]> git.proxmox.com Git - mirror_frr.git/blob - ospfd/ospf_packet.c
projects / mirror_frr.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge pull request #12566 from Jafaral/lsa-op
[mirror_frr.git] / ospfd / ospf_packet.c
1 /*
2 * OSPF Sending and Receiving OSPF Packets.
3 * Copyright (C) 1999, 2000 Toshiaki Takada
4 *
5 * This file is part of GNU Zebra.
6 *
7 * GNU Zebra is free software; you can redistribute it and/or modify it
8 * under the terms of the GNU General Public License as published by the
9 * Free Software Foundation; either version 2, or (at your option) any
10 * later version.
11 *
12 * GNU Zebra is distributed in the hope that it will be useful, but
13 * WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15 * General Public License for more details.
16 *
17 * You should have received a copy of the GNU General Public License along
18 * with this program; see the file COPYING; if not, write to the Free Software
19 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
20 */
21
22 #include <zebra.h>
23
24 #include "monotime.h"
25 #include "thread.h"
26 #include "memory.h"
27 #include "linklist.h"
28 #include "prefix.h"
29 #include "if.h"
30 #include "table.h"
31 #include "sockunion.h"
32 #include "stream.h"
33 #include "log.h"
34 #include "sockopt.h"
35 #include "checksum.h"
36 #ifdef CRYPTO_INTERNAL
37 #include "md5.h"
38 #endif
39 #include "vrf.h"
40 #include "lib_errors.h"
41
42 #include "ospfd/ospfd.h"
43 #include "ospfd/ospf_network.h"
44 #include "ospfd/ospf_interface.h"
45 #include "ospfd/ospf_ism.h"
46 #include "ospfd/ospf_asbr.h"
47 #include "ospfd/ospf_lsa.h"
48 #include "ospfd/ospf_lsdb.h"
49 #include "ospfd/ospf_neighbor.h"
50 #include "ospfd/ospf_nsm.h"
51 #include "ospfd/ospf_packet.h"
52 #include "ospfd/ospf_spf.h"
53 #include "ospfd/ospf_flood.h"
54 #include "ospfd/ospf_dump.h"
55 #include "ospfd/ospf_errors.h"
56 #include "ospfd/ospf_zebra.h"
57 #include "ospfd/ospf_gr.h"
58
59 /*
60 * OSPF Fragmentation / fragmented writes
61 *
62 * ospfd can support writing fragmented packets, for cases where
63 * kernel will not fragment IP_HDRINCL and/or multicast destined
64 * packets (ie TTBOMK all kernels, BSD, SunOS, Linux). However,
65 * SunOS, probably BSD too, clobber the user supplied IP ID and IP
66 * flags fields, hence user-space fragmentation will not work.
67 * Only Linux is known to leave IP header unmolested.
68 * Further, fragmentation really should be done the kernel, which already
69 * supports it, and which avoids nasty IP ID state problems.
70 *
71 * Fragmentation of OSPF packets can be required on networks with router
72 * with many many interfaces active in one area, or on networks with links
73 * with low MTUs.
74 */
75 #ifdef GNU_LINUX
76 #define WANT_OSPF_WRITE_FRAGMENT
77 #endif
78
79 /* Packet Type String. */
80 const struct message ospf_packet_type_str[] = {
81 {OSPF_MSG_HELLO, "Hello"},
82 {OSPF_MSG_DB_DESC, "Database Description"},
83 {OSPF_MSG_LS_REQ, "Link State Request"},
84 {OSPF_MSG_LS_UPD, "Link State Update"},
85 {OSPF_MSG_LS_ACK, "Link State Acknowledgment"},
86 {0}};
87
88 /* Minimum (besides OSPF_HEADER_SIZE) lengths for OSPF packets of
89 particular types, offset is the "type" field of a packet. */
90 static const uint16_t ospf_packet_minlen[] = {
91 0,
92 OSPF_HELLO_MIN_SIZE,
93 OSPF_DB_DESC_MIN_SIZE,
94 OSPF_LS_REQ_MIN_SIZE,
95 OSPF_LS_UPD_MIN_SIZE,
96 OSPF_LS_ACK_MIN_SIZE,
97 };
98
99 /* Minimum (besides OSPF_LSA_HEADER_SIZE) lengths for LSAs of particular
100 types, offset is the "LSA type" field. */
101 static const uint16_t ospf_lsa_minlen[] = {
102 0, /* OSPF_UNKNOWN_LSA */
103 OSPF_ROUTER_LSA_MIN_SIZE, /* OSPF_ROUTER_LSA */
104 OSPF_NETWORK_LSA_MIN_SIZE, /* OSPF_NETWORK_LSA */
105 OSPF_SUMMARY_LSA_MIN_SIZE, /* OSPF_SUMMARY_LSA */
106 OSPF_SUMMARY_LSA_MIN_SIZE, /* OSPF_ASBR_SUMMARY_LSA */
107 OSPF_AS_EXTERNAL_LSA_MIN_SIZE, /* OSPF_AS_EXTERNAL_LSA */
108 0, /* Unsupported, OSPF_GROUP_MEMBER_LSA */
109 OSPF_AS_EXTERNAL_LSA_MIN_SIZE, /* OSPF_AS_NSSA_LSA */
110 0, /* Unsupported, OSPF_EXTERNAL_ATTRIBURES_LSA */
111 OSPF_OPAQUE_LSA_MIN_SIZE, /* OSPF_OPAQUE_LINK_LSA */
112 OSPF_OPAQUE_LSA_MIN_SIZE, /* OSPF_OPAQUE_AREA_LSA */
113 OSPF_OPAQUE_LSA_MIN_SIZE, /* OSPF_OPAQUE_AS_LSA */
114 };
115
116 /* for ospf_check_auth() */
117 static int ospf_check_sum(struct ospf_header *);
118
119 /* OSPF authentication checking function */
120 static int ospf_auth_type(struct ospf_interface *oi)
121 {
122 int auth_type;
123
124 if (OSPF_IF_PARAM(oi, auth_type) == OSPF_AUTH_NOTSET)
125 auth_type = oi->area->auth_type;
126 else
127 auth_type = OSPF_IF_PARAM(oi, auth_type);
128
129 /* Handle case where MD5 key list is not configured aka Cisco */
130 if (auth_type == OSPF_AUTH_CRYPTOGRAPHIC
131 && list_isempty(OSPF_IF_PARAM(oi, auth_crypt)))
132 return OSPF_AUTH_NULL;
133
134 return auth_type;
135 }
136
137 static struct ospf_packet *ospf_packet_new(size_t size)
138 {
139 struct ospf_packet *new;
140
141 new = XCALLOC(MTYPE_OSPF_PACKET, sizeof(struct ospf_packet));
142 new->s = stream_new(size);
143
144 return new;
145 }
146
147 void ospf_packet_free(struct ospf_packet *op)
148 {
149 if (op->s)
150 stream_free(op->s);
151
152 XFREE(MTYPE_OSPF_PACKET, op);
153 }
154
155 struct ospf_fifo *ospf_fifo_new(void)
156 {
157 struct ospf_fifo *new;
158
159 new = XCALLOC(MTYPE_OSPF_FIFO, sizeof(struct ospf_fifo));
160 return new;
161 }
162
163 /* Add new packet to fifo. */
164 void ospf_fifo_push(struct ospf_fifo *fifo, struct ospf_packet *op)
165 {
166 if (fifo->tail)
167 fifo->tail->next = op;
168 else
169 fifo->head = op;
170
171 fifo->tail = op;
172
173 fifo->count++;
174 }
175
176 /* Add new packet to head of fifo. */
177 static void ospf_fifo_push_head(struct ospf_fifo *fifo, struct ospf_packet *op)
178 {
179 op->next = fifo->head;
180
181 if (fifo->tail == NULL)
182 fifo->tail = op;
183
184 fifo->head = op;
185
186 fifo->count++;
187 }
188
189 /* Delete first packet from fifo. */
190 struct ospf_packet *ospf_fifo_pop(struct ospf_fifo *fifo)
191 {
192 struct ospf_packet *op;
193
194 op = fifo->head;
195
196 if (op) {
197 fifo->head = op->next;
198
199 if (fifo->head == NULL)
200 fifo->tail = NULL;
201
202 fifo->count--;
203 }
204
205 return op;
206 }
207
208 /* Return first fifo entry. */
209 struct ospf_packet *ospf_fifo_head(struct ospf_fifo *fifo)
210 {
211 return fifo->head;
212 }
213
214 /* Flush ospf packet fifo. */
215 void ospf_fifo_flush(struct ospf_fifo *fifo)
216 {
217 struct ospf_packet *op;
218 struct ospf_packet *next;
219
220 for (op = fifo->head; op; op = next) {
221 next = op->next;
222 ospf_packet_free(op);
223 }
224 fifo->head = fifo->tail = NULL;
225 fifo->count = 0;
226 }
227
228 /* Free ospf packet fifo. */
229 void ospf_fifo_free(struct ospf_fifo *fifo)
230 {
231 ospf_fifo_flush(fifo);
232
233 XFREE(MTYPE_OSPF_FIFO, fifo);
234 }
235
236 static void ospf_packet_add(struct ospf_interface *oi, struct ospf_packet *op)
237 {
238 /* Add packet to end of queue. */
239 ospf_fifo_push(oi->obuf, op);
240
241 /* Debug of packet fifo*/
242 /* ospf_fifo_debug (oi->obuf); */
243 }
244
245 static void ospf_packet_add_top(struct ospf_interface *oi,
246 struct ospf_packet *op)
247 {
248 /* Add packet to head of queue. */
249 ospf_fifo_push_head(oi->obuf, op);
250
251 /* Debug of packet fifo*/
252 /* ospf_fifo_debug (oi->obuf); */
253 }
254
255 static void ospf_packet_delete(struct ospf_interface *oi)
256 {
257 struct ospf_packet *op;
258
259 op = ospf_fifo_pop(oi->obuf);
260
261 if (op)
262 ospf_packet_free(op);
263 }
264
265 static struct ospf_packet *ospf_packet_dup(struct ospf_packet *op)
266 {
267 struct ospf_packet *new;
268
269 if (stream_get_endp(op->s) != op->length)
270 /* XXX size_t */
271 zlog_debug(
272 "ospf_packet_dup stream %lu ospf_packet %u size mismatch",
273 (unsigned long)STREAM_SIZE(op->s), op->length);
274
275 /* Reserve space for MD5 authentication that may be added later. */
276 new = ospf_packet_new(stream_get_endp(op->s) + OSPF_AUTH_MD5_SIZE);
277 stream_copy(new->s, op->s);
278
279 new->dst = op->dst;
280 new->length = op->length;
281
282 return new;
283 }
284
285 /* XXX inline */
286 static unsigned int ospf_packet_authspace(struct ospf_interface *oi)
287 {
288 int auth = 0;
289
290 if (ospf_auth_type(oi) == OSPF_AUTH_CRYPTOGRAPHIC)
291 auth = OSPF_AUTH_MD5_SIZE;
292
293 return auth;
294 }
295
296 static unsigned int ospf_packet_max(struct ospf_interface *oi)
297 {
298 int max;
299
300 max = oi->ifp->mtu - ospf_packet_authspace(oi);
301
302 max -= (OSPF_HEADER_SIZE + sizeof(struct ip));
303
304 return max;
305 }
306
307
308 static int ospf_check_md5_digest(struct ospf_interface *oi,
309 struct ospf_header *ospfh)
310 {
311 #ifdef CRYPTO_OPENSSL
312 EVP_MD_CTX *ctx;
313 #elif CRYPTO_INTERNAL
314 MD5_CTX ctx;
315 #endif
316 unsigned char digest[OSPF_AUTH_MD5_SIZE];
317 struct crypt_key *ck;
318 struct ospf_neighbor *nbr;
319 uint16_t length = ntohs(ospfh->length);
320
321 /* Get secret key. */
322 ck = ospf_crypt_key_lookup(OSPF_IF_PARAM(oi, auth_crypt),
323 ospfh->u.crypt.key_id);
324 if (ck == NULL) {
325 flog_warn(EC_OSPF_MD5, "interface %s: ospf_check_md5 no key %d",
326 IF_NAME(oi), ospfh->u.crypt.key_id);
327 return 0;
328 }
329
330 /* check crypto seqnum. */
331 nbr = ospf_nbr_lookup_by_routerid(oi->nbrs, &ospfh->router_id);
332
333 if (nbr
334 && ntohl(nbr->crypt_seqnum) > ntohl(ospfh->u.crypt.crypt_seqnum)) {
335 flog_warn(
336 EC_OSPF_MD5,
337 "interface %s: ospf_check_md5 bad sequence %d (expect %d)",
338 IF_NAME(oi), ntohl(ospfh->u.crypt.crypt_seqnum),
339 ntohl(nbr->crypt_seqnum));
340 return 0;
341 }
342
343 /* Generate a digest for the ospf packet - their digest + our digest. */
344 #ifdef CRYPTO_OPENSSL
345 unsigned int md5_size = OSPF_AUTH_MD5_SIZE;
346 ctx = EVP_MD_CTX_new();
347 EVP_DigestInit(ctx, EVP_md5());
348 EVP_DigestUpdate(ctx, ospfh, length);
349 EVP_DigestUpdate(ctx, ck->auth_key, OSPF_AUTH_MD5_SIZE);
350 EVP_DigestFinal(ctx, digest, &md5_size);
351 EVP_MD_CTX_free(ctx);
352 #elif CRYPTO_INTERNAL
353 memset(&ctx, 0, sizeof(ctx));
354 MD5Init(&ctx);
355 MD5Update(&ctx, ospfh, length);
356 MD5Update(&ctx, ck->auth_key, OSPF_AUTH_MD5_SIZE);
357 MD5Final(digest, &ctx);
358 #endif
359
360 /* compare the two */
361 if (memcmp((caddr_t)ospfh + length, digest, OSPF_AUTH_MD5_SIZE)) {
362 flog_warn(EC_OSPF_MD5,
363 "interface %s: ospf_check_md5 checksum mismatch",
364 IF_NAME(oi));
365 return 0;
366 }
367
368 /* save neighbor's crypt_seqnum */
369 if (nbr)
370 nbr->crypt_seqnum = ospfh->u.crypt.crypt_seqnum;
371 return 1;
372 }
373
374 /* This function is called from ospf_write(), it will detect the
375 authentication scheme and if it is MD5, it will change the sequence
376 and update the MD5 digest. */
377 static int ospf_make_md5_digest(struct ospf_interface *oi,
378 struct ospf_packet *op)
379 {
380 struct ospf_header *ospfh;
381 unsigned char digest[OSPF_AUTH_MD5_SIZE] = {0};
382 #ifdef CRYPTO_OPENSSL
383 EVP_MD_CTX *ctx;
384 #elif CRYPTO_INTERNAL
385 MD5_CTX ctx;
386 #endif
387 void *ibuf;
388 uint32_t t;
389 struct crypt_key *ck;
390 const uint8_t *auth_key;
391
392 ibuf = STREAM_DATA(op->s);
393 ospfh = (struct ospf_header *)ibuf;
394
395 if (ntohs(ospfh->auth_type) != OSPF_AUTH_CRYPTOGRAPHIC)
396 return 0;
397
398 /* We do this here so when we dup a packet, we don't have to
399 waste CPU rewriting other headers.
400
401 Note that frr_time /deliberately/ is not used here */
402 t = (time(NULL) & 0xFFFFFFFF);
403 if (t > oi->crypt_seqnum)
404 oi->crypt_seqnum = t;
405 else
406 oi->crypt_seqnum++;
407
408 ospfh->u.crypt.crypt_seqnum = htonl(oi->crypt_seqnum);
409
410 /* Get MD5 Authentication key from auth_key list. */
411 if (list_isempty(OSPF_IF_PARAM(oi, auth_crypt)))
412 auth_key = (const uint8_t *)digest;
413 else {
414 ck = listgetdata(listtail(OSPF_IF_PARAM(oi, auth_crypt)));
415 auth_key = ck->auth_key;
416 }
417
418 /* Generate a digest for the entire packet + our secret key. */
419 #ifdef CRYPTO_OPENSSL
420 unsigned int md5_size = OSPF_AUTH_MD5_SIZE;
421 ctx = EVP_MD_CTX_new();
422 EVP_DigestInit(ctx, EVP_md5());
423 EVP_DigestUpdate(ctx, ibuf, ntohs(ospfh->length));
424 EVP_DigestUpdate(ctx, auth_key, OSPF_AUTH_MD5_SIZE);
425 EVP_DigestFinal(ctx, digest, &md5_size);
426 EVP_MD_CTX_free(ctx);
427 #elif CRYPTO_INTERNAL
428 memset(&ctx, 0, sizeof(ctx));
429 MD5Init(&ctx);
430 MD5Update(&ctx, ibuf, ntohs(ospfh->length));
431 MD5Update(&ctx, auth_key, OSPF_AUTH_MD5_SIZE);
432 MD5Final(digest, &ctx);
433 #endif
434
435 /* Append md5 digest to the end of the stream. */
436 stream_put(op->s, digest, OSPF_AUTH_MD5_SIZE);
437
438 /* We do *NOT* increment the OSPF header length. */
439 op->length = ntohs(ospfh->length) + OSPF_AUTH_MD5_SIZE;
440
441 if (stream_get_endp(op->s) != op->length)
442 /* XXX size_t */
443 flog_warn(EC_OSPF_MD5,
444 "%s: length mismatch stream %lu ospf_packet %u",
445 __func__, (unsigned long)stream_get_endp(op->s),
446 op->length);
447
448 return OSPF_AUTH_MD5_SIZE;
449 }
450
451
452 static void ospf_ls_req_timer(struct thread *thread)
453 {
454 struct ospf_neighbor *nbr;
455
456 nbr = THREAD_ARG(thread);
457 nbr->t_ls_req = NULL;
458
459 /* Send Link State Request. */
460 if (ospf_ls_request_count(nbr))
461 ospf_ls_req_send(nbr);
462
463 /* Set Link State Request retransmission timer. */
464 OSPF_NSM_TIMER_ON(nbr->t_ls_req, ospf_ls_req_timer, nbr->v_ls_req);
465 }
466
467 void ospf_ls_req_event(struct ospf_neighbor *nbr)
468 {
469 THREAD_OFF(nbr->t_ls_req);
470 thread_add_event(master, ospf_ls_req_timer, nbr, 0, &nbr->t_ls_req);
471 }
472
473 /* Cyclic timer function. Fist registered in ospf_nbr_new () in
474 ospf_neighbor.c */
475 void ospf_ls_upd_timer(struct thread *thread)
476 {
477 struct ospf_neighbor *nbr;
478
479 nbr = THREAD_ARG(thread);
480 nbr->t_ls_upd = NULL;
481
482 /* Send Link State Update. */
483 if (ospf_ls_retransmit_count(nbr) > 0) {
484 struct list *update;
485 struct ospf_lsdb *lsdb;
486 int i;
487 int retransmit_interval;
488
489 retransmit_interval =
490 OSPF_IF_PARAM(nbr->oi, retransmit_interval);
491
492 lsdb = &nbr->ls_rxmt;
493 update = list_new();
494
495 for (i = OSPF_MIN_LSA; i < OSPF_MAX_LSA; i++) {
496 struct route_table *table = lsdb->type[i].db;
497 struct route_node *rn;
498
499 for (rn = route_top(table); rn; rn = route_next(rn)) {
500 struct ospf_lsa *lsa;
501
502 if ((lsa = rn->info) != NULL) {
503 /* Don't retransmit an LSA if we
504 received it within
505 the last RxmtInterval seconds - this
506 is to allow the
507 neighbour a chance to acknowledge the
508 LSA as it may
509 have ben just received before the
510 retransmit timer
511 fired. This is a small tweak to what
512 is in the RFC,
513 but it will cut out out a lot of
514 retransmit traffic
515 - MAG */
516 if (monotime_since(&lsa->tv_recv, NULL)
517 >= retransmit_interval * 1000000LL)
518 listnode_add(update, rn->info);
519 }
520 }
521 }
522
523 if (listcount(update) > 0)
524 ospf_ls_upd_send(nbr, update, OSPF_SEND_PACKET_DIRECT,
525 0);
526 list_delete(&update);
527 }
528
529 /* Set LS Update retransmission timer. */
530 OSPF_NSM_TIMER_ON(nbr->t_ls_upd, ospf_ls_upd_timer, nbr->v_ls_upd);
531 }
532
533 void ospf_ls_ack_timer(struct thread *thread)
534 {
535 struct ospf_interface *oi;
536
537 oi = THREAD_ARG(thread);
538 oi->t_ls_ack = NULL;
539
540 /* Send Link State Acknowledgment. */
541 if (listcount(oi->ls_ack) > 0)
542 ospf_ls_ack_send_delayed(oi);
543
544 /* Set LS Ack timer. */
545 OSPF_ISM_TIMER_ON(oi->t_ls_ack, ospf_ls_ack_timer, oi->v_ls_ack);
546 }
547
548 #ifdef WANT_OSPF_WRITE_FRAGMENT
549 static void ospf_write_frags(int fd, struct ospf_packet *op, struct ip *iph,
550 struct msghdr *msg, unsigned int maxdatasize,
551 unsigned int mtu, int flags, uint8_t type)
552 {
553 #define OSPF_WRITE_FRAG_SHIFT 3
554 uint16_t offset;
555 struct iovec *iovp;
556 int ret;
557
558 assert(op->length == stream_get_endp(op->s));
559 assert(msg->msg_iovlen == 2);
560
561 /* we can but try.
562 *
563 * SunOS, BSD and BSD derived kernels likely will clear ip_id, as
564 * well as the IP_MF flag, making this all quite pointless.
565 *
566 * However, for a system on which IP_MF is left alone, and ip_id left
567 * alone or else which sets same ip_id for each fragment this might
568 * work, eg linux.
569 *
570 * XXX-TODO: It would be much nicer to have the kernel's use their
571 * existing fragmentation support to do this for us. Bugs/RFEs need to
572 * be raised against the various kernels.
573 */
574
575 /* set More Frag */
576 iph->ip_off |= IP_MF;
577
578 /* ip frag offset is expressed in units of 8byte words */
579 offset = maxdatasize >> OSPF_WRITE_FRAG_SHIFT;
580
581 iovp = &msg->msg_iov[1];
582
583 while ((stream_get_endp(op->s) - stream_get_getp(op->s))
584 > maxdatasize) {
585 /* data length of this frag is to next offset value */
586 iovp->iov_len = offset << OSPF_WRITE_FRAG_SHIFT;
587 iph->ip_len = iovp->iov_len + sizeof(struct ip);
588 assert(iph->ip_len <= mtu);
589
590 sockopt_iphdrincl_swab_htosys(iph);
591
592 ret = sendmsg(fd, msg, flags);
593
594 sockopt_iphdrincl_swab_systoh(iph);
595
596 if (ret < 0)
597 flog_err(
598 EC_LIB_SOCKET,
599 "*** %s: sendmsg failed to %pI4, id %d, off %d, len %d, mtu %u failed with %s",
600 __func__, &iph->ip_dst, iph->ip_id, iph->ip_off,
601 iph->ip_len, mtu, safe_strerror(errno));
602
603 if (IS_DEBUG_OSPF_PACKET(type - 1, SEND)) {
604 zlog_debug("%s: sent id %d, off %d, len %d to %pI4",
605 __func__, iph->ip_id, iph->ip_off,
606 iph->ip_len, &iph->ip_dst);
607 }
608
609 iph->ip_off += offset;
610 stream_forward_getp(op->s, iovp->iov_len);
611 iovp->iov_base = stream_pnt(op->s);
612 }
613
614 /* setup for final fragment */
615 iovp->iov_len = stream_get_endp(op->s) - stream_get_getp(op->s);
616 iph->ip_len = iovp->iov_len + sizeof(struct ip);
617 iph->ip_off &= (~IP_MF);
618 }
619 #endif /* WANT_OSPF_WRITE_FRAGMENT */
620
621 static void ospf_write(struct thread *thread)
622 {
623 struct ospf *ospf = THREAD_ARG(thread);
624 struct ospf_interface *oi;
625 struct ospf_packet *op;
626 struct sockaddr_in sa_dst;
627 struct ip iph;
628 struct msghdr msg;
629 struct iovec iov[2];
630 uint8_t type;
631 int ret;
632 int flags = 0;
633 struct listnode *node;
634 #ifdef WANT_OSPF_WRITE_FRAGMENT
635 static uint16_t ipid = 0;
636 uint16_t maxdatasize;
637 #endif /* WANT_OSPF_WRITE_FRAGMENT */
638 #define OSPF_WRITE_IPHL_SHIFT 2
639 int pkt_count = 0;
640
641 #ifdef GNU_LINUX
642 unsigned char cmsgbuf[64] = {};
643 struct cmsghdr *cm = (struct cmsghdr *)cmsgbuf;
644 struct in_pktinfo *pi;
645 #endif
646
647 if (ospf->fd < 0 || ospf->oi_running == 0) {
648 if (IS_DEBUG_OSPF_EVENT)
649 zlog_debug("%s failed to send, fd %d, instance %u",
650 __func__, ospf->fd, ospf->oi_running);
651 return;
652 }
653
654 node = listhead(ospf->oi_write_q);
655 assert(node);
656 oi = listgetdata(node);
657
658 #ifdef WANT_OSPF_WRITE_FRAGMENT
659 /* seed ipid static with low order bits of time */
660 if (ipid == 0)
661 ipid = (time(NULL) & 0xffff);
662 #endif /* WANT_OSPF_WRITE_FRAGMENT */
663
664 while ((pkt_count < ospf->write_oi_count) && oi) {
665 pkt_count++;
666 #ifdef WANT_OSPF_WRITE_FRAGMENT
667 /* convenience - max OSPF data per packet */
668 maxdatasize = oi->ifp->mtu - sizeof(struct ip);
669 #endif /* WANT_OSPF_WRITE_FRAGMENT */
670 /* Get one packet from queue. */
671 op = ospf_fifo_head(oi->obuf);
672 assert(op);
673 assert(op->length >= OSPF_HEADER_SIZE);
674
675 if (op->dst.s_addr == htonl(OSPF_ALLSPFROUTERS)
676 || op->dst.s_addr == htonl(OSPF_ALLDROUTERS))
677 ospf_if_ipmulticast(ospf, oi->address,
678 oi->ifp->ifindex);
679
680 /* Rewrite the md5 signature & update the seq */
681 ospf_make_md5_digest(oi, op);
682
683 /* Retrieve OSPF packet type. */
684 stream_set_getp(op->s, 1);
685 type = stream_getc(op->s);
686
687 /* reset get pointer */
688 stream_set_getp(op->s, 0);
689
690 memset(&iph, 0, sizeof(iph));
691 memset(&sa_dst, 0, sizeof(sa_dst));
692
693 sa_dst.sin_family = AF_INET;
694 #ifdef HAVE_STRUCT_SOCKADDR_IN_SIN_LEN
695 sa_dst.sin_len = sizeof(sa_dst);
696 #endif /* HAVE_STRUCT_SOCKADDR_IN_SIN_LEN */
697 sa_dst.sin_addr = op->dst;
698 sa_dst.sin_port = htons(0);
699
700 /* Set DONTROUTE flag if dst is unicast. */
701 if (oi->type != OSPF_IFTYPE_VIRTUALLINK)
702 if (!IN_MULTICAST(htonl(op->dst.s_addr)))
703 flags = MSG_DONTROUTE;
704
705 iph.ip_hl = sizeof(struct ip) >> OSPF_WRITE_IPHL_SHIFT;
706 /* it'd be very strange for header to not be 4byte-word aligned
707 * but.. */
708 if (sizeof(struct ip)
709 > (unsigned int)(iph.ip_hl << OSPF_WRITE_IPHL_SHIFT))
710 iph.ip_hl++; /* we presume sizeof(struct ip) cant
711 overflow ip_hl.. */
712
713 iph.ip_v = IPVERSION;
714 iph.ip_tos = IPTOS_PREC_INTERNETCONTROL;
715 iph.ip_len = (iph.ip_hl << OSPF_WRITE_IPHL_SHIFT) + op->length;
716
717 #if defined(__DragonFly__)
718 /*
719 * DragonFly's raw socket expects ip_len/ip_off in network byte
720 * order.
721 */
722 iph.ip_len = htons(iph.ip_len);
723 #endif
724
725 #ifdef WANT_OSPF_WRITE_FRAGMENT
726 /* XXX-MT: not thread-safe at all..
727 * XXX: this presumes this is only programme sending OSPF
728 * packets
729 * otherwise, no guarantee ipid will be unique
730 */
731 iph.ip_id = ++ipid;
732 #endif /* WANT_OSPF_WRITE_FRAGMENT */
733
734 iph.ip_off = 0;
735 if (oi->type == OSPF_IFTYPE_VIRTUALLINK)
736 iph.ip_ttl = OSPF_VL_IP_TTL;
737 else
738 iph.ip_ttl = OSPF_IP_TTL;
739 iph.ip_p = IPPROTO_OSPFIGP;
740 iph.ip_sum = 0;
741 iph.ip_src.s_addr = oi->address->u.prefix4.s_addr;
742 iph.ip_dst.s_addr = op->dst.s_addr;
743
744 memset(&msg, 0, sizeof(msg));
745 msg.msg_name = (caddr_t)&sa_dst;
746 msg.msg_namelen = sizeof(sa_dst);
747 msg.msg_iov = iov;
748 msg.msg_iovlen = 2;
749
750 iov[0].iov_base = (char *)&iph;
751 iov[0].iov_len = iph.ip_hl << OSPF_WRITE_IPHL_SHIFT;
752 iov[1].iov_base = stream_pnt(op->s);
753 iov[1].iov_len = op->length;
754
755 #ifdef GNU_LINUX
756 msg.msg_control = (caddr_t)cm;
757 cm->cmsg_level = SOL_IP;
758 cm->cmsg_type = IP_PKTINFO;
759 cm->cmsg_len = CMSG_LEN(sizeof(struct in_pktinfo));
760 pi = (struct in_pktinfo *)CMSG_DATA(cm);
761 pi->ipi_ifindex = oi->ifp->ifindex;
762
763 msg.msg_controllen = cm->cmsg_len;
764 #endif
765
766 /* Sadly we can not rely on kernels to fragment packets
767 * because of either IP_HDRINCL and/or multicast
768 * destination being set.
769 */
770
771 #ifdef WANT_OSPF_WRITE_FRAGMENT
772 if (op->length > maxdatasize)
773 ospf_write_frags(ospf->fd, op, &iph, &msg, maxdatasize,
774 oi->ifp->mtu, flags, type);
775 #endif /* WANT_OSPF_WRITE_FRAGMENT */
776
777 /* send final fragment (could be first) */
778 sockopt_iphdrincl_swab_htosys(&iph);
779 ret = sendmsg(ospf->fd, &msg, flags);
780 sockopt_iphdrincl_swab_systoh(&iph);
781 if (IS_DEBUG_OSPF_EVENT)
782 zlog_debug(
783 "%s to %pI4, id %d, off %d, len %d, interface %s, mtu %u:",
784 __func__, &iph.ip_dst, iph.ip_id, iph.ip_off,
785 iph.ip_len, oi->ifp->name, oi->ifp->mtu);
786
787 /* sendmsg will return EPERM if firewall is blocking sending.
788 * This is a normal situation when 'ip nhrp map multicast xxx'
789 * is being used to send multicast packets to DMVPN peers. In
790 * that case the original message is blocked with iptables rule
791 * causing the EPERM result
792 */
793 if (ret < 0 && errno != EPERM)
794 flog_err(
795 EC_LIB_SOCKET,
796 "*** sendmsg in %s failed to %pI4, id %d, off %d, len %d, interface %s, mtu %u: %s",
797 __func__, &iph.ip_dst, iph.ip_id, iph.ip_off,
798 iph.ip_len, oi->ifp->name, oi->ifp->mtu,
799 safe_strerror(errno));
800
801 /* Show debug sending packet. */
802 if (IS_DEBUG_OSPF_PACKET(type - 1, SEND)) {
803 if (IS_DEBUG_OSPF_PACKET(type - 1, DETAIL)) {
804 zlog_debug(
805 "-----------------------------------------------------");
806 stream_set_getp(op->s, 0);
807 ospf_packet_dump(op->s);
808 }
809
810 zlog_debug("%s sent to [%pI4] via [%s].",
811 lookup_msg(ospf_packet_type_str, type, NULL),
812 &op->dst, IF_NAME(oi));
813
814 if (IS_DEBUG_OSPF_PACKET(type - 1, DETAIL))
815 zlog_debug(
816 "-----------------------------------------------------");
817 }
818
819 switch (type) {
820 case OSPF_MSG_HELLO:
821 oi->hello_out++;
822 break;
823 case OSPF_MSG_DB_DESC:
824 oi->db_desc_out++;
825 break;
826 case OSPF_MSG_LS_REQ:
827 oi->ls_req_out++;
828 break;
829 case OSPF_MSG_LS_UPD:
830 oi->ls_upd_out++;
831 break;
832 case OSPF_MSG_LS_ACK:
833 oi->ls_ack_out++;
834 break;
835 default:
836 break;
837 }
838
839 /* Now delete packet from queue. */
840 ospf_packet_delete(oi);
841
842 /* Move this interface to the tail of write_q to
843 serve everyone in a round robin fashion */
844 list_delete_node(ospf->oi_write_q, node);
845 if (ospf_fifo_head(oi->obuf) == NULL) {
846 oi->on_write_q = 0;
847 oi = NULL;
848 } else
849 listnode_add(ospf->oi_write_q, oi);
850
851 /* Setup to service from the head of the queue again */
852 if (!list_isempty(ospf->oi_write_q)) {
853 node = listhead(ospf->oi_write_q);
854 oi = listgetdata(node);
855 }
856 }
857
858 /* If packets still remain in queue, call write thread. */
859 if (!list_isempty(ospf->oi_write_q))
860 thread_add_write(master, ospf_write, ospf, ospf->fd,
861 &ospf->t_write);
862 }
863
864 /* OSPF Hello message read -- RFC2328 Section 10.5. */
865 static void ospf_hello(struct ip *iph, struct ospf_header *ospfh,
866 struct stream *s, struct ospf_interface *oi, int size)
867 {
868 struct ospf_hello *hello;
869 struct ospf_neighbor *nbr;
870 int old_state;
871 struct prefix p;
872
873 /* increment statistics. */
874 oi->hello_in++;
875
876 hello = (struct ospf_hello *)stream_pnt(s);
877
878 /* If Hello is myself, silently discard. */
879 if (IPV4_ADDR_SAME(&ospfh->router_id, &oi->ospf->router_id)) {
880 if (IS_DEBUG_OSPF_PACKET(ospfh->type - 1, RECV)) {
881 zlog_debug(
882 "ospf_header[%s/%pI4]: selforiginated, dropping.",
883 lookup_msg(ospf_packet_type_str, ospfh->type,
884 NULL),
885 &iph->ip_src);
886 }
887 return;
888 }
889
890 /* get neighbor prefix. */
891 p.family = AF_INET;
892 p.prefixlen = ip_masklen(hello->network_mask);
893 p.u.prefix4 = iph->ip_src;
894
895 /* Compare network mask. */
896 /* Checking is ignored for Point-to-Point and Virtual link. */
897 /* Checking is also ignored for Point-to-Multipoint with /32 prefix */
898 if (oi->type != OSPF_IFTYPE_POINTOPOINT
899 && oi->type != OSPF_IFTYPE_VIRTUALLINK
900 && !(oi->type == OSPF_IFTYPE_POINTOMULTIPOINT
901 && oi->address->prefixlen == IPV4_MAX_BITLEN))
902 if (oi->address->prefixlen != p.prefixlen) {
903 flog_warn(
904 EC_OSPF_PACKET,
905 "Packet %pI4 [Hello:RECV]: NetworkMask mismatch on %s (configured prefix length is %d, but hello packet indicates %d).",
906 &ospfh->router_id, IF_NAME(oi),
907 (int)oi->address->prefixlen, (int)p.prefixlen);
908 return;
909 }
910
911 /* Compare Router Dead Interval. */
912 if (OSPF_IF_PARAM(oi, v_wait) != ntohl(hello->dead_interval)) {
913 flog_warn(EC_OSPF_PACKET,
914 "Packet %pI4 [Hello:RECV]: RouterDeadInterval mismatch (expected %u, but received %u).",
915 &ospfh->router_id,
916 OSPF_IF_PARAM(oi, v_wait),
917 ntohl(hello->dead_interval));
918 return;
919 }
920
921 /* Compare Hello Interval - ignored if fast-hellos are set. */
922 if (OSPF_IF_PARAM(oi, fast_hello) == 0) {
923 if (OSPF_IF_PARAM(oi, v_hello)
924 != ntohs(hello->hello_interval)) {
925 flog_warn(
926 EC_OSPF_PACKET,
927 "Packet %pI4 [Hello:RECV]: HelloInterval mismatch (expected %u, but received %u).",
928 &ospfh->router_id,
929 OSPF_IF_PARAM(oi, v_hello),
930 ntohs(hello->hello_interval));
931 return;
932 }
933 }
934
935 if (IS_DEBUG_OSPF_EVENT)
936 zlog_debug("Packet %pI4 [Hello:RECV]: Options %s vrf %s",
937 &ospfh->router_id,
938 ospf_options_dump(hello->options),
939 ospf_vrf_id_to_name(oi->ospf->vrf_id));
940
941 /* Compare options. */
942 #define REJECT_IF_TBIT_ON 1 /* XXX */
943 #ifdef REJECT_IF_TBIT_ON
944 if (CHECK_FLAG(hello->options, OSPF_OPTION_MT)) {
945 /*
946 * This router does not support non-zero TOS.
947 * Drop this Hello packet not to establish neighbor
948 * relationship.
949 */
950 flog_warn(EC_OSPF_PACKET,
951 "Packet %pI4 [Hello:RECV]: T-bit on, drop it.",
952 &ospfh->router_id);
953 return;
954 }
955 #endif /* REJECT_IF_TBIT_ON */
956
957 if (CHECK_FLAG(oi->ospf->config, OSPF_OPAQUE_CAPABLE)
958 && CHECK_FLAG(hello->options, OSPF_OPTION_O)) {
959 /*
960 * This router does know the correct usage of O-bit
961 * the bit should be set in DD packet only.
962 */
963 flog_warn(EC_OSPF_PACKET,
964 "Packet %pI4 [Hello:RECV]: O-bit abuse?",
965 &ospfh->router_id);
966 #ifdef STRICT_OBIT_USAGE_CHECK
967 return; /* Reject this packet. */
968 #else /* STRICT_OBIT_USAGE_CHECK */
969 UNSET_FLAG(hello->options, OSPF_OPTION_O); /* Ignore O-bit. */
970 #endif /* STRICT_OBIT_USAGE_CHECK */
971 }
972
973 /* new for NSSA is to ensure that NP is on and E is off */
974
975 if (oi->area->external_routing == OSPF_AREA_NSSA) {
976 if (!(CHECK_FLAG(OPTIONS(oi), OSPF_OPTION_NP)
977 && CHECK_FLAG(hello->options, OSPF_OPTION_NP)
978 && !CHECK_FLAG(OPTIONS(oi), OSPF_OPTION_E)
979 && !CHECK_FLAG(hello->options, OSPF_OPTION_E))) {
980 flog_warn(
981 EC_OSPF_PACKET,
982 "NSSA-Packet-%pI4[Hello:RECV]: my options: %x, his options %x",
983 &ospfh->router_id, OPTIONS(oi),
984 hello->options);
985 return;
986 }
987 if (IS_DEBUG_OSPF_NSSA)
988 zlog_debug("NSSA-Hello:RECV:Packet from %pI4:",
989 &ospfh->router_id);
990 } else
991 /* The setting of the E-bit found in the Hello Packet's Options
992 field must match this area's ExternalRoutingCapability A
993 mismatch causes processing to stop and the packet to be
994 dropped. The setting of the rest of the bits in the Hello
995 Packet's Options field should be ignored. */
996 if (CHECK_FLAG(OPTIONS(oi), OSPF_OPTION_E)
997 != CHECK_FLAG(hello->options, OSPF_OPTION_E)) {
998 flog_warn(
999 EC_OSPF_PACKET,
1000 "Packet %pI4 [Hello:RECV]: my options: %x, his options %x",
1001 &ospfh->router_id, OPTIONS(oi),
1002 hello->options);
1003 return;
1004 }
1005
1006 /* get neighbour struct */
1007 nbr = ospf_nbr_get(oi, ospfh, iph, &p);
1008
1009 /* neighbour must be valid, ospf_nbr_get creates if none existed */
1010 assert(nbr);
1011
1012 old_state = nbr->state;
1013
1014 /* Add event to thread. */
1015 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_HelloReceived);
1016
1017 /* RFC2328 Section 9.5.1
1018 If the router is not eligible to become Designated Router,
1019 (snip) It must also send an Hello Packet in reply to an
1020 Hello Packet received from any eligible neighbor (other than
1021 the current Designated Router and Backup Designated Router). */
1022 if (oi->type == OSPF_IFTYPE_NBMA)
1023 if (PRIORITY(oi) == 0 && hello->priority > 0
1024 && IPV4_ADDR_CMP(&DR(oi), &iph->ip_src)
1025 && IPV4_ADDR_CMP(&BDR(oi), &iph->ip_src))
1026 OSPF_NSM_TIMER_ON(nbr->t_hello_reply,
1027 ospf_hello_reply_timer,
1028 OSPF_HELLO_REPLY_DELAY);
1029
1030 /* on NBMA network type, it happens to receive bidirectional Hello
1031 packet
1032 without advance 1-Way Received event.
1033 To avoid incorrect DR-seletion, raise 1-Way Received event.*/
1034 if (oi->type == OSPF_IFTYPE_NBMA
1035 && (old_state == NSM_Down || old_state == NSM_Attempt)) {
1036 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_OneWayReceived);
1037 nbr->priority = hello->priority;
1038 nbr->d_router = hello->d_router;
1039 nbr->bd_router = hello->bd_router;
1040 return;
1041 }
1042
1043 if (ospf_nbr_bidirectional(&oi->ospf->router_id, hello->neighbors,
1044 size - OSPF_HELLO_MIN_SIZE)) {
1045 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_TwoWayReceived);
1046 nbr->options |= hello->options;
1047 } else {
1048 /* If the router is DR_OTHER, RESTARTER will not wait
1049 * until it receives the hello from it if it receives
1050 * from DR and BDR.
1051 * So, helper might receives ONW_WAY hello from
1052 * RESTARTER. So not allowing to change the state if it
1053 * receives one_way hellow when it acts as HELPER for
1054 * that specific neighbor.
1055 */
1056 if (!OSPF_GR_IS_ACTIVE_HELPER(nbr))
1057 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_OneWayReceived);
1058 /* Set neighbor information. */
1059 nbr->priority = hello->priority;
1060 nbr->d_router = hello->d_router;
1061 nbr->bd_router = hello->bd_router;
1062 return;
1063 }
1064
1065 if (OSPF_GR_IS_ACTIVE_HELPER(nbr)) {
1066 /* As per the GR Conformance Test Case 7.2. Section 3
1067 * "Also, if X was the Designated Router on network segment S
1068 * when the helping relationship began, Y maintains X as the
1069 * Designated Router until the helping relationship is
1070 * terminated."
1071 * When I am helper for this neighbor, I should not trigger the
1072 * ISM Events. Also Intentionally not setting the priority and
1073 * other fields so that when the neighbor exits the Grace
1074 * period, it can handle if there is any change before GR and
1075 * after GR. */
1076 if (IS_DEBUG_OSPF_GR)
1077 zlog_debug(
1078 "%s, Neighbor is under GR Restart, hence ignoring the ISM Events",
1079 __PRETTY_FUNCTION__);
1080 } else {
1081 /* If neighbor itself declares DR and no BDR exists,
1082 cause event BackupSeen */
1083 if (IPV4_ADDR_SAME(&nbr->address.u.prefix4, &hello->d_router))
1084 if (hello->bd_router.s_addr == INADDR_ANY
1085 && oi->state == ISM_Waiting)
1086 OSPF_ISM_EVENT_SCHEDULE(oi, ISM_BackupSeen);
1087
1088 /* neighbor itself declares BDR. */
1089 if (oi->state == ISM_Waiting
1090 && IPV4_ADDR_SAME(&nbr->address.u.prefix4,
1091 &hello->bd_router))
1092 OSPF_ISM_EVENT_SCHEDULE(oi, ISM_BackupSeen);
1093
1094 /* had not previously. */
1095 if ((IPV4_ADDR_SAME(&nbr->address.u.prefix4, &hello->d_router)
1096 && IPV4_ADDR_CMP(&nbr->address.u.prefix4, &nbr->d_router))
1097 || (IPV4_ADDR_CMP(&nbr->address.u.prefix4, &hello->d_router)
1098 && IPV4_ADDR_SAME(&nbr->address.u.prefix4,
1099 &nbr->d_router)))
1100 OSPF_ISM_EVENT_SCHEDULE(oi, ISM_NeighborChange);
1101
1102 /* had not previously. */
1103 if ((IPV4_ADDR_SAME(&nbr->address.u.prefix4, &hello->bd_router)
1104 && IPV4_ADDR_CMP(&nbr->address.u.prefix4, &nbr->bd_router))
1105 || (IPV4_ADDR_CMP(&nbr->address.u.prefix4,
1106 &hello->bd_router)
1107 && IPV4_ADDR_SAME(&nbr->address.u.prefix4,
1108 &nbr->bd_router)))
1109 OSPF_ISM_EVENT_SCHEDULE(oi, ISM_NeighborChange);
1110
1111 /* Neighbor priority check. */
1112 if (nbr->priority >= 0 && nbr->priority != hello->priority)
1113 OSPF_ISM_EVENT_SCHEDULE(oi, ISM_NeighborChange);
1114 }
1115
1116 /* Set neighbor information. */
1117 nbr->priority = hello->priority;
1118 nbr->d_router = hello->d_router;
1119 nbr->bd_router = hello->bd_router;
1120
1121 /*
1122 * RFC 3623 - Section 2:
1123 * "If the restarting router determines that it was the Designated
1124 * Router on a given segment prior to the restart, it elects
1125 * itself as the Designated Router again. The restarting router
1126 * knows that it was the Designated Router if, while the
1127 * associated interface is in Waiting state, a Hello packet is
1128 * received from a neighbor listing the router as the Designated
1129 * Router".
1130 */
1131 if (oi->area->ospf->gr_info.restart_in_progress
1132 && oi->state == ISM_Waiting
1133 && IPV4_ADDR_SAME(&hello->d_router, &oi->address->u.prefix4))
1134 DR(oi) = hello->d_router;
1135 }
1136
1137 /* Save DD flags/options/Seqnum received. */
1138 static void ospf_db_desc_save_current(struct ospf_neighbor *nbr,
1139 struct ospf_db_desc *dd)
1140 {
1141 nbr->last_recv.flags = dd->flags;
1142 nbr->last_recv.options = dd->options;
1143 nbr->last_recv.dd_seqnum = ntohl(dd->dd_seqnum);
1144 }
1145
1146 /* Process rest of DD packet. */
1147 static void ospf_db_desc_proc(struct stream *s, struct ospf_interface *oi,
1148 struct ospf_neighbor *nbr,
1149 struct ospf_db_desc *dd, uint16_t size)
1150 {
1151 struct ospf_lsa *new, *find;
1152 struct lsa_header *lsah;
1153
1154 stream_forward_getp(s, OSPF_DB_DESC_MIN_SIZE);
1155 for (size -= OSPF_DB_DESC_MIN_SIZE; size >= OSPF_LSA_HEADER_SIZE;
1156 size -= OSPF_LSA_HEADER_SIZE) {
1157 lsah = (struct lsa_header *)stream_pnt(s);
1158 stream_forward_getp(s, OSPF_LSA_HEADER_SIZE);
1159
1160 /* Unknown LS type. */
1161 if (lsah->type < OSPF_MIN_LSA || lsah->type >= OSPF_MAX_LSA) {
1162 flog_warn(EC_OSPF_PACKET,
1163 "Packet [DD:RECV]: Unknown LS type %d.",
1164 lsah->type);
1165 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_SeqNumberMismatch);
1166 return;
1167 }
1168
1169 if (IS_OPAQUE_LSA(lsah->type)
1170 && !CHECK_FLAG(nbr->options, OSPF_OPTION_O)) {
1171 flog_warn(EC_OSPF_PACKET,
1172 "LSA[Type%d:%pI4] from %pI4: Opaque capability mismatch?",
1173 lsah->type, &lsah->id, &lsah->adv_router);
1174 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_SeqNumberMismatch);
1175 return;
1176 }
1177
1178 switch (lsah->type) {
1179 case OSPF_AS_EXTERNAL_LSA:
1180 case OSPF_OPAQUE_AS_LSA:
1181 /* Check for stub area. Reject if AS-External from stub
1182 but
1183 allow if from NSSA. */
1184 if (oi->area->external_routing == OSPF_AREA_STUB) {
1185 flog_warn(
1186 EC_OSPF_PACKET,
1187 "Packet [DD:RECV]: LSA[Type%d:%pI4] from %s area.",
1188 lsah->type, &lsah->id,
1189 (oi->area->external_routing
1190 == OSPF_AREA_STUB)
1191 ? "STUB"
1192 : "NSSA");
1193 OSPF_NSM_EVENT_SCHEDULE(nbr,
1194 NSM_SeqNumberMismatch);
1195 return;
1196 }
1197 break;
1198 default:
1199 break;
1200 }
1201
1202 /* Create LS-request object. */
1203 new = ospf_ls_request_new(lsah);
1204
1205 /* Lookup received LSA, then add LS request list. */
1206 find = ospf_lsa_lookup_by_header(oi->area, lsah);
1207
1208 /* ospf_lsa_more_recent is fine with NULL pointers */
1209 switch (ospf_lsa_more_recent(find, new)) {
1210 case -1:
1211 /* Neighbour has a more recent LSA, we must request it
1212 */
1213 ospf_ls_request_add(nbr, new);
1214 /* fallthru */
1215 case 0:
1216 /* If we have a copy of this LSA, it's either less
1217 * recent
1218 * and we're requesting it from neighbour (the case
1219 * above), or
1220 * it's as recent and we both have same copy (this
1221 * case).
1222 *
1223 * In neither of these two cases is there any point in
1224 * describing our copy of the LSA to the neighbour in a
1225 * DB-Summary packet, if we're still intending to do so.
1226 *
1227 * See: draft-ogier-ospf-dbex-opt-00.txt, describing the
1228 * backward compatible optimisation to OSPF DB Exchange
1229 * /
1230 * DB Description process implemented here.
1231 */
1232 if (find)
1233 ospf_lsdb_delete(&nbr->db_sum, find);
1234 ospf_lsa_discard(new);
1235 break;
1236 default:
1237 /* We have the more recent copy, nothing specific to do:
1238 * - no need to request neighbours stale copy
1239 * - must leave DB summary list copy alone
1240 */
1241 if (IS_DEBUG_OSPF_EVENT)
1242 zlog_debug(
1243 "Packet [DD:RECV]: LSA received Type %d, ID %pI4 is not recent.",
1244 lsah->type, &lsah->id);
1245 ospf_lsa_discard(new);
1246 }
1247 }
1248
1249 /* Master */
1250 if (IS_SET_DD_MS(nbr->dd_flags)) {
1251 nbr->dd_seqnum++;
1252
1253 /* Both sides have no More, then we're done with Exchange */
1254 if (!IS_SET_DD_M(dd->flags) && !IS_SET_DD_M(nbr->dd_flags))
1255 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_ExchangeDone);
1256 else
1257 ospf_db_desc_send(nbr);
1258 }
1259 /* Slave */
1260 else {
1261 nbr->dd_seqnum = ntohl(dd->dd_seqnum);
1262
1263 /* Send DD packet in reply.
1264 *
1265 * Must be done to acknowledge the Master's DD, regardless of
1266 * whether we have more LSAs ourselves to describe.
1267 *
1268 * This function will clear the 'More' bit, if after this DD
1269 * we have no more LSAs to describe to the master..
1270 */
1271 ospf_db_desc_send(nbr);
1272
1273 /* Slave can raise ExchangeDone now, if master is also done */
1274 if (!IS_SET_DD_M(dd->flags) && !IS_SET_DD_M(nbr->dd_flags))
1275 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_ExchangeDone);
1276 }
1277
1278 /* Save received neighbor values from DD. */
1279 ospf_db_desc_save_current(nbr, dd);
1280
1281 if (!nbr->t_ls_req)
1282 ospf_ls_req_send(nbr);
1283 }
1284
1285 static int ospf_db_desc_is_dup(struct ospf_db_desc *dd,
1286 struct ospf_neighbor *nbr)
1287 {
1288 /* Is DD duplicated? */
1289 if (dd->options == nbr->last_recv.options
1290 && dd->flags == nbr->last_recv.flags
1291 && dd->dd_seqnum == htonl(nbr->last_recv.dd_seqnum))
1292 return 1;
1293
1294 return 0;
1295 }
1296
1297 /* OSPF Database Description message read -- RFC2328 Section 10.6. */
1298 static void ospf_db_desc(struct ip *iph, struct ospf_header *ospfh,
1299 struct stream *s, struct ospf_interface *oi,
1300 uint16_t size)
1301 {
1302 struct ospf_db_desc *dd;
1303 struct ospf_neighbor *nbr;
1304
1305 /* Increment statistics. */
1306 oi->db_desc_in++;
1307
1308 dd = (struct ospf_db_desc *)stream_pnt(s);
1309
1310 nbr = ospf_nbr_lookup(oi, iph, ospfh);
1311 if (nbr == NULL) {
1312 flog_warn(EC_OSPF_PACKET, "Packet[DD]: Unknown Neighbor %pI4",
1313 &ospfh->router_id);
1314 return;
1315 }
1316
1317 /* Check MTU. */
1318 if ((OSPF_IF_PARAM(oi, mtu_ignore) == 0)
1319 && (ntohs(dd->mtu) > oi->ifp->mtu)) {
1320 flog_warn(
1321 EC_OSPF_PACKET,
1322 "Packet[DD]: Neighbor %pI4 MTU %u is larger than [%s]'s MTU %u",
1323 &nbr->router_id, ntohs(dd->mtu), IF_NAME(oi),
1324 oi->ifp->mtu);
1325 return;
1326 }
1327
1328 /*
1329 * XXX HACK by Hasso Tepper. Setting N/P bit in NSSA area DD packets is
1330 * not
1331 * required. In fact at least JunOS sends DD packets with P bit clear.
1332 * Until proper solution is developped, this hack should help.
1333 *
1334 * Update: According to the RFCs, N bit is specified /only/ for Hello
1335 * options, unfortunately its use in DD options is not specified. Hence
1336 * some
1337 * implementations follow E-bit semantics and set it in DD options, and
1338 * some
1339 * treat it as unspecified and hence follow the directive "default for
1340 * options is clear", ie unset.
1341 *
1342 * Reset the flag, as ospfd follows E-bit semantics.
1343 */
1344 if ((oi->area->external_routing == OSPF_AREA_NSSA)
1345 && (CHECK_FLAG(nbr->options, OSPF_OPTION_NP))
1346 && (!CHECK_FLAG(dd->options, OSPF_OPTION_NP))) {
1347 if (IS_DEBUG_OSPF_EVENT)
1348 zlog_debug(
1349 "Packet[DD]: Neighbour %pI4: Has NSSA capability, sends with N bit clear in DD options",
1350 &nbr->router_id);
1351 SET_FLAG(dd->options, OSPF_OPTION_NP);
1352 }
1353
1354 #ifdef REJECT_IF_TBIT_ON
1355 if (CHECK_FLAG(dd->options, OSPF_OPTION_MT)) {
1356 /*
1357 * In Hello protocol, optional capability must have checked
1358 * to prevent this T-bit enabled router be my neighbor.
1359 */
1360 flog_warn(EC_OSPF_PACKET, "Packet[DD]: Neighbor %pI4: T-bit on?",
1361 &nbr->router_id);
1362 return;
1363 }
1364 #endif /* REJECT_IF_TBIT_ON */
1365
1366 if (CHECK_FLAG(dd->options, OSPF_OPTION_O)
1367 && !CHECK_FLAG(oi->ospf->config, OSPF_OPAQUE_CAPABLE)) {
1368 /*
1369 * This node is not configured to handle O-bit, for now.
1370 * Clear it to ignore unsupported capability proposed by
1371 * neighbor.
1372 */
1373 UNSET_FLAG(dd->options, OSPF_OPTION_O);
1374 }
1375
1376 if (CHECK_FLAG(oi->ospf->config, OSPF_LOG_ADJACENCY_DETAIL))
1377 zlog_info(
1378 "%s:Packet[DD]: Neighbor %pI4 state is %s, seq_num:0x%x, local:0x%x",
1379 ospf_get_name(oi->ospf), &nbr->router_id,
1380 lookup_msg(ospf_nsm_state_msg, nbr->state, NULL),
1381 ntohl(dd->dd_seqnum), nbr->dd_seqnum);
1382
1383 /* Process DD packet by neighbor status. */
1384 switch (nbr->state) {
1385 case NSM_Down:
1386 case NSM_Attempt:
1387 case NSM_TwoWay:
1388 if (CHECK_FLAG(oi->ospf->config, OSPF_LOG_ADJACENCY_DETAIL))
1389 zlog_info(
1390 "Packet[DD]: Neighbor %pI4 state is %s, packet discarded.",
1391 &nbr->router_id,
1392 lookup_msg(ospf_nsm_state_msg, nbr->state,
1393 NULL));
1394 break;
1395 case NSM_Init:
1396 OSPF_NSM_EVENT_EXECUTE(nbr, NSM_TwoWayReceived);
1397 /* If the new state is ExStart, the processing of the current
1398 packet should then continue in this new state by falling
1399 through to case ExStart below. */
1400 if (nbr->state != NSM_ExStart)
1401 break;
1402 /* fallthru */
1403 case NSM_ExStart:
1404 /* Initial DBD */
1405 if ((IS_SET_DD_ALL(dd->flags) == OSPF_DD_FLAG_ALL)
1406 && (size == OSPF_DB_DESC_MIN_SIZE)) {
1407 if (IPV4_ADDR_CMP(&nbr->router_id, &oi->ospf->router_id)
1408 > 0) {
1409 /* We're Slave---obey */
1410 if (CHECK_FLAG(oi->ospf->config,
1411 OSPF_LOG_ADJACENCY_DETAIL))
1412 zlog_info(
1413 "Packet[DD]: Neighbor %pI4 Negotiation done (Slave).",
1414 &nbr->router_id);
1415
1416 nbr->dd_seqnum = ntohl(dd->dd_seqnum);
1417
1418 /* Reset I/MS */
1419 UNSET_FLAG(nbr->dd_flags,
1420 (OSPF_DD_FLAG_MS | OSPF_DD_FLAG_I));
1421 } else {
1422 /* We're Master, ignore the initial DBD from
1423 * Slave */
1424 if (CHECK_FLAG(oi->ospf->config,
1425 OSPF_LOG_ADJACENCY_DETAIL))
1426 zlog_info(
1427 "Packet[DD]: Neighbor %pI4: Initial DBD from Slave, ignoring.",
1428 &nbr->router_id);
1429 break;
1430 }
1431 }
1432 /* Ack from the Slave */
1433 else if (!IS_SET_DD_MS(dd->flags) && !IS_SET_DD_I(dd->flags)
1434 && ntohl(dd->dd_seqnum) == nbr->dd_seqnum
1435 && IPV4_ADDR_CMP(&nbr->router_id, &oi->ospf->router_id)
1436 < 0) {
1437 zlog_info(
1438 "Packet[DD]: Neighbor %pI4 Negotiation done (Master).",
1439 &nbr->router_id);
1440 /* Reset I, leaving MS */
1441 UNSET_FLAG(nbr->dd_flags, OSPF_DD_FLAG_I);
1442 } else {
1443 flog_warn(EC_OSPF_PACKET,
1444 "Packet[DD]: Neighbor %pI4 Negotiation fails.",
1445 &nbr->router_id);
1446 break;
1447 }
1448
1449 /* This is where the real Options are saved */
1450 nbr->options = dd->options;
1451
1452 if (CHECK_FLAG(oi->ospf->config, OSPF_OPAQUE_CAPABLE)) {
1453 if (IS_DEBUG_OSPF_EVENT)
1454 zlog_debug(
1455 "Neighbor[%pI4] is %sOpaque-capable.",
1456 &nbr->router_id,
1457 CHECK_FLAG(nbr->options, OSPF_OPTION_O)
1458 ? ""
1459 : "NOT ");
1460
1461 if (!CHECK_FLAG(nbr->options, OSPF_OPTION_O)
1462 && IPV4_ADDR_SAME(&DR(oi),
1463 &nbr->address.u.prefix4)) {
1464 flog_warn(
1465 EC_OSPF_PACKET,
1466 "DR-neighbor[%pI4] is NOT opaque-capable; Opaque-LSAs cannot be reliably advertised in this network.",
1467 &nbr->router_id);
1468 /* This situation is undesirable, but not a real
1469 * error. */
1470 }
1471 }
1472
1473 OSPF_NSM_EVENT_EXECUTE(nbr, NSM_NegotiationDone);
1474
1475 /* continue processing rest of packet. */
1476 ospf_db_desc_proc(s, oi, nbr, dd, size);
1477 break;
1478 case NSM_Exchange:
1479 if (ospf_db_desc_is_dup(dd, nbr)) {
1480 if (IS_SET_DD_MS(nbr->dd_flags))
1481 /* Master: discard duplicated DD packet. */
1482 zlog_info(
1483 "Packet[DD] (Master): Neighbor %pI4 packet duplicated.",
1484 &nbr->router_id);
1485 else
1486 /* Slave: cause to retransmit the last Database
1487 Description. */
1488 {
1489 zlog_info(
1490 "Packet[DD] [Slave]: Neighbor %pI4 packet duplicated.",
1491 &nbr->router_id);
1492 ospf_db_desc_resend(nbr);
1493 }
1494 break;
1495 }
1496
1497 /* Otherwise DD packet should be checked. */
1498 /* Check Master/Slave bit mismatch */
1499 if (IS_SET_DD_MS(dd->flags)
1500 != IS_SET_DD_MS(nbr->last_recv.flags)) {
1501 flog_warn(EC_OSPF_PACKET,
1502 "Packet[DD]: Neighbor %pI4 MS-bit mismatch.",
1503 &nbr->router_id);
1504 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_SeqNumberMismatch);
1505 if (IS_DEBUG_OSPF_EVENT)
1506 zlog_debug(
1507 "Packet[DD]: dd->flags=%d, nbr->dd_flags=%d",
1508 dd->flags, nbr->dd_flags);
1509 break;
1510 }
1511
1512 /* Check initialize bit is set. */
1513 if (IS_SET_DD_I(dd->flags)) {
1514 zlog_info("Packet[DD]: Neighbor %pI4 I-bit set.",
1515 &nbr->router_id);
1516 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_SeqNumberMismatch);
1517 break;
1518 }
1519
1520 /* Check DD Options. */
1521 if (dd->options != nbr->options) {
1522 flog_warn(EC_OSPF_PACKET,
1523 "Packet[DD]: Neighbor %pI4 options mismatch.",
1524 &nbr->router_id);
1525 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_SeqNumberMismatch);
1526 break;
1527 }
1528
1529 /* Check DD sequence number. */
1530 if ((IS_SET_DD_MS(nbr->dd_flags)
1531 && ntohl(dd->dd_seqnum) != nbr->dd_seqnum)
1532 || (!IS_SET_DD_MS(nbr->dd_flags)
1533 && ntohl(dd->dd_seqnum) != nbr->dd_seqnum + 1)) {
1534 flog_warn(
1535 EC_OSPF_PACKET,
1536 "Packet[DD]: Neighbor %pI4 sequence number mismatch.",
1537 &nbr->router_id);
1538 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_SeqNumberMismatch);
1539 break;
1540 }
1541
1542 /* Continue processing rest of packet. */
1543 ospf_db_desc_proc(s, oi, nbr, dd, size);
1544 break;
1545 case NSM_Loading:
1546 case NSM_Full:
1547 if (ospf_db_desc_is_dup(dd, nbr)) {
1548 if (IS_SET_DD_MS(nbr->dd_flags)) {
1549 /* Master should discard duplicate DD packet. */
1550 zlog_info(
1551 "Packet[DD]: Neighbor %pI4 duplicated, packet discarded.",
1552 &nbr->router_id);
1553 break;
1554 } else {
1555 if (monotime_since(&nbr->last_send_ts, NULL)
1556 < nbr->v_inactivity * 1000000LL) {
1557 /* In states Loading and Full the slave
1558 must resend
1559 its last Database Description packet
1560 in response to
1561 duplicate Database Description
1562 packets received
1563 from the master. For this reason the
1564 slave must
1565 wait RouterDeadInterval seconds
1566 before freeing the
1567 last Database Description packet.
1568 Reception of a
1569 Database Description packet from the
1570 master after
1571 this interval will generate a
1572 SeqNumberMismatch
1573 neighbor event. RFC2328 Section 10.8
1574 */
1575 ospf_db_desc_resend(nbr);
1576 break;
1577 }
1578 }
1579 }
1580
1581 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_SeqNumberMismatch);
1582 break;
1583 default:
1584 flog_warn(EC_OSPF_PACKET,
1585 "Packet[DD]: Neighbor %pI4 NSM illegal status %u.",
1586 &nbr->router_id, nbr->state);
1587 break;
1588 }
1589 }
1590
1591 #define OSPF_LSA_KEY_SIZE 12 /* type(4) + id(4) + ar(4) */
1592
1593 /* OSPF Link State Request Read -- RFC2328 Section 10.7. */
1594 static void ospf_ls_req(struct ip *iph, struct ospf_header *ospfh,
1595 struct stream *s, struct ospf_interface *oi,
1596 uint16_t size)
1597 {
1598 struct ospf_neighbor *nbr;
1599 uint32_t ls_type;
1600 struct in_addr ls_id;
1601 struct in_addr adv_router;
1602 struct ospf_lsa *find;
1603 struct list *ls_upd;
1604 unsigned int length;
1605
1606 /* Increment statistics. */
1607 oi->ls_req_in++;
1608
1609 nbr = ospf_nbr_lookup(oi, iph, ospfh);
1610 if (nbr == NULL) {
1611 flog_warn(EC_OSPF_PACKET,
1612 "Link State Request: Unknown Neighbor %pI4",
1613 &ospfh->router_id);
1614 return;
1615 }
1616
1617 /* Neighbor State should be Exchange or later. */
1618 if (nbr->state != NSM_Exchange && nbr->state != NSM_Loading
1619 && nbr->state != NSM_Full) {
1620 flog_warn(
1621 EC_OSPF_PACKET,
1622 "Link State Request received from %pI4: Neighbor state is %s, packet discarded.",
1623 &ospfh->router_id,
1624 lookup_msg(ospf_nsm_state_msg, nbr->state, NULL));
1625 return;
1626 }
1627
1628 /* Send Link State Update for ALL requested LSAs. */
1629 ls_upd = list_new();
1630 length = OSPF_HEADER_SIZE + OSPF_LS_UPD_MIN_SIZE;
1631
1632 while (size >= OSPF_LSA_KEY_SIZE) {
1633 /* Get one slice of Link State Request. */
1634 ls_type = stream_getl(s);
1635 ls_id.s_addr = stream_get_ipv4(s);
1636 adv_router.s_addr = stream_get_ipv4(s);
1637
1638 /* Verify LSA type. */
1639 if (ls_type < OSPF_MIN_LSA || ls_type >= OSPF_MAX_LSA) {
1640 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_BadLSReq);
1641 list_delete(&ls_upd);
1642 return;
1643 }
1644
1645 /* Search proper LSA in LSDB. */
1646 find = ospf_lsa_lookup(oi->ospf, oi->area, ls_type, ls_id,
1647 adv_router);
1648 if (find == NULL) {
1649 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_BadLSReq);
1650 list_delete(&ls_upd);
1651 return;
1652 }
1653
1654 /* Packet overflows MTU size, send immediately. */
1655 if (length + ntohs(find->data->length) > ospf_packet_max(oi)) {
1656 if (oi->type == OSPF_IFTYPE_NBMA)
1657 ospf_ls_upd_send(nbr, ls_upd,
1658 OSPF_SEND_PACKET_DIRECT, 0);
1659 else
1660 ospf_ls_upd_send(nbr, ls_upd,
1661 OSPF_SEND_PACKET_INDIRECT, 0);
1662
1663 /* Only remove list contents. Keep ls_upd. */
1664 list_delete_all_node(ls_upd);
1665
1666 length = OSPF_HEADER_SIZE + OSPF_LS_UPD_MIN_SIZE;
1667 }
1668
1669 /* Append LSA to update list. */
1670 listnode_add(ls_upd, find);
1671 length += ntohs(find->data->length);
1672
1673 size -= OSPF_LSA_KEY_SIZE;
1674 }
1675
1676 /* Send rest of Link State Update. */
1677 if (listcount(ls_upd) > 0) {
1678 if (oi->type == OSPF_IFTYPE_NBMA)
1679 ospf_ls_upd_send(nbr, ls_upd, OSPF_SEND_PACKET_DIRECT,
1680 0);
1681 else
1682 ospf_ls_upd_send(nbr, ls_upd, OSPF_SEND_PACKET_INDIRECT,
1683 0);
1684
1685 list_delete(&ls_upd);
1686 } else
1687 list_delete(&ls_upd);
1688 }
1689
1690 /* Get the list of LSAs from Link State Update packet.
1691 And process some validation -- RFC2328 Section 13. (1)-(2). */
1692 static struct list *ospf_ls_upd_list_lsa(struct ospf_neighbor *nbr,
1693 struct stream *s,
1694 struct ospf_interface *oi, size_t size)
1695 {
1696 uint16_t count, sum;
1697 uint32_t length;
1698 struct lsa_header *lsah;
1699 struct ospf_lsa *lsa;
1700 struct list *lsas;
1701
1702 lsas = list_new();
1703
1704 count = stream_getl(s);
1705 size -= OSPF_LS_UPD_MIN_SIZE; /* # LSAs */
1706
1707 for (; size >= OSPF_LSA_HEADER_SIZE && count > 0;
1708 size -= length, stream_forward_getp(s, length), count--) {
1709 lsah = (struct lsa_header *)stream_pnt(s);
1710 length = ntohs(lsah->length);
1711
1712 if (length > size) {
1713 flog_warn(
1714 EC_OSPF_PACKET,
1715 "Link State Update: LSA length exceeds packet size.");
1716 break;
1717 }
1718
1719 if (length < OSPF_LSA_HEADER_SIZE) {
1720 flog_warn(EC_OSPF_PACKET,
1721 "Link State Update: LSA length too small.");
1722 break;
1723 }
1724
1725 /* Validate the LSA's LS checksum. */
1726 sum = lsah->checksum;
1727 if (!ospf_lsa_checksum_valid(lsah)) {
1728 /* (bug #685) more details in a one-line message make it
1729 * possible
1730 * to identify problem source on the one hand and to
1731 * have a better
1732 * chance to compress repeated messages in syslog on the
1733 * other */
1734 flog_warn(
1735 EC_OSPF_PACKET,
1736 "Link State Update: LSA checksum error %x/%x, ID=%pI4 from: nbr %pI4, router ID %pI4, adv router %pI4",
1737 sum, lsah->checksum, &lsah->id,
1738 &nbr->src, &nbr->router_id,
1739 &lsah->adv_router);
1740 continue;
1741 }
1742
1743 /* Examine the LSA's LS type. */
1744 if (lsah->type < OSPF_MIN_LSA || lsah->type >= OSPF_MAX_LSA) {
1745 flog_warn(EC_OSPF_PACKET,
1746 "Link State Update: Unknown LS type %d",
1747 lsah->type);
1748 continue;
1749 }
1750
1751 /*
1752 * What if the received LSA's age is greater than MaxAge?
1753 * Treat it as a MaxAge case -- endo.
1754 */
1755 if (ntohs(lsah->ls_age) > OSPF_LSA_MAXAGE)
1756 lsah->ls_age = htons(OSPF_LSA_MAXAGE);
1757
1758 if (CHECK_FLAG(nbr->options, OSPF_OPTION_O)) {
1759 #ifdef STRICT_OBIT_USAGE_CHECK
1760 if ((IS_OPAQUE_LSA(lsah->type)
1761 && !CHECK_FLAG(lsah->options, OSPF_OPTION_O))
1762 || (!IS_OPAQUE_LSA(lsah->type)
1763 && CHECK_FLAG(lsah->options, OSPF_OPTION_O))) {
1764 /*
1765 * This neighbor must know the exact usage of
1766 * O-bit;
1767 * the bit will be set in Type-9,10,11 LSAs
1768 * only.
1769 */
1770 flog_warn(EC_OSPF_PACKET,
1771 "LSA[Type%d:%pI4]: O-bit abuse?",
1772 lsah->type, &lsah->id);
1773 continue;
1774 }
1775 #endif /* STRICT_OBIT_USAGE_CHECK */
1776
1777 /* Do not take in AS External Opaque-LSAs if we are a
1778 * stub. */
1779 if (lsah->type == OSPF_OPAQUE_AS_LSA
1780 && nbr->oi->area->external_routing
1781 != OSPF_AREA_DEFAULT) {
1782 if (IS_DEBUG_OSPF_EVENT)
1783 zlog_debug(
1784 "LSA[Type%d:%pI4]: We are a stub, don't take this LSA.",
1785 lsah->type,
1786 &lsah->id);
1787 continue;
1788 }
1789 } else if (IS_OPAQUE_LSA(lsah->type)) {
1790 flog_warn(EC_OSPF_PACKET,
1791 "LSA[Type%d:%pI4]: Opaque capability mismatch?",
1792 lsah->type, &lsah->id);
1793 continue;
1794 }
1795
1796 /* Create OSPF LSA instance. */
1797 lsa = ospf_lsa_new_and_data(length);
1798
1799 lsa->vrf_id = oi->ospf->vrf_id;
1800 /* We may wish to put some error checking if type NSSA comes in
1801 and area not in NSSA mode */
1802 switch (lsah->type) {
1803 case OSPF_AS_EXTERNAL_LSA:
1804 case OSPF_OPAQUE_AS_LSA:
1805 lsa->area = NULL;
1806 break;
1807 case OSPF_OPAQUE_LINK_LSA:
1808 lsa->oi = oi; /* Remember incoming interface for
1809 flooding control. */
1810 /* Fallthrough */
1811 default:
1812 lsa->area = oi->area;
1813 break;
1814 }
1815
1816 memcpy(lsa->data, lsah, length);
1817
1818 if (IS_DEBUG_OSPF_EVENT)
1819 zlog_debug(
1820 "LSA[Type%d:%pI4]: %p new LSA created with Link State Update",
1821 lsa->data->type, &lsa->data->id,
1822 (void *)lsa);
1823 listnode_add(lsas, lsa);
1824 }
1825
1826 return lsas;
1827 }
1828
1829 /* Cleanup Update list. */
1830 static void ospf_upd_list_clean(struct list *lsas)
1831 {
1832 struct listnode *node, *nnode;
1833 struct ospf_lsa *lsa;
1834
1835 for (ALL_LIST_ELEMENTS(lsas, node, nnode, lsa))
1836 ospf_lsa_discard(lsa);
1837
1838 list_delete(&lsas);
1839 }
1840
1841 /* OSPF Link State Update message read -- RFC2328 Section 13. */
1842 static void ospf_ls_upd(struct ospf *ospf, struct ip *iph,
1843 struct ospf_header *ospfh, struct stream *s,
1844 struct ospf_interface *oi, uint16_t size)
1845 {
1846 struct ospf_neighbor *nbr;
1847 struct list *lsas;
1848 struct listnode *node, *nnode;
1849 struct ospf_lsa *lsa = NULL;
1850 /* unsigned long ls_req_found = 0; */
1851
1852 /* Dis-assemble the stream, update each entry, re-encapsulate for
1853 * flooding */
1854
1855 /* Increment statistics. */
1856 oi->ls_upd_in++;
1857
1858 /* Check neighbor. */
1859 nbr = ospf_nbr_lookup(oi, iph, ospfh);
1860 if (nbr == NULL) {
1861 flog_warn(EC_OSPF_PACKET,
1862 "Link State Update: Unknown Neighbor %pI4 on int: %s",
1863 &ospfh->router_id, IF_NAME(oi));
1864 return;
1865 }
1866
1867 /* Check neighbor state. */
1868 if (nbr->state < NSM_Exchange) {
1869 if (IS_DEBUG_OSPF(nsm, NSM_EVENTS))
1870 zlog_debug(
1871 "Link State Update: Neighbor[%pI4] state %s is less than Exchange",
1872 &ospfh->router_id,
1873 lookup_msg(ospf_nsm_state_msg, nbr->state,
1874 NULL));
1875 return;
1876 }
1877
1878 /* Get list of LSAs from Link State Update packet. - Also performs
1879 * Stages 1 (validate LSA checksum) and 2 (check for LSA consistent
1880 * type) of section 13.
1881 */
1882 lsas = ospf_ls_upd_list_lsa(nbr, s, oi, size);
1883
1884 if (lsas == NULL)
1885 return;
1886 #define DISCARD_LSA(L, N) \
1887 { \
1888 if (IS_DEBUG_OSPF_EVENT) \
1889 zlog_debug( \
1890 "ospf_lsa_discard() in ospf_ls_upd() point %d: lsa %p" \
1891 " Type-%d", \
1892 N, (void *)lsa, (int)lsa->data->type); \
1893 ospf_lsa_discard(L); \
1894 continue; \
1895 }
1896
1897 /* Process each LSA received in the one packet.
1898 *
1899 * Numbers in parentheses, e.g. (1), (2), etc., and the corresponding
1900 * text below are from the steps in RFC 2328, Section 13.
1901 */
1902 for (ALL_LIST_ELEMENTS(lsas, node, nnode, lsa)) {
1903 struct ospf_lsa *ls_ret, *current;
1904 int ret = 1;
1905
1906 if (IS_DEBUG_OSPF(lsa, LSA))
1907 zlog_debug("LSA Type-%d from %pI4, ID: %pI4, ADV: %pI4",
1908 lsa->data->type, &ospfh->router_id,
1909 &lsa->data->id, &lsa->data->adv_router);
1910
1911 listnode_delete(lsas,
1912 lsa); /* We don't need it in list anymore */
1913
1914 /* (1) Validate Checksum - Done above by ospf_ls_upd_list_lsa()
1915 */
1916
1917 /* (2) LSA Type - Done above by ospf_ls_upd_list_lsa() */
1918
1919 /* (3) Do not take in AS External LSAs if we are a stub or NSSA.
1920 */
1921
1922 /* Do not take in AS NSSA if this neighbor and we are not NSSA
1923 */
1924
1925 /* Do take in Type-7's if we are an NSSA */
1926
1927 /* If we are also an ABR, later translate them to a Type-5
1928 * packet */
1929
1930 /* Later, an NSSA Re-fresh can Re-fresh Type-7's and an ABR will
1931 translate them to a separate Type-5 packet. */
1932
1933 if (lsa->data->type == OSPF_AS_EXTERNAL_LSA)
1934 /* Reject from STUB or NSSA */
1935 if (nbr->oi->area->external_routing
1936 != OSPF_AREA_DEFAULT) {
1937 if (IS_DEBUG_OSPF_NSSA)
1938 zlog_debug(
1939 "Incoming External LSA Discarded: We are NSSA/STUB Area");
1940 DISCARD_LSA(lsa, 1);
1941 }
1942
1943 if (lsa->data->type == OSPF_AS_NSSA_LSA)
1944 if (nbr->oi->area->external_routing != OSPF_AREA_NSSA) {
1945 if (IS_DEBUG_OSPF_NSSA)
1946 zlog_debug(
1947 "Incoming NSSA LSA Discarded: Not NSSA Area");
1948 DISCARD_LSA(lsa, 2);
1949 }
1950
1951 /* VU229804: Router-LSA Adv-ID must be equal to LS-ID */
1952 if (lsa->data->type == OSPF_ROUTER_LSA)
1953 if (!IPV4_ADDR_SAME(&lsa->data->id,
1954 &lsa->data->adv_router)) {
1955 flog_err(
1956 EC_OSPF_ROUTER_LSA_MISMATCH,
1957 "Incoming Router-LSA from %pI4 with Adv-ID[%pI4] != LS-ID[%pI4]",
1958 &ospfh->router_id, &lsa->data->id,
1959 &lsa->data->adv_router);
1960 flog_err(
1961 EC_OSPF_DOMAIN_CORRUPT,
1962 "OSPF domain compromised by attack or corruption. Verify correct operation of -ALL- OSPF routers.");
1963 DISCARD_LSA(lsa, 0);
1964 }
1965
1966 /* Find the LSA in the current database. */
1967
1968 current = ospf_lsa_lookup_by_header(oi->area, lsa->data);
1969
1970 /* (4) If the LSA's LS age is equal to MaxAge, and there is
1971 currently
1972 no instance of the LSA in the router's link state database,
1973 and none of router's neighbors are in states Exchange or
1974 Loading,
1975 then take the following actions: */
1976
1977 if (IS_LSA_MAXAGE(lsa) && !current
1978 && ospf_check_nbr_status(oi->ospf)) {
1979 /* (4a) Response Link State Acknowledgment. */
1980 ospf_ls_ack_send(nbr, lsa);
1981
1982 /* (4b) Discard LSA. */
1983 if (IS_DEBUG_OSPF(lsa, LSA)) {
1984 zlog_debug(
1985 "Link State Update[%s]: LS age is equal to MaxAge.",
1986 dump_lsa_key(lsa));
1987 }
1988 DISCARD_LSA(lsa, 3);
1989 }
1990
1991 if (IS_OPAQUE_LSA(lsa->data->type)
1992 && IPV4_ADDR_SAME(&lsa->data->adv_router,
1993 &oi->ospf->router_id)) {
1994 /*
1995 * Even if initial flushing seems to be completed, there
1996 * might
1997 * be a case that self-originated LSA with MaxAge still
1998 * remain
1999 * in the routing domain.
2000 * Just send an LSAck message to cease retransmission.
2001 */
2002 if (IS_LSA_MAXAGE(lsa)) {
2003 zlog_info("LSA[%s]: Boomerang effect?",
2004 dump_lsa_key(lsa));
2005 ospf_ls_ack_send(nbr, lsa);
2006 ospf_lsa_discard(lsa);
2007
2008 if (current != NULL && !IS_LSA_MAXAGE(current))
2009 ospf_opaque_lsa_refresh_schedule(
2010 current);
2011 continue;
2012 }
2013
2014 /*
2015 * If an instance of self-originated Opaque-LSA is not
2016 * found
2017 * in the LSDB, there are some possible cases here.
2018 *
2019 * 1) This node lost opaque-capability after restart.
2020 * 2) Else, a part of opaque-type is no more supported.
2021 * 3) Else, a part of opaque-id is no more supported.
2022 *
2023 * Anyway, it is still this node's responsibility to
2024 * flush it.
2025 * Otherwise, the LSA instance remains in the routing
2026 * domain
2027 * until its age reaches to MaxAge.
2028 */
2029 /* XXX: We should deal with this for *ALL* LSAs, not
2030 * just opaque */
2031 if (current == NULL) {
2032 if (IS_DEBUG_OSPF_EVENT)
2033 zlog_debug(
2034 "LSA[%s]: Previously originated Opaque-LSA,not found in the LSDB.",
2035 dump_lsa_key(lsa));
2036
2037 SET_FLAG(lsa->flags, OSPF_LSA_SELF);
2038
2039 ospf_ls_ack_send(nbr, lsa);
2040
2041 if (!ospf->gr_info.restart_in_progress) {
2042 ospf_opaque_self_originated_lsa_received(
2043 nbr, lsa);
2044 continue;
2045 }
2046 }
2047 }
2048
2049 /* It might be happen that received LSA is self-originated
2050 * network LSA, but
2051 * router ID is changed. So, we should check if LSA is a
2052 * network-LSA whose
2053 * Link State ID is one of the router's own IP interface
2054 * addresses but whose
2055 * Advertising Router is not equal to the router's own Router ID
2056 * According to RFC 2328 12.4.2 and 13.4 this LSA should be
2057 * flushed.
2058 */
2059
2060 if (lsa->data->type == OSPF_NETWORK_LSA) {
2061 struct listnode *oinode, *oinnode;
2062 struct ospf_interface *out_if;
2063 int Flag = 0;
2064
2065 for (ALL_LIST_ELEMENTS(oi->ospf->oiflist, oinode,
2066 oinnode, out_if)) {
2067 if (out_if == NULL)
2068 break;
2069
2070 if ((IPV4_ADDR_SAME(&out_if->address->u.prefix4,
2071 &lsa->data->id))
2072 && (!(IPV4_ADDR_SAME(
2073 &oi->ospf->router_id,
2074 &lsa->data->adv_router)))) {
2075 if (out_if->network_lsa_self) {
2076 ospf_lsa_flush_area(
2077 lsa, out_if->area);
2078 if (IS_DEBUG_OSPF_EVENT)
2079 zlog_debug(
2080 "ospf_lsa_discard() in ospf_ls_upd() point 9: lsa %p Type-%d",
2081 (void *)lsa,
2082 (int)lsa->data
2083 ->type);
2084 ospf_lsa_discard(lsa);
2085 Flag = 1;
2086 }
2087 break;
2088 }
2089 }
2090 if (Flag)
2091 continue;
2092 }
2093
2094 /* (5) Find the instance of this LSA that is currently contained
2095 in the router's link state database. If there is no
2096 database copy, or the received LSA is more recent than
2097 the database copy the following steps must be performed.
2098 (The sub steps from RFC 2328 section 13 step (5) will be
2099 performed in
2100 ospf_flood() ) */
2101
2102 if (current == NULL
2103 || (ret = ospf_lsa_more_recent(current, lsa)) < 0) {
2104 /* CVE-2017-3224 */
2105 if (current && (IS_LSA_MAX_SEQ(current))
2106 && (IS_LSA_MAX_SEQ(lsa)) && !IS_LSA_MAXAGE(lsa)) {
2107 zlog_debug(
2108 "Link State Update[%s]: has Max Seq and higher checksum but not MaxAge. Dropping it",
2109 dump_lsa_key(lsa));
2110
2111 DISCARD_LSA(lsa, 4);
2112 }
2113
2114 /* Actual flooding procedure. */
2115 if (ospf_flood(oi->ospf, nbr, current, lsa)
2116 < 0) /* Trap NSSA later. */
2117 DISCARD_LSA(lsa, 5);
2118 continue;
2119 }
2120
2121 /* (6) Else, If there is an instance of the LSA on the sending
2122 neighbor's Link state request list, an error has occurred in
2123 the Database Exchange process. In this case, restart the
2124 Database Exchange process by generating the neighbor event
2125 BadLSReq for the sending neighbor and stop processing the
2126 Link State Update packet. */
2127
2128 if (ospf_ls_request_lookup(nbr, lsa)) {
2129 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_BadLSReq);
2130 flog_warn(
2131 EC_OSPF_PACKET,
2132 "LSA[%s] instance exists on Link state request list",
2133 dump_lsa_key(lsa));
2134
2135 /* Clean list of LSAs. */
2136 ospf_upd_list_clean(lsas);
2137 /* this lsa is not on lsas list already. */
2138 ospf_lsa_discard(lsa);
2139 return;
2140 }
2141
2142 /* If the received LSA is the same instance as the database copy
2143 (i.e., neither one is more recent) the following two steps
2144 should be performed: */
2145
2146 if (ret == 0) {
2147 /* If the LSA is listed in the Link state retransmission
2148 list
2149 for the receiving adjacency, the router itself is
2150 expecting
2151 an acknowledgment for this LSA. The router should
2152 treat the
2153 received LSA as an acknowledgment by removing the LSA
2154 from
2155 the Link state retransmission list. This is termed
2156 an
2157 "implied acknowledgment". */
2158
2159 ls_ret = ospf_ls_retransmit_lookup(nbr, lsa);
2160
2161 if (ls_ret != NULL) {
2162 ospf_ls_retransmit_delete(nbr, ls_ret);
2163
2164 /* Delayed acknowledgment sent if advertisement
2165 received
2166 from Designated Router, otherwise do nothing.
2167 */
2168 if (oi->state == ISM_Backup)
2169 if (NBR_IS_DR(nbr))
2170 listnode_add(
2171 oi->ls_ack,
2172 ospf_lsa_lock(lsa));
2173
2174 DISCARD_LSA(lsa, 6);
2175 } else
2176 /* Acknowledge the receipt of the LSA by sending a
2177 Link State Acknowledgment packet back out the
2178 receiving
2179 interface. */
2180 {
2181 ospf_ls_ack_send(nbr, lsa);
2182 DISCARD_LSA(lsa, 7);
2183 }
2184 }
2185
2186 /* The database copy is more recent. If the database copy
2187 has LS age equal to MaxAge and LS sequence number equal to
2188 MaxSequenceNumber, simply discard the received LSA without
2189 acknowledging it. (In this case, the LSA's LS sequence number
2190 is
2191 wrapping, and the MaxSequenceNumber LSA must be completely
2192 flushed before any new LSA instance can be introduced). */
2193
2194 else if (ret > 0) /* Database copy is more recent */
2195 {
2196 if (IS_LSA_MAXAGE(current)
2197 && current->data->ls_seqnum
2198 == htonl(OSPF_MAX_SEQUENCE_NUMBER)) {
2199 DISCARD_LSA(lsa, 8);
2200 }
2201 /* Otherwise, as long as the database copy has not been
2202 sent in a
2203 Link State Update within the last MinLSArrival
2204 seconds, send the
2205 database copy back to the sending neighbor,
2206 encapsulated within
2207 a Link State Update Packet. The Link State Update
2208 Packet should
2209 be sent directly to the neighbor. In so doing, do not
2210 put the
2211 database copy of the LSA on the neighbor's link state
2212 retransmission list, and do not acknowledge the
2213 received (less
2214 recent) LSA instance. */
2215 else {
2216 if (monotime_since(&current->tv_orig, NULL)
2217 >= ospf->min_ls_arrival * 1000LL)
2218 /* Trap NSSA type later.*/
2219 ospf_ls_upd_send_lsa(
2220 nbr, current,
2221 OSPF_SEND_PACKET_DIRECT);
2222 DISCARD_LSA(lsa, 9);
2223 }
2224 }
2225 }
2226 #undef DISCARD_LSA
2227
2228 assert(listcount(lsas) == 0);
2229 list_delete(&lsas);
2230
2231 if (ospf->gr_info.restart_in_progress)
2232 ospf_gr_check_lsdb_consistency(oi->ospf, oi->area);
2233 }
2234
2235 /* OSPF Link State Acknowledgment message read -- RFC2328 Section 13.7. */
2236 static void ospf_ls_ack(struct ip *iph, struct ospf_header *ospfh,
2237 struct stream *s, struct ospf_interface *oi,
2238 uint16_t size)
2239 {
2240 struct ospf_neighbor *nbr;
2241
2242 /* increment statistics. */
2243 oi->ls_ack_in++;
2244
2245 nbr = ospf_nbr_lookup(oi, iph, ospfh);
2246 if (nbr == NULL) {
2247 flog_warn(EC_OSPF_PACKET,
2248 "Link State Acknowledgment: Unknown Neighbor %pI4",
2249 &ospfh->router_id);
2250 return;
2251 }
2252
2253 if (nbr->state < NSM_Exchange) {
2254 if (IS_DEBUG_OSPF(nsm, NSM_EVENTS))
2255 zlog_debug(
2256 "Link State Acknowledgment: Neighbor[%pI4] state %s is less than Exchange",
2257 &ospfh->router_id,
2258 lookup_msg(ospf_nsm_state_msg, nbr->state,
2259 NULL));
2260 return;
2261 }
2262
2263 while (size >= OSPF_LSA_HEADER_SIZE) {
2264 struct ospf_lsa *lsa, *lsr;
2265
2266 lsa = ospf_lsa_new();
2267 lsa->data = (struct lsa_header *)stream_pnt(s);
2268 lsa->vrf_id = oi->ospf->vrf_id;
2269
2270 /* lsah = (struct lsa_header *) stream_pnt (s); */
2271 size -= OSPF_LSA_HEADER_SIZE;
2272 stream_forward_getp(s, OSPF_LSA_HEADER_SIZE);
2273
2274 if (lsa->data->type < OSPF_MIN_LSA
2275 || lsa->data->type >= OSPF_MAX_LSA) {
2276 lsa->data = NULL;
2277 ospf_lsa_discard(lsa);
2278 continue;
2279 }
2280
2281 lsr = ospf_ls_retransmit_lookup(nbr, lsa);
2282
2283 if (lsr != NULL && ospf_lsa_more_recent(lsr, lsa) == 0) {
2284 ospf_ls_retransmit_delete(nbr, lsr);
2285 ospf_check_and_gen_init_seq_lsa(oi, lsa);
2286 }
2287
2288 lsa->data = NULL;
2289 ospf_lsa_discard(lsa);
2290 }
2291
2292 return;
2293 }
2294
2295 static struct stream *ospf_recv_packet(struct ospf *ospf, int fd,
2296 struct interface **ifp,
2297 struct stream *ibuf)
2298 {
2299 int ret;
2300 struct ip *iph;
2301 uint16_t ip_len;
2302 ifindex_t ifindex = 0;
2303 struct iovec iov;
2304 /* Header and data both require alignment. */
2305 char buff[CMSG_SPACE(SOPT_SIZE_CMSG_IFINDEX_IPV4())];
2306 struct msghdr msgh;
2307
2308 memset(&msgh, 0, sizeof(msgh));
2309 msgh.msg_iov = &iov;
2310 msgh.msg_iovlen = 1;
2311 msgh.msg_control = (caddr_t)buff;
2312 msgh.msg_controllen = sizeof(buff);
2313
2314 ret = stream_recvmsg(ibuf, fd, &msgh, MSG_DONTWAIT,
2315 OSPF_MAX_PACKET_SIZE + 1);
2316 if (ret < 0) {
2317 if (errno != EAGAIN && errno != EWOULDBLOCK)
2318 flog_warn(EC_OSPF_PACKET, "stream_recvmsg failed: %s",
2319 safe_strerror(errno));
2320 return NULL;
2321 }
2322 if ((unsigned int)ret < sizeof(struct ip)) {
2323 flog_warn(
2324 EC_OSPF_PACKET,
2325 "%s: discarding runt packet of length %d (ip header size is %u)",
2326 __func__, ret, (unsigned int)sizeof(iph));
2327 return NULL;
2328 }
2329
2330 /* Note that there should not be alignment problems with this assignment
2331 because this is at the beginning of the stream data buffer. */
2332 iph = (struct ip *)STREAM_DATA(ibuf);
2333 sockopt_iphdrincl_swab_systoh(iph);
2334
2335 ip_len = iph->ip_len;
2336
2337 #if defined(__FreeBSD__) && (__FreeBSD_version < 1000000)
2338 /*
2339 * Kernel network code touches incoming IP header parameters,
2340 * before protocol specific processing.
2341 *
2342 * 1) Convert byteorder to host representation.
2343 * --> ip_len, ip_id, ip_off
2344 *
2345 * 2) Adjust ip_len to strip IP header size!
2346 * --> If user process receives entire IP packet via RAW
2347 * socket, it must consider adding IP header size to
2348 * the "ip_len" field of "ip" structure.
2349 *
2350 * For more details, see <netinet/ip_input.c>.
2351 */
2352 ip_len = ip_len + (iph->ip_hl << 2);
2353 #endif
2354
2355 #if defined(__DragonFly__)
2356 /*
2357 * in DragonFly's raw socket, ip_len/ip_off are read
2358 * in network byte order.
2359 * As OpenBSD < 200311 adjust ip_len to strip IP header size!
2360 */
2361 ip_len = ntohs(iph->ip_len) + (iph->ip_hl << 2);
2362 #endif
2363
2364 ifindex = getsockopt_ifindex(AF_INET, &msgh);
2365
2366 *ifp = if_lookup_by_index(ifindex, ospf->vrf_id);
2367
2368 if (ret != ip_len) {
2369 flog_warn(
2370 EC_OSPF_PACKET,
2371 "%s read length mismatch: ip_len is %d, but recvmsg returned %d",
2372 __func__, ip_len, ret);
2373 return NULL;
2374 }
2375
2376 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2377 zlog_debug("%s: fd %d(%s) on interface %d(%s)", __func__, fd,
2378 ospf_get_name(ospf), ifindex,
2379 *ifp ? (*ifp)->name : "Unknown");
2380 return ibuf;
2381 }
2382
2383 static struct ospf_interface *
2384 ospf_associate_packet_vl(struct ospf *ospf, struct interface *ifp,
2385 struct ip *iph, struct ospf_header *ospfh)
2386 {
2387 struct ospf_interface *rcv_oi;
2388 struct ospf_vl_data *vl_data;
2389 struct ospf_area *vl_area;
2390 struct listnode *node;
2391
2392 if (IN_MULTICAST(ntohl(iph->ip_dst.s_addr))
2393 || !OSPF_IS_AREA_BACKBONE(ospfh))
2394 return NULL;
2395
2396 /* look for local OSPF interface matching the destination
2397 * to determine Area ID. We presume therefore the destination address
2398 * is unique, or at least (for "unnumbered" links), not used in other
2399 * areas
2400 */
2401 if ((rcv_oi = ospf_if_lookup_by_local_addr(ospf, NULL, iph->ip_dst))
2402 == NULL)
2403 return NULL;
2404
2405 for (ALL_LIST_ELEMENTS_RO(ospf->vlinks, node, vl_data)) {
2406 vl_area =
2407 ospf_area_lookup_by_area_id(ospf, vl_data->vl_area_id);
2408 if (!vl_area)
2409 continue;
2410
2411 if (OSPF_AREA_SAME(&vl_area, &rcv_oi->area)
2412 && IPV4_ADDR_SAME(&vl_data->vl_peer, &ospfh->router_id)) {
2413 if (IS_DEBUG_OSPF_EVENT)
2414 zlog_debug("associating packet with %s",
2415 IF_NAME(vl_data->vl_oi));
2416 if (!CHECK_FLAG(vl_data->vl_oi->ifp->flags, IFF_UP)) {
2417 if (IS_DEBUG_OSPF_EVENT)
2418 zlog_debug(
2419 "This VL is not up yet, sorry");
2420 return NULL;
2421 }
2422
2423 return vl_data->vl_oi;
2424 }
2425 }
2426
2427 if (IS_DEBUG_OSPF_EVENT)
2428 zlog_debug("couldn't find any VL to associate the packet with");
2429
2430 return NULL;
2431 }
2432
2433 static int ospf_check_area_id(struct ospf_interface *oi,
2434 struct ospf_header *ospfh)
2435 {
2436 /* Check match the Area ID of the receiving interface. */
2437 if (OSPF_AREA_SAME(&oi->area, &ospfh))
2438 return 1;
2439
2440 return 0;
2441 }
2442
2443 /* Unbound socket will accept any Raw IP packets if proto is matched.
2444 To prevent it, compare src IP address and i/f address with masking
2445 i/f network mask. */
2446 static int ospf_check_network_mask(struct ospf_interface *oi,
2447 struct in_addr ip_src)
2448 {
2449 struct in_addr mask, me, him;
2450
2451 if (oi->type == OSPF_IFTYPE_POINTOPOINT
2452 || oi->type == OSPF_IFTYPE_VIRTUALLINK)
2453 return 1;
2454
2455 /* Ignore mask check for max prefix length (32) */
2456 if (oi->type == OSPF_IFTYPE_POINTOMULTIPOINT
2457 && oi->address->prefixlen == IPV4_MAX_BITLEN)
2458 return 1;
2459
2460 masklen2ip(oi->address->prefixlen, &mask);
2461
2462 me.s_addr = oi->address->u.prefix4.s_addr & mask.s_addr;
2463 him.s_addr = ip_src.s_addr & mask.s_addr;
2464
2465 if (IPV4_ADDR_SAME(&me, &him))
2466 return 1;
2467
2468 return 0;
2469 }
2470
2471 /* Return 1, if the packet is properly authenticated and checksummed,
2472 0 otherwise. In particular, check that AuType header field is valid and
2473 matches the locally configured AuType, and that D.5 requirements are met. */
2474 static int ospf_check_auth(struct ospf_interface *oi, struct ospf_header *ospfh)
2475 {
2476 struct crypt_key *ck;
2477 uint16_t iface_auth_type;
2478 uint16_t pkt_auth_type = ntohs(ospfh->auth_type);
2479
2480 switch (pkt_auth_type) {
2481 case OSPF_AUTH_NULL: /* RFC2328 D.5.1 */
2482 if (OSPF_AUTH_NULL != (iface_auth_type = ospf_auth_type(oi))) {
2483 if (IS_DEBUG_OSPF_PACKET(ospfh->type - 1, RECV))
2484 flog_warn(
2485 EC_OSPF_PACKET,
2486 "interface %s: auth-type mismatch, local %s, rcvd Null",
2487 IF_NAME(oi),
2488 lookup_msg(ospf_auth_type_str,
2489 iface_auth_type, NULL));
2490 return 0;
2491 }
2492 if (!ospf_check_sum(ospfh)) {
2493 if (IS_DEBUG_OSPF_PACKET(ospfh->type - 1, RECV))
2494 flog_warn(
2495 EC_OSPF_PACKET,
2496 "interface %s: Null auth OK, but checksum error, Router-ID %pI4",
2497 IF_NAME(oi),
2498 &ospfh->router_id);
2499 return 0;
2500 }
2501 return 1;
2502 case OSPF_AUTH_SIMPLE: /* RFC2328 D.5.2 */
2503 if (OSPF_AUTH_SIMPLE
2504 != (iface_auth_type = ospf_auth_type(oi))) {
2505 if (IS_DEBUG_OSPF_PACKET(ospfh->type - 1, RECV))
2506 flog_warn(
2507 EC_OSPF_PACKET,
2508 "interface %s: auth-type mismatch, local %s, rcvd Simple",
2509 IF_NAME(oi),
2510 lookup_msg(ospf_auth_type_str,
2511 iface_auth_type, NULL));
2512 return 0;
2513 }
2514 if (memcmp(OSPF_IF_PARAM(oi, auth_simple), ospfh->u.auth_data,
2515 OSPF_AUTH_SIMPLE_SIZE)) {
2516 if (IS_DEBUG_OSPF_PACKET(ospfh->type - 1, RECV))
2517 flog_warn(EC_OSPF_PACKET,
2518 "interface %s: Simple auth failed",
2519 IF_NAME(oi));
2520 return 0;
2521 }
2522 if (!ospf_check_sum(ospfh)) {
2523 if (IS_DEBUG_OSPF_PACKET(ospfh->type - 1, RECV))
2524 flog_warn(
2525 EC_OSPF_PACKET,
2526 "interface %s: Simple auth OK, checksum error, Router-ID %pI4",
2527 IF_NAME(oi),
2528 &ospfh->router_id);
2529 return 0;
2530 }
2531 return 1;
2532 case OSPF_AUTH_CRYPTOGRAPHIC: /* RFC2328 D.5.3 */
2533 if (OSPF_AUTH_CRYPTOGRAPHIC
2534 != (iface_auth_type = ospf_auth_type(oi))) {
2535 if (IS_DEBUG_OSPF_PACKET(ospfh->type - 1, RECV))
2536 flog_warn(
2537 EC_OSPF_PACKET,
2538 "interface %s: auth-type mismatch, local %s, rcvd Cryptographic",
2539 IF_NAME(oi),
2540 lookup_msg(ospf_auth_type_str,
2541 iface_auth_type, NULL));
2542 return 0;
2543 }
2544 if (ospfh->checksum) {
2545 if (IS_DEBUG_OSPF_PACKET(ospfh->type - 1, RECV))
2546 flog_warn(
2547 EC_OSPF_PACKET,
2548 "interface %s: OSPF header checksum is not 0",
2549 IF_NAME(oi));
2550 return 0;
2551 }
2552 /* only MD5 crypto method can pass ospf_packet_examin() */
2553 if (NULL == (ck = listgetdata(
2554 listtail(OSPF_IF_PARAM(oi, auth_crypt))))
2555 || ospfh->u.crypt.key_id != ck->key_id ||
2556 /* Condition above uses the last key ID on the list,
2557 which is
2558 different from what ospf_crypt_key_lookup() does. A
2559 bug? */
2560 !ospf_check_md5_digest(oi, ospfh)) {
2561 if (IS_DEBUG_OSPF_PACKET(ospfh->type - 1, RECV))
2562 flog_warn(EC_OSPF_MD5,
2563 "interface %s: MD5 auth failed",
2564 IF_NAME(oi));
2565 return 0;
2566 }
2567 return 1;
2568 default:
2569 if (IS_DEBUG_OSPF_PACKET(ospfh->type - 1, RECV))
2570 flog_warn(
2571 EC_OSPF_PACKET,
2572 "interface %s: invalid packet auth-type (%02x)",
2573 IF_NAME(oi), pkt_auth_type);
2574 return 0;
2575 }
2576 }
2577
2578 static int ospf_check_sum(struct ospf_header *ospfh)
2579 {
2580 uint32_t ret;
2581 uint16_t sum;
2582
2583 /* clear auth_data for checksum. */
2584 memset(ospfh->u.auth_data, 0, OSPF_AUTH_SIMPLE_SIZE);
2585
2586 /* keep checksum and clear. */
2587 sum = ospfh->checksum;
2588 memset(&ospfh->checksum, 0, sizeof(uint16_t));
2589
2590 /* calculate checksum. */
2591 ret = in_cksum(ospfh, ntohs(ospfh->length));
2592
2593 if (ret != sum) {
2594 zlog_info("%s: checksum mismatch, my %X, his %X", __func__, ret,
2595 sum);
2596 return 0;
2597 }
2598
2599 return 1;
2600 }
2601
2602 /* Verify, that given link/TOS records are properly sized/aligned and match
2603 Router-LSA "# links" and "# TOS" fields as specified in RFC2328 A.4.2. */
2604 static unsigned ospf_router_lsa_links_examin(struct router_lsa_link *link,
2605 uint16_t linkbytes,
2606 const uint16_t num_links)
2607 {
2608 unsigned counted_links = 0, thislinklen;
2609
2610 while (linkbytes >= OSPF_ROUTER_LSA_LINK_SIZE) {
2611 thislinklen =
2612 OSPF_ROUTER_LSA_LINK_SIZE + 4 * link->m[0].tos_count;
2613 if (thislinklen > linkbytes) {
2614 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2615 zlog_debug("%s: length error in link block #%u",
2616 __func__, counted_links);
2617 return MSG_NG;
2618 }
2619 link = (struct router_lsa_link *)((caddr_t)link + thislinklen);
2620 linkbytes -= thislinklen;
2621 counted_links++;
2622 }
2623 if (counted_links != num_links) {
2624 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2625 zlog_debug("%s: %u link blocks declared, %u present",
2626 __func__, num_links, counted_links);
2627 return MSG_NG;
2628 }
2629 return MSG_OK;
2630 }
2631
2632 /* Verify, that the given LSA is properly sized/aligned (including type-specific
2633 minimum length constraint). */
2634 static unsigned ospf_lsa_examin(struct lsa_header *lsah, const uint16_t lsalen,
2635 const uint8_t headeronly)
2636 {
2637 unsigned ret;
2638 struct router_lsa *rlsa;
2639 if (lsah->type < OSPF_MAX_LSA && ospf_lsa_minlen[lsah->type]
2640 && lsalen < OSPF_LSA_HEADER_SIZE + ospf_lsa_minlen[lsah->type]) {
2641 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2642 zlog_debug("%s: undersized (%u B) %s", __func__, lsalen,
2643 lookup_msg(ospf_lsa_type_msg, lsah->type,
2644 NULL));
2645 return MSG_NG;
2646 }
2647 switch (lsah->type) {
2648 case OSPF_ROUTER_LSA: {
2649 /*
2650 * RFC2328 A.4.2, LSA header + 4 bytes followed by N>=0
2651 * (12+)-byte link blocks
2652 */
2653 size_t linkbytes_len = lsalen - OSPF_LSA_HEADER_SIZE
2654 - OSPF_ROUTER_LSA_MIN_SIZE;
2655
2656 /*
2657 * LSA link blocks are variable length but always multiples of
2658 * 4; basic sanity check
2659 */
2660 if (linkbytes_len % 4 != 0)
2661 return MSG_NG;
2662
2663 if (headeronly)
2664 return MSG_OK;
2665
2666 rlsa = (struct router_lsa *)lsah;
2667
2668 ret = ospf_router_lsa_links_examin(
2669 (struct router_lsa_link *)rlsa->link,
2670 linkbytes_len,
2671 ntohs(rlsa->links));
2672 break;
2673 }
2674 case OSPF_AS_EXTERNAL_LSA:
2675 /* RFC2328 A.4.5, LSA header + 4 bytes followed by N>=1 12-bytes long
2676 * blocks */
2677 case OSPF_AS_NSSA_LSA:
2678 /* RFC3101 C, idem */
2679 ret = (lsalen - OSPF_LSA_HEADER_SIZE
2680 - OSPF_AS_EXTERNAL_LSA_MIN_SIZE)
2681 % 12
2682 ? MSG_NG
2683 : MSG_OK;
2684 break;
2685 /* Following LSA types are considered OK length-wise as soon as their
2686 * minimum
2687 * length constraint is met and length of the whole LSA is a multiple of
2688 * 4
2689 * (basic LSA header size is already a multiple of 4). */
2690 case OSPF_NETWORK_LSA:
2691 /* RFC2328 A.4.3, LSA header + 4 bytes followed by N>=1 router-IDs */
2692 case OSPF_SUMMARY_LSA:
2693 case OSPF_ASBR_SUMMARY_LSA:
2694 /* RFC2328 A.4.4, LSA header + 4 bytes followed by N>=1 4-bytes TOS
2695 * blocks */
2696 case OSPF_OPAQUE_LINK_LSA:
2697 case OSPF_OPAQUE_AREA_LSA:
2698 case OSPF_OPAQUE_AS_LSA:
2699 /* RFC5250 A.2, "some number of octets (of application-specific
2700 * data) padded to 32-bit alignment." This is considered
2701 * equivalent
2702 * to 4-byte alignment of all other LSA types, see
2703 * OSPF-ALIGNMENT.txt
2704 * file for the detailed analysis of this passage. */
2705 ret = lsalen % 4 ? MSG_NG : MSG_OK;
2706 break;
2707 default:
2708 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2709 zlog_debug("%s: unsupported LSA type 0x%02x", __func__,
2710 lsah->type);
2711 return MSG_NG;
2712 }
2713 if (ret != MSG_OK && IS_DEBUG_OSPF_PACKET(0, RECV))
2714 zlog_debug("%s: alignment error in %s", __func__,
2715 lookup_msg(ospf_lsa_type_msg, lsah->type, NULL));
2716 return ret;
2717 }
2718
2719 /* Verify if the provided input buffer is a valid sequence of LSAs. This
2720 includes verification of LSA blocks length/alignment and dispatching
2721 of deeper-level checks. */
2722 static unsigned
2723 ospf_lsaseq_examin(struct lsa_header *lsah, /* start of buffered data */
2724 size_t length, const uint8_t headeronly,
2725 /* When declared_num_lsas is not 0, compare it to the real
2726 number of LSAs
2727 and treat the difference as an error. */
2728 const uint32_t declared_num_lsas)
2729 {
2730 uint32_t counted_lsas = 0;
2731
2732 while (length) {
2733 uint16_t lsalen;
2734 if (length < OSPF_LSA_HEADER_SIZE) {
2735 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2736 zlog_debug(
2737 "%s: undersized (%zu B) trailing (#%u) LSA header",
2738 __func__, length, counted_lsas);
2739 return MSG_NG;
2740 }
2741 /* save on ntohs() calls here and in the LSA validator */
2742 lsalen = ntohs(lsah->length);
2743 if (lsalen < OSPF_LSA_HEADER_SIZE) {
2744 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2745 zlog_debug(
2746 "%s: malformed LSA header #%u, declared length is %u B",
2747 __func__, counted_lsas, lsalen);
2748 return MSG_NG;
2749 }
2750 if (headeronly) {
2751 /* less checks here and in ospf_lsa_examin() */
2752 if (MSG_OK != ospf_lsa_examin(lsah, lsalen, 1)) {
2753 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2754 zlog_debug(
2755 "%s: malformed header-only LSA #%u",
2756 __func__, counted_lsas);
2757 return MSG_NG;
2758 }
2759 lsah = (struct lsa_header *)((caddr_t)lsah
2760 + OSPF_LSA_HEADER_SIZE);
2761 length -= OSPF_LSA_HEADER_SIZE;
2762 } else {
2763 /* make sure the input buffer is deep enough before
2764 * further checks */
2765 if (lsalen > length) {
2766 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2767 zlog_debug(
2768 "%s: anomaly in LSA #%u: declared length is %u B, buffered length is %zu B",
2769 __func__, counted_lsas, lsalen,
2770 length);
2771 return MSG_NG;
2772 }
2773 if (MSG_OK != ospf_lsa_examin(lsah, lsalen, 0)) {
2774 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2775 zlog_debug("%s: malformed LSA #%u",
2776 __func__, counted_lsas);
2777 return MSG_NG;
2778 }
2779 lsah = (struct lsa_header *)((caddr_t)lsah + lsalen);
2780 length -= lsalen;
2781 }
2782 counted_lsas++;
2783 }
2784
2785 if (declared_num_lsas && counted_lsas != declared_num_lsas) {
2786 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2787 zlog_debug(
2788 "%s: #LSAs declared (%u) does not match actual (%u)",
2789 __func__, declared_num_lsas, counted_lsas);
2790 return MSG_NG;
2791 }
2792 return MSG_OK;
2793 }
2794
2795 /* Verify a complete OSPF packet for proper sizing/alignment. */
2796 static unsigned ospf_packet_examin(struct ospf_header *oh,
2797 const unsigned bytesonwire)
2798 {
2799 uint16_t bytesdeclared, bytesauth;
2800 unsigned ret;
2801 struct ospf_ls_update *lsupd;
2802
2803 /* Length, 1st approximation. */
2804 if (bytesonwire < OSPF_HEADER_SIZE) {
2805 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2806 zlog_debug("%s: undersized (%u B) packet", __func__,
2807 bytesonwire);
2808 return MSG_NG;
2809 }
2810 /* Now it is safe to access header fields. Performing length check,
2811 * allow
2812 * for possible extra bytes of crypto auth/padding, which are not
2813 * counted
2814 * in the OSPF header "length" field. */
2815 if (oh->version != OSPF_VERSION) {
2816 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2817 zlog_debug("%s: invalid (%u) protocol version",
2818 __func__, oh->version);
2819 return MSG_NG;
2820 }
2821 bytesdeclared = ntohs(oh->length);
2822 if (ntohs(oh->auth_type) != OSPF_AUTH_CRYPTOGRAPHIC)
2823 bytesauth = 0;
2824 else {
2825 if (oh->u.crypt.auth_data_len != OSPF_AUTH_MD5_SIZE) {
2826 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2827 zlog_debug(
2828 "%s: unsupported crypto auth length (%u B)",
2829 __func__, oh->u.crypt.auth_data_len);
2830 return MSG_NG;
2831 }
2832 bytesauth = OSPF_AUTH_MD5_SIZE;
2833 }
2834 if (bytesdeclared + bytesauth > bytesonwire) {
2835 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2836 zlog_debug(
2837 "%s: packet length error (%u real, %u+%u declared)",
2838 __func__, bytesonwire, bytesdeclared,
2839 bytesauth);
2840 return MSG_NG;
2841 }
2842 /* Length, 2nd approximation. The type-specific constraint is checked
2843 against declared length, not amount of bytes on wire. */
2844 if (oh->type >= OSPF_MSG_HELLO && oh->type <= OSPF_MSG_LS_ACK
2845 && bytesdeclared
2846 < OSPF_HEADER_SIZE + ospf_packet_minlen[oh->type]) {
2847 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2848 zlog_debug("%s: undersized (%u B) %s packet", __func__,
2849 bytesdeclared,
2850 lookup_msg(ospf_packet_type_str, oh->type,
2851 NULL));
2852 return MSG_NG;
2853 }
2854 switch (oh->type) {
2855 case OSPF_MSG_HELLO:
2856 /* RFC2328 A.3.2, packet header + OSPF_HELLO_MIN_SIZE bytes
2857 followed
2858 by N>=0 router-IDs. */
2859 ret = (bytesdeclared - OSPF_HEADER_SIZE - OSPF_HELLO_MIN_SIZE)
2860 % 4
2861 ? MSG_NG
2862 : MSG_OK;
2863 break;
2864 case OSPF_MSG_DB_DESC:
2865 /* RFC2328 A.3.3, packet header + OSPF_DB_DESC_MIN_SIZE bytes
2866 followed
2867 by N>=0 header-only LSAs. */
2868 ret = ospf_lsaseq_examin(
2869 (struct lsa_header *)((caddr_t)oh + OSPF_HEADER_SIZE
2870 + OSPF_DB_DESC_MIN_SIZE),
2871 bytesdeclared - OSPF_HEADER_SIZE
2872 - OSPF_DB_DESC_MIN_SIZE,
2873 1, /* header-only LSAs */
2874 0);
2875 break;
2876 case OSPF_MSG_LS_REQ:
2877 /* RFC2328 A.3.4, packet header followed by N>=0 12-bytes
2878 * request blocks. */
2879 ret = (bytesdeclared - OSPF_HEADER_SIZE - OSPF_LS_REQ_MIN_SIZE)
2880 % OSPF_LSA_KEY_SIZE
2881 ? MSG_NG
2882 : MSG_OK;
2883 break;
2884 case OSPF_MSG_LS_UPD:
2885 /* RFC2328 A.3.5, packet header + OSPF_LS_UPD_MIN_SIZE bytes
2886 followed
2887 by N>=0 full LSAs (with N declared beforehand). */
2888 lsupd = (struct ospf_ls_update *)((caddr_t)oh
2889 + OSPF_HEADER_SIZE);
2890 ret = ospf_lsaseq_examin(
2891 (struct lsa_header *)((caddr_t)lsupd
2892 + OSPF_LS_UPD_MIN_SIZE),
2893 bytesdeclared - OSPF_HEADER_SIZE - OSPF_LS_UPD_MIN_SIZE,
2894 0, /* full LSAs */
2895 ntohl(lsupd->num_lsas) /* 32 bits */
2896 );
2897 break;
2898 case OSPF_MSG_LS_ACK:
2899 /* RFC2328 A.3.6, packet header followed by N>=0 header-only
2900 * LSAs. */
2901 ret = ospf_lsaseq_examin(
2902 (struct lsa_header *)((caddr_t)oh + OSPF_HEADER_SIZE
2903 + OSPF_LS_ACK_MIN_SIZE),
2904 bytesdeclared - OSPF_HEADER_SIZE - OSPF_LS_ACK_MIN_SIZE,
2905 1, /* header-only LSAs */
2906 0);
2907 break;
2908 default:
2909 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2910 zlog_debug("%s: invalid packet type 0x%02x", __func__,
2911 oh->type);
2912 return MSG_NG;
2913 }
2914 if (ret != MSG_OK && IS_DEBUG_OSPF_PACKET(0, RECV))
2915 zlog_debug("%s: malformed %s packet", __func__,
2916 lookup_msg(ospf_packet_type_str, oh->type, NULL));
2917 return ret;
2918 }
2919
2920 /* OSPF Header verification. */
2921 static int ospf_verify_header(struct stream *ibuf, struct ospf_interface *oi,
2922 struct ip *iph, struct ospf_header *ospfh)
2923 {
2924 /* Check Area ID. */
2925 if (!ospf_check_area_id(oi, ospfh)) {
2926 flog_warn(EC_OSPF_PACKET,
2927 "interface %s: ospf_read invalid Area ID %pI4",
2928 IF_NAME(oi), &ospfh->area_id);
2929 return -1;
2930 }
2931
2932 /* Check network mask, Silently discarded. */
2933 if (!ospf_check_network_mask(oi, iph->ip_src)) {
2934 flog_warn(
2935 EC_OSPF_PACKET,
2936 "interface %s: ospf_read network address is not same [%pI4]",
2937 IF_NAME(oi), &iph->ip_src);
2938 return -1;
2939 }
2940
2941 /* Check authentication. The function handles logging actions, where
2942 * required. */
2943 if (!ospf_check_auth(oi, ospfh))
2944 return -1;
2945
2946 return 0;
2947 }
2948
2949 enum ospf_read_return_enum {
2950 OSPF_READ_ERROR,
2951 OSPF_READ_CONTINUE,
2952 };
2953
2954 static enum ospf_read_return_enum ospf_read_helper(struct ospf *ospf)
2955 {
2956 int ret;
2957 struct stream *ibuf;
2958 struct ospf_interface *oi;
2959 struct ip *iph;
2960 struct ospf_header *ospfh;
2961 uint16_t length;
2962 struct connected *c;
2963 struct interface *ifp = NULL;
2964
2965 stream_reset(ospf->ibuf);
2966 ibuf = ospf_recv_packet(ospf, ospf->fd, &ifp, ospf->ibuf);
2967 if (ibuf == NULL)
2968 return OSPF_READ_ERROR;
2969
2970 /*
2971 * This raw packet is known to be at least as big as its
2972 * IP header. Note that there should not be alignment problems with
2973 * this assignment because this is at the beginning of the
2974 * stream data buffer.
2975 */
2976 iph = (struct ip *)STREAM_DATA(ibuf);
2977 /*
2978 * Note that sockopt_iphdrincl_swab_systoh was called in
2979 * ospf_recv_packet.
2980 */
2981 if (ifp == NULL) {
2982 /*
2983 * Handle cases where the platform does not support
2984 * retrieving the ifindex, and also platforms (such as
2985 * Solaris 8) that claim to support ifindex retrieval but do
2986 * not.
2987 */
2988 c = if_lookup_address((void *)&iph->ip_src, AF_INET,
2989 ospf->vrf_id);
2990 if (c)
2991 ifp = c->ifp;
2992 if (ifp == NULL) {
2993 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2994 zlog_debug(
2995 "%s: Unable to determine incoming interface from: %pI4(%s)",
2996 __func__, &iph->ip_src,
2997 ospf_get_name(ospf));
2998 return OSPF_READ_CONTINUE;
2999 }
3000 }
3001
3002 if (ospf->vrf_id == VRF_DEFAULT && ospf->vrf_id != ifp->vrf->vrf_id) {
3003 /*
3004 * We may have a situation where l3mdev_accept == 1
3005 * let's just kindly drop the packet and move on.
3006 * ospf really really really does not like when
3007 * we receive the same packet multiple times.
3008 */
3009 return OSPF_READ_CONTINUE;
3010 }
3011
3012 /* Self-originated packet should be discarded silently. */
3013 if (ospf_if_lookup_by_local_addr(ospf, NULL, iph->ip_src)) {
3014 if (IS_DEBUG_OSPF_PACKET(0, RECV)) {
3015 zlog_debug(
3016 "ospf_read[%pI4]: Dropping self-originated packet",
3017 &iph->ip_src);
3018 }
3019 return OSPF_READ_CONTINUE;
3020 }
3021
3022 /* Check that we have enough for an IP header */
3023 if ((unsigned int)(iph->ip_hl << 2) >= STREAM_READABLE(ibuf)) {
3024 if ((unsigned int)(iph->ip_hl << 2) == STREAM_READABLE(ibuf)) {
3025 flog_warn(
3026 EC_OSPF_PACKET,
3027 "Rx'd IP packet with OSPF protocol number but no payload");
3028 } else {
3029 flog_warn(
3030 EC_OSPF_PACKET,
3031 "IP header length field claims header is %u bytes, but we only have %zu",
3032 (unsigned int)(iph->ip_hl << 2),
3033 STREAM_READABLE(ibuf));
3034 }
3035
3036 return OSPF_READ_ERROR;
3037 }
3038 stream_forward_getp(ibuf, iph->ip_hl << 2);
3039
3040 ospfh = (struct ospf_header *)stream_pnt(ibuf);
3041 if (MSG_OK
3042 != ospf_packet_examin(ospfh, stream_get_endp(ibuf)
3043 - stream_get_getp(ibuf)))
3044 return OSPF_READ_CONTINUE;
3045 /* Now it is safe to access all fields of OSPF packet header. */
3046
3047 /* associate packet with ospf interface */
3048 oi = ospf_if_lookup_recv_if(ospf, iph->ip_src, ifp);
3049
3050 /*
3051 * ospf_verify_header() relies on a valid "oi" and thus can be called
3052 * only after the passive/backbone/other checks below are passed.
3053 * These checks in turn access the fields of unverified "ospfh"
3054 * structure for their own purposes and must remain very accurate
3055 * in doing this.
3056 */
3057
3058 /* If incoming interface is passive one, ignore it. */
3059 if (oi && OSPF_IF_PASSIVE_STATUS(oi) == OSPF_IF_PASSIVE) {
3060 if (IS_DEBUG_OSPF_EVENT)
3061 zlog_debug(
3062 "ignoring packet from router %pI4 sent to %pI4, received on a passive interface, %pI4",
3063 &ospfh->router_id, &iph->ip_dst,
3064 &oi->address->u.prefix4);
3065
3066 if (iph->ip_dst.s_addr == htonl(OSPF_ALLSPFROUTERS)) {
3067 /* Try to fix multicast membership.
3068 * Some OS:es may have problems in this area,
3069 * make sure it is removed.
3070 */
3071 OI_MEMBER_JOINED(oi, MEMBER_ALLROUTERS);
3072 ospf_if_set_multicast(oi);
3073 }
3074 return OSPF_READ_CONTINUE;
3075 }
3076
3077
3078 /* if no local ospf_interface,
3079 * or header area is backbone but ospf_interface is not
3080 * check for VLINK interface
3081 */
3082 if ((oi == NULL)
3083 || (OSPF_IS_AREA_ID_BACKBONE(ospfh->area_id)
3084 && !OSPF_IS_AREA_ID_BACKBONE(oi->area->area_id))) {
3085 if ((oi = ospf_associate_packet_vl(ospf, ifp, iph, ospfh))
3086 == NULL) {
3087 if (!ospf->instance && IS_DEBUG_OSPF_EVENT)
3088 zlog_debug(
3089 "Packet from [%pI4] received on link %s but no ospf_interface",
3090 &iph->ip_src, ifp->name);
3091 return OSPF_READ_CONTINUE;
3092 }
3093 }
3094
3095 /*
3096 * else it must be a local ospf interface, check it was
3097 * received on correct link
3098 */
3099 else if (oi->ifp != ifp) {
3100 if (IS_DEBUG_OSPF_EVENT)
3101 flog_warn(EC_OSPF_PACKET,
3102 "Packet from [%pI4] received on wrong link %s",
3103 &iph->ip_src, ifp->name);
3104 return OSPF_READ_CONTINUE;
3105 } else if (oi->state == ISM_Down) {
3106 flog_warn(
3107 EC_OSPF_PACKET,
3108 "Ignoring packet from %pI4 to %pI4 received on interface that is down [%s]; interface flags are %s",
3109 &iph->ip_src, &iph->ip_dst, ifp->name,
3110 if_flag_dump(ifp->flags));
3111 /* Fix multicast memberships? */
3112 if (iph->ip_dst.s_addr == htonl(OSPF_ALLSPFROUTERS))
3113 OI_MEMBER_JOINED(oi, MEMBER_ALLROUTERS);
3114 else if (iph->ip_dst.s_addr == htonl(OSPF_ALLDROUTERS))
3115 OI_MEMBER_JOINED(oi, MEMBER_DROUTERS);
3116 if (oi->multicast_memberships)
3117 ospf_if_set_multicast(oi);
3118 return OSPF_READ_CONTINUE;
3119 }
3120
3121 /*
3122 * If the received packet is destined for AllDRouters, the
3123 * packet should be accepted only if the received ospf
3124 * interface state is either DR or Backup -- endo.
3125 *
3126 * I wonder who endo is?
3127 */
3128 if (iph->ip_dst.s_addr == htonl(OSPF_ALLDROUTERS)
3129 && (oi->state != ISM_DR && oi->state != ISM_Backup)) {
3130 flog_warn(
3131 EC_OSPF_PACKET,
3132 "Dropping packet for AllDRouters from [%pI4] via [%s] (ISM: %s)",
3133 &iph->ip_src, IF_NAME(oi),
3134 lookup_msg(ospf_ism_state_msg, oi->state, NULL));
3135 /* Try to fix multicast membership. */
3136 SET_FLAG(oi->multicast_memberships, MEMBER_DROUTERS);
3137 ospf_if_set_multicast(oi);
3138 return OSPF_READ_CONTINUE;
3139 }
3140
3141 /* Verify more OSPF header fields. */
3142 ret = ospf_verify_header(ibuf, oi, iph, ospfh);
3143 if (ret < 0) {
3144 if (IS_DEBUG_OSPF_PACKET(0, RECV))
3145 zlog_debug(
3146 "ospf_read[%pI4]: Header check failed, dropping.",
3147 &iph->ip_src);
3148 return OSPF_READ_CONTINUE;
3149 }
3150
3151 /* Show debug receiving packet. */
3152 if (IS_DEBUG_OSPF_PACKET(ospfh->type - 1, RECV)) {
3153 if (IS_DEBUG_OSPF_PACKET(ospfh->type - 1, DETAIL)) {
3154 zlog_debug(
3155 "-----------------------------------------------------");
3156 ospf_packet_dump(ibuf);
3157 }
3158
3159 zlog_debug("%s received from [%pI4] via [%s]",
3160 lookup_msg(ospf_packet_type_str, ospfh->type, NULL),
3161 &ospfh->router_id, IF_NAME(oi));
3162 zlog_debug(" src [%pI4],", &iph->ip_src);
3163 zlog_debug(" dst [%pI4]", &iph->ip_dst);
3164
3165 if (IS_DEBUG_OSPF_PACKET(ospfh->type - 1, DETAIL))
3166 zlog_debug(
3167 "-----------------------------------------------------");
3168 }
3169
3170 stream_forward_getp(ibuf, OSPF_HEADER_SIZE);
3171
3172 /* Adjust size to message length. */
3173 length = ntohs(ospfh->length) - OSPF_HEADER_SIZE;
3174
3175 /* Read rest of the packet and call each sort of packet routine.
3176 */
3177 switch (ospfh->type) {
3178 case OSPF_MSG_HELLO:
3179 ospf_hello(iph, ospfh, ibuf, oi, length);
3180 break;
3181 case OSPF_MSG_DB_DESC:
3182 ospf_db_desc(iph, ospfh, ibuf, oi, length);
3183 break;
3184 case OSPF_MSG_LS_REQ:
3185 ospf_ls_req(iph, ospfh, ibuf, oi, length);
3186 break;
3187 case OSPF_MSG_LS_UPD:
3188 ospf_ls_upd(ospf, iph, ospfh, ibuf, oi, length);
3189 break;
3190 case OSPF_MSG_LS_ACK:
3191 ospf_ls_ack(iph, ospfh, ibuf, oi, length);
3192 break;
3193 default:
3194 flog_warn(
3195 EC_OSPF_PACKET,
3196 "interface %s(%s): OSPF packet header type %d is illegal",
3197 IF_NAME(oi), ospf_get_name(ospf), ospfh->type);
3198 break;
3199 }
3200
3201 return OSPF_READ_CONTINUE;
3202 }
3203
3204 /* Starting point of packet process function. */
3205 void ospf_read(struct thread *thread)
3206 {
3207 struct ospf *ospf;
3208 int32_t count = 0;
3209 enum ospf_read_return_enum ret;
3210
3211 /* first of all get interface pointer. */
3212 ospf = THREAD_ARG(thread);
3213
3214 /* prepare for next packet. */
3215 thread_add_read(master, ospf_read, ospf, ospf->fd, &ospf->t_read);
3216
3217 while (count < ospf->write_oi_count) {
3218 count++;
3219 ret = ospf_read_helper(ospf);
3220 switch (ret) {
3221 case OSPF_READ_ERROR:
3222 return;
3223 case OSPF_READ_CONTINUE:
3224 break;
3225 }
3226 }
3227 }
3228
3229 /* Make OSPF header. */
3230 static void ospf_make_header(int type, struct ospf_interface *oi,
3231 struct stream *s)
3232 {
3233 struct ospf_header *ospfh;
3234
3235 ospfh = (struct ospf_header *)STREAM_DATA(s);
3236
3237 ospfh->version = (uint8_t)OSPF_VERSION;
3238 ospfh->type = (uint8_t)type;
3239
3240 ospfh->router_id = oi->ospf->router_id;
3241
3242 ospfh->checksum = 0;
3243 ospfh->area_id = oi->area->area_id;
3244 ospfh->auth_type = htons(ospf_auth_type(oi));
3245
3246 memset(ospfh->u.auth_data, 0, OSPF_AUTH_SIMPLE_SIZE);
3247
3248 stream_forward_endp(s, OSPF_HEADER_SIZE);
3249 }
3250
3251 /* Make Authentication Data. */
3252 static int ospf_make_auth(struct ospf_interface *oi, struct ospf_header *ospfh)
3253 {
3254 struct crypt_key *ck;
3255
3256 switch (ospf_auth_type(oi)) {
3257 case OSPF_AUTH_NULL:
3258 /* memset (ospfh->u.auth_data, 0, sizeof(ospfh->u.auth_data));
3259 */
3260 break;
3261 case OSPF_AUTH_SIMPLE:
3262 memcpy(ospfh->u.auth_data, OSPF_IF_PARAM(oi, auth_simple),
3263 OSPF_AUTH_SIMPLE_SIZE);
3264 break;
3265 case OSPF_AUTH_CRYPTOGRAPHIC:
3266 /* If key is not set, then set 0. */
3267 if (list_isempty(OSPF_IF_PARAM(oi, auth_crypt))) {
3268 ospfh->u.crypt.zero = 0;
3269 ospfh->u.crypt.key_id = 0;
3270 ospfh->u.crypt.auth_data_len = OSPF_AUTH_MD5_SIZE;
3271 } else {
3272 ck = listgetdata(
3273 listtail(OSPF_IF_PARAM(oi, auth_crypt)));
3274 ospfh->u.crypt.zero = 0;
3275 ospfh->u.crypt.key_id = ck->key_id;
3276 ospfh->u.crypt.auth_data_len = OSPF_AUTH_MD5_SIZE;
3277 }
3278 /* note: the seq is done in ospf_make_md5_digest() */
3279 break;
3280 default:
3281 /* memset (ospfh->u.auth_data, 0, sizeof(ospfh->u.auth_data));
3282 */
3283 break;
3284 }
3285
3286 return 0;
3287 }
3288
3289 /* Fill rest of OSPF header. */
3290 static void ospf_fill_header(struct ospf_interface *oi, struct stream *s,
3291 uint16_t length)
3292 {
3293 struct ospf_header *ospfh;
3294
3295 ospfh = (struct ospf_header *)STREAM_DATA(s);
3296
3297 /* Fill length. */
3298 ospfh->length = htons(length);
3299
3300 /* Calculate checksum. */
3301 if (ntohs(ospfh->auth_type) != OSPF_AUTH_CRYPTOGRAPHIC)
3302 ospfh->checksum = in_cksum(ospfh, length);
3303 else
3304 ospfh->checksum = 0;
3305
3306 /* Add Authentication Data. */
3307 ospf_make_auth(oi, ospfh);
3308 }
3309
3310 static int ospf_make_hello(struct ospf_interface *oi, struct stream *s)
3311 {
3312 struct ospf_neighbor *nbr;
3313 struct route_node *rn;
3314 uint16_t length = OSPF_HELLO_MIN_SIZE;
3315 struct in_addr mask;
3316 unsigned long p;
3317 int flag = 0;
3318
3319 /* Set netmask of interface. */
3320 if (!(CHECK_FLAG(oi->connected->flags, ZEBRA_IFA_UNNUMBERED)
3321 && oi->type == OSPF_IFTYPE_POINTOPOINT)
3322 && oi->type != OSPF_IFTYPE_VIRTUALLINK)
3323 masklen2ip(oi->address->prefixlen, &mask);
3324 else
3325 memset((char *)&mask, 0, sizeof(struct in_addr));
3326 stream_put_ipv4(s, mask.s_addr);
3327
3328 /* Set Hello Interval. */
3329 if (OSPF_IF_PARAM(oi, fast_hello) == 0)
3330 stream_putw(s, OSPF_IF_PARAM(oi, v_hello));
3331 else
3332 stream_putw(s, 0); /* hello-interval of 0 for fast-hellos */
3333
3334 if (IS_DEBUG_OSPF_EVENT)
3335 zlog_debug("%s: options: %x, int: %s", __func__, OPTIONS(oi),
3336 IF_NAME(oi));
3337
3338 /* Set Options. */
3339 stream_putc(s, OPTIONS(oi));
3340
3341 /* Set Router Priority. */
3342 stream_putc(s, PRIORITY(oi));
3343
3344 /* Set Router Dead Interval. */
3345 stream_putl(s, OSPF_IF_PARAM(oi, v_wait));
3346
3347 /* Set Designated Router. */
3348 stream_put_ipv4(s, DR(oi).s_addr);
3349
3350 p = stream_get_endp(s);
3351
3352 /* Set Backup Designated Router. */
3353 stream_put_ipv4(s, BDR(oi).s_addr);
3354
3355 /* Add neighbor seen. */
3356 for (rn = route_top(oi->nbrs); rn; rn = route_next(rn)) {
3357 nbr = rn->info;
3358
3359 if (!nbr)
3360 continue;
3361
3362 /* Ignore the 0.0.0.0 node */
3363 if (nbr->router_id.s_addr == INADDR_ANY)
3364 continue;
3365
3366 /* Ignore Down neighbor */
3367 if (nbr->state == NSM_Attempt)
3368 continue;
3369
3370 /* This is myself for DR election */
3371 if (nbr->state == NSM_Down)
3372 continue;
3373
3374 if (IPV4_ADDR_SAME(&nbr->router_id, &oi->ospf->router_id))
3375 continue;
3376 /* Check neighbor is sane? */
3377 if (nbr->d_router.s_addr != INADDR_ANY &&
3378 IPV4_ADDR_SAME(&nbr->d_router, &oi->address->u.prefix4) &&
3379 IPV4_ADDR_SAME(&nbr->bd_router, &oi->address->u.prefix4))
3380 flag = 1;
3381
3382 /* Hello packet overflows interface MTU.
3383 */
3384 if (length + sizeof(uint32_t) > ospf_packet_max(oi)) {
3385 flog_err(
3386 EC_OSPF_LARGE_HELLO,
3387 "Oversized Hello packet! Larger than MTU. Not sending it out");
3388 return 0;
3389 }
3390
3391 stream_put_ipv4(s, nbr->router_id.s_addr);
3392 length += 4;
3393 }
3394
3395 /* Let neighbor generate BackupSeen. */
3396 if (flag == 1)
3397 stream_putl_at(s, p, 0); /* ipv4 address, normally */
3398
3399 return length;
3400 }
3401
3402 static int ospf_make_db_desc(struct ospf_interface *oi,
3403 struct ospf_neighbor *nbr, struct stream *s)
3404 {
3405 struct ospf_lsa *lsa;
3406 uint16_t length = OSPF_DB_DESC_MIN_SIZE;
3407 uint8_t options;
3408 unsigned long pp;
3409 int i;
3410 struct ospf_lsdb *lsdb;
3411
3412 /* Set Interface MTU. */
3413 if (oi->type == OSPF_IFTYPE_VIRTUALLINK)
3414 stream_putw(s, 0);
3415 else
3416 stream_putw(s, oi->ifp->mtu);
3417
3418 /* Set Options. */
3419 options = OPTIONS(oi);
3420 if (CHECK_FLAG(oi->ospf->config, OSPF_OPAQUE_CAPABLE))
3421 SET_FLAG(options, OSPF_OPTION_O);
3422 stream_putc(s, options);
3423
3424 /* DD flags */
3425 pp = stream_get_endp(s);
3426 stream_putc(s, nbr->dd_flags);
3427
3428 /* Set DD Sequence Number. */
3429 stream_putl(s, nbr->dd_seqnum);
3430
3431 /* shortcut unneeded walk of (empty) summary LSDBs */
3432 if (ospf_db_summary_isempty(nbr))
3433 goto empty;
3434
3435 /* Describe LSA Header from Database Summary List. */
3436 lsdb = &nbr->db_sum;
3437
3438 for (i = OSPF_MIN_LSA; i < OSPF_MAX_LSA; i++) {
3439 struct route_table *table = lsdb->type[i].db;
3440 struct route_node *rn;
3441
3442 for (rn = route_top(table); rn; rn = route_next(rn))
3443 if ((lsa = rn->info) != NULL) {
3444 if (IS_OPAQUE_LSA(lsa->data->type)
3445 && (!CHECK_FLAG(options, OSPF_OPTION_O))) {
3446 /* Suppress advertising
3447 * opaque-information. */
3448 /* Remove LSA from DB summary list. */
3449 ospf_lsdb_delete(lsdb, lsa);
3450 continue;
3451 }
3452
3453 if (!CHECK_FLAG(lsa->flags, OSPF_LSA_DISCARD)) {
3454 struct lsa_header *lsah;
3455 uint16_t ls_age;
3456
3457 /* DD packet overflows interface MTU. */
3458 if (length + OSPF_LSA_HEADER_SIZE
3459 > ospf_packet_max(oi))
3460 break;
3461
3462 /* Keep pointer to LS age. */
3463 lsah = (struct lsa_header
3464 *)(STREAM_DATA(s)
3465 + stream_get_endp(
3466 s));
3467
3468 /* Proceed stream pointer. */
3469 stream_put(s, lsa->data,
3470 OSPF_LSA_HEADER_SIZE);
3471 length += OSPF_LSA_HEADER_SIZE;
3472
3473 /* Set LS age. */
3474 ls_age = LS_AGE(lsa);
3475 lsah->ls_age = htons(ls_age);
3476 }
3477
3478 /* Remove LSA from DB summary list. */
3479 ospf_lsdb_delete(lsdb, lsa);
3480 }
3481 }
3482
3483 /* Update 'More' bit */
3484 if (ospf_db_summary_isempty(nbr)) {
3485 empty:
3486 if (nbr->state >= NSM_Exchange) {
3487 UNSET_FLAG(nbr->dd_flags, OSPF_DD_FLAG_M);
3488 /* Rewrite DD flags */
3489 stream_putc_at(s, pp, nbr->dd_flags);
3490 } else {
3491 assert(IS_SET_DD_M(nbr->dd_flags));
3492 }
3493 }
3494 return length;
3495 }
3496
3497 static int ospf_make_ls_req_func(struct stream *s, uint16_t *length,
3498 unsigned long delta, struct ospf_neighbor *nbr,
3499 struct ospf_lsa *lsa)
3500 {
3501 struct ospf_interface *oi;
3502
3503 oi = nbr->oi;
3504
3505 /* LS Request packet overflows interface MTU
3506 * delta is just number of bytes required for 1 LS Req
3507 * ospf_packet_max will return the number of bytes can
3508 * be accommodated without ospf header. So length+delta
3509 * can be compared to ospf_packet_max
3510 * to check if it can fit another lsreq in the same packet.
3511 */
3512
3513 if (*length + delta > ospf_packet_max(oi))
3514 return 0;
3515
3516 stream_putl(s, lsa->data->type);
3517 stream_put_ipv4(s, lsa->data->id.s_addr);
3518 stream_put_ipv4(s, lsa->data->adv_router.s_addr);
3519
3520 ospf_lsa_unlock(&nbr->ls_req_last);
3521 nbr->ls_req_last = ospf_lsa_lock(lsa);
3522
3523 *length += 12;
3524 return 1;
3525 }
3526
3527 static int ospf_make_ls_req(struct ospf_neighbor *nbr, struct stream *s)
3528 {
3529 struct ospf_lsa *lsa;
3530 uint16_t length = OSPF_LS_REQ_MIN_SIZE;
3531 unsigned long delta = 12;
3532 struct route_table *table;
3533 struct route_node *rn;
3534 int i;
3535 struct ospf_lsdb *lsdb;
3536
3537 lsdb = &nbr->ls_req;
3538
3539 for (i = OSPF_MIN_LSA; i < OSPF_MAX_LSA; i++) {
3540 table = lsdb->type[i].db;
3541 for (rn = route_top(table); rn; rn = route_next(rn))
3542 if ((lsa = (rn->info)) != NULL)
3543 if (ospf_make_ls_req_func(s, &length, delta,
3544 nbr, lsa)
3545 == 0) {
3546 route_unlock_node(rn);
3547 break;
3548 }
3549 }
3550 return length;
3551 }
3552
3553 static int ls_age_increment(struct ospf_lsa *lsa, int delay)
3554 {
3555 int age;
3556
3557 age = IS_LSA_MAXAGE(lsa) ? OSPF_LSA_MAXAGE : LS_AGE(lsa) + delay;
3558
3559 return (age > OSPF_LSA_MAXAGE ? OSPF_LSA_MAXAGE : age);
3560 }
3561
3562 static int ospf_make_ls_upd(struct ospf_interface *oi, struct list *update,
3563 struct stream *s)
3564 {
3565 struct ospf_lsa *lsa;
3566 struct listnode *node;
3567 uint16_t length = 0;
3568 unsigned int size_noauth;
3569 unsigned long delta = stream_get_endp(s);
3570 unsigned long pp;
3571 int count = 0;
3572
3573 if (IS_DEBUG_OSPF_EVENT)
3574 zlog_debug("%s: Start", __func__);
3575
3576 pp = stream_get_endp(s);
3577 stream_forward_endp(s, OSPF_LS_UPD_MIN_SIZE);
3578 length += OSPF_LS_UPD_MIN_SIZE;
3579
3580 /* Calculate amount of packet usable for data. */
3581 size_noauth = stream_get_size(s) - ospf_packet_authspace(oi);
3582
3583 while ((node = listhead(update)) != NULL) {
3584 struct lsa_header *lsah;
3585 uint16_t ls_age;
3586
3587 lsa = listgetdata(node);
3588 assert(lsa->data);
3589
3590 if (IS_DEBUG_OSPF_EVENT)
3591 zlog_debug("%s: List Iteration %d LSA[%s]", __func__,
3592 count, dump_lsa_key(lsa));
3593
3594 /* Will it fit? Minimum it has to fit at least one */
3595 if ((length + delta + ntohs(lsa->data->length) > size_noauth) &&
3596 (count > 0))
3597 break;
3598
3599 /* Keep pointer to LS age. */
3600 lsah = (struct lsa_header *)(STREAM_DATA(s)
3601 + stream_get_endp(s));
3602
3603 /* Put LSA to Link State Request. */
3604 stream_put(s, lsa->data, ntohs(lsa->data->length));
3605
3606 /* Set LS age. */
3607 /* each hop must increment an lsa_age by transmit_delay
3608 of OSPF interface */
3609 ls_age = ls_age_increment(lsa,
3610 OSPF_IF_PARAM(oi, transmit_delay));
3611 lsah->ls_age = htons(ls_age);
3612
3613 length += ntohs(lsa->data->length);
3614 count++;
3615
3616 list_delete_node(update, node);
3617 ospf_lsa_unlock(&lsa); /* oi->ls_upd_queue */
3618 }
3619
3620 /* Now set #LSAs. */
3621 stream_putl_at(s, pp, count);
3622
3623 if (IS_DEBUG_OSPF_EVENT)
3624 zlog_debug("%s: Stop", __func__);
3625 return length;
3626 }
3627
3628 static int ospf_make_ls_ack(struct ospf_interface *oi, struct list *ack,
3629 struct stream *s)
3630 {
3631 struct listnode *node, *nnode;
3632 uint16_t length = OSPF_LS_ACK_MIN_SIZE;
3633 unsigned long delta = OSPF_LSA_HEADER_SIZE;
3634 struct ospf_lsa *lsa;
3635
3636 for (ALL_LIST_ELEMENTS(ack, node, nnode, lsa)) {
3637 assert(lsa);
3638
3639 /* LS Ack packet overflows interface MTU
3640 * delta is just number of bytes required for
3641 * 1 LS Ack(1 LS Hdr) ospf_packet_max will return
3642 * the number of bytes can be accommodated without
3643 * ospf header. So length+delta can be compared
3644 * against ospf_packet_max to check if it can fit
3645 * another ls header in the same packet.
3646 */
3647 if ((length + delta) > ospf_packet_max(oi))
3648 break;
3649
3650 stream_put(s, lsa->data, OSPF_LSA_HEADER_SIZE);
3651 length += OSPF_LSA_HEADER_SIZE;
3652
3653 listnode_delete(ack, lsa);
3654 ospf_lsa_unlock(&lsa); /* oi->ls_ack_direct.ls_ack */
3655 }
3656
3657 return length;
3658 }
3659
3660 static void ospf_hello_send_sub(struct ospf_interface *oi, in_addr_t addr)
3661 {
3662 struct ospf_packet *op;
3663 uint16_t length = OSPF_HEADER_SIZE;
3664
3665 op = ospf_packet_new(oi->ifp->mtu);
3666
3667 /* Prepare OSPF common header. */
3668 ospf_make_header(OSPF_MSG_HELLO, oi, op->s);
3669
3670 /* Prepare OSPF Hello body. */
3671 length += ospf_make_hello(oi, op->s);
3672 if (length == OSPF_HEADER_SIZE) {
3673 /* Hello overshooting MTU */
3674 ospf_packet_free(op);
3675 return;
3676 }
3677
3678 /* Fill OSPF header. */
3679 ospf_fill_header(oi, op->s, length);
3680
3681 /* Set packet length. */
3682 op->length = length;
3683
3684 op->dst.s_addr = addr;
3685
3686 if (IS_DEBUG_OSPF_EVENT) {
3687 if (oi->ospf->vrf_id)
3688 zlog_debug(
3689 "%s: Hello Tx interface %s ospf vrf %s id %u",
3690 __func__, oi->ifp->name,
3691 ospf_vrf_id_to_name(oi->ospf->vrf_id),
3692 oi->ospf->vrf_id);
3693 }
3694 /* Add packet to the top of the interface output queue, so that they
3695 * can't get delayed by things like long queues of LS Update packets
3696 */
3697 ospf_packet_add_top(oi, op);
3698
3699 /* Hook thread to write packet. */
3700 OSPF_ISM_WRITE_ON(oi->ospf);
3701 }
3702
3703 static void ospf_poll_send(struct ospf_nbr_nbma *nbr_nbma)
3704 {
3705 struct ospf_interface *oi;
3706
3707 oi = nbr_nbma->oi;
3708 assert(oi);
3709
3710 /* If this is passive interface, do not send OSPF Hello. */
3711 if (OSPF_IF_PASSIVE_STATUS(oi) == OSPF_IF_PASSIVE)
3712 return;
3713
3714 if (oi->type != OSPF_IFTYPE_NBMA)
3715 return;
3716
3717 if (nbr_nbma->nbr != NULL && nbr_nbma->nbr->state != NSM_Down)
3718 return;
3719
3720 if (PRIORITY(oi) == 0)
3721 return;
3722
3723 if (nbr_nbma->priority == 0 && oi->state != ISM_DR
3724 && oi->state != ISM_Backup)
3725 return;
3726
3727 ospf_hello_send_sub(oi, nbr_nbma->addr.s_addr);
3728 }
3729
3730 void ospf_poll_timer(struct thread *thread)
3731 {
3732 struct ospf_nbr_nbma *nbr_nbma;
3733
3734 nbr_nbma = THREAD_ARG(thread);
3735 nbr_nbma->t_poll = NULL;
3736
3737 if (IS_DEBUG_OSPF(nsm, NSM_TIMERS))
3738 zlog_debug("NSM[%s:%pI4]: Timer (Poll timer expire)",
3739 IF_NAME(nbr_nbma->oi), &nbr_nbma->addr);
3740
3741 ospf_poll_send(nbr_nbma);
3742
3743 if (nbr_nbma->v_poll > 0)
3744 OSPF_POLL_TIMER_ON(nbr_nbma->t_poll, ospf_poll_timer,
3745 nbr_nbma->v_poll);
3746 }
3747
3748
3749 void ospf_hello_reply_timer(struct thread *thread)
3750 {
3751 struct ospf_neighbor *nbr;
3752
3753 nbr = THREAD_ARG(thread);
3754 nbr->t_hello_reply = NULL;
3755
3756 if (IS_DEBUG_OSPF(nsm, NSM_TIMERS))
3757 zlog_debug("NSM[%s:%pI4]: Timer (hello-reply timer expire)",
3758 IF_NAME(nbr->oi), &nbr->router_id);
3759
3760 ospf_hello_send_sub(nbr->oi, nbr->address.u.prefix4.s_addr);
3761 }
3762
3763 /* Send OSPF Hello. */
3764 void ospf_hello_send(struct ospf_interface *oi)
3765 {
3766 /* If this is passive interface, do not send OSPF Hello. */
3767 if (OSPF_IF_PASSIVE_STATUS(oi) == OSPF_IF_PASSIVE)
3768 return;
3769
3770 if (oi->type == OSPF_IFTYPE_NBMA) {
3771 struct ospf_neighbor *nbr;
3772 struct route_node *rn;
3773
3774 for (rn = route_top(oi->nbrs); rn; rn = route_next(rn)) {
3775 nbr = rn->info;
3776 if (!nbr)
3777 continue;
3778
3779 if (nbr == oi->nbr_self)
3780 continue;
3781
3782 if (nbr->state == NSM_Down)
3783 continue;
3784
3785 /*
3786 * RFC 2328 Section 9.5.1
3787 * If the router is not eligible to become Designated
3788 * Router, it must periodically send Hello Packets to
3789 * both the Designated Router and the Backup
3790 * Designated Router (if they exist).
3791 */
3792 if (PRIORITY(oi) == 0 &&
3793 IPV4_ADDR_CMP(&DR(oi), &nbr->address.u.prefix4) &&
3794 IPV4_ADDR_CMP(&BDR(oi), &nbr->address.u.prefix4))
3795 continue;
3796
3797 /*
3798 * If the router is eligible to become Designated
3799 * Router, it must periodically send Hello Packets to
3800 * all neighbors that are also eligible. In addition,
3801 * if the router is itself the Designated Router or
3802 * Backup Designated Router, it must also send periodic
3803 * Hello Packets to all other neighbors.
3804 */
3805 if (nbr->priority == 0 && oi->state == ISM_DROther)
3806 continue;
3807
3808 /* if oi->state == Waiting, send
3809 * hello to all neighbors */
3810 ospf_hello_send_sub(oi, nbr->address.u.prefix4.s_addr);
3811 }
3812 } else {
3813 /* Decide destination address. */
3814 if (oi->type == OSPF_IFTYPE_VIRTUALLINK)
3815 ospf_hello_send_sub(oi, oi->vl_data->peer_addr.s_addr);
3816 else
3817 ospf_hello_send_sub(oi, htonl(OSPF_ALLSPFROUTERS));
3818 }
3819 }
3820
3821 /* Send OSPF Database Description. */
3822 void ospf_db_desc_send(struct ospf_neighbor *nbr)
3823 {
3824 struct ospf_interface *oi;
3825 struct ospf_packet *op;
3826 uint16_t length = OSPF_HEADER_SIZE;
3827
3828 oi = nbr->oi;
3829 op = ospf_packet_new(oi->ifp->mtu);
3830
3831 /* Prepare OSPF common header. */
3832 ospf_make_header(OSPF_MSG_DB_DESC, oi, op->s);
3833
3834 /* Prepare OSPF Database Description body. */
3835 length += ospf_make_db_desc(oi, nbr, op->s);
3836
3837 /* Fill OSPF header. */
3838 ospf_fill_header(oi, op->s, length);
3839
3840 /* Set packet length. */
3841 op->length = length;
3842
3843 /* Decide destination address. */
3844 if (oi->type == OSPF_IFTYPE_POINTOPOINT)
3845 op->dst.s_addr = htonl(OSPF_ALLSPFROUTERS);
3846 else
3847 op->dst = nbr->address.u.prefix4;
3848
3849 /* Add packet to the interface output queue. */
3850 ospf_packet_add(oi, op);
3851
3852 /* Hook thread to write packet. */
3853 OSPF_ISM_WRITE_ON(oi->ospf);
3854
3855 /* Remove old DD packet, then copy new one and keep in neighbor
3856 * structure. */
3857 if (nbr->last_send)
3858 ospf_packet_free(nbr->last_send);
3859 nbr->last_send = ospf_packet_dup(op);
3860 monotime(&nbr->last_send_ts);
3861 if (CHECK_FLAG(oi->ospf->config, OSPF_LOG_ADJACENCY_DETAIL))
3862 zlog_info(
3863 "%s:Packet[DD]: %pI4 DB Desc send with seqnum:%x , flags:%x",
3864 ospf_get_name(oi->ospf), &nbr->router_id,
3865 nbr->dd_seqnum, nbr->dd_flags);
3866 }
3867
3868 /* Re-send Database Description. */
3869 void ospf_db_desc_resend(struct ospf_neighbor *nbr)
3870 {
3871 struct ospf_interface *oi;
3872
3873 oi = nbr->oi;
3874
3875 /* Add packet to the interface output queue. */
3876 ospf_packet_add(oi, ospf_packet_dup(nbr->last_send));
3877
3878 /* Hook thread to write packet. */
3879 OSPF_ISM_WRITE_ON(oi->ospf);
3880 if (CHECK_FLAG(oi->ospf->config, OSPF_LOG_ADJACENCY_DETAIL))
3881 zlog_info(
3882 "%s:Packet[DD]: %pI4 DB Desc resend with seqnum:%x , flags:%x",
3883 ospf_get_name(oi->ospf), &nbr->router_id,
3884 nbr->dd_seqnum, nbr->dd_flags);
3885 }
3886
3887 /* Send Link State Request. */
3888 void ospf_ls_req_send(struct ospf_neighbor *nbr)
3889 {
3890 struct ospf_interface *oi;
3891 struct ospf_packet *op;
3892 uint16_t length = OSPF_HEADER_SIZE;
3893
3894 oi = nbr->oi;
3895 op = ospf_packet_new(oi->ifp->mtu);
3896
3897 /* Prepare OSPF common header. */
3898 ospf_make_header(OSPF_MSG_LS_REQ, oi, op->s);
3899
3900 /* Prepare OSPF Link State Request body. */
3901 length += ospf_make_ls_req(nbr, op->s);
3902 if (length == OSPF_HEADER_SIZE) {
3903 ospf_packet_free(op);
3904 return;
3905 }
3906
3907 /* Fill OSPF header. */
3908 ospf_fill_header(oi, op->s, length);
3909
3910 /* Set packet length. */
3911 op->length = length;
3912
3913 /* Decide destination address. */
3914 if (oi->type == OSPF_IFTYPE_POINTOPOINT)
3915 op->dst.s_addr = htonl(OSPF_ALLSPFROUTERS);
3916 else
3917 op->dst = nbr->address.u.prefix4;
3918
3919 /* Add packet to the interface output queue. */
3920 ospf_packet_add(oi, op);
3921
3922 /* Hook thread to write packet. */
3923 OSPF_ISM_WRITE_ON(oi->ospf);
3924
3925 /* Add Link State Request Retransmission Timer. */
3926 OSPF_NSM_TIMER_ON(nbr->t_ls_req, ospf_ls_req_timer, nbr->v_ls_req);
3927 }
3928
3929 /* Send Link State Update with an LSA. */
3930 void ospf_ls_upd_send_lsa(struct ospf_neighbor *nbr, struct ospf_lsa *lsa,
3931 int flag)
3932 {
3933 struct list *update;
3934
3935 update = list_new();
3936
3937 listnode_add(update, lsa);
3938
3939 /*ospf instance is going down, send self originated
3940 * MAXAGE LSA update to neighbors to remove from LSDB */
3941 if (nbr->oi->ospf->inst_shutdown && IS_LSA_MAXAGE(lsa))
3942 ospf_ls_upd_send(nbr, update, flag, 1);
3943 else
3944 ospf_ls_upd_send(nbr, update, flag, 0);
3945
3946 list_delete(&update);
3947 }
3948
3949 /* Determine size for packet. Must be at least big enough to accommodate next
3950 * LSA on list, which may be bigger than MTU size.
3951 *
3952 * Return pointer to new ospf_packet
3953 * NULL if we can not allocate, eg because LSA is bigger than imposed limit
3954 * on packet sizes (in which case offending LSA is deleted from update list)
3955 */
3956 static struct ospf_packet *ospf_ls_upd_packet_new(struct list *update,
3957 struct ospf_interface *oi)
3958 {
3959 struct ospf_lsa *lsa;
3960 struct listnode *ln;
3961 size_t size;
3962 static char warned = 0;
3963
3964 lsa = listgetdata((ln = listhead(update)));
3965 assert(lsa->data);
3966
3967 if ((OSPF_LS_UPD_MIN_SIZE + ntohs(lsa->data->length))
3968 > ospf_packet_max(oi)) {
3969 if (!warned) {
3970 flog_warn(
3971 EC_OSPF_LARGE_LSA,
3972 "%s: oversized LSA encountered!will need to fragment. Not optimal. Try divide up your network with areas. Use 'debug ospf packet send' to see details, or look at 'show ip ospf database ..'",
3973 __func__);
3974 warned = 1;
3975 }
3976
3977 if (IS_DEBUG_OSPF_PACKET(0, SEND))
3978 zlog_debug(
3979 "%s: oversized LSA id:%pI4, %d bytes originated by %pI4, will be fragmented!",
3980 __func__, &lsa->data->id,
3981 ntohs(lsa->data->length),
3982 &lsa->data->adv_router);
3983
3984 /*
3985 * Allocate just enough to fit this LSA only, to avoid including
3986 * other
3987 * LSAs in fragmented LSA Updates.
3988 */
3989 size = ntohs(lsa->data->length)
3990 + (oi->ifp->mtu - ospf_packet_max(oi))
3991 + OSPF_LS_UPD_MIN_SIZE;
3992 } else
3993 size = oi->ifp->mtu;
3994
3995 if (size > OSPF_MAX_PACKET_SIZE) {
3996 flog_warn(
3997 EC_OSPF_LARGE_LSA,
3998 "%s: oversized LSA id:%pI4 too big, %d bytes, packet size %ld, dropping it completely. OSPF routing is broken!",
3999 __func__, &lsa->data->id, ntohs(lsa->data->length),
4000 (long int)size);
4001 list_delete_node(update, ln);
4002 return NULL;
4003 }
4004
4005 /* IP header is built up separately by ospf_write(). This means, that we
4006 * must
4007 * reduce the "affordable" size just calculated by length of an IP
4008 * header.
4009 * This makes sure, that even if we manage to fill the payload with LSA
4010 * data
4011 * completely, the final packet (our data plus IP header) still fits
4012 * into
4013 * outgoing interface MTU. This correction isn't really meaningful for
4014 * an
4015 * oversized LSA, but for consistency the correction is done for both
4016 * cases.
4017 *
4018 * P.S. OSPF_MAX_PACKET_SIZE above already includes IP header size
4019 */
4020 return ospf_packet_new(size - sizeof(struct ip));
4021 }
4022
4023 static void ospf_ls_upd_queue_send(struct ospf_interface *oi,
4024 struct list *update, struct in_addr addr,
4025 int send_lsupd_now)
4026 {
4027 struct ospf_packet *op;
4028 uint16_t length = OSPF_HEADER_SIZE;
4029
4030 if (IS_DEBUG_OSPF_EVENT)
4031 zlog_debug("listcount = %d, [%s]dst %pI4", listcount(update),
4032 IF_NAME(oi), &addr);
4033
4034 /* Check that we have really something to process */
4035 if (listcount(update) == 0)
4036 return;
4037
4038 op = ospf_ls_upd_packet_new(update, oi);
4039
4040 /* Prepare OSPF common header. */
4041 ospf_make_header(OSPF_MSG_LS_UPD, oi, op->s);
4042
4043 /* Prepare OSPF Link State Update body.
4044 * Includes Type-7 translation.
4045 */
4046 length += ospf_make_ls_upd(oi, update, op->s);
4047
4048 /* Fill OSPF header. */
4049 ospf_fill_header(oi, op->s, length);
4050
4051 /* Set packet length. */
4052 op->length = length;
4053
4054 /* Decide destination address. */
4055 if (oi->type == OSPF_IFTYPE_POINTOPOINT)
4056 op->dst.s_addr = htonl(OSPF_ALLSPFROUTERS);
4057 else
4058 op->dst.s_addr = addr.s_addr;
4059
4060 /* Add packet to the interface output queue. */
4061 ospf_packet_add(oi, op);
4062 /* Call ospf_write() right away to send ospf packets to neighbors */
4063 if (send_lsupd_now) {
4064 struct thread os_packet_thd;
4065
4066 os_packet_thd.arg = (void *)oi->ospf;
4067 if (oi->on_write_q == 0) {
4068 listnode_add(oi->ospf->oi_write_q, oi);
4069 oi->on_write_q = 1;
4070 }
4071 ospf_write(&os_packet_thd);
4072 /*
4073 * We are fake calling ospf_write with a fake
4074 * thread. Imagine that we have oi_a already
4075 * enqueued and we have turned on the write
4076 * thread(t_write).
4077 * Now this function calls this for oi_b
4078 * so the on_write_q has oi_a and oi_b on
4079 * it, ospf_write runs and clears the packets
4080 * for both oi_a and oi_b. Removing them from
4081 * the on_write_q. After this thread of execution
4082 * finishes we will execute the t_write thread
4083 * with nothing in the on_write_q causing an
4084 * assert. So just make sure that the t_write
4085 * is actually turned off.
4086 */
4087 if (list_isempty(oi->ospf->oi_write_q))
4088 THREAD_OFF(oi->ospf->t_write);
4089 } else {
4090 /* Hook thread to write packet. */
4091 OSPF_ISM_WRITE_ON(oi->ospf);
4092 }
4093 }
4094
4095 static void ospf_ls_upd_send_queue_event(struct thread *thread)
4096 {
4097 struct ospf_interface *oi = THREAD_ARG(thread);
4098 struct route_node *rn;
4099 struct route_node *rnext;
4100 struct list *update;
4101 char again = 0;
4102
4103 oi->t_ls_upd_event = NULL;
4104
4105 if (IS_DEBUG_OSPF_EVENT)
4106 zlog_debug("%s start", __func__);
4107
4108 for (rn = route_top(oi->ls_upd_queue); rn; rn = rnext) {
4109 rnext = route_next(rn);
4110
4111 if (rn->info == NULL)
4112 continue;
4113
4114 update = (struct list *)rn->info;
4115
4116 ospf_ls_upd_queue_send(oi, update, rn->p.u.prefix4, 0);
4117
4118 /* list might not be empty. */
4119 if (listcount(update) == 0) {
4120 list_delete((struct list **)&rn->info);
4121 route_unlock_node(rn);
4122 } else
4123 again = 1;
4124 }
4125
4126 if (again != 0) {
4127 if (IS_DEBUG_OSPF_EVENT)
4128 zlog_debug(
4129 "%s: update lists not cleared, %d nodes to try again, raising new event",
4130 __func__, again);
4131 oi->t_ls_upd_event = NULL;
4132 thread_add_event(master, ospf_ls_upd_send_queue_event, oi, 0,
4133 &oi->t_ls_upd_event);
4134 }
4135
4136 if (IS_DEBUG_OSPF_EVENT)
4137 zlog_debug("%s stop", __func__);
4138 }
4139
4140 void ospf_ls_upd_send(struct ospf_neighbor *nbr, struct list *update, int flag,
4141 int send_lsupd_now)
4142 {
4143 struct ospf_interface *oi;
4144 struct ospf_lsa *lsa;
4145 struct prefix_ipv4 p;
4146 struct route_node *rn;
4147 struct listnode *node;
4148
4149 oi = nbr->oi;
4150
4151 p.family = AF_INET;
4152 p.prefixlen = IPV4_MAX_BITLEN;
4153
4154 /* Decide destination address. */
4155 if (oi->type == OSPF_IFTYPE_VIRTUALLINK)
4156 p.prefix = oi->vl_data->peer_addr;
4157 else if (oi->type == OSPF_IFTYPE_POINTOPOINT)
4158 p.prefix.s_addr = htonl(OSPF_ALLSPFROUTERS);
4159 else if (flag == OSPF_SEND_PACKET_DIRECT)
4160 p.prefix = nbr->address.u.prefix4;
4161 else if (oi->state == ISM_DR || oi->state == ISM_Backup)
4162 p.prefix.s_addr = htonl(OSPF_ALLSPFROUTERS);
4163 else if (oi->type == OSPF_IFTYPE_POINTOMULTIPOINT)
4164 p.prefix.s_addr = htonl(OSPF_ALLSPFROUTERS);
4165 else
4166 p.prefix.s_addr = htonl(OSPF_ALLDROUTERS);
4167
4168 if (oi->type == OSPF_IFTYPE_NBMA) {
4169 if (flag == OSPF_SEND_PACKET_INDIRECT)
4170 flog_warn(
4171 EC_OSPF_PACKET,
4172 "* LS-Update is directly sent on NBMA network.");
4173 if (IPV4_ADDR_SAME(&oi->address->u.prefix4, &p.prefix))
4174 flog_warn(EC_OSPF_PACKET,
4175 "* LS-Update is sent to myself.");
4176 }
4177
4178 rn = route_node_get(oi->ls_upd_queue, (struct prefix *)&p);
4179
4180 if (rn->info == NULL)
4181 rn->info = list_new();
4182 else
4183 route_unlock_node(rn);
4184
4185 for (ALL_LIST_ELEMENTS_RO(update, node, lsa))
4186 listnode_add(rn->info,
4187 ospf_lsa_lock(lsa)); /* oi->ls_upd_queue */
4188 if (send_lsupd_now) {
4189 struct list *send_update_list;
4190 struct route_node *rnext;
4191
4192 for (rn = route_top(oi->ls_upd_queue); rn; rn = rnext) {
4193 rnext = route_next(rn);
4194
4195 if (rn->info == NULL)
4196 continue;
4197
4198 send_update_list = (struct list *)rn->info;
4199
4200 ospf_ls_upd_queue_send(oi, send_update_list,
4201 rn->p.u.prefix4, 1);
4202 }
4203 } else
4204 thread_add_event(master, ospf_ls_upd_send_queue_event, oi, 0,
4205 &oi->t_ls_upd_event);
4206 }
4207
4208 static void ospf_ls_ack_send_list(struct ospf_interface *oi, struct list *ack,
4209 struct in_addr dst)
4210 {
4211 struct ospf_packet *op;
4212 uint16_t length = OSPF_HEADER_SIZE;
4213
4214 op = ospf_packet_new(oi->ifp->mtu);
4215
4216 /* Prepare OSPF common header. */
4217 ospf_make_header(OSPF_MSG_LS_ACK, oi, op->s);
4218
4219 /* Prepare OSPF Link State Acknowledgment body. */
4220 length += ospf_make_ls_ack(oi, ack, op->s);
4221
4222 /* Fill OSPF header. */
4223 ospf_fill_header(oi, op->s, length);
4224
4225 /* Set packet length. */
4226 op->length = length;
4227
4228 /* Decide destination address. */
4229 if (oi->type == OSPF_IFTYPE_POINTOPOINT ||
4230 oi->type == OSPF_IFTYPE_POINTOMULTIPOINT)
4231 op->dst.s_addr = htonl(OSPF_ALLSPFROUTERS);
4232 else
4233 op->dst.s_addr = dst.s_addr;
4234
4235 /* Add packet to the interface output queue. */
4236 ospf_packet_add(oi, op);
4237
4238 /* Hook thread to write packet. */
4239 OSPF_ISM_WRITE_ON(oi->ospf);
4240 }
4241
4242 static void ospf_ls_ack_send_event(struct thread *thread)
4243 {
4244 struct ospf_interface *oi = THREAD_ARG(thread);
4245
4246 oi->t_ls_ack_direct = NULL;
4247
4248 while (listcount(oi->ls_ack_direct.ls_ack))
4249 ospf_ls_ack_send_list(oi, oi->ls_ack_direct.ls_ack,
4250 oi->ls_ack_direct.dst);
4251 }
4252
4253 void ospf_ls_ack_send(struct ospf_neighbor *nbr, struct ospf_lsa *lsa)
4254 {
4255 struct ospf_interface *oi = nbr->oi;
4256
4257 if (IS_GRACE_LSA(lsa)) {
4258 if (IS_DEBUG_OSPF_GR)
4259 zlog_debug("%s, Sending GRACE ACK to Restarter.",
4260 __func__);
4261 }
4262
4263 if (listcount(oi->ls_ack_direct.ls_ack) == 0)
4264 oi->ls_ack_direct.dst = nbr->address.u.prefix4;
4265
4266 listnode_add(oi->ls_ack_direct.ls_ack, ospf_lsa_lock(lsa));
4267
4268 thread_add_event(master, ospf_ls_ack_send_event, oi, 0,
4269 &oi->t_ls_ack_direct);
4270 }
4271
4272 /* Send Link State Acknowledgment delayed. */
4273 void ospf_ls_ack_send_delayed(struct ospf_interface *oi)
4274 {
4275 struct in_addr dst;
4276
4277 /* Decide destination address. */
4278 /* RFC2328 Section 13.5 On non-broadcast
4279 networks, delayed Link State Acknowledgment packets must be
4280 unicast separately over each adjacency (i.e., neighbor whose
4281 state is >= Exchange). */
4282 if (oi->type == OSPF_IFTYPE_NBMA) {
4283 struct ospf_neighbor *nbr;
4284 struct route_node *rn;
4285
4286 for (rn = route_top(oi->nbrs); rn; rn = route_next(rn)) {
4287 nbr = rn->info;
4288
4289 if (!nbr)
4290 continue;
4291
4292 if (nbr != oi->nbr_self && nbr->state >= NSM_Exchange)
4293 while (listcount(oi->ls_ack))
4294 ospf_ls_ack_send_list(
4295 oi, oi->ls_ack,
4296 nbr->address.u.prefix4);
4297 }
4298 return;
4299 }
4300 if (oi->type == OSPF_IFTYPE_VIRTUALLINK)
4301 dst.s_addr = oi->vl_data->peer_addr.s_addr;
4302 else if (oi->state == ISM_DR || oi->state == ISM_Backup)
4303 dst.s_addr = htonl(OSPF_ALLSPFROUTERS);
4304 else if (oi->type == OSPF_IFTYPE_POINTOPOINT)
4305 dst.s_addr = htonl(OSPF_ALLSPFROUTERS);
4306 else if (oi->type == OSPF_IFTYPE_POINTOMULTIPOINT)
4307 dst.s_addr = htonl(OSPF_ALLSPFROUTERS);
4308 else
4309 dst.s_addr = htonl(OSPF_ALLDROUTERS);
4310
4311 while (listcount(oi->ls_ack))
4312 ospf_ls_ack_send_list(oi, oi->ls_ack, dst);
4313 }
4314
4315 /*
4316 * On pt-to-pt links, all OSPF control packets are sent to the multicast
4317 * address. As a result, the kernel does not need to learn the interface
4318 * MAC of the OSPF neighbor. However, in our world, this will delay
4319 * convergence. Take the case when due to a link flap, all routes now
4320 * want to use an interface which was deemed to be costlier prior to this
4321 * event. For routes that will be installed, the missing MAC will have
4322 * punt-to-CPU set on them. This may overload the CPU control path that
4323 * can be avoided if the MAC was known apriori.
4324 */
4325 void ospf_proactively_arp(struct ospf_neighbor *nbr)
4326 {
4327 if (!nbr || !nbr->oi->ospf->proactive_arp)
4328 return;
4329
4330 ospf_zebra_send_arp(nbr->oi->ifp, &nbr->address);
4331 }
FRRouting mirror