]> git.proxmox.com Git - mirror_frr.git/blob - ospfd/ospf_packet.c
projects / mirror_frr.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge pull request #12990 from opensourcerouting/fix/rename_bgp_afi_node_lookup
[mirror_frr.git] / ospfd / ospf_packet.c
1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3 * OSPF Sending and Receiving OSPF Packets.
4 * Copyright (C) 1999, 2000 Toshiaki Takada
5 */
6
7 #include <zebra.h>
8
9 #include "monotime.h"
10 #include "thread.h"
11 #include "memory.h"
12 #include "linklist.h"
13 #include "prefix.h"
14 #include "if.h"
15 #include "table.h"
16 #include "sockunion.h"
17 #include "stream.h"
18 #include "log.h"
19 #include "sockopt.h"
20 #include "checksum.h"
21 #ifdef CRYPTO_INTERNAL
22 #include "md5.h"
23 #endif
24 #include "vrf.h"
25 #include "lib_errors.h"
26
27 #include "ospfd/ospfd.h"
28 #include "ospfd/ospf_network.h"
29 #include "ospfd/ospf_interface.h"
30 #include "ospfd/ospf_ism.h"
31 #include "ospfd/ospf_abr.h"
32 #include "ospfd/ospf_asbr.h"
33 #include "ospfd/ospf_lsa.h"
34 #include "ospfd/ospf_lsdb.h"
35 #include "ospfd/ospf_neighbor.h"
36 #include "ospfd/ospf_nsm.h"
37 #include "ospfd/ospf_packet.h"
38 #include "ospfd/ospf_spf.h"
39 #include "ospfd/ospf_flood.h"
40 #include "ospfd/ospf_dump.h"
41 #include "ospfd/ospf_errors.h"
42 #include "ospfd/ospf_zebra.h"
43 #include "ospfd/ospf_gr.h"
44
45 /*
46 * OSPF Fragmentation / fragmented writes
47 *
48 * ospfd can support writing fragmented packets, for cases where
49 * kernel will not fragment IP_HDRINCL and/or multicast destined
50 * packets (ie TTBOMK all kernels, BSD, SunOS, Linux). However,
51 * SunOS, probably BSD too, clobber the user supplied IP ID and IP
52 * flags fields, hence user-space fragmentation will not work.
53 * Only Linux is known to leave IP header unmolested.
54 * Further, fragmentation really should be done the kernel, which already
55 * supports it, and which avoids nasty IP ID state problems.
56 *
57 * Fragmentation of OSPF packets can be required on networks with router
58 * with many many interfaces active in one area, or on networks with links
59 * with low MTUs.
60 */
61 #ifdef GNU_LINUX
62 #define WANT_OSPF_WRITE_FRAGMENT
63 #endif
64
65 /* Packet Type String. */
66 const struct message ospf_packet_type_str[] = {
67 {OSPF_MSG_HELLO, "Hello"},
68 {OSPF_MSG_DB_DESC, "Database Description"},
69 {OSPF_MSG_LS_REQ, "Link State Request"},
70 {OSPF_MSG_LS_UPD, "Link State Update"},
71 {OSPF_MSG_LS_ACK, "Link State Acknowledgment"},
72 {0}};
73
74 /* Minimum (besides OSPF_HEADER_SIZE) lengths for OSPF packets of
75 particular types, offset is the "type" field of a packet. */
76 static const uint16_t ospf_packet_minlen[] = {
77 0,
78 OSPF_HELLO_MIN_SIZE,
79 OSPF_DB_DESC_MIN_SIZE,
80 OSPF_LS_REQ_MIN_SIZE,
81 OSPF_LS_UPD_MIN_SIZE,
82 OSPF_LS_ACK_MIN_SIZE,
83 };
84
85 /* Minimum (besides OSPF_LSA_HEADER_SIZE) lengths for LSAs of particular
86 types, offset is the "LSA type" field. */
87 static const uint16_t ospf_lsa_minlen[] = {
88 0, /* OSPF_UNKNOWN_LSA */
89 OSPF_ROUTER_LSA_MIN_SIZE, /* OSPF_ROUTER_LSA */
90 OSPF_NETWORK_LSA_MIN_SIZE, /* OSPF_NETWORK_LSA */
91 OSPF_SUMMARY_LSA_MIN_SIZE, /* OSPF_SUMMARY_LSA */
92 OSPF_SUMMARY_LSA_MIN_SIZE, /* OSPF_ASBR_SUMMARY_LSA */
93 OSPF_AS_EXTERNAL_LSA_MIN_SIZE, /* OSPF_AS_EXTERNAL_LSA */
94 0, /* Unsupported, OSPF_GROUP_MEMBER_LSA */
95 OSPF_AS_EXTERNAL_LSA_MIN_SIZE, /* OSPF_AS_NSSA_LSA */
96 0, /* Unsupported, OSPF_EXTERNAL_ATTRIBURES_LSA */
97 OSPF_OPAQUE_LSA_MIN_SIZE, /* OSPF_OPAQUE_LINK_LSA */
98 OSPF_OPAQUE_LSA_MIN_SIZE, /* OSPF_OPAQUE_AREA_LSA */
99 OSPF_OPAQUE_LSA_MIN_SIZE, /* OSPF_OPAQUE_AS_LSA */
100 };
101
102 /* for ospf_check_auth() */
103 static int ospf_check_sum(struct ospf_header *);
104
105 /* OSPF authentication checking function */
106 static int ospf_auth_type(struct ospf_interface *oi)
107 {
108 int auth_type;
109
110 if (OSPF_IF_PARAM(oi, auth_type) == OSPF_AUTH_NOTSET)
111 auth_type = oi->area->auth_type;
112 else
113 auth_type = OSPF_IF_PARAM(oi, auth_type);
114
115 /* Handle case where MD5 key list is not configured aka Cisco */
116 if (auth_type == OSPF_AUTH_CRYPTOGRAPHIC
117 && list_isempty(OSPF_IF_PARAM(oi, auth_crypt)))
118 return OSPF_AUTH_NULL;
119
120 return auth_type;
121 }
122
123 static struct ospf_packet *ospf_packet_new(size_t size)
124 {
125 struct ospf_packet *new;
126
127 new = XCALLOC(MTYPE_OSPF_PACKET, sizeof(struct ospf_packet));
128 new->s = stream_new(size);
129
130 return new;
131 }
132
133 void ospf_packet_free(struct ospf_packet *op)
134 {
135 if (op->s)
136 stream_free(op->s);
137
138 XFREE(MTYPE_OSPF_PACKET, op);
139 }
140
141 struct ospf_fifo *ospf_fifo_new(void)
142 {
143 struct ospf_fifo *new;
144
145 new = XCALLOC(MTYPE_OSPF_FIFO, sizeof(struct ospf_fifo));
146 return new;
147 }
148
149 /* Add new packet to fifo. */
150 void ospf_fifo_push(struct ospf_fifo *fifo, struct ospf_packet *op)
151 {
152 if (fifo->tail)
153 fifo->tail->next = op;
154 else
155 fifo->head = op;
156
157 fifo->tail = op;
158
159 fifo->count++;
160 }
161
162 /* Add new packet to head of fifo. */
163 static void ospf_fifo_push_head(struct ospf_fifo *fifo, struct ospf_packet *op)
164 {
165 op->next = fifo->head;
166
167 if (fifo->tail == NULL)
168 fifo->tail = op;
169
170 fifo->head = op;
171
172 fifo->count++;
173 }
174
175 /* Delete first packet from fifo. */
176 struct ospf_packet *ospf_fifo_pop(struct ospf_fifo *fifo)
177 {
178 struct ospf_packet *op;
179
180 op = fifo->head;
181
182 if (op) {
183 fifo->head = op->next;
184
185 if (fifo->head == NULL)
186 fifo->tail = NULL;
187
188 fifo->count--;
189 }
190
191 return op;
192 }
193
194 /* Return first fifo entry. */
195 struct ospf_packet *ospf_fifo_head(struct ospf_fifo *fifo)
196 {
197 return fifo->head;
198 }
199
200 /* Flush ospf packet fifo. */
201 void ospf_fifo_flush(struct ospf_fifo *fifo)
202 {
203 struct ospf_packet *op;
204 struct ospf_packet *next;
205
206 for (op = fifo->head; op; op = next) {
207 next = op->next;
208 ospf_packet_free(op);
209 }
210 fifo->head = fifo->tail = NULL;
211 fifo->count = 0;
212 }
213
214 /* Free ospf packet fifo. */
215 void ospf_fifo_free(struct ospf_fifo *fifo)
216 {
217 ospf_fifo_flush(fifo);
218
219 XFREE(MTYPE_OSPF_FIFO, fifo);
220 }
221
222 static void ospf_packet_add(struct ospf_interface *oi, struct ospf_packet *op)
223 {
224 /* Add packet to end of queue. */
225 ospf_fifo_push(oi->obuf, op);
226
227 /* Debug of packet fifo*/
228 /* ospf_fifo_debug (oi->obuf); */
229 }
230
231 static void ospf_packet_add_top(struct ospf_interface *oi,
232 struct ospf_packet *op)
233 {
234 /* Add packet to head of queue. */
235 ospf_fifo_push_head(oi->obuf, op);
236
237 /* Debug of packet fifo*/
238 /* ospf_fifo_debug (oi->obuf); */
239 }
240
241 static void ospf_packet_delete(struct ospf_interface *oi)
242 {
243 struct ospf_packet *op;
244
245 op = ospf_fifo_pop(oi->obuf);
246
247 if (op)
248 ospf_packet_free(op);
249 }
250
251 static struct ospf_packet *ospf_packet_dup(struct ospf_packet *op)
252 {
253 struct ospf_packet *new;
254
255 if (stream_get_endp(op->s) != op->length)
256 /* XXX size_t */
257 zlog_debug(
258 "ospf_packet_dup stream %lu ospf_packet %u size mismatch",
259 (unsigned long)STREAM_SIZE(op->s), op->length);
260
261 /* Reserve space for MD5 authentication that may be added later. */
262 new = ospf_packet_new(stream_get_endp(op->s) + OSPF_AUTH_MD5_SIZE);
263 stream_copy(new->s, op->s);
264
265 new->dst = op->dst;
266 new->length = op->length;
267
268 return new;
269 }
270
271 /* XXX inline */
272 static unsigned int ospf_packet_authspace(struct ospf_interface *oi)
273 {
274 int auth = 0;
275
276 if (ospf_auth_type(oi) == OSPF_AUTH_CRYPTOGRAPHIC)
277 auth = OSPF_AUTH_MD5_SIZE;
278
279 return auth;
280 }
281
282 static unsigned int ospf_packet_max(struct ospf_interface *oi)
283 {
284 int max;
285
286 max = oi->ifp->mtu - ospf_packet_authspace(oi);
287
288 max -= (OSPF_HEADER_SIZE + sizeof(struct ip));
289
290 return max;
291 }
292
293
294 static int ospf_check_md5_digest(struct ospf_interface *oi,
295 struct ospf_header *ospfh)
296 {
297 #ifdef CRYPTO_OPENSSL
298 EVP_MD_CTX *ctx;
299 #elif CRYPTO_INTERNAL
300 MD5_CTX ctx;
301 #endif
302 unsigned char digest[OSPF_AUTH_MD5_SIZE];
303 struct crypt_key *ck;
304 struct ospf_neighbor *nbr;
305 uint16_t length = ntohs(ospfh->length);
306
307 /* Get secret key. */
308 ck = ospf_crypt_key_lookup(OSPF_IF_PARAM(oi, auth_crypt),
309 ospfh->u.crypt.key_id);
310 if (ck == NULL) {
311 flog_warn(EC_OSPF_MD5, "interface %s: ospf_check_md5 no key %d",
312 IF_NAME(oi), ospfh->u.crypt.key_id);
313 return 0;
314 }
315
316 /* check crypto seqnum. */
317 nbr = ospf_nbr_lookup_by_routerid(oi->nbrs, &ospfh->router_id);
318
319 if (nbr
320 && ntohl(nbr->crypt_seqnum) > ntohl(ospfh->u.crypt.crypt_seqnum)) {
321 flog_warn(
322 EC_OSPF_MD5,
323 "interface %s: ospf_check_md5 bad sequence %d (expect %d)",
324 IF_NAME(oi), ntohl(ospfh->u.crypt.crypt_seqnum),
325 ntohl(nbr->crypt_seqnum));
326 return 0;
327 }
328
329 /* Generate a digest for the ospf packet - their digest + our digest. */
330 #ifdef CRYPTO_OPENSSL
331 unsigned int md5_size = OSPF_AUTH_MD5_SIZE;
332 ctx = EVP_MD_CTX_new();
333 EVP_DigestInit(ctx, EVP_md5());
334 EVP_DigestUpdate(ctx, ospfh, length);
335 EVP_DigestUpdate(ctx, ck->auth_key, OSPF_AUTH_MD5_SIZE);
336 EVP_DigestFinal(ctx, digest, &md5_size);
337 EVP_MD_CTX_free(ctx);
338 #elif CRYPTO_INTERNAL
339 memset(&ctx, 0, sizeof(ctx));
340 MD5Init(&ctx);
341 MD5Update(&ctx, ospfh, length);
342 MD5Update(&ctx, ck->auth_key, OSPF_AUTH_MD5_SIZE);
343 MD5Final(digest, &ctx);
344 #endif
345
346 /* compare the two */
347 if (memcmp((caddr_t)ospfh + length, digest, OSPF_AUTH_MD5_SIZE)) {
348 flog_warn(EC_OSPF_MD5,
349 "interface %s: ospf_check_md5 checksum mismatch",
350 IF_NAME(oi));
351 return 0;
352 }
353
354 /* save neighbor's crypt_seqnum */
355 if (nbr)
356 nbr->crypt_seqnum = ospfh->u.crypt.crypt_seqnum;
357 return 1;
358 }
359
360 /* This function is called from ospf_write(), it will detect the
361 authentication scheme and if it is MD5, it will change the sequence
362 and update the MD5 digest. */
363 static int ospf_make_md5_digest(struct ospf_interface *oi,
364 struct ospf_packet *op)
365 {
366 struct ospf_header *ospfh;
367 unsigned char digest[OSPF_AUTH_MD5_SIZE] = {0};
368 #ifdef CRYPTO_OPENSSL
369 EVP_MD_CTX *ctx;
370 #elif CRYPTO_INTERNAL
371 MD5_CTX ctx;
372 #endif
373 void *ibuf;
374 uint32_t t;
375 struct crypt_key *ck;
376 const uint8_t *auth_key;
377
378 ibuf = STREAM_DATA(op->s);
379 ospfh = (struct ospf_header *)ibuf;
380
381 if (ntohs(ospfh->auth_type) != OSPF_AUTH_CRYPTOGRAPHIC)
382 return 0;
383
384 /* We do this here so when we dup a packet, we don't have to
385 waste CPU rewriting other headers.
386
387 Note that frr_time /deliberately/ is not used here */
388 t = (time(NULL) & 0xFFFFFFFF);
389 if (t > oi->crypt_seqnum)
390 oi->crypt_seqnum = t;
391 else
392 oi->crypt_seqnum++;
393
394 ospfh->u.crypt.crypt_seqnum = htonl(oi->crypt_seqnum);
395
396 /* Get MD5 Authentication key from auth_key list. */
397 if (list_isempty(OSPF_IF_PARAM(oi, auth_crypt)))
398 auth_key = (const uint8_t *)digest;
399 else {
400 ck = listgetdata(listtail(OSPF_IF_PARAM(oi, auth_crypt)));
401 auth_key = ck->auth_key;
402 }
403
404 /* Generate a digest for the entire packet + our secret key. */
405 #ifdef CRYPTO_OPENSSL
406 unsigned int md5_size = OSPF_AUTH_MD5_SIZE;
407 ctx = EVP_MD_CTX_new();
408 EVP_DigestInit(ctx, EVP_md5());
409 EVP_DigestUpdate(ctx, ibuf, ntohs(ospfh->length));
410 EVP_DigestUpdate(ctx, auth_key, OSPF_AUTH_MD5_SIZE);
411 EVP_DigestFinal(ctx, digest, &md5_size);
412 EVP_MD_CTX_free(ctx);
413 #elif CRYPTO_INTERNAL
414 memset(&ctx, 0, sizeof(ctx));
415 MD5Init(&ctx);
416 MD5Update(&ctx, ibuf, ntohs(ospfh->length));
417 MD5Update(&ctx, auth_key, OSPF_AUTH_MD5_SIZE);
418 MD5Final(digest, &ctx);
419 #endif
420
421 /* Append md5 digest to the end of the stream. */
422 stream_put(op->s, digest, OSPF_AUTH_MD5_SIZE);
423
424 /* We do *NOT* increment the OSPF header length. */
425 op->length = ntohs(ospfh->length) + OSPF_AUTH_MD5_SIZE;
426
427 if (stream_get_endp(op->s) != op->length)
428 /* XXX size_t */
429 flog_warn(EC_OSPF_MD5,
430 "%s: length mismatch stream %lu ospf_packet %u",
431 __func__, (unsigned long)stream_get_endp(op->s),
432 op->length);
433
434 return OSPF_AUTH_MD5_SIZE;
435 }
436
437
438 static void ospf_ls_req_timer(struct thread *thread)
439 {
440 struct ospf_neighbor *nbr;
441
442 nbr = THREAD_ARG(thread);
443 nbr->t_ls_req = NULL;
444
445 /* Send Link State Request. */
446 if (ospf_ls_request_count(nbr))
447 ospf_ls_req_send(nbr);
448
449 /* Set Link State Request retransmission timer. */
450 OSPF_NSM_TIMER_ON(nbr->t_ls_req, ospf_ls_req_timer, nbr->v_ls_req);
451 }
452
453 void ospf_ls_req_event(struct ospf_neighbor *nbr)
454 {
455 THREAD_OFF(nbr->t_ls_req);
456 thread_add_event(master, ospf_ls_req_timer, nbr, 0, &nbr->t_ls_req);
457 }
458
459 /* Cyclic timer function. Fist registered in ospf_nbr_new () in
460 ospf_neighbor.c */
461 void ospf_ls_upd_timer(struct thread *thread)
462 {
463 struct ospf_neighbor *nbr;
464
465 nbr = THREAD_ARG(thread);
466 nbr->t_ls_upd = NULL;
467
468 /* Send Link State Update. */
469 if (ospf_ls_retransmit_count(nbr) > 0) {
470 struct list *update;
471 struct ospf_lsdb *lsdb;
472 int i;
473 int retransmit_interval;
474
475 retransmit_interval =
476 OSPF_IF_PARAM(nbr->oi, retransmit_interval);
477
478 lsdb = &nbr->ls_rxmt;
479 update = list_new();
480
481 for (i = OSPF_MIN_LSA; i < OSPF_MAX_LSA; i++) {
482 struct route_table *table = lsdb->type[i].db;
483 struct route_node *rn;
484
485 for (rn = route_top(table); rn; rn = route_next(rn)) {
486 struct ospf_lsa *lsa;
487
488 if ((lsa = rn->info) != NULL) {
489 /* Don't retransmit an LSA if we
490 received it within
491 the last RxmtInterval seconds - this
492 is to allow the
493 neighbour a chance to acknowledge the
494 LSA as it may
495 have ben just received before the
496 retransmit timer
497 fired. This is a small tweak to what
498 is in the RFC,
499 but it will cut out out a lot of
500 retransmit traffic
501 - MAG */
502 if (monotime_since(&lsa->tv_recv, NULL)
503 >= retransmit_interval * 1000000LL)
504 listnode_add(update, rn->info);
505 }
506 }
507 }
508
509 if (listcount(update) > 0)
510 ospf_ls_upd_send(nbr, update, OSPF_SEND_PACKET_DIRECT,
511 0);
512 list_delete(&update);
513 }
514
515 /* Set LS Update retransmission timer. */
516 OSPF_NSM_TIMER_ON(nbr->t_ls_upd, ospf_ls_upd_timer, nbr->v_ls_upd);
517 }
518
519 void ospf_ls_ack_timer(struct thread *thread)
520 {
521 struct ospf_interface *oi;
522
523 oi = THREAD_ARG(thread);
524 oi->t_ls_ack = NULL;
525
526 /* Send Link State Acknowledgment. */
527 if (listcount(oi->ls_ack) > 0)
528 ospf_ls_ack_send_delayed(oi);
529
530 /* Set LS Ack timer. */
531 OSPF_ISM_TIMER_ON(oi->t_ls_ack, ospf_ls_ack_timer, oi->v_ls_ack);
532 }
533
534 #ifdef WANT_OSPF_WRITE_FRAGMENT
535 static void ospf_write_frags(int fd, struct ospf_packet *op, struct ip *iph,
536 struct msghdr *msg, unsigned int maxdatasize,
537 unsigned int mtu, int flags, uint8_t type)
538 {
539 #define OSPF_WRITE_FRAG_SHIFT 3
540 uint16_t offset;
541 struct iovec *iovp;
542 int ret;
543
544 assert(op->length == stream_get_endp(op->s));
545 assert(msg->msg_iovlen == 2);
546
547 /* we can but try.
548 *
549 * SunOS, BSD and BSD derived kernels likely will clear ip_id, as
550 * well as the IP_MF flag, making this all quite pointless.
551 *
552 * However, for a system on which IP_MF is left alone, and ip_id left
553 * alone or else which sets same ip_id for each fragment this might
554 * work, eg linux.
555 *
556 * XXX-TODO: It would be much nicer to have the kernel's use their
557 * existing fragmentation support to do this for us. Bugs/RFEs need to
558 * be raised against the various kernels.
559 */
560
561 /* set More Frag */
562 iph->ip_off |= IP_MF;
563
564 /* ip frag offset is expressed in units of 8byte words */
565 offset = maxdatasize >> OSPF_WRITE_FRAG_SHIFT;
566
567 iovp = &msg->msg_iov[1];
568
569 while ((stream_get_endp(op->s) - stream_get_getp(op->s))
570 > maxdatasize) {
571 /* data length of this frag is to next offset value */
572 iovp->iov_len = offset << OSPF_WRITE_FRAG_SHIFT;
573 iph->ip_len = iovp->iov_len + sizeof(struct ip);
574 assert(iph->ip_len <= mtu);
575
576 sockopt_iphdrincl_swab_htosys(iph);
577
578 ret = sendmsg(fd, msg, flags);
579
580 sockopt_iphdrincl_swab_systoh(iph);
581
582 if (ret < 0)
583 flog_err(
584 EC_LIB_SOCKET,
585 "*** %s: sendmsg failed to %pI4, id %d, off %d, len %d, mtu %u failed with %s",
586 __func__, &iph->ip_dst, iph->ip_id, iph->ip_off,
587 iph->ip_len, mtu, safe_strerror(errno));
588
589 if (IS_DEBUG_OSPF_PACKET(type - 1, SEND)) {
590 zlog_debug("%s: sent id %d, off %d, len %d to %pI4",
591 __func__, iph->ip_id, iph->ip_off,
592 iph->ip_len, &iph->ip_dst);
593 }
594
595 iph->ip_off += offset;
596 stream_forward_getp(op->s, iovp->iov_len);
597 iovp->iov_base = stream_pnt(op->s);
598 }
599
600 /* setup for final fragment */
601 iovp->iov_len = stream_get_endp(op->s) - stream_get_getp(op->s);
602 iph->ip_len = iovp->iov_len + sizeof(struct ip);
603 iph->ip_off &= (~IP_MF);
604 }
605 #endif /* WANT_OSPF_WRITE_FRAGMENT */
606
607 static void ospf_write(struct thread *thread)
608 {
609 struct ospf *ospf = THREAD_ARG(thread);
610 struct ospf_interface *oi;
611 struct ospf_packet *op;
612 struct sockaddr_in sa_dst;
613 struct ip iph;
614 struct msghdr msg;
615 struct iovec iov[2];
616 uint8_t type;
617 int ret;
618 int flags = 0;
619 struct listnode *node;
620 #ifdef WANT_OSPF_WRITE_FRAGMENT
621 static uint16_t ipid = 0;
622 uint16_t maxdatasize;
623 #endif /* WANT_OSPF_WRITE_FRAGMENT */
624 #define OSPF_WRITE_IPHL_SHIFT 2
625 int pkt_count = 0;
626
627 #ifdef GNU_LINUX
628 unsigned char cmsgbuf[64] = {};
629 struct cmsghdr *cm = (struct cmsghdr *)cmsgbuf;
630 struct in_pktinfo *pi;
631 #endif
632
633 if (ospf->fd < 0 || ospf->oi_running == 0) {
634 if (IS_DEBUG_OSPF_EVENT)
635 zlog_debug("%s failed to send, fd %d, instance %u",
636 __func__, ospf->fd, ospf->oi_running);
637 return;
638 }
639
640 node = listhead(ospf->oi_write_q);
641 assert(node);
642 oi = listgetdata(node);
643
644 #ifdef WANT_OSPF_WRITE_FRAGMENT
645 /* seed ipid static with low order bits of time */
646 if (ipid == 0)
647 ipid = (time(NULL) & 0xffff);
648 #endif /* WANT_OSPF_WRITE_FRAGMENT */
649
650 while ((pkt_count < ospf->write_oi_count) && oi) {
651 pkt_count++;
652 #ifdef WANT_OSPF_WRITE_FRAGMENT
653 /* convenience - max OSPF data per packet */
654 maxdatasize = oi->ifp->mtu - sizeof(struct ip);
655 #endif /* WANT_OSPF_WRITE_FRAGMENT */
656 /* Get one packet from queue. */
657 op = ospf_fifo_head(oi->obuf);
658 assert(op);
659 assert(op->length >= OSPF_HEADER_SIZE);
660
661 if (op->dst.s_addr == htonl(OSPF_ALLSPFROUTERS)
662 || op->dst.s_addr == htonl(OSPF_ALLDROUTERS))
663 ospf_if_ipmulticast(ospf, oi->address,
664 oi->ifp->ifindex);
665
666 /* Rewrite the md5 signature & update the seq */
667 ospf_make_md5_digest(oi, op);
668
669 /* Retrieve OSPF packet type. */
670 stream_set_getp(op->s, 1);
671 type = stream_getc(op->s);
672
673 /* reset get pointer */
674 stream_set_getp(op->s, 0);
675
676 memset(&iph, 0, sizeof(iph));
677 memset(&sa_dst, 0, sizeof(sa_dst));
678
679 sa_dst.sin_family = AF_INET;
680 #ifdef HAVE_STRUCT_SOCKADDR_IN_SIN_LEN
681 sa_dst.sin_len = sizeof(sa_dst);
682 #endif /* HAVE_STRUCT_SOCKADDR_IN_SIN_LEN */
683 sa_dst.sin_addr = op->dst;
684 sa_dst.sin_port = htons(0);
685
686 /* Set DONTROUTE flag if dst is unicast. */
687 if (oi->type != OSPF_IFTYPE_VIRTUALLINK)
688 if (!IN_MULTICAST(htonl(op->dst.s_addr)))
689 flags = MSG_DONTROUTE;
690
691 iph.ip_hl = sizeof(struct ip) >> OSPF_WRITE_IPHL_SHIFT;
692 /* it'd be very strange for header to not be 4byte-word aligned
693 * but.. */
694 if (sizeof(struct ip)
695 > (unsigned int)(iph.ip_hl << OSPF_WRITE_IPHL_SHIFT))
696 iph.ip_hl++; /* we presume sizeof(struct ip) cant
697 overflow ip_hl.. */
698
699 iph.ip_v = IPVERSION;
700 iph.ip_tos = IPTOS_PREC_INTERNETCONTROL;
701 iph.ip_len = (iph.ip_hl << OSPF_WRITE_IPHL_SHIFT) + op->length;
702
703 #if defined(__DragonFly__)
704 /*
705 * DragonFly's raw socket expects ip_len/ip_off in network byte
706 * order.
707 */
708 iph.ip_len = htons(iph.ip_len);
709 #endif
710
711 #ifdef WANT_OSPF_WRITE_FRAGMENT
712 /* XXX-MT: not thread-safe at all..
713 * XXX: this presumes this is only programme sending OSPF
714 * packets
715 * otherwise, no guarantee ipid will be unique
716 */
717 iph.ip_id = ++ipid;
718 #endif /* WANT_OSPF_WRITE_FRAGMENT */
719
720 iph.ip_off = 0;
721 if (oi->type == OSPF_IFTYPE_VIRTUALLINK)
722 iph.ip_ttl = OSPF_VL_IP_TTL;
723 else
724 iph.ip_ttl = OSPF_IP_TTL;
725 iph.ip_p = IPPROTO_OSPFIGP;
726 iph.ip_sum = 0;
727 iph.ip_src.s_addr = oi->address->u.prefix4.s_addr;
728 iph.ip_dst.s_addr = op->dst.s_addr;
729
730 memset(&msg, 0, sizeof(msg));
731 msg.msg_name = (caddr_t)&sa_dst;
732 msg.msg_namelen = sizeof(sa_dst);
733 msg.msg_iov = iov;
734 msg.msg_iovlen = 2;
735
736 iov[0].iov_base = (char *)&iph;
737 iov[0].iov_len = iph.ip_hl << OSPF_WRITE_IPHL_SHIFT;
738 iov[1].iov_base = stream_pnt(op->s);
739 iov[1].iov_len = op->length;
740
741 #ifdef GNU_LINUX
742 msg.msg_control = (caddr_t)cm;
743 cm->cmsg_level = SOL_IP;
744 cm->cmsg_type = IP_PKTINFO;
745 cm->cmsg_len = CMSG_LEN(sizeof(struct in_pktinfo));
746 pi = (struct in_pktinfo *)CMSG_DATA(cm);
747 pi->ipi_ifindex = oi->ifp->ifindex;
748
749 msg.msg_controllen = cm->cmsg_len;
750 #endif
751
752 /* Sadly we can not rely on kernels to fragment packets
753 * because of either IP_HDRINCL and/or multicast
754 * destination being set.
755 */
756
757 #ifdef WANT_OSPF_WRITE_FRAGMENT
758 if (op->length > maxdatasize)
759 ospf_write_frags(ospf->fd, op, &iph, &msg, maxdatasize,
760 oi->ifp->mtu, flags, type);
761 #endif /* WANT_OSPF_WRITE_FRAGMENT */
762
763 /* send final fragment (could be first) */
764 sockopt_iphdrincl_swab_htosys(&iph);
765 ret = sendmsg(ospf->fd, &msg, flags);
766 sockopt_iphdrincl_swab_systoh(&iph);
767 if (IS_DEBUG_OSPF_EVENT)
768 zlog_debug(
769 "%s to %pI4, id %d, off %d, len %d, interface %s, mtu %u:",
770 __func__, &iph.ip_dst, iph.ip_id, iph.ip_off,
771 iph.ip_len, oi->ifp->name, oi->ifp->mtu);
772
773 /* sendmsg will return EPERM if firewall is blocking sending.
774 * This is a normal situation when 'ip nhrp map multicast xxx'
775 * is being used to send multicast packets to DMVPN peers. In
776 * that case the original message is blocked with iptables rule
777 * causing the EPERM result
778 */
779 if (ret < 0 && errno != EPERM)
780 flog_err(
781 EC_LIB_SOCKET,
782 "*** sendmsg in %s failed to %pI4, id %d, off %d, len %d, interface %s, mtu %u: %s",
783 __func__, &iph.ip_dst, iph.ip_id, iph.ip_off,
784 iph.ip_len, oi->ifp->name, oi->ifp->mtu,
785 safe_strerror(errno));
786
787 /* Show debug sending packet. */
788 if (IS_DEBUG_OSPF_PACKET(type - 1, SEND)) {
789 if (IS_DEBUG_OSPF_PACKET(type - 1, DETAIL)) {
790 zlog_debug(
791 "-----------------------------------------------------");
792 stream_set_getp(op->s, 0);
793 ospf_packet_dump(op->s);
794 }
795
796 zlog_debug("%s sent to [%pI4] via [%s].",
797 lookup_msg(ospf_packet_type_str, type, NULL),
798 &op->dst, IF_NAME(oi));
799
800 if (IS_DEBUG_OSPF_PACKET(type - 1, DETAIL))
801 zlog_debug(
802 "-----------------------------------------------------");
803 }
804
805 switch (type) {
806 case OSPF_MSG_HELLO:
807 oi->hello_out++;
808 break;
809 case OSPF_MSG_DB_DESC:
810 oi->db_desc_out++;
811 break;
812 case OSPF_MSG_LS_REQ:
813 oi->ls_req_out++;
814 break;
815 case OSPF_MSG_LS_UPD:
816 oi->ls_upd_out++;
817 break;
818 case OSPF_MSG_LS_ACK:
819 oi->ls_ack_out++;
820 break;
821 default:
822 break;
823 }
824
825 /* Now delete packet from queue. */
826 ospf_packet_delete(oi);
827
828 /* Move this interface to the tail of write_q to
829 serve everyone in a round robin fashion */
830 list_delete_node(ospf->oi_write_q, node);
831 if (ospf_fifo_head(oi->obuf) == NULL) {
832 oi->on_write_q = 0;
833 oi = NULL;
834 } else
835 listnode_add(ospf->oi_write_q, oi);
836
837 /* Setup to service from the head of the queue again */
838 if (!list_isempty(ospf->oi_write_q)) {
839 node = listhead(ospf->oi_write_q);
840 oi = listgetdata(node);
841 }
842 }
843
844 /* If packets still remain in queue, call write thread. */
845 if (!list_isempty(ospf->oi_write_q))
846 thread_add_write(master, ospf_write, ospf, ospf->fd,
847 &ospf->t_write);
848 }
849
850 /* OSPF Hello message read -- RFC2328 Section 10.5. */
851 static void ospf_hello(struct ip *iph, struct ospf_header *ospfh,
852 struct stream *s, struct ospf_interface *oi, int size)
853 {
854 struct ospf_hello *hello;
855 struct ospf_neighbor *nbr;
856 int old_state;
857 struct prefix p;
858
859 /* increment statistics. */
860 oi->hello_in++;
861
862 hello = (struct ospf_hello *)stream_pnt(s);
863
864 /* If Hello is myself, silently discard. */
865 if (IPV4_ADDR_SAME(&ospfh->router_id, &oi->ospf->router_id)) {
866 if (IS_DEBUG_OSPF_PACKET(ospfh->type - 1, RECV)) {
867 zlog_debug(
868 "ospf_header[%s/%pI4]: selforiginated, dropping.",
869 lookup_msg(ospf_packet_type_str, ospfh->type,
870 NULL),
871 &iph->ip_src);
872 }
873 return;
874 }
875
876 /* get neighbor prefix. */
877 p.family = AF_INET;
878 p.prefixlen = ip_masklen(hello->network_mask);
879 p.u.prefix4 = iph->ip_src;
880
881 /* Compare network mask. */
882 /* Checking is ignored for Point-to-Point and Virtual link. */
883 /* Checking is also ignored for Point-to-Multipoint with /32 prefix */
884 if (oi->type != OSPF_IFTYPE_POINTOPOINT
885 && oi->type != OSPF_IFTYPE_VIRTUALLINK
886 && !(oi->type == OSPF_IFTYPE_POINTOMULTIPOINT
887 && oi->address->prefixlen == IPV4_MAX_BITLEN))
888 if (oi->address->prefixlen != p.prefixlen) {
889 flog_warn(
890 EC_OSPF_PACKET,
891 "Packet %pI4 [Hello:RECV]: NetworkMask mismatch on %s (configured prefix length is %d, but hello packet indicates %d).",
892 &ospfh->router_id, IF_NAME(oi),
893 (int)oi->address->prefixlen, (int)p.prefixlen);
894 return;
895 }
896
897 /* Compare Router Dead Interval. */
898 if (OSPF_IF_PARAM(oi, v_wait) != ntohl(hello->dead_interval)) {
899 flog_warn(EC_OSPF_PACKET,
900 "Packet %pI4 [Hello:RECV]: RouterDeadInterval mismatch (expected %u, but received %u).",
901 &ospfh->router_id,
902 OSPF_IF_PARAM(oi, v_wait),
903 ntohl(hello->dead_interval));
904 return;
905 }
906
907 /* Compare Hello Interval - ignored if fast-hellos are set. */
908 if (OSPF_IF_PARAM(oi, fast_hello) == 0) {
909 if (OSPF_IF_PARAM(oi, v_hello)
910 != ntohs(hello->hello_interval)) {
911 flog_warn(
912 EC_OSPF_PACKET,
913 "Packet %pI4 [Hello:RECV]: HelloInterval mismatch (expected %u, but received %u).",
914 &ospfh->router_id,
915 OSPF_IF_PARAM(oi, v_hello),
916 ntohs(hello->hello_interval));
917 return;
918 }
919 }
920
921 if (IS_DEBUG_OSPF_EVENT)
922 zlog_debug("Packet %pI4 [Hello:RECV]: Options %s vrf %s",
923 &ospfh->router_id,
924 ospf_options_dump(hello->options),
925 ospf_vrf_id_to_name(oi->ospf->vrf_id));
926
927 /* Compare options. */
928 #define REJECT_IF_TBIT_ON 1 /* XXX */
929 #ifdef REJECT_IF_TBIT_ON
930 if (CHECK_FLAG(hello->options, OSPF_OPTION_MT)) {
931 /*
932 * This router does not support non-zero TOS.
933 * Drop this Hello packet not to establish neighbor
934 * relationship.
935 */
936 flog_warn(EC_OSPF_PACKET,
937 "Packet %pI4 [Hello:RECV]: T-bit on, drop it.",
938 &ospfh->router_id);
939 return;
940 }
941 #endif /* REJECT_IF_TBIT_ON */
942
943 if (CHECK_FLAG(oi->ospf->config, OSPF_OPAQUE_CAPABLE)
944 && CHECK_FLAG(hello->options, OSPF_OPTION_O)) {
945 /*
946 * This router does know the correct usage of O-bit
947 * the bit should be set in DD packet only.
948 */
949 flog_warn(EC_OSPF_PACKET,
950 "Packet %pI4 [Hello:RECV]: O-bit abuse?",
951 &ospfh->router_id);
952 #ifdef STRICT_OBIT_USAGE_CHECK
953 return; /* Reject this packet. */
954 #else /* STRICT_OBIT_USAGE_CHECK */
955 UNSET_FLAG(hello->options, OSPF_OPTION_O); /* Ignore O-bit. */
956 #endif /* STRICT_OBIT_USAGE_CHECK */
957 }
958
959 /* new for NSSA is to ensure that NP is on and E is off */
960
961 if (oi->area->external_routing == OSPF_AREA_NSSA) {
962 if (!(CHECK_FLAG(OPTIONS(oi), OSPF_OPTION_NP)
963 && CHECK_FLAG(hello->options, OSPF_OPTION_NP)
964 && !CHECK_FLAG(OPTIONS(oi), OSPF_OPTION_E)
965 && !CHECK_FLAG(hello->options, OSPF_OPTION_E))) {
966 flog_warn(
967 EC_OSPF_PACKET,
968 "NSSA-Packet-%pI4[Hello:RECV]: my options: %x, his options %x",
969 &ospfh->router_id, OPTIONS(oi),
970 hello->options);
971 return;
972 }
973 if (IS_DEBUG_OSPF_NSSA)
974 zlog_debug("NSSA-Hello:RECV:Packet from %pI4:",
975 &ospfh->router_id);
976 } else
977 /* The setting of the E-bit found in the Hello Packet's Options
978 field must match this area's ExternalRoutingCapability A
979 mismatch causes processing to stop and the packet to be
980 dropped. The setting of the rest of the bits in the Hello
981 Packet's Options field should be ignored. */
982 if (CHECK_FLAG(OPTIONS(oi), OSPF_OPTION_E)
983 != CHECK_FLAG(hello->options, OSPF_OPTION_E)) {
984 flog_warn(
985 EC_OSPF_PACKET,
986 "Packet %pI4 [Hello:RECV]: my options: %x, his options %x",
987 &ospfh->router_id, OPTIONS(oi),
988 hello->options);
989 return;
990 }
991
992 /* get neighbour struct */
993 nbr = ospf_nbr_get(oi, ospfh, iph, &p);
994
995 /* neighbour must be valid, ospf_nbr_get creates if none existed */
996 assert(nbr);
997
998 old_state = nbr->state;
999
1000 /* Add event to thread. */
1001 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_HelloReceived);
1002
1003 /* RFC2328 Section 9.5.1
1004 If the router is not eligible to become Designated Router,
1005 (snip) It must also send an Hello Packet in reply to an
1006 Hello Packet received from any eligible neighbor (other than
1007 the current Designated Router and Backup Designated Router). */
1008 if (oi->type == OSPF_IFTYPE_NBMA)
1009 if (PRIORITY(oi) == 0 && hello->priority > 0
1010 && IPV4_ADDR_CMP(&DR(oi), &iph->ip_src)
1011 && IPV4_ADDR_CMP(&BDR(oi), &iph->ip_src))
1012 OSPF_NSM_TIMER_ON(nbr->t_hello_reply,
1013 ospf_hello_reply_timer,
1014 OSPF_HELLO_REPLY_DELAY);
1015
1016 /* on NBMA network type, it happens to receive bidirectional Hello
1017 packet
1018 without advance 1-Way Received event.
1019 To avoid incorrect DR-seletion, raise 1-Way Received event.*/
1020 if (oi->type == OSPF_IFTYPE_NBMA
1021 && (old_state == NSM_Down || old_state == NSM_Attempt)) {
1022 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_OneWayReceived);
1023 nbr->priority = hello->priority;
1024 nbr->d_router = hello->d_router;
1025 nbr->bd_router = hello->bd_router;
1026 return;
1027 }
1028
1029 if (ospf_nbr_bidirectional(&oi->ospf->router_id, hello->neighbors,
1030 size - OSPF_HELLO_MIN_SIZE)) {
1031 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_TwoWayReceived);
1032 nbr->options |= hello->options;
1033 } else {
1034 /* If the router is DR_OTHER, RESTARTER will not wait
1035 * until it receives the hello from it if it receives
1036 * from DR and BDR.
1037 * So, helper might receives ONW_WAY hello from
1038 * RESTARTER. So not allowing to change the state if it
1039 * receives one_way hellow when it acts as HELPER for
1040 * that specific neighbor.
1041 */
1042 if (!OSPF_GR_IS_ACTIVE_HELPER(nbr))
1043 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_OneWayReceived);
1044 /* Set neighbor information. */
1045 nbr->priority = hello->priority;
1046 nbr->d_router = hello->d_router;
1047 nbr->bd_router = hello->bd_router;
1048 return;
1049 }
1050
1051 if (OSPF_GR_IS_ACTIVE_HELPER(nbr)) {
1052 /* As per the GR Conformance Test Case 7.2. Section 3
1053 * "Also, if X was the Designated Router on network segment S
1054 * when the helping relationship began, Y maintains X as the
1055 * Designated Router until the helping relationship is
1056 * terminated."
1057 * When I am helper for this neighbor, I should not trigger the
1058 * ISM Events. Also Intentionally not setting the priority and
1059 * other fields so that when the neighbor exits the Grace
1060 * period, it can handle if there is any change before GR and
1061 * after GR. */
1062 if (IS_DEBUG_OSPF_GR)
1063 zlog_debug(
1064 "%s, Neighbor is under GR Restart, hence ignoring the ISM Events",
1065 __PRETTY_FUNCTION__);
1066 } else {
1067 /* If neighbor itself declares DR and no BDR exists,
1068 cause event BackupSeen */
1069 if (IPV4_ADDR_SAME(&nbr->address.u.prefix4, &hello->d_router))
1070 if (hello->bd_router.s_addr == INADDR_ANY
1071 && oi->state == ISM_Waiting)
1072 OSPF_ISM_EVENT_SCHEDULE(oi, ISM_BackupSeen);
1073
1074 /* neighbor itself declares BDR. */
1075 if (oi->state == ISM_Waiting
1076 && IPV4_ADDR_SAME(&nbr->address.u.prefix4,
1077 &hello->bd_router))
1078 OSPF_ISM_EVENT_SCHEDULE(oi, ISM_BackupSeen);
1079
1080 /* had not previously. */
1081 if ((IPV4_ADDR_SAME(&nbr->address.u.prefix4, &hello->d_router)
1082 && IPV4_ADDR_CMP(&nbr->address.u.prefix4, &nbr->d_router))
1083 || (IPV4_ADDR_CMP(&nbr->address.u.prefix4, &hello->d_router)
1084 && IPV4_ADDR_SAME(&nbr->address.u.prefix4,
1085 &nbr->d_router)))
1086 OSPF_ISM_EVENT_SCHEDULE(oi, ISM_NeighborChange);
1087
1088 /* had not previously. */
1089 if ((IPV4_ADDR_SAME(&nbr->address.u.prefix4, &hello->bd_router)
1090 && IPV4_ADDR_CMP(&nbr->address.u.prefix4, &nbr->bd_router))
1091 || (IPV4_ADDR_CMP(&nbr->address.u.prefix4,
1092 &hello->bd_router)
1093 && IPV4_ADDR_SAME(&nbr->address.u.prefix4,
1094 &nbr->bd_router)))
1095 OSPF_ISM_EVENT_SCHEDULE(oi, ISM_NeighborChange);
1096
1097 /* Neighbor priority check. */
1098 if (nbr->priority >= 0 && nbr->priority != hello->priority)
1099 OSPF_ISM_EVENT_SCHEDULE(oi, ISM_NeighborChange);
1100 }
1101
1102 /* Set neighbor information. */
1103 nbr->priority = hello->priority;
1104 nbr->d_router = hello->d_router;
1105 nbr->bd_router = hello->bd_router;
1106
1107 /*
1108 * RFC 3623 - Section 2:
1109 * "If the restarting router determines that it was the Designated
1110 * Router on a given segment prior to the restart, it elects
1111 * itself as the Designated Router again. The restarting router
1112 * knows that it was the Designated Router if, while the
1113 * associated interface is in Waiting state, a Hello packet is
1114 * received from a neighbor listing the router as the Designated
1115 * Router".
1116 */
1117 if (oi->area->ospf->gr_info.restart_in_progress
1118 && oi->state == ISM_Waiting
1119 && IPV4_ADDR_SAME(&hello->d_router, &oi->address->u.prefix4))
1120 DR(oi) = hello->d_router;
1121 }
1122
1123 /* Save DD flags/options/Seqnum received. */
1124 static void ospf_db_desc_save_current(struct ospf_neighbor *nbr,
1125 struct ospf_db_desc *dd)
1126 {
1127 nbr->last_recv.flags = dd->flags;
1128 nbr->last_recv.options = dd->options;
1129 nbr->last_recv.dd_seqnum = ntohl(dd->dd_seqnum);
1130 }
1131
1132 /* Process rest of DD packet. */
1133 static void ospf_db_desc_proc(struct stream *s, struct ospf_interface *oi,
1134 struct ospf_neighbor *nbr,
1135 struct ospf_db_desc *dd, uint16_t size)
1136 {
1137 struct ospf_lsa *new, *find;
1138 struct lsa_header *lsah;
1139
1140 stream_forward_getp(s, OSPF_DB_DESC_MIN_SIZE);
1141 for (size -= OSPF_DB_DESC_MIN_SIZE; size >= OSPF_LSA_HEADER_SIZE;
1142 size -= OSPF_LSA_HEADER_SIZE) {
1143 lsah = (struct lsa_header *)stream_pnt(s);
1144 stream_forward_getp(s, OSPF_LSA_HEADER_SIZE);
1145
1146 /* Unknown LS type. */
1147 if (lsah->type < OSPF_MIN_LSA || lsah->type >= OSPF_MAX_LSA) {
1148 flog_warn(EC_OSPF_PACKET,
1149 "Packet [DD:RECV]: Unknown LS type %d.",
1150 lsah->type);
1151 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_SeqNumberMismatch);
1152 return;
1153 }
1154
1155 if (IS_OPAQUE_LSA(lsah->type)
1156 && !CHECK_FLAG(nbr->options, OSPF_OPTION_O)) {
1157 flog_warn(EC_OSPF_PACKET,
1158 "LSA[Type%d:%pI4] from %pI4: Opaque capability mismatch?",
1159 lsah->type, &lsah->id, &lsah->adv_router);
1160 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_SeqNumberMismatch);
1161 return;
1162 }
1163
1164 switch (lsah->type) {
1165 case OSPF_AS_EXTERNAL_LSA:
1166 case OSPF_OPAQUE_AS_LSA:
1167 /* Check for stub area. Reject if AS-External from stub
1168 but
1169 allow if from NSSA. */
1170 if (oi->area->external_routing == OSPF_AREA_STUB) {
1171 flog_warn(
1172 EC_OSPF_PACKET,
1173 "Packet [DD:RECV]: LSA[Type%d:%pI4] from %s area.",
1174 lsah->type, &lsah->id,
1175 (oi->area->external_routing
1176 == OSPF_AREA_STUB)
1177 ? "STUB"
1178 : "NSSA");
1179 OSPF_NSM_EVENT_SCHEDULE(nbr,
1180 NSM_SeqNumberMismatch);
1181 return;
1182 }
1183 break;
1184 default:
1185 break;
1186 }
1187
1188 /* Create LS-request object. */
1189 new = ospf_ls_request_new(lsah);
1190
1191 /* Lookup received LSA, then add LS request list. */
1192 find = ospf_lsa_lookup_by_header(oi->area, lsah);
1193
1194 /* ospf_lsa_more_recent is fine with NULL pointers */
1195 switch (ospf_lsa_more_recent(find, new)) {
1196 case -1:
1197 /* Neighbour has a more recent LSA, we must request it
1198 */
1199 ospf_ls_request_add(nbr, new);
1200 /* fallthru */
1201 case 0:
1202 /* If we have a copy of this LSA, it's either less
1203 * recent
1204 * and we're requesting it from neighbour (the case
1205 * above), or
1206 * it's as recent and we both have same copy (this
1207 * case).
1208 *
1209 * In neither of these two cases is there any point in
1210 * describing our copy of the LSA to the neighbour in a
1211 * DB-Summary packet, if we're still intending to do so.
1212 *
1213 * See: draft-ogier-ospf-dbex-opt-00.txt, describing the
1214 * backward compatible optimisation to OSPF DB Exchange
1215 * /
1216 * DB Description process implemented here.
1217 */
1218 if (find)
1219 ospf_lsdb_delete(&nbr->db_sum, find);
1220 ospf_lsa_discard(new);
1221 break;
1222 default:
1223 /* We have the more recent copy, nothing specific to do:
1224 * - no need to request neighbours stale copy
1225 * - must leave DB summary list copy alone
1226 */
1227 if (IS_DEBUG_OSPF_EVENT)
1228 zlog_debug(
1229 "Packet [DD:RECV]: LSA received Type %d, ID %pI4 is not recent.",
1230 lsah->type, &lsah->id);
1231 ospf_lsa_discard(new);
1232 }
1233 }
1234
1235 /* Master */
1236 if (IS_SET_DD_MS(nbr->dd_flags)) {
1237 nbr->dd_seqnum++;
1238
1239 /* Both sides have no More, then we're done with Exchange */
1240 if (!IS_SET_DD_M(dd->flags) && !IS_SET_DD_M(nbr->dd_flags))
1241 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_ExchangeDone);
1242 else
1243 ospf_db_desc_send(nbr);
1244 }
1245 /* Slave */
1246 else {
1247 nbr->dd_seqnum = ntohl(dd->dd_seqnum);
1248
1249 /* Send DD packet in reply.
1250 *
1251 * Must be done to acknowledge the Master's DD, regardless of
1252 * whether we have more LSAs ourselves to describe.
1253 *
1254 * This function will clear the 'More' bit, if after this DD
1255 * we have no more LSAs to describe to the master..
1256 */
1257 ospf_db_desc_send(nbr);
1258
1259 /* Slave can raise ExchangeDone now, if master is also done */
1260 if (!IS_SET_DD_M(dd->flags) && !IS_SET_DD_M(nbr->dd_flags))
1261 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_ExchangeDone);
1262 }
1263
1264 /* Save received neighbor values from DD. */
1265 ospf_db_desc_save_current(nbr, dd);
1266
1267 if (!nbr->t_ls_req)
1268 ospf_ls_req_send(nbr);
1269 }
1270
1271 static int ospf_db_desc_is_dup(struct ospf_db_desc *dd,
1272 struct ospf_neighbor *nbr)
1273 {
1274 /* Is DD duplicated? */
1275 if (dd->options == nbr->last_recv.options
1276 && dd->flags == nbr->last_recv.flags
1277 && dd->dd_seqnum == htonl(nbr->last_recv.dd_seqnum))
1278 return 1;
1279
1280 return 0;
1281 }
1282
1283 /* OSPF Database Description message read -- RFC2328 Section 10.6. */
1284 static void ospf_db_desc(struct ip *iph, struct ospf_header *ospfh,
1285 struct stream *s, struct ospf_interface *oi,
1286 uint16_t size)
1287 {
1288 struct ospf_db_desc *dd;
1289 struct ospf_neighbor *nbr;
1290
1291 /* Increment statistics. */
1292 oi->db_desc_in++;
1293
1294 dd = (struct ospf_db_desc *)stream_pnt(s);
1295
1296 nbr = ospf_nbr_lookup(oi, iph, ospfh);
1297 if (nbr == NULL) {
1298 flog_warn(EC_OSPF_PACKET, "Packet[DD]: Unknown Neighbor %pI4",
1299 &ospfh->router_id);
1300 return;
1301 }
1302
1303 /* Check MTU. */
1304 if ((OSPF_IF_PARAM(oi, mtu_ignore) == 0)
1305 && (ntohs(dd->mtu) > oi->ifp->mtu)) {
1306 flog_warn(
1307 EC_OSPF_PACKET,
1308 "Packet[DD]: Neighbor %pI4 MTU %u is larger than [%s]'s MTU %u",
1309 &nbr->router_id, ntohs(dd->mtu), IF_NAME(oi),
1310 oi->ifp->mtu);
1311 return;
1312 }
1313
1314 /*
1315 * XXX HACK by Hasso Tepper. Setting N/P bit in NSSA area DD packets is
1316 * not
1317 * required. In fact at least JunOS sends DD packets with P bit clear.
1318 * Until proper solution is developped, this hack should help.
1319 *
1320 * Update: According to the RFCs, N bit is specified /only/ for Hello
1321 * options, unfortunately its use in DD options is not specified. Hence
1322 * some
1323 * implementations follow E-bit semantics and set it in DD options, and
1324 * some
1325 * treat it as unspecified and hence follow the directive "default for
1326 * options is clear", ie unset.
1327 *
1328 * Reset the flag, as ospfd follows E-bit semantics.
1329 */
1330 if ((oi->area->external_routing == OSPF_AREA_NSSA)
1331 && (CHECK_FLAG(nbr->options, OSPF_OPTION_NP))
1332 && (!CHECK_FLAG(dd->options, OSPF_OPTION_NP))) {
1333 if (IS_DEBUG_OSPF_EVENT)
1334 zlog_debug(
1335 "Packet[DD]: Neighbour %pI4: Has NSSA capability, sends with N bit clear in DD options",
1336 &nbr->router_id);
1337 SET_FLAG(dd->options, OSPF_OPTION_NP);
1338 }
1339
1340 #ifdef REJECT_IF_TBIT_ON
1341 if (CHECK_FLAG(dd->options, OSPF_OPTION_MT)) {
1342 /*
1343 * In Hello protocol, optional capability must have checked
1344 * to prevent this T-bit enabled router be my neighbor.
1345 */
1346 flog_warn(EC_OSPF_PACKET, "Packet[DD]: Neighbor %pI4: T-bit on?",
1347 &nbr->router_id);
1348 return;
1349 }
1350 #endif /* REJECT_IF_TBIT_ON */
1351
1352 if (CHECK_FLAG(dd->options, OSPF_OPTION_O)
1353 && !CHECK_FLAG(oi->ospf->config, OSPF_OPAQUE_CAPABLE)) {
1354 /*
1355 * This node is not configured to handle O-bit, for now.
1356 * Clear it to ignore unsupported capability proposed by
1357 * neighbor.
1358 */
1359 UNSET_FLAG(dd->options, OSPF_OPTION_O);
1360 }
1361
1362 if (CHECK_FLAG(oi->ospf->config, OSPF_LOG_ADJACENCY_DETAIL))
1363 zlog_info(
1364 "%s:Packet[DD]: Neighbor %pI4 state is %s, seq_num:0x%x, local:0x%x",
1365 ospf_get_name(oi->ospf), &nbr->router_id,
1366 lookup_msg(ospf_nsm_state_msg, nbr->state, NULL),
1367 ntohl(dd->dd_seqnum), nbr->dd_seqnum);
1368
1369 /* Process DD packet by neighbor status. */
1370 switch (nbr->state) {
1371 case NSM_Down:
1372 case NSM_Attempt:
1373 case NSM_TwoWay:
1374 if (CHECK_FLAG(oi->ospf->config, OSPF_LOG_ADJACENCY_DETAIL))
1375 zlog_info(
1376 "Packet[DD]: Neighbor %pI4 state is %s, packet discarded.",
1377 &nbr->router_id,
1378 lookup_msg(ospf_nsm_state_msg, nbr->state,
1379 NULL));
1380 break;
1381 case NSM_Init:
1382 OSPF_NSM_EVENT_EXECUTE(nbr, NSM_TwoWayReceived);
1383 /* If the new state is ExStart, the processing of the current
1384 packet should then continue in this new state by falling
1385 through to case ExStart below. */
1386 if (nbr->state != NSM_ExStart)
1387 break;
1388 /* fallthru */
1389 case NSM_ExStart:
1390 /* Initial DBD */
1391 if ((IS_SET_DD_ALL(dd->flags) == OSPF_DD_FLAG_ALL)
1392 && (size == OSPF_DB_DESC_MIN_SIZE)) {
1393 if (IPV4_ADDR_CMP(&nbr->router_id, &oi->ospf->router_id)
1394 > 0) {
1395 /* We're Slave---obey */
1396 if (CHECK_FLAG(oi->ospf->config,
1397 OSPF_LOG_ADJACENCY_DETAIL))
1398 zlog_info(
1399 "Packet[DD]: Neighbor %pI4 Negotiation done (Slave).",
1400 &nbr->router_id);
1401
1402 nbr->dd_seqnum = ntohl(dd->dd_seqnum);
1403
1404 /* Reset I/MS */
1405 UNSET_FLAG(nbr->dd_flags,
1406 (OSPF_DD_FLAG_MS | OSPF_DD_FLAG_I));
1407 } else {
1408 /* We're Master, ignore the initial DBD from
1409 * Slave */
1410 if (CHECK_FLAG(oi->ospf->config,
1411 OSPF_LOG_ADJACENCY_DETAIL))
1412 zlog_info(
1413 "Packet[DD]: Neighbor %pI4: Initial DBD from Slave, ignoring.",
1414 &nbr->router_id);
1415 break;
1416 }
1417 }
1418 /* Ack from the Slave */
1419 else if (!IS_SET_DD_MS(dd->flags) && !IS_SET_DD_I(dd->flags)
1420 && ntohl(dd->dd_seqnum) == nbr->dd_seqnum
1421 && IPV4_ADDR_CMP(&nbr->router_id, &oi->ospf->router_id)
1422 < 0) {
1423 zlog_info(
1424 "Packet[DD]: Neighbor %pI4 Negotiation done (Master).",
1425 &nbr->router_id);
1426 /* Reset I, leaving MS */
1427 UNSET_FLAG(nbr->dd_flags, OSPF_DD_FLAG_I);
1428 } else {
1429 flog_warn(EC_OSPF_PACKET,
1430 "Packet[DD]: Neighbor %pI4 Negotiation fails.",
1431 &nbr->router_id);
1432 break;
1433 }
1434
1435 /* This is where the real Options are saved */
1436 nbr->options = dd->options;
1437
1438 if (CHECK_FLAG(oi->ospf->config, OSPF_OPAQUE_CAPABLE)) {
1439 if (IS_DEBUG_OSPF_EVENT)
1440 zlog_debug(
1441 "Neighbor[%pI4] is %sOpaque-capable.",
1442 &nbr->router_id,
1443 CHECK_FLAG(nbr->options, OSPF_OPTION_O)
1444 ? ""
1445 : "NOT ");
1446
1447 if (!CHECK_FLAG(nbr->options, OSPF_OPTION_O)
1448 && IPV4_ADDR_SAME(&DR(oi),
1449 &nbr->address.u.prefix4)) {
1450 flog_warn(
1451 EC_OSPF_PACKET,
1452 "DR-neighbor[%pI4] is NOT opaque-capable; Opaque-LSAs cannot be reliably advertised in this network.",
1453 &nbr->router_id);
1454 /* This situation is undesirable, but not a real
1455 * error. */
1456 }
1457 }
1458
1459 OSPF_NSM_EVENT_EXECUTE(nbr, NSM_NegotiationDone);
1460
1461 /* continue processing rest of packet. */
1462 ospf_db_desc_proc(s, oi, nbr, dd, size);
1463 break;
1464 case NSM_Exchange:
1465 if (ospf_db_desc_is_dup(dd, nbr)) {
1466 if (IS_SET_DD_MS(nbr->dd_flags))
1467 /* Master: discard duplicated DD packet. */
1468 zlog_info(
1469 "Packet[DD] (Master): Neighbor %pI4 packet duplicated.",
1470 &nbr->router_id);
1471 else
1472 /* Slave: cause to retransmit the last Database
1473 Description. */
1474 {
1475 zlog_info(
1476 "Packet[DD] [Slave]: Neighbor %pI4 packet duplicated.",
1477 &nbr->router_id);
1478 ospf_db_desc_resend(nbr);
1479 }
1480 break;
1481 }
1482
1483 /* Otherwise DD packet should be checked. */
1484 /* Check Master/Slave bit mismatch */
1485 if (IS_SET_DD_MS(dd->flags)
1486 != IS_SET_DD_MS(nbr->last_recv.flags)) {
1487 flog_warn(EC_OSPF_PACKET,
1488 "Packet[DD]: Neighbor %pI4 MS-bit mismatch.",
1489 &nbr->router_id);
1490 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_SeqNumberMismatch);
1491 if (IS_DEBUG_OSPF_EVENT)
1492 zlog_debug(
1493 "Packet[DD]: dd->flags=%d, nbr->dd_flags=%d",
1494 dd->flags, nbr->dd_flags);
1495 break;
1496 }
1497
1498 /* Check initialize bit is set. */
1499 if (IS_SET_DD_I(dd->flags)) {
1500 zlog_info("Packet[DD]: Neighbor %pI4 I-bit set.",
1501 &nbr->router_id);
1502 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_SeqNumberMismatch);
1503 break;
1504 }
1505
1506 /* Check DD Options. */
1507 if (dd->options != nbr->options) {
1508 flog_warn(EC_OSPF_PACKET,
1509 "Packet[DD]: Neighbor %pI4 options mismatch.",
1510 &nbr->router_id);
1511 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_SeqNumberMismatch);
1512 break;
1513 }
1514
1515 /* Check DD sequence number. */
1516 if ((IS_SET_DD_MS(nbr->dd_flags)
1517 && ntohl(dd->dd_seqnum) != nbr->dd_seqnum)
1518 || (!IS_SET_DD_MS(nbr->dd_flags)
1519 && ntohl(dd->dd_seqnum) != nbr->dd_seqnum + 1)) {
1520 flog_warn(
1521 EC_OSPF_PACKET,
1522 "Packet[DD]: Neighbor %pI4 sequence number mismatch.",
1523 &nbr->router_id);
1524 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_SeqNumberMismatch);
1525 break;
1526 }
1527
1528 /* Continue processing rest of packet. */
1529 ospf_db_desc_proc(s, oi, nbr, dd, size);
1530 break;
1531 case NSM_Loading:
1532 case NSM_Full:
1533 if (ospf_db_desc_is_dup(dd, nbr)) {
1534 if (IS_SET_DD_MS(nbr->dd_flags)) {
1535 /* Master should discard duplicate DD packet. */
1536 zlog_info(
1537 "Packet[DD]: Neighbor %pI4 duplicated, packet discarded.",
1538 &nbr->router_id);
1539 break;
1540 } else {
1541 if (monotime_since(&nbr->last_send_ts, NULL)
1542 < nbr->v_inactivity * 1000000LL) {
1543 /* In states Loading and Full the slave
1544 must resend
1545 its last Database Description packet
1546 in response to
1547 duplicate Database Description
1548 packets received
1549 from the master. For this reason the
1550 slave must
1551 wait RouterDeadInterval seconds
1552 before freeing the
1553 last Database Description packet.
1554 Reception of a
1555 Database Description packet from the
1556 master after
1557 this interval will generate a
1558 SeqNumberMismatch
1559 neighbor event. RFC2328 Section 10.8
1560 */
1561 ospf_db_desc_resend(nbr);
1562 break;
1563 }
1564 }
1565 }
1566
1567 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_SeqNumberMismatch);
1568 break;
1569 default:
1570 flog_warn(EC_OSPF_PACKET,
1571 "Packet[DD]: Neighbor %pI4 NSM illegal status %u.",
1572 &nbr->router_id, nbr->state);
1573 break;
1574 }
1575 }
1576
1577 #define OSPF_LSA_KEY_SIZE 12 /* type(4) + id(4) + ar(4) */
1578
1579 /* OSPF Link State Request Read -- RFC2328 Section 10.7. */
1580 static void ospf_ls_req(struct ip *iph, struct ospf_header *ospfh,
1581 struct stream *s, struct ospf_interface *oi,
1582 uint16_t size)
1583 {
1584 struct ospf_neighbor *nbr;
1585 uint32_t ls_type;
1586 struct in_addr ls_id;
1587 struct in_addr adv_router;
1588 struct ospf_lsa *find;
1589 struct list *ls_upd;
1590 unsigned int length;
1591
1592 /* Increment statistics. */
1593 oi->ls_req_in++;
1594
1595 nbr = ospf_nbr_lookup(oi, iph, ospfh);
1596 if (nbr == NULL) {
1597 flog_warn(EC_OSPF_PACKET,
1598 "Link State Request: Unknown Neighbor %pI4",
1599 &ospfh->router_id);
1600 return;
1601 }
1602
1603 /* Neighbor State should be Exchange or later. */
1604 if (nbr->state != NSM_Exchange && nbr->state != NSM_Loading
1605 && nbr->state != NSM_Full) {
1606 flog_warn(
1607 EC_OSPF_PACKET,
1608 "Link State Request received from %pI4: Neighbor state is %s, packet discarded.",
1609 &ospfh->router_id,
1610 lookup_msg(ospf_nsm_state_msg, nbr->state, NULL));
1611 return;
1612 }
1613
1614 /* Send Link State Update for ALL requested LSAs. */
1615 ls_upd = list_new();
1616 length = OSPF_HEADER_SIZE + OSPF_LS_UPD_MIN_SIZE;
1617
1618 while (size >= OSPF_LSA_KEY_SIZE) {
1619 /* Get one slice of Link State Request. */
1620 ls_type = stream_getl(s);
1621 ls_id.s_addr = stream_get_ipv4(s);
1622 adv_router.s_addr = stream_get_ipv4(s);
1623
1624 /* Verify LSA type. */
1625 if (ls_type < OSPF_MIN_LSA || ls_type >= OSPF_MAX_LSA) {
1626 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_BadLSReq);
1627 list_delete(&ls_upd);
1628 return;
1629 }
1630
1631 /* Search proper LSA in LSDB. */
1632 find = ospf_lsa_lookup(oi->ospf, oi->area, ls_type, ls_id,
1633 adv_router);
1634 if (find == NULL) {
1635 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_BadLSReq);
1636 list_delete(&ls_upd);
1637 return;
1638 }
1639
1640 /* Packet overflows MTU size, send immediately. */
1641 if (length + ntohs(find->data->length) > ospf_packet_max(oi)) {
1642 if (oi->type == OSPF_IFTYPE_NBMA)
1643 ospf_ls_upd_send(nbr, ls_upd,
1644 OSPF_SEND_PACKET_DIRECT, 0);
1645 else
1646 ospf_ls_upd_send(nbr, ls_upd,
1647 OSPF_SEND_PACKET_INDIRECT, 0);
1648
1649 /* Only remove list contents. Keep ls_upd. */
1650 list_delete_all_node(ls_upd);
1651
1652 length = OSPF_HEADER_SIZE + OSPF_LS_UPD_MIN_SIZE;
1653 }
1654
1655 /* Append LSA to update list. */
1656 listnode_add(ls_upd, find);
1657 length += ntohs(find->data->length);
1658
1659 size -= OSPF_LSA_KEY_SIZE;
1660 }
1661
1662 /* Send rest of Link State Update. */
1663 if (listcount(ls_upd) > 0) {
1664 if (oi->type == OSPF_IFTYPE_NBMA)
1665 ospf_ls_upd_send(nbr, ls_upd, OSPF_SEND_PACKET_DIRECT,
1666 0);
1667 else
1668 ospf_ls_upd_send(nbr, ls_upd, OSPF_SEND_PACKET_INDIRECT,
1669 0);
1670
1671 list_delete(&ls_upd);
1672 } else
1673 list_delete(&ls_upd);
1674 }
1675
1676 /* Get the list of LSAs from Link State Update packet.
1677 And process some validation -- RFC2328 Section 13. (1)-(2). */
1678 static struct list *ospf_ls_upd_list_lsa(struct ospf_neighbor *nbr,
1679 struct stream *s,
1680 struct ospf_interface *oi, size_t size)
1681 {
1682 uint16_t count, sum;
1683 uint32_t length;
1684 struct lsa_header *lsah;
1685 struct ospf_lsa *lsa;
1686 struct list *lsas;
1687
1688 lsas = list_new();
1689
1690 count = stream_getl(s);
1691 size -= OSPF_LS_UPD_MIN_SIZE; /* # LSAs */
1692
1693 for (; size >= OSPF_LSA_HEADER_SIZE && count > 0;
1694 size -= length, stream_forward_getp(s, length), count--) {
1695 lsah = (struct lsa_header *)stream_pnt(s);
1696 length = ntohs(lsah->length);
1697
1698 if (length > size) {
1699 flog_warn(
1700 EC_OSPF_PACKET,
1701 "Link State Update: LSA length exceeds packet size.");
1702 break;
1703 }
1704
1705 if (length < OSPF_LSA_HEADER_SIZE) {
1706 flog_warn(EC_OSPF_PACKET,
1707 "Link State Update: LSA length too small.");
1708 break;
1709 }
1710
1711 /* Validate the LSA's LS checksum. */
1712 sum = lsah->checksum;
1713 if (!ospf_lsa_checksum_valid(lsah)) {
1714 /* (bug #685) more details in a one-line message make it
1715 * possible
1716 * to identify problem source on the one hand and to
1717 * have a better
1718 * chance to compress repeated messages in syslog on the
1719 * other */
1720 flog_warn(
1721 EC_OSPF_PACKET,
1722 "Link State Update: LSA checksum error %x/%x, ID=%pI4 from: nbr %pI4, router ID %pI4, adv router %pI4",
1723 sum, lsah->checksum, &lsah->id,
1724 &nbr->src, &nbr->router_id,
1725 &lsah->adv_router);
1726 continue;
1727 }
1728
1729 /* Examine the LSA's LS type. */
1730 if (lsah->type < OSPF_MIN_LSA || lsah->type >= OSPF_MAX_LSA) {
1731 flog_warn(EC_OSPF_PACKET,
1732 "Link State Update: Unknown LS type %d",
1733 lsah->type);
1734 continue;
1735 }
1736
1737 /*
1738 * What if the received LSA's age is greater than MaxAge?
1739 * Treat it as a MaxAge case -- endo.
1740 */
1741 if (ntohs(lsah->ls_age) > OSPF_LSA_MAXAGE)
1742 lsah->ls_age = htons(OSPF_LSA_MAXAGE);
1743
1744 if (CHECK_FLAG(nbr->options, OSPF_OPTION_O)) {
1745 #ifdef STRICT_OBIT_USAGE_CHECK
1746 if ((IS_OPAQUE_LSA(lsah->type)
1747 && !CHECK_FLAG(lsah->options, OSPF_OPTION_O))
1748 || (!IS_OPAQUE_LSA(lsah->type)
1749 && CHECK_FLAG(lsah->options, OSPF_OPTION_O))) {
1750 /*
1751 * This neighbor must know the exact usage of
1752 * O-bit;
1753 * the bit will be set in Type-9,10,11 LSAs
1754 * only.
1755 */
1756 flog_warn(EC_OSPF_PACKET,
1757 "LSA[Type%d:%pI4]: O-bit abuse?",
1758 lsah->type, &lsah->id);
1759 continue;
1760 }
1761 #endif /* STRICT_OBIT_USAGE_CHECK */
1762
1763 /* Do not take in AS External Opaque-LSAs if we are a
1764 * stub. */
1765 if (lsah->type == OSPF_OPAQUE_AS_LSA
1766 && nbr->oi->area->external_routing
1767 != OSPF_AREA_DEFAULT) {
1768 if (IS_DEBUG_OSPF_EVENT)
1769 zlog_debug(
1770 "LSA[Type%d:%pI4]: We are a stub, don't take this LSA.",
1771 lsah->type,
1772 &lsah->id);
1773 continue;
1774 }
1775 } else if (IS_OPAQUE_LSA(lsah->type)) {
1776 flog_warn(
1777 EC_OSPF_PACKET,
1778 "LSA[Type%d:%pI4] from %pI4: Opaque capability mismatch?",
1779 lsah->type, &lsah->id, &lsah->adv_router);
1780 continue;
1781 }
1782
1783 /* Create OSPF LSA instance. */
1784 lsa = ospf_lsa_new_and_data(length);
1785
1786 lsa->vrf_id = oi->ospf->vrf_id;
1787 /* We may wish to put some error checking if type NSSA comes in
1788 and area not in NSSA mode */
1789 switch (lsah->type) {
1790 case OSPF_AS_EXTERNAL_LSA:
1791 case OSPF_OPAQUE_AS_LSA:
1792 lsa->area = NULL;
1793 break;
1794 case OSPF_OPAQUE_LINK_LSA:
1795 lsa->oi = oi; /* Remember incoming interface for
1796 flooding control. */
1797 /* Fallthrough */
1798 default:
1799 lsa->area = oi->area;
1800 break;
1801 }
1802
1803 memcpy(lsa->data, lsah, length);
1804
1805 if (IS_DEBUG_OSPF_EVENT)
1806 zlog_debug(
1807 "LSA[Type%d:%pI4]: %p new LSA created with Link State Update",
1808 lsa->data->type, &lsa->data->id,
1809 (void *)lsa);
1810 listnode_add(lsas, lsa);
1811 }
1812
1813 return lsas;
1814 }
1815
1816 /* Cleanup Update list. */
1817 static void ospf_upd_list_clean(struct list *lsas)
1818 {
1819 struct listnode *node, *nnode;
1820 struct ospf_lsa *lsa;
1821
1822 for (ALL_LIST_ELEMENTS(lsas, node, nnode, lsa))
1823 ospf_lsa_discard(lsa);
1824
1825 list_delete(&lsas);
1826 }
1827
1828 /* OSPF Link State Update message read -- RFC2328 Section 13. */
1829 static void ospf_ls_upd(struct ospf *ospf, struct ip *iph,
1830 struct ospf_header *ospfh, struct stream *s,
1831 struct ospf_interface *oi, uint16_t size)
1832 {
1833 struct ospf_neighbor *nbr;
1834 struct list *lsas;
1835 struct listnode *node, *nnode;
1836 struct ospf_lsa *lsa = NULL;
1837 /* unsigned long ls_req_found = 0; */
1838
1839 /* Dis-assemble the stream, update each entry, re-encapsulate for
1840 * flooding */
1841
1842 /* Increment statistics. */
1843 oi->ls_upd_in++;
1844
1845 /* Check neighbor. */
1846 nbr = ospf_nbr_lookup(oi, iph, ospfh);
1847 if (nbr == NULL) {
1848 flog_warn(EC_OSPF_PACKET,
1849 "Link State Update: Unknown Neighbor %pI4 on int: %s",
1850 &ospfh->router_id, IF_NAME(oi));
1851 return;
1852 }
1853
1854 /* Check neighbor state. */
1855 if (nbr->state < NSM_Exchange) {
1856 if (IS_DEBUG_OSPF(nsm, NSM_EVENTS))
1857 zlog_debug(
1858 "Link State Update: Neighbor[%pI4] state %s is less than Exchange",
1859 &ospfh->router_id,
1860 lookup_msg(ospf_nsm_state_msg, nbr->state,
1861 NULL));
1862 return;
1863 }
1864
1865 /* Get list of LSAs from Link State Update packet. - Also performs
1866 * Stages 1 (validate LSA checksum) and 2 (check for LSA consistent
1867 * type) of section 13.
1868 */
1869 lsas = ospf_ls_upd_list_lsa(nbr, s, oi, size);
1870
1871 if (lsas == NULL)
1872 return;
1873 #define DISCARD_LSA(L, N) \
1874 { \
1875 if (IS_DEBUG_OSPF_EVENT) \
1876 zlog_debug( \
1877 "ospf_lsa_discard() in ospf_ls_upd() point %d: lsa %p" \
1878 " Type-%d", \
1879 N, (void *)lsa, (int)lsa->data->type); \
1880 ospf_lsa_discard(L); \
1881 continue; \
1882 }
1883
1884 /* Process each LSA received in the one packet.
1885 *
1886 * Numbers in parentheses, e.g. (1), (2), etc., and the corresponding
1887 * text below are from the steps in RFC 2328, Section 13.
1888 */
1889 for (ALL_LIST_ELEMENTS(lsas, node, nnode, lsa)) {
1890 struct ospf_lsa *ls_ret, *current;
1891 int ret = 1;
1892
1893 if (IS_DEBUG_OSPF(lsa, LSA))
1894 zlog_debug("LSA Type-%d from %pI4, ID: %pI4, ADV: %pI4",
1895 lsa->data->type, &ospfh->router_id,
1896 &lsa->data->id, &lsa->data->adv_router);
1897
1898 listnode_delete(lsas,
1899 lsa); /* We don't need it in list anymore */
1900
1901 /* (1) Validate Checksum - Done above by ospf_ls_upd_list_lsa()
1902 */
1903
1904 /* (2) LSA Type - Done above by ospf_ls_upd_list_lsa() */
1905
1906 /* (3) Do not take in AS External LSAs if we are a stub or NSSA.
1907 */
1908
1909 /* Do not take in AS NSSA if this neighbor and we are not NSSA
1910 */
1911
1912 /* Do take in Type-7's if we are an NSSA */
1913
1914 /* If we are also an ABR, later translate them to a Type-5
1915 * packet */
1916
1917 /* Later, an NSSA Re-fresh can Re-fresh Type-7's and an ABR will
1918 translate them to a separate Type-5 packet. */
1919
1920 if (lsa->data->type == OSPF_AS_EXTERNAL_LSA)
1921 /* Reject from STUB or NSSA */
1922 if (nbr->oi->area->external_routing
1923 != OSPF_AREA_DEFAULT) {
1924 if (IS_DEBUG_OSPF_NSSA)
1925 zlog_debug(
1926 "Incoming External LSA Discarded: We are NSSA/STUB Area");
1927 DISCARD_LSA(lsa, 1);
1928 }
1929
1930 if (lsa->data->type == OSPF_AS_NSSA_LSA)
1931 if (nbr->oi->area->external_routing != OSPF_AREA_NSSA) {
1932 if (IS_DEBUG_OSPF_NSSA)
1933 zlog_debug(
1934 "Incoming NSSA LSA Discarded: Not NSSA Area");
1935 DISCARD_LSA(lsa, 2);
1936 }
1937
1938 /* VU229804: Router-LSA Adv-ID must be equal to LS-ID */
1939 if (lsa->data->type == OSPF_ROUTER_LSA)
1940 if (!IPV4_ADDR_SAME(&lsa->data->id,
1941 &lsa->data->adv_router)) {
1942 flog_err(
1943 EC_OSPF_ROUTER_LSA_MISMATCH,
1944 "Incoming Router-LSA from %pI4 with Adv-ID[%pI4] != LS-ID[%pI4]",
1945 &ospfh->router_id, &lsa->data->id,
1946 &lsa->data->adv_router);
1947 flog_err(
1948 EC_OSPF_DOMAIN_CORRUPT,
1949 "OSPF domain compromised by attack or corruption. Verify correct operation of -ALL- OSPF routers.");
1950 DISCARD_LSA(lsa, 0);
1951 }
1952
1953 /* Find the LSA in the current database. */
1954
1955 current = ospf_lsa_lookup_by_header(oi->area, lsa->data);
1956
1957 /* (4) If the LSA's LS age is equal to MaxAge, and there is
1958 currently
1959 no instance of the LSA in the router's link state database,
1960 and none of router's neighbors are in states Exchange or
1961 Loading,
1962 then take the following actions: */
1963
1964 if (IS_LSA_MAXAGE(lsa) && !current
1965 && ospf_check_nbr_status(oi->ospf)) {
1966 /* (4a) Response Link State Acknowledgment. */
1967 ospf_ls_ack_send(nbr, lsa);
1968
1969 /* (4b) Discard LSA. */
1970 if (IS_DEBUG_OSPF(lsa, LSA)) {
1971 zlog_debug(
1972 "Link State Update[%s]: LS age is equal to MaxAge.",
1973 dump_lsa_key(lsa));
1974 }
1975 DISCARD_LSA(lsa, 3);
1976 }
1977
1978 if (IS_OPAQUE_LSA(lsa->data->type)
1979 && IPV4_ADDR_SAME(&lsa->data->adv_router,
1980 &oi->ospf->router_id)) {
1981 /*
1982 * Even if initial flushing seems to be completed, there
1983 * might
1984 * be a case that self-originated LSA with MaxAge still
1985 * remain
1986 * in the routing domain.
1987 * Just send an LSAck message to cease retransmission.
1988 */
1989 if (IS_LSA_MAXAGE(lsa)) {
1990 zlog_info("LSA[%s]: Boomerang effect?",
1991 dump_lsa_key(lsa));
1992 ospf_ls_ack_send(nbr, lsa);
1993 ospf_lsa_discard(lsa);
1994
1995 if (current != NULL && !IS_LSA_MAXAGE(current))
1996 ospf_opaque_lsa_refresh_schedule(
1997 current);
1998 continue;
1999 }
2000
2001 /*
2002 * If an instance of self-originated Opaque-LSA is not
2003 * found
2004 * in the LSDB, there are some possible cases here.
2005 *
2006 * 1) This node lost opaque-capability after restart.
2007 * 2) Else, a part of opaque-type is no more supported.
2008 * 3) Else, a part of opaque-id is no more supported.
2009 *
2010 * Anyway, it is still this node's responsibility to
2011 * flush it.
2012 * Otherwise, the LSA instance remains in the routing
2013 * domain
2014 * until its age reaches to MaxAge.
2015 */
2016 /* XXX: We should deal with this for *ALL* LSAs, not
2017 * just opaque */
2018 if (current == NULL) {
2019 if (IS_DEBUG_OSPF_EVENT)
2020 zlog_debug(
2021 "LSA[%s]: Previously originated Opaque-LSA,not found in the LSDB.",
2022 dump_lsa_key(lsa));
2023
2024 SET_FLAG(lsa->flags, OSPF_LSA_SELF);
2025
2026 ospf_ls_ack_send(nbr, lsa);
2027
2028 if (!ospf->gr_info.restart_in_progress) {
2029 ospf_opaque_self_originated_lsa_received(
2030 nbr, lsa);
2031 continue;
2032 }
2033 }
2034 }
2035
2036 /* It might be happen that received LSA is self-originated
2037 * network LSA, but
2038 * router ID is changed. So, we should check if LSA is a
2039 * network-LSA whose
2040 * Link State ID is one of the router's own IP interface
2041 * addresses but whose
2042 * Advertising Router is not equal to the router's own Router ID
2043 * According to RFC 2328 12.4.2 and 13.4 this LSA should be
2044 * flushed.
2045 */
2046
2047 if (lsa->data->type == OSPF_NETWORK_LSA) {
2048 struct listnode *oinode, *oinnode;
2049 struct ospf_interface *out_if;
2050 int Flag = 0;
2051
2052 for (ALL_LIST_ELEMENTS(oi->ospf->oiflist, oinode,
2053 oinnode, out_if)) {
2054 if (out_if == NULL)
2055 break;
2056
2057 if ((IPV4_ADDR_SAME(&out_if->address->u.prefix4,
2058 &lsa->data->id))
2059 && (!(IPV4_ADDR_SAME(
2060 &oi->ospf->router_id,
2061 &lsa->data->adv_router)))) {
2062 if (out_if->network_lsa_self) {
2063 ospf_lsa_flush_area(
2064 lsa, out_if->area);
2065 if (IS_DEBUG_OSPF_EVENT)
2066 zlog_debug(
2067 "ospf_lsa_discard() in ospf_ls_upd() point 9: lsa %p Type-%d",
2068 (void *)lsa,
2069 (int)lsa->data
2070 ->type);
2071 ospf_lsa_discard(lsa);
2072 Flag = 1;
2073 }
2074 break;
2075 }
2076 }
2077 if (Flag)
2078 continue;
2079 }
2080
2081 /* (5) Find the instance of this LSA that is currently contained
2082 in the router's link state database. If there is no
2083 database copy, or the received LSA is more recent than
2084 the database copy the following steps must be performed.
2085 (The sub steps from RFC 2328 section 13 step (5) will be
2086 performed in
2087 ospf_flood() ) */
2088
2089 if (current == NULL
2090 || (ret = ospf_lsa_more_recent(current, lsa)) < 0) {
2091 /* CVE-2017-3224 */
2092 if (current && (IS_LSA_MAX_SEQ(current))
2093 && (IS_LSA_MAX_SEQ(lsa)) && !IS_LSA_MAXAGE(lsa)) {
2094 zlog_debug(
2095 "Link State Update[%s]: has Max Seq and higher checksum but not MaxAge. Dropping it",
2096 dump_lsa_key(lsa));
2097
2098 DISCARD_LSA(lsa, 4);
2099 }
2100
2101 /* Actual flooding procedure. */
2102 if (ospf_flood(oi->ospf, nbr, current, lsa)
2103 < 0) /* Trap NSSA later. */
2104 DISCARD_LSA(lsa, 5);
2105
2106 /* GR: check for network topology change. */
2107 if (ospf->gr_info.restart_in_progress &&
2108 ((lsa->data->type == OSPF_ROUTER_LSA ||
2109 lsa->data->type == OSPF_NETWORK_LSA)))
2110 ospf_gr_check_lsdb_consistency(oi->ospf,
2111 oi->area);
2112
2113 continue;
2114 }
2115
2116 /* (6) Else, If there is an instance of the LSA on the sending
2117 neighbor's Link state request list, an error has occurred in
2118 the Database Exchange process. In this case, restart the
2119 Database Exchange process by generating the neighbor event
2120 BadLSReq for the sending neighbor and stop processing the
2121 Link State Update packet. */
2122
2123 if (ospf_ls_request_lookup(nbr, lsa)) {
2124 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_BadLSReq);
2125 flog_warn(
2126 EC_OSPF_PACKET,
2127 "LSA[%s] instance exists on Link state request list",
2128 dump_lsa_key(lsa));
2129
2130 /* Clean list of LSAs. */
2131 ospf_upd_list_clean(lsas);
2132 /* this lsa is not on lsas list already. */
2133 ospf_lsa_discard(lsa);
2134 return;
2135 }
2136
2137 /* If the received LSA is the same instance as the database copy
2138 (i.e., neither one is more recent) the following two steps
2139 should be performed: */
2140
2141 if (ret == 0) {
2142 /* If the LSA is listed in the Link state retransmission
2143 list
2144 for the receiving adjacency, the router itself is
2145 expecting
2146 an acknowledgment for this LSA. The router should
2147 treat the
2148 received LSA as an acknowledgment by removing the LSA
2149 from
2150 the Link state retransmission list. This is termed
2151 an
2152 "implied acknowledgment". */
2153
2154 ls_ret = ospf_ls_retransmit_lookup(nbr, lsa);
2155
2156 if (ls_ret != NULL) {
2157 ospf_ls_retransmit_delete(nbr, ls_ret);
2158
2159 /* Delayed acknowledgment sent if advertisement
2160 received
2161 from Designated Router, otherwise do nothing.
2162 */
2163 if (oi->state == ISM_Backup)
2164 if (NBR_IS_DR(nbr))
2165 listnode_add(
2166 oi->ls_ack,
2167 ospf_lsa_lock(lsa));
2168
2169 DISCARD_LSA(lsa, 6);
2170 } else
2171 /* Acknowledge the receipt of the LSA by sending a
2172 Link State Acknowledgment packet back out the
2173 receiving
2174 interface. */
2175 {
2176 ospf_ls_ack_send(nbr, lsa);
2177 DISCARD_LSA(lsa, 7);
2178 }
2179 }
2180
2181 /* The database copy is more recent. If the database copy
2182 has LS age equal to MaxAge and LS sequence number equal to
2183 MaxSequenceNumber, simply discard the received LSA without
2184 acknowledging it. (In this case, the LSA's LS sequence number
2185 is
2186 wrapping, and the MaxSequenceNumber LSA must be completely
2187 flushed before any new LSA instance can be introduced). */
2188
2189 else if (ret > 0) /* Database copy is more recent */
2190 {
2191 if (IS_LSA_MAXAGE(current)
2192 && current->data->ls_seqnum
2193 == htonl(OSPF_MAX_SEQUENCE_NUMBER)) {
2194 DISCARD_LSA(lsa, 8);
2195 }
2196 /* Otherwise, as long as the database copy has not been
2197 sent in a
2198 Link State Update within the last MinLSArrival
2199 seconds, send the
2200 database copy back to the sending neighbor,
2201 encapsulated within
2202 a Link State Update Packet. The Link State Update
2203 Packet should
2204 be sent directly to the neighbor. In so doing, do not
2205 put the
2206 database copy of the LSA on the neighbor's link state
2207 retransmission list, and do not acknowledge the
2208 received (less
2209 recent) LSA instance. */
2210 else {
2211 if (monotime_since(&current->tv_orig, NULL)
2212 >= ospf->min_ls_arrival * 1000LL)
2213 /* Trap NSSA type later.*/
2214 ospf_ls_upd_send_lsa(
2215 nbr, current,
2216 OSPF_SEND_PACKET_DIRECT);
2217 DISCARD_LSA(lsa, 9);
2218 }
2219 }
2220 }
2221 #undef DISCARD_LSA
2222
2223 assert(listcount(lsas) == 0);
2224 list_delete(&lsas);
2225 }
2226
2227 /* OSPF Link State Acknowledgment message read -- RFC2328 Section 13.7. */
2228 static void ospf_ls_ack(struct ip *iph, struct ospf_header *ospfh,
2229 struct stream *s, struct ospf_interface *oi,
2230 uint16_t size)
2231 {
2232 struct ospf_neighbor *nbr;
2233
2234 /* increment statistics. */
2235 oi->ls_ack_in++;
2236
2237 nbr = ospf_nbr_lookup(oi, iph, ospfh);
2238 if (nbr == NULL) {
2239 flog_warn(EC_OSPF_PACKET,
2240 "Link State Acknowledgment: Unknown Neighbor %pI4",
2241 &ospfh->router_id);
2242 return;
2243 }
2244
2245 if (nbr->state < NSM_Exchange) {
2246 if (IS_DEBUG_OSPF(nsm, NSM_EVENTS))
2247 zlog_debug(
2248 "Link State Acknowledgment: Neighbor[%pI4] state %s is less than Exchange",
2249 &ospfh->router_id,
2250 lookup_msg(ospf_nsm_state_msg, nbr->state,
2251 NULL));
2252 return;
2253 }
2254
2255 while (size >= OSPF_LSA_HEADER_SIZE) {
2256 struct ospf_lsa *lsa, *lsr;
2257
2258 lsa = ospf_lsa_new();
2259 lsa->data = (struct lsa_header *)stream_pnt(s);
2260 lsa->vrf_id = oi->ospf->vrf_id;
2261
2262 /* lsah = (struct lsa_header *) stream_pnt (s); */
2263 size -= OSPF_LSA_HEADER_SIZE;
2264 stream_forward_getp(s, OSPF_LSA_HEADER_SIZE);
2265
2266 if (lsa->data->type < OSPF_MIN_LSA
2267 || lsa->data->type >= OSPF_MAX_LSA) {
2268 lsa->data = NULL;
2269 ospf_lsa_discard(lsa);
2270 continue;
2271 }
2272
2273 lsr = ospf_ls_retransmit_lookup(nbr, lsa);
2274
2275 if (lsr != NULL && ospf_lsa_more_recent(lsr, lsa) == 0) {
2276 ospf_ls_retransmit_delete(nbr, lsr);
2277 ospf_check_and_gen_init_seq_lsa(oi, lsa);
2278 }
2279
2280 lsa->data = NULL;
2281 ospf_lsa_discard(lsa);
2282 }
2283
2284 return;
2285 }
2286
2287 static struct stream *ospf_recv_packet(struct ospf *ospf, int fd,
2288 struct interface **ifp,
2289 struct stream *ibuf)
2290 {
2291 int ret;
2292 struct ip *iph;
2293 uint16_t ip_len;
2294 ifindex_t ifindex = 0;
2295 struct iovec iov;
2296 /* Header and data both require alignment. */
2297 char buff[CMSG_SPACE(SOPT_SIZE_CMSG_IFINDEX_IPV4())];
2298 struct msghdr msgh;
2299
2300 memset(&msgh, 0, sizeof(msgh));
2301 msgh.msg_iov = &iov;
2302 msgh.msg_iovlen = 1;
2303 msgh.msg_control = (caddr_t)buff;
2304 msgh.msg_controllen = sizeof(buff);
2305
2306 ret = stream_recvmsg(ibuf, fd, &msgh, MSG_DONTWAIT,
2307 OSPF_MAX_PACKET_SIZE + 1);
2308 if (ret < 0) {
2309 if (errno != EAGAIN && errno != EWOULDBLOCK)
2310 flog_warn(EC_OSPF_PACKET, "stream_recvmsg failed: %s",
2311 safe_strerror(errno));
2312 return NULL;
2313 }
2314 if ((unsigned int)ret < sizeof(struct ip)) {
2315 flog_warn(
2316 EC_OSPF_PACKET,
2317 "%s: discarding runt packet of length %d (ip header size is %u)",
2318 __func__, ret, (unsigned int)sizeof(iph));
2319 return NULL;
2320 }
2321
2322 /* Note that there should not be alignment problems with this assignment
2323 because this is at the beginning of the stream data buffer. */
2324 iph = (struct ip *)STREAM_DATA(ibuf);
2325 sockopt_iphdrincl_swab_systoh(iph);
2326
2327 ip_len = iph->ip_len;
2328
2329 #if defined(__FreeBSD__) && (__FreeBSD_version < 1000000)
2330 /*
2331 * Kernel network code touches incoming IP header parameters,
2332 * before protocol specific processing.
2333 *
2334 * 1) Convert byteorder to host representation.
2335 * --> ip_len, ip_id, ip_off
2336 *
2337 * 2) Adjust ip_len to strip IP header size!
2338 * --> If user process receives entire IP packet via RAW
2339 * socket, it must consider adding IP header size to
2340 * the "ip_len" field of "ip" structure.
2341 *
2342 * For more details, see <netinet/ip_input.c>.
2343 */
2344 ip_len = ip_len + (iph->ip_hl << 2);
2345 #endif
2346
2347 #if defined(__DragonFly__)
2348 /*
2349 * in DragonFly's raw socket, ip_len/ip_off are read
2350 * in network byte order.
2351 * As OpenBSD < 200311 adjust ip_len to strip IP header size!
2352 */
2353 ip_len = ntohs(iph->ip_len) + (iph->ip_hl << 2);
2354 #endif
2355
2356 ifindex = getsockopt_ifindex(AF_INET, &msgh);
2357
2358 *ifp = if_lookup_by_index(ifindex, ospf->vrf_id);
2359
2360 if (ret != ip_len) {
2361 flog_warn(
2362 EC_OSPF_PACKET,
2363 "%s read length mismatch: ip_len is %d, but recvmsg returned %d",
2364 __func__, ip_len, ret);
2365 return NULL;
2366 }
2367
2368 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2369 zlog_debug("%s: fd %d(%s) on interface %d(%s)", __func__, fd,
2370 ospf_get_name(ospf), ifindex,
2371 *ifp ? (*ifp)->name : "Unknown");
2372 return ibuf;
2373 }
2374
2375 static struct ospf_interface *
2376 ospf_associate_packet_vl(struct ospf *ospf, struct interface *ifp,
2377 struct ip *iph, struct ospf_header *ospfh)
2378 {
2379 struct ospf_interface *rcv_oi;
2380 struct ospf_vl_data *vl_data;
2381 struct ospf_area *vl_area;
2382 struct listnode *node;
2383
2384 if (IN_MULTICAST(ntohl(iph->ip_dst.s_addr))
2385 || !OSPF_IS_AREA_BACKBONE(ospfh))
2386 return NULL;
2387
2388 /* look for local OSPF interface matching the destination
2389 * to determine Area ID. We presume therefore the destination address
2390 * is unique, or at least (for "unnumbered" links), not used in other
2391 * areas
2392 */
2393 if ((rcv_oi = ospf_if_lookup_by_local_addr(ospf, NULL, iph->ip_dst))
2394 == NULL)
2395 return NULL;
2396
2397 for (ALL_LIST_ELEMENTS_RO(ospf->vlinks, node, vl_data)) {
2398 vl_area =
2399 ospf_area_lookup_by_area_id(ospf, vl_data->vl_area_id);
2400 if (!vl_area)
2401 continue;
2402
2403 if (OSPF_AREA_SAME(&vl_area, &rcv_oi->area)
2404 && IPV4_ADDR_SAME(&vl_data->vl_peer, &ospfh->router_id)) {
2405 if (IS_DEBUG_OSPF_EVENT)
2406 zlog_debug("associating packet with %s",
2407 IF_NAME(vl_data->vl_oi));
2408 if (!CHECK_FLAG(vl_data->vl_oi->ifp->flags, IFF_UP)) {
2409 if (IS_DEBUG_OSPF_EVENT)
2410 zlog_debug(
2411 "This VL is not up yet, sorry");
2412 return NULL;
2413 }
2414
2415 return vl_data->vl_oi;
2416 }
2417 }
2418
2419 if (IS_DEBUG_OSPF_EVENT)
2420 zlog_debug("couldn't find any VL to associate the packet with");
2421
2422 return NULL;
2423 }
2424
2425 static int ospf_check_area_id(struct ospf_interface *oi,
2426 struct ospf_header *ospfh)
2427 {
2428 /* Check match the Area ID of the receiving interface. */
2429 if (OSPF_AREA_SAME(&oi->area, &ospfh))
2430 return 1;
2431
2432 return 0;
2433 }
2434
2435 /* Unbound socket will accept any Raw IP packets if proto is matched.
2436 To prevent it, compare src IP address and i/f address with masking
2437 i/f network mask. */
2438 static int ospf_check_network_mask(struct ospf_interface *oi,
2439 struct in_addr ip_src)
2440 {
2441 struct in_addr mask, me, him;
2442
2443 if (oi->type == OSPF_IFTYPE_POINTOPOINT
2444 || oi->type == OSPF_IFTYPE_VIRTUALLINK)
2445 return 1;
2446
2447 /* Ignore mask check for max prefix length (32) */
2448 if (oi->type == OSPF_IFTYPE_POINTOMULTIPOINT
2449 && oi->address->prefixlen == IPV4_MAX_BITLEN)
2450 return 1;
2451
2452 masklen2ip(oi->address->prefixlen, &mask);
2453
2454 me.s_addr = oi->address->u.prefix4.s_addr & mask.s_addr;
2455 him.s_addr = ip_src.s_addr & mask.s_addr;
2456
2457 if (IPV4_ADDR_SAME(&me, &him))
2458 return 1;
2459
2460 return 0;
2461 }
2462
2463 /* Return 1, if the packet is properly authenticated and checksummed,
2464 0 otherwise. In particular, check that AuType header field is valid and
2465 matches the locally configured AuType, and that D.5 requirements are met. */
2466 static int ospf_check_auth(struct ospf_interface *oi, struct ospf_header *ospfh)
2467 {
2468 struct crypt_key *ck;
2469 uint16_t iface_auth_type;
2470 uint16_t pkt_auth_type = ntohs(ospfh->auth_type);
2471
2472 switch (pkt_auth_type) {
2473 case OSPF_AUTH_NULL: /* RFC2328 D.5.1 */
2474 if (OSPF_AUTH_NULL != (iface_auth_type = ospf_auth_type(oi))) {
2475 if (IS_DEBUG_OSPF_PACKET(ospfh->type - 1, RECV))
2476 flog_warn(
2477 EC_OSPF_PACKET,
2478 "interface %s: auth-type mismatch, local %s, rcvd Null",
2479 IF_NAME(oi),
2480 lookup_msg(ospf_auth_type_str,
2481 iface_auth_type, NULL));
2482 return 0;
2483 }
2484 if (!ospf_check_sum(ospfh)) {
2485 if (IS_DEBUG_OSPF_PACKET(ospfh->type - 1, RECV))
2486 flog_warn(
2487 EC_OSPF_PACKET,
2488 "interface %s: Null auth OK, but checksum error, Router-ID %pI4",
2489 IF_NAME(oi),
2490 &ospfh->router_id);
2491 return 0;
2492 }
2493 return 1;
2494 case OSPF_AUTH_SIMPLE: /* RFC2328 D.5.2 */
2495 if (OSPF_AUTH_SIMPLE
2496 != (iface_auth_type = ospf_auth_type(oi))) {
2497 if (IS_DEBUG_OSPF_PACKET(ospfh->type - 1, RECV))
2498 flog_warn(
2499 EC_OSPF_PACKET,
2500 "interface %s: auth-type mismatch, local %s, rcvd Simple",
2501 IF_NAME(oi),
2502 lookup_msg(ospf_auth_type_str,
2503 iface_auth_type, NULL));
2504 return 0;
2505 }
2506 if (memcmp(OSPF_IF_PARAM(oi, auth_simple), ospfh->u.auth_data,
2507 OSPF_AUTH_SIMPLE_SIZE)) {
2508 if (IS_DEBUG_OSPF_PACKET(ospfh->type - 1, RECV))
2509 flog_warn(EC_OSPF_PACKET,
2510 "interface %s: Simple auth failed",
2511 IF_NAME(oi));
2512 return 0;
2513 }
2514 if (!ospf_check_sum(ospfh)) {
2515 if (IS_DEBUG_OSPF_PACKET(ospfh->type - 1, RECV))
2516 flog_warn(
2517 EC_OSPF_PACKET,
2518 "interface %s: Simple auth OK, checksum error, Router-ID %pI4",
2519 IF_NAME(oi),
2520 &ospfh->router_id);
2521 return 0;
2522 }
2523 return 1;
2524 case OSPF_AUTH_CRYPTOGRAPHIC: /* RFC2328 D.5.3 */
2525 if (OSPF_AUTH_CRYPTOGRAPHIC
2526 != (iface_auth_type = ospf_auth_type(oi))) {
2527 if (IS_DEBUG_OSPF_PACKET(ospfh->type - 1, RECV))
2528 flog_warn(
2529 EC_OSPF_PACKET,
2530 "interface %s: auth-type mismatch, local %s, rcvd Cryptographic",
2531 IF_NAME(oi),
2532 lookup_msg(ospf_auth_type_str,
2533 iface_auth_type, NULL));
2534 return 0;
2535 }
2536 if (ospfh->checksum) {
2537 if (IS_DEBUG_OSPF_PACKET(ospfh->type - 1, RECV))
2538 flog_warn(
2539 EC_OSPF_PACKET,
2540 "interface %s: OSPF header checksum is not 0",
2541 IF_NAME(oi));
2542 return 0;
2543 }
2544 /* only MD5 crypto method can pass ospf_packet_examin() */
2545 if (NULL == (ck = listgetdata(
2546 listtail(OSPF_IF_PARAM(oi, auth_crypt))))
2547 || ospfh->u.crypt.key_id != ck->key_id ||
2548 /* Condition above uses the last key ID on the list,
2549 which is
2550 different from what ospf_crypt_key_lookup() does. A
2551 bug? */
2552 !ospf_check_md5_digest(oi, ospfh)) {
2553 if (IS_DEBUG_OSPF_PACKET(ospfh->type - 1, RECV))
2554 flog_warn(EC_OSPF_MD5,
2555 "interface %s: MD5 auth failed",
2556 IF_NAME(oi));
2557 return 0;
2558 }
2559 return 1;
2560 default:
2561 if (IS_DEBUG_OSPF_PACKET(ospfh->type - 1, RECV))
2562 flog_warn(
2563 EC_OSPF_PACKET,
2564 "interface %s: invalid packet auth-type (%02x)",
2565 IF_NAME(oi), pkt_auth_type);
2566 return 0;
2567 }
2568 }
2569
2570 static int ospf_check_sum(struct ospf_header *ospfh)
2571 {
2572 uint32_t ret;
2573 uint16_t sum;
2574
2575 /* clear auth_data for checksum. */
2576 memset(ospfh->u.auth_data, 0, OSPF_AUTH_SIMPLE_SIZE);
2577
2578 /* keep checksum and clear. */
2579 sum = ospfh->checksum;
2580 memset(&ospfh->checksum, 0, sizeof(uint16_t));
2581
2582 /* calculate checksum. */
2583 ret = in_cksum(ospfh, ntohs(ospfh->length));
2584
2585 if (ret != sum) {
2586 zlog_info("%s: checksum mismatch, my %X, his %X", __func__, ret,
2587 sum);
2588 return 0;
2589 }
2590
2591 return 1;
2592 }
2593
2594 /* Verify, that given link/TOS records are properly sized/aligned and match
2595 Router-LSA "# links" and "# TOS" fields as specified in RFC2328 A.4.2. */
2596 static unsigned ospf_router_lsa_links_examin(struct router_lsa_link *link,
2597 uint16_t linkbytes,
2598 const uint16_t num_links)
2599 {
2600 unsigned counted_links = 0, thislinklen;
2601
2602 while (linkbytes >= OSPF_ROUTER_LSA_LINK_SIZE) {
2603 thislinklen =
2604 OSPF_ROUTER_LSA_LINK_SIZE + 4 * link->m[0].tos_count;
2605 if (thislinklen > linkbytes) {
2606 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2607 zlog_debug("%s: length error in link block #%u",
2608 __func__, counted_links);
2609 return MSG_NG;
2610 }
2611 link = (struct router_lsa_link *)((caddr_t)link + thislinklen);
2612 linkbytes -= thislinklen;
2613 counted_links++;
2614 }
2615 if (counted_links != num_links) {
2616 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2617 zlog_debug("%s: %u link blocks declared, %u present",
2618 __func__, num_links, counted_links);
2619 return MSG_NG;
2620 }
2621 return MSG_OK;
2622 }
2623
2624 /* Verify, that the given LSA is properly sized/aligned (including type-specific
2625 minimum length constraint). */
2626 static unsigned ospf_lsa_examin(struct lsa_header *lsah, const uint16_t lsalen,
2627 const uint8_t headeronly)
2628 {
2629 unsigned ret;
2630 struct router_lsa *rlsa;
2631 if (lsah->type < OSPF_MAX_LSA && ospf_lsa_minlen[lsah->type]
2632 && lsalen < OSPF_LSA_HEADER_SIZE + ospf_lsa_minlen[lsah->type]) {
2633 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2634 zlog_debug("%s: undersized (%u B) %s", __func__, lsalen,
2635 lookup_msg(ospf_lsa_type_msg, lsah->type,
2636 NULL));
2637 return MSG_NG;
2638 }
2639 switch (lsah->type) {
2640 case OSPF_ROUTER_LSA: {
2641 /*
2642 * RFC2328 A.4.2, LSA header + 4 bytes followed by N>=0
2643 * (12+)-byte link blocks
2644 */
2645 size_t linkbytes_len = lsalen - OSPF_LSA_HEADER_SIZE
2646 - OSPF_ROUTER_LSA_MIN_SIZE;
2647
2648 /*
2649 * LSA link blocks are variable length but always multiples of
2650 * 4; basic sanity check
2651 */
2652 if (linkbytes_len % 4 != 0)
2653 return MSG_NG;
2654
2655 if (headeronly)
2656 return MSG_OK;
2657
2658 rlsa = (struct router_lsa *)lsah;
2659
2660 ret = ospf_router_lsa_links_examin(
2661 (struct router_lsa_link *)rlsa->link,
2662 linkbytes_len,
2663 ntohs(rlsa->links));
2664 break;
2665 }
2666 case OSPF_AS_EXTERNAL_LSA:
2667 /* RFC2328 A.4.5, LSA header + 4 bytes followed by N>=1 12-bytes long
2668 * blocks */
2669 case OSPF_AS_NSSA_LSA:
2670 /* RFC3101 C, idem */
2671 ret = (lsalen - OSPF_LSA_HEADER_SIZE
2672 - OSPF_AS_EXTERNAL_LSA_MIN_SIZE)
2673 % 12
2674 ? MSG_NG
2675 : MSG_OK;
2676 break;
2677 /* Following LSA types are considered OK length-wise as soon as their
2678 * minimum
2679 * length constraint is met and length of the whole LSA is a multiple of
2680 * 4
2681 * (basic LSA header size is already a multiple of 4). */
2682 case OSPF_NETWORK_LSA:
2683 /* RFC2328 A.4.3, LSA header + 4 bytes followed by N>=1 router-IDs */
2684 case OSPF_SUMMARY_LSA:
2685 case OSPF_ASBR_SUMMARY_LSA:
2686 /* RFC2328 A.4.4, LSA header + 4 bytes followed by N>=1 4-bytes TOS
2687 * blocks */
2688 case OSPF_OPAQUE_LINK_LSA:
2689 case OSPF_OPAQUE_AREA_LSA:
2690 case OSPF_OPAQUE_AS_LSA:
2691 /* RFC5250 A.2, "some number of octets (of application-specific
2692 * data) padded to 32-bit alignment." This is considered
2693 * equivalent
2694 * to 4-byte alignment of all other LSA types, see
2695 * OSPF-ALIGNMENT.txt
2696 * file for the detailed analysis of this passage. */
2697 ret = lsalen % 4 ? MSG_NG : MSG_OK;
2698 break;
2699 default:
2700 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2701 zlog_debug("%s: unsupported LSA type 0x%02x", __func__,
2702 lsah->type);
2703 return MSG_NG;
2704 }
2705 if (ret != MSG_OK && IS_DEBUG_OSPF_PACKET(0, RECV))
2706 zlog_debug("%s: alignment error in %s", __func__,
2707 lookup_msg(ospf_lsa_type_msg, lsah->type, NULL));
2708 return ret;
2709 }
2710
2711 /* Verify if the provided input buffer is a valid sequence of LSAs. This
2712 includes verification of LSA blocks length/alignment and dispatching
2713 of deeper-level checks. */
2714 static unsigned
2715 ospf_lsaseq_examin(struct lsa_header *lsah, /* start of buffered data */
2716 size_t length, const uint8_t headeronly,
2717 /* When declared_num_lsas is not 0, compare it to the real
2718 number of LSAs
2719 and treat the difference as an error. */
2720 const uint32_t declared_num_lsas)
2721 {
2722 uint32_t counted_lsas = 0;
2723
2724 while (length) {
2725 uint16_t lsalen;
2726 if (length < OSPF_LSA_HEADER_SIZE) {
2727 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2728 zlog_debug(
2729 "%s: undersized (%zu B) trailing (#%u) LSA header",
2730 __func__, length, counted_lsas);
2731 return MSG_NG;
2732 }
2733 /* save on ntohs() calls here and in the LSA validator */
2734 lsalen = ntohs(lsah->length);
2735 if (lsalen < OSPF_LSA_HEADER_SIZE) {
2736 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2737 zlog_debug(
2738 "%s: malformed LSA header #%u, declared length is %u B",
2739 __func__, counted_lsas, lsalen);
2740 return MSG_NG;
2741 }
2742 if (headeronly) {
2743 /* less checks here and in ospf_lsa_examin() */
2744 if (MSG_OK != ospf_lsa_examin(lsah, lsalen, 1)) {
2745 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2746 zlog_debug(
2747 "%s: malformed header-only LSA #%u",
2748 __func__, counted_lsas);
2749 return MSG_NG;
2750 }
2751 lsah = (struct lsa_header *)((caddr_t)lsah
2752 + OSPF_LSA_HEADER_SIZE);
2753 length -= OSPF_LSA_HEADER_SIZE;
2754 } else {
2755 /* make sure the input buffer is deep enough before
2756 * further checks */
2757 if (lsalen > length) {
2758 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2759 zlog_debug(
2760 "%s: anomaly in LSA #%u: declared length is %u B, buffered length is %zu B",
2761 __func__, counted_lsas, lsalen,
2762 length);
2763 return MSG_NG;
2764 }
2765 if (MSG_OK != ospf_lsa_examin(lsah, lsalen, 0)) {
2766 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2767 zlog_debug("%s: malformed LSA #%u",
2768 __func__, counted_lsas);
2769 return MSG_NG;
2770 }
2771 lsah = (struct lsa_header *)((caddr_t)lsah + lsalen);
2772 length -= lsalen;
2773 }
2774 counted_lsas++;
2775 }
2776
2777 if (declared_num_lsas && counted_lsas != declared_num_lsas) {
2778 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2779 zlog_debug(
2780 "%s: #LSAs declared (%u) does not match actual (%u)",
2781 __func__, declared_num_lsas, counted_lsas);
2782 return MSG_NG;
2783 }
2784 return MSG_OK;
2785 }
2786
2787 /* Verify a complete OSPF packet for proper sizing/alignment. */
2788 static unsigned ospf_packet_examin(struct ospf_header *oh,
2789 const unsigned bytesonwire)
2790 {
2791 uint16_t bytesdeclared, bytesauth;
2792 unsigned ret;
2793 struct ospf_ls_update *lsupd;
2794
2795 /* Length, 1st approximation. */
2796 if (bytesonwire < OSPF_HEADER_SIZE) {
2797 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2798 zlog_debug("%s: undersized (%u B) packet", __func__,
2799 bytesonwire);
2800 return MSG_NG;
2801 }
2802 /* Now it is safe to access header fields. Performing length check,
2803 * allow
2804 * for possible extra bytes of crypto auth/padding, which are not
2805 * counted
2806 * in the OSPF header "length" field. */
2807 if (oh->version != OSPF_VERSION) {
2808 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2809 zlog_debug("%s: invalid (%u) protocol version",
2810 __func__, oh->version);
2811 return MSG_NG;
2812 }
2813 bytesdeclared = ntohs(oh->length);
2814 if (ntohs(oh->auth_type) != OSPF_AUTH_CRYPTOGRAPHIC)
2815 bytesauth = 0;
2816 else {
2817 if (oh->u.crypt.auth_data_len != OSPF_AUTH_MD5_SIZE) {
2818 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2819 zlog_debug(
2820 "%s: unsupported crypto auth length (%u B)",
2821 __func__, oh->u.crypt.auth_data_len);
2822 return MSG_NG;
2823 }
2824 bytesauth = OSPF_AUTH_MD5_SIZE;
2825 }
2826 if (bytesdeclared + bytesauth > bytesonwire) {
2827 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2828 zlog_debug(
2829 "%s: packet length error (%u real, %u+%u declared)",
2830 __func__, bytesonwire, bytesdeclared,
2831 bytesauth);
2832 return MSG_NG;
2833 }
2834 /* Length, 2nd approximation. The type-specific constraint is checked
2835 against declared length, not amount of bytes on wire. */
2836 if (oh->type >= OSPF_MSG_HELLO && oh->type <= OSPF_MSG_LS_ACK
2837 && bytesdeclared
2838 < OSPF_HEADER_SIZE + ospf_packet_minlen[oh->type]) {
2839 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2840 zlog_debug("%s: undersized (%u B) %s packet", __func__,
2841 bytesdeclared,
2842 lookup_msg(ospf_packet_type_str, oh->type,
2843 NULL));
2844 return MSG_NG;
2845 }
2846 switch (oh->type) {
2847 case OSPF_MSG_HELLO:
2848 /* RFC2328 A.3.2, packet header + OSPF_HELLO_MIN_SIZE bytes
2849 followed
2850 by N>=0 router-IDs. */
2851 ret = (bytesdeclared - OSPF_HEADER_SIZE - OSPF_HELLO_MIN_SIZE)
2852 % 4
2853 ? MSG_NG
2854 : MSG_OK;
2855 break;
2856 case OSPF_MSG_DB_DESC:
2857 /* RFC2328 A.3.3, packet header + OSPF_DB_DESC_MIN_SIZE bytes
2858 followed
2859 by N>=0 header-only LSAs. */
2860 ret = ospf_lsaseq_examin(
2861 (struct lsa_header *)((caddr_t)oh + OSPF_HEADER_SIZE
2862 + OSPF_DB_DESC_MIN_SIZE),
2863 bytesdeclared - OSPF_HEADER_SIZE
2864 - OSPF_DB_DESC_MIN_SIZE,
2865 1, /* header-only LSAs */
2866 0);
2867 break;
2868 case OSPF_MSG_LS_REQ:
2869 /* RFC2328 A.3.4, packet header followed by N>=0 12-bytes
2870 * request blocks. */
2871 ret = (bytesdeclared - OSPF_HEADER_SIZE - OSPF_LS_REQ_MIN_SIZE)
2872 % OSPF_LSA_KEY_SIZE
2873 ? MSG_NG
2874 : MSG_OK;
2875 break;
2876 case OSPF_MSG_LS_UPD:
2877 /* RFC2328 A.3.5, packet header + OSPF_LS_UPD_MIN_SIZE bytes
2878 followed
2879 by N>=0 full LSAs (with N declared beforehand). */
2880 lsupd = (struct ospf_ls_update *)((caddr_t)oh
2881 + OSPF_HEADER_SIZE);
2882 ret = ospf_lsaseq_examin(
2883 (struct lsa_header *)((caddr_t)lsupd
2884 + OSPF_LS_UPD_MIN_SIZE),
2885 bytesdeclared - OSPF_HEADER_SIZE - OSPF_LS_UPD_MIN_SIZE,
2886 0, /* full LSAs */
2887 ntohl(lsupd->num_lsas) /* 32 bits */
2888 );
2889 break;
2890 case OSPF_MSG_LS_ACK:
2891 /* RFC2328 A.3.6, packet header followed by N>=0 header-only
2892 * LSAs. */
2893 ret = ospf_lsaseq_examin(
2894 (struct lsa_header *)((caddr_t)oh + OSPF_HEADER_SIZE
2895 + OSPF_LS_ACK_MIN_SIZE),
2896 bytesdeclared - OSPF_HEADER_SIZE - OSPF_LS_ACK_MIN_SIZE,
2897 1, /* header-only LSAs */
2898 0);
2899 break;
2900 default:
2901 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2902 zlog_debug("%s: invalid packet type 0x%02x", __func__,
2903 oh->type);
2904 return MSG_NG;
2905 }
2906 if (ret != MSG_OK && IS_DEBUG_OSPF_PACKET(0, RECV))
2907 zlog_debug("%s: malformed %s packet", __func__,
2908 lookup_msg(ospf_packet_type_str, oh->type, NULL));
2909 return ret;
2910 }
2911
2912 /* OSPF Header verification. */
2913 static int ospf_verify_header(struct stream *ibuf, struct ospf_interface *oi,
2914 struct ip *iph, struct ospf_header *ospfh)
2915 {
2916 /* Check Area ID. */
2917 if (!ospf_check_area_id(oi, ospfh)) {
2918 flog_warn(EC_OSPF_PACKET,
2919 "interface %s: ospf_read invalid Area ID %pI4",
2920 IF_NAME(oi), &ospfh->area_id);
2921 return -1;
2922 }
2923
2924 /* Check network mask, Silently discarded. */
2925 if (!ospf_check_network_mask(oi, iph->ip_src)) {
2926 flog_warn(
2927 EC_OSPF_PACKET,
2928 "interface %s: ospf_read network address is not same [%pI4]",
2929 IF_NAME(oi), &iph->ip_src);
2930 return -1;
2931 }
2932
2933 /* Check authentication. The function handles logging actions, where
2934 * required. */
2935 if (!ospf_check_auth(oi, ospfh))
2936 return -1;
2937
2938 return 0;
2939 }
2940
2941 enum ospf_read_return_enum {
2942 OSPF_READ_ERROR,
2943 OSPF_READ_CONTINUE,
2944 };
2945
2946 static enum ospf_read_return_enum ospf_read_helper(struct ospf *ospf)
2947 {
2948 int ret;
2949 struct stream *ibuf;
2950 struct ospf_interface *oi;
2951 struct ip *iph;
2952 struct ospf_header *ospfh;
2953 uint16_t length;
2954 struct connected *c;
2955 struct interface *ifp = NULL;
2956
2957 stream_reset(ospf->ibuf);
2958 ibuf = ospf_recv_packet(ospf, ospf->fd, &ifp, ospf->ibuf);
2959 if (ibuf == NULL)
2960 return OSPF_READ_ERROR;
2961
2962 /*
2963 * This raw packet is known to be at least as big as its
2964 * IP header. Note that there should not be alignment problems with
2965 * this assignment because this is at the beginning of the
2966 * stream data buffer.
2967 */
2968 iph = (struct ip *)STREAM_DATA(ibuf);
2969 /*
2970 * Note that sockopt_iphdrincl_swab_systoh was called in
2971 * ospf_recv_packet.
2972 */
2973 if (ifp == NULL) {
2974 /*
2975 * Handle cases where the platform does not support
2976 * retrieving the ifindex, and also platforms (such as
2977 * Solaris 8) that claim to support ifindex retrieval but do
2978 * not.
2979 */
2980 c = if_lookup_address((void *)&iph->ip_src, AF_INET,
2981 ospf->vrf_id);
2982 if (c)
2983 ifp = c->ifp;
2984 if (ifp == NULL) {
2985 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2986 zlog_debug(
2987 "%s: Unable to determine incoming interface from: %pI4(%s)",
2988 __func__, &iph->ip_src,
2989 ospf_get_name(ospf));
2990 return OSPF_READ_CONTINUE;
2991 }
2992 }
2993
2994 if (ospf->vrf_id == VRF_DEFAULT && ospf->vrf_id != ifp->vrf->vrf_id) {
2995 /*
2996 * We may have a situation where l3mdev_accept == 1
2997 * let's just kindly drop the packet and move on.
2998 * ospf really really really does not like when
2999 * we receive the same packet multiple times.
3000 */
3001 return OSPF_READ_CONTINUE;
3002 }
3003
3004 /* Self-originated packet should be discarded silently. */
3005 if (ospf_if_lookup_by_local_addr(ospf, NULL, iph->ip_src)) {
3006 if (IS_DEBUG_OSPF_PACKET(0, RECV)) {
3007 zlog_debug(
3008 "ospf_read[%pI4]: Dropping self-originated packet",
3009 &iph->ip_src);
3010 }
3011 return OSPF_READ_CONTINUE;
3012 }
3013
3014 /* Check that we have enough for an IP header */
3015 if ((unsigned int)(iph->ip_hl << 2) >= STREAM_READABLE(ibuf)) {
3016 if ((unsigned int)(iph->ip_hl << 2) == STREAM_READABLE(ibuf)) {
3017 flog_warn(
3018 EC_OSPF_PACKET,
3019 "Rx'd IP packet with OSPF protocol number but no payload");
3020 } else {
3021 flog_warn(
3022 EC_OSPF_PACKET,
3023 "IP header length field claims header is %u bytes, but we only have %zu",
3024 (unsigned int)(iph->ip_hl << 2),
3025 STREAM_READABLE(ibuf));
3026 }
3027
3028 return OSPF_READ_ERROR;
3029 }
3030 stream_forward_getp(ibuf, iph->ip_hl << 2);
3031
3032 ospfh = (struct ospf_header *)stream_pnt(ibuf);
3033 if (MSG_OK
3034 != ospf_packet_examin(ospfh, stream_get_endp(ibuf)
3035 - stream_get_getp(ibuf)))
3036 return OSPF_READ_CONTINUE;
3037 /* Now it is safe to access all fields of OSPF packet header. */
3038
3039 /* associate packet with ospf interface */
3040 oi = ospf_if_lookup_recv_if(ospf, iph->ip_src, ifp);
3041
3042 /*
3043 * ospf_verify_header() relies on a valid "oi" and thus can be called
3044 * only after the passive/backbone/other checks below are passed.
3045 * These checks in turn access the fields of unverified "ospfh"
3046 * structure for their own purposes and must remain very accurate
3047 * in doing this.
3048 */
3049
3050 /* If incoming interface is passive one, ignore it. */
3051 if (oi && OSPF_IF_PASSIVE_STATUS(oi) == OSPF_IF_PASSIVE) {
3052 if (IS_DEBUG_OSPF_EVENT)
3053 zlog_debug(
3054 "ignoring packet from router %pI4 sent to %pI4, received on a passive interface, %pI4",
3055 &ospfh->router_id, &iph->ip_dst,
3056 &oi->address->u.prefix4);
3057
3058 if (iph->ip_dst.s_addr == htonl(OSPF_ALLSPFROUTERS)) {
3059 /* Try to fix multicast membership.
3060 * Some OS:es may have problems in this area,
3061 * make sure it is removed.
3062 */
3063 OI_MEMBER_JOINED(oi, MEMBER_ALLROUTERS);
3064 ospf_if_set_multicast(oi);
3065 }
3066 return OSPF_READ_CONTINUE;
3067 }
3068
3069
3070 /* if no local ospf_interface,
3071 * or header area is backbone but ospf_interface is not
3072 * check for VLINK interface
3073 */
3074 if ((oi == NULL)
3075 || (OSPF_IS_AREA_ID_BACKBONE(ospfh->area_id)
3076 && !OSPF_IS_AREA_ID_BACKBONE(oi->area->area_id))) {
3077 if ((oi = ospf_associate_packet_vl(ospf, ifp, iph, ospfh))
3078 == NULL) {
3079 if (!ospf->instance && IS_DEBUG_OSPF_EVENT)
3080 zlog_debug(
3081 "Packet from [%pI4] received on link %s but no ospf_interface",
3082 &iph->ip_src, ifp->name);
3083 return OSPF_READ_CONTINUE;
3084 }
3085 }
3086
3087 /*
3088 * else it must be a local ospf interface, check it was
3089 * received on correct link
3090 */
3091 else if (oi->ifp != ifp) {
3092 if (IS_DEBUG_OSPF_EVENT)
3093 flog_warn(EC_OSPF_PACKET,
3094 "Packet from [%pI4] received on wrong link %s",
3095 &iph->ip_src, ifp->name);
3096 return OSPF_READ_CONTINUE;
3097 } else if (oi->state == ISM_Down) {
3098 flog_warn(
3099 EC_OSPF_PACKET,
3100 "Ignoring packet from %pI4 to %pI4 received on interface that is down [%s]; interface flags are %s",
3101 &iph->ip_src, &iph->ip_dst, ifp->name,
3102 if_flag_dump(ifp->flags));
3103 /* Fix multicast memberships? */
3104 if (iph->ip_dst.s_addr == htonl(OSPF_ALLSPFROUTERS))
3105 OI_MEMBER_JOINED(oi, MEMBER_ALLROUTERS);
3106 else if (iph->ip_dst.s_addr == htonl(OSPF_ALLDROUTERS))
3107 OI_MEMBER_JOINED(oi, MEMBER_DROUTERS);
3108 if (oi->multicast_memberships)
3109 ospf_if_set_multicast(oi);
3110 return OSPF_READ_CONTINUE;
3111 }
3112
3113 /*
3114 * If the received packet is destined for AllDRouters, the
3115 * packet should be accepted only if the received ospf
3116 * interface state is either DR or Backup -- endo.
3117 *
3118 * I wonder who endo is?
3119 */
3120 if (iph->ip_dst.s_addr == htonl(OSPF_ALLDROUTERS)
3121 && (oi->state != ISM_DR && oi->state != ISM_Backup)) {
3122 flog_warn(
3123 EC_OSPF_PACKET,
3124 "Dropping packet for AllDRouters from [%pI4] via [%s] (ISM: %s)",
3125 &iph->ip_src, IF_NAME(oi),
3126 lookup_msg(ospf_ism_state_msg, oi->state, NULL));
3127 /* Try to fix multicast membership. */
3128 SET_FLAG(oi->multicast_memberships, MEMBER_DROUTERS);
3129 ospf_if_set_multicast(oi);
3130 return OSPF_READ_CONTINUE;
3131 }
3132
3133 /* Verify more OSPF header fields. */
3134 ret = ospf_verify_header(ibuf, oi, iph, ospfh);
3135 if (ret < 0) {
3136 if (IS_DEBUG_OSPF_PACKET(0, RECV))
3137 zlog_debug(
3138 "ospf_read[%pI4]: Header check failed, dropping.",
3139 &iph->ip_src);
3140 return OSPF_READ_CONTINUE;
3141 }
3142
3143 /* Show debug receiving packet. */
3144 if (IS_DEBUG_OSPF_PACKET(ospfh->type - 1, RECV)) {
3145 if (IS_DEBUG_OSPF_PACKET(ospfh->type - 1, DETAIL)) {
3146 zlog_debug(
3147 "-----------------------------------------------------");
3148 ospf_packet_dump(ibuf);
3149 }
3150
3151 zlog_debug("%s received from [%pI4] via [%s]",
3152 lookup_msg(ospf_packet_type_str, ospfh->type, NULL),
3153 &ospfh->router_id, IF_NAME(oi));
3154 zlog_debug(" src [%pI4],", &iph->ip_src);
3155 zlog_debug(" dst [%pI4]", &iph->ip_dst);
3156
3157 if (IS_DEBUG_OSPF_PACKET(ospfh->type - 1, DETAIL))
3158 zlog_debug(
3159 "-----------------------------------------------------");
3160 }
3161
3162 stream_forward_getp(ibuf, OSPF_HEADER_SIZE);
3163
3164 /* Adjust size to message length. */
3165 length = ntohs(ospfh->length) - OSPF_HEADER_SIZE;
3166
3167 /* Read rest of the packet and call each sort of packet routine.
3168 */
3169 switch (ospfh->type) {
3170 case OSPF_MSG_HELLO:
3171 ospf_hello(iph, ospfh, ibuf, oi, length);
3172 break;
3173 case OSPF_MSG_DB_DESC:
3174 ospf_db_desc(iph, ospfh, ibuf, oi, length);
3175 break;
3176 case OSPF_MSG_LS_REQ:
3177 ospf_ls_req(iph, ospfh, ibuf, oi, length);
3178 break;
3179 case OSPF_MSG_LS_UPD:
3180 ospf_ls_upd(ospf, iph, ospfh, ibuf, oi, length);
3181 break;
3182 case OSPF_MSG_LS_ACK:
3183 ospf_ls_ack(iph, ospfh, ibuf, oi, length);
3184 break;
3185 default:
3186 flog_warn(
3187 EC_OSPF_PACKET,
3188 "interface %s(%s): OSPF packet header type %d is illegal",
3189 IF_NAME(oi), ospf_get_name(ospf), ospfh->type);
3190 break;
3191 }
3192
3193 return OSPF_READ_CONTINUE;
3194 }
3195
3196 /* Starting point of packet process function. */
3197 void ospf_read(struct thread *thread)
3198 {
3199 struct ospf *ospf;
3200 int32_t count = 0;
3201 enum ospf_read_return_enum ret;
3202
3203 /* first of all get interface pointer. */
3204 ospf = THREAD_ARG(thread);
3205
3206 /* prepare for next packet. */
3207 thread_add_read(master, ospf_read, ospf, ospf->fd, &ospf->t_read);
3208
3209 while (count < ospf->write_oi_count) {
3210 count++;
3211 ret = ospf_read_helper(ospf);
3212 switch (ret) {
3213 case OSPF_READ_ERROR:
3214 return;
3215 case OSPF_READ_CONTINUE:
3216 break;
3217 }
3218 }
3219 }
3220
3221 /* Make OSPF header. */
3222 static void ospf_make_header(int type, struct ospf_interface *oi,
3223 struct stream *s)
3224 {
3225 struct ospf_header *ospfh;
3226
3227 ospfh = (struct ospf_header *)STREAM_DATA(s);
3228
3229 ospfh->version = (uint8_t)OSPF_VERSION;
3230 ospfh->type = (uint8_t)type;
3231
3232 ospfh->router_id = oi->ospf->router_id;
3233
3234 ospfh->checksum = 0;
3235 ospfh->area_id = oi->area->area_id;
3236 ospfh->auth_type = htons(ospf_auth_type(oi));
3237
3238 memset(ospfh->u.auth_data, 0, OSPF_AUTH_SIMPLE_SIZE);
3239
3240 stream_forward_endp(s, OSPF_HEADER_SIZE);
3241 }
3242
3243 /* Make Authentication Data. */
3244 static int ospf_make_auth(struct ospf_interface *oi, struct ospf_header *ospfh)
3245 {
3246 struct crypt_key *ck;
3247
3248 switch (ospf_auth_type(oi)) {
3249 case OSPF_AUTH_NULL:
3250 /* memset (ospfh->u.auth_data, 0, sizeof(ospfh->u.auth_data));
3251 */
3252 break;
3253 case OSPF_AUTH_SIMPLE:
3254 memcpy(ospfh->u.auth_data, OSPF_IF_PARAM(oi, auth_simple),
3255 OSPF_AUTH_SIMPLE_SIZE);
3256 break;
3257 case OSPF_AUTH_CRYPTOGRAPHIC:
3258 /* If key is not set, then set 0. */
3259 if (list_isempty(OSPF_IF_PARAM(oi, auth_crypt))) {
3260 ospfh->u.crypt.zero = 0;
3261 ospfh->u.crypt.key_id = 0;
3262 ospfh->u.crypt.auth_data_len = OSPF_AUTH_MD5_SIZE;
3263 } else {
3264 ck = listgetdata(
3265 listtail(OSPF_IF_PARAM(oi, auth_crypt)));
3266 ospfh->u.crypt.zero = 0;
3267 ospfh->u.crypt.key_id = ck->key_id;
3268 ospfh->u.crypt.auth_data_len = OSPF_AUTH_MD5_SIZE;
3269 }
3270 /* note: the seq is done in ospf_make_md5_digest() */
3271 break;
3272 default:
3273 /* memset (ospfh->u.auth_data, 0, sizeof(ospfh->u.auth_data));
3274 */
3275 break;
3276 }
3277
3278 return 0;
3279 }
3280
3281 /* Fill rest of OSPF header. */
3282 static void ospf_fill_header(struct ospf_interface *oi, struct stream *s,
3283 uint16_t length)
3284 {
3285 struct ospf_header *ospfh;
3286
3287 ospfh = (struct ospf_header *)STREAM_DATA(s);
3288
3289 /* Fill length. */
3290 ospfh->length = htons(length);
3291
3292 /* Calculate checksum. */
3293 if (ntohs(ospfh->auth_type) != OSPF_AUTH_CRYPTOGRAPHIC)
3294 ospfh->checksum = in_cksum(ospfh, length);
3295 else
3296 ospfh->checksum = 0;
3297
3298 /* Add Authentication Data. */
3299 ospf_make_auth(oi, ospfh);
3300 }
3301
3302 static int ospf_make_hello(struct ospf_interface *oi, struct stream *s)
3303 {
3304 struct ospf_neighbor *nbr;
3305 struct route_node *rn;
3306 uint16_t length = OSPF_HELLO_MIN_SIZE;
3307 struct in_addr mask;
3308 unsigned long p;
3309 int flag = 0;
3310
3311 /* Set netmask of interface. */
3312 if (!(CHECK_FLAG(oi->connected->flags, ZEBRA_IFA_UNNUMBERED)
3313 && oi->type == OSPF_IFTYPE_POINTOPOINT)
3314 && oi->type != OSPF_IFTYPE_VIRTUALLINK)
3315 masklen2ip(oi->address->prefixlen, &mask);
3316 else
3317 memset((char *)&mask, 0, sizeof(struct in_addr));
3318 stream_put_ipv4(s, mask.s_addr);
3319
3320 /* Set Hello Interval. */
3321 if (OSPF_IF_PARAM(oi, fast_hello) == 0)
3322 stream_putw(s, OSPF_IF_PARAM(oi, v_hello));
3323 else
3324 stream_putw(s, 0); /* hello-interval of 0 for fast-hellos */
3325
3326 /* Check if flood-reduction is enabled,
3327 * if yes set the DC bit in the options.
3328 */
3329 if (OSPF_FR_CONFIG(oi->ospf, oi->area))
3330 SET_FLAG(OPTIONS(oi), OSPF_OPTION_DC);
3331 else if (CHECK_FLAG(OPTIONS(oi), OSPF_OPTION_DC))
3332 UNSET_FLAG(OPTIONS(oi), OSPF_OPTION_DC);
3333
3334 if (IS_DEBUG_OSPF_EVENT)
3335 zlog_debug("%s: options: %x, int: %s", __func__, OPTIONS(oi),
3336 IF_NAME(oi));
3337
3338 /* Set Options. */
3339 stream_putc(s, OPTIONS(oi));
3340
3341 /* Set Router Priority. */
3342 stream_putc(s, PRIORITY(oi));
3343
3344 /* Set Router Dead Interval. */
3345 stream_putl(s, OSPF_IF_PARAM(oi, v_wait));
3346
3347 /* Set Designated Router. */
3348 stream_put_ipv4(s, DR(oi).s_addr);
3349
3350 p = stream_get_endp(s);
3351
3352 /* Set Backup Designated Router. */
3353 stream_put_ipv4(s, BDR(oi).s_addr);
3354
3355 /* Add neighbor seen. */
3356 for (rn = route_top(oi->nbrs); rn; rn = route_next(rn)) {
3357 nbr = rn->info;
3358
3359 if (!nbr)
3360 continue;
3361
3362 /* Ignore the 0.0.0.0 node */
3363 if (nbr->router_id.s_addr == INADDR_ANY)
3364 continue;
3365
3366 /* Ignore Down neighbor */
3367 if (nbr->state == NSM_Attempt)
3368 continue;
3369
3370 /* This is myself for DR election */
3371 if (nbr->state == NSM_Down)
3372 continue;
3373
3374 if (IPV4_ADDR_SAME(&nbr->router_id, &oi->ospf->router_id))
3375 continue;
3376 /* Check neighbor is sane? */
3377 if (nbr->d_router.s_addr != INADDR_ANY &&
3378 IPV4_ADDR_SAME(&nbr->d_router, &oi->address->u.prefix4) &&
3379 IPV4_ADDR_SAME(&nbr->bd_router, &oi->address->u.prefix4))
3380 flag = 1;
3381
3382 /* Hello packet overflows interface MTU.
3383 */
3384 if (length + sizeof(uint32_t) > ospf_packet_max(oi)) {
3385 flog_err(
3386 EC_OSPF_LARGE_HELLO,
3387 "Oversized Hello packet! Larger than MTU. Not sending it out");
3388 return 0;
3389 }
3390
3391 stream_put_ipv4(s, nbr->router_id.s_addr);
3392 length += 4;
3393 }
3394
3395 /* Let neighbor generate BackupSeen. */
3396 if (flag == 1)
3397 stream_putl_at(s, p, 0); /* ipv4 address, normally */
3398
3399 return length;
3400 }
3401
3402 static int ospf_make_db_desc(struct ospf_interface *oi,
3403 struct ospf_neighbor *nbr, struct stream *s)
3404 {
3405 struct ospf_lsa *lsa;
3406 uint16_t length = OSPF_DB_DESC_MIN_SIZE;
3407 uint8_t options;
3408 unsigned long pp;
3409 int i;
3410 struct ospf_lsdb *lsdb;
3411
3412 /* Set Interface MTU. */
3413 if (oi->type == OSPF_IFTYPE_VIRTUALLINK)
3414 stream_putw(s, 0);
3415 else
3416 stream_putw(s, oi->ifp->mtu);
3417
3418 /* Set Options. */
3419 options = OPTIONS(oi);
3420 if (CHECK_FLAG(oi->ospf->config, OSPF_OPAQUE_CAPABLE))
3421 SET_FLAG(options, OSPF_OPTION_O);
3422 if (OSPF_FR_CONFIG(oi->ospf, oi->area))
3423 SET_FLAG(options, OSPF_OPTION_DC);
3424 stream_putc(s, options);
3425
3426 /* DD flags */
3427 pp = stream_get_endp(s);
3428 stream_putc(s, nbr->dd_flags);
3429
3430 /* Set DD Sequence Number. */
3431 stream_putl(s, nbr->dd_seqnum);
3432
3433 /* shortcut unneeded walk of (empty) summary LSDBs */
3434 if (ospf_db_summary_isempty(nbr))
3435 goto empty;
3436
3437 /* Describe LSA Header from Database Summary List. */
3438 lsdb = &nbr->db_sum;
3439
3440 for (i = OSPF_MIN_LSA; i < OSPF_MAX_LSA; i++) {
3441 struct route_table *table = lsdb->type[i].db;
3442 struct route_node *rn;
3443
3444 for (rn = route_top(table); rn; rn = route_next(rn))
3445 if ((lsa = rn->info) != NULL) {
3446 if (IS_OPAQUE_LSA(lsa->data->type)
3447 && (!CHECK_FLAG(options, OSPF_OPTION_O))) {
3448 /* Suppress advertising
3449 * opaque-information. */
3450 /* Remove LSA from DB summary list. */
3451 ospf_lsdb_delete(lsdb, lsa);
3452 continue;
3453 }
3454
3455 if (!CHECK_FLAG(lsa->flags, OSPF_LSA_DISCARD)) {
3456 struct lsa_header *lsah;
3457 uint16_t ls_age;
3458
3459 /* DD packet overflows interface MTU. */
3460 if (length + OSPF_LSA_HEADER_SIZE
3461 > ospf_packet_max(oi))
3462 break;
3463
3464 /* Keep pointer to LS age. */
3465 lsah = (struct lsa_header
3466 *)(STREAM_DATA(s)
3467 + stream_get_endp(
3468 s));
3469
3470 /* Proceed stream pointer. */
3471 stream_put(s, lsa->data,
3472 OSPF_LSA_HEADER_SIZE);
3473 length += OSPF_LSA_HEADER_SIZE;
3474
3475 /* Set LS age. */
3476 ls_age = LS_AGE(lsa);
3477 lsah->ls_age = htons(ls_age);
3478 }
3479
3480 /* Remove LSA from DB summary list. */
3481 ospf_lsdb_delete(lsdb, lsa);
3482 }
3483 }
3484
3485 /* Update 'More' bit */
3486 if (ospf_db_summary_isempty(nbr)) {
3487 empty:
3488 if (nbr->state >= NSM_Exchange) {
3489 UNSET_FLAG(nbr->dd_flags, OSPF_DD_FLAG_M);
3490 /* Rewrite DD flags */
3491 stream_putc_at(s, pp, nbr->dd_flags);
3492 } else {
3493 assert(IS_SET_DD_M(nbr->dd_flags));
3494 }
3495 }
3496 return length;
3497 }
3498
3499 static int ospf_make_ls_req_func(struct stream *s, uint16_t *length,
3500 unsigned long delta, struct ospf_neighbor *nbr,
3501 struct ospf_lsa *lsa)
3502 {
3503 struct ospf_interface *oi;
3504
3505 oi = nbr->oi;
3506
3507 /* LS Request packet overflows interface MTU
3508 * delta is just number of bytes required for 1 LS Req
3509 * ospf_packet_max will return the number of bytes can
3510 * be accommodated without ospf header. So length+delta
3511 * can be compared to ospf_packet_max
3512 * to check if it can fit another lsreq in the same packet.
3513 */
3514
3515 if (*length + delta > ospf_packet_max(oi))
3516 return 0;
3517
3518 stream_putl(s, lsa->data->type);
3519 stream_put_ipv4(s, lsa->data->id.s_addr);
3520 stream_put_ipv4(s, lsa->data->adv_router.s_addr);
3521
3522 ospf_lsa_unlock(&nbr->ls_req_last);
3523 nbr->ls_req_last = ospf_lsa_lock(lsa);
3524
3525 *length += 12;
3526 return 1;
3527 }
3528
3529 static int ospf_make_ls_req(struct ospf_neighbor *nbr, struct stream *s)
3530 {
3531 struct ospf_lsa *lsa;
3532 uint16_t length = OSPF_LS_REQ_MIN_SIZE;
3533 unsigned long delta = 12;
3534 struct route_table *table;
3535 struct route_node *rn;
3536 int i;
3537 struct ospf_lsdb *lsdb;
3538
3539 lsdb = &nbr->ls_req;
3540
3541 for (i = OSPF_MIN_LSA; i < OSPF_MAX_LSA; i++) {
3542 table = lsdb->type[i].db;
3543 for (rn = route_top(table); rn; rn = route_next(rn))
3544 if ((lsa = (rn->info)) != NULL)
3545 if (ospf_make_ls_req_func(s, &length, delta,
3546 nbr, lsa)
3547 == 0) {
3548 route_unlock_node(rn);
3549 break;
3550 }
3551 }
3552 return length;
3553 }
3554
3555 static int ls_age_increment(struct ospf_lsa *lsa, int delay)
3556 {
3557 int age;
3558
3559 age = IS_LSA_MAXAGE(lsa) ? OSPF_LSA_MAXAGE : LS_AGE(lsa) + delay;
3560
3561 return (age > OSPF_LSA_MAXAGE ? OSPF_LSA_MAXAGE : age);
3562 }
3563
3564 static int ospf_make_ls_upd(struct ospf_interface *oi, struct list *update,
3565 struct stream *s)
3566 {
3567 struct ospf_lsa *lsa;
3568 struct listnode *node;
3569 uint16_t length = 0;
3570 unsigned int size_noauth;
3571 unsigned long delta = stream_get_endp(s);
3572 unsigned long pp;
3573 int count = 0;
3574
3575 if (IS_DEBUG_OSPF_EVENT)
3576 zlog_debug("%s: Start", __func__);
3577
3578 pp = stream_get_endp(s);
3579 stream_forward_endp(s, OSPF_LS_UPD_MIN_SIZE);
3580 length += OSPF_LS_UPD_MIN_SIZE;
3581
3582 /* Calculate amount of packet usable for data. */
3583 size_noauth = stream_get_size(s) - ospf_packet_authspace(oi);
3584
3585 while ((node = listhead(update)) != NULL) {
3586 struct lsa_header *lsah;
3587 uint16_t ls_age;
3588
3589 lsa = listgetdata(node);
3590 assert(lsa->data);
3591
3592 if (IS_DEBUG_OSPF_EVENT)
3593 zlog_debug("%s: List Iteration %d LSA[%s]", __func__,
3594 count, dump_lsa_key(lsa));
3595
3596 /* Will it fit? Minimum it has to fit at least one */
3597 if ((length + delta + ntohs(lsa->data->length) > size_noauth) &&
3598 (count > 0))
3599 break;
3600
3601 /* Keep pointer to LS age. */
3602 lsah = (struct lsa_header *)(STREAM_DATA(s)
3603 + stream_get_endp(s));
3604
3605 /* Put LSA to Link State Request. */
3606 stream_put(s, lsa->data, ntohs(lsa->data->length));
3607
3608 /* Set LS age. */
3609 /* each hop must increment an lsa_age by transmit_delay
3610 of OSPF interface */
3611 ls_age = ls_age_increment(lsa,
3612 OSPF_IF_PARAM(oi, transmit_delay));
3613 lsah->ls_age = htons(ls_age);
3614
3615 length += ntohs(lsa->data->length);
3616 count++;
3617
3618 list_delete_node(update, node);
3619 ospf_lsa_unlock(&lsa); /* oi->ls_upd_queue */
3620 }
3621
3622 /* Now set #LSAs. */
3623 stream_putl_at(s, pp, count);
3624
3625 if (IS_DEBUG_OSPF_EVENT)
3626 zlog_debug("%s: Stop", __func__);
3627 return length;
3628 }
3629
3630 static int ospf_make_ls_ack(struct ospf_interface *oi, struct list *ack,
3631 struct stream *s)
3632 {
3633 struct listnode *node, *nnode;
3634 uint16_t length = OSPF_LS_ACK_MIN_SIZE;
3635 unsigned long delta = OSPF_LSA_HEADER_SIZE;
3636 struct ospf_lsa *lsa;
3637
3638 for (ALL_LIST_ELEMENTS(ack, node, nnode, lsa)) {
3639 assert(lsa);
3640
3641 /* LS Ack packet overflows interface MTU
3642 * delta is just number of bytes required for
3643 * 1 LS Ack(1 LS Hdr) ospf_packet_max will return
3644 * the number of bytes can be accommodated without
3645 * ospf header. So length+delta can be compared
3646 * against ospf_packet_max to check if it can fit
3647 * another ls header in the same packet.
3648 */
3649 if ((length + delta) > ospf_packet_max(oi))
3650 break;
3651
3652 stream_put(s, lsa->data, OSPF_LSA_HEADER_SIZE);
3653 length += OSPF_LSA_HEADER_SIZE;
3654
3655 listnode_delete(ack, lsa);
3656 ospf_lsa_unlock(&lsa); /* oi->ls_ack_direct.ls_ack */
3657 }
3658
3659 return length;
3660 }
3661
3662 static void ospf_hello_send_sub(struct ospf_interface *oi, in_addr_t addr)
3663 {
3664 struct ospf_packet *op;
3665 uint16_t length = OSPF_HEADER_SIZE;
3666
3667 op = ospf_packet_new(oi->ifp->mtu);
3668
3669 /* Prepare OSPF common header. */
3670 ospf_make_header(OSPF_MSG_HELLO, oi, op->s);
3671
3672 /* Prepare OSPF Hello body. */
3673 length += ospf_make_hello(oi, op->s);
3674 if (length == OSPF_HEADER_SIZE) {
3675 /* Hello overshooting MTU */
3676 ospf_packet_free(op);
3677 return;
3678 }
3679
3680 /* Fill OSPF header. */
3681 ospf_fill_header(oi, op->s, length);
3682
3683 /* Set packet length. */
3684 op->length = length;
3685
3686 op->dst.s_addr = addr;
3687
3688 if (IS_DEBUG_OSPF_EVENT) {
3689 if (oi->ospf->vrf_id)
3690 zlog_debug(
3691 "%s: Hello Tx interface %s ospf vrf %s id %u",
3692 __func__, oi->ifp->name,
3693 ospf_vrf_id_to_name(oi->ospf->vrf_id),
3694 oi->ospf->vrf_id);
3695 }
3696 /* Add packet to the top of the interface output queue, so that they
3697 * can't get delayed by things like long queues of LS Update packets
3698 */
3699 ospf_packet_add_top(oi, op);
3700
3701 /* Hook thread to write packet. */
3702 OSPF_ISM_WRITE_ON(oi->ospf);
3703 }
3704
3705 static void ospf_poll_send(struct ospf_nbr_nbma *nbr_nbma)
3706 {
3707 struct ospf_interface *oi;
3708
3709 oi = nbr_nbma->oi;
3710 assert(oi);
3711
3712 /* If this is passive interface, do not send OSPF Hello. */
3713 if (OSPF_IF_PASSIVE_STATUS(oi) == OSPF_IF_PASSIVE)
3714 return;
3715
3716 if (oi->type != OSPF_IFTYPE_NBMA)
3717 return;
3718
3719 if (nbr_nbma->nbr != NULL && nbr_nbma->nbr->state != NSM_Down)
3720 return;
3721
3722 if (PRIORITY(oi) == 0)
3723 return;
3724
3725 if (nbr_nbma->priority == 0 && oi->state != ISM_DR
3726 && oi->state != ISM_Backup)
3727 return;
3728
3729 ospf_hello_send_sub(oi, nbr_nbma->addr.s_addr);
3730 }
3731
3732 void ospf_poll_timer(struct thread *thread)
3733 {
3734 struct ospf_nbr_nbma *nbr_nbma;
3735
3736 nbr_nbma = THREAD_ARG(thread);
3737 nbr_nbma->t_poll = NULL;
3738
3739 if (IS_DEBUG_OSPF(nsm, NSM_TIMERS))
3740 zlog_debug("NSM[%s:%pI4]: Timer (Poll timer expire)",
3741 IF_NAME(nbr_nbma->oi), &nbr_nbma->addr);
3742
3743 ospf_poll_send(nbr_nbma);
3744
3745 if (nbr_nbma->v_poll > 0)
3746 OSPF_POLL_TIMER_ON(nbr_nbma->t_poll, ospf_poll_timer,
3747 nbr_nbma->v_poll);
3748 }
3749
3750
3751 void ospf_hello_reply_timer(struct thread *thread)
3752 {
3753 struct ospf_neighbor *nbr;
3754
3755 nbr = THREAD_ARG(thread);
3756 nbr->t_hello_reply = NULL;
3757
3758 if (IS_DEBUG_OSPF(nsm, NSM_TIMERS))
3759 zlog_debug("NSM[%s:%pI4]: Timer (hello-reply timer expire)",
3760 IF_NAME(nbr->oi), &nbr->router_id);
3761
3762 ospf_hello_send_sub(nbr->oi, nbr->address.u.prefix4.s_addr);
3763 }
3764
3765 /* Send OSPF Hello. */
3766 void ospf_hello_send(struct ospf_interface *oi)
3767 {
3768 /* If this is passive interface, do not send OSPF Hello. */
3769 if (OSPF_IF_PASSIVE_STATUS(oi) == OSPF_IF_PASSIVE)
3770 return;
3771
3772 if (oi->type == OSPF_IFTYPE_NBMA) {
3773 struct ospf_neighbor *nbr;
3774 struct route_node *rn;
3775
3776 for (rn = route_top(oi->nbrs); rn; rn = route_next(rn)) {
3777 nbr = rn->info;
3778 if (!nbr)
3779 continue;
3780
3781 if (nbr == oi->nbr_self)
3782 continue;
3783
3784 if (nbr->state == NSM_Down)
3785 continue;
3786
3787 /*
3788 * RFC 2328 Section 9.5.1
3789 * If the router is not eligible to become Designated
3790 * Router, it must periodically send Hello Packets to
3791 * both the Designated Router and the Backup
3792 * Designated Router (if they exist).
3793 */
3794 if (PRIORITY(oi) == 0 &&
3795 IPV4_ADDR_CMP(&DR(oi), &nbr->address.u.prefix4) &&
3796 IPV4_ADDR_CMP(&BDR(oi), &nbr->address.u.prefix4))
3797 continue;
3798
3799 /*
3800 * If the router is eligible to become Designated
3801 * Router, it must periodically send Hello Packets to
3802 * all neighbors that are also eligible. In addition,
3803 * if the router is itself the Designated Router or
3804 * Backup Designated Router, it must also send periodic
3805 * Hello Packets to all other neighbors.
3806 */
3807 if (nbr->priority == 0 && oi->state == ISM_DROther)
3808 continue;
3809
3810 /* if oi->state == Waiting, send
3811 * hello to all neighbors */
3812 ospf_hello_send_sub(oi, nbr->address.u.prefix4.s_addr);
3813 }
3814 } else {
3815 /* Decide destination address. */
3816 if (oi->type == OSPF_IFTYPE_VIRTUALLINK)
3817 ospf_hello_send_sub(oi, oi->vl_data->peer_addr.s_addr);
3818 else
3819 ospf_hello_send_sub(oi, htonl(OSPF_ALLSPFROUTERS));
3820 }
3821 }
3822
3823 /* Send OSPF Database Description. */
3824 void ospf_db_desc_send(struct ospf_neighbor *nbr)
3825 {
3826 struct ospf_interface *oi;
3827 struct ospf_packet *op;
3828 uint16_t length = OSPF_HEADER_SIZE;
3829
3830 oi = nbr->oi;
3831 op = ospf_packet_new(oi->ifp->mtu);
3832
3833 /* Prepare OSPF common header. */
3834 ospf_make_header(OSPF_MSG_DB_DESC, oi, op->s);
3835
3836 /* Prepare OSPF Database Description body. */
3837 length += ospf_make_db_desc(oi, nbr, op->s);
3838
3839 /* Fill OSPF header. */
3840 ospf_fill_header(oi, op->s, length);
3841
3842 /* Set packet length. */
3843 op->length = length;
3844
3845 /* Decide destination address. */
3846 if (oi->type == OSPF_IFTYPE_POINTOPOINT)
3847 op->dst.s_addr = htonl(OSPF_ALLSPFROUTERS);
3848 else
3849 op->dst = nbr->address.u.prefix4;
3850
3851 /* Add packet to the interface output queue. */
3852 ospf_packet_add(oi, op);
3853
3854 /* Hook thread to write packet. */
3855 OSPF_ISM_WRITE_ON(oi->ospf);
3856
3857 /* Remove old DD packet, then copy new one and keep in neighbor
3858 * structure. */
3859 if (nbr->last_send)
3860 ospf_packet_free(nbr->last_send);
3861 nbr->last_send = ospf_packet_dup(op);
3862 monotime(&nbr->last_send_ts);
3863 if (CHECK_FLAG(oi->ospf->config, OSPF_LOG_ADJACENCY_DETAIL))
3864 zlog_info(
3865 "%s:Packet[DD]: %pI4 DB Desc send with seqnum:%x , flags:%x",
3866 ospf_get_name(oi->ospf), &nbr->router_id,
3867 nbr->dd_seqnum, nbr->dd_flags);
3868 }
3869
3870 /* Re-send Database Description. */
3871 void ospf_db_desc_resend(struct ospf_neighbor *nbr)
3872 {
3873 struct ospf_interface *oi;
3874
3875 oi = nbr->oi;
3876
3877 /* Add packet to the interface output queue. */
3878 ospf_packet_add(oi, ospf_packet_dup(nbr->last_send));
3879
3880 /* Hook thread to write packet. */
3881 OSPF_ISM_WRITE_ON(oi->ospf);
3882 if (CHECK_FLAG(oi->ospf->config, OSPF_LOG_ADJACENCY_DETAIL))
3883 zlog_info(
3884 "%s:Packet[DD]: %pI4 DB Desc resend with seqnum:%x , flags:%x",
3885 ospf_get_name(oi->ospf), &nbr->router_id,
3886 nbr->dd_seqnum, nbr->dd_flags);
3887 }
3888
3889 /* Send Link State Request. */
3890 void ospf_ls_req_send(struct ospf_neighbor *nbr)
3891 {
3892 struct ospf_interface *oi;
3893 struct ospf_packet *op;
3894 uint16_t length = OSPF_HEADER_SIZE;
3895
3896 oi = nbr->oi;
3897 op = ospf_packet_new(oi->ifp->mtu);
3898
3899 /* Prepare OSPF common header. */
3900 ospf_make_header(OSPF_MSG_LS_REQ, oi, op->s);
3901
3902 /* Prepare OSPF Link State Request body. */
3903 length += ospf_make_ls_req(nbr, op->s);
3904 if (length == OSPF_HEADER_SIZE) {
3905 ospf_packet_free(op);
3906 return;
3907 }
3908
3909 /* Fill OSPF header. */
3910 ospf_fill_header(oi, op->s, length);
3911
3912 /* Set packet length. */
3913 op->length = length;
3914
3915 /* Decide destination address. */
3916 if (oi->type == OSPF_IFTYPE_POINTOPOINT)
3917 op->dst.s_addr = htonl(OSPF_ALLSPFROUTERS);
3918 else
3919 op->dst = nbr->address.u.prefix4;
3920
3921 /* Add packet to the interface output queue. */
3922 ospf_packet_add(oi, op);
3923
3924 /* Hook thread to write packet. */
3925 OSPF_ISM_WRITE_ON(oi->ospf);
3926
3927 /* Add Link State Request Retransmission Timer. */
3928 OSPF_NSM_TIMER_ON(nbr->t_ls_req, ospf_ls_req_timer, nbr->v_ls_req);
3929 }
3930
3931 /* Send Link State Update with an LSA. */
3932 void ospf_ls_upd_send_lsa(struct ospf_neighbor *nbr, struct ospf_lsa *lsa,
3933 int flag)
3934 {
3935 struct list *update;
3936
3937 update = list_new();
3938
3939 listnode_add(update, lsa);
3940
3941 /*ospf instance is going down, send self originated
3942 * MAXAGE LSA update to neighbors to remove from LSDB */
3943 if (nbr->oi->ospf->inst_shutdown && IS_LSA_MAXAGE(lsa))
3944 ospf_ls_upd_send(nbr, update, flag, 1);
3945 else
3946 ospf_ls_upd_send(nbr, update, flag, 0);
3947
3948 list_delete(&update);
3949 }
3950
3951 /* Determine size for packet. Must be at least big enough to accommodate next
3952 * LSA on list, which may be bigger than MTU size.
3953 *
3954 * Return pointer to new ospf_packet
3955 * NULL if we can not allocate, eg because LSA is bigger than imposed limit
3956 * on packet sizes (in which case offending LSA is deleted from update list)
3957 */
3958 static struct ospf_packet *ospf_ls_upd_packet_new(struct list *update,
3959 struct ospf_interface *oi)
3960 {
3961 struct ospf_lsa *lsa;
3962 struct listnode *ln;
3963 size_t size;
3964 static char warned = 0;
3965
3966 lsa = listgetdata((ln = listhead(update)));
3967 assert(lsa->data);
3968
3969 if ((OSPF_LS_UPD_MIN_SIZE + ntohs(lsa->data->length))
3970 > ospf_packet_max(oi)) {
3971 if (!warned) {
3972 flog_warn(
3973 EC_OSPF_LARGE_LSA,
3974 "%s: oversized LSA encountered!will need to fragment. Not optimal. Try divide up your network with areas. Use 'debug ospf packet send' to see details, or look at 'show ip ospf database ..'",
3975 __func__);
3976 warned = 1;
3977 }
3978
3979 if (IS_DEBUG_OSPF_PACKET(0, SEND))
3980 zlog_debug(
3981 "%s: oversized LSA id:%pI4, %d bytes originated by %pI4, will be fragmented!",
3982 __func__, &lsa->data->id,
3983 ntohs(lsa->data->length),
3984 &lsa->data->adv_router);
3985
3986 /*
3987 * Allocate just enough to fit this LSA only, to avoid including
3988 * other
3989 * LSAs in fragmented LSA Updates.
3990 */
3991 size = ntohs(lsa->data->length)
3992 + (oi->ifp->mtu - ospf_packet_max(oi))
3993 + OSPF_LS_UPD_MIN_SIZE;
3994 } else
3995 size = oi->ifp->mtu;
3996
3997 if (size > OSPF_MAX_PACKET_SIZE) {
3998 flog_warn(
3999 EC_OSPF_LARGE_LSA,
4000 "%s: oversized LSA id:%pI4 too big, %d bytes, packet size %ld, dropping it completely. OSPF routing is broken!",
4001 __func__, &lsa->data->id, ntohs(lsa->data->length),
4002 (long int)size);
4003 list_delete_node(update, ln);
4004 return NULL;
4005 }
4006
4007 /* IP header is built up separately by ospf_write(). This means, that we
4008 * must
4009 * reduce the "affordable" size just calculated by length of an IP
4010 * header.
4011 * This makes sure, that even if we manage to fill the payload with LSA
4012 * data
4013 * completely, the final packet (our data plus IP header) still fits
4014 * into
4015 * outgoing interface MTU. This correction isn't really meaningful for
4016 * an
4017 * oversized LSA, but for consistency the correction is done for both
4018 * cases.
4019 *
4020 * P.S. OSPF_MAX_PACKET_SIZE above already includes IP header size
4021 */
4022 return ospf_packet_new(size - sizeof(struct ip));
4023 }
4024
4025 static void ospf_ls_upd_queue_send(struct ospf_interface *oi,
4026 struct list *update, struct in_addr addr,
4027 int send_lsupd_now)
4028 {
4029 struct ospf_packet *op;
4030 uint16_t length = OSPF_HEADER_SIZE;
4031
4032 if (IS_DEBUG_OSPF_EVENT)
4033 zlog_debug("listcount = %d, [%s]dst %pI4", listcount(update),
4034 IF_NAME(oi), &addr);
4035
4036 /* Check that we have really something to process */
4037 if (listcount(update) == 0)
4038 return;
4039
4040 op = ospf_ls_upd_packet_new(update, oi);
4041
4042 /* Prepare OSPF common header. */
4043 ospf_make_header(OSPF_MSG_LS_UPD, oi, op->s);
4044
4045 /* Prepare OSPF Link State Update body.
4046 * Includes Type-7 translation.
4047 */
4048 length += ospf_make_ls_upd(oi, update, op->s);
4049
4050 /* Fill OSPF header. */
4051 ospf_fill_header(oi, op->s, length);
4052
4053 /* Set packet length. */
4054 op->length = length;
4055
4056 /* Decide destination address. */
4057 if (oi->type == OSPF_IFTYPE_POINTOPOINT)
4058 op->dst.s_addr = htonl(OSPF_ALLSPFROUTERS);
4059 else
4060 op->dst.s_addr = addr.s_addr;
4061
4062 /* Add packet to the interface output queue. */
4063 ospf_packet_add(oi, op);
4064 /* Call ospf_write() right away to send ospf packets to neighbors */
4065 if (send_lsupd_now) {
4066 struct thread os_packet_thd;
4067
4068 os_packet_thd.arg = (void *)oi->ospf;
4069 if (oi->on_write_q == 0) {
4070 listnode_add(oi->ospf->oi_write_q, oi);
4071 oi->on_write_q = 1;
4072 }
4073 ospf_write(&os_packet_thd);
4074 /*
4075 * We are fake calling ospf_write with a fake
4076 * thread. Imagine that we have oi_a already
4077 * enqueued and we have turned on the write
4078 * thread(t_write).
4079 * Now this function calls this for oi_b
4080 * so the on_write_q has oi_a and oi_b on
4081 * it, ospf_write runs and clears the packets
4082 * for both oi_a and oi_b. Removing them from
4083 * the on_write_q. After this thread of execution
4084 * finishes we will execute the t_write thread
4085 * with nothing in the on_write_q causing an
4086 * assert. So just make sure that the t_write
4087 * is actually turned off.
4088 */
4089 if (list_isempty(oi->ospf->oi_write_q))
4090 THREAD_OFF(oi->ospf->t_write);
4091 } else {
4092 /* Hook thread to write packet. */
4093 OSPF_ISM_WRITE_ON(oi->ospf);
4094 }
4095 }
4096
4097 static void ospf_ls_upd_send_queue_event(struct thread *thread)
4098 {
4099 struct ospf_interface *oi = THREAD_ARG(thread);
4100 struct route_node *rn;
4101 struct route_node *rnext;
4102 struct list *update;
4103 char again = 0;
4104
4105 oi->t_ls_upd_event = NULL;
4106
4107 if (IS_DEBUG_OSPF_EVENT)
4108 zlog_debug("%s start", __func__);
4109
4110 for (rn = route_top(oi->ls_upd_queue); rn; rn = rnext) {
4111 rnext = route_next(rn);
4112
4113 if (rn->info == NULL)
4114 continue;
4115
4116 update = (struct list *)rn->info;
4117
4118 ospf_ls_upd_queue_send(oi, update, rn->p.u.prefix4, 0);
4119
4120 /* list might not be empty. */
4121 if (listcount(update) == 0) {
4122 list_delete((struct list **)&rn->info);
4123 route_unlock_node(rn);
4124 } else
4125 again = 1;
4126 }
4127
4128 if (again != 0) {
4129 if (IS_DEBUG_OSPF_EVENT)
4130 zlog_debug(
4131 "%s: update lists not cleared, %d nodes to try again, raising new event",
4132 __func__, again);
4133 oi->t_ls_upd_event = NULL;
4134 thread_add_event(master, ospf_ls_upd_send_queue_event, oi, 0,
4135 &oi->t_ls_upd_event);
4136 }
4137
4138 if (IS_DEBUG_OSPF_EVENT)
4139 zlog_debug("%s stop", __func__);
4140 }
4141
4142 void ospf_ls_upd_send(struct ospf_neighbor *nbr, struct list *update, int flag,
4143 int send_lsupd_now)
4144 {
4145 struct ospf_interface *oi;
4146 struct ospf_lsa *lsa;
4147 struct prefix_ipv4 p;
4148 struct route_node *rn;
4149 struct listnode *node;
4150
4151 oi = nbr->oi;
4152
4153 p.family = AF_INET;
4154 p.prefixlen = IPV4_MAX_BITLEN;
4155
4156 /* Decide destination address. */
4157 if (oi->type == OSPF_IFTYPE_VIRTUALLINK)
4158 p.prefix = oi->vl_data->peer_addr;
4159 else if (oi->type == OSPF_IFTYPE_POINTOPOINT)
4160 p.prefix.s_addr = htonl(OSPF_ALLSPFROUTERS);
4161 else if (flag == OSPF_SEND_PACKET_DIRECT)
4162 p.prefix = nbr->address.u.prefix4;
4163 else if (oi->state == ISM_DR || oi->state == ISM_Backup)
4164 p.prefix.s_addr = htonl(OSPF_ALLSPFROUTERS);
4165 else if (oi->type == OSPF_IFTYPE_POINTOMULTIPOINT)
4166 p.prefix.s_addr = htonl(OSPF_ALLSPFROUTERS);
4167 else
4168 p.prefix.s_addr = htonl(OSPF_ALLDROUTERS);
4169
4170 if (oi->type == OSPF_IFTYPE_NBMA) {
4171 if (flag == OSPF_SEND_PACKET_INDIRECT)
4172 flog_warn(
4173 EC_OSPF_PACKET,
4174 "* LS-Update is directly sent on NBMA network.");
4175 if (IPV4_ADDR_SAME(&oi->address->u.prefix4, &p.prefix))
4176 flog_warn(EC_OSPF_PACKET,
4177 "* LS-Update is sent to myself.");
4178 }
4179
4180 rn = route_node_get(oi->ls_upd_queue, (struct prefix *)&p);
4181
4182 if (rn->info == NULL)
4183 rn->info = list_new();
4184 else
4185 route_unlock_node(rn);
4186
4187 for (ALL_LIST_ELEMENTS_RO(update, node, lsa))
4188 listnode_add(rn->info,
4189 ospf_lsa_lock(lsa)); /* oi->ls_upd_queue */
4190 if (send_lsupd_now) {
4191 struct list *send_update_list;
4192 struct route_node *rnext;
4193
4194 for (rn = route_top(oi->ls_upd_queue); rn; rn = rnext) {
4195 rnext = route_next(rn);
4196
4197 if (rn->info == NULL)
4198 continue;
4199
4200 send_update_list = (struct list *)rn->info;
4201
4202 ospf_ls_upd_queue_send(oi, send_update_list,
4203 rn->p.u.prefix4, 1);
4204 }
4205 } else
4206 thread_add_event(master, ospf_ls_upd_send_queue_event, oi, 0,
4207 &oi->t_ls_upd_event);
4208 }
4209
4210 static void ospf_ls_ack_send_list(struct ospf_interface *oi, struct list *ack,
4211 struct in_addr dst)
4212 {
4213 struct ospf_packet *op;
4214 uint16_t length = OSPF_HEADER_SIZE;
4215
4216 op = ospf_packet_new(oi->ifp->mtu);
4217
4218 /* Prepare OSPF common header. */
4219 ospf_make_header(OSPF_MSG_LS_ACK, oi, op->s);
4220
4221 /* Prepare OSPF Link State Acknowledgment body. */
4222 length += ospf_make_ls_ack(oi, ack, op->s);
4223
4224 /* Fill OSPF header. */
4225 ospf_fill_header(oi, op->s, length);
4226
4227 /* Set packet length. */
4228 op->length = length;
4229
4230 /* Decide destination address. */
4231 if (oi->type == OSPF_IFTYPE_POINTOPOINT ||
4232 oi->type == OSPF_IFTYPE_POINTOMULTIPOINT)
4233 op->dst.s_addr = htonl(OSPF_ALLSPFROUTERS);
4234 else
4235 op->dst.s_addr = dst.s_addr;
4236
4237 /* Add packet to the interface output queue. */
4238 ospf_packet_add(oi, op);
4239
4240 /* Hook thread to write packet. */
4241 OSPF_ISM_WRITE_ON(oi->ospf);
4242 }
4243
4244 static void ospf_ls_ack_send_event(struct thread *thread)
4245 {
4246 struct ospf_interface *oi = THREAD_ARG(thread);
4247
4248 oi->t_ls_ack_direct = NULL;
4249
4250 while (listcount(oi->ls_ack_direct.ls_ack))
4251 ospf_ls_ack_send_list(oi, oi->ls_ack_direct.ls_ack,
4252 oi->ls_ack_direct.dst);
4253 }
4254
4255 void ospf_ls_ack_send(struct ospf_neighbor *nbr, struct ospf_lsa *lsa)
4256 {
4257 struct ospf_interface *oi = nbr->oi;
4258
4259 if (IS_GRACE_LSA(lsa)) {
4260 if (IS_DEBUG_OSPF_GR)
4261 zlog_debug("%s, Sending GRACE ACK to Restarter.",
4262 __func__);
4263 }
4264
4265 if (listcount(oi->ls_ack_direct.ls_ack) == 0)
4266 oi->ls_ack_direct.dst = nbr->address.u.prefix4;
4267
4268 listnode_add(oi->ls_ack_direct.ls_ack, ospf_lsa_lock(lsa));
4269
4270 thread_add_event(master, ospf_ls_ack_send_event, oi, 0,
4271 &oi->t_ls_ack_direct);
4272 }
4273
4274 /* Send Link State Acknowledgment delayed. */
4275 void ospf_ls_ack_send_delayed(struct ospf_interface *oi)
4276 {
4277 struct in_addr dst;
4278
4279 /* Decide destination address. */
4280 /* RFC2328 Section 13.5 On non-broadcast
4281 networks, delayed Link State Acknowledgment packets must be
4282 unicast separately over each adjacency (i.e., neighbor whose
4283 state is >= Exchange). */
4284 if (oi->type == OSPF_IFTYPE_NBMA) {
4285 struct ospf_neighbor *nbr;
4286 struct route_node *rn;
4287
4288 for (rn = route_top(oi->nbrs); rn; rn = route_next(rn)) {
4289 nbr = rn->info;
4290
4291 if (!nbr)
4292 continue;
4293
4294 if (nbr != oi->nbr_self && nbr->state >= NSM_Exchange)
4295 while (listcount(oi->ls_ack))
4296 ospf_ls_ack_send_list(
4297 oi, oi->ls_ack,
4298 nbr->address.u.prefix4);
4299 }
4300 return;
4301 }
4302 if (oi->type == OSPF_IFTYPE_VIRTUALLINK)
4303 dst.s_addr = oi->vl_data->peer_addr.s_addr;
4304 else if (oi->state == ISM_DR || oi->state == ISM_Backup)
4305 dst.s_addr = htonl(OSPF_ALLSPFROUTERS);
4306 else if (oi->type == OSPF_IFTYPE_POINTOPOINT)
4307 dst.s_addr = htonl(OSPF_ALLSPFROUTERS);
4308 else if (oi->type == OSPF_IFTYPE_POINTOMULTIPOINT)
4309 dst.s_addr = htonl(OSPF_ALLSPFROUTERS);
4310 else
4311 dst.s_addr = htonl(OSPF_ALLDROUTERS);
4312
4313 while (listcount(oi->ls_ack))
4314 ospf_ls_ack_send_list(oi, oi->ls_ack, dst);
4315 }
4316
4317 /*
4318 * On pt-to-pt links, all OSPF control packets are sent to the multicast
4319 * address. As a result, the kernel does not need to learn the interface
4320 * MAC of the OSPF neighbor. However, in our world, this will delay
4321 * convergence. Take the case when due to a link flap, all routes now
4322 * want to use an interface which was deemed to be costlier prior to this
4323 * event. For routes that will be installed, the missing MAC will have
4324 * punt-to-CPU set on them. This may overload the CPU control path that
4325 * can be avoided if the MAC was known apriori.
4326 */
4327 void ospf_proactively_arp(struct ospf_neighbor *nbr)
4328 {
4329 if (!nbr || !nbr->oi->ospf->proactive_arp)
4330 return;
4331
4332 ospf_zebra_send_arp(nbr->oi->ifp, &nbr->address);
4333 }
FRRouting mirror