]> git.proxmox.com Git - mirror_frr.git/blob - ospfd/ospf_packet.c
projects / mirror_frr.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
ospfd, ospf6d: Add more logging details
[mirror_frr.git] / ospfd / ospf_packet.c
1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3 * OSPF Sending and Receiving OSPF Packets.
4 * Copyright (C) 1999, 2000 Toshiaki Takada
5 */
6
7 #include <zebra.h>
8
9 #include "monotime.h"
10 #include "thread.h"
11 #include "memory.h"
12 #include "linklist.h"
13 #include "prefix.h"
14 #include "if.h"
15 #include "table.h"
16 #include "sockunion.h"
17 #include "stream.h"
18 #include "log.h"
19 #include "sockopt.h"
20 #include "checksum.h"
21 #ifdef CRYPTO_INTERNAL
22 #include "md5.h"
23 #endif
24 #include "vrf.h"
25 #include "lib_errors.h"
26
27 #include "ospfd/ospfd.h"
28 #include "ospfd/ospf_network.h"
29 #include "ospfd/ospf_interface.h"
30 #include "ospfd/ospf_ism.h"
31 #include "ospfd/ospf_abr.h"
32 #include "ospfd/ospf_asbr.h"
33 #include "ospfd/ospf_lsa.h"
34 #include "ospfd/ospf_lsdb.h"
35 #include "ospfd/ospf_neighbor.h"
36 #include "ospfd/ospf_nsm.h"
37 #include "ospfd/ospf_packet.h"
38 #include "ospfd/ospf_spf.h"
39 #include "ospfd/ospf_flood.h"
40 #include "ospfd/ospf_dump.h"
41 #include "ospfd/ospf_errors.h"
42 #include "ospfd/ospf_zebra.h"
43 #include "ospfd/ospf_gr.h"
44
45 /*
46 * OSPF Fragmentation / fragmented writes
47 *
48 * ospfd can support writing fragmented packets, for cases where
49 * kernel will not fragment IP_HDRINCL and/or multicast destined
50 * packets (ie TTBOMK all kernels, BSD, SunOS, Linux). However,
51 * SunOS, probably BSD too, clobber the user supplied IP ID and IP
52 * flags fields, hence user-space fragmentation will not work.
53 * Only Linux is known to leave IP header unmolested.
54 * Further, fragmentation really should be done the kernel, which already
55 * supports it, and which avoids nasty IP ID state problems.
56 *
57 * Fragmentation of OSPF packets can be required on networks with router
58 * with many many interfaces active in one area, or on networks with links
59 * with low MTUs.
60 */
61 #ifdef GNU_LINUX
62 #define WANT_OSPF_WRITE_FRAGMENT
63 #endif
64
65 /* Packet Type String. */
66 const struct message ospf_packet_type_str[] = {
67 {OSPF_MSG_HELLO, "Hello"},
68 {OSPF_MSG_DB_DESC, "Database Description"},
69 {OSPF_MSG_LS_REQ, "Link State Request"},
70 {OSPF_MSG_LS_UPD, "Link State Update"},
71 {OSPF_MSG_LS_ACK, "Link State Acknowledgment"},
72 {0}};
73
74 /* Minimum (besides OSPF_HEADER_SIZE) lengths for OSPF packets of
75 particular types, offset is the "type" field of a packet. */
76 static const uint16_t ospf_packet_minlen[] = {
77 0,
78 OSPF_HELLO_MIN_SIZE,
79 OSPF_DB_DESC_MIN_SIZE,
80 OSPF_LS_REQ_MIN_SIZE,
81 OSPF_LS_UPD_MIN_SIZE,
82 OSPF_LS_ACK_MIN_SIZE,
83 };
84
85 /* Minimum (besides OSPF_LSA_HEADER_SIZE) lengths for LSAs of particular
86 types, offset is the "LSA type" field. */
87 static const uint16_t ospf_lsa_minlen[] = {
88 0, /* OSPF_UNKNOWN_LSA */
89 OSPF_ROUTER_LSA_MIN_SIZE, /* OSPF_ROUTER_LSA */
90 OSPF_NETWORK_LSA_MIN_SIZE, /* OSPF_NETWORK_LSA */
91 OSPF_SUMMARY_LSA_MIN_SIZE, /* OSPF_SUMMARY_LSA */
92 OSPF_SUMMARY_LSA_MIN_SIZE, /* OSPF_ASBR_SUMMARY_LSA */
93 OSPF_AS_EXTERNAL_LSA_MIN_SIZE, /* OSPF_AS_EXTERNAL_LSA */
94 0, /* Unsupported, OSPF_GROUP_MEMBER_LSA */
95 OSPF_AS_EXTERNAL_LSA_MIN_SIZE, /* OSPF_AS_NSSA_LSA */
96 0, /* Unsupported, OSPF_EXTERNAL_ATTRIBURES_LSA */
97 OSPF_OPAQUE_LSA_MIN_SIZE, /* OSPF_OPAQUE_LINK_LSA */
98 OSPF_OPAQUE_LSA_MIN_SIZE, /* OSPF_OPAQUE_AREA_LSA */
99 OSPF_OPAQUE_LSA_MIN_SIZE, /* OSPF_OPAQUE_AS_LSA */
100 };
101
102 /* for ospf_check_auth() */
103 static int ospf_check_sum(struct ospf_header *);
104
105 /* OSPF authentication checking function */
106 static int ospf_auth_type(struct ospf_interface *oi)
107 {
108 int auth_type;
109
110 if (OSPF_IF_PARAM(oi, auth_type) == OSPF_AUTH_NOTSET)
111 auth_type = oi->area->auth_type;
112 else
113 auth_type = OSPF_IF_PARAM(oi, auth_type);
114
115 /* Handle case where MD5 key list is not configured aka Cisco */
116 if (auth_type == OSPF_AUTH_CRYPTOGRAPHIC
117 && list_isempty(OSPF_IF_PARAM(oi, auth_crypt)))
118 return OSPF_AUTH_NULL;
119
120 return auth_type;
121 }
122
123 static struct ospf_packet *ospf_packet_new(size_t size)
124 {
125 struct ospf_packet *new;
126
127 new = XCALLOC(MTYPE_OSPF_PACKET, sizeof(struct ospf_packet));
128 new->s = stream_new(size);
129
130 return new;
131 }
132
133 void ospf_packet_free(struct ospf_packet *op)
134 {
135 if (op->s)
136 stream_free(op->s);
137
138 XFREE(MTYPE_OSPF_PACKET, op);
139 }
140
141 struct ospf_fifo *ospf_fifo_new(void)
142 {
143 struct ospf_fifo *new;
144
145 new = XCALLOC(MTYPE_OSPF_FIFO, sizeof(struct ospf_fifo));
146 return new;
147 }
148
149 /* Add new packet to fifo. */
150 void ospf_fifo_push(struct ospf_fifo *fifo, struct ospf_packet *op)
151 {
152 if (fifo->tail)
153 fifo->tail->next = op;
154 else
155 fifo->head = op;
156
157 fifo->tail = op;
158
159 fifo->count++;
160 }
161
162 /* Add new packet to head of fifo. */
163 static void ospf_fifo_push_head(struct ospf_fifo *fifo, struct ospf_packet *op)
164 {
165 op->next = fifo->head;
166
167 if (fifo->tail == NULL)
168 fifo->tail = op;
169
170 fifo->head = op;
171
172 fifo->count++;
173 }
174
175 /* Delete first packet from fifo. */
176 struct ospf_packet *ospf_fifo_pop(struct ospf_fifo *fifo)
177 {
178 struct ospf_packet *op;
179
180 op = fifo->head;
181
182 if (op) {
183 fifo->head = op->next;
184
185 if (fifo->head == NULL)
186 fifo->tail = NULL;
187
188 fifo->count--;
189 }
190
191 return op;
192 }
193
194 /* Return first fifo entry. */
195 struct ospf_packet *ospf_fifo_head(struct ospf_fifo *fifo)
196 {
197 return fifo->head;
198 }
199
200 /* Flush ospf packet fifo. */
201 void ospf_fifo_flush(struct ospf_fifo *fifo)
202 {
203 struct ospf_packet *op;
204 struct ospf_packet *next;
205
206 for (op = fifo->head; op; op = next) {
207 next = op->next;
208 ospf_packet_free(op);
209 }
210 fifo->head = fifo->tail = NULL;
211 fifo->count = 0;
212 }
213
214 /* Free ospf packet fifo. */
215 void ospf_fifo_free(struct ospf_fifo *fifo)
216 {
217 ospf_fifo_flush(fifo);
218
219 XFREE(MTYPE_OSPF_FIFO, fifo);
220 }
221
222 static void ospf_packet_add(struct ospf_interface *oi, struct ospf_packet *op)
223 {
224 /* Add packet to end of queue. */
225 ospf_fifo_push(oi->obuf, op);
226
227 /* Debug of packet fifo*/
228 /* ospf_fifo_debug (oi->obuf); */
229 }
230
231 static void ospf_packet_add_top(struct ospf_interface *oi,
232 struct ospf_packet *op)
233 {
234 /* Add packet to head of queue. */
235 ospf_fifo_push_head(oi->obuf, op);
236
237 /* Debug of packet fifo*/
238 /* ospf_fifo_debug (oi->obuf); */
239 }
240
241 static void ospf_packet_delete(struct ospf_interface *oi)
242 {
243 struct ospf_packet *op;
244
245 op = ospf_fifo_pop(oi->obuf);
246
247 if (op)
248 ospf_packet_free(op);
249 }
250
251 static struct ospf_packet *ospf_packet_dup(struct ospf_packet *op)
252 {
253 struct ospf_packet *new;
254
255 if (stream_get_endp(op->s) != op->length)
256 /* XXX size_t */
257 zlog_debug(
258 "ospf_packet_dup stream %lu ospf_packet %u size mismatch",
259 (unsigned long)STREAM_SIZE(op->s), op->length);
260
261 /* Reserve space for MD5 authentication that may be added later. */
262 new = ospf_packet_new(stream_get_endp(op->s) + OSPF_AUTH_MD5_SIZE);
263 stream_copy(new->s, op->s);
264
265 new->dst = op->dst;
266 new->length = op->length;
267
268 return new;
269 }
270
271 /* XXX inline */
272 static unsigned int ospf_packet_authspace(struct ospf_interface *oi)
273 {
274 int auth = 0;
275
276 if (ospf_auth_type(oi) == OSPF_AUTH_CRYPTOGRAPHIC)
277 auth = OSPF_AUTH_MD5_SIZE;
278
279 return auth;
280 }
281
282 static unsigned int ospf_packet_max(struct ospf_interface *oi)
283 {
284 int max;
285
286 max = oi->ifp->mtu - ospf_packet_authspace(oi);
287
288 max -= (OSPF_HEADER_SIZE + sizeof(struct ip));
289
290 return max;
291 }
292
293
294 static int ospf_check_md5_digest(struct ospf_interface *oi,
295 struct ospf_header *ospfh)
296 {
297 #ifdef CRYPTO_OPENSSL
298 EVP_MD_CTX *ctx;
299 #elif CRYPTO_INTERNAL
300 MD5_CTX ctx;
301 #endif
302 unsigned char digest[OSPF_AUTH_MD5_SIZE];
303 struct crypt_key *ck;
304 struct ospf_neighbor *nbr;
305 uint16_t length = ntohs(ospfh->length);
306
307 /* Get secret key. */
308 ck = ospf_crypt_key_lookup(OSPF_IF_PARAM(oi, auth_crypt),
309 ospfh->u.crypt.key_id);
310 if (ck == NULL) {
311 flog_warn(
312 EC_OSPF_MD5,
313 "interface %s: ospf_check_md5 no key %d, Router-ID: %pI4",
314 IF_NAME(oi), ospfh->u.crypt.key_id, &ospfh->router_id);
315 return 0;
316 }
317
318 /* check crypto seqnum. */
319 nbr = ospf_nbr_lookup_by_routerid(oi->nbrs, &ospfh->router_id);
320
321 if (nbr
322 && ntohl(nbr->crypt_seqnum) > ntohl(ospfh->u.crypt.crypt_seqnum)) {
323 flog_warn(
324 EC_OSPF_MD5,
325 "interface %s: ospf_check_md5 bad sequence %d (expect %d), Router-ID: %pI4",
326 IF_NAME(oi), ntohl(ospfh->u.crypt.crypt_seqnum),
327 ntohl(nbr->crypt_seqnum), &ospfh->router_id);
328 return 0;
329 }
330
331 /* Generate a digest for the ospf packet - their digest + our digest. */
332 #ifdef CRYPTO_OPENSSL
333 unsigned int md5_size = OSPF_AUTH_MD5_SIZE;
334 ctx = EVP_MD_CTX_new();
335 EVP_DigestInit(ctx, EVP_md5());
336 EVP_DigestUpdate(ctx, ospfh, length);
337 EVP_DigestUpdate(ctx, ck->auth_key, OSPF_AUTH_MD5_SIZE);
338 EVP_DigestFinal(ctx, digest, &md5_size);
339 EVP_MD_CTX_free(ctx);
340 #elif CRYPTO_INTERNAL
341 memset(&ctx, 0, sizeof(ctx));
342 MD5Init(&ctx);
343 MD5Update(&ctx, ospfh, length);
344 MD5Update(&ctx, ck->auth_key, OSPF_AUTH_MD5_SIZE);
345 MD5Final(digest, &ctx);
346 #endif
347
348 /* compare the two */
349 if (memcmp((caddr_t)ospfh + length, digest, OSPF_AUTH_MD5_SIZE)) {
350 flog_warn(
351 EC_OSPF_MD5,
352 "interface %s: ospf_check_md5 checksum mismatch, Router-ID: %pI4",
353 IF_NAME(oi), &ospfh->router_id);
354 return 0;
355 }
356
357 /* save neighbor's crypt_seqnum */
358 if (nbr)
359 nbr->crypt_seqnum = ospfh->u.crypt.crypt_seqnum;
360 return 1;
361 }
362
363 /* This function is called from ospf_write(), it will detect the
364 authentication scheme and if it is MD5, it will change the sequence
365 and update the MD5 digest. */
366 static int ospf_make_md5_digest(struct ospf_interface *oi,
367 struct ospf_packet *op)
368 {
369 struct ospf_header *ospfh;
370 unsigned char digest[OSPF_AUTH_MD5_SIZE] = {0};
371 #ifdef CRYPTO_OPENSSL
372 EVP_MD_CTX *ctx;
373 #elif CRYPTO_INTERNAL
374 MD5_CTX ctx;
375 #endif
376 void *ibuf;
377 uint32_t t;
378 struct crypt_key *ck;
379 const uint8_t *auth_key;
380
381 ibuf = STREAM_DATA(op->s);
382 ospfh = (struct ospf_header *)ibuf;
383
384 if (ntohs(ospfh->auth_type) != OSPF_AUTH_CRYPTOGRAPHIC)
385 return 0;
386
387 /* We do this here so when we dup a packet, we don't have to
388 waste CPU rewriting other headers.
389
390 Note that frr_time /deliberately/ is not used here */
391 t = (time(NULL) & 0xFFFFFFFF);
392 if (t > oi->crypt_seqnum)
393 oi->crypt_seqnum = t;
394 else
395 oi->crypt_seqnum++;
396
397 ospfh->u.crypt.crypt_seqnum = htonl(oi->crypt_seqnum);
398
399 /* Get MD5 Authentication key from auth_key list. */
400 if (list_isempty(OSPF_IF_PARAM(oi, auth_crypt)))
401 auth_key = (const uint8_t *)digest;
402 else {
403 ck = listgetdata(listtail(OSPF_IF_PARAM(oi, auth_crypt)));
404 auth_key = ck->auth_key;
405 }
406
407 /* Generate a digest for the entire packet + our secret key. */
408 #ifdef CRYPTO_OPENSSL
409 unsigned int md5_size = OSPF_AUTH_MD5_SIZE;
410 ctx = EVP_MD_CTX_new();
411 EVP_DigestInit(ctx, EVP_md5());
412 EVP_DigestUpdate(ctx, ibuf, ntohs(ospfh->length));
413 EVP_DigestUpdate(ctx, auth_key, OSPF_AUTH_MD5_SIZE);
414 EVP_DigestFinal(ctx, digest, &md5_size);
415 EVP_MD_CTX_free(ctx);
416 #elif CRYPTO_INTERNAL
417 memset(&ctx, 0, sizeof(ctx));
418 MD5Init(&ctx);
419 MD5Update(&ctx, ibuf, ntohs(ospfh->length));
420 MD5Update(&ctx, auth_key, OSPF_AUTH_MD5_SIZE);
421 MD5Final(digest, &ctx);
422 #endif
423
424 /* Append md5 digest to the end of the stream. */
425 stream_put(op->s, digest, OSPF_AUTH_MD5_SIZE);
426
427 /* We do *NOT* increment the OSPF header length. */
428 op->length = ntohs(ospfh->length) + OSPF_AUTH_MD5_SIZE;
429
430 if (stream_get_endp(op->s) != op->length)
431 /* XXX size_t */
432 flog_warn(
433 EC_OSPF_MD5,
434 "%s: length mismatch stream %lu ospf_packet %u, Router-ID %pI4",
435 __func__, (unsigned long)stream_get_endp(op->s),
436 op->length, &ospfh->router_id);
437
438 return OSPF_AUTH_MD5_SIZE;
439 }
440
441
442 static void ospf_ls_req_timer(struct thread *thread)
443 {
444 struct ospf_neighbor *nbr;
445
446 nbr = THREAD_ARG(thread);
447 nbr->t_ls_req = NULL;
448
449 /* Send Link State Request. */
450 if (ospf_ls_request_count(nbr))
451 ospf_ls_req_send(nbr);
452
453 /* Set Link State Request retransmission timer. */
454 OSPF_NSM_TIMER_ON(nbr->t_ls_req, ospf_ls_req_timer, nbr->v_ls_req);
455 }
456
457 void ospf_ls_req_event(struct ospf_neighbor *nbr)
458 {
459 THREAD_OFF(nbr->t_ls_req);
460 thread_add_event(master, ospf_ls_req_timer, nbr, 0, &nbr->t_ls_req);
461 }
462
463 /* Cyclic timer function. Fist registered in ospf_nbr_new () in
464 ospf_neighbor.c */
465 void ospf_ls_upd_timer(struct thread *thread)
466 {
467 struct ospf_neighbor *nbr;
468
469 nbr = THREAD_ARG(thread);
470 nbr->t_ls_upd = NULL;
471
472 /* Send Link State Update. */
473 if (ospf_ls_retransmit_count(nbr) > 0) {
474 struct list *update;
475 struct ospf_lsdb *lsdb;
476 int i;
477 int retransmit_interval;
478
479 retransmit_interval =
480 OSPF_IF_PARAM(nbr->oi, retransmit_interval);
481
482 lsdb = &nbr->ls_rxmt;
483 update = list_new();
484
485 for (i = OSPF_MIN_LSA; i < OSPF_MAX_LSA; i++) {
486 struct route_table *table = lsdb->type[i].db;
487 struct route_node *rn;
488
489 for (rn = route_top(table); rn; rn = route_next(rn)) {
490 struct ospf_lsa *lsa;
491
492 if ((lsa = rn->info) != NULL) {
493 /* Don't retransmit an LSA if we
494 received it within
495 the last RxmtInterval seconds - this
496 is to allow the
497 neighbour a chance to acknowledge the
498 LSA as it may
499 have ben just received before the
500 retransmit timer
501 fired. This is a small tweak to what
502 is in the RFC,
503 but it will cut out out a lot of
504 retransmit traffic
505 - MAG */
506 if (monotime_since(&lsa->tv_recv, NULL)
507 >= retransmit_interval * 1000000LL)
508 listnode_add(update, rn->info);
509 }
510 }
511 }
512
513 if (listcount(update) > 0)
514 ospf_ls_upd_send(nbr, update, OSPF_SEND_PACKET_DIRECT,
515 0);
516 list_delete(&update);
517 }
518
519 /* Set LS Update retransmission timer. */
520 OSPF_NSM_TIMER_ON(nbr->t_ls_upd, ospf_ls_upd_timer, nbr->v_ls_upd);
521 }
522
523 void ospf_ls_ack_timer(struct thread *thread)
524 {
525 struct ospf_interface *oi;
526
527 oi = THREAD_ARG(thread);
528 oi->t_ls_ack = NULL;
529
530 /* Send Link State Acknowledgment. */
531 if (listcount(oi->ls_ack) > 0)
532 ospf_ls_ack_send_delayed(oi);
533
534 /* Set LS Ack timer. */
535 OSPF_ISM_TIMER_ON(oi->t_ls_ack, ospf_ls_ack_timer, oi->v_ls_ack);
536 }
537
538 #ifdef WANT_OSPF_WRITE_FRAGMENT
539 static void ospf_write_frags(int fd, struct ospf_packet *op, struct ip *iph,
540 struct msghdr *msg, unsigned int maxdatasize,
541 unsigned int mtu, int flags, uint8_t type)
542 {
543 #define OSPF_WRITE_FRAG_SHIFT 3
544 uint16_t offset;
545 struct iovec *iovp;
546 int ret;
547
548 assert(op->length == stream_get_endp(op->s));
549 assert(msg->msg_iovlen == 2);
550
551 /* we can but try.
552 *
553 * SunOS, BSD and BSD derived kernels likely will clear ip_id, as
554 * well as the IP_MF flag, making this all quite pointless.
555 *
556 * However, for a system on which IP_MF is left alone, and ip_id left
557 * alone or else which sets same ip_id for each fragment this might
558 * work, eg linux.
559 *
560 * XXX-TODO: It would be much nicer to have the kernel's use their
561 * existing fragmentation support to do this for us. Bugs/RFEs need to
562 * be raised against the various kernels.
563 */
564
565 /* set More Frag */
566 iph->ip_off |= IP_MF;
567
568 /* ip frag offset is expressed in units of 8byte words */
569 offset = maxdatasize >> OSPF_WRITE_FRAG_SHIFT;
570
571 iovp = &msg->msg_iov[1];
572
573 while ((stream_get_endp(op->s) - stream_get_getp(op->s))
574 > maxdatasize) {
575 /* data length of this frag is to next offset value */
576 iovp->iov_len = offset << OSPF_WRITE_FRAG_SHIFT;
577 iph->ip_len = iovp->iov_len + sizeof(struct ip);
578 assert(iph->ip_len <= mtu);
579
580 sockopt_iphdrincl_swab_htosys(iph);
581
582 ret = sendmsg(fd, msg, flags);
583
584 sockopt_iphdrincl_swab_systoh(iph);
585
586 if (ret < 0)
587 flog_err(
588 EC_LIB_SOCKET,
589 "*** %s: sendmsg failed to %pI4, id %d, off %d, len %d, mtu %u failed with %s",
590 __func__, &iph->ip_dst, iph->ip_id, iph->ip_off,
591 iph->ip_len, mtu, safe_strerror(errno));
592
593 if (IS_DEBUG_OSPF_PACKET(type - 1, SEND)) {
594 zlog_debug("%s: sent id %d, off %d, len %d to %pI4",
595 __func__, iph->ip_id, iph->ip_off,
596 iph->ip_len, &iph->ip_dst);
597 }
598
599 iph->ip_off += offset;
600 stream_forward_getp(op->s, iovp->iov_len);
601 iovp->iov_base = stream_pnt(op->s);
602 }
603
604 /* setup for final fragment */
605 iovp->iov_len = stream_get_endp(op->s) - stream_get_getp(op->s);
606 iph->ip_len = iovp->iov_len + sizeof(struct ip);
607 iph->ip_off &= (~IP_MF);
608 }
609 #endif /* WANT_OSPF_WRITE_FRAGMENT */
610
611 static void ospf_write(struct thread *thread)
612 {
613 struct ospf *ospf = THREAD_ARG(thread);
614 struct ospf_interface *oi;
615 struct ospf_packet *op;
616 struct sockaddr_in sa_dst;
617 struct ip iph;
618 struct msghdr msg;
619 struct iovec iov[2];
620 uint8_t type;
621 int ret;
622 int flags = 0;
623 struct listnode *node;
624 #ifdef WANT_OSPF_WRITE_FRAGMENT
625 static uint16_t ipid = 0;
626 uint16_t maxdatasize;
627 #endif /* WANT_OSPF_WRITE_FRAGMENT */
628 #define OSPF_WRITE_IPHL_SHIFT 2
629 int pkt_count = 0;
630
631 #ifdef GNU_LINUX
632 unsigned char cmsgbuf[64] = {};
633 struct cmsghdr *cm = (struct cmsghdr *)cmsgbuf;
634 struct in_pktinfo *pi;
635 #endif
636
637 if (ospf->fd < 0 || ospf->oi_running == 0) {
638 if (IS_DEBUG_OSPF_EVENT)
639 zlog_debug("%s failed to send, fd %d, instance %u",
640 __func__, ospf->fd, ospf->oi_running);
641 return;
642 }
643
644 node = listhead(ospf->oi_write_q);
645 assert(node);
646 oi = listgetdata(node);
647
648 #ifdef WANT_OSPF_WRITE_FRAGMENT
649 /* seed ipid static with low order bits of time */
650 if (ipid == 0)
651 ipid = (time(NULL) & 0xffff);
652 #endif /* WANT_OSPF_WRITE_FRAGMENT */
653
654 while ((pkt_count < ospf->write_oi_count) && oi) {
655 pkt_count++;
656 #ifdef WANT_OSPF_WRITE_FRAGMENT
657 /* convenience - max OSPF data per packet */
658 maxdatasize = oi->ifp->mtu - sizeof(struct ip);
659 #endif /* WANT_OSPF_WRITE_FRAGMENT */
660 /* Get one packet from queue. */
661 op = ospf_fifo_head(oi->obuf);
662 assert(op);
663 assert(op->length >= OSPF_HEADER_SIZE);
664
665 if (op->dst.s_addr == htonl(OSPF_ALLSPFROUTERS)
666 || op->dst.s_addr == htonl(OSPF_ALLDROUTERS))
667 ospf_if_ipmulticast(ospf, oi->address,
668 oi->ifp->ifindex);
669
670 /* Rewrite the md5 signature & update the seq */
671 ospf_make_md5_digest(oi, op);
672
673 /* Retrieve OSPF packet type. */
674 stream_set_getp(op->s, 1);
675 type = stream_getc(op->s);
676
677 /* reset get pointer */
678 stream_set_getp(op->s, 0);
679
680 memset(&iph, 0, sizeof(iph));
681 memset(&sa_dst, 0, sizeof(sa_dst));
682
683 sa_dst.sin_family = AF_INET;
684 #ifdef HAVE_STRUCT_SOCKADDR_IN_SIN_LEN
685 sa_dst.sin_len = sizeof(sa_dst);
686 #endif /* HAVE_STRUCT_SOCKADDR_IN_SIN_LEN */
687 sa_dst.sin_addr = op->dst;
688 sa_dst.sin_port = htons(0);
689
690 /* Set DONTROUTE flag if dst is unicast. */
691 if (oi->type != OSPF_IFTYPE_VIRTUALLINK)
692 if (!IN_MULTICAST(htonl(op->dst.s_addr)))
693 flags = MSG_DONTROUTE;
694
695 iph.ip_hl = sizeof(struct ip) >> OSPF_WRITE_IPHL_SHIFT;
696 /* it'd be very strange for header to not be 4byte-word aligned
697 * but.. */
698 if (sizeof(struct ip)
699 > (unsigned int)(iph.ip_hl << OSPF_WRITE_IPHL_SHIFT))
700 iph.ip_hl++; /* we presume sizeof(struct ip) cant
701 overflow ip_hl.. */
702
703 iph.ip_v = IPVERSION;
704 iph.ip_tos = IPTOS_PREC_INTERNETCONTROL;
705 iph.ip_len = (iph.ip_hl << OSPF_WRITE_IPHL_SHIFT) + op->length;
706
707 #if defined(__DragonFly__)
708 /*
709 * DragonFly's raw socket expects ip_len/ip_off in network byte
710 * order.
711 */
712 iph.ip_len = htons(iph.ip_len);
713 #endif
714
715 #ifdef WANT_OSPF_WRITE_FRAGMENT
716 /* XXX-MT: not thread-safe at all..
717 * XXX: this presumes this is only programme sending OSPF
718 * packets
719 * otherwise, no guarantee ipid will be unique
720 */
721 iph.ip_id = ++ipid;
722 #endif /* WANT_OSPF_WRITE_FRAGMENT */
723
724 iph.ip_off = 0;
725 if (oi->type == OSPF_IFTYPE_VIRTUALLINK)
726 iph.ip_ttl = OSPF_VL_IP_TTL;
727 else
728 iph.ip_ttl = OSPF_IP_TTL;
729 iph.ip_p = IPPROTO_OSPFIGP;
730 iph.ip_sum = 0;
731 iph.ip_src.s_addr = oi->address->u.prefix4.s_addr;
732 iph.ip_dst.s_addr = op->dst.s_addr;
733
734 memset(&msg, 0, sizeof(msg));
735 msg.msg_name = (caddr_t)&sa_dst;
736 msg.msg_namelen = sizeof(sa_dst);
737 msg.msg_iov = iov;
738 msg.msg_iovlen = 2;
739
740 iov[0].iov_base = (char *)&iph;
741 iov[0].iov_len = iph.ip_hl << OSPF_WRITE_IPHL_SHIFT;
742 iov[1].iov_base = stream_pnt(op->s);
743 iov[1].iov_len = op->length;
744
745 #ifdef GNU_LINUX
746 msg.msg_control = (caddr_t)cm;
747 cm->cmsg_level = SOL_IP;
748 cm->cmsg_type = IP_PKTINFO;
749 cm->cmsg_len = CMSG_LEN(sizeof(struct in_pktinfo));
750 pi = (struct in_pktinfo *)CMSG_DATA(cm);
751 pi->ipi_ifindex = oi->ifp->ifindex;
752
753 msg.msg_controllen = cm->cmsg_len;
754 #endif
755
756 /* Sadly we can not rely on kernels to fragment packets
757 * because of either IP_HDRINCL and/or multicast
758 * destination being set.
759 */
760
761 #ifdef WANT_OSPF_WRITE_FRAGMENT
762 if (op->length > maxdatasize)
763 ospf_write_frags(ospf->fd, op, &iph, &msg, maxdatasize,
764 oi->ifp->mtu, flags, type);
765 #endif /* WANT_OSPF_WRITE_FRAGMENT */
766
767 /* send final fragment (could be first) */
768 sockopt_iphdrincl_swab_htosys(&iph);
769 ret = sendmsg(ospf->fd, &msg, flags);
770 sockopt_iphdrincl_swab_systoh(&iph);
771 if (IS_DEBUG_OSPF_EVENT)
772 zlog_debug(
773 "%s to %pI4, id %d, off %d, len %d, interface %s, mtu %u:",
774 __func__, &iph.ip_dst, iph.ip_id, iph.ip_off,
775 iph.ip_len, oi->ifp->name, oi->ifp->mtu);
776
777 /* sendmsg will return EPERM if firewall is blocking sending.
778 * This is a normal situation when 'ip nhrp map multicast xxx'
779 * is being used to send multicast packets to DMVPN peers. In
780 * that case the original message is blocked with iptables rule
781 * causing the EPERM result
782 */
783 if (ret < 0 && errno != EPERM)
784 flog_err(
785 EC_LIB_SOCKET,
786 "*** sendmsg in %s failed to %pI4, id %d, off %d, len %d, interface %s, mtu %u: %s",
787 __func__, &iph.ip_dst, iph.ip_id, iph.ip_off,
788 iph.ip_len, oi->ifp->name, oi->ifp->mtu,
789 safe_strerror(errno));
790
791 /* Show debug sending packet. */
792 if (IS_DEBUG_OSPF_PACKET(type - 1, SEND)) {
793 if (IS_DEBUG_OSPF_PACKET(type - 1, DETAIL)) {
794 zlog_debug(
795 "-----------------------------------------------------");
796 stream_set_getp(op->s, 0);
797 ospf_packet_dump(op->s);
798 }
799
800 zlog_debug("%s sent to [%pI4] via [%s].",
801 lookup_msg(ospf_packet_type_str, type, NULL),
802 &op->dst, IF_NAME(oi));
803
804 if (IS_DEBUG_OSPF_PACKET(type - 1, DETAIL))
805 zlog_debug(
806 "-----------------------------------------------------");
807 }
808
809 switch (type) {
810 case OSPF_MSG_HELLO:
811 oi->hello_out++;
812 break;
813 case OSPF_MSG_DB_DESC:
814 oi->db_desc_out++;
815 break;
816 case OSPF_MSG_LS_REQ:
817 oi->ls_req_out++;
818 break;
819 case OSPF_MSG_LS_UPD:
820 oi->ls_upd_out++;
821 break;
822 case OSPF_MSG_LS_ACK:
823 oi->ls_ack_out++;
824 break;
825 default:
826 break;
827 }
828
829 /* Now delete packet from queue. */
830 ospf_packet_delete(oi);
831
832 /* Move this interface to the tail of write_q to
833 serve everyone in a round robin fashion */
834 list_delete_node(ospf->oi_write_q, node);
835 if (ospf_fifo_head(oi->obuf) == NULL) {
836 oi->on_write_q = 0;
837 oi = NULL;
838 } else
839 listnode_add(ospf->oi_write_q, oi);
840
841 /* Setup to service from the head of the queue again */
842 if (!list_isempty(ospf->oi_write_q)) {
843 node = listhead(ospf->oi_write_q);
844 oi = listgetdata(node);
845 }
846 }
847
848 /* If packets still remain in queue, call write thread. */
849 if (!list_isempty(ospf->oi_write_q))
850 thread_add_write(master, ospf_write, ospf, ospf->fd,
851 &ospf->t_write);
852 }
853
854 /* OSPF Hello message read -- RFC2328 Section 10.5. */
855 static void ospf_hello(struct ip *iph, struct ospf_header *ospfh,
856 struct stream *s, struct ospf_interface *oi, int size)
857 {
858 struct ospf_hello *hello;
859 struct ospf_neighbor *nbr;
860 int old_state;
861 struct prefix p;
862
863 /* increment statistics. */
864 oi->hello_in++;
865
866 hello = (struct ospf_hello *)stream_pnt(s);
867
868 /* If Hello is myself, silently discard. */
869 if (IPV4_ADDR_SAME(&ospfh->router_id, &oi->ospf->router_id)) {
870 if (IS_DEBUG_OSPF_PACKET(ospfh->type - 1, RECV)) {
871 zlog_debug(
872 "ospf_header[%s/%pI4]: selforiginated, dropping.",
873 lookup_msg(ospf_packet_type_str, ospfh->type,
874 NULL),
875 &iph->ip_src);
876 }
877 return;
878 }
879
880 /* get neighbor prefix. */
881 p.family = AF_INET;
882 p.prefixlen = ip_masklen(hello->network_mask);
883 p.u.prefix4 = iph->ip_src;
884
885 /* Compare network mask. */
886 /* Checking is ignored for Point-to-Point and Virtual link. */
887 /* Checking is also ignored for Point-to-Multipoint with /32 prefix */
888 if (oi->type != OSPF_IFTYPE_POINTOPOINT
889 && oi->type != OSPF_IFTYPE_VIRTUALLINK
890 && !(oi->type == OSPF_IFTYPE_POINTOMULTIPOINT
891 && oi->address->prefixlen == IPV4_MAX_BITLEN))
892 if (oi->address->prefixlen != p.prefixlen) {
893 flog_warn(
894 EC_OSPF_PACKET,
895 "Packet %pI4 [Hello:RECV]: NetworkMask mismatch on %s (configured prefix length is %d, but hello packet indicates %d).",
896 &ospfh->router_id, IF_NAME(oi),
897 (int)oi->address->prefixlen, (int)p.prefixlen);
898 return;
899 }
900
901 /* Compare Router Dead Interval. */
902 if (OSPF_IF_PARAM(oi, v_wait) != ntohl(hello->dead_interval)) {
903 flog_warn(
904 EC_OSPF_PACKET,
905 "Packet %pI4 [Hello:RECV]: RouterDeadInterval mismatch on %s (expected %u, but received %u).",
906 &ospfh->router_id, IF_NAME(oi),
907 OSPF_IF_PARAM(oi, v_wait), ntohl(hello->dead_interval));
908 return;
909 }
910
911 /* Compare Hello Interval - ignored if fast-hellos are set. */
912 if (OSPF_IF_PARAM(oi, fast_hello) == 0) {
913 if (OSPF_IF_PARAM(oi, v_hello)
914 != ntohs(hello->hello_interval)) {
915 flog_warn(
916 EC_OSPF_PACKET,
917 "Packet %pI4 [Hello:RECV]: HelloInterval mismatch on %s (expected %u, but received %u).",
918 &ospfh->router_id, IF_NAME(oi),
919 OSPF_IF_PARAM(oi, v_hello),
920 ntohs(hello->hello_interval));
921 return;
922 }
923 }
924
925 if (IS_DEBUG_OSPF_EVENT)
926 zlog_debug("Packet %pI4 [Hello:RECV]: Options on %s %s vrf %s",
927 &ospfh->router_id, IF_NAME(oi),
928 ospf_options_dump(hello->options),
929 ospf_vrf_id_to_name(oi->ospf->vrf_id));
930
931 /* Compare options. */
932 #define REJECT_IF_TBIT_ON 1 /* XXX */
933 #ifdef REJECT_IF_TBIT_ON
934 if (CHECK_FLAG(hello->options, OSPF_OPTION_MT)) {
935 /*
936 * This router does not support non-zero TOS.
937 * Drop this Hello packet not to establish neighbor
938 * relationship.
939 */
940 flog_warn(EC_OSPF_PACKET,
941 "Packet %pI4 [Hello:RECV]: T-bit ON on %s, drop it.",
942 &ospfh->router_id, IF_NAME(oi));
943 return;
944 }
945 #endif /* REJECT_IF_TBIT_ON */
946
947 if (CHECK_FLAG(oi->ospf->config, OSPF_OPAQUE_CAPABLE)
948 && CHECK_FLAG(hello->options, OSPF_OPTION_O)) {
949 /*
950 * This router does know the correct usage of O-bit
951 * the bit should be set in DD packet only.
952 */
953 flog_warn(EC_OSPF_PACKET,
954 "Packet %pI4 [Hello:RECV]: O-bit abuse? on %s",
955 &ospfh->router_id, IF_NAME(oi));
956 #ifdef STRICT_OBIT_USAGE_CHECK
957 return; /* Reject this packet. */
958 #else /* STRICT_OBIT_USAGE_CHECK */
959 UNSET_FLAG(hello->options, OSPF_OPTION_O); /* Ignore O-bit. */
960 #endif /* STRICT_OBIT_USAGE_CHECK */
961 }
962
963 /* new for NSSA is to ensure that NP is on and E is off */
964
965 if (oi->area->external_routing == OSPF_AREA_NSSA) {
966 if (!(CHECK_FLAG(OPTIONS(oi), OSPF_OPTION_NP)
967 && CHECK_FLAG(hello->options, OSPF_OPTION_NP)
968 && !CHECK_FLAG(OPTIONS(oi), OSPF_OPTION_E)
969 && !CHECK_FLAG(hello->options, OSPF_OPTION_E))) {
970 flog_warn(
971 EC_OSPF_PACKET,
972 "NSSA-Packet-%pI4[Hello:RECV]: my options: %x, his options %x",
973 &ospfh->router_id, OPTIONS(oi),
974 hello->options);
975 return;
976 }
977 if (IS_DEBUG_OSPF_NSSA)
978 zlog_debug("NSSA-Hello:RECV:Packet from %pI4:",
979 &ospfh->router_id);
980 } else
981 /* The setting of the E-bit found in the Hello Packet's Options
982 field must match this area's ExternalRoutingCapability A
983 mismatch causes processing to stop and the packet to be
984 dropped. The setting of the rest of the bits in the Hello
985 Packet's Options field should be ignored. */
986 if (CHECK_FLAG(OPTIONS(oi), OSPF_OPTION_E)
987 != CHECK_FLAG(hello->options, OSPF_OPTION_E)) {
988 flog_warn(
989 EC_OSPF_PACKET,
990 "Packet %pI4 [Hello:RECV]: my options: %x, his options %x",
991 &ospfh->router_id, OPTIONS(oi),
992 hello->options);
993 return;
994 }
995
996 /* get neighbour struct */
997 nbr = ospf_nbr_get(oi, ospfh, iph, &p);
998
999 /* neighbour must be valid, ospf_nbr_get creates if none existed */
1000 assert(nbr);
1001
1002 old_state = nbr->state;
1003
1004 /* Add event to thread. */
1005 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_HelloReceived);
1006
1007 /* RFC2328 Section 9.5.1
1008 If the router is not eligible to become Designated Router,
1009 (snip) It must also send an Hello Packet in reply to an
1010 Hello Packet received from any eligible neighbor (other than
1011 the current Designated Router and Backup Designated Router). */
1012 if (oi->type == OSPF_IFTYPE_NBMA)
1013 if (PRIORITY(oi) == 0 && hello->priority > 0
1014 && IPV4_ADDR_CMP(&DR(oi), &iph->ip_src)
1015 && IPV4_ADDR_CMP(&BDR(oi), &iph->ip_src))
1016 OSPF_NSM_TIMER_ON(nbr->t_hello_reply,
1017 ospf_hello_reply_timer,
1018 OSPF_HELLO_REPLY_DELAY);
1019
1020 /* on NBMA network type, it happens to receive bidirectional Hello
1021 packet
1022 without advance 1-Way Received event.
1023 To avoid incorrect DR-seletion, raise 1-Way Received event.*/
1024 if (oi->type == OSPF_IFTYPE_NBMA
1025 && (old_state == NSM_Down || old_state == NSM_Attempt)) {
1026 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_OneWayReceived);
1027 nbr->priority = hello->priority;
1028 nbr->d_router = hello->d_router;
1029 nbr->bd_router = hello->bd_router;
1030 return;
1031 }
1032
1033 if (ospf_nbr_bidirectional(&oi->ospf->router_id, hello->neighbors,
1034 size - OSPF_HELLO_MIN_SIZE)) {
1035 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_TwoWayReceived);
1036 nbr->options |= hello->options;
1037 } else {
1038 /* If the router is DR_OTHER, RESTARTER will not wait
1039 * until it receives the hello from it if it receives
1040 * from DR and BDR.
1041 * So, helper might receives ONW_WAY hello from
1042 * RESTARTER. So not allowing to change the state if it
1043 * receives one_way hellow when it acts as HELPER for
1044 * that specific neighbor.
1045 */
1046 if (!OSPF_GR_IS_ACTIVE_HELPER(nbr))
1047 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_OneWayReceived);
1048 /* Set neighbor information. */
1049 nbr->priority = hello->priority;
1050 nbr->d_router = hello->d_router;
1051 nbr->bd_router = hello->bd_router;
1052 return;
1053 }
1054
1055 if (OSPF_GR_IS_ACTIVE_HELPER(nbr)) {
1056 /* As per the GR Conformance Test Case 7.2. Section 3
1057 * "Also, if X was the Designated Router on network segment S
1058 * when the helping relationship began, Y maintains X as the
1059 * Designated Router until the helping relationship is
1060 * terminated."
1061 * When I am helper for this neighbor, I should not trigger the
1062 * ISM Events. Also Intentionally not setting the priority and
1063 * other fields so that when the neighbor exits the Grace
1064 * period, it can handle if there is any change before GR and
1065 * after GR. */
1066 if (IS_DEBUG_OSPF_GR)
1067 zlog_debug(
1068 "%s, Neighbor is under GR Restart, hence ignoring the ISM Events",
1069 __PRETTY_FUNCTION__);
1070 } else {
1071 /* If neighbor itself declares DR and no BDR exists,
1072 cause event BackupSeen */
1073 if (IPV4_ADDR_SAME(&nbr->address.u.prefix4, &hello->d_router))
1074 if (hello->bd_router.s_addr == INADDR_ANY
1075 && oi->state == ISM_Waiting)
1076 OSPF_ISM_EVENT_SCHEDULE(oi, ISM_BackupSeen);
1077
1078 /* neighbor itself declares BDR. */
1079 if (oi->state == ISM_Waiting
1080 && IPV4_ADDR_SAME(&nbr->address.u.prefix4,
1081 &hello->bd_router))
1082 OSPF_ISM_EVENT_SCHEDULE(oi, ISM_BackupSeen);
1083
1084 /* had not previously. */
1085 if ((IPV4_ADDR_SAME(&nbr->address.u.prefix4, &hello->d_router)
1086 && IPV4_ADDR_CMP(&nbr->address.u.prefix4, &nbr->d_router))
1087 || (IPV4_ADDR_CMP(&nbr->address.u.prefix4, &hello->d_router)
1088 && IPV4_ADDR_SAME(&nbr->address.u.prefix4,
1089 &nbr->d_router)))
1090 OSPF_ISM_EVENT_SCHEDULE(oi, ISM_NeighborChange);
1091
1092 /* had not previously. */
1093 if ((IPV4_ADDR_SAME(&nbr->address.u.prefix4, &hello->bd_router)
1094 && IPV4_ADDR_CMP(&nbr->address.u.prefix4, &nbr->bd_router))
1095 || (IPV4_ADDR_CMP(&nbr->address.u.prefix4,
1096 &hello->bd_router)
1097 && IPV4_ADDR_SAME(&nbr->address.u.prefix4,
1098 &nbr->bd_router)))
1099 OSPF_ISM_EVENT_SCHEDULE(oi, ISM_NeighborChange);
1100
1101 /* Neighbor priority check. */
1102 if (nbr->priority >= 0 && nbr->priority != hello->priority)
1103 OSPF_ISM_EVENT_SCHEDULE(oi, ISM_NeighborChange);
1104 }
1105
1106 /* Set neighbor information. */
1107 nbr->priority = hello->priority;
1108 nbr->d_router = hello->d_router;
1109 nbr->bd_router = hello->bd_router;
1110
1111 /*
1112 * RFC 3623 - Section 2:
1113 * "If the restarting router determines that it was the Designated
1114 * Router on a given segment prior to the restart, it elects
1115 * itself as the Designated Router again. The restarting router
1116 * knows that it was the Designated Router if, while the
1117 * associated interface is in Waiting state, a Hello packet is
1118 * received from a neighbor listing the router as the Designated
1119 * Router".
1120 */
1121 if (oi->area->ospf->gr_info.restart_in_progress
1122 && oi->state == ISM_Waiting
1123 && IPV4_ADDR_SAME(&hello->d_router, &oi->address->u.prefix4))
1124 DR(oi) = hello->d_router;
1125 }
1126
1127 /* Save DD flags/options/Seqnum received. */
1128 static void ospf_db_desc_save_current(struct ospf_neighbor *nbr,
1129 struct ospf_db_desc *dd)
1130 {
1131 nbr->last_recv.flags = dd->flags;
1132 nbr->last_recv.options = dd->options;
1133 nbr->last_recv.dd_seqnum = ntohl(dd->dd_seqnum);
1134 }
1135
1136 /* Process rest of DD packet. */
1137 static void ospf_db_desc_proc(struct stream *s, struct ospf_interface *oi,
1138 struct ospf_neighbor *nbr,
1139 struct ospf_db_desc *dd, uint16_t size)
1140 {
1141 struct ospf_lsa *new, *find;
1142 struct lsa_header *lsah;
1143
1144 stream_forward_getp(s, OSPF_DB_DESC_MIN_SIZE);
1145 for (size -= OSPF_DB_DESC_MIN_SIZE; size >= OSPF_LSA_HEADER_SIZE;
1146 size -= OSPF_LSA_HEADER_SIZE) {
1147 lsah = (struct lsa_header *)stream_pnt(s);
1148 stream_forward_getp(s, OSPF_LSA_HEADER_SIZE);
1149
1150 /* Unknown LS type. */
1151 if (lsah->type < OSPF_MIN_LSA || lsah->type >= OSPF_MAX_LSA) {
1152 flog_warn(EC_OSPF_PACKET,
1153 "Packet [DD:RECV]: Unknown LS type %d.",
1154 lsah->type);
1155 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_SeqNumberMismatch);
1156 return;
1157 }
1158
1159 if (IS_OPAQUE_LSA(lsah->type)
1160 && !CHECK_FLAG(nbr->options, OSPF_OPTION_O)) {
1161 flog_warn(EC_OSPF_PACKET,
1162 "LSA[Type%d:%pI4] from %pI4: Opaque capability mismatch?",
1163 lsah->type, &lsah->id, &lsah->adv_router);
1164 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_SeqNumberMismatch);
1165 return;
1166 }
1167
1168 switch (lsah->type) {
1169 case OSPF_AS_EXTERNAL_LSA:
1170 case OSPF_OPAQUE_AS_LSA:
1171 /* Check for stub area. Reject if AS-External from stub
1172 but
1173 allow if from NSSA. */
1174 if (oi->area->external_routing == OSPF_AREA_STUB) {
1175 flog_warn(
1176 EC_OSPF_PACKET,
1177 "Packet [DD:RECV]: LSA[Type%d:%pI4] from %s area.",
1178 lsah->type, &lsah->id,
1179 (oi->area->external_routing
1180 == OSPF_AREA_STUB)
1181 ? "STUB"
1182 : "NSSA");
1183 OSPF_NSM_EVENT_SCHEDULE(nbr,
1184 NSM_SeqNumberMismatch);
1185 return;
1186 }
1187 break;
1188 default:
1189 break;
1190 }
1191
1192 /* Create LS-request object. */
1193 new = ospf_ls_request_new(lsah);
1194
1195 /* Lookup received LSA, then add LS request list. */
1196 find = ospf_lsa_lookup_by_header(oi->area, lsah);
1197
1198 /* ospf_lsa_more_recent is fine with NULL pointers */
1199 switch (ospf_lsa_more_recent(find, new)) {
1200 case -1:
1201 /* Neighbour has a more recent LSA, we must request it
1202 */
1203 ospf_ls_request_add(nbr, new);
1204 /* fallthru */
1205 case 0:
1206 /* If we have a copy of this LSA, it's either less
1207 * recent
1208 * and we're requesting it from neighbour (the case
1209 * above), or
1210 * it's as recent and we both have same copy (this
1211 * case).
1212 *
1213 * In neither of these two cases is there any point in
1214 * describing our copy of the LSA to the neighbour in a
1215 * DB-Summary packet, if we're still intending to do so.
1216 *
1217 * See: draft-ogier-ospf-dbex-opt-00.txt, describing the
1218 * backward compatible optimisation to OSPF DB Exchange
1219 * /
1220 * DB Description process implemented here.
1221 */
1222 if (find)
1223 ospf_lsdb_delete(&nbr->db_sum, find);
1224 ospf_lsa_discard(new);
1225 break;
1226 default:
1227 /* We have the more recent copy, nothing specific to do:
1228 * - no need to request neighbours stale copy
1229 * - must leave DB summary list copy alone
1230 */
1231 if (IS_DEBUG_OSPF_EVENT)
1232 zlog_debug(
1233 "Packet [DD:RECV]: LSA received Type %d, ID %pI4 is not recent.",
1234 lsah->type, &lsah->id);
1235 ospf_lsa_discard(new);
1236 }
1237 }
1238
1239 /* Master */
1240 if (IS_SET_DD_MS(nbr->dd_flags)) {
1241 nbr->dd_seqnum++;
1242
1243 /* Both sides have no More, then we're done with Exchange */
1244 if (!IS_SET_DD_M(dd->flags) && !IS_SET_DD_M(nbr->dd_flags))
1245 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_ExchangeDone);
1246 else
1247 ospf_db_desc_send(nbr);
1248 }
1249 /* Slave */
1250 else {
1251 nbr->dd_seqnum = ntohl(dd->dd_seqnum);
1252
1253 /* Send DD packet in reply.
1254 *
1255 * Must be done to acknowledge the Master's DD, regardless of
1256 * whether we have more LSAs ourselves to describe.
1257 *
1258 * This function will clear the 'More' bit, if after this DD
1259 * we have no more LSAs to describe to the master..
1260 */
1261 ospf_db_desc_send(nbr);
1262
1263 /* Slave can raise ExchangeDone now, if master is also done */
1264 if (!IS_SET_DD_M(dd->flags) && !IS_SET_DD_M(nbr->dd_flags))
1265 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_ExchangeDone);
1266 }
1267
1268 /* Save received neighbor values from DD. */
1269 ospf_db_desc_save_current(nbr, dd);
1270
1271 if (!nbr->t_ls_req)
1272 ospf_ls_req_send(nbr);
1273 }
1274
1275 static int ospf_db_desc_is_dup(struct ospf_db_desc *dd,
1276 struct ospf_neighbor *nbr)
1277 {
1278 /* Is DD duplicated? */
1279 if (dd->options == nbr->last_recv.options
1280 && dd->flags == nbr->last_recv.flags
1281 && dd->dd_seqnum == htonl(nbr->last_recv.dd_seqnum))
1282 return 1;
1283
1284 return 0;
1285 }
1286
1287 /* OSPF Database Description message read -- RFC2328 Section 10.6. */
1288 static void ospf_db_desc(struct ip *iph, struct ospf_header *ospfh,
1289 struct stream *s, struct ospf_interface *oi,
1290 uint16_t size)
1291 {
1292 struct ospf_db_desc *dd;
1293 struct ospf_neighbor *nbr;
1294
1295 /* Increment statistics. */
1296 oi->db_desc_in++;
1297
1298 dd = (struct ospf_db_desc *)stream_pnt(s);
1299
1300 nbr = ospf_nbr_lookup(oi, iph, ospfh);
1301 if (nbr == NULL) {
1302 flog_warn(EC_OSPF_PACKET, "Packet[DD]: Unknown Neighbor %pI4",
1303 &ospfh->router_id);
1304 return;
1305 }
1306
1307 /* Check MTU. */
1308 if ((OSPF_IF_PARAM(oi, mtu_ignore) == 0)
1309 && (ntohs(dd->mtu) > oi->ifp->mtu)) {
1310 flog_warn(
1311 EC_OSPF_PACKET,
1312 "Packet[DD]: Neighbor %pI4 MTU %u is larger than [%s]'s MTU %u",
1313 &nbr->router_id, ntohs(dd->mtu), IF_NAME(oi),
1314 oi->ifp->mtu);
1315 return;
1316 }
1317
1318 /*
1319 * XXX HACK by Hasso Tepper. Setting N/P bit in NSSA area DD packets is
1320 * not
1321 * required. In fact at least JunOS sends DD packets with P bit clear.
1322 * Until proper solution is developped, this hack should help.
1323 *
1324 * Update: According to the RFCs, N bit is specified /only/ for Hello
1325 * options, unfortunately its use in DD options is not specified. Hence
1326 * some
1327 * implementations follow E-bit semantics and set it in DD options, and
1328 * some
1329 * treat it as unspecified and hence follow the directive "default for
1330 * options is clear", ie unset.
1331 *
1332 * Reset the flag, as ospfd follows E-bit semantics.
1333 */
1334 if ((oi->area->external_routing == OSPF_AREA_NSSA)
1335 && (CHECK_FLAG(nbr->options, OSPF_OPTION_NP))
1336 && (!CHECK_FLAG(dd->options, OSPF_OPTION_NP))) {
1337 if (IS_DEBUG_OSPF_EVENT)
1338 zlog_debug(
1339 "Packet[DD]: Neighbour %pI4: Has NSSA capability, sends with N bit clear in DD options",
1340 &nbr->router_id);
1341 SET_FLAG(dd->options, OSPF_OPTION_NP);
1342 }
1343
1344 #ifdef REJECT_IF_TBIT_ON
1345 if (CHECK_FLAG(dd->options, OSPF_OPTION_MT)) {
1346 /*
1347 * In Hello protocol, optional capability must have checked
1348 * to prevent this T-bit enabled router be my neighbor.
1349 */
1350 flog_warn(EC_OSPF_PACKET, "Packet[DD]: Neighbor %pI4: T-bit on?",
1351 &nbr->router_id);
1352 return;
1353 }
1354 #endif /* REJECT_IF_TBIT_ON */
1355
1356 if (CHECK_FLAG(dd->options, OSPF_OPTION_O)
1357 && !CHECK_FLAG(oi->ospf->config, OSPF_OPAQUE_CAPABLE)) {
1358 /*
1359 * This node is not configured to handle O-bit, for now.
1360 * Clear it to ignore unsupported capability proposed by
1361 * neighbor.
1362 */
1363 UNSET_FLAG(dd->options, OSPF_OPTION_O);
1364 }
1365
1366 if (CHECK_FLAG(oi->ospf->config, OSPF_LOG_ADJACENCY_DETAIL))
1367 zlog_info(
1368 "%s:Packet[DD]: Neighbor %pI4 state is %s, seq_num:0x%x, local:0x%x",
1369 ospf_get_name(oi->ospf), &nbr->router_id,
1370 lookup_msg(ospf_nsm_state_msg, nbr->state, NULL),
1371 ntohl(dd->dd_seqnum), nbr->dd_seqnum);
1372
1373 /* Process DD packet by neighbor status. */
1374 switch (nbr->state) {
1375 case NSM_Down:
1376 case NSM_Attempt:
1377 case NSM_TwoWay:
1378 if (CHECK_FLAG(oi->ospf->config, OSPF_LOG_ADJACENCY_DETAIL))
1379 zlog_info(
1380 "Packet[DD]: Neighbor %pI4 state is %s, packet discarded.",
1381 &nbr->router_id,
1382 lookup_msg(ospf_nsm_state_msg, nbr->state,
1383 NULL));
1384 break;
1385 case NSM_Init:
1386 OSPF_NSM_EVENT_EXECUTE(nbr, NSM_TwoWayReceived);
1387 /* If the new state is ExStart, the processing of the current
1388 packet should then continue in this new state by falling
1389 through to case ExStart below. */
1390 if (nbr->state != NSM_ExStart)
1391 break;
1392 /* fallthru */
1393 case NSM_ExStart:
1394 /* Initial DBD */
1395 if ((IS_SET_DD_ALL(dd->flags) == OSPF_DD_FLAG_ALL)
1396 && (size == OSPF_DB_DESC_MIN_SIZE)) {
1397 if (IPV4_ADDR_CMP(&nbr->router_id, &oi->ospf->router_id)
1398 > 0) {
1399 /* We're Slave---obey */
1400 if (CHECK_FLAG(oi->ospf->config,
1401 OSPF_LOG_ADJACENCY_DETAIL))
1402 zlog_info(
1403 "Packet[DD]: Neighbor %pI4 Negotiation done (Slave).",
1404 &nbr->router_id);
1405
1406 nbr->dd_seqnum = ntohl(dd->dd_seqnum);
1407
1408 /* Reset I/MS */
1409 UNSET_FLAG(nbr->dd_flags,
1410 (OSPF_DD_FLAG_MS | OSPF_DD_FLAG_I));
1411 } else {
1412 /* We're Master, ignore the initial DBD from
1413 * Slave */
1414 if (CHECK_FLAG(oi->ospf->config,
1415 OSPF_LOG_ADJACENCY_DETAIL))
1416 zlog_info(
1417 "Packet[DD]: Neighbor %pI4: Initial DBD from Slave, ignoring.",
1418 &nbr->router_id);
1419 break;
1420 }
1421 }
1422 /* Ack from the Slave */
1423 else if (!IS_SET_DD_MS(dd->flags) && !IS_SET_DD_I(dd->flags)
1424 && ntohl(dd->dd_seqnum) == nbr->dd_seqnum
1425 && IPV4_ADDR_CMP(&nbr->router_id, &oi->ospf->router_id)
1426 < 0) {
1427 zlog_info(
1428 "Packet[DD]: Neighbor %pI4 Negotiation done (Master).",
1429 &nbr->router_id);
1430 /* Reset I, leaving MS */
1431 UNSET_FLAG(nbr->dd_flags, OSPF_DD_FLAG_I);
1432 } else {
1433 flog_warn(EC_OSPF_PACKET,
1434 "Packet[DD]: Neighbor %pI4 Negotiation fails.",
1435 &nbr->router_id);
1436 break;
1437 }
1438
1439 /* This is where the real Options are saved */
1440 nbr->options = dd->options;
1441
1442 if (CHECK_FLAG(oi->ospf->config, OSPF_OPAQUE_CAPABLE)) {
1443 if (IS_DEBUG_OSPF_EVENT)
1444 zlog_debug(
1445 "Neighbor[%pI4] is %sOpaque-capable.",
1446 &nbr->router_id,
1447 CHECK_FLAG(nbr->options, OSPF_OPTION_O)
1448 ? ""
1449 : "NOT ");
1450
1451 if (!CHECK_FLAG(nbr->options, OSPF_OPTION_O)
1452 && IPV4_ADDR_SAME(&DR(oi),
1453 &nbr->address.u.prefix4)) {
1454 flog_warn(
1455 EC_OSPF_PACKET,
1456 "DR-neighbor[%pI4] is NOT opaque-capable; Opaque-LSAs cannot be reliably advertised in this network.",
1457 &nbr->router_id);
1458 /* This situation is undesirable, but not a real
1459 * error. */
1460 }
1461 }
1462
1463 OSPF_NSM_EVENT_EXECUTE(nbr, NSM_NegotiationDone);
1464
1465 /* continue processing rest of packet. */
1466 ospf_db_desc_proc(s, oi, nbr, dd, size);
1467 break;
1468 case NSM_Exchange:
1469 if (ospf_db_desc_is_dup(dd, nbr)) {
1470 if (IS_SET_DD_MS(nbr->dd_flags))
1471 /* Master: discard duplicated DD packet. */
1472 zlog_info(
1473 "Packet[DD] (Master): Neighbor %pI4 packet duplicated.",
1474 &nbr->router_id);
1475 else
1476 /* Slave: cause to retransmit the last Database
1477 Description. */
1478 {
1479 zlog_info(
1480 "Packet[DD] [Slave]: Neighbor %pI4 packet duplicated.",
1481 &nbr->router_id);
1482 ospf_db_desc_resend(nbr);
1483 }
1484 break;
1485 }
1486
1487 /* Otherwise DD packet should be checked. */
1488 /* Check Master/Slave bit mismatch */
1489 if (IS_SET_DD_MS(dd->flags)
1490 != IS_SET_DD_MS(nbr->last_recv.flags)) {
1491 flog_warn(EC_OSPF_PACKET,
1492 "Packet[DD]: Neighbor %pI4 MS-bit mismatch.",
1493 &nbr->router_id);
1494 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_SeqNumberMismatch);
1495 if (IS_DEBUG_OSPF_EVENT)
1496 zlog_debug(
1497 "Packet[DD]: dd->flags=%d, nbr->dd_flags=%d",
1498 dd->flags, nbr->dd_flags);
1499 break;
1500 }
1501
1502 /* Check initialize bit is set. */
1503 if (IS_SET_DD_I(dd->flags)) {
1504 zlog_info("Packet[DD]: Neighbor %pI4 I-bit set.",
1505 &nbr->router_id);
1506 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_SeqNumberMismatch);
1507 break;
1508 }
1509
1510 /* Check DD Options. */
1511 if (dd->options != nbr->options) {
1512 flog_warn(EC_OSPF_PACKET,
1513 "Packet[DD]: Neighbor %pI4 options mismatch.",
1514 &nbr->router_id);
1515 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_SeqNumberMismatch);
1516 break;
1517 }
1518
1519 /* Check DD sequence number. */
1520 if ((IS_SET_DD_MS(nbr->dd_flags)
1521 && ntohl(dd->dd_seqnum) != nbr->dd_seqnum)
1522 || (!IS_SET_DD_MS(nbr->dd_flags)
1523 && ntohl(dd->dd_seqnum) != nbr->dd_seqnum + 1)) {
1524 flog_warn(
1525 EC_OSPF_PACKET,
1526 "Packet[DD]: Neighbor %pI4 sequence number mismatch.",
1527 &nbr->router_id);
1528 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_SeqNumberMismatch);
1529 break;
1530 }
1531
1532 /* Continue processing rest of packet. */
1533 ospf_db_desc_proc(s, oi, nbr, dd, size);
1534 break;
1535 case NSM_Loading:
1536 case NSM_Full:
1537 if (ospf_db_desc_is_dup(dd, nbr)) {
1538 if (IS_SET_DD_MS(nbr->dd_flags)) {
1539 /* Master should discard duplicate DD packet. */
1540 zlog_info(
1541 "Packet[DD]: Neighbor %pI4 duplicated, packet discarded.",
1542 &nbr->router_id);
1543 break;
1544 } else {
1545 if (monotime_since(&nbr->last_send_ts, NULL)
1546 < nbr->v_inactivity * 1000000LL) {
1547 /* In states Loading and Full the slave
1548 must resend
1549 its last Database Description packet
1550 in response to
1551 duplicate Database Description
1552 packets received
1553 from the master. For this reason the
1554 slave must
1555 wait RouterDeadInterval seconds
1556 before freeing the
1557 last Database Description packet.
1558 Reception of a
1559 Database Description packet from the
1560 master after
1561 this interval will generate a
1562 SeqNumberMismatch
1563 neighbor event. RFC2328 Section 10.8
1564 */
1565 ospf_db_desc_resend(nbr);
1566 break;
1567 }
1568 }
1569 }
1570
1571 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_SeqNumberMismatch);
1572 break;
1573 default:
1574 flog_warn(EC_OSPF_PACKET,
1575 "Packet[DD]: Neighbor %pI4 NSM illegal status %u.",
1576 &nbr->router_id, nbr->state);
1577 break;
1578 }
1579 }
1580
1581 #define OSPF_LSA_KEY_SIZE 12 /* type(4) + id(4) + ar(4) */
1582
1583 /* OSPF Link State Request Read -- RFC2328 Section 10.7. */
1584 static void ospf_ls_req(struct ip *iph, struct ospf_header *ospfh,
1585 struct stream *s, struct ospf_interface *oi,
1586 uint16_t size)
1587 {
1588 struct ospf_neighbor *nbr;
1589 uint32_t ls_type;
1590 struct in_addr ls_id;
1591 struct in_addr adv_router;
1592 struct ospf_lsa *find;
1593 struct list *ls_upd;
1594 unsigned int length;
1595
1596 /* Increment statistics. */
1597 oi->ls_req_in++;
1598
1599 nbr = ospf_nbr_lookup(oi, iph, ospfh);
1600 if (nbr == NULL) {
1601 flog_warn(EC_OSPF_PACKET,
1602 "Link State Request: Unknown Neighbor %pI4",
1603 &ospfh->router_id);
1604 return;
1605 }
1606
1607 /* Neighbor State should be Exchange or later. */
1608 if (nbr->state != NSM_Exchange && nbr->state != NSM_Loading
1609 && nbr->state != NSM_Full) {
1610 flog_warn(
1611 EC_OSPF_PACKET,
1612 "Link State Request received from %pI4: Neighbor state is %s, packet discarded.",
1613 &ospfh->router_id,
1614 lookup_msg(ospf_nsm_state_msg, nbr->state, NULL));
1615 return;
1616 }
1617
1618 /* Send Link State Update for ALL requested LSAs. */
1619 ls_upd = list_new();
1620 length = OSPF_HEADER_SIZE + OSPF_LS_UPD_MIN_SIZE;
1621
1622 while (size >= OSPF_LSA_KEY_SIZE) {
1623 /* Get one slice of Link State Request. */
1624 ls_type = stream_getl(s);
1625 ls_id.s_addr = stream_get_ipv4(s);
1626 adv_router.s_addr = stream_get_ipv4(s);
1627
1628 /* Verify LSA type. */
1629 if (ls_type < OSPF_MIN_LSA || ls_type >= OSPF_MAX_LSA) {
1630 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_BadLSReq);
1631 list_delete(&ls_upd);
1632 return;
1633 }
1634
1635 /* Search proper LSA in LSDB. */
1636 find = ospf_lsa_lookup(oi->ospf, oi->area, ls_type, ls_id,
1637 adv_router);
1638 if (find == NULL) {
1639 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_BadLSReq);
1640 list_delete(&ls_upd);
1641 return;
1642 }
1643
1644 /* Packet overflows MTU size, send immediately. */
1645 if (length + ntohs(find->data->length) > ospf_packet_max(oi)) {
1646 if (oi->type == OSPF_IFTYPE_NBMA)
1647 ospf_ls_upd_send(nbr, ls_upd,
1648 OSPF_SEND_PACKET_DIRECT, 0);
1649 else
1650 ospf_ls_upd_send(nbr, ls_upd,
1651 OSPF_SEND_PACKET_INDIRECT, 0);
1652
1653 /* Only remove list contents. Keep ls_upd. */
1654 list_delete_all_node(ls_upd);
1655
1656 length = OSPF_HEADER_SIZE + OSPF_LS_UPD_MIN_SIZE;
1657 }
1658
1659 /* Append LSA to update list. */
1660 listnode_add(ls_upd, find);
1661 length += ntohs(find->data->length);
1662
1663 size -= OSPF_LSA_KEY_SIZE;
1664 }
1665
1666 /* Send rest of Link State Update. */
1667 if (listcount(ls_upd) > 0) {
1668 if (oi->type == OSPF_IFTYPE_NBMA)
1669 ospf_ls_upd_send(nbr, ls_upd, OSPF_SEND_PACKET_DIRECT,
1670 0);
1671 else
1672 ospf_ls_upd_send(nbr, ls_upd, OSPF_SEND_PACKET_INDIRECT,
1673 0);
1674
1675 list_delete(&ls_upd);
1676 } else
1677 list_delete(&ls_upd);
1678 }
1679
1680 /* Get the list of LSAs from Link State Update packet.
1681 And process some validation -- RFC2328 Section 13. (1)-(2). */
1682 static struct list *ospf_ls_upd_list_lsa(struct ospf_neighbor *nbr,
1683 struct stream *s,
1684 struct ospf_interface *oi, size_t size)
1685 {
1686 uint16_t count, sum;
1687 uint32_t length;
1688 struct lsa_header *lsah;
1689 struct ospf_lsa *lsa;
1690 struct list *lsas;
1691
1692 lsas = list_new();
1693
1694 count = stream_getl(s);
1695 size -= OSPF_LS_UPD_MIN_SIZE; /* # LSAs */
1696
1697 for (; size >= OSPF_LSA_HEADER_SIZE && count > 0;
1698 size -= length, stream_forward_getp(s, length), count--) {
1699 lsah = (struct lsa_header *)stream_pnt(s);
1700 length = ntohs(lsah->length);
1701
1702 if (length > size) {
1703 flog_warn(
1704 EC_OSPF_PACKET,
1705 "Link State Update: LSA length exceeds packet size.");
1706 break;
1707 }
1708
1709 if (length < OSPF_LSA_HEADER_SIZE) {
1710 flog_warn(EC_OSPF_PACKET,
1711 "Link State Update: LSA length too small.");
1712 break;
1713 }
1714
1715 /* Validate the LSA's LS checksum. */
1716 sum = lsah->checksum;
1717 if (!ospf_lsa_checksum_valid(lsah)) {
1718 /* (bug #685) more details in a one-line message make it
1719 * possible
1720 * to identify problem source on the one hand and to
1721 * have a better
1722 * chance to compress repeated messages in syslog on the
1723 * other */
1724 flog_warn(
1725 EC_OSPF_PACKET,
1726 "Link State Update: LSA checksum error %x/%x, ID=%pI4 from: nbr %pI4, router ID %pI4, adv router %pI4",
1727 sum, lsah->checksum, &lsah->id,
1728 &nbr->src, &nbr->router_id,
1729 &lsah->adv_router);
1730 continue;
1731 }
1732
1733 /* Examine the LSA's LS type. */
1734 if (lsah->type < OSPF_MIN_LSA || lsah->type >= OSPF_MAX_LSA) {
1735 flog_warn(EC_OSPF_PACKET,
1736 "Link State Update: Unknown LS type %d",
1737 lsah->type);
1738 continue;
1739 }
1740
1741 /*
1742 * What if the received LSA's age is greater than MaxAge?
1743 * Treat it as a MaxAge case -- endo.
1744 */
1745 if (ntohs(lsah->ls_age) > OSPF_LSA_MAXAGE)
1746 lsah->ls_age = htons(OSPF_LSA_MAXAGE);
1747
1748 if (CHECK_FLAG(nbr->options, OSPF_OPTION_O)) {
1749 #ifdef STRICT_OBIT_USAGE_CHECK
1750 if ((IS_OPAQUE_LSA(lsah->type)
1751 && !CHECK_FLAG(lsah->options, OSPF_OPTION_O))
1752 || (!IS_OPAQUE_LSA(lsah->type)
1753 && CHECK_FLAG(lsah->options, OSPF_OPTION_O))) {
1754 /*
1755 * This neighbor must know the exact usage of
1756 * O-bit;
1757 * the bit will be set in Type-9,10,11 LSAs
1758 * only.
1759 */
1760 flog_warn(EC_OSPF_PACKET,
1761 "LSA[Type%d:%pI4]: O-bit abuse?",
1762 lsah->type, &lsah->id);
1763 continue;
1764 }
1765 #endif /* STRICT_OBIT_USAGE_CHECK */
1766
1767 /* Do not take in AS External Opaque-LSAs if we are a
1768 * stub. */
1769 if (lsah->type == OSPF_OPAQUE_AS_LSA
1770 && nbr->oi->area->external_routing
1771 != OSPF_AREA_DEFAULT) {
1772 if (IS_DEBUG_OSPF_EVENT)
1773 zlog_debug(
1774 "LSA[Type%d:%pI4]: We are a stub, don't take this LSA.",
1775 lsah->type,
1776 &lsah->id);
1777 continue;
1778 }
1779 } else if (IS_OPAQUE_LSA(lsah->type)) {
1780 flog_warn(
1781 EC_OSPF_PACKET,
1782 "LSA[Type%d:%pI4] from %pI4: Opaque capability mismatch?",
1783 lsah->type, &lsah->id, &lsah->adv_router);
1784 continue;
1785 }
1786
1787 /* Create OSPF LSA instance. */
1788 lsa = ospf_lsa_new_and_data(length);
1789
1790 lsa->vrf_id = oi->ospf->vrf_id;
1791 /* We may wish to put some error checking if type NSSA comes in
1792 and area not in NSSA mode */
1793 switch (lsah->type) {
1794 case OSPF_AS_EXTERNAL_LSA:
1795 case OSPF_OPAQUE_AS_LSA:
1796 lsa->area = NULL;
1797 break;
1798 case OSPF_OPAQUE_LINK_LSA:
1799 lsa->oi = oi; /* Remember incoming interface for
1800 flooding control. */
1801 /* Fallthrough */
1802 default:
1803 lsa->area = oi->area;
1804 break;
1805 }
1806
1807 memcpy(lsa->data, lsah, length);
1808
1809 if (IS_DEBUG_OSPF_EVENT)
1810 zlog_debug(
1811 "LSA[Type%d:%pI4]: %p new LSA created with Link State Update",
1812 lsa->data->type, &lsa->data->id,
1813 (void *)lsa);
1814 listnode_add(lsas, lsa);
1815 }
1816
1817 return lsas;
1818 }
1819
1820 /* Cleanup Update list. */
1821 static void ospf_upd_list_clean(struct list *lsas)
1822 {
1823 struct listnode *node, *nnode;
1824 struct ospf_lsa *lsa;
1825
1826 for (ALL_LIST_ELEMENTS(lsas, node, nnode, lsa))
1827 ospf_lsa_discard(lsa);
1828
1829 list_delete(&lsas);
1830 }
1831
1832 /* OSPF Link State Update message read -- RFC2328 Section 13. */
1833 static void ospf_ls_upd(struct ospf *ospf, struct ip *iph,
1834 struct ospf_header *ospfh, struct stream *s,
1835 struct ospf_interface *oi, uint16_t size)
1836 {
1837 struct ospf_neighbor *nbr;
1838 struct list *lsas;
1839 struct listnode *node, *nnode;
1840 struct ospf_lsa *lsa = NULL;
1841 /* unsigned long ls_req_found = 0; */
1842
1843 /* Dis-assemble the stream, update each entry, re-encapsulate for
1844 * flooding */
1845
1846 /* Increment statistics. */
1847 oi->ls_upd_in++;
1848
1849 /* Check neighbor. */
1850 nbr = ospf_nbr_lookup(oi, iph, ospfh);
1851 if (nbr == NULL) {
1852 flog_warn(EC_OSPF_PACKET,
1853 "Link State Update: Unknown Neighbor %pI4 on int: %s",
1854 &ospfh->router_id, IF_NAME(oi));
1855 return;
1856 }
1857
1858 /* Check neighbor state. */
1859 if (nbr->state < NSM_Exchange) {
1860 if (IS_DEBUG_OSPF(nsm, NSM_EVENTS))
1861 zlog_debug(
1862 "Link State Update: Neighbor[%pI4] state %s is less than Exchange",
1863 &ospfh->router_id,
1864 lookup_msg(ospf_nsm_state_msg, nbr->state,
1865 NULL));
1866 return;
1867 }
1868
1869 /* Get list of LSAs from Link State Update packet. - Also performs
1870 * Stages 1 (validate LSA checksum) and 2 (check for LSA consistent
1871 * type) of section 13.
1872 */
1873 lsas = ospf_ls_upd_list_lsa(nbr, s, oi, size);
1874
1875 if (lsas == NULL)
1876 return;
1877 #define DISCARD_LSA(L, N) \
1878 { \
1879 if (IS_DEBUG_OSPF_EVENT) \
1880 zlog_debug( \
1881 "ospf_lsa_discard() in ospf_ls_upd() point %d: lsa %p" \
1882 " Type-%d", \
1883 N, (void *)lsa, (int)lsa->data->type); \
1884 ospf_lsa_discard(L); \
1885 continue; \
1886 }
1887
1888 /* Process each LSA received in the one packet.
1889 *
1890 * Numbers in parentheses, e.g. (1), (2), etc., and the corresponding
1891 * text below are from the steps in RFC 2328, Section 13.
1892 */
1893 for (ALL_LIST_ELEMENTS(lsas, node, nnode, lsa)) {
1894 struct ospf_lsa *ls_ret, *current;
1895 int ret = 1;
1896
1897 if (IS_DEBUG_OSPF(lsa, LSA))
1898 zlog_debug("LSA Type-%d from %pI4, ID: %pI4, ADV: %pI4",
1899 lsa->data->type, &ospfh->router_id,
1900 &lsa->data->id, &lsa->data->adv_router);
1901
1902 listnode_delete(lsas,
1903 lsa); /* We don't need it in list anymore */
1904
1905 /* (1) Validate Checksum - Done above by ospf_ls_upd_list_lsa()
1906 */
1907
1908 /* (2) LSA Type - Done above by ospf_ls_upd_list_lsa() */
1909
1910 /* (3) Do not take in AS External LSAs if we are a stub or NSSA.
1911 */
1912
1913 /* Do not take in AS NSSA if this neighbor and we are not NSSA
1914 */
1915
1916 /* Do take in Type-7's if we are an NSSA */
1917
1918 /* If we are also an ABR, later translate them to a Type-5
1919 * packet */
1920
1921 /* Later, an NSSA Re-fresh can Re-fresh Type-7's and an ABR will
1922 translate them to a separate Type-5 packet. */
1923
1924 if (lsa->data->type == OSPF_AS_EXTERNAL_LSA)
1925 /* Reject from STUB or NSSA */
1926 if (nbr->oi->area->external_routing
1927 != OSPF_AREA_DEFAULT) {
1928 if (IS_DEBUG_OSPF_NSSA)
1929 zlog_debug(
1930 "Incoming External LSA Discarded: We are NSSA/STUB Area");
1931 DISCARD_LSA(lsa, 1);
1932 }
1933
1934 if (lsa->data->type == OSPF_AS_NSSA_LSA)
1935 if (nbr->oi->area->external_routing != OSPF_AREA_NSSA) {
1936 if (IS_DEBUG_OSPF_NSSA)
1937 zlog_debug(
1938 "Incoming NSSA LSA Discarded: Not NSSA Area");
1939 DISCARD_LSA(lsa, 2);
1940 }
1941
1942 /* VU229804: Router-LSA Adv-ID must be equal to LS-ID */
1943 if (lsa->data->type == OSPF_ROUTER_LSA)
1944 if (!IPV4_ADDR_SAME(&lsa->data->id,
1945 &lsa->data->adv_router)) {
1946 flog_err(
1947 EC_OSPF_ROUTER_LSA_MISMATCH,
1948 "Incoming Router-LSA from %pI4 with Adv-ID[%pI4] != LS-ID[%pI4]",
1949 &ospfh->router_id, &lsa->data->id,
1950 &lsa->data->adv_router);
1951 flog_err(
1952 EC_OSPF_DOMAIN_CORRUPT,
1953 "OSPF domain compromised by attack or corruption. Verify correct operation of -ALL- OSPF routers.");
1954 DISCARD_LSA(lsa, 0);
1955 }
1956
1957 /* Find the LSA in the current database. */
1958
1959 current = ospf_lsa_lookup_by_header(oi->area, lsa->data);
1960
1961 /* (4) If the LSA's LS age is equal to MaxAge, and there is
1962 currently
1963 no instance of the LSA in the router's link state database,
1964 and none of router's neighbors are in states Exchange or
1965 Loading,
1966 then take the following actions: */
1967
1968 if (IS_LSA_MAXAGE(lsa) && !current
1969 && ospf_check_nbr_status(oi->ospf)) {
1970 /* (4a) Response Link State Acknowledgment. */
1971 ospf_ls_ack_send(nbr, lsa);
1972
1973 /* (4b) Discard LSA. */
1974 if (IS_DEBUG_OSPF(lsa, LSA)) {
1975 zlog_debug(
1976 "Link State Update[%s]: LS age is equal to MaxAge.",
1977 dump_lsa_key(lsa));
1978 }
1979 DISCARD_LSA(lsa, 3);
1980 }
1981
1982 if (IS_OPAQUE_LSA(lsa->data->type)
1983 && IPV4_ADDR_SAME(&lsa->data->adv_router,
1984 &oi->ospf->router_id)) {
1985 /*
1986 * Even if initial flushing seems to be completed, there
1987 * might
1988 * be a case that self-originated LSA with MaxAge still
1989 * remain
1990 * in the routing domain.
1991 * Just send an LSAck message to cease retransmission.
1992 */
1993 if (IS_LSA_MAXAGE(lsa)) {
1994 zlog_info("LSA[%s]: Boomerang effect?",
1995 dump_lsa_key(lsa));
1996 ospf_ls_ack_send(nbr, lsa);
1997 ospf_lsa_discard(lsa);
1998
1999 if (current != NULL && !IS_LSA_MAXAGE(current))
2000 ospf_opaque_lsa_refresh_schedule(
2001 current);
2002 continue;
2003 }
2004
2005 /*
2006 * If an instance of self-originated Opaque-LSA is not
2007 * found
2008 * in the LSDB, there are some possible cases here.
2009 *
2010 * 1) This node lost opaque-capability after restart.
2011 * 2) Else, a part of opaque-type is no more supported.
2012 * 3) Else, a part of opaque-id is no more supported.
2013 *
2014 * Anyway, it is still this node's responsibility to
2015 * flush it.
2016 * Otherwise, the LSA instance remains in the routing
2017 * domain
2018 * until its age reaches to MaxAge.
2019 */
2020 /* XXX: We should deal with this for *ALL* LSAs, not
2021 * just opaque */
2022 if (current == NULL) {
2023 if (IS_DEBUG_OSPF_EVENT)
2024 zlog_debug(
2025 "LSA[%s]: Previously originated Opaque-LSA,not found in the LSDB.",
2026 dump_lsa_key(lsa));
2027
2028 SET_FLAG(lsa->flags, OSPF_LSA_SELF);
2029
2030 ospf_ls_ack_send(nbr, lsa);
2031
2032 if (!ospf->gr_info.restart_in_progress) {
2033 ospf_opaque_self_originated_lsa_received(
2034 nbr, lsa);
2035 continue;
2036 }
2037 }
2038 }
2039
2040 /* It might be happen that received LSA is self-originated
2041 * network LSA, but
2042 * router ID is changed. So, we should check if LSA is a
2043 * network-LSA whose
2044 * Link State ID is one of the router's own IP interface
2045 * addresses but whose
2046 * Advertising Router is not equal to the router's own Router ID
2047 * According to RFC 2328 12.4.2 and 13.4 this LSA should be
2048 * flushed.
2049 */
2050
2051 if (lsa->data->type == OSPF_NETWORK_LSA) {
2052 struct listnode *oinode, *oinnode;
2053 struct ospf_interface *out_if;
2054 int Flag = 0;
2055
2056 for (ALL_LIST_ELEMENTS(oi->ospf->oiflist, oinode,
2057 oinnode, out_if)) {
2058 if (out_if == NULL)
2059 break;
2060
2061 if ((IPV4_ADDR_SAME(&out_if->address->u.prefix4,
2062 &lsa->data->id))
2063 && (!(IPV4_ADDR_SAME(
2064 &oi->ospf->router_id,
2065 &lsa->data->adv_router)))) {
2066 if (out_if->network_lsa_self) {
2067 ospf_lsa_flush_area(
2068 lsa, out_if->area);
2069 if (IS_DEBUG_OSPF_EVENT)
2070 zlog_debug(
2071 "ospf_lsa_discard() in ospf_ls_upd() point 9: lsa %p Type-%d",
2072 (void *)lsa,
2073 (int)lsa->data
2074 ->type);
2075 ospf_lsa_discard(lsa);
2076 Flag = 1;
2077 }
2078 break;
2079 }
2080 }
2081 if (Flag)
2082 continue;
2083 }
2084
2085 /* (5) Find the instance of this LSA that is currently contained
2086 in the router's link state database. If there is no
2087 database copy, or the received LSA is more recent than
2088 the database copy the following steps must be performed.
2089 (The sub steps from RFC 2328 section 13 step (5) will be
2090 performed in
2091 ospf_flood() ) */
2092
2093 if (current == NULL
2094 || (ret = ospf_lsa_more_recent(current, lsa)) < 0) {
2095 /* CVE-2017-3224 */
2096 if (current && (IS_LSA_MAX_SEQ(current))
2097 && (IS_LSA_MAX_SEQ(lsa)) && !IS_LSA_MAXAGE(lsa)) {
2098 zlog_debug(
2099 "Link State Update[%s]: has Max Seq and higher checksum but not MaxAge. Dropping it",
2100 dump_lsa_key(lsa));
2101
2102 DISCARD_LSA(lsa, 4);
2103 }
2104
2105 /* Actual flooding procedure. */
2106 if (ospf_flood(oi->ospf, nbr, current, lsa)
2107 < 0) /* Trap NSSA later. */
2108 DISCARD_LSA(lsa, 5);
2109
2110 /* GR: check for network topology change. */
2111 if (ospf->gr_info.restart_in_progress &&
2112 ((lsa->data->type == OSPF_ROUTER_LSA ||
2113 lsa->data->type == OSPF_NETWORK_LSA)))
2114 ospf_gr_check_lsdb_consistency(oi->ospf,
2115 oi->area);
2116
2117 continue;
2118 }
2119
2120 /* (6) Else, If there is an instance of the LSA on the sending
2121 neighbor's Link state request list, an error has occurred in
2122 the Database Exchange process. In this case, restart the
2123 Database Exchange process by generating the neighbor event
2124 BadLSReq for the sending neighbor and stop processing the
2125 Link State Update packet. */
2126
2127 if (ospf_ls_request_lookup(nbr, lsa)) {
2128 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_BadLSReq);
2129 flog_warn(
2130 EC_OSPF_PACKET,
2131 "LSA[%s] instance exists on Link state request list",
2132 dump_lsa_key(lsa));
2133
2134 /* Clean list of LSAs. */
2135 ospf_upd_list_clean(lsas);
2136 /* this lsa is not on lsas list already. */
2137 ospf_lsa_discard(lsa);
2138 return;
2139 }
2140
2141 /* If the received LSA is the same instance as the database copy
2142 (i.e., neither one is more recent) the following two steps
2143 should be performed: */
2144
2145 if (ret == 0) {
2146 /* If the LSA is listed in the Link state retransmission
2147 list
2148 for the receiving adjacency, the router itself is
2149 expecting
2150 an acknowledgment for this LSA. The router should
2151 treat the
2152 received LSA as an acknowledgment by removing the LSA
2153 from
2154 the Link state retransmission list. This is termed
2155 an
2156 "implied acknowledgment". */
2157
2158 ls_ret = ospf_ls_retransmit_lookup(nbr, lsa);
2159
2160 if (ls_ret != NULL) {
2161 ospf_ls_retransmit_delete(nbr, ls_ret);
2162
2163 /* Delayed acknowledgment sent if advertisement
2164 received
2165 from Designated Router, otherwise do nothing.
2166 */
2167 if (oi->state == ISM_Backup)
2168 if (NBR_IS_DR(nbr))
2169 listnode_add(
2170 oi->ls_ack,
2171 ospf_lsa_lock(lsa));
2172
2173 DISCARD_LSA(lsa, 6);
2174 } else
2175 /* Acknowledge the receipt of the LSA by sending a
2176 Link State Acknowledgment packet back out the
2177 receiving
2178 interface. */
2179 {
2180 ospf_ls_ack_send(nbr, lsa);
2181 DISCARD_LSA(lsa, 7);
2182 }
2183 }
2184
2185 /* The database copy is more recent. If the database copy
2186 has LS age equal to MaxAge and LS sequence number equal to
2187 MaxSequenceNumber, simply discard the received LSA without
2188 acknowledging it. (In this case, the LSA's LS sequence number
2189 is
2190 wrapping, and the MaxSequenceNumber LSA must be completely
2191 flushed before any new LSA instance can be introduced). */
2192
2193 else if (ret > 0) /* Database copy is more recent */
2194 {
2195 if (IS_LSA_MAXAGE(current)
2196 && current->data->ls_seqnum
2197 == htonl(OSPF_MAX_SEQUENCE_NUMBER)) {
2198 DISCARD_LSA(lsa, 8);
2199 }
2200 /* Otherwise, as long as the database copy has not been
2201 sent in a
2202 Link State Update within the last MinLSArrival
2203 seconds, send the
2204 database copy back to the sending neighbor,
2205 encapsulated within
2206 a Link State Update Packet. The Link State Update
2207 Packet should
2208 be sent directly to the neighbor. In so doing, do not
2209 put the
2210 database copy of the LSA on the neighbor's link state
2211 retransmission list, and do not acknowledge the
2212 received (less
2213 recent) LSA instance. */
2214 else {
2215 if (monotime_since(&current->tv_orig, NULL)
2216 >= ospf->min_ls_arrival * 1000LL)
2217 /* Trap NSSA type later.*/
2218 ospf_ls_upd_send_lsa(
2219 nbr, current,
2220 OSPF_SEND_PACKET_DIRECT);
2221 DISCARD_LSA(lsa, 9);
2222 }
2223 }
2224 }
2225 #undef DISCARD_LSA
2226
2227 assert(listcount(lsas) == 0);
2228 list_delete(&lsas);
2229 }
2230
2231 /* OSPF Link State Acknowledgment message read -- RFC2328 Section 13.7. */
2232 static void ospf_ls_ack(struct ip *iph, struct ospf_header *ospfh,
2233 struct stream *s, struct ospf_interface *oi,
2234 uint16_t size)
2235 {
2236 struct ospf_neighbor *nbr;
2237
2238 /* increment statistics. */
2239 oi->ls_ack_in++;
2240
2241 nbr = ospf_nbr_lookup(oi, iph, ospfh);
2242 if (nbr == NULL) {
2243 flog_warn(EC_OSPF_PACKET,
2244 "Link State Acknowledgment: Unknown Neighbor %pI4",
2245 &ospfh->router_id);
2246 return;
2247 }
2248
2249 if (nbr->state < NSM_Exchange) {
2250 if (IS_DEBUG_OSPF(nsm, NSM_EVENTS))
2251 zlog_debug(
2252 "Link State Acknowledgment: Neighbor[%pI4] state %s is less than Exchange",
2253 &ospfh->router_id,
2254 lookup_msg(ospf_nsm_state_msg, nbr->state,
2255 NULL));
2256 return;
2257 }
2258
2259 while (size >= OSPF_LSA_HEADER_SIZE) {
2260 struct ospf_lsa *lsa, *lsr;
2261
2262 lsa = ospf_lsa_new();
2263 lsa->data = (struct lsa_header *)stream_pnt(s);
2264 lsa->vrf_id = oi->ospf->vrf_id;
2265
2266 /* lsah = (struct lsa_header *) stream_pnt (s); */
2267 size -= OSPF_LSA_HEADER_SIZE;
2268 stream_forward_getp(s, OSPF_LSA_HEADER_SIZE);
2269
2270 if (lsa->data->type < OSPF_MIN_LSA
2271 || lsa->data->type >= OSPF_MAX_LSA) {
2272 lsa->data = NULL;
2273 ospf_lsa_discard(lsa);
2274 continue;
2275 }
2276
2277 lsr = ospf_ls_retransmit_lookup(nbr, lsa);
2278
2279 if (lsr != NULL && ospf_lsa_more_recent(lsr, lsa) == 0) {
2280 ospf_ls_retransmit_delete(nbr, lsr);
2281 ospf_check_and_gen_init_seq_lsa(oi, lsa);
2282 }
2283
2284 lsa->data = NULL;
2285 ospf_lsa_discard(lsa);
2286 }
2287
2288 return;
2289 }
2290
2291 static struct stream *ospf_recv_packet(struct ospf *ospf, int fd,
2292 struct interface **ifp,
2293 struct stream *ibuf)
2294 {
2295 int ret;
2296 struct ip *iph;
2297 uint16_t ip_len;
2298 ifindex_t ifindex = 0;
2299 struct iovec iov;
2300 /* Header and data both require alignment. */
2301 char buff[CMSG_SPACE(SOPT_SIZE_CMSG_IFINDEX_IPV4())];
2302 struct msghdr msgh;
2303
2304 memset(&msgh, 0, sizeof(msgh));
2305 msgh.msg_iov = &iov;
2306 msgh.msg_iovlen = 1;
2307 msgh.msg_control = (caddr_t)buff;
2308 msgh.msg_controllen = sizeof(buff);
2309
2310 ret = stream_recvmsg(ibuf, fd, &msgh, MSG_DONTWAIT,
2311 OSPF_MAX_PACKET_SIZE + 1);
2312 if (ret < 0) {
2313 if (errno != EAGAIN && errno != EWOULDBLOCK)
2314 flog_warn(EC_OSPF_PACKET, "stream_recvmsg failed: %s",
2315 safe_strerror(errno));
2316 return NULL;
2317 }
2318 if ((unsigned int)ret < sizeof(struct ip)) {
2319 flog_warn(
2320 EC_OSPF_PACKET,
2321 "%s: discarding runt packet of length %d (ip header size is %u)",
2322 __func__, ret, (unsigned int)sizeof(iph));
2323 return NULL;
2324 }
2325
2326 /* Note that there should not be alignment problems with this assignment
2327 because this is at the beginning of the stream data buffer. */
2328 iph = (struct ip *)STREAM_DATA(ibuf);
2329 sockopt_iphdrincl_swab_systoh(iph);
2330
2331 ip_len = iph->ip_len;
2332
2333 #if defined(__FreeBSD__) && (__FreeBSD_version < 1000000)
2334 /*
2335 * Kernel network code touches incoming IP header parameters,
2336 * before protocol specific processing.
2337 *
2338 * 1) Convert byteorder to host representation.
2339 * --> ip_len, ip_id, ip_off
2340 *
2341 * 2) Adjust ip_len to strip IP header size!
2342 * --> If user process receives entire IP packet via RAW
2343 * socket, it must consider adding IP header size to
2344 * the "ip_len" field of "ip" structure.
2345 *
2346 * For more details, see <netinet/ip_input.c>.
2347 */
2348 ip_len = ip_len + (iph->ip_hl << 2);
2349 #endif
2350
2351 #if defined(__DragonFly__)
2352 /*
2353 * in DragonFly's raw socket, ip_len/ip_off are read
2354 * in network byte order.
2355 * As OpenBSD < 200311 adjust ip_len to strip IP header size!
2356 */
2357 ip_len = ntohs(iph->ip_len) + (iph->ip_hl << 2);
2358 #endif
2359
2360 ifindex = getsockopt_ifindex(AF_INET, &msgh);
2361
2362 *ifp = if_lookup_by_index(ifindex, ospf->vrf_id);
2363
2364 if (ret != ip_len) {
2365 flog_warn(
2366 EC_OSPF_PACKET,
2367 "%s read length mismatch: ip_len is %d, but recvmsg returned %d",
2368 __func__, ip_len, ret);
2369 return NULL;
2370 }
2371
2372 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2373 zlog_debug("%s: fd %d(%s) on interface %d(%s)", __func__, fd,
2374 ospf_get_name(ospf), ifindex,
2375 *ifp ? (*ifp)->name : "Unknown");
2376 return ibuf;
2377 }
2378
2379 static struct ospf_interface *
2380 ospf_associate_packet_vl(struct ospf *ospf, struct interface *ifp,
2381 struct ip *iph, struct ospf_header *ospfh)
2382 {
2383 struct ospf_interface *rcv_oi;
2384 struct ospf_vl_data *vl_data;
2385 struct ospf_area *vl_area;
2386 struct listnode *node;
2387
2388 if (IN_MULTICAST(ntohl(iph->ip_dst.s_addr))
2389 || !OSPF_IS_AREA_BACKBONE(ospfh))
2390 return NULL;
2391
2392 /* look for local OSPF interface matching the destination
2393 * to determine Area ID. We presume therefore the destination address
2394 * is unique, or at least (for "unnumbered" links), not used in other
2395 * areas
2396 */
2397 if ((rcv_oi = ospf_if_lookup_by_local_addr(ospf, NULL, iph->ip_dst))
2398 == NULL)
2399 return NULL;
2400
2401 for (ALL_LIST_ELEMENTS_RO(ospf->vlinks, node, vl_data)) {
2402 vl_area =
2403 ospf_area_lookup_by_area_id(ospf, vl_data->vl_area_id);
2404 if (!vl_area)
2405 continue;
2406
2407 if (OSPF_AREA_SAME(&vl_area, &rcv_oi->area)
2408 && IPV4_ADDR_SAME(&vl_data->vl_peer, &ospfh->router_id)) {
2409 if (IS_DEBUG_OSPF_EVENT)
2410 zlog_debug("associating packet with %s",
2411 IF_NAME(vl_data->vl_oi));
2412 if (!CHECK_FLAG(vl_data->vl_oi->ifp->flags, IFF_UP)) {
2413 if (IS_DEBUG_OSPF_EVENT)
2414 zlog_debug(
2415 "This VL is not up yet, sorry");
2416 return NULL;
2417 }
2418
2419 return vl_data->vl_oi;
2420 }
2421 }
2422
2423 if (IS_DEBUG_OSPF_EVENT)
2424 zlog_debug("couldn't find any VL to associate the packet with");
2425
2426 return NULL;
2427 }
2428
2429 static int ospf_check_area_id(struct ospf_interface *oi,
2430 struct ospf_header *ospfh)
2431 {
2432 /* Check match the Area ID of the receiving interface. */
2433 if (OSPF_AREA_SAME(&oi->area, &ospfh))
2434 return 1;
2435
2436 return 0;
2437 }
2438
2439 /* Unbound socket will accept any Raw IP packets if proto is matched.
2440 To prevent it, compare src IP address and i/f address with masking
2441 i/f network mask. */
2442 static int ospf_check_network_mask(struct ospf_interface *oi,
2443 struct in_addr ip_src)
2444 {
2445 struct in_addr mask, me, him;
2446
2447 if (oi->type == OSPF_IFTYPE_POINTOPOINT
2448 || oi->type == OSPF_IFTYPE_VIRTUALLINK)
2449 return 1;
2450
2451 /* Ignore mask check for max prefix length (32) */
2452 if (oi->type == OSPF_IFTYPE_POINTOMULTIPOINT
2453 && oi->address->prefixlen == IPV4_MAX_BITLEN)
2454 return 1;
2455
2456 masklen2ip(oi->address->prefixlen, &mask);
2457
2458 me.s_addr = oi->address->u.prefix4.s_addr & mask.s_addr;
2459 him.s_addr = ip_src.s_addr & mask.s_addr;
2460
2461 if (IPV4_ADDR_SAME(&me, &him))
2462 return 1;
2463
2464 return 0;
2465 }
2466
2467 /* Return 1, if the packet is properly authenticated and checksummed,
2468 0 otherwise. In particular, check that AuType header field is valid and
2469 matches the locally configured AuType, and that D.5 requirements are met. */
2470 static int ospf_check_auth(struct ospf_interface *oi, struct ospf_header *ospfh)
2471 {
2472 struct crypt_key *ck;
2473 uint16_t iface_auth_type;
2474 uint16_t pkt_auth_type = ntohs(ospfh->auth_type);
2475
2476 switch (pkt_auth_type) {
2477 case OSPF_AUTH_NULL: /* RFC2328 D.5.1 */
2478 if (OSPF_AUTH_NULL != (iface_auth_type = ospf_auth_type(oi))) {
2479 if (IS_DEBUG_OSPF_PACKET(ospfh->type - 1, RECV))
2480 flog_warn(
2481 EC_OSPF_PACKET,
2482 "interface %s: auth-type mismatch, local %s, rcvd Null, Router-ID %pI4",
2483 IF_NAME(oi),
2484 lookup_msg(ospf_auth_type_str,
2485 iface_auth_type, NULL),
2486 &ospfh->router_id);
2487 return 0;
2488 }
2489 if (!ospf_check_sum(ospfh)) {
2490 if (IS_DEBUG_OSPF_PACKET(ospfh->type - 1, RECV))
2491 flog_warn(
2492 EC_OSPF_PACKET,
2493 "interface %s: Null auth OK, but checksum error, Router-ID %pI4",
2494 IF_NAME(oi),
2495 &ospfh->router_id);
2496 return 0;
2497 }
2498 return 1;
2499 case OSPF_AUTH_SIMPLE: /* RFC2328 D.5.2 */
2500 if (OSPF_AUTH_SIMPLE
2501 != (iface_auth_type = ospf_auth_type(oi))) {
2502 if (IS_DEBUG_OSPF_PACKET(ospfh->type - 1, RECV))
2503 flog_warn(
2504 EC_OSPF_PACKET,
2505 "interface %s: auth-type mismatch, local %s, rcvd Simple, Router-ID %pI4",
2506 IF_NAME(oi),
2507 lookup_msg(ospf_auth_type_str,
2508 iface_auth_type, NULL),
2509 &ospfh->router_id);
2510 return 0;
2511 }
2512 if (memcmp(OSPF_IF_PARAM(oi, auth_simple), ospfh->u.auth_data,
2513 OSPF_AUTH_SIMPLE_SIZE)) {
2514 if (IS_DEBUG_OSPF_PACKET(ospfh->type - 1, RECV))
2515 flog_warn(
2516 EC_OSPF_PACKET,
2517 "interface %s: Simple auth failed, Router-ID %pI4",
2518 IF_NAME(oi), &ospfh->router_id);
2519 return 0;
2520 }
2521 if (!ospf_check_sum(ospfh)) {
2522 if (IS_DEBUG_OSPF_PACKET(ospfh->type - 1, RECV))
2523 flog_warn(
2524 EC_OSPF_PACKET,
2525 "interface %s: Simple auth OK, checksum error, Router-ID %pI4",
2526 IF_NAME(oi),
2527 &ospfh->router_id);
2528 return 0;
2529 }
2530 return 1;
2531 case OSPF_AUTH_CRYPTOGRAPHIC: /* RFC2328 D.5.3 */
2532 if (OSPF_AUTH_CRYPTOGRAPHIC
2533 != (iface_auth_type = ospf_auth_type(oi))) {
2534 if (IS_DEBUG_OSPF_PACKET(ospfh->type - 1, RECV))
2535 flog_warn(
2536 EC_OSPF_PACKET,
2537 "interface %s: auth-type mismatch, local %s, rcvd Cryptographic, Router-ID %pI4",
2538 IF_NAME(oi),
2539 lookup_msg(ospf_auth_type_str,
2540 iface_auth_type, NULL),
2541 &ospfh->router_id);
2542 return 0;
2543 }
2544 if (ospfh->checksum) {
2545 if (IS_DEBUG_OSPF_PACKET(ospfh->type - 1, RECV))
2546 flog_warn(
2547 EC_OSPF_PACKET,
2548 "interface %s: OSPF header checksum is not 0, Router-ID %pI4",
2549 IF_NAME(oi), &ospfh->router_id);
2550 return 0;
2551 }
2552 /* only MD5 crypto method can pass ospf_packet_examin() */
2553 if (NULL == (ck = listgetdata(
2554 listtail(OSPF_IF_PARAM(oi, auth_crypt))))
2555 || ospfh->u.crypt.key_id != ck->key_id ||
2556 /* Condition above uses the last key ID on the list,
2557 which is
2558 different from what ospf_crypt_key_lookup() does. A
2559 bug? */
2560 !ospf_check_md5_digest(oi, ospfh)) {
2561 if (IS_DEBUG_OSPF_PACKET(ospfh->type - 1, RECV))
2562 flog_warn(
2563 EC_OSPF_MD5,
2564 "interface %s: MD5 auth failed, Router-ID %pI4",
2565 IF_NAME(oi), &ospfh->router_id);
2566 return 0;
2567 }
2568 return 1;
2569 default:
2570 if (IS_DEBUG_OSPF_PACKET(ospfh->type - 1, RECV))
2571 flog_warn(
2572 EC_OSPF_PACKET,
2573 "interface %s: invalid packet auth-type (%02x), Router-ID %pI4",
2574 IF_NAME(oi), pkt_auth_type, &ospfh->router_id);
2575 return 0;
2576 }
2577 }
2578
2579 static int ospf_check_sum(struct ospf_header *ospfh)
2580 {
2581 uint32_t ret;
2582 uint16_t sum;
2583
2584 /* clear auth_data for checksum. */
2585 memset(ospfh->u.auth_data, 0, OSPF_AUTH_SIMPLE_SIZE);
2586
2587 /* keep checksum and clear. */
2588 sum = ospfh->checksum;
2589 memset(&ospfh->checksum, 0, sizeof(uint16_t));
2590
2591 /* calculate checksum. */
2592 ret = in_cksum(ospfh, ntohs(ospfh->length));
2593
2594 if (ret != sum) {
2595 zlog_info("%s: checksum mismatch, my %X, his %X", __func__, ret,
2596 sum);
2597 return 0;
2598 }
2599
2600 return 1;
2601 }
2602
2603 /* Verify, that given link/TOS records are properly sized/aligned and match
2604 Router-LSA "# links" and "# TOS" fields as specified in RFC2328 A.4.2. */
2605 static unsigned ospf_router_lsa_links_examin(struct router_lsa_link *link,
2606 uint16_t linkbytes,
2607 const uint16_t num_links)
2608 {
2609 unsigned counted_links = 0, thislinklen;
2610
2611 while (linkbytes >= OSPF_ROUTER_LSA_LINK_SIZE) {
2612 thislinklen =
2613 OSPF_ROUTER_LSA_LINK_SIZE + 4 * link->m[0].tos_count;
2614 if (thislinklen > linkbytes) {
2615 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2616 zlog_debug("%s: length error in link block #%u",
2617 __func__, counted_links);
2618 return MSG_NG;
2619 }
2620 link = (struct router_lsa_link *)((caddr_t)link + thislinklen);
2621 linkbytes -= thislinklen;
2622 counted_links++;
2623 }
2624 if (counted_links != num_links) {
2625 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2626 zlog_debug("%s: %u link blocks declared, %u present",
2627 __func__, num_links, counted_links);
2628 return MSG_NG;
2629 }
2630 return MSG_OK;
2631 }
2632
2633 /* Verify, that the given LSA is properly sized/aligned (including type-specific
2634 minimum length constraint). */
2635 static unsigned ospf_lsa_examin(struct lsa_header *lsah, const uint16_t lsalen,
2636 const uint8_t headeronly)
2637 {
2638 unsigned ret;
2639 struct router_lsa *rlsa;
2640 if (lsah->type < OSPF_MAX_LSA && ospf_lsa_minlen[lsah->type]
2641 && lsalen < OSPF_LSA_HEADER_SIZE + ospf_lsa_minlen[lsah->type]) {
2642 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2643 zlog_debug("%s: undersized (%u B) %s", __func__, lsalen,
2644 lookup_msg(ospf_lsa_type_msg, lsah->type,
2645 NULL));
2646 return MSG_NG;
2647 }
2648 switch (lsah->type) {
2649 case OSPF_ROUTER_LSA: {
2650 /*
2651 * RFC2328 A.4.2, LSA header + 4 bytes followed by N>=0
2652 * (12+)-byte link blocks
2653 */
2654 size_t linkbytes_len = lsalen - OSPF_LSA_HEADER_SIZE
2655 - OSPF_ROUTER_LSA_MIN_SIZE;
2656
2657 /*
2658 * LSA link blocks are variable length but always multiples of
2659 * 4; basic sanity check
2660 */
2661 if (linkbytes_len % 4 != 0)
2662 return MSG_NG;
2663
2664 if (headeronly)
2665 return MSG_OK;
2666
2667 rlsa = (struct router_lsa *)lsah;
2668
2669 ret = ospf_router_lsa_links_examin(
2670 (struct router_lsa_link *)rlsa->link,
2671 linkbytes_len,
2672 ntohs(rlsa->links));
2673 break;
2674 }
2675 case OSPF_AS_EXTERNAL_LSA:
2676 /* RFC2328 A.4.5, LSA header + 4 bytes followed by N>=1 12-bytes long
2677 * blocks */
2678 case OSPF_AS_NSSA_LSA:
2679 /* RFC3101 C, idem */
2680 ret = (lsalen - OSPF_LSA_HEADER_SIZE
2681 - OSPF_AS_EXTERNAL_LSA_MIN_SIZE)
2682 % 12
2683 ? MSG_NG
2684 : MSG_OK;
2685 break;
2686 /* Following LSA types are considered OK length-wise as soon as their
2687 * minimum
2688 * length constraint is met and length of the whole LSA is a multiple of
2689 * 4
2690 * (basic LSA header size is already a multiple of 4). */
2691 case OSPF_NETWORK_LSA:
2692 /* RFC2328 A.4.3, LSA header + 4 bytes followed by N>=1 router-IDs */
2693 case OSPF_SUMMARY_LSA:
2694 case OSPF_ASBR_SUMMARY_LSA:
2695 /* RFC2328 A.4.4, LSA header + 4 bytes followed by N>=1 4-bytes TOS
2696 * blocks */
2697 case OSPF_OPAQUE_LINK_LSA:
2698 case OSPF_OPAQUE_AREA_LSA:
2699 case OSPF_OPAQUE_AS_LSA:
2700 /* RFC5250 A.2, "some number of octets (of application-specific
2701 * data) padded to 32-bit alignment." This is considered
2702 * equivalent
2703 * to 4-byte alignment of all other LSA types, see
2704 * OSPF-ALIGNMENT.txt
2705 * file for the detailed analysis of this passage. */
2706 ret = lsalen % 4 ? MSG_NG : MSG_OK;
2707 break;
2708 default:
2709 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2710 zlog_debug("%s: unsupported LSA type 0x%02x", __func__,
2711 lsah->type);
2712 return MSG_NG;
2713 }
2714 if (ret != MSG_OK && IS_DEBUG_OSPF_PACKET(0, RECV))
2715 zlog_debug("%s: alignment error in %s", __func__,
2716 lookup_msg(ospf_lsa_type_msg, lsah->type, NULL));
2717 return ret;
2718 }
2719
2720 /* Verify if the provided input buffer is a valid sequence of LSAs. This
2721 includes verification of LSA blocks length/alignment and dispatching
2722 of deeper-level checks. */
2723 static unsigned
2724 ospf_lsaseq_examin(struct lsa_header *lsah, /* start of buffered data */
2725 size_t length, const uint8_t headeronly,
2726 /* When declared_num_lsas is not 0, compare it to the real
2727 number of LSAs
2728 and treat the difference as an error. */
2729 const uint32_t declared_num_lsas)
2730 {
2731 uint32_t counted_lsas = 0;
2732
2733 while (length) {
2734 uint16_t lsalen;
2735 if (length < OSPF_LSA_HEADER_SIZE) {
2736 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2737 zlog_debug(
2738 "%s: undersized (%zu B) trailing (#%u) LSA header",
2739 __func__, length, counted_lsas);
2740 return MSG_NG;
2741 }
2742 /* save on ntohs() calls here and in the LSA validator */
2743 lsalen = ntohs(lsah->length);
2744 if (lsalen < OSPF_LSA_HEADER_SIZE) {
2745 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2746 zlog_debug(
2747 "%s: malformed LSA header #%u, declared length is %u B",
2748 __func__, counted_lsas, lsalen);
2749 return MSG_NG;
2750 }
2751 if (headeronly) {
2752 /* less checks here and in ospf_lsa_examin() */
2753 if (MSG_OK != ospf_lsa_examin(lsah, lsalen, 1)) {
2754 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2755 zlog_debug(
2756 "%s: malformed header-only LSA #%u",
2757 __func__, counted_lsas);
2758 return MSG_NG;
2759 }
2760 lsah = (struct lsa_header *)((caddr_t)lsah
2761 + OSPF_LSA_HEADER_SIZE);
2762 length -= OSPF_LSA_HEADER_SIZE;
2763 } else {
2764 /* make sure the input buffer is deep enough before
2765 * further checks */
2766 if (lsalen > length) {
2767 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2768 zlog_debug(
2769 "%s: anomaly in LSA #%u: declared length is %u B, buffered length is %zu B",
2770 __func__, counted_lsas, lsalen,
2771 length);
2772 return MSG_NG;
2773 }
2774 if (MSG_OK != ospf_lsa_examin(lsah, lsalen, 0)) {
2775 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2776 zlog_debug("%s: malformed LSA #%u",
2777 __func__, counted_lsas);
2778 return MSG_NG;
2779 }
2780 lsah = (struct lsa_header *)((caddr_t)lsah + lsalen);
2781 length -= lsalen;
2782 }
2783 counted_lsas++;
2784 }
2785
2786 if (declared_num_lsas && counted_lsas != declared_num_lsas) {
2787 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2788 zlog_debug(
2789 "%s: #LSAs declared (%u) does not match actual (%u)",
2790 __func__, declared_num_lsas, counted_lsas);
2791 return MSG_NG;
2792 }
2793 return MSG_OK;
2794 }
2795
2796 /* Verify a complete OSPF packet for proper sizing/alignment. */
2797 static unsigned ospf_packet_examin(struct ospf_header *oh,
2798 const unsigned bytesonwire)
2799 {
2800 uint16_t bytesdeclared, bytesauth;
2801 unsigned ret;
2802 struct ospf_ls_update *lsupd;
2803
2804 /* Length, 1st approximation. */
2805 if (bytesonwire < OSPF_HEADER_SIZE) {
2806 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2807 zlog_debug("%s: undersized (%u B) packet", __func__,
2808 bytesonwire);
2809 return MSG_NG;
2810 }
2811 /* Now it is safe to access header fields. Performing length check,
2812 * allow
2813 * for possible extra bytes of crypto auth/padding, which are not
2814 * counted
2815 * in the OSPF header "length" field. */
2816 if (oh->version != OSPF_VERSION) {
2817 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2818 zlog_debug("%s: invalid (%u) protocol version",
2819 __func__, oh->version);
2820 return MSG_NG;
2821 }
2822 bytesdeclared = ntohs(oh->length);
2823 if (ntohs(oh->auth_type) != OSPF_AUTH_CRYPTOGRAPHIC)
2824 bytesauth = 0;
2825 else {
2826 if (oh->u.crypt.auth_data_len != OSPF_AUTH_MD5_SIZE) {
2827 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2828 zlog_debug(
2829 "%s: unsupported crypto auth length (%u B)",
2830 __func__, oh->u.crypt.auth_data_len);
2831 return MSG_NG;
2832 }
2833 bytesauth = OSPF_AUTH_MD5_SIZE;
2834 }
2835 if (bytesdeclared + bytesauth > bytesonwire) {
2836 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2837 zlog_debug(
2838 "%s: packet length error (%u real, %u+%u declared)",
2839 __func__, bytesonwire, bytesdeclared,
2840 bytesauth);
2841 return MSG_NG;
2842 }
2843 /* Length, 2nd approximation. The type-specific constraint is checked
2844 against declared length, not amount of bytes on wire. */
2845 if (oh->type >= OSPF_MSG_HELLO && oh->type <= OSPF_MSG_LS_ACK
2846 && bytesdeclared
2847 < OSPF_HEADER_SIZE + ospf_packet_minlen[oh->type]) {
2848 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2849 zlog_debug("%s: undersized (%u B) %s packet", __func__,
2850 bytesdeclared,
2851 lookup_msg(ospf_packet_type_str, oh->type,
2852 NULL));
2853 return MSG_NG;
2854 }
2855 switch (oh->type) {
2856 case OSPF_MSG_HELLO:
2857 /* RFC2328 A.3.2, packet header + OSPF_HELLO_MIN_SIZE bytes
2858 followed
2859 by N>=0 router-IDs. */
2860 ret = (bytesdeclared - OSPF_HEADER_SIZE - OSPF_HELLO_MIN_SIZE)
2861 % 4
2862 ? MSG_NG
2863 : MSG_OK;
2864 break;
2865 case OSPF_MSG_DB_DESC:
2866 /* RFC2328 A.3.3, packet header + OSPF_DB_DESC_MIN_SIZE bytes
2867 followed
2868 by N>=0 header-only LSAs. */
2869 ret = ospf_lsaseq_examin(
2870 (struct lsa_header *)((caddr_t)oh + OSPF_HEADER_SIZE
2871 + OSPF_DB_DESC_MIN_SIZE),
2872 bytesdeclared - OSPF_HEADER_SIZE
2873 - OSPF_DB_DESC_MIN_SIZE,
2874 1, /* header-only LSAs */
2875 0);
2876 break;
2877 case OSPF_MSG_LS_REQ:
2878 /* RFC2328 A.3.4, packet header followed by N>=0 12-bytes
2879 * request blocks. */
2880 ret = (bytesdeclared - OSPF_HEADER_SIZE - OSPF_LS_REQ_MIN_SIZE)
2881 % OSPF_LSA_KEY_SIZE
2882 ? MSG_NG
2883 : MSG_OK;
2884 break;
2885 case OSPF_MSG_LS_UPD:
2886 /* RFC2328 A.3.5, packet header + OSPF_LS_UPD_MIN_SIZE bytes
2887 followed
2888 by N>=0 full LSAs (with N declared beforehand). */
2889 lsupd = (struct ospf_ls_update *)((caddr_t)oh
2890 + OSPF_HEADER_SIZE);
2891 ret = ospf_lsaseq_examin(
2892 (struct lsa_header *)((caddr_t)lsupd
2893 + OSPF_LS_UPD_MIN_SIZE),
2894 bytesdeclared - OSPF_HEADER_SIZE - OSPF_LS_UPD_MIN_SIZE,
2895 0, /* full LSAs */
2896 ntohl(lsupd->num_lsas) /* 32 bits */
2897 );
2898 break;
2899 case OSPF_MSG_LS_ACK:
2900 /* RFC2328 A.3.6, packet header followed by N>=0 header-only
2901 * LSAs. */
2902 ret = ospf_lsaseq_examin(
2903 (struct lsa_header *)((caddr_t)oh + OSPF_HEADER_SIZE
2904 + OSPF_LS_ACK_MIN_SIZE),
2905 bytesdeclared - OSPF_HEADER_SIZE - OSPF_LS_ACK_MIN_SIZE,
2906 1, /* header-only LSAs */
2907 0);
2908 break;
2909 default:
2910 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2911 zlog_debug("%s: invalid packet type 0x%02x", __func__,
2912 oh->type);
2913 return MSG_NG;
2914 }
2915 if (ret != MSG_OK && IS_DEBUG_OSPF_PACKET(0, RECV))
2916 zlog_debug("%s: malformed %s packet", __func__,
2917 lookup_msg(ospf_packet_type_str, oh->type, NULL));
2918 return ret;
2919 }
2920
2921 /* OSPF Header verification. */
2922 static int ospf_verify_header(struct stream *ibuf, struct ospf_interface *oi,
2923 struct ip *iph, struct ospf_header *ospfh)
2924 {
2925 /* Check Area ID. */
2926 if (!ospf_check_area_id(oi, ospfh)) {
2927 flog_warn(EC_OSPF_PACKET,
2928 "interface %s: ospf_read invalid Area ID %pI4",
2929 IF_NAME(oi), &ospfh->area_id);
2930 return -1;
2931 }
2932
2933 /* Check network mask, Silently discarded. */
2934 if (!ospf_check_network_mask(oi, iph->ip_src)) {
2935 flog_warn(
2936 EC_OSPF_PACKET,
2937 "interface %s: ospf_read network address is not same [%pI4]",
2938 IF_NAME(oi), &iph->ip_src);
2939 return -1;
2940 }
2941
2942 /* Check authentication. The function handles logging actions, where
2943 * required. */
2944 if (!ospf_check_auth(oi, ospfh))
2945 return -1;
2946
2947 return 0;
2948 }
2949
2950 enum ospf_read_return_enum {
2951 OSPF_READ_ERROR,
2952 OSPF_READ_CONTINUE,
2953 };
2954
2955 static enum ospf_read_return_enum ospf_read_helper(struct ospf *ospf)
2956 {
2957 int ret;
2958 struct stream *ibuf;
2959 struct ospf_interface *oi;
2960 struct ip *iph;
2961 struct ospf_header *ospfh;
2962 uint16_t length;
2963 struct connected *c;
2964 struct interface *ifp = NULL;
2965
2966 stream_reset(ospf->ibuf);
2967 ibuf = ospf_recv_packet(ospf, ospf->fd, &ifp, ospf->ibuf);
2968 if (ibuf == NULL)
2969 return OSPF_READ_ERROR;
2970
2971 /*
2972 * This raw packet is known to be at least as big as its
2973 * IP header. Note that there should not be alignment problems with
2974 * this assignment because this is at the beginning of the
2975 * stream data buffer.
2976 */
2977 iph = (struct ip *)STREAM_DATA(ibuf);
2978 /*
2979 * Note that sockopt_iphdrincl_swab_systoh was called in
2980 * ospf_recv_packet.
2981 */
2982 if (ifp == NULL) {
2983 /*
2984 * Handle cases where the platform does not support
2985 * retrieving the ifindex, and also platforms (such as
2986 * Solaris 8) that claim to support ifindex retrieval but do
2987 * not.
2988 */
2989 c = if_lookup_address((void *)&iph->ip_src, AF_INET,
2990 ospf->vrf_id);
2991 if (c)
2992 ifp = c->ifp;
2993 if (ifp == NULL) {
2994 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2995 zlog_debug(
2996 "%s: Unable to determine incoming interface from: %pI4(%s)",
2997 __func__, &iph->ip_src,
2998 ospf_get_name(ospf));
2999 return OSPF_READ_CONTINUE;
3000 }
3001 }
3002
3003 if (ospf->vrf_id == VRF_DEFAULT && ospf->vrf_id != ifp->vrf->vrf_id) {
3004 /*
3005 * We may have a situation where l3mdev_accept == 1
3006 * let's just kindly drop the packet and move on.
3007 * ospf really really really does not like when
3008 * we receive the same packet multiple times.
3009 */
3010 return OSPF_READ_CONTINUE;
3011 }
3012
3013 /* Self-originated packet should be discarded silently. */
3014 if (ospf_if_lookup_by_local_addr(ospf, NULL, iph->ip_src)) {
3015 if (IS_DEBUG_OSPF_PACKET(0, RECV)) {
3016 zlog_debug(
3017 "ospf_read[%pI4]: Dropping self-originated packet",
3018 &iph->ip_src);
3019 }
3020 return OSPF_READ_CONTINUE;
3021 }
3022
3023 /* Check that we have enough for an IP header */
3024 if ((unsigned int)(iph->ip_hl << 2) >= STREAM_READABLE(ibuf)) {
3025 if ((unsigned int)(iph->ip_hl << 2) == STREAM_READABLE(ibuf)) {
3026 flog_warn(
3027 EC_OSPF_PACKET,
3028 "Rx'd IP packet with OSPF protocol number but no payload");
3029 } else {
3030 flog_warn(
3031 EC_OSPF_PACKET,
3032 "IP header length field claims header is %u bytes, but we only have %zu",
3033 (unsigned int)(iph->ip_hl << 2),
3034 STREAM_READABLE(ibuf));
3035 }
3036
3037 return OSPF_READ_ERROR;
3038 }
3039 stream_forward_getp(ibuf, iph->ip_hl << 2);
3040
3041 ospfh = (struct ospf_header *)stream_pnt(ibuf);
3042 if (MSG_OK
3043 != ospf_packet_examin(ospfh, stream_get_endp(ibuf)
3044 - stream_get_getp(ibuf)))
3045 return OSPF_READ_CONTINUE;
3046 /* Now it is safe to access all fields of OSPF packet header. */
3047
3048 /* associate packet with ospf interface */
3049 oi = ospf_if_lookup_recv_if(ospf, iph->ip_src, ifp);
3050
3051 /*
3052 * ospf_verify_header() relies on a valid "oi" and thus can be called
3053 * only after the passive/backbone/other checks below are passed.
3054 * These checks in turn access the fields of unverified "ospfh"
3055 * structure for their own purposes and must remain very accurate
3056 * in doing this.
3057 */
3058
3059 /* If incoming interface is passive one, ignore it. */
3060 if (oi && OSPF_IF_PASSIVE_STATUS(oi) == OSPF_IF_PASSIVE) {
3061 if (IS_DEBUG_OSPF_EVENT)
3062 zlog_debug(
3063 "ignoring packet from router %pI4 sent to %pI4, received on a passive interface, %pI4",
3064 &ospfh->router_id, &iph->ip_dst,
3065 &oi->address->u.prefix4);
3066
3067 if (iph->ip_dst.s_addr == htonl(OSPF_ALLSPFROUTERS)) {
3068 /* Try to fix multicast membership.
3069 * Some OS:es may have problems in this area,
3070 * make sure it is removed.
3071 */
3072 OI_MEMBER_JOINED(oi, MEMBER_ALLROUTERS);
3073 ospf_if_set_multicast(oi);
3074 }
3075 return OSPF_READ_CONTINUE;
3076 }
3077
3078
3079 /* if no local ospf_interface,
3080 * or header area is backbone but ospf_interface is not
3081 * check for VLINK interface
3082 */
3083 if ((oi == NULL)
3084 || (OSPF_IS_AREA_ID_BACKBONE(ospfh->area_id)
3085 && !OSPF_IS_AREA_ID_BACKBONE(oi->area->area_id))) {
3086 if ((oi = ospf_associate_packet_vl(ospf, ifp, iph, ospfh))
3087 == NULL) {
3088 if (!ospf->instance && IS_DEBUG_OSPF_EVENT)
3089 zlog_debug(
3090 "Packet from [%pI4] received on link %s but no ospf_interface",
3091 &iph->ip_src, ifp->name);
3092 return OSPF_READ_CONTINUE;
3093 }
3094 }
3095
3096 /*
3097 * else it must be a local ospf interface, check it was
3098 * received on correct link
3099 */
3100 else if (oi->ifp != ifp) {
3101 if (IS_DEBUG_OSPF_EVENT)
3102 flog_warn(EC_OSPF_PACKET,
3103 "Packet from [%pI4] received on wrong link %s",
3104 &iph->ip_src, ifp->name);
3105 return OSPF_READ_CONTINUE;
3106 } else if (oi->state == ISM_Down) {
3107 flog_warn(
3108 EC_OSPF_PACKET,
3109 "Ignoring packet from %pI4 to %pI4 received on interface that is down [%s]; interface flags are %s",
3110 &iph->ip_src, &iph->ip_dst, ifp->name,
3111 if_flag_dump(ifp->flags));
3112 /* Fix multicast memberships? */
3113 if (iph->ip_dst.s_addr == htonl(OSPF_ALLSPFROUTERS))
3114 OI_MEMBER_JOINED(oi, MEMBER_ALLROUTERS);
3115 else if (iph->ip_dst.s_addr == htonl(OSPF_ALLDROUTERS))
3116 OI_MEMBER_JOINED(oi, MEMBER_DROUTERS);
3117 if (oi->multicast_memberships)
3118 ospf_if_set_multicast(oi);
3119 return OSPF_READ_CONTINUE;
3120 }
3121
3122 /*
3123 * If the received packet is destined for AllDRouters, the
3124 * packet should be accepted only if the received ospf
3125 * interface state is either DR or Backup -- endo.
3126 *
3127 * I wonder who endo is?
3128 */
3129 if (iph->ip_dst.s_addr == htonl(OSPF_ALLDROUTERS)
3130 && (oi->state != ISM_DR && oi->state != ISM_Backup)) {
3131 flog_warn(
3132 EC_OSPF_PACKET,
3133 "Dropping packet for AllDRouters from [%pI4] via [%s] (ISM: %s)",
3134 &iph->ip_src, IF_NAME(oi),
3135 lookup_msg(ospf_ism_state_msg, oi->state, NULL));
3136 /* Try to fix multicast membership. */
3137 SET_FLAG(oi->multicast_memberships, MEMBER_DROUTERS);
3138 ospf_if_set_multicast(oi);
3139 return OSPF_READ_CONTINUE;
3140 }
3141
3142 /* Verify more OSPF header fields. */
3143 ret = ospf_verify_header(ibuf, oi, iph, ospfh);
3144 if (ret < 0) {
3145 if (IS_DEBUG_OSPF_PACKET(0, RECV))
3146 zlog_debug(
3147 "ospf_read[%pI4]: Header check failed, dropping.",
3148 &iph->ip_src);
3149 return OSPF_READ_CONTINUE;
3150 }
3151
3152 /* Show debug receiving packet. */
3153 if (IS_DEBUG_OSPF_PACKET(ospfh->type - 1, RECV)) {
3154 if (IS_DEBUG_OSPF_PACKET(ospfh->type - 1, DETAIL)) {
3155 zlog_debug(
3156 "-----------------------------------------------------");
3157 ospf_packet_dump(ibuf);
3158 }
3159
3160 zlog_debug("%s received from [%pI4] via [%s]",
3161 lookup_msg(ospf_packet_type_str, ospfh->type, NULL),
3162 &ospfh->router_id, IF_NAME(oi));
3163 zlog_debug(" src [%pI4],", &iph->ip_src);
3164 zlog_debug(" dst [%pI4]", &iph->ip_dst);
3165
3166 if (IS_DEBUG_OSPF_PACKET(ospfh->type - 1, DETAIL))
3167 zlog_debug(
3168 "-----------------------------------------------------");
3169 }
3170
3171 stream_forward_getp(ibuf, OSPF_HEADER_SIZE);
3172
3173 /* Adjust size to message length. */
3174 length = ntohs(ospfh->length) - OSPF_HEADER_SIZE;
3175
3176 /* Read rest of the packet and call each sort of packet routine.
3177 */
3178 switch (ospfh->type) {
3179 case OSPF_MSG_HELLO:
3180 ospf_hello(iph, ospfh, ibuf, oi, length);
3181 break;
3182 case OSPF_MSG_DB_DESC:
3183 ospf_db_desc(iph, ospfh, ibuf, oi, length);
3184 break;
3185 case OSPF_MSG_LS_REQ:
3186 ospf_ls_req(iph, ospfh, ibuf, oi, length);
3187 break;
3188 case OSPF_MSG_LS_UPD:
3189 ospf_ls_upd(ospf, iph, ospfh, ibuf, oi, length);
3190 break;
3191 case OSPF_MSG_LS_ACK:
3192 ospf_ls_ack(iph, ospfh, ibuf, oi, length);
3193 break;
3194 default:
3195 flog_warn(
3196 EC_OSPF_PACKET,
3197 "interface %s(%s): OSPF packet header type %d is illegal",
3198 IF_NAME(oi), ospf_get_name(ospf), ospfh->type);
3199 break;
3200 }
3201
3202 return OSPF_READ_CONTINUE;
3203 }
3204
3205 /* Starting point of packet process function. */
3206 void ospf_read(struct thread *thread)
3207 {
3208 struct ospf *ospf;
3209 int32_t count = 0;
3210 enum ospf_read_return_enum ret;
3211
3212 /* first of all get interface pointer. */
3213 ospf = THREAD_ARG(thread);
3214
3215 /* prepare for next packet. */
3216 thread_add_read(master, ospf_read, ospf, ospf->fd, &ospf->t_read);
3217
3218 while (count < ospf->write_oi_count) {
3219 count++;
3220 ret = ospf_read_helper(ospf);
3221 switch (ret) {
3222 case OSPF_READ_ERROR:
3223 return;
3224 case OSPF_READ_CONTINUE:
3225 break;
3226 }
3227 }
3228 }
3229
3230 /* Make OSPF header. */
3231 static void ospf_make_header(int type, struct ospf_interface *oi,
3232 struct stream *s)
3233 {
3234 struct ospf_header *ospfh;
3235
3236 ospfh = (struct ospf_header *)STREAM_DATA(s);
3237
3238 ospfh->version = (uint8_t)OSPF_VERSION;
3239 ospfh->type = (uint8_t)type;
3240
3241 ospfh->router_id = oi->ospf->router_id;
3242
3243 ospfh->checksum = 0;
3244 ospfh->area_id = oi->area->area_id;
3245 ospfh->auth_type = htons(ospf_auth_type(oi));
3246
3247 memset(ospfh->u.auth_data, 0, OSPF_AUTH_SIMPLE_SIZE);
3248
3249 stream_forward_endp(s, OSPF_HEADER_SIZE);
3250 }
3251
3252 /* Make Authentication Data. */
3253 static int ospf_make_auth(struct ospf_interface *oi, struct ospf_header *ospfh)
3254 {
3255 struct crypt_key *ck;
3256
3257 switch (ospf_auth_type(oi)) {
3258 case OSPF_AUTH_NULL:
3259 /* memset (ospfh->u.auth_data, 0, sizeof(ospfh->u.auth_data));
3260 */
3261 break;
3262 case OSPF_AUTH_SIMPLE:
3263 memcpy(ospfh->u.auth_data, OSPF_IF_PARAM(oi, auth_simple),
3264 OSPF_AUTH_SIMPLE_SIZE);
3265 break;
3266 case OSPF_AUTH_CRYPTOGRAPHIC:
3267 /* If key is not set, then set 0. */
3268 if (list_isempty(OSPF_IF_PARAM(oi, auth_crypt))) {
3269 ospfh->u.crypt.zero = 0;
3270 ospfh->u.crypt.key_id = 0;
3271 ospfh->u.crypt.auth_data_len = OSPF_AUTH_MD5_SIZE;
3272 } else {
3273 ck = listgetdata(
3274 listtail(OSPF_IF_PARAM(oi, auth_crypt)));
3275 ospfh->u.crypt.zero = 0;
3276 ospfh->u.crypt.key_id = ck->key_id;
3277 ospfh->u.crypt.auth_data_len = OSPF_AUTH_MD5_SIZE;
3278 }
3279 /* note: the seq is done in ospf_make_md5_digest() */
3280 break;
3281 default:
3282 /* memset (ospfh->u.auth_data, 0, sizeof(ospfh->u.auth_data));
3283 */
3284 break;
3285 }
3286
3287 return 0;
3288 }
3289
3290 /* Fill rest of OSPF header. */
3291 static void ospf_fill_header(struct ospf_interface *oi, struct stream *s,
3292 uint16_t length)
3293 {
3294 struct ospf_header *ospfh;
3295
3296 ospfh = (struct ospf_header *)STREAM_DATA(s);
3297
3298 /* Fill length. */
3299 ospfh->length = htons(length);
3300
3301 /* Calculate checksum. */
3302 if (ntohs(ospfh->auth_type) != OSPF_AUTH_CRYPTOGRAPHIC)
3303 ospfh->checksum = in_cksum(ospfh, length);
3304 else
3305 ospfh->checksum = 0;
3306
3307 /* Add Authentication Data. */
3308 ospf_make_auth(oi, ospfh);
3309 }
3310
3311 static int ospf_make_hello(struct ospf_interface *oi, struct stream *s)
3312 {
3313 struct ospf_neighbor *nbr;
3314 struct route_node *rn;
3315 uint16_t length = OSPF_HELLO_MIN_SIZE;
3316 struct in_addr mask;
3317 unsigned long p;
3318 int flag = 0;
3319
3320 /* Set netmask of interface. */
3321 if (!(CHECK_FLAG(oi->connected->flags, ZEBRA_IFA_UNNUMBERED)
3322 && oi->type == OSPF_IFTYPE_POINTOPOINT)
3323 && oi->type != OSPF_IFTYPE_VIRTUALLINK)
3324 masklen2ip(oi->address->prefixlen, &mask);
3325 else
3326 memset((char *)&mask, 0, sizeof(struct in_addr));
3327 stream_put_ipv4(s, mask.s_addr);
3328
3329 /* Set Hello Interval. */
3330 if (OSPF_IF_PARAM(oi, fast_hello) == 0)
3331 stream_putw(s, OSPF_IF_PARAM(oi, v_hello));
3332 else
3333 stream_putw(s, 0); /* hello-interval of 0 for fast-hellos */
3334
3335 /* Check if flood-reduction is enabled,
3336 * if yes set the DC bit in the options.
3337 */
3338 if (OSPF_FR_CONFIG(oi->ospf, oi->area))
3339 SET_FLAG(OPTIONS(oi), OSPF_OPTION_DC);
3340 else if (CHECK_FLAG(OPTIONS(oi), OSPF_OPTION_DC))
3341 UNSET_FLAG(OPTIONS(oi), OSPF_OPTION_DC);
3342
3343 if (IS_DEBUG_OSPF_EVENT)
3344 zlog_debug("%s: options: %x, int: %s", __func__, OPTIONS(oi),
3345 IF_NAME(oi));
3346
3347 /* Set Options. */
3348 stream_putc(s, OPTIONS(oi));
3349
3350 /* Set Router Priority. */
3351 stream_putc(s, PRIORITY(oi));
3352
3353 /* Set Router Dead Interval. */
3354 stream_putl(s, OSPF_IF_PARAM(oi, v_wait));
3355
3356 /* Set Designated Router. */
3357 stream_put_ipv4(s, DR(oi).s_addr);
3358
3359 p = stream_get_endp(s);
3360
3361 /* Set Backup Designated Router. */
3362 stream_put_ipv4(s, BDR(oi).s_addr);
3363
3364 /* Add neighbor seen. */
3365 for (rn = route_top(oi->nbrs); rn; rn = route_next(rn)) {
3366 nbr = rn->info;
3367
3368 if (!nbr)
3369 continue;
3370
3371 /* Ignore the 0.0.0.0 node */
3372 if (nbr->router_id.s_addr == INADDR_ANY)
3373 continue;
3374
3375 /* Ignore Down neighbor */
3376 if (nbr->state == NSM_Attempt)
3377 continue;
3378
3379 /* This is myself for DR election */
3380 if (nbr->state == NSM_Down)
3381 continue;
3382
3383 if (IPV4_ADDR_SAME(&nbr->router_id, &oi->ospf->router_id))
3384 continue;
3385 /* Check neighbor is sane? */
3386 if (nbr->d_router.s_addr != INADDR_ANY &&
3387 IPV4_ADDR_SAME(&nbr->d_router, &oi->address->u.prefix4) &&
3388 IPV4_ADDR_SAME(&nbr->bd_router, &oi->address->u.prefix4))
3389 flag = 1;
3390
3391 /* Hello packet overflows interface MTU.
3392 */
3393 if (length + sizeof(uint32_t) > ospf_packet_max(oi)) {
3394 flog_err(
3395 EC_OSPF_LARGE_HELLO,
3396 "Oversized Hello packet! Larger than MTU. Not sending it out");
3397 return 0;
3398 }
3399
3400 stream_put_ipv4(s, nbr->router_id.s_addr);
3401 length += 4;
3402 }
3403
3404 /* Let neighbor generate BackupSeen. */
3405 if (flag == 1)
3406 stream_putl_at(s, p, 0); /* ipv4 address, normally */
3407
3408 return length;
3409 }
3410
3411 static int ospf_make_db_desc(struct ospf_interface *oi,
3412 struct ospf_neighbor *nbr, struct stream *s)
3413 {
3414 struct ospf_lsa *lsa;
3415 uint16_t length = OSPF_DB_DESC_MIN_SIZE;
3416 uint8_t options;
3417 unsigned long pp;
3418 int i;
3419 struct ospf_lsdb *lsdb;
3420
3421 /* Set Interface MTU. */
3422 if (oi->type == OSPF_IFTYPE_VIRTUALLINK)
3423 stream_putw(s, 0);
3424 else
3425 stream_putw(s, oi->ifp->mtu);
3426
3427 /* Set Options. */
3428 options = OPTIONS(oi);
3429 if (CHECK_FLAG(oi->ospf->config, OSPF_OPAQUE_CAPABLE))
3430 SET_FLAG(options, OSPF_OPTION_O);
3431 if (OSPF_FR_CONFIG(oi->ospf, oi->area))
3432 SET_FLAG(options, OSPF_OPTION_DC);
3433 stream_putc(s, options);
3434
3435 /* DD flags */
3436 pp = stream_get_endp(s);
3437 stream_putc(s, nbr->dd_flags);
3438
3439 /* Set DD Sequence Number. */
3440 stream_putl(s, nbr->dd_seqnum);
3441
3442 /* shortcut unneeded walk of (empty) summary LSDBs */
3443 if (ospf_db_summary_isempty(nbr))
3444 goto empty;
3445
3446 /* Describe LSA Header from Database Summary List. */
3447 lsdb = &nbr->db_sum;
3448
3449 for (i = OSPF_MIN_LSA; i < OSPF_MAX_LSA; i++) {
3450 struct route_table *table = lsdb->type[i].db;
3451 struct route_node *rn;
3452
3453 for (rn = route_top(table); rn; rn = route_next(rn))
3454 if ((lsa = rn->info) != NULL) {
3455 if (IS_OPAQUE_LSA(lsa->data->type)
3456 && (!CHECK_FLAG(options, OSPF_OPTION_O))) {
3457 /* Suppress advertising
3458 * opaque-information. */
3459 /* Remove LSA from DB summary list. */
3460 ospf_lsdb_delete(lsdb, lsa);
3461 continue;
3462 }
3463
3464 if (!CHECK_FLAG(lsa->flags, OSPF_LSA_DISCARD)) {
3465 struct lsa_header *lsah;
3466 uint16_t ls_age;
3467
3468 /* DD packet overflows interface MTU. */
3469 if (length + OSPF_LSA_HEADER_SIZE
3470 > ospf_packet_max(oi))
3471 break;
3472
3473 /* Keep pointer to LS age. */
3474 lsah = (struct lsa_header
3475 *)(STREAM_DATA(s)
3476 + stream_get_endp(
3477 s));
3478
3479 /* Proceed stream pointer. */
3480 stream_put(s, lsa->data,
3481 OSPF_LSA_HEADER_SIZE);
3482 length += OSPF_LSA_HEADER_SIZE;
3483
3484 /* Set LS age. */
3485 ls_age = LS_AGE(lsa);
3486 lsah->ls_age = htons(ls_age);
3487 }
3488
3489 /* Remove LSA from DB summary list. */
3490 ospf_lsdb_delete(lsdb, lsa);
3491 }
3492 }
3493
3494 /* Update 'More' bit */
3495 if (ospf_db_summary_isempty(nbr)) {
3496 empty:
3497 if (nbr->state >= NSM_Exchange) {
3498 UNSET_FLAG(nbr->dd_flags, OSPF_DD_FLAG_M);
3499 /* Rewrite DD flags */
3500 stream_putc_at(s, pp, nbr->dd_flags);
3501 } else {
3502 assert(IS_SET_DD_M(nbr->dd_flags));
3503 }
3504 }
3505 return length;
3506 }
3507
3508 static int ospf_make_ls_req_func(struct stream *s, uint16_t *length,
3509 unsigned long delta, struct ospf_neighbor *nbr,
3510 struct ospf_lsa *lsa)
3511 {
3512 struct ospf_interface *oi;
3513
3514 oi = nbr->oi;
3515
3516 /* LS Request packet overflows interface MTU
3517 * delta is just number of bytes required for 1 LS Req
3518 * ospf_packet_max will return the number of bytes can
3519 * be accommodated without ospf header. So length+delta
3520 * can be compared to ospf_packet_max
3521 * to check if it can fit another lsreq in the same packet.
3522 */
3523
3524 if (*length + delta > ospf_packet_max(oi))
3525 return 0;
3526
3527 stream_putl(s, lsa->data->type);
3528 stream_put_ipv4(s, lsa->data->id.s_addr);
3529 stream_put_ipv4(s, lsa->data->adv_router.s_addr);
3530
3531 ospf_lsa_unlock(&nbr->ls_req_last);
3532 nbr->ls_req_last = ospf_lsa_lock(lsa);
3533
3534 *length += 12;
3535 return 1;
3536 }
3537
3538 static int ospf_make_ls_req(struct ospf_neighbor *nbr, struct stream *s)
3539 {
3540 struct ospf_lsa *lsa;
3541 uint16_t length = OSPF_LS_REQ_MIN_SIZE;
3542 unsigned long delta = 12;
3543 struct route_table *table;
3544 struct route_node *rn;
3545 int i;
3546 struct ospf_lsdb *lsdb;
3547
3548 lsdb = &nbr->ls_req;
3549
3550 for (i = OSPF_MIN_LSA; i < OSPF_MAX_LSA; i++) {
3551 table = lsdb->type[i].db;
3552 for (rn = route_top(table); rn; rn = route_next(rn))
3553 if ((lsa = (rn->info)) != NULL)
3554 if (ospf_make_ls_req_func(s, &length, delta,
3555 nbr, lsa)
3556 == 0) {
3557 route_unlock_node(rn);
3558 break;
3559 }
3560 }
3561 return length;
3562 }
3563
3564 static int ls_age_increment(struct ospf_lsa *lsa, int delay)
3565 {
3566 int age;
3567
3568 age = IS_LSA_MAXAGE(lsa) ? OSPF_LSA_MAXAGE : LS_AGE(lsa) + delay;
3569
3570 return (age > OSPF_LSA_MAXAGE ? OSPF_LSA_MAXAGE : age);
3571 }
3572
3573 static int ospf_make_ls_upd(struct ospf_interface *oi, struct list *update,
3574 struct stream *s)
3575 {
3576 struct ospf_lsa *lsa;
3577 struct listnode *node;
3578 uint16_t length = 0;
3579 unsigned int size_noauth;
3580 unsigned long delta = stream_get_endp(s);
3581 unsigned long pp;
3582 int count = 0;
3583
3584 if (IS_DEBUG_OSPF_EVENT)
3585 zlog_debug("%s: Start", __func__);
3586
3587 pp = stream_get_endp(s);
3588 stream_forward_endp(s, OSPF_LS_UPD_MIN_SIZE);
3589 length += OSPF_LS_UPD_MIN_SIZE;
3590
3591 /* Calculate amount of packet usable for data. */
3592 size_noauth = stream_get_size(s) - ospf_packet_authspace(oi);
3593
3594 while ((node = listhead(update)) != NULL) {
3595 struct lsa_header *lsah;
3596 uint16_t ls_age;
3597
3598 lsa = listgetdata(node);
3599 assert(lsa->data);
3600
3601 if (IS_DEBUG_OSPF_EVENT)
3602 zlog_debug("%s: List Iteration %d LSA[%s]", __func__,
3603 count, dump_lsa_key(lsa));
3604
3605 /* Will it fit? Minimum it has to fit at least one */
3606 if ((length + delta + ntohs(lsa->data->length) > size_noauth) &&
3607 (count > 0))
3608 break;
3609
3610 /* Keep pointer to LS age. */
3611 lsah = (struct lsa_header *)(STREAM_DATA(s)
3612 + stream_get_endp(s));
3613
3614 /* Put LSA to Link State Request. */
3615 stream_put(s, lsa->data, ntohs(lsa->data->length));
3616
3617 /* Set LS age. */
3618 /* each hop must increment an lsa_age by transmit_delay
3619 of OSPF interface */
3620 ls_age = ls_age_increment(lsa,
3621 OSPF_IF_PARAM(oi, transmit_delay));
3622 lsah->ls_age = htons(ls_age);
3623
3624 length += ntohs(lsa->data->length);
3625 count++;
3626
3627 list_delete_node(update, node);
3628 ospf_lsa_unlock(&lsa); /* oi->ls_upd_queue */
3629 }
3630
3631 /* Now set #LSAs. */
3632 stream_putl_at(s, pp, count);
3633
3634 if (IS_DEBUG_OSPF_EVENT)
3635 zlog_debug("%s: Stop", __func__);
3636 return length;
3637 }
3638
3639 static int ospf_make_ls_ack(struct ospf_interface *oi, struct list *ack,
3640 struct stream *s)
3641 {
3642 struct listnode *node, *nnode;
3643 uint16_t length = OSPF_LS_ACK_MIN_SIZE;
3644 unsigned long delta = OSPF_LSA_HEADER_SIZE;
3645 struct ospf_lsa *lsa;
3646
3647 for (ALL_LIST_ELEMENTS(ack, node, nnode, lsa)) {
3648 assert(lsa);
3649
3650 /* LS Ack packet overflows interface MTU
3651 * delta is just number of bytes required for
3652 * 1 LS Ack(1 LS Hdr) ospf_packet_max will return
3653 * the number of bytes can be accommodated without
3654 * ospf header. So length+delta can be compared
3655 * against ospf_packet_max to check if it can fit
3656 * another ls header in the same packet.
3657 */
3658 if ((length + delta) > ospf_packet_max(oi))
3659 break;
3660
3661 stream_put(s, lsa->data, OSPF_LSA_HEADER_SIZE);
3662 length += OSPF_LSA_HEADER_SIZE;
3663
3664 listnode_delete(ack, lsa);
3665 ospf_lsa_unlock(&lsa); /* oi->ls_ack_direct.ls_ack */
3666 }
3667
3668 return length;
3669 }
3670
3671 static void ospf_hello_send_sub(struct ospf_interface *oi, in_addr_t addr)
3672 {
3673 struct ospf_packet *op;
3674 uint16_t length = OSPF_HEADER_SIZE;
3675
3676 op = ospf_packet_new(oi->ifp->mtu);
3677
3678 /* Prepare OSPF common header. */
3679 ospf_make_header(OSPF_MSG_HELLO, oi, op->s);
3680
3681 /* Prepare OSPF Hello body. */
3682 length += ospf_make_hello(oi, op->s);
3683 if (length == OSPF_HEADER_SIZE) {
3684 /* Hello overshooting MTU */
3685 ospf_packet_free(op);
3686 return;
3687 }
3688
3689 /* Fill OSPF header. */
3690 ospf_fill_header(oi, op->s, length);
3691
3692 /* Set packet length. */
3693 op->length = length;
3694
3695 op->dst.s_addr = addr;
3696
3697 if (IS_DEBUG_OSPF_EVENT) {
3698 if (oi->ospf->vrf_id)
3699 zlog_debug(
3700 "%s: Hello Tx interface %s ospf vrf %s id %u",
3701 __func__, oi->ifp->name,
3702 ospf_vrf_id_to_name(oi->ospf->vrf_id),
3703 oi->ospf->vrf_id);
3704 }
3705 /* Add packet to the top of the interface output queue, so that they
3706 * can't get delayed by things like long queues of LS Update packets
3707 */
3708 ospf_packet_add_top(oi, op);
3709
3710 /* Hook thread to write packet. */
3711 OSPF_ISM_WRITE_ON(oi->ospf);
3712 }
3713
3714 static void ospf_poll_send(struct ospf_nbr_nbma *nbr_nbma)
3715 {
3716 struct ospf_interface *oi;
3717
3718 oi = nbr_nbma->oi;
3719 assert(oi);
3720
3721 /* If this is passive interface, do not send OSPF Hello. */
3722 if (OSPF_IF_PASSIVE_STATUS(oi) == OSPF_IF_PASSIVE)
3723 return;
3724
3725 if (oi->type != OSPF_IFTYPE_NBMA)
3726 return;
3727
3728 if (nbr_nbma->nbr != NULL && nbr_nbma->nbr->state != NSM_Down)
3729 return;
3730
3731 if (PRIORITY(oi) == 0)
3732 return;
3733
3734 if (nbr_nbma->priority == 0 && oi->state != ISM_DR
3735 && oi->state != ISM_Backup)
3736 return;
3737
3738 ospf_hello_send_sub(oi, nbr_nbma->addr.s_addr);
3739 }
3740
3741 void ospf_poll_timer(struct thread *thread)
3742 {
3743 struct ospf_nbr_nbma *nbr_nbma;
3744
3745 nbr_nbma = THREAD_ARG(thread);
3746 nbr_nbma->t_poll = NULL;
3747
3748 if (IS_DEBUG_OSPF(nsm, NSM_TIMERS))
3749 zlog_debug("NSM[%s:%pI4]: Timer (Poll timer expire)",
3750 IF_NAME(nbr_nbma->oi), &nbr_nbma->addr);
3751
3752 ospf_poll_send(nbr_nbma);
3753
3754 if (nbr_nbma->v_poll > 0)
3755 OSPF_POLL_TIMER_ON(nbr_nbma->t_poll, ospf_poll_timer,
3756 nbr_nbma->v_poll);
3757 }
3758
3759
3760 void ospf_hello_reply_timer(struct thread *thread)
3761 {
3762 struct ospf_neighbor *nbr;
3763
3764 nbr = THREAD_ARG(thread);
3765 nbr->t_hello_reply = NULL;
3766
3767 if (IS_DEBUG_OSPF(nsm, NSM_TIMERS))
3768 zlog_debug("NSM[%s:%pI4]: Timer (hello-reply timer expire)",
3769 IF_NAME(nbr->oi), &nbr->router_id);
3770
3771 ospf_hello_send_sub(nbr->oi, nbr->address.u.prefix4.s_addr);
3772 }
3773
3774 /* Send OSPF Hello. */
3775 void ospf_hello_send(struct ospf_interface *oi)
3776 {
3777 /* If this is passive interface, do not send OSPF Hello. */
3778 if (OSPF_IF_PASSIVE_STATUS(oi) == OSPF_IF_PASSIVE)
3779 return;
3780
3781 if (oi->type == OSPF_IFTYPE_NBMA) {
3782 struct ospf_neighbor *nbr;
3783 struct route_node *rn;
3784
3785 for (rn = route_top(oi->nbrs); rn; rn = route_next(rn)) {
3786 nbr = rn->info;
3787 if (!nbr)
3788 continue;
3789
3790 if (nbr == oi->nbr_self)
3791 continue;
3792
3793 if (nbr->state == NSM_Down)
3794 continue;
3795
3796 /*
3797 * RFC 2328 Section 9.5.1
3798 * If the router is not eligible to become Designated
3799 * Router, it must periodically send Hello Packets to
3800 * both the Designated Router and the Backup
3801 * Designated Router (if they exist).
3802 */
3803 if (PRIORITY(oi) == 0 &&
3804 IPV4_ADDR_CMP(&DR(oi), &nbr->address.u.prefix4) &&
3805 IPV4_ADDR_CMP(&BDR(oi), &nbr->address.u.prefix4))
3806 continue;
3807
3808 /*
3809 * If the router is eligible to become Designated
3810 * Router, it must periodically send Hello Packets to
3811 * all neighbors that are also eligible. In addition,
3812 * if the router is itself the Designated Router or
3813 * Backup Designated Router, it must also send periodic
3814 * Hello Packets to all other neighbors.
3815 */
3816 if (nbr->priority == 0 && oi->state == ISM_DROther)
3817 continue;
3818
3819 /* if oi->state == Waiting, send
3820 * hello to all neighbors */
3821 ospf_hello_send_sub(oi, nbr->address.u.prefix4.s_addr);
3822 }
3823 } else {
3824 /* Decide destination address. */
3825 if (oi->type == OSPF_IFTYPE_VIRTUALLINK)
3826 ospf_hello_send_sub(oi, oi->vl_data->peer_addr.s_addr);
3827 else
3828 ospf_hello_send_sub(oi, htonl(OSPF_ALLSPFROUTERS));
3829 }
3830 }
3831
3832 /* Send OSPF Database Description. */
3833 void ospf_db_desc_send(struct ospf_neighbor *nbr)
3834 {
3835 struct ospf_interface *oi;
3836 struct ospf_packet *op;
3837 uint16_t length = OSPF_HEADER_SIZE;
3838
3839 oi = nbr->oi;
3840 op = ospf_packet_new(oi->ifp->mtu);
3841
3842 /* Prepare OSPF common header. */
3843 ospf_make_header(OSPF_MSG_DB_DESC, oi, op->s);
3844
3845 /* Prepare OSPF Database Description body. */
3846 length += ospf_make_db_desc(oi, nbr, op->s);
3847
3848 /* Fill OSPF header. */
3849 ospf_fill_header(oi, op->s, length);
3850
3851 /* Set packet length. */
3852 op->length = length;
3853
3854 /* Decide destination address. */
3855 if (oi->type == OSPF_IFTYPE_POINTOPOINT)
3856 op->dst.s_addr = htonl(OSPF_ALLSPFROUTERS);
3857 else
3858 op->dst = nbr->address.u.prefix4;
3859
3860 /* Add packet to the interface output queue. */
3861 ospf_packet_add(oi, op);
3862
3863 /* Hook thread to write packet. */
3864 OSPF_ISM_WRITE_ON(oi->ospf);
3865
3866 /* Remove old DD packet, then copy new one and keep in neighbor
3867 * structure. */
3868 if (nbr->last_send)
3869 ospf_packet_free(nbr->last_send);
3870 nbr->last_send = ospf_packet_dup(op);
3871 monotime(&nbr->last_send_ts);
3872 if (CHECK_FLAG(oi->ospf->config, OSPF_LOG_ADJACENCY_DETAIL))
3873 zlog_info(
3874 "%s:Packet[DD]: %pI4 DB Desc send with seqnum:%x , flags:%x",
3875 ospf_get_name(oi->ospf), &nbr->router_id,
3876 nbr->dd_seqnum, nbr->dd_flags);
3877 }
3878
3879 /* Re-send Database Description. */
3880 void ospf_db_desc_resend(struct ospf_neighbor *nbr)
3881 {
3882 struct ospf_interface *oi;
3883
3884 oi = nbr->oi;
3885
3886 /* Add packet to the interface output queue. */
3887 ospf_packet_add(oi, ospf_packet_dup(nbr->last_send));
3888
3889 /* Hook thread to write packet. */
3890 OSPF_ISM_WRITE_ON(oi->ospf);
3891 if (CHECK_FLAG(oi->ospf->config, OSPF_LOG_ADJACENCY_DETAIL))
3892 zlog_info(
3893 "%s:Packet[DD]: %pI4 DB Desc resend with seqnum:%x , flags:%x",
3894 ospf_get_name(oi->ospf), &nbr->router_id,
3895 nbr->dd_seqnum, nbr->dd_flags);
3896 }
3897
3898 /* Send Link State Request. */
3899 void ospf_ls_req_send(struct ospf_neighbor *nbr)
3900 {
3901 struct ospf_interface *oi;
3902 struct ospf_packet *op;
3903 uint16_t length = OSPF_HEADER_SIZE;
3904
3905 oi = nbr->oi;
3906 op = ospf_packet_new(oi->ifp->mtu);
3907
3908 /* Prepare OSPF common header. */
3909 ospf_make_header(OSPF_MSG_LS_REQ, oi, op->s);
3910
3911 /* Prepare OSPF Link State Request body. */
3912 length += ospf_make_ls_req(nbr, op->s);
3913 if (length == OSPF_HEADER_SIZE) {
3914 ospf_packet_free(op);
3915 return;
3916 }
3917
3918 /* Fill OSPF header. */
3919 ospf_fill_header(oi, op->s, length);
3920
3921 /* Set packet length. */
3922 op->length = length;
3923
3924 /* Decide destination address. */
3925 if (oi->type == OSPF_IFTYPE_POINTOPOINT)
3926 op->dst.s_addr = htonl(OSPF_ALLSPFROUTERS);
3927 else
3928 op->dst = nbr->address.u.prefix4;
3929
3930 /* Add packet to the interface output queue. */
3931 ospf_packet_add(oi, op);
3932
3933 /* Hook thread to write packet. */
3934 OSPF_ISM_WRITE_ON(oi->ospf);
3935
3936 /* Add Link State Request Retransmission Timer. */
3937 OSPF_NSM_TIMER_ON(nbr->t_ls_req, ospf_ls_req_timer, nbr->v_ls_req);
3938 }
3939
3940 /* Send Link State Update with an LSA. */
3941 void ospf_ls_upd_send_lsa(struct ospf_neighbor *nbr, struct ospf_lsa *lsa,
3942 int flag)
3943 {
3944 struct list *update;
3945
3946 update = list_new();
3947
3948 listnode_add(update, lsa);
3949
3950 /*ospf instance is going down, send self originated
3951 * MAXAGE LSA update to neighbors to remove from LSDB */
3952 if (nbr->oi->ospf->inst_shutdown && IS_LSA_MAXAGE(lsa))
3953 ospf_ls_upd_send(nbr, update, flag, 1);
3954 else
3955 ospf_ls_upd_send(nbr, update, flag, 0);
3956
3957 list_delete(&update);
3958 }
3959
3960 /* Determine size for packet. Must be at least big enough to accommodate next
3961 * LSA on list, which may be bigger than MTU size.
3962 *
3963 * Return pointer to new ospf_packet
3964 * NULL if we can not allocate, eg because LSA is bigger than imposed limit
3965 * on packet sizes (in which case offending LSA is deleted from update list)
3966 */
3967 static struct ospf_packet *ospf_ls_upd_packet_new(struct list *update,
3968 struct ospf_interface *oi)
3969 {
3970 struct ospf_lsa *lsa;
3971 struct listnode *ln;
3972 size_t size;
3973 static char warned = 0;
3974
3975 lsa = listgetdata((ln = listhead(update)));
3976 assert(lsa->data);
3977
3978 if ((OSPF_LS_UPD_MIN_SIZE + ntohs(lsa->data->length))
3979 > ospf_packet_max(oi)) {
3980 if (!warned) {
3981 flog_warn(
3982 EC_OSPF_LARGE_LSA,
3983 "%s: oversized LSA encountered!will need to fragment. Not optimal. Try divide up your network with areas. Use 'debug ospf packet send' to see details, or look at 'show ip ospf database ..'",
3984 __func__);
3985 warned = 1;
3986 }
3987
3988 if (IS_DEBUG_OSPF_PACKET(0, SEND))
3989 zlog_debug(
3990 "%s: oversized LSA id:%pI4, %d bytes originated by %pI4, will be fragmented!",
3991 __func__, &lsa->data->id,
3992 ntohs(lsa->data->length),
3993 &lsa->data->adv_router);
3994
3995 /*
3996 * Allocate just enough to fit this LSA only, to avoid including
3997 * other
3998 * LSAs in fragmented LSA Updates.
3999 */
4000 size = ntohs(lsa->data->length)
4001 + (oi->ifp->mtu - ospf_packet_max(oi))
4002 + OSPF_LS_UPD_MIN_SIZE;
4003 } else
4004 size = oi->ifp->mtu;
4005
4006 if (size > OSPF_MAX_PACKET_SIZE) {
4007 flog_warn(
4008 EC_OSPF_LARGE_LSA,
4009 "%s: oversized LSA id:%pI4 too big, %d bytes, packet size %ld, dropping it completely. OSPF routing is broken!",
4010 __func__, &lsa->data->id, ntohs(lsa->data->length),
4011 (long int)size);
4012 list_delete_node(update, ln);
4013 return NULL;
4014 }
4015
4016 /* IP header is built up separately by ospf_write(). This means, that we
4017 * must
4018 * reduce the "affordable" size just calculated by length of an IP
4019 * header.
4020 * This makes sure, that even if we manage to fill the payload with LSA
4021 * data
4022 * completely, the final packet (our data plus IP header) still fits
4023 * into
4024 * outgoing interface MTU. This correction isn't really meaningful for
4025 * an
4026 * oversized LSA, but for consistency the correction is done for both
4027 * cases.
4028 *
4029 * P.S. OSPF_MAX_PACKET_SIZE above already includes IP header size
4030 */
4031 return ospf_packet_new(size - sizeof(struct ip));
4032 }
4033
4034 static void ospf_ls_upd_queue_send(struct ospf_interface *oi,
4035 struct list *update, struct in_addr addr,
4036 int send_lsupd_now)
4037 {
4038 struct ospf_packet *op;
4039 uint16_t length = OSPF_HEADER_SIZE;
4040
4041 if (IS_DEBUG_OSPF_EVENT)
4042 zlog_debug("listcount = %d, [%s]dst %pI4", listcount(update),
4043 IF_NAME(oi), &addr);
4044
4045 /* Check that we have really something to process */
4046 if (listcount(update) == 0)
4047 return;
4048
4049 op = ospf_ls_upd_packet_new(update, oi);
4050
4051 /* Prepare OSPF common header. */
4052 ospf_make_header(OSPF_MSG_LS_UPD, oi, op->s);
4053
4054 /* Prepare OSPF Link State Update body.
4055 * Includes Type-7 translation.
4056 */
4057 length += ospf_make_ls_upd(oi, update, op->s);
4058
4059 /* Fill OSPF header. */
4060 ospf_fill_header(oi, op->s, length);
4061
4062 /* Set packet length. */
4063 op->length = length;
4064
4065 /* Decide destination address. */
4066 if (oi->type == OSPF_IFTYPE_POINTOPOINT)
4067 op->dst.s_addr = htonl(OSPF_ALLSPFROUTERS);
4068 else
4069 op->dst.s_addr = addr.s_addr;
4070
4071 /* Add packet to the interface output queue. */
4072 ospf_packet_add(oi, op);
4073 /* Call ospf_write() right away to send ospf packets to neighbors */
4074 if (send_lsupd_now) {
4075 struct thread os_packet_thd;
4076
4077 os_packet_thd.arg = (void *)oi->ospf;
4078 if (oi->on_write_q == 0) {
4079 listnode_add(oi->ospf->oi_write_q, oi);
4080 oi->on_write_q = 1;
4081 }
4082 ospf_write(&os_packet_thd);
4083 /*
4084 * We are fake calling ospf_write with a fake
4085 * thread. Imagine that we have oi_a already
4086 * enqueued and we have turned on the write
4087 * thread(t_write).
4088 * Now this function calls this for oi_b
4089 * so the on_write_q has oi_a and oi_b on
4090 * it, ospf_write runs and clears the packets
4091 * for both oi_a and oi_b. Removing them from
4092 * the on_write_q. After this thread of execution
4093 * finishes we will execute the t_write thread
4094 * with nothing in the on_write_q causing an
4095 * assert. So just make sure that the t_write
4096 * is actually turned off.
4097 */
4098 if (list_isempty(oi->ospf->oi_write_q))
4099 THREAD_OFF(oi->ospf->t_write);
4100 } else {
4101 /* Hook thread to write packet. */
4102 OSPF_ISM_WRITE_ON(oi->ospf);
4103 }
4104 }
4105
4106 static void ospf_ls_upd_send_queue_event(struct thread *thread)
4107 {
4108 struct ospf_interface *oi = THREAD_ARG(thread);
4109 struct route_node *rn;
4110 struct route_node *rnext;
4111 struct list *update;
4112 char again = 0;
4113
4114 oi->t_ls_upd_event = NULL;
4115
4116 if (IS_DEBUG_OSPF_EVENT)
4117 zlog_debug("%s start", __func__);
4118
4119 for (rn = route_top(oi->ls_upd_queue); rn; rn = rnext) {
4120 rnext = route_next(rn);
4121
4122 if (rn->info == NULL)
4123 continue;
4124
4125 update = (struct list *)rn->info;
4126
4127 ospf_ls_upd_queue_send(oi, update, rn->p.u.prefix4, 0);
4128
4129 /* list might not be empty. */
4130 if (listcount(update) == 0) {
4131 list_delete((struct list **)&rn->info);
4132 route_unlock_node(rn);
4133 } else
4134 again = 1;
4135 }
4136
4137 if (again != 0) {
4138 if (IS_DEBUG_OSPF_EVENT)
4139 zlog_debug(
4140 "%s: update lists not cleared, %d nodes to try again, raising new event",
4141 __func__, again);
4142 oi->t_ls_upd_event = NULL;
4143 thread_add_event(master, ospf_ls_upd_send_queue_event, oi, 0,
4144 &oi->t_ls_upd_event);
4145 }
4146
4147 if (IS_DEBUG_OSPF_EVENT)
4148 zlog_debug("%s stop", __func__);
4149 }
4150
4151 void ospf_ls_upd_send(struct ospf_neighbor *nbr, struct list *update, int flag,
4152 int send_lsupd_now)
4153 {
4154 struct ospf_interface *oi;
4155 struct ospf_lsa *lsa;
4156 struct prefix_ipv4 p;
4157 struct route_node *rn;
4158 struct listnode *node;
4159
4160 oi = nbr->oi;
4161
4162 p.family = AF_INET;
4163 p.prefixlen = IPV4_MAX_BITLEN;
4164
4165 /* Decide destination address. */
4166 if (oi->type == OSPF_IFTYPE_VIRTUALLINK)
4167 p.prefix = oi->vl_data->peer_addr;
4168 else if (oi->type == OSPF_IFTYPE_POINTOPOINT)
4169 p.prefix.s_addr = htonl(OSPF_ALLSPFROUTERS);
4170 else if (flag == OSPF_SEND_PACKET_DIRECT)
4171 p.prefix = nbr->address.u.prefix4;
4172 else if (oi->state == ISM_DR || oi->state == ISM_Backup)
4173 p.prefix.s_addr = htonl(OSPF_ALLSPFROUTERS);
4174 else if (oi->type == OSPF_IFTYPE_POINTOMULTIPOINT)
4175 p.prefix.s_addr = htonl(OSPF_ALLSPFROUTERS);
4176 else
4177 p.prefix.s_addr = htonl(OSPF_ALLDROUTERS);
4178
4179 if (oi->type == OSPF_IFTYPE_NBMA) {
4180 if (flag == OSPF_SEND_PACKET_INDIRECT)
4181 flog_warn(
4182 EC_OSPF_PACKET,
4183 "* LS-Update is directly sent on NBMA network.");
4184 if (IPV4_ADDR_SAME(&oi->address->u.prefix4, &p.prefix))
4185 flog_warn(EC_OSPF_PACKET,
4186 "* LS-Update is sent to myself.");
4187 }
4188
4189 rn = route_node_get(oi->ls_upd_queue, (struct prefix *)&p);
4190
4191 if (rn->info == NULL)
4192 rn->info = list_new();
4193 else
4194 route_unlock_node(rn);
4195
4196 for (ALL_LIST_ELEMENTS_RO(update, node, lsa))
4197 listnode_add(rn->info,
4198 ospf_lsa_lock(lsa)); /* oi->ls_upd_queue */
4199 if (send_lsupd_now) {
4200 struct list *send_update_list;
4201 struct route_node *rnext;
4202
4203 for (rn = route_top(oi->ls_upd_queue); rn; rn = rnext) {
4204 rnext = route_next(rn);
4205
4206 if (rn->info == NULL)
4207 continue;
4208
4209 send_update_list = (struct list *)rn->info;
4210
4211 ospf_ls_upd_queue_send(oi, send_update_list,
4212 rn->p.u.prefix4, 1);
4213 }
4214 } else
4215 thread_add_event(master, ospf_ls_upd_send_queue_event, oi, 0,
4216 &oi->t_ls_upd_event);
4217 }
4218
4219 static void ospf_ls_ack_send_list(struct ospf_interface *oi, struct list *ack,
4220 struct in_addr dst)
4221 {
4222 struct ospf_packet *op;
4223 uint16_t length = OSPF_HEADER_SIZE;
4224
4225 op = ospf_packet_new(oi->ifp->mtu);
4226
4227 /* Prepare OSPF common header. */
4228 ospf_make_header(OSPF_MSG_LS_ACK, oi, op->s);
4229
4230 /* Prepare OSPF Link State Acknowledgment body. */
4231 length += ospf_make_ls_ack(oi, ack, op->s);
4232
4233 /* Fill OSPF header. */
4234 ospf_fill_header(oi, op->s, length);
4235
4236 /* Set packet length. */
4237 op->length = length;
4238
4239 /* Decide destination address. */
4240 if (oi->type == OSPF_IFTYPE_POINTOPOINT ||
4241 oi->type == OSPF_IFTYPE_POINTOMULTIPOINT)
4242 op->dst.s_addr = htonl(OSPF_ALLSPFROUTERS);
4243 else
4244 op->dst.s_addr = dst.s_addr;
4245
4246 /* Add packet to the interface output queue. */
4247 ospf_packet_add(oi, op);
4248
4249 /* Hook thread to write packet. */
4250 OSPF_ISM_WRITE_ON(oi->ospf);
4251 }
4252
4253 static void ospf_ls_ack_send_event(struct thread *thread)
4254 {
4255 struct ospf_interface *oi = THREAD_ARG(thread);
4256
4257 oi->t_ls_ack_direct = NULL;
4258
4259 while (listcount(oi->ls_ack_direct.ls_ack))
4260 ospf_ls_ack_send_list(oi, oi->ls_ack_direct.ls_ack,
4261 oi->ls_ack_direct.dst);
4262 }
4263
4264 void ospf_ls_ack_send(struct ospf_neighbor *nbr, struct ospf_lsa *lsa)
4265 {
4266 struct ospf_interface *oi = nbr->oi;
4267
4268 if (IS_GRACE_LSA(lsa)) {
4269 if (IS_DEBUG_OSPF_GR)
4270 zlog_debug("%s, Sending GRACE ACK to Restarter.",
4271 __func__);
4272 }
4273
4274 if (listcount(oi->ls_ack_direct.ls_ack) == 0)
4275 oi->ls_ack_direct.dst = nbr->address.u.prefix4;
4276
4277 listnode_add(oi->ls_ack_direct.ls_ack, ospf_lsa_lock(lsa));
4278
4279 thread_add_event(master, ospf_ls_ack_send_event, oi, 0,
4280 &oi->t_ls_ack_direct);
4281 }
4282
4283 /* Send Link State Acknowledgment delayed. */
4284 void ospf_ls_ack_send_delayed(struct ospf_interface *oi)
4285 {
4286 struct in_addr dst;
4287
4288 /* Decide destination address. */
4289 /* RFC2328 Section 13.5 On non-broadcast
4290 networks, delayed Link State Acknowledgment packets must be
4291 unicast separately over each adjacency (i.e., neighbor whose
4292 state is >= Exchange). */
4293 if (oi->type == OSPF_IFTYPE_NBMA) {
4294 struct ospf_neighbor *nbr;
4295 struct route_node *rn;
4296
4297 for (rn = route_top(oi->nbrs); rn; rn = route_next(rn)) {
4298 nbr = rn->info;
4299
4300 if (!nbr)
4301 continue;
4302
4303 if (nbr != oi->nbr_self && nbr->state >= NSM_Exchange)
4304 while (listcount(oi->ls_ack))
4305 ospf_ls_ack_send_list(
4306 oi, oi->ls_ack,
4307 nbr->address.u.prefix4);
4308 }
4309 return;
4310 }
4311 if (oi->type == OSPF_IFTYPE_VIRTUALLINK)
4312 dst.s_addr = oi->vl_data->peer_addr.s_addr;
4313 else if (oi->state == ISM_DR || oi->state == ISM_Backup)
4314 dst.s_addr = htonl(OSPF_ALLSPFROUTERS);
4315 else if (oi->type == OSPF_IFTYPE_POINTOPOINT)
4316 dst.s_addr = htonl(OSPF_ALLSPFROUTERS);
4317 else if (oi->type == OSPF_IFTYPE_POINTOMULTIPOINT)
4318 dst.s_addr = htonl(OSPF_ALLSPFROUTERS);
4319 else
4320 dst.s_addr = htonl(OSPF_ALLDROUTERS);
4321
4322 while (listcount(oi->ls_ack))
4323 ospf_ls_ack_send_list(oi, oi->ls_ack, dst);
4324 }
4325
4326 /*
4327 * On pt-to-pt links, all OSPF control packets are sent to the multicast
4328 * address. As a result, the kernel does not need to learn the interface
4329 * MAC of the OSPF neighbor. However, in our world, this will delay
4330 * convergence. Take the case when due to a link flap, all routes now
4331 * want to use an interface which was deemed to be costlier prior to this
4332 * event. For routes that will be installed, the missing MAC will have
4333 * punt-to-CPU set on them. This may overload the CPU control path that
4334 * can be avoided if the MAC was known apriori.
4335 */
4336 void ospf_proactively_arp(struct ospf_neighbor *nbr)
4337 {
4338 if (!nbr || !nbr->oi->ospf->proactive_arp)
4339 return;
4340
4341 ospf_zebra_send_arp(nbr->oi->ifp, &nbr->address);
4342 }
FRRouting mirror