]> git.proxmox.com Git - mirror_frr.git/blame - ospfd/ospf_packet.c
projects / mirror_frr.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
ospfd: use ospf_get_name() wherever possible
[mirror_frr.git] / ospfd / ospf_packet.c
CommitLineData
718e3744 1/*
2 * OSPF Sending and Receiving OSPF Packets.
3 * Copyright (C) 1999, 2000 Toshiaki Takada
4 *
5 * This file is part of GNU Zebra.
6 *
7 * GNU Zebra is free software; you can redistribute it and/or modify it
8 * under the terms of the GNU General Public License as published by the
9 * Free Software Foundation; either version 2, or (at your option) any
10 * later version.
11 *
12 * GNU Zebra is distributed in the hope that it will be useful, but
13 * WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15 * General Public License for more details.
16 *
896014f4
DL		 17 * You should have received a copy of the GNU General Public License along
18 * with this program; see the file COPYING; if not, write to the Free Software
19 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
718e3744 20 */
21
22#include <zebra.h>
23
cbf3e3eb 24#include "monotime.h"
718e3744 25#include "thread.h"
26#include "memory.h"
27#include "linklist.h"
28#include "prefix.h"
29#include "if.h"
30#include "table.h"
31#include "sockunion.h"
32#include "stream.h"
33#include "log.h"
2dd8bb4e 34#include "sockopt.h"
484315fd 35#include "checksum.h"
0513a271 36#ifdef CRYPTO_INTERNAL
c1a03d47 37#include "md5.h"
0513a271 38#endif
7e2b7603 39#include "vrf.h"
c9cc11f6 40#include "lib_errors.h"
718e3744 41
42#include "ospfd/ospfd.h"
43#include "ospfd/ospf_network.h"
44#include "ospfd/ospf_interface.h"
45#include "ospfd/ospf_ism.h"
46#include "ospfd/ospf_asbr.h"
47#include "ospfd/ospf_lsa.h"
48#include "ospfd/ospf_lsdb.h"
49#include "ospfd/ospf_neighbor.h"
50#include "ospfd/ospf_nsm.h"
51#include "ospfd/ospf_packet.h"
52#include "ospfd/ospf_spf.h"
53#include "ospfd/ospf_flood.h"
54#include "ospfd/ospf_dump.h"
c9cc11f6 55#include "ospfd/ospf_errors.h"
aa530b62 56#include "ospfd/ospf_zebra.h"
cd52c44c 57#include "ospfd/ospf_gr.h"
718e3744 58
166b75c2
DS		 59/*
60 * OSPF Fragmentation / fragmented writes
61 *
62 * ospfd can support writing fragmented packets, for cases where
63 * kernel will not fragment IP_HDRINCL and/or multicast destined
64 * packets (ie TTBOMK all kernels, BSD, SunOS, Linux). However,
65 * SunOS, probably BSD too, clobber the user supplied IP ID and IP
66 * flags fields, hence user-space fragmentation will not work.
67 * Only Linux is known to leave IP header unmolested.
68 * Further, fragmentation really should be done the kernel, which already
69 * supports it, and which avoids nasty IP ID state problems.
70 *
71 * Fragmentation of OSPF packets can be required on networks with router
72 * with many many interfaces active in one area, or on networks with links
73 * with low MTUs.
74 */
75#ifdef GNU_LINUX
76#define WANT_OSPF_WRITE_FRAGMENT
77#endif
78
718e3744 79/* Packet Type String. */
d62a17ae 80const struct message ospf_packet_type_str[] = {
81 {OSPF_MSG_HELLO, "Hello"},
82 {OSPF_MSG_DB_DESC, "Database Description"},
83 {OSPF_MSG_LS_REQ, "Link State Request"},
84 {OSPF_MSG_LS_UPD, "Link State Update"},
85 {OSPF_MSG_LS_ACK, "Link State Acknowledgment"},
86 {0}};
718e3744 87
75c8eabb
DO		 88/* Minimum (besides OSPF_HEADER_SIZE) lengths for OSPF packets of
89 particular types, offset is the "type" field of a packet. */
d7c0a89a 90static const uint16_t ospf_packet_minlen[] = {
d62a17ae 91 0,
92 OSPF_HELLO_MIN_SIZE,
93 OSPF_DB_DESC_MIN_SIZE,
94 OSPF_LS_REQ_MIN_SIZE,
95 OSPF_LS_UPD_MIN_SIZE,
96 OSPF_LS_ACK_MIN_SIZE,
75c8eabb
DO		 97};
98
4e31de79
DO		 99/* Minimum (besides OSPF_LSA_HEADER_SIZE) lengths for LSAs of particular
100 types, offset is the "LSA type" field. */
d7c0a89a 101static const uint16_t ospf_lsa_minlen[] = {
d62a17ae 102 0,
103 OSPF_ROUTER_LSA_MIN_SIZE,
104 OSPF_NETWORK_LSA_MIN_SIZE,
105 OSPF_SUMMARY_LSA_MIN_SIZE,
106 OSPF_SUMMARY_LSA_MIN_SIZE,
107 OSPF_AS_EXTERNAL_LSA_MIN_SIZE,
108 0,
109 OSPF_AS_EXTERNAL_LSA_MIN_SIZE,
110 0,
111 0,
112 0,
113 0,
4e31de79
DO		 114};
115
bd5651f0 116/* for ospf_check_auth() */
d62a17ae 117static int ospf_check_sum(struct ospf_header *);
bd5651f0 118
718e3744 119/* OSPF authentication checking function */
d62a17ae 120static int ospf_auth_type(struct ospf_interface *oi)
718e3744 121{
d62a17ae 122 int auth_type;
718e3744 123
d62a17ae 124 if (OSPF_IF_PARAM(oi, auth_type) == OSPF_AUTH_NOTSET)
125 auth_type = oi->area->auth_type;
126 else
127 auth_type = OSPF_IF_PARAM(oi, auth_type);
718e3744 128
d62a17ae 129 /* Handle case where MD5 key list is not configured aka Cisco */
130 if (auth_type == OSPF_AUTH_CRYPTOGRAPHIC
131 && list_isempty(OSPF_IF_PARAM(oi, auth_crypt)))
132 return OSPF_AUTH_NULL;
718e3744 133
d62a17ae 134 return auth_type;
718e3744 135}
136
7cec50a5 137static struct ospf_packet *ospf_packet_new(size_t size)
718e3744 138{
d62a17ae 139 struct ospf_packet *new;
718e3744 140
d62a17ae 141 new = XCALLOC(MTYPE_OSPF_PACKET, sizeof(struct ospf_packet));
142 new->s = stream_new(size);
718e3744 143
d62a17ae 144 return new;
718e3744 145}
146
d62a17ae 147void ospf_packet_free(struct ospf_packet *op)
718e3744 148{
d62a17ae 149 if (op->s)
150 stream_free(op->s);
718e3744 151
d62a17ae 152 XFREE(MTYPE_OSPF_PACKET, op);
718e3744 153}
154
4d762f26 155struct ospf_fifo *ospf_fifo_new(void)
718e3744 156{
d62a17ae 157 struct ospf_fifo *new;
718e3744 158
d62a17ae 159 new = XCALLOC(MTYPE_OSPF_FIFO, sizeof(struct ospf_fifo));
160 return new;
718e3744 161}
162
163/* Add new packet to fifo. */
d62a17ae 164void ospf_fifo_push(struct ospf_fifo *fifo, struct ospf_packet *op)
718e3744 165{
d62a17ae 166 if (fifo->tail)
167 fifo->tail->next = op;
168 else
169 fifo->head = op;
718e3744 170
d62a17ae 171 fifo->tail = op;
718e3744 172
d62a17ae 173 fifo->count++;
718e3744 174}
175
aa276fd7 176/* Add new packet to head of fifo. */
d62a17ae 177static void ospf_fifo_push_head(struct ospf_fifo *fifo, struct ospf_packet *op)
aa276fd7 178{
d62a17ae 179 op->next = fifo->head;
180
181 if (fifo->tail == NULL)
182 fifo->tail = op;
183
184 fifo->head = op;
185
186 fifo->count++;
aa276fd7
PJ		 187}
188
718e3744 189/* Delete first packet from fifo. */
d62a17ae 190struct ospf_packet *ospf_fifo_pop(struct ospf_fifo *fifo)
718e3744 191{
d62a17ae 192 struct ospf_packet *op;
718e3744 193
d62a17ae 194 op = fifo->head;
718e3744 195
d62a17ae 196 if (op) {
197 fifo->head = op->next;
718e3744 198
d62a17ae 199 if (fifo->head == NULL)
200 fifo->tail = NULL;
718e3744 201
d62a17ae 202 fifo->count--;
203 }
718e3744 204
d62a17ae 205 return op;
718e3744 206}
207
208/* Return first fifo entry. */
d62a17ae 209struct ospf_packet *ospf_fifo_head(struct ospf_fifo *fifo)
718e3744 210{
d62a17ae 211 return fifo->head;
718e3744 212}
213
214/* Flush ospf packet fifo. */
d62a17ae 215void ospf_fifo_flush(struct ospf_fifo *fifo)
718e3744 216{
d62a17ae 217 struct ospf_packet *op;
218 struct ospf_packet *next;
718e3744 219
d62a17ae 220 for (op = fifo->head; op; op = next) {
221 next = op->next;
222 ospf_packet_free(op);
223 }
224 fifo->head = fifo->tail = NULL;
225 fifo->count = 0;
718e3744 226}
227
228/* Free ospf packet fifo. */
d62a17ae 229void ospf_fifo_free(struct ospf_fifo *fifo)
718e3744 230{
d62a17ae 231 ospf_fifo_flush(fifo);
718e3744 232
d62a17ae 233 XFREE(MTYPE_OSPF_FIFO, fifo);
718e3744 234}
235
7cec50a5 236static void ospf_packet_add(struct ospf_interface *oi, struct ospf_packet *op)
718e3744 237{
d62a17ae 238 /* Add packet to end of queue. */
239 ospf_fifo_push(oi->obuf, op);
718e3744 240
d62a17ae 241 /* Debug of packet fifo*/
242 /* ospf_fifo_debug (oi->obuf); */
718e3744 243}
244
d62a17ae 245static void ospf_packet_add_top(struct ospf_interface *oi,
246 struct ospf_packet *op)
aa276fd7 247{
d62a17ae 248 /* Add packet to head of queue. */
249 ospf_fifo_push_head(oi->obuf, op);
aa276fd7 250
d62a17ae 251 /* Debug of packet fifo*/
252 /* ospf_fifo_debug (oi->obuf); */
aa276fd7
PJ		 253}
254
7cec50a5 255static void ospf_packet_delete(struct ospf_interface *oi)
718e3744 256{
d62a17ae 257 struct ospf_packet *op;
258
259 op = ospf_fifo_pop(oi->obuf);
718e3744 260
d62a17ae 261 if (op)
262 ospf_packet_free(op);
718e3744 263}
264
7cec50a5 265static struct ospf_packet *ospf_packet_dup(struct ospf_packet *op)
718e3744 266{
d62a17ae 267 struct ospf_packet *new;
718e3744 268
d62a17ae 269 if (stream_get_endp(op->s) != op->length)
270 /* XXX size_t */
c9cc11f6 271 zlog_debug(
d62a17ae 272 "ospf_packet_dup stream %lu ospf_packet %u size mismatch",
d7c0a89a 273 (unsigned long)STREAM_SIZE(op->s), op->length);
30961a15 274
d62a17ae 275 /* Reserve space for MD5 authentication that may be added later. */
276 new = ospf_packet_new(stream_get_endp(op->s) + OSPF_AUTH_MD5_SIZE);
277 stream_copy(new->s, op->s);
718e3744 278
d62a17ae 279 new->dst = op->dst;
280 new->length = op->length;
718e3744 281
d62a17ae 282 return new;
718e3744 283}
284
86f1fd96 285/* XXX inline */
d62a17ae 286static unsigned int ospf_packet_authspace(struct ospf_interface *oi)
86f1fd96 287{
d62a17ae 288 int auth = 0;
86f1fd96 289
d62a17ae 290 if (ospf_auth_type(oi) == OSPF_AUTH_CRYPTOGRAPHIC)
291 auth = OSPF_AUTH_MD5_SIZE;
86f1fd96 292
d62a17ae 293 return auth;
86f1fd96 294}
295
d62a17ae 296static unsigned int ospf_packet_max(struct ospf_interface *oi)
718e3744 297{
d62a17ae 298 int max;
718e3744 299
d62a17ae 300 max = oi->ifp->mtu - ospf_packet_authspace(oi);
86f1fd96 301
d62a17ae 302 max -= (OSPF_HEADER_SIZE + sizeof(struct ip));
718e3744 303
d62a17ae 304 return max;
718e3744 305}
306
6b0655a2 307
d62a17ae 308static int ospf_check_md5_digest(struct ospf_interface *oi,
309 struct ospf_header *ospfh)
718e3744 310{
0513a271
MR		 311#ifdef CRYPTO_OPENSSL
312 EVP_MD_CTX *ctx;
313#elif CRYPTO_INTERNAL
d62a17ae 314 MD5_CTX ctx;
0513a271 315#endif
d62a17ae 316 unsigned char digest[OSPF_AUTH_MD5_SIZE];
317 struct crypt_key *ck;
318 struct ospf_neighbor *nbr;
d7c0a89a 319 uint16_t length = ntohs(ospfh->length);
d62a17ae 320
321 /* Get secret key. */
322 ck = ospf_crypt_key_lookup(OSPF_IF_PARAM(oi, auth_crypt),
323 ospfh->u.crypt.key_id);
324 if (ck == NULL) {
1c50c1c0
QY		 325 flog_warn(EC_OSPF_MD5, "interface %s: ospf_check_md5 no key %d",
326 IF_NAME(oi), ospfh->u.crypt.key_id);
d62a17ae 327 return 0;
328 }
718e3744 329
d62a17ae 330 /* check crypto seqnum. */
331 nbr = ospf_nbr_lookup_by_routerid(oi->nbrs, &ospfh->router_id);
718e3744 332
d62a17ae 333 if (nbr
334 && ntohl(nbr->crypt_seqnum) > ntohl(ospfh->u.crypt.crypt_seqnum)) {
c9cc11f6 335 flog_warn(
cf444bcf 336 EC_OSPF_MD5,
d62a17ae 337 "interface %s: ospf_check_md5 bad sequence %d (expect %d)",
338 IF_NAME(oi), ntohl(ospfh->u.crypt.crypt_seqnum),
339 ntohl(nbr->crypt_seqnum));
340 return 0;
341 }
718e3744 342
d62a17ae 343 /* Generate a digest for the ospf packet - their digest + our digest. */
0513a271
MR		 344#ifdef CRYPTO_OPENSSL
345 unsigned int md5_size = OSPF_AUTH_MD5_SIZE;
346 ctx = EVP_MD_CTX_new();
347 EVP_DigestInit(ctx, EVP_md5());
348 EVP_DigestUpdate(ctx, ospfh, length);
349 EVP_DigestUpdate(ctx, ck->auth_key, OSPF_AUTH_MD5_SIZE);
350 EVP_DigestFinal(ctx, digest, &md5_size);
351 EVP_MD_CTX_free(ctx);
352#elif CRYPTO_INTERNAL
d62a17ae 353 memset(&ctx, 0, sizeof(ctx));
354 MD5Init(&ctx);
355 MD5Update(&ctx, ospfh, length);
356 MD5Update(&ctx, ck->auth_key, OSPF_AUTH_MD5_SIZE);
357 MD5Final(digest, &ctx);
0513a271 358#endif
d62a17ae 359
360 /* compare the two */
361 if (memcmp((caddr_t)ospfh + length, digest, OSPF_AUTH_MD5_SIZE)) {
cf444bcf 362 flog_warn(EC_OSPF_MD5,
c9cc11f6 363 "interface %s: ospf_check_md5 checksum mismatch",
d62a17ae 364 IF_NAME(oi));
365 return 0;
366 }
718e3744 367
d62a17ae 368 /* save neighbor's crypt_seqnum */
369 if (nbr)
370 nbr->crypt_seqnum = ospfh->u.crypt.crypt_seqnum;
371 return 1;
718e3744 372}
373
374/* This function is called from ospf_write(), it will detect the
375 authentication scheme and if it is MD5, it will change the sequence
376 and update the MD5 digest. */
d62a17ae 377static int ospf_make_md5_digest(struct ospf_interface *oi,
378 struct ospf_packet *op)
379{
380 struct ospf_header *ospfh;
381 unsigned char digest[OSPF_AUTH_MD5_SIZE] = {0};
0513a271
MR		 382#ifdef CRYPTO_OPENSSL
383 EVP_MD_CTX *ctx;
384#elif CRYPTO_INTERNAL
d62a17ae 385 MD5_CTX ctx;
0513a271 386#endif
d62a17ae 387 void *ibuf;
d7c0a89a 388 uint32_t t;
d62a17ae 389 struct crypt_key *ck;
d7c0a89a 390 const uint8_t *auth_key;
d62a17ae 391
392 ibuf = STREAM_DATA(op->s);
393 ospfh = (struct ospf_header *)ibuf;
394
395 if (ntohs(ospfh->auth_type) != OSPF_AUTH_CRYPTOGRAPHIC)
396 return 0;
397
398 /* We do this here so when we dup a packet, we don't have to
399 waste CPU rewriting other headers.
400
401 Note that quagga_time /deliberately/ is not used here */
402 t = (time(NULL) & 0xFFFFFFFF);
403 if (t > oi->crypt_seqnum)
404 oi->crypt_seqnum = t;
405 else
406 oi->crypt_seqnum++;
407
408 ospfh->u.crypt.crypt_seqnum = htonl(oi->crypt_seqnum);
409
410 /* Get MD5 Authentication key from auth_key list. */
411 if (list_isempty(OSPF_IF_PARAM(oi, auth_crypt)))
d7c0a89a 412 auth_key = (const uint8_t *)digest;
d62a17ae 413 else {
414 ck = listgetdata(listtail(OSPF_IF_PARAM(oi, auth_crypt)));
415 auth_key = ck->auth_key;
416 }
718e3744 417
d62a17ae 418 /* Generate a digest for the entire packet + our secret key. */
0513a271
MR		 419#ifdef CRYPTO_OPENSSL
420 unsigned int md5_size = OSPF_AUTH_MD5_SIZE;
421 ctx = EVP_MD_CTX_new();
422 EVP_DigestInit(ctx, EVP_md5());
423 EVP_DigestUpdate(ctx, ibuf, ntohs(ospfh->length));
424 EVP_DigestUpdate(ctx, auth_key, OSPF_AUTH_MD5_SIZE);
425 EVP_DigestFinal(ctx, digest, &md5_size);
426 EVP_MD_CTX_free(ctx);
427#elif CRYPTO_INTERNAL
d62a17ae 428 memset(&ctx, 0, sizeof(ctx));
429 MD5Init(&ctx);
430 MD5Update(&ctx, ibuf, ntohs(ospfh->length));
431 MD5Update(&ctx, auth_key, OSPF_AUTH_MD5_SIZE);
432 MD5Final(digest, &ctx);
0513a271 433#endif
718e3744 434
d62a17ae 435 /* Append md5 digest to the end of the stream. */
436 stream_put(op->s, digest, OSPF_AUTH_MD5_SIZE);
718e3744 437
d62a17ae 438 /* We do *NOT* increment the OSPF header length. */
439 op->length = ntohs(ospfh->length) + OSPF_AUTH_MD5_SIZE;
30961a15 440
d62a17ae 441 if (stream_get_endp(op->s) != op->length)
442 /* XXX size_t */
c9cc11f6 443 flog_warn(
cf444bcf 444 EC_OSPF_MD5,
d62a17ae 445 "ospf_make_md5_digest: length mismatch stream %lu ospf_packet %u",
d7c0a89a 446 (unsigned long)stream_get_endp(op->s), op->length);
718e3744 447
d62a17ae 448 return OSPF_AUTH_MD5_SIZE;
718e3744 449}
450
6b0655a2 451
d62a17ae 452static int ospf_ls_req_timer(struct thread *thread)
718e3744 453{
d62a17ae 454 struct ospf_neighbor *nbr;
718e3744 455
d62a17ae 456 nbr = THREAD_ARG(thread);
457 nbr->t_ls_req = NULL;
718e3744 458
d62a17ae 459 /* Send Link State Request. */
460 if (ospf_ls_request_count(nbr))
461 ospf_ls_req_send(nbr);
718e3744 462
d62a17ae 463 /* Set Link State Request retransmission timer. */
464 OSPF_NSM_TIMER_ON(nbr->t_ls_req, ospf_ls_req_timer, nbr->v_ls_req);
718e3744 465
d62a17ae 466 return 0;
718e3744 467}
468
d62a17ae 469void ospf_ls_req_event(struct ospf_neighbor *nbr)
718e3744 470{
b3d6bc6e 471 thread_cancel(&nbr->t_ls_req);
d62a17ae 472 thread_add_event(master, ospf_ls_req_timer, nbr, 0, &nbr->t_ls_req);
718e3744 473}
474
475/* Cyclic timer function. Fist registered in ospf_nbr_new () in
476 ospf_neighbor.c */
d62a17ae 477int ospf_ls_upd_timer(struct thread *thread)
478{
479 struct ospf_neighbor *nbr;
480
481 nbr = THREAD_ARG(thread);
482 nbr->t_ls_upd = NULL;
483
484 /* Send Link State Update. */
485 if (ospf_ls_retransmit_count(nbr) > 0) {
486 struct list *update;
487 struct ospf_lsdb *lsdb;
488 int i;
489 int retransmit_interval;
490
491 retransmit_interval =
492 OSPF_IF_PARAM(nbr->oi, retransmit_interval);
493
494 lsdb = &nbr->ls_rxmt;
495 update = list_new();
496
497 for (i = OSPF_MIN_LSA; i < OSPF_MAX_LSA; i++) {
498 struct route_table *table = lsdb->type[i].db;
499 struct route_node *rn;
500
501 for (rn = route_top(table); rn; rn = route_next(rn)) {
502 struct ospf_lsa *lsa;
503
504 if ((lsa = rn->info) != NULL) {
505 /* Don't retransmit an LSA if we
506 received it within
507 the last RxmtInterval seconds - this
508 is to allow the
509 neighbour a chance to acknowledge the
510 LSA as it may
511 have ben just received before the
512 retransmit timer
513 fired. This is a small tweak to what
514 is in the RFC,
515 but it will cut out out a lot of
516 retransmit traffic
517 - MAG */
518 if (monotime_since(&lsa->tv_recv, NULL)
519 >= retransmit_interval * 1000000LL)
520 listnode_add(update, rn->info);
521 }
522 }
523 }
718e3744 524
d62a17ae 525 if (listcount(update) > 0)
996c9314
LB		 526 ospf_ls_upd_send(nbr, update, OSPF_SEND_PACKET_DIRECT,
527 0);
6a154c88 528 list_delete(&update);
718e3744 529 }
530
d62a17ae 531 /* Set LS Update retransmission timer. */
532 OSPF_NSM_TIMER_ON(nbr->t_ls_upd, ospf_ls_upd_timer, nbr->v_ls_upd);
718e3744 533
d62a17ae 534 return 0;
718e3744 535}
536
d62a17ae 537int ospf_ls_ack_timer(struct thread *thread)
718e3744 538{
d62a17ae 539 struct ospf_interface *oi;
718e3744 540
d62a17ae 541 oi = THREAD_ARG(thread);
542 oi->t_ls_ack = NULL;
718e3744 543
d62a17ae 544 /* Send Link State Acknowledgment. */
545 if (listcount(oi->ls_ack) > 0)
546 ospf_ls_ack_send_delayed(oi);
718e3744 547
d62a17ae 548 /* Set LS Ack timer. */
549 OSPF_ISM_TIMER_ON(oi->t_ls_ack, ospf_ls_ack_timer, oi->v_ls_ack);
718e3744 550
d62a17ae 551 return 0;
718e3744 552}
553
0bfeca3f 554#ifdef WANT_OSPF_WRITE_FRAGMENT
d62a17ae 555static void ospf_write_frags(int fd, struct ospf_packet *op, struct ip *iph,
556 struct msghdr *msg, unsigned int maxdatasize,
d7c0a89a 557 unsigned int mtu, int flags, uint8_t type)
0bfeca3f 558{
559#define OSPF_WRITE_FRAG_SHIFT 3
d7c0a89a 560 uint16_t offset;
d62a17ae 561 struct iovec *iovp;
562 int ret;
563
564 assert(op->length == stream_get_endp(op->s));
565 assert(msg->msg_iovlen == 2);
566
567 /* we can but try.
568 *
569 * SunOS, BSD and BSD derived kernels likely will clear ip_id, as
570 * well as the IP_MF flag, making this all quite pointless.
571 *
572 * However, for a system on which IP_MF is left alone, and ip_id left
573 * alone or else which sets same ip_id for each fragment this might
574 * work, eg linux.
575 *
576 * XXX-TODO: It would be much nicer to have the kernel's use their
577 * existing fragmentation support to do this for us. Bugs/RFEs need to
578 * be raised against the various kernels.
579 */
580
581 /* set More Frag */
582 iph->ip_off |= IP_MF;
583
584 /* ip frag offset is expressed in units of 8byte words */
585 offset = maxdatasize >> OSPF_WRITE_FRAG_SHIFT;
586
587 iovp = &msg->msg_iov[1];
588
589 while ((stream_get_endp(op->s) - stream_get_getp(op->s))
590 > maxdatasize) {
591 /* data length of this frag is to next offset value */
592 iovp->iov_len = offset << OSPF_WRITE_FRAG_SHIFT;
593 iph->ip_len = iovp->iov_len + sizeof(struct ip);
594 assert(iph->ip_len <= mtu);
595
596 sockopt_iphdrincl_swab_htosys(iph);
597
598 ret = sendmsg(fd, msg, flags);
599
600 sockopt_iphdrincl_swab_systoh(iph);
601
602 if (ret < 0)
c9cc11f6 603 flog_err(
450971aa 604 EC_LIB_SOCKET,
96b663a3
MS		 605 "*** ospf_write_frags: sendmsg failed to %pI4, id %d, off %d, len %d, mtu %u failed with %s",
606 &iph->ip_dst, iph->ip_id, iph->ip_off,
d62a17ae 607 iph->ip_len, mtu, safe_strerror(errno));
608
609 if (IS_DEBUG_OSPF_PACKET(type - 1, SEND)) {
610 zlog_debug(
96b663a3 611 "ospf_write_frags: sent id %d, off %d, len %d to %pI4",
d62a17ae 612 iph->ip_id, iph->ip_off, iph->ip_len,
96b663a3 613 &iph->ip_dst);
d62a17ae 614 }
615
616 iph->ip_off += offset;
617 stream_forward_getp(op->s, iovp->iov_len);
2d34fb80 618 iovp->iov_base = stream_pnt(op->s);
d62a17ae 619 }
620
621 /* setup for final fragment */
622 iovp->iov_len = stream_get_endp(op->s) - stream_get_getp(op->s);
623 iph->ip_len = iovp->iov_len + sizeof(struct ip);
624 iph->ip_off &= (~IP_MF);
0bfeca3f 625}
626#endif /* WANT_OSPF_WRITE_FRAGMENT */
627
d62a17ae 628static int ospf_write(struct thread *thread)
629{
630 struct ospf *ospf = THREAD_ARG(thread);
631 struct ospf_interface *oi;
632 struct ospf_interface *last_serviced_oi = NULL;
633 struct ospf_packet *op;
634 struct sockaddr_in sa_dst;
635 struct ip iph;
636 struct msghdr msg;
637 struct iovec iov[2];
d7c0a89a 638 uint8_t type;
d62a17ae 639 int ret;
640 int flags = 0;
641 struct listnode *node;
0bfeca3f 642#ifdef WANT_OSPF_WRITE_FRAGMENT
d7c0a89a
QY		 643 static uint16_t ipid = 0;
644 uint16_t maxdatasize;
9d303b37 645#endif /* WANT_OSPF_WRITE_FRAGMENT */
68b7339a 646#define OSPF_WRITE_IPHL_SHIFT 2
d62a17ae 647 int pkt_count = 0;
e1b18df1
CS		 648
649#ifdef GNU_LINUX
3e300703 650 unsigned char cmsgbuf[64] = {};
e7503eab
CS		 651 struct cmsghdr *cm = (struct cmsghdr *)cmsgbuf;
652 struct in_pktinfo *pi;
e1b18df1 653#endif
d62a17ae 654
c32eba04
CS		 655 if (ospf->fd < 0 || ospf->oi_running == 0) {
656 if (IS_DEBUG_OSPF_EVENT)
657 zlog_debug(
96b663a3
MS		 658 "ospf_write failed to send, fd %d, instance %u",
659 ospf->fd, ospf->oi_running);
c32eba04
CS		 660 return -1;
661 }
662
d62a17ae 663 node = listhead(ospf->oi_write_q);
664 assert(node);
665 oi = listgetdata(node);
0bfeca3f 666
667#ifdef WANT_OSPF_WRITE_FRAGMENT
d62a17ae 668 /* seed ipid static with low order bits of time */
669 if (ipid == 0)
670 ipid = (time(NULL) & 0xffff);
0bfeca3f 671#endif /* WANT_OSPF_WRITE_FRAGMENT */
672
d62a17ae 673 while ((pkt_count < ospf->write_oi_count) && oi
674 && (last_serviced_oi != oi)) {
675 /* If there is only packet in the queue, the oi is removed from
676 write-q, so fix up the last interface that was serviced */
677 if (last_serviced_oi == NULL) {
678 last_serviced_oi = oi;
679 }
680 pkt_count++;
233cc0fb 681#ifdef WANT_OSPF_WRITE_FRAGMENT
d62a17ae 682 /* convenience - max OSPF data per packet */
683 maxdatasize = oi->ifp->mtu - sizeof(struct ip);
233cc0fb 684#endif /* WANT_OSPF_WRITE_FRAGMENT */
d62a17ae 685 /* Get one packet from queue. */
686 op = ospf_fifo_head(oi->obuf);
687 assert(op);
688 assert(op->length >= OSPF_HEADER_SIZE);
689
690 if (op->dst.s_addr == htonl(OSPF_ALLSPFROUTERS)
691 || op->dst.s_addr == htonl(OSPF_ALLDROUTERS))
692 ospf_if_ipmulticast(ospf, oi->address,
693 oi->ifp->ifindex);
694
695 /* Rewrite the md5 signature & update the seq */
696 ospf_make_md5_digest(oi, op);
697
698 /* Retrieve OSPF packet type. */
699 stream_set_getp(op->s, 1);
700 type = stream_getc(op->s);
701
702 /* reset get pointer */
703 stream_set_getp(op->s, 0);
704
705 memset(&iph, 0, sizeof(struct ip));
706 memset(&sa_dst, 0, sizeof(sa_dst));
707
708 sa_dst.sin_family = AF_INET;
6f0e3f6e 709#ifdef HAVE_STRUCT_SOCKADDR_IN_SIN_LEN
d62a17ae 710 sa_dst.sin_len = sizeof(sa_dst);
6f0e3f6e 711#endif /* HAVE_STRUCT_SOCKADDR_IN_SIN_LEN */
d62a17ae 712 sa_dst.sin_addr = op->dst;
713 sa_dst.sin_port = htons(0);
714
715 /* Set DONTROUTE flag if dst is unicast. */
716 if (oi->type != OSPF_IFTYPE_VIRTUALLINK)
717 if (!IN_MULTICAST(htonl(op->dst.s_addr)))
718 flags = MSG_DONTROUTE;
719
720 iph.ip_hl = sizeof(struct ip) >> OSPF_WRITE_IPHL_SHIFT;
721 /* it'd be very strange for header to not be 4byte-word aligned
722 * but.. */
723 if (sizeof(struct ip)
724 > (unsigned int)(iph.ip_hl << OSPF_WRITE_IPHL_SHIFT))
0d6f7fd6 725 iph.ip_hl++; /* we presume sizeof(struct ip) cant
d62a17ae 726 overflow ip_hl.. */
727
728 iph.ip_v = IPVERSION;
729 iph.ip_tos = IPTOS_PREC_INTERNETCONTROL;
730 iph.ip_len = (iph.ip_hl << OSPF_WRITE_IPHL_SHIFT) + op->length;
68b7339a 731
0150c9c9 732#if defined(__DragonFly__)
d62a17ae 733 /*
734 * DragonFly's raw socket expects ip_len/ip_off in network byte
735 * order.
736 */
737 iph.ip_len = htons(iph.ip_len);
0150c9c9
DB		 738#endif
739
0bfeca3f 740#ifdef WANT_OSPF_WRITE_FRAGMENT
d62a17ae 741 /* XXX-MT: not thread-safe at all..
742 * XXX: this presumes this is only programme sending OSPF
743 * packets
744 * otherwise, no guarantee ipid will be unique
745 */
746 iph.ip_id = ++ipid;
0bfeca3f 747#endif /* WANT_OSPF_WRITE_FRAGMENT */
748
d62a17ae 749 iph.ip_off = 0;
750 if (oi->type == OSPF_IFTYPE_VIRTUALLINK)
751 iph.ip_ttl = OSPF_VL_IP_TTL;
752 else
753 iph.ip_ttl = OSPF_IP_TTL;
754 iph.ip_p = IPPROTO_OSPFIGP;
755 iph.ip_sum = 0;
756 iph.ip_src.s_addr = oi->address->u.prefix4.s_addr;
757 iph.ip_dst.s_addr = op->dst.s_addr;
758
759 memset(&msg, 0, sizeof(msg));
760 msg.msg_name = (caddr_t)&sa_dst;
761 msg.msg_namelen = sizeof(sa_dst);
762 msg.msg_iov = iov;
763 msg.msg_iovlen = 2;
e7503eab 764
d62a17ae 765 iov[0].iov_base = (char *)&iph;
766 iov[0].iov_len = iph.ip_hl << OSPF_WRITE_IPHL_SHIFT;
2d34fb80 767 iov[1].iov_base = stream_pnt(op->s);
d62a17ae 768 iov[1].iov_len = op->length;
769
e1b18df1
CS		 770#ifdef GNU_LINUX
771 msg.msg_control = (caddr_t)cm;
e7503eab
CS		 772 cm->cmsg_level = SOL_IP;
773 cm->cmsg_type = IP_PKTINFO;
774 cm->cmsg_len = CMSG_LEN(sizeof(struct in_pktinfo));
775 pi = (struct in_pktinfo *)CMSG_DATA(cm);
776 pi->ipi_ifindex = oi->ifp->ifindex;
777
778 msg.msg_controllen = cm->cmsg_len;
e1b18df1 779#endif
e7503eab 780
996c9314
LB		 781/* Sadly we can not rely on kernels to fragment packets
782 * because of either IP_HDRINCL and/or multicast
783 * destination being set.
784 */
e7503eab 785
0bfeca3f 786#ifdef WANT_OSPF_WRITE_FRAGMENT
d62a17ae 787 if (op->length > maxdatasize)
788 ospf_write_frags(ospf->fd, op, &iph, &msg, maxdatasize,
789 oi->ifp->mtu, flags, type);
0bfeca3f 790#endif /* WANT_OSPF_WRITE_FRAGMENT */
718e3744 791
d62a17ae 792 /* send final fragment (could be first) */
793 sockopt_iphdrincl_swab_htosys(&iph);
794 ret = sendmsg(ospf->fd, &msg, flags);
795 sockopt_iphdrincl_swab_systoh(&iph);
796 if (IS_DEBUG_OSPF_EVENT)
797 zlog_debug(
96b663a3
MS		 798 "ospf_write to %pI4, id %d, off %d, len %d, interface %s, mtu %u:",
799 &iph.ip_dst, iph.ip_id, iph.ip_off,
d62a17ae 800 iph.ip_len, oi->ifp->name, oi->ifp->mtu);
801
68696746
RD		 802 /* sendmsg will return EPERM if firewall is blocking sending.
803 * This is a normal situation when 'ip nhrp map multicast xxx'
804 * is being used to send multicast packets to DMVPN peers. In
805 * that case the original message is blocked with iptables rule
806 * causing the EPERM result
807 */
808 if (ret < 0 && errno != EPERM)
c9cc11f6 809 flog_err(
450971aa 810 EC_LIB_SOCKET,
96b663a3
MS		 811 "*** sendmsg in ospf_write failed to %pI4, id %d, off %d, len %d, interface %s, mtu %u: %s",
812 &iph.ip_dst, iph.ip_id, iph.ip_off,
d62a17ae 813 iph.ip_len, oi->ifp->name, oi->ifp->mtu,
814 safe_strerror(errno));
815
816 /* Show debug sending packet. */
817 if (IS_DEBUG_OSPF_PACKET(type - 1, SEND)) {
818 if (IS_DEBUG_OSPF_PACKET(type - 1, DETAIL)) {
819 zlog_debug(
820 "-----------------------------------------------------");
d62a17ae 821 stream_set_getp(op->s, 0);
822 ospf_packet_dump(op->s);
823 }
824
96b663a3 825 zlog_debug("%s sent to [%pI4] via [%s].",
d62a17ae 826 lookup_msg(ospf_packet_type_str, type, NULL),
96b663a3 827 &op->dst, IF_NAME(oi));
d62a17ae 828
829 if (IS_DEBUG_OSPF_PACKET(type - 1, DETAIL))
830 zlog_debug(
831 "-----------------------------------------------------");
832 }
833
c9339663 834 switch (type) {
996c9314
LB		 835 case OSPF_MSG_HELLO:
836 oi->hello_out++;
837 break;
838 case OSPF_MSG_DB_DESC:
839 oi->db_desc_out++;
840 break;
841 case OSPF_MSG_LS_REQ:
842 oi->ls_req_out++;
843 break;
844 case OSPF_MSG_LS_UPD:
845 oi->ls_upd_out++;
846 break;
847 case OSPF_MSG_LS_ACK:
848 oi->ls_ack_out++;
849 break;
850 default:
851 break;
c9339663
CS		 852 }
853
d62a17ae 854 /* Now delete packet from queue. */
855 ospf_packet_delete(oi);
856
857 /* Move this interface to the tail of write_q to
858 serve everyone in a round robin fashion */
859 list_delete_node(ospf->oi_write_q, node);
860 if (ospf_fifo_head(oi->obuf) == NULL) {
861 oi->on_write_q = 0;
862 last_serviced_oi = NULL;
863 oi = NULL;
864 } else {
865 listnode_add(ospf->oi_write_q, oi);
e8f45e82 866 }
d62a17ae 867
868 /* Setup to service from the head of the queue again */
869 if (!list_isempty(ospf->oi_write_q)) {
870 node = listhead(ospf->oi_write_q);
d62a17ae 871 oi = listgetdata(node);
d62a17ae 872 }
873 }
874
875 /* If packets still remain in queue, call write thread. */
4bb420ab 876 if (!list_isempty(ospf->oi_write_q))
d62a17ae 877 thread_add_write(master, ospf_write, ospf, ospf->fd,
878 &ospf->t_write);
718e3744 879
d62a17ae 880 return 0;
718e3744 881}
882
883/* OSPF Hello message read -- RFC2328 Section 10.5. */
d62a17ae 884static void ospf_hello(struct ip *iph, struct ospf_header *ospfh,
885 struct stream *s, struct ospf_interface *oi, int size)
886{
887 struct ospf_hello *hello;
888 struct ospf_neighbor *nbr;
889 int old_state;
890 struct prefix p;
891
892 /* increment statistics. */
893 oi->hello_in++;
894
2d34fb80 895 hello = (struct ospf_hello *)stream_pnt(s);
d62a17ae 896
897 /* If Hello is myself, silently discard. */
898 if (IPV4_ADDR_SAME(&ospfh->router_id, &oi->ospf->router_id)) {
899 if (IS_DEBUG_OSPF_PACKET(ospfh->type - 1, RECV)) {
900 zlog_debug(
96b663a3 901 "ospf_header[%s/%pI4]: selforiginated, dropping.",
d62a17ae 902 lookup_msg(ospf_packet_type_str, ospfh->type,
903 NULL),
96b663a3 904 &iph->ip_src);
d62a17ae 905 }
906 return;
907 }
908
909 /* get neighbor prefix. */
910 p.family = AF_INET;
911 p.prefixlen = ip_masklen(hello->network_mask);
912 p.u.prefix4 = iph->ip_src;
913
914 /* Compare network mask. */
915 /* Checking is ignored for Point-to-Point and Virtual link. */
0c5506a8 916 /* Checking is also ignored for Point-to-Multipoint with /32 prefix */
d62a17ae 917 if (oi->type != OSPF_IFTYPE_POINTOPOINT
0c5506a8
AL		 918 && oi->type != OSPF_IFTYPE_VIRTUALLINK
919 && !(oi->type == OSPF_IFTYPE_POINTOMULTIPOINT
920 && oi->address->prefixlen == IPV4_MAX_BITLEN))
d62a17ae 921 if (oi->address->prefixlen != p.prefixlen) {
c9cc11f6 922 flog_warn(
cf444bcf 923 EC_OSPF_PACKET,
96b663a3
MS		 924 "Packet %pI4 [Hello:RECV]: NetworkMask mismatch on %s (configured prefix length is %d, but hello packet indicates %d).",
925 &ospfh->router_id, IF_NAME(oi),
d62a17ae 926 (int)oi->address->prefixlen, (int)p.prefixlen);
927 return;
928 }
929
930 /* Compare Router Dead Interval. */
931 if (OSPF_IF_PARAM(oi, v_wait) != ntohl(hello->dead_interval)) {
cf444bcf 932 flog_warn(EC_OSPF_PACKET,
96b663a3
MS		 933 "Packet %pI4 [Hello:RECV]: RouterDeadInterval mismatch (expected %u, but received %u).",
934 &ospfh->router_id,
c9cc11f6
DS		 935 OSPF_IF_PARAM(oi, v_wait),
936 ntohl(hello->dead_interval));
d62a17ae 937 return;
938 }
939
940 /* Compare Hello Interval - ignored if fast-hellos are set. */
941 if (OSPF_IF_PARAM(oi, fast_hello) == 0) {
942 if (OSPF_IF_PARAM(oi, v_hello)
943 != ntohs(hello->hello_interval)) {
c9cc11f6 944 flog_warn(
cf444bcf 945 EC_OSPF_PACKET,
96b663a3
MS		 946 "Packet %pI4 [Hello:RECV]: HelloInterval mismatch (expected %u, but received %u).",
947 &ospfh->router_id,
d62a17ae 948 OSPF_IF_PARAM(oi, v_hello),
949 ntohs(hello->hello_interval));
950 return;
951 }
952 }
953
954 if (IS_DEBUG_OSPF_EVENT)
96b663a3
MS		 955 zlog_debug("Packet %pI4 [Hello:RECV]: Options %s vrf %s",
956 &ospfh->router_id,
b5a8894d
CS		 957 ospf_options_dump(hello->options),
958 ospf_vrf_id_to_name(oi->ospf->vrf_id));
d62a17ae 959
960/* Compare options. */
718e3744 961#define REJECT_IF_TBIT_ON 1 /* XXX */
962#ifdef REJECT_IF_TBIT_ON
d62a17ae 963 if (CHECK_FLAG(hello->options, OSPF_OPTION_MT)) {
964 /*
965 * This router does not support non-zero TOS.
966 * Drop this Hello packet not to establish neighbor
967 * relationship.
968 */
cf444bcf 969 flog_warn(EC_OSPF_PACKET,
96b663a3
MS		 970 "Packet %pI4 [Hello:RECV]: T-bit on, drop it.",
971 &ospfh->router_id);
d62a17ae 972 return;
973 }
718e3744 974#endif /* REJECT_IF_TBIT_ON */
975
d62a17ae 976 if (CHECK_FLAG(oi->ospf->config, OSPF_OPAQUE_CAPABLE)
977 && CHECK_FLAG(hello->options, OSPF_OPTION_O)) {
978 /*
979 * This router does know the correct usage of O-bit
980 * the bit should be set in DD packet only.
981 */
cf444bcf 982 flog_warn(EC_OSPF_PACKET,
96b663a3
MS		 983 "Packet %pI4 [Hello:RECV]: O-bit abuse?",
984 &ospfh->router_id);
718e3744 985#ifdef STRICT_OBIT_USAGE_CHECK
d62a17ae 986 return; /* Reject this packet. */
987#else /* STRICT_OBIT_USAGE_CHECK */
988 UNSET_FLAG(hello->options, OSPF_OPTION_O); /* Ignore O-bit. */
989#endif /* STRICT_OBIT_USAGE_CHECK */
990 }
718e3744 991
d62a17ae 992 /* new for NSSA is to ensure that NP is on and E is off */
993
994 if (oi->area->external_routing == OSPF_AREA_NSSA) {
995 if (!(CHECK_FLAG(OPTIONS(oi), OSPF_OPTION_NP)
996 && CHECK_FLAG(hello->options, OSPF_OPTION_NP)
997 && !CHECK_FLAG(OPTIONS(oi), OSPF_OPTION_E)
998 && !CHECK_FLAG(hello->options, OSPF_OPTION_E))) {
c9cc11f6 999 flog_warn(
cf444bcf 1000 EC_OSPF_PACKET,
96b663a3
MS		 1001 "NSSA-Packet-%pI4[Hello:RECV]: my options: %x, his options %x",
1002 &ospfh->router_id, OPTIONS(oi),
d62a17ae 1003 hello->options);
1004 return;
1005 }
1006 if (IS_DEBUG_OSPF_NSSA)
96b663a3
MS		 1007 zlog_debug("NSSA-Hello:RECV:Packet from %pI4:",
1008 &ospfh->router_id);
d62a17ae 1009 } else
1010 /* The setting of the E-bit found in the Hello Packet's Options
1011 field must match this area's ExternalRoutingCapability A
1012 mismatch causes processing to stop and the packet to be
1013 dropped. The setting of the rest of the bits in the Hello
1014 Packet's Options field should be ignored. */
1015 if (CHECK_FLAG(OPTIONS(oi), OSPF_OPTION_E)
1016 != CHECK_FLAG(hello->options, OSPF_OPTION_E)) {
c9cc11f6 1017 flog_warn(
cf444bcf 1018 EC_OSPF_PACKET,
96b663a3
MS		 1019 "Packet %pI4 [Hello:RECV]: my options: %x, his options %x",
1020 &ospfh->router_id, OPTIONS(oi),
d62a17ae 1021 hello->options);
1022 return;
1023 }
718e3744 1024
d62a17ae 1025 /* get neighbour struct */
1026 nbr = ospf_nbr_get(oi, ospfh, iph, &p);
1027
1028 /* neighbour must be valid, ospf_nbr_get creates if none existed */
1029 assert(nbr);
1030
1031 old_state = nbr->state;
1032
1033 /* Add event to thread. */
874a549d 1034 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_HelloReceived);
d62a17ae 1035
1036 /* RFC2328 Section 9.5.1
1037 If the router is not eligible to become Designated Router,
1038 (snip) It must also send an Hello Packet in reply to an
1039 Hello Packet received from any eligible neighbor (other than
1040 the current Designated Router and Backup Designated Router). */
1041 if (oi->type == OSPF_IFTYPE_NBMA)
1042 if (PRIORITY(oi) == 0 && hello->priority > 0
1043 && IPV4_ADDR_CMP(&DR(oi), &iph->ip_src)
1044 && IPV4_ADDR_CMP(&BDR(oi), &iph->ip_src))
1045 OSPF_NSM_TIMER_ON(nbr->t_hello_reply,
1046 ospf_hello_reply_timer,
1047 OSPF_HELLO_REPLY_DELAY);
1048
1049 /* on NBMA network type, it happens to receive bidirectional Hello
1050 packet
1051 without advance 1-Way Received event.
1052 To avoid incorrect DR-seletion, raise 1-Way Received event.*/
1053 if (oi->type == OSPF_IFTYPE_NBMA
1054 && (old_state == NSM_Down || old_state == NSM_Attempt)) {
1055 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_OneWayReceived);
1056 nbr->priority = hello->priority;
1057 nbr->d_router = hello->d_router;
1058 nbr->bd_router = hello->bd_router;
1059 return;
1060 }
1061
1062 if (ospf_nbr_bidirectional(&oi->ospf->router_id, hello->neighbors,
1063 size - OSPF_HELLO_MIN_SIZE)) {
1064 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_TwoWayReceived);
1065 nbr->options |= hello->options;
1066 } else {
5a77dd8f 1067 /* If the router is DR_OTHER, RESTARTER will not wait
1068 * until it receives the hello from it if it receives
1069 * from DR and BDR.
1070 * So, helper might receives ONW_WAY hello from
1071 * RESTARTER. So not allowing to change the state if it
1072 * receives one_way hellow when it acts as HELPER for
1073 * that specific neighbor.
1074 */
1075 if (!OSPF_GR_IS_ACTIVE_HELPER(nbr))
1076 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_OneWayReceived);
d62a17ae 1077 /* Set neighbor information. */
1078 nbr->priority = hello->priority;
1079 nbr->d_router = hello->d_router;
1080 nbr->bd_router = hello->bd_router;
1081 return;
1082 }
1083
d51715bb
MR		 1084 if (OSPF_GR_IS_ACTIVE_HELPER(nbr)) {
1085 /* As per the GR Conformance Test Case 7.2. Section 3
1086 * "Also, if X was the Designated Router on network segment S
1087 * when the helping relationship began, Y maintains X as the
1088 * Designated Router until the helping relationship is
1089 * terminated."
1090 * When I am helper for this neighbor, I should not trigger the
1091 * ISM Events. Also Intentionally not setting the priority and
1092 * other fields so that when the neighbor exits the Grace
1093 * period, it can handle if there is any change before GR and
1094 * after GR. */
1095 if (IS_DEBUG_OSPF_GR)
1096 zlog_debug(
1097 "%s, Neighbor is under GR Restart, hence ignoring the ISM Events",
1098 __PRETTY_FUNCTION__);
1099
1100 return;
1101 }
1102
d62a17ae 1103 /* If neighbor itself declares DR and no BDR exists,
1104 cause event BackupSeen */
1105 if (IPV4_ADDR_SAME(&nbr->address.u.prefix4, &hello->d_router))
975a328e
DA		 1106 if (hello->bd_router.s_addr == INADDR_ANY
1107 && oi->state == ISM_Waiting)
d62a17ae 1108 OSPF_ISM_EVENT_SCHEDULE(oi, ISM_BackupSeen);
1109
1110 /* neighbor itself declares BDR. */
1111 if (oi->state == ISM_Waiting
1112 && IPV4_ADDR_SAME(&nbr->address.u.prefix4, &hello->bd_router))
1113 OSPF_ISM_EVENT_SCHEDULE(oi, ISM_BackupSeen);
1114
1115 /* had not previously. */
1116 if ((IPV4_ADDR_SAME(&nbr->address.u.prefix4, &hello->d_router)
1117 && IPV4_ADDR_CMP(&nbr->address.u.prefix4, &nbr->d_router))
1118 || (IPV4_ADDR_CMP(&nbr->address.u.prefix4, &hello->d_router)
1119 && IPV4_ADDR_SAME(&nbr->address.u.prefix4, &nbr->d_router)))
1120 OSPF_ISM_EVENT_SCHEDULE(oi, ISM_NeighborChange);
1121
1122 /* had not previously. */
1123 if ((IPV4_ADDR_SAME(&nbr->address.u.prefix4, &hello->bd_router)
1124 && IPV4_ADDR_CMP(&nbr->address.u.prefix4, &nbr->bd_router))
1125 || (IPV4_ADDR_CMP(&nbr->address.u.prefix4, &hello->bd_router)
1126 && IPV4_ADDR_SAME(&nbr->address.u.prefix4, &nbr->bd_router)))
1127 OSPF_ISM_EVENT_SCHEDULE(oi, ISM_NeighborChange);
1128
1129 /* Neighbor priority check. */
1130 if (nbr->priority >= 0 && nbr->priority != hello->priority)
1131 OSPF_ISM_EVENT_SCHEDULE(oi, ISM_NeighborChange);
1132
1133 /* Set neighbor information. */
1134 nbr->priority = hello->priority;
1135 nbr->d_router = hello->d_router;
1136 nbr->bd_router = hello->bd_router;
718e3744 1137}
1138
1139/* Save DD flags/options/Seqnum received. */
d62a17ae 1140static void ospf_db_desc_save_current(struct ospf_neighbor *nbr,
1141 struct ospf_db_desc *dd)
718e3744 1142{
d62a17ae 1143 nbr->last_recv.flags = dd->flags;
1144 nbr->last_recv.options = dd->options;
1145 nbr->last_recv.dd_seqnum = ntohl(dd->dd_seqnum);
718e3744 1146}
1147
1148/* Process rest of DD packet. */
d62a17ae 1149static void ospf_db_desc_proc(struct stream *s, struct ospf_interface *oi,
1150 struct ospf_neighbor *nbr,
d7c0a89a 1151 struct ospf_db_desc *dd, uint16_t size)
d62a17ae 1152{
1153 struct ospf_lsa *new, *find;
1154 struct lsa_header *lsah;
1155
1156 stream_forward_getp(s, OSPF_DB_DESC_MIN_SIZE);
1157 for (size -= OSPF_DB_DESC_MIN_SIZE; size >= OSPF_LSA_HEADER_SIZE;
1158 size -= OSPF_LSA_HEADER_SIZE) {
2d34fb80 1159 lsah = (struct lsa_header *)stream_pnt(s);
d62a17ae 1160 stream_forward_getp(s, OSPF_LSA_HEADER_SIZE);
1161
1162 /* Unknown LS type. */
1163 if (lsah->type < OSPF_MIN_LSA || lsah->type >= OSPF_MAX_LSA) {
cf444bcf 1164 flog_warn(EC_OSPF_PACKET,
c9cc11f6 1165 "Packet [DD:RECV]: Unknown LS type %d.",
d62a17ae 1166 lsah->type);
1167 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_SeqNumberMismatch);
1168 return;
1169 }
1170
1171 if (IS_OPAQUE_LSA(lsah->type)
1172 && !CHECK_FLAG(nbr->options, OSPF_OPTION_O)) {
cf444bcf 1173 flog_warn(EC_OSPF_PACKET,
96b663a3
MS		 1174 "LSA[Type%d:%pI4]: Opaque capability mismatch?",
1175 lsah->type, &lsah->id);
d62a17ae 1176 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_SeqNumberMismatch);
1177 return;
1178 }
1179
1180 switch (lsah->type) {
1181 case OSPF_AS_EXTERNAL_LSA:
1182 case OSPF_OPAQUE_AS_LSA:
1183 /* Check for stub area. Reject if AS-External from stub
1184 but
1185 allow if from NSSA. */
1186 if (oi->area->external_routing == OSPF_AREA_STUB) {
c9cc11f6 1187 flog_warn(
cf444bcf 1188 EC_OSPF_PACKET,
96b663a3
MS		 1189 "Packet [DD:RECV]: LSA[Type%d:%pI4] from %s area.",
1190 lsah->type, &lsah->id,
d62a17ae 1191 (oi->area->external_routing
1192 == OSPF_AREA_STUB)
1193 ? "STUB"
1194 : "NSSA");
1195 OSPF_NSM_EVENT_SCHEDULE(nbr,
1196 NSM_SeqNumberMismatch);
1197 return;
1198 }
1199 break;
1200 default:
1201 break;
1202 }
1203
1204 /* Create LS-request object. */
1205 new = ospf_ls_request_new(lsah);
1206
1207 /* Lookup received LSA, then add LS request list. */
1208 find = ospf_lsa_lookup_by_header(oi->area, lsah);
1209
1210 /* ospf_lsa_more_recent is fine with NULL pointers */
1211 switch (ospf_lsa_more_recent(find, new)) {
1212 case -1:
1213 /* Neighbour has a more recent LSA, we must request it
1214 */
1215 ospf_ls_request_add(nbr, new);
1216 /* fallthru */
1217 case 0:
1218 /* If we have a copy of this LSA, it's either less
1219 * recent
1220 * and we're requesting it from neighbour (the case
1221 * above), or
1222 * it's as recent and we both have same copy (this
1223 * case).
1224 *
1225 * In neither of these two cases is there any point in
1226 * describing our copy of the LSA to the neighbour in a
1227 * DB-Summary packet, if we're still intending to do so.
1228 *
1229 * See: draft-ogier-ospf-dbex-opt-00.txt, describing the
1230 * backward compatible optimisation to OSPF DB Exchange
1231 * /
1232 * DB Description process implemented here.
1233 */
1234 if (find)
1235 ospf_lsdb_delete(&nbr->db_sum, find);
1236 ospf_lsa_discard(new);
1237 break;
1238 default:
1239 /* We have the more recent copy, nothing specific to do:
1240 * - no need to request neighbours stale copy
1241 * - must leave DB summary list copy alone
1242 */
1243 if (IS_DEBUG_OSPF_EVENT)
1244 zlog_debug(
96b663a3
MS		 1245 "Packet [DD:RECV]: LSA received Type %d, ID %pI4 is not recent.",
1246 lsah->type, &lsah->id);
d62a17ae 1247 ospf_lsa_discard(new);
1248 }
1249 }
1250
1251 /* Master */
1252 if (IS_SET_DD_MS(nbr->dd_flags)) {
1253 nbr->dd_seqnum++;
1254
1255 /* Both sides have no More, then we're done with Exchange */
1256 if (!IS_SET_DD_M(dd->flags) && !IS_SET_DD_M(nbr->dd_flags))
1257 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_ExchangeDone);
1258 else
1259 ospf_db_desc_send(nbr);
1260 }
1261 /* Slave */
1262 else {
1263 nbr->dd_seqnum = ntohl(dd->dd_seqnum);
1264
1265 /* Send DD packet in reply.
1266 *
1267 * Must be done to acknowledge the Master's DD, regardless of
1268 * whether we have more LSAs ourselves to describe.
1269 *
1270 * This function will clear the 'More' bit, if after this DD
1271 * we have no more LSAs to describe to the master..
1272 */
1273 ospf_db_desc_send(nbr);
1274
1275 /* Slave can raise ExchangeDone now, if master is also done */
1276 if (!IS_SET_DD_M(dd->flags) && !IS_SET_DD_M(nbr->dd_flags))
1277 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_ExchangeDone);
1278 }
1279
1280 /* Save received neighbor values from DD. */
1281 ospf_db_desc_save_current(nbr, dd);
1282
1283 if (!nbr->t_ls_req)
1284 ospf_ls_req_send(nbr);
1285}
1286
1287static int ospf_db_desc_is_dup(struct ospf_db_desc *dd,
1288 struct ospf_neighbor *nbr)
1289{
1290 /* Is DD duplicated? */
1291 if (dd->options == nbr->last_recv.options
1292 && dd->flags == nbr->last_recv.flags
1293 && dd->dd_seqnum == htonl(nbr->last_recv.dd_seqnum))
1294 return 1;
1295
1296 return 0;
718e3744 1297}
1298
1299/* OSPF Database Description message read -- RFC2328 Section 10.6. */
d62a17ae 1300static void ospf_db_desc(struct ip *iph, struct ospf_header *ospfh,
1301 struct stream *s, struct ospf_interface *oi,
d7c0a89a 1302 uint16_t size)
d62a17ae 1303{
1304 struct ospf_db_desc *dd;
1305 struct ospf_neighbor *nbr;
d363df2c 1306
d62a17ae 1307 /* Increment statistics. */
1308 oi->db_desc_in++;
718e3744 1309
2d34fb80 1310 dd = (struct ospf_db_desc *)stream_pnt(s);
d62a17ae 1311
1312 nbr = ospf_nbr_lookup(oi, iph, ospfh);
1313 if (nbr == NULL) {
96b663a3
MS		 1314 flog_warn(EC_OSPF_PACKET, "Packet[DD]: Unknown Neighbor %pI4",
1315 &ospfh->router_id);
d62a17ae 1316 return;
718e3744 1317 }
d62a17ae 1318
1319 /* Check MTU. */
1320 if ((OSPF_IF_PARAM(oi, mtu_ignore) == 0)
1321 && (ntohs(dd->mtu) > oi->ifp->mtu)) {
c9cc11f6 1322 flog_warn(
cf444bcf 1323 EC_OSPF_PACKET,
96b663a3
MS		 1324 "Packet[DD]: Neighbor %pI4 MTU %u is larger than [%s]'s MTU %u",
1325 &nbr->router_id, ntohs(dd->mtu), IF_NAME(oi),
d62a17ae 1326 oi->ifp->mtu);
1327 return;
718e3744 1328 }
1329
d62a17ae 1330 /*
1331 * XXX HACK by Hasso Tepper. Setting N/P bit in NSSA area DD packets is
1332 * not
1333 * required. In fact at least JunOS sends DD packets with P bit clear.
1334 * Until proper solution is developped, this hack should help.
1335 *
1336 * Update: According to the RFCs, N bit is specified /only/ for Hello
1337 * options, unfortunately its use in DD options is not specified. Hence
1338 * some
1339 * implementations follow E-bit semantics and set it in DD options, and
1340 * some
1341 * treat it as unspecified and hence follow the directive "default for
1342 * options is clear", ie unset.
1343 *
1344 * Reset the flag, as ospfd follows E-bit semantics.
1345 */
1346 if ((oi->area->external_routing == OSPF_AREA_NSSA)
1347 && (CHECK_FLAG(nbr->options, OSPF_OPTION_NP))
1348 && (!CHECK_FLAG(dd->options, OSPF_OPTION_NP))) {
1349 if (IS_DEBUG_OSPF_EVENT)
1350 zlog_debug(
96b663a3
MS		 1351 "Packet[DD]: Neighbour %pI4: Has NSSA capability, sends with N bit clear in DD options",
1352 &nbr->router_id);
d62a17ae 1353 SET_FLAG(dd->options, OSPF_OPTION_NP);
718e3744 1354 }
1355
d62a17ae 1356#ifdef REJECT_IF_TBIT_ON
1357 if (CHECK_FLAG(dd->options, OSPF_OPTION_MT)) {
1358 /*
1359 * In Hello protocol, optional capability must have checked
1360 * to prevent this T-bit enabled router be my neighbor.
1361 */
96b663a3
MS		 1362 flog_warn(EC_OSPF_PACKET, "Packet[DD]: Neighbor %pI4: T-bit on?",
1363 &nbr->router_id);
d62a17ae 1364 return;
1365 }
1366#endif /* REJECT_IF_TBIT_ON */
1367
1368 if (CHECK_FLAG(dd->options, OSPF_OPTION_O)
1369 && !CHECK_FLAG(oi->ospf->config, OSPF_OPAQUE_CAPABLE)) {
1370 /*
1371 * This node is not configured to handle O-bit, for now.
1372 * Clear it to ignore unsupported capability proposed by
1373 * neighbor.
1374 */
1375 UNSET_FLAG(dd->options, OSPF_OPTION_O);
1376 }
1377
e6a22aeb
SK		 1378 if (CHECK_FLAG(oi->ospf->config, OSPF_LOG_ADJACENCY_DETAIL))
1379 zlog_info(
96b663a3 1380 "%s:Packet[DD]: Neighbor %pI4 state is %s, seq_num:0x%x, local:0x%x",
44076f4d 1381 ospf_get_name(oi->ospf), &nbr->router_id,
e6a22aeb
SK		 1382 lookup_msg(ospf_nsm_state_msg, nbr->state, NULL),
1383 ntohl(dd->dd_seqnum), nbr->dd_seqnum);
1384
d62a17ae 1385 /* Process DD packet by neighbor status. */
1386 switch (nbr->state) {
1387 case NSM_Down:
1388 case NSM_Attempt:
1389 case NSM_TwoWay:
96db9cd3
DS		 1390 if (CHECK_FLAG(oi->ospf->config, OSPF_LOG_ADJACENCY_DETAIL))
1391 zlog_info(
96b663a3
MS		 1392 "Packet[DD]: Neighbor %pI4 state is %s, packet discarded.",
1393 &nbr->router_id,
96db9cd3
DS		 1394 lookup_msg(ospf_nsm_state_msg, nbr->state,
1395 NULL));
d62a17ae 1396 break;
1397 case NSM_Init:
1398 OSPF_NSM_EVENT_EXECUTE(nbr, NSM_TwoWayReceived);
1399 /* If the new state is ExStart, the processing of the current
1400 packet should then continue in this new state by falling
1401 through to case ExStart below. */
1402 if (nbr->state != NSM_ExStart)
1403 break;
1404 /* fallthru */
1405 case NSM_ExStart:
1406 /* Initial DBD */
1407 if ((IS_SET_DD_ALL(dd->flags) == OSPF_DD_FLAG_ALL)
1408 && (size == OSPF_DB_DESC_MIN_SIZE)) {
1409 if (IPV4_ADDR_CMP(&nbr->router_id, &oi->ospf->router_id)
1410 > 0) {
1411 /* We're Slave---obey */
05ba78e4
CS		 1412 if (CHECK_FLAG(oi->ospf->config,
1413 OSPF_LOG_ADJACENCY_DETAIL))
996c9314 1414 zlog_info(
96b663a3
MS		 1415 "Packet[DD]: Neighbor %pI4 Negotiation done (Slave).",
1416 &nbr->router_id);
05ba78e4 1417
d62a17ae 1418 nbr->dd_seqnum = ntohl(dd->dd_seqnum);
1419
1420 /* Reset I/MS */
1421 UNSET_FLAG(nbr->dd_flags,
1422 (OSPF_DD_FLAG_MS | OSPF_DD_FLAG_I));
1423 } else {
1424 /* We're Master, ignore the initial DBD from
1425 * Slave */
05ba78e4
CS		 1426 if (CHECK_FLAG(oi->ospf->config,
1427 OSPF_LOG_ADJACENCY_DETAIL))
1428 zlog_info(
96b663a3
MS		 1429 "Packet[DD]: Neighbor %pI4: Initial DBD from Slave, ignoring.",
1430 &nbr->router_id);
d62a17ae 1431 break;
1432 }
1433 }
1434 /* Ack from the Slave */
1435 else if (!IS_SET_DD_MS(dd->flags) && !IS_SET_DD_I(dd->flags)
1436 && ntohl(dd->dd_seqnum) == nbr->dd_seqnum
1437 && IPV4_ADDR_CMP(&nbr->router_id, &oi->ospf->router_id)
1438 < 0) {
1439 zlog_info(
96b663a3
MS		 1440 "Packet[DD]: Neighbor %pI4 Negotiation done (Master).",
1441 &nbr->router_id);
d62a17ae 1442 /* Reset I, leaving MS */
1443 UNSET_FLAG(nbr->dd_flags, OSPF_DD_FLAG_I);
1444 } else {
cf444bcf 1445 flog_warn(EC_OSPF_PACKET,
96b663a3
MS		 1446 "Packet[DD]: Neighbor %pI4 Negotiation fails.",
1447 &nbr->router_id);
d62a17ae 1448 break;
1449 }
1450
1451 /* This is where the real Options are saved */
1452 nbr->options = dd->options;
1453
1454 if (CHECK_FLAG(oi->ospf->config, OSPF_OPAQUE_CAPABLE)) {
1455 if (IS_DEBUG_OSPF_EVENT)
1456 zlog_debug(
96b663a3
MS		 1457 "Neighbor[%pI4] is %sOpaque-capable.",
1458 &nbr->router_id,
d62a17ae 1459 CHECK_FLAG(nbr->options, OSPF_OPTION_O)
1460 ? ""
1461 : "NOT ");
1462
1463 if (!CHECK_FLAG(nbr->options, OSPF_OPTION_O)
1464 && IPV4_ADDR_SAME(&DR(oi),
1465 &nbr->address.u.prefix4)) {
c9cc11f6 1466 flog_warn(
cf444bcf 1467 EC_OSPF_PACKET,
96b663a3
MS		 1468 "DR-neighbor[%pI4] is NOT opaque-capable; Opaque-LSAs cannot be reliably advertised in this network.",
1469 &nbr->router_id);
d62a17ae 1470 /* This situation is undesirable, but not a real
1471 * error. */
1472 }
1473 }
1474
1475 OSPF_NSM_EVENT_EXECUTE(nbr, NSM_NegotiationDone);
1476
1477 /* continue processing rest of packet. */
1478 ospf_db_desc_proc(s, oi, nbr, dd, size);
1479 break;
1480 case NSM_Exchange:
1481 if (ospf_db_desc_is_dup(dd, nbr)) {
1482 if (IS_SET_DD_MS(nbr->dd_flags))
1483 /* Master: discard duplicated DD packet. */
1484 zlog_info(
96b663a3
MS		 1485 "Packet[DD] (Master): Neighbor %pI4 packet duplicated.",
1486 &nbr->router_id);
d62a17ae 1487 else
1488 /* Slave: cause to retransmit the last Database
1489 Description. */
1490 {
1491 zlog_info(
96b663a3
MS		 1492 "Packet[DD] [Slave]: Neighbor %pI4 packet duplicated.",
1493 &nbr->router_id);
d62a17ae 1494 ospf_db_desc_resend(nbr);
1495 }
1496 break;
1497 }
1498
1499 /* Otherwise DD packet should be checked. */
1500 /* Check Master/Slave bit mismatch */
1501 if (IS_SET_DD_MS(dd->flags)
1502 != IS_SET_DD_MS(nbr->last_recv.flags)) {
cf444bcf 1503 flog_warn(EC_OSPF_PACKET,
96b663a3
MS		 1504 "Packet[DD]: Neighbor %pI4 MS-bit mismatch.",
1505 &nbr->router_id);
d62a17ae 1506 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_SeqNumberMismatch);
1507 if (IS_DEBUG_OSPF_EVENT)
1508 zlog_debug(
1509 "Packet[DD]: dd->flags=%d, nbr->dd_flags=%d",
1510 dd->flags, nbr->dd_flags);
1511 break;
1512 }
1513
1514 /* Check initialize bit is set. */
1515 if (IS_SET_DD_I(dd->flags)) {
96b663a3
MS		 1516 zlog_info("Packet[DD]: Neighbor %pI4 I-bit set.",
1517 &nbr->router_id);
d62a17ae 1518 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_SeqNumberMismatch);
1519 break;
1520 }
1521
1522 /* Check DD Options. */
1523 if (dd->options != nbr->options) {
cf444bcf 1524 flog_warn(EC_OSPF_PACKET,
96b663a3
MS		 1525 "Packet[DD]: Neighbor %pI4 options mismatch.",
1526 &nbr->router_id);
d62a17ae 1527 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_SeqNumberMismatch);
1528 break;
1529 }
718e3744 1530
d62a17ae 1531 /* Check DD sequence number. */
1532 if ((IS_SET_DD_MS(nbr->dd_flags)
1533 && ntohl(dd->dd_seqnum) != nbr->dd_seqnum)
1534 || (!IS_SET_DD_MS(nbr->dd_flags)
1535 && ntohl(dd->dd_seqnum) != nbr->dd_seqnum + 1)) {
c9cc11f6 1536 flog_warn(
cf444bcf 1537 EC_OSPF_PACKET,
96b663a3
MS		 1538 "Packet[DD]: Neighbor %pI4 sequence number mismatch.",
1539 &nbr->router_id);
d62a17ae 1540 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_SeqNumberMismatch);
1541 break;
1542 }
1543
1544 /* Continue processing rest of packet. */
1545 ospf_db_desc_proc(s, oi, nbr, dd, size);
1546 break;
1547 case NSM_Loading:
1548 case NSM_Full:
1549 if (ospf_db_desc_is_dup(dd, nbr)) {
1550 if (IS_SET_DD_MS(nbr->dd_flags)) {
1551 /* Master should discard duplicate DD packet. */
1552 zlog_info(
96b663a3
MS		 1553 "Packet[DD]: Neighbor %pI4 duplicated, packet discarded.",
1554 &nbr->router_id);
d62a17ae 1555 break;
1556 } else {
1557 if (monotime_since(&nbr->last_send_ts, NULL)
1558 < nbr->v_inactivity * 1000000LL) {
1559 /* In states Loading and Full the slave
1560 must resend
1561 its last Database Description packet
1562 in response to
1563 duplicate Database Description
1564 packets received
1565 from the master. For this reason the
1566 slave must
1567 wait RouterDeadInterval seconds
1568 before freeing the
1569 last Database Description packet.
1570 Reception of a
1571 Database Description packet from the
1572 master after
1573 this interval will generate a
1574 SeqNumberMismatch
1575 neighbor event. RFC2328 Section 10.8
1576 */
1577 ospf_db_desc_resend(nbr);
1578 break;
1579 }
1580 }
718e3744 1581 }
718e3744 1582
d62a17ae 1583 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_SeqNumberMismatch);
1584 break;
1585 default:
cf444bcf 1586 flog_warn(EC_OSPF_PACKET,
96b663a3
MS		 1587 "Packet[DD]: Neighbor %pI4 NSM illegal status %u.",
1588 &nbr->router_id, nbr->state);
d62a17ae 1589 break;
1590 }
718e3744 1591}
1592
1593#define OSPF_LSA_KEY_SIZE 12 /* type(4) + id(4) + ar(4) */
1594
1595/* OSPF Link State Request Read -- RFC2328 Section 10.7. */
d62a17ae 1596static void ospf_ls_req(struct ip *iph, struct ospf_header *ospfh,
1597 struct stream *s, struct ospf_interface *oi,
d7c0a89a 1598 uint16_t size)
d62a17ae 1599{
1600 struct ospf_neighbor *nbr;
d7c0a89a 1601 uint32_t ls_type;
d62a17ae 1602 struct in_addr ls_id;
1603 struct in_addr adv_router;
1604 struct ospf_lsa *find;
1605 struct list *ls_upd;
1606 unsigned int length;
1607
1608 /* Increment statistics. */
1609 oi->ls_req_in++;
1610
1611 nbr = ospf_nbr_lookup(oi, iph, ospfh);
1612 if (nbr == NULL) {
cf444bcf 1613 flog_warn(EC_OSPF_PACKET,
96b663a3
MS		 1614 "Link State Request: Unknown Neighbor %pI4",
1615 &ospfh->router_id);
d62a17ae 1616 return;
718e3744 1617 }
1618
d62a17ae 1619 /* Neighbor State should be Exchange or later. */
1620 if (nbr->state != NSM_Exchange && nbr->state != NSM_Loading
1621 && nbr->state != NSM_Full) {
c9cc11f6 1622 flog_warn(
cf444bcf 1623 EC_OSPF_PACKET,
96b663a3
MS		 1624 "Link State Request received from %pI4: Neighbor state is %s, packet discarded.",
1625 &ospfh->router_id,
d62a17ae 1626 lookup_msg(ospf_nsm_state_msg, nbr->state, NULL));
1627 return;
718e3744 1628 }
1629
d62a17ae 1630 /* Send Link State Update for ALL requested LSAs. */
1631 ls_upd = list_new();
1632 length = OSPF_HEADER_SIZE + OSPF_LS_UPD_MIN_SIZE;
1633
1634 while (size >= OSPF_LSA_KEY_SIZE) {
1635 /* Get one slice of Link State Request. */
1636 ls_type = stream_getl(s);
1637 ls_id.s_addr = stream_get_ipv4(s);
1638 adv_router.s_addr = stream_get_ipv4(s);
1639
1640 /* Verify LSA type. */
1641 if (ls_type < OSPF_MIN_LSA || ls_type >= OSPF_MAX_LSA) {
1642 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_BadLSReq);
6a154c88 1643 list_delete(&ls_upd);
d62a17ae 1644 return;
1645 }
718e3744 1646
d62a17ae 1647 /* Search proper LSA in LSDB. */
b5a8894d
CS		 1648 find = ospf_lsa_lookup(oi->ospf, oi->area, ls_type, ls_id,
1649 adv_router);
d62a17ae 1650 if (find == NULL) {
1651 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_BadLSReq);
6a154c88 1652 list_delete(&ls_upd);
d62a17ae 1653 return;
1654 }
718e3744 1655
d62a17ae 1656 /* Packet overflows MTU size, send immediately. */
1657 if (length + ntohs(find->data->length) > ospf_packet_max(oi)) {
1658 if (oi->type == OSPF_IFTYPE_NBMA)
1659 ospf_ls_upd_send(nbr, ls_upd,
046460a1 1660 OSPF_SEND_PACKET_DIRECT, 0);
d62a17ae 1661 else
1662 ospf_ls_upd_send(nbr, ls_upd,
046460a1 1663 OSPF_SEND_PACKET_INDIRECT, 0);
d62a17ae 1664
1665 /* Only remove list contents. Keep ls_upd. */
1666 list_delete_all_node(ls_upd);
718e3744 1667
d62a17ae 1668 length = OSPF_HEADER_SIZE + OSPF_LS_UPD_MIN_SIZE;
1669 }
1670
1671 /* Append LSA to update list. */
1672 listnode_add(ls_upd, find);
1673 length += ntohs(find->data->length);
718e3744 1674
d62a17ae 1675 size -= OSPF_LSA_KEY_SIZE;
1676 }
718e3744 1677
d62a17ae 1678 /* Send rest of Link State Update. */
1679 if (listcount(ls_upd) > 0) {
1680 if (oi->type == OSPF_IFTYPE_NBMA)
996c9314
LB		 1681 ospf_ls_upd_send(nbr, ls_upd, OSPF_SEND_PACKET_DIRECT,
1682 0);
d62a17ae 1683 else
996c9314
LB		 1684 ospf_ls_upd_send(nbr, ls_upd, OSPF_SEND_PACKET_INDIRECT,
1685 0);
718e3744 1686
6a154c88 1687 list_delete(&ls_upd);
d62a17ae 1688 } else
6a154c88 1689 list_delete(&ls_upd);
718e3744 1690}
1691
1692/* Get the list of LSAs from Link State Update packet.
1693 And process some validation -- RFC2328 Section 13. (1)-(2). */
d62a17ae 1694static struct list *ospf_ls_upd_list_lsa(struct ospf_neighbor *nbr,
1695 struct stream *s,
1696 struct ospf_interface *oi, size_t size)
1697{
d7c0a89a
QY		 1698 uint16_t count, sum;
1699 uint32_t length;
d62a17ae 1700 struct lsa_header *lsah;
1701 struct ospf_lsa *lsa;
1702 struct list *lsas;
1703
1704 lsas = list_new();
1705
1706 count = stream_getl(s);
1707 size -= OSPF_LS_UPD_MIN_SIZE; /* # LSAs */
1708
1709 for (; size >= OSPF_LSA_HEADER_SIZE && count > 0;
1710 size -= length, stream_forward_getp(s, length), count--) {
2d34fb80 1711 lsah = (struct lsa_header *)stream_pnt(s);
d62a17ae 1712 length = ntohs(lsah->length);
1713
1714 if (length > size) {
c9cc11f6 1715 flog_warn(
cf444bcf 1716 EC_OSPF_PACKET,
d62a17ae 1717 "Link State Update: LSA length exceeds packet size.");
1718 break;
1719 }
718e3744 1720
d62a17ae 1721 /* Validate the LSA's LS checksum. */
1722 sum = lsah->checksum;
1723 if (!ospf_lsa_checksum_valid(lsah)) {
1724 /* (bug #685) more details in a one-line message make it
1725 * possible
1726 * to identify problem source on the one hand and to
1727 * have a better
1728 * chance to compress repeated messages in syslog on the
1729 * other */
c9cc11f6 1730 flog_warn(
cf444bcf 1731 EC_OSPF_PACKET,
96b663a3
MS		 1732 "Link State Update: LSA checksum error %x/%x, ID=%pI4 from: nbr %pI4, router ID %pI4, adv router %pI4",
1733 sum, lsah->checksum, &lsah->id,
1734 &nbr->src, &nbr->router_id,
1735 &lsah->adv_router);
d62a17ae 1736 continue;
1737 }
718e3744 1738
d62a17ae 1739 /* Examine the LSA's LS type. */
1740 if (lsah->type < OSPF_MIN_LSA || lsah->type >= OSPF_MAX_LSA) {
cf444bcf 1741 flog_warn(EC_OSPF_PACKET,
c9cc11f6 1742 "Link State Update: Unknown LS type %d",
d62a17ae 1743 lsah->type);
1744 continue;
1745 }
718e3744 1746
d62a17ae 1747 /*
1748 * What if the received LSA's age is greater than MaxAge?
1749 * Treat it as a MaxAge case -- endo.
1750 */
1751 if (ntohs(lsah->ls_age) > OSPF_LSA_MAXAGE)
1752 lsah->ls_age = htons(OSPF_LSA_MAXAGE);
718e3744 1753
d62a17ae 1754 if (CHECK_FLAG(nbr->options, OSPF_OPTION_O)) {
1755#ifdef STRICT_OBIT_USAGE_CHECK
1756 if ((IS_OPAQUE_LSA(lsah->type)
1757 && !CHECK_FLAG(lsah->options, OSPF_OPTION_O))
1758 || (!IS_OPAQUE_LSA(lsah->type)
1759 && CHECK_FLAG(lsah->options, OSPF_OPTION_O))) {
1760 /*
1761 * This neighbor must know the exact usage of
1762 * O-bit;
1763 * the bit will be set in Type-9,10,11 LSAs
1764 * only.
1765 */
cf444bcf 1766 flog_warn(EC_OSPF_PACKET,
96b663a3
MS		 1767 "LSA[Type%d:%pI4]: O-bit abuse?",
1768 lsah->type, &lsah->id);
d62a17ae 1769 continue;
1770 }
1771#endif /* STRICT_OBIT_USAGE_CHECK */
718e3744 1772
d62a17ae 1773 /* Do not take in AS External Opaque-LSAs if we are a
1774 * stub. */
1775 if (lsah->type == OSPF_OPAQUE_AS_LSA
1776 && nbr->oi->area->external_routing
1777 != OSPF_AREA_DEFAULT) {
1778 if (IS_DEBUG_OSPF_EVENT)
1779 zlog_debug(
96b663a3 1780 "LSA[Type%d:%pI4]: We are a stub, don't take this LSA.",
d62a17ae 1781 lsah->type,
96b663a3 1782 &lsah->id);
d62a17ae 1783 continue;
1784 }
1785 } else if (IS_OPAQUE_LSA(lsah->type)) {
cf444bcf 1786 flog_warn(EC_OSPF_PACKET,
96b663a3
MS		 1787 "LSA[Type%d:%pI4]: Opaque capability mismatch?",
1788 lsah->type, &lsah->id);
d62a17ae 1789 continue;
1790 }
718e3744 1791
d62a17ae 1792 /* Create OSPF LSA instance. */
5b3d4186 1793 lsa = ospf_lsa_new_and_data(length);
d62a17ae 1794
b5a8894d 1795 lsa->vrf_id = oi->ospf->vrf_id;
d62a17ae 1796 /* We may wish to put some error checking if type NSSA comes in
1797 and area not in NSSA mode */
1798 switch (lsah->type) {
1799 case OSPF_AS_EXTERNAL_LSA:
1800 case OSPF_OPAQUE_AS_LSA:
1801 lsa->area = NULL;
1802 break;
1803 case OSPF_OPAQUE_LINK_LSA:
1804 lsa->oi = oi; /* Remember incoming interface for
1805 flooding control. */
1806 /* Fallthrough */
1807 default:
1808 lsa->area = oi->area;
1809 break;
1810 }
718e3744 1811
d62a17ae 1812 memcpy(lsa->data, lsah, length);
1813
1814 if (IS_DEBUG_OSPF_EVENT)
1815 zlog_debug(
96b663a3
MS		 1816 "LSA[Type%d:%pI4]: %p new LSA created with Link State Update",
1817 lsa->data->type, &lsa->data->id,
d62a17ae 1818 (void *)lsa);
1819 listnode_add(lsas, lsa);
1820 }
718e3744 1821
d62a17ae 1822 return lsas;
718e3744 1823}
1824
1825/* Cleanup Update list. */
d62a17ae 1826static void ospf_upd_list_clean(struct list *lsas)
718e3744 1827{
d62a17ae 1828 struct listnode *node, *nnode;
1829 struct ospf_lsa *lsa;
718e3744 1830
d62a17ae 1831 for (ALL_LIST_ELEMENTS(lsas, node, nnode, lsa))
1832 ospf_lsa_discard(lsa);
718e3744 1833
6a154c88 1834 list_delete(&lsas);
718e3744 1835}
1836
1837/* OSPF Link State Update message read -- RFC2328 Section 13. */
d62a17ae 1838static void ospf_ls_upd(struct ospf *ospf, struct ip *iph,
1839 struct ospf_header *ospfh, struct stream *s,
d7c0a89a 1840 struct ospf_interface *oi, uint16_t size)
d62a17ae 1841{
1842 struct ospf_neighbor *nbr;
1843 struct list *lsas;
1844 struct listnode *node, *nnode;
1845 struct ospf_lsa *lsa = NULL;
1846 /* unsigned long ls_req_found = 0; */
1847
1848 /* Dis-assemble the stream, update each entry, re-encapsulate for
1849 * flooding */
1850
1851 /* Increment statistics. */
1852 oi->ls_upd_in++;
1853
1854 /* Check neighbor. */
1855 nbr = ospf_nbr_lookup(oi, iph, ospfh);
1856 if (nbr == NULL) {
cf444bcf 1857 flog_warn(EC_OSPF_PACKET,
96b663a3
MS		 1858 "Link State Update: Unknown Neighbor %pI4 on int: %s",
1859 &ospfh->router_id, IF_NAME(oi));
d62a17ae 1860 return;
718e3744 1861 }
1862
d62a17ae 1863 /* Check neighbor state. */
1864 if (nbr->state < NSM_Exchange) {
1865 if (IS_DEBUG_OSPF(nsm, NSM_EVENTS))
1866 zlog_debug(
96b663a3
MS		 1867 "Link State Update: Neighbor[%pI4] state %s is less than Exchange",
1868 &ospfh->router_id,
d62a17ae 1869 lookup_msg(ospf_nsm_state_msg, nbr->state,
1870 NULL));
1871 return;
1872 }
718e3744 1873
98cb53f9
RW		 1874 /* Get list of LSAs from Link State Update packet. - Also performs
1875 * Stages 1 (validate LSA checksum) and 2 (check for LSA consistent
1876 * type) of section 13.
d62a17ae 1877 */
1878 lsas = ospf_ls_upd_list_lsa(nbr, s, oi, size);
1879
35955c14
CS		 1880 if (lsas == NULL)
1881 return;
d62a17ae 1882#define DISCARD_LSA(L, N) \
1883 { \
1884 if (IS_DEBUG_OSPF_EVENT) \
1885 zlog_debug( \
1886 "ospf_lsa_discard() in ospf_ls_upd() point %d: lsa %p" \
1887 " Type-%d", \
1888 N, (void *)lsa, (int)lsa->data->type); \
1889 ospf_lsa_discard(L); \
1890 continue; \
718e3744 1891 }
1892
d62a17ae 1893 /* Process each LSA received in the one packet.
1894 *
1895 * Numbers in parentheses, e.g. (1), (2), etc., and the corresponding
1896 * text below are from the steps in RFC 2328, Section 13.
1897 */
1898 for (ALL_LIST_ELEMENTS(lsas, node, nnode, lsa)) {
1899 struct ospf_lsa *ls_ret, *current;
1900 int ret = 1;
1901
231af0a5 1902 if (IS_DEBUG_OSPF(lsa, LSA))
c067e23e
DS		 1903 zlog_debug("LSA Type-%d from %pI4, ID: %pI4, ADV: %pI4",
1904 lsa->data->type, &ospfh->router_id,
1905 &lsa->data->id, &lsa->data->adv_router);
718e3744 1906
d62a17ae 1907 listnode_delete(lsas,
1908 lsa); /* We don't need it in list anymore */
1909
1910 /* (1) Validate Checksum - Done above by ospf_ls_upd_list_lsa()
1911 */
1912
1913 /* (2) LSA Type - Done above by ospf_ls_upd_list_lsa() */
1914
1915 /* (3) Do not take in AS External LSAs if we are a stub or NSSA.
1916 */
1917
1918 /* Do not take in AS NSSA if this neighbor and we are not NSSA
1919 */
1920
1921 /* Do take in Type-7's if we are an NSSA */
1922
1923 /* If we are also an ABR, later translate them to a Type-5
1924 * packet */
1925
1926 /* Later, an NSSA Re-fresh can Re-fresh Type-7's and an ABR will
1927 translate them to a separate Type-5 packet. */
1928
1929 if (lsa->data->type == OSPF_AS_EXTERNAL_LSA)
1930 /* Reject from STUB or NSSA */
1931 if (nbr->oi->area->external_routing
1932 != OSPF_AREA_DEFAULT) {
1933 if (IS_DEBUG_OSPF_NSSA)
1934 zlog_debug(
1935 "Incoming External LSA Discarded: We are NSSA/STUB Area");
1936 DISCARD_LSA(lsa, 1);
1937 }
1938
1939 if (lsa->data->type == OSPF_AS_NSSA_LSA)
1940 if (nbr->oi->area->external_routing != OSPF_AREA_NSSA) {
1941 if (IS_DEBUG_OSPF_NSSA)
1942 zlog_debug(
1943 "Incoming NSSA LSA Discarded: Not NSSA Area");
1944 DISCARD_LSA(lsa, 2);
1945 }
1946
1947 /* VU229804: Router-LSA Adv-ID must be equal to LS-ID */
1948 if (lsa->data->type == OSPF_ROUTER_LSA)
1949 if (!IPV4_ADDR_SAME(&lsa->data->id,
1950 &lsa->data->adv_router)) {
c067e23e
DS		 1951 flog_err(
1952 EC_OSPF_ROUTER_LSA_MISMATCH,
1953 "Incoming Router-LSA from %pI4 with Adv-ID[%pI4] != LS-ID[%pI4]",
1954 &ospfh->router_id, &lsa->data->id,
1955 &lsa->data->adv_router);
af4c2728 1956 flog_err(
cf444bcf 1957 EC_OSPF_DOMAIN_CORRUPT,
3efd0893 1958 "OSPF domain compromised by attack or corruption. Verify correct operation of -ALL- OSPF routers.");
d62a17ae 1959 DISCARD_LSA(lsa, 0);
1960 }
1961
1962 /* Find the LSA in the current database. */
1963
1964 current = ospf_lsa_lookup_by_header(oi->area, lsa->data);
1965
1966 /* (4) If the LSA's LS age is equal to MaxAge, and there is
1967 currently
1968 no instance of the LSA in the router's link state database,
1969 and none of router's neighbors are in states Exchange or
1970 Loading,
1971 then take the following actions: */
1972
1973 if (IS_LSA_MAXAGE(lsa) && !current
1974 && ospf_check_nbr_status(oi->ospf)) {
1975 /* (4a) Response Link State Acknowledgment. */
1976 ospf_ls_ack_send(nbr, lsa);
1977
1978 /* (4b) Discard LSA. */
1979 if (IS_DEBUG_OSPF(lsa, LSA)) {
1980 zlog_debug(
1981 "Link State Update[%s]: LS age is equal to MaxAge.",
1982 dump_lsa_key(lsa));
1983 }
1984 DISCARD_LSA(lsa, 3);
1985 }
1986
1987 if (IS_OPAQUE_LSA(lsa->data->type)
1988 && IPV4_ADDR_SAME(&lsa->data->adv_router,
1989 &oi->ospf->router_id)) {
1990 /*
1991 * Even if initial flushing seems to be completed, there
1992 * might
1993 * be a case that self-originated LSA with MaxAge still
1994 * remain
1995 * in the routing domain.
1996 * Just send an LSAck message to cease retransmission.
1997 */
1998 if (IS_LSA_MAXAGE(lsa)) {
c9cc11f6 1999 zlog_info("LSA[%s]: Boomerang effect?",
d62a17ae 2000 dump_lsa_key(lsa));
2001 ospf_ls_ack_send(nbr, lsa);
2002 ospf_lsa_discard(lsa);
2003
2004 if (current != NULL && !IS_LSA_MAXAGE(current))
2005 ospf_opaque_lsa_refresh_schedule(
2006 current);
2007 continue;
2008 }
2009
2010 /*
2011 * If an instance of self-originated Opaque-LSA is not
2012 * found
2013 * in the LSDB, there are some possible cases here.
2014 *
2015 * 1) This node lost opaque-capability after restart.
2016 * 2) Else, a part of opaque-type is no more supported.
2017 * 3) Else, a part of opaque-id is no more supported.
2018 *
2019 * Anyway, it is still this node's responsibility to
2020 * flush it.
2021 * Otherwise, the LSA instance remains in the routing
2022 * domain
2023 * until its age reaches to MaxAge.
2024 */
2025 /* XXX: We should deal with this for *ALL* LSAs, not
2026 * just opaque */
2027 if (current == NULL) {
2028 if (IS_DEBUG_OSPF_EVENT)
2029 zlog_debug(
3efd0893 2030 "LSA[%s]: Previously originated Opaque-LSA,not found in the LSDB.",
d62a17ae 2031 dump_lsa_key(lsa));
2032
2033 SET_FLAG(lsa->flags, OSPF_LSA_SELF);
2034
d62a17ae 2035 ospf_ls_ack_send(nbr, lsa);
2036
10514170
RW		 2037 if (!ospf->gr_info.restart_in_progress) {
2038 ospf_opaque_self_originated_lsa_received(
2039 nbr, lsa);
2040 continue;
2041 }
d62a17ae 2042 }
2043 }
2044
2045 /* It might be happen that received LSA is self-originated
2046 * network LSA, but
2047 * router ID is changed. So, we should check if LSA is a
2048 * network-LSA whose
2049 * Link State ID is one of the router's own IP interface
2050 * addresses but whose
2051 * Advertising Router is not equal to the router's own Router ID
2052 * According to RFC 2328 12.4.2 and 13.4 this LSA should be
2053 * flushed.
2054 */
2055
2056 if (lsa->data->type == OSPF_NETWORK_LSA) {
2057 struct listnode *oinode, *oinnode;
2058 struct ospf_interface *out_if;
2059 int Flag = 0;
2060
2061 for (ALL_LIST_ELEMENTS(oi->ospf->oiflist, oinode,
2062 oinnode, out_if)) {
2063 if (out_if == NULL)
2064 break;
2065
2066 if ((IPV4_ADDR_SAME(&out_if->address->u.prefix4,
2067 &lsa->data->id))
2068 && (!(IPV4_ADDR_SAME(
2069 &oi->ospf->router_id,
2070 &lsa->data->adv_router)))) {
2071 if (out_if->network_lsa_self) {
2072 ospf_lsa_flush_area(
2073 lsa, out_if->area);
2074 if (IS_DEBUG_OSPF_EVENT)
2075 zlog_debug(
2076 "ospf_lsa_discard() in ospf_ls_upd() point 9: lsa %p Type-%d",
2077 (void *)lsa,
2078 (int)lsa->data
2079 ->type);
2080 ospf_lsa_discard(lsa);
2081 Flag = 1;
2082 }
2083 break;
2084 }
2085 }
2086 if (Flag)
2087 continue;
2088 }
2089
2090 /* (5) Find the instance of this LSA that is currently contained
2091 in the router's link state database. If there is no
2092 database copy, or the received LSA is more recent than
2093 the database copy the following steps must be performed.
2094 (The sub steps from RFC 2328 section 13 step (5) will be
2095 performed in
2096 ospf_flood() ) */
2097
2098 if (current == NULL
2099 || (ret = ospf_lsa_more_recent(current, lsa)) < 0) {
76c1efd7 2100 /* CVE-2017-3224 */
44d1115a 2101 if (current && (IS_LSA_MAX_SEQ(current))
3cb62bb3 2102 && (IS_LSA_MAX_SEQ(lsa)) && !IS_LSA_MAXAGE(lsa)) {
76c1efd7 2103 zlog_debug(
44d1115a 2104 "Link State Update[%s]: has Max Seq and higher checksum but not MaxAge. Dropping it",
76c1efd7
CS		 2105 dump_lsa_key(lsa));
2106
2107 DISCARD_LSA(lsa, 4);
76c1efd7
CS		 2108 }
2109
d62a17ae 2110 /* Actual flooding procedure. */
2111 if (ospf_flood(oi->ospf, nbr, current, lsa)
2112 < 0) /* Trap NSSA later. */
76c1efd7 2113 DISCARD_LSA(lsa, 5);
d62a17ae 2114 continue;
2115 }
2116
2117 /* (6) Else, If there is an instance of the LSA on the sending
2118 neighbor's Link state request list, an error has occurred in
2119 the Database Exchange process. In this case, restart the
2120 Database Exchange process by generating the neighbor event
2121 BadLSReq for the sending neighbor and stop processing the
2122 Link State Update packet. */
2123
2124 if (ospf_ls_request_lookup(nbr, lsa)) {
2125 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_BadLSReq);
c9cc11f6 2126 flog_warn(
cf444bcf 2127 EC_OSPF_PACKET,
d62a17ae 2128 "LSA[%s] instance exists on Link state request list",
2129 dump_lsa_key(lsa));
2130
2131 /* Clean list of LSAs. */
2132 ospf_upd_list_clean(lsas);
2133 /* this lsa is not on lsas list already. */
2134 ospf_lsa_discard(lsa);
2135 return;
2136 }
2137
2138 /* If the received LSA is the same instance as the database copy
2139 (i.e., neither one is more recent) the following two steps
2140 should be performed: */
2141
2142 if (ret == 0) {
2143 /* If the LSA is listed in the Link state retransmission
2144 list
2145 for the receiving adjacency, the router itself is
2146 expecting
2147 an acknowledgment for this LSA. The router should
2148 treat the
2149 received LSA as an acknowledgment by removing the LSA
2150 from
2151 the Link state retransmission list. This is termed
2152 an
2153 "implied acknowledgment". */
2154
2155 ls_ret = ospf_ls_retransmit_lookup(nbr, lsa);
2156
2157 if (ls_ret != NULL) {
2158 ospf_ls_retransmit_delete(nbr, ls_ret);
2159
2160 /* Delayed acknowledgment sent if advertisement
2161 received
2162 from Designated Router, otherwise do nothing.
2163 */
2164 if (oi->state == ISM_Backup)
2165 if (NBR_IS_DR(nbr))
2166 listnode_add(
2167 oi->ls_ack,
2168 ospf_lsa_lock(lsa));
2169
76c1efd7 2170 DISCARD_LSA(lsa, 6);
d62a17ae 2171 } else
2172 /* Acknowledge the receipt of the LSA by sending a
2173 Link State Acknowledgment packet back out the
2174 receiving
2175 interface. */
2176 {
2177 ospf_ls_ack_send(nbr, lsa);
76c1efd7 2178 DISCARD_LSA(lsa, 7);
d62a17ae 2179 }
2180 }
2181
2182 /* The database copy is more recent. If the database copy
2183 has LS age equal to MaxAge and LS sequence number equal to
2184 MaxSequenceNumber, simply discard the received LSA without
2185 acknowledging it. (In this case, the LSA's LS sequence number
2186 is
2187 wrapping, and the MaxSequenceNumber LSA must be completely
2188 flushed before any new LSA instance can be introduced). */
2189
2190 else if (ret > 0) /* Database copy is more recent */
2191 {
2192 if (IS_LSA_MAXAGE(current)
2193 && current->data->ls_seqnum
2194 == htonl(OSPF_MAX_SEQUENCE_NUMBER)) {
76c1efd7 2195 DISCARD_LSA(lsa, 8);
d62a17ae 2196 }
2197 /* Otherwise, as long as the database copy has not been
2198 sent in a
2199 Link State Update within the last MinLSArrival
2200 seconds, send the
2201 database copy back to the sending neighbor,
2202 encapsulated within
2203 a Link State Update Packet. The Link State Update
2204 Packet should
2205 be sent directly to the neighbor. In so doing, do not
2206 put the
2207 database copy of the LSA on the neighbor's link state
2208 retransmission list, and do not acknowledge the
2209 received (less
2210 recent) LSA instance. */
2211 else {
2212 if (monotime_since(&current->tv_orig, NULL)
2213 >= ospf->min_ls_arrival * 1000LL)
2214 /* Trap NSSA type later.*/
2215 ospf_ls_upd_send_lsa(
2216 nbr, current,
2217 OSPF_SEND_PACKET_DIRECT);
76c1efd7 2218 DISCARD_LSA(lsa, 9);
d62a17ae 2219 }
2220 }
2221 }
2cd754de
PJ		 2222#undef DISCARD_LSA
2223
d62a17ae 2224 assert(listcount(lsas) == 0);
6a154c88 2225 list_delete(&lsas);
10514170
RW		 2226
2227 if (ospf->gr_info.restart_in_progress)
2228 ospf_gr_check_lsdb_consistency(oi->ospf, oi->area);
718e3744 2229}
2230
2231/* OSPF Link State Acknowledgment message read -- RFC2328 Section 13.7. */
d62a17ae 2232static void ospf_ls_ack(struct ip *iph, struct ospf_header *ospfh,
2233 struct stream *s, struct ospf_interface *oi,
d7c0a89a 2234 uint16_t size)
d62a17ae 2235{
2236 struct ospf_neighbor *nbr;
2237
2238 /* increment statistics. */
2239 oi->ls_ack_in++;
2240
2241 nbr = ospf_nbr_lookup(oi, iph, ospfh);
2242 if (nbr == NULL) {
cf444bcf 2243 flog_warn(EC_OSPF_PACKET,
96b663a3
MS		 2244 "Link State Acknowledgment: Unknown Neighbor %pI4",
2245 &ospfh->router_id);
d62a17ae 2246 return;
2247 }
2248
d62a17ae 2249 if (nbr->state < NSM_Exchange) {
2250 if (IS_DEBUG_OSPF(nsm, NSM_EVENTS))
2251 zlog_debug(
96b663a3
MS		 2252 "Link State Acknowledgment: Neighbor[%pI4] state %s is less than Exchange",
2253 &ospfh->router_id,
d62a17ae 2254 lookup_msg(ospf_nsm_state_msg, nbr->state,
2255 NULL));
2256 return;
2257 }
2258
2259 while (size >= OSPF_LSA_HEADER_SIZE) {
2260 struct ospf_lsa *lsa, *lsr;
2261
2262 lsa = ospf_lsa_new();
2d34fb80 2263 lsa->data = (struct lsa_header *)stream_pnt(s);
b5a8894d 2264 lsa->vrf_id = oi->ospf->vrf_id;
d62a17ae 2265
2d34fb80 2266 /* lsah = (struct lsa_header *) stream_pnt (s); */
d62a17ae 2267 size -= OSPF_LSA_HEADER_SIZE;
2268 stream_forward_getp(s, OSPF_LSA_HEADER_SIZE);
2269
2270 if (lsa->data->type < OSPF_MIN_LSA
2271 || lsa->data->type >= OSPF_MAX_LSA) {
2272 lsa->data = NULL;
2273 ospf_lsa_discard(lsa);
2274 continue;
2275 }
2276
2277 lsr = ospf_ls_retransmit_lookup(nbr, lsa);
2278
3cb62bb3 2279 if (lsr != NULL && ospf_lsa_more_recent(lsr, lsa) == 0) {
d62a17ae 2280 ospf_ls_retransmit_delete(nbr, lsr);
3cb62bb3
MR		 2281 ospf_check_and_gen_init_seq_lsa(oi, lsa);
2282 }
d62a17ae 2283
2284 lsa->data = NULL;
2285 ospf_lsa_discard(lsa);
2286 }
2287
2288 return;
2289}
2290
b5a8894d
CS		 2291static struct stream *ospf_recv_packet(struct ospf *ospf, int fd,
2292 struct interface **ifp,
d62a17ae 2293 struct stream *ibuf)
2294{
2295 int ret;
2296 struct ip *iph;
d7c0a89a 2297 uint16_t ip_len;
d62a17ae 2298 ifindex_t ifindex = 0;
2299 struct iovec iov;
2300 /* Header and data both require alignment. */
2301 char buff[CMSG_SPACE(SOPT_SIZE_CMSG_IFINDEX_IPV4())];
2302 struct msghdr msgh;
2303
2304 memset(&msgh, 0, sizeof(struct msghdr));
2305 msgh.msg_iov = &iov;
2306 msgh.msg_iovlen = 1;
2307 msgh.msg_control = (caddr_t)buff;
2308 msgh.msg_controllen = sizeof(buff);
2309
4392cc43
DS		 2310 ret = stream_recvmsg(ibuf, fd, &msgh, MSG_DONTWAIT,
2311 OSPF_MAX_PACKET_SIZE + 1);
d62a17ae 2312 if (ret < 0) {
4392cc43
DS		 2313 if (errno != EAGAIN && errno != EWOULDBLOCK)
2314 flog_warn(EC_OSPF_PACKET, "stream_recvmsg failed: %s",
2315 safe_strerror(errno));
d62a17ae 2316 return NULL;
2317 }
e947b307 2318 if ((unsigned int)ret < sizeof(struct ip)) {
c9cc11f6 2319 flog_warn(
cf444bcf 2320 EC_OSPF_PACKET,
3efd0893 2321 "ospf_recv_packet: discarding runt packet of length %d (ip header size is %u)",
d7c0a89a 2322 ret, (unsigned int)sizeof(iph));
d62a17ae 2323 return NULL;
2324 }
2325
2326 /* Note that there should not be alignment problems with this assignment
2327 because this is at the beginning of the stream data buffer. */
2328 iph = (struct ip *)STREAM_DATA(ibuf);
2329 sockopt_iphdrincl_swab_systoh(iph);
2330
2331 ip_len = iph->ip_len;
2332
bdee8083 2333#if defined(__FreeBSD__) && (__FreeBSD_version < 1000000)
d62a17ae 2334 /*
2335 * Kernel network code touches incoming IP header parameters,
2336 * before protocol specific processing.
2337 *
2338 * 1) Convert byteorder to host representation.
2339 * --> ip_len, ip_id, ip_off
2340 *
2341 * 2) Adjust ip_len to strip IP header size!
2342 * --> If user process receives entire IP packet via RAW
2343 * socket, it must consider adding IP header size to
2344 * the "ip_len" field of "ip" structure.
2345 *
2346 * For more details, see <netinet/ip_input.c>.
2347 */
2348 ip_len = ip_len + (iph->ip_hl << 2);
718e3744 2349#endif
d62a17ae 2350
0150c9c9 2351#if defined(__DragonFly__)
d62a17ae 2352 /*
2353 * in DragonFly's raw socket, ip_len/ip_off are read
2354 * in network byte order.
2355 * As OpenBSD < 200311 adjust ip_len to strip IP header size!
2356 */
2357 ip_len = ntohs(iph->ip_len) + (iph->ip_hl << 2);
0150c9c9
DB		 2358#endif
2359
d62a17ae 2360 ifindex = getsockopt_ifindex(AF_INET, &msgh);
2361
b5a8894d 2362 *ifp = if_lookup_by_index(ifindex, ospf->vrf_id);
d62a17ae 2363
2364 if (ret != ip_len) {
c9cc11f6 2365 flog_warn(
cf444bcf 2366 EC_OSPF_PACKET,
3efd0893 2367 "ospf_recv_packet read length mismatch: ip_len is %d, but recvmsg returned %d",
d62a17ae 2368 ip_len, ret);
2369 return NULL;
2370 }
718e3744 2371
868a0861 2372 if (IS_DEBUG_OSPF_PACKET(0, RECV))
15569c58
DA		 2373 zlog_debug("%s: fd %d(%s) on interface %d(%s)", __func__, fd,
2374 ospf_get_name(ospf), ifindex,
2375 *ifp ? (*ifp)->name : "Unknown");
d62a17ae 2376 return ibuf;
718e3744 2377}
2378
4dadc291 2379static struct ospf_interface *
d62a17ae 2380ospf_associate_packet_vl(struct ospf *ospf, struct interface *ifp,
2381 struct ip *iph, struct ospf_header *ospfh)
2382{
2383 struct ospf_interface *rcv_oi;
2384 struct ospf_vl_data *vl_data;
2385 struct ospf_area *vl_area;
2386 struct listnode *node;
2387
2388 if (IN_MULTICAST(ntohl(iph->ip_dst.s_addr))
2389 || !OSPF_IS_AREA_BACKBONE(ospfh))
2390 return NULL;
2391
2392 /* look for local OSPF interface matching the destination
2393 * to determine Area ID. We presume therefore the destination address
2394 * is unique, or at least (for "unnumbered" links), not used in other
2395 * areas
2396 */
2397 if ((rcv_oi = ospf_if_lookup_by_local_addr(ospf, NULL, iph->ip_dst))
2398 == NULL)
2399 return NULL;
2400
2401 for (ALL_LIST_ELEMENTS_RO(ospf->vlinks, node, vl_data)) {
2402 vl_area =
2403 ospf_area_lookup_by_area_id(ospf, vl_data->vl_area_id);
2404 if (!vl_area)
2405 continue;
2406
2407 if (OSPF_AREA_SAME(&vl_area, &rcv_oi->area)
2408 && IPV4_ADDR_SAME(&vl_data->vl_peer, &ospfh->router_id)) {
2409 if (IS_DEBUG_OSPF_EVENT)
2410 zlog_debug("associating packet with %s",
2411 IF_NAME(vl_data->vl_oi));
2412 if (!CHECK_FLAG(vl_data->vl_oi->ifp->flags, IFF_UP)) {
2413 if (IS_DEBUG_OSPF_EVENT)
2414 zlog_debug(
2415 "This VL is not up yet, sorry");
2416 return NULL;
2417 }
2418
2419 return vl_data->vl_oi;
2420 }
718e3744 2421 }
718e3744 2422
d62a17ae 2423 if (IS_DEBUG_OSPF_EVENT)
2424 zlog_debug("couldn't find any VL to associate the packet with");
2425
2426 return NULL;
718e3744 2427}
2428
d62a17ae 2429static int ospf_check_area_id(struct ospf_interface *oi,
2430 struct ospf_header *ospfh)
718e3744 2431{
d62a17ae 2432 /* Check match the Area ID of the receiving interface. */
2433 if (OSPF_AREA_SAME(&oi->area, &ospfh))
2434 return 1;
718e3744 2435
d62a17ae 2436 return 0;
718e3744 2437}
2438
2439/* Unbound socket will accept any Raw IP packets if proto is matched.
2440 To prevent it, compare src IP address and i/f address with masking
2441 i/f network mask. */
d62a17ae 2442static int ospf_check_network_mask(struct ospf_interface *oi,
2443 struct in_addr ip_src)
718e3744 2444{
d62a17ae 2445 struct in_addr mask, me, him;
718e3744 2446
d62a17ae 2447 if (oi->type == OSPF_IFTYPE_POINTOPOINT
2448 || oi->type == OSPF_IFTYPE_VIRTUALLINK)
2449 return 1;
718e3744 2450
0c5506a8
AL		 2451 /* Ignore mask check for max prefix length (32) */
2452 if (oi->type == OSPF_IFTYPE_POINTOMULTIPOINT
2453 && oi->address->prefixlen == IPV4_MAX_BITLEN)
2454 return 1;
2455
d62a17ae 2456 masklen2ip(oi->address->prefixlen, &mask);
718e3744 2457
d62a17ae 2458 me.s_addr = oi->address->u.prefix4.s_addr & mask.s_addr;
2459 him.s_addr = ip_src.s_addr & mask.s_addr;
718e3744 2460
d62a17ae 2461 if (IPV4_ADDR_SAME(&me, &him))
2462 return 1;
718e3744 2463
d62a17ae 2464 return 0;
718e3744 2465}
2466
bd5651f0
DO		 2467/* Return 1, if the packet is properly authenticated and checksummed,
2468 0 otherwise. In particular, check that AuType header field is valid and
2469 matches the locally configured AuType, and that D.5 requirements are met. */
d62a17ae 2470static int ospf_check_auth(struct ospf_interface *oi, struct ospf_header *ospfh)
2471{
2472 struct crypt_key *ck;
d7c0a89a
QY		 2473 uint16_t iface_auth_type;
2474 uint16_t pkt_auth_type = ntohs(ospfh->auth_type);
d62a17ae 2475
2476 switch (pkt_auth_type) {
2477 case OSPF_AUTH_NULL: /* RFC2328 D.5.1 */
2478 if (OSPF_AUTH_NULL != (iface_auth_type = ospf_auth_type(oi))) {
2479 if (IS_DEBUG_OSPF_PACKET(ospfh->type - 1, RECV))
c9cc11f6 2480 flog_warn(
cf444bcf 2481 EC_OSPF_PACKET,
d62a17ae 2482 "interface %s: auth-type mismatch, local %s, rcvd Null",
2483 IF_NAME(oi),
2484 lookup_msg(ospf_auth_type_str,
2485 iface_auth_type, NULL));
2486 return 0;
2487 }
2488 if (!ospf_check_sum(ospfh)) {
2489 if (IS_DEBUG_OSPF_PACKET(ospfh->type - 1, RECV))
c9cc11f6 2490 flog_warn(
cf444bcf 2491 EC_OSPF_PACKET,
96b663a3 2492 "interface %s: Null auth OK, but checksum error, Router-ID %pI4",
d62a17ae 2493 IF_NAME(oi),
96b663a3 2494 &ospfh->router_id);
d62a17ae 2495 return 0;
2496 }
2497 return 1;
2498 case OSPF_AUTH_SIMPLE: /* RFC2328 D.5.2 */
2499 if (OSPF_AUTH_SIMPLE
2500 != (iface_auth_type = ospf_auth_type(oi))) {
2501 if (IS_DEBUG_OSPF_PACKET(ospfh->type - 1, RECV))
c9cc11f6 2502 flog_warn(
cf444bcf 2503 EC_OSPF_PACKET,
d62a17ae 2504 "interface %s: auth-type mismatch, local %s, rcvd Simple",
2505 IF_NAME(oi),
2506 lookup_msg(ospf_auth_type_str,
2507 iface_auth_type, NULL));
2508 return 0;
2509 }
2510 if (memcmp(OSPF_IF_PARAM(oi, auth_simple), ospfh->u.auth_data,
2511 OSPF_AUTH_SIMPLE_SIZE)) {
2512 if (IS_DEBUG_OSPF_PACKET(ospfh->type - 1, RECV))
cf444bcf 2513 flog_warn(EC_OSPF_PACKET,
c9cc11f6 2514 "interface %s: Simple auth failed",
d62a17ae 2515 IF_NAME(oi));
2516 return 0;
2517 }
2518 if (!ospf_check_sum(ospfh)) {
2519 if (IS_DEBUG_OSPF_PACKET(ospfh->type - 1, RECV))
c9cc11f6 2520 flog_warn(
cf444bcf 2521 EC_OSPF_PACKET,
96b663a3 2522 "interface %s: Simple auth OK, checksum error, Router-ID %pI4",
d62a17ae 2523 IF_NAME(oi),
96b663a3 2524 &ospfh->router_id);
d62a17ae 2525 return 0;
2526 }
2527 return 1;
2528 case OSPF_AUTH_CRYPTOGRAPHIC: /* RFC2328 D.5.3 */
2529 if (OSPF_AUTH_CRYPTOGRAPHIC
2530 != (iface_auth_type = ospf_auth_type(oi))) {
2531 if (IS_DEBUG_OSPF_PACKET(ospfh->type - 1, RECV))
c9cc11f6 2532 flog_warn(
cf444bcf 2533 EC_OSPF_PACKET,
d62a17ae 2534 "interface %s: auth-type mismatch, local %s, rcvd Cryptographic",
2535 IF_NAME(oi),
2536 lookup_msg(ospf_auth_type_str,
2537 iface_auth_type, NULL));
2538 return 0;
2539 }
2540 if (ospfh->checksum) {
2541 if (IS_DEBUG_OSPF_PACKET(ospfh->type - 1, RECV))
c9cc11f6 2542 flog_warn(
cf444bcf 2543 EC_OSPF_PACKET,
d62a17ae 2544 "interface %s: OSPF header checksum is not 0",
2545 IF_NAME(oi));
2546 return 0;
2547 }
2548 /* only MD5 crypto method can pass ospf_packet_examin() */
996c9314
LB		 2549 if (NULL == (ck = listgetdata(
2550 listtail(OSPF_IF_PARAM(oi, auth_crypt))))
2551 || ospfh->u.crypt.key_id != ck->key_id ||
2552 /* Condition above uses the last key ID on the list,
2553 which is
2554 different from what ospf_crypt_key_lookup() does. A
2555 bug? */
2556 !ospf_check_md5_digest(oi, ospfh)) {
d62a17ae 2557 if (IS_DEBUG_OSPF_PACKET(ospfh->type - 1, RECV))
cf444bcf 2558 flog_warn(EC_OSPF_MD5,
c9cc11f6 2559 "interface %s: MD5 auth failed",
d62a17ae 2560 IF_NAME(oi));
2561 return 0;
2562 }
2563 return 1;
2564 default:
2565 if (IS_DEBUG_OSPF_PACKET(ospfh->type - 1, RECV))
c9cc11f6 2566 flog_warn(
cf444bcf 2567 EC_OSPF_PACKET,
d62a17ae 2568 "interface %s: invalid packet auth-type (%02x)",
2569 IF_NAME(oi), pkt_auth_type);
2570 return 0;
2571 }
2572}
2573
2574static int ospf_check_sum(struct ospf_header *ospfh)
2575{
d7c0a89a
QY		 2576 uint32_t ret;
2577 uint16_t sum;
d62a17ae 2578
2579 /* clear auth_data for checksum. */
2580 memset(ospfh->u.auth_data, 0, OSPF_AUTH_SIMPLE_SIZE);
2581
2582 /* keep checksum and clear. */
2583 sum = ospfh->checksum;
d7c0a89a 2584 memset(&ospfh->checksum, 0, sizeof(uint16_t));
d62a17ae 2585
2586 /* calculate checksum. */
2587 ret = in_cksum(ospfh, ntohs(ospfh->length));
2588
2589 if (ret != sum) {
2590 zlog_info("ospf_check_sum(): checksum mismatch, my %X, his %X",
2591 ret, sum);
2592 return 0;
2593 }
2594
2595 return 1;
718e3744 2596}
2597
4e31de79
DO		 2598/* Verify, that given link/TOS records are properly sized/aligned and match
2599 Router-LSA "# links" and "# TOS" fields as specified in RFC2328 A.4.2. */
d62a17ae 2600static unsigned ospf_router_lsa_links_examin(struct router_lsa_link *link,
d7c0a89a
QY		 2601 uint16_t linkbytes,
2602 const uint16_t num_links)
d62a17ae 2603{
2604 unsigned counted_links = 0, thislinklen;
2605
04d6a0f8 2606 while (linkbytes >= OSPF_ROUTER_LSA_LINK_SIZE) {
d62a17ae 2607 thislinklen =
2608 OSPF_ROUTER_LSA_LINK_SIZE + 4 * link->m[0].tos_count;
2609 if (thislinklen > linkbytes) {
2610 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2611 zlog_debug("%s: length error in link block #%u",
2612 __func__, counted_links);
2613 return MSG_NG;
2614 }
2615 link = (struct router_lsa_link *)((caddr_t)link + thislinklen);
2616 linkbytes -= thislinklen;
2617 counted_links++;
2618 }
2619 if (counted_links != num_links) {
2620 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2621 zlog_debug("%s: %u link blocks declared, %u present",
2622 __func__, num_links, counted_links);
2623 return MSG_NG;
2624 }
2625 return MSG_OK;
4e31de79
DO		 2626}
2627
2628/* Verify, that the given LSA is properly sized/aligned (including type-specific
2629 minimum length constraint). */
d7c0a89a
QY		 2630static unsigned ospf_lsa_examin(struct lsa_header *lsah, const uint16_t lsalen,
2631 const uint8_t headeronly)
d62a17ae 2632{
2633 unsigned ret;
2634 struct router_lsa *rlsa;
2635 if (lsah->type < OSPF_MAX_LSA && ospf_lsa_minlen[lsah->type]
2636 && lsalen < OSPF_LSA_HEADER_SIZE + ospf_lsa_minlen[lsah->type]) {
2637 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2638 zlog_debug("%s: undersized (%u B) %s", __func__, lsalen,
2639 lookup_msg(ospf_lsa_type_msg, lsah->type,
2640 NULL));
2641 return MSG_NG;
2642 }
2643 switch (lsah->type) {
04d6a0f8
QY		 2644 case OSPF_ROUTER_LSA: {
2645 /*
2646 * RFC2328 A.4.2, LSA header + 4 bytes followed by N>=0
2647 * (12+)-byte link blocks
2648 */
2649 size_t linkbytes_len = lsalen - OSPF_LSA_HEADER_SIZE
2650 - OSPF_ROUTER_LSA_MIN_SIZE;
2651
2652 /*
2653 * LSA link blocks are variable length but always multiples of
2654 * 4; basic sanity check
2655 */
2656 if (linkbytes_len % 4 != 0)
2657 return MSG_NG;
2658
2659 if (headeronly)
2660 return MSG_OK;
2661
d62a17ae 2662 rlsa = (struct router_lsa *)lsah;
04d6a0f8 2663
d62a17ae 2664 ret = ospf_router_lsa_links_examin(
2665 (struct router_lsa_link *)rlsa->link,
04d6a0f8
QY		 2666 linkbytes_len,
2667 ntohs(rlsa->links));
d62a17ae 2668 break;
04d6a0f8 2669 }
d62a17ae 2670 case OSPF_AS_EXTERNAL_LSA:
2671 /* RFC2328 A.4.5, LSA header + 4 bytes followed by N>=1 12-bytes long
2672 * blocks */
2673 case OSPF_AS_NSSA_LSA:
2674 /* RFC3101 C, idem */
2675 ret = (lsalen - OSPF_LSA_HEADER_SIZE
2676 - OSPF_AS_EXTERNAL_LSA_MIN_SIZE)
2677 % 12
2678 ? MSG_NG
2679 : MSG_OK;
2680 break;
2681 /* Following LSA types are considered OK length-wise as soon as their
2682 * minimum
2683 * length constraint is met and length of the whole LSA is a multiple of
2684 * 4
2685 * (basic LSA header size is already a multiple of 4). */
2686 case OSPF_NETWORK_LSA:
2687 /* RFC2328 A.4.3, LSA header + 4 bytes followed by N>=1 router-IDs */
2688 case OSPF_SUMMARY_LSA:
2689 case OSPF_ASBR_SUMMARY_LSA:
2690 /* RFC2328 A.4.4, LSA header + 4 bytes followed by N>=1 4-bytes TOS
2691 * blocks */
2692 case OSPF_OPAQUE_LINK_LSA:
2693 case OSPF_OPAQUE_AREA_LSA:
2694 case OSPF_OPAQUE_AS_LSA:
2695 /* RFC5250 A.2, "some number of octets (of application-specific
2696 * data) padded to 32-bit alignment." This is considered
2697 * equivalent
2698 * to 4-byte alignment of all other LSA types, see
2699 * OSPF-ALIGNMENT.txt
2700 * file for the detailed analysis of this passage. */
2701 ret = lsalen % 4 ? MSG_NG : MSG_OK;
2702 break;
2703 default:
2704 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2705 zlog_debug("%s: unsupported LSA type 0x%02x", __func__,
2706 lsah->type);
2707 return MSG_NG;
2708 }
2709 if (ret != MSG_OK && IS_DEBUG_OSPF_PACKET(0, RECV))
2710 zlog_debug("%s: alignment error in %s", __func__,
2711 lookup_msg(ospf_lsa_type_msg, lsah->type, NULL));
2712 return ret;
4e31de79
DO		 2713}
2714
2715/* Verify if the provided input buffer is a valid sequence of LSAs. This
2716 includes verification of LSA blocks length/alignment and dispatching
2717 of deeper-level checks. */
2718static unsigned
d62a17ae 2719ospf_lsaseq_examin(struct lsa_header *lsah, /* start of buffered data */
d7c0a89a 2720 size_t length, const uint8_t headeronly,
d62a17ae 2721 /* When declared_num_lsas is not 0, compare it to the real
2722 number of LSAs
2723 and treat the difference as an error. */
d7c0a89a 2724 const uint32_t declared_num_lsas)
d62a17ae 2725{
d7c0a89a 2726 uint32_t counted_lsas = 0;
d62a17ae 2727
2728 while (length) {
d7c0a89a 2729 uint16_t lsalen;
d62a17ae 2730 if (length < OSPF_LSA_HEADER_SIZE) {
2731 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2732 zlog_debug(
2733 "%s: undersized (%zu B) trailing (#%u) LSA header",
2734 __func__, length, counted_lsas);
2735 return MSG_NG;
2736 }
2737 /* save on ntohs() calls here and in the LSA validator */
2738 lsalen = ntohs(lsah->length);
2739 if (lsalen < OSPF_LSA_HEADER_SIZE) {
2740 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2741 zlog_debug(
2742 "%s: malformed LSA header #%u, declared length is %u B",
2743 __func__, counted_lsas, lsalen);
2744 return MSG_NG;
2745 }
2746 if (headeronly) {
2747 /* less checks here and in ospf_lsa_examin() */
2748 if (MSG_OK != ospf_lsa_examin(lsah, lsalen, 1)) {
2749 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2750 zlog_debug(
2751 "%s: malformed header-only LSA #%u",
2752 __func__, counted_lsas);
2753 return MSG_NG;
2754 }
2755 lsah = (struct lsa_header *)((caddr_t)lsah
2756 + OSPF_LSA_HEADER_SIZE);
2757 length -= OSPF_LSA_HEADER_SIZE;
2758 } else {
2759 /* make sure the input buffer is deep enough before
2760 * further checks */
2761 if (lsalen > length) {
2762 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2763 zlog_debug(
2764 "%s: anomaly in LSA #%u: declared length is %u B, buffered length is %zu B",
2765 __func__, counted_lsas, lsalen,
2766 length);
2767 return MSG_NG;
2768 }
2769 if (MSG_OK != ospf_lsa_examin(lsah, lsalen, 0)) {
2770 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2771 zlog_debug("%s: malformed LSA #%u",
2772 __func__, counted_lsas);
2773 return MSG_NG;
2774 }
2775 lsah = (struct lsa_header *)((caddr_t)lsah + lsalen);
2776 length -= lsalen;
2777 }
2778 counted_lsas++;
2779 }
2780
2781 if (declared_num_lsas && counted_lsas != declared_num_lsas) {
2782 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2783 zlog_debug(
2784 "%s: #LSAs declared (%u) does not match actual (%u)",
2785 __func__, declared_num_lsas, counted_lsas);
2786 return MSG_NG;
2787 }
2788 return MSG_OK;
4e31de79
DO		 2789}
2790
75c8eabb 2791/* Verify a complete OSPF packet for proper sizing/alignment. */
d62a17ae 2792static unsigned ospf_packet_examin(struct ospf_header *oh,
2793 const unsigned bytesonwire)
2794{
d7c0a89a 2795 uint16_t bytesdeclared, bytesauth;
d62a17ae 2796 unsigned ret;
2797 struct ospf_ls_update *lsupd;
2798
2799 /* Length, 1st approximation. */
2800 if (bytesonwire < OSPF_HEADER_SIZE) {
2801 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2802 zlog_debug("%s: undersized (%u B) packet", __func__,
2803 bytesonwire);
2804 return MSG_NG;
2805 }
2806 /* Now it is safe to access header fields. Performing length check,
2807 * allow
2808 * for possible extra bytes of crypto auth/padding, which are not
2809 * counted
2810 * in the OSPF header "length" field. */
2811 if (oh->version != OSPF_VERSION) {
2812 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2813 zlog_debug("%s: invalid (%u) protocol version",
2814 __func__, oh->version);
2815 return MSG_NG;
2816 }
2817 bytesdeclared = ntohs(oh->length);
2818 if (ntohs(oh->auth_type) != OSPF_AUTH_CRYPTOGRAPHIC)
2819 bytesauth = 0;
2820 else {
2821 if (oh->u.crypt.auth_data_len != OSPF_AUTH_MD5_SIZE) {
2822 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2823 zlog_debug(
2824 "%s: unsupported crypto auth length (%u B)",
2825 __func__, oh->u.crypt.auth_data_len);
2826 return MSG_NG;
2827 }
2828 bytesauth = OSPF_AUTH_MD5_SIZE;
2829 }
2830 if (bytesdeclared + bytesauth > bytesonwire) {
2831 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2832 zlog_debug(
2833 "%s: packet length error (%u real, %u+%u declared)",
2834 __func__, bytesonwire, bytesdeclared,
2835 bytesauth);
2836 return MSG_NG;
2837 }
2838 /* Length, 2nd approximation. The type-specific constraint is checked
2839 against declared length, not amount of bytes on wire. */
2840 if (oh->type >= OSPF_MSG_HELLO && oh->type <= OSPF_MSG_LS_ACK
2841 && bytesdeclared
2842 < OSPF_HEADER_SIZE + ospf_packet_minlen[oh->type]) {
2843 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2844 zlog_debug("%s: undersized (%u B) %s packet", __func__,
2845 bytesdeclared,
2846 lookup_msg(ospf_packet_type_str, oh->type,
2847 NULL));
2848 return MSG_NG;
2849 }
2850 switch (oh->type) {
2851 case OSPF_MSG_HELLO:
2852 /* RFC2328 A.3.2, packet header + OSPF_HELLO_MIN_SIZE bytes
2853 followed
2854 by N>=0 router-IDs. */
2855 ret = (bytesdeclared - OSPF_HEADER_SIZE - OSPF_HELLO_MIN_SIZE)
2856 % 4
2857 ? MSG_NG
2858 : MSG_OK;
2859 break;
2860 case OSPF_MSG_DB_DESC:
2861 /* RFC2328 A.3.3, packet header + OSPF_DB_DESC_MIN_SIZE bytes
2862 followed
2863 by N>=0 header-only LSAs. */
2864 ret = ospf_lsaseq_examin(
2865 (struct lsa_header *)((caddr_t)oh + OSPF_HEADER_SIZE
2866 + OSPF_DB_DESC_MIN_SIZE),
2867 bytesdeclared - OSPF_HEADER_SIZE
2868 - OSPF_DB_DESC_MIN_SIZE,
2869 1, /* header-only LSAs */
2870 0);
2871 break;
2872 case OSPF_MSG_LS_REQ:
2873 /* RFC2328 A.3.4, packet header followed by N>=0 12-bytes
2874 * request blocks. */
2875 ret = (bytesdeclared - OSPF_HEADER_SIZE - OSPF_LS_REQ_MIN_SIZE)
2876 % OSPF_LSA_KEY_SIZE
2877 ? MSG_NG
2878 : MSG_OK;
2879 break;
2880 case OSPF_MSG_LS_UPD:
2881 /* RFC2328 A.3.5, packet header + OSPF_LS_UPD_MIN_SIZE bytes
2882 followed
2883 by N>=0 full LSAs (with N declared beforehand). */
2884 lsupd = (struct ospf_ls_update *)((caddr_t)oh
2885 + OSPF_HEADER_SIZE);
2886 ret = ospf_lsaseq_examin(
2887 (struct lsa_header *)((caddr_t)lsupd
2888 + OSPF_LS_UPD_MIN_SIZE),
2889 bytesdeclared - OSPF_HEADER_SIZE - OSPF_LS_UPD_MIN_SIZE,
2890 0, /* full LSAs */
2891 ntohl(lsupd->num_lsas) /* 32 bits */
9d303b37 2892 );
d62a17ae 2893 break;
2894 case OSPF_MSG_LS_ACK:
2895 /* RFC2328 A.3.6, packet header followed by N>=0 header-only
2896 * LSAs. */
2897 ret = ospf_lsaseq_examin(
2898 (struct lsa_header *)((caddr_t)oh + OSPF_HEADER_SIZE
2899 + OSPF_LS_ACK_MIN_SIZE),
2900 bytesdeclared - OSPF_HEADER_SIZE - OSPF_LS_ACK_MIN_SIZE,
2901 1, /* header-only LSAs */
2902 0);
2903 break;
2904 default:
2905 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2906 zlog_debug("%s: invalid packet type 0x%02x", __func__,
2907 oh->type);
2908 return MSG_NG;
2909 }
2910 if (ret != MSG_OK && IS_DEBUG_OSPF_PACKET(0, RECV))
2911 zlog_debug("%s: malformed %s packet", __func__,
2912 lookup_msg(ospf_packet_type_str, oh->type, NULL));
2913 return ret;
75c8eabb
DO		 2914}
2915
718e3744 2916/* OSPF Header verification. */
d62a17ae 2917static int ospf_verify_header(struct stream *ibuf, struct ospf_interface *oi,
2918 struct ip *iph, struct ospf_header *ospfh)
2919{
2920 /* Check Area ID. */
2921 if (!ospf_check_area_id(oi, ospfh)) {
cf444bcf 2922 flog_warn(EC_OSPF_PACKET,
96b663a3
MS		 2923 "interface %s: ospf_read invalid Area ID %pI4",
2924 IF_NAME(oi), &ospfh->area_id);
d62a17ae 2925 return -1;
2926 }
718e3744 2927
d62a17ae 2928 /* Check network mask, Silently discarded. */
2929 if (!ospf_check_network_mask(oi, iph->ip_src)) {
c9cc11f6 2930 flog_warn(
cf444bcf 2931 EC_OSPF_PACKET,
96b663a3
MS		 2932 "interface %s: ospf_read network address is not same [%pI4]",
2933 IF_NAME(oi), &iph->ip_src);
d62a17ae 2934 return -1;
2935 }
718e3744 2936
d62a17ae 2937 /* Check authentication. The function handles logging actions, where
2938 * required. */
2939 if (!ospf_check_auth(oi, ospfh))
2940 return -1;
718e3744 2941
d62a17ae 2942 return 0;
718e3744 2943}
2944
02637513
DS		 2945enum ospf_read_return_enum {
2946 OSPF_READ_ERROR,
2947 OSPF_READ_CONTINUE,
2948};
2949
2950static enum ospf_read_return_enum ospf_read_helper(struct ospf *ospf)
d62a17ae 2951{
2952 int ret;
2953 struct stream *ibuf;
d62a17ae 2954 struct ospf_interface *oi;
2955 struct ip *iph;
2956 struct ospf_header *ospfh;
d7c0a89a 2957 uint16_t length;
d62a17ae 2958 struct connected *c;
02637513 2959 struct interface *ifp = NULL;
d62a17ae 2960
02637513
DS		 2961 stream_reset(ospf->ibuf);
2962 ibuf = ospf_recv_packet(ospf, ospf->fd, &ifp, ospf->ibuf);
2963 if (ibuf == NULL)
2964 return OSPF_READ_ERROR;
d62a17ae 2965
02637513
DS		 2966 /*
2967 * This raw packet is known to be at least as big as its
2968 * IP header. Note that there should not be alignment problems with
2969 * this assignment because this is at the beginning of the
2970 * stream data buffer.
2971 */
2972 iph = (struct ip *)STREAM_DATA(ibuf);
2973 /*
2974 * Note that sockopt_iphdrincl_swab_systoh was called in
2975 * ospf_recv_packet.
2976 */
2977 if (ifp == NULL) {
4392cc43 2978 /*
02637513
DS		 2979 * Handle cases where the platform does not support
2980 * retrieving the ifindex, and also platforms (such as
2981 * Solaris 8) that claim to support ifindex retrieval but do
2982 * not.
4392cc43 2983 */
02637513
DS		 2984 c = if_lookup_address((void *)&iph->ip_src, AF_INET,
2985 ospf->vrf_id);
2986 if (c)
2987 ifp = c->ifp;
868a0861 2988 if (ifp == NULL) {
02637513 2989 if (IS_DEBUG_OSPF_PACKET(0, RECV))
4392cc43 2990 zlog_debug(
96b663a3
MS		 2991 "%s: Unable to determine incoming interface from: %pI4(%s)",
2992 __func__, &iph->ip_src,
02637513
DS		 2993 ospf_get_name(ospf));
2994 return OSPF_READ_CONTINUE;
d62a17ae 2995 }
02637513 2996 }
d62a17ae 2997
555691e9
DS		 2998 if (ospf->vrf_id == VRF_DEFAULT && ospf->vrf_id != ifp->vrf_id) {
2999 /*
3000 * We may have a situation where l3mdev_accept == 1
3001 * let's just kindly drop the packet and move on.
3002 * ospf really really really does not like when
3003 * we receive the same packet multiple times.
3004 */
3005 return OSPF_READ_CONTINUE;
3006 }
3007
02637513
DS		 3008 /* Self-originated packet should be discarded silently. */
3009 if (ospf_if_lookup_by_local_addr(ospf, NULL, iph->ip_src)) {
3010 if (IS_DEBUG_OSPF_PACKET(0, RECV)) {
3011 zlog_debug(
96b663a3
MS		 3012 "ospf_read[%pI4]: Dropping self-originated packet",
3013 &iph->ip_src);
02637513
DS		 3014 }
3015 return OSPF_READ_CONTINUE;
3016 }
d62a17ae 3017
01e3c376
QY		 3018 /* Check that we have enough for an IP header */
3019 if ((unsigned int)(iph->ip_hl << 2) >= STREAM_READABLE(ibuf)) {
3020 if ((unsigned int)(iph->ip_hl << 2) == STREAM_READABLE(ibuf)) {
3021 flog_warn(
3022 EC_OSPF_PACKET,
3023 "Rx'd IP packet with OSPF protocol number but no payload");
3024 } else {
3025 flog_warn(
3026 EC_OSPF_PACKET,
3027 "IP header length field claims header is %u bytes, but we only have %zu",
3028 (unsigned int)(iph->ip_hl << 2),
3029 STREAM_READABLE(ibuf));
3030 }
3031
3032 return OSPF_READ_ERROR;
3033 }
3034 stream_forward_getp(ibuf, iph->ip_hl << 2);
d62a17ae 3035
02637513
DS		 3036 ospfh = (struct ospf_header *)stream_pnt(ibuf);
3037 if (MSG_OK
3038 != ospf_packet_examin(ospfh, stream_get_endp(ibuf)
3039 - stream_get_getp(ibuf)))
3040 return OSPF_READ_CONTINUE;
3041 /* Now it is safe to access all fields of OSPF packet header. */
4392cc43 3042
02637513
DS		 3043 /* associate packet with ospf interface */
3044 oi = ospf_if_lookup_recv_if(ospf, iph->ip_src, ifp);
4392cc43 3045
02637513
DS		 3046 /*
3047 * ospf_verify_header() relies on a valid "oi" and thus can be called
3048 * only after the passive/backbone/other checks below are passed.
3049 * These checks in turn access the fields of unverified "ospfh"
3050 * structure for their own purposes and must remain very accurate
3051 * in doing this.
3052 */
4392cc43 3053
02637513
DS		 3054 /* If incoming interface is passive one, ignore it. */
3055 if (oi && OSPF_IF_PASSIVE_STATUS(oi) == OSPF_IF_PASSIVE) {
02637513
DS		 3056 if (IS_DEBUG_OSPF_EVENT)
3057 zlog_debug(
c067e23e
DS		 3058 "ignoring packet from router %pI4 sent to %pI4, received on a passive interface, %pI4",
3059 &ospfh->router_id, &iph->ip_dst,
3060 &oi->address->u.prefix4);
d62a17ae 3061
02637513
DS		 3062 if (iph->ip_dst.s_addr == htonl(OSPF_ALLSPFROUTERS)) {
3063 /* Try to fix multicast membership.
3064 * Some OS:es may have problems in this area,
3065 * make sure it is removed.
3066 */
3067 OI_MEMBER_JOINED(oi, MEMBER_ALLROUTERS);
d62a17ae 3068 ospf_if_set_multicast(oi);
3069 }
02637513
DS		 3070 return OSPF_READ_CONTINUE;
3071 }
d62a17ae 3072
02637513
DS		 3073
3074 /* if no local ospf_interface,
3075 * or header area is backbone but ospf_interface is not
3076 * check for VLINK interface
3077 */
3078 if ((oi == NULL)
3079 || (OSPF_IS_AREA_ID_BACKBONE(ospfh->area_id)
3080 && !OSPF_IS_AREA_ID_BACKBONE(oi->area->area_id))) {
3081 if ((oi = ospf_associate_packet_vl(ospf, ifp, iph, ospfh))
3082 == NULL) {
3083 if (!ospf->instance && IS_DEBUG_OSPF_EVENT)
d62a17ae 3084 zlog_debug(
96b663a3
MS		 3085 "Packet from [%pI4] received on link %s but no ospf_interface",
3086 &iph->ip_src, ifp->name);
02637513 3087 return OSPF_READ_CONTINUE;
d62a17ae 3088 }
02637513 3089 }
d62a17ae 3090
02637513
DS		 3091 /*
3092 * else it must be a local ospf interface, check it was
3093 * received on correct link
3094 */
3095 else if (oi->ifp != ifp) {
3096 if (IS_DEBUG_OSPF_EVENT)
3097 flog_warn(EC_OSPF_PACKET,
96b663a3
MS		 3098 "Packet from [%pI4] received on wrong link %s",
3099 &iph->ip_src, ifp->name);
02637513
DS		 3100 return OSPF_READ_CONTINUE;
3101 } else if (oi->state == ISM_Down) {
02637513
DS		 3102 flog_warn(
3103 EC_OSPF_PACKET,
c067e23e
DS		 3104 "Ignoring packet from %pI4 to %pI4 received on interface that is down [%s]; interface flags are %s",
3105 &iph->ip_src, &iph->ip_dst, ifp->name,
3106 if_flag_dump(ifp->flags));
02637513
DS		 3107 /* Fix multicast memberships? */
3108 if (iph->ip_dst.s_addr == htonl(OSPF_ALLSPFROUTERS))
3109 OI_MEMBER_JOINED(oi, MEMBER_ALLROUTERS);
3110 else if (iph->ip_dst.s_addr == htonl(OSPF_ALLDROUTERS))
3111 OI_MEMBER_JOINED(oi, MEMBER_DROUTERS);
3112 if (oi->multicast_memberships)
3113 ospf_if_set_multicast(oi);
3114 return OSPF_READ_CONTINUE;
3115 }
d62a17ae 3116
02637513
DS		 3117 /*
3118 * If the received packet is destined for AllDRouters, the
3119 * packet should be accepted only if the received ospf
3120 * interface state is either DR or Backup -- endo.
3121 *
3122 * I wonder who endo is?
3123 */
3124 if (iph->ip_dst.s_addr == htonl(OSPF_ALLDROUTERS)
3125 && (oi->state != ISM_DR && oi->state != ISM_Backup)) {
3126 flog_warn(
3127 EC_OSPF_PACKET,
96b663a3
MS		 3128 "Dropping packet for AllDRouters from [%pI4] via [%s] (ISM: %s)",
3129 &iph->ip_src, IF_NAME(oi),
02637513
DS		 3130 lookup_msg(ospf_ism_state_msg, oi->state, NULL));
3131 /* Try to fix multicast membership. */
3132 SET_FLAG(oi->multicast_memberships, MEMBER_DROUTERS);
3133 ospf_if_set_multicast(oi);
3134 return OSPF_READ_CONTINUE;
3135 }
3136
3137 /* Verify more OSPF header fields. */
3138 ret = ospf_verify_header(ibuf, oi, iph, ospfh);
3139 if (ret < 0) {
3140 if (IS_DEBUG_OSPF_PACKET(0, RECV))
3141 zlog_debug(
96b663a3
MS		 3142 "ospf_read[%pI4]: Header check failed, dropping.",
3143 &iph->ip_src);
02637513
DS		 3144 return OSPF_READ_CONTINUE;
3145 }
3146
3147 /* Show debug receiving packet. */
3148 if (IS_DEBUG_OSPF_PACKET(ospfh->type - 1, RECV)) {
3149 if (IS_DEBUG_OSPF_PACKET(ospfh->type - 1, DETAIL)) {
3150 zlog_debug(
3151 "-----------------------------------------------------");
3152 ospf_packet_dump(ibuf);
d62a17ae 3153 }
3154
96b663a3 3155 zlog_debug("%s received from [%pI4] via [%s]",
02637513 3156 lookup_msg(ospf_packet_type_str, ospfh->type, NULL),
96b663a3
MS		 3157 &ospfh->router_id, IF_NAME(oi));
3158 zlog_debug(" src [%pI4],", &iph->ip_src);
3159 zlog_debug(" dst [%pI4]", &iph->ip_dst);
d62a17ae 3160
02637513
DS		 3161 if (IS_DEBUG_OSPF_PACKET(ospfh->type - 1, DETAIL))
3162 zlog_debug(
3163 "-----------------------------------------------------");
3164 }
d62a17ae 3165
02637513
DS		 3166 stream_forward_getp(ibuf, OSPF_HEADER_SIZE);
3167
3168 /* Adjust size to message length. */
3169 length = ntohs(ospfh->length) - OSPF_HEADER_SIZE;
3170
3171 /* Read rest of the packet and call each sort of packet routine.
3172 */
3173 switch (ospfh->type) {
3174 case OSPF_MSG_HELLO:
3175 ospf_hello(iph, ospfh, ibuf, oi, length);
3176 break;
3177 case OSPF_MSG_DB_DESC:
3178 ospf_db_desc(iph, ospfh, ibuf, oi, length);
3179 break;
3180 case OSPF_MSG_LS_REQ:
3181 ospf_ls_req(iph, ospfh, ibuf, oi, length);
3182 break;
3183 case OSPF_MSG_LS_UPD:
3184 ospf_ls_upd(ospf, iph, ospfh, ibuf, oi, length);
3185 break;
3186 case OSPF_MSG_LS_ACK:
3187 ospf_ls_ack(iph, ospfh, ibuf, oi, length);
3188 break;
3189 default:
3190 flog_warn(
3191 EC_OSPF_PACKET,
3192 "interface %s(%s): OSPF packet header type %d is illegal",
3193 IF_NAME(oi), ospf_get_name(ospf), ospfh->type);
3194 break;
3195 }
3196
3197 return OSPF_READ_CONTINUE;
3198}
3199
3200/* Starting point of packet process function. */
3201int ospf_read(struct thread *thread)
3202{
3203 struct ospf *ospf;
3204 int32_t count = 0;
3205 enum ospf_read_return_enum ret;
3206
3207 /* first of all get interface pointer. */
3208 ospf = THREAD_ARG(thread);
3209
3210 /* prepare for next packet. */
3211 thread_add_read(master, ospf_read, ospf, ospf->fd, &ospf->t_read);
3212
3213 while (count < ospf->write_oi_count) {
3214 count++;
3215 ret = ospf_read_helper(ospf);
3216 switch (ret) {
3217 case OSPF_READ_ERROR:
3218 return -1;
02637513 3219 case OSPF_READ_CONTINUE:
4392cc43
DS		 3220 break;
3221 }
d62a17ae 3222 }
3223
b10ce841 3224 return 0;
718e3744 3225}
3226
3227/* Make OSPF header. */
d62a17ae 3228static void ospf_make_header(int type, struct ospf_interface *oi,
3229 struct stream *s)
718e3744 3230{
d62a17ae 3231 struct ospf_header *ospfh;
718e3744 3232
d62a17ae 3233 ospfh = (struct ospf_header *)STREAM_DATA(s);
718e3744 3234
d7c0a89a
QY		 3235 ospfh->version = (uint8_t)OSPF_VERSION;
3236 ospfh->type = (uint8_t)type;
718e3744 3237
d62a17ae 3238 ospfh->router_id = oi->ospf->router_id;
718e3744 3239
d62a17ae 3240 ospfh->checksum = 0;
3241 ospfh->area_id = oi->area->area_id;
3242 ospfh->auth_type = htons(ospf_auth_type(oi));
718e3744 3243
d62a17ae 3244 memset(ospfh->u.auth_data, 0, OSPF_AUTH_SIMPLE_SIZE);
718e3744 3245
d62a17ae 3246 stream_forward_endp(s, OSPF_HEADER_SIZE);
718e3744 3247}
3248
3249/* Make Authentication Data. */
d62a17ae 3250static int ospf_make_auth(struct ospf_interface *oi, struct ospf_header *ospfh)
3251{
3252 struct crypt_key *ck;
3253
3254 switch (ospf_auth_type(oi)) {
3255 case OSPF_AUTH_NULL:
0d6f7fd6 3256 /* memset (ospfh->u.auth_data, 0, sizeof(ospfh->u.auth_data));
d62a17ae 3257 */
3258 break;
3259 case OSPF_AUTH_SIMPLE:
3260 memcpy(ospfh->u.auth_data, OSPF_IF_PARAM(oi, auth_simple),
3261 OSPF_AUTH_SIMPLE_SIZE);
3262 break;
3263 case OSPF_AUTH_CRYPTOGRAPHIC:
3264 /* If key is not set, then set 0. */
3265 if (list_isempty(OSPF_IF_PARAM(oi, auth_crypt))) {
3266 ospfh->u.crypt.zero = 0;
3267 ospfh->u.crypt.key_id = 0;
3268 ospfh->u.crypt.auth_data_len = OSPF_AUTH_MD5_SIZE;
3269 } else {
3270 ck = listgetdata(
3271 listtail(OSPF_IF_PARAM(oi, auth_crypt)));
3272 ospfh->u.crypt.zero = 0;
3273 ospfh->u.crypt.key_id = ck->key_id;
3274 ospfh->u.crypt.auth_data_len = OSPF_AUTH_MD5_SIZE;
3275 }
3276 /* note: the seq is done in ospf_make_md5_digest() */
3277 break;
3278 default:
0d6f7fd6 3279 /* memset (ospfh->u.auth_data, 0, sizeof(ospfh->u.auth_data));
d62a17ae 3280 */
3281 break;
718e3744 3282 }
718e3744 3283
d62a17ae 3284 return 0;
718e3744 3285}
3286
3287/* Fill rest of OSPF header. */
d62a17ae 3288static void ospf_fill_header(struct ospf_interface *oi, struct stream *s,
d7c0a89a 3289 uint16_t length)
d62a17ae 3290{
3291 struct ospf_header *ospfh;
3292
3293 ospfh = (struct ospf_header *)STREAM_DATA(s);
3294
3295 /* Fill length. */
3296 ospfh->length = htons(length);
3297
3298 /* Calculate checksum. */
3299 if (ntohs(ospfh->auth_type) != OSPF_AUTH_CRYPTOGRAPHIC)
3300 ospfh->checksum = in_cksum(ospfh, length);
3301 else
3302 ospfh->checksum = 0;
3303
3304 /* Add Authentication Data. */
3305 ospf_make_auth(oi, ospfh);
3306}
3307
3308static int ospf_make_hello(struct ospf_interface *oi, struct stream *s)
3309{
3310 struct ospf_neighbor *nbr;
3311 struct route_node *rn;
d7c0a89a 3312 uint16_t length = OSPF_HELLO_MIN_SIZE;
d62a17ae 3313 struct in_addr mask;
3314 unsigned long p;
3315 int flag = 0;
3316
3317 /* Set netmask of interface. */
3318 if (!(CHECK_FLAG(oi->connected->flags, ZEBRA_IFA_UNNUMBERED)
3319 && oi->type == OSPF_IFTYPE_POINTOPOINT)
3320 && oi->type != OSPF_IFTYPE_VIRTUALLINK)
3321 masklen2ip(oi->address->prefixlen, &mask);
3322 else
3323 memset((char *)&mask, 0, sizeof(struct in_addr));
3324 stream_put_ipv4(s, mask.s_addr);
3325
3326 /* Set Hello Interval. */
3327 if (OSPF_IF_PARAM(oi, fast_hello) == 0)
3328 stream_putw(s, OSPF_IF_PARAM(oi, v_hello));
3329 else
3330 stream_putw(s, 0); /* hello-interval of 0 for fast-hellos */
3331
3332 if (IS_DEBUG_OSPF_EVENT)
3333 zlog_debug("make_hello: options: %x, int: %s", OPTIONS(oi),
3334 IF_NAME(oi));
3335
3336 /* Set Options. */
3337 stream_putc(s, OPTIONS(oi));
3338
3339 /* Set Router Priority. */
3340 stream_putc(s, PRIORITY(oi));
3341
3342 /* Set Router Dead Interval. */
3343 stream_putl(s, OSPF_IF_PARAM(oi, v_wait));
3344
3345 /* Set Designated Router. */
3346 stream_put_ipv4(s, DR(oi).s_addr);
3347
3348 p = stream_get_endp(s);
3349
3350 /* Set Backup Designated Router. */
3351 stream_put_ipv4(s, BDR(oi).s_addr);
3352
3353 /* Add neighbor seen. */
3354 for (rn = route_top(oi->nbrs); rn; rn = route_next(rn))
3355 if ((nbr = rn->info))
3356 if (nbr->router_id.s_addr
975a328e 3357 != INADDR_ANY) /* Ignore 0.0.0.0 node. */
d62a17ae 3358 if (nbr->state
3359 != NSM_Attempt) /* Ignore Down neighbor. */
3360 if (nbr->state
3361 != NSM_Down) /* This is myself for
3362 DR election. */
3363 if (!IPV4_ADDR_SAME(
3364 &nbr->router_id,
3365 &oi->ospf->router_id)) {
3366 /* Check neighbor is
3367 * sane? */
3368 if (nbr->d_router.s_addr
975a328e 3369 != INADDR_ANY
d62a17ae 3370 && IPV4_ADDR_SAME(
975a328e
DA		 3371 &nbr->d_router,
3372 &oi->address
3373 ->u
3374 .prefix4)
d62a17ae 3375 && IPV4_ADDR_SAME(
975a328e
DA		 3376 &nbr->bd_router,
3377 &oi->address
3378 ->u
3379 .prefix4))
d62a17ae 3380 flag = 1;
3381
9b18d58e
NS		 3382 /* Hello packet overflows interface MTU. */
3383 if (length + sizeof(uint32_t)
3384 > ospf_packet_max(oi)) {
3385 flog_err(
3386 EC_OSPF_LARGE_HELLO,
c531be7c 3387 "Oversized Hello packet! Larger than MTU. Not sending it out");
9b18d58e
NS		 3388 return 0;
3389 }
3390
d62a17ae 3391 stream_put_ipv4(
3392 s,
3393 nbr->router_id
3394 .s_addr);
3395 length += 4;
3396 }
3397
3398 /* Let neighbor generate BackupSeen. */
3399 if (flag == 1)
3400 stream_putl_at(s, p, 0); /* ipv4 address, normally */
3401
3402 return length;
3403}
3404
3405static int ospf_make_db_desc(struct ospf_interface *oi,
3406 struct ospf_neighbor *nbr, struct stream *s)
3407{
3408 struct ospf_lsa *lsa;
d7c0a89a
QY		 3409 uint16_t length = OSPF_DB_DESC_MIN_SIZE;
3410 uint8_t options;
d62a17ae 3411 unsigned long pp;
3412 int i;
3413 struct ospf_lsdb *lsdb;
3414
3415 /* Set Interface MTU. */
3416 if (oi->type == OSPF_IFTYPE_VIRTUALLINK)
3417 stream_putw(s, 0);
3418 else
3419 stream_putw(s, oi->ifp->mtu);
3420
3421 /* Set Options. */
3422 options = OPTIONS(oi);
3423 if (CHECK_FLAG(oi->ospf->config, OSPF_OPAQUE_CAPABLE))
3424 SET_FLAG(options, OSPF_OPTION_O);
3425 stream_putc(s, options);
3426
3427 /* DD flags */
3428 pp = stream_get_endp(s);
3429 stream_putc(s, nbr->dd_flags);
3430
3431 /* Set DD Sequence Number. */
3432 stream_putl(s, nbr->dd_seqnum);
3433
3434 /* shortcut unneeded walk of (empty) summary LSDBs */
3435 if (ospf_db_summary_isempty(nbr))
3436 goto empty;
3437
3438 /* Describe LSA Header from Database Summary List. */
3439 lsdb = &nbr->db_sum;
3440
3441 for (i = OSPF_MIN_LSA; i < OSPF_MAX_LSA; i++) {
3442 struct route_table *table = lsdb->type[i].db;
3443 struct route_node *rn;
3444
3445 for (rn = route_top(table); rn; rn = route_next(rn))
3446 if ((lsa = rn->info) != NULL) {
3447 if (IS_OPAQUE_LSA(lsa->data->type)
3448 && (!CHECK_FLAG(options, OSPF_OPTION_O))) {
3449 /* Suppress advertising
0437e105 3450 * opaque-information. */
d62a17ae 3451 /* Remove LSA from DB summary list. */
3452 ospf_lsdb_delete(lsdb, lsa);
3453 continue;
3454 }
3455
3456 if (!CHECK_FLAG(lsa->flags, OSPF_LSA_DISCARD)) {
3457 struct lsa_header *lsah;
d7c0a89a 3458 uint16_t ls_age;
d62a17ae 3459
3460 /* DD packet overflows interface MTU. */
3461 if (length + OSPF_LSA_HEADER_SIZE
3462 > ospf_packet_max(oi))
3463 break;
3464
3465 /* Keep pointer to LS age. */
3466 lsah = (struct lsa_header
3467 *)(STREAM_DATA(s)
3468 + stream_get_endp(
3469 s));
3470
3471 /* Proceed stream pointer. */
3472 stream_put(s, lsa->data,
3473 OSPF_LSA_HEADER_SIZE);
3474 length += OSPF_LSA_HEADER_SIZE;
3475
3476 /* Set LS age. */
3477 ls_age = LS_AGE(lsa);
3478 lsah->ls_age = htons(ls_age);
3479 }
3480
3481 /* Remove LSA from DB summary list. */
3482 ospf_lsdb_delete(lsdb, lsa);
3483 }
3484 }
718e3744 3485
d62a17ae 3486 /* Update 'More' bit */
3487 if (ospf_db_summary_isempty(nbr)) {
3488 empty:
3489 if (nbr->state >= NSM_Exchange) {
3490 UNSET_FLAG(nbr->dd_flags, OSPF_DD_FLAG_M);
3491 /* Rewrite DD flags */
3492 stream_putc_at(s, pp, nbr->dd_flags);
3493 } else {
3494 assert(IS_SET_DD_M(nbr->dd_flags));
3495 }
3496 }
3497 return length;
3498}
86f1fd96 3499
d7c0a89a 3500static int ospf_make_ls_req_func(struct stream *s, uint16_t *length,
d62a17ae 3501 unsigned long delta, struct ospf_neighbor *nbr,
3502 struct ospf_lsa *lsa)
3503{
3504 struct ospf_interface *oi;
718e3744 3505
d62a17ae 3506 oi = nbr->oi;
718e3744 3507
9570f737
S		 3508 /* LS Request packet overflows interface MTU
3509 * delta is just number of bytes required for 1 LS Req
3510 * ospf_packet_max will return the number of bytes can
3511 * be accomodated without ospf header. So length+delta
3512 * can be compared to ospf_packet_max
3513 * to check if it can fit another lsreq in the same packet.
3514 */
3515
d62a17ae 3516 if (*length + delta > ospf_packet_max(oi))
3517 return 0;
1eb8ef25 3518
d62a17ae 3519 stream_putl(s, lsa->data->type);
3520 stream_put_ipv4(s, lsa->data->id.s_addr);
3521 stream_put_ipv4(s, lsa->data->adv_router.s_addr);
718e3744 3522
d62a17ae 3523 ospf_lsa_unlock(&nbr->ls_req_last);
3524 nbr->ls_req_last = ospf_lsa_lock(lsa);
59ea14c6 3525
d62a17ae 3526 *length += 12;
3527 return 1;
3528}
718e3744 3529
d62a17ae 3530static int ospf_make_ls_req(struct ospf_neighbor *nbr, struct stream *s)
3531{
3532 struct ospf_lsa *lsa;
d7c0a89a 3533 uint16_t length = OSPF_LS_REQ_MIN_SIZE;
9570f737 3534 unsigned long delta = 12;
d62a17ae 3535 struct route_table *table;
3536 struct route_node *rn;
3537 int i;
3538 struct ospf_lsdb *lsdb;
718e3744 3539
d62a17ae 3540 lsdb = &nbr->ls_req;
718e3744 3541
d62a17ae 3542 for (i = OSPF_MIN_LSA; i < OSPF_MAX_LSA; i++) {
3543 table = lsdb->type[i].db;
3544 for (rn = route_top(table); rn; rn = route_next(rn))
3545 if ((lsa = (rn->info)) != NULL)
3546 if (ospf_make_ls_req_func(s, &length, delta,
3547 nbr, lsa)
3548 == 0) {
3549 route_unlock_node(rn);
3550 break;
3551 }
3552 }
3553 return length;
3554}
718e3744 3555
d62a17ae 3556static int ls_age_increment(struct ospf_lsa *lsa, int delay)
3557{
3558 int age;
718e3744 3559
d62a17ae 3560 age = IS_LSA_MAXAGE(lsa) ? OSPF_LSA_MAXAGE : LS_AGE(lsa) + delay;
718e3744 3561
d62a17ae 3562 return (age > OSPF_LSA_MAXAGE ? OSPF_LSA_MAXAGE : age);
718e3744 3563}
3564
d62a17ae 3565static int ospf_make_ls_upd(struct ospf_interface *oi, struct list *update,
3566 struct stream *s)
718e3744 3567{
d62a17ae 3568 struct ospf_lsa *lsa;
3569 struct listnode *node;
d7c0a89a 3570 uint16_t length = 0;
d62a17ae 3571 unsigned int size_noauth;
3572 unsigned long delta = stream_get_endp(s);
3573 unsigned long pp;
3574 int count = 0;
3575
3576 if (IS_DEBUG_OSPF_EVENT)
3577 zlog_debug("ospf_make_ls_upd: Start");
3578
3579 pp = stream_get_endp(s);
3580 stream_forward_endp(s, OSPF_LS_UPD_MIN_SIZE);
3581 length += OSPF_LS_UPD_MIN_SIZE;
3582
3583 /* Calculate amount of packet usable for data. */
3584 size_noauth = stream_get_size(s) - ospf_packet_authspace(oi);
3585
3586 while ((node = listhead(update)) != NULL) {
3587 struct lsa_header *lsah;
d7c0a89a 3588 uint16_t ls_age;
d62a17ae 3589
d62a17ae 3590 lsa = listgetdata(node);
d62a17ae 3591 assert(lsa->data);
3592
e9505bc6
RW		 3593 if (IS_DEBUG_OSPF_EVENT)
3594 zlog_debug("%s: List Iteration %d LSA[%s]", __func__,
3595 count, dump_lsa_key(lsa));
3596
9570f737
S		 3597 /* Will it fit? Minimum it has to fit atleast one */
3598 if ((length + delta + ntohs(lsa->data->length) > size_noauth) &&
3599 (count > 0))
d62a17ae 3600 break;
3601
3602 /* Keep pointer to LS age. */
3603 lsah = (struct lsa_header *)(STREAM_DATA(s)
3604 + stream_get_endp(s));
3605
3606 /* Put LSA to Link State Request. */
3607 stream_put(s, lsa->data, ntohs(lsa->data->length));
718e3744 3608
d62a17ae 3609 /* Set LS age. */
3610 /* each hop must increment an lsa_age by transmit_delay
3611 of OSPF interface */
3612 ls_age = ls_age_increment(lsa,
3613 OSPF_IF_PARAM(oi, transmit_delay));
3614 lsah->ls_age = htons(ls_age);
3615
3616 length += ntohs(lsa->data->length);
3617 count++;
3618
3619 list_delete_node(update, node);
3620 ospf_lsa_unlock(&lsa); /* oi->ls_upd_queue */
3621 }
3622
3623 /* Now set #LSAs. */
3624 stream_putl_at(s, pp, count);
3625
3626 if (IS_DEBUG_OSPF_EVENT)
3627 zlog_debug("ospf_make_ls_upd: Stop");
3628 return length;
718e3744 3629}
3630
d62a17ae 3631static int ospf_make_ls_ack(struct ospf_interface *oi, struct list *ack,
3632 struct stream *s)
718e3744 3633{
d62a17ae 3634 struct listnode *node, *nnode;
d7c0a89a 3635 uint16_t length = OSPF_LS_ACK_MIN_SIZE;
9570f737 3636 unsigned long delta = OSPF_LSA_HEADER_SIZE;
d62a17ae 3637 struct ospf_lsa *lsa;
718e3744 3638
d62a17ae 3639 for (ALL_LIST_ELEMENTS(ack, node, nnode, lsa)) {
3640 assert(lsa);
718e3744 3641
9570f737
S		 3642 /* LS Ack packet overflows interface MTU
3643 * delta is just number of bytes required for
3644 * 1 LS Ack(1 LS Hdr) ospf_packet_max will return
3645 * the number of bytes can be accomodated without
3646 * ospf header. So length+delta can be compared
3647 * against ospf_packet_max to check if it can fit
3648 * another ls header in the same packet.
3649 */
3650 if ((length + delta) > ospf_packet_max(oi))
d62a17ae 3651 break;
718e3744 3652
d62a17ae 3653 stream_put(s, lsa->data, OSPF_LSA_HEADER_SIZE);
3654 length += OSPF_LSA_HEADER_SIZE;
3655
3656 listnode_delete(ack, lsa);
3657 ospf_lsa_unlock(&lsa); /* oi->ls_ack_direct.ls_ack */
3658 }
3659
3660 return length;
3661}
3662
3663static void ospf_hello_send_sub(struct ospf_interface *oi, in_addr_t addr)
3664{
3665 struct ospf_packet *op;
d7c0a89a 3666 uint16_t length = OSPF_HEADER_SIZE;
718e3744 3667
d62a17ae 3668 op = ospf_packet_new(oi->ifp->mtu);
718e3744 3669
d62a17ae 3670 /* Prepare OSPF common header. */
3671 ospf_make_header(OSPF_MSG_HELLO, oi, op->s);
718e3744 3672
d62a17ae 3673 /* Prepare OSPF Hello body. */
3674 length += ospf_make_hello(oi, op->s);
9b18d58e
NS		 3675 if (length == OSPF_HEADER_SIZE) {
3676 /* Hello overshooting MTU */
3677 ospf_packet_free(op);
3678 return;
3679 }
718e3744 3680
d62a17ae 3681 /* Fill OSPF header. */
3682 ospf_fill_header(oi, op->s, length);
718e3744 3683
d62a17ae 3684 /* Set packet length. */
3685 op->length = length;
3686
3687 op->dst.s_addr = addr;
3688
b5a8894d
CS		 3689 if (IS_DEBUG_OSPF_EVENT) {
3690 if (oi->ospf->vrf_id)
996c9314
LB		 3691 zlog_debug(
3692 "%s: Hello Tx interface %s ospf vrf %s id %u",
15569c58 3693 __func__, oi->ifp->name,
996c9314
LB		 3694 ospf_vrf_id_to_name(oi->ospf->vrf_id),
3695 oi->ospf->vrf_id);
b5a8894d 3696 }
d62a17ae 3697 /* Add packet to the top of the interface output queue, so that they
3698 * can't get delayed by things like long queues of LS Update packets
3699 */
3700 ospf_packet_add_top(oi, op);
3701
3702 /* Hook thread to write packet. */
3703 OSPF_ISM_WRITE_ON(oi->ospf);
718e3744 3704}
3705
d62a17ae 3706static void ospf_poll_send(struct ospf_nbr_nbma *nbr_nbma)
718e3744 3707{
d62a17ae 3708 struct ospf_interface *oi;
718e3744 3709
d62a17ae 3710 oi = nbr_nbma->oi;
3711 assert(oi);
718e3744 3712
d62a17ae 3713 /* If this is passive interface, do not send OSPF Hello. */
3714 if (OSPF_IF_PASSIVE_STATUS(oi) == OSPF_IF_PASSIVE)
3715 return;
718e3744 3716
d62a17ae 3717 if (oi->type != OSPF_IFTYPE_NBMA)
3718 return;
718e3744 3719
d62a17ae 3720 if (nbr_nbma->nbr != NULL && nbr_nbma->nbr->state != NSM_Down)
3721 return;
718e3744 3722
d62a17ae 3723 if (PRIORITY(oi) == 0)
3724 return;
718e3744 3725
d62a17ae 3726 if (nbr_nbma->priority == 0 && oi->state != ISM_DR
3727 && oi->state != ISM_Backup)
3728 return;
718e3744 3729
d62a17ae 3730 ospf_hello_send_sub(oi, nbr_nbma->addr.s_addr);
718e3744 3731}
3732
d62a17ae 3733int ospf_poll_timer(struct thread *thread)
718e3744 3734{
d62a17ae 3735 struct ospf_nbr_nbma *nbr_nbma;
718e3744 3736
d62a17ae 3737 nbr_nbma = THREAD_ARG(thread);
3738 nbr_nbma->t_poll = NULL;
718e3744 3739
d62a17ae 3740 if (IS_DEBUG_OSPF(nsm, NSM_TIMERS))
96b663a3
MS		 3741 zlog_debug("NSM[%s:%pI4]: Timer (Poll timer expire)",
3742 IF_NAME(nbr_nbma->oi), &nbr_nbma->addr);
718e3744 3743
d62a17ae 3744 ospf_poll_send(nbr_nbma);
718e3744 3745
d62a17ae 3746 if (nbr_nbma->v_poll > 0)
3747 OSPF_POLL_TIMER_ON(nbr_nbma->t_poll, ospf_poll_timer,
3748 nbr_nbma->v_poll);
718e3744 3749
d62a17ae 3750 return 0;
718e3744 3751}
3752
3753
d62a17ae 3754int ospf_hello_reply_timer(struct thread *thread)
718e3744 3755{
d62a17ae 3756 struct ospf_neighbor *nbr;
718e3744 3757
d62a17ae 3758 nbr = THREAD_ARG(thread);
3759 nbr->t_hello_reply = NULL;
718e3744 3760
d62a17ae 3761 if (IS_DEBUG_OSPF(nsm, NSM_TIMERS))
96b663a3
MS		 3762 zlog_debug("NSM[%s:%pI4]: Timer (hello-reply timer expire)",
3763 IF_NAME(nbr->oi), &nbr->router_id);
718e3744 3764
d62a17ae 3765 ospf_hello_send_sub(nbr->oi, nbr->address.u.prefix4.s_addr);
718e3744 3766
d62a17ae 3767 return 0;
718e3744 3768}
3769
3770/* Send OSPF Hello. */
d62a17ae 3771void ospf_hello_send(struct ospf_interface *oi)
3772{
3773 /* If this is passive interface, do not send OSPF Hello. */
3774 if (OSPF_IF_PASSIVE_STATUS(oi) == OSPF_IF_PASSIVE)
3775 return;
3776
3777 if (oi->type == OSPF_IFTYPE_NBMA) {
3778 struct ospf_neighbor *nbr;
3779 struct route_node *rn;
3780
3781 for (rn = route_top(oi->nbrs); rn; rn = route_next(rn))
3782 if ((nbr = rn->info))
3783 if (nbr != oi->nbr_self)
3784 if (nbr->state != NSM_Down) {
3785 /* RFC 2328 Section 9.5.1
3786 If the router is not
3787 eligible to become Designated
3788 Router,
3789 it must periodically send
3790 Hello Packets to both the
3791 Designated Router and the
3792 Backup Designated Router (if
3793 they
3794 exist). */
3795 if (PRIORITY(oi) == 0
3796 && IPV4_ADDR_CMP(
3797 &DR(oi),
3798 &nbr->address.u
3799 .prefix4)
3800 && IPV4_ADDR_CMP(
3801 &BDR(oi),
3802 &nbr->address.u
3803 .prefix4))
3804 continue;
3805
3806 /* If the router is eligible to
3807 become Designated Router, it
3808 must periodically send Hello
3809 Packets to all neighbors that
3810 are also eligible. In
3811 addition, if the router is
3812 itself the
3813 Designated Router or Backup
3814 Designated Router, it must
3815 also
3816 send periodic Hello Packets
3817 to all other neighbors. */
3818
3819 if (nbr->priority == 0
3820 && oi->state == ISM_DROther)
3821 continue;
3822 /* if oi->state == Waiting, send
3823 * hello to all neighbors */
3824 ospf_hello_send_sub(
3825 oi,
3826 nbr->address.u.prefix4
3827 .s_addr);
3828 }
3829 } else {
3830 /* Decide destination address. */
3831 if (oi->type == OSPF_IFTYPE_VIRTUALLINK)
3832 ospf_hello_send_sub(oi, oi->vl_data->peer_addr.s_addr);
3833 else
3834 ospf_hello_send_sub(oi, htonl(OSPF_ALLSPFROUTERS));
3835 }
718e3744 3836}
3837
3838/* Send OSPF Database Description. */
d62a17ae 3839void ospf_db_desc_send(struct ospf_neighbor *nbr)
718e3744 3840{
d62a17ae 3841 struct ospf_interface *oi;
3842 struct ospf_packet *op;
d7c0a89a 3843 uint16_t length = OSPF_HEADER_SIZE;
718e3744 3844
d62a17ae 3845 oi = nbr->oi;
3846 op = ospf_packet_new(oi->ifp->mtu);
718e3744 3847
d62a17ae 3848 /* Prepare OSPF common header. */
3849 ospf_make_header(OSPF_MSG_DB_DESC, oi, op->s);
718e3744 3850
d62a17ae 3851 /* Prepare OSPF Database Description body. */
3852 length += ospf_make_db_desc(oi, nbr, op->s);
718e3744 3853
d62a17ae 3854 /* Fill OSPF header. */
3855 ospf_fill_header(oi, op->s, length);
718e3744 3856
d62a17ae 3857 /* Set packet length. */
3858 op->length = length;
718e3744 3859
d62a17ae 3860 /* Decide destination address. */
3861 if (oi->type == OSPF_IFTYPE_POINTOPOINT)
3862 op->dst.s_addr = htonl(OSPF_ALLSPFROUTERS);
3863 else
3864 op->dst = nbr->address.u.prefix4;
718e3744 3865
d62a17ae 3866 /* Add packet to the interface output queue. */
3867 ospf_packet_add(oi, op);
718e3744 3868
d62a17ae 3869 /* Hook thread to write packet. */
3870 OSPF_ISM_WRITE_ON(oi->ospf);
718e3744 3871
d62a17ae 3872 /* Remove old DD packet, then copy new one and keep in neighbor
3873 * structure. */
3874 if (nbr->last_send)
3875 ospf_packet_free(nbr->last_send);
3876 nbr->last_send = ospf_packet_dup(op);
3877 monotime(&nbr->last_send_ts);
e6a22aeb
SK		 3878 if (CHECK_FLAG(oi->ospf->config, OSPF_LOG_ADJACENCY_DETAIL))
3879 zlog_info(
96b663a3 3880 "%s:Packet[DD]: %pI4 DB Desc send with seqnum:%x , flags:%x",
44076f4d
RW		 3881 ospf_get_name(oi->ospf), &nbr->router_id,
3882 nbr->dd_seqnum, nbr->dd_flags);
718e3744 3883}
3884
3885/* Re-send Database Description. */
d62a17ae 3886void ospf_db_desc_resend(struct ospf_neighbor *nbr)
718e3744 3887{
d62a17ae 3888 struct ospf_interface *oi;
718e3744 3889
d62a17ae 3890 oi = nbr->oi;
718e3744 3891
d62a17ae 3892 /* Add packet to the interface output queue. */
3893 ospf_packet_add(oi, ospf_packet_dup(nbr->last_send));
718e3744 3894
d62a17ae 3895 /* Hook thread to write packet. */
3896 OSPF_ISM_WRITE_ON(oi->ospf);
e6a22aeb
SK		 3897 if (CHECK_FLAG(oi->ospf->config, OSPF_LOG_ADJACENCY_DETAIL))
3898 zlog_info(
96b663a3 3899 "%s:Packet[DD]: %pI4 DB Desc resend with seqnum:%x , flags:%x",
44076f4d
RW		 3900 ospf_get_name(oi->ospf), &nbr->router_id,
3901 nbr->dd_seqnum, nbr->dd_flags);
718e3744 3902}
3903
3904/* Send Link State Request. */
d62a17ae 3905void ospf_ls_req_send(struct ospf_neighbor *nbr)
718e3744 3906{
d62a17ae 3907 struct ospf_interface *oi;
3908 struct ospf_packet *op;
d7c0a89a 3909 uint16_t length = OSPF_HEADER_SIZE;
718e3744 3910
d62a17ae 3911 oi = nbr->oi;
3912 op = ospf_packet_new(oi->ifp->mtu);
718e3744 3913
d62a17ae 3914 /* Prepare OSPF common header. */
3915 ospf_make_header(OSPF_MSG_LS_REQ, oi, op->s);
718e3744 3916
d62a17ae 3917 /* Prepare OSPF Link State Request body. */
3918 length += ospf_make_ls_req(nbr, op->s);
3919 if (length == OSPF_HEADER_SIZE) {
3920 ospf_packet_free(op);
3921 return;
3922 }
718e3744 3923
d62a17ae 3924 /* Fill OSPF header. */
3925 ospf_fill_header(oi, op->s, length);
718e3744 3926
d62a17ae 3927 /* Set packet length. */
3928 op->length = length;
718e3744 3929
d62a17ae 3930 /* Decide destination address. */
3931 if (oi->type == OSPF_IFTYPE_POINTOPOINT)
3932 op->dst.s_addr = htonl(OSPF_ALLSPFROUTERS);
3933 else
3934 op->dst = nbr->address.u.prefix4;
718e3744 3935
d62a17ae 3936 /* Add packet to the interface output queue. */
3937 ospf_packet_add(oi, op);
718e3744 3938
d62a17ae 3939 /* Hook thread to write packet. */
3940 OSPF_ISM_WRITE_ON(oi->ospf);
718e3744 3941
d62a17ae 3942 /* Add Link State Request Retransmission Timer. */
3943 OSPF_NSM_TIMER_ON(nbr->t_ls_req, ospf_ls_req_timer, nbr->v_ls_req);
718e3744 3944}
3945
3946/* Send Link State Update with an LSA. */
d62a17ae 3947void ospf_ls_upd_send_lsa(struct ospf_neighbor *nbr, struct ospf_lsa *lsa,
3948 int flag)
718e3744 3949{
d62a17ae 3950 struct list *update;
718e3744 3951
d62a17ae 3952 update = list_new();
718e3744 3953
d62a17ae 3954 listnode_add(update, lsa);
046460a1
CS		 3955
3956 /*ospf instance is going down, send self originated
3957 * MAXAGE LSA update to neighbors to remove from LSDB */
3958 if (nbr->oi->ospf->inst_shutdown && IS_LSA_MAXAGE(lsa))
3959 ospf_ls_upd_send(nbr, update, flag, 1);
3960 else
3961 ospf_ls_upd_send(nbr, update, flag, 0);
718e3744 3962
6a154c88 3963 list_delete(&update);
718e3744 3964}
3965
68b7339a 3966/* Determine size for packet. Must be at least big enough to accomodate next
3967 * LSA on list, which may be bigger than MTU size.
3968 *
3969 * Return pointer to new ospf_packet
3970 * NULL if we can not allocate, eg because LSA is bigger than imposed limit
3971 * on packet sizes (in which case offending LSA is deleted from update list)
3972 */
d62a17ae 3973static struct ospf_packet *ospf_ls_upd_packet_new(struct list *update,
3974 struct ospf_interface *oi)
3975{
3976 struct ospf_lsa *lsa;
3977 struct listnode *ln;
3978 size_t size;
3979 static char warned = 0;
3980
3981 lsa = listgetdata((ln = listhead(update)));
3982 assert(lsa->data);
3983
3984 if ((OSPF_LS_UPD_MIN_SIZE + ntohs(lsa->data->length))
3985 > ospf_packet_max(oi)) {
3986 if (!warned) {
c9cc11f6 3987 flog_warn(
cf444bcf 3988 EC_OSPF_LARGE_LSA,
3efd0893 3989 "ospf_ls_upd_packet_new: oversized LSA encountered!will need to fragment. Not optimal. Try divide up your network with areas. Use 'debug ospf packet send' to see details, or look at 'show ip ospf database ..'");
d62a17ae 3990 warned = 1;
3991 }
3992
3993 if (IS_DEBUG_OSPF_PACKET(0, SEND))
3994 zlog_debug(
96b663a3
MS		 3995 "ospf_ls_upd_packet_new: oversized LSA id:%pI4, %d bytes originated by %pI4, will be fragmented!",
3996 &lsa->data->id,
d62a17ae 3997 ntohs(lsa->data->length),
96b663a3 3998 &lsa->data->adv_router);
d62a17ae 3999
4000 /*
4001 * Allocate just enough to fit this LSA only, to avoid including
4002 * other
4003 * LSAs in fragmented LSA Updates.
4004 */
4005 size = ntohs(lsa->data->length)
4006 + (oi->ifp->mtu - ospf_packet_max(oi))
4007 + OSPF_LS_UPD_MIN_SIZE;
4008 } else
4009 size = oi->ifp->mtu;
4010
4011 if (size > OSPF_MAX_PACKET_SIZE) {
cf444bcf 4012 flog_warn(EC_OSPF_LARGE_LSA,
96b663a3
MS		 4013 "ospf_ls_upd_packet_new: oversized LSA id:%pI4 too big, %d bytes, packet size %ld, dropping it completely. OSPF routing is broken!",
4014 &lsa->data->id, ntohs(lsa->data->length),
c9cc11f6 4015 (long int)size);
d62a17ae 4016 list_delete_node(update, ln);
4017 return NULL;
4018 }
718e3744 4019
d62a17ae 4020 /* IP header is built up separately by ospf_write(). This means, that we
4021 * must
4022 * reduce the "affordable" size just calculated by length of an IP
4023 * header.
4024 * This makes sure, that even if we manage to fill the payload with LSA
4025 * data
4026 * completely, the final packet (our data plus IP header) still fits
4027 * into
4028 * outgoing interface MTU. This correction isn't really meaningful for
4029 * an
4030 * oversized LSA, but for consistency the correction is done for both
4031 * cases.
4032 *
4033 * P.S. OSPF_MAX_PACKET_SIZE above already includes IP header size
4034 */
4035 return ospf_packet_new(size - sizeof(struct ip));
718e3744 4036}
4037
d62a17ae 4038static void ospf_ls_upd_queue_send(struct ospf_interface *oi,
046460a1
CS		 4039 struct list *update, struct in_addr addr,
4040 int send_lsupd_now)
718e3744 4041{
d62a17ae 4042 struct ospf_packet *op;
d7c0a89a 4043 uint16_t length = OSPF_HEADER_SIZE;
d62a17ae 4044
4045 if (IS_DEBUG_OSPF_EVENT)
96b663a3
MS		 4046 zlog_debug("listcount = %d, [%s]dst %pI4", listcount(update),
4047 IF_NAME(oi), &addr);
d62a17ae 4048
19274fe8
OD		 4049 /* Check that we have really something to process */
4050 if (listcount(update) == 0)
4051 return;
4052
d62a17ae 4053 op = ospf_ls_upd_packet_new(update, oi);
718e3744 4054
d62a17ae 4055 /* Prepare OSPF common header. */
4056 ospf_make_header(OSPF_MSG_LS_UPD, oi, op->s);
718e3744 4057
d62a17ae 4058 /* Prepare OSPF Link State Update body.
4059 * Includes Type-7 translation.
4060 */
4061 length += ospf_make_ls_upd(oi, update, op->s);
4062
4063 /* Fill OSPF header. */
4064 ospf_fill_header(oi, op->s, length);
4065
4066 /* Set packet length. */
4067 op->length = length;
4068
4069 /* Decide destination address. */
4070 if (oi->type == OSPF_IFTYPE_POINTOPOINT)
4071 op->dst.s_addr = htonl(OSPF_ALLSPFROUTERS);
4072 else
4073 op->dst.s_addr = addr.s_addr;
4074
4075 /* Add packet to the interface output queue. */
4076 ospf_packet_add(oi, op);
046460a1
CS		 4077 /* Call ospf_write() right away to send ospf packets to neighbors */
4078 if (send_lsupd_now) {
4079 struct thread os_packet_thd;
4080
4081 os_packet_thd.arg = (void *)oi->ospf;
4082 if (oi->on_write_q == 0) {
4083 listnode_add(oi->ospf->oi_write_q, oi);
4084 oi->on_write_q = 1;
4085 }
4086 ospf_write(&os_packet_thd);
4173cc8e
DS		 4087 /*
4088 * We are fake calling ospf_write with a fake
4089 * thread. Imagine that we have oi_a already
4090 * enqueued and we have turned on the write
4091 * thread(t_write).
4092 * Now this function calls this for oi_b
4093 * so the on_write_q has oi_a and oi_b on
4094 * it, ospf_write runs and clears the packets
4095 * for both oi_a and oi_b. Removing them from
4096 * the on_write_q. After this thread of execution
4097 * finishes we will execute the t_write thread
4098 * with nothing in the on_write_q causing an
4099 * assert. So just make sure that the t_write
4100 * is actually turned off.
4101 */
4102 if (list_isempty(oi->ospf->oi_write_q))
4103 OSPF_TIMER_OFF(oi->ospf->t_write);
046460a1
CS		 4104 } else {
4105 /* Hook thread to write packet. */
4106 OSPF_ISM_WRITE_ON(oi->ospf);
4107 }
d62a17ae 4108}
4109
4110static int ospf_ls_upd_send_queue_event(struct thread *thread)
4111{
4112 struct ospf_interface *oi = THREAD_ARG(thread);
4113 struct route_node *rn;
4114 struct route_node *rnext;
4115 struct list *update;
4116 char again = 0;
4117
4118 oi->t_ls_upd_event = NULL;
4119
4120 if (IS_DEBUG_OSPF_EVENT)
4121 zlog_debug("ospf_ls_upd_send_queue start");
4122
4123 for (rn = route_top(oi->ls_upd_queue); rn; rn = rnext) {
4124 rnext = route_next(rn);
4125
4126 if (rn->info == NULL)
4127 continue;
4128
4129 update = (struct list *)rn->info;
4130
046460a1 4131 ospf_ls_upd_queue_send(oi, update, rn->p.u.prefix4, 0);
d62a17ae 4132
4133 /* list might not be empty. */
4134 if (listcount(update) == 0) {
6a154c88 4135 list_delete((struct list **)&rn->info);
d62a17ae 4136 route_unlock_node(rn);
4137 } else
4138 again = 1;
4139 }
4140
4141 if (again != 0) {
4142 if (IS_DEBUG_OSPF_EVENT)
4143 zlog_debug(
3efd0893 4144 "ospf_ls_upd_send_queue: update lists not cleared, %d nodes to try again, raising new event",
d62a17ae 4145 again);
4146 oi->t_ls_upd_event = NULL;
4147 thread_add_event(master, ospf_ls_upd_send_queue_event, oi, 0,
4148 &oi->t_ls_upd_event);
4149 }
4150
4151 if (IS_DEBUG_OSPF_EVENT)
4152 zlog_debug("ospf_ls_upd_send_queue stop");
4153
4154 return 0;
4155}
4156
046460a1
CS		 4157void ospf_ls_upd_send(struct ospf_neighbor *nbr, struct list *update, int flag,
4158 int send_lsupd_now)
d62a17ae 4159{
4160 struct ospf_interface *oi;
4161 struct ospf_lsa *lsa;
4162 struct prefix_ipv4 p;
4163 struct route_node *rn;
4164 struct listnode *node;
4165
4166 oi = nbr->oi;
4167
4168 p.family = AF_INET;
4169 p.prefixlen = IPV4_MAX_BITLEN;
4170
4171 /* Decide destination address. */
4172 if (oi->type == OSPF_IFTYPE_VIRTUALLINK)
4173 p.prefix = oi->vl_data->peer_addr;
4174 else if (oi->type == OSPF_IFTYPE_POINTOPOINT)
4175 p.prefix.s_addr = htonl(OSPF_ALLSPFROUTERS);
4176 else if (flag == OSPF_SEND_PACKET_DIRECT)
4177 p.prefix = nbr->address.u.prefix4;
4178 else if (oi->state == ISM_DR || oi->state == ISM_Backup)
4179 p.prefix.s_addr = htonl(OSPF_ALLSPFROUTERS);
4180 else if (oi->type == OSPF_IFTYPE_POINTOMULTIPOINT)
4181 p.prefix.s_addr = htonl(OSPF_ALLSPFROUTERS);
4182 else
4183 p.prefix.s_addr = htonl(OSPF_ALLDROUTERS);
4184
4185 if (oi->type == OSPF_IFTYPE_NBMA) {
4186 if (flag == OSPF_SEND_PACKET_INDIRECT)
c9cc11f6 4187 flog_warn(
cf444bcf 4188 EC_OSPF_PACKET,
d62a17ae 4189 "* LS-Update is directly sent on NBMA network.");
19aad877 4190 if (IPV4_ADDR_SAME(&oi->address->u.prefix4, &p.prefix))
cf444bcf 4191 flog_warn(EC_OSPF_PACKET,
c9cc11f6 4192 "* LS-Update is sent to myself.");
d62a17ae 4193 }
4194
4195 rn = route_node_get(oi->ls_upd_queue, (struct prefix *)&p);
4196
4197 if (rn->info == NULL)
4198 rn->info = list_new();
4199 else
4200 route_unlock_node(rn);
4201
4202 for (ALL_LIST_ELEMENTS_RO(update, node, lsa))
4203 listnode_add(rn->info,
4204 ospf_lsa_lock(lsa)); /* oi->ls_upd_queue */
046460a1
CS		 4205 if (send_lsupd_now) {
4206 struct list *send_update_list;
f7813c7c 4207 struct route_node *rnext;
d62a17ae 4208
046460a1
CS		 4209 for (rn = route_top(oi->ls_upd_queue); rn; rn = rnext) {
4210 rnext = route_next(rn);
4211
4212 if (rn->info == NULL)
4213 continue;
4214
4215 send_update_list = (struct list *)rn->info;
4216
4217 ospf_ls_upd_queue_send(oi, send_update_list,
4218 rn->p.u.prefix4, 1);
046460a1
CS		 4219 }
4220 } else
4221 thread_add_event(master, ospf_ls_upd_send_queue_event, oi, 0,
996c9314 4222 &oi->t_ls_upd_event);
718e3744 4223}
4224
d62a17ae 4225static void ospf_ls_ack_send_list(struct ospf_interface *oi, struct list *ack,
4226 struct in_addr dst)
718e3744 4227{
d62a17ae 4228 struct ospf_packet *op;
d7c0a89a 4229 uint16_t length = OSPF_HEADER_SIZE;
d62a17ae 4230
4231 op = ospf_packet_new(oi->ifp->mtu);
4232
4233 /* Prepare OSPF common header. */
4234 ospf_make_header(OSPF_MSG_LS_ACK, oi, op->s);
4235
4236 /* Prepare OSPF Link State Acknowledgment body. */
4237 length += ospf_make_ls_ack(oi, ack, op->s);
4238
4239 /* Fill OSPF header. */
4240 ospf_fill_header(oi, op->s, length);
718e3744 4241
d62a17ae 4242 /* Set packet length. */
4243 op->length = length;
4244
4245 /* Decide destination address. */
4246 if (oi->type == OSPF_IFTYPE_POINTOPOINT)
4247 op->dst.s_addr = htonl(OSPF_ALLSPFROUTERS);
4248 else
4249 op->dst.s_addr = dst.s_addr;
4250
4251 /* Add packet to the interface output queue. */
4252 ospf_packet_add(oi, op);
4253
4254 /* Hook thread to write packet. */
4255 OSPF_ISM_WRITE_ON(oi->ospf);
4256}
4257
4258static int ospf_ls_ack_send_event(struct thread *thread)
4259{
4260 struct ospf_interface *oi = THREAD_ARG(thread);
4261
4262 oi->t_ls_ack_direct = NULL;
4263
4264 while (listcount(oi->ls_ack_direct.ls_ack))
4265 ospf_ls_ack_send_list(oi, oi->ls_ack_direct.ls_ack,
4266 oi->ls_ack_direct.dst);
4267
4268 return 0;
4269}
4270
4271void ospf_ls_ack_send(struct ospf_neighbor *nbr, struct ospf_lsa *lsa)
4272{
4273 struct ospf_interface *oi = nbr->oi;
4274
5a77dd8f 4275 if (IS_GRACE_LSA(lsa)) {
3f87e1d8 4276 if (IS_DEBUG_OSPF_GR)
5a77dd8f 4277 zlog_debug("%s, Sending GRACE ACK to Restarter.",
a4544597 4278 __func__);
5a77dd8f 4279 }
4280
d62a17ae 4281 if (listcount(oi->ls_ack_direct.ls_ack) == 0)
4282 oi->ls_ack_direct.dst = nbr->address.u.prefix4;
4283
4284 listnode_add(oi->ls_ack_direct.ls_ack, ospf_lsa_lock(lsa));
4285
4286 thread_add_event(master, ospf_ls_ack_send_event, oi, 0,
4287 &oi->t_ls_ack_direct);
718e3744 4288}
4289
4290/* Send Link State Acknowledgment delayed. */
d62a17ae 4291void ospf_ls_ack_send_delayed(struct ospf_interface *oi)
4292{
4293 struct in_addr dst;
4294
4295 /* Decide destination address. */
4296 /* RFC2328 Section 13.5 On non-broadcast
4297 networks, delayed Link State Acknowledgment packets must be
4298 unicast separately over each adjacency (i.e., neighbor whose
4299 state is >= Exchange). */
4300 if (oi->type == OSPF_IFTYPE_NBMA) {
4301 struct ospf_neighbor *nbr;
4302 struct route_node *rn;
4303
4304 for (rn = route_top(oi->nbrs); rn; rn = route_next(rn))
4305 if ((nbr = rn->info) != NULL)
4306 if (nbr != oi->nbr_self
4307 && nbr->state >= NSM_Exchange)
4308 while (listcount(oi->ls_ack))
4309 ospf_ls_ack_send_list(
4310 oi, oi->ls_ack,
4311 nbr->address.u.prefix4);
4312 return;
4313 }
4314 if (oi->type == OSPF_IFTYPE_VIRTUALLINK)
4315 dst.s_addr = oi->vl_data->peer_addr.s_addr;
4316 else if (oi->state == ISM_DR || oi->state == ISM_Backup)
4317 dst.s_addr = htonl(OSPF_ALLSPFROUTERS);
4318 else if (oi->type == OSPF_IFTYPE_POINTOPOINT)
4319 dst.s_addr = htonl(OSPF_ALLSPFROUTERS);
4320 else if (oi->type == OSPF_IFTYPE_POINTOMULTIPOINT)
4321 dst.s_addr = htonl(OSPF_ALLSPFROUTERS);
4322 else
4323 dst.s_addr = htonl(OSPF_ALLDROUTERS);
4324
4325 while (listcount(oi->ls_ack))
4326 ospf_ls_ack_send_list(oi, oi->ls_ack, dst);
718e3744 4327}
8b6912c2
DS		 4328
4329/*
4330 * On pt-to-pt links, all OSPF control packets are sent to the multicast
4331 * address. As a result, the kernel does not need to learn the interface
4332 * MAC of the OSPF neighbor. However, in our world, this will delay
4333 * convergence. Take the case when due to a link flap, all routes now
4334 * want to use an interface which was deemed to be costlier prior to this
4335 * event. For routes that will be installed, the missing MAC will have
4336 * punt-to-CPU set on them. This may overload the CPU control path that
4337 * can be avoided if the MAC was known apriori.
4338 */
d62a17ae 4339void ospf_proactively_arp(struct ospf_neighbor *nbr)
4340{
a92706bb 4341 if (!nbr || !nbr->oi->ospf->proactive_arp)
d62a17ae 4342 return;
4343
aa530b62 4344 ospf_zebra_send_arp(nbr->oi->ifp, &nbr->address);
8b6912c2 4345}
FRRouting mirror