]> git.proxmox.com Git - mirror_frr.git/blob - ospfd/ospf_packet.c
projects / mirror_frr.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge pull request #12366 from manojvn/ospfv2-flood-reduction
[mirror_frr.git] / ospfd / ospf_packet.c
1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3 * OSPF Sending and Receiving OSPF Packets.
4 * Copyright (C) 1999, 2000 Toshiaki Takada
5 */
6
7 #include <zebra.h>
8
9 #include "monotime.h"
10 #include "thread.h"
11 #include "memory.h"
12 #include "linklist.h"
13 #include "prefix.h"
14 #include "if.h"
15 #include "table.h"
16 #include "sockunion.h"
17 #include "stream.h"
18 #include "log.h"
19 #include "sockopt.h"
20 #include "checksum.h"
21 #ifdef CRYPTO_INTERNAL
22 #include "md5.h"
23 #endif
24 #include "vrf.h"
25 #include "lib_errors.h"
26
27 #include "ospfd/ospfd.h"
28 #include "ospfd/ospf_network.h"
29 #include "ospfd/ospf_interface.h"
30 #include "ospfd/ospf_ism.h"
31 #include "ospfd/ospf_abr.h"
32 #include "ospfd/ospf_asbr.h"
33 #include "ospfd/ospf_lsa.h"
34 #include "ospfd/ospf_lsdb.h"
35 #include "ospfd/ospf_neighbor.h"
36 #include "ospfd/ospf_nsm.h"
37 #include "ospfd/ospf_packet.h"
38 #include "ospfd/ospf_spf.h"
39 #include "ospfd/ospf_flood.h"
40 #include "ospfd/ospf_dump.h"
41 #include "ospfd/ospf_errors.h"
42 #include "ospfd/ospf_zebra.h"
43 #include "ospfd/ospf_gr.h"
44
45 /*
46 * OSPF Fragmentation / fragmented writes
47 *
48 * ospfd can support writing fragmented packets, for cases where
49 * kernel will not fragment IP_HDRINCL and/or multicast destined
50 * packets (ie TTBOMK all kernels, BSD, SunOS, Linux). However,
51 * SunOS, probably BSD too, clobber the user supplied IP ID and IP
52 * flags fields, hence user-space fragmentation will not work.
53 * Only Linux is known to leave IP header unmolested.
54 * Further, fragmentation really should be done the kernel, which already
55 * supports it, and which avoids nasty IP ID state problems.
56 *
57 * Fragmentation of OSPF packets can be required on networks with router
58 * with many many interfaces active in one area, or on networks with links
59 * with low MTUs.
60 */
61 #ifdef GNU_LINUX
62 #define WANT_OSPF_WRITE_FRAGMENT
63 #endif
64
65 /* Packet Type String. */
66 const struct message ospf_packet_type_str[] = {
67 {OSPF_MSG_HELLO, "Hello"},
68 {OSPF_MSG_DB_DESC, "Database Description"},
69 {OSPF_MSG_LS_REQ, "Link State Request"},
70 {OSPF_MSG_LS_UPD, "Link State Update"},
71 {OSPF_MSG_LS_ACK, "Link State Acknowledgment"},
72 {0}};
73
74 /* Minimum (besides OSPF_HEADER_SIZE) lengths for OSPF packets of
75 particular types, offset is the "type" field of a packet. */
76 static const uint16_t ospf_packet_minlen[] = {
77 0,
78 OSPF_HELLO_MIN_SIZE,
79 OSPF_DB_DESC_MIN_SIZE,
80 OSPF_LS_REQ_MIN_SIZE,
81 OSPF_LS_UPD_MIN_SIZE,
82 OSPF_LS_ACK_MIN_SIZE,
83 };
84
85 /* Minimum (besides OSPF_LSA_HEADER_SIZE) lengths for LSAs of particular
86 types, offset is the "LSA type" field. */
87 static const uint16_t ospf_lsa_minlen[] = {
88 0, /* OSPF_UNKNOWN_LSA */
89 OSPF_ROUTER_LSA_MIN_SIZE, /* OSPF_ROUTER_LSA */
90 OSPF_NETWORK_LSA_MIN_SIZE, /* OSPF_NETWORK_LSA */
91 OSPF_SUMMARY_LSA_MIN_SIZE, /* OSPF_SUMMARY_LSA */
92 OSPF_SUMMARY_LSA_MIN_SIZE, /* OSPF_ASBR_SUMMARY_LSA */
93 OSPF_AS_EXTERNAL_LSA_MIN_SIZE, /* OSPF_AS_EXTERNAL_LSA */
94 0, /* Unsupported, OSPF_GROUP_MEMBER_LSA */
95 OSPF_AS_EXTERNAL_LSA_MIN_SIZE, /* OSPF_AS_NSSA_LSA */
96 0, /* Unsupported, OSPF_EXTERNAL_ATTRIBURES_LSA */
97 OSPF_OPAQUE_LSA_MIN_SIZE, /* OSPF_OPAQUE_LINK_LSA */
98 OSPF_OPAQUE_LSA_MIN_SIZE, /* OSPF_OPAQUE_AREA_LSA */
99 OSPF_OPAQUE_LSA_MIN_SIZE, /* OSPF_OPAQUE_AS_LSA */
100 };
101
102 /* for ospf_check_auth() */
103 static int ospf_check_sum(struct ospf_header *);
104
105 /* OSPF authentication checking function */
106 static int ospf_auth_type(struct ospf_interface *oi)
107 {
108 int auth_type;
109
110 if (OSPF_IF_PARAM(oi, auth_type) == OSPF_AUTH_NOTSET)
111 auth_type = oi->area->auth_type;
112 else
113 auth_type = OSPF_IF_PARAM(oi, auth_type);
114
115 /* Handle case where MD5 key list is not configured aka Cisco */
116 if (auth_type == OSPF_AUTH_CRYPTOGRAPHIC
117 && list_isempty(OSPF_IF_PARAM(oi, auth_crypt)))
118 return OSPF_AUTH_NULL;
119
120 return auth_type;
121 }
122
123 static struct ospf_packet *ospf_packet_new(size_t size)
124 {
125 struct ospf_packet *new;
126
127 new = XCALLOC(MTYPE_OSPF_PACKET, sizeof(struct ospf_packet));
128 new->s = stream_new(size);
129
130 return new;
131 }
132
133 void ospf_packet_free(struct ospf_packet *op)
134 {
135 if (op->s)
136 stream_free(op->s);
137
138 XFREE(MTYPE_OSPF_PACKET, op);
139 }
140
141 struct ospf_fifo *ospf_fifo_new(void)
142 {
143 struct ospf_fifo *new;
144
145 new = XCALLOC(MTYPE_OSPF_FIFO, sizeof(struct ospf_fifo));
146 return new;
147 }
148
149 /* Add new packet to fifo. */
150 void ospf_fifo_push(struct ospf_fifo *fifo, struct ospf_packet *op)
151 {
152 if (fifo->tail)
153 fifo->tail->next = op;
154 else
155 fifo->head = op;
156
157 fifo->tail = op;
158
159 fifo->count++;
160 }
161
162 /* Add new packet to head of fifo. */
163 static void ospf_fifo_push_head(struct ospf_fifo *fifo, struct ospf_packet *op)
164 {
165 op->next = fifo->head;
166
167 if (fifo->tail == NULL)
168 fifo->tail = op;
169
170 fifo->head = op;
171
172 fifo->count++;
173 }
174
175 /* Delete first packet from fifo. */
176 struct ospf_packet *ospf_fifo_pop(struct ospf_fifo *fifo)
177 {
178 struct ospf_packet *op;
179
180 op = fifo->head;
181
182 if (op) {
183 fifo->head = op->next;
184
185 if (fifo->head == NULL)
186 fifo->tail = NULL;
187
188 fifo->count--;
189 }
190
191 return op;
192 }
193
194 /* Return first fifo entry. */
195 struct ospf_packet *ospf_fifo_head(struct ospf_fifo *fifo)
196 {
197 return fifo->head;
198 }
199
200 /* Flush ospf packet fifo. */
201 void ospf_fifo_flush(struct ospf_fifo *fifo)
202 {
203 struct ospf_packet *op;
204 struct ospf_packet *next;
205
206 for (op = fifo->head; op; op = next) {
207 next = op->next;
208 ospf_packet_free(op);
209 }
210 fifo->head = fifo->tail = NULL;
211 fifo->count = 0;
212 }
213
214 /* Free ospf packet fifo. */
215 void ospf_fifo_free(struct ospf_fifo *fifo)
216 {
217 ospf_fifo_flush(fifo);
218
219 XFREE(MTYPE_OSPF_FIFO, fifo);
220 }
221
222 static void ospf_packet_add(struct ospf_interface *oi, struct ospf_packet *op)
223 {
224 /* Add packet to end of queue. */
225 ospf_fifo_push(oi->obuf, op);
226
227 /* Debug of packet fifo*/
228 /* ospf_fifo_debug (oi->obuf); */
229 }
230
231 static void ospf_packet_add_top(struct ospf_interface *oi,
232 struct ospf_packet *op)
233 {
234 /* Add packet to head of queue. */
235 ospf_fifo_push_head(oi->obuf, op);
236
237 /* Debug of packet fifo*/
238 /* ospf_fifo_debug (oi->obuf); */
239 }
240
241 static void ospf_packet_delete(struct ospf_interface *oi)
242 {
243 struct ospf_packet *op;
244
245 op = ospf_fifo_pop(oi->obuf);
246
247 if (op)
248 ospf_packet_free(op);
249 }
250
251 static struct ospf_packet *ospf_packet_dup(struct ospf_packet *op)
252 {
253 struct ospf_packet *new;
254
255 if (stream_get_endp(op->s) != op->length)
256 /* XXX size_t */
257 zlog_debug(
258 "ospf_packet_dup stream %lu ospf_packet %u size mismatch",
259 (unsigned long)STREAM_SIZE(op->s), op->length);
260
261 /* Reserve space for MD5 authentication that may be added later. */
262 new = ospf_packet_new(stream_get_endp(op->s) + OSPF_AUTH_MD5_SIZE);
263 stream_copy(new->s, op->s);
264
265 new->dst = op->dst;
266 new->length = op->length;
267
268 return new;
269 }
270
271 /* XXX inline */
272 static unsigned int ospf_packet_authspace(struct ospf_interface *oi)
273 {
274 int auth = 0;
275
276 if (ospf_auth_type(oi) == OSPF_AUTH_CRYPTOGRAPHIC)
277 auth = OSPF_AUTH_MD5_SIZE;
278
279 return auth;
280 }
281
282 static unsigned int ospf_packet_max(struct ospf_interface *oi)
283 {
284 int max;
285
286 max = oi->ifp->mtu - ospf_packet_authspace(oi);
287
288 max -= (OSPF_HEADER_SIZE + sizeof(struct ip));
289
290 return max;
291 }
292
293
294 static int ospf_check_md5_digest(struct ospf_interface *oi,
295 struct ospf_header *ospfh)
296 {
297 #ifdef CRYPTO_OPENSSL
298 EVP_MD_CTX *ctx;
299 #elif CRYPTO_INTERNAL
300 MD5_CTX ctx;
301 #endif
302 unsigned char digest[OSPF_AUTH_MD5_SIZE];
303 struct crypt_key *ck;
304 struct ospf_neighbor *nbr;
305 uint16_t length = ntohs(ospfh->length);
306
307 /* Get secret key. */
308 ck = ospf_crypt_key_lookup(OSPF_IF_PARAM(oi, auth_crypt),
309 ospfh->u.crypt.key_id);
310 if (ck == NULL) {
311 flog_warn(EC_OSPF_MD5, "interface %s: ospf_check_md5 no key %d",
312 IF_NAME(oi), ospfh->u.crypt.key_id);
313 return 0;
314 }
315
316 /* check crypto seqnum. */
317 nbr = ospf_nbr_lookup_by_routerid(oi->nbrs, &ospfh->router_id);
318
319 if (nbr
320 && ntohl(nbr->crypt_seqnum) > ntohl(ospfh->u.crypt.crypt_seqnum)) {
321 flog_warn(
322 EC_OSPF_MD5,
323 "interface %s: ospf_check_md5 bad sequence %d (expect %d)",
324 IF_NAME(oi), ntohl(ospfh->u.crypt.crypt_seqnum),
325 ntohl(nbr->crypt_seqnum));
326 return 0;
327 }
328
329 /* Generate a digest for the ospf packet - their digest + our digest. */
330 #ifdef CRYPTO_OPENSSL
331 unsigned int md5_size = OSPF_AUTH_MD5_SIZE;
332 ctx = EVP_MD_CTX_new();
333 EVP_DigestInit(ctx, EVP_md5());
334 EVP_DigestUpdate(ctx, ospfh, length);
335 EVP_DigestUpdate(ctx, ck->auth_key, OSPF_AUTH_MD5_SIZE);
336 EVP_DigestFinal(ctx, digest, &md5_size);
337 EVP_MD_CTX_free(ctx);
338 #elif CRYPTO_INTERNAL
339 memset(&ctx, 0, sizeof(ctx));
340 MD5Init(&ctx);
341 MD5Update(&ctx, ospfh, length);
342 MD5Update(&ctx, ck->auth_key, OSPF_AUTH_MD5_SIZE);
343 MD5Final(digest, &ctx);
344 #endif
345
346 /* compare the two */
347 if (memcmp((caddr_t)ospfh + length, digest, OSPF_AUTH_MD5_SIZE)) {
348 flog_warn(EC_OSPF_MD5,
349 "interface %s: ospf_check_md5 checksum mismatch",
350 IF_NAME(oi));
351 return 0;
352 }
353
354 /* save neighbor's crypt_seqnum */
355 if (nbr)
356 nbr->crypt_seqnum = ospfh->u.crypt.crypt_seqnum;
357 return 1;
358 }
359
360 /* This function is called from ospf_write(), it will detect the
361 authentication scheme and if it is MD5, it will change the sequence
362 and update the MD5 digest. */
363 static int ospf_make_md5_digest(struct ospf_interface *oi,
364 struct ospf_packet *op)
365 {
366 struct ospf_header *ospfh;
367 unsigned char digest[OSPF_AUTH_MD5_SIZE] = {0};
368 #ifdef CRYPTO_OPENSSL
369 EVP_MD_CTX *ctx;
370 #elif CRYPTO_INTERNAL
371 MD5_CTX ctx;
372 #endif
373 void *ibuf;
374 uint32_t t;
375 struct crypt_key *ck;
376 const uint8_t *auth_key;
377
378 ibuf = STREAM_DATA(op->s);
379 ospfh = (struct ospf_header *)ibuf;
380
381 if (ntohs(ospfh->auth_type) != OSPF_AUTH_CRYPTOGRAPHIC)
382 return 0;
383
384 /* We do this here so when we dup a packet, we don't have to
385 waste CPU rewriting other headers.
386
387 Note that frr_time /deliberately/ is not used here */
388 t = (time(NULL) & 0xFFFFFFFF);
389 if (t > oi->crypt_seqnum)
390 oi->crypt_seqnum = t;
391 else
392 oi->crypt_seqnum++;
393
394 ospfh->u.crypt.crypt_seqnum = htonl(oi->crypt_seqnum);
395
396 /* Get MD5 Authentication key from auth_key list. */
397 if (list_isempty(OSPF_IF_PARAM(oi, auth_crypt)))
398 auth_key = (const uint8_t *)digest;
399 else {
400 ck = listgetdata(listtail(OSPF_IF_PARAM(oi, auth_crypt)));
401 auth_key = ck->auth_key;
402 }
403
404 /* Generate a digest for the entire packet + our secret key. */
405 #ifdef CRYPTO_OPENSSL
406 unsigned int md5_size = OSPF_AUTH_MD5_SIZE;
407 ctx = EVP_MD_CTX_new();
408 EVP_DigestInit(ctx, EVP_md5());
409 EVP_DigestUpdate(ctx, ibuf, ntohs(ospfh->length));
410 EVP_DigestUpdate(ctx, auth_key, OSPF_AUTH_MD5_SIZE);
411 EVP_DigestFinal(ctx, digest, &md5_size);
412 EVP_MD_CTX_free(ctx);
413 #elif CRYPTO_INTERNAL
414 memset(&ctx, 0, sizeof(ctx));
415 MD5Init(&ctx);
416 MD5Update(&ctx, ibuf, ntohs(ospfh->length));
417 MD5Update(&ctx, auth_key, OSPF_AUTH_MD5_SIZE);
418 MD5Final(digest, &ctx);
419 #endif
420
421 /* Append md5 digest to the end of the stream. */
422 stream_put(op->s, digest, OSPF_AUTH_MD5_SIZE);
423
424 /* We do *NOT* increment the OSPF header length. */
425 op->length = ntohs(ospfh->length) + OSPF_AUTH_MD5_SIZE;
426
427 if (stream_get_endp(op->s) != op->length)
428 /* XXX size_t */
429 flog_warn(EC_OSPF_MD5,
430 "%s: length mismatch stream %lu ospf_packet %u",
431 __func__, (unsigned long)stream_get_endp(op->s),
432 op->length);
433
434 return OSPF_AUTH_MD5_SIZE;
435 }
436
437
438 static void ospf_ls_req_timer(struct thread *thread)
439 {
440 struct ospf_neighbor *nbr;
441
442 nbr = THREAD_ARG(thread);
443 nbr->t_ls_req = NULL;
444
445 /* Send Link State Request. */
446 if (ospf_ls_request_count(nbr))
447 ospf_ls_req_send(nbr);
448
449 /* Set Link State Request retransmission timer. */
450 OSPF_NSM_TIMER_ON(nbr->t_ls_req, ospf_ls_req_timer, nbr->v_ls_req);
451 }
452
453 void ospf_ls_req_event(struct ospf_neighbor *nbr)
454 {
455 THREAD_OFF(nbr->t_ls_req);
456 thread_add_event(master, ospf_ls_req_timer, nbr, 0, &nbr->t_ls_req);
457 }
458
459 /* Cyclic timer function. Fist registered in ospf_nbr_new () in
460 ospf_neighbor.c */
461 void ospf_ls_upd_timer(struct thread *thread)
462 {
463 struct ospf_neighbor *nbr;
464
465 nbr = THREAD_ARG(thread);
466 nbr->t_ls_upd = NULL;
467
468 /* Send Link State Update. */
469 if (ospf_ls_retransmit_count(nbr) > 0) {
470 struct list *update;
471 struct ospf_lsdb *lsdb;
472 int i;
473 int retransmit_interval;
474
475 retransmit_interval =
476 OSPF_IF_PARAM(nbr->oi, retransmit_interval);
477
478 lsdb = &nbr->ls_rxmt;
479 update = list_new();
480
481 for (i = OSPF_MIN_LSA; i < OSPF_MAX_LSA; i++) {
482 struct route_table *table = lsdb->type[i].db;
483 struct route_node *rn;
484
485 for (rn = route_top(table); rn; rn = route_next(rn)) {
486 struct ospf_lsa *lsa;
487
488 if ((lsa = rn->info) != NULL) {
489 /* Don't retransmit an LSA if we
490 received it within
491 the last RxmtInterval seconds - this
492 is to allow the
493 neighbour a chance to acknowledge the
494 LSA as it may
495 have ben just received before the
496 retransmit timer
497 fired. This is a small tweak to what
498 is in the RFC,
499 but it will cut out out a lot of
500 retransmit traffic
501 - MAG */
502 if (monotime_since(&lsa->tv_recv, NULL)
503 >= retransmit_interval * 1000000LL)
504 listnode_add(update, rn->info);
505 }
506 }
507 }
508
509 if (listcount(update) > 0)
510 ospf_ls_upd_send(nbr, update, OSPF_SEND_PACKET_DIRECT,
511 0);
512 list_delete(&update);
513 }
514
515 /* Set LS Update retransmission timer. */
516 OSPF_NSM_TIMER_ON(nbr->t_ls_upd, ospf_ls_upd_timer, nbr->v_ls_upd);
517 }
518
519 void ospf_ls_ack_timer(struct thread *thread)
520 {
521 struct ospf_interface *oi;
522
523 oi = THREAD_ARG(thread);
524 oi->t_ls_ack = NULL;
525
526 /* Send Link State Acknowledgment. */
527 if (listcount(oi->ls_ack) > 0)
528 ospf_ls_ack_send_delayed(oi);
529
530 /* Set LS Ack timer. */
531 OSPF_ISM_TIMER_ON(oi->t_ls_ack, ospf_ls_ack_timer, oi->v_ls_ack);
532 }
533
534 #ifdef WANT_OSPF_WRITE_FRAGMENT
535 static void ospf_write_frags(int fd, struct ospf_packet *op, struct ip *iph,
536 struct msghdr *msg, unsigned int maxdatasize,
537 unsigned int mtu, int flags, uint8_t type)
538 {
539 #define OSPF_WRITE_FRAG_SHIFT 3
540 uint16_t offset;
541 struct iovec *iovp;
542 int ret;
543
544 assert(op->length == stream_get_endp(op->s));
545 assert(msg->msg_iovlen == 2);
546
547 /* we can but try.
548 *
549 * SunOS, BSD and BSD derived kernels likely will clear ip_id, as
550 * well as the IP_MF flag, making this all quite pointless.
551 *
552 * However, for a system on which IP_MF is left alone, and ip_id left
553 * alone or else which sets same ip_id for each fragment this might
554 * work, eg linux.
555 *
556 * XXX-TODO: It would be much nicer to have the kernel's use their
557 * existing fragmentation support to do this for us. Bugs/RFEs need to
558 * be raised against the various kernels.
559 */
560
561 /* set More Frag */
562 iph->ip_off |= IP_MF;
563
564 /* ip frag offset is expressed in units of 8byte words */
565 offset = maxdatasize >> OSPF_WRITE_FRAG_SHIFT;
566
567 iovp = &msg->msg_iov[1];
568
569 while ((stream_get_endp(op->s) - stream_get_getp(op->s))
570 > maxdatasize) {
571 /* data length of this frag is to next offset value */
572 iovp->iov_len = offset << OSPF_WRITE_FRAG_SHIFT;
573 iph->ip_len = iovp->iov_len + sizeof(struct ip);
574 assert(iph->ip_len <= mtu);
575
576 sockopt_iphdrincl_swab_htosys(iph);
577
578 ret = sendmsg(fd, msg, flags);
579
580 sockopt_iphdrincl_swab_systoh(iph);
581
582 if (ret < 0)
583 flog_err(
584 EC_LIB_SOCKET,
585 "*** %s: sendmsg failed to %pI4, id %d, off %d, len %d, mtu %u failed with %s",
586 __func__, &iph->ip_dst, iph->ip_id, iph->ip_off,
587 iph->ip_len, mtu, safe_strerror(errno));
588
589 if (IS_DEBUG_OSPF_PACKET(type - 1, SEND)) {
590 zlog_debug("%s: sent id %d, off %d, len %d to %pI4",
591 __func__, iph->ip_id, iph->ip_off,
592 iph->ip_len, &iph->ip_dst);
593 }
594
595 iph->ip_off += offset;
596 stream_forward_getp(op->s, iovp->iov_len);
597 iovp->iov_base = stream_pnt(op->s);
598 }
599
600 /* setup for final fragment */
601 iovp->iov_len = stream_get_endp(op->s) - stream_get_getp(op->s);
602 iph->ip_len = iovp->iov_len + sizeof(struct ip);
603 iph->ip_off &= (~IP_MF);
604 }
605 #endif /* WANT_OSPF_WRITE_FRAGMENT */
606
607 static void ospf_write(struct thread *thread)
608 {
609 struct ospf *ospf = THREAD_ARG(thread);
610 struct ospf_interface *oi;
611 struct ospf_packet *op;
612 struct sockaddr_in sa_dst;
613 struct ip iph;
614 struct msghdr msg;
615 struct iovec iov[2];
616 uint8_t type;
617 int ret;
618 int flags = 0;
619 struct listnode *node;
620 #ifdef WANT_OSPF_WRITE_FRAGMENT
621 static uint16_t ipid = 0;
622 uint16_t maxdatasize;
623 #endif /* WANT_OSPF_WRITE_FRAGMENT */
624 #define OSPF_WRITE_IPHL_SHIFT 2
625 int pkt_count = 0;
626
627 #ifdef GNU_LINUX
628 unsigned char cmsgbuf[64] = {};
629 struct cmsghdr *cm = (struct cmsghdr *)cmsgbuf;
630 struct in_pktinfo *pi;
631 #endif
632
633 if (ospf->fd < 0 || ospf->oi_running == 0) {
634 if (IS_DEBUG_OSPF_EVENT)
635 zlog_debug("%s failed to send, fd %d, instance %u",
636 __func__, ospf->fd, ospf->oi_running);
637 return;
638 }
639
640 node = listhead(ospf->oi_write_q);
641 assert(node);
642 oi = listgetdata(node);
643
644 #ifdef WANT_OSPF_WRITE_FRAGMENT
645 /* seed ipid static with low order bits of time */
646 if (ipid == 0)
647 ipid = (time(NULL) & 0xffff);
648 #endif /* WANT_OSPF_WRITE_FRAGMENT */
649
650 while ((pkt_count < ospf->write_oi_count) && oi) {
651 pkt_count++;
652 #ifdef WANT_OSPF_WRITE_FRAGMENT
653 /* convenience - max OSPF data per packet */
654 maxdatasize = oi->ifp->mtu - sizeof(struct ip);
655 #endif /* WANT_OSPF_WRITE_FRAGMENT */
656 /* Get one packet from queue. */
657 op = ospf_fifo_head(oi->obuf);
658 assert(op);
659 assert(op->length >= OSPF_HEADER_SIZE);
660
661 if (op->dst.s_addr == htonl(OSPF_ALLSPFROUTERS)
662 || op->dst.s_addr == htonl(OSPF_ALLDROUTERS))
663 ospf_if_ipmulticast(ospf, oi->address,
664 oi->ifp->ifindex);
665
666 /* Rewrite the md5 signature & update the seq */
667 ospf_make_md5_digest(oi, op);
668
669 /* Retrieve OSPF packet type. */
670 stream_set_getp(op->s, 1);
671 type = stream_getc(op->s);
672
673 /* reset get pointer */
674 stream_set_getp(op->s, 0);
675
676 memset(&iph, 0, sizeof(iph));
677 memset(&sa_dst, 0, sizeof(sa_dst));
678
679 sa_dst.sin_family = AF_INET;
680 #ifdef HAVE_STRUCT_SOCKADDR_IN_SIN_LEN
681 sa_dst.sin_len = sizeof(sa_dst);
682 #endif /* HAVE_STRUCT_SOCKADDR_IN_SIN_LEN */
683 sa_dst.sin_addr = op->dst;
684 sa_dst.sin_port = htons(0);
685
686 /* Set DONTROUTE flag if dst is unicast. */
687 if (oi->type != OSPF_IFTYPE_VIRTUALLINK)
688 if (!IN_MULTICAST(htonl(op->dst.s_addr)))
689 flags = MSG_DONTROUTE;
690
691 iph.ip_hl = sizeof(struct ip) >> OSPF_WRITE_IPHL_SHIFT;
692 /* it'd be very strange for header to not be 4byte-word aligned
693 * but.. */
694 if (sizeof(struct ip)
695 > (unsigned int)(iph.ip_hl << OSPF_WRITE_IPHL_SHIFT))
696 iph.ip_hl++; /* we presume sizeof(struct ip) cant
697 overflow ip_hl.. */
698
699 iph.ip_v = IPVERSION;
700 iph.ip_tos = IPTOS_PREC_INTERNETCONTROL;
701 iph.ip_len = (iph.ip_hl << OSPF_WRITE_IPHL_SHIFT) + op->length;
702
703 #if defined(__DragonFly__)
704 /*
705 * DragonFly's raw socket expects ip_len/ip_off in network byte
706 * order.
707 */
708 iph.ip_len = htons(iph.ip_len);
709 #endif
710
711 #ifdef WANT_OSPF_WRITE_FRAGMENT
712 /* XXX-MT: not thread-safe at all..
713 * XXX: this presumes this is only programme sending OSPF
714 * packets
715 * otherwise, no guarantee ipid will be unique
716 */
717 iph.ip_id = ++ipid;
718 #endif /* WANT_OSPF_WRITE_FRAGMENT */
719
720 iph.ip_off = 0;
721 if (oi->type == OSPF_IFTYPE_VIRTUALLINK)
722 iph.ip_ttl = OSPF_VL_IP_TTL;
723 else
724 iph.ip_ttl = OSPF_IP_TTL;
725 iph.ip_p = IPPROTO_OSPFIGP;
726 iph.ip_sum = 0;
727 iph.ip_src.s_addr = oi->address->u.prefix4.s_addr;
728 iph.ip_dst.s_addr = op->dst.s_addr;
729
730 memset(&msg, 0, sizeof(msg));
731 msg.msg_name = (caddr_t)&sa_dst;
732 msg.msg_namelen = sizeof(sa_dst);
733 msg.msg_iov = iov;
734 msg.msg_iovlen = 2;
735
736 iov[0].iov_base = (char *)&iph;
737 iov[0].iov_len = iph.ip_hl << OSPF_WRITE_IPHL_SHIFT;
738 iov[1].iov_base = stream_pnt(op->s);
739 iov[1].iov_len = op->length;
740
741 #ifdef GNU_LINUX
742 msg.msg_control = (caddr_t)cm;
743 cm->cmsg_level = SOL_IP;
744 cm->cmsg_type = IP_PKTINFO;
745 cm->cmsg_len = CMSG_LEN(sizeof(struct in_pktinfo));
746 pi = (struct in_pktinfo *)CMSG_DATA(cm);
747 pi->ipi_ifindex = oi->ifp->ifindex;
748
749 msg.msg_controllen = cm->cmsg_len;
750 #endif
751
752 /* Sadly we can not rely on kernels to fragment packets
753 * because of either IP_HDRINCL and/or multicast
754 * destination being set.
755 */
756
757 #ifdef WANT_OSPF_WRITE_FRAGMENT
758 if (op->length > maxdatasize)
759 ospf_write_frags(ospf->fd, op, &iph, &msg, maxdatasize,
760 oi->ifp->mtu, flags, type);
761 #endif /* WANT_OSPF_WRITE_FRAGMENT */
762
763 /* send final fragment (could be first) */
764 sockopt_iphdrincl_swab_htosys(&iph);
765 ret = sendmsg(ospf->fd, &msg, flags);
766 sockopt_iphdrincl_swab_systoh(&iph);
767 if (IS_DEBUG_OSPF_EVENT)
768 zlog_debug(
769 "%s to %pI4, id %d, off %d, len %d, interface %s, mtu %u:",
770 __func__, &iph.ip_dst, iph.ip_id, iph.ip_off,
771 iph.ip_len, oi->ifp->name, oi->ifp->mtu);
772
773 /* sendmsg will return EPERM if firewall is blocking sending.
774 * This is a normal situation when 'ip nhrp map multicast xxx'
775 * is being used to send multicast packets to DMVPN peers. In
776 * that case the original message is blocked with iptables rule
777 * causing the EPERM result
778 */
779 if (ret < 0 && errno != EPERM)
780 flog_err(
781 EC_LIB_SOCKET,
782 "*** sendmsg in %s failed to %pI4, id %d, off %d, len %d, interface %s, mtu %u: %s",
783 __func__, &iph.ip_dst, iph.ip_id, iph.ip_off,
784 iph.ip_len, oi->ifp->name, oi->ifp->mtu,
785 safe_strerror(errno));
786
787 /* Show debug sending packet. */
788 if (IS_DEBUG_OSPF_PACKET(type - 1, SEND)) {
789 if (IS_DEBUG_OSPF_PACKET(type - 1, DETAIL)) {
790 zlog_debug(
791 "-----------------------------------------------------");
792 stream_set_getp(op->s, 0);
793 ospf_packet_dump(op->s);
794 }
795
796 zlog_debug("%s sent to [%pI4] via [%s].",
797 lookup_msg(ospf_packet_type_str, type, NULL),
798 &op->dst, IF_NAME(oi));
799
800 if (IS_DEBUG_OSPF_PACKET(type - 1, DETAIL))
801 zlog_debug(
802 "-----------------------------------------------------");
803 }
804
805 switch (type) {
806 case OSPF_MSG_HELLO:
807 oi->hello_out++;
808 break;
809 case OSPF_MSG_DB_DESC:
810 oi->db_desc_out++;
811 break;
812 case OSPF_MSG_LS_REQ:
813 oi->ls_req_out++;
814 break;
815 case OSPF_MSG_LS_UPD:
816 oi->ls_upd_out++;
817 break;
818 case OSPF_MSG_LS_ACK:
819 oi->ls_ack_out++;
820 break;
821 default:
822 break;
823 }
824
825 /* Now delete packet from queue. */
826 ospf_packet_delete(oi);
827
828 /* Move this interface to the tail of write_q to
829 serve everyone in a round robin fashion */
830 list_delete_node(ospf->oi_write_q, node);
831 if (ospf_fifo_head(oi->obuf) == NULL) {
832 oi->on_write_q = 0;
833 oi = NULL;
834 } else
835 listnode_add(ospf->oi_write_q, oi);
836
837 /* Setup to service from the head of the queue again */
838 if (!list_isempty(ospf->oi_write_q)) {
839 node = listhead(ospf->oi_write_q);
840 oi = listgetdata(node);
841 }
842 }
843
844 /* If packets still remain in queue, call write thread. */
845 if (!list_isempty(ospf->oi_write_q))
846 thread_add_write(master, ospf_write, ospf, ospf->fd,
847 &ospf->t_write);
848 }
849
850 /* OSPF Hello message read -- RFC2328 Section 10.5. */
851 static void ospf_hello(struct ip *iph, struct ospf_header *ospfh,
852 struct stream *s, struct ospf_interface *oi, int size)
853 {
854 struct ospf_hello *hello;
855 struct ospf_neighbor *nbr;
856 int old_state;
857 struct prefix p;
858
859 /* increment statistics. */
860 oi->hello_in++;
861
862 hello = (struct ospf_hello *)stream_pnt(s);
863
864 /* If Hello is myself, silently discard. */
865 if (IPV4_ADDR_SAME(&ospfh->router_id, &oi->ospf->router_id)) {
866 if (IS_DEBUG_OSPF_PACKET(ospfh->type - 1, RECV)) {
867 zlog_debug(
868 "ospf_header[%s/%pI4]: selforiginated, dropping.",
869 lookup_msg(ospf_packet_type_str, ospfh->type,
870 NULL),
871 &iph->ip_src);
872 }
873 return;
874 }
875
876 /* get neighbor prefix. */
877 p.family = AF_INET;
878 p.prefixlen = ip_masklen(hello->network_mask);
879 p.u.prefix4 = iph->ip_src;
880
881 /* Compare network mask. */
882 /* Checking is ignored for Point-to-Point and Virtual link. */
883 /* Checking is also ignored for Point-to-Multipoint with /32 prefix */
884 if (oi->type != OSPF_IFTYPE_POINTOPOINT
885 && oi->type != OSPF_IFTYPE_VIRTUALLINK
886 && !(oi->type == OSPF_IFTYPE_POINTOMULTIPOINT
887 && oi->address->prefixlen == IPV4_MAX_BITLEN))
888 if (oi->address->prefixlen != p.prefixlen) {
889 flog_warn(
890 EC_OSPF_PACKET,
891 "Packet %pI4 [Hello:RECV]: NetworkMask mismatch on %s (configured prefix length is %d, but hello packet indicates %d).",
892 &ospfh->router_id, IF_NAME(oi),
893 (int)oi->address->prefixlen, (int)p.prefixlen);
894 return;
895 }
896
897 /* Compare Router Dead Interval. */
898 if (OSPF_IF_PARAM(oi, v_wait) != ntohl(hello->dead_interval)) {
899 flog_warn(EC_OSPF_PACKET,
900 "Packet %pI4 [Hello:RECV]: RouterDeadInterval mismatch (expected %u, but received %u).",
901 &ospfh->router_id,
902 OSPF_IF_PARAM(oi, v_wait),
903 ntohl(hello->dead_interval));
904 return;
905 }
906
907 /* Compare Hello Interval - ignored if fast-hellos are set. */
908 if (OSPF_IF_PARAM(oi, fast_hello) == 0) {
909 if (OSPF_IF_PARAM(oi, v_hello)
910 != ntohs(hello->hello_interval)) {
911 flog_warn(
912 EC_OSPF_PACKET,
913 "Packet %pI4 [Hello:RECV]: HelloInterval mismatch (expected %u, but received %u).",
914 &ospfh->router_id,
915 OSPF_IF_PARAM(oi, v_hello),
916 ntohs(hello->hello_interval));
917 return;
918 }
919 }
920
921 if (IS_DEBUG_OSPF_EVENT)
922 zlog_debug("Packet %pI4 [Hello:RECV]: Options %s vrf %s",
923 &ospfh->router_id,
924 ospf_options_dump(hello->options),
925 ospf_vrf_id_to_name(oi->ospf->vrf_id));
926
927 /* Compare options. */
928 #define REJECT_IF_TBIT_ON 1 /* XXX */
929 #ifdef REJECT_IF_TBIT_ON
930 if (CHECK_FLAG(hello->options, OSPF_OPTION_MT)) {
931 /*
932 * This router does not support non-zero TOS.
933 * Drop this Hello packet not to establish neighbor
934 * relationship.
935 */
936 flog_warn(EC_OSPF_PACKET,
937 "Packet %pI4 [Hello:RECV]: T-bit on, drop it.",
938 &ospfh->router_id);
939 return;
940 }
941 #endif /* REJECT_IF_TBIT_ON */
942
943 if (CHECK_FLAG(oi->ospf->config, OSPF_OPAQUE_CAPABLE)
944 && CHECK_FLAG(hello->options, OSPF_OPTION_O)) {
945 /*
946 * This router does know the correct usage of O-bit
947 * the bit should be set in DD packet only.
948 */
949 flog_warn(EC_OSPF_PACKET,
950 "Packet %pI4 [Hello:RECV]: O-bit abuse?",
951 &ospfh->router_id);
952 #ifdef STRICT_OBIT_USAGE_CHECK
953 return; /* Reject this packet. */
954 #else /* STRICT_OBIT_USAGE_CHECK */
955 UNSET_FLAG(hello->options, OSPF_OPTION_O); /* Ignore O-bit. */
956 #endif /* STRICT_OBIT_USAGE_CHECK */
957 }
958
959 /* new for NSSA is to ensure that NP is on and E is off */
960
961 if (oi->area->external_routing == OSPF_AREA_NSSA) {
962 if (!(CHECK_FLAG(OPTIONS(oi), OSPF_OPTION_NP)
963 && CHECK_FLAG(hello->options, OSPF_OPTION_NP)
964 && !CHECK_FLAG(OPTIONS(oi), OSPF_OPTION_E)
965 && !CHECK_FLAG(hello->options, OSPF_OPTION_E))) {
966 flog_warn(
967 EC_OSPF_PACKET,
968 "NSSA-Packet-%pI4[Hello:RECV]: my options: %x, his options %x",
969 &ospfh->router_id, OPTIONS(oi),
970 hello->options);
971 return;
972 }
973 if (IS_DEBUG_OSPF_NSSA)
974 zlog_debug("NSSA-Hello:RECV:Packet from %pI4:",
975 &ospfh->router_id);
976 } else
977 /* The setting of the E-bit found in the Hello Packet's Options
978 field must match this area's ExternalRoutingCapability A
979 mismatch causes processing to stop and the packet to be
980 dropped. The setting of the rest of the bits in the Hello
981 Packet's Options field should be ignored. */
982 if (CHECK_FLAG(OPTIONS(oi), OSPF_OPTION_E)
983 != CHECK_FLAG(hello->options, OSPF_OPTION_E)) {
984 flog_warn(
985 EC_OSPF_PACKET,
986 "Packet %pI4 [Hello:RECV]: my options: %x, his options %x",
987 &ospfh->router_id, OPTIONS(oi),
988 hello->options);
989 return;
990 }
991
992 /* get neighbour struct */
993 nbr = ospf_nbr_get(oi, ospfh, iph, &p);
994
995 /* neighbour must be valid, ospf_nbr_get creates if none existed */
996 assert(nbr);
997
998 old_state = nbr->state;
999
1000 /* Add event to thread. */
1001 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_HelloReceived);
1002
1003 /* RFC2328 Section 9.5.1
1004 If the router is not eligible to become Designated Router,
1005 (snip) It must also send an Hello Packet in reply to an
1006 Hello Packet received from any eligible neighbor (other than
1007 the current Designated Router and Backup Designated Router). */
1008 if (oi->type == OSPF_IFTYPE_NBMA)
1009 if (PRIORITY(oi) == 0 && hello->priority > 0
1010 && IPV4_ADDR_CMP(&DR(oi), &iph->ip_src)
1011 && IPV4_ADDR_CMP(&BDR(oi), &iph->ip_src))
1012 OSPF_NSM_TIMER_ON(nbr->t_hello_reply,
1013 ospf_hello_reply_timer,
1014 OSPF_HELLO_REPLY_DELAY);
1015
1016 /* on NBMA network type, it happens to receive bidirectional Hello
1017 packet
1018 without advance 1-Way Received event.
1019 To avoid incorrect DR-seletion, raise 1-Way Received event.*/
1020 if (oi->type == OSPF_IFTYPE_NBMA
1021 && (old_state == NSM_Down || old_state == NSM_Attempt)) {
1022 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_OneWayReceived);
1023 nbr->priority = hello->priority;
1024 nbr->d_router = hello->d_router;
1025 nbr->bd_router = hello->bd_router;
1026 return;
1027 }
1028
1029 if (ospf_nbr_bidirectional(&oi->ospf->router_id, hello->neighbors,
1030 size - OSPF_HELLO_MIN_SIZE)) {
1031 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_TwoWayReceived);
1032 nbr->options |= hello->options;
1033 } else {
1034 /* If the router is DR_OTHER, RESTARTER will not wait
1035 * until it receives the hello from it if it receives
1036 * from DR and BDR.
1037 * So, helper might receives ONW_WAY hello from
1038 * RESTARTER. So not allowing to change the state if it
1039 * receives one_way hellow when it acts as HELPER for
1040 * that specific neighbor.
1041 */
1042 if (!OSPF_GR_IS_ACTIVE_HELPER(nbr))
1043 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_OneWayReceived);
1044 /* Set neighbor information. */
1045 nbr->priority = hello->priority;
1046 nbr->d_router = hello->d_router;
1047 nbr->bd_router = hello->bd_router;
1048 return;
1049 }
1050
1051 if (OSPF_GR_IS_ACTIVE_HELPER(nbr)) {
1052 /* As per the GR Conformance Test Case 7.2. Section 3
1053 * "Also, if X was the Designated Router on network segment S
1054 * when the helping relationship began, Y maintains X as the
1055 * Designated Router until the helping relationship is
1056 * terminated."
1057 * When I am helper for this neighbor, I should not trigger the
1058 * ISM Events. Also Intentionally not setting the priority and
1059 * other fields so that when the neighbor exits the Grace
1060 * period, it can handle if there is any change before GR and
1061 * after GR. */
1062 if (IS_DEBUG_OSPF_GR)
1063 zlog_debug(
1064 "%s, Neighbor is under GR Restart, hence ignoring the ISM Events",
1065 __PRETTY_FUNCTION__);
1066 } else {
1067 /* If neighbor itself declares DR and no BDR exists,
1068 cause event BackupSeen */
1069 if (IPV4_ADDR_SAME(&nbr->address.u.prefix4, &hello->d_router))
1070 if (hello->bd_router.s_addr == INADDR_ANY
1071 && oi->state == ISM_Waiting)
1072 OSPF_ISM_EVENT_SCHEDULE(oi, ISM_BackupSeen);
1073
1074 /* neighbor itself declares BDR. */
1075 if (oi->state == ISM_Waiting
1076 && IPV4_ADDR_SAME(&nbr->address.u.prefix4,
1077 &hello->bd_router))
1078 OSPF_ISM_EVENT_SCHEDULE(oi, ISM_BackupSeen);
1079
1080 /* had not previously. */
1081 if ((IPV4_ADDR_SAME(&nbr->address.u.prefix4, &hello->d_router)
1082 && IPV4_ADDR_CMP(&nbr->address.u.prefix4, &nbr->d_router))
1083 || (IPV4_ADDR_CMP(&nbr->address.u.prefix4, &hello->d_router)
1084 && IPV4_ADDR_SAME(&nbr->address.u.prefix4,
1085 &nbr->d_router)))
1086 OSPF_ISM_EVENT_SCHEDULE(oi, ISM_NeighborChange);
1087
1088 /* had not previously. */
1089 if ((IPV4_ADDR_SAME(&nbr->address.u.prefix4, &hello->bd_router)
1090 && IPV4_ADDR_CMP(&nbr->address.u.prefix4, &nbr->bd_router))
1091 || (IPV4_ADDR_CMP(&nbr->address.u.prefix4,
1092 &hello->bd_router)
1093 && IPV4_ADDR_SAME(&nbr->address.u.prefix4,
1094 &nbr->bd_router)))
1095 OSPF_ISM_EVENT_SCHEDULE(oi, ISM_NeighborChange);
1096
1097 /* Neighbor priority check. */
1098 if (nbr->priority >= 0 && nbr->priority != hello->priority)
1099 OSPF_ISM_EVENT_SCHEDULE(oi, ISM_NeighborChange);
1100 }
1101
1102 /* Set neighbor information. */
1103 nbr->priority = hello->priority;
1104 nbr->d_router = hello->d_router;
1105 nbr->bd_router = hello->bd_router;
1106
1107 /*
1108 * RFC 3623 - Section 2:
1109 * "If the restarting router determines that it was the Designated
1110 * Router on a given segment prior to the restart, it elects
1111 * itself as the Designated Router again. The restarting router
1112 * knows that it was the Designated Router if, while the
1113 * associated interface is in Waiting state, a Hello packet is
1114 * received from a neighbor listing the router as the Designated
1115 * Router".
1116 */
1117 if (oi->area->ospf->gr_info.restart_in_progress
1118 && oi->state == ISM_Waiting
1119 && IPV4_ADDR_SAME(&hello->d_router, &oi->address->u.prefix4))
1120 DR(oi) = hello->d_router;
1121 }
1122
1123 /* Save DD flags/options/Seqnum received. */
1124 static void ospf_db_desc_save_current(struct ospf_neighbor *nbr,
1125 struct ospf_db_desc *dd)
1126 {
1127 nbr->last_recv.flags = dd->flags;
1128 nbr->last_recv.options = dd->options;
1129 nbr->last_recv.dd_seqnum = ntohl(dd->dd_seqnum);
1130 }
1131
1132 /* Process rest of DD packet. */
1133 static void ospf_db_desc_proc(struct stream *s, struct ospf_interface *oi,
1134 struct ospf_neighbor *nbr,
1135 struct ospf_db_desc *dd, uint16_t size)
1136 {
1137 struct ospf_lsa *new, *find;
1138 struct lsa_header *lsah;
1139
1140 stream_forward_getp(s, OSPF_DB_DESC_MIN_SIZE);
1141 for (size -= OSPF_DB_DESC_MIN_SIZE; size >= OSPF_LSA_HEADER_SIZE;
1142 size -= OSPF_LSA_HEADER_SIZE) {
1143 lsah = (struct lsa_header *)stream_pnt(s);
1144 stream_forward_getp(s, OSPF_LSA_HEADER_SIZE);
1145
1146 /* Unknown LS type. */
1147 if (lsah->type < OSPF_MIN_LSA || lsah->type >= OSPF_MAX_LSA) {
1148 flog_warn(EC_OSPF_PACKET,
1149 "Packet [DD:RECV]: Unknown LS type %d.",
1150 lsah->type);
1151 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_SeqNumberMismatch);
1152 return;
1153 }
1154
1155 if (IS_OPAQUE_LSA(lsah->type)
1156 && !CHECK_FLAG(nbr->options, OSPF_OPTION_O)) {
1157 flog_warn(EC_OSPF_PACKET,
1158 "LSA[Type%d:%pI4] from %pI4: Opaque capability mismatch?",
1159 lsah->type, &lsah->id, &lsah->adv_router);
1160 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_SeqNumberMismatch);
1161 return;
1162 }
1163
1164 switch (lsah->type) {
1165 case OSPF_AS_EXTERNAL_LSA:
1166 case OSPF_OPAQUE_AS_LSA:
1167 /* Check for stub area. Reject if AS-External from stub
1168 but
1169 allow if from NSSA. */
1170 if (oi->area->external_routing == OSPF_AREA_STUB) {
1171 flog_warn(
1172 EC_OSPF_PACKET,
1173 "Packet [DD:RECV]: LSA[Type%d:%pI4] from %s area.",
1174 lsah->type, &lsah->id,
1175 (oi->area->external_routing
1176 == OSPF_AREA_STUB)
1177 ? "STUB"
1178 : "NSSA");
1179 OSPF_NSM_EVENT_SCHEDULE(nbr,
1180 NSM_SeqNumberMismatch);
1181 return;
1182 }
1183 break;
1184 default:
1185 break;
1186 }
1187
1188 /* Create LS-request object. */
1189 new = ospf_ls_request_new(lsah);
1190
1191 /* Lookup received LSA, then add LS request list. */
1192 find = ospf_lsa_lookup_by_header(oi->area, lsah);
1193
1194 /* ospf_lsa_more_recent is fine with NULL pointers */
1195 switch (ospf_lsa_more_recent(find, new)) {
1196 case -1:
1197 /* Neighbour has a more recent LSA, we must request it
1198 */
1199 ospf_ls_request_add(nbr, new);
1200 /* fallthru */
1201 case 0:
1202 /* If we have a copy of this LSA, it's either less
1203 * recent
1204 * and we're requesting it from neighbour (the case
1205 * above), or
1206 * it's as recent and we both have same copy (this
1207 * case).
1208 *
1209 * In neither of these two cases is there any point in
1210 * describing our copy of the LSA to the neighbour in a
1211 * DB-Summary packet, if we're still intending to do so.
1212 *
1213 * See: draft-ogier-ospf-dbex-opt-00.txt, describing the
1214 * backward compatible optimisation to OSPF DB Exchange
1215 * /
1216 * DB Description process implemented here.
1217 */
1218 if (find)
1219 ospf_lsdb_delete(&nbr->db_sum, find);
1220 ospf_lsa_discard(new);
1221 break;
1222 default:
1223 /* We have the more recent copy, nothing specific to do:
1224 * - no need to request neighbours stale copy
1225 * - must leave DB summary list copy alone
1226 */
1227 if (IS_DEBUG_OSPF_EVENT)
1228 zlog_debug(
1229 "Packet [DD:RECV]: LSA received Type %d, ID %pI4 is not recent.",
1230 lsah->type, &lsah->id);
1231 ospf_lsa_discard(new);
1232 }
1233 }
1234
1235 /* Master */
1236 if (IS_SET_DD_MS(nbr->dd_flags)) {
1237 nbr->dd_seqnum++;
1238
1239 /* Both sides have no More, then we're done with Exchange */
1240 if (!IS_SET_DD_M(dd->flags) && !IS_SET_DD_M(nbr->dd_flags))
1241 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_ExchangeDone);
1242 else
1243 ospf_db_desc_send(nbr);
1244 }
1245 /* Slave */
1246 else {
1247 nbr->dd_seqnum = ntohl(dd->dd_seqnum);
1248
1249 /* Send DD packet in reply.
1250 *
1251 * Must be done to acknowledge the Master's DD, regardless of
1252 * whether we have more LSAs ourselves to describe.
1253 *
1254 * This function will clear the 'More' bit, if after this DD
1255 * we have no more LSAs to describe to the master..
1256 */
1257 ospf_db_desc_send(nbr);
1258
1259 /* Slave can raise ExchangeDone now, if master is also done */
1260 if (!IS_SET_DD_M(dd->flags) && !IS_SET_DD_M(nbr->dd_flags))
1261 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_ExchangeDone);
1262 }
1263
1264 /* Save received neighbor values from DD. */
1265 ospf_db_desc_save_current(nbr, dd);
1266
1267 if (!nbr->t_ls_req)
1268 ospf_ls_req_send(nbr);
1269 }
1270
1271 static int ospf_db_desc_is_dup(struct ospf_db_desc *dd,
1272 struct ospf_neighbor *nbr)
1273 {
1274 /* Is DD duplicated? */
1275 if (dd->options == nbr->last_recv.options
1276 && dd->flags == nbr->last_recv.flags
1277 && dd->dd_seqnum == htonl(nbr->last_recv.dd_seqnum))
1278 return 1;
1279
1280 return 0;
1281 }
1282
1283 /* OSPF Database Description message read -- RFC2328 Section 10.6. */
1284 static void ospf_db_desc(struct ip *iph, struct ospf_header *ospfh,
1285 struct stream *s, struct ospf_interface *oi,
1286 uint16_t size)
1287 {
1288 struct ospf_db_desc *dd;
1289 struct ospf_neighbor *nbr;
1290
1291 /* Increment statistics. */
1292 oi->db_desc_in++;
1293
1294 dd = (struct ospf_db_desc *)stream_pnt(s);
1295
1296 nbr = ospf_nbr_lookup(oi, iph, ospfh);
1297 if (nbr == NULL) {
1298 flog_warn(EC_OSPF_PACKET, "Packet[DD]: Unknown Neighbor %pI4",
1299 &ospfh->router_id);
1300 return;
1301 }
1302
1303 /* Check MTU. */
1304 if ((OSPF_IF_PARAM(oi, mtu_ignore) == 0)
1305 && (ntohs(dd->mtu) > oi->ifp->mtu)) {
1306 flog_warn(
1307 EC_OSPF_PACKET,
1308 "Packet[DD]: Neighbor %pI4 MTU %u is larger than [%s]'s MTU %u",
1309 &nbr->router_id, ntohs(dd->mtu), IF_NAME(oi),
1310 oi->ifp->mtu);
1311 return;
1312 }
1313
1314 /*
1315 * XXX HACK by Hasso Tepper. Setting N/P bit in NSSA area DD packets is
1316 * not
1317 * required. In fact at least JunOS sends DD packets with P bit clear.
1318 * Until proper solution is developped, this hack should help.
1319 *
1320 * Update: According to the RFCs, N bit is specified /only/ for Hello
1321 * options, unfortunately its use in DD options is not specified. Hence
1322 * some
1323 * implementations follow E-bit semantics and set it in DD options, and
1324 * some
1325 * treat it as unspecified and hence follow the directive "default for
1326 * options is clear", ie unset.
1327 *
1328 * Reset the flag, as ospfd follows E-bit semantics.
1329 */
1330 if ((oi->area->external_routing == OSPF_AREA_NSSA)
1331 && (CHECK_FLAG(nbr->options, OSPF_OPTION_NP))
1332 && (!CHECK_FLAG(dd->options, OSPF_OPTION_NP))) {
1333 if (IS_DEBUG_OSPF_EVENT)
1334 zlog_debug(
1335 "Packet[DD]: Neighbour %pI4: Has NSSA capability, sends with N bit clear in DD options",
1336 &nbr->router_id);
1337 SET_FLAG(dd->options, OSPF_OPTION_NP);
1338 }
1339
1340 #ifdef REJECT_IF_TBIT_ON
1341 if (CHECK_FLAG(dd->options, OSPF_OPTION_MT)) {
1342 /*
1343 * In Hello protocol, optional capability must have checked
1344 * to prevent this T-bit enabled router be my neighbor.
1345 */
1346 flog_warn(EC_OSPF_PACKET, "Packet[DD]: Neighbor %pI4: T-bit on?",
1347 &nbr->router_id);
1348 return;
1349 }
1350 #endif /* REJECT_IF_TBIT_ON */
1351
1352 if (CHECK_FLAG(dd->options, OSPF_OPTION_O)
1353 && !CHECK_FLAG(oi->ospf->config, OSPF_OPAQUE_CAPABLE)) {
1354 /*
1355 * This node is not configured to handle O-bit, for now.
1356 * Clear it to ignore unsupported capability proposed by
1357 * neighbor.
1358 */
1359 UNSET_FLAG(dd->options, OSPF_OPTION_O);
1360 }
1361
1362 if (CHECK_FLAG(oi->ospf->config, OSPF_LOG_ADJACENCY_DETAIL))
1363 zlog_info(
1364 "%s:Packet[DD]: Neighbor %pI4 state is %s, seq_num:0x%x, local:0x%x",
1365 ospf_get_name(oi->ospf), &nbr->router_id,
1366 lookup_msg(ospf_nsm_state_msg, nbr->state, NULL),
1367 ntohl(dd->dd_seqnum), nbr->dd_seqnum);
1368
1369 /* Process DD packet by neighbor status. */
1370 switch (nbr->state) {
1371 case NSM_Down:
1372 case NSM_Attempt:
1373 case NSM_TwoWay:
1374 if (CHECK_FLAG(oi->ospf->config, OSPF_LOG_ADJACENCY_DETAIL))
1375 zlog_info(
1376 "Packet[DD]: Neighbor %pI4 state is %s, packet discarded.",
1377 &nbr->router_id,
1378 lookup_msg(ospf_nsm_state_msg, nbr->state,
1379 NULL));
1380 break;
1381 case NSM_Init:
1382 OSPF_NSM_EVENT_EXECUTE(nbr, NSM_TwoWayReceived);
1383 /* If the new state is ExStart, the processing of the current
1384 packet should then continue in this new state by falling
1385 through to case ExStart below. */
1386 if (nbr->state != NSM_ExStart)
1387 break;
1388 /* fallthru */
1389 case NSM_ExStart:
1390 /* Initial DBD */
1391 if ((IS_SET_DD_ALL(dd->flags) == OSPF_DD_FLAG_ALL)
1392 && (size == OSPF_DB_DESC_MIN_SIZE)) {
1393 if (IPV4_ADDR_CMP(&nbr->router_id, &oi->ospf->router_id)
1394 > 0) {
1395 /* We're Slave---obey */
1396 if (CHECK_FLAG(oi->ospf->config,
1397 OSPF_LOG_ADJACENCY_DETAIL))
1398 zlog_info(
1399 "Packet[DD]: Neighbor %pI4 Negotiation done (Slave).",
1400 &nbr->router_id);
1401
1402 nbr->dd_seqnum = ntohl(dd->dd_seqnum);
1403
1404 /* Reset I/MS */
1405 UNSET_FLAG(nbr->dd_flags,
1406 (OSPF_DD_FLAG_MS | OSPF_DD_FLAG_I));
1407 } else {
1408 /* We're Master, ignore the initial DBD from
1409 * Slave */
1410 if (CHECK_FLAG(oi->ospf->config,
1411 OSPF_LOG_ADJACENCY_DETAIL))
1412 zlog_info(
1413 "Packet[DD]: Neighbor %pI4: Initial DBD from Slave, ignoring.",
1414 &nbr->router_id);
1415 break;
1416 }
1417 }
1418 /* Ack from the Slave */
1419 else if (!IS_SET_DD_MS(dd->flags) && !IS_SET_DD_I(dd->flags)
1420 && ntohl(dd->dd_seqnum) == nbr->dd_seqnum
1421 && IPV4_ADDR_CMP(&nbr->router_id, &oi->ospf->router_id)
1422 < 0) {
1423 zlog_info(
1424 "Packet[DD]: Neighbor %pI4 Negotiation done (Master).",
1425 &nbr->router_id);
1426 /* Reset I, leaving MS */
1427 UNSET_FLAG(nbr->dd_flags, OSPF_DD_FLAG_I);
1428 } else {
1429 flog_warn(EC_OSPF_PACKET,
1430 "Packet[DD]: Neighbor %pI4 Negotiation fails.",
1431 &nbr->router_id);
1432 break;
1433 }
1434
1435 /* This is where the real Options are saved */
1436 nbr->options = dd->options;
1437
1438 if (CHECK_FLAG(oi->ospf->config, OSPF_OPAQUE_CAPABLE)) {
1439 if (IS_DEBUG_OSPF_EVENT)
1440 zlog_debug(
1441 "Neighbor[%pI4] is %sOpaque-capable.",
1442 &nbr->router_id,
1443 CHECK_FLAG(nbr->options, OSPF_OPTION_O)
1444 ? ""
1445 : "NOT ");
1446
1447 if (!CHECK_FLAG(nbr->options, OSPF_OPTION_O)
1448 && IPV4_ADDR_SAME(&DR(oi),
1449 &nbr->address.u.prefix4)) {
1450 flog_warn(
1451 EC_OSPF_PACKET,
1452 "DR-neighbor[%pI4] is NOT opaque-capable; Opaque-LSAs cannot be reliably advertised in this network.",
1453 &nbr->router_id);
1454 /* This situation is undesirable, but not a real
1455 * error. */
1456 }
1457 }
1458
1459 OSPF_NSM_EVENT_EXECUTE(nbr, NSM_NegotiationDone);
1460
1461 /* continue processing rest of packet. */
1462 ospf_db_desc_proc(s, oi, nbr, dd, size);
1463 break;
1464 case NSM_Exchange:
1465 if (ospf_db_desc_is_dup(dd, nbr)) {
1466 if (IS_SET_DD_MS(nbr->dd_flags))
1467 /* Master: discard duplicated DD packet. */
1468 zlog_info(
1469 "Packet[DD] (Master): Neighbor %pI4 packet duplicated.",
1470 &nbr->router_id);
1471 else
1472 /* Slave: cause to retransmit the last Database
1473 Description. */
1474 {
1475 zlog_info(
1476 "Packet[DD] [Slave]: Neighbor %pI4 packet duplicated.",
1477 &nbr->router_id);
1478 ospf_db_desc_resend(nbr);
1479 }
1480 break;
1481 }
1482
1483 /* Otherwise DD packet should be checked. */
1484 /* Check Master/Slave bit mismatch */
1485 if (IS_SET_DD_MS(dd->flags)
1486 != IS_SET_DD_MS(nbr->last_recv.flags)) {
1487 flog_warn(EC_OSPF_PACKET,
1488 "Packet[DD]: Neighbor %pI4 MS-bit mismatch.",
1489 &nbr->router_id);
1490 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_SeqNumberMismatch);
1491 if (IS_DEBUG_OSPF_EVENT)
1492 zlog_debug(
1493 "Packet[DD]: dd->flags=%d, nbr->dd_flags=%d",
1494 dd->flags, nbr->dd_flags);
1495 break;
1496 }
1497
1498 /* Check initialize bit is set. */
1499 if (IS_SET_DD_I(dd->flags)) {
1500 zlog_info("Packet[DD]: Neighbor %pI4 I-bit set.",
1501 &nbr->router_id);
1502 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_SeqNumberMismatch);
1503 break;
1504 }
1505
1506 /* Check DD Options. */
1507 if (dd->options != nbr->options) {
1508 flog_warn(EC_OSPF_PACKET,
1509 "Packet[DD]: Neighbor %pI4 options mismatch.",
1510 &nbr->router_id);
1511 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_SeqNumberMismatch);
1512 break;
1513 }
1514
1515 /* Check DD sequence number. */
1516 if ((IS_SET_DD_MS(nbr->dd_flags)
1517 && ntohl(dd->dd_seqnum) != nbr->dd_seqnum)
1518 || (!IS_SET_DD_MS(nbr->dd_flags)
1519 && ntohl(dd->dd_seqnum) != nbr->dd_seqnum + 1)) {
1520 flog_warn(
1521 EC_OSPF_PACKET,
1522 "Packet[DD]: Neighbor %pI4 sequence number mismatch.",
1523 &nbr->router_id);
1524 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_SeqNumberMismatch);
1525 break;
1526 }
1527
1528 /* Continue processing rest of packet. */
1529 ospf_db_desc_proc(s, oi, nbr, dd, size);
1530 break;
1531 case NSM_Loading:
1532 case NSM_Full:
1533 if (ospf_db_desc_is_dup(dd, nbr)) {
1534 if (IS_SET_DD_MS(nbr->dd_flags)) {
1535 /* Master should discard duplicate DD packet. */
1536 zlog_info(
1537 "Packet[DD]: Neighbor %pI4 duplicated, packet discarded.",
1538 &nbr->router_id);
1539 break;
1540 } else {
1541 if (monotime_since(&nbr->last_send_ts, NULL)
1542 < nbr->v_inactivity * 1000000LL) {
1543 /* In states Loading and Full the slave
1544 must resend
1545 its last Database Description packet
1546 in response to
1547 duplicate Database Description
1548 packets received
1549 from the master. For this reason the
1550 slave must
1551 wait RouterDeadInterval seconds
1552 before freeing the
1553 last Database Description packet.
1554 Reception of a
1555 Database Description packet from the
1556 master after
1557 this interval will generate a
1558 SeqNumberMismatch
1559 neighbor event. RFC2328 Section 10.8
1560 */
1561 ospf_db_desc_resend(nbr);
1562 break;
1563 }
1564 }
1565 }
1566
1567 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_SeqNumberMismatch);
1568 break;
1569 default:
1570 flog_warn(EC_OSPF_PACKET,
1571 "Packet[DD]: Neighbor %pI4 NSM illegal status %u.",
1572 &nbr->router_id, nbr->state);
1573 break;
1574 }
1575 }
1576
1577 #define OSPF_LSA_KEY_SIZE 12 /* type(4) + id(4) + ar(4) */
1578
1579 /* OSPF Link State Request Read -- RFC2328 Section 10.7. */
1580 static void ospf_ls_req(struct ip *iph, struct ospf_header *ospfh,
1581 struct stream *s, struct ospf_interface *oi,
1582 uint16_t size)
1583 {
1584 struct ospf_neighbor *nbr;
1585 uint32_t ls_type;
1586 struct in_addr ls_id;
1587 struct in_addr adv_router;
1588 struct ospf_lsa *find;
1589 struct list *ls_upd;
1590 unsigned int length;
1591
1592 /* Increment statistics. */
1593 oi->ls_req_in++;
1594
1595 nbr = ospf_nbr_lookup(oi, iph, ospfh);
1596 if (nbr == NULL) {
1597 flog_warn(EC_OSPF_PACKET,
1598 "Link State Request: Unknown Neighbor %pI4",
1599 &ospfh->router_id);
1600 return;
1601 }
1602
1603 /* Neighbor State should be Exchange or later. */
1604 if (nbr->state != NSM_Exchange && nbr->state != NSM_Loading
1605 && nbr->state != NSM_Full) {
1606 flog_warn(
1607 EC_OSPF_PACKET,
1608 "Link State Request received from %pI4: Neighbor state is %s, packet discarded.",
1609 &ospfh->router_id,
1610 lookup_msg(ospf_nsm_state_msg, nbr->state, NULL));
1611 return;
1612 }
1613
1614 /* Send Link State Update for ALL requested LSAs. */
1615 ls_upd = list_new();
1616 length = OSPF_HEADER_SIZE + OSPF_LS_UPD_MIN_SIZE;
1617
1618 while (size >= OSPF_LSA_KEY_SIZE) {
1619 /* Get one slice of Link State Request. */
1620 ls_type = stream_getl(s);
1621 ls_id.s_addr = stream_get_ipv4(s);
1622 adv_router.s_addr = stream_get_ipv4(s);
1623
1624 /* Verify LSA type. */
1625 if (ls_type < OSPF_MIN_LSA || ls_type >= OSPF_MAX_LSA) {
1626 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_BadLSReq);
1627 list_delete(&ls_upd);
1628 return;
1629 }
1630
1631 /* Search proper LSA in LSDB. */
1632 find = ospf_lsa_lookup(oi->ospf, oi->area, ls_type, ls_id,
1633 adv_router);
1634 if (find == NULL) {
1635 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_BadLSReq);
1636 list_delete(&ls_upd);
1637 return;
1638 }
1639
1640 /* Packet overflows MTU size, send immediately. */
1641 if (length + ntohs(find->data->length) > ospf_packet_max(oi)) {
1642 if (oi->type == OSPF_IFTYPE_NBMA)
1643 ospf_ls_upd_send(nbr, ls_upd,
1644 OSPF_SEND_PACKET_DIRECT, 0);
1645 else
1646 ospf_ls_upd_send(nbr, ls_upd,
1647 OSPF_SEND_PACKET_INDIRECT, 0);
1648
1649 /* Only remove list contents. Keep ls_upd. */
1650 list_delete_all_node(ls_upd);
1651
1652 length = OSPF_HEADER_SIZE + OSPF_LS_UPD_MIN_SIZE;
1653 }
1654
1655 /* Append LSA to update list. */
1656 listnode_add(ls_upd, find);
1657 length += ntohs(find->data->length);
1658
1659 size -= OSPF_LSA_KEY_SIZE;
1660 }
1661
1662 /* Send rest of Link State Update. */
1663 if (listcount(ls_upd) > 0) {
1664 if (oi->type == OSPF_IFTYPE_NBMA)
1665 ospf_ls_upd_send(nbr, ls_upd, OSPF_SEND_PACKET_DIRECT,
1666 0);
1667 else
1668 ospf_ls_upd_send(nbr, ls_upd, OSPF_SEND_PACKET_INDIRECT,
1669 0);
1670
1671 list_delete(&ls_upd);
1672 } else
1673 list_delete(&ls_upd);
1674 }
1675
1676 /* Get the list of LSAs from Link State Update packet.
1677 And process some validation -- RFC2328 Section 13. (1)-(2). */
1678 static struct list *ospf_ls_upd_list_lsa(struct ospf_neighbor *nbr,
1679 struct stream *s,
1680 struct ospf_interface *oi, size_t size)
1681 {
1682 uint16_t count, sum;
1683 uint32_t length;
1684 struct lsa_header *lsah;
1685 struct ospf_lsa *lsa;
1686 struct list *lsas;
1687
1688 lsas = list_new();
1689
1690 count = stream_getl(s);
1691 size -= OSPF_LS_UPD_MIN_SIZE; /* # LSAs */
1692
1693 for (; size >= OSPF_LSA_HEADER_SIZE && count > 0;
1694 size -= length, stream_forward_getp(s, length), count--) {
1695 lsah = (struct lsa_header *)stream_pnt(s);
1696 length = ntohs(lsah->length);
1697
1698 if (length > size) {
1699 flog_warn(
1700 EC_OSPF_PACKET,
1701 "Link State Update: LSA length exceeds packet size.");
1702 break;
1703 }
1704
1705 if (length < OSPF_LSA_HEADER_SIZE) {
1706 flog_warn(EC_OSPF_PACKET,
1707 "Link State Update: LSA length too small.");
1708 break;
1709 }
1710
1711 /* Validate the LSA's LS checksum. */
1712 sum = lsah->checksum;
1713 if (!ospf_lsa_checksum_valid(lsah)) {
1714 /* (bug #685) more details in a one-line message make it
1715 * possible
1716 * to identify problem source on the one hand and to
1717 * have a better
1718 * chance to compress repeated messages in syslog on the
1719 * other */
1720 flog_warn(
1721 EC_OSPF_PACKET,
1722 "Link State Update: LSA checksum error %x/%x, ID=%pI4 from: nbr %pI4, router ID %pI4, adv router %pI4",
1723 sum, lsah->checksum, &lsah->id,
1724 &nbr->src, &nbr->router_id,
1725 &lsah->adv_router);
1726 continue;
1727 }
1728
1729 /* Examine the LSA's LS type. */
1730 if (lsah->type < OSPF_MIN_LSA || lsah->type >= OSPF_MAX_LSA) {
1731 flog_warn(EC_OSPF_PACKET,
1732 "Link State Update: Unknown LS type %d",
1733 lsah->type);
1734 continue;
1735 }
1736
1737 /*
1738 * What if the received LSA's age is greater than MaxAge?
1739 * Treat it as a MaxAge case -- endo.
1740 */
1741 if (ntohs(lsah->ls_age) > OSPF_LSA_MAXAGE)
1742 lsah->ls_age = htons(OSPF_LSA_MAXAGE);
1743
1744 if (CHECK_FLAG(nbr->options, OSPF_OPTION_O)) {
1745 #ifdef STRICT_OBIT_USAGE_CHECK
1746 if ((IS_OPAQUE_LSA(lsah->type)
1747 && !CHECK_FLAG(lsah->options, OSPF_OPTION_O))
1748 || (!IS_OPAQUE_LSA(lsah->type)
1749 && CHECK_FLAG(lsah->options, OSPF_OPTION_O))) {
1750 /*
1751 * This neighbor must know the exact usage of
1752 * O-bit;
1753 * the bit will be set in Type-9,10,11 LSAs
1754 * only.
1755 */
1756 flog_warn(EC_OSPF_PACKET,
1757 "LSA[Type%d:%pI4]: O-bit abuse?",
1758 lsah->type, &lsah->id);
1759 continue;
1760 }
1761 #endif /* STRICT_OBIT_USAGE_CHECK */
1762
1763 /* Do not take in AS External Opaque-LSAs if we are a
1764 * stub. */
1765 if (lsah->type == OSPF_OPAQUE_AS_LSA
1766 && nbr->oi->area->external_routing
1767 != OSPF_AREA_DEFAULT) {
1768 if (IS_DEBUG_OSPF_EVENT)
1769 zlog_debug(
1770 "LSA[Type%d:%pI4]: We are a stub, don't take this LSA.",
1771 lsah->type,
1772 &lsah->id);
1773 continue;
1774 }
1775 } else if (IS_OPAQUE_LSA(lsah->type)) {
1776 flog_warn(
1777 EC_OSPF_PACKET,
1778 "LSA[Type%d:%pI4] from %pI4: Opaque capability mismatch?",
1779 lsah->type, &lsah->id, &lsah->adv_router);
1780 continue;
1781 }
1782
1783 /* Create OSPF LSA instance. */
1784 lsa = ospf_lsa_new_and_data(length);
1785
1786 lsa->vrf_id = oi->ospf->vrf_id;
1787 /* We may wish to put some error checking if type NSSA comes in
1788 and area not in NSSA mode */
1789 switch (lsah->type) {
1790 case OSPF_AS_EXTERNAL_LSA:
1791 case OSPF_OPAQUE_AS_LSA:
1792 lsa->area = NULL;
1793 break;
1794 case OSPF_OPAQUE_LINK_LSA:
1795 lsa->oi = oi; /* Remember incoming interface for
1796 flooding control. */
1797 /* Fallthrough */
1798 default:
1799 lsa->area = oi->area;
1800 break;
1801 }
1802
1803 memcpy(lsa->data, lsah, length);
1804
1805 if (IS_DEBUG_OSPF_EVENT)
1806 zlog_debug(
1807 "LSA[Type%d:%pI4]: %p new LSA created with Link State Update",
1808 lsa->data->type, &lsa->data->id,
1809 (void *)lsa);
1810 listnode_add(lsas, lsa);
1811 }
1812
1813 return lsas;
1814 }
1815
1816 /* Cleanup Update list. */
1817 static void ospf_upd_list_clean(struct list *lsas)
1818 {
1819 struct listnode *node, *nnode;
1820 struct ospf_lsa *lsa;
1821
1822 for (ALL_LIST_ELEMENTS(lsas, node, nnode, lsa))
1823 ospf_lsa_discard(lsa);
1824
1825 list_delete(&lsas);
1826 }
1827
1828 /* OSPF Link State Update message read -- RFC2328 Section 13. */
1829 static void ospf_ls_upd(struct ospf *ospf, struct ip *iph,
1830 struct ospf_header *ospfh, struct stream *s,
1831 struct ospf_interface *oi, uint16_t size)
1832 {
1833 struct ospf_neighbor *nbr;
1834 struct list *lsas;
1835 struct listnode *node, *nnode;
1836 struct ospf_lsa *lsa = NULL;
1837 /* unsigned long ls_req_found = 0; */
1838
1839 /* Dis-assemble the stream, update each entry, re-encapsulate for
1840 * flooding */
1841
1842 /* Increment statistics. */
1843 oi->ls_upd_in++;
1844
1845 /* Check neighbor. */
1846 nbr = ospf_nbr_lookup(oi, iph, ospfh);
1847 if (nbr == NULL) {
1848 flog_warn(EC_OSPF_PACKET,
1849 "Link State Update: Unknown Neighbor %pI4 on int: %s",
1850 &ospfh->router_id, IF_NAME(oi));
1851 return;
1852 }
1853
1854 /* Check neighbor state. */
1855 if (nbr->state < NSM_Exchange) {
1856 if (IS_DEBUG_OSPF(nsm, NSM_EVENTS))
1857 zlog_debug(
1858 "Link State Update: Neighbor[%pI4] state %s is less than Exchange",
1859 &ospfh->router_id,
1860 lookup_msg(ospf_nsm_state_msg, nbr->state,
1861 NULL));
1862 return;
1863 }
1864
1865 /* Get list of LSAs from Link State Update packet. - Also performs
1866 * Stages 1 (validate LSA checksum) and 2 (check for LSA consistent
1867 * type) of section 13.
1868 */
1869 lsas = ospf_ls_upd_list_lsa(nbr, s, oi, size);
1870
1871 if (lsas == NULL)
1872 return;
1873 #define DISCARD_LSA(L, N) \
1874 { \
1875 if (IS_DEBUG_OSPF_EVENT) \
1876 zlog_debug( \
1877 "ospf_lsa_discard() in ospf_ls_upd() point %d: lsa %p" \
1878 " Type-%d", \
1879 N, (void *)lsa, (int)lsa->data->type); \
1880 ospf_lsa_discard(L); \
1881 continue; \
1882 }
1883
1884 /* Process each LSA received in the one packet.
1885 *
1886 * Numbers in parentheses, e.g. (1), (2), etc., and the corresponding
1887 * text below are from the steps in RFC 2328, Section 13.
1888 */
1889 for (ALL_LIST_ELEMENTS(lsas, node, nnode, lsa)) {
1890 struct ospf_lsa *ls_ret, *current;
1891 int ret = 1;
1892
1893 if (IS_DEBUG_OSPF(lsa, LSA))
1894 zlog_debug("LSA Type-%d from %pI4, ID: %pI4, ADV: %pI4",
1895 lsa->data->type, &ospfh->router_id,
1896 &lsa->data->id, &lsa->data->adv_router);
1897
1898 listnode_delete(lsas,
1899 lsa); /* We don't need it in list anymore */
1900
1901 /* (1) Validate Checksum - Done above by ospf_ls_upd_list_lsa()
1902 */
1903
1904 /* (2) LSA Type - Done above by ospf_ls_upd_list_lsa() */
1905
1906 /* (3) Do not take in AS External LSAs if we are a stub or NSSA.
1907 */
1908
1909 /* Do not take in AS NSSA if this neighbor and we are not NSSA
1910 */
1911
1912 /* Do take in Type-7's if we are an NSSA */
1913
1914 /* If we are also an ABR, later translate them to a Type-5
1915 * packet */
1916
1917 /* Later, an NSSA Re-fresh can Re-fresh Type-7's and an ABR will
1918 translate them to a separate Type-5 packet. */
1919
1920 if (lsa->data->type == OSPF_AS_EXTERNAL_LSA)
1921 /* Reject from STUB or NSSA */
1922 if (nbr->oi->area->external_routing
1923 != OSPF_AREA_DEFAULT) {
1924 if (IS_DEBUG_OSPF_NSSA)
1925 zlog_debug(
1926 "Incoming External LSA Discarded: We are NSSA/STUB Area");
1927 DISCARD_LSA(lsa, 1);
1928 }
1929
1930 if (lsa->data->type == OSPF_AS_NSSA_LSA)
1931 if (nbr->oi->area->external_routing != OSPF_AREA_NSSA) {
1932 if (IS_DEBUG_OSPF_NSSA)
1933 zlog_debug(
1934 "Incoming NSSA LSA Discarded: Not NSSA Area");
1935 DISCARD_LSA(lsa, 2);
1936 }
1937
1938 /* VU229804: Router-LSA Adv-ID must be equal to LS-ID */
1939 if (lsa->data->type == OSPF_ROUTER_LSA)
1940 if (!IPV4_ADDR_SAME(&lsa->data->id,
1941 &lsa->data->adv_router)) {
1942 flog_err(
1943 EC_OSPF_ROUTER_LSA_MISMATCH,
1944 "Incoming Router-LSA from %pI4 with Adv-ID[%pI4] != LS-ID[%pI4]",
1945 &ospfh->router_id, &lsa->data->id,
1946 &lsa->data->adv_router);
1947 flog_err(
1948 EC_OSPF_DOMAIN_CORRUPT,
1949 "OSPF domain compromised by attack or corruption. Verify correct operation of -ALL- OSPF routers.");
1950 DISCARD_LSA(lsa, 0);
1951 }
1952
1953 /* Find the LSA in the current database. */
1954
1955 current = ospf_lsa_lookup_by_header(oi->area, lsa->data);
1956
1957 /* (4) If the LSA's LS age is equal to MaxAge, and there is
1958 currently
1959 no instance of the LSA in the router's link state database,
1960 and none of router's neighbors are in states Exchange or
1961 Loading,
1962 then take the following actions: */
1963
1964 if (IS_LSA_MAXAGE(lsa) && !current
1965 && ospf_check_nbr_status(oi->ospf)) {
1966 /* (4a) Response Link State Acknowledgment. */
1967 ospf_ls_ack_send(nbr, lsa);
1968
1969 /* (4b) Discard LSA. */
1970 if (IS_DEBUG_OSPF(lsa, LSA)) {
1971 zlog_debug(
1972 "Link State Update[%s]: LS age is equal to MaxAge.",
1973 dump_lsa_key(lsa));
1974 }
1975 DISCARD_LSA(lsa, 3);
1976 }
1977
1978 if (IS_OPAQUE_LSA(lsa->data->type)
1979 && IPV4_ADDR_SAME(&lsa->data->adv_router,
1980 &oi->ospf->router_id)) {
1981 /*
1982 * Even if initial flushing seems to be completed, there
1983 * might
1984 * be a case that self-originated LSA with MaxAge still
1985 * remain
1986 * in the routing domain.
1987 * Just send an LSAck message to cease retransmission.
1988 */
1989 if (IS_LSA_MAXAGE(lsa)) {
1990 zlog_info("LSA[%s]: Boomerang effect?",
1991 dump_lsa_key(lsa));
1992 ospf_ls_ack_send(nbr, lsa);
1993 ospf_lsa_discard(lsa);
1994
1995 if (current != NULL && !IS_LSA_MAXAGE(current))
1996 ospf_opaque_lsa_refresh_schedule(
1997 current);
1998 continue;
1999 }
2000
2001 /*
2002 * If an instance of self-originated Opaque-LSA is not
2003 * found
2004 * in the LSDB, there are some possible cases here.
2005 *
2006 * 1) This node lost opaque-capability after restart.
2007 * 2) Else, a part of opaque-type is no more supported.
2008 * 3) Else, a part of opaque-id is no more supported.
2009 *
2010 * Anyway, it is still this node's responsibility to
2011 * flush it.
2012 * Otherwise, the LSA instance remains in the routing
2013 * domain
2014 * until its age reaches to MaxAge.
2015 */
2016 /* XXX: We should deal with this for *ALL* LSAs, not
2017 * just opaque */
2018 if (current == NULL) {
2019 if (IS_DEBUG_OSPF_EVENT)
2020 zlog_debug(
2021 "LSA[%s]: Previously originated Opaque-LSA,not found in the LSDB.",
2022 dump_lsa_key(lsa));
2023
2024 SET_FLAG(lsa->flags, OSPF_LSA_SELF);
2025
2026 ospf_ls_ack_send(nbr, lsa);
2027
2028 if (!ospf->gr_info.restart_in_progress) {
2029 ospf_opaque_self_originated_lsa_received(
2030 nbr, lsa);
2031 continue;
2032 }
2033 }
2034 }
2035
2036 /* It might be happen that received LSA is self-originated
2037 * network LSA, but
2038 * router ID is changed. So, we should check if LSA is a
2039 * network-LSA whose
2040 * Link State ID is one of the router's own IP interface
2041 * addresses but whose
2042 * Advertising Router is not equal to the router's own Router ID
2043 * According to RFC 2328 12.4.2 and 13.4 this LSA should be
2044 * flushed.
2045 */
2046
2047 if (lsa->data->type == OSPF_NETWORK_LSA) {
2048 struct listnode *oinode, *oinnode;
2049 struct ospf_interface *out_if;
2050 int Flag = 0;
2051
2052 for (ALL_LIST_ELEMENTS(oi->ospf->oiflist, oinode,
2053 oinnode, out_if)) {
2054 if (out_if == NULL)
2055 break;
2056
2057 if ((IPV4_ADDR_SAME(&out_if->address->u.prefix4,
2058 &lsa->data->id))
2059 && (!(IPV4_ADDR_SAME(
2060 &oi->ospf->router_id,
2061 &lsa->data->adv_router)))) {
2062 if (out_if->network_lsa_self) {
2063 ospf_lsa_flush_area(
2064 lsa, out_if->area);
2065 if (IS_DEBUG_OSPF_EVENT)
2066 zlog_debug(
2067 "ospf_lsa_discard() in ospf_ls_upd() point 9: lsa %p Type-%d",
2068 (void *)lsa,
2069 (int)lsa->data
2070 ->type);
2071 ospf_lsa_discard(lsa);
2072 Flag = 1;
2073 }
2074 break;
2075 }
2076 }
2077 if (Flag)
2078 continue;
2079 }
2080
2081 /* (5) Find the instance of this LSA that is currently contained
2082 in the router's link state database. If there is no
2083 database copy, or the received LSA is more recent than
2084 the database copy the following steps must be performed.
2085 (The sub steps from RFC 2328 section 13 step (5) will be
2086 performed in
2087 ospf_flood() ) */
2088
2089 if (current == NULL
2090 || (ret = ospf_lsa_more_recent(current, lsa)) < 0) {
2091 /* CVE-2017-3224 */
2092 if (current && (IS_LSA_MAX_SEQ(current))
2093 && (IS_LSA_MAX_SEQ(lsa)) && !IS_LSA_MAXAGE(lsa)) {
2094 zlog_debug(
2095 "Link State Update[%s]: has Max Seq and higher checksum but not MaxAge. Dropping it",
2096 dump_lsa_key(lsa));
2097
2098 DISCARD_LSA(lsa, 4);
2099 }
2100
2101 /* Actual flooding procedure. */
2102 if (ospf_flood(oi->ospf, nbr, current, lsa)
2103 < 0) /* Trap NSSA later. */
2104 DISCARD_LSA(lsa, 5);
2105 continue;
2106 }
2107
2108 /* (6) Else, If there is an instance of the LSA on the sending
2109 neighbor's Link state request list, an error has occurred in
2110 the Database Exchange process. In this case, restart the
2111 Database Exchange process by generating the neighbor event
2112 BadLSReq for the sending neighbor and stop processing the
2113 Link State Update packet. */
2114
2115 if (ospf_ls_request_lookup(nbr, lsa)) {
2116 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_BadLSReq);
2117 flog_warn(
2118 EC_OSPF_PACKET,
2119 "LSA[%s] instance exists on Link state request list",
2120 dump_lsa_key(lsa));
2121
2122 /* Clean list of LSAs. */
2123 ospf_upd_list_clean(lsas);
2124 /* this lsa is not on lsas list already. */
2125 ospf_lsa_discard(lsa);
2126 return;
2127 }
2128
2129 /* If the received LSA is the same instance as the database copy
2130 (i.e., neither one is more recent) the following two steps
2131 should be performed: */
2132
2133 if (ret == 0) {
2134 /* If the LSA is listed in the Link state retransmission
2135 list
2136 for the receiving adjacency, the router itself is
2137 expecting
2138 an acknowledgment for this LSA. The router should
2139 treat the
2140 received LSA as an acknowledgment by removing the LSA
2141 from
2142 the Link state retransmission list. This is termed
2143 an
2144 "implied acknowledgment". */
2145
2146 ls_ret = ospf_ls_retransmit_lookup(nbr, lsa);
2147
2148 if (ls_ret != NULL) {
2149 ospf_ls_retransmit_delete(nbr, ls_ret);
2150
2151 /* Delayed acknowledgment sent if advertisement
2152 received
2153 from Designated Router, otherwise do nothing.
2154 */
2155 if (oi->state == ISM_Backup)
2156 if (NBR_IS_DR(nbr))
2157 listnode_add(
2158 oi->ls_ack,
2159 ospf_lsa_lock(lsa));
2160
2161 DISCARD_LSA(lsa, 6);
2162 } else
2163 /* Acknowledge the receipt of the LSA by sending a
2164 Link State Acknowledgment packet back out the
2165 receiving
2166 interface. */
2167 {
2168 ospf_ls_ack_send(nbr, lsa);
2169 DISCARD_LSA(lsa, 7);
2170 }
2171 }
2172
2173 /* The database copy is more recent. If the database copy
2174 has LS age equal to MaxAge and LS sequence number equal to
2175 MaxSequenceNumber, simply discard the received LSA without
2176 acknowledging it. (In this case, the LSA's LS sequence number
2177 is
2178 wrapping, and the MaxSequenceNumber LSA must be completely
2179 flushed before any new LSA instance can be introduced). */
2180
2181 else if (ret > 0) /* Database copy is more recent */
2182 {
2183 if (IS_LSA_MAXAGE(current)
2184 && current->data->ls_seqnum
2185 == htonl(OSPF_MAX_SEQUENCE_NUMBER)) {
2186 DISCARD_LSA(lsa, 8);
2187 }
2188 /* Otherwise, as long as the database copy has not been
2189 sent in a
2190 Link State Update within the last MinLSArrival
2191 seconds, send the
2192 database copy back to the sending neighbor,
2193 encapsulated within
2194 a Link State Update Packet. The Link State Update
2195 Packet should
2196 be sent directly to the neighbor. In so doing, do not
2197 put the
2198 database copy of the LSA on the neighbor's link state
2199 retransmission list, and do not acknowledge the
2200 received (less
2201 recent) LSA instance. */
2202 else {
2203 if (monotime_since(&current->tv_orig, NULL)
2204 >= ospf->min_ls_arrival * 1000LL)
2205 /* Trap NSSA type later.*/
2206 ospf_ls_upd_send_lsa(
2207 nbr, current,
2208 OSPF_SEND_PACKET_DIRECT);
2209 DISCARD_LSA(lsa, 9);
2210 }
2211 }
2212 }
2213 #undef DISCARD_LSA
2214
2215 assert(listcount(lsas) == 0);
2216 list_delete(&lsas);
2217
2218 if (ospf->gr_info.restart_in_progress)
2219 ospf_gr_check_lsdb_consistency(oi->ospf, oi->area);
2220 }
2221
2222 /* OSPF Link State Acknowledgment message read -- RFC2328 Section 13.7. */
2223 static void ospf_ls_ack(struct ip *iph, struct ospf_header *ospfh,
2224 struct stream *s, struct ospf_interface *oi,
2225 uint16_t size)
2226 {
2227 struct ospf_neighbor *nbr;
2228
2229 /* increment statistics. */
2230 oi->ls_ack_in++;
2231
2232 nbr = ospf_nbr_lookup(oi, iph, ospfh);
2233 if (nbr == NULL) {
2234 flog_warn(EC_OSPF_PACKET,
2235 "Link State Acknowledgment: Unknown Neighbor %pI4",
2236 &ospfh->router_id);
2237 return;
2238 }
2239
2240 if (nbr->state < NSM_Exchange) {
2241 if (IS_DEBUG_OSPF(nsm, NSM_EVENTS))
2242 zlog_debug(
2243 "Link State Acknowledgment: Neighbor[%pI4] state %s is less than Exchange",
2244 &ospfh->router_id,
2245 lookup_msg(ospf_nsm_state_msg, nbr->state,
2246 NULL));
2247 return;
2248 }
2249
2250 while (size >= OSPF_LSA_HEADER_SIZE) {
2251 struct ospf_lsa *lsa, *lsr;
2252
2253 lsa = ospf_lsa_new();
2254 lsa->data = (struct lsa_header *)stream_pnt(s);
2255 lsa->vrf_id = oi->ospf->vrf_id;
2256
2257 /* lsah = (struct lsa_header *) stream_pnt (s); */
2258 size -= OSPF_LSA_HEADER_SIZE;
2259 stream_forward_getp(s, OSPF_LSA_HEADER_SIZE);
2260
2261 if (lsa->data->type < OSPF_MIN_LSA
2262 || lsa->data->type >= OSPF_MAX_LSA) {
2263 lsa->data = NULL;
2264 ospf_lsa_discard(lsa);
2265 continue;
2266 }
2267
2268 lsr = ospf_ls_retransmit_lookup(nbr, lsa);
2269
2270 if (lsr != NULL && ospf_lsa_more_recent(lsr, lsa) == 0) {
2271 ospf_ls_retransmit_delete(nbr, lsr);
2272 ospf_check_and_gen_init_seq_lsa(oi, lsa);
2273 }
2274
2275 lsa->data = NULL;
2276 ospf_lsa_discard(lsa);
2277 }
2278
2279 return;
2280 }
2281
2282 static struct stream *ospf_recv_packet(struct ospf *ospf, int fd,
2283 struct interface **ifp,
2284 struct stream *ibuf)
2285 {
2286 int ret;
2287 struct ip *iph;
2288 uint16_t ip_len;
2289 ifindex_t ifindex = 0;
2290 struct iovec iov;
2291 /* Header and data both require alignment. */
2292 char buff[CMSG_SPACE(SOPT_SIZE_CMSG_IFINDEX_IPV4())];
2293 struct msghdr msgh;
2294
2295 memset(&msgh, 0, sizeof(msgh));
2296 msgh.msg_iov = &iov;
2297 msgh.msg_iovlen = 1;
2298 msgh.msg_control = (caddr_t)buff;
2299 msgh.msg_controllen = sizeof(buff);
2300
2301 ret = stream_recvmsg(ibuf, fd, &msgh, MSG_DONTWAIT,
2302 OSPF_MAX_PACKET_SIZE + 1);
2303 if (ret < 0) {
2304 if (errno != EAGAIN && errno != EWOULDBLOCK)
2305 flog_warn(EC_OSPF_PACKET, "stream_recvmsg failed: %s",
2306 safe_strerror(errno));
2307 return NULL;
2308 }
2309 if ((unsigned int)ret < sizeof(struct ip)) {
2310 flog_warn(
2311 EC_OSPF_PACKET,
2312 "%s: discarding runt packet of length %d (ip header size is %u)",
2313 __func__, ret, (unsigned int)sizeof(iph));
2314 return NULL;
2315 }
2316
2317 /* Note that there should not be alignment problems with this assignment
2318 because this is at the beginning of the stream data buffer. */
2319 iph = (struct ip *)STREAM_DATA(ibuf);
2320 sockopt_iphdrincl_swab_systoh(iph);
2321
2322 ip_len = iph->ip_len;
2323
2324 #if defined(__FreeBSD__) && (__FreeBSD_version < 1000000)
2325 /*
2326 * Kernel network code touches incoming IP header parameters,
2327 * before protocol specific processing.
2328 *
2329 * 1) Convert byteorder to host representation.
2330 * --> ip_len, ip_id, ip_off
2331 *
2332 * 2) Adjust ip_len to strip IP header size!
2333 * --> If user process receives entire IP packet via RAW
2334 * socket, it must consider adding IP header size to
2335 * the "ip_len" field of "ip" structure.
2336 *
2337 * For more details, see <netinet/ip_input.c>.
2338 */
2339 ip_len = ip_len + (iph->ip_hl << 2);
2340 #endif
2341
2342 #if defined(__DragonFly__)
2343 /*
2344 * in DragonFly's raw socket, ip_len/ip_off are read
2345 * in network byte order.
2346 * As OpenBSD < 200311 adjust ip_len to strip IP header size!
2347 */
2348 ip_len = ntohs(iph->ip_len) + (iph->ip_hl << 2);
2349 #endif
2350
2351 ifindex = getsockopt_ifindex(AF_INET, &msgh);
2352
2353 *ifp = if_lookup_by_index(ifindex, ospf->vrf_id);
2354
2355 if (ret != ip_len) {
2356 flog_warn(
2357 EC_OSPF_PACKET,
2358 "%s read length mismatch: ip_len is %d, but recvmsg returned %d",
2359 __func__, ip_len, ret);
2360 return NULL;
2361 }
2362
2363 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2364 zlog_debug("%s: fd %d(%s) on interface %d(%s)", __func__, fd,
2365 ospf_get_name(ospf), ifindex,
2366 *ifp ? (*ifp)->name : "Unknown");
2367 return ibuf;
2368 }
2369
2370 static struct ospf_interface *
2371 ospf_associate_packet_vl(struct ospf *ospf, struct interface *ifp,
2372 struct ip *iph, struct ospf_header *ospfh)
2373 {
2374 struct ospf_interface *rcv_oi;
2375 struct ospf_vl_data *vl_data;
2376 struct ospf_area *vl_area;
2377 struct listnode *node;
2378
2379 if (IN_MULTICAST(ntohl(iph->ip_dst.s_addr))
2380 || !OSPF_IS_AREA_BACKBONE(ospfh))
2381 return NULL;
2382
2383 /* look for local OSPF interface matching the destination
2384 * to determine Area ID. We presume therefore the destination address
2385 * is unique, or at least (for "unnumbered" links), not used in other
2386 * areas
2387 */
2388 if ((rcv_oi = ospf_if_lookup_by_local_addr(ospf, NULL, iph->ip_dst))
2389 == NULL)
2390 return NULL;
2391
2392 for (ALL_LIST_ELEMENTS_RO(ospf->vlinks, node, vl_data)) {
2393 vl_area =
2394 ospf_area_lookup_by_area_id(ospf, vl_data->vl_area_id);
2395 if (!vl_area)
2396 continue;
2397
2398 if (OSPF_AREA_SAME(&vl_area, &rcv_oi->area)
2399 && IPV4_ADDR_SAME(&vl_data->vl_peer, &ospfh->router_id)) {
2400 if (IS_DEBUG_OSPF_EVENT)
2401 zlog_debug("associating packet with %s",
2402 IF_NAME(vl_data->vl_oi));
2403 if (!CHECK_FLAG(vl_data->vl_oi->ifp->flags, IFF_UP)) {
2404 if (IS_DEBUG_OSPF_EVENT)
2405 zlog_debug(
2406 "This VL is not up yet, sorry");
2407 return NULL;
2408 }
2409
2410 return vl_data->vl_oi;
2411 }
2412 }
2413
2414 if (IS_DEBUG_OSPF_EVENT)
2415 zlog_debug("couldn't find any VL to associate the packet with");
2416
2417 return NULL;
2418 }
2419
2420 static int ospf_check_area_id(struct ospf_interface *oi,
2421 struct ospf_header *ospfh)
2422 {
2423 /* Check match the Area ID of the receiving interface. */
2424 if (OSPF_AREA_SAME(&oi->area, &ospfh))
2425 return 1;
2426
2427 return 0;
2428 }
2429
2430 /* Unbound socket will accept any Raw IP packets if proto is matched.
2431 To prevent it, compare src IP address and i/f address with masking
2432 i/f network mask. */
2433 static int ospf_check_network_mask(struct ospf_interface *oi,
2434 struct in_addr ip_src)
2435 {
2436 struct in_addr mask, me, him;
2437
2438 if (oi->type == OSPF_IFTYPE_POINTOPOINT
2439 || oi->type == OSPF_IFTYPE_VIRTUALLINK)
2440 return 1;
2441
2442 /* Ignore mask check for max prefix length (32) */
2443 if (oi->type == OSPF_IFTYPE_POINTOMULTIPOINT
2444 && oi->address->prefixlen == IPV4_MAX_BITLEN)
2445 return 1;
2446
2447 masklen2ip(oi->address->prefixlen, &mask);
2448
2449 me.s_addr = oi->address->u.prefix4.s_addr & mask.s_addr;
2450 him.s_addr = ip_src.s_addr & mask.s_addr;
2451
2452 if (IPV4_ADDR_SAME(&me, &him))
2453 return 1;
2454
2455 return 0;
2456 }
2457
2458 /* Return 1, if the packet is properly authenticated and checksummed,
2459 0 otherwise. In particular, check that AuType header field is valid and
2460 matches the locally configured AuType, and that D.5 requirements are met. */
2461 static int ospf_check_auth(struct ospf_interface *oi, struct ospf_header *ospfh)
2462 {
2463 struct crypt_key *ck;
2464 uint16_t iface_auth_type;
2465 uint16_t pkt_auth_type = ntohs(ospfh->auth_type);
2466
2467 switch (pkt_auth_type) {
2468 case OSPF_AUTH_NULL: /* RFC2328 D.5.1 */
2469 if (OSPF_AUTH_NULL != (iface_auth_type = ospf_auth_type(oi))) {
2470 if (IS_DEBUG_OSPF_PACKET(ospfh->type - 1, RECV))
2471 flog_warn(
2472 EC_OSPF_PACKET,
2473 "interface %s: auth-type mismatch, local %s, rcvd Null",
2474 IF_NAME(oi),
2475 lookup_msg(ospf_auth_type_str,
2476 iface_auth_type, NULL));
2477 return 0;
2478 }
2479 if (!ospf_check_sum(ospfh)) {
2480 if (IS_DEBUG_OSPF_PACKET(ospfh->type - 1, RECV))
2481 flog_warn(
2482 EC_OSPF_PACKET,
2483 "interface %s: Null auth OK, but checksum error, Router-ID %pI4",
2484 IF_NAME(oi),
2485 &ospfh->router_id);
2486 return 0;
2487 }
2488 return 1;
2489 case OSPF_AUTH_SIMPLE: /* RFC2328 D.5.2 */
2490 if (OSPF_AUTH_SIMPLE
2491 != (iface_auth_type = ospf_auth_type(oi))) {
2492 if (IS_DEBUG_OSPF_PACKET(ospfh->type - 1, RECV))
2493 flog_warn(
2494 EC_OSPF_PACKET,
2495 "interface %s: auth-type mismatch, local %s, rcvd Simple",
2496 IF_NAME(oi),
2497 lookup_msg(ospf_auth_type_str,
2498 iface_auth_type, NULL));
2499 return 0;
2500 }
2501 if (memcmp(OSPF_IF_PARAM(oi, auth_simple), ospfh->u.auth_data,
2502 OSPF_AUTH_SIMPLE_SIZE)) {
2503 if (IS_DEBUG_OSPF_PACKET(ospfh->type - 1, RECV))
2504 flog_warn(EC_OSPF_PACKET,
2505 "interface %s: Simple auth failed",
2506 IF_NAME(oi));
2507 return 0;
2508 }
2509 if (!ospf_check_sum(ospfh)) {
2510 if (IS_DEBUG_OSPF_PACKET(ospfh->type - 1, RECV))
2511 flog_warn(
2512 EC_OSPF_PACKET,
2513 "interface %s: Simple auth OK, checksum error, Router-ID %pI4",
2514 IF_NAME(oi),
2515 &ospfh->router_id);
2516 return 0;
2517 }
2518 return 1;
2519 case OSPF_AUTH_CRYPTOGRAPHIC: /* RFC2328 D.5.3 */
2520 if (OSPF_AUTH_CRYPTOGRAPHIC
2521 != (iface_auth_type = ospf_auth_type(oi))) {
2522 if (IS_DEBUG_OSPF_PACKET(ospfh->type - 1, RECV))
2523 flog_warn(
2524 EC_OSPF_PACKET,
2525 "interface %s: auth-type mismatch, local %s, rcvd Cryptographic",
2526 IF_NAME(oi),
2527 lookup_msg(ospf_auth_type_str,
2528 iface_auth_type, NULL));
2529 return 0;
2530 }
2531 if (ospfh->checksum) {
2532 if (IS_DEBUG_OSPF_PACKET(ospfh->type - 1, RECV))
2533 flog_warn(
2534 EC_OSPF_PACKET,
2535 "interface %s: OSPF header checksum is not 0",
2536 IF_NAME(oi));
2537 return 0;
2538 }
2539 /* only MD5 crypto method can pass ospf_packet_examin() */
2540 if (NULL == (ck = listgetdata(
2541 listtail(OSPF_IF_PARAM(oi, auth_crypt))))
2542 || ospfh->u.crypt.key_id != ck->key_id ||
2543 /* Condition above uses the last key ID on the list,
2544 which is
2545 different from what ospf_crypt_key_lookup() does. A
2546 bug? */
2547 !ospf_check_md5_digest(oi, ospfh)) {
2548 if (IS_DEBUG_OSPF_PACKET(ospfh->type - 1, RECV))
2549 flog_warn(EC_OSPF_MD5,
2550 "interface %s: MD5 auth failed",
2551 IF_NAME(oi));
2552 return 0;
2553 }
2554 return 1;
2555 default:
2556 if (IS_DEBUG_OSPF_PACKET(ospfh->type - 1, RECV))
2557 flog_warn(
2558 EC_OSPF_PACKET,
2559 "interface %s: invalid packet auth-type (%02x)",
2560 IF_NAME(oi), pkt_auth_type);
2561 return 0;
2562 }
2563 }
2564
2565 static int ospf_check_sum(struct ospf_header *ospfh)
2566 {
2567 uint32_t ret;
2568 uint16_t sum;
2569
2570 /* clear auth_data for checksum. */
2571 memset(ospfh->u.auth_data, 0, OSPF_AUTH_SIMPLE_SIZE);
2572
2573 /* keep checksum and clear. */
2574 sum = ospfh->checksum;
2575 memset(&ospfh->checksum, 0, sizeof(uint16_t));
2576
2577 /* calculate checksum. */
2578 ret = in_cksum(ospfh, ntohs(ospfh->length));
2579
2580 if (ret != sum) {
2581 zlog_info("%s: checksum mismatch, my %X, his %X", __func__, ret,
2582 sum);
2583 return 0;
2584 }
2585
2586 return 1;
2587 }
2588
2589 /* Verify, that given link/TOS records are properly sized/aligned and match
2590 Router-LSA "# links" and "# TOS" fields as specified in RFC2328 A.4.2. */
2591 static unsigned ospf_router_lsa_links_examin(struct router_lsa_link *link,
2592 uint16_t linkbytes,
2593 const uint16_t num_links)
2594 {
2595 unsigned counted_links = 0, thislinklen;
2596
2597 while (linkbytes >= OSPF_ROUTER_LSA_LINK_SIZE) {
2598 thislinklen =
2599 OSPF_ROUTER_LSA_LINK_SIZE + 4 * link->m[0].tos_count;
2600 if (thislinklen > linkbytes) {
2601 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2602 zlog_debug("%s: length error in link block #%u",
2603 __func__, counted_links);
2604 return MSG_NG;
2605 }
2606 link = (struct router_lsa_link *)((caddr_t)link + thislinklen);
2607 linkbytes -= thislinklen;
2608 counted_links++;
2609 }
2610 if (counted_links != num_links) {
2611 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2612 zlog_debug("%s: %u link blocks declared, %u present",
2613 __func__, num_links, counted_links);
2614 return MSG_NG;
2615 }
2616 return MSG_OK;
2617 }
2618
2619 /* Verify, that the given LSA is properly sized/aligned (including type-specific
2620 minimum length constraint). */
2621 static unsigned ospf_lsa_examin(struct lsa_header *lsah, const uint16_t lsalen,
2622 const uint8_t headeronly)
2623 {
2624 unsigned ret;
2625 struct router_lsa *rlsa;
2626 if (lsah->type < OSPF_MAX_LSA && ospf_lsa_minlen[lsah->type]
2627 && lsalen < OSPF_LSA_HEADER_SIZE + ospf_lsa_minlen[lsah->type]) {
2628 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2629 zlog_debug("%s: undersized (%u B) %s", __func__, lsalen,
2630 lookup_msg(ospf_lsa_type_msg, lsah->type,
2631 NULL));
2632 return MSG_NG;
2633 }
2634 switch (lsah->type) {
2635 case OSPF_ROUTER_LSA: {
2636 /*
2637 * RFC2328 A.4.2, LSA header + 4 bytes followed by N>=0
2638 * (12+)-byte link blocks
2639 */
2640 size_t linkbytes_len = lsalen - OSPF_LSA_HEADER_SIZE
2641 - OSPF_ROUTER_LSA_MIN_SIZE;
2642
2643 /*
2644 * LSA link blocks are variable length but always multiples of
2645 * 4; basic sanity check
2646 */
2647 if (linkbytes_len % 4 != 0)
2648 return MSG_NG;
2649
2650 if (headeronly)
2651 return MSG_OK;
2652
2653 rlsa = (struct router_lsa *)lsah;
2654
2655 ret = ospf_router_lsa_links_examin(
2656 (struct router_lsa_link *)rlsa->link,
2657 linkbytes_len,
2658 ntohs(rlsa->links));
2659 break;
2660 }
2661 case OSPF_AS_EXTERNAL_LSA:
2662 /* RFC2328 A.4.5, LSA header + 4 bytes followed by N>=1 12-bytes long
2663 * blocks */
2664 case OSPF_AS_NSSA_LSA:
2665 /* RFC3101 C, idem */
2666 ret = (lsalen - OSPF_LSA_HEADER_SIZE
2667 - OSPF_AS_EXTERNAL_LSA_MIN_SIZE)
2668 % 12
2669 ? MSG_NG
2670 : MSG_OK;
2671 break;
2672 /* Following LSA types are considered OK length-wise as soon as their
2673 * minimum
2674 * length constraint is met and length of the whole LSA is a multiple of
2675 * 4
2676 * (basic LSA header size is already a multiple of 4). */
2677 case OSPF_NETWORK_LSA:
2678 /* RFC2328 A.4.3, LSA header + 4 bytes followed by N>=1 router-IDs */
2679 case OSPF_SUMMARY_LSA:
2680 case OSPF_ASBR_SUMMARY_LSA:
2681 /* RFC2328 A.4.4, LSA header + 4 bytes followed by N>=1 4-bytes TOS
2682 * blocks */
2683 case OSPF_OPAQUE_LINK_LSA:
2684 case OSPF_OPAQUE_AREA_LSA:
2685 case OSPF_OPAQUE_AS_LSA:
2686 /* RFC5250 A.2, "some number of octets (of application-specific
2687 * data) padded to 32-bit alignment." This is considered
2688 * equivalent
2689 * to 4-byte alignment of all other LSA types, see
2690 * OSPF-ALIGNMENT.txt
2691 * file for the detailed analysis of this passage. */
2692 ret = lsalen % 4 ? MSG_NG : MSG_OK;
2693 break;
2694 default:
2695 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2696 zlog_debug("%s: unsupported LSA type 0x%02x", __func__,
2697 lsah->type);
2698 return MSG_NG;
2699 }
2700 if (ret != MSG_OK && IS_DEBUG_OSPF_PACKET(0, RECV))
2701 zlog_debug("%s: alignment error in %s", __func__,
2702 lookup_msg(ospf_lsa_type_msg, lsah->type, NULL));
2703 return ret;
2704 }
2705
2706 /* Verify if the provided input buffer is a valid sequence of LSAs. This
2707 includes verification of LSA blocks length/alignment and dispatching
2708 of deeper-level checks. */
2709 static unsigned
2710 ospf_lsaseq_examin(struct lsa_header *lsah, /* start of buffered data */
2711 size_t length, const uint8_t headeronly,
2712 /* When declared_num_lsas is not 0, compare it to the real
2713 number of LSAs
2714 and treat the difference as an error. */
2715 const uint32_t declared_num_lsas)
2716 {
2717 uint32_t counted_lsas = 0;
2718
2719 while (length) {
2720 uint16_t lsalen;
2721 if (length < OSPF_LSA_HEADER_SIZE) {
2722 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2723 zlog_debug(
2724 "%s: undersized (%zu B) trailing (#%u) LSA header",
2725 __func__, length, counted_lsas);
2726 return MSG_NG;
2727 }
2728 /* save on ntohs() calls here and in the LSA validator */
2729 lsalen = ntohs(lsah->length);
2730 if (lsalen < OSPF_LSA_HEADER_SIZE) {
2731 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2732 zlog_debug(
2733 "%s: malformed LSA header #%u, declared length is %u B",
2734 __func__, counted_lsas, lsalen);
2735 return MSG_NG;
2736 }
2737 if (headeronly) {
2738 /* less checks here and in ospf_lsa_examin() */
2739 if (MSG_OK != ospf_lsa_examin(lsah, lsalen, 1)) {
2740 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2741 zlog_debug(
2742 "%s: malformed header-only LSA #%u",
2743 __func__, counted_lsas);
2744 return MSG_NG;
2745 }
2746 lsah = (struct lsa_header *)((caddr_t)lsah
2747 + OSPF_LSA_HEADER_SIZE);
2748 length -= OSPF_LSA_HEADER_SIZE;
2749 } else {
2750 /* make sure the input buffer is deep enough before
2751 * further checks */
2752 if (lsalen > length) {
2753 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2754 zlog_debug(
2755 "%s: anomaly in LSA #%u: declared length is %u B, buffered length is %zu B",
2756 __func__, counted_lsas, lsalen,
2757 length);
2758 return MSG_NG;
2759 }
2760 if (MSG_OK != ospf_lsa_examin(lsah, lsalen, 0)) {
2761 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2762 zlog_debug("%s: malformed LSA #%u",
2763 __func__, counted_lsas);
2764 return MSG_NG;
2765 }
2766 lsah = (struct lsa_header *)((caddr_t)lsah + lsalen);
2767 length -= lsalen;
2768 }
2769 counted_lsas++;
2770 }
2771
2772 if (declared_num_lsas && counted_lsas != declared_num_lsas) {
2773 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2774 zlog_debug(
2775 "%s: #LSAs declared (%u) does not match actual (%u)",
2776 __func__, declared_num_lsas, counted_lsas);
2777 return MSG_NG;
2778 }
2779 return MSG_OK;
2780 }
2781
2782 /* Verify a complete OSPF packet for proper sizing/alignment. */
2783 static unsigned ospf_packet_examin(struct ospf_header *oh,
2784 const unsigned bytesonwire)
2785 {
2786 uint16_t bytesdeclared, bytesauth;
2787 unsigned ret;
2788 struct ospf_ls_update *lsupd;
2789
2790 /* Length, 1st approximation. */
2791 if (bytesonwire < OSPF_HEADER_SIZE) {
2792 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2793 zlog_debug("%s: undersized (%u B) packet", __func__,
2794 bytesonwire);
2795 return MSG_NG;
2796 }
2797 /* Now it is safe to access header fields. Performing length check,
2798 * allow
2799 * for possible extra bytes of crypto auth/padding, which are not
2800 * counted
2801 * in the OSPF header "length" field. */
2802 if (oh->version != OSPF_VERSION) {
2803 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2804 zlog_debug("%s: invalid (%u) protocol version",
2805 __func__, oh->version);
2806 return MSG_NG;
2807 }
2808 bytesdeclared = ntohs(oh->length);
2809 if (ntohs(oh->auth_type) != OSPF_AUTH_CRYPTOGRAPHIC)
2810 bytesauth = 0;
2811 else {
2812 if (oh->u.crypt.auth_data_len != OSPF_AUTH_MD5_SIZE) {
2813 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2814 zlog_debug(
2815 "%s: unsupported crypto auth length (%u B)",
2816 __func__, oh->u.crypt.auth_data_len);
2817 return MSG_NG;
2818 }
2819 bytesauth = OSPF_AUTH_MD5_SIZE;
2820 }
2821 if (bytesdeclared + bytesauth > bytesonwire) {
2822 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2823 zlog_debug(
2824 "%s: packet length error (%u real, %u+%u declared)",
2825 __func__, bytesonwire, bytesdeclared,
2826 bytesauth);
2827 return MSG_NG;
2828 }
2829 /* Length, 2nd approximation. The type-specific constraint is checked
2830 against declared length, not amount of bytes on wire. */
2831 if (oh->type >= OSPF_MSG_HELLO && oh->type <= OSPF_MSG_LS_ACK
2832 && bytesdeclared
2833 < OSPF_HEADER_SIZE + ospf_packet_minlen[oh->type]) {
2834 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2835 zlog_debug("%s: undersized (%u B) %s packet", __func__,
2836 bytesdeclared,
2837 lookup_msg(ospf_packet_type_str, oh->type,
2838 NULL));
2839 return MSG_NG;
2840 }
2841 switch (oh->type) {
2842 case OSPF_MSG_HELLO:
2843 /* RFC2328 A.3.2, packet header + OSPF_HELLO_MIN_SIZE bytes
2844 followed
2845 by N>=0 router-IDs. */
2846 ret = (bytesdeclared - OSPF_HEADER_SIZE - OSPF_HELLO_MIN_SIZE)
2847 % 4
2848 ? MSG_NG
2849 : MSG_OK;
2850 break;
2851 case OSPF_MSG_DB_DESC:
2852 /* RFC2328 A.3.3, packet header + OSPF_DB_DESC_MIN_SIZE bytes
2853 followed
2854 by N>=0 header-only LSAs. */
2855 ret = ospf_lsaseq_examin(
2856 (struct lsa_header *)((caddr_t)oh + OSPF_HEADER_SIZE
2857 + OSPF_DB_DESC_MIN_SIZE),
2858 bytesdeclared - OSPF_HEADER_SIZE
2859 - OSPF_DB_DESC_MIN_SIZE,
2860 1, /* header-only LSAs */
2861 0);
2862 break;
2863 case OSPF_MSG_LS_REQ:
2864 /* RFC2328 A.3.4, packet header followed by N>=0 12-bytes
2865 * request blocks. */
2866 ret = (bytesdeclared - OSPF_HEADER_SIZE - OSPF_LS_REQ_MIN_SIZE)
2867 % OSPF_LSA_KEY_SIZE
2868 ? MSG_NG
2869 : MSG_OK;
2870 break;
2871 case OSPF_MSG_LS_UPD:
2872 /* RFC2328 A.3.5, packet header + OSPF_LS_UPD_MIN_SIZE bytes
2873 followed
2874 by N>=0 full LSAs (with N declared beforehand). */
2875 lsupd = (struct ospf_ls_update *)((caddr_t)oh
2876 + OSPF_HEADER_SIZE);
2877 ret = ospf_lsaseq_examin(
2878 (struct lsa_header *)((caddr_t)lsupd
2879 + OSPF_LS_UPD_MIN_SIZE),
2880 bytesdeclared - OSPF_HEADER_SIZE - OSPF_LS_UPD_MIN_SIZE,
2881 0, /* full LSAs */
2882 ntohl(lsupd->num_lsas) /* 32 bits */
2883 );
2884 break;
2885 case OSPF_MSG_LS_ACK:
2886 /* RFC2328 A.3.6, packet header followed by N>=0 header-only
2887 * LSAs. */
2888 ret = ospf_lsaseq_examin(
2889 (struct lsa_header *)((caddr_t)oh + OSPF_HEADER_SIZE
2890 + OSPF_LS_ACK_MIN_SIZE),
2891 bytesdeclared - OSPF_HEADER_SIZE - OSPF_LS_ACK_MIN_SIZE,
2892 1, /* header-only LSAs */
2893 0);
2894 break;
2895 default:
2896 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2897 zlog_debug("%s: invalid packet type 0x%02x", __func__,
2898 oh->type);
2899 return MSG_NG;
2900 }
2901 if (ret != MSG_OK && IS_DEBUG_OSPF_PACKET(0, RECV))
2902 zlog_debug("%s: malformed %s packet", __func__,
2903 lookup_msg(ospf_packet_type_str, oh->type, NULL));
2904 return ret;
2905 }
2906
2907 /* OSPF Header verification. */
2908 static int ospf_verify_header(struct stream *ibuf, struct ospf_interface *oi,
2909 struct ip *iph, struct ospf_header *ospfh)
2910 {
2911 /* Check Area ID. */
2912 if (!ospf_check_area_id(oi, ospfh)) {
2913 flog_warn(EC_OSPF_PACKET,
2914 "interface %s: ospf_read invalid Area ID %pI4",
2915 IF_NAME(oi), &ospfh->area_id);
2916 return -1;
2917 }
2918
2919 /* Check network mask, Silently discarded. */
2920 if (!ospf_check_network_mask(oi, iph->ip_src)) {
2921 flog_warn(
2922 EC_OSPF_PACKET,
2923 "interface %s: ospf_read network address is not same [%pI4]",
2924 IF_NAME(oi), &iph->ip_src);
2925 return -1;
2926 }
2927
2928 /* Check authentication. The function handles logging actions, where
2929 * required. */
2930 if (!ospf_check_auth(oi, ospfh))
2931 return -1;
2932
2933 return 0;
2934 }
2935
2936 enum ospf_read_return_enum {
2937 OSPF_READ_ERROR,
2938 OSPF_READ_CONTINUE,
2939 };
2940
2941 static enum ospf_read_return_enum ospf_read_helper(struct ospf *ospf)
2942 {
2943 int ret;
2944 struct stream *ibuf;
2945 struct ospf_interface *oi;
2946 struct ip *iph;
2947 struct ospf_header *ospfh;
2948 uint16_t length;
2949 struct connected *c;
2950 struct interface *ifp = NULL;
2951
2952 stream_reset(ospf->ibuf);
2953 ibuf = ospf_recv_packet(ospf, ospf->fd, &ifp, ospf->ibuf);
2954 if (ibuf == NULL)
2955 return OSPF_READ_ERROR;
2956
2957 /*
2958 * This raw packet is known to be at least as big as its
2959 * IP header. Note that there should not be alignment problems with
2960 * this assignment because this is at the beginning of the
2961 * stream data buffer.
2962 */
2963 iph = (struct ip *)STREAM_DATA(ibuf);
2964 /*
2965 * Note that sockopt_iphdrincl_swab_systoh was called in
2966 * ospf_recv_packet.
2967 */
2968 if (ifp == NULL) {
2969 /*
2970 * Handle cases where the platform does not support
2971 * retrieving the ifindex, and also platforms (such as
2972 * Solaris 8) that claim to support ifindex retrieval but do
2973 * not.
2974 */
2975 c = if_lookup_address((void *)&iph->ip_src, AF_INET,
2976 ospf->vrf_id);
2977 if (c)
2978 ifp = c->ifp;
2979 if (ifp == NULL) {
2980 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2981 zlog_debug(
2982 "%s: Unable to determine incoming interface from: %pI4(%s)",
2983 __func__, &iph->ip_src,
2984 ospf_get_name(ospf));
2985 return OSPF_READ_CONTINUE;
2986 }
2987 }
2988
2989 if (ospf->vrf_id == VRF_DEFAULT && ospf->vrf_id != ifp->vrf->vrf_id) {
2990 /*
2991 * We may have a situation where l3mdev_accept == 1
2992 * let's just kindly drop the packet and move on.
2993 * ospf really really really does not like when
2994 * we receive the same packet multiple times.
2995 */
2996 return OSPF_READ_CONTINUE;
2997 }
2998
2999 /* Self-originated packet should be discarded silently. */
3000 if (ospf_if_lookup_by_local_addr(ospf, NULL, iph->ip_src)) {
3001 if (IS_DEBUG_OSPF_PACKET(0, RECV)) {
3002 zlog_debug(
3003 "ospf_read[%pI4]: Dropping self-originated packet",
3004 &iph->ip_src);
3005 }
3006 return OSPF_READ_CONTINUE;
3007 }
3008
3009 /* Check that we have enough for an IP header */
3010 if ((unsigned int)(iph->ip_hl << 2) >= STREAM_READABLE(ibuf)) {
3011 if ((unsigned int)(iph->ip_hl << 2) == STREAM_READABLE(ibuf)) {
3012 flog_warn(
3013 EC_OSPF_PACKET,
3014 "Rx'd IP packet with OSPF protocol number but no payload");
3015 } else {
3016 flog_warn(
3017 EC_OSPF_PACKET,
3018 "IP header length field claims header is %u bytes, but we only have %zu",
3019 (unsigned int)(iph->ip_hl << 2),
3020 STREAM_READABLE(ibuf));
3021 }
3022
3023 return OSPF_READ_ERROR;
3024 }
3025 stream_forward_getp(ibuf, iph->ip_hl << 2);
3026
3027 ospfh = (struct ospf_header *)stream_pnt(ibuf);
3028 if (MSG_OK
3029 != ospf_packet_examin(ospfh, stream_get_endp(ibuf)
3030 - stream_get_getp(ibuf)))
3031 return OSPF_READ_CONTINUE;
3032 /* Now it is safe to access all fields of OSPF packet header. */
3033
3034 /* associate packet with ospf interface */
3035 oi = ospf_if_lookup_recv_if(ospf, iph->ip_src, ifp);
3036
3037 /*
3038 * ospf_verify_header() relies on a valid "oi" and thus can be called
3039 * only after the passive/backbone/other checks below are passed.
3040 * These checks in turn access the fields of unverified "ospfh"
3041 * structure for their own purposes and must remain very accurate
3042 * in doing this.
3043 */
3044
3045 /* If incoming interface is passive one, ignore it. */
3046 if (oi && OSPF_IF_PASSIVE_STATUS(oi) == OSPF_IF_PASSIVE) {
3047 if (IS_DEBUG_OSPF_EVENT)
3048 zlog_debug(
3049 "ignoring packet from router %pI4 sent to %pI4, received on a passive interface, %pI4",
3050 &ospfh->router_id, &iph->ip_dst,
3051 &oi->address->u.prefix4);
3052
3053 if (iph->ip_dst.s_addr == htonl(OSPF_ALLSPFROUTERS)) {
3054 /* Try to fix multicast membership.
3055 * Some OS:es may have problems in this area,
3056 * make sure it is removed.
3057 */
3058 OI_MEMBER_JOINED(oi, MEMBER_ALLROUTERS);
3059 ospf_if_set_multicast(oi);
3060 }
3061 return OSPF_READ_CONTINUE;
3062 }
3063
3064
3065 /* if no local ospf_interface,
3066 * or header area is backbone but ospf_interface is not
3067 * check for VLINK interface
3068 */
3069 if ((oi == NULL)
3070 || (OSPF_IS_AREA_ID_BACKBONE(ospfh->area_id)
3071 && !OSPF_IS_AREA_ID_BACKBONE(oi->area->area_id))) {
3072 if ((oi = ospf_associate_packet_vl(ospf, ifp, iph, ospfh))
3073 == NULL) {
3074 if (!ospf->instance && IS_DEBUG_OSPF_EVENT)
3075 zlog_debug(
3076 "Packet from [%pI4] received on link %s but no ospf_interface",
3077 &iph->ip_src, ifp->name);
3078 return OSPF_READ_CONTINUE;
3079 }
3080 }
3081
3082 /*
3083 * else it must be a local ospf interface, check it was
3084 * received on correct link
3085 */
3086 else if (oi->ifp != ifp) {
3087 if (IS_DEBUG_OSPF_EVENT)
3088 flog_warn(EC_OSPF_PACKET,
3089 "Packet from [%pI4] received on wrong link %s",
3090 &iph->ip_src, ifp->name);
3091 return OSPF_READ_CONTINUE;
3092 } else if (oi->state == ISM_Down) {
3093 flog_warn(
3094 EC_OSPF_PACKET,
3095 "Ignoring packet from %pI4 to %pI4 received on interface that is down [%s]; interface flags are %s",
3096 &iph->ip_src, &iph->ip_dst, ifp->name,
3097 if_flag_dump(ifp->flags));
3098 /* Fix multicast memberships? */
3099 if (iph->ip_dst.s_addr == htonl(OSPF_ALLSPFROUTERS))
3100 OI_MEMBER_JOINED(oi, MEMBER_ALLROUTERS);
3101 else if (iph->ip_dst.s_addr == htonl(OSPF_ALLDROUTERS))
3102 OI_MEMBER_JOINED(oi, MEMBER_DROUTERS);
3103 if (oi->multicast_memberships)
3104 ospf_if_set_multicast(oi);
3105 return OSPF_READ_CONTINUE;
3106 }
3107
3108 /*
3109 * If the received packet is destined for AllDRouters, the
3110 * packet should be accepted only if the received ospf
3111 * interface state is either DR or Backup -- endo.
3112 *
3113 * I wonder who endo is?
3114 */
3115 if (iph->ip_dst.s_addr == htonl(OSPF_ALLDROUTERS)
3116 && (oi->state != ISM_DR && oi->state != ISM_Backup)) {
3117 flog_warn(
3118 EC_OSPF_PACKET,
3119 "Dropping packet for AllDRouters from [%pI4] via [%s] (ISM: %s)",
3120 &iph->ip_src, IF_NAME(oi),
3121 lookup_msg(ospf_ism_state_msg, oi->state, NULL));
3122 /* Try to fix multicast membership. */
3123 SET_FLAG(oi->multicast_memberships, MEMBER_DROUTERS);
3124 ospf_if_set_multicast(oi);
3125 return OSPF_READ_CONTINUE;
3126 }
3127
3128 /* Verify more OSPF header fields. */
3129 ret = ospf_verify_header(ibuf, oi, iph, ospfh);
3130 if (ret < 0) {
3131 if (IS_DEBUG_OSPF_PACKET(0, RECV))
3132 zlog_debug(
3133 "ospf_read[%pI4]: Header check failed, dropping.",
3134 &iph->ip_src);
3135 return OSPF_READ_CONTINUE;
3136 }
3137
3138 /* Show debug receiving packet. */
3139 if (IS_DEBUG_OSPF_PACKET(ospfh->type - 1, RECV)) {
3140 if (IS_DEBUG_OSPF_PACKET(ospfh->type - 1, DETAIL)) {
3141 zlog_debug(
3142 "-----------------------------------------------------");
3143 ospf_packet_dump(ibuf);
3144 }
3145
3146 zlog_debug("%s received from [%pI4] via [%s]",
3147 lookup_msg(ospf_packet_type_str, ospfh->type, NULL),
3148 &ospfh->router_id, IF_NAME(oi));
3149 zlog_debug(" src [%pI4],", &iph->ip_src);
3150 zlog_debug(" dst [%pI4]", &iph->ip_dst);
3151
3152 if (IS_DEBUG_OSPF_PACKET(ospfh->type - 1, DETAIL))
3153 zlog_debug(
3154 "-----------------------------------------------------");
3155 }
3156
3157 stream_forward_getp(ibuf, OSPF_HEADER_SIZE);
3158
3159 /* Adjust size to message length. */
3160 length = ntohs(ospfh->length) - OSPF_HEADER_SIZE;
3161
3162 /* Read rest of the packet and call each sort of packet routine.
3163 */
3164 switch (ospfh->type) {
3165 case OSPF_MSG_HELLO:
3166 ospf_hello(iph, ospfh, ibuf, oi, length);
3167 break;
3168 case OSPF_MSG_DB_DESC:
3169 ospf_db_desc(iph, ospfh, ibuf, oi, length);
3170 break;
3171 case OSPF_MSG_LS_REQ:
3172 ospf_ls_req(iph, ospfh, ibuf, oi, length);
3173 break;
3174 case OSPF_MSG_LS_UPD:
3175 ospf_ls_upd(ospf, iph, ospfh, ibuf, oi, length);
3176 break;
3177 case OSPF_MSG_LS_ACK:
3178 ospf_ls_ack(iph, ospfh, ibuf, oi, length);
3179 break;
3180 default:
3181 flog_warn(
3182 EC_OSPF_PACKET,
3183 "interface %s(%s): OSPF packet header type %d is illegal",
3184 IF_NAME(oi), ospf_get_name(ospf), ospfh->type);
3185 break;
3186 }
3187
3188 return OSPF_READ_CONTINUE;
3189 }
3190
3191 /* Starting point of packet process function. */
3192 void ospf_read(struct thread *thread)
3193 {
3194 struct ospf *ospf;
3195 int32_t count = 0;
3196 enum ospf_read_return_enum ret;
3197
3198 /* first of all get interface pointer. */
3199 ospf = THREAD_ARG(thread);
3200
3201 /* prepare for next packet. */
3202 thread_add_read(master, ospf_read, ospf, ospf->fd, &ospf->t_read);
3203
3204 while (count < ospf->write_oi_count) {
3205 count++;
3206 ret = ospf_read_helper(ospf);
3207 switch (ret) {
3208 case OSPF_READ_ERROR:
3209 return;
3210 case OSPF_READ_CONTINUE:
3211 break;
3212 }
3213 }
3214 }
3215
3216 /* Make OSPF header. */
3217 static void ospf_make_header(int type, struct ospf_interface *oi,
3218 struct stream *s)
3219 {
3220 struct ospf_header *ospfh;
3221
3222 ospfh = (struct ospf_header *)STREAM_DATA(s);
3223
3224 ospfh->version = (uint8_t)OSPF_VERSION;
3225 ospfh->type = (uint8_t)type;
3226
3227 ospfh->router_id = oi->ospf->router_id;
3228
3229 ospfh->checksum = 0;
3230 ospfh->area_id = oi->area->area_id;
3231 ospfh->auth_type = htons(ospf_auth_type(oi));
3232
3233 memset(ospfh->u.auth_data, 0, OSPF_AUTH_SIMPLE_SIZE);
3234
3235 stream_forward_endp(s, OSPF_HEADER_SIZE);
3236 }
3237
3238 /* Make Authentication Data. */
3239 static int ospf_make_auth(struct ospf_interface *oi, struct ospf_header *ospfh)
3240 {
3241 struct crypt_key *ck;
3242
3243 switch (ospf_auth_type(oi)) {
3244 case OSPF_AUTH_NULL:
3245 /* memset (ospfh->u.auth_data, 0, sizeof(ospfh->u.auth_data));
3246 */
3247 break;
3248 case OSPF_AUTH_SIMPLE:
3249 memcpy(ospfh->u.auth_data, OSPF_IF_PARAM(oi, auth_simple),
3250 OSPF_AUTH_SIMPLE_SIZE);
3251 break;
3252 case OSPF_AUTH_CRYPTOGRAPHIC:
3253 /* If key is not set, then set 0. */
3254 if (list_isempty(OSPF_IF_PARAM(oi, auth_crypt))) {
3255 ospfh->u.crypt.zero = 0;
3256 ospfh->u.crypt.key_id = 0;
3257 ospfh->u.crypt.auth_data_len = OSPF_AUTH_MD5_SIZE;
3258 } else {
3259 ck = listgetdata(
3260 listtail(OSPF_IF_PARAM(oi, auth_crypt)));
3261 ospfh->u.crypt.zero = 0;
3262 ospfh->u.crypt.key_id = ck->key_id;
3263 ospfh->u.crypt.auth_data_len = OSPF_AUTH_MD5_SIZE;
3264 }
3265 /* note: the seq is done in ospf_make_md5_digest() */
3266 break;
3267 default:
3268 /* memset (ospfh->u.auth_data, 0, sizeof(ospfh->u.auth_data));
3269 */
3270 break;
3271 }
3272
3273 return 0;
3274 }
3275
3276 /* Fill rest of OSPF header. */
3277 static void ospf_fill_header(struct ospf_interface *oi, struct stream *s,
3278 uint16_t length)
3279 {
3280 struct ospf_header *ospfh;
3281
3282 ospfh = (struct ospf_header *)STREAM_DATA(s);
3283
3284 /* Fill length. */
3285 ospfh->length = htons(length);
3286
3287 /* Calculate checksum. */
3288 if (ntohs(ospfh->auth_type) != OSPF_AUTH_CRYPTOGRAPHIC)
3289 ospfh->checksum = in_cksum(ospfh, length);
3290 else
3291 ospfh->checksum = 0;
3292
3293 /* Add Authentication Data. */
3294 ospf_make_auth(oi, ospfh);
3295 }
3296
3297 static int ospf_make_hello(struct ospf_interface *oi, struct stream *s)
3298 {
3299 struct ospf_neighbor *nbr;
3300 struct route_node *rn;
3301 uint16_t length = OSPF_HELLO_MIN_SIZE;
3302 struct in_addr mask;
3303 unsigned long p;
3304 int flag = 0;
3305
3306 /* Set netmask of interface. */
3307 if (!(CHECK_FLAG(oi->connected->flags, ZEBRA_IFA_UNNUMBERED)
3308 && oi->type == OSPF_IFTYPE_POINTOPOINT)
3309 && oi->type != OSPF_IFTYPE_VIRTUALLINK)
3310 masklen2ip(oi->address->prefixlen, &mask);
3311 else
3312 memset((char *)&mask, 0, sizeof(struct in_addr));
3313 stream_put_ipv4(s, mask.s_addr);
3314
3315 /* Set Hello Interval. */
3316 if (OSPF_IF_PARAM(oi, fast_hello) == 0)
3317 stream_putw(s, OSPF_IF_PARAM(oi, v_hello));
3318 else
3319 stream_putw(s, 0); /* hello-interval of 0 for fast-hellos */
3320
3321 /* Check if flood-reduction is enabled,
3322 * if yes set the DC bit in the options.
3323 */
3324 if (OSPF_FR_CONFIG(oi->ospf, oi->area))
3325 SET_FLAG(OPTIONS(oi), OSPF_OPTION_DC);
3326 else if (CHECK_FLAG(OPTIONS(oi), OSPF_OPTION_DC))
3327 UNSET_FLAG(OPTIONS(oi), OSPF_OPTION_DC);
3328
3329 if (IS_DEBUG_OSPF_EVENT)
3330 zlog_debug("%s: options: %x, int: %s", __func__, OPTIONS(oi),
3331 IF_NAME(oi));
3332
3333 /* Set Options. */
3334 stream_putc(s, OPTIONS(oi));
3335
3336 /* Set Router Priority. */
3337 stream_putc(s, PRIORITY(oi));
3338
3339 /* Set Router Dead Interval. */
3340 stream_putl(s, OSPF_IF_PARAM(oi, v_wait));
3341
3342 /* Set Designated Router. */
3343 stream_put_ipv4(s, DR(oi).s_addr);
3344
3345 p = stream_get_endp(s);
3346
3347 /* Set Backup Designated Router. */
3348 stream_put_ipv4(s, BDR(oi).s_addr);
3349
3350 /* Add neighbor seen. */
3351 for (rn = route_top(oi->nbrs); rn; rn = route_next(rn)) {
3352 nbr = rn->info;
3353
3354 if (!nbr)
3355 continue;
3356
3357 /* Ignore the 0.0.0.0 node */
3358 if (nbr->router_id.s_addr == INADDR_ANY)
3359 continue;
3360
3361 /* Ignore Down neighbor */
3362 if (nbr->state == NSM_Attempt)
3363 continue;
3364
3365 /* This is myself for DR election */
3366 if (nbr->state == NSM_Down)
3367 continue;
3368
3369 if (IPV4_ADDR_SAME(&nbr->router_id, &oi->ospf->router_id))
3370 continue;
3371 /* Check neighbor is sane? */
3372 if (nbr->d_router.s_addr != INADDR_ANY &&
3373 IPV4_ADDR_SAME(&nbr->d_router, &oi->address->u.prefix4) &&
3374 IPV4_ADDR_SAME(&nbr->bd_router, &oi->address->u.prefix4))
3375 flag = 1;
3376
3377 /* Hello packet overflows interface MTU.
3378 */
3379 if (length + sizeof(uint32_t) > ospf_packet_max(oi)) {
3380 flog_err(
3381 EC_OSPF_LARGE_HELLO,
3382 "Oversized Hello packet! Larger than MTU. Not sending it out");
3383 return 0;
3384 }
3385
3386 stream_put_ipv4(s, nbr->router_id.s_addr);
3387 length += 4;
3388 }
3389
3390 /* Let neighbor generate BackupSeen. */
3391 if (flag == 1)
3392 stream_putl_at(s, p, 0); /* ipv4 address, normally */
3393
3394 return length;
3395 }
3396
3397 static int ospf_make_db_desc(struct ospf_interface *oi,
3398 struct ospf_neighbor *nbr, struct stream *s)
3399 {
3400 struct ospf_lsa *lsa;
3401 uint16_t length = OSPF_DB_DESC_MIN_SIZE;
3402 uint8_t options;
3403 unsigned long pp;
3404 int i;
3405 struct ospf_lsdb *lsdb;
3406
3407 /* Set Interface MTU. */
3408 if (oi->type == OSPF_IFTYPE_VIRTUALLINK)
3409 stream_putw(s, 0);
3410 else
3411 stream_putw(s, oi->ifp->mtu);
3412
3413 /* Set Options. */
3414 options = OPTIONS(oi);
3415 if (CHECK_FLAG(oi->ospf->config, OSPF_OPAQUE_CAPABLE))
3416 SET_FLAG(options, OSPF_OPTION_O);
3417 if (OSPF_FR_CONFIG(oi->ospf, oi->area))
3418 SET_FLAG(options, OSPF_OPTION_DC);
3419 stream_putc(s, options);
3420
3421 /* DD flags */
3422 pp = stream_get_endp(s);
3423 stream_putc(s, nbr->dd_flags);
3424
3425 /* Set DD Sequence Number. */
3426 stream_putl(s, nbr->dd_seqnum);
3427
3428 /* shortcut unneeded walk of (empty) summary LSDBs */
3429 if (ospf_db_summary_isempty(nbr))
3430 goto empty;
3431
3432 /* Describe LSA Header from Database Summary List. */
3433 lsdb = &nbr->db_sum;
3434
3435 for (i = OSPF_MIN_LSA; i < OSPF_MAX_LSA; i++) {
3436 struct route_table *table = lsdb->type[i].db;
3437 struct route_node *rn;
3438
3439 for (rn = route_top(table); rn; rn = route_next(rn))
3440 if ((lsa = rn->info) != NULL) {
3441 if (IS_OPAQUE_LSA(lsa->data->type)
3442 && (!CHECK_FLAG(options, OSPF_OPTION_O))) {
3443 /* Suppress advertising
3444 * opaque-information. */
3445 /* Remove LSA from DB summary list. */
3446 ospf_lsdb_delete(lsdb, lsa);
3447 continue;
3448 }
3449
3450 if (!CHECK_FLAG(lsa->flags, OSPF_LSA_DISCARD)) {
3451 struct lsa_header *lsah;
3452 uint16_t ls_age;
3453
3454 /* DD packet overflows interface MTU. */
3455 if (length + OSPF_LSA_HEADER_SIZE
3456 > ospf_packet_max(oi))
3457 break;
3458
3459 /* Keep pointer to LS age. */
3460 lsah = (struct lsa_header
3461 *)(STREAM_DATA(s)
3462 + stream_get_endp(
3463 s));
3464
3465 /* Proceed stream pointer. */
3466 stream_put(s, lsa->data,
3467 OSPF_LSA_HEADER_SIZE);
3468 length += OSPF_LSA_HEADER_SIZE;
3469
3470 /* Set LS age. */
3471 ls_age = LS_AGE(lsa);
3472 lsah->ls_age = htons(ls_age);
3473 }
3474
3475 /* Remove LSA from DB summary list. */
3476 ospf_lsdb_delete(lsdb, lsa);
3477 }
3478 }
3479
3480 /* Update 'More' bit */
3481 if (ospf_db_summary_isempty(nbr)) {
3482 empty:
3483 if (nbr->state >= NSM_Exchange) {
3484 UNSET_FLAG(nbr->dd_flags, OSPF_DD_FLAG_M);
3485 /* Rewrite DD flags */
3486 stream_putc_at(s, pp, nbr->dd_flags);
3487 } else {
3488 assert(IS_SET_DD_M(nbr->dd_flags));
3489 }
3490 }
3491 return length;
3492 }
3493
3494 static int ospf_make_ls_req_func(struct stream *s, uint16_t *length,
3495 unsigned long delta, struct ospf_neighbor *nbr,
3496 struct ospf_lsa *lsa)
3497 {
3498 struct ospf_interface *oi;
3499
3500 oi = nbr->oi;
3501
3502 /* LS Request packet overflows interface MTU
3503 * delta is just number of bytes required for 1 LS Req
3504 * ospf_packet_max will return the number of bytes can
3505 * be accommodated without ospf header. So length+delta
3506 * can be compared to ospf_packet_max
3507 * to check if it can fit another lsreq in the same packet.
3508 */
3509
3510 if (*length + delta > ospf_packet_max(oi))
3511 return 0;
3512
3513 stream_putl(s, lsa->data->type);
3514 stream_put_ipv4(s, lsa->data->id.s_addr);
3515 stream_put_ipv4(s, lsa->data->adv_router.s_addr);
3516
3517 ospf_lsa_unlock(&nbr->ls_req_last);
3518 nbr->ls_req_last = ospf_lsa_lock(lsa);
3519
3520 *length += 12;
3521 return 1;
3522 }
3523
3524 static int ospf_make_ls_req(struct ospf_neighbor *nbr, struct stream *s)
3525 {
3526 struct ospf_lsa *lsa;
3527 uint16_t length = OSPF_LS_REQ_MIN_SIZE;
3528 unsigned long delta = 12;
3529 struct route_table *table;
3530 struct route_node *rn;
3531 int i;
3532 struct ospf_lsdb *lsdb;
3533
3534 lsdb = &nbr->ls_req;
3535
3536 for (i = OSPF_MIN_LSA; i < OSPF_MAX_LSA; i++) {
3537 table = lsdb->type[i].db;
3538 for (rn = route_top(table); rn; rn = route_next(rn))
3539 if ((lsa = (rn->info)) != NULL)
3540 if (ospf_make_ls_req_func(s, &length, delta,
3541 nbr, lsa)
3542 == 0) {
3543 route_unlock_node(rn);
3544 break;
3545 }
3546 }
3547 return length;
3548 }
3549
3550 static int ls_age_increment(struct ospf_lsa *lsa, int delay)
3551 {
3552 int age;
3553
3554 age = IS_LSA_MAXAGE(lsa) ? OSPF_LSA_MAXAGE : LS_AGE(lsa) + delay;
3555
3556 return (age > OSPF_LSA_MAXAGE ? OSPF_LSA_MAXAGE : age);
3557 }
3558
3559 static int ospf_make_ls_upd(struct ospf_interface *oi, struct list *update,
3560 struct stream *s)
3561 {
3562 struct ospf_lsa *lsa;
3563 struct listnode *node;
3564 uint16_t length = 0;
3565 unsigned int size_noauth;
3566 unsigned long delta = stream_get_endp(s);
3567 unsigned long pp;
3568 int count = 0;
3569
3570 if (IS_DEBUG_OSPF_EVENT)
3571 zlog_debug("%s: Start", __func__);
3572
3573 pp = stream_get_endp(s);
3574 stream_forward_endp(s, OSPF_LS_UPD_MIN_SIZE);
3575 length += OSPF_LS_UPD_MIN_SIZE;
3576
3577 /* Calculate amount of packet usable for data. */
3578 size_noauth = stream_get_size(s) - ospf_packet_authspace(oi);
3579
3580 while ((node = listhead(update)) != NULL) {
3581 struct lsa_header *lsah;
3582 uint16_t ls_age;
3583
3584 lsa = listgetdata(node);
3585 assert(lsa->data);
3586
3587 if (IS_DEBUG_OSPF_EVENT)
3588 zlog_debug("%s: List Iteration %d LSA[%s]", __func__,
3589 count, dump_lsa_key(lsa));
3590
3591 /* Will it fit? Minimum it has to fit at least one */
3592 if ((length + delta + ntohs(lsa->data->length) > size_noauth) &&
3593 (count > 0))
3594 break;
3595
3596 /* Keep pointer to LS age. */
3597 lsah = (struct lsa_header *)(STREAM_DATA(s)
3598 + stream_get_endp(s));
3599
3600 /* Put LSA to Link State Request. */
3601 stream_put(s, lsa->data, ntohs(lsa->data->length));
3602
3603 /* Set LS age. */
3604 /* each hop must increment an lsa_age by transmit_delay
3605 of OSPF interface */
3606 ls_age = ls_age_increment(lsa,
3607 OSPF_IF_PARAM(oi, transmit_delay));
3608 lsah->ls_age = htons(ls_age);
3609
3610 length += ntohs(lsa->data->length);
3611 count++;
3612
3613 list_delete_node(update, node);
3614 ospf_lsa_unlock(&lsa); /* oi->ls_upd_queue */
3615 }
3616
3617 /* Now set #LSAs. */
3618 stream_putl_at(s, pp, count);
3619
3620 if (IS_DEBUG_OSPF_EVENT)
3621 zlog_debug("%s: Stop", __func__);
3622 return length;
3623 }
3624
3625 static int ospf_make_ls_ack(struct ospf_interface *oi, struct list *ack,
3626 struct stream *s)
3627 {
3628 struct listnode *node, *nnode;
3629 uint16_t length = OSPF_LS_ACK_MIN_SIZE;
3630 unsigned long delta = OSPF_LSA_HEADER_SIZE;
3631 struct ospf_lsa *lsa;
3632
3633 for (ALL_LIST_ELEMENTS(ack, node, nnode, lsa)) {
3634 assert(lsa);
3635
3636 /* LS Ack packet overflows interface MTU
3637 * delta is just number of bytes required for
3638 * 1 LS Ack(1 LS Hdr) ospf_packet_max will return
3639 * the number of bytes can be accommodated without
3640 * ospf header. So length+delta can be compared
3641 * against ospf_packet_max to check if it can fit
3642 * another ls header in the same packet.
3643 */
3644 if ((length + delta) > ospf_packet_max(oi))
3645 break;
3646
3647 stream_put(s, lsa->data, OSPF_LSA_HEADER_SIZE);
3648 length += OSPF_LSA_HEADER_SIZE;
3649
3650 listnode_delete(ack, lsa);
3651 ospf_lsa_unlock(&lsa); /* oi->ls_ack_direct.ls_ack */
3652 }
3653
3654 return length;
3655 }
3656
3657 static void ospf_hello_send_sub(struct ospf_interface *oi, in_addr_t addr)
3658 {
3659 struct ospf_packet *op;
3660 uint16_t length = OSPF_HEADER_SIZE;
3661
3662 op = ospf_packet_new(oi->ifp->mtu);
3663
3664 /* Prepare OSPF common header. */
3665 ospf_make_header(OSPF_MSG_HELLO, oi, op->s);
3666
3667 /* Prepare OSPF Hello body. */
3668 length += ospf_make_hello(oi, op->s);
3669 if (length == OSPF_HEADER_SIZE) {
3670 /* Hello overshooting MTU */
3671 ospf_packet_free(op);
3672 return;
3673 }
3674
3675 /* Fill OSPF header. */
3676 ospf_fill_header(oi, op->s, length);
3677
3678 /* Set packet length. */
3679 op->length = length;
3680
3681 op->dst.s_addr = addr;
3682
3683 if (IS_DEBUG_OSPF_EVENT) {
3684 if (oi->ospf->vrf_id)
3685 zlog_debug(
3686 "%s: Hello Tx interface %s ospf vrf %s id %u",
3687 __func__, oi->ifp->name,
3688 ospf_vrf_id_to_name(oi->ospf->vrf_id),
3689 oi->ospf->vrf_id);
3690 }
3691 /* Add packet to the top of the interface output queue, so that they
3692 * can't get delayed by things like long queues of LS Update packets
3693 */
3694 ospf_packet_add_top(oi, op);
3695
3696 /* Hook thread to write packet. */
3697 OSPF_ISM_WRITE_ON(oi->ospf);
3698 }
3699
3700 static void ospf_poll_send(struct ospf_nbr_nbma *nbr_nbma)
3701 {
3702 struct ospf_interface *oi;
3703
3704 oi = nbr_nbma->oi;
3705 assert(oi);
3706
3707 /* If this is passive interface, do not send OSPF Hello. */
3708 if (OSPF_IF_PASSIVE_STATUS(oi) == OSPF_IF_PASSIVE)
3709 return;
3710
3711 if (oi->type != OSPF_IFTYPE_NBMA)
3712 return;
3713
3714 if (nbr_nbma->nbr != NULL && nbr_nbma->nbr->state != NSM_Down)
3715 return;
3716
3717 if (PRIORITY(oi) == 0)
3718 return;
3719
3720 if (nbr_nbma->priority == 0 && oi->state != ISM_DR
3721 && oi->state != ISM_Backup)
3722 return;
3723
3724 ospf_hello_send_sub(oi, nbr_nbma->addr.s_addr);
3725 }
3726
3727 void ospf_poll_timer(struct thread *thread)
3728 {
3729 struct ospf_nbr_nbma *nbr_nbma;
3730
3731 nbr_nbma = THREAD_ARG(thread);
3732 nbr_nbma->t_poll = NULL;
3733
3734 if (IS_DEBUG_OSPF(nsm, NSM_TIMERS))
3735 zlog_debug("NSM[%s:%pI4]: Timer (Poll timer expire)",
3736 IF_NAME(nbr_nbma->oi), &nbr_nbma->addr);
3737
3738 ospf_poll_send(nbr_nbma);
3739
3740 if (nbr_nbma->v_poll > 0)
3741 OSPF_POLL_TIMER_ON(nbr_nbma->t_poll, ospf_poll_timer,
3742 nbr_nbma->v_poll);
3743 }
3744
3745
3746 void ospf_hello_reply_timer(struct thread *thread)
3747 {
3748 struct ospf_neighbor *nbr;
3749
3750 nbr = THREAD_ARG(thread);
3751 nbr->t_hello_reply = NULL;
3752
3753 if (IS_DEBUG_OSPF(nsm, NSM_TIMERS))
3754 zlog_debug("NSM[%s:%pI4]: Timer (hello-reply timer expire)",
3755 IF_NAME(nbr->oi), &nbr->router_id);
3756
3757 ospf_hello_send_sub(nbr->oi, nbr->address.u.prefix4.s_addr);
3758 }
3759
3760 /* Send OSPF Hello. */
3761 void ospf_hello_send(struct ospf_interface *oi)
3762 {
3763 /* If this is passive interface, do not send OSPF Hello. */
3764 if (OSPF_IF_PASSIVE_STATUS(oi) == OSPF_IF_PASSIVE)
3765 return;
3766
3767 if (oi->type == OSPF_IFTYPE_NBMA) {
3768 struct ospf_neighbor *nbr;
3769 struct route_node *rn;
3770
3771 for (rn = route_top(oi->nbrs); rn; rn = route_next(rn)) {
3772 nbr = rn->info;
3773 if (!nbr)
3774 continue;
3775
3776 if (nbr == oi->nbr_self)
3777 continue;
3778
3779 if (nbr->state == NSM_Down)
3780 continue;
3781
3782 /*
3783 * RFC 2328 Section 9.5.1
3784 * If the router is not eligible to become Designated
3785 * Router, it must periodically send Hello Packets to
3786 * both the Designated Router and the Backup
3787 * Designated Router (if they exist).
3788 */
3789 if (PRIORITY(oi) == 0 &&
3790 IPV4_ADDR_CMP(&DR(oi), &nbr->address.u.prefix4) &&
3791 IPV4_ADDR_CMP(&BDR(oi), &nbr->address.u.prefix4))
3792 continue;
3793
3794 /*
3795 * If the router is eligible to become Designated
3796 * Router, it must periodically send Hello Packets to
3797 * all neighbors that are also eligible. In addition,
3798 * if the router is itself the Designated Router or
3799 * Backup Designated Router, it must also send periodic
3800 * Hello Packets to all other neighbors.
3801 */
3802 if (nbr->priority == 0 && oi->state == ISM_DROther)
3803 continue;
3804
3805 /* if oi->state == Waiting, send
3806 * hello to all neighbors */
3807 ospf_hello_send_sub(oi, nbr->address.u.prefix4.s_addr);
3808 }
3809 } else {
3810 /* Decide destination address. */
3811 if (oi->type == OSPF_IFTYPE_VIRTUALLINK)
3812 ospf_hello_send_sub(oi, oi->vl_data->peer_addr.s_addr);
3813 else
3814 ospf_hello_send_sub(oi, htonl(OSPF_ALLSPFROUTERS));
3815 }
3816 }
3817
3818 /* Send OSPF Database Description. */
3819 void ospf_db_desc_send(struct ospf_neighbor *nbr)
3820 {
3821 struct ospf_interface *oi;
3822 struct ospf_packet *op;
3823 uint16_t length = OSPF_HEADER_SIZE;
3824
3825 oi = nbr->oi;
3826 op = ospf_packet_new(oi->ifp->mtu);
3827
3828 /* Prepare OSPF common header. */
3829 ospf_make_header(OSPF_MSG_DB_DESC, oi, op->s);
3830
3831 /* Prepare OSPF Database Description body. */
3832 length += ospf_make_db_desc(oi, nbr, op->s);
3833
3834 /* Fill OSPF header. */
3835 ospf_fill_header(oi, op->s, length);
3836
3837 /* Set packet length. */
3838 op->length = length;
3839
3840 /* Decide destination address. */
3841 if (oi->type == OSPF_IFTYPE_POINTOPOINT)
3842 op->dst.s_addr = htonl(OSPF_ALLSPFROUTERS);
3843 else
3844 op->dst = nbr->address.u.prefix4;
3845
3846 /* Add packet to the interface output queue. */
3847 ospf_packet_add(oi, op);
3848
3849 /* Hook thread to write packet. */
3850 OSPF_ISM_WRITE_ON(oi->ospf);
3851
3852 /* Remove old DD packet, then copy new one and keep in neighbor
3853 * structure. */
3854 if (nbr->last_send)
3855 ospf_packet_free(nbr->last_send);
3856 nbr->last_send = ospf_packet_dup(op);
3857 monotime(&nbr->last_send_ts);
3858 if (CHECK_FLAG(oi->ospf->config, OSPF_LOG_ADJACENCY_DETAIL))
3859 zlog_info(
3860 "%s:Packet[DD]: %pI4 DB Desc send with seqnum:%x , flags:%x",
3861 ospf_get_name(oi->ospf), &nbr->router_id,
3862 nbr->dd_seqnum, nbr->dd_flags);
3863 }
3864
3865 /* Re-send Database Description. */
3866 void ospf_db_desc_resend(struct ospf_neighbor *nbr)
3867 {
3868 struct ospf_interface *oi;
3869
3870 oi = nbr->oi;
3871
3872 /* Add packet to the interface output queue. */
3873 ospf_packet_add(oi, ospf_packet_dup(nbr->last_send));
3874
3875 /* Hook thread to write packet. */
3876 OSPF_ISM_WRITE_ON(oi->ospf);
3877 if (CHECK_FLAG(oi->ospf->config, OSPF_LOG_ADJACENCY_DETAIL))
3878 zlog_info(
3879 "%s:Packet[DD]: %pI4 DB Desc resend with seqnum:%x , flags:%x",
3880 ospf_get_name(oi->ospf), &nbr->router_id,
3881 nbr->dd_seqnum, nbr->dd_flags);
3882 }
3883
3884 /* Send Link State Request. */
3885 void ospf_ls_req_send(struct ospf_neighbor *nbr)
3886 {
3887 struct ospf_interface *oi;
3888 struct ospf_packet *op;
3889 uint16_t length = OSPF_HEADER_SIZE;
3890
3891 oi = nbr->oi;
3892 op = ospf_packet_new(oi->ifp->mtu);
3893
3894 /* Prepare OSPF common header. */
3895 ospf_make_header(OSPF_MSG_LS_REQ, oi, op->s);
3896
3897 /* Prepare OSPF Link State Request body. */
3898 length += ospf_make_ls_req(nbr, op->s);
3899 if (length == OSPF_HEADER_SIZE) {
3900 ospf_packet_free(op);
3901 return;
3902 }
3903
3904 /* Fill OSPF header. */
3905 ospf_fill_header(oi, op->s, length);
3906
3907 /* Set packet length. */
3908 op->length = length;
3909
3910 /* Decide destination address. */
3911 if (oi->type == OSPF_IFTYPE_POINTOPOINT)
3912 op->dst.s_addr = htonl(OSPF_ALLSPFROUTERS);
3913 else
3914 op->dst = nbr->address.u.prefix4;
3915
3916 /* Add packet to the interface output queue. */
3917 ospf_packet_add(oi, op);
3918
3919 /* Hook thread to write packet. */
3920 OSPF_ISM_WRITE_ON(oi->ospf);
3921
3922 /* Add Link State Request Retransmission Timer. */
3923 OSPF_NSM_TIMER_ON(nbr->t_ls_req, ospf_ls_req_timer, nbr->v_ls_req);
3924 }
3925
3926 /* Send Link State Update with an LSA. */
3927 void ospf_ls_upd_send_lsa(struct ospf_neighbor *nbr, struct ospf_lsa *lsa,
3928 int flag)
3929 {
3930 struct list *update;
3931
3932 update = list_new();
3933
3934 listnode_add(update, lsa);
3935
3936 /*ospf instance is going down, send self originated
3937 * MAXAGE LSA update to neighbors to remove from LSDB */
3938 if (nbr->oi->ospf->inst_shutdown && IS_LSA_MAXAGE(lsa))
3939 ospf_ls_upd_send(nbr, update, flag, 1);
3940 else
3941 ospf_ls_upd_send(nbr, update, flag, 0);
3942
3943 list_delete(&update);
3944 }
3945
3946 /* Determine size for packet. Must be at least big enough to accommodate next
3947 * LSA on list, which may be bigger than MTU size.
3948 *
3949 * Return pointer to new ospf_packet
3950 * NULL if we can not allocate, eg because LSA is bigger than imposed limit
3951 * on packet sizes (in which case offending LSA is deleted from update list)
3952 */
3953 static struct ospf_packet *ospf_ls_upd_packet_new(struct list *update,
3954 struct ospf_interface *oi)
3955 {
3956 struct ospf_lsa *lsa;
3957 struct listnode *ln;
3958 size_t size;
3959 static char warned = 0;
3960
3961 lsa = listgetdata((ln = listhead(update)));
3962 assert(lsa->data);
3963
3964 if ((OSPF_LS_UPD_MIN_SIZE + ntohs(lsa->data->length))
3965 > ospf_packet_max(oi)) {
3966 if (!warned) {
3967 flog_warn(
3968 EC_OSPF_LARGE_LSA,
3969 "%s: oversized LSA encountered!will need to fragment. Not optimal. Try divide up your network with areas. Use 'debug ospf packet send' to see details, or look at 'show ip ospf database ..'",
3970 __func__);
3971 warned = 1;
3972 }
3973
3974 if (IS_DEBUG_OSPF_PACKET(0, SEND))
3975 zlog_debug(
3976 "%s: oversized LSA id:%pI4, %d bytes originated by %pI4, will be fragmented!",
3977 __func__, &lsa->data->id,
3978 ntohs(lsa->data->length),
3979 &lsa->data->adv_router);
3980
3981 /*
3982 * Allocate just enough to fit this LSA only, to avoid including
3983 * other
3984 * LSAs in fragmented LSA Updates.
3985 */
3986 size = ntohs(lsa->data->length)
3987 + (oi->ifp->mtu - ospf_packet_max(oi))
3988 + OSPF_LS_UPD_MIN_SIZE;
3989 } else
3990 size = oi->ifp->mtu;
3991
3992 if (size > OSPF_MAX_PACKET_SIZE) {
3993 flog_warn(
3994 EC_OSPF_LARGE_LSA,
3995 "%s: oversized LSA id:%pI4 too big, %d bytes, packet size %ld, dropping it completely. OSPF routing is broken!",
3996 __func__, &lsa->data->id, ntohs(lsa->data->length),
3997 (long int)size);
3998 list_delete_node(update, ln);
3999 return NULL;
4000 }
4001
4002 /* IP header is built up separately by ospf_write(). This means, that we
4003 * must
4004 * reduce the "affordable" size just calculated by length of an IP
4005 * header.
4006 * This makes sure, that even if we manage to fill the payload with LSA
4007 * data
4008 * completely, the final packet (our data plus IP header) still fits
4009 * into
4010 * outgoing interface MTU. This correction isn't really meaningful for
4011 * an
4012 * oversized LSA, but for consistency the correction is done for both
4013 * cases.
4014 *
4015 * P.S. OSPF_MAX_PACKET_SIZE above already includes IP header size
4016 */
4017 return ospf_packet_new(size - sizeof(struct ip));
4018 }
4019
4020 static void ospf_ls_upd_queue_send(struct ospf_interface *oi,
4021 struct list *update, struct in_addr addr,
4022 int send_lsupd_now)
4023 {
4024 struct ospf_packet *op;
4025 uint16_t length = OSPF_HEADER_SIZE;
4026
4027 if (IS_DEBUG_OSPF_EVENT)
4028 zlog_debug("listcount = %d, [%s]dst %pI4", listcount(update),
4029 IF_NAME(oi), &addr);
4030
4031 /* Check that we have really something to process */
4032 if (listcount(update) == 0)
4033 return;
4034
4035 op = ospf_ls_upd_packet_new(update, oi);
4036
4037 /* Prepare OSPF common header. */
4038 ospf_make_header(OSPF_MSG_LS_UPD, oi, op->s);
4039
4040 /* Prepare OSPF Link State Update body.
4041 * Includes Type-7 translation.
4042 */
4043 length += ospf_make_ls_upd(oi, update, op->s);
4044
4045 /* Fill OSPF header. */
4046 ospf_fill_header(oi, op->s, length);
4047
4048 /* Set packet length. */
4049 op->length = length;
4050
4051 /* Decide destination address. */
4052 if (oi->type == OSPF_IFTYPE_POINTOPOINT)
4053 op->dst.s_addr = htonl(OSPF_ALLSPFROUTERS);
4054 else
4055 op->dst.s_addr = addr.s_addr;
4056
4057 /* Add packet to the interface output queue. */
4058 ospf_packet_add(oi, op);
4059 /* Call ospf_write() right away to send ospf packets to neighbors */
4060 if (send_lsupd_now) {
4061 struct thread os_packet_thd;
4062
4063 os_packet_thd.arg = (void *)oi->ospf;
4064 if (oi->on_write_q == 0) {
4065 listnode_add(oi->ospf->oi_write_q, oi);
4066 oi->on_write_q = 1;
4067 }
4068 ospf_write(&os_packet_thd);
4069 /*
4070 * We are fake calling ospf_write with a fake
4071 * thread. Imagine that we have oi_a already
4072 * enqueued and we have turned on the write
4073 * thread(t_write).
4074 * Now this function calls this for oi_b
4075 * so the on_write_q has oi_a and oi_b on
4076 * it, ospf_write runs and clears the packets
4077 * for both oi_a and oi_b. Removing them from
4078 * the on_write_q. After this thread of execution
4079 * finishes we will execute the t_write thread
4080 * with nothing in the on_write_q causing an
4081 * assert. So just make sure that the t_write
4082 * is actually turned off.
4083 */
4084 if (list_isempty(oi->ospf->oi_write_q))
4085 THREAD_OFF(oi->ospf->t_write);
4086 } else {
4087 /* Hook thread to write packet. */
4088 OSPF_ISM_WRITE_ON(oi->ospf);
4089 }
4090 }
4091
4092 static void ospf_ls_upd_send_queue_event(struct thread *thread)
4093 {
4094 struct ospf_interface *oi = THREAD_ARG(thread);
4095 struct route_node *rn;
4096 struct route_node *rnext;
4097 struct list *update;
4098 char again = 0;
4099
4100 oi->t_ls_upd_event = NULL;
4101
4102 if (IS_DEBUG_OSPF_EVENT)
4103 zlog_debug("%s start", __func__);
4104
4105 for (rn = route_top(oi->ls_upd_queue); rn; rn = rnext) {
4106 rnext = route_next(rn);
4107
4108 if (rn->info == NULL)
4109 continue;
4110
4111 update = (struct list *)rn->info;
4112
4113 ospf_ls_upd_queue_send(oi, update, rn->p.u.prefix4, 0);
4114
4115 /* list might not be empty. */
4116 if (listcount(update) == 0) {
4117 list_delete((struct list **)&rn->info);
4118 route_unlock_node(rn);
4119 } else
4120 again = 1;
4121 }
4122
4123 if (again != 0) {
4124 if (IS_DEBUG_OSPF_EVENT)
4125 zlog_debug(
4126 "%s: update lists not cleared, %d nodes to try again, raising new event",
4127 __func__, again);
4128 oi->t_ls_upd_event = NULL;
4129 thread_add_event(master, ospf_ls_upd_send_queue_event, oi, 0,
4130 &oi->t_ls_upd_event);
4131 }
4132
4133 if (IS_DEBUG_OSPF_EVENT)
4134 zlog_debug("%s stop", __func__);
4135 }
4136
4137 void ospf_ls_upd_send(struct ospf_neighbor *nbr, struct list *update, int flag,
4138 int send_lsupd_now)
4139 {
4140 struct ospf_interface *oi;
4141 struct ospf_lsa *lsa;
4142 struct prefix_ipv4 p;
4143 struct route_node *rn;
4144 struct listnode *node;
4145
4146 oi = nbr->oi;
4147
4148 p.family = AF_INET;
4149 p.prefixlen = IPV4_MAX_BITLEN;
4150
4151 /* Decide destination address. */
4152 if (oi->type == OSPF_IFTYPE_VIRTUALLINK)
4153 p.prefix = oi->vl_data->peer_addr;
4154 else if (oi->type == OSPF_IFTYPE_POINTOPOINT)
4155 p.prefix.s_addr = htonl(OSPF_ALLSPFROUTERS);
4156 else if (flag == OSPF_SEND_PACKET_DIRECT)
4157 p.prefix = nbr->address.u.prefix4;
4158 else if (oi->state == ISM_DR || oi->state == ISM_Backup)
4159 p.prefix.s_addr = htonl(OSPF_ALLSPFROUTERS);
4160 else if (oi->type == OSPF_IFTYPE_POINTOMULTIPOINT)
4161 p.prefix.s_addr = htonl(OSPF_ALLSPFROUTERS);
4162 else
4163 p.prefix.s_addr = htonl(OSPF_ALLDROUTERS);
4164
4165 if (oi->type == OSPF_IFTYPE_NBMA) {
4166 if (flag == OSPF_SEND_PACKET_INDIRECT)
4167 flog_warn(
4168 EC_OSPF_PACKET,
4169 "* LS-Update is directly sent on NBMA network.");
4170 if (IPV4_ADDR_SAME(&oi->address->u.prefix4, &p.prefix))
4171 flog_warn(EC_OSPF_PACKET,
4172 "* LS-Update is sent to myself.");
4173 }
4174
4175 rn = route_node_get(oi->ls_upd_queue, (struct prefix *)&p);
4176
4177 if (rn->info == NULL)
4178 rn->info = list_new();
4179 else
4180 route_unlock_node(rn);
4181
4182 for (ALL_LIST_ELEMENTS_RO(update, node, lsa))
4183 listnode_add(rn->info,
4184 ospf_lsa_lock(lsa)); /* oi->ls_upd_queue */
4185 if (send_lsupd_now) {
4186 struct list *send_update_list;
4187 struct route_node *rnext;
4188
4189 for (rn = route_top(oi->ls_upd_queue); rn; rn = rnext) {
4190 rnext = route_next(rn);
4191
4192 if (rn->info == NULL)
4193 continue;
4194
4195 send_update_list = (struct list *)rn->info;
4196
4197 ospf_ls_upd_queue_send(oi, send_update_list,
4198 rn->p.u.prefix4, 1);
4199 }
4200 } else
4201 thread_add_event(master, ospf_ls_upd_send_queue_event, oi, 0,
4202 &oi->t_ls_upd_event);
4203 }
4204
4205 static void ospf_ls_ack_send_list(struct ospf_interface *oi, struct list *ack,
4206 struct in_addr dst)
4207 {
4208 struct ospf_packet *op;
4209 uint16_t length = OSPF_HEADER_SIZE;
4210
4211 op = ospf_packet_new(oi->ifp->mtu);
4212
4213 /* Prepare OSPF common header. */
4214 ospf_make_header(OSPF_MSG_LS_ACK, oi, op->s);
4215
4216 /* Prepare OSPF Link State Acknowledgment body. */
4217 length += ospf_make_ls_ack(oi, ack, op->s);
4218
4219 /* Fill OSPF header. */
4220 ospf_fill_header(oi, op->s, length);
4221
4222 /* Set packet length. */
4223 op->length = length;
4224
4225 /* Decide destination address. */
4226 if (oi->type == OSPF_IFTYPE_POINTOPOINT ||
4227 oi->type == OSPF_IFTYPE_POINTOMULTIPOINT)
4228 op->dst.s_addr = htonl(OSPF_ALLSPFROUTERS);
4229 else
4230 op->dst.s_addr = dst.s_addr;
4231
4232 /* Add packet to the interface output queue. */
4233 ospf_packet_add(oi, op);
4234
4235 /* Hook thread to write packet. */
4236 OSPF_ISM_WRITE_ON(oi->ospf);
4237 }
4238
4239 static void ospf_ls_ack_send_event(struct thread *thread)
4240 {
4241 struct ospf_interface *oi = THREAD_ARG(thread);
4242
4243 oi->t_ls_ack_direct = NULL;
4244
4245 while (listcount(oi->ls_ack_direct.ls_ack))
4246 ospf_ls_ack_send_list(oi, oi->ls_ack_direct.ls_ack,
4247 oi->ls_ack_direct.dst);
4248 }
4249
4250 void ospf_ls_ack_send(struct ospf_neighbor *nbr, struct ospf_lsa *lsa)
4251 {
4252 struct ospf_interface *oi = nbr->oi;
4253
4254 if (IS_GRACE_LSA(lsa)) {
4255 if (IS_DEBUG_OSPF_GR)
4256 zlog_debug("%s, Sending GRACE ACK to Restarter.",
4257 __func__);
4258 }
4259
4260 if (listcount(oi->ls_ack_direct.ls_ack) == 0)
4261 oi->ls_ack_direct.dst = nbr->address.u.prefix4;
4262
4263 listnode_add(oi->ls_ack_direct.ls_ack, ospf_lsa_lock(lsa));
4264
4265 thread_add_event(master, ospf_ls_ack_send_event, oi, 0,
4266 &oi->t_ls_ack_direct);
4267 }
4268
4269 /* Send Link State Acknowledgment delayed. */
4270 void ospf_ls_ack_send_delayed(struct ospf_interface *oi)
4271 {
4272 struct in_addr dst;
4273
4274 /* Decide destination address. */
4275 /* RFC2328 Section 13.5 On non-broadcast
4276 networks, delayed Link State Acknowledgment packets must be
4277 unicast separately over each adjacency (i.e., neighbor whose
4278 state is >= Exchange). */
4279 if (oi->type == OSPF_IFTYPE_NBMA) {
4280 struct ospf_neighbor *nbr;
4281 struct route_node *rn;
4282
4283 for (rn = route_top(oi->nbrs); rn; rn = route_next(rn)) {
4284 nbr = rn->info;
4285
4286 if (!nbr)
4287 continue;
4288
4289 if (nbr != oi->nbr_self && nbr->state >= NSM_Exchange)
4290 while (listcount(oi->ls_ack))
4291 ospf_ls_ack_send_list(
4292 oi, oi->ls_ack,
4293 nbr->address.u.prefix4);
4294 }
4295 return;
4296 }
4297 if (oi->type == OSPF_IFTYPE_VIRTUALLINK)
4298 dst.s_addr = oi->vl_data->peer_addr.s_addr;
4299 else if (oi->state == ISM_DR || oi->state == ISM_Backup)
4300 dst.s_addr = htonl(OSPF_ALLSPFROUTERS);
4301 else if (oi->type == OSPF_IFTYPE_POINTOPOINT)
4302 dst.s_addr = htonl(OSPF_ALLSPFROUTERS);
4303 else if (oi->type == OSPF_IFTYPE_POINTOMULTIPOINT)
4304 dst.s_addr = htonl(OSPF_ALLSPFROUTERS);
4305 else
4306 dst.s_addr = htonl(OSPF_ALLDROUTERS);
4307
4308 while (listcount(oi->ls_ack))
4309 ospf_ls_ack_send_list(oi, oi->ls_ack, dst);
4310 }
4311
4312 /*
4313 * On pt-to-pt links, all OSPF control packets are sent to the multicast
4314 * address. As a result, the kernel does not need to learn the interface
4315 * MAC of the OSPF neighbor. However, in our world, this will delay
4316 * convergence. Take the case when due to a link flap, all routes now
4317 * want to use an interface which was deemed to be costlier prior to this
4318 * event. For routes that will be installed, the missing MAC will have
4319 * punt-to-CPU set on them. This may overload the CPU control path that
4320 * can be avoided if the MAC was known apriori.
4321 */
4322 void ospf_proactively_arp(struct ospf_neighbor *nbr)
4323 {
4324 if (!nbr || !nbr->oi->ospf->proactive_arp)
4325 return;
4326
4327 ospf_zebra_send_arp(nbr->oi->ifp, &nbr->address);
4328 }
FRRouting mirror