]> git.proxmox.com Git - mirror_frr.git/blob - ospfd/ospf_packet.c
projects / mirror_frr.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge pull request #12210 from louis-6wind/fix-link-params-coverity
[mirror_frr.git] / ospfd / ospf_packet.c
1 /*
2 * OSPF Sending and Receiving OSPF Packets.
3 * Copyright (C) 1999, 2000 Toshiaki Takada
4 *
5 * This file is part of GNU Zebra.
6 *
7 * GNU Zebra is free software; you can redistribute it and/or modify it
8 * under the terms of the GNU General Public License as published by the
9 * Free Software Foundation; either version 2, or (at your option) any
10 * later version.
11 *
12 * GNU Zebra is distributed in the hope that it will be useful, but
13 * WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15 * General Public License for more details.
16 *
17 * You should have received a copy of the GNU General Public License along
18 * with this program; see the file COPYING; if not, write to the Free Software
19 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
20 */
21
22 #include <zebra.h>
23
24 #include "monotime.h"
25 #include "thread.h"
26 #include "memory.h"
27 #include "linklist.h"
28 #include "prefix.h"
29 #include "if.h"
30 #include "table.h"
31 #include "sockunion.h"
32 #include "stream.h"
33 #include "log.h"
34 #include "sockopt.h"
35 #include "checksum.h"
36 #ifdef CRYPTO_INTERNAL
37 #include "md5.h"
38 #endif
39 #include "vrf.h"
40 #include "lib_errors.h"
41
42 #include "ospfd/ospfd.h"
43 #include "ospfd/ospf_network.h"
44 #include "ospfd/ospf_interface.h"
45 #include "ospfd/ospf_ism.h"
46 #include "ospfd/ospf_asbr.h"
47 #include "ospfd/ospf_lsa.h"
48 #include "ospfd/ospf_lsdb.h"
49 #include "ospfd/ospf_neighbor.h"
50 #include "ospfd/ospf_nsm.h"
51 #include "ospfd/ospf_packet.h"
52 #include "ospfd/ospf_spf.h"
53 #include "ospfd/ospf_flood.h"
54 #include "ospfd/ospf_dump.h"
55 #include "ospfd/ospf_errors.h"
56 #include "ospfd/ospf_zebra.h"
57 #include "ospfd/ospf_gr.h"
58
59 /*
60 * OSPF Fragmentation / fragmented writes
61 *
62 * ospfd can support writing fragmented packets, for cases where
63 * kernel will not fragment IP_HDRINCL and/or multicast destined
64 * packets (ie TTBOMK all kernels, BSD, SunOS, Linux). However,
65 * SunOS, probably BSD too, clobber the user supplied IP ID and IP
66 * flags fields, hence user-space fragmentation will not work.
67 * Only Linux is known to leave IP header unmolested.
68 * Further, fragmentation really should be done the kernel, which already
69 * supports it, and which avoids nasty IP ID state problems.
70 *
71 * Fragmentation of OSPF packets can be required on networks with router
72 * with many many interfaces active in one area, or on networks with links
73 * with low MTUs.
74 */
75 #ifdef GNU_LINUX
76 #define WANT_OSPF_WRITE_FRAGMENT
77 #endif
78
79 /* Packet Type String. */
80 const struct message ospf_packet_type_str[] = {
81 {OSPF_MSG_HELLO, "Hello"},
82 {OSPF_MSG_DB_DESC, "Database Description"},
83 {OSPF_MSG_LS_REQ, "Link State Request"},
84 {OSPF_MSG_LS_UPD, "Link State Update"},
85 {OSPF_MSG_LS_ACK, "Link State Acknowledgment"},
86 {0}};
87
88 /* Minimum (besides OSPF_HEADER_SIZE) lengths for OSPF packets of
89 particular types, offset is the "type" field of a packet. */
90 static const uint16_t ospf_packet_minlen[] = {
91 0,
92 OSPF_HELLO_MIN_SIZE,
93 OSPF_DB_DESC_MIN_SIZE,
94 OSPF_LS_REQ_MIN_SIZE,
95 OSPF_LS_UPD_MIN_SIZE,
96 OSPF_LS_ACK_MIN_SIZE,
97 };
98
99 /* Minimum (besides OSPF_LSA_HEADER_SIZE) lengths for LSAs of particular
100 types, offset is the "LSA type" field. */
101 static const uint16_t ospf_lsa_minlen[] = {
102 0, /* OSPF_UNKNOWN_LSA */
103 OSPF_ROUTER_LSA_MIN_SIZE, /* OSPF_ROUTER_LSA */
104 OSPF_NETWORK_LSA_MIN_SIZE, /* OSPF_NETWORK_LSA */
105 OSPF_SUMMARY_LSA_MIN_SIZE, /* OSPF_SUMMARY_LSA */
106 OSPF_SUMMARY_LSA_MIN_SIZE, /* OSPF_ASBR_SUMMARY_LSA */
107 OSPF_AS_EXTERNAL_LSA_MIN_SIZE, /* OSPF_AS_EXTERNAL_LSA */
108 0, /* Unsupported, OSPF_GROUP_MEMBER_LSA */
109 OSPF_AS_EXTERNAL_LSA_MIN_SIZE, /* OSPF_AS_NSSA_LSA */
110 0, /* Unsupported, OSPF_EXTERNAL_ATTRIBURES_LSA */
111 OSPF_OPAQUE_LSA_MIN_SIZE, /* OSPF_OPAQUE_LINK_LSA */
112 OSPF_OPAQUE_LSA_MIN_SIZE, /* OSPF_OPAQUE_AREA_LSA */
113 OSPF_OPAQUE_LSA_MIN_SIZE, /* OSPF_OPAQUE_AS_LSA */
114 };
115
116 /* for ospf_check_auth() */
117 static int ospf_check_sum(struct ospf_header *);
118
119 /* OSPF authentication checking function */
120 static int ospf_auth_type(struct ospf_interface *oi)
121 {
122 int auth_type;
123
124 if (OSPF_IF_PARAM(oi, auth_type) == OSPF_AUTH_NOTSET)
125 auth_type = oi->area->auth_type;
126 else
127 auth_type = OSPF_IF_PARAM(oi, auth_type);
128
129 /* Handle case where MD5 key list is not configured aka Cisco */
130 if (auth_type == OSPF_AUTH_CRYPTOGRAPHIC
131 && list_isempty(OSPF_IF_PARAM(oi, auth_crypt)))
132 return OSPF_AUTH_NULL;
133
134 return auth_type;
135 }
136
137 static struct ospf_packet *ospf_packet_new(size_t size)
138 {
139 struct ospf_packet *new;
140
141 new = XCALLOC(MTYPE_OSPF_PACKET, sizeof(struct ospf_packet));
142 new->s = stream_new(size);
143
144 return new;
145 }
146
147 void ospf_packet_free(struct ospf_packet *op)
148 {
149 if (op->s)
150 stream_free(op->s);
151
152 XFREE(MTYPE_OSPF_PACKET, op);
153 }
154
155 struct ospf_fifo *ospf_fifo_new(void)
156 {
157 struct ospf_fifo *new;
158
159 new = XCALLOC(MTYPE_OSPF_FIFO, sizeof(struct ospf_fifo));
160 return new;
161 }
162
163 /* Add new packet to fifo. */
164 void ospf_fifo_push(struct ospf_fifo *fifo, struct ospf_packet *op)
165 {
166 if (fifo->tail)
167 fifo->tail->next = op;
168 else
169 fifo->head = op;
170
171 fifo->tail = op;
172
173 fifo->count++;
174 }
175
176 /* Add new packet to head of fifo. */
177 static void ospf_fifo_push_head(struct ospf_fifo *fifo, struct ospf_packet *op)
178 {
179 op->next = fifo->head;
180
181 if (fifo->tail == NULL)
182 fifo->tail = op;
183
184 fifo->head = op;
185
186 fifo->count++;
187 }
188
189 /* Delete first packet from fifo. */
190 struct ospf_packet *ospf_fifo_pop(struct ospf_fifo *fifo)
191 {
192 struct ospf_packet *op;
193
194 op = fifo->head;
195
196 if (op) {
197 fifo->head = op->next;
198
199 if (fifo->head == NULL)
200 fifo->tail = NULL;
201
202 fifo->count--;
203 }
204
205 return op;
206 }
207
208 /* Return first fifo entry. */
209 struct ospf_packet *ospf_fifo_head(struct ospf_fifo *fifo)
210 {
211 return fifo->head;
212 }
213
214 /* Flush ospf packet fifo. */
215 void ospf_fifo_flush(struct ospf_fifo *fifo)
216 {
217 struct ospf_packet *op;
218 struct ospf_packet *next;
219
220 for (op = fifo->head; op; op = next) {
221 next = op->next;
222 ospf_packet_free(op);
223 }
224 fifo->head = fifo->tail = NULL;
225 fifo->count = 0;
226 }
227
228 /* Free ospf packet fifo. */
229 void ospf_fifo_free(struct ospf_fifo *fifo)
230 {
231 ospf_fifo_flush(fifo);
232
233 XFREE(MTYPE_OSPF_FIFO, fifo);
234 }
235
236 static void ospf_packet_add(struct ospf_interface *oi, struct ospf_packet *op)
237 {
238 /* Add packet to end of queue. */
239 ospf_fifo_push(oi->obuf, op);
240
241 /* Debug of packet fifo*/
242 /* ospf_fifo_debug (oi->obuf); */
243 }
244
245 static void ospf_packet_add_top(struct ospf_interface *oi,
246 struct ospf_packet *op)
247 {
248 /* Add packet to head of queue. */
249 ospf_fifo_push_head(oi->obuf, op);
250
251 /* Debug of packet fifo*/
252 /* ospf_fifo_debug (oi->obuf); */
253 }
254
255 static void ospf_packet_delete(struct ospf_interface *oi)
256 {
257 struct ospf_packet *op;
258
259 op = ospf_fifo_pop(oi->obuf);
260
261 if (op)
262 ospf_packet_free(op);
263 }
264
265 static struct ospf_packet *ospf_packet_dup(struct ospf_packet *op)
266 {
267 struct ospf_packet *new;
268
269 if (stream_get_endp(op->s) != op->length)
270 /* XXX size_t */
271 zlog_debug(
272 "ospf_packet_dup stream %lu ospf_packet %u size mismatch",
273 (unsigned long)STREAM_SIZE(op->s), op->length);
274
275 /* Reserve space for MD5 authentication that may be added later. */
276 new = ospf_packet_new(stream_get_endp(op->s) + OSPF_AUTH_MD5_SIZE);
277 stream_copy(new->s, op->s);
278
279 new->dst = op->dst;
280 new->length = op->length;
281
282 return new;
283 }
284
285 /* XXX inline */
286 static unsigned int ospf_packet_authspace(struct ospf_interface *oi)
287 {
288 int auth = 0;
289
290 if (ospf_auth_type(oi) == OSPF_AUTH_CRYPTOGRAPHIC)
291 auth = OSPF_AUTH_MD5_SIZE;
292
293 return auth;
294 }
295
296 static unsigned int ospf_packet_max(struct ospf_interface *oi)
297 {
298 int max;
299
300 max = oi->ifp->mtu - ospf_packet_authspace(oi);
301
302 max -= (OSPF_HEADER_SIZE + sizeof(struct ip));
303
304 return max;
305 }
306
307
308 static int ospf_check_md5_digest(struct ospf_interface *oi,
309 struct ospf_header *ospfh)
310 {
311 #ifdef CRYPTO_OPENSSL
312 EVP_MD_CTX *ctx;
313 #elif CRYPTO_INTERNAL
314 MD5_CTX ctx;
315 #endif
316 unsigned char digest[OSPF_AUTH_MD5_SIZE];
317 struct crypt_key *ck;
318 struct ospf_neighbor *nbr;
319 uint16_t length = ntohs(ospfh->length);
320
321 /* Get secret key. */
322 ck = ospf_crypt_key_lookup(OSPF_IF_PARAM(oi, auth_crypt),
323 ospfh->u.crypt.key_id);
324 if (ck == NULL) {
325 flog_warn(EC_OSPF_MD5, "interface %s: ospf_check_md5 no key %d",
326 IF_NAME(oi), ospfh->u.crypt.key_id);
327 return 0;
328 }
329
330 /* check crypto seqnum. */
331 nbr = ospf_nbr_lookup_by_routerid(oi->nbrs, &ospfh->router_id);
332
333 if (nbr
334 && ntohl(nbr->crypt_seqnum) > ntohl(ospfh->u.crypt.crypt_seqnum)) {
335 flog_warn(
336 EC_OSPF_MD5,
337 "interface %s: ospf_check_md5 bad sequence %d (expect %d)",
338 IF_NAME(oi), ntohl(ospfh->u.crypt.crypt_seqnum),
339 ntohl(nbr->crypt_seqnum));
340 return 0;
341 }
342
343 /* Generate a digest for the ospf packet - their digest + our digest. */
344 #ifdef CRYPTO_OPENSSL
345 unsigned int md5_size = OSPF_AUTH_MD5_SIZE;
346 ctx = EVP_MD_CTX_new();
347 EVP_DigestInit(ctx, EVP_md5());
348 EVP_DigestUpdate(ctx, ospfh, length);
349 EVP_DigestUpdate(ctx, ck->auth_key, OSPF_AUTH_MD5_SIZE);
350 EVP_DigestFinal(ctx, digest, &md5_size);
351 EVP_MD_CTX_free(ctx);
352 #elif CRYPTO_INTERNAL
353 memset(&ctx, 0, sizeof(ctx));
354 MD5Init(&ctx);
355 MD5Update(&ctx, ospfh, length);
356 MD5Update(&ctx, ck->auth_key, OSPF_AUTH_MD5_SIZE);
357 MD5Final(digest, &ctx);
358 #endif
359
360 /* compare the two */
361 if (memcmp((caddr_t)ospfh + length, digest, OSPF_AUTH_MD5_SIZE)) {
362 flog_warn(EC_OSPF_MD5,
363 "interface %s: ospf_check_md5 checksum mismatch",
364 IF_NAME(oi));
365 return 0;
366 }
367
368 /* save neighbor's crypt_seqnum */
369 if (nbr)
370 nbr->crypt_seqnum = ospfh->u.crypt.crypt_seqnum;
371 return 1;
372 }
373
374 /* This function is called from ospf_write(), it will detect the
375 authentication scheme and if it is MD5, it will change the sequence
376 and update the MD5 digest. */
377 static int ospf_make_md5_digest(struct ospf_interface *oi,
378 struct ospf_packet *op)
379 {
380 struct ospf_header *ospfh;
381 unsigned char digest[OSPF_AUTH_MD5_SIZE] = {0};
382 #ifdef CRYPTO_OPENSSL
383 EVP_MD_CTX *ctx;
384 #elif CRYPTO_INTERNAL
385 MD5_CTX ctx;
386 #endif
387 void *ibuf;
388 uint32_t t;
389 struct crypt_key *ck;
390 const uint8_t *auth_key;
391
392 ibuf = STREAM_DATA(op->s);
393 ospfh = (struct ospf_header *)ibuf;
394
395 if (ntohs(ospfh->auth_type) != OSPF_AUTH_CRYPTOGRAPHIC)
396 return 0;
397
398 /* We do this here so when we dup a packet, we don't have to
399 waste CPU rewriting other headers.
400
401 Note that frr_time /deliberately/ is not used here */
402 t = (time(NULL) & 0xFFFFFFFF);
403 if (t > oi->crypt_seqnum)
404 oi->crypt_seqnum = t;
405 else
406 oi->crypt_seqnum++;
407
408 ospfh->u.crypt.crypt_seqnum = htonl(oi->crypt_seqnum);
409
410 /* Get MD5 Authentication key from auth_key list. */
411 if (list_isempty(OSPF_IF_PARAM(oi, auth_crypt)))
412 auth_key = (const uint8_t *)digest;
413 else {
414 ck = listgetdata(listtail(OSPF_IF_PARAM(oi, auth_crypt)));
415 auth_key = ck->auth_key;
416 }
417
418 /* Generate a digest for the entire packet + our secret key. */
419 #ifdef CRYPTO_OPENSSL
420 unsigned int md5_size = OSPF_AUTH_MD5_SIZE;
421 ctx = EVP_MD_CTX_new();
422 EVP_DigestInit(ctx, EVP_md5());
423 EVP_DigestUpdate(ctx, ibuf, ntohs(ospfh->length));
424 EVP_DigestUpdate(ctx, auth_key, OSPF_AUTH_MD5_SIZE);
425 EVP_DigestFinal(ctx, digest, &md5_size);
426 EVP_MD_CTX_free(ctx);
427 #elif CRYPTO_INTERNAL
428 memset(&ctx, 0, sizeof(ctx));
429 MD5Init(&ctx);
430 MD5Update(&ctx, ibuf, ntohs(ospfh->length));
431 MD5Update(&ctx, auth_key, OSPF_AUTH_MD5_SIZE);
432 MD5Final(digest, &ctx);
433 #endif
434
435 /* Append md5 digest to the end of the stream. */
436 stream_put(op->s, digest, OSPF_AUTH_MD5_SIZE);
437
438 /* We do *NOT* increment the OSPF header length. */
439 op->length = ntohs(ospfh->length) + OSPF_AUTH_MD5_SIZE;
440
441 if (stream_get_endp(op->s) != op->length)
442 /* XXX size_t */
443 flog_warn(EC_OSPF_MD5,
444 "%s: length mismatch stream %lu ospf_packet %u",
445 __func__, (unsigned long)stream_get_endp(op->s),
446 op->length);
447
448 return OSPF_AUTH_MD5_SIZE;
449 }
450
451
452 static void ospf_ls_req_timer(struct thread *thread)
453 {
454 struct ospf_neighbor *nbr;
455
456 nbr = THREAD_ARG(thread);
457 nbr->t_ls_req = NULL;
458
459 /* Send Link State Request. */
460 if (ospf_ls_request_count(nbr))
461 ospf_ls_req_send(nbr);
462
463 /* Set Link State Request retransmission timer. */
464 OSPF_NSM_TIMER_ON(nbr->t_ls_req, ospf_ls_req_timer, nbr->v_ls_req);
465 }
466
467 void ospf_ls_req_event(struct ospf_neighbor *nbr)
468 {
469 THREAD_OFF(nbr->t_ls_req);
470 thread_add_event(master, ospf_ls_req_timer, nbr, 0, &nbr->t_ls_req);
471 }
472
473 /* Cyclic timer function. Fist registered in ospf_nbr_new () in
474 ospf_neighbor.c */
475 void ospf_ls_upd_timer(struct thread *thread)
476 {
477 struct ospf_neighbor *nbr;
478
479 nbr = THREAD_ARG(thread);
480 nbr->t_ls_upd = NULL;
481
482 /* Send Link State Update. */
483 if (ospf_ls_retransmit_count(nbr) > 0) {
484 struct list *update;
485 struct ospf_lsdb *lsdb;
486 int i;
487 int retransmit_interval;
488
489 retransmit_interval =
490 OSPF_IF_PARAM(nbr->oi, retransmit_interval);
491
492 lsdb = &nbr->ls_rxmt;
493 update = list_new();
494
495 for (i = OSPF_MIN_LSA; i < OSPF_MAX_LSA; i++) {
496 struct route_table *table = lsdb->type[i].db;
497 struct route_node *rn;
498
499 for (rn = route_top(table); rn; rn = route_next(rn)) {
500 struct ospf_lsa *lsa;
501
502 if ((lsa = rn->info) != NULL) {
503 /* Don't retransmit an LSA if we
504 received it within
505 the last RxmtInterval seconds - this
506 is to allow the
507 neighbour a chance to acknowledge the
508 LSA as it may
509 have ben just received before the
510 retransmit timer
511 fired. This is a small tweak to what
512 is in the RFC,
513 but it will cut out out a lot of
514 retransmit traffic
515 - MAG */
516 if (monotime_since(&lsa->tv_recv, NULL)
517 >= retransmit_interval * 1000000LL)
518 listnode_add(update, rn->info);
519 }
520 }
521 }
522
523 if (listcount(update) > 0)
524 ospf_ls_upd_send(nbr, update, OSPF_SEND_PACKET_DIRECT,
525 0);
526 list_delete(&update);
527 }
528
529 /* Set LS Update retransmission timer. */
530 OSPF_NSM_TIMER_ON(nbr->t_ls_upd, ospf_ls_upd_timer, nbr->v_ls_upd);
531 }
532
533 void ospf_ls_ack_timer(struct thread *thread)
534 {
535 struct ospf_interface *oi;
536
537 oi = THREAD_ARG(thread);
538 oi->t_ls_ack = NULL;
539
540 /* Send Link State Acknowledgment. */
541 if (listcount(oi->ls_ack) > 0)
542 ospf_ls_ack_send_delayed(oi);
543
544 /* Set LS Ack timer. */
545 OSPF_ISM_TIMER_ON(oi->t_ls_ack, ospf_ls_ack_timer, oi->v_ls_ack);
546 }
547
548 #ifdef WANT_OSPF_WRITE_FRAGMENT
549 static void ospf_write_frags(int fd, struct ospf_packet *op, struct ip *iph,
550 struct msghdr *msg, unsigned int maxdatasize,
551 unsigned int mtu, int flags, uint8_t type)
552 {
553 #define OSPF_WRITE_FRAG_SHIFT 3
554 uint16_t offset;
555 struct iovec *iovp;
556 int ret;
557
558 assert(op->length == stream_get_endp(op->s));
559 assert(msg->msg_iovlen == 2);
560
561 /* we can but try.
562 *
563 * SunOS, BSD and BSD derived kernels likely will clear ip_id, as
564 * well as the IP_MF flag, making this all quite pointless.
565 *
566 * However, for a system on which IP_MF is left alone, and ip_id left
567 * alone or else which sets same ip_id for each fragment this might
568 * work, eg linux.
569 *
570 * XXX-TODO: It would be much nicer to have the kernel's use their
571 * existing fragmentation support to do this for us. Bugs/RFEs need to
572 * be raised against the various kernels.
573 */
574
575 /* set More Frag */
576 iph->ip_off |= IP_MF;
577
578 /* ip frag offset is expressed in units of 8byte words */
579 offset = maxdatasize >> OSPF_WRITE_FRAG_SHIFT;
580
581 iovp = &msg->msg_iov[1];
582
583 while ((stream_get_endp(op->s) - stream_get_getp(op->s))
584 > maxdatasize) {
585 /* data length of this frag is to next offset value */
586 iovp->iov_len = offset << OSPF_WRITE_FRAG_SHIFT;
587 iph->ip_len = iovp->iov_len + sizeof(struct ip);
588 assert(iph->ip_len <= mtu);
589
590 sockopt_iphdrincl_swab_htosys(iph);
591
592 ret = sendmsg(fd, msg, flags);
593
594 sockopt_iphdrincl_swab_systoh(iph);
595
596 if (ret < 0)
597 flog_err(
598 EC_LIB_SOCKET,
599 "*** %s: sendmsg failed to %pI4, id %d, off %d, len %d, mtu %u failed with %s",
600 __func__, &iph->ip_dst, iph->ip_id, iph->ip_off,
601 iph->ip_len, mtu, safe_strerror(errno));
602
603 if (IS_DEBUG_OSPF_PACKET(type - 1, SEND)) {
604 zlog_debug("%s: sent id %d, off %d, len %d to %pI4",
605 __func__, iph->ip_id, iph->ip_off,
606 iph->ip_len, &iph->ip_dst);
607 }
608
609 iph->ip_off += offset;
610 stream_forward_getp(op->s, iovp->iov_len);
611 iovp->iov_base = stream_pnt(op->s);
612 }
613
614 /* setup for final fragment */
615 iovp->iov_len = stream_get_endp(op->s) - stream_get_getp(op->s);
616 iph->ip_len = iovp->iov_len + sizeof(struct ip);
617 iph->ip_off &= (~IP_MF);
618 }
619 #endif /* WANT_OSPF_WRITE_FRAGMENT */
620
621 static void ospf_write(struct thread *thread)
622 {
623 struct ospf *ospf = THREAD_ARG(thread);
624 struct ospf_interface *oi;
625 struct ospf_packet *op;
626 struct sockaddr_in sa_dst;
627 struct ip iph;
628 struct msghdr msg;
629 struct iovec iov[2];
630 uint8_t type;
631 int ret;
632 int flags = 0;
633 struct listnode *node;
634 #ifdef WANT_OSPF_WRITE_FRAGMENT
635 static uint16_t ipid = 0;
636 uint16_t maxdatasize;
637 #endif /* WANT_OSPF_WRITE_FRAGMENT */
638 #define OSPF_WRITE_IPHL_SHIFT 2
639 int pkt_count = 0;
640
641 #ifdef GNU_LINUX
642 unsigned char cmsgbuf[64] = {};
643 struct cmsghdr *cm = (struct cmsghdr *)cmsgbuf;
644 struct in_pktinfo *pi;
645 #endif
646
647 if (ospf->fd < 0 || ospf->oi_running == 0) {
648 if (IS_DEBUG_OSPF_EVENT)
649 zlog_debug("%s failed to send, fd %d, instance %u",
650 __func__, ospf->fd, ospf->oi_running);
651 return;
652 }
653
654 node = listhead(ospf->oi_write_q);
655 assert(node);
656 oi = listgetdata(node);
657
658 #ifdef WANT_OSPF_WRITE_FRAGMENT
659 /* seed ipid static with low order bits of time */
660 if (ipid == 0)
661 ipid = (time(NULL) & 0xffff);
662 #endif /* WANT_OSPF_WRITE_FRAGMENT */
663
664 while ((pkt_count < ospf->write_oi_count) && oi) {
665 pkt_count++;
666 #ifdef WANT_OSPF_WRITE_FRAGMENT
667 /* convenience - max OSPF data per packet */
668 maxdatasize = oi->ifp->mtu - sizeof(struct ip);
669 #endif /* WANT_OSPF_WRITE_FRAGMENT */
670 /* Get one packet from queue. */
671 op = ospf_fifo_head(oi->obuf);
672 assert(op);
673 assert(op->length >= OSPF_HEADER_SIZE);
674
675 if (op->dst.s_addr == htonl(OSPF_ALLSPFROUTERS)
676 || op->dst.s_addr == htonl(OSPF_ALLDROUTERS))
677 ospf_if_ipmulticast(ospf, oi->address,
678 oi->ifp->ifindex);
679
680 /* Rewrite the md5 signature & update the seq */
681 ospf_make_md5_digest(oi, op);
682
683 /* Retrieve OSPF packet type. */
684 stream_set_getp(op->s, 1);
685 type = stream_getc(op->s);
686
687 /* reset get pointer */
688 stream_set_getp(op->s, 0);
689
690 memset(&iph, 0, sizeof(iph));
691 memset(&sa_dst, 0, sizeof(sa_dst));
692
693 sa_dst.sin_family = AF_INET;
694 #ifdef HAVE_STRUCT_SOCKADDR_IN_SIN_LEN
695 sa_dst.sin_len = sizeof(sa_dst);
696 #endif /* HAVE_STRUCT_SOCKADDR_IN_SIN_LEN */
697 sa_dst.sin_addr = op->dst;
698 sa_dst.sin_port = htons(0);
699
700 /* Set DONTROUTE flag if dst is unicast. */
701 if (oi->type != OSPF_IFTYPE_VIRTUALLINK)
702 if (!IN_MULTICAST(htonl(op->dst.s_addr)))
703 flags = MSG_DONTROUTE;
704
705 iph.ip_hl = sizeof(struct ip) >> OSPF_WRITE_IPHL_SHIFT;
706 /* it'd be very strange for header to not be 4byte-word aligned
707 * but.. */
708 if (sizeof(struct ip)
709 > (unsigned int)(iph.ip_hl << OSPF_WRITE_IPHL_SHIFT))
710 iph.ip_hl++; /* we presume sizeof(struct ip) cant
711 overflow ip_hl.. */
712
713 iph.ip_v = IPVERSION;
714 iph.ip_tos = IPTOS_PREC_INTERNETCONTROL;
715 iph.ip_len = (iph.ip_hl << OSPF_WRITE_IPHL_SHIFT) + op->length;
716
717 #if defined(__DragonFly__)
718 /*
719 * DragonFly's raw socket expects ip_len/ip_off in network byte
720 * order.
721 */
722 iph.ip_len = htons(iph.ip_len);
723 #endif
724
725 #ifdef WANT_OSPF_WRITE_FRAGMENT
726 /* XXX-MT: not thread-safe at all..
727 * XXX: this presumes this is only programme sending OSPF
728 * packets
729 * otherwise, no guarantee ipid will be unique
730 */
731 iph.ip_id = ++ipid;
732 #endif /* WANT_OSPF_WRITE_FRAGMENT */
733
734 iph.ip_off = 0;
735 if (oi->type == OSPF_IFTYPE_VIRTUALLINK)
736 iph.ip_ttl = OSPF_VL_IP_TTL;
737 else
738 iph.ip_ttl = OSPF_IP_TTL;
739 iph.ip_p = IPPROTO_OSPFIGP;
740 iph.ip_sum = 0;
741 iph.ip_src.s_addr = oi->address->u.prefix4.s_addr;
742 iph.ip_dst.s_addr = op->dst.s_addr;
743
744 memset(&msg, 0, sizeof(msg));
745 msg.msg_name = (caddr_t)&sa_dst;
746 msg.msg_namelen = sizeof(sa_dst);
747 msg.msg_iov = iov;
748 msg.msg_iovlen = 2;
749
750 iov[0].iov_base = (char *)&iph;
751 iov[0].iov_len = iph.ip_hl << OSPF_WRITE_IPHL_SHIFT;
752 iov[1].iov_base = stream_pnt(op->s);
753 iov[1].iov_len = op->length;
754
755 #ifdef GNU_LINUX
756 msg.msg_control = (caddr_t)cm;
757 cm->cmsg_level = SOL_IP;
758 cm->cmsg_type = IP_PKTINFO;
759 cm->cmsg_len = CMSG_LEN(sizeof(struct in_pktinfo));
760 pi = (struct in_pktinfo *)CMSG_DATA(cm);
761 pi->ipi_ifindex = oi->ifp->ifindex;
762
763 msg.msg_controllen = cm->cmsg_len;
764 #endif
765
766 /* Sadly we can not rely on kernels to fragment packets
767 * because of either IP_HDRINCL and/or multicast
768 * destination being set.
769 */
770
771 #ifdef WANT_OSPF_WRITE_FRAGMENT
772 if (op->length > maxdatasize)
773 ospf_write_frags(ospf->fd, op, &iph, &msg, maxdatasize,
774 oi->ifp->mtu, flags, type);
775 #endif /* WANT_OSPF_WRITE_FRAGMENT */
776
777 /* send final fragment (could be first) */
778 sockopt_iphdrincl_swab_htosys(&iph);
779 ret = sendmsg(ospf->fd, &msg, flags);
780 sockopt_iphdrincl_swab_systoh(&iph);
781 if (IS_DEBUG_OSPF_EVENT)
782 zlog_debug(
783 "%s to %pI4, id %d, off %d, len %d, interface %s, mtu %u:",
784 __func__, &iph.ip_dst, iph.ip_id, iph.ip_off,
785 iph.ip_len, oi->ifp->name, oi->ifp->mtu);
786
787 /* sendmsg will return EPERM if firewall is blocking sending.
788 * This is a normal situation when 'ip nhrp map multicast xxx'
789 * is being used to send multicast packets to DMVPN peers. In
790 * that case the original message is blocked with iptables rule
791 * causing the EPERM result
792 */
793 if (ret < 0 && errno != EPERM)
794 flog_err(
795 EC_LIB_SOCKET,
796 "*** sendmsg in %s failed to %pI4, id %d, off %d, len %d, interface %s, mtu %u: %s",
797 __func__, &iph.ip_dst, iph.ip_id, iph.ip_off,
798 iph.ip_len, oi->ifp->name, oi->ifp->mtu,
799 safe_strerror(errno));
800
801 /* Show debug sending packet. */
802 if (IS_DEBUG_OSPF_PACKET(type - 1, SEND)) {
803 if (IS_DEBUG_OSPF_PACKET(type - 1, DETAIL)) {
804 zlog_debug(
805 "-----------------------------------------------------");
806 stream_set_getp(op->s, 0);
807 ospf_packet_dump(op->s);
808 }
809
810 zlog_debug("%s sent to [%pI4] via [%s].",
811 lookup_msg(ospf_packet_type_str, type, NULL),
812 &op->dst, IF_NAME(oi));
813
814 if (IS_DEBUG_OSPF_PACKET(type - 1, DETAIL))
815 zlog_debug(
816 "-----------------------------------------------------");
817 }
818
819 switch (type) {
820 case OSPF_MSG_HELLO:
821 oi->hello_out++;
822 break;
823 case OSPF_MSG_DB_DESC:
824 oi->db_desc_out++;
825 break;
826 case OSPF_MSG_LS_REQ:
827 oi->ls_req_out++;
828 break;
829 case OSPF_MSG_LS_UPD:
830 oi->ls_upd_out++;
831 break;
832 case OSPF_MSG_LS_ACK:
833 oi->ls_ack_out++;
834 break;
835 default:
836 break;
837 }
838
839 /* Now delete packet from queue. */
840 ospf_packet_delete(oi);
841
842 /* Move this interface to the tail of write_q to
843 serve everyone in a round robin fashion */
844 list_delete_node(ospf->oi_write_q, node);
845 if (ospf_fifo_head(oi->obuf) == NULL) {
846 oi->on_write_q = 0;
847 oi = NULL;
848 } else
849 listnode_add(ospf->oi_write_q, oi);
850
851 /* Setup to service from the head of the queue again */
852 if (!list_isempty(ospf->oi_write_q)) {
853 node = listhead(ospf->oi_write_q);
854 oi = listgetdata(node);
855 }
856 }
857
858 /* If packets still remain in queue, call write thread. */
859 if (!list_isempty(ospf->oi_write_q))
860 thread_add_write(master, ospf_write, ospf, ospf->fd,
861 &ospf->t_write);
862 }
863
864 /* OSPF Hello message read -- RFC2328 Section 10.5. */
865 static void ospf_hello(struct ip *iph, struct ospf_header *ospfh,
866 struct stream *s, struct ospf_interface *oi, int size)
867 {
868 struct ospf_hello *hello;
869 struct ospf_neighbor *nbr;
870 int old_state;
871 struct prefix p;
872
873 /* increment statistics. */
874 oi->hello_in++;
875
876 hello = (struct ospf_hello *)stream_pnt(s);
877
878 /* If Hello is myself, silently discard. */
879 if (IPV4_ADDR_SAME(&ospfh->router_id, &oi->ospf->router_id)) {
880 if (IS_DEBUG_OSPF_PACKET(ospfh->type - 1, RECV)) {
881 zlog_debug(
882 "ospf_header[%s/%pI4]: selforiginated, dropping.",
883 lookup_msg(ospf_packet_type_str, ospfh->type,
884 NULL),
885 &iph->ip_src);
886 }
887 return;
888 }
889
890 /* get neighbor prefix. */
891 p.family = AF_INET;
892 p.prefixlen = ip_masklen(hello->network_mask);
893 p.u.prefix4 = iph->ip_src;
894
895 /* Compare network mask. */
896 /* Checking is ignored for Point-to-Point and Virtual link. */
897 /* Checking is also ignored for Point-to-Multipoint with /32 prefix */
898 if (oi->type != OSPF_IFTYPE_POINTOPOINT
899 && oi->type != OSPF_IFTYPE_VIRTUALLINK
900 && !(oi->type == OSPF_IFTYPE_POINTOMULTIPOINT
901 && oi->address->prefixlen == IPV4_MAX_BITLEN))
902 if (oi->address->prefixlen != p.prefixlen) {
903 flog_warn(
904 EC_OSPF_PACKET,
905 "Packet %pI4 [Hello:RECV]: NetworkMask mismatch on %s (configured prefix length is %d, but hello packet indicates %d).",
906 &ospfh->router_id, IF_NAME(oi),
907 (int)oi->address->prefixlen, (int)p.prefixlen);
908 return;
909 }
910
911 /* Compare Router Dead Interval. */
912 if (OSPF_IF_PARAM(oi, v_wait) != ntohl(hello->dead_interval)) {
913 flog_warn(EC_OSPF_PACKET,
914 "Packet %pI4 [Hello:RECV]: RouterDeadInterval mismatch (expected %u, but received %u).",
915 &ospfh->router_id,
916 OSPF_IF_PARAM(oi, v_wait),
917 ntohl(hello->dead_interval));
918 return;
919 }
920
921 /* Compare Hello Interval - ignored if fast-hellos are set. */
922 if (OSPF_IF_PARAM(oi, fast_hello) == 0) {
923 if (OSPF_IF_PARAM(oi, v_hello)
924 != ntohs(hello->hello_interval)) {
925 flog_warn(
926 EC_OSPF_PACKET,
927 "Packet %pI4 [Hello:RECV]: HelloInterval mismatch (expected %u, but received %u).",
928 &ospfh->router_id,
929 OSPF_IF_PARAM(oi, v_hello),
930 ntohs(hello->hello_interval));
931 return;
932 }
933 }
934
935 if (IS_DEBUG_OSPF_EVENT)
936 zlog_debug("Packet %pI4 [Hello:RECV]: Options %s vrf %s",
937 &ospfh->router_id,
938 ospf_options_dump(hello->options),
939 ospf_vrf_id_to_name(oi->ospf->vrf_id));
940
941 /* Compare options. */
942 #define REJECT_IF_TBIT_ON 1 /* XXX */
943 #ifdef REJECT_IF_TBIT_ON
944 if (CHECK_FLAG(hello->options, OSPF_OPTION_MT)) {
945 /*
946 * This router does not support non-zero TOS.
947 * Drop this Hello packet not to establish neighbor
948 * relationship.
949 */
950 flog_warn(EC_OSPF_PACKET,
951 "Packet %pI4 [Hello:RECV]: T-bit on, drop it.",
952 &ospfh->router_id);
953 return;
954 }
955 #endif /* REJECT_IF_TBIT_ON */
956
957 if (CHECK_FLAG(oi->ospf->config, OSPF_OPAQUE_CAPABLE)
958 && CHECK_FLAG(hello->options, OSPF_OPTION_O)) {
959 /*
960 * This router does know the correct usage of O-bit
961 * the bit should be set in DD packet only.
962 */
963 flog_warn(EC_OSPF_PACKET,
964 "Packet %pI4 [Hello:RECV]: O-bit abuse?",
965 &ospfh->router_id);
966 #ifdef STRICT_OBIT_USAGE_CHECK
967 return; /* Reject this packet. */
968 #else /* STRICT_OBIT_USAGE_CHECK */
969 UNSET_FLAG(hello->options, OSPF_OPTION_O); /* Ignore O-bit. */
970 #endif /* STRICT_OBIT_USAGE_CHECK */
971 }
972
973 /* new for NSSA is to ensure that NP is on and E is off */
974
975 if (oi->area->external_routing == OSPF_AREA_NSSA) {
976 if (!(CHECK_FLAG(OPTIONS(oi), OSPF_OPTION_NP)
977 && CHECK_FLAG(hello->options, OSPF_OPTION_NP)
978 && !CHECK_FLAG(OPTIONS(oi), OSPF_OPTION_E)
979 && !CHECK_FLAG(hello->options, OSPF_OPTION_E))) {
980 flog_warn(
981 EC_OSPF_PACKET,
982 "NSSA-Packet-%pI4[Hello:RECV]: my options: %x, his options %x",
983 &ospfh->router_id, OPTIONS(oi),
984 hello->options);
985 return;
986 }
987 if (IS_DEBUG_OSPF_NSSA)
988 zlog_debug("NSSA-Hello:RECV:Packet from %pI4:",
989 &ospfh->router_id);
990 } else
991 /* The setting of the E-bit found in the Hello Packet's Options
992 field must match this area's ExternalRoutingCapability A
993 mismatch causes processing to stop and the packet to be
994 dropped. The setting of the rest of the bits in the Hello
995 Packet's Options field should be ignored. */
996 if (CHECK_FLAG(OPTIONS(oi), OSPF_OPTION_E)
997 != CHECK_FLAG(hello->options, OSPF_OPTION_E)) {
998 flog_warn(
999 EC_OSPF_PACKET,
1000 "Packet %pI4 [Hello:RECV]: my options: %x, his options %x",
1001 &ospfh->router_id, OPTIONS(oi),
1002 hello->options);
1003 return;
1004 }
1005
1006 /* get neighbour struct */
1007 nbr = ospf_nbr_get(oi, ospfh, iph, &p);
1008
1009 /* neighbour must be valid, ospf_nbr_get creates if none existed */
1010 assert(nbr);
1011
1012 old_state = nbr->state;
1013
1014 /* Add event to thread. */
1015 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_HelloReceived);
1016
1017 /* RFC2328 Section 9.5.1
1018 If the router is not eligible to become Designated Router,
1019 (snip) It must also send an Hello Packet in reply to an
1020 Hello Packet received from any eligible neighbor (other than
1021 the current Designated Router and Backup Designated Router). */
1022 if (oi->type == OSPF_IFTYPE_NBMA)
1023 if (PRIORITY(oi) == 0 && hello->priority > 0
1024 && IPV4_ADDR_CMP(&DR(oi), &iph->ip_src)
1025 && IPV4_ADDR_CMP(&BDR(oi), &iph->ip_src))
1026 OSPF_NSM_TIMER_ON(nbr->t_hello_reply,
1027 ospf_hello_reply_timer,
1028 OSPF_HELLO_REPLY_DELAY);
1029
1030 /* on NBMA network type, it happens to receive bidirectional Hello
1031 packet
1032 without advance 1-Way Received event.
1033 To avoid incorrect DR-seletion, raise 1-Way Received event.*/
1034 if (oi->type == OSPF_IFTYPE_NBMA
1035 && (old_state == NSM_Down || old_state == NSM_Attempt)) {
1036 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_OneWayReceived);
1037 nbr->priority = hello->priority;
1038 nbr->d_router = hello->d_router;
1039 nbr->bd_router = hello->bd_router;
1040 return;
1041 }
1042
1043 if (ospf_nbr_bidirectional(&oi->ospf->router_id, hello->neighbors,
1044 size - OSPF_HELLO_MIN_SIZE)) {
1045 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_TwoWayReceived);
1046 nbr->options |= hello->options;
1047 } else {
1048 /* If the router is DR_OTHER, RESTARTER will not wait
1049 * until it receives the hello from it if it receives
1050 * from DR and BDR.
1051 * So, helper might receives ONW_WAY hello from
1052 * RESTARTER. So not allowing to change the state if it
1053 * receives one_way hellow when it acts as HELPER for
1054 * that specific neighbor.
1055 */
1056 if (!OSPF_GR_IS_ACTIVE_HELPER(nbr))
1057 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_OneWayReceived);
1058 /* Set neighbor information. */
1059 nbr->priority = hello->priority;
1060 nbr->d_router = hello->d_router;
1061 nbr->bd_router = hello->bd_router;
1062 return;
1063 }
1064
1065 if (OSPF_GR_IS_ACTIVE_HELPER(nbr)) {
1066 /* As per the GR Conformance Test Case 7.2. Section 3
1067 * "Also, if X was the Designated Router on network segment S
1068 * when the helping relationship began, Y maintains X as the
1069 * Designated Router until the helping relationship is
1070 * terminated."
1071 * When I am helper for this neighbor, I should not trigger the
1072 * ISM Events. Also Intentionally not setting the priority and
1073 * other fields so that when the neighbor exits the Grace
1074 * period, it can handle if there is any change before GR and
1075 * after GR. */
1076 if (IS_DEBUG_OSPF_GR)
1077 zlog_debug(
1078 "%s, Neighbor is under GR Restart, hence ignoring the ISM Events",
1079 __PRETTY_FUNCTION__);
1080 } else {
1081 /* If neighbor itself declares DR and no BDR exists,
1082 cause event BackupSeen */
1083 if (IPV4_ADDR_SAME(&nbr->address.u.prefix4, &hello->d_router))
1084 if (hello->bd_router.s_addr == INADDR_ANY
1085 && oi->state == ISM_Waiting)
1086 OSPF_ISM_EVENT_SCHEDULE(oi, ISM_BackupSeen);
1087
1088 /* neighbor itself declares BDR. */
1089 if (oi->state == ISM_Waiting
1090 && IPV4_ADDR_SAME(&nbr->address.u.prefix4,
1091 &hello->bd_router))
1092 OSPF_ISM_EVENT_SCHEDULE(oi, ISM_BackupSeen);
1093
1094 /* had not previously. */
1095 if ((IPV4_ADDR_SAME(&nbr->address.u.prefix4, &hello->d_router)
1096 && IPV4_ADDR_CMP(&nbr->address.u.prefix4, &nbr->d_router))
1097 || (IPV4_ADDR_CMP(&nbr->address.u.prefix4, &hello->d_router)
1098 && IPV4_ADDR_SAME(&nbr->address.u.prefix4,
1099 &nbr->d_router)))
1100 OSPF_ISM_EVENT_SCHEDULE(oi, ISM_NeighborChange);
1101
1102 /* had not previously. */
1103 if ((IPV4_ADDR_SAME(&nbr->address.u.prefix4, &hello->bd_router)
1104 && IPV4_ADDR_CMP(&nbr->address.u.prefix4, &nbr->bd_router))
1105 || (IPV4_ADDR_CMP(&nbr->address.u.prefix4,
1106 &hello->bd_router)
1107 && IPV4_ADDR_SAME(&nbr->address.u.prefix4,
1108 &nbr->bd_router)))
1109 OSPF_ISM_EVENT_SCHEDULE(oi, ISM_NeighborChange);
1110
1111 /* Neighbor priority check. */
1112 if (nbr->priority >= 0 && nbr->priority != hello->priority)
1113 OSPF_ISM_EVENT_SCHEDULE(oi, ISM_NeighborChange);
1114 }
1115
1116 /* Set neighbor information. */
1117 nbr->priority = hello->priority;
1118 nbr->d_router = hello->d_router;
1119 nbr->bd_router = hello->bd_router;
1120
1121 /*
1122 * RFC 3623 - Section 2:
1123 * "If the restarting router determines that it was the Designated
1124 * Router on a given segment prior to the restart, it elects
1125 * itself as the Designated Router again. The restarting router
1126 * knows that it was the Designated Router if, while the
1127 * associated interface is in Waiting state, a Hello packet is
1128 * received from a neighbor listing the router as the Designated
1129 * Router".
1130 */
1131 if (oi->area->ospf->gr_info.restart_in_progress
1132 && oi->state == ISM_Waiting
1133 && IPV4_ADDR_SAME(&hello->d_router, &oi->address->u.prefix4))
1134 DR(oi) = hello->d_router;
1135 }
1136
1137 /* Save DD flags/options/Seqnum received. */
1138 static void ospf_db_desc_save_current(struct ospf_neighbor *nbr,
1139 struct ospf_db_desc *dd)
1140 {
1141 nbr->last_recv.flags = dd->flags;
1142 nbr->last_recv.options = dd->options;
1143 nbr->last_recv.dd_seqnum = ntohl(dd->dd_seqnum);
1144 }
1145
1146 /* Process rest of DD packet. */
1147 static void ospf_db_desc_proc(struct stream *s, struct ospf_interface *oi,
1148 struct ospf_neighbor *nbr,
1149 struct ospf_db_desc *dd, uint16_t size)
1150 {
1151 struct ospf_lsa *new, *find;
1152 struct lsa_header *lsah;
1153
1154 stream_forward_getp(s, OSPF_DB_DESC_MIN_SIZE);
1155 for (size -= OSPF_DB_DESC_MIN_SIZE; size >= OSPF_LSA_HEADER_SIZE;
1156 size -= OSPF_LSA_HEADER_SIZE) {
1157 lsah = (struct lsa_header *)stream_pnt(s);
1158 stream_forward_getp(s, OSPF_LSA_HEADER_SIZE);
1159
1160 /* Unknown LS type. */
1161 if (lsah->type < OSPF_MIN_LSA || lsah->type >= OSPF_MAX_LSA) {
1162 flog_warn(EC_OSPF_PACKET,
1163 "Packet [DD:RECV]: Unknown LS type %d.",
1164 lsah->type);
1165 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_SeqNumberMismatch);
1166 return;
1167 }
1168
1169 if (IS_OPAQUE_LSA(lsah->type)
1170 && !CHECK_FLAG(nbr->options, OSPF_OPTION_O)) {
1171 flog_warn(EC_OSPF_PACKET,
1172 "LSA[Type%d:%pI4]: Opaque capability mismatch?",
1173 lsah->type, &lsah->id);
1174 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_SeqNumberMismatch);
1175 return;
1176 }
1177
1178 switch (lsah->type) {
1179 case OSPF_AS_EXTERNAL_LSA:
1180 case OSPF_OPAQUE_AS_LSA:
1181 /* Check for stub area. Reject if AS-External from stub
1182 but
1183 allow if from NSSA. */
1184 if (oi->area->external_routing == OSPF_AREA_STUB) {
1185 flog_warn(
1186 EC_OSPF_PACKET,
1187 "Packet [DD:RECV]: LSA[Type%d:%pI4] from %s area.",
1188 lsah->type, &lsah->id,
1189 (oi->area->external_routing
1190 == OSPF_AREA_STUB)
1191 ? "STUB"
1192 : "NSSA");
1193 OSPF_NSM_EVENT_SCHEDULE(nbr,
1194 NSM_SeqNumberMismatch);
1195 return;
1196 }
1197 break;
1198 default:
1199 break;
1200 }
1201
1202 /* Create LS-request object. */
1203 new = ospf_ls_request_new(lsah);
1204
1205 /* Lookup received LSA, then add LS request list. */
1206 find = ospf_lsa_lookup_by_header(oi->area, lsah);
1207
1208 /* ospf_lsa_more_recent is fine with NULL pointers */
1209 switch (ospf_lsa_more_recent(find, new)) {
1210 case -1:
1211 /* Neighbour has a more recent LSA, we must request it
1212 */
1213 ospf_ls_request_add(nbr, new);
1214 /* fallthru */
1215 case 0:
1216 /* If we have a copy of this LSA, it's either less
1217 * recent
1218 * and we're requesting it from neighbour (the case
1219 * above), or
1220 * it's as recent and we both have same copy (this
1221 * case).
1222 *
1223 * In neither of these two cases is there any point in
1224 * describing our copy of the LSA to the neighbour in a
1225 * DB-Summary packet, if we're still intending to do so.
1226 *
1227 * See: draft-ogier-ospf-dbex-opt-00.txt, describing the
1228 * backward compatible optimisation to OSPF DB Exchange
1229 * /
1230 * DB Description process implemented here.
1231 */
1232 if (find)
1233 ospf_lsdb_delete(&nbr->db_sum, find);
1234 ospf_lsa_discard(new);
1235 break;
1236 default:
1237 /* We have the more recent copy, nothing specific to do:
1238 * - no need to request neighbours stale copy
1239 * - must leave DB summary list copy alone
1240 */
1241 if (IS_DEBUG_OSPF_EVENT)
1242 zlog_debug(
1243 "Packet [DD:RECV]: LSA received Type %d, ID %pI4 is not recent.",
1244 lsah->type, &lsah->id);
1245 ospf_lsa_discard(new);
1246 }
1247 }
1248
1249 /* Master */
1250 if (IS_SET_DD_MS(nbr->dd_flags)) {
1251 nbr->dd_seqnum++;
1252
1253 /* Both sides have no More, then we're done with Exchange */
1254 if (!IS_SET_DD_M(dd->flags) && !IS_SET_DD_M(nbr->dd_flags))
1255 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_ExchangeDone);
1256 else
1257 ospf_db_desc_send(nbr);
1258 }
1259 /* Slave */
1260 else {
1261 nbr->dd_seqnum = ntohl(dd->dd_seqnum);
1262
1263 /* Send DD packet in reply.
1264 *
1265 * Must be done to acknowledge the Master's DD, regardless of
1266 * whether we have more LSAs ourselves to describe.
1267 *
1268 * This function will clear the 'More' bit, if after this DD
1269 * we have no more LSAs to describe to the master..
1270 */
1271 ospf_db_desc_send(nbr);
1272
1273 /* Slave can raise ExchangeDone now, if master is also done */
1274 if (!IS_SET_DD_M(dd->flags) && !IS_SET_DD_M(nbr->dd_flags))
1275 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_ExchangeDone);
1276 }
1277
1278 /* Save received neighbor values from DD. */
1279 ospf_db_desc_save_current(nbr, dd);
1280
1281 if (!nbr->t_ls_req)
1282 ospf_ls_req_send(nbr);
1283 }
1284
1285 static int ospf_db_desc_is_dup(struct ospf_db_desc *dd,
1286 struct ospf_neighbor *nbr)
1287 {
1288 /* Is DD duplicated? */
1289 if (dd->options == nbr->last_recv.options
1290 && dd->flags == nbr->last_recv.flags
1291 && dd->dd_seqnum == htonl(nbr->last_recv.dd_seqnum))
1292 return 1;
1293
1294 return 0;
1295 }
1296
1297 /* OSPF Database Description message read -- RFC2328 Section 10.6. */
1298 static void ospf_db_desc(struct ip *iph, struct ospf_header *ospfh,
1299 struct stream *s, struct ospf_interface *oi,
1300 uint16_t size)
1301 {
1302 struct ospf_db_desc *dd;
1303 struct ospf_neighbor *nbr;
1304
1305 /* Increment statistics. */
1306 oi->db_desc_in++;
1307
1308 dd = (struct ospf_db_desc *)stream_pnt(s);
1309
1310 nbr = ospf_nbr_lookup(oi, iph, ospfh);
1311 if (nbr == NULL) {
1312 flog_warn(EC_OSPF_PACKET, "Packet[DD]: Unknown Neighbor %pI4",
1313 &ospfh->router_id);
1314 return;
1315 }
1316
1317 /* Check MTU. */
1318 if ((OSPF_IF_PARAM(oi, mtu_ignore) == 0)
1319 && (ntohs(dd->mtu) > oi->ifp->mtu)) {
1320 flog_warn(
1321 EC_OSPF_PACKET,
1322 "Packet[DD]: Neighbor %pI4 MTU %u is larger than [%s]'s MTU %u",
1323 &nbr->router_id, ntohs(dd->mtu), IF_NAME(oi),
1324 oi->ifp->mtu);
1325 return;
1326 }
1327
1328 /*
1329 * XXX HACK by Hasso Tepper. Setting N/P bit in NSSA area DD packets is
1330 * not
1331 * required. In fact at least JunOS sends DD packets with P bit clear.
1332 * Until proper solution is developped, this hack should help.
1333 *
1334 * Update: According to the RFCs, N bit is specified /only/ for Hello
1335 * options, unfortunately its use in DD options is not specified. Hence
1336 * some
1337 * implementations follow E-bit semantics and set it in DD options, and
1338 * some
1339 * treat it as unspecified and hence follow the directive "default for
1340 * options is clear", ie unset.
1341 *
1342 * Reset the flag, as ospfd follows E-bit semantics.
1343 */
1344 if ((oi->area->external_routing == OSPF_AREA_NSSA)
1345 && (CHECK_FLAG(nbr->options, OSPF_OPTION_NP))
1346 && (!CHECK_FLAG(dd->options, OSPF_OPTION_NP))) {
1347 if (IS_DEBUG_OSPF_EVENT)
1348 zlog_debug(
1349 "Packet[DD]: Neighbour %pI4: Has NSSA capability, sends with N bit clear in DD options",
1350 &nbr->router_id);
1351 SET_FLAG(dd->options, OSPF_OPTION_NP);
1352 }
1353
1354 #ifdef REJECT_IF_TBIT_ON
1355 if (CHECK_FLAG(dd->options, OSPF_OPTION_MT)) {
1356 /*
1357 * In Hello protocol, optional capability must have checked
1358 * to prevent this T-bit enabled router be my neighbor.
1359 */
1360 flog_warn(EC_OSPF_PACKET, "Packet[DD]: Neighbor %pI4: T-bit on?",
1361 &nbr->router_id);
1362 return;
1363 }
1364 #endif /* REJECT_IF_TBIT_ON */
1365
1366 if (CHECK_FLAG(dd->options, OSPF_OPTION_O)
1367 && !CHECK_FLAG(oi->ospf->config, OSPF_OPAQUE_CAPABLE)) {
1368 /*
1369 * This node is not configured to handle O-bit, for now.
1370 * Clear it to ignore unsupported capability proposed by
1371 * neighbor.
1372 */
1373 UNSET_FLAG(dd->options, OSPF_OPTION_O);
1374 }
1375
1376 if (CHECK_FLAG(oi->ospf->config, OSPF_LOG_ADJACENCY_DETAIL))
1377 zlog_info(
1378 "%s:Packet[DD]: Neighbor %pI4 state is %s, seq_num:0x%x, local:0x%x",
1379 ospf_get_name(oi->ospf), &nbr->router_id,
1380 lookup_msg(ospf_nsm_state_msg, nbr->state, NULL),
1381 ntohl(dd->dd_seqnum), nbr->dd_seqnum);
1382
1383 /* Process DD packet by neighbor status. */
1384 switch (nbr->state) {
1385 case NSM_Down:
1386 case NSM_Attempt:
1387 case NSM_TwoWay:
1388 if (CHECK_FLAG(oi->ospf->config, OSPF_LOG_ADJACENCY_DETAIL))
1389 zlog_info(
1390 "Packet[DD]: Neighbor %pI4 state is %s, packet discarded.",
1391 &nbr->router_id,
1392 lookup_msg(ospf_nsm_state_msg, nbr->state,
1393 NULL));
1394 break;
1395 case NSM_Init:
1396 OSPF_NSM_EVENT_EXECUTE(nbr, NSM_TwoWayReceived);
1397 /* If the new state is ExStart, the processing of the current
1398 packet should then continue in this new state by falling
1399 through to case ExStart below. */
1400 if (nbr->state != NSM_ExStart)
1401 break;
1402 /* fallthru */
1403 case NSM_ExStart:
1404 /* Initial DBD */
1405 if ((IS_SET_DD_ALL(dd->flags) == OSPF_DD_FLAG_ALL)
1406 && (size == OSPF_DB_DESC_MIN_SIZE)) {
1407 if (IPV4_ADDR_CMP(&nbr->router_id, &oi->ospf->router_id)
1408 > 0) {
1409 /* We're Slave---obey */
1410 if (CHECK_FLAG(oi->ospf->config,
1411 OSPF_LOG_ADJACENCY_DETAIL))
1412 zlog_info(
1413 "Packet[DD]: Neighbor %pI4 Negotiation done (Slave).",
1414 &nbr->router_id);
1415
1416 nbr->dd_seqnum = ntohl(dd->dd_seqnum);
1417
1418 /* Reset I/MS */
1419 UNSET_FLAG(nbr->dd_flags,
1420 (OSPF_DD_FLAG_MS | OSPF_DD_FLAG_I));
1421 } else {
1422 /* We're Master, ignore the initial DBD from
1423 * Slave */
1424 if (CHECK_FLAG(oi->ospf->config,
1425 OSPF_LOG_ADJACENCY_DETAIL))
1426 zlog_info(
1427 "Packet[DD]: Neighbor %pI4: Initial DBD from Slave, ignoring.",
1428 &nbr->router_id);
1429 break;
1430 }
1431 }
1432 /* Ack from the Slave */
1433 else if (!IS_SET_DD_MS(dd->flags) && !IS_SET_DD_I(dd->flags)
1434 && ntohl(dd->dd_seqnum) == nbr->dd_seqnum
1435 && IPV4_ADDR_CMP(&nbr->router_id, &oi->ospf->router_id)
1436 < 0) {
1437 zlog_info(
1438 "Packet[DD]: Neighbor %pI4 Negotiation done (Master).",
1439 &nbr->router_id);
1440 /* Reset I, leaving MS */
1441 UNSET_FLAG(nbr->dd_flags, OSPF_DD_FLAG_I);
1442 } else {
1443 flog_warn(EC_OSPF_PACKET,
1444 "Packet[DD]: Neighbor %pI4 Negotiation fails.",
1445 &nbr->router_id);
1446 break;
1447 }
1448
1449 /* This is where the real Options are saved */
1450 nbr->options = dd->options;
1451
1452 if (CHECK_FLAG(oi->ospf->config, OSPF_OPAQUE_CAPABLE)) {
1453 if (IS_DEBUG_OSPF_EVENT)
1454 zlog_debug(
1455 "Neighbor[%pI4] is %sOpaque-capable.",
1456 &nbr->router_id,
1457 CHECK_FLAG(nbr->options, OSPF_OPTION_O)
1458 ? ""
1459 : "NOT ");
1460
1461 if (!CHECK_FLAG(nbr->options, OSPF_OPTION_O)
1462 && IPV4_ADDR_SAME(&DR(oi),
1463 &nbr->address.u.prefix4)) {
1464 flog_warn(
1465 EC_OSPF_PACKET,
1466 "DR-neighbor[%pI4] is NOT opaque-capable; Opaque-LSAs cannot be reliably advertised in this network.",
1467 &nbr->router_id);
1468 /* This situation is undesirable, but not a real
1469 * error. */
1470 }
1471 }
1472
1473 OSPF_NSM_EVENT_EXECUTE(nbr, NSM_NegotiationDone);
1474
1475 /* continue processing rest of packet. */
1476 ospf_db_desc_proc(s, oi, nbr, dd, size);
1477 break;
1478 case NSM_Exchange:
1479 if (ospf_db_desc_is_dup(dd, nbr)) {
1480 if (IS_SET_DD_MS(nbr->dd_flags))
1481 /* Master: discard duplicated DD packet. */
1482 zlog_info(
1483 "Packet[DD] (Master): Neighbor %pI4 packet duplicated.",
1484 &nbr->router_id);
1485 else
1486 /* Slave: cause to retransmit the last Database
1487 Description. */
1488 {
1489 zlog_info(
1490 "Packet[DD] [Slave]: Neighbor %pI4 packet duplicated.",
1491 &nbr->router_id);
1492 ospf_db_desc_resend(nbr);
1493 }
1494 break;
1495 }
1496
1497 /* Otherwise DD packet should be checked. */
1498 /* Check Master/Slave bit mismatch */
1499 if (IS_SET_DD_MS(dd->flags)
1500 != IS_SET_DD_MS(nbr->last_recv.flags)) {
1501 flog_warn(EC_OSPF_PACKET,
1502 "Packet[DD]: Neighbor %pI4 MS-bit mismatch.",
1503 &nbr->router_id);
1504 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_SeqNumberMismatch);
1505 if (IS_DEBUG_OSPF_EVENT)
1506 zlog_debug(
1507 "Packet[DD]: dd->flags=%d, nbr->dd_flags=%d",
1508 dd->flags, nbr->dd_flags);
1509 break;
1510 }
1511
1512 /* Check initialize bit is set. */
1513 if (IS_SET_DD_I(dd->flags)) {
1514 zlog_info("Packet[DD]: Neighbor %pI4 I-bit set.",
1515 &nbr->router_id);
1516 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_SeqNumberMismatch);
1517 break;
1518 }
1519
1520 /* Check DD Options. */
1521 if (dd->options != nbr->options) {
1522 flog_warn(EC_OSPF_PACKET,
1523 "Packet[DD]: Neighbor %pI4 options mismatch.",
1524 &nbr->router_id);
1525 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_SeqNumberMismatch);
1526 break;
1527 }
1528
1529 /* Check DD sequence number. */
1530 if ((IS_SET_DD_MS(nbr->dd_flags)
1531 && ntohl(dd->dd_seqnum) != nbr->dd_seqnum)
1532 || (!IS_SET_DD_MS(nbr->dd_flags)
1533 && ntohl(dd->dd_seqnum) != nbr->dd_seqnum + 1)) {
1534 flog_warn(
1535 EC_OSPF_PACKET,
1536 "Packet[DD]: Neighbor %pI4 sequence number mismatch.",
1537 &nbr->router_id);
1538 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_SeqNumberMismatch);
1539 break;
1540 }
1541
1542 /* Continue processing rest of packet. */
1543 ospf_db_desc_proc(s, oi, nbr, dd, size);
1544 break;
1545 case NSM_Loading:
1546 case NSM_Full:
1547 if (ospf_db_desc_is_dup(dd, nbr)) {
1548 if (IS_SET_DD_MS(nbr->dd_flags)) {
1549 /* Master should discard duplicate DD packet. */
1550 zlog_info(
1551 "Packet[DD]: Neighbor %pI4 duplicated, packet discarded.",
1552 &nbr->router_id);
1553 break;
1554 } else {
1555 if (monotime_since(&nbr->last_send_ts, NULL)
1556 < nbr->v_inactivity * 1000000LL) {
1557 /* In states Loading and Full the slave
1558 must resend
1559 its last Database Description packet
1560 in response to
1561 duplicate Database Description
1562 packets received
1563 from the master. For this reason the
1564 slave must
1565 wait RouterDeadInterval seconds
1566 before freeing the
1567 last Database Description packet.
1568 Reception of a
1569 Database Description packet from the
1570 master after
1571 this interval will generate a
1572 SeqNumberMismatch
1573 neighbor event. RFC2328 Section 10.8
1574 */
1575 ospf_db_desc_resend(nbr);
1576 break;
1577 }
1578 }
1579 }
1580
1581 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_SeqNumberMismatch);
1582 break;
1583 default:
1584 flog_warn(EC_OSPF_PACKET,
1585 "Packet[DD]: Neighbor %pI4 NSM illegal status %u.",
1586 &nbr->router_id, nbr->state);
1587 break;
1588 }
1589 }
1590
1591 #define OSPF_LSA_KEY_SIZE 12 /* type(4) + id(4) + ar(4) */
1592
1593 /* OSPF Link State Request Read -- RFC2328 Section 10.7. */
1594 static void ospf_ls_req(struct ip *iph, struct ospf_header *ospfh,
1595 struct stream *s, struct ospf_interface *oi,
1596 uint16_t size)
1597 {
1598 struct ospf_neighbor *nbr;
1599 uint32_t ls_type;
1600 struct in_addr ls_id;
1601 struct in_addr adv_router;
1602 struct ospf_lsa *find;
1603 struct list *ls_upd;
1604 unsigned int length;
1605
1606 /* Increment statistics. */
1607 oi->ls_req_in++;
1608
1609 nbr = ospf_nbr_lookup(oi, iph, ospfh);
1610 if (nbr == NULL) {
1611 flog_warn(EC_OSPF_PACKET,
1612 "Link State Request: Unknown Neighbor %pI4",
1613 &ospfh->router_id);
1614 return;
1615 }
1616
1617 /* Neighbor State should be Exchange or later. */
1618 if (nbr->state != NSM_Exchange && nbr->state != NSM_Loading
1619 && nbr->state != NSM_Full) {
1620 flog_warn(
1621 EC_OSPF_PACKET,
1622 "Link State Request received from %pI4: Neighbor state is %s, packet discarded.",
1623 &ospfh->router_id,
1624 lookup_msg(ospf_nsm_state_msg, nbr->state, NULL));
1625 return;
1626 }
1627
1628 /* Send Link State Update for ALL requested LSAs. */
1629 ls_upd = list_new();
1630 length = OSPF_HEADER_SIZE + OSPF_LS_UPD_MIN_SIZE;
1631
1632 while (size >= OSPF_LSA_KEY_SIZE) {
1633 /* Get one slice of Link State Request. */
1634 ls_type = stream_getl(s);
1635 ls_id.s_addr = stream_get_ipv4(s);
1636 adv_router.s_addr = stream_get_ipv4(s);
1637
1638 /* Verify LSA type. */
1639 if (ls_type < OSPF_MIN_LSA || ls_type >= OSPF_MAX_LSA) {
1640 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_BadLSReq);
1641 list_delete(&ls_upd);
1642 return;
1643 }
1644
1645 /* Search proper LSA in LSDB. */
1646 find = ospf_lsa_lookup(oi->ospf, oi->area, ls_type, ls_id,
1647 adv_router);
1648 if (find == NULL) {
1649 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_BadLSReq);
1650 list_delete(&ls_upd);
1651 return;
1652 }
1653
1654 /* Packet overflows MTU size, send immediately. */
1655 if (length + ntohs(find->data->length) > ospf_packet_max(oi)) {
1656 if (oi->type == OSPF_IFTYPE_NBMA)
1657 ospf_ls_upd_send(nbr, ls_upd,
1658 OSPF_SEND_PACKET_DIRECT, 0);
1659 else
1660 ospf_ls_upd_send(nbr, ls_upd,
1661 OSPF_SEND_PACKET_INDIRECT, 0);
1662
1663 /* Only remove list contents. Keep ls_upd. */
1664 list_delete_all_node(ls_upd);
1665
1666 length = OSPF_HEADER_SIZE + OSPF_LS_UPD_MIN_SIZE;
1667 }
1668
1669 /* Append LSA to update list. */
1670 listnode_add(ls_upd, find);
1671 length += ntohs(find->data->length);
1672
1673 size -= OSPF_LSA_KEY_SIZE;
1674 }
1675
1676 /* Send rest of Link State Update. */
1677 if (listcount(ls_upd) > 0) {
1678 if (oi->type == OSPF_IFTYPE_NBMA)
1679 ospf_ls_upd_send(nbr, ls_upd, OSPF_SEND_PACKET_DIRECT,
1680 0);
1681 else
1682 ospf_ls_upd_send(nbr, ls_upd, OSPF_SEND_PACKET_INDIRECT,
1683 0);
1684
1685 list_delete(&ls_upd);
1686 } else
1687 list_delete(&ls_upd);
1688 }
1689
1690 /* Get the list of LSAs from Link State Update packet.
1691 And process some validation -- RFC2328 Section 13. (1)-(2). */
1692 static struct list *ospf_ls_upd_list_lsa(struct ospf_neighbor *nbr,
1693 struct stream *s,
1694 struct ospf_interface *oi, size_t size)
1695 {
1696 uint16_t count, sum;
1697 uint32_t length;
1698 struct lsa_header *lsah;
1699 struct ospf_lsa *lsa;
1700 struct list *lsas;
1701
1702 lsas = list_new();
1703
1704 count = stream_getl(s);
1705 size -= OSPF_LS_UPD_MIN_SIZE; /* # LSAs */
1706
1707 for (; size >= OSPF_LSA_HEADER_SIZE && count > 0;
1708 size -= length, stream_forward_getp(s, length), count--) {
1709 lsah = (struct lsa_header *)stream_pnt(s);
1710 length = ntohs(lsah->length);
1711
1712 if (length > size) {
1713 flog_warn(
1714 EC_OSPF_PACKET,
1715 "Link State Update: LSA length exceeds packet size.");
1716 break;
1717 }
1718
1719 /* Validate the LSA's LS checksum. */
1720 sum = lsah->checksum;
1721 if (!ospf_lsa_checksum_valid(lsah)) {
1722 /* (bug #685) more details in a one-line message make it
1723 * possible
1724 * to identify problem source on the one hand and to
1725 * have a better
1726 * chance to compress repeated messages in syslog on the
1727 * other */
1728 flog_warn(
1729 EC_OSPF_PACKET,
1730 "Link State Update: LSA checksum error %x/%x, ID=%pI4 from: nbr %pI4, router ID %pI4, adv router %pI4",
1731 sum, lsah->checksum, &lsah->id,
1732 &nbr->src, &nbr->router_id,
1733 &lsah->adv_router);
1734 continue;
1735 }
1736
1737 /* Examine the LSA's LS type. */
1738 if (lsah->type < OSPF_MIN_LSA || lsah->type >= OSPF_MAX_LSA) {
1739 flog_warn(EC_OSPF_PACKET,
1740 "Link State Update: Unknown LS type %d",
1741 lsah->type);
1742 continue;
1743 }
1744
1745 /*
1746 * What if the received LSA's age is greater than MaxAge?
1747 * Treat it as a MaxAge case -- endo.
1748 */
1749 if (ntohs(lsah->ls_age) > OSPF_LSA_MAXAGE)
1750 lsah->ls_age = htons(OSPF_LSA_MAXAGE);
1751
1752 if (CHECK_FLAG(nbr->options, OSPF_OPTION_O)) {
1753 #ifdef STRICT_OBIT_USAGE_CHECK
1754 if ((IS_OPAQUE_LSA(lsah->type)
1755 && !CHECK_FLAG(lsah->options, OSPF_OPTION_O))
1756 || (!IS_OPAQUE_LSA(lsah->type)
1757 && CHECK_FLAG(lsah->options, OSPF_OPTION_O))) {
1758 /*
1759 * This neighbor must know the exact usage of
1760 * O-bit;
1761 * the bit will be set in Type-9,10,11 LSAs
1762 * only.
1763 */
1764 flog_warn(EC_OSPF_PACKET,
1765 "LSA[Type%d:%pI4]: O-bit abuse?",
1766 lsah->type, &lsah->id);
1767 continue;
1768 }
1769 #endif /* STRICT_OBIT_USAGE_CHECK */
1770
1771 /* Do not take in AS External Opaque-LSAs if we are a
1772 * stub. */
1773 if (lsah->type == OSPF_OPAQUE_AS_LSA
1774 && nbr->oi->area->external_routing
1775 != OSPF_AREA_DEFAULT) {
1776 if (IS_DEBUG_OSPF_EVENT)
1777 zlog_debug(
1778 "LSA[Type%d:%pI4]: We are a stub, don't take this LSA.",
1779 lsah->type,
1780 &lsah->id);
1781 continue;
1782 }
1783 } else if (IS_OPAQUE_LSA(lsah->type)) {
1784 flog_warn(EC_OSPF_PACKET,
1785 "LSA[Type%d:%pI4]: Opaque capability mismatch?",
1786 lsah->type, &lsah->id);
1787 continue;
1788 }
1789
1790 /* Create OSPF LSA instance. */
1791 lsa = ospf_lsa_new_and_data(length);
1792
1793 lsa->vrf_id = oi->ospf->vrf_id;
1794 /* We may wish to put some error checking if type NSSA comes in
1795 and area not in NSSA mode */
1796 switch (lsah->type) {
1797 case OSPF_AS_EXTERNAL_LSA:
1798 case OSPF_OPAQUE_AS_LSA:
1799 lsa->area = NULL;
1800 break;
1801 case OSPF_OPAQUE_LINK_LSA:
1802 lsa->oi = oi; /* Remember incoming interface for
1803 flooding control. */
1804 /* Fallthrough */
1805 default:
1806 lsa->area = oi->area;
1807 break;
1808 }
1809
1810 memcpy(lsa->data, lsah, length);
1811
1812 if (IS_DEBUG_OSPF_EVENT)
1813 zlog_debug(
1814 "LSA[Type%d:%pI4]: %p new LSA created with Link State Update",
1815 lsa->data->type, &lsa->data->id,
1816 (void *)lsa);
1817 listnode_add(lsas, lsa);
1818 }
1819
1820 return lsas;
1821 }
1822
1823 /* Cleanup Update list. */
1824 static void ospf_upd_list_clean(struct list *lsas)
1825 {
1826 struct listnode *node, *nnode;
1827 struct ospf_lsa *lsa;
1828
1829 for (ALL_LIST_ELEMENTS(lsas, node, nnode, lsa))
1830 ospf_lsa_discard(lsa);
1831
1832 list_delete(&lsas);
1833 }
1834
1835 /* OSPF Link State Update message read -- RFC2328 Section 13. */
1836 static void ospf_ls_upd(struct ospf *ospf, struct ip *iph,
1837 struct ospf_header *ospfh, struct stream *s,
1838 struct ospf_interface *oi, uint16_t size)
1839 {
1840 struct ospf_neighbor *nbr;
1841 struct list *lsas;
1842 struct listnode *node, *nnode;
1843 struct ospf_lsa *lsa = NULL;
1844 /* unsigned long ls_req_found = 0; */
1845
1846 /* Dis-assemble the stream, update each entry, re-encapsulate for
1847 * flooding */
1848
1849 /* Increment statistics. */
1850 oi->ls_upd_in++;
1851
1852 /* Check neighbor. */
1853 nbr = ospf_nbr_lookup(oi, iph, ospfh);
1854 if (nbr == NULL) {
1855 flog_warn(EC_OSPF_PACKET,
1856 "Link State Update: Unknown Neighbor %pI4 on int: %s",
1857 &ospfh->router_id, IF_NAME(oi));
1858 return;
1859 }
1860
1861 /* Check neighbor state. */
1862 if (nbr->state < NSM_Exchange) {
1863 if (IS_DEBUG_OSPF(nsm, NSM_EVENTS))
1864 zlog_debug(
1865 "Link State Update: Neighbor[%pI4] state %s is less than Exchange",
1866 &ospfh->router_id,
1867 lookup_msg(ospf_nsm_state_msg, nbr->state,
1868 NULL));
1869 return;
1870 }
1871
1872 /* Get list of LSAs from Link State Update packet. - Also performs
1873 * Stages 1 (validate LSA checksum) and 2 (check for LSA consistent
1874 * type) of section 13.
1875 */
1876 lsas = ospf_ls_upd_list_lsa(nbr, s, oi, size);
1877
1878 if (lsas == NULL)
1879 return;
1880 #define DISCARD_LSA(L, N) \
1881 { \
1882 if (IS_DEBUG_OSPF_EVENT) \
1883 zlog_debug( \
1884 "ospf_lsa_discard() in ospf_ls_upd() point %d: lsa %p" \
1885 " Type-%d", \
1886 N, (void *)lsa, (int)lsa->data->type); \
1887 ospf_lsa_discard(L); \
1888 continue; \
1889 }
1890
1891 /* Process each LSA received in the one packet.
1892 *
1893 * Numbers in parentheses, e.g. (1), (2), etc., and the corresponding
1894 * text below are from the steps in RFC 2328, Section 13.
1895 */
1896 for (ALL_LIST_ELEMENTS(lsas, node, nnode, lsa)) {
1897 struct ospf_lsa *ls_ret, *current;
1898 int ret = 1;
1899
1900 if (IS_DEBUG_OSPF(lsa, LSA))
1901 zlog_debug("LSA Type-%d from %pI4, ID: %pI4, ADV: %pI4",
1902 lsa->data->type, &ospfh->router_id,
1903 &lsa->data->id, &lsa->data->adv_router);
1904
1905 listnode_delete(lsas,
1906 lsa); /* We don't need it in list anymore */
1907
1908 /* (1) Validate Checksum - Done above by ospf_ls_upd_list_lsa()
1909 */
1910
1911 /* (2) LSA Type - Done above by ospf_ls_upd_list_lsa() */
1912
1913 /* (3) Do not take in AS External LSAs if we are a stub or NSSA.
1914 */
1915
1916 /* Do not take in AS NSSA if this neighbor and we are not NSSA
1917 */
1918
1919 /* Do take in Type-7's if we are an NSSA */
1920
1921 /* If we are also an ABR, later translate them to a Type-5
1922 * packet */
1923
1924 /* Later, an NSSA Re-fresh can Re-fresh Type-7's and an ABR will
1925 translate them to a separate Type-5 packet. */
1926
1927 if (lsa->data->type == OSPF_AS_EXTERNAL_LSA)
1928 /* Reject from STUB or NSSA */
1929 if (nbr->oi->area->external_routing
1930 != OSPF_AREA_DEFAULT) {
1931 if (IS_DEBUG_OSPF_NSSA)
1932 zlog_debug(
1933 "Incoming External LSA Discarded: We are NSSA/STUB Area");
1934 DISCARD_LSA(lsa, 1);
1935 }
1936
1937 if (lsa->data->type == OSPF_AS_NSSA_LSA)
1938 if (nbr->oi->area->external_routing != OSPF_AREA_NSSA) {
1939 if (IS_DEBUG_OSPF_NSSA)
1940 zlog_debug(
1941 "Incoming NSSA LSA Discarded: Not NSSA Area");
1942 DISCARD_LSA(lsa, 2);
1943 }
1944
1945 /* VU229804: Router-LSA Adv-ID must be equal to LS-ID */
1946 if (lsa->data->type == OSPF_ROUTER_LSA)
1947 if (!IPV4_ADDR_SAME(&lsa->data->id,
1948 &lsa->data->adv_router)) {
1949 flog_err(
1950 EC_OSPF_ROUTER_LSA_MISMATCH,
1951 "Incoming Router-LSA from %pI4 with Adv-ID[%pI4] != LS-ID[%pI4]",
1952 &ospfh->router_id, &lsa->data->id,
1953 &lsa->data->adv_router);
1954 flog_err(
1955 EC_OSPF_DOMAIN_CORRUPT,
1956 "OSPF domain compromised by attack or corruption. Verify correct operation of -ALL- OSPF routers.");
1957 DISCARD_LSA(lsa, 0);
1958 }
1959
1960 /* Find the LSA in the current database. */
1961
1962 current = ospf_lsa_lookup_by_header(oi->area, lsa->data);
1963
1964 /* (4) If the LSA's LS age is equal to MaxAge, and there is
1965 currently
1966 no instance of the LSA in the router's link state database,
1967 and none of router's neighbors are in states Exchange or
1968 Loading,
1969 then take the following actions: */
1970
1971 if (IS_LSA_MAXAGE(lsa) && !current
1972 && ospf_check_nbr_status(oi->ospf)) {
1973 /* (4a) Response Link State Acknowledgment. */
1974 ospf_ls_ack_send(nbr, lsa);
1975
1976 /* (4b) Discard LSA. */
1977 if (IS_DEBUG_OSPF(lsa, LSA)) {
1978 zlog_debug(
1979 "Link State Update[%s]: LS age is equal to MaxAge.",
1980 dump_lsa_key(lsa));
1981 }
1982 DISCARD_LSA(lsa, 3);
1983 }
1984
1985 if (IS_OPAQUE_LSA(lsa->data->type)
1986 && IPV4_ADDR_SAME(&lsa->data->adv_router,
1987 &oi->ospf->router_id)) {
1988 /*
1989 * Even if initial flushing seems to be completed, there
1990 * might
1991 * be a case that self-originated LSA with MaxAge still
1992 * remain
1993 * in the routing domain.
1994 * Just send an LSAck message to cease retransmission.
1995 */
1996 if (IS_LSA_MAXAGE(lsa)) {
1997 zlog_info("LSA[%s]: Boomerang effect?",
1998 dump_lsa_key(lsa));
1999 ospf_ls_ack_send(nbr, lsa);
2000 ospf_lsa_discard(lsa);
2001
2002 if (current != NULL && !IS_LSA_MAXAGE(current))
2003 ospf_opaque_lsa_refresh_schedule(
2004 current);
2005 continue;
2006 }
2007
2008 /*
2009 * If an instance of self-originated Opaque-LSA is not
2010 * found
2011 * in the LSDB, there are some possible cases here.
2012 *
2013 * 1) This node lost opaque-capability after restart.
2014 * 2) Else, a part of opaque-type is no more supported.
2015 * 3) Else, a part of opaque-id is no more supported.
2016 *
2017 * Anyway, it is still this node's responsibility to
2018 * flush it.
2019 * Otherwise, the LSA instance remains in the routing
2020 * domain
2021 * until its age reaches to MaxAge.
2022 */
2023 /* XXX: We should deal with this for *ALL* LSAs, not
2024 * just opaque */
2025 if (current == NULL) {
2026 if (IS_DEBUG_OSPF_EVENT)
2027 zlog_debug(
2028 "LSA[%s]: Previously originated Opaque-LSA,not found in the LSDB.",
2029 dump_lsa_key(lsa));
2030
2031 SET_FLAG(lsa->flags, OSPF_LSA_SELF);
2032
2033 ospf_ls_ack_send(nbr, lsa);
2034
2035 if (!ospf->gr_info.restart_in_progress) {
2036 ospf_opaque_self_originated_lsa_received(
2037 nbr, lsa);
2038 continue;
2039 }
2040 }
2041 }
2042
2043 /* It might be happen that received LSA is self-originated
2044 * network LSA, but
2045 * router ID is changed. So, we should check if LSA is a
2046 * network-LSA whose
2047 * Link State ID is one of the router's own IP interface
2048 * addresses but whose
2049 * Advertising Router is not equal to the router's own Router ID
2050 * According to RFC 2328 12.4.2 and 13.4 this LSA should be
2051 * flushed.
2052 */
2053
2054 if (lsa->data->type == OSPF_NETWORK_LSA) {
2055 struct listnode *oinode, *oinnode;
2056 struct ospf_interface *out_if;
2057 int Flag = 0;
2058
2059 for (ALL_LIST_ELEMENTS(oi->ospf->oiflist, oinode,
2060 oinnode, out_if)) {
2061 if (out_if == NULL)
2062 break;
2063
2064 if ((IPV4_ADDR_SAME(&out_if->address->u.prefix4,
2065 &lsa->data->id))
2066 && (!(IPV4_ADDR_SAME(
2067 &oi->ospf->router_id,
2068 &lsa->data->adv_router)))) {
2069 if (out_if->network_lsa_self) {
2070 ospf_lsa_flush_area(
2071 lsa, out_if->area);
2072 if (IS_DEBUG_OSPF_EVENT)
2073 zlog_debug(
2074 "ospf_lsa_discard() in ospf_ls_upd() point 9: lsa %p Type-%d",
2075 (void *)lsa,
2076 (int)lsa->data
2077 ->type);
2078 ospf_lsa_discard(lsa);
2079 Flag = 1;
2080 }
2081 break;
2082 }
2083 }
2084 if (Flag)
2085 continue;
2086 }
2087
2088 /* (5) Find the instance of this LSA that is currently contained
2089 in the router's link state database. If there is no
2090 database copy, or the received LSA is more recent than
2091 the database copy the following steps must be performed.
2092 (The sub steps from RFC 2328 section 13 step (5) will be
2093 performed in
2094 ospf_flood() ) */
2095
2096 if (current == NULL
2097 || (ret = ospf_lsa_more_recent(current, lsa)) < 0) {
2098 /* CVE-2017-3224 */
2099 if (current && (IS_LSA_MAX_SEQ(current))
2100 && (IS_LSA_MAX_SEQ(lsa)) && !IS_LSA_MAXAGE(lsa)) {
2101 zlog_debug(
2102 "Link State Update[%s]: has Max Seq and higher checksum but not MaxAge. Dropping it",
2103 dump_lsa_key(lsa));
2104
2105 DISCARD_LSA(lsa, 4);
2106 }
2107
2108 /* Actual flooding procedure. */
2109 if (ospf_flood(oi->ospf, nbr, current, lsa)
2110 < 0) /* Trap NSSA later. */
2111 DISCARD_LSA(lsa, 5);
2112 continue;
2113 }
2114
2115 /* (6) Else, If there is an instance of the LSA on the sending
2116 neighbor's Link state request list, an error has occurred in
2117 the Database Exchange process. In this case, restart the
2118 Database Exchange process by generating the neighbor event
2119 BadLSReq for the sending neighbor and stop processing the
2120 Link State Update packet. */
2121
2122 if (ospf_ls_request_lookup(nbr, lsa)) {
2123 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_BadLSReq);
2124 flog_warn(
2125 EC_OSPF_PACKET,
2126 "LSA[%s] instance exists on Link state request list",
2127 dump_lsa_key(lsa));
2128
2129 /* Clean list of LSAs. */
2130 ospf_upd_list_clean(lsas);
2131 /* this lsa is not on lsas list already. */
2132 ospf_lsa_discard(lsa);
2133 return;
2134 }
2135
2136 /* If the received LSA is the same instance as the database copy
2137 (i.e., neither one is more recent) the following two steps
2138 should be performed: */
2139
2140 if (ret == 0) {
2141 /* If the LSA is listed in the Link state retransmission
2142 list
2143 for the receiving adjacency, the router itself is
2144 expecting
2145 an acknowledgment for this LSA. The router should
2146 treat the
2147 received LSA as an acknowledgment by removing the LSA
2148 from
2149 the Link state retransmission list. This is termed
2150 an
2151 "implied acknowledgment". */
2152
2153 ls_ret = ospf_ls_retransmit_lookup(nbr, lsa);
2154
2155 if (ls_ret != NULL) {
2156 ospf_ls_retransmit_delete(nbr, ls_ret);
2157
2158 /* Delayed acknowledgment sent if advertisement
2159 received
2160 from Designated Router, otherwise do nothing.
2161 */
2162 if (oi->state == ISM_Backup)
2163 if (NBR_IS_DR(nbr))
2164 listnode_add(
2165 oi->ls_ack,
2166 ospf_lsa_lock(lsa));
2167
2168 DISCARD_LSA(lsa, 6);
2169 } else
2170 /* Acknowledge the receipt of the LSA by sending a
2171 Link State Acknowledgment packet back out the
2172 receiving
2173 interface. */
2174 {
2175 ospf_ls_ack_send(nbr, lsa);
2176 DISCARD_LSA(lsa, 7);
2177 }
2178 }
2179
2180 /* The database copy is more recent. If the database copy
2181 has LS age equal to MaxAge and LS sequence number equal to
2182 MaxSequenceNumber, simply discard the received LSA without
2183 acknowledging it. (In this case, the LSA's LS sequence number
2184 is
2185 wrapping, and the MaxSequenceNumber LSA must be completely
2186 flushed before any new LSA instance can be introduced). */
2187
2188 else if (ret > 0) /* Database copy is more recent */
2189 {
2190 if (IS_LSA_MAXAGE(current)
2191 && current->data->ls_seqnum
2192 == htonl(OSPF_MAX_SEQUENCE_NUMBER)) {
2193 DISCARD_LSA(lsa, 8);
2194 }
2195 /* Otherwise, as long as the database copy has not been
2196 sent in a
2197 Link State Update within the last MinLSArrival
2198 seconds, send the
2199 database copy back to the sending neighbor,
2200 encapsulated within
2201 a Link State Update Packet. The Link State Update
2202 Packet should
2203 be sent directly to the neighbor. In so doing, do not
2204 put the
2205 database copy of the LSA on the neighbor's link state
2206 retransmission list, and do not acknowledge the
2207 received (less
2208 recent) LSA instance. */
2209 else {
2210 if (monotime_since(&current->tv_orig, NULL)
2211 >= ospf->min_ls_arrival * 1000LL)
2212 /* Trap NSSA type later.*/
2213 ospf_ls_upd_send_lsa(
2214 nbr, current,
2215 OSPF_SEND_PACKET_DIRECT);
2216 DISCARD_LSA(lsa, 9);
2217 }
2218 }
2219 }
2220 #undef DISCARD_LSA
2221
2222 assert(listcount(lsas) == 0);
2223 list_delete(&lsas);
2224
2225 if (ospf->gr_info.restart_in_progress)
2226 ospf_gr_check_lsdb_consistency(oi->ospf, oi->area);
2227 }
2228
2229 /* OSPF Link State Acknowledgment message read -- RFC2328 Section 13.7. */
2230 static void ospf_ls_ack(struct ip *iph, struct ospf_header *ospfh,
2231 struct stream *s, struct ospf_interface *oi,
2232 uint16_t size)
2233 {
2234 struct ospf_neighbor *nbr;
2235
2236 /* increment statistics. */
2237 oi->ls_ack_in++;
2238
2239 nbr = ospf_nbr_lookup(oi, iph, ospfh);
2240 if (nbr == NULL) {
2241 flog_warn(EC_OSPF_PACKET,
2242 "Link State Acknowledgment: Unknown Neighbor %pI4",
2243 &ospfh->router_id);
2244 return;
2245 }
2246
2247 if (nbr->state < NSM_Exchange) {
2248 if (IS_DEBUG_OSPF(nsm, NSM_EVENTS))
2249 zlog_debug(
2250 "Link State Acknowledgment: Neighbor[%pI4] state %s is less than Exchange",
2251 &ospfh->router_id,
2252 lookup_msg(ospf_nsm_state_msg, nbr->state,
2253 NULL));
2254 return;
2255 }
2256
2257 while (size >= OSPF_LSA_HEADER_SIZE) {
2258 struct ospf_lsa *lsa, *lsr;
2259
2260 lsa = ospf_lsa_new();
2261 lsa->data = (struct lsa_header *)stream_pnt(s);
2262 lsa->vrf_id = oi->ospf->vrf_id;
2263
2264 /* lsah = (struct lsa_header *) stream_pnt (s); */
2265 size -= OSPF_LSA_HEADER_SIZE;
2266 stream_forward_getp(s, OSPF_LSA_HEADER_SIZE);
2267
2268 if (lsa->data->type < OSPF_MIN_LSA
2269 || lsa->data->type >= OSPF_MAX_LSA) {
2270 lsa->data = NULL;
2271 ospf_lsa_discard(lsa);
2272 continue;
2273 }
2274
2275 lsr = ospf_ls_retransmit_lookup(nbr, lsa);
2276
2277 if (lsr != NULL && ospf_lsa_more_recent(lsr, lsa) == 0) {
2278 ospf_ls_retransmit_delete(nbr, lsr);
2279 ospf_check_and_gen_init_seq_lsa(oi, lsa);
2280 }
2281
2282 lsa->data = NULL;
2283 ospf_lsa_discard(lsa);
2284 }
2285
2286 return;
2287 }
2288
2289 static struct stream *ospf_recv_packet(struct ospf *ospf, int fd,
2290 struct interface **ifp,
2291 struct stream *ibuf)
2292 {
2293 int ret;
2294 struct ip *iph;
2295 uint16_t ip_len;
2296 ifindex_t ifindex = 0;
2297 struct iovec iov;
2298 /* Header and data both require alignment. */
2299 char buff[CMSG_SPACE(SOPT_SIZE_CMSG_IFINDEX_IPV4())];
2300 struct msghdr msgh;
2301
2302 memset(&msgh, 0, sizeof(msgh));
2303 msgh.msg_iov = &iov;
2304 msgh.msg_iovlen = 1;
2305 msgh.msg_control = (caddr_t)buff;
2306 msgh.msg_controllen = sizeof(buff);
2307
2308 ret = stream_recvmsg(ibuf, fd, &msgh, MSG_DONTWAIT,
2309 OSPF_MAX_PACKET_SIZE + 1);
2310 if (ret < 0) {
2311 if (errno != EAGAIN && errno != EWOULDBLOCK)
2312 flog_warn(EC_OSPF_PACKET, "stream_recvmsg failed: %s",
2313 safe_strerror(errno));
2314 return NULL;
2315 }
2316 if ((unsigned int)ret < sizeof(struct ip)) {
2317 flog_warn(
2318 EC_OSPF_PACKET,
2319 "%s: discarding runt packet of length %d (ip header size is %u)",
2320 __func__, ret, (unsigned int)sizeof(iph));
2321 return NULL;
2322 }
2323
2324 /* Note that there should not be alignment problems with this assignment
2325 because this is at the beginning of the stream data buffer. */
2326 iph = (struct ip *)STREAM_DATA(ibuf);
2327 sockopt_iphdrincl_swab_systoh(iph);
2328
2329 ip_len = iph->ip_len;
2330
2331 #if defined(__FreeBSD__) && (__FreeBSD_version < 1000000)
2332 /*
2333 * Kernel network code touches incoming IP header parameters,
2334 * before protocol specific processing.
2335 *
2336 * 1) Convert byteorder to host representation.
2337 * --> ip_len, ip_id, ip_off
2338 *
2339 * 2) Adjust ip_len to strip IP header size!
2340 * --> If user process receives entire IP packet via RAW
2341 * socket, it must consider adding IP header size to
2342 * the "ip_len" field of "ip" structure.
2343 *
2344 * For more details, see <netinet/ip_input.c>.
2345 */
2346 ip_len = ip_len + (iph->ip_hl << 2);
2347 #endif
2348
2349 #if defined(__DragonFly__)
2350 /*
2351 * in DragonFly's raw socket, ip_len/ip_off are read
2352 * in network byte order.
2353 * As OpenBSD < 200311 adjust ip_len to strip IP header size!
2354 */
2355 ip_len = ntohs(iph->ip_len) + (iph->ip_hl << 2);
2356 #endif
2357
2358 ifindex = getsockopt_ifindex(AF_INET, &msgh);
2359
2360 *ifp = if_lookup_by_index(ifindex, ospf->vrf_id);
2361
2362 if (ret != ip_len) {
2363 flog_warn(
2364 EC_OSPF_PACKET,
2365 "%s read length mismatch: ip_len is %d, but recvmsg returned %d",
2366 __func__, ip_len, ret);
2367 return NULL;
2368 }
2369
2370 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2371 zlog_debug("%s: fd %d(%s) on interface %d(%s)", __func__, fd,
2372 ospf_get_name(ospf), ifindex,
2373 *ifp ? (*ifp)->name : "Unknown");
2374 return ibuf;
2375 }
2376
2377 static struct ospf_interface *
2378 ospf_associate_packet_vl(struct ospf *ospf, struct interface *ifp,
2379 struct ip *iph, struct ospf_header *ospfh)
2380 {
2381 struct ospf_interface *rcv_oi;
2382 struct ospf_vl_data *vl_data;
2383 struct ospf_area *vl_area;
2384 struct listnode *node;
2385
2386 if (IN_MULTICAST(ntohl(iph->ip_dst.s_addr))
2387 || !OSPF_IS_AREA_BACKBONE(ospfh))
2388 return NULL;
2389
2390 /* look for local OSPF interface matching the destination
2391 * to determine Area ID. We presume therefore the destination address
2392 * is unique, or at least (for "unnumbered" links), not used in other
2393 * areas
2394 */
2395 if ((rcv_oi = ospf_if_lookup_by_local_addr(ospf, NULL, iph->ip_dst))
2396 == NULL)
2397 return NULL;
2398
2399 for (ALL_LIST_ELEMENTS_RO(ospf->vlinks, node, vl_data)) {
2400 vl_area =
2401 ospf_area_lookup_by_area_id(ospf, vl_data->vl_area_id);
2402 if (!vl_area)
2403 continue;
2404
2405 if (OSPF_AREA_SAME(&vl_area, &rcv_oi->area)
2406 && IPV4_ADDR_SAME(&vl_data->vl_peer, &ospfh->router_id)) {
2407 if (IS_DEBUG_OSPF_EVENT)
2408 zlog_debug("associating packet with %s",
2409 IF_NAME(vl_data->vl_oi));
2410 if (!CHECK_FLAG(vl_data->vl_oi->ifp->flags, IFF_UP)) {
2411 if (IS_DEBUG_OSPF_EVENT)
2412 zlog_debug(
2413 "This VL is not up yet, sorry");
2414 return NULL;
2415 }
2416
2417 return vl_data->vl_oi;
2418 }
2419 }
2420
2421 if (IS_DEBUG_OSPF_EVENT)
2422 zlog_debug("couldn't find any VL to associate the packet with");
2423
2424 return NULL;
2425 }
2426
2427 static int ospf_check_area_id(struct ospf_interface *oi,
2428 struct ospf_header *ospfh)
2429 {
2430 /* Check match the Area ID of the receiving interface. */
2431 if (OSPF_AREA_SAME(&oi->area, &ospfh))
2432 return 1;
2433
2434 return 0;
2435 }
2436
2437 /* Unbound socket will accept any Raw IP packets if proto is matched.
2438 To prevent it, compare src IP address and i/f address with masking
2439 i/f network mask. */
2440 static int ospf_check_network_mask(struct ospf_interface *oi,
2441 struct in_addr ip_src)
2442 {
2443 struct in_addr mask, me, him;
2444
2445 if (oi->type == OSPF_IFTYPE_POINTOPOINT
2446 || oi->type == OSPF_IFTYPE_VIRTUALLINK)
2447 return 1;
2448
2449 /* Ignore mask check for max prefix length (32) */
2450 if (oi->type == OSPF_IFTYPE_POINTOMULTIPOINT
2451 && oi->address->prefixlen == IPV4_MAX_BITLEN)
2452 return 1;
2453
2454 masklen2ip(oi->address->prefixlen, &mask);
2455
2456 me.s_addr = oi->address->u.prefix4.s_addr & mask.s_addr;
2457 him.s_addr = ip_src.s_addr & mask.s_addr;
2458
2459 if (IPV4_ADDR_SAME(&me, &him))
2460 return 1;
2461
2462 return 0;
2463 }
2464
2465 /* Return 1, if the packet is properly authenticated and checksummed,
2466 0 otherwise. In particular, check that AuType header field is valid and
2467 matches the locally configured AuType, and that D.5 requirements are met. */
2468 static int ospf_check_auth(struct ospf_interface *oi, struct ospf_header *ospfh)
2469 {
2470 struct crypt_key *ck;
2471 uint16_t iface_auth_type;
2472 uint16_t pkt_auth_type = ntohs(ospfh->auth_type);
2473
2474 switch (pkt_auth_type) {
2475 case OSPF_AUTH_NULL: /* RFC2328 D.5.1 */
2476 if (OSPF_AUTH_NULL != (iface_auth_type = ospf_auth_type(oi))) {
2477 if (IS_DEBUG_OSPF_PACKET(ospfh->type - 1, RECV))
2478 flog_warn(
2479 EC_OSPF_PACKET,
2480 "interface %s: auth-type mismatch, local %s, rcvd Null",
2481 IF_NAME(oi),
2482 lookup_msg(ospf_auth_type_str,
2483 iface_auth_type, NULL));
2484 return 0;
2485 }
2486 if (!ospf_check_sum(ospfh)) {
2487 if (IS_DEBUG_OSPF_PACKET(ospfh->type - 1, RECV))
2488 flog_warn(
2489 EC_OSPF_PACKET,
2490 "interface %s: Null auth OK, but checksum error, Router-ID %pI4",
2491 IF_NAME(oi),
2492 &ospfh->router_id);
2493 return 0;
2494 }
2495 return 1;
2496 case OSPF_AUTH_SIMPLE: /* RFC2328 D.5.2 */
2497 if (OSPF_AUTH_SIMPLE
2498 != (iface_auth_type = ospf_auth_type(oi))) {
2499 if (IS_DEBUG_OSPF_PACKET(ospfh->type - 1, RECV))
2500 flog_warn(
2501 EC_OSPF_PACKET,
2502 "interface %s: auth-type mismatch, local %s, rcvd Simple",
2503 IF_NAME(oi),
2504 lookup_msg(ospf_auth_type_str,
2505 iface_auth_type, NULL));
2506 return 0;
2507 }
2508 if (memcmp(OSPF_IF_PARAM(oi, auth_simple), ospfh->u.auth_data,
2509 OSPF_AUTH_SIMPLE_SIZE)) {
2510 if (IS_DEBUG_OSPF_PACKET(ospfh->type - 1, RECV))
2511 flog_warn(EC_OSPF_PACKET,
2512 "interface %s: Simple auth failed",
2513 IF_NAME(oi));
2514 return 0;
2515 }
2516 if (!ospf_check_sum(ospfh)) {
2517 if (IS_DEBUG_OSPF_PACKET(ospfh->type - 1, RECV))
2518 flog_warn(
2519 EC_OSPF_PACKET,
2520 "interface %s: Simple auth OK, checksum error, Router-ID %pI4",
2521 IF_NAME(oi),
2522 &ospfh->router_id);
2523 return 0;
2524 }
2525 return 1;
2526 case OSPF_AUTH_CRYPTOGRAPHIC: /* RFC2328 D.5.3 */
2527 if (OSPF_AUTH_CRYPTOGRAPHIC
2528 != (iface_auth_type = ospf_auth_type(oi))) {
2529 if (IS_DEBUG_OSPF_PACKET(ospfh->type - 1, RECV))
2530 flog_warn(
2531 EC_OSPF_PACKET,
2532 "interface %s: auth-type mismatch, local %s, rcvd Cryptographic",
2533 IF_NAME(oi),
2534 lookup_msg(ospf_auth_type_str,
2535 iface_auth_type, NULL));
2536 return 0;
2537 }
2538 if (ospfh->checksum) {
2539 if (IS_DEBUG_OSPF_PACKET(ospfh->type - 1, RECV))
2540 flog_warn(
2541 EC_OSPF_PACKET,
2542 "interface %s: OSPF header checksum is not 0",
2543 IF_NAME(oi));
2544 return 0;
2545 }
2546 /* only MD5 crypto method can pass ospf_packet_examin() */
2547 if (NULL == (ck = listgetdata(
2548 listtail(OSPF_IF_PARAM(oi, auth_crypt))))
2549 || ospfh->u.crypt.key_id != ck->key_id ||
2550 /* Condition above uses the last key ID on the list,
2551 which is
2552 different from what ospf_crypt_key_lookup() does. A
2553 bug? */
2554 !ospf_check_md5_digest(oi, ospfh)) {
2555 if (IS_DEBUG_OSPF_PACKET(ospfh->type - 1, RECV))
2556 flog_warn(EC_OSPF_MD5,
2557 "interface %s: MD5 auth failed",
2558 IF_NAME(oi));
2559 return 0;
2560 }
2561 return 1;
2562 default:
2563 if (IS_DEBUG_OSPF_PACKET(ospfh->type - 1, RECV))
2564 flog_warn(
2565 EC_OSPF_PACKET,
2566 "interface %s: invalid packet auth-type (%02x)",
2567 IF_NAME(oi), pkt_auth_type);
2568 return 0;
2569 }
2570 }
2571
2572 static int ospf_check_sum(struct ospf_header *ospfh)
2573 {
2574 uint32_t ret;
2575 uint16_t sum;
2576
2577 /* clear auth_data for checksum. */
2578 memset(ospfh->u.auth_data, 0, OSPF_AUTH_SIMPLE_SIZE);
2579
2580 /* keep checksum and clear. */
2581 sum = ospfh->checksum;
2582 memset(&ospfh->checksum, 0, sizeof(uint16_t));
2583
2584 /* calculate checksum. */
2585 ret = in_cksum(ospfh, ntohs(ospfh->length));
2586
2587 if (ret != sum) {
2588 zlog_info("%s: checksum mismatch, my %X, his %X", __func__, ret,
2589 sum);
2590 return 0;
2591 }
2592
2593 return 1;
2594 }
2595
2596 /* Verify, that given link/TOS records are properly sized/aligned and match
2597 Router-LSA "# links" and "# TOS" fields as specified in RFC2328 A.4.2. */
2598 static unsigned ospf_router_lsa_links_examin(struct router_lsa_link *link,
2599 uint16_t linkbytes,
2600 const uint16_t num_links)
2601 {
2602 unsigned counted_links = 0, thislinklen;
2603
2604 while (linkbytes >= OSPF_ROUTER_LSA_LINK_SIZE) {
2605 thislinklen =
2606 OSPF_ROUTER_LSA_LINK_SIZE + 4 * link->m[0].tos_count;
2607 if (thislinklen > linkbytes) {
2608 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2609 zlog_debug("%s: length error in link block #%u",
2610 __func__, counted_links);
2611 return MSG_NG;
2612 }
2613 link = (struct router_lsa_link *)((caddr_t)link + thislinklen);
2614 linkbytes -= thislinklen;
2615 counted_links++;
2616 }
2617 if (counted_links != num_links) {
2618 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2619 zlog_debug("%s: %u link blocks declared, %u present",
2620 __func__, num_links, counted_links);
2621 return MSG_NG;
2622 }
2623 return MSG_OK;
2624 }
2625
2626 /* Verify, that the given LSA is properly sized/aligned (including type-specific
2627 minimum length constraint). */
2628 static unsigned ospf_lsa_examin(struct lsa_header *lsah, const uint16_t lsalen,
2629 const uint8_t headeronly)
2630 {
2631 unsigned ret;
2632 struct router_lsa *rlsa;
2633 if (lsah->type < OSPF_MAX_LSA && ospf_lsa_minlen[lsah->type]
2634 && lsalen < OSPF_LSA_HEADER_SIZE + ospf_lsa_minlen[lsah->type]) {
2635 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2636 zlog_debug("%s: undersized (%u B) %s", __func__, lsalen,
2637 lookup_msg(ospf_lsa_type_msg, lsah->type,
2638 NULL));
2639 return MSG_NG;
2640 }
2641 switch (lsah->type) {
2642 case OSPF_ROUTER_LSA: {
2643 /*
2644 * RFC2328 A.4.2, LSA header + 4 bytes followed by N>=0
2645 * (12+)-byte link blocks
2646 */
2647 size_t linkbytes_len = lsalen - OSPF_LSA_HEADER_SIZE
2648 - OSPF_ROUTER_LSA_MIN_SIZE;
2649
2650 /*
2651 * LSA link blocks are variable length but always multiples of
2652 * 4; basic sanity check
2653 */
2654 if (linkbytes_len % 4 != 0)
2655 return MSG_NG;
2656
2657 if (headeronly)
2658 return MSG_OK;
2659
2660 rlsa = (struct router_lsa *)lsah;
2661
2662 ret = ospf_router_lsa_links_examin(
2663 (struct router_lsa_link *)rlsa->link,
2664 linkbytes_len,
2665 ntohs(rlsa->links));
2666 break;
2667 }
2668 case OSPF_AS_EXTERNAL_LSA:
2669 /* RFC2328 A.4.5, LSA header + 4 bytes followed by N>=1 12-bytes long
2670 * blocks */
2671 case OSPF_AS_NSSA_LSA:
2672 /* RFC3101 C, idem */
2673 ret = (lsalen - OSPF_LSA_HEADER_SIZE
2674 - OSPF_AS_EXTERNAL_LSA_MIN_SIZE)
2675 % 12
2676 ? MSG_NG
2677 : MSG_OK;
2678 break;
2679 /* Following LSA types are considered OK length-wise as soon as their
2680 * minimum
2681 * length constraint is met and length of the whole LSA is a multiple of
2682 * 4
2683 * (basic LSA header size is already a multiple of 4). */
2684 case OSPF_NETWORK_LSA:
2685 /* RFC2328 A.4.3, LSA header + 4 bytes followed by N>=1 router-IDs */
2686 case OSPF_SUMMARY_LSA:
2687 case OSPF_ASBR_SUMMARY_LSA:
2688 /* RFC2328 A.4.4, LSA header + 4 bytes followed by N>=1 4-bytes TOS
2689 * blocks */
2690 case OSPF_OPAQUE_LINK_LSA:
2691 case OSPF_OPAQUE_AREA_LSA:
2692 case OSPF_OPAQUE_AS_LSA:
2693 /* RFC5250 A.2, "some number of octets (of application-specific
2694 * data) padded to 32-bit alignment." This is considered
2695 * equivalent
2696 * to 4-byte alignment of all other LSA types, see
2697 * OSPF-ALIGNMENT.txt
2698 * file for the detailed analysis of this passage. */
2699 ret = lsalen % 4 ? MSG_NG : MSG_OK;
2700 break;
2701 default:
2702 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2703 zlog_debug("%s: unsupported LSA type 0x%02x", __func__,
2704 lsah->type);
2705 return MSG_NG;
2706 }
2707 if (ret != MSG_OK && IS_DEBUG_OSPF_PACKET(0, RECV))
2708 zlog_debug("%s: alignment error in %s", __func__,
2709 lookup_msg(ospf_lsa_type_msg, lsah->type, NULL));
2710 return ret;
2711 }
2712
2713 /* Verify if the provided input buffer is a valid sequence of LSAs. This
2714 includes verification of LSA blocks length/alignment and dispatching
2715 of deeper-level checks. */
2716 static unsigned
2717 ospf_lsaseq_examin(struct lsa_header *lsah, /* start of buffered data */
2718 size_t length, const uint8_t headeronly,
2719 /* When declared_num_lsas is not 0, compare it to the real
2720 number of LSAs
2721 and treat the difference as an error. */
2722 const uint32_t declared_num_lsas)
2723 {
2724 uint32_t counted_lsas = 0;
2725
2726 while (length) {
2727 uint16_t lsalen;
2728 if (length < OSPF_LSA_HEADER_SIZE) {
2729 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2730 zlog_debug(
2731 "%s: undersized (%zu B) trailing (#%u) LSA header",
2732 __func__, length, counted_lsas);
2733 return MSG_NG;
2734 }
2735 /* save on ntohs() calls here and in the LSA validator */
2736 lsalen = ntohs(lsah->length);
2737 if (lsalen < OSPF_LSA_HEADER_SIZE) {
2738 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2739 zlog_debug(
2740 "%s: malformed LSA header #%u, declared length is %u B",
2741 __func__, counted_lsas, lsalen);
2742 return MSG_NG;
2743 }
2744 if (headeronly) {
2745 /* less checks here and in ospf_lsa_examin() */
2746 if (MSG_OK != ospf_lsa_examin(lsah, lsalen, 1)) {
2747 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2748 zlog_debug(
2749 "%s: malformed header-only LSA #%u",
2750 __func__, counted_lsas);
2751 return MSG_NG;
2752 }
2753 lsah = (struct lsa_header *)((caddr_t)lsah
2754 + OSPF_LSA_HEADER_SIZE);
2755 length -= OSPF_LSA_HEADER_SIZE;
2756 } else {
2757 /* make sure the input buffer is deep enough before
2758 * further checks */
2759 if (lsalen > length) {
2760 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2761 zlog_debug(
2762 "%s: anomaly in LSA #%u: declared length is %u B, buffered length is %zu B",
2763 __func__, counted_lsas, lsalen,
2764 length);
2765 return MSG_NG;
2766 }
2767 if (MSG_OK != ospf_lsa_examin(lsah, lsalen, 0)) {
2768 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2769 zlog_debug("%s: malformed LSA #%u",
2770 __func__, counted_lsas);
2771 return MSG_NG;
2772 }
2773 lsah = (struct lsa_header *)((caddr_t)lsah + lsalen);
2774 length -= lsalen;
2775 }
2776 counted_lsas++;
2777 }
2778
2779 if (declared_num_lsas && counted_lsas != declared_num_lsas) {
2780 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2781 zlog_debug(
2782 "%s: #LSAs declared (%u) does not match actual (%u)",
2783 __func__, declared_num_lsas, counted_lsas);
2784 return MSG_NG;
2785 }
2786 return MSG_OK;
2787 }
2788
2789 /* Verify a complete OSPF packet for proper sizing/alignment. */
2790 static unsigned ospf_packet_examin(struct ospf_header *oh,
2791 const unsigned bytesonwire)
2792 {
2793 uint16_t bytesdeclared, bytesauth;
2794 unsigned ret;
2795 struct ospf_ls_update *lsupd;
2796
2797 /* Length, 1st approximation. */
2798 if (bytesonwire < OSPF_HEADER_SIZE) {
2799 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2800 zlog_debug("%s: undersized (%u B) packet", __func__,
2801 bytesonwire);
2802 return MSG_NG;
2803 }
2804 /* Now it is safe to access header fields. Performing length check,
2805 * allow
2806 * for possible extra bytes of crypto auth/padding, which are not
2807 * counted
2808 * in the OSPF header "length" field. */
2809 if (oh->version != OSPF_VERSION) {
2810 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2811 zlog_debug("%s: invalid (%u) protocol version",
2812 __func__, oh->version);
2813 return MSG_NG;
2814 }
2815 bytesdeclared = ntohs(oh->length);
2816 if (ntohs(oh->auth_type) != OSPF_AUTH_CRYPTOGRAPHIC)
2817 bytesauth = 0;
2818 else {
2819 if (oh->u.crypt.auth_data_len != OSPF_AUTH_MD5_SIZE) {
2820 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2821 zlog_debug(
2822 "%s: unsupported crypto auth length (%u B)",
2823 __func__, oh->u.crypt.auth_data_len);
2824 return MSG_NG;
2825 }
2826 bytesauth = OSPF_AUTH_MD5_SIZE;
2827 }
2828 if (bytesdeclared + bytesauth > bytesonwire) {
2829 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2830 zlog_debug(
2831 "%s: packet length error (%u real, %u+%u declared)",
2832 __func__, bytesonwire, bytesdeclared,
2833 bytesauth);
2834 return MSG_NG;
2835 }
2836 /* Length, 2nd approximation. The type-specific constraint is checked
2837 against declared length, not amount of bytes on wire. */
2838 if (oh->type >= OSPF_MSG_HELLO && oh->type <= OSPF_MSG_LS_ACK
2839 && bytesdeclared
2840 < OSPF_HEADER_SIZE + ospf_packet_minlen[oh->type]) {
2841 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2842 zlog_debug("%s: undersized (%u B) %s packet", __func__,
2843 bytesdeclared,
2844 lookup_msg(ospf_packet_type_str, oh->type,
2845 NULL));
2846 return MSG_NG;
2847 }
2848 switch (oh->type) {
2849 case OSPF_MSG_HELLO:
2850 /* RFC2328 A.3.2, packet header + OSPF_HELLO_MIN_SIZE bytes
2851 followed
2852 by N>=0 router-IDs. */
2853 ret = (bytesdeclared - OSPF_HEADER_SIZE - OSPF_HELLO_MIN_SIZE)
2854 % 4
2855 ? MSG_NG
2856 : MSG_OK;
2857 break;
2858 case OSPF_MSG_DB_DESC:
2859 /* RFC2328 A.3.3, packet header + OSPF_DB_DESC_MIN_SIZE bytes
2860 followed
2861 by N>=0 header-only LSAs. */
2862 ret = ospf_lsaseq_examin(
2863 (struct lsa_header *)((caddr_t)oh + OSPF_HEADER_SIZE
2864 + OSPF_DB_DESC_MIN_SIZE),
2865 bytesdeclared - OSPF_HEADER_SIZE
2866 - OSPF_DB_DESC_MIN_SIZE,
2867 1, /* header-only LSAs */
2868 0);
2869 break;
2870 case OSPF_MSG_LS_REQ:
2871 /* RFC2328 A.3.4, packet header followed by N>=0 12-bytes
2872 * request blocks. */
2873 ret = (bytesdeclared - OSPF_HEADER_SIZE - OSPF_LS_REQ_MIN_SIZE)
2874 % OSPF_LSA_KEY_SIZE
2875 ? MSG_NG
2876 : MSG_OK;
2877 break;
2878 case OSPF_MSG_LS_UPD:
2879 /* RFC2328 A.3.5, packet header + OSPF_LS_UPD_MIN_SIZE bytes
2880 followed
2881 by N>=0 full LSAs (with N declared beforehand). */
2882 lsupd = (struct ospf_ls_update *)((caddr_t)oh
2883 + OSPF_HEADER_SIZE);
2884 ret = ospf_lsaseq_examin(
2885 (struct lsa_header *)((caddr_t)lsupd
2886 + OSPF_LS_UPD_MIN_SIZE),
2887 bytesdeclared - OSPF_HEADER_SIZE - OSPF_LS_UPD_MIN_SIZE,
2888 0, /* full LSAs */
2889 ntohl(lsupd->num_lsas) /* 32 bits */
2890 );
2891 break;
2892 case OSPF_MSG_LS_ACK:
2893 /* RFC2328 A.3.6, packet header followed by N>=0 header-only
2894 * LSAs. */
2895 ret = ospf_lsaseq_examin(
2896 (struct lsa_header *)((caddr_t)oh + OSPF_HEADER_SIZE
2897 + OSPF_LS_ACK_MIN_SIZE),
2898 bytesdeclared - OSPF_HEADER_SIZE - OSPF_LS_ACK_MIN_SIZE,
2899 1, /* header-only LSAs */
2900 0);
2901 break;
2902 default:
2903 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2904 zlog_debug("%s: invalid packet type 0x%02x", __func__,
2905 oh->type);
2906 return MSG_NG;
2907 }
2908 if (ret != MSG_OK && IS_DEBUG_OSPF_PACKET(0, RECV))
2909 zlog_debug("%s: malformed %s packet", __func__,
2910 lookup_msg(ospf_packet_type_str, oh->type, NULL));
2911 return ret;
2912 }
2913
2914 /* OSPF Header verification. */
2915 static int ospf_verify_header(struct stream *ibuf, struct ospf_interface *oi,
2916 struct ip *iph, struct ospf_header *ospfh)
2917 {
2918 /* Check Area ID. */
2919 if (!ospf_check_area_id(oi, ospfh)) {
2920 flog_warn(EC_OSPF_PACKET,
2921 "interface %s: ospf_read invalid Area ID %pI4",
2922 IF_NAME(oi), &ospfh->area_id);
2923 return -1;
2924 }
2925
2926 /* Check network mask, Silently discarded. */
2927 if (!ospf_check_network_mask(oi, iph->ip_src)) {
2928 flog_warn(
2929 EC_OSPF_PACKET,
2930 "interface %s: ospf_read network address is not same [%pI4]",
2931 IF_NAME(oi), &iph->ip_src);
2932 return -1;
2933 }
2934
2935 /* Check authentication. The function handles logging actions, where
2936 * required. */
2937 if (!ospf_check_auth(oi, ospfh))
2938 return -1;
2939
2940 return 0;
2941 }
2942
2943 enum ospf_read_return_enum {
2944 OSPF_READ_ERROR,
2945 OSPF_READ_CONTINUE,
2946 };
2947
2948 static enum ospf_read_return_enum ospf_read_helper(struct ospf *ospf)
2949 {
2950 int ret;
2951 struct stream *ibuf;
2952 struct ospf_interface *oi;
2953 struct ip *iph;
2954 struct ospf_header *ospfh;
2955 uint16_t length;
2956 struct connected *c;
2957 struct interface *ifp = NULL;
2958
2959 stream_reset(ospf->ibuf);
2960 ibuf = ospf_recv_packet(ospf, ospf->fd, &ifp, ospf->ibuf);
2961 if (ibuf == NULL)
2962 return OSPF_READ_ERROR;
2963
2964 /*
2965 * This raw packet is known to be at least as big as its
2966 * IP header. Note that there should not be alignment problems with
2967 * this assignment because this is at the beginning of the
2968 * stream data buffer.
2969 */
2970 iph = (struct ip *)STREAM_DATA(ibuf);
2971 /*
2972 * Note that sockopt_iphdrincl_swab_systoh was called in
2973 * ospf_recv_packet.
2974 */
2975 if (ifp == NULL) {
2976 /*
2977 * Handle cases where the platform does not support
2978 * retrieving the ifindex, and also platforms (such as
2979 * Solaris 8) that claim to support ifindex retrieval but do
2980 * not.
2981 */
2982 c = if_lookup_address((void *)&iph->ip_src, AF_INET,
2983 ospf->vrf_id);
2984 if (c)
2985 ifp = c->ifp;
2986 if (ifp == NULL) {
2987 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2988 zlog_debug(
2989 "%s: Unable to determine incoming interface from: %pI4(%s)",
2990 __func__, &iph->ip_src,
2991 ospf_get_name(ospf));
2992 return OSPF_READ_CONTINUE;
2993 }
2994 }
2995
2996 if (ospf->vrf_id == VRF_DEFAULT && ospf->vrf_id != ifp->vrf->vrf_id) {
2997 /*
2998 * We may have a situation where l3mdev_accept == 1
2999 * let's just kindly drop the packet and move on.
3000 * ospf really really really does not like when
3001 * we receive the same packet multiple times.
3002 */
3003 return OSPF_READ_CONTINUE;
3004 }
3005
3006 /* Self-originated packet should be discarded silently. */
3007 if (ospf_if_lookup_by_local_addr(ospf, NULL, iph->ip_src)) {
3008 if (IS_DEBUG_OSPF_PACKET(0, RECV)) {
3009 zlog_debug(
3010 "ospf_read[%pI4]: Dropping self-originated packet",
3011 &iph->ip_src);
3012 }
3013 return OSPF_READ_CONTINUE;
3014 }
3015
3016 /* Check that we have enough for an IP header */
3017 if ((unsigned int)(iph->ip_hl << 2) >= STREAM_READABLE(ibuf)) {
3018 if ((unsigned int)(iph->ip_hl << 2) == STREAM_READABLE(ibuf)) {
3019 flog_warn(
3020 EC_OSPF_PACKET,
3021 "Rx'd IP packet with OSPF protocol number but no payload");
3022 } else {
3023 flog_warn(
3024 EC_OSPF_PACKET,
3025 "IP header length field claims header is %u bytes, but we only have %zu",
3026 (unsigned int)(iph->ip_hl << 2),
3027 STREAM_READABLE(ibuf));
3028 }
3029
3030 return OSPF_READ_ERROR;
3031 }
3032 stream_forward_getp(ibuf, iph->ip_hl << 2);
3033
3034 ospfh = (struct ospf_header *)stream_pnt(ibuf);
3035 if (MSG_OK
3036 != ospf_packet_examin(ospfh, stream_get_endp(ibuf)
3037 - stream_get_getp(ibuf)))
3038 return OSPF_READ_CONTINUE;
3039 /* Now it is safe to access all fields of OSPF packet header. */
3040
3041 /* associate packet with ospf interface */
3042 oi = ospf_if_lookup_recv_if(ospf, iph->ip_src, ifp);
3043
3044 /*
3045 * ospf_verify_header() relies on a valid "oi" and thus can be called
3046 * only after the passive/backbone/other checks below are passed.
3047 * These checks in turn access the fields of unverified "ospfh"
3048 * structure for their own purposes and must remain very accurate
3049 * in doing this.
3050 */
3051
3052 /* If incoming interface is passive one, ignore it. */
3053 if (oi && OSPF_IF_PASSIVE_STATUS(oi) == OSPF_IF_PASSIVE) {
3054 if (IS_DEBUG_OSPF_EVENT)
3055 zlog_debug(
3056 "ignoring packet from router %pI4 sent to %pI4, received on a passive interface, %pI4",
3057 &ospfh->router_id, &iph->ip_dst,
3058 &oi->address->u.prefix4);
3059
3060 if (iph->ip_dst.s_addr == htonl(OSPF_ALLSPFROUTERS)) {
3061 /* Try to fix multicast membership.
3062 * Some OS:es may have problems in this area,
3063 * make sure it is removed.
3064 */
3065 OI_MEMBER_JOINED(oi, MEMBER_ALLROUTERS);
3066 ospf_if_set_multicast(oi);
3067 }
3068 return OSPF_READ_CONTINUE;
3069 }
3070
3071
3072 /* if no local ospf_interface,
3073 * or header area is backbone but ospf_interface is not
3074 * check for VLINK interface
3075 */
3076 if ((oi == NULL)
3077 || (OSPF_IS_AREA_ID_BACKBONE(ospfh->area_id)
3078 && !OSPF_IS_AREA_ID_BACKBONE(oi->area->area_id))) {
3079 if ((oi = ospf_associate_packet_vl(ospf, ifp, iph, ospfh))
3080 == NULL) {
3081 if (!ospf->instance && IS_DEBUG_OSPF_EVENT)
3082 zlog_debug(
3083 "Packet from [%pI4] received on link %s but no ospf_interface",
3084 &iph->ip_src, ifp->name);
3085 return OSPF_READ_CONTINUE;
3086 }
3087 }
3088
3089 /*
3090 * else it must be a local ospf interface, check it was
3091 * received on correct link
3092 */
3093 else if (oi->ifp != ifp) {
3094 if (IS_DEBUG_OSPF_EVENT)
3095 flog_warn(EC_OSPF_PACKET,
3096 "Packet from [%pI4] received on wrong link %s",
3097 &iph->ip_src, ifp->name);
3098 return OSPF_READ_CONTINUE;
3099 } else if (oi->state == ISM_Down) {
3100 flog_warn(
3101 EC_OSPF_PACKET,
3102 "Ignoring packet from %pI4 to %pI4 received on interface that is down [%s]; interface flags are %s",
3103 &iph->ip_src, &iph->ip_dst, ifp->name,
3104 if_flag_dump(ifp->flags));
3105 /* Fix multicast memberships? */
3106 if (iph->ip_dst.s_addr == htonl(OSPF_ALLSPFROUTERS))
3107 OI_MEMBER_JOINED(oi, MEMBER_ALLROUTERS);
3108 else if (iph->ip_dst.s_addr == htonl(OSPF_ALLDROUTERS))
3109 OI_MEMBER_JOINED(oi, MEMBER_DROUTERS);
3110 if (oi->multicast_memberships)
3111 ospf_if_set_multicast(oi);
3112 return OSPF_READ_CONTINUE;
3113 }
3114
3115 /*
3116 * If the received packet is destined for AllDRouters, the
3117 * packet should be accepted only if the received ospf
3118 * interface state is either DR or Backup -- endo.
3119 *
3120 * I wonder who endo is?
3121 */
3122 if (iph->ip_dst.s_addr == htonl(OSPF_ALLDROUTERS)
3123 && (oi->state != ISM_DR && oi->state != ISM_Backup)) {
3124 flog_warn(
3125 EC_OSPF_PACKET,
3126 "Dropping packet for AllDRouters from [%pI4] via [%s] (ISM: %s)",
3127 &iph->ip_src, IF_NAME(oi),
3128 lookup_msg(ospf_ism_state_msg, oi->state, NULL));
3129 /* Try to fix multicast membership. */
3130 SET_FLAG(oi->multicast_memberships, MEMBER_DROUTERS);
3131 ospf_if_set_multicast(oi);
3132 return OSPF_READ_CONTINUE;
3133 }
3134
3135 /* Verify more OSPF header fields. */
3136 ret = ospf_verify_header(ibuf, oi, iph, ospfh);
3137 if (ret < 0) {
3138 if (IS_DEBUG_OSPF_PACKET(0, RECV))
3139 zlog_debug(
3140 "ospf_read[%pI4]: Header check failed, dropping.",
3141 &iph->ip_src);
3142 return OSPF_READ_CONTINUE;
3143 }
3144
3145 /* Show debug receiving packet. */
3146 if (IS_DEBUG_OSPF_PACKET(ospfh->type - 1, RECV)) {
3147 if (IS_DEBUG_OSPF_PACKET(ospfh->type - 1, DETAIL)) {
3148 zlog_debug(
3149 "-----------------------------------------------------");
3150 ospf_packet_dump(ibuf);
3151 }
3152
3153 zlog_debug("%s received from [%pI4] via [%s]",
3154 lookup_msg(ospf_packet_type_str, ospfh->type, NULL),
3155 &ospfh->router_id, IF_NAME(oi));
3156 zlog_debug(" src [%pI4],", &iph->ip_src);
3157 zlog_debug(" dst [%pI4]", &iph->ip_dst);
3158
3159 if (IS_DEBUG_OSPF_PACKET(ospfh->type - 1, DETAIL))
3160 zlog_debug(
3161 "-----------------------------------------------------");
3162 }
3163
3164 stream_forward_getp(ibuf, OSPF_HEADER_SIZE);
3165
3166 /* Adjust size to message length. */
3167 length = ntohs(ospfh->length) - OSPF_HEADER_SIZE;
3168
3169 /* Read rest of the packet and call each sort of packet routine.
3170 */
3171 switch (ospfh->type) {
3172 case OSPF_MSG_HELLO:
3173 ospf_hello(iph, ospfh, ibuf, oi, length);
3174 break;
3175 case OSPF_MSG_DB_DESC:
3176 ospf_db_desc(iph, ospfh, ibuf, oi, length);
3177 break;
3178 case OSPF_MSG_LS_REQ:
3179 ospf_ls_req(iph, ospfh, ibuf, oi, length);
3180 break;
3181 case OSPF_MSG_LS_UPD:
3182 ospf_ls_upd(ospf, iph, ospfh, ibuf, oi, length);
3183 break;
3184 case OSPF_MSG_LS_ACK:
3185 ospf_ls_ack(iph, ospfh, ibuf, oi, length);
3186 break;
3187 default:
3188 flog_warn(
3189 EC_OSPF_PACKET,
3190 "interface %s(%s): OSPF packet header type %d is illegal",
3191 IF_NAME(oi), ospf_get_name(ospf), ospfh->type);
3192 break;
3193 }
3194
3195 return OSPF_READ_CONTINUE;
3196 }
3197
3198 /* Starting point of packet process function. */
3199 void ospf_read(struct thread *thread)
3200 {
3201 struct ospf *ospf;
3202 int32_t count = 0;
3203 enum ospf_read_return_enum ret;
3204
3205 /* first of all get interface pointer. */
3206 ospf = THREAD_ARG(thread);
3207
3208 /* prepare for next packet. */
3209 thread_add_read(master, ospf_read, ospf, ospf->fd, &ospf->t_read);
3210
3211 while (count < ospf->write_oi_count) {
3212 count++;
3213 ret = ospf_read_helper(ospf);
3214 switch (ret) {
3215 case OSPF_READ_ERROR:
3216 return;
3217 case OSPF_READ_CONTINUE:
3218 break;
3219 }
3220 }
3221 }
3222
3223 /* Make OSPF header. */
3224 static void ospf_make_header(int type, struct ospf_interface *oi,
3225 struct stream *s)
3226 {
3227 struct ospf_header *ospfh;
3228
3229 ospfh = (struct ospf_header *)STREAM_DATA(s);
3230
3231 ospfh->version = (uint8_t)OSPF_VERSION;
3232 ospfh->type = (uint8_t)type;
3233
3234 ospfh->router_id = oi->ospf->router_id;
3235
3236 ospfh->checksum = 0;
3237 ospfh->area_id = oi->area->area_id;
3238 ospfh->auth_type = htons(ospf_auth_type(oi));
3239
3240 memset(ospfh->u.auth_data, 0, OSPF_AUTH_SIMPLE_SIZE);
3241
3242 stream_forward_endp(s, OSPF_HEADER_SIZE);
3243 }
3244
3245 /* Make Authentication Data. */
3246 static int ospf_make_auth(struct ospf_interface *oi, struct ospf_header *ospfh)
3247 {
3248 struct crypt_key *ck;
3249
3250 switch (ospf_auth_type(oi)) {
3251 case OSPF_AUTH_NULL:
3252 /* memset (ospfh->u.auth_data, 0, sizeof(ospfh->u.auth_data));
3253 */
3254 break;
3255 case OSPF_AUTH_SIMPLE:
3256 memcpy(ospfh->u.auth_data, OSPF_IF_PARAM(oi, auth_simple),
3257 OSPF_AUTH_SIMPLE_SIZE);
3258 break;
3259 case OSPF_AUTH_CRYPTOGRAPHIC:
3260 /* If key is not set, then set 0. */
3261 if (list_isempty(OSPF_IF_PARAM(oi, auth_crypt))) {
3262 ospfh->u.crypt.zero = 0;
3263 ospfh->u.crypt.key_id = 0;
3264 ospfh->u.crypt.auth_data_len = OSPF_AUTH_MD5_SIZE;
3265 } else {
3266 ck = listgetdata(
3267 listtail(OSPF_IF_PARAM(oi, auth_crypt)));
3268 ospfh->u.crypt.zero = 0;
3269 ospfh->u.crypt.key_id = ck->key_id;
3270 ospfh->u.crypt.auth_data_len = OSPF_AUTH_MD5_SIZE;
3271 }
3272 /* note: the seq is done in ospf_make_md5_digest() */
3273 break;
3274 default:
3275 /* memset (ospfh->u.auth_data, 0, sizeof(ospfh->u.auth_data));
3276 */
3277 break;
3278 }
3279
3280 return 0;
3281 }
3282
3283 /* Fill rest of OSPF header. */
3284 static void ospf_fill_header(struct ospf_interface *oi, struct stream *s,
3285 uint16_t length)
3286 {
3287 struct ospf_header *ospfh;
3288
3289 ospfh = (struct ospf_header *)STREAM_DATA(s);
3290
3291 /* Fill length. */
3292 ospfh->length = htons(length);
3293
3294 /* Calculate checksum. */
3295 if (ntohs(ospfh->auth_type) != OSPF_AUTH_CRYPTOGRAPHIC)
3296 ospfh->checksum = in_cksum(ospfh, length);
3297 else
3298 ospfh->checksum = 0;
3299
3300 /* Add Authentication Data. */
3301 ospf_make_auth(oi, ospfh);
3302 }
3303
3304 static int ospf_make_hello(struct ospf_interface *oi, struct stream *s)
3305 {
3306 struct ospf_neighbor *nbr;
3307 struct route_node *rn;
3308 uint16_t length = OSPF_HELLO_MIN_SIZE;
3309 struct in_addr mask;
3310 unsigned long p;
3311 int flag = 0;
3312
3313 /* Set netmask of interface. */
3314 if (!(CHECK_FLAG(oi->connected->flags, ZEBRA_IFA_UNNUMBERED)
3315 && oi->type == OSPF_IFTYPE_POINTOPOINT)
3316 && oi->type != OSPF_IFTYPE_VIRTUALLINK)
3317 masklen2ip(oi->address->prefixlen, &mask);
3318 else
3319 memset((char *)&mask, 0, sizeof(struct in_addr));
3320 stream_put_ipv4(s, mask.s_addr);
3321
3322 /* Set Hello Interval. */
3323 if (OSPF_IF_PARAM(oi, fast_hello) == 0)
3324 stream_putw(s, OSPF_IF_PARAM(oi, v_hello));
3325 else
3326 stream_putw(s, 0); /* hello-interval of 0 for fast-hellos */
3327
3328 if (IS_DEBUG_OSPF_EVENT)
3329 zlog_debug("%s: options: %x, int: %s", __func__, OPTIONS(oi),
3330 IF_NAME(oi));
3331
3332 /* Set Options. */
3333 stream_putc(s, OPTIONS(oi));
3334
3335 /* Set Router Priority. */
3336 stream_putc(s, PRIORITY(oi));
3337
3338 /* Set Router Dead Interval. */
3339 stream_putl(s, OSPF_IF_PARAM(oi, v_wait));
3340
3341 /* Set Designated Router. */
3342 stream_put_ipv4(s, DR(oi).s_addr);
3343
3344 p = stream_get_endp(s);
3345
3346 /* Set Backup Designated Router. */
3347 stream_put_ipv4(s, BDR(oi).s_addr);
3348
3349 /* Add neighbor seen. */
3350 for (rn = route_top(oi->nbrs); rn; rn = route_next(rn)) {
3351 nbr = rn->info;
3352
3353 if (!nbr)
3354 continue;
3355
3356 /* Ignore the 0.0.0.0 node */
3357 if (nbr->router_id.s_addr == INADDR_ANY)
3358 continue;
3359
3360 /* Ignore Down neighbor */
3361 if (nbr->state == NSM_Attempt)
3362 continue;
3363
3364 /* This is myself for DR election */
3365 if (nbr->state == NSM_Down)
3366 continue;
3367
3368 if (IPV4_ADDR_SAME(&nbr->router_id, &oi->ospf->router_id))
3369 continue;
3370 /* Check neighbor is sane? */
3371 if (nbr->d_router.s_addr != INADDR_ANY &&
3372 IPV4_ADDR_SAME(&nbr->d_router, &oi->address->u.prefix4) &&
3373 IPV4_ADDR_SAME(&nbr->bd_router, &oi->address->u.prefix4))
3374 flag = 1;
3375
3376 /* Hello packet overflows interface MTU.
3377 */
3378 if (length + sizeof(uint32_t) > ospf_packet_max(oi)) {
3379 flog_err(
3380 EC_OSPF_LARGE_HELLO,
3381 "Oversized Hello packet! Larger than MTU. Not sending it out");
3382 return 0;
3383 }
3384
3385 stream_put_ipv4(s, nbr->router_id.s_addr);
3386 length += 4;
3387 }
3388
3389 /* Let neighbor generate BackupSeen. */
3390 if (flag == 1)
3391 stream_putl_at(s, p, 0); /* ipv4 address, normally */
3392
3393 return length;
3394 }
3395
3396 static int ospf_make_db_desc(struct ospf_interface *oi,
3397 struct ospf_neighbor *nbr, struct stream *s)
3398 {
3399 struct ospf_lsa *lsa;
3400 uint16_t length = OSPF_DB_DESC_MIN_SIZE;
3401 uint8_t options;
3402 unsigned long pp;
3403 int i;
3404 struct ospf_lsdb *lsdb;
3405
3406 /* Set Interface MTU. */
3407 if (oi->type == OSPF_IFTYPE_VIRTUALLINK)
3408 stream_putw(s, 0);
3409 else
3410 stream_putw(s, oi->ifp->mtu);
3411
3412 /* Set Options. */
3413 options = OPTIONS(oi);
3414 if (CHECK_FLAG(oi->ospf->config, OSPF_OPAQUE_CAPABLE))
3415 SET_FLAG(options, OSPF_OPTION_O);
3416 stream_putc(s, options);
3417
3418 /* DD flags */
3419 pp = stream_get_endp(s);
3420 stream_putc(s, nbr->dd_flags);
3421
3422 /* Set DD Sequence Number. */
3423 stream_putl(s, nbr->dd_seqnum);
3424
3425 /* shortcut unneeded walk of (empty) summary LSDBs */
3426 if (ospf_db_summary_isempty(nbr))
3427 goto empty;
3428
3429 /* Describe LSA Header from Database Summary List. */
3430 lsdb = &nbr->db_sum;
3431
3432 for (i = OSPF_MIN_LSA; i < OSPF_MAX_LSA; i++) {
3433 struct route_table *table = lsdb->type[i].db;
3434 struct route_node *rn;
3435
3436 for (rn = route_top(table); rn; rn = route_next(rn))
3437 if ((lsa = rn->info) != NULL) {
3438 if (IS_OPAQUE_LSA(lsa->data->type)
3439 && (!CHECK_FLAG(options, OSPF_OPTION_O))) {
3440 /* Suppress advertising
3441 * opaque-information. */
3442 /* Remove LSA from DB summary list. */
3443 ospf_lsdb_delete(lsdb, lsa);
3444 continue;
3445 }
3446
3447 if (!CHECK_FLAG(lsa->flags, OSPF_LSA_DISCARD)) {
3448 struct lsa_header *lsah;
3449 uint16_t ls_age;
3450
3451 /* DD packet overflows interface MTU. */
3452 if (length + OSPF_LSA_HEADER_SIZE
3453 > ospf_packet_max(oi))
3454 break;
3455
3456 /* Keep pointer to LS age. */
3457 lsah = (struct lsa_header
3458 *)(STREAM_DATA(s)
3459 + stream_get_endp(
3460 s));
3461
3462 /* Proceed stream pointer. */
3463 stream_put(s, lsa->data,
3464 OSPF_LSA_HEADER_SIZE);
3465 length += OSPF_LSA_HEADER_SIZE;
3466
3467 /* Set LS age. */
3468 ls_age = LS_AGE(lsa);
3469 lsah->ls_age = htons(ls_age);
3470 }
3471
3472 /* Remove LSA from DB summary list. */
3473 ospf_lsdb_delete(lsdb, lsa);
3474 }
3475 }
3476
3477 /* Update 'More' bit */
3478 if (ospf_db_summary_isempty(nbr)) {
3479 empty:
3480 if (nbr->state >= NSM_Exchange) {
3481 UNSET_FLAG(nbr->dd_flags, OSPF_DD_FLAG_M);
3482 /* Rewrite DD flags */
3483 stream_putc_at(s, pp, nbr->dd_flags);
3484 } else {
3485 assert(IS_SET_DD_M(nbr->dd_flags));
3486 }
3487 }
3488 return length;
3489 }
3490
3491 static int ospf_make_ls_req_func(struct stream *s, uint16_t *length,
3492 unsigned long delta, struct ospf_neighbor *nbr,
3493 struct ospf_lsa *lsa)
3494 {
3495 struct ospf_interface *oi;
3496
3497 oi = nbr->oi;
3498
3499 /* LS Request packet overflows interface MTU
3500 * delta is just number of bytes required for 1 LS Req
3501 * ospf_packet_max will return the number of bytes can
3502 * be accommodated without ospf header. So length+delta
3503 * can be compared to ospf_packet_max
3504 * to check if it can fit another lsreq in the same packet.
3505 */
3506
3507 if (*length + delta > ospf_packet_max(oi))
3508 return 0;
3509
3510 stream_putl(s, lsa->data->type);
3511 stream_put_ipv4(s, lsa->data->id.s_addr);
3512 stream_put_ipv4(s, lsa->data->adv_router.s_addr);
3513
3514 ospf_lsa_unlock(&nbr->ls_req_last);
3515 nbr->ls_req_last = ospf_lsa_lock(lsa);
3516
3517 *length += 12;
3518 return 1;
3519 }
3520
3521 static int ospf_make_ls_req(struct ospf_neighbor *nbr, struct stream *s)
3522 {
3523 struct ospf_lsa *lsa;
3524 uint16_t length = OSPF_LS_REQ_MIN_SIZE;
3525 unsigned long delta = 12;
3526 struct route_table *table;
3527 struct route_node *rn;
3528 int i;
3529 struct ospf_lsdb *lsdb;
3530
3531 lsdb = &nbr->ls_req;
3532
3533 for (i = OSPF_MIN_LSA; i < OSPF_MAX_LSA; i++) {
3534 table = lsdb->type[i].db;
3535 for (rn = route_top(table); rn; rn = route_next(rn))
3536 if ((lsa = (rn->info)) != NULL)
3537 if (ospf_make_ls_req_func(s, &length, delta,
3538 nbr, lsa)
3539 == 0) {
3540 route_unlock_node(rn);
3541 break;
3542 }
3543 }
3544 return length;
3545 }
3546
3547 static int ls_age_increment(struct ospf_lsa *lsa, int delay)
3548 {
3549 int age;
3550
3551 age = IS_LSA_MAXAGE(lsa) ? OSPF_LSA_MAXAGE : LS_AGE(lsa) + delay;
3552
3553 return (age > OSPF_LSA_MAXAGE ? OSPF_LSA_MAXAGE : age);
3554 }
3555
3556 static int ospf_make_ls_upd(struct ospf_interface *oi, struct list *update,
3557 struct stream *s)
3558 {
3559 struct ospf_lsa *lsa;
3560 struct listnode *node;
3561 uint16_t length = 0;
3562 unsigned int size_noauth;
3563 unsigned long delta = stream_get_endp(s);
3564 unsigned long pp;
3565 int count = 0;
3566
3567 if (IS_DEBUG_OSPF_EVENT)
3568 zlog_debug("%s: Start", __func__);
3569
3570 pp = stream_get_endp(s);
3571 stream_forward_endp(s, OSPF_LS_UPD_MIN_SIZE);
3572 length += OSPF_LS_UPD_MIN_SIZE;
3573
3574 /* Calculate amount of packet usable for data. */
3575 size_noauth = stream_get_size(s) - ospf_packet_authspace(oi);
3576
3577 while ((node = listhead(update)) != NULL) {
3578 struct lsa_header *lsah;
3579 uint16_t ls_age;
3580
3581 lsa = listgetdata(node);
3582 assert(lsa->data);
3583
3584 if (IS_DEBUG_OSPF_EVENT)
3585 zlog_debug("%s: List Iteration %d LSA[%s]", __func__,
3586 count, dump_lsa_key(lsa));
3587
3588 /* Will it fit? Minimum it has to fit at least one */
3589 if ((length + delta + ntohs(lsa->data->length) > size_noauth) &&
3590 (count > 0))
3591 break;
3592
3593 /* Keep pointer to LS age. */
3594 lsah = (struct lsa_header *)(STREAM_DATA(s)
3595 + stream_get_endp(s));
3596
3597 /* Put LSA to Link State Request. */
3598 stream_put(s, lsa->data, ntohs(lsa->data->length));
3599
3600 /* Set LS age. */
3601 /* each hop must increment an lsa_age by transmit_delay
3602 of OSPF interface */
3603 ls_age = ls_age_increment(lsa,
3604 OSPF_IF_PARAM(oi, transmit_delay));
3605 lsah->ls_age = htons(ls_age);
3606
3607 length += ntohs(lsa->data->length);
3608 count++;
3609
3610 list_delete_node(update, node);
3611 ospf_lsa_unlock(&lsa); /* oi->ls_upd_queue */
3612 }
3613
3614 /* Now set #LSAs. */
3615 stream_putl_at(s, pp, count);
3616
3617 if (IS_DEBUG_OSPF_EVENT)
3618 zlog_debug("%s: Stop", __func__);
3619 return length;
3620 }
3621
3622 static int ospf_make_ls_ack(struct ospf_interface *oi, struct list *ack,
3623 struct stream *s)
3624 {
3625 struct listnode *node, *nnode;
3626 uint16_t length = OSPF_LS_ACK_MIN_SIZE;
3627 unsigned long delta = OSPF_LSA_HEADER_SIZE;
3628 struct ospf_lsa *lsa;
3629
3630 for (ALL_LIST_ELEMENTS(ack, node, nnode, lsa)) {
3631 assert(lsa);
3632
3633 /* LS Ack packet overflows interface MTU
3634 * delta is just number of bytes required for
3635 * 1 LS Ack(1 LS Hdr) ospf_packet_max will return
3636 * the number of bytes can be accommodated without
3637 * ospf header. So length+delta can be compared
3638 * against ospf_packet_max to check if it can fit
3639 * another ls header in the same packet.
3640 */
3641 if ((length + delta) > ospf_packet_max(oi))
3642 break;
3643
3644 stream_put(s, lsa->data, OSPF_LSA_HEADER_SIZE);
3645 length += OSPF_LSA_HEADER_SIZE;
3646
3647 listnode_delete(ack, lsa);
3648 ospf_lsa_unlock(&lsa); /* oi->ls_ack_direct.ls_ack */
3649 }
3650
3651 return length;
3652 }
3653
3654 static void ospf_hello_send_sub(struct ospf_interface *oi, in_addr_t addr)
3655 {
3656 struct ospf_packet *op;
3657 uint16_t length = OSPF_HEADER_SIZE;
3658
3659 op = ospf_packet_new(oi->ifp->mtu);
3660
3661 /* Prepare OSPF common header. */
3662 ospf_make_header(OSPF_MSG_HELLO, oi, op->s);
3663
3664 /* Prepare OSPF Hello body. */
3665 length += ospf_make_hello(oi, op->s);
3666 if (length == OSPF_HEADER_SIZE) {
3667 /* Hello overshooting MTU */
3668 ospf_packet_free(op);
3669 return;
3670 }
3671
3672 /* Fill OSPF header. */
3673 ospf_fill_header(oi, op->s, length);
3674
3675 /* Set packet length. */
3676 op->length = length;
3677
3678 op->dst.s_addr = addr;
3679
3680 if (IS_DEBUG_OSPF_EVENT) {
3681 if (oi->ospf->vrf_id)
3682 zlog_debug(
3683 "%s: Hello Tx interface %s ospf vrf %s id %u",
3684 __func__, oi->ifp->name,
3685 ospf_vrf_id_to_name(oi->ospf->vrf_id),
3686 oi->ospf->vrf_id);
3687 }
3688 /* Add packet to the top of the interface output queue, so that they
3689 * can't get delayed by things like long queues of LS Update packets
3690 */
3691 ospf_packet_add_top(oi, op);
3692
3693 /* Hook thread to write packet. */
3694 OSPF_ISM_WRITE_ON(oi->ospf);
3695 }
3696
3697 static void ospf_poll_send(struct ospf_nbr_nbma *nbr_nbma)
3698 {
3699 struct ospf_interface *oi;
3700
3701 oi = nbr_nbma->oi;
3702 assert(oi);
3703
3704 /* If this is passive interface, do not send OSPF Hello. */
3705 if (OSPF_IF_PASSIVE_STATUS(oi) == OSPF_IF_PASSIVE)
3706 return;
3707
3708 if (oi->type != OSPF_IFTYPE_NBMA)
3709 return;
3710
3711 if (nbr_nbma->nbr != NULL && nbr_nbma->nbr->state != NSM_Down)
3712 return;
3713
3714 if (PRIORITY(oi) == 0)
3715 return;
3716
3717 if (nbr_nbma->priority == 0 && oi->state != ISM_DR
3718 && oi->state != ISM_Backup)
3719 return;
3720
3721 ospf_hello_send_sub(oi, nbr_nbma->addr.s_addr);
3722 }
3723
3724 void ospf_poll_timer(struct thread *thread)
3725 {
3726 struct ospf_nbr_nbma *nbr_nbma;
3727
3728 nbr_nbma = THREAD_ARG(thread);
3729 nbr_nbma->t_poll = NULL;
3730
3731 if (IS_DEBUG_OSPF(nsm, NSM_TIMERS))
3732 zlog_debug("NSM[%s:%pI4]: Timer (Poll timer expire)",
3733 IF_NAME(nbr_nbma->oi), &nbr_nbma->addr);
3734
3735 ospf_poll_send(nbr_nbma);
3736
3737 if (nbr_nbma->v_poll > 0)
3738 OSPF_POLL_TIMER_ON(nbr_nbma->t_poll, ospf_poll_timer,
3739 nbr_nbma->v_poll);
3740 }
3741
3742
3743 void ospf_hello_reply_timer(struct thread *thread)
3744 {
3745 struct ospf_neighbor *nbr;
3746
3747 nbr = THREAD_ARG(thread);
3748 nbr->t_hello_reply = NULL;
3749
3750 if (IS_DEBUG_OSPF(nsm, NSM_TIMERS))
3751 zlog_debug("NSM[%s:%pI4]: Timer (hello-reply timer expire)",
3752 IF_NAME(nbr->oi), &nbr->router_id);
3753
3754 ospf_hello_send_sub(nbr->oi, nbr->address.u.prefix4.s_addr);
3755 }
3756
3757 /* Send OSPF Hello. */
3758 void ospf_hello_send(struct ospf_interface *oi)
3759 {
3760 /* If this is passive interface, do not send OSPF Hello. */
3761 if (OSPF_IF_PASSIVE_STATUS(oi) == OSPF_IF_PASSIVE)
3762 return;
3763
3764 if (oi->type == OSPF_IFTYPE_NBMA) {
3765 struct ospf_neighbor *nbr;
3766 struct route_node *rn;
3767
3768 for (rn = route_top(oi->nbrs); rn; rn = route_next(rn)) {
3769 nbr = rn->info;
3770 if (!nbr)
3771 continue;
3772
3773 if (nbr == oi->nbr_self)
3774 continue;
3775
3776 if (nbr->state == NSM_Down)
3777 continue;
3778
3779 /*
3780 * RFC 2328 Section 9.5.1
3781 * If the router is not eligible to become Designated
3782 * Router, it must periodically send Hello Packets to
3783 * both the Designated Router and the Backup
3784 * Designated Router (if they exist).
3785 */
3786 if (PRIORITY(oi) == 0 &&
3787 IPV4_ADDR_CMP(&DR(oi), &nbr->address.u.prefix4) &&
3788 IPV4_ADDR_CMP(&BDR(oi), &nbr->address.u.prefix4))
3789 continue;
3790
3791 /*
3792 * If the router is eligible to become Designated
3793 * Router, it must periodically send Hello Packets to
3794 * all neighbors that are also eligible. In addition,
3795 * if the router is itself the Designated Router or
3796 * Backup Designated Router, it must also send periodic
3797 * Hello Packets to all other neighbors.
3798 */
3799 if (nbr->priority == 0 && oi->state == ISM_DROther)
3800 continue;
3801
3802 /* if oi->state == Waiting, send
3803 * hello to all neighbors */
3804 ospf_hello_send_sub(oi, nbr->address.u.prefix4.s_addr);
3805 }
3806 } else {
3807 /* Decide destination address. */
3808 if (oi->type == OSPF_IFTYPE_VIRTUALLINK)
3809 ospf_hello_send_sub(oi, oi->vl_data->peer_addr.s_addr);
3810 else
3811 ospf_hello_send_sub(oi, htonl(OSPF_ALLSPFROUTERS));
3812 }
3813 }
3814
3815 /* Send OSPF Database Description. */
3816 void ospf_db_desc_send(struct ospf_neighbor *nbr)
3817 {
3818 struct ospf_interface *oi;
3819 struct ospf_packet *op;
3820 uint16_t length = OSPF_HEADER_SIZE;
3821
3822 oi = nbr->oi;
3823 op = ospf_packet_new(oi->ifp->mtu);
3824
3825 /* Prepare OSPF common header. */
3826 ospf_make_header(OSPF_MSG_DB_DESC, oi, op->s);
3827
3828 /* Prepare OSPF Database Description body. */
3829 length += ospf_make_db_desc(oi, nbr, op->s);
3830
3831 /* Fill OSPF header. */
3832 ospf_fill_header(oi, op->s, length);
3833
3834 /* Set packet length. */
3835 op->length = length;
3836
3837 /* Decide destination address. */
3838 if (oi->type == OSPF_IFTYPE_POINTOPOINT)
3839 op->dst.s_addr = htonl(OSPF_ALLSPFROUTERS);
3840 else
3841 op->dst = nbr->address.u.prefix4;
3842
3843 /* Add packet to the interface output queue. */
3844 ospf_packet_add(oi, op);
3845
3846 /* Hook thread to write packet. */
3847 OSPF_ISM_WRITE_ON(oi->ospf);
3848
3849 /* Remove old DD packet, then copy new one and keep in neighbor
3850 * structure. */
3851 if (nbr->last_send)
3852 ospf_packet_free(nbr->last_send);
3853 nbr->last_send = ospf_packet_dup(op);
3854 monotime(&nbr->last_send_ts);
3855 if (CHECK_FLAG(oi->ospf->config, OSPF_LOG_ADJACENCY_DETAIL))
3856 zlog_info(
3857 "%s:Packet[DD]: %pI4 DB Desc send with seqnum:%x , flags:%x",
3858 ospf_get_name(oi->ospf), &nbr->router_id,
3859 nbr->dd_seqnum, nbr->dd_flags);
3860 }
3861
3862 /* Re-send Database Description. */
3863 void ospf_db_desc_resend(struct ospf_neighbor *nbr)
3864 {
3865 struct ospf_interface *oi;
3866
3867 oi = nbr->oi;
3868
3869 /* Add packet to the interface output queue. */
3870 ospf_packet_add(oi, ospf_packet_dup(nbr->last_send));
3871
3872 /* Hook thread to write packet. */
3873 OSPF_ISM_WRITE_ON(oi->ospf);
3874 if (CHECK_FLAG(oi->ospf->config, OSPF_LOG_ADJACENCY_DETAIL))
3875 zlog_info(
3876 "%s:Packet[DD]: %pI4 DB Desc resend with seqnum:%x , flags:%x",
3877 ospf_get_name(oi->ospf), &nbr->router_id,
3878 nbr->dd_seqnum, nbr->dd_flags);
3879 }
3880
3881 /* Send Link State Request. */
3882 void ospf_ls_req_send(struct ospf_neighbor *nbr)
3883 {
3884 struct ospf_interface *oi;
3885 struct ospf_packet *op;
3886 uint16_t length = OSPF_HEADER_SIZE;
3887
3888 oi = nbr->oi;
3889 op = ospf_packet_new(oi->ifp->mtu);
3890
3891 /* Prepare OSPF common header. */
3892 ospf_make_header(OSPF_MSG_LS_REQ, oi, op->s);
3893
3894 /* Prepare OSPF Link State Request body. */
3895 length += ospf_make_ls_req(nbr, op->s);
3896 if (length == OSPF_HEADER_SIZE) {
3897 ospf_packet_free(op);
3898 return;
3899 }
3900
3901 /* Fill OSPF header. */
3902 ospf_fill_header(oi, op->s, length);
3903
3904 /* Set packet length. */
3905 op->length = length;
3906
3907 /* Decide destination address. */
3908 if (oi->type == OSPF_IFTYPE_POINTOPOINT)
3909 op->dst.s_addr = htonl(OSPF_ALLSPFROUTERS);
3910 else
3911 op->dst = nbr->address.u.prefix4;
3912
3913 /* Add packet to the interface output queue. */
3914 ospf_packet_add(oi, op);
3915
3916 /* Hook thread to write packet. */
3917 OSPF_ISM_WRITE_ON(oi->ospf);
3918
3919 /* Add Link State Request Retransmission Timer. */
3920 OSPF_NSM_TIMER_ON(nbr->t_ls_req, ospf_ls_req_timer, nbr->v_ls_req);
3921 }
3922
3923 /* Send Link State Update with an LSA. */
3924 void ospf_ls_upd_send_lsa(struct ospf_neighbor *nbr, struct ospf_lsa *lsa,
3925 int flag)
3926 {
3927 struct list *update;
3928
3929 update = list_new();
3930
3931 listnode_add(update, lsa);
3932
3933 /*ospf instance is going down, send self originated
3934 * MAXAGE LSA update to neighbors to remove from LSDB */
3935 if (nbr->oi->ospf->inst_shutdown && IS_LSA_MAXAGE(lsa))
3936 ospf_ls_upd_send(nbr, update, flag, 1);
3937 else
3938 ospf_ls_upd_send(nbr, update, flag, 0);
3939
3940 list_delete(&update);
3941 }
3942
3943 /* Determine size for packet. Must be at least big enough to accommodate next
3944 * LSA on list, which may be bigger than MTU size.
3945 *
3946 * Return pointer to new ospf_packet
3947 * NULL if we can not allocate, eg because LSA is bigger than imposed limit
3948 * on packet sizes (in which case offending LSA is deleted from update list)
3949 */
3950 static struct ospf_packet *ospf_ls_upd_packet_new(struct list *update,
3951 struct ospf_interface *oi)
3952 {
3953 struct ospf_lsa *lsa;
3954 struct listnode *ln;
3955 size_t size;
3956 static char warned = 0;
3957
3958 lsa = listgetdata((ln = listhead(update)));
3959 assert(lsa->data);
3960
3961 if ((OSPF_LS_UPD_MIN_SIZE + ntohs(lsa->data->length))
3962 > ospf_packet_max(oi)) {
3963 if (!warned) {
3964 flog_warn(
3965 EC_OSPF_LARGE_LSA,
3966 "%s: oversized LSA encountered!will need to fragment. Not optimal. Try divide up your network with areas. Use 'debug ospf packet send' to see details, or look at 'show ip ospf database ..'",
3967 __func__);
3968 warned = 1;
3969 }
3970
3971 if (IS_DEBUG_OSPF_PACKET(0, SEND))
3972 zlog_debug(
3973 "%s: oversized LSA id:%pI4, %d bytes originated by %pI4, will be fragmented!",
3974 __func__, &lsa->data->id,
3975 ntohs(lsa->data->length),
3976 &lsa->data->adv_router);
3977
3978 /*
3979 * Allocate just enough to fit this LSA only, to avoid including
3980 * other
3981 * LSAs in fragmented LSA Updates.
3982 */
3983 size = ntohs(lsa->data->length)
3984 + (oi->ifp->mtu - ospf_packet_max(oi))
3985 + OSPF_LS_UPD_MIN_SIZE;
3986 } else
3987 size = oi->ifp->mtu;
3988
3989 if (size > OSPF_MAX_PACKET_SIZE) {
3990 flog_warn(
3991 EC_OSPF_LARGE_LSA,
3992 "%s: oversized LSA id:%pI4 too big, %d bytes, packet size %ld, dropping it completely. OSPF routing is broken!",
3993 __func__, &lsa->data->id, ntohs(lsa->data->length),
3994 (long int)size);
3995 list_delete_node(update, ln);
3996 return NULL;
3997 }
3998
3999 /* IP header is built up separately by ospf_write(). This means, that we
4000 * must
4001 * reduce the "affordable" size just calculated by length of an IP
4002 * header.
4003 * This makes sure, that even if we manage to fill the payload with LSA
4004 * data
4005 * completely, the final packet (our data plus IP header) still fits
4006 * into
4007 * outgoing interface MTU. This correction isn't really meaningful for
4008 * an
4009 * oversized LSA, but for consistency the correction is done for both
4010 * cases.
4011 *
4012 * P.S. OSPF_MAX_PACKET_SIZE above already includes IP header size
4013 */
4014 return ospf_packet_new(size - sizeof(struct ip));
4015 }
4016
4017 static void ospf_ls_upd_queue_send(struct ospf_interface *oi,
4018 struct list *update, struct in_addr addr,
4019 int send_lsupd_now)
4020 {
4021 struct ospf_packet *op;
4022 uint16_t length = OSPF_HEADER_SIZE;
4023
4024 if (IS_DEBUG_OSPF_EVENT)
4025 zlog_debug("listcount = %d, [%s]dst %pI4", listcount(update),
4026 IF_NAME(oi), &addr);
4027
4028 /* Check that we have really something to process */
4029 if (listcount(update) == 0)
4030 return;
4031
4032 op = ospf_ls_upd_packet_new(update, oi);
4033
4034 /* Prepare OSPF common header. */
4035 ospf_make_header(OSPF_MSG_LS_UPD, oi, op->s);
4036
4037 /* Prepare OSPF Link State Update body.
4038 * Includes Type-7 translation.
4039 */
4040 length += ospf_make_ls_upd(oi, update, op->s);
4041
4042 /* Fill OSPF header. */
4043 ospf_fill_header(oi, op->s, length);
4044
4045 /* Set packet length. */
4046 op->length = length;
4047
4048 /* Decide destination address. */
4049 if (oi->type == OSPF_IFTYPE_POINTOPOINT)
4050 op->dst.s_addr = htonl(OSPF_ALLSPFROUTERS);
4051 else
4052 op->dst.s_addr = addr.s_addr;
4053
4054 /* Add packet to the interface output queue. */
4055 ospf_packet_add(oi, op);
4056 /* Call ospf_write() right away to send ospf packets to neighbors */
4057 if (send_lsupd_now) {
4058 struct thread os_packet_thd;
4059
4060 os_packet_thd.arg = (void *)oi->ospf;
4061 if (oi->on_write_q == 0) {
4062 listnode_add(oi->ospf->oi_write_q, oi);
4063 oi->on_write_q = 1;
4064 }
4065 ospf_write(&os_packet_thd);
4066 /*
4067 * We are fake calling ospf_write with a fake
4068 * thread. Imagine that we have oi_a already
4069 * enqueued and we have turned on the write
4070 * thread(t_write).
4071 * Now this function calls this for oi_b
4072 * so the on_write_q has oi_a and oi_b on
4073 * it, ospf_write runs and clears the packets
4074 * for both oi_a and oi_b. Removing them from
4075 * the on_write_q. After this thread of execution
4076 * finishes we will execute the t_write thread
4077 * with nothing in the on_write_q causing an
4078 * assert. So just make sure that the t_write
4079 * is actually turned off.
4080 */
4081 if (list_isempty(oi->ospf->oi_write_q))
4082 THREAD_OFF(oi->ospf->t_write);
4083 } else {
4084 /* Hook thread to write packet. */
4085 OSPF_ISM_WRITE_ON(oi->ospf);
4086 }
4087 }
4088
4089 static void ospf_ls_upd_send_queue_event(struct thread *thread)
4090 {
4091 struct ospf_interface *oi = THREAD_ARG(thread);
4092 struct route_node *rn;
4093 struct route_node *rnext;
4094 struct list *update;
4095 char again = 0;
4096
4097 oi->t_ls_upd_event = NULL;
4098
4099 if (IS_DEBUG_OSPF_EVENT)
4100 zlog_debug("%s start", __func__);
4101
4102 for (rn = route_top(oi->ls_upd_queue); rn; rn = rnext) {
4103 rnext = route_next(rn);
4104
4105 if (rn->info == NULL)
4106 continue;
4107
4108 update = (struct list *)rn->info;
4109
4110 ospf_ls_upd_queue_send(oi, update, rn->p.u.prefix4, 0);
4111
4112 /* list might not be empty. */
4113 if (listcount(update) == 0) {
4114 list_delete((struct list **)&rn->info);
4115 route_unlock_node(rn);
4116 } else
4117 again = 1;
4118 }
4119
4120 if (again != 0) {
4121 if (IS_DEBUG_OSPF_EVENT)
4122 zlog_debug(
4123 "%s: update lists not cleared, %d nodes to try again, raising new event",
4124 __func__, again);
4125 oi->t_ls_upd_event = NULL;
4126 thread_add_event(master, ospf_ls_upd_send_queue_event, oi, 0,
4127 &oi->t_ls_upd_event);
4128 }
4129
4130 if (IS_DEBUG_OSPF_EVENT)
4131 zlog_debug("%s stop", __func__);
4132 }
4133
4134 void ospf_ls_upd_send(struct ospf_neighbor *nbr, struct list *update, int flag,
4135 int send_lsupd_now)
4136 {
4137 struct ospf_interface *oi;
4138 struct ospf_lsa *lsa;
4139 struct prefix_ipv4 p;
4140 struct route_node *rn;
4141 struct listnode *node;
4142
4143 oi = nbr->oi;
4144
4145 p.family = AF_INET;
4146 p.prefixlen = IPV4_MAX_BITLEN;
4147
4148 /* Decide destination address. */
4149 if (oi->type == OSPF_IFTYPE_VIRTUALLINK)
4150 p.prefix = oi->vl_data->peer_addr;
4151 else if (oi->type == OSPF_IFTYPE_POINTOPOINT)
4152 p.prefix.s_addr = htonl(OSPF_ALLSPFROUTERS);
4153 else if (flag == OSPF_SEND_PACKET_DIRECT)
4154 p.prefix = nbr->address.u.prefix4;
4155 else if (oi->state == ISM_DR || oi->state == ISM_Backup)
4156 p.prefix.s_addr = htonl(OSPF_ALLSPFROUTERS);
4157 else if (oi->type == OSPF_IFTYPE_POINTOMULTIPOINT)
4158 p.prefix.s_addr = htonl(OSPF_ALLSPFROUTERS);
4159 else
4160 p.prefix.s_addr = htonl(OSPF_ALLDROUTERS);
4161
4162 if (oi->type == OSPF_IFTYPE_NBMA) {
4163 if (flag == OSPF_SEND_PACKET_INDIRECT)
4164 flog_warn(
4165 EC_OSPF_PACKET,
4166 "* LS-Update is directly sent on NBMA network.");
4167 if (IPV4_ADDR_SAME(&oi->address->u.prefix4, &p.prefix))
4168 flog_warn(EC_OSPF_PACKET,
4169 "* LS-Update is sent to myself.");
4170 }
4171
4172 rn = route_node_get(oi->ls_upd_queue, (struct prefix *)&p);
4173
4174 if (rn->info == NULL)
4175 rn->info = list_new();
4176 else
4177 route_unlock_node(rn);
4178
4179 for (ALL_LIST_ELEMENTS_RO(update, node, lsa))
4180 listnode_add(rn->info,
4181 ospf_lsa_lock(lsa)); /* oi->ls_upd_queue */
4182 if (send_lsupd_now) {
4183 struct list *send_update_list;
4184 struct route_node *rnext;
4185
4186 for (rn = route_top(oi->ls_upd_queue); rn; rn = rnext) {
4187 rnext = route_next(rn);
4188
4189 if (rn->info == NULL)
4190 continue;
4191
4192 send_update_list = (struct list *)rn->info;
4193
4194 ospf_ls_upd_queue_send(oi, send_update_list,
4195 rn->p.u.prefix4, 1);
4196 }
4197 } else
4198 thread_add_event(master, ospf_ls_upd_send_queue_event, oi, 0,
4199 &oi->t_ls_upd_event);
4200 }
4201
4202 static void ospf_ls_ack_send_list(struct ospf_interface *oi, struct list *ack,
4203 struct in_addr dst)
4204 {
4205 struct ospf_packet *op;
4206 uint16_t length = OSPF_HEADER_SIZE;
4207
4208 op = ospf_packet_new(oi->ifp->mtu);
4209
4210 /* Prepare OSPF common header. */
4211 ospf_make_header(OSPF_MSG_LS_ACK, oi, op->s);
4212
4213 /* Prepare OSPF Link State Acknowledgment body. */
4214 length += ospf_make_ls_ack(oi, ack, op->s);
4215
4216 /* Fill OSPF header. */
4217 ospf_fill_header(oi, op->s, length);
4218
4219 /* Set packet length. */
4220 op->length = length;
4221
4222 /* Decide destination address. */
4223 if (oi->type == OSPF_IFTYPE_POINTOPOINT ||
4224 oi->type == OSPF_IFTYPE_POINTOMULTIPOINT)
4225 op->dst.s_addr = htonl(OSPF_ALLSPFROUTERS);
4226 else
4227 op->dst.s_addr = dst.s_addr;
4228
4229 /* Add packet to the interface output queue. */
4230 ospf_packet_add(oi, op);
4231
4232 /* Hook thread to write packet. */
4233 OSPF_ISM_WRITE_ON(oi->ospf);
4234 }
4235
4236 static void ospf_ls_ack_send_event(struct thread *thread)
4237 {
4238 struct ospf_interface *oi = THREAD_ARG(thread);
4239
4240 oi->t_ls_ack_direct = NULL;
4241
4242 while (listcount(oi->ls_ack_direct.ls_ack))
4243 ospf_ls_ack_send_list(oi, oi->ls_ack_direct.ls_ack,
4244 oi->ls_ack_direct.dst);
4245 }
4246
4247 void ospf_ls_ack_send(struct ospf_neighbor *nbr, struct ospf_lsa *lsa)
4248 {
4249 struct ospf_interface *oi = nbr->oi;
4250
4251 if (IS_GRACE_LSA(lsa)) {
4252 if (IS_DEBUG_OSPF_GR)
4253 zlog_debug("%s, Sending GRACE ACK to Restarter.",
4254 __func__);
4255 }
4256
4257 if (listcount(oi->ls_ack_direct.ls_ack) == 0)
4258 oi->ls_ack_direct.dst = nbr->address.u.prefix4;
4259
4260 listnode_add(oi->ls_ack_direct.ls_ack, ospf_lsa_lock(lsa));
4261
4262 thread_add_event(master, ospf_ls_ack_send_event, oi, 0,
4263 &oi->t_ls_ack_direct);
4264 }
4265
4266 /* Send Link State Acknowledgment delayed. */
4267 void ospf_ls_ack_send_delayed(struct ospf_interface *oi)
4268 {
4269 struct in_addr dst;
4270
4271 /* Decide destination address. */
4272 /* RFC2328 Section 13.5 On non-broadcast
4273 networks, delayed Link State Acknowledgment packets must be
4274 unicast separately over each adjacency (i.e., neighbor whose
4275 state is >= Exchange). */
4276 if (oi->type == OSPF_IFTYPE_NBMA) {
4277 struct ospf_neighbor *nbr;
4278 struct route_node *rn;
4279
4280 for (rn = route_top(oi->nbrs); rn; rn = route_next(rn)) {
4281 nbr = rn->info;
4282
4283 if (!nbr)
4284 continue;
4285
4286 if (nbr != oi->nbr_self && nbr->state >= NSM_Exchange)
4287 while (listcount(oi->ls_ack))
4288 ospf_ls_ack_send_list(
4289 oi, oi->ls_ack,
4290 nbr->address.u.prefix4);
4291 }
4292 return;
4293 }
4294 if (oi->type == OSPF_IFTYPE_VIRTUALLINK)
4295 dst.s_addr = oi->vl_data->peer_addr.s_addr;
4296 else if (oi->state == ISM_DR || oi->state == ISM_Backup)
4297 dst.s_addr = htonl(OSPF_ALLSPFROUTERS);
4298 else if (oi->type == OSPF_IFTYPE_POINTOPOINT)
4299 dst.s_addr = htonl(OSPF_ALLSPFROUTERS);
4300 else if (oi->type == OSPF_IFTYPE_POINTOMULTIPOINT)
4301 dst.s_addr = htonl(OSPF_ALLSPFROUTERS);
4302 else
4303 dst.s_addr = htonl(OSPF_ALLDROUTERS);
4304
4305 while (listcount(oi->ls_ack))
4306 ospf_ls_ack_send_list(oi, oi->ls_ack, dst);
4307 }
4308
4309 /*
4310 * On pt-to-pt links, all OSPF control packets are sent to the multicast
4311 * address. As a result, the kernel does not need to learn the interface
4312 * MAC of the OSPF neighbor. However, in our world, this will delay
4313 * convergence. Take the case when due to a link flap, all routes now
4314 * want to use an interface which was deemed to be costlier prior to this
4315 * event. For routes that will be installed, the missing MAC will have
4316 * punt-to-CPU set on them. This may overload the CPU control path that
4317 * can be avoided if the MAC was known apriori.
4318 */
4319 void ospf_proactively_arp(struct ospf_neighbor *nbr)
4320 {
4321 if (!nbr || !nbr->oi->ospf->proactive_arp)
4322 return;
4323
4324 ospf_zebra_send_arp(nbr->oi->ifp, &nbr->address);
4325 }
FRRouting mirror