]> git.proxmox.com Git - mirror_frr.git/blob - ospfd/ospf_packet.c
projects / mirror_frr.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
ospfd: tiny style fix
[mirror_frr.git] / ospfd / ospf_packet.c
1 /*
2 * OSPF Sending and Receiving OSPF Packets.
3 * Copyright (C) 1999, 2000 Toshiaki Takada
4 *
5 * This file is part of GNU Zebra.
6 *
7 * GNU Zebra is free software; you can redistribute it and/or modify it
8 * under the terms of the GNU General Public License as published by the
9 * Free Software Foundation; either version 2, or (at your option) any
10 * later version.
11 *
12 * GNU Zebra is distributed in the hope that it will be useful, but
13 * WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15 * General Public License for more details.
16 *
17 * You should have received a copy of the GNU General Public License along
18 * with this program; see the file COPYING; if not, write to the Free Software
19 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
20 */
21
22 #include <zebra.h>
23
24 #include "monotime.h"
25 #include "thread.h"
26 #include "memory.h"
27 #include "linklist.h"
28 #include "prefix.h"
29 #include "if.h"
30 #include "table.h"
31 #include "sockunion.h"
32 #include "stream.h"
33 #include "log.h"
34 #include "sockopt.h"
35 #include "checksum.h"
36 #ifdef CRYPTO_INTERNAL
37 #include "md5.h"
38 #endif
39 #include "vrf.h"
40 #include "lib_errors.h"
41
42 #include "ospfd/ospfd.h"
43 #include "ospfd/ospf_network.h"
44 #include "ospfd/ospf_interface.h"
45 #include "ospfd/ospf_ism.h"
46 #include "ospfd/ospf_asbr.h"
47 #include "ospfd/ospf_lsa.h"
48 #include "ospfd/ospf_lsdb.h"
49 #include "ospfd/ospf_neighbor.h"
50 #include "ospfd/ospf_nsm.h"
51 #include "ospfd/ospf_packet.h"
52 #include "ospfd/ospf_spf.h"
53 #include "ospfd/ospf_flood.h"
54 #include "ospfd/ospf_dump.h"
55 #include "ospfd/ospf_errors.h"
56
57 /*
58 * OSPF Fragmentation / fragmented writes
59 *
60 * ospfd can support writing fragmented packets, for cases where
61 * kernel will not fragment IP_HDRINCL and/or multicast destined
62 * packets (ie TTBOMK all kernels, BSD, SunOS, Linux). However,
63 * SunOS, probably BSD too, clobber the user supplied IP ID and IP
64 * flags fields, hence user-space fragmentation will not work.
65 * Only Linux is known to leave IP header unmolested.
66 * Further, fragmentation really should be done the kernel, which already
67 * supports it, and which avoids nasty IP ID state problems.
68 *
69 * Fragmentation of OSPF packets can be required on networks with router
70 * with many many interfaces active in one area, or on networks with links
71 * with low MTUs.
72 */
73 #ifdef GNU_LINUX
74 #define WANT_OSPF_WRITE_FRAGMENT
75 #endif
76
77 /* Packet Type String. */
78 const struct message ospf_packet_type_str[] = {
79 {OSPF_MSG_HELLO, "Hello"},
80 {OSPF_MSG_DB_DESC, "Database Description"},
81 {OSPF_MSG_LS_REQ, "Link State Request"},
82 {OSPF_MSG_LS_UPD, "Link State Update"},
83 {OSPF_MSG_LS_ACK, "Link State Acknowledgment"},
84 {0}};
85
86 /* Minimum (besides OSPF_HEADER_SIZE) lengths for OSPF packets of
87 particular types, offset is the "type" field of a packet. */
88 static const uint16_t ospf_packet_minlen[] = {
89 0,
90 OSPF_HELLO_MIN_SIZE,
91 OSPF_DB_DESC_MIN_SIZE,
92 OSPF_LS_REQ_MIN_SIZE,
93 OSPF_LS_UPD_MIN_SIZE,
94 OSPF_LS_ACK_MIN_SIZE,
95 };
96
97 /* Minimum (besides OSPF_LSA_HEADER_SIZE) lengths for LSAs of particular
98 types, offset is the "LSA type" field. */
99 static const uint16_t ospf_lsa_minlen[] = {
100 0,
101 OSPF_ROUTER_LSA_MIN_SIZE,
102 OSPF_NETWORK_LSA_MIN_SIZE,
103 OSPF_SUMMARY_LSA_MIN_SIZE,
104 OSPF_SUMMARY_LSA_MIN_SIZE,
105 OSPF_AS_EXTERNAL_LSA_MIN_SIZE,
106 0,
107 OSPF_AS_EXTERNAL_LSA_MIN_SIZE,
108 0,
109 0,
110 0,
111 0,
112 };
113
114 /* for ospf_check_auth() */
115 static int ospf_check_sum(struct ospf_header *);
116
117 /* OSPF authentication checking function */
118 static int ospf_auth_type(struct ospf_interface *oi)
119 {
120 int auth_type;
121
122 if (OSPF_IF_PARAM(oi, auth_type) == OSPF_AUTH_NOTSET)
123 auth_type = oi->area->auth_type;
124 else
125 auth_type = OSPF_IF_PARAM(oi, auth_type);
126
127 /* Handle case where MD5 key list is not configured aka Cisco */
128 if (auth_type == OSPF_AUTH_CRYPTOGRAPHIC
129 && list_isempty(OSPF_IF_PARAM(oi, auth_crypt)))
130 return OSPF_AUTH_NULL;
131
132 return auth_type;
133 }
134
135 static struct ospf_packet *ospf_packet_new(size_t size)
136 {
137 struct ospf_packet *new;
138
139 new = XCALLOC(MTYPE_OSPF_PACKET, sizeof(struct ospf_packet));
140 new->s = stream_new(size);
141
142 return new;
143 }
144
145 void ospf_packet_free(struct ospf_packet *op)
146 {
147 if (op->s)
148 stream_free(op->s);
149
150 XFREE(MTYPE_OSPF_PACKET, op);
151 }
152
153 struct ospf_fifo *ospf_fifo_new(void)
154 {
155 struct ospf_fifo *new;
156
157 new = XCALLOC(MTYPE_OSPF_FIFO, sizeof(struct ospf_fifo));
158 return new;
159 }
160
161 /* Add new packet to fifo. */
162 void ospf_fifo_push(struct ospf_fifo *fifo, struct ospf_packet *op)
163 {
164 if (fifo->tail)
165 fifo->tail->next = op;
166 else
167 fifo->head = op;
168
169 fifo->tail = op;
170
171 fifo->count++;
172 }
173
174 /* Add new packet to head of fifo. */
175 static void ospf_fifo_push_head(struct ospf_fifo *fifo, struct ospf_packet *op)
176 {
177 op->next = fifo->head;
178
179 if (fifo->tail == NULL)
180 fifo->tail = op;
181
182 fifo->head = op;
183
184 fifo->count++;
185 }
186
187 /* Delete first packet from fifo. */
188 struct ospf_packet *ospf_fifo_pop(struct ospf_fifo *fifo)
189 {
190 struct ospf_packet *op;
191
192 op = fifo->head;
193
194 if (op) {
195 fifo->head = op->next;
196
197 if (fifo->head == NULL)
198 fifo->tail = NULL;
199
200 fifo->count--;
201 }
202
203 return op;
204 }
205
206 /* Return first fifo entry. */
207 struct ospf_packet *ospf_fifo_head(struct ospf_fifo *fifo)
208 {
209 return fifo->head;
210 }
211
212 /* Flush ospf packet fifo. */
213 void ospf_fifo_flush(struct ospf_fifo *fifo)
214 {
215 struct ospf_packet *op;
216 struct ospf_packet *next;
217
218 for (op = fifo->head; op; op = next) {
219 next = op->next;
220 ospf_packet_free(op);
221 }
222 fifo->head = fifo->tail = NULL;
223 fifo->count = 0;
224 }
225
226 /* Free ospf packet fifo. */
227 void ospf_fifo_free(struct ospf_fifo *fifo)
228 {
229 ospf_fifo_flush(fifo);
230
231 XFREE(MTYPE_OSPF_FIFO, fifo);
232 }
233
234 static void ospf_packet_add(struct ospf_interface *oi, struct ospf_packet *op)
235 {
236 /* Add packet to end of queue. */
237 ospf_fifo_push(oi->obuf, op);
238
239 /* Debug of packet fifo*/
240 /* ospf_fifo_debug (oi->obuf); */
241 }
242
243 static void ospf_packet_add_top(struct ospf_interface *oi,
244 struct ospf_packet *op)
245 {
246 /* Add packet to head of queue. */
247 ospf_fifo_push_head(oi->obuf, op);
248
249 /* Debug of packet fifo*/
250 /* ospf_fifo_debug (oi->obuf); */
251 }
252
253 static void ospf_packet_delete(struct ospf_interface *oi)
254 {
255 struct ospf_packet *op;
256
257 op = ospf_fifo_pop(oi->obuf);
258
259 if (op)
260 ospf_packet_free(op);
261 }
262
263 static struct ospf_packet *ospf_packet_dup(struct ospf_packet *op)
264 {
265 struct ospf_packet *new;
266
267 if (stream_get_endp(op->s) != op->length)
268 /* XXX size_t */
269 zlog_debug(
270 "ospf_packet_dup stream %lu ospf_packet %u size mismatch",
271 (unsigned long)STREAM_SIZE(op->s), op->length);
272
273 /* Reserve space for MD5 authentication that may be added later. */
274 new = ospf_packet_new(stream_get_endp(op->s) + OSPF_AUTH_MD5_SIZE);
275 stream_copy(new->s, op->s);
276
277 new->dst = op->dst;
278 new->length = op->length;
279
280 return new;
281 }
282
283 /* XXX inline */
284 static unsigned int ospf_packet_authspace(struct ospf_interface *oi)
285 {
286 int auth = 0;
287
288 if (ospf_auth_type(oi) == OSPF_AUTH_CRYPTOGRAPHIC)
289 auth = OSPF_AUTH_MD5_SIZE;
290
291 return auth;
292 }
293
294 static unsigned int ospf_packet_max(struct ospf_interface *oi)
295 {
296 int max;
297
298 max = oi->ifp->mtu - ospf_packet_authspace(oi);
299
300 max -= (OSPF_HEADER_SIZE + sizeof(struct ip));
301
302 return max;
303 }
304
305
306 static int ospf_check_md5_digest(struct ospf_interface *oi,
307 struct ospf_header *ospfh)
308 {
309 #ifdef CRYPTO_OPENSSL
310 EVP_MD_CTX *ctx;
311 #elif CRYPTO_INTERNAL
312 MD5_CTX ctx;
313 #endif
314 unsigned char digest[OSPF_AUTH_MD5_SIZE];
315 struct crypt_key *ck;
316 struct ospf_neighbor *nbr;
317 uint16_t length = ntohs(ospfh->length);
318
319 /* Get secret key. */
320 ck = ospf_crypt_key_lookup(OSPF_IF_PARAM(oi, auth_crypt),
321 ospfh->u.crypt.key_id);
322 if (ck == NULL) {
323 flog_warn(EC_OSPF_MD5, "interface %s: ospf_check_md5 no key %d",
324 IF_NAME(oi), ospfh->u.crypt.key_id);
325 return 0;
326 }
327
328 /* check crypto seqnum. */
329 nbr = ospf_nbr_lookup_by_routerid(oi->nbrs, &ospfh->router_id);
330
331 if (nbr
332 && ntohl(nbr->crypt_seqnum) > ntohl(ospfh->u.crypt.crypt_seqnum)) {
333 flog_warn(
334 EC_OSPF_MD5,
335 "interface %s: ospf_check_md5 bad sequence %d (expect %d)",
336 IF_NAME(oi), ntohl(ospfh->u.crypt.crypt_seqnum),
337 ntohl(nbr->crypt_seqnum));
338 return 0;
339 }
340
341 /* Generate a digest for the ospf packet - their digest + our digest. */
342 #ifdef CRYPTO_OPENSSL
343 unsigned int md5_size = OSPF_AUTH_MD5_SIZE;
344 ctx = EVP_MD_CTX_new();
345 EVP_DigestInit(ctx, EVP_md5());
346 EVP_DigestUpdate(ctx, ospfh, length);
347 EVP_DigestUpdate(ctx, ck->auth_key, OSPF_AUTH_MD5_SIZE);
348 EVP_DigestFinal(ctx, digest, &md5_size);
349 EVP_MD_CTX_free(ctx);
350 #elif CRYPTO_INTERNAL
351 memset(&ctx, 0, sizeof(ctx));
352 MD5Init(&ctx);
353 MD5Update(&ctx, ospfh, length);
354 MD5Update(&ctx, ck->auth_key, OSPF_AUTH_MD5_SIZE);
355 MD5Final(digest, &ctx);
356 #endif
357
358 /* compare the two */
359 if (memcmp((caddr_t)ospfh + length, digest, OSPF_AUTH_MD5_SIZE)) {
360 flog_warn(EC_OSPF_MD5,
361 "interface %s: ospf_check_md5 checksum mismatch",
362 IF_NAME(oi));
363 return 0;
364 }
365
366 /* save neighbor's crypt_seqnum */
367 if (nbr)
368 nbr->crypt_seqnum = ospfh->u.crypt.crypt_seqnum;
369 return 1;
370 }
371
372 /* This function is called from ospf_write(), it will detect the
373 authentication scheme and if it is MD5, it will change the sequence
374 and update the MD5 digest. */
375 static int ospf_make_md5_digest(struct ospf_interface *oi,
376 struct ospf_packet *op)
377 {
378 struct ospf_header *ospfh;
379 unsigned char digest[OSPF_AUTH_MD5_SIZE] = {0};
380 #ifdef CRYPTO_OPENSSL
381 EVP_MD_CTX *ctx;
382 #elif CRYPTO_INTERNAL
383 MD5_CTX ctx;
384 #endif
385 void *ibuf;
386 uint32_t t;
387 struct crypt_key *ck;
388 const uint8_t *auth_key;
389
390 ibuf = STREAM_DATA(op->s);
391 ospfh = (struct ospf_header *)ibuf;
392
393 if (ntohs(ospfh->auth_type) != OSPF_AUTH_CRYPTOGRAPHIC)
394 return 0;
395
396 /* We do this here so when we dup a packet, we don't have to
397 waste CPU rewriting other headers.
398
399 Note that quagga_time /deliberately/ is not used here */
400 t = (time(NULL) & 0xFFFFFFFF);
401 if (t > oi->crypt_seqnum)
402 oi->crypt_seqnum = t;
403 else
404 oi->crypt_seqnum++;
405
406 ospfh->u.crypt.crypt_seqnum = htonl(oi->crypt_seqnum);
407
408 /* Get MD5 Authentication key from auth_key list. */
409 if (list_isempty(OSPF_IF_PARAM(oi, auth_crypt)))
410 auth_key = (const uint8_t *)digest;
411 else {
412 ck = listgetdata(listtail(OSPF_IF_PARAM(oi, auth_crypt)));
413 auth_key = ck->auth_key;
414 }
415
416 /* Generate a digest for the entire packet + our secret key. */
417 #ifdef CRYPTO_OPENSSL
418 unsigned int md5_size = OSPF_AUTH_MD5_SIZE;
419 ctx = EVP_MD_CTX_new();
420 EVP_DigestInit(ctx, EVP_md5());
421 EVP_DigestUpdate(ctx, ibuf, ntohs(ospfh->length));
422 EVP_DigestUpdate(ctx, auth_key, OSPF_AUTH_MD5_SIZE);
423 EVP_DigestFinal(ctx, digest, &md5_size);
424 EVP_MD_CTX_free(ctx);
425 #elif CRYPTO_INTERNAL
426 memset(&ctx, 0, sizeof(ctx));
427 MD5Init(&ctx);
428 MD5Update(&ctx, ibuf, ntohs(ospfh->length));
429 MD5Update(&ctx, auth_key, OSPF_AUTH_MD5_SIZE);
430 MD5Final(digest, &ctx);
431 #endif
432
433 /* Append md5 digest to the end of the stream. */
434 stream_put(op->s, digest, OSPF_AUTH_MD5_SIZE);
435
436 /* We do *NOT* increment the OSPF header length. */
437 op->length = ntohs(ospfh->length) + OSPF_AUTH_MD5_SIZE;
438
439 if (stream_get_endp(op->s) != op->length)
440 /* XXX size_t */
441 flog_warn(
442 EC_OSPF_MD5,
443 "ospf_make_md5_digest: length mismatch stream %lu ospf_packet %u",
444 (unsigned long)stream_get_endp(op->s), op->length);
445
446 return OSPF_AUTH_MD5_SIZE;
447 }
448
449
450 static int ospf_ls_req_timer(struct thread *thread)
451 {
452 struct ospf_neighbor *nbr;
453
454 nbr = THREAD_ARG(thread);
455 nbr->t_ls_req = NULL;
456
457 /* Send Link State Request. */
458 if (ospf_ls_request_count(nbr))
459 ospf_ls_req_send(nbr);
460
461 /* Set Link State Request retransmission timer. */
462 OSPF_NSM_TIMER_ON(nbr->t_ls_req, ospf_ls_req_timer, nbr->v_ls_req);
463
464 return 0;
465 }
466
467 void ospf_ls_req_event(struct ospf_neighbor *nbr)
468 {
469 if (nbr->t_ls_req) {
470 thread_cancel(nbr->t_ls_req);
471 nbr->t_ls_req = NULL;
472 }
473 nbr->t_ls_req = NULL;
474 thread_add_event(master, ospf_ls_req_timer, nbr, 0, &nbr->t_ls_req);
475 }
476
477 /* Cyclic timer function. Fist registered in ospf_nbr_new () in
478 ospf_neighbor.c */
479 int ospf_ls_upd_timer(struct thread *thread)
480 {
481 struct ospf_neighbor *nbr;
482
483 nbr = THREAD_ARG(thread);
484 nbr->t_ls_upd = NULL;
485
486 /* Send Link State Update. */
487 if (ospf_ls_retransmit_count(nbr) > 0) {
488 struct list *update;
489 struct ospf_lsdb *lsdb;
490 int i;
491 int retransmit_interval;
492
493 retransmit_interval =
494 OSPF_IF_PARAM(nbr->oi, retransmit_interval);
495
496 lsdb = &nbr->ls_rxmt;
497 update = list_new();
498
499 for (i = OSPF_MIN_LSA; i < OSPF_MAX_LSA; i++) {
500 struct route_table *table = lsdb->type[i].db;
501 struct route_node *rn;
502
503 for (rn = route_top(table); rn; rn = route_next(rn)) {
504 struct ospf_lsa *lsa;
505
506 if ((lsa = rn->info) != NULL) {
507 /* Don't retransmit an LSA if we
508 received it within
509 the last RxmtInterval seconds - this
510 is to allow the
511 neighbour a chance to acknowledge the
512 LSA as it may
513 have ben just received before the
514 retransmit timer
515 fired. This is a small tweak to what
516 is in the RFC,
517 but it will cut out out a lot of
518 retransmit traffic
519 - MAG */
520 if (monotime_since(&lsa->tv_recv, NULL)
521 >= retransmit_interval * 1000000LL)
522 listnode_add(update, rn->info);
523 }
524 }
525 }
526
527 if (listcount(update) > 0)
528 ospf_ls_upd_send(nbr, update, OSPF_SEND_PACKET_DIRECT,
529 0);
530 list_delete(&update);
531 }
532
533 /* Set LS Update retransmission timer. */
534 OSPF_NSM_TIMER_ON(nbr->t_ls_upd, ospf_ls_upd_timer, nbr->v_ls_upd);
535
536 return 0;
537 }
538
539 int ospf_ls_ack_timer(struct thread *thread)
540 {
541 struct ospf_interface *oi;
542
543 oi = THREAD_ARG(thread);
544 oi->t_ls_ack = NULL;
545
546 /* Send Link State Acknowledgment. */
547 if (listcount(oi->ls_ack) > 0)
548 ospf_ls_ack_send_delayed(oi);
549
550 /* Set LS Ack timer. */
551 OSPF_ISM_TIMER_ON(oi->t_ls_ack, ospf_ls_ack_timer, oi->v_ls_ack);
552
553 return 0;
554 }
555
556 #ifdef WANT_OSPF_WRITE_FRAGMENT
557 static void ospf_write_frags(int fd, struct ospf_packet *op, struct ip *iph,
558 struct msghdr *msg, unsigned int maxdatasize,
559 unsigned int mtu, int flags, uint8_t type)
560 {
561 #define OSPF_WRITE_FRAG_SHIFT 3
562 uint16_t offset;
563 struct iovec *iovp;
564 int ret;
565
566 assert(op->length == stream_get_endp(op->s));
567 assert(msg->msg_iovlen == 2);
568
569 /* we can but try.
570 *
571 * SunOS, BSD and BSD derived kernels likely will clear ip_id, as
572 * well as the IP_MF flag, making this all quite pointless.
573 *
574 * However, for a system on which IP_MF is left alone, and ip_id left
575 * alone or else which sets same ip_id for each fragment this might
576 * work, eg linux.
577 *
578 * XXX-TODO: It would be much nicer to have the kernel's use their
579 * existing fragmentation support to do this for us. Bugs/RFEs need to
580 * be raised against the various kernels.
581 */
582
583 /* set More Frag */
584 iph->ip_off |= IP_MF;
585
586 /* ip frag offset is expressed in units of 8byte words */
587 offset = maxdatasize >> OSPF_WRITE_FRAG_SHIFT;
588
589 iovp = &msg->msg_iov[1];
590
591 while ((stream_get_endp(op->s) - stream_get_getp(op->s))
592 > maxdatasize) {
593 /* data length of this frag is to next offset value */
594 iovp->iov_len = offset << OSPF_WRITE_FRAG_SHIFT;
595 iph->ip_len = iovp->iov_len + sizeof(struct ip);
596 assert(iph->ip_len <= mtu);
597
598 sockopt_iphdrincl_swab_htosys(iph);
599
600 ret = sendmsg(fd, msg, flags);
601
602 sockopt_iphdrincl_swab_systoh(iph);
603
604 if (ret < 0)
605 flog_err(
606 EC_LIB_SOCKET,
607 "*** ospf_write_frags: sendmsg failed to %s,"
608 " id %d, off %d, len %d, mtu %u failed with %s",
609 inet_ntoa(iph->ip_dst), iph->ip_id, iph->ip_off,
610 iph->ip_len, mtu, safe_strerror(errno));
611
612 if (IS_DEBUG_OSPF_PACKET(type - 1, SEND)) {
613 zlog_debug(
614 "ospf_write_frags: sent id %d, off %d, len %d to %s\n",
615 iph->ip_id, iph->ip_off, iph->ip_len,
616 inet_ntoa(iph->ip_dst));
617 }
618
619 iph->ip_off += offset;
620 stream_forward_getp(op->s, iovp->iov_len);
621 iovp->iov_base = stream_pnt(op->s);
622 }
623
624 /* setup for final fragment */
625 iovp->iov_len = stream_get_endp(op->s) - stream_get_getp(op->s);
626 iph->ip_len = iovp->iov_len + sizeof(struct ip);
627 iph->ip_off &= (~IP_MF);
628 }
629 #endif /* WANT_OSPF_WRITE_FRAGMENT */
630
631 static int ospf_write(struct thread *thread)
632 {
633 struct ospf *ospf = THREAD_ARG(thread);
634 struct ospf_interface *oi;
635 struct ospf_interface *last_serviced_oi = NULL;
636 struct ospf_packet *op;
637 struct sockaddr_in sa_dst;
638 struct ip iph;
639 struct msghdr msg;
640 struct iovec iov[2];
641 uint8_t type;
642 int ret;
643 int flags = 0;
644 struct listnode *node;
645 #ifdef WANT_OSPF_WRITE_FRAGMENT
646 static uint16_t ipid = 0;
647 uint16_t maxdatasize;
648 #endif /* WANT_OSPF_WRITE_FRAGMENT */
649 #define OSPF_WRITE_IPHL_SHIFT 2
650 int pkt_count = 0;
651
652 #ifdef GNU_LINUX
653 unsigned char cmsgbuf[64] = {};
654 struct cmsghdr *cm = (struct cmsghdr *)cmsgbuf;
655 struct in_pktinfo *pi;
656 #endif
657
658 if (ospf->fd < 0 || ospf->oi_running == 0) {
659 if (IS_DEBUG_OSPF_EVENT)
660 zlog_debug(
661 "ospf_write failed to send, fd %d, instance %u"
662 ,ospf->fd, ospf->oi_running);
663 return -1;
664 }
665
666 node = listhead(ospf->oi_write_q);
667 assert(node);
668 oi = listgetdata(node);
669
670 #ifdef WANT_OSPF_WRITE_FRAGMENT
671 /* seed ipid static with low order bits of time */
672 if (ipid == 0)
673 ipid = (time(NULL) & 0xffff);
674 #endif /* WANT_OSPF_WRITE_FRAGMENT */
675
676 while ((pkt_count < ospf->write_oi_count) && oi
677 && (last_serviced_oi != oi)) {
678 /* If there is only packet in the queue, the oi is removed from
679 write-q, so fix up the last interface that was serviced */
680 if (last_serviced_oi == NULL) {
681 last_serviced_oi = oi;
682 }
683 pkt_count++;
684 #ifdef WANT_OSPF_WRITE_FRAGMENT
685 /* convenience - max OSPF data per packet */
686 maxdatasize = oi->ifp->mtu - sizeof(struct ip);
687 #endif /* WANT_OSPF_WRITE_FRAGMENT */
688 /* Get one packet from queue. */
689 op = ospf_fifo_head(oi->obuf);
690 assert(op);
691 assert(op->length >= OSPF_HEADER_SIZE);
692
693 if (op->dst.s_addr == htonl(OSPF_ALLSPFROUTERS)
694 || op->dst.s_addr == htonl(OSPF_ALLDROUTERS))
695 ospf_if_ipmulticast(ospf, oi->address,
696 oi->ifp->ifindex);
697
698 /* Rewrite the md5 signature & update the seq */
699 ospf_make_md5_digest(oi, op);
700
701 /* Retrieve OSPF packet type. */
702 stream_set_getp(op->s, 1);
703 type = stream_getc(op->s);
704
705 /* reset get pointer */
706 stream_set_getp(op->s, 0);
707
708 memset(&iph, 0, sizeof(struct ip));
709 memset(&sa_dst, 0, sizeof(sa_dst));
710
711 sa_dst.sin_family = AF_INET;
712 #ifdef HAVE_STRUCT_SOCKADDR_IN_SIN_LEN
713 sa_dst.sin_len = sizeof(sa_dst);
714 #endif /* HAVE_STRUCT_SOCKADDR_IN_SIN_LEN */
715 sa_dst.sin_addr = op->dst;
716 sa_dst.sin_port = htons(0);
717
718 /* Set DONTROUTE flag if dst is unicast. */
719 if (oi->type != OSPF_IFTYPE_VIRTUALLINK)
720 if (!IN_MULTICAST(htonl(op->dst.s_addr)))
721 flags = MSG_DONTROUTE;
722
723 iph.ip_hl = sizeof(struct ip) >> OSPF_WRITE_IPHL_SHIFT;
724 /* it'd be very strange for header to not be 4byte-word aligned
725 * but.. */
726 if (sizeof(struct ip)
727 > (unsigned int)(iph.ip_hl << OSPF_WRITE_IPHL_SHIFT))
728 iph.ip_hl++; /* we presume sizeof struct ip cant
729 overflow ip_hl.. */
730
731 iph.ip_v = IPVERSION;
732 iph.ip_tos = IPTOS_PREC_INTERNETCONTROL;
733 iph.ip_len = (iph.ip_hl << OSPF_WRITE_IPHL_SHIFT) + op->length;
734
735 #if defined(__DragonFly__)
736 /*
737 * DragonFly's raw socket expects ip_len/ip_off in network byte
738 * order.
739 */
740 iph.ip_len = htons(iph.ip_len);
741 #endif
742
743 #ifdef WANT_OSPF_WRITE_FRAGMENT
744 /* XXX-MT: not thread-safe at all..
745 * XXX: this presumes this is only programme sending OSPF
746 * packets
747 * otherwise, no guarantee ipid will be unique
748 */
749 iph.ip_id = ++ipid;
750 #endif /* WANT_OSPF_WRITE_FRAGMENT */
751
752 iph.ip_off = 0;
753 if (oi->type == OSPF_IFTYPE_VIRTUALLINK)
754 iph.ip_ttl = OSPF_VL_IP_TTL;
755 else
756 iph.ip_ttl = OSPF_IP_TTL;
757 iph.ip_p = IPPROTO_OSPFIGP;
758 iph.ip_sum = 0;
759 iph.ip_src.s_addr = oi->address->u.prefix4.s_addr;
760 iph.ip_dst.s_addr = op->dst.s_addr;
761
762 memset(&msg, 0, sizeof(msg));
763 msg.msg_name = (caddr_t)&sa_dst;
764 msg.msg_namelen = sizeof(sa_dst);
765 msg.msg_iov = iov;
766 msg.msg_iovlen = 2;
767
768 iov[0].iov_base = (char *)&iph;
769 iov[0].iov_len = iph.ip_hl << OSPF_WRITE_IPHL_SHIFT;
770 iov[1].iov_base = stream_pnt(op->s);
771 iov[1].iov_len = op->length;
772
773 #ifdef GNU_LINUX
774 msg.msg_control = (caddr_t)cm;
775 cm->cmsg_level = SOL_IP;
776 cm->cmsg_type = IP_PKTINFO;
777 cm->cmsg_len = CMSG_LEN(sizeof(struct in_pktinfo));
778 pi = (struct in_pktinfo *)CMSG_DATA(cm);
779 pi->ipi_ifindex = oi->ifp->ifindex;
780
781 msg.msg_controllen = cm->cmsg_len;
782 #endif
783
784 /* Sadly we can not rely on kernels to fragment packets
785 * because of either IP_HDRINCL and/or multicast
786 * destination being set.
787 */
788
789 #ifdef WANT_OSPF_WRITE_FRAGMENT
790 if (op->length > maxdatasize)
791 ospf_write_frags(ospf->fd, op, &iph, &msg, maxdatasize,
792 oi->ifp->mtu, flags, type);
793 #endif /* WANT_OSPF_WRITE_FRAGMENT */
794
795 /* send final fragment (could be first) */
796 sockopt_iphdrincl_swab_htosys(&iph);
797 ret = sendmsg(ospf->fd, &msg, flags);
798 sockopt_iphdrincl_swab_systoh(&iph);
799 if (IS_DEBUG_OSPF_EVENT)
800 zlog_debug(
801 "ospf_write to %s, "
802 "id %d, off %d, len %d, interface %s, mtu %u:",
803 inet_ntoa(iph.ip_dst), iph.ip_id, iph.ip_off,
804 iph.ip_len, oi->ifp->name, oi->ifp->mtu);
805
806 if (ret < 0)
807 flog_err(
808 EC_LIB_SOCKET,
809 "*** sendmsg in ospf_write failed to %s, "
810 "id %d, off %d, len %d, interface %s, mtu %u: %s",
811 inet_ntoa(iph.ip_dst), iph.ip_id, iph.ip_off,
812 iph.ip_len, oi->ifp->name, oi->ifp->mtu,
813 safe_strerror(errno));
814
815 /* Show debug sending packet. */
816 if (IS_DEBUG_OSPF_PACKET(type - 1, SEND)) {
817 if (IS_DEBUG_OSPF_PACKET(type - 1, DETAIL)) {
818 zlog_debug(
819 "-----------------------------------------------------");
820 stream_set_getp(op->s, 0);
821 ospf_packet_dump(op->s);
822 }
823
824 zlog_debug("%s sent to [%s] via [%s].",
825 lookup_msg(ospf_packet_type_str, type, NULL),
826 inet_ntoa(op->dst), IF_NAME(oi));
827
828 if (IS_DEBUG_OSPF_PACKET(type - 1, DETAIL))
829 zlog_debug(
830 "-----------------------------------------------------");
831 }
832
833 switch (type) {
834 case OSPF_MSG_HELLO:
835 oi->hello_out++;
836 break;
837 case OSPF_MSG_DB_DESC:
838 oi->db_desc_out++;
839 break;
840 case OSPF_MSG_LS_REQ:
841 oi->ls_req_out++;
842 break;
843 case OSPF_MSG_LS_UPD:
844 oi->ls_upd_out++;
845 break;
846 case OSPF_MSG_LS_ACK:
847 oi->ls_ack_out++;
848 break;
849 default:
850 break;
851 }
852
853 /* Now delete packet from queue. */
854 ospf_packet_delete(oi);
855
856 /* Move this interface to the tail of write_q to
857 serve everyone in a round robin fashion */
858 list_delete_node(ospf->oi_write_q, node);
859 if (ospf_fifo_head(oi->obuf) == NULL) {
860 oi->on_write_q = 0;
861 last_serviced_oi = NULL;
862 oi = NULL;
863 } else {
864 listnode_add(ospf->oi_write_q, oi);
865 }
866
867 /* Setup to service from the head of the queue again */
868 if (!list_isempty(ospf->oi_write_q)) {
869 node = listhead(ospf->oi_write_q);
870 oi = listgetdata(node);
871 }
872 }
873
874 /* If packets still remain in queue, call write thread. */
875 if (!list_isempty(ospf->oi_write_q))
876 thread_add_write(master, ospf_write, ospf, ospf->fd,
877 &ospf->t_write);
878
879 return 0;
880 }
881
882 /* OSPF Hello message read -- RFC2328 Section 10.5. */
883 static void ospf_hello(struct ip *iph, struct ospf_header *ospfh,
884 struct stream *s, struct ospf_interface *oi, int size)
885 {
886 struct ospf_hello *hello;
887 struct ospf_neighbor *nbr;
888 int old_state;
889 struct prefix p;
890
891 /* increment statistics. */
892 oi->hello_in++;
893
894 hello = (struct ospf_hello *)stream_pnt(s);
895
896 /* If Hello is myself, silently discard. */
897 if (IPV4_ADDR_SAME(&ospfh->router_id, &oi->ospf->router_id)) {
898 if (IS_DEBUG_OSPF_PACKET(ospfh->type - 1, RECV)) {
899 zlog_debug(
900 "ospf_header[%s/%s]: selforiginated, "
901 "dropping.",
902 lookup_msg(ospf_packet_type_str, ospfh->type,
903 NULL),
904 inet_ntoa(iph->ip_src));
905 }
906 return;
907 }
908
909 /* get neighbor prefix. */
910 p.family = AF_INET;
911 p.prefixlen = ip_masklen(hello->network_mask);
912 p.u.prefix4 = iph->ip_src;
913
914 /* Compare network mask. */
915 /* Checking is ignored for Point-to-Point and Virtual link. */
916 if (oi->type != OSPF_IFTYPE_POINTOPOINT
917 && oi->type != OSPF_IFTYPE_VIRTUALLINK)
918 if (oi->address->prefixlen != p.prefixlen) {
919 flog_warn(
920 EC_OSPF_PACKET,
921 "Packet %s [Hello:RECV]: NetworkMask mismatch on %s (configured prefix length is %d, but hello packet indicates %d).",
922 inet_ntoa(ospfh->router_id), IF_NAME(oi),
923 (int)oi->address->prefixlen, (int)p.prefixlen);
924 return;
925 }
926
927 /* Compare Router Dead Interval. */
928 if (OSPF_IF_PARAM(oi, v_wait) != ntohl(hello->dead_interval)) {
929 flog_warn(EC_OSPF_PACKET,
930 "Packet %s [Hello:RECV]: RouterDeadInterval mismatch "
931 "(expected %u, but received %u).",
932 inet_ntoa(ospfh->router_id),
933 OSPF_IF_PARAM(oi, v_wait),
934 ntohl(hello->dead_interval));
935 return;
936 }
937
938 /* Compare Hello Interval - ignored if fast-hellos are set. */
939 if (OSPF_IF_PARAM(oi, fast_hello) == 0) {
940 if (OSPF_IF_PARAM(oi, v_hello)
941 != ntohs(hello->hello_interval)) {
942 flog_warn(
943 EC_OSPF_PACKET,
944 "Packet %s [Hello:RECV]: HelloInterval mismatch "
945 "(expected %u, but received %u).",
946 inet_ntoa(ospfh->router_id),
947 OSPF_IF_PARAM(oi, v_hello),
948 ntohs(hello->hello_interval));
949 return;
950 }
951 }
952
953 if (IS_DEBUG_OSPF_EVENT)
954 zlog_debug("Packet %s [Hello:RECV]: Options %s vrf %s",
955 inet_ntoa(ospfh->router_id),
956 ospf_options_dump(hello->options),
957 ospf_vrf_id_to_name(oi->ospf->vrf_id));
958
959 /* Compare options. */
960 #define REJECT_IF_TBIT_ON 1 /* XXX */
961 #ifdef REJECT_IF_TBIT_ON
962 if (CHECK_FLAG(hello->options, OSPF_OPTION_MT)) {
963 /*
964 * This router does not support non-zero TOS.
965 * Drop this Hello packet not to establish neighbor
966 * relationship.
967 */
968 flog_warn(EC_OSPF_PACKET,
969 "Packet %s [Hello:RECV]: T-bit on, drop it.",
970 inet_ntoa(ospfh->router_id));
971 return;
972 }
973 #endif /* REJECT_IF_TBIT_ON */
974
975 if (CHECK_FLAG(oi->ospf->config, OSPF_OPAQUE_CAPABLE)
976 && CHECK_FLAG(hello->options, OSPF_OPTION_O)) {
977 /*
978 * This router does know the correct usage of O-bit
979 * the bit should be set in DD packet only.
980 */
981 flog_warn(EC_OSPF_PACKET,
982 "Packet %s [Hello:RECV]: O-bit abuse?",
983 inet_ntoa(ospfh->router_id));
984 #ifdef STRICT_OBIT_USAGE_CHECK
985 return; /* Reject this packet. */
986 #else /* STRICT_OBIT_USAGE_CHECK */
987 UNSET_FLAG(hello->options, OSPF_OPTION_O); /* Ignore O-bit. */
988 #endif /* STRICT_OBIT_USAGE_CHECK */
989 }
990
991 /* new for NSSA is to ensure that NP is on and E is off */
992
993 if (oi->area->external_routing == OSPF_AREA_NSSA) {
994 if (!(CHECK_FLAG(OPTIONS(oi), OSPF_OPTION_NP)
995 && CHECK_FLAG(hello->options, OSPF_OPTION_NP)
996 && !CHECK_FLAG(OPTIONS(oi), OSPF_OPTION_E)
997 && !CHECK_FLAG(hello->options, OSPF_OPTION_E))) {
998 flog_warn(
999 EC_OSPF_PACKET,
1000 "NSSA-Packet-%s[Hello:RECV]: my options: %x, his options %x",
1001 inet_ntoa(ospfh->router_id), OPTIONS(oi),
1002 hello->options);
1003 return;
1004 }
1005 if (IS_DEBUG_OSPF_NSSA)
1006 zlog_debug("NSSA-Hello:RECV:Packet from %s:",
1007 inet_ntoa(ospfh->router_id));
1008 } else
1009 /* The setting of the E-bit found in the Hello Packet's Options
1010 field must match this area's ExternalRoutingCapability A
1011 mismatch causes processing to stop and the packet to be
1012 dropped. The setting of the rest of the bits in the Hello
1013 Packet's Options field should be ignored. */
1014 if (CHECK_FLAG(OPTIONS(oi), OSPF_OPTION_E)
1015 != CHECK_FLAG(hello->options, OSPF_OPTION_E)) {
1016 flog_warn(
1017 EC_OSPF_PACKET,
1018 "Packet %s [Hello:RECV]: my options: %x, his options %x",
1019 inet_ntoa(ospfh->router_id), OPTIONS(oi),
1020 hello->options);
1021 return;
1022 }
1023
1024 /* get neighbour struct */
1025 nbr = ospf_nbr_get(oi, ospfh, iph, &p);
1026
1027 /* neighbour must be valid, ospf_nbr_get creates if none existed */
1028 assert(nbr);
1029
1030 old_state = nbr->state;
1031
1032 /* Add event to thread. */
1033 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_PacketReceived);
1034
1035 /* RFC2328 Section 9.5.1
1036 If the router is not eligible to become Designated Router,
1037 (snip) It must also send an Hello Packet in reply to an
1038 Hello Packet received from any eligible neighbor (other than
1039 the current Designated Router and Backup Designated Router). */
1040 if (oi->type == OSPF_IFTYPE_NBMA)
1041 if (PRIORITY(oi) == 0 && hello->priority > 0
1042 && IPV4_ADDR_CMP(&DR(oi), &iph->ip_src)
1043 && IPV4_ADDR_CMP(&BDR(oi), &iph->ip_src))
1044 OSPF_NSM_TIMER_ON(nbr->t_hello_reply,
1045 ospf_hello_reply_timer,
1046 OSPF_HELLO_REPLY_DELAY);
1047
1048 /* on NBMA network type, it happens to receive bidirectional Hello
1049 packet
1050 without advance 1-Way Received event.
1051 To avoid incorrect DR-seletion, raise 1-Way Received event.*/
1052 if (oi->type == OSPF_IFTYPE_NBMA
1053 && (old_state == NSM_Down || old_state == NSM_Attempt)) {
1054 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_OneWayReceived);
1055 nbr->priority = hello->priority;
1056 nbr->d_router = hello->d_router;
1057 nbr->bd_router = hello->bd_router;
1058 return;
1059 }
1060
1061 if (ospf_nbr_bidirectional(&oi->ospf->router_id, hello->neighbors,
1062 size - OSPF_HELLO_MIN_SIZE)) {
1063 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_TwoWayReceived);
1064 nbr->options |= hello->options;
1065 } else {
1066 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_OneWayReceived);
1067 /* Set neighbor information. */
1068 nbr->priority = hello->priority;
1069 nbr->d_router = hello->d_router;
1070 nbr->bd_router = hello->bd_router;
1071 return;
1072 }
1073
1074 /* If neighbor itself declares DR and no BDR exists,
1075 cause event BackupSeen */
1076 if (IPV4_ADDR_SAME(&nbr->address.u.prefix4, &hello->d_router))
1077 if (hello->bd_router.s_addr == 0 && oi->state == ISM_Waiting)
1078 OSPF_ISM_EVENT_SCHEDULE(oi, ISM_BackupSeen);
1079
1080 /* neighbor itself declares BDR. */
1081 if (oi->state == ISM_Waiting
1082 && IPV4_ADDR_SAME(&nbr->address.u.prefix4, &hello->bd_router))
1083 OSPF_ISM_EVENT_SCHEDULE(oi, ISM_BackupSeen);
1084
1085 /* had not previously. */
1086 if ((IPV4_ADDR_SAME(&nbr->address.u.prefix4, &hello->d_router)
1087 && IPV4_ADDR_CMP(&nbr->address.u.prefix4, &nbr->d_router))
1088 || (IPV4_ADDR_CMP(&nbr->address.u.prefix4, &hello->d_router)
1089 && IPV4_ADDR_SAME(&nbr->address.u.prefix4, &nbr->d_router)))
1090 OSPF_ISM_EVENT_SCHEDULE(oi, ISM_NeighborChange);
1091
1092 /* had not previously. */
1093 if ((IPV4_ADDR_SAME(&nbr->address.u.prefix4, &hello->bd_router)
1094 && IPV4_ADDR_CMP(&nbr->address.u.prefix4, &nbr->bd_router))
1095 || (IPV4_ADDR_CMP(&nbr->address.u.prefix4, &hello->bd_router)
1096 && IPV4_ADDR_SAME(&nbr->address.u.prefix4, &nbr->bd_router)))
1097 OSPF_ISM_EVENT_SCHEDULE(oi, ISM_NeighborChange);
1098
1099 /* Neighbor priority check. */
1100 if (nbr->priority >= 0 && nbr->priority != hello->priority)
1101 OSPF_ISM_EVENT_SCHEDULE(oi, ISM_NeighborChange);
1102
1103 /* Set neighbor information. */
1104 nbr->priority = hello->priority;
1105 nbr->d_router = hello->d_router;
1106 nbr->bd_router = hello->bd_router;
1107 }
1108
1109 /* Save DD flags/options/Seqnum received. */
1110 static void ospf_db_desc_save_current(struct ospf_neighbor *nbr,
1111 struct ospf_db_desc *dd)
1112 {
1113 nbr->last_recv.flags = dd->flags;
1114 nbr->last_recv.options = dd->options;
1115 nbr->last_recv.dd_seqnum = ntohl(dd->dd_seqnum);
1116 }
1117
1118 /* Process rest of DD packet. */
1119 static void ospf_db_desc_proc(struct stream *s, struct ospf_interface *oi,
1120 struct ospf_neighbor *nbr,
1121 struct ospf_db_desc *dd, uint16_t size)
1122 {
1123 struct ospf_lsa *new, *find;
1124 struct lsa_header *lsah;
1125
1126 stream_forward_getp(s, OSPF_DB_DESC_MIN_SIZE);
1127 for (size -= OSPF_DB_DESC_MIN_SIZE; size >= OSPF_LSA_HEADER_SIZE;
1128 size -= OSPF_LSA_HEADER_SIZE) {
1129 lsah = (struct lsa_header *)stream_pnt(s);
1130 stream_forward_getp(s, OSPF_LSA_HEADER_SIZE);
1131
1132 /* Unknown LS type. */
1133 if (lsah->type < OSPF_MIN_LSA || lsah->type >= OSPF_MAX_LSA) {
1134 flog_warn(EC_OSPF_PACKET,
1135 "Packet [DD:RECV]: Unknown LS type %d.",
1136 lsah->type);
1137 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_SeqNumberMismatch);
1138 return;
1139 }
1140
1141 if (IS_OPAQUE_LSA(lsah->type)
1142 && !CHECK_FLAG(nbr->options, OSPF_OPTION_O)) {
1143 flog_warn(EC_OSPF_PACKET,
1144 "LSA[Type%d:%s]: Opaque capability mismatch?",
1145 lsah->type, inet_ntoa(lsah->id));
1146 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_SeqNumberMismatch);
1147 return;
1148 }
1149
1150 switch (lsah->type) {
1151 case OSPF_AS_EXTERNAL_LSA:
1152 case OSPF_OPAQUE_AS_LSA:
1153 /* Check for stub area. Reject if AS-External from stub
1154 but
1155 allow if from NSSA. */
1156 if (oi->area->external_routing == OSPF_AREA_STUB) {
1157 flog_warn(
1158 EC_OSPF_PACKET,
1159 "Packet [DD:RECV]: LSA[Type%d:%s] from %s area.",
1160 lsah->type, inet_ntoa(lsah->id),
1161 (oi->area->external_routing
1162 == OSPF_AREA_STUB)
1163 ? "STUB"
1164 : "NSSA");
1165 OSPF_NSM_EVENT_SCHEDULE(nbr,
1166 NSM_SeqNumberMismatch);
1167 return;
1168 }
1169 break;
1170 default:
1171 break;
1172 }
1173
1174 /* Create LS-request object. */
1175 new = ospf_ls_request_new(lsah);
1176
1177 /* Lookup received LSA, then add LS request list. */
1178 find = ospf_lsa_lookup_by_header(oi->area, lsah);
1179
1180 /* ospf_lsa_more_recent is fine with NULL pointers */
1181 switch (ospf_lsa_more_recent(find, new)) {
1182 case -1:
1183 /* Neighbour has a more recent LSA, we must request it
1184 */
1185 ospf_ls_request_add(nbr, new);
1186 /* fallthru */
1187 case 0:
1188 /* If we have a copy of this LSA, it's either less
1189 * recent
1190 * and we're requesting it from neighbour (the case
1191 * above), or
1192 * it's as recent and we both have same copy (this
1193 * case).
1194 *
1195 * In neither of these two cases is there any point in
1196 * describing our copy of the LSA to the neighbour in a
1197 * DB-Summary packet, if we're still intending to do so.
1198 *
1199 * See: draft-ogier-ospf-dbex-opt-00.txt, describing the
1200 * backward compatible optimisation to OSPF DB Exchange
1201 * /
1202 * DB Description process implemented here.
1203 */
1204 if (find)
1205 ospf_lsdb_delete(&nbr->db_sum, find);
1206 ospf_lsa_discard(new);
1207 break;
1208 default:
1209 /* We have the more recent copy, nothing specific to do:
1210 * - no need to request neighbours stale copy
1211 * - must leave DB summary list copy alone
1212 */
1213 if (IS_DEBUG_OSPF_EVENT)
1214 zlog_debug(
1215 "Packet [DD:RECV]: LSA received Type %d, "
1216 "ID %s is not recent.",
1217 lsah->type, inet_ntoa(lsah->id));
1218 ospf_lsa_discard(new);
1219 }
1220 }
1221
1222 /* Master */
1223 if (IS_SET_DD_MS(nbr->dd_flags)) {
1224 nbr->dd_seqnum++;
1225
1226 /* Both sides have no More, then we're done with Exchange */
1227 if (!IS_SET_DD_M(dd->flags) && !IS_SET_DD_M(nbr->dd_flags))
1228 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_ExchangeDone);
1229 else
1230 ospf_db_desc_send(nbr);
1231 }
1232 /* Slave */
1233 else {
1234 nbr->dd_seqnum = ntohl(dd->dd_seqnum);
1235
1236 /* Send DD packet in reply.
1237 *
1238 * Must be done to acknowledge the Master's DD, regardless of
1239 * whether we have more LSAs ourselves to describe.
1240 *
1241 * This function will clear the 'More' bit, if after this DD
1242 * we have no more LSAs to describe to the master..
1243 */
1244 ospf_db_desc_send(nbr);
1245
1246 /* Slave can raise ExchangeDone now, if master is also done */
1247 if (!IS_SET_DD_M(dd->flags) && !IS_SET_DD_M(nbr->dd_flags))
1248 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_ExchangeDone);
1249 }
1250
1251 /* Save received neighbor values from DD. */
1252 ospf_db_desc_save_current(nbr, dd);
1253
1254 if (!nbr->t_ls_req)
1255 ospf_ls_req_send(nbr);
1256 }
1257
1258 static int ospf_db_desc_is_dup(struct ospf_db_desc *dd,
1259 struct ospf_neighbor *nbr)
1260 {
1261 /* Is DD duplicated? */
1262 if (dd->options == nbr->last_recv.options
1263 && dd->flags == nbr->last_recv.flags
1264 && dd->dd_seqnum == htonl(nbr->last_recv.dd_seqnum))
1265 return 1;
1266
1267 return 0;
1268 }
1269
1270 /* OSPF Database Description message read -- RFC2328 Section 10.6. */
1271 static void ospf_db_desc(struct ip *iph, struct ospf_header *ospfh,
1272 struct stream *s, struct ospf_interface *oi,
1273 uint16_t size)
1274 {
1275 struct ospf_db_desc *dd;
1276 struct ospf_neighbor *nbr;
1277
1278 /* Increment statistics. */
1279 oi->db_desc_in++;
1280
1281 dd = (struct ospf_db_desc *)stream_pnt(s);
1282
1283 nbr = ospf_nbr_lookup(oi, iph, ospfh);
1284 if (nbr == NULL) {
1285 flog_warn(EC_OSPF_PACKET, "Packet[DD]: Unknown Neighbor %s",
1286 inet_ntoa(ospfh->router_id));
1287 return;
1288 }
1289
1290 /* Check MTU. */
1291 if ((OSPF_IF_PARAM(oi, mtu_ignore) == 0)
1292 && (ntohs(dd->mtu) > oi->ifp->mtu)) {
1293 flog_warn(
1294 EC_OSPF_PACKET,
1295 "Packet[DD]: Neighbor %s MTU %u is larger than [%s]'s MTU %u",
1296 inet_ntoa(nbr->router_id), ntohs(dd->mtu), IF_NAME(oi),
1297 oi->ifp->mtu);
1298 return;
1299 }
1300
1301 /*
1302 * XXX HACK by Hasso Tepper. Setting N/P bit in NSSA area DD packets is
1303 * not
1304 * required. In fact at least JunOS sends DD packets with P bit clear.
1305 * Until proper solution is developped, this hack should help.
1306 *
1307 * Update: According to the RFCs, N bit is specified /only/ for Hello
1308 * options, unfortunately its use in DD options is not specified. Hence
1309 * some
1310 * implementations follow E-bit semantics and set it in DD options, and
1311 * some
1312 * treat it as unspecified and hence follow the directive "default for
1313 * options is clear", ie unset.
1314 *
1315 * Reset the flag, as ospfd follows E-bit semantics.
1316 */
1317 if ((oi->area->external_routing == OSPF_AREA_NSSA)
1318 && (CHECK_FLAG(nbr->options, OSPF_OPTION_NP))
1319 && (!CHECK_FLAG(dd->options, OSPF_OPTION_NP))) {
1320 if (IS_DEBUG_OSPF_EVENT)
1321 zlog_debug(
1322 "Packet[DD]: Neighbour %s: Has NSSA capability, sends with N bit clear in DD options",
1323 inet_ntoa(nbr->router_id));
1324 SET_FLAG(dd->options, OSPF_OPTION_NP);
1325 }
1326
1327 #ifdef REJECT_IF_TBIT_ON
1328 if (CHECK_FLAG(dd->options, OSPF_OPTION_MT)) {
1329 /*
1330 * In Hello protocol, optional capability must have checked
1331 * to prevent this T-bit enabled router be my neighbor.
1332 */
1333 flog_warn(EC_OSPF_PACKET, "Packet[DD]: Neighbor %s: T-bit on?",
1334 inet_ntoa(nbr->router_id));
1335 return;
1336 }
1337 #endif /* REJECT_IF_TBIT_ON */
1338
1339 if (CHECK_FLAG(dd->options, OSPF_OPTION_O)
1340 && !CHECK_FLAG(oi->ospf->config, OSPF_OPAQUE_CAPABLE)) {
1341 /*
1342 * This node is not configured to handle O-bit, for now.
1343 * Clear it to ignore unsupported capability proposed by
1344 * neighbor.
1345 */
1346 UNSET_FLAG(dd->options, OSPF_OPTION_O);
1347 }
1348
1349 /* Add event to thread. */
1350 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_PacketReceived);
1351
1352 if (CHECK_FLAG(oi->ospf->config, OSPF_LOG_ADJACENCY_DETAIL))
1353 zlog_info(
1354 "%s:Packet[DD]: Neighbor %s state is %s, seq_num:0x%x, local:0x%x",
1355 (oi->ospf->name) ? oi->ospf->name : VRF_DEFAULT_NAME,
1356 inet_ntoa(nbr->router_id),
1357 lookup_msg(ospf_nsm_state_msg, nbr->state, NULL),
1358 ntohl(dd->dd_seqnum), nbr->dd_seqnum);
1359
1360 /* Process DD packet by neighbor status. */
1361 switch (nbr->state) {
1362 case NSM_Down:
1363 case NSM_Attempt:
1364 case NSM_TwoWay:
1365 if (CHECK_FLAG(oi->ospf->config, OSPF_LOG_ADJACENCY_DETAIL))
1366 zlog_info(
1367 "Packet[DD]: Neighbor %s state is %s, packet discarded.",
1368 inet_ntoa(nbr->router_id),
1369 lookup_msg(ospf_nsm_state_msg, nbr->state,
1370 NULL));
1371 break;
1372 case NSM_Init:
1373 OSPF_NSM_EVENT_EXECUTE(nbr, NSM_TwoWayReceived);
1374 /* If the new state is ExStart, the processing of the current
1375 packet should then continue in this new state by falling
1376 through to case ExStart below. */
1377 if (nbr->state != NSM_ExStart)
1378 break;
1379 /* fallthru */
1380 case NSM_ExStart:
1381 /* Initial DBD */
1382 if ((IS_SET_DD_ALL(dd->flags) == OSPF_DD_FLAG_ALL)
1383 && (size == OSPF_DB_DESC_MIN_SIZE)) {
1384 if (IPV4_ADDR_CMP(&nbr->router_id, &oi->ospf->router_id)
1385 > 0) {
1386 /* We're Slave---obey */
1387 if (CHECK_FLAG(oi->ospf->config,
1388 OSPF_LOG_ADJACENCY_DETAIL))
1389 zlog_info(
1390 "Packet[DD]: Neighbor %s Negotiation done (Slave).",
1391 inet_ntoa(nbr->router_id));
1392
1393 nbr->dd_seqnum = ntohl(dd->dd_seqnum);
1394
1395 /* Reset I/MS */
1396 UNSET_FLAG(nbr->dd_flags,
1397 (OSPF_DD_FLAG_MS | OSPF_DD_FLAG_I));
1398 } else {
1399 /* We're Master, ignore the initial DBD from
1400 * Slave */
1401 if (CHECK_FLAG(oi->ospf->config,
1402 OSPF_LOG_ADJACENCY_DETAIL))
1403 zlog_info(
1404 "Packet[DD]: Neighbor %s: Initial DBD from Slave, "
1405 "ignoring.",
1406 inet_ntoa(nbr->router_id));
1407 break;
1408 }
1409 }
1410 /* Ack from the Slave */
1411 else if (!IS_SET_DD_MS(dd->flags) && !IS_SET_DD_I(dd->flags)
1412 && ntohl(dd->dd_seqnum) == nbr->dd_seqnum
1413 && IPV4_ADDR_CMP(&nbr->router_id, &oi->ospf->router_id)
1414 < 0) {
1415 zlog_info(
1416 "Packet[DD]: Neighbor %s Negotiation done (Master).",
1417 inet_ntoa(nbr->router_id));
1418 /* Reset I, leaving MS */
1419 UNSET_FLAG(nbr->dd_flags, OSPF_DD_FLAG_I);
1420 } else {
1421 flog_warn(EC_OSPF_PACKET,
1422 "Packet[DD]: Neighbor %s Negotiation fails.",
1423 inet_ntoa(nbr->router_id));
1424 break;
1425 }
1426
1427 /* This is where the real Options are saved */
1428 nbr->options = dd->options;
1429
1430 if (CHECK_FLAG(oi->ospf->config, OSPF_OPAQUE_CAPABLE)) {
1431 if (IS_DEBUG_OSPF_EVENT)
1432 zlog_debug(
1433 "Neighbor[%s] is %sOpaque-capable.",
1434 inet_ntoa(nbr->router_id),
1435 CHECK_FLAG(nbr->options, OSPF_OPTION_O)
1436 ? ""
1437 : "NOT ");
1438
1439 if (!CHECK_FLAG(nbr->options, OSPF_OPTION_O)
1440 && IPV4_ADDR_SAME(&DR(oi),
1441 &nbr->address.u.prefix4)) {
1442 flog_warn(
1443 EC_OSPF_PACKET,
1444 "DR-neighbor[%s] is NOT opaque-capable; Opaque-LSAs cannot be reliably advertised in this network.",
1445 inet_ntoa(nbr->router_id));
1446 /* This situation is undesirable, but not a real
1447 * error. */
1448 }
1449 }
1450
1451 OSPF_NSM_EVENT_EXECUTE(nbr, NSM_NegotiationDone);
1452
1453 /* continue processing rest of packet. */
1454 ospf_db_desc_proc(s, oi, nbr, dd, size);
1455 break;
1456 case NSM_Exchange:
1457 if (ospf_db_desc_is_dup(dd, nbr)) {
1458 if (IS_SET_DD_MS(nbr->dd_flags))
1459 /* Master: discard duplicated DD packet. */
1460 zlog_info(
1461 "Packet[DD] (Master): Neighbor %s packet duplicated.",
1462 inet_ntoa(nbr->router_id));
1463 else
1464 /* Slave: cause to retransmit the last Database
1465 Description. */
1466 {
1467 zlog_info(
1468 "Packet[DD] [Slave]: Neighbor %s packet duplicated.",
1469 inet_ntoa(nbr->router_id));
1470 ospf_db_desc_resend(nbr);
1471 }
1472 break;
1473 }
1474
1475 /* Otherwise DD packet should be checked. */
1476 /* Check Master/Slave bit mismatch */
1477 if (IS_SET_DD_MS(dd->flags)
1478 != IS_SET_DD_MS(nbr->last_recv.flags)) {
1479 flog_warn(EC_OSPF_PACKET,
1480 "Packet[DD]: Neighbor %s MS-bit mismatch.",
1481 inet_ntoa(nbr->router_id));
1482 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_SeqNumberMismatch);
1483 if (IS_DEBUG_OSPF_EVENT)
1484 zlog_debug(
1485 "Packet[DD]: dd->flags=%d, nbr->dd_flags=%d",
1486 dd->flags, nbr->dd_flags);
1487 break;
1488 }
1489
1490 /* Check initialize bit is set. */
1491 if (IS_SET_DD_I(dd->flags)) {
1492 zlog_info("Packet[DD]: Neighbor %s I-bit set.",
1493 inet_ntoa(nbr->router_id));
1494 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_SeqNumberMismatch);
1495 break;
1496 }
1497
1498 /* Check DD Options. */
1499 if (dd->options != nbr->options) {
1500 flog_warn(EC_OSPF_PACKET,
1501 "Packet[DD]: Neighbor %s options mismatch.",
1502 inet_ntoa(nbr->router_id));
1503 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_SeqNumberMismatch);
1504 break;
1505 }
1506
1507 /* Check DD sequence number. */
1508 if ((IS_SET_DD_MS(nbr->dd_flags)
1509 && ntohl(dd->dd_seqnum) != nbr->dd_seqnum)
1510 || (!IS_SET_DD_MS(nbr->dd_flags)
1511 && ntohl(dd->dd_seqnum) != nbr->dd_seqnum + 1)) {
1512 flog_warn(
1513 EC_OSPF_PACKET,
1514 "Packet[DD]: Neighbor %s sequence number mismatch.",
1515 inet_ntoa(nbr->router_id));
1516 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_SeqNumberMismatch);
1517 break;
1518 }
1519
1520 /* Continue processing rest of packet. */
1521 ospf_db_desc_proc(s, oi, nbr, dd, size);
1522 break;
1523 case NSM_Loading:
1524 case NSM_Full:
1525 if (ospf_db_desc_is_dup(dd, nbr)) {
1526 if (IS_SET_DD_MS(nbr->dd_flags)) {
1527 /* Master should discard duplicate DD packet. */
1528 zlog_info(
1529 "Packet[DD]: Neighbor %s duplicated, "
1530 "packet discarded.",
1531 inet_ntoa(nbr->router_id));
1532 break;
1533 } else {
1534 if (monotime_since(&nbr->last_send_ts, NULL)
1535 < nbr->v_inactivity * 1000000LL) {
1536 /* In states Loading and Full the slave
1537 must resend
1538 its last Database Description packet
1539 in response to
1540 duplicate Database Description
1541 packets received
1542 from the master. For this reason the
1543 slave must
1544 wait RouterDeadInterval seconds
1545 before freeing the
1546 last Database Description packet.
1547 Reception of a
1548 Database Description packet from the
1549 master after
1550 this interval will generate a
1551 SeqNumberMismatch
1552 neighbor event. RFC2328 Section 10.8
1553 */
1554 ospf_db_desc_resend(nbr);
1555 break;
1556 }
1557 }
1558 }
1559
1560 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_SeqNumberMismatch);
1561 break;
1562 default:
1563 flog_warn(EC_OSPF_PACKET,
1564 "Packet[DD]: Neighbor %s NSM illegal status %u.",
1565 inet_ntoa(nbr->router_id), nbr->state);
1566 break;
1567 }
1568 }
1569
1570 #define OSPF_LSA_KEY_SIZE 12 /* type(4) + id(4) + ar(4) */
1571
1572 /* OSPF Link State Request Read -- RFC2328 Section 10.7. */
1573 static void ospf_ls_req(struct ip *iph, struct ospf_header *ospfh,
1574 struct stream *s, struct ospf_interface *oi,
1575 uint16_t size)
1576 {
1577 struct ospf_neighbor *nbr;
1578 uint32_t ls_type;
1579 struct in_addr ls_id;
1580 struct in_addr adv_router;
1581 struct ospf_lsa *find;
1582 struct list *ls_upd;
1583 unsigned int length;
1584
1585 /* Increment statistics. */
1586 oi->ls_req_in++;
1587
1588 nbr = ospf_nbr_lookup(oi, iph, ospfh);
1589 if (nbr == NULL) {
1590 flog_warn(EC_OSPF_PACKET,
1591 "Link State Request: Unknown Neighbor %s.",
1592 inet_ntoa(ospfh->router_id));
1593 return;
1594 }
1595
1596 /* Add event to thread. */
1597 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_PacketReceived);
1598
1599 /* Neighbor State should be Exchange or later. */
1600 if (nbr->state != NSM_Exchange && nbr->state != NSM_Loading
1601 && nbr->state != NSM_Full) {
1602 flog_warn(
1603 EC_OSPF_PACKET,
1604 "Link State Request received from %s: Neighbor state is %s, packet discarded.",
1605 inet_ntoa(ospfh->router_id),
1606 lookup_msg(ospf_nsm_state_msg, nbr->state, NULL));
1607 return;
1608 }
1609
1610 /* Send Link State Update for ALL requested LSAs. */
1611 ls_upd = list_new();
1612 length = OSPF_HEADER_SIZE + OSPF_LS_UPD_MIN_SIZE;
1613
1614 while (size >= OSPF_LSA_KEY_SIZE) {
1615 /* Get one slice of Link State Request. */
1616 ls_type = stream_getl(s);
1617 ls_id.s_addr = stream_get_ipv4(s);
1618 adv_router.s_addr = stream_get_ipv4(s);
1619
1620 /* Verify LSA type. */
1621 if (ls_type < OSPF_MIN_LSA || ls_type >= OSPF_MAX_LSA) {
1622 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_BadLSReq);
1623 list_delete(&ls_upd);
1624 return;
1625 }
1626
1627 /* Search proper LSA in LSDB. */
1628 find = ospf_lsa_lookup(oi->ospf, oi->area, ls_type, ls_id,
1629 adv_router);
1630 if (find == NULL) {
1631 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_BadLSReq);
1632 list_delete(&ls_upd);
1633 return;
1634 }
1635
1636 /* Packet overflows MTU size, send immediately. */
1637 if (length + ntohs(find->data->length) > ospf_packet_max(oi)) {
1638 if (oi->type == OSPF_IFTYPE_NBMA)
1639 ospf_ls_upd_send(nbr, ls_upd,
1640 OSPF_SEND_PACKET_DIRECT, 0);
1641 else
1642 ospf_ls_upd_send(nbr, ls_upd,
1643 OSPF_SEND_PACKET_INDIRECT, 0);
1644
1645 /* Only remove list contents. Keep ls_upd. */
1646 list_delete_all_node(ls_upd);
1647
1648 length = OSPF_HEADER_SIZE + OSPF_LS_UPD_MIN_SIZE;
1649 }
1650
1651 /* Append LSA to update list. */
1652 listnode_add(ls_upd, find);
1653 length += ntohs(find->data->length);
1654
1655 size -= OSPF_LSA_KEY_SIZE;
1656 }
1657
1658 /* Send rest of Link State Update. */
1659 if (listcount(ls_upd) > 0) {
1660 if (oi->type == OSPF_IFTYPE_NBMA)
1661 ospf_ls_upd_send(nbr, ls_upd, OSPF_SEND_PACKET_DIRECT,
1662 0);
1663 else
1664 ospf_ls_upd_send(nbr, ls_upd, OSPF_SEND_PACKET_INDIRECT,
1665 0);
1666
1667 list_delete(&ls_upd);
1668 } else
1669 list_delete(&ls_upd);
1670 }
1671
1672 /* Get the list of LSAs from Link State Update packet.
1673 And process some validation -- RFC2328 Section 13. (1)-(2). */
1674 static struct list *ospf_ls_upd_list_lsa(struct ospf_neighbor *nbr,
1675 struct stream *s,
1676 struct ospf_interface *oi, size_t size)
1677 {
1678 uint16_t count, sum;
1679 uint32_t length;
1680 struct lsa_header *lsah;
1681 struct ospf_lsa *lsa;
1682 struct list *lsas;
1683
1684 lsas = list_new();
1685
1686 count = stream_getl(s);
1687 size -= OSPF_LS_UPD_MIN_SIZE; /* # LSAs */
1688
1689 for (; size >= OSPF_LSA_HEADER_SIZE && count > 0;
1690 size -= length, stream_forward_getp(s, length), count--) {
1691 lsah = (struct lsa_header *)stream_pnt(s);
1692 length = ntohs(lsah->length);
1693
1694 if (length > size) {
1695 flog_warn(
1696 EC_OSPF_PACKET,
1697 "Link State Update: LSA length exceeds packet size.");
1698 break;
1699 }
1700
1701 /* Validate the LSA's LS checksum. */
1702 sum = lsah->checksum;
1703 if (!ospf_lsa_checksum_valid(lsah)) {
1704 /* (bug #685) more details in a one-line message make it
1705 * possible
1706 * to identify problem source on the one hand and to
1707 * have a better
1708 * chance to compress repeated messages in syslog on the
1709 * other */
1710 flog_warn(
1711 EC_OSPF_PACKET,
1712 "Link State Update: LSA checksum error %x/%x, ID=%s from: nbr %s, router ID %s, adv router %s",
1713 sum, lsah->checksum, inet_ntoa(lsah->id),
1714 inet_ntoa(nbr->src), inet_ntoa(nbr->router_id),
1715 inet_ntoa(lsah->adv_router));
1716 continue;
1717 }
1718
1719 /* Examine the LSA's LS type. */
1720 if (lsah->type < OSPF_MIN_LSA || lsah->type >= OSPF_MAX_LSA) {
1721 flog_warn(EC_OSPF_PACKET,
1722 "Link State Update: Unknown LS type %d",
1723 lsah->type);
1724 continue;
1725 }
1726
1727 /*
1728 * What if the received LSA's age is greater than MaxAge?
1729 * Treat it as a MaxAge case -- endo.
1730 */
1731 if (ntohs(lsah->ls_age) > OSPF_LSA_MAXAGE)
1732 lsah->ls_age = htons(OSPF_LSA_MAXAGE);
1733
1734 if (CHECK_FLAG(nbr->options, OSPF_OPTION_O)) {
1735 #ifdef STRICT_OBIT_USAGE_CHECK
1736 if ((IS_OPAQUE_LSA(lsah->type)
1737 && !CHECK_FLAG(lsah->options, OSPF_OPTION_O))
1738 || (!IS_OPAQUE_LSA(lsah->type)
1739 && CHECK_FLAG(lsah->options, OSPF_OPTION_O))) {
1740 /*
1741 * This neighbor must know the exact usage of
1742 * O-bit;
1743 * the bit will be set in Type-9,10,11 LSAs
1744 * only.
1745 */
1746 flog_warn(EC_OSPF_PACKET,
1747 "LSA[Type%d:%s]: O-bit abuse?",
1748 lsah->type, inet_ntoa(lsah->id));
1749 continue;
1750 }
1751 #endif /* STRICT_OBIT_USAGE_CHECK */
1752
1753 /* Do not take in AS External Opaque-LSAs if we are a
1754 * stub. */
1755 if (lsah->type == OSPF_OPAQUE_AS_LSA
1756 && nbr->oi->area->external_routing
1757 != OSPF_AREA_DEFAULT) {
1758 if (IS_DEBUG_OSPF_EVENT)
1759 zlog_debug(
1760 "LSA[Type%d:%s]: We are a stub, don't take this LSA.",
1761 lsah->type,
1762 inet_ntoa(lsah->id));
1763 continue;
1764 }
1765 } else if (IS_OPAQUE_LSA(lsah->type)) {
1766 flog_warn(EC_OSPF_PACKET,
1767 "LSA[Type%d:%s]: Opaque capability mismatch?",
1768 lsah->type, inet_ntoa(lsah->id));
1769 continue;
1770 }
1771
1772 /* Create OSPF LSA instance. */
1773 lsa = ospf_lsa_new_and_data(length);
1774
1775 lsa->vrf_id = oi->ospf->vrf_id;
1776 /* We may wish to put some error checking if type NSSA comes in
1777 and area not in NSSA mode */
1778 switch (lsah->type) {
1779 case OSPF_AS_EXTERNAL_LSA:
1780 case OSPF_OPAQUE_AS_LSA:
1781 lsa->area = NULL;
1782 break;
1783 case OSPF_OPAQUE_LINK_LSA:
1784 lsa->oi = oi; /* Remember incoming interface for
1785 flooding control. */
1786 /* Fallthrough */
1787 default:
1788 lsa->area = oi->area;
1789 break;
1790 }
1791
1792 memcpy(lsa->data, lsah, length);
1793
1794 if (IS_DEBUG_OSPF_EVENT)
1795 zlog_debug(
1796 "LSA[Type%d:%s]: %p new LSA created with Link State Update",
1797 lsa->data->type, inet_ntoa(lsa->data->id),
1798 (void *)lsa);
1799 listnode_add(lsas, lsa);
1800 }
1801
1802 return lsas;
1803 }
1804
1805 /* Cleanup Update list. */
1806 static void ospf_upd_list_clean(struct list *lsas)
1807 {
1808 struct listnode *node, *nnode;
1809 struct ospf_lsa *lsa;
1810
1811 for (ALL_LIST_ELEMENTS(lsas, node, nnode, lsa))
1812 ospf_lsa_discard(lsa);
1813
1814 list_delete(&lsas);
1815 }
1816
1817 /* OSPF Link State Update message read -- RFC2328 Section 13. */
1818 static void ospf_ls_upd(struct ospf *ospf, struct ip *iph,
1819 struct ospf_header *ospfh, struct stream *s,
1820 struct ospf_interface *oi, uint16_t size)
1821 {
1822 struct ospf_neighbor *nbr;
1823 struct list *lsas;
1824 struct listnode *node, *nnode;
1825 struct ospf_lsa *lsa = NULL;
1826 /* unsigned long ls_req_found = 0; */
1827
1828 /* Dis-assemble the stream, update each entry, re-encapsulate for
1829 * flooding */
1830
1831 /* Increment statistics. */
1832 oi->ls_upd_in++;
1833
1834 /* Check neighbor. */
1835 nbr = ospf_nbr_lookup(oi, iph, ospfh);
1836 if (nbr == NULL) {
1837 flog_warn(EC_OSPF_PACKET,
1838 "Link State Update: Unknown Neighbor %s on int: %s",
1839 inet_ntoa(ospfh->router_id), IF_NAME(oi));
1840 return;
1841 }
1842
1843 /* Add event to thread. */
1844 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_PacketReceived);
1845
1846 /* Check neighbor state. */
1847 if (nbr->state < NSM_Exchange) {
1848 if (IS_DEBUG_OSPF(nsm, NSM_EVENTS))
1849 zlog_debug(
1850 "Link State Update: "
1851 "Neighbor[%s] state %s is less than Exchange",
1852 inet_ntoa(ospfh->router_id),
1853 lookup_msg(ospf_nsm_state_msg, nbr->state,
1854 NULL));
1855 return;
1856 }
1857
1858 /* Get list of LSAs from Link State Update packet. - Also perorms Stages
1859 * 1 (validate LSA checksum) and 2 (check for LSA consistent type)
1860 * of section 13.
1861 */
1862 lsas = ospf_ls_upd_list_lsa(nbr, s, oi, size);
1863
1864 if (lsas == NULL)
1865 return;
1866 #define DISCARD_LSA(L, N) \
1867 { \
1868 if (IS_DEBUG_OSPF_EVENT) \
1869 zlog_debug( \
1870 "ospf_lsa_discard() in ospf_ls_upd() point %d: lsa %p" \
1871 " Type-%d", \
1872 N, (void *)lsa, (int)lsa->data->type); \
1873 ospf_lsa_discard(L); \
1874 continue; \
1875 }
1876
1877 /* Process each LSA received in the one packet.
1878 *
1879 * Numbers in parentheses, e.g. (1), (2), etc., and the corresponding
1880 * text below are from the steps in RFC 2328, Section 13.
1881 */
1882 for (ALL_LIST_ELEMENTS(lsas, node, nnode, lsa)) {
1883 struct ospf_lsa *ls_ret, *current;
1884 int ret = 1;
1885
1886 if (IS_DEBUG_OSPF_NSSA) {
1887 char buf1[INET_ADDRSTRLEN];
1888 char buf2[INET_ADDRSTRLEN];
1889 char buf3[INET_ADDRSTRLEN];
1890
1891 zlog_debug("LSA Type-%d from %s, ID: %s, ADV: %s",
1892 lsa->data->type,
1893 inet_ntop(AF_INET, &ospfh->router_id, buf1,
1894 INET_ADDRSTRLEN),
1895 inet_ntop(AF_INET, &lsa->data->id, buf2,
1896 INET_ADDRSTRLEN),
1897 inet_ntop(AF_INET, &lsa->data->adv_router,
1898 buf3, INET_ADDRSTRLEN));
1899 }
1900
1901 listnode_delete(lsas,
1902 lsa); /* We don't need it in list anymore */
1903
1904 /* (1) Validate Checksum - Done above by ospf_ls_upd_list_lsa()
1905 */
1906
1907 /* (2) LSA Type - Done above by ospf_ls_upd_list_lsa() */
1908
1909 /* (3) Do not take in AS External LSAs if we are a stub or NSSA.
1910 */
1911
1912 /* Do not take in AS NSSA if this neighbor and we are not NSSA
1913 */
1914
1915 /* Do take in Type-7's if we are an NSSA */
1916
1917 /* If we are also an ABR, later translate them to a Type-5
1918 * packet */
1919
1920 /* Later, an NSSA Re-fresh can Re-fresh Type-7's and an ABR will
1921 translate them to a separate Type-5 packet. */
1922
1923 if (lsa->data->type == OSPF_AS_EXTERNAL_LSA)
1924 /* Reject from STUB or NSSA */
1925 if (nbr->oi->area->external_routing
1926 != OSPF_AREA_DEFAULT) {
1927 if (IS_DEBUG_OSPF_NSSA)
1928 zlog_debug(
1929 "Incoming External LSA Discarded: We are NSSA/STUB Area");
1930 DISCARD_LSA(lsa, 1);
1931 }
1932
1933 if (lsa->data->type == OSPF_AS_NSSA_LSA)
1934 if (nbr->oi->area->external_routing != OSPF_AREA_NSSA) {
1935 if (IS_DEBUG_OSPF_NSSA)
1936 zlog_debug(
1937 "Incoming NSSA LSA Discarded: Not NSSA Area");
1938 DISCARD_LSA(lsa, 2);
1939 }
1940
1941 /* VU229804: Router-LSA Adv-ID must be equal to LS-ID */
1942 if (lsa->data->type == OSPF_ROUTER_LSA)
1943 if (!IPV4_ADDR_SAME(&lsa->data->id,
1944 &lsa->data->adv_router)) {
1945 char buf1[INET_ADDRSTRLEN];
1946 char buf2[INET_ADDRSTRLEN];
1947 char buf3[INET_ADDRSTRLEN];
1948
1949 flog_err(EC_OSPF_ROUTER_LSA_MISMATCH,
1950 "Incoming Router-LSA from %s with "
1951 "Adv-ID[%s] != LS-ID[%s]",
1952 inet_ntop(AF_INET, &ospfh->router_id,
1953 buf1, INET_ADDRSTRLEN),
1954 inet_ntop(AF_INET, &lsa->data->id,
1955 buf2, INET_ADDRSTRLEN),
1956 inet_ntop(AF_INET,
1957 &lsa->data->adv_router, buf3,
1958 INET_ADDRSTRLEN));
1959 flog_err(
1960 EC_OSPF_DOMAIN_CORRUPT,
1961 "OSPF domain compromised by attack or corruption. "
1962 "Verify correct operation of -ALL- OSPF routers.");
1963 DISCARD_LSA(lsa, 0);
1964 }
1965
1966 /* Find the LSA in the current database. */
1967
1968 current = ospf_lsa_lookup_by_header(oi->area, lsa->data);
1969
1970 /* (4) If the LSA's LS age is equal to MaxAge, and there is
1971 currently
1972 no instance of the LSA in the router's link state database,
1973 and none of router's neighbors are in states Exchange or
1974 Loading,
1975 then take the following actions: */
1976
1977 if (IS_LSA_MAXAGE(lsa) && !current
1978 && ospf_check_nbr_status(oi->ospf)) {
1979 /* (4a) Response Link State Acknowledgment. */
1980 ospf_ls_ack_send(nbr, lsa);
1981
1982 /* (4b) Discard LSA. */
1983 if (IS_DEBUG_OSPF(lsa, LSA)) {
1984 zlog_debug(
1985 "Link State Update[%s]: LS age is equal to MaxAge.",
1986 dump_lsa_key(lsa));
1987 }
1988 DISCARD_LSA(lsa, 3);
1989 }
1990
1991 if (IS_OPAQUE_LSA(lsa->data->type)
1992 && IPV4_ADDR_SAME(&lsa->data->adv_router,
1993 &oi->ospf->router_id)) {
1994 /*
1995 * Even if initial flushing seems to be completed, there
1996 * might
1997 * be a case that self-originated LSA with MaxAge still
1998 * remain
1999 * in the routing domain.
2000 * Just send an LSAck message to cease retransmission.
2001 */
2002 if (IS_LSA_MAXAGE(lsa)) {
2003 zlog_info("LSA[%s]: Boomerang effect?",
2004 dump_lsa_key(lsa));
2005 ospf_ls_ack_send(nbr, lsa);
2006 ospf_lsa_discard(lsa);
2007
2008 if (current != NULL && !IS_LSA_MAXAGE(current))
2009 ospf_opaque_lsa_refresh_schedule(
2010 current);
2011 continue;
2012 }
2013
2014 /*
2015 * If an instance of self-originated Opaque-LSA is not
2016 * found
2017 * in the LSDB, there are some possible cases here.
2018 *
2019 * 1) This node lost opaque-capability after restart.
2020 * 2) Else, a part of opaque-type is no more supported.
2021 * 3) Else, a part of opaque-id is no more supported.
2022 *
2023 * Anyway, it is still this node's responsibility to
2024 * flush it.
2025 * Otherwise, the LSA instance remains in the routing
2026 * domain
2027 * until its age reaches to MaxAge.
2028 */
2029 /* XXX: We should deal with this for *ALL* LSAs, not
2030 * just opaque */
2031 if (current == NULL) {
2032 if (IS_DEBUG_OSPF_EVENT)
2033 zlog_debug(
2034 "LSA[%s]: Previously originated Opaque-LSA,"
2035 "not found in the LSDB.",
2036 dump_lsa_key(lsa));
2037
2038 SET_FLAG(lsa->flags, OSPF_LSA_SELF);
2039
2040 ospf_opaque_self_originated_lsa_received(nbr,
2041 lsa);
2042 ospf_ls_ack_send(nbr, lsa);
2043
2044 continue;
2045 }
2046 }
2047
2048 /* It might be happen that received LSA is self-originated
2049 * network LSA, but
2050 * router ID is changed. So, we should check if LSA is a
2051 * network-LSA whose
2052 * Link State ID is one of the router's own IP interface
2053 * addresses but whose
2054 * Advertising Router is not equal to the router's own Router ID
2055 * According to RFC 2328 12.4.2 and 13.4 this LSA should be
2056 * flushed.
2057 */
2058
2059 if (lsa->data->type == OSPF_NETWORK_LSA) {
2060 struct listnode *oinode, *oinnode;
2061 struct ospf_interface *out_if;
2062 int Flag = 0;
2063
2064 for (ALL_LIST_ELEMENTS(oi->ospf->oiflist, oinode,
2065 oinnode, out_if)) {
2066 if (out_if == NULL)
2067 break;
2068
2069 if ((IPV4_ADDR_SAME(&out_if->address->u.prefix4,
2070 &lsa->data->id))
2071 && (!(IPV4_ADDR_SAME(
2072 &oi->ospf->router_id,
2073 &lsa->data->adv_router)))) {
2074 if (out_if->network_lsa_self) {
2075 ospf_lsa_flush_area(
2076 lsa, out_if->area);
2077 if (IS_DEBUG_OSPF_EVENT)
2078 zlog_debug(
2079 "ospf_lsa_discard() in ospf_ls_upd() point 9: lsa %p Type-%d",
2080 (void *)lsa,
2081 (int)lsa->data
2082 ->type);
2083 ospf_lsa_discard(lsa);
2084 Flag = 1;
2085 }
2086 break;
2087 }
2088 }
2089 if (Flag)
2090 continue;
2091 }
2092
2093 /* (5) Find the instance of this LSA that is currently contained
2094 in the router's link state database. If there is no
2095 database copy, or the received LSA is more recent than
2096 the database copy the following steps must be performed.
2097 (The sub steps from RFC 2328 section 13 step (5) will be
2098 performed in
2099 ospf_flood() ) */
2100
2101 if (current == NULL
2102 || (ret = ospf_lsa_more_recent(current, lsa)) < 0) {
2103 /* CVE-2017-3224 */
2104 if (current && (lsa->data->ls_seqnum ==
2105 htonl(OSPF_MAX_SEQUENCE_NUMBER)
2106 && !IS_LSA_MAXAGE(lsa))) {
2107 zlog_debug(
2108 "Link State Update[%s]: has Max Seq but not MaxAge. Dropping it",
2109 dump_lsa_key(lsa));
2110
2111 DISCARD_LSA(lsa, 4);
2112 }
2113
2114 /* Actual flooding procedure. */
2115 if (ospf_flood(oi->ospf, nbr, current, lsa)
2116 < 0) /* Trap NSSA later. */
2117 DISCARD_LSA(lsa, 5);
2118 continue;
2119 }
2120
2121 /* (6) Else, If there is an instance of the LSA on the sending
2122 neighbor's Link state request list, an error has occurred in
2123 the Database Exchange process. In this case, restart the
2124 Database Exchange process by generating the neighbor event
2125 BadLSReq for the sending neighbor and stop processing the
2126 Link State Update packet. */
2127
2128 if (ospf_ls_request_lookup(nbr, lsa)) {
2129 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_BadLSReq);
2130 flog_warn(
2131 EC_OSPF_PACKET,
2132 "LSA[%s] instance exists on Link state request list",
2133 dump_lsa_key(lsa));
2134
2135 /* Clean list of LSAs. */
2136 ospf_upd_list_clean(lsas);
2137 /* this lsa is not on lsas list already. */
2138 ospf_lsa_discard(lsa);
2139 return;
2140 }
2141
2142 /* If the received LSA is the same instance as the database copy
2143 (i.e., neither one is more recent) the following two steps
2144 should be performed: */
2145
2146 if (ret == 0) {
2147 /* If the LSA is listed in the Link state retransmission
2148 list
2149 for the receiving adjacency, the router itself is
2150 expecting
2151 an acknowledgment for this LSA. The router should
2152 treat the
2153 received LSA as an acknowledgment by removing the LSA
2154 from
2155 the Link state retransmission list. This is termed
2156 an
2157 "implied acknowledgment". */
2158
2159 ls_ret = ospf_ls_retransmit_lookup(nbr, lsa);
2160
2161 if (ls_ret != NULL) {
2162 ospf_ls_retransmit_delete(nbr, ls_ret);
2163
2164 /* Delayed acknowledgment sent if advertisement
2165 received
2166 from Designated Router, otherwise do nothing.
2167 */
2168 if (oi->state == ISM_Backup)
2169 if (NBR_IS_DR(nbr))
2170 listnode_add(
2171 oi->ls_ack,
2172 ospf_lsa_lock(lsa));
2173
2174 DISCARD_LSA(lsa, 6);
2175 } else
2176 /* Acknowledge the receipt of the LSA by sending a
2177 Link State Acknowledgment packet back out the
2178 receiving
2179 interface. */
2180 {
2181 ospf_ls_ack_send(nbr, lsa);
2182 DISCARD_LSA(lsa, 7);
2183 }
2184 }
2185
2186 /* The database copy is more recent. If the database copy
2187 has LS age equal to MaxAge and LS sequence number equal to
2188 MaxSequenceNumber, simply discard the received LSA without
2189 acknowledging it. (In this case, the LSA's LS sequence number
2190 is
2191 wrapping, and the MaxSequenceNumber LSA must be completely
2192 flushed before any new LSA instance can be introduced). */
2193
2194 else if (ret > 0) /* Database copy is more recent */
2195 {
2196 if (IS_LSA_MAXAGE(current)
2197 && current->data->ls_seqnum
2198 == htonl(OSPF_MAX_SEQUENCE_NUMBER)) {
2199 DISCARD_LSA(lsa, 8);
2200 }
2201 /* Otherwise, as long as the database copy has not been
2202 sent in a
2203 Link State Update within the last MinLSArrival
2204 seconds, send the
2205 database copy back to the sending neighbor,
2206 encapsulated within
2207 a Link State Update Packet. The Link State Update
2208 Packet should
2209 be sent directly to the neighbor. In so doing, do not
2210 put the
2211 database copy of the LSA on the neighbor's link state
2212 retransmission list, and do not acknowledge the
2213 received (less
2214 recent) LSA instance. */
2215 else {
2216 if (monotime_since(&current->tv_orig, NULL)
2217 >= ospf->min_ls_arrival * 1000LL)
2218 /* Trap NSSA type later.*/
2219 ospf_ls_upd_send_lsa(
2220 nbr, current,
2221 OSPF_SEND_PACKET_DIRECT);
2222 DISCARD_LSA(lsa, 9);
2223 }
2224 }
2225 }
2226 #undef DISCARD_LSA
2227
2228 assert(listcount(lsas) == 0);
2229 list_delete(&lsas);
2230 }
2231
2232 /* OSPF Link State Acknowledgment message read -- RFC2328 Section 13.7. */
2233 static void ospf_ls_ack(struct ip *iph, struct ospf_header *ospfh,
2234 struct stream *s, struct ospf_interface *oi,
2235 uint16_t size)
2236 {
2237 struct ospf_neighbor *nbr;
2238
2239 /* increment statistics. */
2240 oi->ls_ack_in++;
2241
2242 nbr = ospf_nbr_lookup(oi, iph, ospfh);
2243 if (nbr == NULL) {
2244 flog_warn(EC_OSPF_PACKET,
2245 "Link State Acknowledgment: Unknown Neighbor %s.",
2246 inet_ntoa(ospfh->router_id));
2247 return;
2248 }
2249
2250 /* Add event to thread. */
2251 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_PacketReceived);
2252
2253 if (nbr->state < NSM_Exchange) {
2254 if (IS_DEBUG_OSPF(nsm, NSM_EVENTS))
2255 zlog_debug(
2256 "Link State Acknowledgment: "
2257 "Neighbor[%s] state %s is less than Exchange",
2258 inet_ntoa(ospfh->router_id),
2259 lookup_msg(ospf_nsm_state_msg, nbr->state,
2260 NULL));
2261 return;
2262 }
2263
2264 while (size >= OSPF_LSA_HEADER_SIZE) {
2265 struct ospf_lsa *lsa, *lsr;
2266
2267 lsa = ospf_lsa_new();
2268 lsa->data = (struct lsa_header *)stream_pnt(s);
2269 lsa->vrf_id = oi->ospf->vrf_id;
2270
2271 /* lsah = (struct lsa_header *) stream_pnt (s); */
2272 size -= OSPF_LSA_HEADER_SIZE;
2273 stream_forward_getp(s, OSPF_LSA_HEADER_SIZE);
2274
2275 if (lsa->data->type < OSPF_MIN_LSA
2276 || lsa->data->type >= OSPF_MAX_LSA) {
2277 lsa->data = NULL;
2278 ospf_lsa_discard(lsa);
2279 continue;
2280 }
2281
2282 lsr = ospf_ls_retransmit_lookup(nbr, lsa);
2283
2284 if (lsr != NULL && ospf_lsa_more_recent(lsr, lsa) == 0)
2285 ospf_ls_retransmit_delete(nbr, lsr);
2286
2287 lsa->data = NULL;
2288 ospf_lsa_discard(lsa);
2289 }
2290
2291 return;
2292 }
2293
2294 static struct stream *ospf_recv_packet(struct ospf *ospf, int fd,
2295 struct interface **ifp,
2296 struct stream *ibuf)
2297 {
2298 int ret;
2299 struct ip *iph;
2300 uint16_t ip_len;
2301 ifindex_t ifindex = 0;
2302 struct iovec iov;
2303 /* Header and data both require alignment. */
2304 char buff[CMSG_SPACE(SOPT_SIZE_CMSG_IFINDEX_IPV4())];
2305 struct msghdr msgh;
2306
2307 memset(&msgh, 0, sizeof(struct msghdr));
2308 msgh.msg_iov = &iov;
2309 msgh.msg_iovlen = 1;
2310 msgh.msg_control = (caddr_t)buff;
2311 msgh.msg_controllen = sizeof(buff);
2312
2313 ret = stream_recvmsg(ibuf, fd, &msgh, MSG_DONTWAIT,
2314 OSPF_MAX_PACKET_SIZE + 1);
2315 if (ret < 0) {
2316 if (errno != EAGAIN && errno != EWOULDBLOCK)
2317 flog_warn(EC_OSPF_PACKET, "stream_recvmsg failed: %s",
2318 safe_strerror(errno));
2319 return NULL;
2320 }
2321 if ((unsigned int)ret < sizeof(struct ip)) {
2322 flog_warn(
2323 EC_OSPF_PACKET,
2324 "ospf_recv_packet: discarding runt packet of length %d "
2325 "(ip header size is %u)",
2326 ret, (unsigned int)sizeof(iph));
2327 return NULL;
2328 }
2329
2330 /* Note that there should not be alignment problems with this assignment
2331 because this is at the beginning of the stream data buffer. */
2332 iph = (struct ip *)STREAM_DATA(ibuf);
2333 sockopt_iphdrincl_swab_systoh(iph);
2334
2335 ip_len = iph->ip_len;
2336
2337 #if !defined(GNU_LINUX) && (OpenBSD < 200311) && (__FreeBSD_version < 1000000)
2338 /*
2339 * Kernel network code touches incoming IP header parameters,
2340 * before protocol specific processing.
2341 *
2342 * 1) Convert byteorder to host representation.
2343 * --> ip_len, ip_id, ip_off
2344 *
2345 * 2) Adjust ip_len to strip IP header size!
2346 * --> If user process receives entire IP packet via RAW
2347 * socket, it must consider adding IP header size to
2348 * the "ip_len" field of "ip" structure.
2349 *
2350 * For more details, see <netinet/ip_input.c>.
2351 */
2352 ip_len = ip_len + (iph->ip_hl << 2);
2353 #endif
2354
2355 #if defined(__DragonFly__)
2356 /*
2357 * in DragonFly's raw socket, ip_len/ip_off are read
2358 * in network byte order.
2359 * As OpenBSD < 200311 adjust ip_len to strip IP header size!
2360 */
2361 ip_len = ntohs(iph->ip_len) + (iph->ip_hl << 2);
2362 #endif
2363
2364 ifindex = getsockopt_ifindex(AF_INET, &msgh);
2365
2366 *ifp = if_lookup_by_index(ifindex, ospf->vrf_id);
2367
2368 if (ret != ip_len) {
2369 flog_warn(
2370 EC_OSPF_PACKET,
2371 "ospf_recv_packet read length mismatch: ip_len is %d, "
2372 "but recvmsg returned %d",
2373 ip_len, ret);
2374 return NULL;
2375 }
2376
2377 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2378 zlog_debug("%s: fd %d(%s) on interface %d(%s)",
2379 __PRETTY_FUNCTION__, fd, ospf_get_name(ospf),
2380 ifindex, *ifp ? (*ifp)->name : "Unknown");
2381 return ibuf;
2382 }
2383
2384 static struct ospf_interface *
2385 ospf_associate_packet_vl(struct ospf *ospf, struct interface *ifp,
2386 struct ip *iph, struct ospf_header *ospfh)
2387 {
2388 struct ospf_interface *rcv_oi;
2389 struct ospf_vl_data *vl_data;
2390 struct ospf_area *vl_area;
2391 struct listnode *node;
2392
2393 if (IN_MULTICAST(ntohl(iph->ip_dst.s_addr))
2394 || !OSPF_IS_AREA_BACKBONE(ospfh))
2395 return NULL;
2396
2397 /* look for local OSPF interface matching the destination
2398 * to determine Area ID. We presume therefore the destination address
2399 * is unique, or at least (for "unnumbered" links), not used in other
2400 * areas
2401 */
2402 if ((rcv_oi = ospf_if_lookup_by_local_addr(ospf, NULL, iph->ip_dst))
2403 == NULL)
2404 return NULL;
2405
2406 for (ALL_LIST_ELEMENTS_RO(ospf->vlinks, node, vl_data)) {
2407 vl_area =
2408 ospf_area_lookup_by_area_id(ospf, vl_data->vl_area_id);
2409 if (!vl_area)
2410 continue;
2411
2412 if (OSPF_AREA_SAME(&vl_area, &rcv_oi->area)
2413 && IPV4_ADDR_SAME(&vl_data->vl_peer, &ospfh->router_id)) {
2414 if (IS_DEBUG_OSPF_EVENT)
2415 zlog_debug("associating packet with %s",
2416 IF_NAME(vl_data->vl_oi));
2417 if (!CHECK_FLAG(vl_data->vl_oi->ifp->flags, IFF_UP)) {
2418 if (IS_DEBUG_OSPF_EVENT)
2419 zlog_debug(
2420 "This VL is not up yet, sorry");
2421 return NULL;
2422 }
2423
2424 return vl_data->vl_oi;
2425 }
2426 }
2427
2428 if (IS_DEBUG_OSPF_EVENT)
2429 zlog_debug("couldn't find any VL to associate the packet with");
2430
2431 return NULL;
2432 }
2433
2434 static int ospf_check_area_id(struct ospf_interface *oi,
2435 struct ospf_header *ospfh)
2436 {
2437 /* Check match the Area ID of the receiving interface. */
2438 if (OSPF_AREA_SAME(&oi->area, &ospfh))
2439 return 1;
2440
2441 return 0;
2442 }
2443
2444 /* Unbound socket will accept any Raw IP packets if proto is matched.
2445 To prevent it, compare src IP address and i/f address with masking
2446 i/f network mask. */
2447 static int ospf_check_network_mask(struct ospf_interface *oi,
2448 struct in_addr ip_src)
2449 {
2450 struct in_addr mask, me, him;
2451
2452 if (oi->type == OSPF_IFTYPE_POINTOPOINT
2453 || oi->type == OSPF_IFTYPE_VIRTUALLINK)
2454 return 1;
2455
2456 masklen2ip(oi->address->prefixlen, &mask);
2457
2458 me.s_addr = oi->address->u.prefix4.s_addr & mask.s_addr;
2459 him.s_addr = ip_src.s_addr & mask.s_addr;
2460
2461 if (IPV4_ADDR_SAME(&me, &him))
2462 return 1;
2463
2464 return 0;
2465 }
2466
2467 /* Return 1, if the packet is properly authenticated and checksummed,
2468 0 otherwise. In particular, check that AuType header field is valid and
2469 matches the locally configured AuType, and that D.5 requirements are met. */
2470 static int ospf_check_auth(struct ospf_interface *oi, struct ospf_header *ospfh)
2471 {
2472 struct crypt_key *ck;
2473 uint16_t iface_auth_type;
2474 uint16_t pkt_auth_type = ntohs(ospfh->auth_type);
2475
2476 switch (pkt_auth_type) {
2477 case OSPF_AUTH_NULL: /* RFC2328 D.5.1 */
2478 if (OSPF_AUTH_NULL != (iface_auth_type = ospf_auth_type(oi))) {
2479 if (IS_DEBUG_OSPF_PACKET(ospfh->type - 1, RECV))
2480 flog_warn(
2481 EC_OSPF_PACKET,
2482 "interface %s: auth-type mismatch, local %s, rcvd Null",
2483 IF_NAME(oi),
2484 lookup_msg(ospf_auth_type_str,
2485 iface_auth_type, NULL));
2486 return 0;
2487 }
2488 if (!ospf_check_sum(ospfh)) {
2489 if (IS_DEBUG_OSPF_PACKET(ospfh->type - 1, RECV))
2490 flog_warn(
2491 EC_OSPF_PACKET,
2492 "interface %s: Null auth OK, but checksum error, Router-ID %s",
2493 IF_NAME(oi),
2494 inet_ntoa(ospfh->router_id));
2495 return 0;
2496 }
2497 return 1;
2498 case OSPF_AUTH_SIMPLE: /* RFC2328 D.5.2 */
2499 if (OSPF_AUTH_SIMPLE
2500 != (iface_auth_type = ospf_auth_type(oi))) {
2501 if (IS_DEBUG_OSPF_PACKET(ospfh->type - 1, RECV))
2502 flog_warn(
2503 EC_OSPF_PACKET,
2504 "interface %s: auth-type mismatch, local %s, rcvd Simple",
2505 IF_NAME(oi),
2506 lookup_msg(ospf_auth_type_str,
2507 iface_auth_type, NULL));
2508 return 0;
2509 }
2510 if (memcmp(OSPF_IF_PARAM(oi, auth_simple), ospfh->u.auth_data,
2511 OSPF_AUTH_SIMPLE_SIZE)) {
2512 if (IS_DEBUG_OSPF_PACKET(ospfh->type - 1, RECV))
2513 flog_warn(EC_OSPF_PACKET,
2514 "interface %s: Simple auth failed",
2515 IF_NAME(oi));
2516 return 0;
2517 }
2518 if (!ospf_check_sum(ospfh)) {
2519 if (IS_DEBUG_OSPF_PACKET(ospfh->type - 1, RECV))
2520 flog_warn(
2521 EC_OSPF_PACKET,
2522 "interface %s: Simple auth OK, checksum error, Router-ID %s",
2523 IF_NAME(oi),
2524 inet_ntoa(ospfh->router_id));
2525 return 0;
2526 }
2527 return 1;
2528 case OSPF_AUTH_CRYPTOGRAPHIC: /* RFC2328 D.5.3 */
2529 if (OSPF_AUTH_CRYPTOGRAPHIC
2530 != (iface_auth_type = ospf_auth_type(oi))) {
2531 if (IS_DEBUG_OSPF_PACKET(ospfh->type - 1, RECV))
2532 flog_warn(
2533 EC_OSPF_PACKET,
2534 "interface %s: auth-type mismatch, local %s, rcvd Cryptographic",
2535 IF_NAME(oi),
2536 lookup_msg(ospf_auth_type_str,
2537 iface_auth_type, NULL));
2538 return 0;
2539 }
2540 if (ospfh->checksum) {
2541 if (IS_DEBUG_OSPF_PACKET(ospfh->type - 1, RECV))
2542 flog_warn(
2543 EC_OSPF_PACKET,
2544 "interface %s: OSPF header checksum is not 0",
2545 IF_NAME(oi));
2546 return 0;
2547 }
2548 /* only MD5 crypto method can pass ospf_packet_examin() */
2549 if (NULL == (ck = listgetdata(
2550 listtail(OSPF_IF_PARAM(oi, auth_crypt))))
2551 || ospfh->u.crypt.key_id != ck->key_id ||
2552 /* Condition above uses the last key ID on the list,
2553 which is
2554 different from what ospf_crypt_key_lookup() does. A
2555 bug? */
2556 !ospf_check_md5_digest(oi, ospfh)) {
2557 if (IS_DEBUG_OSPF_PACKET(ospfh->type - 1, RECV))
2558 flog_warn(EC_OSPF_MD5,
2559 "interface %s: MD5 auth failed",
2560 IF_NAME(oi));
2561 return 0;
2562 }
2563 return 1;
2564 default:
2565 if (IS_DEBUG_OSPF_PACKET(ospfh->type - 1, RECV))
2566 flog_warn(
2567 EC_OSPF_PACKET,
2568 "interface %s: invalid packet auth-type (%02x)",
2569 IF_NAME(oi), pkt_auth_type);
2570 return 0;
2571 }
2572 }
2573
2574 static int ospf_check_sum(struct ospf_header *ospfh)
2575 {
2576 uint32_t ret;
2577 uint16_t sum;
2578
2579 /* clear auth_data for checksum. */
2580 memset(ospfh->u.auth_data, 0, OSPF_AUTH_SIMPLE_SIZE);
2581
2582 /* keep checksum and clear. */
2583 sum = ospfh->checksum;
2584 memset(&ospfh->checksum, 0, sizeof(uint16_t));
2585
2586 /* calculate checksum. */
2587 ret = in_cksum(ospfh, ntohs(ospfh->length));
2588
2589 if (ret != sum) {
2590 zlog_info("ospf_check_sum(): checksum mismatch, my %X, his %X",
2591 ret, sum);
2592 return 0;
2593 }
2594
2595 return 1;
2596 }
2597
2598 /* Verify, that given link/TOS records are properly sized/aligned and match
2599 Router-LSA "# links" and "# TOS" fields as specified in RFC2328 A.4.2. */
2600 static unsigned ospf_router_lsa_links_examin(struct router_lsa_link *link,
2601 uint16_t linkbytes,
2602 const uint16_t num_links)
2603 {
2604 unsigned counted_links = 0, thislinklen;
2605
2606 while (linkbytes) {
2607 thislinklen =
2608 OSPF_ROUTER_LSA_LINK_SIZE + 4 * link->m[0].tos_count;
2609 if (thislinklen > linkbytes) {
2610 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2611 zlog_debug("%s: length error in link block #%u",
2612 __func__, counted_links);
2613 return MSG_NG;
2614 }
2615 link = (struct router_lsa_link *)((caddr_t)link + thislinklen);
2616 linkbytes -= thislinklen;
2617 counted_links++;
2618 }
2619 if (counted_links != num_links) {
2620 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2621 zlog_debug("%s: %u link blocks declared, %u present",
2622 __func__, num_links, counted_links);
2623 return MSG_NG;
2624 }
2625 return MSG_OK;
2626 }
2627
2628 /* Verify, that the given LSA is properly sized/aligned (including type-specific
2629 minimum length constraint). */
2630 static unsigned ospf_lsa_examin(struct lsa_header *lsah, const uint16_t lsalen,
2631 const uint8_t headeronly)
2632 {
2633 unsigned ret;
2634 struct router_lsa *rlsa;
2635 if (lsah->type < OSPF_MAX_LSA && ospf_lsa_minlen[lsah->type]
2636 && lsalen < OSPF_LSA_HEADER_SIZE + ospf_lsa_minlen[lsah->type]) {
2637 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2638 zlog_debug("%s: undersized (%u B) %s", __func__, lsalen,
2639 lookup_msg(ospf_lsa_type_msg, lsah->type,
2640 NULL));
2641 return MSG_NG;
2642 }
2643 switch (lsah->type) {
2644 case OSPF_ROUTER_LSA:
2645 /* RFC2328 A.4.2, LSA header + 4 bytes followed by N>=1
2646 * (12+)-byte link blocks */
2647 if (headeronly) {
2648 ret = (lsalen - OSPF_LSA_HEADER_SIZE
2649 - OSPF_ROUTER_LSA_MIN_SIZE)
2650 % 4
2651 ? MSG_NG
2652 : MSG_OK;
2653 break;
2654 }
2655 rlsa = (struct router_lsa *)lsah;
2656 ret = ospf_router_lsa_links_examin(
2657 (struct router_lsa_link *)rlsa->link,
2658 lsalen - OSPF_LSA_HEADER_SIZE - 4, /* skip: basic
2659 header, "flags",
2660 0, "# links" */
2661 ntohs(rlsa->links) /* 16 bits */
2662 );
2663 break;
2664 case OSPF_AS_EXTERNAL_LSA:
2665 /* RFC2328 A.4.5, LSA header + 4 bytes followed by N>=1 12-bytes long
2666 * blocks */
2667 case OSPF_AS_NSSA_LSA:
2668 /* RFC3101 C, idem */
2669 ret = (lsalen - OSPF_LSA_HEADER_SIZE
2670 - OSPF_AS_EXTERNAL_LSA_MIN_SIZE)
2671 % 12
2672 ? MSG_NG
2673 : MSG_OK;
2674 break;
2675 /* Following LSA types are considered OK length-wise as soon as their
2676 * minimum
2677 * length constraint is met and length of the whole LSA is a multiple of
2678 * 4
2679 * (basic LSA header size is already a multiple of 4). */
2680 case OSPF_NETWORK_LSA:
2681 /* RFC2328 A.4.3, LSA header + 4 bytes followed by N>=1 router-IDs */
2682 case OSPF_SUMMARY_LSA:
2683 case OSPF_ASBR_SUMMARY_LSA:
2684 /* RFC2328 A.4.4, LSA header + 4 bytes followed by N>=1 4-bytes TOS
2685 * blocks */
2686 case OSPF_OPAQUE_LINK_LSA:
2687 case OSPF_OPAQUE_AREA_LSA:
2688 case OSPF_OPAQUE_AS_LSA:
2689 /* RFC5250 A.2, "some number of octets (of application-specific
2690 * data) padded to 32-bit alignment." This is considered
2691 * equivalent
2692 * to 4-byte alignment of all other LSA types, see
2693 * OSPF-ALIGNMENT.txt
2694 * file for the detailed analysis of this passage. */
2695 ret = lsalen % 4 ? MSG_NG : MSG_OK;
2696 break;
2697 default:
2698 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2699 zlog_debug("%s: unsupported LSA type 0x%02x", __func__,
2700 lsah->type);
2701 return MSG_NG;
2702 }
2703 if (ret != MSG_OK && IS_DEBUG_OSPF_PACKET(0, RECV))
2704 zlog_debug("%s: alignment error in %s", __func__,
2705 lookup_msg(ospf_lsa_type_msg, lsah->type, NULL));
2706 return ret;
2707 }
2708
2709 /* Verify if the provided input buffer is a valid sequence of LSAs. This
2710 includes verification of LSA blocks length/alignment and dispatching
2711 of deeper-level checks. */
2712 static unsigned
2713 ospf_lsaseq_examin(struct lsa_header *lsah, /* start of buffered data */
2714 size_t length, const uint8_t headeronly,
2715 /* When declared_num_lsas is not 0, compare it to the real
2716 number of LSAs
2717 and treat the difference as an error. */
2718 const uint32_t declared_num_lsas)
2719 {
2720 uint32_t counted_lsas = 0;
2721
2722 while (length) {
2723 uint16_t lsalen;
2724 if (length < OSPF_LSA_HEADER_SIZE) {
2725 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2726 zlog_debug(
2727 "%s: undersized (%zu B) trailing (#%u) LSA header",
2728 __func__, length, counted_lsas);
2729 return MSG_NG;
2730 }
2731 /* save on ntohs() calls here and in the LSA validator */
2732 lsalen = ntohs(lsah->length);
2733 if (lsalen < OSPF_LSA_HEADER_SIZE) {
2734 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2735 zlog_debug(
2736 "%s: malformed LSA header #%u, declared length is %u B",
2737 __func__, counted_lsas, lsalen);
2738 return MSG_NG;
2739 }
2740 if (headeronly) {
2741 /* less checks here and in ospf_lsa_examin() */
2742 if (MSG_OK != ospf_lsa_examin(lsah, lsalen, 1)) {
2743 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2744 zlog_debug(
2745 "%s: malformed header-only LSA #%u",
2746 __func__, counted_lsas);
2747 return MSG_NG;
2748 }
2749 lsah = (struct lsa_header *)((caddr_t)lsah
2750 + OSPF_LSA_HEADER_SIZE);
2751 length -= OSPF_LSA_HEADER_SIZE;
2752 } else {
2753 /* make sure the input buffer is deep enough before
2754 * further checks */
2755 if (lsalen > length) {
2756 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2757 zlog_debug(
2758 "%s: anomaly in LSA #%u: declared length is %u B, buffered length is %zu B",
2759 __func__, counted_lsas, lsalen,
2760 length);
2761 return MSG_NG;
2762 }
2763 if (MSG_OK != ospf_lsa_examin(lsah, lsalen, 0)) {
2764 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2765 zlog_debug("%s: malformed LSA #%u",
2766 __func__, counted_lsas);
2767 return MSG_NG;
2768 }
2769 lsah = (struct lsa_header *)((caddr_t)lsah + lsalen);
2770 length -= lsalen;
2771 }
2772 counted_lsas++;
2773 }
2774
2775 if (declared_num_lsas && counted_lsas != declared_num_lsas) {
2776 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2777 zlog_debug(
2778 "%s: #LSAs declared (%u) does not match actual (%u)",
2779 __func__, declared_num_lsas, counted_lsas);
2780 return MSG_NG;
2781 }
2782 return MSG_OK;
2783 }
2784
2785 /* Verify a complete OSPF packet for proper sizing/alignment. */
2786 static unsigned ospf_packet_examin(struct ospf_header *oh,
2787 const unsigned bytesonwire)
2788 {
2789 uint16_t bytesdeclared, bytesauth;
2790 unsigned ret;
2791 struct ospf_ls_update *lsupd;
2792
2793 /* Length, 1st approximation. */
2794 if (bytesonwire < OSPF_HEADER_SIZE) {
2795 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2796 zlog_debug("%s: undersized (%u B) packet", __func__,
2797 bytesonwire);
2798 return MSG_NG;
2799 }
2800 /* Now it is safe to access header fields. Performing length check,
2801 * allow
2802 * for possible extra bytes of crypto auth/padding, which are not
2803 * counted
2804 * in the OSPF header "length" field. */
2805 if (oh->version != OSPF_VERSION) {
2806 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2807 zlog_debug("%s: invalid (%u) protocol version",
2808 __func__, oh->version);
2809 return MSG_NG;
2810 }
2811 bytesdeclared = ntohs(oh->length);
2812 if (ntohs(oh->auth_type) != OSPF_AUTH_CRYPTOGRAPHIC)
2813 bytesauth = 0;
2814 else {
2815 if (oh->u.crypt.auth_data_len != OSPF_AUTH_MD5_SIZE) {
2816 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2817 zlog_debug(
2818 "%s: unsupported crypto auth length (%u B)",
2819 __func__, oh->u.crypt.auth_data_len);
2820 return MSG_NG;
2821 }
2822 bytesauth = OSPF_AUTH_MD5_SIZE;
2823 }
2824 if (bytesdeclared + bytesauth > bytesonwire) {
2825 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2826 zlog_debug(
2827 "%s: packet length error (%u real, %u+%u declared)",
2828 __func__, bytesonwire, bytesdeclared,
2829 bytesauth);
2830 return MSG_NG;
2831 }
2832 /* Length, 2nd approximation. The type-specific constraint is checked
2833 against declared length, not amount of bytes on wire. */
2834 if (oh->type >= OSPF_MSG_HELLO && oh->type <= OSPF_MSG_LS_ACK
2835 && bytesdeclared
2836 < OSPF_HEADER_SIZE + ospf_packet_minlen[oh->type]) {
2837 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2838 zlog_debug("%s: undersized (%u B) %s packet", __func__,
2839 bytesdeclared,
2840 lookup_msg(ospf_packet_type_str, oh->type,
2841 NULL));
2842 return MSG_NG;
2843 }
2844 switch (oh->type) {
2845 case OSPF_MSG_HELLO:
2846 /* RFC2328 A.3.2, packet header + OSPF_HELLO_MIN_SIZE bytes
2847 followed
2848 by N>=0 router-IDs. */
2849 ret = (bytesdeclared - OSPF_HEADER_SIZE - OSPF_HELLO_MIN_SIZE)
2850 % 4
2851 ? MSG_NG
2852 : MSG_OK;
2853 break;
2854 case OSPF_MSG_DB_DESC:
2855 /* RFC2328 A.3.3, packet header + OSPF_DB_DESC_MIN_SIZE bytes
2856 followed
2857 by N>=0 header-only LSAs. */
2858 ret = ospf_lsaseq_examin(
2859 (struct lsa_header *)((caddr_t)oh + OSPF_HEADER_SIZE
2860 + OSPF_DB_DESC_MIN_SIZE),
2861 bytesdeclared - OSPF_HEADER_SIZE
2862 - OSPF_DB_DESC_MIN_SIZE,
2863 1, /* header-only LSAs */
2864 0);
2865 break;
2866 case OSPF_MSG_LS_REQ:
2867 /* RFC2328 A.3.4, packet header followed by N>=0 12-bytes
2868 * request blocks. */
2869 ret = (bytesdeclared - OSPF_HEADER_SIZE - OSPF_LS_REQ_MIN_SIZE)
2870 % OSPF_LSA_KEY_SIZE
2871 ? MSG_NG
2872 : MSG_OK;
2873 break;
2874 case OSPF_MSG_LS_UPD:
2875 /* RFC2328 A.3.5, packet header + OSPF_LS_UPD_MIN_SIZE bytes
2876 followed
2877 by N>=0 full LSAs (with N declared beforehand). */
2878 lsupd = (struct ospf_ls_update *)((caddr_t)oh
2879 + OSPF_HEADER_SIZE);
2880 ret = ospf_lsaseq_examin(
2881 (struct lsa_header *)((caddr_t)lsupd
2882 + OSPF_LS_UPD_MIN_SIZE),
2883 bytesdeclared - OSPF_HEADER_SIZE - OSPF_LS_UPD_MIN_SIZE,
2884 0, /* full LSAs */
2885 ntohl(lsupd->num_lsas) /* 32 bits */
2886 );
2887 break;
2888 case OSPF_MSG_LS_ACK:
2889 /* RFC2328 A.3.6, packet header followed by N>=0 header-only
2890 * LSAs. */
2891 ret = ospf_lsaseq_examin(
2892 (struct lsa_header *)((caddr_t)oh + OSPF_HEADER_SIZE
2893 + OSPF_LS_ACK_MIN_SIZE),
2894 bytesdeclared - OSPF_HEADER_SIZE - OSPF_LS_ACK_MIN_SIZE,
2895 1, /* header-only LSAs */
2896 0);
2897 break;
2898 default:
2899 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2900 zlog_debug("%s: invalid packet type 0x%02x", __func__,
2901 oh->type);
2902 return MSG_NG;
2903 }
2904 if (ret != MSG_OK && IS_DEBUG_OSPF_PACKET(0, RECV))
2905 zlog_debug("%s: malformed %s packet", __func__,
2906 lookup_msg(ospf_packet_type_str, oh->type, NULL));
2907 return ret;
2908 }
2909
2910 /* OSPF Header verification. */
2911 static int ospf_verify_header(struct stream *ibuf, struct ospf_interface *oi,
2912 struct ip *iph, struct ospf_header *ospfh)
2913 {
2914 /* Check Area ID. */
2915 if (!ospf_check_area_id(oi, ospfh)) {
2916 flog_warn(EC_OSPF_PACKET,
2917 "interface %s: ospf_read invalid Area ID %s.",
2918 IF_NAME(oi), inet_ntoa(ospfh->area_id));
2919 return -1;
2920 }
2921
2922 /* Check network mask, Silently discarded. */
2923 if (!ospf_check_network_mask(oi, iph->ip_src)) {
2924 flog_warn(
2925 EC_OSPF_PACKET,
2926 "interface %s: ospf_read network address is not same [%s]",
2927 IF_NAME(oi), inet_ntoa(iph->ip_src));
2928 return -1;
2929 }
2930
2931 /* Check authentication. The function handles logging actions, where
2932 * required. */
2933 if (!ospf_check_auth(oi, ospfh))
2934 return -1;
2935
2936 return 0;
2937 }
2938
2939 enum ospf_read_return_enum {
2940 OSPF_READ_ERROR,
2941 OSPF_READ_CONTINUE,
2942 };
2943
2944 static enum ospf_read_return_enum ospf_read_helper(struct ospf *ospf)
2945 {
2946 int ret;
2947 struct stream *ibuf;
2948 struct ospf_interface *oi;
2949 struct ip *iph;
2950 struct ospf_header *ospfh;
2951 uint16_t length;
2952 struct connected *c;
2953 struct interface *ifp = NULL;
2954
2955 stream_reset(ospf->ibuf);
2956 ibuf = ospf_recv_packet(ospf, ospf->fd, &ifp, ospf->ibuf);
2957 if (ibuf == NULL)
2958 return OSPF_READ_ERROR;
2959
2960 /*
2961 * This raw packet is known to be at least as big as its
2962 * IP header. Note that there should not be alignment problems with
2963 * this assignment because this is at the beginning of the
2964 * stream data buffer.
2965 */
2966 iph = (struct ip *)STREAM_DATA(ibuf);
2967 /*
2968 * Note that sockopt_iphdrincl_swab_systoh was called in
2969 * ospf_recv_packet.
2970 */
2971 if (ifp == NULL) {
2972 /*
2973 * Handle cases where the platform does not support
2974 * retrieving the ifindex, and also platforms (such as
2975 * Solaris 8) that claim to support ifindex retrieval but do
2976 * not.
2977 */
2978 c = if_lookup_address((void *)&iph->ip_src, AF_INET,
2979 ospf->vrf_id);
2980 if (c)
2981 ifp = c->ifp;
2982 if (ifp == NULL) {
2983 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2984 zlog_debug(
2985 "%s: Unable to determine incoming interface from: %s(%s)",
2986 __PRETTY_FUNCTION__,
2987 inet_ntoa(iph->ip_src),
2988 ospf_get_name(ospf));
2989 return OSPF_READ_CONTINUE;
2990 }
2991 }
2992
2993 /* Self-originated packet should be discarded silently. */
2994 if (ospf_if_lookup_by_local_addr(ospf, NULL, iph->ip_src)) {
2995 if (IS_DEBUG_OSPF_PACKET(0, RECV)) {
2996 zlog_debug(
2997 "ospf_read[%s]: Dropping self-originated packet",
2998 inet_ntoa(iph->ip_src));
2999 }
3000 return OSPF_READ_CONTINUE;
3001 }
3002
3003 /* Check that we have enough for an IP header */
3004 if ((unsigned int)(iph->ip_hl << 2) >= STREAM_READABLE(ibuf)) {
3005 if ((unsigned int)(iph->ip_hl << 2) == STREAM_READABLE(ibuf)) {
3006 flog_warn(
3007 EC_OSPF_PACKET,
3008 "Rx'd IP packet with OSPF protocol number but no payload");
3009 } else {
3010 flog_warn(
3011 EC_OSPF_PACKET,
3012 "IP header length field claims header is %u bytes, but we only have %zu",
3013 (unsigned int)(iph->ip_hl << 2),
3014 STREAM_READABLE(ibuf));
3015 }
3016
3017 return OSPF_READ_ERROR;
3018 }
3019 stream_forward_getp(ibuf, iph->ip_hl << 2);
3020
3021 ospfh = (struct ospf_header *)stream_pnt(ibuf);
3022 if (MSG_OK
3023 != ospf_packet_examin(ospfh, stream_get_endp(ibuf)
3024 - stream_get_getp(ibuf)))
3025 return OSPF_READ_CONTINUE;
3026 /* Now it is safe to access all fields of OSPF packet header. */
3027
3028 /* associate packet with ospf interface */
3029 oi = ospf_if_lookup_recv_if(ospf, iph->ip_src, ifp);
3030
3031 /*
3032 * ospf_verify_header() relies on a valid "oi" and thus can be called
3033 * only after the passive/backbone/other checks below are passed.
3034 * These checks in turn access the fields of unverified "ospfh"
3035 * structure for their own purposes and must remain very accurate
3036 * in doing this.
3037 */
3038
3039 /* If incoming interface is passive one, ignore it. */
3040 if (oi && OSPF_IF_PASSIVE_STATUS(oi) == OSPF_IF_PASSIVE) {
3041 char buf[3][INET_ADDRSTRLEN];
3042
3043 if (IS_DEBUG_OSPF_EVENT)
3044 zlog_debug(
3045 "ignoring packet from router %s sent to %s, received on a passive interface, %s",
3046 inet_ntop(AF_INET, &ospfh->router_id, buf[0],
3047 sizeof(buf[0])),
3048 inet_ntop(AF_INET, &iph->ip_dst, buf[1],
3049 sizeof(buf[1])),
3050 inet_ntop(AF_INET, &oi->address->u.prefix4,
3051 buf[2], sizeof(buf[2])));
3052
3053 if (iph->ip_dst.s_addr == htonl(OSPF_ALLSPFROUTERS)) {
3054 /* Try to fix multicast membership.
3055 * Some OS:es may have problems in this area,
3056 * make sure it is removed.
3057 */
3058 OI_MEMBER_JOINED(oi, MEMBER_ALLROUTERS);
3059 ospf_if_set_multicast(oi);
3060 }
3061 return OSPF_READ_CONTINUE;
3062 }
3063
3064
3065 /* if no local ospf_interface,
3066 * or header area is backbone but ospf_interface is not
3067 * check for VLINK interface
3068 */
3069 if ((oi == NULL)
3070 || (OSPF_IS_AREA_ID_BACKBONE(ospfh->area_id)
3071 && !OSPF_IS_AREA_ID_BACKBONE(oi->area->area_id))) {
3072 if ((oi = ospf_associate_packet_vl(ospf, ifp, iph, ospfh))
3073 == NULL) {
3074 if (!ospf->instance && IS_DEBUG_OSPF_EVENT)
3075 zlog_debug(
3076 "Packet from [%s] received on link %s but no ospf_interface",
3077 inet_ntoa(iph->ip_src), ifp->name);
3078 return OSPF_READ_CONTINUE;
3079 }
3080 }
3081
3082 /*
3083 * else it must be a local ospf interface, check it was
3084 * received on correct link
3085 */
3086 else if (oi->ifp != ifp) {
3087 if (IS_DEBUG_OSPF_EVENT)
3088 flog_warn(EC_OSPF_PACKET,
3089 "Packet from [%s] received on wrong link %s",
3090 inet_ntoa(iph->ip_src), ifp->name);
3091 return OSPF_READ_CONTINUE;
3092 } else if (oi->state == ISM_Down) {
3093 char buf[2][INET_ADDRSTRLEN];
3094
3095 flog_warn(
3096 EC_OSPF_PACKET,
3097 "Ignoring packet from %s to %s received on interface that is down [%s]; interface flags are %s",
3098 inet_ntop(AF_INET, &iph->ip_src, buf[0],
3099 sizeof(buf[0])),
3100 inet_ntop(AF_INET, &iph->ip_dst, buf[1],
3101 sizeof(buf[1])),
3102 ifp->name, if_flag_dump(ifp->flags));
3103 /* Fix multicast memberships? */
3104 if (iph->ip_dst.s_addr == htonl(OSPF_ALLSPFROUTERS))
3105 OI_MEMBER_JOINED(oi, MEMBER_ALLROUTERS);
3106 else if (iph->ip_dst.s_addr == htonl(OSPF_ALLDROUTERS))
3107 OI_MEMBER_JOINED(oi, MEMBER_DROUTERS);
3108 if (oi->multicast_memberships)
3109 ospf_if_set_multicast(oi);
3110 return OSPF_READ_CONTINUE;
3111 }
3112
3113 /*
3114 * If the received packet is destined for AllDRouters, the
3115 * packet should be accepted only if the received ospf
3116 * interface state is either DR or Backup -- endo.
3117 *
3118 * I wonder who endo is?
3119 */
3120 if (iph->ip_dst.s_addr == htonl(OSPF_ALLDROUTERS)
3121 && (oi->state != ISM_DR && oi->state != ISM_Backup)) {
3122 flog_warn(
3123 EC_OSPF_PACKET,
3124 "Dropping packet for AllDRouters from [%s] via [%s] (ISM: %s)",
3125 inet_ntoa(iph->ip_src), IF_NAME(oi),
3126 lookup_msg(ospf_ism_state_msg, oi->state, NULL));
3127 /* Try to fix multicast membership. */
3128 SET_FLAG(oi->multicast_memberships, MEMBER_DROUTERS);
3129 ospf_if_set_multicast(oi);
3130 return OSPF_READ_CONTINUE;
3131 }
3132
3133 /* Verify more OSPF header fields. */
3134 ret = ospf_verify_header(ibuf, oi, iph, ospfh);
3135 if (ret < 0) {
3136 if (IS_DEBUG_OSPF_PACKET(0, RECV))
3137 zlog_debug(
3138 "ospf_read[%s]: Header check failed, "
3139 "dropping.",
3140 inet_ntoa(iph->ip_src));
3141 return OSPF_READ_CONTINUE;
3142 }
3143
3144 /* Show debug receiving packet. */
3145 if (IS_DEBUG_OSPF_PACKET(ospfh->type - 1, RECV)) {
3146 if (IS_DEBUG_OSPF_PACKET(ospfh->type - 1, DETAIL)) {
3147 zlog_debug(
3148 "-----------------------------------------------------");
3149 ospf_packet_dump(ibuf);
3150 }
3151
3152 zlog_debug("%s received from [%s] via [%s]",
3153 lookup_msg(ospf_packet_type_str, ospfh->type, NULL),
3154 inet_ntoa(ospfh->router_id), IF_NAME(oi));
3155 zlog_debug(" src [%s],", inet_ntoa(iph->ip_src));
3156 zlog_debug(" dst [%s]", inet_ntoa(iph->ip_dst));
3157
3158 if (IS_DEBUG_OSPF_PACKET(ospfh->type - 1, DETAIL))
3159 zlog_debug(
3160 "-----------------------------------------------------");
3161 }
3162
3163 stream_forward_getp(ibuf, OSPF_HEADER_SIZE);
3164
3165 /* Adjust size to message length. */
3166 length = ntohs(ospfh->length) - OSPF_HEADER_SIZE;
3167
3168 /* Read rest of the packet and call each sort of packet routine.
3169 */
3170 switch (ospfh->type) {
3171 case OSPF_MSG_HELLO:
3172 ospf_hello(iph, ospfh, ibuf, oi, length);
3173 break;
3174 case OSPF_MSG_DB_DESC:
3175 ospf_db_desc(iph, ospfh, ibuf, oi, length);
3176 break;
3177 case OSPF_MSG_LS_REQ:
3178 ospf_ls_req(iph, ospfh, ibuf, oi, length);
3179 break;
3180 case OSPF_MSG_LS_UPD:
3181 ospf_ls_upd(ospf, iph, ospfh, ibuf, oi, length);
3182 break;
3183 case OSPF_MSG_LS_ACK:
3184 ospf_ls_ack(iph, ospfh, ibuf, oi, length);
3185 break;
3186 default:
3187 flog_warn(
3188 EC_OSPF_PACKET,
3189 "interface %s(%s): OSPF packet header type %d is illegal",
3190 IF_NAME(oi), ospf_get_name(ospf), ospfh->type);
3191 break;
3192 }
3193
3194 return OSPF_READ_CONTINUE;
3195 }
3196
3197 /* Starting point of packet process function. */
3198 int ospf_read(struct thread *thread)
3199 {
3200 struct ospf *ospf;
3201 int32_t count = 0;
3202 enum ospf_read_return_enum ret;
3203
3204 /* first of all get interface pointer. */
3205 ospf = THREAD_ARG(thread);
3206
3207 /* prepare for next packet. */
3208 thread_add_read(master, ospf_read, ospf, ospf->fd, &ospf->t_read);
3209
3210 while (count < ospf->write_oi_count) {
3211 count++;
3212 ret = ospf_read_helper(ospf);
3213 switch (ret) {
3214 case OSPF_READ_ERROR:
3215 return -1;
3216 break;
3217 case OSPF_READ_CONTINUE:
3218 break;
3219 }
3220 }
3221
3222 return 0;
3223 }
3224
3225 /* Make OSPF header. */
3226 static void ospf_make_header(int type, struct ospf_interface *oi,
3227 struct stream *s)
3228 {
3229 struct ospf_header *ospfh;
3230
3231 ospfh = (struct ospf_header *)STREAM_DATA(s);
3232
3233 ospfh->version = (uint8_t)OSPF_VERSION;
3234 ospfh->type = (uint8_t)type;
3235
3236 ospfh->router_id = oi->ospf->router_id;
3237
3238 ospfh->checksum = 0;
3239 ospfh->area_id = oi->area->area_id;
3240 ospfh->auth_type = htons(ospf_auth_type(oi));
3241
3242 memset(ospfh->u.auth_data, 0, OSPF_AUTH_SIMPLE_SIZE);
3243
3244 stream_forward_endp(s, OSPF_HEADER_SIZE);
3245 }
3246
3247 /* Make Authentication Data. */
3248 static int ospf_make_auth(struct ospf_interface *oi, struct ospf_header *ospfh)
3249 {
3250 struct crypt_key *ck;
3251
3252 switch (ospf_auth_type(oi)) {
3253 case OSPF_AUTH_NULL:
3254 /* memset (ospfh->u.auth_data, 0, sizeof (ospfh->u.auth_data));
3255 */
3256 break;
3257 case OSPF_AUTH_SIMPLE:
3258 memcpy(ospfh->u.auth_data, OSPF_IF_PARAM(oi, auth_simple),
3259 OSPF_AUTH_SIMPLE_SIZE);
3260 break;
3261 case OSPF_AUTH_CRYPTOGRAPHIC:
3262 /* If key is not set, then set 0. */
3263 if (list_isempty(OSPF_IF_PARAM(oi, auth_crypt))) {
3264 ospfh->u.crypt.zero = 0;
3265 ospfh->u.crypt.key_id = 0;
3266 ospfh->u.crypt.auth_data_len = OSPF_AUTH_MD5_SIZE;
3267 } else {
3268 ck = listgetdata(
3269 listtail(OSPF_IF_PARAM(oi, auth_crypt)));
3270 ospfh->u.crypt.zero = 0;
3271 ospfh->u.crypt.key_id = ck->key_id;
3272 ospfh->u.crypt.auth_data_len = OSPF_AUTH_MD5_SIZE;
3273 }
3274 /* note: the seq is done in ospf_make_md5_digest() */
3275 break;
3276 default:
3277 /* memset (ospfh->u.auth_data, 0, sizeof (ospfh->u.auth_data));
3278 */
3279 break;
3280 }
3281
3282 return 0;
3283 }
3284
3285 /* Fill rest of OSPF header. */
3286 static void ospf_fill_header(struct ospf_interface *oi, struct stream *s,
3287 uint16_t length)
3288 {
3289 struct ospf_header *ospfh;
3290
3291 ospfh = (struct ospf_header *)STREAM_DATA(s);
3292
3293 /* Fill length. */
3294 ospfh->length = htons(length);
3295
3296 /* Calculate checksum. */
3297 if (ntohs(ospfh->auth_type) != OSPF_AUTH_CRYPTOGRAPHIC)
3298 ospfh->checksum = in_cksum(ospfh, length);
3299 else
3300 ospfh->checksum = 0;
3301
3302 /* Add Authentication Data. */
3303 ospf_make_auth(oi, ospfh);
3304 }
3305
3306 static int ospf_make_hello(struct ospf_interface *oi, struct stream *s)
3307 {
3308 struct ospf_neighbor *nbr;
3309 struct route_node *rn;
3310 uint16_t length = OSPF_HELLO_MIN_SIZE;
3311 struct in_addr mask;
3312 unsigned long p;
3313 int flag = 0;
3314
3315 /* Set netmask of interface. */
3316 if (!(CHECK_FLAG(oi->connected->flags, ZEBRA_IFA_UNNUMBERED)
3317 && oi->type == OSPF_IFTYPE_POINTOPOINT)
3318 && oi->type != OSPF_IFTYPE_VIRTUALLINK)
3319 masklen2ip(oi->address->prefixlen, &mask);
3320 else
3321 memset((char *)&mask, 0, sizeof(struct in_addr));
3322 stream_put_ipv4(s, mask.s_addr);
3323
3324 /* Set Hello Interval. */
3325 if (OSPF_IF_PARAM(oi, fast_hello) == 0)
3326 stream_putw(s, OSPF_IF_PARAM(oi, v_hello));
3327 else
3328 stream_putw(s, 0); /* hello-interval of 0 for fast-hellos */
3329
3330 if (IS_DEBUG_OSPF_EVENT)
3331 zlog_debug("make_hello: options: %x, int: %s", OPTIONS(oi),
3332 IF_NAME(oi));
3333
3334 /* Set Options. */
3335 stream_putc(s, OPTIONS(oi));
3336
3337 /* Set Router Priority. */
3338 stream_putc(s, PRIORITY(oi));
3339
3340 /* Set Router Dead Interval. */
3341 stream_putl(s, OSPF_IF_PARAM(oi, v_wait));
3342
3343 /* Set Designated Router. */
3344 stream_put_ipv4(s, DR(oi).s_addr);
3345
3346 p = stream_get_endp(s);
3347
3348 /* Set Backup Designated Router. */
3349 stream_put_ipv4(s, BDR(oi).s_addr);
3350
3351 /* Add neighbor seen. */
3352 for (rn = route_top(oi->nbrs); rn; rn = route_next(rn))
3353 if ((nbr = rn->info))
3354 if (nbr->router_id.s_addr
3355 != 0) /* Ignore 0.0.0.0 node. */
3356 if (nbr->state
3357 != NSM_Attempt) /* Ignore Down neighbor. */
3358 if (nbr->state
3359 != NSM_Down) /* This is myself for
3360 DR election. */
3361 if (!IPV4_ADDR_SAME(
3362 &nbr->router_id,
3363 &oi->ospf->router_id)) {
3364 /* Check neighbor is
3365 * sane? */
3366 if (nbr->d_router.s_addr
3367 != 0
3368 && IPV4_ADDR_SAME(
3369 &nbr->d_router,
3370 &oi->address
3371 ->u
3372 .prefix4)
3373 && IPV4_ADDR_SAME(
3374 &nbr->bd_router,
3375 &oi->address
3376 ->u
3377 .prefix4))
3378 flag = 1;
3379
3380 /* Hello packet overflows interface MTU. */
3381 if (length + sizeof(uint32_t)
3382 > ospf_packet_max(oi)) {
3383 flog_err(
3384 EC_OSPF_LARGE_HELLO,
3385 "Oversized Hello packet! Larger than MTU. Not sending it out");
3386 return 0;
3387 }
3388
3389 stream_put_ipv4(
3390 s,
3391 nbr->router_id
3392 .s_addr);
3393 length += 4;
3394 }
3395
3396 /* Let neighbor generate BackupSeen. */
3397 if (flag == 1)
3398 stream_putl_at(s, p, 0); /* ipv4 address, normally */
3399
3400 return length;
3401 }
3402
3403 static int ospf_make_db_desc(struct ospf_interface *oi,
3404 struct ospf_neighbor *nbr, struct stream *s)
3405 {
3406 struct ospf_lsa *lsa;
3407 uint16_t length = OSPF_DB_DESC_MIN_SIZE;
3408 uint8_t options;
3409 unsigned long pp;
3410 int i;
3411 struct ospf_lsdb *lsdb;
3412
3413 /* Set Interface MTU. */
3414 if (oi->type == OSPF_IFTYPE_VIRTUALLINK)
3415 stream_putw(s, 0);
3416 else
3417 stream_putw(s, oi->ifp->mtu);
3418
3419 /* Set Options. */
3420 options = OPTIONS(oi);
3421 if (CHECK_FLAG(oi->ospf->config, OSPF_OPAQUE_CAPABLE))
3422 SET_FLAG(options, OSPF_OPTION_O);
3423 stream_putc(s, options);
3424
3425 /* DD flags */
3426 pp = stream_get_endp(s);
3427 stream_putc(s, nbr->dd_flags);
3428
3429 /* Set DD Sequence Number. */
3430 stream_putl(s, nbr->dd_seqnum);
3431
3432 /* shortcut unneeded walk of (empty) summary LSDBs */
3433 if (ospf_db_summary_isempty(nbr))
3434 goto empty;
3435
3436 /* Describe LSA Header from Database Summary List. */
3437 lsdb = &nbr->db_sum;
3438
3439 for (i = OSPF_MIN_LSA; i < OSPF_MAX_LSA; i++) {
3440 struct route_table *table = lsdb->type[i].db;
3441 struct route_node *rn;
3442
3443 for (rn = route_top(table); rn; rn = route_next(rn))
3444 if ((lsa = rn->info) != NULL) {
3445 if (IS_OPAQUE_LSA(lsa->data->type)
3446 && (!CHECK_FLAG(options, OSPF_OPTION_O))) {
3447 /* Suppress advertising
3448 * opaque-information. */
3449 /* Remove LSA from DB summary list. */
3450 ospf_lsdb_delete(lsdb, lsa);
3451 continue;
3452 }
3453
3454 if (!CHECK_FLAG(lsa->flags, OSPF_LSA_DISCARD)) {
3455 struct lsa_header *lsah;
3456 uint16_t ls_age;
3457
3458 /* DD packet overflows interface MTU. */
3459 if (length + OSPF_LSA_HEADER_SIZE
3460 > ospf_packet_max(oi))
3461 break;
3462
3463 /* Keep pointer to LS age. */
3464 lsah = (struct lsa_header
3465 *)(STREAM_DATA(s)
3466 + stream_get_endp(
3467 s));
3468
3469 /* Proceed stream pointer. */
3470 stream_put(s, lsa->data,
3471 OSPF_LSA_HEADER_SIZE);
3472 length += OSPF_LSA_HEADER_SIZE;
3473
3474 /* Set LS age. */
3475 ls_age = LS_AGE(lsa);
3476 lsah->ls_age = htons(ls_age);
3477 }
3478
3479 /* Remove LSA from DB summary list. */
3480 ospf_lsdb_delete(lsdb, lsa);
3481 }
3482 }
3483
3484 /* Update 'More' bit */
3485 if (ospf_db_summary_isempty(nbr)) {
3486 empty:
3487 if (nbr->state >= NSM_Exchange) {
3488 UNSET_FLAG(nbr->dd_flags, OSPF_DD_FLAG_M);
3489 /* Rewrite DD flags */
3490 stream_putc_at(s, pp, nbr->dd_flags);
3491 } else {
3492 assert(IS_SET_DD_M(nbr->dd_flags));
3493 }
3494 }
3495 return length;
3496 }
3497
3498 static int ospf_make_ls_req_func(struct stream *s, uint16_t *length,
3499 unsigned long delta, struct ospf_neighbor *nbr,
3500 struct ospf_lsa *lsa)
3501 {
3502 struct ospf_interface *oi;
3503
3504 oi = nbr->oi;
3505
3506 /* LS Request packet overflows interface MTU
3507 * delta is just number of bytes required for 1 LS Req
3508 * ospf_packet_max will return the number of bytes can
3509 * be accomodated without ospf header. So length+delta
3510 * can be compared to ospf_packet_max
3511 * to check if it can fit another lsreq in the same packet.
3512 */
3513
3514 if (*length + delta > ospf_packet_max(oi))
3515 return 0;
3516
3517 stream_putl(s, lsa->data->type);
3518 stream_put_ipv4(s, lsa->data->id.s_addr);
3519 stream_put_ipv4(s, lsa->data->adv_router.s_addr);
3520
3521 ospf_lsa_unlock(&nbr->ls_req_last);
3522 nbr->ls_req_last = ospf_lsa_lock(lsa);
3523
3524 *length += 12;
3525 return 1;
3526 }
3527
3528 static int ospf_make_ls_req(struct ospf_neighbor *nbr, struct stream *s)
3529 {
3530 struct ospf_lsa *lsa;
3531 uint16_t length = OSPF_LS_REQ_MIN_SIZE;
3532 unsigned long delta = 12;
3533 struct route_table *table;
3534 struct route_node *rn;
3535 int i;
3536 struct ospf_lsdb *lsdb;
3537
3538 lsdb = &nbr->ls_req;
3539
3540 for (i = OSPF_MIN_LSA; i < OSPF_MAX_LSA; i++) {
3541 table = lsdb->type[i].db;
3542 for (rn = route_top(table); rn; rn = route_next(rn))
3543 if ((lsa = (rn->info)) != NULL)
3544 if (ospf_make_ls_req_func(s, &length, delta,
3545 nbr, lsa)
3546 == 0) {
3547 route_unlock_node(rn);
3548 break;
3549 }
3550 }
3551 return length;
3552 }
3553
3554 static int ls_age_increment(struct ospf_lsa *lsa, int delay)
3555 {
3556 int age;
3557
3558 age = IS_LSA_MAXAGE(lsa) ? OSPF_LSA_MAXAGE : LS_AGE(lsa) + delay;
3559
3560 return (age > OSPF_LSA_MAXAGE ? OSPF_LSA_MAXAGE : age);
3561 }
3562
3563 static int ospf_make_ls_upd(struct ospf_interface *oi, struct list *update,
3564 struct stream *s)
3565 {
3566 struct ospf_lsa *lsa;
3567 struct listnode *node;
3568 uint16_t length = 0;
3569 unsigned int size_noauth;
3570 unsigned long delta = stream_get_endp(s);
3571 unsigned long pp;
3572 int count = 0;
3573
3574 if (IS_DEBUG_OSPF_EVENT)
3575 zlog_debug("ospf_make_ls_upd: Start");
3576
3577 pp = stream_get_endp(s);
3578 stream_forward_endp(s, OSPF_LS_UPD_MIN_SIZE);
3579 length += OSPF_LS_UPD_MIN_SIZE;
3580
3581 /* Calculate amount of packet usable for data. */
3582 size_noauth = stream_get_size(s) - ospf_packet_authspace(oi);
3583
3584 while ((node = listhead(update)) != NULL) {
3585 struct lsa_header *lsah;
3586 uint16_t ls_age;
3587
3588 if (IS_DEBUG_OSPF_EVENT)
3589 zlog_debug("ospf_make_ls_upd: List Iteration %d",
3590 count);
3591
3592 lsa = listgetdata(node);
3593
3594 assert(lsa->data);
3595
3596 /* Will it fit? Minimum it has to fit atleast one */
3597 if ((length + delta + ntohs(lsa->data->length) > size_noauth) &&
3598 (count > 0))
3599 break;
3600
3601 /* Keep pointer to LS age. */
3602 lsah = (struct lsa_header *)(STREAM_DATA(s)
3603 + stream_get_endp(s));
3604
3605 /* Put LSA to Link State Request. */
3606 stream_put(s, lsa->data, ntohs(lsa->data->length));
3607
3608 /* Set LS age. */
3609 /* each hop must increment an lsa_age by transmit_delay
3610 of OSPF interface */
3611 ls_age = ls_age_increment(lsa,
3612 OSPF_IF_PARAM(oi, transmit_delay));
3613 lsah->ls_age = htons(ls_age);
3614
3615 length += ntohs(lsa->data->length);
3616 count++;
3617
3618 list_delete_node(update, node);
3619 ospf_lsa_unlock(&lsa); /* oi->ls_upd_queue */
3620 }
3621
3622 /* Now set #LSAs. */
3623 stream_putl_at(s, pp, count);
3624
3625 if (IS_DEBUG_OSPF_EVENT)
3626 zlog_debug("ospf_make_ls_upd: Stop");
3627 return length;
3628 }
3629
3630 static int ospf_make_ls_ack(struct ospf_interface *oi, struct list *ack,
3631 struct stream *s)
3632 {
3633 struct listnode *node, *nnode;
3634 uint16_t length = OSPF_LS_ACK_MIN_SIZE;
3635 unsigned long delta = OSPF_LSA_HEADER_SIZE;
3636 struct ospf_lsa *lsa;
3637
3638 for (ALL_LIST_ELEMENTS(ack, node, nnode, lsa)) {
3639 assert(lsa);
3640
3641 /* LS Ack packet overflows interface MTU
3642 * delta is just number of bytes required for
3643 * 1 LS Ack(1 LS Hdr) ospf_packet_max will return
3644 * the number of bytes can be accomodated without
3645 * ospf header. So length+delta can be compared
3646 * against ospf_packet_max to check if it can fit
3647 * another ls header in the same packet.
3648 */
3649 if ((length + delta) > ospf_packet_max(oi))
3650 break;
3651
3652 stream_put(s, lsa->data, OSPF_LSA_HEADER_SIZE);
3653 length += OSPF_LSA_HEADER_SIZE;
3654
3655 listnode_delete(ack, lsa);
3656 ospf_lsa_unlock(&lsa); /* oi->ls_ack_direct.ls_ack */
3657 }
3658
3659 return length;
3660 }
3661
3662 static void ospf_hello_send_sub(struct ospf_interface *oi, in_addr_t addr)
3663 {
3664 struct ospf_packet *op;
3665 uint16_t length = OSPF_HEADER_SIZE;
3666
3667 op = ospf_packet_new(oi->ifp->mtu);
3668
3669 /* Prepare OSPF common header. */
3670 ospf_make_header(OSPF_MSG_HELLO, oi, op->s);
3671
3672 /* Prepare OSPF Hello body. */
3673 length += ospf_make_hello(oi, op->s);
3674 if (length == OSPF_HEADER_SIZE) {
3675 /* Hello overshooting MTU */
3676 ospf_packet_free(op);
3677 return;
3678 }
3679
3680 /* Fill OSPF header. */
3681 ospf_fill_header(oi, op->s, length);
3682
3683 /* Set packet length. */
3684 op->length = length;
3685
3686 op->dst.s_addr = addr;
3687
3688 if (IS_DEBUG_OSPF_EVENT) {
3689 if (oi->ospf->vrf_id)
3690 zlog_debug(
3691 "%s: Hello Tx interface %s ospf vrf %s id %u",
3692 __PRETTY_FUNCTION__, oi->ifp->name,
3693 ospf_vrf_id_to_name(oi->ospf->vrf_id),
3694 oi->ospf->vrf_id);
3695 }
3696 /* Add packet to the top of the interface output queue, so that they
3697 * can't get delayed by things like long queues of LS Update packets
3698 */
3699 ospf_packet_add_top(oi, op);
3700
3701 /* Hook thread to write packet. */
3702 OSPF_ISM_WRITE_ON(oi->ospf);
3703 }
3704
3705 static void ospf_poll_send(struct ospf_nbr_nbma *nbr_nbma)
3706 {
3707 struct ospf_interface *oi;
3708
3709 oi = nbr_nbma->oi;
3710 assert(oi);
3711
3712 /* If this is passive interface, do not send OSPF Hello. */
3713 if (OSPF_IF_PASSIVE_STATUS(oi) == OSPF_IF_PASSIVE)
3714 return;
3715
3716 if (oi->type != OSPF_IFTYPE_NBMA)
3717 return;
3718
3719 if (nbr_nbma->nbr != NULL && nbr_nbma->nbr->state != NSM_Down)
3720 return;
3721
3722 if (PRIORITY(oi) == 0)
3723 return;
3724
3725 if (nbr_nbma->priority == 0 && oi->state != ISM_DR
3726 && oi->state != ISM_Backup)
3727 return;
3728
3729 ospf_hello_send_sub(oi, nbr_nbma->addr.s_addr);
3730 }
3731
3732 int ospf_poll_timer(struct thread *thread)
3733 {
3734 struct ospf_nbr_nbma *nbr_nbma;
3735
3736 nbr_nbma = THREAD_ARG(thread);
3737 nbr_nbma->t_poll = NULL;
3738
3739 if (IS_DEBUG_OSPF(nsm, NSM_TIMERS))
3740 zlog_debug("NSM[%s:%s]: Timer (Poll timer expire)",
3741 IF_NAME(nbr_nbma->oi), inet_ntoa(nbr_nbma->addr));
3742
3743 ospf_poll_send(nbr_nbma);
3744
3745 if (nbr_nbma->v_poll > 0)
3746 OSPF_POLL_TIMER_ON(nbr_nbma->t_poll, ospf_poll_timer,
3747 nbr_nbma->v_poll);
3748
3749 return 0;
3750 }
3751
3752
3753 int ospf_hello_reply_timer(struct thread *thread)
3754 {
3755 struct ospf_neighbor *nbr;
3756
3757 nbr = THREAD_ARG(thread);
3758 nbr->t_hello_reply = NULL;
3759
3760 if (IS_DEBUG_OSPF(nsm, NSM_TIMERS))
3761 zlog_debug("NSM[%s:%s]: Timer (hello-reply timer expire)",
3762 IF_NAME(nbr->oi), inet_ntoa(nbr->router_id));
3763
3764 ospf_hello_send_sub(nbr->oi, nbr->address.u.prefix4.s_addr);
3765
3766 return 0;
3767 }
3768
3769 /* Send OSPF Hello. */
3770 void ospf_hello_send(struct ospf_interface *oi)
3771 {
3772 /* If this is passive interface, do not send OSPF Hello. */
3773 if (OSPF_IF_PASSIVE_STATUS(oi) == OSPF_IF_PASSIVE)
3774 return;
3775
3776 if (oi->type == OSPF_IFTYPE_NBMA) {
3777 struct ospf_neighbor *nbr;
3778 struct route_node *rn;
3779
3780 for (rn = route_top(oi->nbrs); rn; rn = route_next(rn))
3781 if ((nbr = rn->info))
3782 if (nbr != oi->nbr_self)
3783 if (nbr->state != NSM_Down) {
3784 /* RFC 2328 Section 9.5.1
3785 If the router is not
3786 eligible to become Designated
3787 Router,
3788 it must periodically send
3789 Hello Packets to both the
3790 Designated Router and the
3791 Backup Designated Router (if
3792 they
3793 exist). */
3794 if (PRIORITY(oi) == 0
3795 && IPV4_ADDR_CMP(
3796 &DR(oi),
3797 &nbr->address.u
3798 .prefix4)
3799 && IPV4_ADDR_CMP(
3800 &BDR(oi),
3801 &nbr->address.u
3802 .prefix4))
3803 continue;
3804
3805 /* If the router is eligible to
3806 become Designated Router, it
3807 must periodically send Hello
3808 Packets to all neighbors that
3809 are also eligible. In
3810 addition, if the router is
3811 itself the
3812 Designated Router or Backup
3813 Designated Router, it must
3814 also
3815 send periodic Hello Packets
3816 to all other neighbors. */
3817
3818 if (nbr->priority == 0
3819 && oi->state == ISM_DROther)
3820 continue;
3821 /* if oi->state == Waiting, send
3822 * hello to all neighbors */
3823 ospf_hello_send_sub(
3824 oi,
3825 nbr->address.u.prefix4
3826 .s_addr);
3827 }
3828 } else {
3829 /* Decide destination address. */
3830 if (oi->type == OSPF_IFTYPE_VIRTUALLINK)
3831 ospf_hello_send_sub(oi, oi->vl_data->peer_addr.s_addr);
3832 else
3833 ospf_hello_send_sub(oi, htonl(OSPF_ALLSPFROUTERS));
3834 }
3835 }
3836
3837 /* Send OSPF Database Description. */
3838 void ospf_db_desc_send(struct ospf_neighbor *nbr)
3839 {
3840 struct ospf_interface *oi;
3841 struct ospf_packet *op;
3842 uint16_t length = OSPF_HEADER_SIZE;
3843
3844 oi = nbr->oi;
3845 op = ospf_packet_new(oi->ifp->mtu);
3846
3847 /* Prepare OSPF common header. */
3848 ospf_make_header(OSPF_MSG_DB_DESC, oi, op->s);
3849
3850 /* Prepare OSPF Database Description body. */
3851 length += ospf_make_db_desc(oi, nbr, op->s);
3852
3853 /* Fill OSPF header. */
3854 ospf_fill_header(oi, op->s, length);
3855
3856 /* Set packet length. */
3857 op->length = length;
3858
3859 /* Decide destination address. */
3860 if (oi->type == OSPF_IFTYPE_POINTOPOINT)
3861 op->dst.s_addr = htonl(OSPF_ALLSPFROUTERS);
3862 else
3863 op->dst = nbr->address.u.prefix4;
3864
3865 /* Add packet to the interface output queue. */
3866 ospf_packet_add(oi, op);
3867
3868 /* Hook thread to write packet. */
3869 OSPF_ISM_WRITE_ON(oi->ospf);
3870
3871 /* Remove old DD packet, then copy new one and keep in neighbor
3872 * structure. */
3873 if (nbr->last_send)
3874 ospf_packet_free(nbr->last_send);
3875 nbr->last_send = ospf_packet_dup(op);
3876 monotime(&nbr->last_send_ts);
3877 if (CHECK_FLAG(oi->ospf->config, OSPF_LOG_ADJACENCY_DETAIL))
3878 zlog_info(
3879 "%s:Packet[DD]: %s DB Desc send with seqnum:%x , flags:%x",
3880 (oi->ospf->name) ? oi->ospf->name : VRF_DEFAULT_NAME,
3881 inet_ntoa(nbr->router_id), nbr->dd_seqnum,
3882 nbr->dd_flags);
3883 }
3884
3885 /* Re-send Database Description. */
3886 void ospf_db_desc_resend(struct ospf_neighbor *nbr)
3887 {
3888 struct ospf_interface *oi;
3889
3890 oi = nbr->oi;
3891
3892 /* Add packet to the interface output queue. */
3893 ospf_packet_add(oi, ospf_packet_dup(nbr->last_send));
3894
3895 /* Hook thread to write packet. */
3896 OSPF_ISM_WRITE_ON(oi->ospf);
3897 if (CHECK_FLAG(oi->ospf->config, OSPF_LOG_ADJACENCY_DETAIL))
3898 zlog_info(
3899 "%s:Packet[DD]: %s DB Desc resend with seqnum:%x , flags:%x",
3900 (oi->ospf->name) ? oi->ospf->name : VRF_DEFAULT_NAME,
3901 inet_ntoa(nbr->router_id), nbr->dd_seqnum,
3902 nbr->dd_flags);
3903 }
3904
3905 /* Send Link State Request. */
3906 void ospf_ls_req_send(struct ospf_neighbor *nbr)
3907 {
3908 struct ospf_interface *oi;
3909 struct ospf_packet *op;
3910 uint16_t length = OSPF_HEADER_SIZE;
3911
3912 oi = nbr->oi;
3913 op = ospf_packet_new(oi->ifp->mtu);
3914
3915 /* Prepare OSPF common header. */
3916 ospf_make_header(OSPF_MSG_LS_REQ, oi, op->s);
3917
3918 /* Prepare OSPF Link State Request body. */
3919 length += ospf_make_ls_req(nbr, op->s);
3920 if (length == OSPF_HEADER_SIZE) {
3921 ospf_packet_free(op);
3922 return;
3923 }
3924
3925 /* Fill OSPF header. */
3926 ospf_fill_header(oi, op->s, length);
3927
3928 /* Set packet length. */
3929 op->length = length;
3930
3931 /* Decide destination address. */
3932 if (oi->type == OSPF_IFTYPE_POINTOPOINT)
3933 op->dst.s_addr = htonl(OSPF_ALLSPFROUTERS);
3934 else
3935 op->dst = nbr->address.u.prefix4;
3936
3937 /* Add packet to the interface output queue. */
3938 ospf_packet_add(oi, op);
3939
3940 /* Hook thread to write packet. */
3941 OSPF_ISM_WRITE_ON(oi->ospf);
3942
3943 /* Add Link State Request Retransmission Timer. */
3944 OSPF_NSM_TIMER_ON(nbr->t_ls_req, ospf_ls_req_timer, nbr->v_ls_req);
3945 }
3946
3947 /* Send Link State Update with an LSA. */
3948 void ospf_ls_upd_send_lsa(struct ospf_neighbor *nbr, struct ospf_lsa *lsa,
3949 int flag)
3950 {
3951 struct list *update;
3952
3953 update = list_new();
3954
3955 listnode_add(update, lsa);
3956
3957 /*ospf instance is going down, send self originated
3958 * MAXAGE LSA update to neighbors to remove from LSDB */
3959 if (nbr->oi->ospf->inst_shutdown && IS_LSA_MAXAGE(lsa))
3960 ospf_ls_upd_send(nbr, update, flag, 1);
3961 else
3962 ospf_ls_upd_send(nbr, update, flag, 0);
3963
3964 list_delete(&update);
3965 }
3966
3967 /* Determine size for packet. Must be at least big enough to accomodate next
3968 * LSA on list, which may be bigger than MTU size.
3969 *
3970 * Return pointer to new ospf_packet
3971 * NULL if we can not allocate, eg because LSA is bigger than imposed limit
3972 * on packet sizes (in which case offending LSA is deleted from update list)
3973 */
3974 static struct ospf_packet *ospf_ls_upd_packet_new(struct list *update,
3975 struct ospf_interface *oi)
3976 {
3977 struct ospf_lsa *lsa;
3978 struct listnode *ln;
3979 size_t size;
3980 static char warned = 0;
3981
3982 lsa = listgetdata((ln = listhead(update)));
3983 assert(lsa->data);
3984
3985 if ((OSPF_LS_UPD_MIN_SIZE + ntohs(lsa->data->length))
3986 > ospf_packet_max(oi)) {
3987 if (!warned) {
3988 flog_warn(
3989 EC_OSPF_LARGE_LSA,
3990 "ospf_ls_upd_packet_new: oversized LSA encountered!"
3991 "will need to fragment. Not optimal. Try divide up"
3992 " your network with areas. Use 'debug ospf packet send'"
3993 " to see details, or look at 'show ip ospf database ..'");
3994 warned = 1;
3995 }
3996
3997 if (IS_DEBUG_OSPF_PACKET(0, SEND))
3998 zlog_debug(
3999 "ospf_ls_upd_packet_new: oversized LSA id:%s,"
4000 " %d bytes originated by %s, will be fragmented!",
4001 inet_ntoa(lsa->data->id),
4002 ntohs(lsa->data->length),
4003 inet_ntoa(lsa->data->adv_router));
4004
4005 /*
4006 * Allocate just enough to fit this LSA only, to avoid including
4007 * other
4008 * LSAs in fragmented LSA Updates.
4009 */
4010 size = ntohs(lsa->data->length)
4011 + (oi->ifp->mtu - ospf_packet_max(oi))
4012 + OSPF_LS_UPD_MIN_SIZE;
4013 } else
4014 size = oi->ifp->mtu;
4015
4016 if (size > OSPF_MAX_PACKET_SIZE) {
4017 flog_warn(EC_OSPF_LARGE_LSA,
4018 "ospf_ls_upd_packet_new: oversized LSA id:%s too big,"
4019 " %d bytes, packet size %ld, dropping it completely."
4020 " OSPF routing is broken!",
4021 inet_ntoa(lsa->data->id), ntohs(lsa->data->length),
4022 (long int)size);
4023 list_delete_node(update, ln);
4024 return NULL;
4025 }
4026
4027 /* IP header is built up separately by ospf_write(). This means, that we
4028 * must
4029 * reduce the "affordable" size just calculated by length of an IP
4030 * header.
4031 * This makes sure, that even if we manage to fill the payload with LSA
4032 * data
4033 * completely, the final packet (our data plus IP header) still fits
4034 * into
4035 * outgoing interface MTU. This correction isn't really meaningful for
4036 * an
4037 * oversized LSA, but for consistency the correction is done for both
4038 * cases.
4039 *
4040 * P.S. OSPF_MAX_PACKET_SIZE above already includes IP header size
4041 */
4042 return ospf_packet_new(size - sizeof(struct ip));
4043 }
4044
4045 static void ospf_ls_upd_queue_send(struct ospf_interface *oi,
4046 struct list *update, struct in_addr addr,
4047 int send_lsupd_now)
4048 {
4049 struct ospf_packet *op;
4050 uint16_t length = OSPF_HEADER_SIZE;
4051
4052 if (IS_DEBUG_OSPF_EVENT)
4053 zlog_debug("listcount = %d, [%s]dst %s", listcount(update),
4054 IF_NAME(oi), inet_ntoa(addr));
4055
4056 /* Check that we have really something to process */
4057 if (listcount(update) == 0)
4058 return;
4059
4060 op = ospf_ls_upd_packet_new(update, oi);
4061
4062 /* Prepare OSPF common header. */
4063 ospf_make_header(OSPF_MSG_LS_UPD, oi, op->s);
4064
4065 /* Prepare OSPF Link State Update body.
4066 * Includes Type-7 translation.
4067 */
4068 length += ospf_make_ls_upd(oi, update, op->s);
4069
4070 /* Fill OSPF header. */
4071 ospf_fill_header(oi, op->s, length);
4072
4073 /* Set packet length. */
4074 op->length = length;
4075
4076 /* Decide destination address. */
4077 if (oi->type == OSPF_IFTYPE_POINTOPOINT)
4078 op->dst.s_addr = htonl(OSPF_ALLSPFROUTERS);
4079 else
4080 op->dst.s_addr = addr.s_addr;
4081
4082 /* Add packet to the interface output queue. */
4083 ospf_packet_add(oi, op);
4084 /* Call ospf_write() right away to send ospf packets to neighbors */
4085 if (send_lsupd_now) {
4086 struct thread os_packet_thd;
4087
4088 os_packet_thd.arg = (void *)oi->ospf;
4089 if (oi->on_write_q == 0) {
4090 listnode_add(oi->ospf->oi_write_q, oi);
4091 oi->on_write_q = 1;
4092 }
4093 ospf_write(&os_packet_thd);
4094 /*
4095 * We are fake calling ospf_write with a fake
4096 * thread. Imagine that we have oi_a already
4097 * enqueued and we have turned on the write
4098 * thread(t_write).
4099 * Now this function calls this for oi_b
4100 * so the on_write_q has oi_a and oi_b on
4101 * it, ospf_write runs and clears the packets
4102 * for both oi_a and oi_b. Removing them from
4103 * the on_write_q. After this thread of execution
4104 * finishes we will execute the t_write thread
4105 * with nothing in the on_write_q causing an
4106 * assert. So just make sure that the t_write
4107 * is actually turned off.
4108 */
4109 if (list_isempty(oi->ospf->oi_write_q))
4110 OSPF_TIMER_OFF(oi->ospf->t_write);
4111 } else {
4112 /* Hook thread to write packet. */
4113 OSPF_ISM_WRITE_ON(oi->ospf);
4114 }
4115 }
4116
4117 static int ospf_ls_upd_send_queue_event(struct thread *thread)
4118 {
4119 struct ospf_interface *oi = THREAD_ARG(thread);
4120 struct route_node *rn;
4121 struct route_node *rnext;
4122 struct list *update;
4123 char again = 0;
4124
4125 oi->t_ls_upd_event = NULL;
4126
4127 if (IS_DEBUG_OSPF_EVENT)
4128 zlog_debug("ospf_ls_upd_send_queue start");
4129
4130 for (rn = route_top(oi->ls_upd_queue); rn; rn = rnext) {
4131 rnext = route_next(rn);
4132
4133 if (rn->info == NULL)
4134 continue;
4135
4136 update = (struct list *)rn->info;
4137
4138 ospf_ls_upd_queue_send(oi, update, rn->p.u.prefix4, 0);
4139
4140 /* list might not be empty. */
4141 if (listcount(update) == 0) {
4142 list_delete((struct list **)&rn->info);
4143 route_unlock_node(rn);
4144 } else
4145 again = 1;
4146 }
4147
4148 if (again != 0) {
4149 if (IS_DEBUG_OSPF_EVENT)
4150 zlog_debug(
4151 "ospf_ls_upd_send_queue: update lists not cleared,"
4152 " %d nodes to try again, raising new event",
4153 again);
4154 oi->t_ls_upd_event = NULL;
4155 thread_add_event(master, ospf_ls_upd_send_queue_event, oi, 0,
4156 &oi->t_ls_upd_event);
4157 }
4158
4159 if (IS_DEBUG_OSPF_EVENT)
4160 zlog_debug("ospf_ls_upd_send_queue stop");
4161
4162 return 0;
4163 }
4164
4165 void ospf_ls_upd_send(struct ospf_neighbor *nbr, struct list *update, int flag,
4166 int send_lsupd_now)
4167 {
4168 struct ospf_interface *oi;
4169 struct ospf_lsa *lsa;
4170 struct prefix_ipv4 p;
4171 struct route_node *rn;
4172 struct listnode *node;
4173
4174 oi = nbr->oi;
4175
4176 p.family = AF_INET;
4177 p.prefixlen = IPV4_MAX_BITLEN;
4178
4179 /* Decide destination address. */
4180 if (oi->type == OSPF_IFTYPE_VIRTUALLINK)
4181 p.prefix = oi->vl_data->peer_addr;
4182 else if (oi->type == OSPF_IFTYPE_POINTOPOINT)
4183 p.prefix.s_addr = htonl(OSPF_ALLSPFROUTERS);
4184 else if (flag == OSPF_SEND_PACKET_DIRECT)
4185 p.prefix = nbr->address.u.prefix4;
4186 else if (oi->state == ISM_DR || oi->state == ISM_Backup)
4187 p.prefix.s_addr = htonl(OSPF_ALLSPFROUTERS);
4188 else if (oi->type == OSPF_IFTYPE_POINTOMULTIPOINT)
4189 p.prefix.s_addr = htonl(OSPF_ALLSPFROUTERS);
4190 else
4191 p.prefix.s_addr = htonl(OSPF_ALLDROUTERS);
4192
4193 if (oi->type == OSPF_IFTYPE_NBMA) {
4194 if (flag == OSPF_SEND_PACKET_INDIRECT)
4195 flog_warn(
4196 EC_OSPF_PACKET,
4197 "* LS-Update is directly sent on NBMA network.");
4198 if (IPV4_ADDR_SAME(&oi->address->u.prefix4, &p.prefix))
4199 flog_warn(EC_OSPF_PACKET,
4200 "* LS-Update is sent to myself.");
4201 }
4202
4203 rn = route_node_get(oi->ls_upd_queue, (struct prefix *)&p);
4204
4205 if (rn->info == NULL)
4206 rn->info = list_new();
4207 else
4208 route_unlock_node(rn);
4209
4210 for (ALL_LIST_ELEMENTS_RO(update, node, lsa))
4211 listnode_add(rn->info,
4212 ospf_lsa_lock(lsa)); /* oi->ls_upd_queue */
4213 if (send_lsupd_now) {
4214 struct list *send_update_list;
4215 struct route_node *rnext;
4216
4217 for (rn = route_top(oi->ls_upd_queue); rn; rn = rnext) {
4218 rnext = route_next(rn);
4219
4220 if (rn->info == NULL)
4221 continue;
4222
4223 send_update_list = (struct list *)rn->info;
4224
4225 ospf_ls_upd_queue_send(oi, send_update_list,
4226 rn->p.u.prefix4, 1);
4227 }
4228 } else
4229 thread_add_event(master, ospf_ls_upd_send_queue_event, oi, 0,
4230 &oi->t_ls_upd_event);
4231 }
4232
4233 static void ospf_ls_ack_send_list(struct ospf_interface *oi, struct list *ack,
4234 struct in_addr dst)
4235 {
4236 struct ospf_packet *op;
4237 uint16_t length = OSPF_HEADER_SIZE;
4238
4239 op = ospf_packet_new(oi->ifp->mtu);
4240
4241 /* Prepare OSPF common header. */
4242 ospf_make_header(OSPF_MSG_LS_ACK, oi, op->s);
4243
4244 /* Prepare OSPF Link State Acknowledgment body. */
4245 length += ospf_make_ls_ack(oi, ack, op->s);
4246
4247 /* Fill OSPF header. */
4248 ospf_fill_header(oi, op->s, length);
4249
4250 /* Set packet length. */
4251 op->length = length;
4252
4253 /* Decide destination address. */
4254 if (oi->type == OSPF_IFTYPE_POINTOPOINT)
4255 op->dst.s_addr = htonl(OSPF_ALLSPFROUTERS);
4256 else
4257 op->dst.s_addr = dst.s_addr;
4258
4259 /* Add packet to the interface output queue. */
4260 ospf_packet_add(oi, op);
4261
4262 /* Hook thread to write packet. */
4263 OSPF_ISM_WRITE_ON(oi->ospf);
4264 }
4265
4266 static int ospf_ls_ack_send_event(struct thread *thread)
4267 {
4268 struct ospf_interface *oi = THREAD_ARG(thread);
4269
4270 oi->t_ls_ack_direct = NULL;
4271
4272 while (listcount(oi->ls_ack_direct.ls_ack))
4273 ospf_ls_ack_send_list(oi, oi->ls_ack_direct.ls_ack,
4274 oi->ls_ack_direct.dst);
4275
4276 return 0;
4277 }
4278
4279 void ospf_ls_ack_send(struct ospf_neighbor *nbr, struct ospf_lsa *lsa)
4280 {
4281 struct ospf_interface *oi = nbr->oi;
4282
4283 if (listcount(oi->ls_ack_direct.ls_ack) == 0)
4284 oi->ls_ack_direct.dst = nbr->address.u.prefix4;
4285
4286 listnode_add(oi->ls_ack_direct.ls_ack, ospf_lsa_lock(lsa));
4287
4288 thread_add_event(master, ospf_ls_ack_send_event, oi, 0,
4289 &oi->t_ls_ack_direct);
4290 }
4291
4292 /* Send Link State Acknowledgment delayed. */
4293 void ospf_ls_ack_send_delayed(struct ospf_interface *oi)
4294 {
4295 struct in_addr dst;
4296
4297 /* Decide destination address. */
4298 /* RFC2328 Section 13.5 On non-broadcast
4299 networks, delayed Link State Acknowledgment packets must be
4300 unicast separately over each adjacency (i.e., neighbor whose
4301 state is >= Exchange). */
4302 if (oi->type == OSPF_IFTYPE_NBMA) {
4303 struct ospf_neighbor *nbr;
4304 struct route_node *rn;
4305
4306 for (rn = route_top(oi->nbrs); rn; rn = route_next(rn))
4307 if ((nbr = rn->info) != NULL)
4308 if (nbr != oi->nbr_self
4309 && nbr->state >= NSM_Exchange)
4310 while (listcount(oi->ls_ack))
4311 ospf_ls_ack_send_list(
4312 oi, oi->ls_ack,
4313 nbr->address.u.prefix4);
4314 return;
4315 }
4316 if (oi->type == OSPF_IFTYPE_VIRTUALLINK)
4317 dst.s_addr = oi->vl_data->peer_addr.s_addr;
4318 else if (oi->state == ISM_DR || oi->state == ISM_Backup)
4319 dst.s_addr = htonl(OSPF_ALLSPFROUTERS);
4320 else if (oi->type == OSPF_IFTYPE_POINTOPOINT)
4321 dst.s_addr = htonl(OSPF_ALLSPFROUTERS);
4322 else if (oi->type == OSPF_IFTYPE_POINTOMULTIPOINT)
4323 dst.s_addr = htonl(OSPF_ALLSPFROUTERS);
4324 else
4325 dst.s_addr = htonl(OSPF_ALLDROUTERS);
4326
4327 while (listcount(oi->ls_ack))
4328 ospf_ls_ack_send_list(oi, oi->ls_ack, dst);
4329 }
4330
4331 /*
4332 * On pt-to-pt links, all OSPF control packets are sent to the multicast
4333 * address. As a result, the kernel does not need to learn the interface
4334 * MAC of the OSPF neighbor. However, in our world, this will delay
4335 * convergence. Take the case when due to a link flap, all routes now
4336 * want to use an interface which was deemed to be costlier prior to this
4337 * event. For routes that will be installed, the missing MAC will have
4338 * punt-to-CPU set on them. This may overload the CPU control path that
4339 * can be avoided if the MAC was known apriori.
4340 */
4341 #define OSPF_PING_NBR_STR_MAX (BUFSIZ)
4342 void ospf_proactively_arp(struct ospf_neighbor *nbr)
4343 {
4344 char ping_nbr[OSPF_PING_NBR_STR_MAX];
4345 int ret;
4346
4347 if (!nbr)
4348 return;
4349
4350 snprintf(ping_nbr, sizeof(ping_nbr),
4351 "ping -c 1 -I %s %s > /dev/null 2>&1 &", nbr->oi->ifp->name,
4352 inet_ntoa(nbr->address.u.prefix4));
4353
4354 ret = system(ping_nbr);
4355 if (IS_DEBUG_OSPF_EVENT)
4356 zlog_debug("Executed %s %s", ping_nbr,
4357 ((ret == 0) ? "successfully" : "but failed"));
4358 }
FRRouting mirror