA_BACKBONE(ospfh))
2395 return NULL;
2396
2397 /* look for local OSPF interface matching the destination
2398 * to determine Area ID. We presume therefore the destination address
2399 * is unique, or at least (for "unnumbered" links), not used in other
2400 * areas
2401 */
2402 if ((rcv_oi = ospf_if_lookup_by_local_addr(ospf, NULL, iph->ip_dst))
2403 == NULL)
2404 return NULL;
2405
2406 for (ALL_LIST_ELEMENTS_RO(ospf->vlinks, node, vl_data)) {
2407 vl_area =
2408 ospf_area_lookup_by_area_id(ospf, vl_data->vl_area_id);
2409 if (!vl_area)
2410 continue;
2411
2412 if (OSPF_AREA_SAME(&vl_area, &rcv_oi->area)
2413 && IPV4_ADDR_SAME(&vl_data->vl_peer, &ospfh->router_id)) {
2414 if (IS_DEBUG_OSPF_EVENT)
2415 zlog_debug("associating packet with %s",
2416 IF_NAME(vl_data->vl_oi));
2417 if (!CHECK_FLAG(vl_data->vl_oi->ifp->flags, IFF_UP)) {
2418 if (IS_DEBUG_OSPF_EVENT)
2419 zlog_debug(
2420 "This VL is not up yet, sorry");
2421 return NULL;
2422 }
2423
2424 return vl_data->vl_oi;
2425 }
2426 }
2427
2428 if (IS_DEBUG_OSPF_EVENT)
2429 zlog_debug("couldn't find any VL to associate the packet with");
2430
2431 return NULL;
2432 }
2433
2434 static int ospf_check_area_id(struct ospf_interface *oi,
2435 struct ospf_header *ospfh)
2436 {
2437 /* Check match the Area ID of the receiving interface. */
2438 if (OSPF_AREA_SAME(&oi->area, &ospfh))
2439 return 1;
2440
2441 return 0;
2442 }
2443
2444 /* Unbound socket will accept any Raw IP packets if proto is matched.
2445 To prevent it, compare src IP address and i/f address with masking
2446 i/f network mask. */
2447 static int ospf_check_network_mask(struct ospf_interface *oi,
2448 struct in_addr ip_src)
2449 {
2450 struct in_addr mask, me, him;
2451
2452 if (oi->type == OSPF_IFTYPE_POINTOPOINT
2453 || oi->type == OSPF_IFTYPE_VIRTUALLINK)
2454 return 1;
2455
2456 /* Ignore mask check for max prefix length (32) */
2457 if (oi->type == OSPF_IFTYPE_POINTOMULTIPOINT
2458 && oi->address->prefixlen == IPV4_MAX_BITLEN)
2459 return 1;
2460
2461 masklen2ip(oi->address->prefixlen, &mask);
2462
2463 me.s_addr = oi->address->u.prefix4.s_addr & mask.s_addr;
2464 him.s_addr = ip_src.s_addr & mask.s_addr;
2465
2466 if (IPV4_ADDR_SAME(&me, &him))
2467 return 1;
2468
2469 return 0;
2470 }
2471
2472 /* Return 1, if the packet is properly authenticated and checksummed,
2473 0 otherwise. In particular, check that AuType header field is valid and
2474 matches the locally configured AuType, and that D.5 requirements are met. */
2475 static int ospf_check_auth(struct ospf_interface *oi, struct ospf_header *ospfh)
2476 {
2477 struct crypt_key *ck;
2478 uint16_t iface_auth_type;
2479 uint16_t pkt_auth_type = ntohs(ospfh->auth_type);
2480
2481 switch (pkt_auth_type) {
2482 case OSPF_AUTH_NULL: /* RFC2328 D.5.1 */
2483 if (OSPF_AUTH_NULL != (iface_auth_type = ospf_auth_type(oi))) {
2484 if (IS_DEBUG_OSPF_PACKET(ospfh->type - 1, RECV))
2485 flog_warn(
2486 EC_OSPF_PACKET,
2487 "interface %s: auth-type mismatch, local %s, rcvd Null",
2488 IF_NAME(oi),
2489 lookup_msg(ospf_auth_type_str,
2490 iface_auth_type, NULL));
2491 return 0;
2492 }
2493 if (!ospf_check_sum(ospfh)) {
2494 if (IS_DEBUG_OSPF_PACKET(ospfh->type - 1, RECV))
2495 flog_warn(
2496 EC_OSPF_PACKET,
2497 "interface %s: Null auth OK, but checksum error, Router-ID %pI4",
2498 IF_NAME(oi),
2499 &ospfh->router_id);
2500 return 0;
2501 }
2502 return 1;
2503 case OSPF_AUTH_SIMPLE: /* RFC2328 D.5.2 */
2504 if (OSPF_AUTH_SIMPLE
2505 != (iface_auth_type = ospf_auth_type(oi))) {
2506 if (IS_DEBUG_OSPF_PACKET(ospfh->type - 1, RECV))
2507 flog_warn(
2508 EC_OSPF_PACKET,
2509 "interface %s: auth-type mismatch, local %s, rcvd Simple",
2510 IF_NAME(oi),
2511 lookup_msg(ospf_auth_type_str,
2512 iface_auth_type, NULL));
2513 return 0;
2514 }
2515 if (memcmp(OSPF_IF_PARAM(oi, auth_simple), ospfh->u.auth_data,
2516 OSPF_AUTH_SIMPLE_SIZE)) {
2517 if (IS_DEBUG_OSPF_PACKET(ospfh->type - 1, RECV))
2518 flog_warn(EC_OSPF_PACKET,
2519 "interface %s: Simple auth failed",
2520 IF_NAME(oi));
2521 return 0;
2522 }
2523 if (!ospf_check_sum(ospfh)) {
2524 if (IS_DEBUG_OSPF_PACKET(ospfh->type - 1, RECV))
2525 flog_warn(
2526 EC_OSPF_PACKET,
2527 "interface %s: Simple auth OK, checksum error, Router-ID %pI4",
2528 IF_NAME(oi),
2529 &ospfh->router_id);
2530 return 0;
2531 }
2532 return 1;
2533 case OSPF_AUTH_CRYPTOGRAPHIC: /* RFC2328 D.5.3 */
2534 if (OSPF_AUTH_CRYPTOGRAPHIC
2535 != (iface_auth_type = ospf_auth_type(oi))) {
2536 if (IS_DEBUG_OSPF_PACKET(ospfh->type - 1, RECV))
2537 flog_warn(
2538 EC_OSPF_PACKET,
2539 "interface %s: auth-type mismatch, local %s, rcvd Cryptographic",
2540 IF_NAME(oi),
2541 lookup_msg(ospf_auth_type_str,
2542 iface_auth_type, NULL));
2543 return 0;
2544 }
2545 if (ospfh->checksum) {
2546 if (IS_DEBUG_OSPF_PACKET(ospfh->type - 1, RECV))
2547 flog_warn(
2548 EC_OSPF_PACKET,
2549 "interface %s: OSPF header checksum is not 0",
2550 IF_NAME(oi));
2551 return 0;
2552 }
2553 /* only MD5 crypto method can pass ospf_packet_examin() */
2554 if (NULL == (ck = listgetdata(
2555 listtail(OSPF_IF_PARAM(oi, auth_crypt))))
2556 || ospfh->u.crypt.key_id != ck->key_id ||
2557 /* Condition above uses the last key ID on the list,
2558 which is
2559 different from what ospf_crypt_key_lookup() does. A
2560 bug? */
2561 !ospf_check_md5_digest(oi, ospfh)) {
2562 if (IS_DEBUG_OSPF_PACKET(ospfh->type - 1, RECV))
2563 flog_warn(EC_OSPF_MD5,
2564 "interface %s: MD5 auth failed",
2565 IF_NAME(oi));
2566 return 0;
2567 }
2568 return 1;
2569 default:
2570 if (IS_DEBUG_OSPF_PACKET(ospfh->type - 1, RECV))
2571 flog_warn(
2572 EC_OSPF_PACKET,
2573 "interface %s: invalid packet auth-type (%02x)",
2574 IF_NAME(oi), pkt_auth_type);
2575 return 0;
2576 }
2577 }
2578
2579 static int ospf_check_sum(struct ospf_header *ospfh)
2580 {
2581 uint32_t ret;
2582 uint16_t sum;
2583
2584 /* clear auth_data for checksum. */
2585 memset(ospfh->u.auth_data, 0, OSPF_AUTH_SIMPLE_SIZE);
2586
2587 /* keep checksum and clear. */
2588 sum = ospfh->checksum;
2589 memset(&ospfh->checksum, 0, sizeof(uint16_t));
2590
2591 /* calculate checksum. */
2592 ret = in_cksum(ospfh, ntohs(ospfh->length));
2593
2594 if (ret != sum) {
2595 zlog_info("%s: checksum mismatch, my %X, his %X", __func__, ret,
2596 sum);
2597 return 0;
2598 }
2599
2600 return 1;
2601 }
2602
2603 /* Verify, that given link/TOS records are properly sized/aligned and match
2604 Router-LSA "# links" and "# TOS" fields as specified in RFC2328 A.4.2. */
2605 static unsigned ospf_router_lsa_links_examin(struct router_lsa_link *link,
2606 uint16_t linkbytes,
2607 const uint16_t num_links)
2608 {
2609 unsigned counted_links = 0, thislinklen;
2610
2611 while (linkbytes >= OSPF_ROUTER_LSA_LINK_SIZE) {
2612 thislinklen =
2613 OSPF_ROUTER_LSA_LINK_SIZE + 4 * link->m[0].tos_count;
2614 if (thislinklen > linkbytes) {
2615 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2616 zlog_debug("%s: length error in link block #%u",
2617 __func__, counted_links);
2618 return MSG_NG;
2619 }
2620 link = (struct router_lsa_link *)((caddr_t)link + thislinklen);
2621 linkbytes -= thislinklen;
2622 counted_links++;
2623 }
2624 if (counted_links != num_links) {
2625 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2626 zlog_debug("%s: %u link blocks declared, %u present",
2627 __func__, num_links, counted_links);
2628 return MSG_NG;
2629 }
2630 return MSG_OK;
2631 }
2632
2633 /* Verify, that the given LSA is properly sized/aligned (including type-specific
2634 minimum length constraint). */
2635 static unsigned ospf_lsa_examin(struct lsa_header *lsah, const uint16_t lsalen,
2636 const uint8_t headeronly)
2637 {
2638 unsigned ret;
2639 struct router_lsa *rlsa;
2640 if (lsah->type < OSPF_MAX_LSA && ospf_lsa_minlen[lsah->type]
2641 && lsalen < OSPF_LSA_HEADER_SIZE + ospf_lsa_minlen[lsah->type]) {
2642 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2643 zlog_debug("%s: undersized (%u B) %s", __func__, lsalen,
2644 lookup_msg(ospf_lsa_type_msg, lsah->type,
2645 NULL));
2646 return MSG_NG;
2647 }
2648 switch (lsah->type) {
2649 case OSPF_ROUTER_LSA: {
2650 /*
2651 * RFC2328 A.4.2, LSA header + 4 bytes followed by N>=0
2652 * (12+)-byte link blocks
2653 */
2654 size_t linkbytes_len = lsalen - OSPF_LSA_HEADER_SIZE
2655 - OSPF_ROUTER_LSA_MIN_SIZE;
2656
2657 /*
2658 * LSA link blocks are variable length but always multiples of
2659 * 4; basic sanity check
2660 */
2661 if (linkbytes_len % 4 != 0)
2662 return MSG_NG;
2663
2664 if (headeronly)
2665 return MSG_OK;
2666
2667 rlsa = (struct router_lsa *)lsah;
2668
2669 ret = ospf_router_lsa_links_examin(
2670 (struct router_lsa_link *)rlsa->link,
2671 linkbytes_len,
2672 ntohs(rlsa->links));
2673 break;
2674 }
2675 case OSPF_AS_EXTERNAL_LSA:
2676 /* RFC2328 A.4.5, LSA header + 4 bytes followed by N>=1 12-bytes long
2677 * blocks */
2678 case OSPF_AS_NSSA_LSA:
2679 /* RFC3101 C, idem */
2680 ret = (lsalen - OSPF_LSA_HEADER_SIZE
2681 - OSPF_AS_EXTERNAL_LSA_MIN_SIZE)
2682 % 12
2683 ? MSG_NG
2684 : MSG_OK;
2685 break;
2686 /* Following LSA types are considered OK length-wise as soon as their
2687 * minimum
2688 * length constraint is met and length of the whole LSA is a multiple of
2689 * 4
2690 * (basic LSA header size is already a multiple of 4). */
2691 case OSPF_NETWORK_LSA:
2692 /* RFC2328 A.4.3, LSA header + 4 bytes followed by N>=1 router-IDs */
2693 case OSPF_SUMMARY_LSA:
2694 case OSPF_ASBR_SUMMARY_LSA:
2695 /* RFC2328 A.4.4, LSA header + 4 bytes followed by N>=1 4-bytes TOS
2696 * blocks */
2697 case OSPF_OPAQUE_LINK_LSA:
2698 case OSPF_OPAQUE_AREA_LSA:
2699 case OSPF_OPAQUE_AS_LSA:
2700 /* RFC5250 A.2, "some number of octets (of application-specific
2701 * data) padded to 32-bit alignment." This is considered
2702 * equivalent
2703 * to 4-byte alignment of all other LSA types, see
2704 * OSPF-ALIGNMENT.txt
2705 * file for the detailed analysis of this passage. */
2706 ret = lsalen % 4 ? MSG_NG : MSG_OK;
2707 break;
2708 default:
2709 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2710 zlog_debug("%s: unsupported LSA type 0x%02x", __func__,
2711 lsah->type);
2712 return MSG_NG;
2713 }
2714 if (ret != MSG_OK && IS_DEBUG_OSPF_PACKET(0, RECV))
2715 zlog_debug("%s: alignment error in %s", __func__,
2716 lookup_msg(ospf_lsa_type_msg, lsah->type, NULL));
2717 return ret;
2718 }
2719
2720 /* Verify if the provided input buffer is a valid sequence of LSAs. This
2721 includes verification of LSA blocks length/alignment and dispatching
2722 of deeper-level checks. */
2723 static unsigned
2724 ospf_lsaseq_examin(struct lsa_header *lsah, /* start of buffered data */
2725 size_t length, const uint8_t headeronly,
2726 /* When declared_num_lsas is not 0, compare it to the real
2727 number of LSAs
2728 and treat the difference as an error. */
2729 const uint32_t declared_num_lsas)
2730 {
2731 uint32_t counted_lsas = 0;
2732
2733 while (length) {
2734 uint16_t lsalen;
2735 if (length < OSPF_LSA_HEADER_SIZE) {
2736 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2737 zlog_debug(
2738 "%s: undersized (%zu B) trailing (#%u) LSA header",
2739 __func__, length, counted_lsas);
2740 return MSG_NG;
2741 }
2742 /* save on ntohs() calls here and in the LSA validator */
2743 lsalen = ntohs(lsah->length);
2744 if (lsalen < OSPF_LSA_HEADER_SIZE) {
2745 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2746 zlog_debug(
2747 "%s: malformed LSA header #%u, declared length is %u B",
2748 __func__, counted_lsas, lsalen);
2749 return MSG_NG;
2750 }
2751 if (headeronly) {
2752 /* less checks here and in ospf_lsa_examin() */
2753 if (MSG_OK != ospf_lsa_examin(lsah, lsalen, 1)) {
2754 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2755 zlog_debug(
2756 "%s: malformed header-only LSA #%u",
2757 __func__, counted_lsas);
2758 return MSG_NG;
2759 }
2760 lsah = (struct lsa_header *)((caddr_t)lsah
2761 + OSPF_LSA_HEADER_SIZE);
2762 length -= OSPF_LSA_HEADER_SIZE;
2763 } else {
2764 /* make sure the input buffer is deep enough before
2765 * further checks */
2766 if (lsalen > length) {
2767 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2768 zlog_debug(
2769 "%s: anomaly in LSA #%u: declared length is %u B, buffered length is %zu B",
2770 __func__, counted_lsas, lsalen,
2771 length);
2772 return MSG_NG;
2773 }
2774 if (MSG_OK != ospf_lsa_examin(lsah, lsalen, 0)) {
2775 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2776 zlog_debug("%s: malformed LSA #%u",
2777 __func__, counted_lsas);
2778 return MSG_NG;
2779 }
2780 lsah = (struct lsa_header *)((caddr_t)lsah + lsalen);
2781 length -= lsalen;
2782 }
2783 counted_lsas++;
2784 }
2785
2786 if (declared_num_lsas && counted_lsas != declared_num_lsas) {
2787 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2788 zlog_debug(
2789 "%s: #LSAs declared (%u) does not match actual (%u)",
2790 __func__, declared_num_lsas, counted_lsas);
2791 return MSG_NG;
2792 }
2793 return MSG_OK;
2794 }
2795
2796 /* Verify a complete OSPF packet for proper sizing/alignment. */
2797 static unsigned ospf_packet_examin(struct ospf_header *oh,
2798 const unsigned bytesonwire)
2799 {
2800 uint16_t bytesdeclared, bytesauth;
2801 unsigned ret;
2802 struct ospf_ls_update *lsupd;
2803
2804 /* Length, 1st approximation. */
2805 if (bytesonwire < OSPF_HEADER_SIZE) {
2806 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2807 zlog_debug("%s: undersized (%u B) packet", __func__,
2808 bytesonwire);
2809 return MSG_NG;
2810 }
2811 /* Now it is safe to access header fields. Performing length check,
2812 * allow
2813 * for possible extra bytes of crypto auth/padding, which are not
2814 * counted
2815 * in the OSPF header "length" field. */
2816 if (oh->version != OSPF_VERSION) {
2817 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2818 zlog_debug("%s: invalid (%u) protocol version",
2819 __func__, oh->version);
2820 return MSG_NG;
2821 }
2822 bytesdeclared = ntohs(oh->length);
2823 if (ntohs(oh->auth_type) != OSPF_AUTH_CRYPTOGRAPHIC)
2824 bytesauth = 0;
2825 else {
2826 if (oh->u.crypt.auth_data_len != OSPF_AUTH_MD5_SIZE) {
2827 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2828 zlog_debug(
2829 "%s: unsupported crypto auth length (%u B)",
2830 __func__, oh->u.crypt.auth_data_len);
2831 return MSG_NG;
2832 }
2833 bytesauth = OSPF_AUTH_MD5_SIZE;
2834 }
2835 if (bytesdeclared + bytesauth > bytesonwire) {
2836 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2837 zlog_debug(
2838 "%s: packet length error (%u real, %u+%u declared)",
2839 __func__, bytesonwire, bytesdeclared,
2840 bytesauth);
2841 return MSG_NG;
2842 }
2843 /* Length, 2nd approximation. The type-specific constraint is checked
2844 against declared length, not amount of bytes on wire. */
2845 if (oh->type >= OSPF_MSG_HELLO && oh->type <= OSPF_MSG_LS_ACK
2846 && bytesdeclared
2847 < OSPF_HEADER_SIZE + ospf_packet_minlen[oh->type]) {
2848 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2849 zlog_debug("%s: undersized (%u B) %s packet", __func__,
2850 bytesdeclared,
2851 lookup_msg(ospf_packet_type_str, oh->type,
2852 NULL));
2853 return MSG_NG;
2854 }
2855 switch (oh->type) {
2856 case OSPF_MSG_HELLO:
2857 /* RFC2328 A.3.2, packet header + OSPF_HELLO_MIN_SIZE bytes
2858 followed
2859 by N>=0 router-IDs. */
2860 ret = (bytesdeclared - OSPF_HEADER_SIZE - OSPF_HELLO_MIN_SIZE)
2861 % 4
2862 ? MSG_NG
2863 : MSG_OK;
2864 break;
2865 case OSPF_MSG_DB_DESC:
2866 /* RFC2328 A.3.3, packet header + OSPF_DB_DESC_MIN_SIZE bytes
2867 followed
2868 by N>=0 header-only LSAs. */
2869 ret = ospf_lsaseq_examin(
2870 (struct lsa_header *)((caddr_t)oh + OSPF_HEADER_SIZE
2871 + OSPF_DB_DESC_MIN_SIZE),
2872 bytesdeclared - OSPF_HEADER_SIZE
2873 - OSPF_DB_DESC_MIN_SIZE,
2874 1, /* header-only LSAs */
2875 0);
2876 break;
2877 case OSPF_MSG_LS_REQ:
2878 /* RFC2328 A.3.4, packet header followed by N>=0 12-bytes
2879 * request blocks. */
2880 ret = (bytesdeclared - OSPF_HEADER_SIZE - OSPF_LS_REQ_MIN_SIZE)
2881 % OSPF_LSA_KEY_SIZE
2882 ? MSG_NG
2883 : MSG_OK;
2884 break;
2885 case OSPF_MSG_LS_UPD:
2886 /* RFC2328 A.3.5, packet header + OSPF_LS_UPD_MIN_SIZE bytes
2887 followed
2888 by N>=0 full LSAs (with N declared beforehand). */
2889 lsupd = (struct ospf_ls_update *)((caddr_t)oh
2890 + OSPF_HEADER_SIZE);
2891 ret = ospf_lsaseq_examin(
2892 (struct lsa_header *)((caddr_t)lsupd
2893 + OSPF_LS_UPD_MIN_SIZE),
2894 bytesdeclared - OSPF_HEADER_SIZE - OSPF_LS_UPD_MIN_SIZE,
2895 0, /* full LSAs */
2896 ntohl(lsupd->num_lsas) /* 32 bits */
2897 );
2898 break;
2899 case OSPF_MSG_LS_ACK:
2900 /* RFC2328 A.3.6, packet header followed by N>=0 header-only
2901 * LSAs. */
2902 ret = ospf_lsaseq_examin(
2903 (struct lsa_header *)((caddr_t)oh + OSPF_HEADER_SIZE
2904 + OSPF_LS_ACK_MIN_SIZE),
2905 bytesdeclared - OSPF_HEADER_SIZE - OSPF_LS_ACK_MIN_SIZE,
2906 1, /* header-only LSAs */
2907 0);
2908 break;
2909 default:
2910 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2911 zlog_debug("%s: invalid packet type 0x%02x", __func__,
2912 oh->type);
2913 return MSG_NG;
2914 }
2915 if (ret != MSG_OK && IS_DEBUG_OSPF_PACKET(0, RECV))
2916 zlog_debug("%s: malformed %s packet", __func__,
2917 lookup_msg(ospf_packet_type_str, oh->type, NULL));
2918 return ret;
2919 }
2920
2921 /* OSPF Header verification. */
2922 static int ospf_verify_header(struct stream *ibuf, struct ospf_interface *oi,
2923 struct ip *iph, struct ospf_header *ospfh)
2924 {
2925 /* Check Area ID. */
2926 if (!ospf_check_area_id(oi, ospfh)) {
2927 flog_warn(EC_OSPF_PACKET,
2928 "interface %s: ospf_read invalid Area ID %pI4",
2929 IF_NAME(oi), &ospfh->area_id);
2930 return -1;
2931 }
2932
2933 /* Check network mask, Silently discarded. */
2934 if (!ospf_check_network_mask(oi, iph->ip_src)) {
2935 flog_warn(
2936 EC_OSPF_PACKET,
2937 "interface %s: ospf_read network address is not same [%pI4]",
2938 IF_NAME(oi), &iph->ip_src);
2939 return -1;
2940 }
2941
2942 /* Check authentication. The function handles logging actions, where
2943 * required. */
2944 if (!ospf_check_auth(oi, ospfh))
2945 return -1;
2946
2947 return 0;
2948 }
2949
2950 enum ospf_read_return_enum {
2951 OSPF_READ_ERROR,
2952 OSPF_READ_CONTINUE,
2953 };
2954
2955 static enum ospf_read_return_enum ospf_read_helper(struct ospf *ospf)
2956 {
2957 int ret;
2958 struct stream *ibuf;
2959 struct ospf_interface *oi;
2960 struct ip *iph;
2961 struct ospf_header *ospfh;
2962 uint16_t length;
2963 struct connected *c;
2964 struct interface *ifp = NULL;
2965
2966 stream_reset(ospf->ibuf);
2967 ibuf = ospf_recv_packet(ospf, ospf->fd, &ifp, ospf->ibuf);
2968 if (ibuf == NULL)
2969 return OSPF_READ_ERROR;
2970
2971 /*
2972 * This raw packet is known to be at least as big as its
2973 * IP header. Note that there should not be alignment problems with
2974 * this assignment because this is at the beginning of the
2975 * stream data buffer.
2976 */
2977 iph = (struct ip *)STREAM_DATA(ibuf);
2978 /*
2979 * Note that sockopt_iphdrincl_swab_systoh was called in
2980 * ospf_recv_packet.
2981 */
2982 if (ifp == NULL) {
2983 /*
2984 * Handle cases where the platform does not support
2985 * retrieving the ifindex, and also platforms (such as
2986 * Solaris 8) that claim to support ifindex retrieval but do
2987 * not.
2988 */
2989 c = if_lookup_address((void *)&iph->ip_src, AF_INET,
2990 ospf->vrf_id);
2991 if (c)
2992 ifp = c->ifp;
2993 if (ifp == NULL) {
2994 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2995 zlog_debug(
2996 "%s: Unable to determine incoming interface from: %pI4(%s)",
2997 __func__, &iph->ip_src,
2998 ospf_get_name(ospf));
2999 return OSPF_READ_CONTINUE;
3000 }
3001 }
3002
3003 if (ospf->vrf_id == VRF_DEFAULT && ospf->vrf_id != ifp->vrf->vrf_id) {
3004 /*
3005 * We may have a situation where l3mdev_accept == 1
3006 * let's just kindly drop the packet and move on.
3007 * ospf really really really does not like when
3008 * we receive the same packet multiple times.
3009 */
3010 return OSPF_READ_CONTINUE;
3011 }
3012
3013 /* Self-originated packet should be discarded silently. */
3014 if (ospf_if_lookup_by_local_addr(ospf, NULL, iph->ip_src)) {
3015 if (IS_DEBUG_OSPF_PACKET(0, RECV)) {
3016 zlog_debug(
3017 "ospf_read[%pI4]: Dropping self-originated packet",
3018 &iph->ip_src);
3019 }
3020 return OSPF_READ_CONTINUE;
3021 }
3022
3023 /* Check that we have enough for an IP header */
3024 if ((unsigned int)(iph->ip_hl << 2) >= STREAM_READABLE(ibuf)) {
3025 if ((unsigned int)(iph->ip_hl << 2) == STREAM_READABLE(ibuf)) {
3026 flog_warn(
3027 EC_OSPF_PACKET,
3028 "Rx'd IP packet with OSPF protocol number but no payload");
3029 } else {
3030 flog_warn(
3031 EC_OSPF_PACKET,
3032 "IP header length field claims header is %u bytes, but we only have %zu",
3033 (unsigned int)(iph->ip_hl << 2),
3034 STREAM_READABLE(ibuf));
3035 }
3036
3037 return OSPF_READ_ERROR;
3038 }
3039 stream_forward_getp(ibuf, iph->ip_hl << 2);
3040
3041 ospfh = (struct ospf_header *)stream_pnt(ibuf);
3042 if (MSG_OK
3043 != ospf_packet_examin(ospfh, stream_get_endp(ibuf)
3044 - stream_get_getp(ibuf)))
3045 return OSPF_READ_CONTINUE;
3046 /* Now it is safe to access all fields of OSPF packet header. */
3047
3048 /* associate packet with ospf interface */
3049 oi = ospf_if_lookup_recv_if(ospf, iph->ip_src, ifp);
3050
3051 /*
3052 * ospf_verify_header() relies on a valid "oi" and thus can be called
3053 * only after the passive/backbone/other checks below are passed.
3054 * These checks in turn access the fields of unverified "ospfh"
3055 * structure for their own purposes and must remain very accurate
3056 * in doing this.
3057 */
3058
3059 /* If incoming interface is passive one, ignore it. */
3060 if (oi && OSPF_IF_PASSIVE_STATUS(oi) == OSPF_IF_PASSIVE) {
3061 if (IS_DEBUG_OSPF_EVENT)
3062 zlog_debug(
3063 "ignoring packet from router %pI4 sent to %pI4, received on a passive interface, %pI4",
3064 &ospfh->router_id, &iph->ip_dst,
3065 &oi->address->u.prefix4);
3066
3067 if (iph->ip_dst.s_addr == htonl(OSPF_ALLSPFROUTERS)) {
3068 /* Try to fix multicast membership.
3069 * Some OS:es may have problems in this area,
3070 * make sure it is removed.
3071 */
3072 OI_MEMBER_JOINED(oi, MEMBER_ALLROUTERS);
3073 ospf_if_set_multicast(oi);
3074 }
3075 return OSPF_READ_CONTINUE;
3076 }
3077
3078
3079 /* if no local ospf_interface,
3080 * or header area is backbone but ospf_interface is not
3081 * check for VLINK interface
3082 */
3083 if ((oi == NULL)
3084 || (OSPF_IS_AREA_ID_BACKBONE(ospfh->area_id)
3085 && !OSPF_IS_AREA_ID_BACKBONE(oi->area->area_id))) {
3086 if ((oi = ospf_associate_packet_vl(ospf, ifp, iph, ospfh))
3087 == NULL) {
3088 if (!ospf->instance && IS_DEBUG_OSPF_EVENT)
3089 zlog_debug(
3090 "Packet from [%pI4] received on link %s but no ospf_interface",
3091 &iph->ip_src, ifp->name);
3092 return OSPF_READ_CONTINUE;
3093 }
3094 }
3095
3096 /*
3097 * else it must be a local ospf interface, check it was
3098 * received on correct link
3099 */
3100 else if (oi->ifp != ifp) {
3101 if (IS_DEBUG_OSPF_EVENT)
3102 flog_warn(EC_OSPF_PACKET,
3103 "Packet from [%pI4] received on wrong link %s",
3104 &iph->ip_src, ifp->name);
3105 return OSPF_READ_CONTINUE;
3106 } else if (oi->state == ISM_Down) {
3107 flog_warn(
3108 EC_OSPF_PACKET,
3109 "Ignoring packet from %pI4 to %pI4 received on interface that is down [%s]; interface flags are %s",
3110 &iph->ip_src, &iph->ip_dst, ifp->name,
3111 if_flag_dump(ifp->flags));
3112 /* Fix multicast memberships? */
3113 if (iph->ip_dst.s_addr == htonl(OSPF_ALLSPFROUTERS))
3114 OI_MEMBER_JOINED(oi, MEMBER_ALLROUTERS);
3115 else if (iph->ip_dst.s_addr == htonl(OSPF_ALLDROUTERS))
3116 OI_MEMBER_JOINED(oi, MEMBER_DROUTERS);
3117 if (oi->multicast_memberships)
3118 ospf_if_set_multicast(oi);
3119 return OSPF_READ_CONTINUE;
3120 }
3121
3122 /*
3123 * If the received packet is destined for AllDRouters, the
3124 * packet should be accepted only if the received ospf
3125 * interface state is either DR or Backup -- endo.
3126 *
3127 * I wonder who endo is?
3128 */
3129 if (iph->ip_dst.s_addr == htonl(OSPF_ALLDROUTERS)
3130 && (oi->state != ISM_DR && oi->state != ISM_Backup)) {
3131 flog_warn(
3132 EC_OSPF_PACKET,
3133 "Dropping packet for AllDRouters from [%pI4] via [%s] (ISM: %s)",
3134 &iph->ip_src, IF_NAME(oi),
3135 lookup_msg(ospf_ism_state_msg, oi->state, NULL));
3136 /* Try to fix multicast membership. */
3137 SET_FLAG(oi->multicast_memberships, MEMBER_DROUTERS);
3138 ospf_if_set_multicast(oi);
3139 return OSPF_READ_CONTINUE;
3140 }
3141
3142 /* Verify more OSPF header fields. */
3143 ret = ospf_verify_header(ibuf, oi, iph, ospfh);
3144 if (ret < 0) {
3145 if (IS_DEBUG_OSPF_PACKET(0, RECV))
3146 zlog_debug(
3147 "ospf_read[%pI4]: Header check failed, dropping.",
3148 &iph->ip_src);
3149 return OSPF_READ_CONTINUE;
3150 }
3151
3152 /* Show debug receiving packet. */
3153 if (IS_DEBUG_OSPF_PACKET(ospfh->type - 1, RECV)) {
3154 if (IS_DEBUG_OSPF_PACKET(ospfh->type - 1, DETAIL)) {
3155 zlog_debug(
3156 "-----------------------------------------------------");
3157 ospf_packet_dump(ibuf);
3158 }
3159
3160 zlog_debug("%s received from [%pI4] via [%s]",
3161 lookup_msg(ospf_packet_type_str, ospfh->type, NULL),
3162 &ospfh->router_id, IF_NAME(oi));
3163 zlog_debug(" src [%pI4],", &iph->ip_src);
3164 zlog_debug(" dst [%pI4]", &iph->ip_dst);
3165
3166 if (IS_DEBUG_OSPF_PACKET(ospfh->type - 1, DETAIL))
3167 zlog_debug(
3168 "-----------------------------------------------------");
3169 }
3170
3171 stream_forward_getp(ibuf, OSPF_HEADER_SIZE);
3172
3173 /* Adjust size to message length. */
3174 length = ntohs(ospfh->length) - OSPF_HEADER_SIZE;
3175
3176 /* Read rest of the packet and call each sort of packet routine.
3177 */
3178 switch (ospfh->type) {
3179 case OSPF_MSG_HELLO:
3180 ospf_hello(iph, ospfh, ibuf, oi, length);
3181 break;
3182 case OSPF_MSG_DB_DESC:
3183 ospf_db_desc(iph, ospfh, ibuf, oi, length);
3184 break;
3185 case OSPF_MSG_LS_REQ:
3186 ospf_ls_req(iph, ospfh, ibuf, oi, length);
3187 break;
3188 case OSPF_MSG_LS_UPD:
3189 ospf_ls_upd(ospf, iph, ospfh, ibuf, oi, length);
3190 break;
3191 case OSPF_MSG_LS_ACK:
3192 ospf_ls_ack(iph, ospfh, ibuf, oi, length);
3193 break;
3194 default:
3195 flog_warn(
3196 EC_OSPF_PACKET,
3197 "interface %s(%s): OSPF packet header type %d is illegal",
3198 IF_NAME(oi), ospf_get_name(ospf), ospfh->type);
3199 break;
3200 }
3201
3202 return OSPF_READ_CONTINUE;
3203 }
3204
3205 /* Starting point of packet process function. */
3206 void ospf_read(struct thread *thread)
3207 {
3208 struct ospf *ospf;
3209 int32_t count = 0;
3210 enum ospf_read_return_enum ret;
3211
3212 /* first of all get interface pointer. */
3213 ospf = THREAD_ARG(thread);
3214
3215 /* prepare for next packet. */
3216 thread_add_read(master, ospf_read, ospf, ospf->fd, &ospf->t_read);
3217
3218 while (count < ospf->write_oi_count) {
3219 count++;
3220 ret = ospf_read_helper(ospf);
3221 switch (ret) {
3222 case OSPF_READ_ERROR:
3223 return;
3224 case OSPF_READ_CONTINUE:
3225 break;
3226 }
3227 }
3228 }
3229
3230 /* Make OSPF header. */
3231 static void ospf_make_header(int type, struct ospf_interface *oi,
3232 struct stream *s)
3233 {
3234 struct ospf_header *ospfh;
3235
3236 ospfh = (struct ospf_header *)STREAM_DATA(s);
3237
3238 ospfh->version = (uint8_t)OSPF_VERSION;
3239 ospfh->type = (uint8_t)type;
3240
3241 ospfh->router_id = oi->ospf->router_id;
3242
3243 ospfh->checksum = 0;
3244 ospfh->area_id = oi->area->area_id;
3245 ospfh->auth_type = htons(ospf_auth_type(oi));
3246
3247 memset(ospfh->u.auth_data, 0, OSPF_AUTH_SIMPLE_SIZE);
3248
3249 stream_forward_endp(s, OSPF_HEADER_SIZE);
3250 }
3251
3252 /* Make Authentication Data. */
3253 static int ospf_make_auth(struct ospf_interface *oi, struct ospf_header *ospfh)
3254 {
3255 struct crypt_key *ck;
3256
3257 switch (ospf_auth_type(oi)) {
3258 case OSPF_AUTH_NULL:
3259 /* memset (ospfh->u.auth_data, 0, sizeof(ospfh->u.auth_data));
3260 */
3261 break;
3262 case OSPF_AUTH_SIMPLE:
3263 memcpy(ospfh->u.auth_data, OSPF_IF_PARAM(oi, auth_simple),
3264 OSPF_AUTH_SIMPLE_SIZE);
3265 break;
3266 case OSPF_AUTH_CRYPTOGRAPHIC:
3267 /* If key is not set, then set 0. */
3268 if (list_isempty(OSPF_IF_PARAM(oi, auth_crypt))) {
3269 ospfh->u.crypt.zero = 0;
3270 ospfh->u.crypt.key_id = 0;
3271 ospfh->u.crypt.auth_data_len = OSPF_AUTH_MD5_SIZE;
3272 } else {
3273 ck = listgetdata(
3274 listtail(OSPF_IF_PARAM(oi, auth_crypt)));
3275 ospfh->u.crypt.zero = 0;
3276 ospfh->u.crypt.key_id = ck->key_id;
3277 ospfh->u.crypt.auth_data_len = OSPF_AUTH_MD5_SIZE;
3278 }
3279 /* note: the seq is done in ospf_make_md5_digest() */
3280 break;
3281 default:
3282 /* memset (ospfh->u.auth_data, 0, sizeof(ospfh->u.auth_data));
3283 */
3284 break;
3285 }
3286
3287 return 0;
3288 }
3289
3290 /* Fill rest of OSPF header. */
3291 static void ospf_fill_header(struct ospf_interface *oi, struct stream *s,
3292 uint16_t length)
3293 {
3294 struct ospf_header *ospfh;
3295
3296 ospfh = (struct ospf_header *)STREAM_DATA(s);
3297
3298 /* Fill length. */
3299 ospfh->length = htons(length);
3300
3301 /* Calculate checksum. */
3302 if (ntohs(ospfh->auth_type) != OSPF_AUTH_CRYPTOGRAPHIC)
3303 ospfh->checksum = in_cksum(ospfh, length);
3304 else
3305 ospfh->checksum = 0;
3306
3307 /* Add Authentication Data. */
3308 ospf_make_auth(oi, ospfh);
3309 }
3310
3311 static int ospf_make_hello(struct ospf_interface *oi, struct stream *s)
3312 {
3313 struct ospf_neighbor *nbr;
3314 struct route_node *rn;
3315 uint16_t length = OSPF_HELLO_MIN_SIZE;
3316 struct in_addr mask;
3317 unsigned long p;
3318 int flag = 0;
3319
3320 /* Set netmask of interface. */
3321 if (!(CHECK_FLAG(oi->connected->flags, ZEBRA_IFA_UNNUMBERED)
3322 && oi->type == OSPF_IFTYPE_POINTOPOINT)
3323 && oi->type != OSPF_IFTYPE_VIRTUALLINK)
3324 masklen2ip(oi->address->prefixlen, &mask);
3325 else
3326 memset((char *)&mask, 0, sizeof(struct in_addr));
3327 stream_put_ipv4(s, mask.s_addr);
3328
3329 /* Set Hello Interval. */
3330 if (OSPF_IF_PARAM(oi, fast_hello) == 0)
3331 stream_putw(s, OSPF_IF_PARAM(oi, v_hello));
3332 else
3333 stream_putw(s, 0); /* hello-interval of 0 for fast-hellos */
3334
3335 if (IS_DEBUG_OSPF_EVENT)
3336 zlog_debug("%s: options: %x, int: %s", __func__, OPTIONS(oi),
3337 IF_NAME(oi));
3338
3339 /* Set Options. */
3340 stream_putc(s, OPTIONS(oi));
3341
3342 /* Set Router Priority. */
3343 stream_putc(s, PRIORITY(oi));
3344
3345 /* Set Router Dead Interval. */
3346 stream_putl(s, OSPF_IF_PARAM(oi, v_wait));
3347
3348 /* Set Designated Router. */
3349 stream_put_ipv4(s, DR(oi).s_addr);
3350
3351 p = stream_get_endp(s);
3352
3353 /* Set Backup Designated Router. */
3354 stream_put_ipv4(s, BDR(oi).s_addr);
3355
3356 /* Add neighbor seen. */
3357 for (rn = route_top(oi->nbrs); rn; rn = route_next(rn)) {
3358 nbr = rn->info;
3359
3360 if (!nbr)
3361 continue;
3362
3363 /* Ignore the 0.0.0.0 node */
3364 if (nbr->router_id.s_addr == INADDR_ANY)
3365 continue;
3366
3367 /* Ignore Down neighbor */
3368 if (nbr->state == NSM_Attempt)
3369 continue;
3370
3371 /* This is myself for DR election */
3372 if (nbr->state == NSM_Down)
3373 continue;
3374
3375 if (IPV4_ADDR_SAME(&nbr->router_id, &oi->ospf->router_id))
3376 continue;
3377 /* Check neighbor is sane? */
3378 if (nbr->d_router.s_addr != INADDR_ANY &&
3379 IPV4_ADDR_SAME(&nbr->d_router, &oi->address->u.prefix4) &&
3380 IPV4_ADDR_SAME(&nbr->bd_router, &oi->address->u.prefix4))
3381 flag = 1;
3382
3383 /* Hello packet overflows interface MTU.
3384 */
3385 if (length + sizeof(uint32_t) > ospf_packet_max(oi)) {
3386 flog_err(
3387 EC_OSPF_LARGE_HELLO,
3388 "Oversized Hello packet! Larger than MTU. Not sending it out");
3389 return 0;
3390 }
3391
3392 stream_put_ipv4(s, nbr->router_id.s_addr);
3393 length += 4;
3394 }
3395
3396 /* Let neighbor generate BackupSeen. */
3397 if (flag == 1)
3398 stream_putl_at(s, p, 0); /* ipv4 address, normally */
3399
3400 return length;
3401 }
3402
3403 static int ospf_make_db_desc(struct ospf_interface *oi,
3404 struct ospf_neighbor *nbr, struct stream *s)
3405 {
3406 struct ospf_lsa *lsa;
3407 uint16_t length = OSPF_DB_DESC_MIN_SIZE;
3408 uint8_t options;
3409 unsigned long pp;
3410 int i;
3411 struct ospf_lsdb *lsdb;
3412
3413 /* Set Interface MTU. */
3414 if (oi->type == OSPF_IFTYPE_VIRTUALLINK)
3415 stream_putw(s, 0);
3416 else
3417 stream_putw(s, oi->ifp->mtu);
3418
3419 /* Set Options. */
3420 options = OPTIONS(oi);
3421 if (CHECK_FLAG(oi->ospf->config, OSPF_OPAQUE_CAPABLE))
3422 SET_FLAG(options, OSPF_OPTION_O);
3423 stream_putc(s, options);
3424
3425 /* DD flags */
3426 pp = stream_get_endp(s);
3427 stream_putc(s, nbr->dd_flags);
3428
3429 /* Set DD Sequence Number. */
3430 stream_putl(s, nbr->dd_seqnum);
3431
3432 /* shortcut unneeded walk of (empty) summary LSDBs */
3433 if (ospf_db_summary_isempty(nbr))
3434 goto empty;
3435
3436 /* Describe LSA Header from Database Summary List. */
3437 lsdb = &nbr->db_sum;
3438
3439 for (i = OSPF_MIN_LSA; i < OSPF_MAX_LSA; i++) {
3440 struct route_table *table = lsdb->type[i].db;
3441 struct route_node *rn;
3442
3443 for (rn = route_top(table); rn; rn = route_next(rn))
3444 if ((lsa = rn->info) != NULL) {
3445 if (IS_OPAQUE_LSA(lsa->data->type)
3446 && (!CHECK_FLAG(options, OSPF_OPTION_O))) {
3447 /* Suppress advertising
3448 * opaque-information. */
3449 /* Remove LSA from DB summary list. */
3450 ospf_lsdb_delete(lsdb, lsa);
3451 continue;
3452 }
3453
3454 if (!CHECK_FLAG(lsa->flags, OSPF_LSA_DISCARD)) {
3455 struct lsa_header *lsah;
3456 uint16_t ls_age;
3457
3458 /* DD packet overflows interface MTU. */
3459 if (length + OSPF_LSA_HEADER_SIZE
3460 > ospf_packet_max(oi))
3461 break;
3462
3463 /* Keep pointer to LS age. */
3464 lsah = (struct lsa_header
3465 *)(STREAM_DATA(s)
3466 + stream_get_endp(
3467 s));
3468
3469 /* Proceed stream pointer. */
3470 stream_put(s, lsa->data,
3471 OSPF_LSA_HEADER_SIZE);
3472 length += OSPF_LSA_HEADER_SIZE;
3473
3474 /* Set LS age. */
3475 ls_age = LS_AGE(lsa);
3476 lsah->ls_age = htons(ls_age);
3477 }
3478
3479 /* Remove LSA from DB summary list. */
3480 ospf_lsdb_delete(lsdb, lsa);
3481 }
3482 }
3483
3484 /* Update 'More' bit */
3485 if (ospf_db_summary_isempty(nbr)) {
3486 empty:
3487 if (nbr->state >= NSM_Exchange) {
3488 UNSET_FLAG(nbr->dd_flags, OSPF_DD_FLAG_M);
3489 /* Rewrite DD flags */
3490 stream_putc_at(s, pp, nbr->dd_flags);
3491 } else {
3492 assert(IS_SET_DD_M(nbr->dd_flags));
3493 }
3494 }
3495 return length;
3496 }
3497
3498 static int ospf_make_ls_req_func(struct stream *s, uint16_t *length,
3499 unsigned long delta, struct ospf_neighbor *nbr,
3500 struct ospf_lsa *lsa)
3501 {
3502 struct ospf_interface *oi;
3503
3504 oi = nbr->oi;
3505
3506 /* LS Request packet overflows interface MTU
3507 * delta is just number of bytes required for 1 LS Req
3508 * ospf_packet_max will return the number of bytes can
3509 * be accommodated without ospf header. So length+delta
3510 * can be compared to ospf_packet_max
3511 * to check if it can fit another lsreq in the same packet.
3512 */
3513
3514 if (*length + delta > ospf_packet_max(oi))
3515 return 0;
3516
3517 stream_putl(s, lsa->data->type);
3518 stream_put_ipv4(s, lsa->data->id.s_addr);
3519 stream_put_ipv4(s, lsa->data->adv_router.s_addr);
3520
3521 ospf_lsa_unlock(&nbr->ls_req_last);
3522 nbr->ls_req_last = ospf_lsa_lock(lsa);
3523
3524 *length += 12;
3525 return 1;
3526 }
3527
3528 static int ospf_make_ls_req(struct ospf_neighbor *nbr, struct stream *s)
3529 {
3530 struct ospf_lsa *lsa;
3531 uint16_t length = OSPF_LS_REQ_MIN_SIZE;
3532 unsigned long delta = 12;
3533 struct route_table *table;
3534 struct route_node *rn;
3535 int i;
3536 struct ospf_lsdb *lsdb;
3537
3538 lsdb = &nbr->ls_req;
3539
3540 for (i = OSPF_MIN_LSA; i < OSPF_MAX_LSA; i++) {
3541 table = lsdb->type[i].db;
3542 for (rn = route_top(table); rn; rn = route_next(rn))
3543 if ((lsa = (rn->info)) != NULL)
3544 if (ospf_make_ls_req_func(s, &length, delta,
3545 nbr, lsa)
3546 == 0) {
3547 route_unlock_node(rn);
3548 break;
3549 }
3550 }
3551 return length;
3552 }
3553
3554 static int ls_age_increment(struct ospf_lsa *lsa, int delay)
3555 {
3556 int age;
3557
3558 age = IS_LSA_MAXAGE(lsa) ? OSPF_LSA_MAXAGE : LS_AGE(lsa) + delay;
3559
3560 return (age > OSPF_LSA_MAXAGE ? OSPF_LSA_MAXAGE : age);
3561 }
3562
3563 static int ospf_make_ls_upd(struct ospf_interface *oi, struct list *update,
3564 struct stream *s)
3565 {
3566 struct ospf_lsa *lsa;
3567 struct listnode *node;
3568 uint16_t length = 0;
3569 unsigned int size_noauth;
3570 unsigned long delta = stream_get_endp(s);
3571 unsigned long pp;
3572 int count = 0;
3573
3574 if (IS_DEBUG_OSPF_EVENT)
3575 zlog_debug("%s: Start", __func__);
3576
3577 pp = stream_get_endp(s);
3578 stream_forward_endp(s, OSPF_LS_UPD_MIN_SIZE);
3579 length += OSPF_LS_UPD_MIN_SIZE;
3580
3581 /* Calculate amount of packet usable for data. */
3582 size_noauth = stream_get_size(s) - ospf_packet_authspace(oi);
3583
3584 while ((node = listhead(update)) != NULL) {
3585 struct lsa_header *lsah;
3586 uint16_t ls_age;
3587
3588 lsa = listgetdata(node);
3589 assert(lsa->data);
3590
3591 if (IS_DEBUG_OSPF_EVENT)
3592 zlog_debug("%s: List Iteration %d LSA[%s]", __func__,
3593 count, dump_lsa_key(lsa));
3594
3595 /* Will it fit? Minimum it has to fit at least one */
3596 if ((length + delta + ntohs(lsa->data->length) > size_noauth) &&
3597 (count > 0))
3598 break;
3599
3600 /* Keep pointer to LS age. */
3601 lsah = (struct lsa_header *)(STREAM_DATA(s)
3602 + stream_get_endp(s));
3603
3604 /* Put LSA to Link State Request. */
3605 stream_put(s, lsa->data, ntohs(lsa->data->length));
3606
3607 /* Set LS age. */
3608 /* each hop must increment an lsa_age by transmit_delay
3609 of OSPF interface */
3610 ls_age = ls_age_increment(lsa,
3611 OSPF_IF_PARAM(oi, transmit_delay));
3612 lsah->ls_age = htons(ls_age);
3613
3614 length += ntohs(lsa->data->length);
3615 count++;
3616
3617 list_delete_node(update, node);
3618 ospf_lsa_unlock(&lsa); /* oi->ls_upd_queue */
3619 }
3620
3621 /* Now set #LSAs. */
3622 stream_putl_at(s, pp, count);
3623
3624 if (IS_DEBUG_OSPF_EVENT)
3625 zlog_debug("%s: Stop", __func__);
3626 return length;
3627 }
3628
3629 static int ospf_make_ls_ack(struct ospf_interface *oi, struct list *ack,
3630 struct stream *s)
3631 {
3632 struct listnode *node, *nnode;
3633 uint16_t length = OSPF_LS_ACK_MIN_SIZE;
3634 unsigned long delta = OSPF_LSA_HEADER_SIZE;
3635 struct ospf_lsa *lsa;
3636
3637 for (ALL_LIST_ELEMENTS(ack, node, nnode, lsa)) {
3638 assert(lsa);
3639
3640 /* LS Ack packet overflows interface MTU
3641 * delta is just number of bytes required for
3642 * 1 LS Ack(1 LS Hdr) ospf_packet_max will return
3643 * the number of bytes can be accommodated without
3644 * ospf header. So length+delta can be compared
3645 * against ospf_packet_max to check if it can fit
3646 * another ls header in the same packet.
3647 */
3648 if ((length + delta) > ospf_packet_max(oi))
3649 break;
3650
3651 stream_put(s, lsa->data, OSPF_LSA_HEADER_SIZE);
3652 length += OSPF_LSA_HEADER_SIZE;
3653
3654 listnode_delete(ack, lsa);
3655 ospf_lsa_unlock(&lsa); /* oi->ls_ack_direct.ls_ack */
3656 }
3657
3658 return length;
3659 }
3660
3661 static void ospf_hello_send_sub(struct ospf_interface *oi, in_addr_t addr)
3662 {
3663 struct ospf_packet *op;
3664 uint16_t length = OSPF_HEADER_SIZE;
3665
3666 op = ospf_packet_new(oi->ifp->mtu);
3667
3668 /* Prepare OSPF common header. */
3669 ospf_make_header(OSPF_MSG_HELLO, oi, op->s);
3670
3671 /* Prepare OSPF Hello body. */
3672 length += ospf_make_hello(oi, op->s);
3673 if (length == OSPF_HEADER_SIZE) {
3674 /* Hello overshooting MTU */
3675 ospf_packet_free(op);
3676 return;
3677 }
3678
3679 /* Fill OSPF header. */
3680 ospf_fill_header(oi, op->s, length);
3681
3682 /* Set packet length. */
3683 op->length = length;
3684
3685 op->dst.s_addr = addr;
3686
3687 if (IS_DEBUG_OSPF_EVENT) {
3688 if (oi->ospf->vrf_id)
3689 zlog_debug(
3690 "%s: Hello Tx interface %s ospf vrf %s id %u",
3691 __func__, oi->ifp->name,
3692 ospf_vrf_id_to_name(oi->ospf->vrf_id),
3693 oi->ospf->vrf_id);
3694 }
3695 /* Add packet to the top of the interface output queue, so that they
3696 * can't get delayed by things like long queues of LS Update packets
3697 */
3698 ospf_packet_add_top(oi, op);
3699
3700 /* Hook thread to write packet. */
3701 OSPF_ISM_WRITE_ON(oi->ospf);
3702 }
3703
3704 static void ospf_poll_send(struct ospf_nbr_nbma *nbr_nbma)
3705 {
3706 struct ospf_interface *oi;
3707
3708 oi = nbr_nbma->oi;
3709 assert(oi);
3710
3711 /* If this is passive interface, do not send OSPF Hello. */
3712 if (OSPF_IF_PASSIVE_STATUS(oi) == OSPF_IF_PASSIVE)
3713 return;
3714
3715 if (oi->type != OSPF_IFTYPE_NBMA)
3716 return;
3717
3718 if (nbr_nbma->nbr != NULL && nbr_nbma->nbr->state != NSM_Down)
3719 return;
3720
3721 if (PRIORITY(oi) == 0)
3722 return;
3723
3724 if (nbr_nbma->priority == 0 && oi->state != ISM_DR
3725 && oi->state != ISM_Backup)
3726 return;
3727
3728 ospf_hello_send_sub(oi, nbr_nbma->addr.s_addr);
3729 }
3730
3731 void ospf_poll_timer(struct thread *thread)
3732 {
3733 struct ospf_nbr_nbma *nbr_nbma;
3734
3735 nbr_nbma = THREAD_ARG(thread);
3736 nbr_nbma->t_poll = NULL;
3737
3738 if (IS_DEBUG_OSPF(nsm, NSM_TIMERS))
3739 zlog_debug("NSM[%s:%pI4]: Timer (Poll timer expire)",
3740 IF_NAME(nbr_nbma->oi), &nbr_nbma->addr);
3741
3742 ospf_poll_send(nbr_nbma);
3743
3744 if (nbr_nbma->v_poll > 0)
3745 OSPF_POLL_TIMER_ON(nbr_nbma->t_poll, ospf_poll_timer,
3746 nbr_nbma->v_poll);
3747 }
3748
3749
3750 void ospf_hello_reply_timer(struct thread *thread)
3751 {
3752 struct ospf_neighbor *nbr;
3753
3754 nbr = THREAD_ARG(thread);
3755 nbr->t_hello_reply = NULL;
3756
3757 if (IS_DEBUG_OSPF(nsm, NSM_TIMERS))
3758 zlog_debug("NSM[%s:%pI4]: Timer (hello-reply timer expire)",
3759 IF_NAME(nbr->oi), &nbr->router_id);
3760
3761 ospf_hello_send_sub(nbr->oi, nbr->address.u.prefix4.s_addr);
3762 }
3763
3764 /* Send OSPF Hello. */
3765 void ospf_hello_send(struct ospf_interface *oi)
3766 {
3767 /* If this is passive interface, do not send OSPF Hello. */
3768 if (OSPF_IF_PASSIVE_STATUS(oi) == OSPF_IF_PASSIVE)
3769 return;
3770
3771 if (oi->type == OSPF_IFTYPE_NBMA) {
3772 struct ospf_neighbor *nbr;
3773 struct route_node *rn;
3774
3775 for (rn = route_top(oi->nbrs); rn; rn = route_next(rn)) {
3776 nbr = rn->info;
3777 if (!nbr)
3778 continue;
3779
3780 if (nbr == oi->nbr_self)
3781 continue;
3782
3783 if (nbr->state == NSM_Down)
3784 continue;
3785
3786 /*
3787 * RFC 2328 Section 9.5.1
3788 * If the router is not eligible to become Designated
3789 * Router, it must periodically send Hello Packets to
3790 * both the Designated Router and the Backup
3791 * Designated Router (if they exist).
3792 */
3793 if (PRIORITY(oi) == 0 &&
3794 IPV4_ADDR_CMP(&DR(oi), &nbr->address.u.prefix4) &&
3795 IPV4_ADDR_CMP(&BDR(oi), &nbr->address.u.prefix4))
3796 continue;
3797
3798 /*
3799 * If the router is eligible to become Designated
3800 * Router, it must periodically send Hello Packets to
3801 * all neighbors that are also eligible. In addition,
3802 * if the router is itself the Designated Router or
3803 * Backup Designated Router, it must also send periodic
3804 * Hello Packets to all other neighbors.
3805 */
3806 if (nbr->priority == 0 && oi->state == ISM_DROther)
3807 continue;
3808
3809 /* if oi->state == Waiting, send
3810 * hello to all neighbors */
3811 ospf_hello_send_sub(oi, nbr->address.u.prefix4.s_addr);
3812 }
3813 } else {
3814 /* Decide destination address. */
3815 if (oi->type == OSPF_IFTYPE_VIRTUALLINK)
3816 ospf_hello_send_sub(oi, oi->vl_data->peer_addr.s_addr);
3817 else
3818 ospf_hello_send_sub(oi, htonl(OSPF_ALLSPFROUTERS));
3819 }
3820 }
3821
3822 /* Send OSPF Database Description. */
3823 void ospf_db_desc_send(struct ospf_neighbor *nbr)
3824 {
3825 struct ospf_interface *oi;
3826 struct ospf_packet *op;
3827 uint16_t length = OSPF_HEADER_SIZE;
3828
3829 oi = nbr->oi;
3830 op = ospf_packet_new(oi->ifp->mtu);
3831
3832 /* Prepare OSPF common header. */
3833 ospf_make_header(OSPF_MSG_DB_DESC, oi, op->s);
3834
3835 /* Prepare OSPF Database Description body. */
3836 length += ospf_make_db_desc(oi, nbr, op->s);
3837
3838 /* Fill OSPF header. */
3839 ospf_fill_header(oi, op->s, length);
3840
3841 /* Set packet length. */
3842 op->length = length;
3843
3844 /* Decide destination address. */
3845 if (oi->type == OSPF_IFTYPE_POINTOPOINT)
3846 op->dst.s_addr = htonl(OSPF_ALLSPFROUTERS);
3847 else
3848 op->dst = nbr->address.u.prefix4;
3849
3850 /* Add packet to the interface output queue. */
3851 ospf_packet_add(oi, op);
3852
3853 /* Hook thread to write packet. */
3854 OSPF_ISM_WRITE_ON(oi->ospf);
3855
3856 /* Remove old DD packet, then copy new one and keep in neighbor
3857 * structure. */
3858 if (nbr->last_send)
3859 ospf_packet_free(nbr->last_send);
3860 nbr->last_send = ospf_packet_dup(op);
3861 monotime(&nbr->last_send_ts);
3862 if (CHECK_FLAG(oi->ospf->config, OSPF_LOG_ADJACENCY_DETAIL))
3863 zlog_info(
3864 "%s:Packet[DD]: %pI4 DB Desc send with seqnum:%x , flags:%x",
3865 ospf_get_name(oi->ospf), &nbr->router_id,
3866 nbr->dd_seqnum, nbr->dd_flags);
3867 }
3868
3869 /* Re-send Database Description. */
3870 void ospf_db_desc_resend(struct ospf_neighbor *nbr)
3871 {
3872 struct ospf_interface *oi;
3873
3874 oi = nbr->oi;
3875
3876 /* Add packet to the interface output queue. */
3877 ospf_packet_add(oi, ospf_packet_dup(nbr->last_send));
3878
3879 /* Hook thread to write packet. */
3880 OSPF_ISM_WRITE_ON(oi->ospf);
3881 if (CHECK_FLAG(oi->ospf->config, OSPF_LOG_ADJACENCY_DETAIL))
3882 zlog_info(
3883 "%s:Packet[DD]: %pI4 DB Desc resend with seqnum:%x , flags:%x",
3884 ospf_get_name(oi->ospf), &nbr->router_id,
3885 nbr->dd_seqnum, nbr->dd_flags);
3886 }
3887
3888 /* Send Link State Request. */
3889 void ospf_ls_req_send(struct ospf_neighbor *nbr)
3890 {
3891 struct ospf_interface *oi;
3892 struct ospf_packet *op;
3893 uint16_t length = OSPF_HEADER_SIZE;
3894
3895 oi = nbr->oi;
3896 op = ospf_packet_new(oi->ifp->mtu);
3897
3898 /* Prepare OSPF common header. */
3899 ospf_make_header(OSPF_MSG_LS_REQ, oi, op->s);
3900
3901 /* Prepare OSPF Link State Request body. */
3902 length += ospf_make_ls_req(nbr, op->s);
3903 if (length == OSPF_HEADER_SIZE) {
3904 ospf_packet_free(op);
3905 return;
3906 }
3907
3908 /* Fill OSPF header. */
3909 ospf_fill_header(oi, op->s, length);
3910
3911 /* Set packet length. */
3912 op->length = length;
3913
3914 /* Decide destination address. */
3915 if (oi->type == OSPF_IFTYPE_POINTOPOINT)
3916 op->dst.s_addr = htonl(OSPF_ALLSPFROUTERS);
3917 else
3918 op->dst = nbr->address.u.prefix4;
3919
3920 /* Add packet to the interface output queue. */
3921 ospf_packet_add(oi, op);
3922
3923 /* Hook thread to write packet. */
3924 OSPF_ISM_WRITE_ON(oi->ospf);
3925
3926 /* Add Link State Request Retransmission Timer. */
3927 OSPF_NSM_TIMER_ON(nbr->t_ls_req, ospf_ls_req_timer, nbr->v_ls_req);
3928 }
3929
3930 /* Send Link State Update with an LSA. */
3931 void ospf_ls_upd_send_lsa(struct ospf_neighbor *nbr, struct ospf_lsa *lsa,
3932 int flag)
3933 {
3934 struct list *update;
3935
3936 update = list_new();
3937
3938 listnode_add(update, lsa);
3939
3940 /*ospf instance is going down, send self originated
3941 * MAXAGE LSA update to neighbors to remove from LSDB */
3942 if (nbr->oi->ospf->inst_shutdown && IS_LSA_MAXAGE(lsa))
3943 ospf_ls_upd_send(nbr, update, flag, 1);
3944 else
3945 ospf_ls_upd_send(nbr, update, flag, 0);
3946
3947 list_delete(&update);
3948 }
3949
3950 /* Determine size for packet. Must be at least big enough to accommodate next
3951 * LSA on list, which may be bigger than MTU size.
3952 *
3953 * Return pointer to new ospf_packet
3954 * NULL if we can not allocate, eg because LSA is bigger than imposed limit
3955 * on packet sizes (in which case offending LSA is deleted from update list)
3956 */
3957 static struct ospf_packet *ospf_ls_upd_packet_new(struct list *update,
3958 struct ospf_interface *oi)
3959 {
3960 struct ospf_lsa *lsa;
3961 struct listnode *ln;
3962 size_t size;
3963 static char warned = 0;
3964
3965 lsa = listgetdata((ln = listhead(update)));
3966 assert(lsa->data);
3967
3968 if ((OSPF_LS_UPD_MIN_SIZE + ntohs(lsa->data->length))
3969 > ospf_packet_max(oi)) {
3970 if (!warned) {
3971 flog_warn(
3972 EC_OSPF_LARGE_LSA,
3973 "%s: oversized LSA encountered!will need to fragment. Not optimal. Try divide up your network with areas. Use 'debug ospf packet send' to see details, or look at 'show ip ospf database ..'",
3974 __func__);
3975 warned = 1;
3976 }
3977
3978 if (IS_DEBUG_OSPF_PACKET(0, SEND))
3979 zlog_debug(
3980 "%s: oversized LSA id:%pI4, %d bytes originated by %pI4, will be fragmented!",
3981 __func__, &lsa->data->id,
3982 ntohs(lsa->data->length),
3983 &lsa->data->adv_router);
3984
3985 /*
3986 * Allocate just enough to fit this LSA only, to avoid including
3987 * other
3988 * LSAs in fragmented LSA Updates.
3989 */
3990 size = ntohs(lsa->data->length)
3991 + (oi->ifp->mtu - ospf_packet_max(oi))
3992 + OSPF_LS_UPD_MIN_SIZE;
3993 } else
3994 size = oi->ifp->mtu;
3995
3996 if (size > OSPF_MAX_PACKET_SIZE) {
3997 flog_warn(
3998 EC_OSPF_LARGE_LSA,
3999 "%s: oversized LSA id:%pI4 too big, %d bytes, packet size %ld, dropping it completely. OSPF routing is broken!",
4000 __func__, &lsa->data->id, ntohs(lsa->data->length),
4001 (long int)size);
4002 list_delete_node(update, ln);
4003 return NULL;
4004 }
4005
4006 /* IP header is built up separately by ospf_write(). This means, that we
4007 * must
4008 * reduce the "affordable" size just calculated by length of an IP
4009 * header.
4010 * This makes sure, that even if we manage to fill the payload with LSA
4011 * data
4012 * completely, the final packet (our data plus IP header) still fits
4013 * into
4014 * outgoing interface MTU. This correction isn't really meaningful for
4015 * an
4016 * oversized LSA, but for consistency the correction is done for both
4017 * cases.
4018 *
4019 * P.S. OSPF_MAX_PACKET_SIZE above already includes IP header size
4020 */
4021 return ospf_packet_new(size - sizeof(struct ip));
4022 }
4023
4024 static void ospf_ls_upd_queue_send(struct ospf_interface *oi,
4025 struct list *update, struct in_addr addr,
4026 int send_lsupd_now)
4027 {
4028 struct ospf_packet *op;
4029 uint16_t length = OSPF_HEADER_SIZE;
4030
4031 if (IS_DEBUG_OSPF_EVENT)
4032 zlog_debug("listcount = %d, [%s]dst %pI4", listcount(update),
4033 IF_NAME(oi), &addr);
4034
4035 /* Check that we have really something to process */
4036 if (listcount(update) == 0)
4037 return;
4038
4039 op = ospf_ls_upd_packet_new(update, oi);
4040
4041 /* Prepare OSPF common header. */
4042 ospf_make_header(OSPF_MSG_LS_UPD, oi, op->s);
4043
4044 /* Prepare OSPF Link State Update body.
4045 * Includes Type-7 translation.
4046 */
4047 length += ospf_make_ls_upd(oi, update, op->s);
4048
4049 /* Fill OSPF header. */
4050 ospf_fill_header(oi, op->s, length);
4051
4052 /* Set packet length. */
4053 op->length = length;
4054
4055 /* Decide destination address. */
4056 if (oi->type == OSPF_IFTYPE_POINTOPOINT)
4057 op->dst.s_addr = htonl(OSPF_ALLSPFROUTERS);
4058 else
4059 op->dst.s_addr = addr.s_addr;
4060
4061 /* Add packet to the interface output queue. */
4062 ospf_packet_add(oi, op);
4063 /* Call ospf_write() right away to send ospf packets to neighbors */
4064 if (send_lsupd_now) {
4065 struct thread os_packet_thd;
4066
4067 os_packet_thd.arg = (void *)oi->ospf;
4068 if (oi->on_write_q == 0) {
4069 listnode_add(oi->ospf->oi_write_q, oi);
4070 oi->on_write_q = 1;
4071 }
4072 ospf_write(&os_packet_thd);
4073 /*
4074 * We are fake calling ospf_write with a fake
4075 * thread. Imagine that we have oi_a already
4076 * enqueued and we have turned on the write
4077 * thread(t_write).
4078 * Now this function calls this for oi_b
4079 * so the on_write_q has oi_a and oi_b on
4080 * it, ospf_write runs and clears the packets
4081 * for both oi_a and oi_b. Removing them from
4082 * the on_write_q. After this thread of execution
4083 * finishes we will execute the t_write thread
4084 * with nothing in the on_write_q causing an
4085 * assert. So just make sure that the t_write
4086 * is actually turned off.
4087 */
4088 if (list_isempty(oi->ospf->oi_write_q))
4089 THREAD_OFF(oi->ospf->t_write);
4090 } else {
4091 /* Hook thread to write packet. */
4092 OSPF_ISM_WRITE_ON(oi->ospf);
4093 }
4094 }
4095
4096 static void ospf_ls_upd_send_queue_event(struct thread *thread)
4097 {
4098 struct ospf_interface *oi = THREAD_ARG(thread);
4099 struct route_node *rn;
4100 struct route_node *rnext;
4101 struct list *update;
4102 char again = 0;
4103
4104 oi->t_ls_upd_event = NULL;
4105
4106 if (IS_DEBUG_OSPF_EVENT)
4107 zlog_debug("%s start", __func__);
4108
4109 for (rn = route_top(oi->ls_upd_queue); rn; rn = rnext) {
4110 rnext = route_next(rn);
4111
4112 if (rn->info == NULL)
4113 continue;
4114
4115 update = (struct list *)rn->info;
4116
4117 ospf_ls_upd_queue_send(oi, update, rn->p.u.prefix4, 0);
4118
4119 /* list might not be empty. */
4120 if (listcount(update) == 0) {
4121 list_delete((struct list **)&rn->info);
4122 route_unlock_node(rn);
4123 } else
4124 again = 1;
4125 }
4126
4127 if (again != 0) {
4128 if (IS_DEBUG_OSPF_EVENT)
4129 zlog_debug(
4130 "%s: update lists not cleared, %d nodes to try again, raising new event",
4131 __func__, again);
4132 oi->t_ls_upd_event = NULL;
4133 thread_add_event(master, ospf_ls_upd_send_queue_event, oi, 0,
4134 &oi->t_ls_upd_event);
4135 }
4136
4137 if (IS_DEBUG_OSPF_EVENT)
4138 zlog_debug("%s stop", __func__);
4139 }
4140
4141 void ospf_ls_upd_send(struct ospf_neighbor *nbr, struct list *update, int flag,
4142 int send_lsupd_now)
4143 {
4144 struct ospf_interface *oi;
4145 struct ospf_lsa *lsa;
4146 struct prefix_ipv4 p;
4147 struct route_node *rn;
4148 struct listnode *node;
4149
4150 oi = nbr->oi;
4151
4152 p.family = AF_INET;
4153 p.prefixlen = IPV4_MAX_BITLEN;
4154
4155 /* Decide destination address. */
4156 if (oi->type == OSPF_IFTYPE_VIRTUALLINK)
4157 p.prefix = oi->vl_data->peer_addr;
4158 else if (oi->type == OSPF_IFTYPE_POINTOPOINT)
4159 p.prefix.s_addr = htonl(OSPF_ALLSPFROUTERS);
4160 else if (flag == OSPF_SEND_PACKET_DIRECT)
4161 p.prefix = nbr->address.u.prefix4;
4162 else if (oi->state == ISM_DR || oi->state == ISM_Backup)
4163 p.prefix.s_addr = htonl(OSPF_ALLSPFROUTERS);
4164 else if (oi->type == OSPF_IFTYPE_POINTOMULTIPOINT)
4165 p.prefix.s_addr = htonl(OSPF_ALLSPFROUTERS);
4166 else
4167 p.prefix.s_addr = htonl(OSPF_ALLDROUTERS);
4168
4169 if (oi->type == OSPF_IFTYPE_NBMA) {
4170 if (flag == OSPF_SEND_PACKET_INDIRECT)
4171 flog_warn(
4172 EC_OSPF_PACKET,
4173 "* LS-Update is directly sent on NBMA network.");
4174 if (IPV4_ADDR_SAME(&oi->address->u.prefix4, &p.prefix))
4175 flog_warn(EC_OSPF_PACKET,
4176 "* LS-Update is sent to myself.");
4177 }
4178
4179 rn = route_node_get(oi->ls_upd_queue, (struct prefix *)&p);
4180
4181 if (rn->info == NULL)
4182 rn->info = list_new();
4183 else
4184 route_unlock_node(rn);
4185
4186 for (ALL_LIST_ELEMENTS_RO(update, node, lsa))
4187 listnode_add(rn->info,
4188 ospf_lsa_lock(lsa)); /* oi->ls_upd_queue */
4189 if (send_lsupd_now) {
4190 struct list *send_update_list;
4191 struct route_node *rnext;
4192
4193 for (rn = route_top(oi->ls_upd_queue); rn; rn = rnext) {
4194 rnext = route_next(rn);
4195
4196 if (rn->info == NULL)
4197 continue;
4198
4199 send_update_list = (struct list *)rn->info;
4200
4201 ospf_ls_upd_queue_send(oi, send_update_list,
4202 rn->p.u.prefix4, 1);
4203 }
4204 } else
4205 thread_add_event(master, ospf_ls_upd_send_queue_event, oi, 0,
4206 &oi->t_ls_upd_event);
4207 }
4208
4209 static void ospf_ls_ack_send_list(struct ospf_interface *oi, struct list *ack,
4210 struct in_addr dst)
4211 {
4212 struct ospf_packet *op;
4213 uint16_t length = OSPF_HEADER_SIZE;
4214
4215 op = ospf_packet_new(oi->ifp->mtu);
4216
4217 /* Prepare OSPF common header. */
4218 ospf_make_header(OSPF_MSG_LS_ACK, oi, op->s);
4219
4220 /* Prepare OSPF Link State Acknowledgment body. */
4221 length += ospf_make_ls_ack(oi, ack, op->s);
4222
4223 /* Fill OSPF header. */
4224 ospf_fill_header(oi, op->s, length);
4225
4226 /* Set packet length. */
4227 op->length = length;
4228
4229 /* Decide destination address. */
4230 if (oi->type == OSPF_IFTYPE_POINTOPOINT ||
4231 oi->type == OSPF_IFTYPE_POINTOMULTIPOINT)
4232 op->dst.s_addr = htonl(OSPF_ALLSPFROUTERS);
4233 else
4234 op->dst.s_addr = dst.s_addr;
4235
4236 /* Add packet to the interface output queue. */
4237 ospf_packet_add(oi, op);
4238
4239 /* Hook thread to write packet. */
4240 OSPF_ISM_WRITE_ON(oi->ospf);
4241 }
4242
4243 static void ospf_ls_ack_send_event(struct thread *thread)
4244 {
4245 struct ospf_interface *oi = THREAD_ARG(thread);
4246
4247 oi->t_ls_ack_direct = NULL;
4248
4249 while (listcount(oi->ls_ack_direct.ls_ack))
4250 ospf_ls_ack_send_list(oi, oi->ls_ack_direct.ls_ack,
4251 oi->ls_ack_direct.dst);
4252 }
4253
4254 void ospf_ls_ack_send(struct ospf_neighbor *nbr, struct ospf_lsa *lsa)
4255 {
4256 struct ospf_interface *oi = nbr->oi;
4257
4258 if (IS_GRACE_LSA(lsa)) {
4259 if (IS_DEBUG_OSPF_GR)
4260 zlog_debug("%s, Sending GRACE ACK to Restarter.",
4261 __func__);
4262 }
4263
4264 if (listcount(oi->ls_ack_direct.ls_ack) == 0)
4265 oi->ls_ack_direct.dst = nbr->address.u.prefix4;
4266
4267 listnode_add(oi->ls_ack_direct.ls_ack, ospf_lsa_lock(lsa));
4268
4269 thread_add_event(master, ospf_ls_ack_send_event, oi, 0,
4270 &oi->t_ls_ack_direct);
4271 }
4272
4273 /* Send Link State Acknowledgment delayed. */
4274 void ospf_ls_ack_send_delayed(struct ospf_interface *oi)
4275 {
4276 struct in_addr dst;
4277
4278 /* Decide destination address. */
4279 /* RFC2328 Section 13.5 On non-broadcast
4280 networks, delayed Link State Acknowledgment packets must be
4281 unicast separately over each adjacency (i.e., neighbor whose
4282 state is >= Exchange). */
4283 if (oi->type == OSPF_IFTYPE_NBMA) {
4284 struct ospf_neighbor *nbr;
4285 struct route_node *rn;
4286
4287 for (rn = route_top(oi->nbrs); rn; rn = route_next(rn)) {
4288 nbr = rn->info;
4289
4290 if (!nbr)
4291 continue;
4292
4293 if (nbr != oi->nbr_self && nbr->state >= NSM_Exchange)
4294 while (listcount(oi->ls_ack))
4295 ospf_ls_ack_send_list(
4296 oi, oi->ls_ack,
4297 nbr->address.u.prefix4);
4298 }
4299 return;
4300 }
4301 if (oi->type == OSPF_IFTYPE_VIRTUALLINK)
4302 dst.s_addr = oi->vl_data->peer_addr.s_addr;
4303 else if (oi->state == ISM_DR || oi->state == ISM_Backup)
4304 dst.s_addr = htonl(OSPF_ALLSPFROUTERS);
4305 else if (oi->type == OSPF_IFTYPE_POINTOPOINT)
4306 dst.s_addr = htonl(OSPF_ALLSPFROUTERS);
4307 else if (oi->type == OSPF_IFTYPE_POINTOMULTIPOINT)
4308 dst.s_addr = htonl(OSPF_ALLSPFROUTERS);
4309 else
4310 dst.s_addr = htonl(OSPF_ALLDROUTERS);
4311
4312 while (listcount(oi->ls_ack))
4313 ospf_ls_ack_send_list(oi, oi->ls_ack, dst);
4314 }
4315
4316 /*
4317 * On pt-to-pt links, all OSPF control packets are sent to the multicast
4318 * address. As a result, the kernel does not need to learn the interface
4319 * MAC of the OSPF neighbor. However, in our world, this will delay
4320 * convergence. Take the case when due to a link flap, all routes now
4321 * want to use an interface which was deemed to be costlier prior to this
4322 * event. For routes that will be installed, the missing MAC will have
4323 * punt-to-CPU set on them. This may overload the CPU control path that
4324 * can be avoided if the MAC was known apriori.
4325 */
4326 void ospf_proactively_arp(struct ospf_neighbor *nbr)
4327 {
4328 if (!nbr || !nbr->oi->ospf->proactive_arp)
4329 return;
4330
4331 ospf_zebra_send_arp(nbr->oi->ifp, &nbr->address);
4332 }
FRRouting mirror