1 // SPDX-License-Identifier: ISC
5 * Copyright (c) 2013, 2016 Renato Westphal <renato@openbsd.org>
6 * Copyright (c) 2009 Michele Marchetto <michele@openbsd.org>
7 * Copyright (c) 2004, 2005, 2008 Esben Norby <norby@openbsd.org>
18 static struct iface
*disc_find_iface(unsigned int, int,
20 static void session_read(struct event
*thread
);
21 static void session_write(struct event
*thread
);
22 static ssize_t
session_get_pdu(struct ibuf_read
*, char **);
23 static void tcp_close(struct tcp_conn
*);
24 static struct pending_conn
*pending_conn_new(int, int, union ldpd_addr
*);
25 static void pending_conn_timeout(struct event
*thread
);
28 gen_ldp_hdr(struct ibuf
*buf
, uint16_t size
)
30 struct ldp_hdr ldp_hdr
;
32 memset(&ldp_hdr
, 0, sizeof(ldp_hdr
));
33 ldp_hdr
.version
= htons(LDP_VERSION
);
34 /* exclude the 'Version' and 'PDU Length' fields from the total */
35 ldp_hdr
.length
= htons(size
- LDP_HDR_DEAD_LEN
);
36 ldp_hdr
.lsr_id
= ldp_rtr_id_get(leconf
);
37 ldp_hdr
.lspace_id
= 0;
39 return (ibuf_add(buf
, &ldp_hdr
, LDP_HDR_SIZE
));
43 gen_msg_hdr(struct ibuf
*buf
, uint16_t type
, uint16_t size
)
45 static int msgcnt
= 0;
48 memset(&msg
, 0, sizeof(msg
));
49 msg
.type
= htons(type
);
50 /* exclude the 'Type' and 'Length' fields from the total */
51 msg
.length
= htons(size
- LDP_MSG_DEAD_LEN
);
52 msg
.id
= htonl(++msgcnt
);
54 return (ibuf_add(buf
, &msg
, sizeof(msg
)));
59 send_packet(int fd
, int af
, union ldpd_addr
*dst
, struct iface_af
*ia
,
60 void *pkt
, size_t len
)
66 if (ia
&& IN_MULTICAST(ntohl(dst
->v4
.s_addr
))) {
67 /* set outgoing interface for multicast traffic */
68 if (sock_set_ipv4_mcast(ia
->iface
) == -1) {
69 log_debug("%s: error setting multicast interface, %s", __func__
, ia
->iface
->name
);
75 if (ia
&& IN6_IS_ADDR_MULTICAST(&dst
->v6
)) {
76 /* set outgoing interface for multicast traffic */
77 if (sock_set_ipv6_mcast(ia
->iface
) == -1) {
78 log_debug("%s: error setting multicast interface, %s", __func__
, ia
->iface
->name
);
84 fatalx("send_packet: unknown af");
87 addr2sa(af
, dst
, LDP_PORT
, &su
);
88 if (sendto(fd
, pkt
, len
, 0, &su
.sa
, sockaddr_len(&su
.sa
)) == -1) {
89 log_warn("%s: error sending packet to %s", __func__
,
90 log_sockaddr(&su
.sa
));
97 /* Discovery functions */
98 void disc_recv_packet(struct event
*thread
)
100 int fd
= EVENT_FD(thread
);
101 struct event
**threadp
= EVENT_ARG(thread
);
105 #ifdef HAVE_STRUCT_SOCKADDR_DL
106 char buf
[CMSG_SPACE(sizeof(struct sockaddr_dl
))];
108 char buf
[CMSG_SPACE(sizeof(struct in6_pktinfo
))];
112 struct sockaddr_storage from
;
116 struct cmsghdr
*cmsg
;
122 unsigned int ifindex
= 0;
123 struct iface
*iface
= NULL
;
125 struct ldp_hdr ldp_hdr
;
129 struct in_addr lsr_id
;
131 /* reschedule read */
132 event_add_read(master
, disc_recv_packet
, threadp
, fd
, threadp
);
135 memset(&m
, 0, sizeof(m
));
136 iov
.iov_base
= buf
= pkt_ptr
;
137 iov
.iov_len
= IBUF_READ_SIZE
;
139 m
.msg_namelen
= sizeof(from
);
142 m
.msg_control
= &cmsgbuf
.buf
;
143 m
.msg_controllen
= sizeof(cmsgbuf
.buf
);
145 if ((r
= recvmsg(fd
, &m
, 0)) == -1) {
146 if (errno
!= EAGAIN
&& errno
!= EINTR
)
147 log_debug("%s: read error: %s", __func__
,
152 sa2addr((struct sockaddr
*)&from
, &af
, &src
, NULL
);
154 multicast
= (m
.msg_flags
& MSG_MCAST
) ? 1 : 0;
157 for (cmsg
= CMSG_FIRSTHDR(&m
); cmsg
!= NULL
;
158 cmsg
= CMSG_NXTHDR(&m
, cmsg
)) {
159 #if defined(HAVE_IP_PKTINFO)
160 if (af
== AF_INET
&& cmsg
->cmsg_level
== IPPROTO_IP
&&
161 cmsg
->cmsg_type
== IP_PKTINFO
) {
162 struct in_pktinfo
*pktinfo
;
164 pktinfo
= (struct in_pktinfo
*)CMSG_DATA(cmsg
);
165 if (IN_MULTICAST(ntohl(pktinfo
->ipi_addr
.s_addr
)))
169 #elif defined(HAVE_IP_RECVDSTADDR)
170 if (af
== AF_INET
&& cmsg
->cmsg_level
== IPPROTO_IP
&&
171 cmsg
->cmsg_type
== IP_RECVDSTADDR
) {
172 struct in_addr
*addr
;
174 addr
= (struct in_addr
*)CMSG_DATA(cmsg
);
175 if (IN_MULTICAST(ntohl(addr
->s_addr
)))
180 #error "Unsupported socket API"
182 if (af
== AF_INET6
&& cmsg
->cmsg_level
== IPPROTO_IPV6
&&
183 cmsg
->cmsg_type
== IPV6_PKTINFO
) {
184 struct in6_pktinfo
*pktinfo
;
186 pktinfo
= (struct in6_pktinfo
*)CMSG_DATA(cmsg
);
187 if (IN6_IS_ADDR_MULTICAST(&pktinfo
->ipi6_addr
))
192 #endif /* MSG_MCAST */
193 if (bad_addr(af
, &src
)) {
194 log_debug("%s: invalid source address: %s", __func__
,
198 ifindex
= getsockopt_ifindex(af
, &m
);
200 /* find a matching interface */
202 iface
= disc_find_iface(ifindex
, af
, &src
);
207 /* check packet size */
209 if (len
< (LDP_HDR_SIZE
+ LDP_MSG_SIZE
) || len
> LDP_MAX_LEN
) {
210 log_debug("%s: bad packet size, source %s", __func__
,
215 /* LDP header sanity checks */
216 memcpy(&ldp_hdr
, buf
, sizeof(ldp_hdr
));
217 if (ntohs(ldp_hdr
.version
) != LDP_VERSION
) {
218 log_debug("%s: invalid LDP version %d, source %s", __func__
,
219 ntohs(ldp_hdr
.version
), log_addr(af
, &src
));
222 if (ntohs(ldp_hdr
.lspace_id
) != 0) {
223 log_debug("%s: invalid label space %u, source %s", __func__
,
224 ntohs(ldp_hdr
.lspace_id
), log_addr(af
, &src
));
227 /* check "PDU Length" field */
228 pdu_len
= ntohs(ldp_hdr
.length
);
229 if ((pdu_len
< (LDP_HDR_PDU_LEN
+ LDP_MSG_SIZE
)) ||
230 (pdu_len
> (len
- LDP_HDR_DEAD_LEN
))) {
231 log_debug("%s: invalid LDP packet length %u, source %s",
232 __func__
, ntohs(ldp_hdr
.length
), log_addr(af
, &src
));
238 lsr_id
.s_addr
= ldp_hdr
.lsr_id
;
241 * For UDP, we process only the first message of each packet. This does
242 * not impose any restrictions since LDP uses UDP only for sending Hello
245 memcpy(&msg
, buf
, sizeof(msg
));
247 /* check "Message Length" field */
248 msg_len
= ntohs(msg
.length
);
249 if (msg_len
< LDP_MSG_LEN
|| ((msg_len
+ LDP_MSG_DEAD_LEN
) > pdu_len
)) {
250 log_debug("%s: invalid LDP message length %u, source %s",
251 __func__
, ntohs(msg
.length
), log_addr(af
, &src
));
257 /* switch LDP packet type */
258 switch (ntohs(msg
.type
)) {
260 recv_hello(lsr_id
, &msg
, af
, &src
, iface
, multicast
, buf
, len
);
263 log_debug("%s: unknown LDP packet type, source %s", __func__
,
268 static struct iface
*
269 disc_find_iface(unsigned int ifindex
, int af
, union ldpd_addr
*src
)
274 iface
= if_lookup(leconf
, ifindex
);
278 ia
= iface_af_get(iface
, af
);
283 * RFC 7552 - Section 5.1:
284 * "Link-local IPv6 address MUST be used as the source IP address in
285 * IPv6 LDP Link Hellos".
287 if (af
== AF_INET6
&& !IN6_IS_ADDR_LINKLOCAL(&src
->v6
))
293 void session_accept(struct event
*thread
)
295 int fd
= EVENT_FD(thread
);
296 struct sockaddr_storage src
;
297 socklen_t len
= sizeof(src
);
300 union ldpd_addr addr
;
302 struct pending_conn
*pconn
;
304 newfd
= accept(fd
, (struct sockaddr
*)&src
, &len
);
307 * Pause accept if we are out of file descriptors, or
308 * libevent will haunt us here too.
310 if (errno
== ENFILE
|| errno
== EMFILE
) {
312 } else if (errno
!= EWOULDBLOCK
&& errno
!= EINTR
&&
313 errno
!= ECONNABORTED
)
314 log_debug("%s: accept error: %s", __func__
,
318 sock_set_nonblock(newfd
);
320 sa2addr((struct sockaddr
*)&src
, &af
, &addr
, NULL
);
323 * Since we don't support label spaces, we can identify this neighbor
324 * just by its source address. This way we don't need to wait for its
325 * Initialization message to know who we are talking to.
327 nbr
= nbr_find_addr(af
, &addr
);
330 * According to RFC 5036, we would need to send a No Hello
331 * Error Notification message and close this TCP connection
332 * right now. But doing so would trigger the backoff exponential
333 * timer in the remote peer, which would considerably slow down
334 * the session establishment process. The trick here is to wait
335 * five seconds before sending the Notification Message. There's
336 * a good chance that the remote peer will send us a Hello
337 * message within this interval, so it's worth waiting before
338 * taking a more drastic measure.
340 pconn
= pending_conn_find(af
, &addr
);
344 pending_conn_new(newfd
, af
, &addr
);
347 /* protection against buggy implementations */
348 if (nbr_session_active_role(nbr
)) {
352 if (nbr
->state
!= NBR_STA_PRESENT
) {
353 log_debug("%s: lsr-id %pI4: rejecting additional transport connection", __func__
, &nbr
->id
);
358 session_accept_nbr(nbr
, newfd
);
362 session_accept_nbr(struct nbr
*nbr
, int fd
)
365 struct nbr_params
*nbrp
;
369 nbrp
= nbr_params_find(leconf
, nbr
->id
);
370 if (nbr_gtsm_check(fd
, nbr
, nbrp
)) {
375 if (nbrp
&& nbrp
->auth
.method
== AUTH_MD5SIG
) {
376 if (sysdep
.no_pfkey
|| sysdep
.no_md5sig
) {
377 log_warnx("md5sig configured but not available");
383 if (getsockopt(fd
, IPPROTO_TCP
, TCP_MD5SIG
, &opt
, &len
) == -1)
384 fatal("getsockopt TCP_MD5SIG");
385 if (!opt
) { /* non-md5'd connection! */
386 log_warnx("connection attempt without md5 signature");
393 nbr
->tcp
= tcp_new(fd
, nbr
);
394 nbr_fsm(nbr
, NBR_EVT_MATCH_ADJ
);
397 static void session_read(struct event
*thread
)
399 int fd
= EVENT_FD(thread
);
400 struct nbr
*nbr
= EVENT_ARG(thread
);
401 struct tcp_conn
*tcp
= nbr
->tcp
;
402 struct ldp_hdr
*ldp_hdr
;
404 char *buf
= NULL
, *pdu
;
406 uint16_t pdu_len
, msg_len
, msg_size
, max_pdu_len
;
409 event_add_read(master
, session_read
, nbr
, fd
, &tcp
->rev
);
411 if ((n
= read(fd
, tcp
->rbuf
->buf
+ tcp
->rbuf
->wpos
,
412 sizeof(tcp
->rbuf
->buf
) - tcp
->rbuf
->wpos
)) == -1) {
413 if (errno
!= EINTR
&& errno
!= EAGAIN
) {
414 log_warn("%s: read error", __func__
);
415 nbr_fsm(nbr
, NBR_EVT_CLOSE_SESSION
);
422 /* connection closed */
423 log_debug("%s: connection closed by remote end", __func__
);
424 nbr_fsm(nbr
, NBR_EVT_CLOSE_SESSION
);
427 tcp
->rbuf
->wpos
+= n
;
429 while ((len
= session_get_pdu(tcp
->rbuf
, &buf
)) > 0) {
431 ldp_hdr
= (struct ldp_hdr
*)pdu
;
432 if (ntohs(ldp_hdr
->version
) != LDP_VERSION
) {
433 session_shutdown(nbr
, S_BAD_PROTO_VER
, 0, 0);
438 pdu_len
= ntohs(ldp_hdr
->length
);
440 * RFC 5036 - Section 3.5.3:
441 * "Prior to completion of the negotiation, the maximum
442 * allowable length is 4096 bytes".
444 if (nbr
->state
== NBR_STA_OPER
)
445 max_pdu_len
= nbr
->max_pdu_len
;
447 max_pdu_len
= LDP_MAX_LEN
;
448 if (pdu_len
< (LDP_HDR_PDU_LEN
+ LDP_MSG_SIZE
) ||
449 pdu_len
> max_pdu_len
) {
450 session_shutdown(nbr
, S_BAD_PDU_LEN
, 0, 0);
454 pdu_len
-= LDP_HDR_PDU_LEN
;
455 if (ldp_hdr
->lsr_id
!= nbr
->id
.s_addr
||
456 ldp_hdr
->lspace_id
!= 0) {
457 session_shutdown(nbr
, S_BAD_LDP_ID
, 0, 0);
464 nbr_fsm(nbr
, NBR_EVT_PDU_RCVD
);
466 while (len
>= LDP_MSG_SIZE
) {
469 msg
= (struct ldp_msg
*)pdu
;
470 type
= ntohs(msg
->type
);
471 msg_len
= ntohs(msg
->length
);
472 if (msg_len
< LDP_MSG_LEN
||
473 (msg_len
+ LDP_MSG_DEAD_LEN
) > pdu_len
) {
474 session_shutdown(nbr
, S_BAD_MSG_LEN
, msg
->id
,
479 msg_size
= msg_len
+ LDP_MSG_DEAD_LEN
;
482 /* check for error conditions earlier */
485 if ((nbr
->state
!= NBR_STA_INITIAL
) &&
486 (nbr
->state
!= NBR_STA_OPENSENT
)) {
487 session_shutdown(nbr
, S_SHUTDOWN
,
493 case MSG_TYPE_KEEPALIVE
:
494 if ((nbr
->state
== NBR_STA_INITIAL
) ||
495 (nbr
->state
== NBR_STA_OPENSENT
)) {
496 session_shutdown(nbr
, S_SHUTDOWN
,
502 case MSG_TYPE_NOTIFICATION
:
505 if (nbr
->state
!= NBR_STA_OPER
) {
506 session_shutdown(nbr
, S_SHUTDOWN
,
514 /* switch LDP packet type */
516 case MSG_TYPE_NOTIFICATION
:
517 ret
= recv_notification(nbr
, pdu
, msg_size
);
520 ret
= recv_init(nbr
, pdu
, msg_size
);
522 case MSG_TYPE_KEEPALIVE
:
523 ret
= recv_keepalive(nbr
, pdu
, msg_size
);
525 case MSG_TYPE_CAPABILITY
:
526 ret
= recv_capability(nbr
, pdu
, msg_size
);
529 case MSG_TYPE_ADDRWITHDRAW
:
530 ret
= recv_address(nbr
, pdu
, msg_size
);
532 case MSG_TYPE_LABELMAPPING
:
533 case MSG_TYPE_LABELREQUEST
:
534 case MSG_TYPE_LABELWITHDRAW
:
535 case MSG_TYPE_LABELRELEASE
:
536 case MSG_TYPE_LABELABORTREQ
:
537 ret
= recv_labelmessage(nbr
, pdu
, msg_size
,
541 log_debug("%s: unknown LDP message from nbr %pI4",
543 if (!(ntohs(msg
->type
) & UNKNOWN_FLAG
)) {
544 nbr
->stats
.unknown_msg
++;
545 send_notification(nbr
->tcp
,
546 S_UNKNOWN_MSG
, msg
->id
, msg
->type
);
548 /* ignore the message */
554 /* parser failed, giving up */
559 /* no errors - update per neighbor message counters */
561 case MSG_TYPE_NOTIFICATION
:
562 nbr
->stats
.notif_rcvd
++;
564 case MSG_TYPE_KEEPALIVE
:
565 nbr
->stats
.kalive_rcvd
++;
567 case MSG_TYPE_CAPABILITY
:
568 nbr
->stats
.capability_rcvd
++;
571 nbr
->stats
.addr_rcvd
++;
573 case MSG_TYPE_ADDRWITHDRAW
:
574 nbr
->stats
.addrwdraw_rcvd
++;
576 case MSG_TYPE_LABELMAPPING
:
577 nbr
->stats
.labelmap_rcvd
++;
579 case MSG_TYPE_LABELREQUEST
:
580 nbr
->stats
.labelreq_rcvd
++;
582 case MSG_TYPE_LABELWITHDRAW
:
583 nbr
->stats
.labelwdraw_rcvd
++;
585 case MSG_TYPE_LABELRELEASE
:
586 nbr
->stats
.labelrel_rcvd
++;
588 case MSG_TYPE_LABELABORTREQ
:
589 nbr
->stats
.labelabreq_rcvd
++;
595 /* Analyse the next message */
602 session_shutdown(nbr
, S_BAD_PDU_LEN
, 0, 0);
607 /* shouldn't happen, session_get_pdu should be > 0 if buf was
608 * allocated - but let's get rid of the SA warning.
613 static void session_write(struct event
*thread
)
615 struct tcp_conn
*tcp
= EVENT_ARG(thread
);
616 struct nbr
*nbr
= tcp
->nbr
;
620 if (msgbuf_write(&tcp
->wbuf
.wbuf
) <= 0)
621 if (errno
!= EAGAIN
&& nbr
)
622 nbr_fsm(nbr
, NBR_EVT_CLOSE_SESSION
);
624 if (nbr
== NULL
&& !tcp
->wbuf
.wbuf
.queued
) {
626 * We are done sending the notification message, now we can
633 evbuf_event_add(&tcp
->wbuf
);
637 session_shutdown(struct nbr
*nbr
, uint32_t status
, uint32_t msg_id
,
640 switch (nbr
->state
) {
641 case NBR_STA_PRESENT
:
642 if (nbr_pending_connect(nbr
))
643 EVENT_OFF(nbr
->ev_connect
);
645 case NBR_STA_INITIAL
:
646 case NBR_STA_OPENREC
:
647 case NBR_STA_OPENSENT
:
648 /* update SNMP session counters during initialization */
649 leconf
->stats
.session_attempts
++;
650 send_notification(nbr
->tcp
, status
, msg_id
, msg_type
);
652 nbr_fsm(nbr
, NBR_EVT_CLOSE_SESSION
);
655 send_notification(nbr
->tcp
, status
, msg_id
, msg_type
);
657 nbr_fsm(nbr
, NBR_EVT_CLOSE_SESSION
);
660 fatalx("session_shutdown: unknown neighbor state");
665 session_close(struct nbr
*nbr
)
667 log_debug("%s: closing session with lsr-id %pI4", __func__
,
670 ldp_sync_fsm_nbr_event(nbr
, LDP_SYNC_EVT_SESSION_CLOSE
);
673 nbr_stop_ktimer(nbr
);
674 nbr_stop_ktimeout(nbr
);
675 nbr_stop_itimeout(nbr
);
679 session_get_pdu(struct ibuf_read
*r
, char **b
)
682 size_t av
, dlen
, left
;
688 memcpy(&l
, r
->buf
, sizeof(l
));
689 dlen
= ntohs(l
.length
) + LDP_HDR_DEAD_LEN
;
693 if ((*b
= malloc(dlen
)) == NULL
)
696 memcpy(*b
, r
->buf
, dlen
);
699 memmove(r
->buf
, r
->buf
+ dlen
, left
);
708 tcp_new(int fd
, struct nbr
*nbr
)
710 struct tcp_conn
*tcp
;
711 struct sockaddr_storage ss
;
712 socklen_t len
= sizeof(ss
);
714 if ((tcp
= calloc(1, sizeof(*tcp
))) == NULL
)
718 evbuf_init(&tcp
->wbuf
, tcp
->fd
, session_write
, tcp
);
721 if ((tcp
->rbuf
= calloc(1, sizeof(struct ibuf_read
))) == NULL
)
724 event_add_read(master
, session_read
, nbr
, tcp
->fd
, &tcp
->rev
);
728 if (getsockname(fd
, (struct sockaddr
*)&ss
, &len
) != 0)
729 log_warn("%s: getsockname", __func__
);
731 sa2addr((struct sockaddr
*)&ss
, NULL
, NULL
, &tcp
->lport
);
732 if (getpeername(fd
, (struct sockaddr
*)&ss
, &len
) != 0)
733 log_warn("%s: getpeername", __func__
);
735 sa2addr((struct sockaddr
*)&ss
, NULL
, NULL
, &tcp
->rport
);
741 tcp_close(struct tcp_conn
*tcp
)
743 /* try to flush write buffer */
744 msgbuf_write(&tcp
->wbuf
.wbuf
);
745 evbuf_clear(&tcp
->wbuf
);
750 tcp
->nbr
->tcp
= NULL
;
758 static struct pending_conn
*
759 pending_conn_new(int fd
, int af
, union ldpd_addr
*addr
)
761 struct pending_conn
*pconn
;
763 if ((pconn
= calloc(1, sizeof(*pconn
))) == NULL
)
769 TAILQ_INSERT_TAIL(&global
.pending_conns
, pconn
, entry
);
770 pconn
->ev_timeout
= NULL
;
771 event_add_timer(master
, pending_conn_timeout
, pconn
,
772 PENDING_CONN_TIMEOUT
, &pconn
->ev_timeout
);
778 pending_conn_del(struct pending_conn
*pconn
)
780 EVENT_OFF(pconn
->ev_timeout
);
781 TAILQ_REMOVE(&global
.pending_conns
, pconn
, entry
);
785 struct pending_conn
*
786 pending_conn_find(int af
, union ldpd_addr
*addr
)
788 struct pending_conn
*pconn
;
790 TAILQ_FOREACH(pconn
, &global
.pending_conns
, entry
)
791 if (af
== pconn
->af
&&
792 ldp_addrcmp(af
, addr
, &pconn
->addr
) == 0)
798 static void pending_conn_timeout(struct event
*thread
)
800 struct pending_conn
*pconn
= EVENT_ARG(thread
);
801 struct tcp_conn
*tcp
;
803 pconn
->ev_timeout
= NULL
;
805 log_debug("%s: no adjacency with remote end: %s", __func__
,
806 log_addr(pconn
->af
, &pconn
->addr
));
809 * Create a write buffer detached from any neighbor to send a
810 * notification message reliably.
812 tcp
= tcp_new(pconn
->fd
, NULL
);
813 send_notification(tcp
, S_NO_HELLO
, 0, 0);
814 msgbuf_write(&tcp
->wbuf
.wbuf
);
816 pending_conn_del(pconn
);