]> git.proxmox.com Git - mirror_frr.git/blob - ospfd/ospf_packet.c
projects / mirror_frr.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge pull request #13649 from donaldsharp/unlock_the_node_or_else
[mirror_frr.git] / ospfd / ospf_packet.c
1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3 * OSPF Sending and Receiving OSPF Packets.
4 * Copyright (C) 1999, 2000 Toshiaki Takada
5 */
6
7 #include <zebra.h>
8
9 #include "monotime.h"
10 #include "frrevent.h"
11 #include "memory.h"
12 #include "linklist.h"
13 #include "prefix.h"
14 #include "if.h"
15 #include "table.h"
16 #include "sockunion.h"
17 #include "stream.h"
18 #include "log.h"
19 #include "sockopt.h"
20 #include "checksum.h"
21 #ifdef CRYPTO_INTERNAL
22 #include "md5.h"
23 #endif
24 #include "vrf.h"
25 #include "lib_errors.h"
26
27 #include "ospfd/ospfd.h"
28 #include "ospfd/ospf_network.h"
29 #include "ospfd/ospf_interface.h"
30 #include "ospfd/ospf_ism.h"
31 #include "ospfd/ospf_abr.h"
32 #include "ospfd/ospf_asbr.h"
33 #include "ospfd/ospf_lsa.h"
34 #include "ospfd/ospf_lsdb.h"
35 #include "ospfd/ospf_neighbor.h"
36 #include "ospfd/ospf_nsm.h"
37 #include "ospfd/ospf_packet.h"
38 #include "ospfd/ospf_spf.h"
39 #include "ospfd/ospf_flood.h"
40 #include "ospfd/ospf_dump.h"
41 #include "ospfd/ospf_errors.h"
42 #include "ospfd/ospf_zebra.h"
43 #include "ospfd/ospf_gr.h"
44
45 /*
46 * OSPF Fragmentation / fragmented writes
47 *
48 * ospfd can support writing fragmented packets, for cases where
49 * kernel will not fragment IP_HDRINCL and/or multicast destined
50 * packets (ie TTBOMK all kernels, BSD, SunOS, Linux). However,
51 * SunOS, probably BSD too, clobber the user supplied IP ID and IP
52 * flags fields, hence user-space fragmentation will not work.
53 * Only Linux is known to leave IP header unmolested.
54 * Further, fragmentation really should be done the kernel, which already
55 * supports it, and which avoids nasty IP ID state problems.
56 *
57 * Fragmentation of OSPF packets can be required on networks with router
58 * with many many interfaces active in one area, or on networks with links
59 * with low MTUs.
60 */
61 #ifdef GNU_LINUX
62 #define WANT_OSPF_WRITE_FRAGMENT
63 #endif
64
65 /* Packet Type String. */
66 const struct message ospf_packet_type_str[] = {
67 {OSPF_MSG_HELLO, "Hello"},
68 {OSPF_MSG_DB_DESC, "Database Description"},
69 {OSPF_MSG_LS_REQ, "Link State Request"},
70 {OSPF_MSG_LS_UPD, "Link State Update"},
71 {OSPF_MSG_LS_ACK, "Link State Acknowledgment"},
72 {0}};
73
74 /* Minimum (besides OSPF_HEADER_SIZE) lengths for OSPF packets of
75 particular types, offset is the "type" field of a packet. */
76 static const uint16_t ospf_packet_minlen[] = {
77 0,
78 OSPF_HELLO_MIN_SIZE,
79 OSPF_DB_DESC_MIN_SIZE,
80 OSPF_LS_REQ_MIN_SIZE,
81 OSPF_LS_UPD_MIN_SIZE,
82 OSPF_LS_ACK_MIN_SIZE,
83 };
84
85 /* Minimum (besides OSPF_LSA_HEADER_SIZE) lengths for LSAs of particular
86 types, offset is the "LSA type" field. */
87 static const uint16_t ospf_lsa_minlen[] = {
88 0, /* OSPF_UNKNOWN_LSA */
89 OSPF_ROUTER_LSA_MIN_SIZE, /* OSPF_ROUTER_LSA */
90 OSPF_NETWORK_LSA_MIN_SIZE, /* OSPF_NETWORK_LSA */
91 OSPF_SUMMARY_LSA_MIN_SIZE, /* OSPF_SUMMARY_LSA */
92 OSPF_SUMMARY_LSA_MIN_SIZE, /* OSPF_ASBR_SUMMARY_LSA */
93 OSPF_AS_EXTERNAL_LSA_MIN_SIZE, /* OSPF_AS_EXTERNAL_LSA */
94 0, /* Unsupported, OSPF_GROUP_MEMBER_LSA */
95 OSPF_AS_EXTERNAL_LSA_MIN_SIZE, /* OSPF_AS_NSSA_LSA */
96 0, /* Unsupported, OSPF_EXTERNAL_ATTRIBURES_LSA */
97 OSPF_OPAQUE_LSA_MIN_SIZE, /* OSPF_OPAQUE_LINK_LSA */
98 OSPF_OPAQUE_LSA_MIN_SIZE, /* OSPF_OPAQUE_AREA_LSA */
99 OSPF_OPAQUE_LSA_MIN_SIZE, /* OSPF_OPAQUE_AS_LSA */
100 };
101
102 /* for ospf_check_auth() */
103 static int ospf_check_sum(struct ospf_header *);
104
105 /* OSPF authentication checking function */
106 static int ospf_auth_type(struct ospf_interface *oi)
107 {
108 int auth_type;
109
110 if (OSPF_IF_PARAM(oi, auth_type) == OSPF_AUTH_NOTSET)
111 auth_type = oi->area->auth_type;
112 else
113 auth_type = OSPF_IF_PARAM(oi, auth_type);
114
115 /* Handle case where MD5 key list is not configured aka Cisco */
116 if (auth_type == OSPF_AUTH_CRYPTOGRAPHIC
117 && list_isempty(OSPF_IF_PARAM(oi, auth_crypt)))
118 return OSPF_AUTH_NULL;
119
120 return auth_type;
121 }
122
123 static struct ospf_packet *ospf_packet_new(size_t size)
124 {
125 struct ospf_packet *new;
126
127 new = XCALLOC(MTYPE_OSPF_PACKET, sizeof(struct ospf_packet));
128 new->s = stream_new(size);
129
130 return new;
131 }
132
133 void ospf_packet_free(struct ospf_packet *op)
134 {
135 if (op->s)
136 stream_free(op->s);
137
138 XFREE(MTYPE_OSPF_PACKET, op);
139 }
140
141 struct ospf_fifo *ospf_fifo_new(void)
142 {
143 struct ospf_fifo *new;
144
145 new = XCALLOC(MTYPE_OSPF_FIFO, sizeof(struct ospf_fifo));
146 return new;
147 }
148
149 /* Add new packet to fifo. */
150 void ospf_fifo_push(struct ospf_fifo *fifo, struct ospf_packet *op)
151 {
152 if (fifo->tail)
153 fifo->tail->next = op;
154 else
155 fifo->head = op;
156
157 fifo->tail = op;
158
159 fifo->count++;
160 }
161
162 /* Add new packet to head of fifo. */
163 static void ospf_fifo_push_head(struct ospf_fifo *fifo, struct ospf_packet *op)
164 {
165 op->next = fifo->head;
166
167 if (fifo->tail == NULL)
168 fifo->tail = op;
169
170 fifo->head = op;
171
172 fifo->count++;
173 }
174
175 /* Delete first packet from fifo. */
176 struct ospf_packet *ospf_fifo_pop(struct ospf_fifo *fifo)
177 {
178 struct ospf_packet *op;
179
180 op = fifo->head;
181
182 if (op) {
183 fifo->head = op->next;
184
185 if (fifo->head == NULL)
186 fifo->tail = NULL;
187
188 fifo->count--;
189 }
190
191 return op;
192 }
193
194 /* Return first fifo entry. */
195 struct ospf_packet *ospf_fifo_head(struct ospf_fifo *fifo)
196 {
197 return fifo->head;
198 }
199
200 /* Flush ospf packet fifo. */
201 void ospf_fifo_flush(struct ospf_fifo *fifo)
202 {
203 struct ospf_packet *op;
204 struct ospf_packet *next;
205
206 for (op = fifo->head; op; op = next) {
207 next = op->next;
208 ospf_packet_free(op);
209 }
210 fifo->head = fifo->tail = NULL;
211 fifo->count = 0;
212 }
213
214 /* Free ospf packet fifo. */
215 void ospf_fifo_free(struct ospf_fifo *fifo)
216 {
217 ospf_fifo_flush(fifo);
218
219 XFREE(MTYPE_OSPF_FIFO, fifo);
220 }
221
222 static void ospf_packet_add(struct ospf_interface *oi, struct ospf_packet *op)
223 {
224 /* Add packet to end of queue. */
225 ospf_fifo_push(oi->obuf, op);
226
227 /* Debug of packet fifo*/
228 /* ospf_fifo_debug (oi->obuf); */
229 }
230
231 static void ospf_packet_add_top(struct ospf_interface *oi,
232 struct ospf_packet *op)
233 {
234 /* Add packet to head of queue. */
235 ospf_fifo_push_head(oi->obuf, op);
236
237 /* Debug of packet fifo*/
238 /* ospf_fifo_debug (oi->obuf); */
239 }
240
241 static void ospf_packet_delete(struct ospf_interface *oi)
242 {
243 struct ospf_packet *op;
244
245 op = ospf_fifo_pop(oi->obuf);
246
247 if (op)
248 ospf_packet_free(op);
249 }
250
251 static struct ospf_packet *ospf_packet_dup(struct ospf_packet *op)
252 {
253 struct ospf_packet *new;
254
255 if (stream_get_endp(op->s) != op->length)
256 /* XXX size_t */
257 zlog_debug(
258 "ospf_packet_dup stream %lu ospf_packet %u size mismatch",
259 (unsigned long)STREAM_SIZE(op->s), op->length);
260
261 /* Reserve space for MD5 authentication that may be added later. */
262 new = ospf_packet_new(stream_get_endp(op->s) + OSPF_AUTH_MD5_SIZE);
263 stream_copy(new->s, op->s);
264
265 new->dst = op->dst;
266 new->length = op->length;
267
268 return new;
269 }
270
271 /* XXX inline */
272 static unsigned int ospf_packet_authspace(struct ospf_interface *oi)
273 {
274 int auth = 0;
275
276 if (ospf_auth_type(oi) == OSPF_AUTH_CRYPTOGRAPHIC)
277 auth = OSPF_AUTH_MD5_SIZE;
278
279 return auth;
280 }
281
282 static unsigned int ospf_packet_max(struct ospf_interface *oi)
283 {
284 int max;
285
286 max = oi->ifp->mtu - ospf_packet_authspace(oi);
287
288 max -= (OSPF_HEADER_SIZE + sizeof(struct ip));
289
290 return max;
291 }
292
293
294 static int ospf_check_md5_digest(struct ospf_interface *oi,
295 struct ospf_header *ospfh)
296 {
297 #ifdef CRYPTO_OPENSSL
298 EVP_MD_CTX *ctx;
299 #elif CRYPTO_INTERNAL
300 MD5_CTX ctx;
301 #endif
302 unsigned char digest[OSPF_AUTH_MD5_SIZE];
303 struct crypt_key *ck;
304 struct ospf_neighbor *nbr;
305 uint16_t length = ntohs(ospfh->length);
306
307 /* Get secret key. */
308 ck = ospf_crypt_key_lookup(OSPF_IF_PARAM(oi, auth_crypt),
309 ospfh->u.crypt.key_id);
310 if (ck == NULL) {
311 flog_warn(
312 EC_OSPF_MD5,
313 "interface %s: ospf_check_md5 no key %d, Router-ID: %pI4",
314 IF_NAME(oi), ospfh->u.crypt.key_id, &ospfh->router_id);
315 return 0;
316 }
317
318 /* check crypto seqnum. */
319 nbr = ospf_nbr_lookup_by_routerid(oi->nbrs, &ospfh->router_id);
320
321 if (nbr
322 && ntohl(nbr->crypt_seqnum) > ntohl(ospfh->u.crypt.crypt_seqnum)) {
323 flog_warn(
324 EC_OSPF_MD5,
325 "interface %s: ospf_check_md5 bad sequence %d (expect %d), Router-ID: %pI4",
326 IF_NAME(oi), ntohl(ospfh->u.crypt.crypt_seqnum),
327 ntohl(nbr->crypt_seqnum), &ospfh->router_id);
328 return 0;
329 }
330
331 /* Generate a digest for the ospf packet - their digest + our digest. */
332 #ifdef CRYPTO_OPENSSL
333 unsigned int md5_size = OSPF_AUTH_MD5_SIZE;
334 ctx = EVP_MD_CTX_new();
335 EVP_DigestInit(ctx, EVP_md5());
336 EVP_DigestUpdate(ctx, ospfh, length);
337 EVP_DigestUpdate(ctx, ck->auth_key, OSPF_AUTH_MD5_SIZE);
338 EVP_DigestFinal(ctx, digest, &md5_size);
339 EVP_MD_CTX_free(ctx);
340 #elif CRYPTO_INTERNAL
341 memset(&ctx, 0, sizeof(ctx));
342 MD5Init(&ctx);
343 MD5Update(&ctx, ospfh, length);
344 MD5Update(&ctx, ck->auth_key, OSPF_AUTH_MD5_SIZE);
345 MD5Final(digest, &ctx);
346 #endif
347
348 /* compare the two */
349 if (memcmp((caddr_t)ospfh + length, digest, OSPF_AUTH_MD5_SIZE)) {
350 flog_warn(
351 EC_OSPF_MD5,
352 "interface %s: ospf_check_md5 checksum mismatch, Router-ID: %pI4",
353 IF_NAME(oi), &ospfh->router_id);
354 return 0;
355 }
356
357 /* save neighbor's crypt_seqnum */
358 if (nbr)
359 nbr->crypt_seqnum = ospfh->u.crypt.crypt_seqnum;
360 return 1;
361 }
362
363 /* This function is called from ospf_write(), it will detect the
364 authentication scheme and if it is MD5, it will change the sequence
365 and update the MD5 digest. */
366 static int ospf_make_md5_digest(struct ospf_interface *oi,
367 struct ospf_packet *op)
368 {
369 struct ospf_header *ospfh;
370 unsigned char digest[OSPF_AUTH_MD5_SIZE] = {0};
371 #ifdef CRYPTO_OPENSSL
372 EVP_MD_CTX *ctx;
373 #elif CRYPTO_INTERNAL
374 MD5_CTX ctx;
375 #endif
376 void *ibuf;
377 uint32_t t;
378 struct crypt_key *ck;
379 const uint8_t *auth_key;
380
381 ibuf = STREAM_DATA(op->s);
382 ospfh = (struct ospf_header *)ibuf;
383
384 if (ntohs(ospfh->auth_type) != OSPF_AUTH_CRYPTOGRAPHIC)
385 return 0;
386
387 /* We do this here so when we dup a packet, we don't have to
388 waste CPU rewriting other headers.
389
390 Note that frr_time /deliberately/ is not used here */
391 t = (time(NULL) & 0xFFFFFFFF);
392 if (t > oi->crypt_seqnum)
393 oi->crypt_seqnum = t;
394 else
395 oi->crypt_seqnum++;
396
397 ospfh->u.crypt.crypt_seqnum = htonl(oi->crypt_seqnum);
398
399 /* Get MD5 Authentication key from auth_key list. */
400 if (list_isempty(OSPF_IF_PARAM(oi, auth_crypt)))
401 auth_key = (const uint8_t *)digest;
402 else {
403 ck = listgetdata(listtail(OSPF_IF_PARAM(oi, auth_crypt)));
404 auth_key = ck->auth_key;
405 }
406
407 /* Generate a digest for the entire packet + our secret key. */
408 #ifdef CRYPTO_OPENSSL
409 unsigned int md5_size = OSPF_AUTH_MD5_SIZE;
410 ctx = EVP_MD_CTX_new();
411 EVP_DigestInit(ctx, EVP_md5());
412 EVP_DigestUpdate(ctx, ibuf, ntohs(ospfh->length));
413 EVP_DigestUpdate(ctx, auth_key, OSPF_AUTH_MD5_SIZE);
414 EVP_DigestFinal(ctx, digest, &md5_size);
415 EVP_MD_CTX_free(ctx);
416 #elif CRYPTO_INTERNAL
417 memset(&ctx, 0, sizeof(ctx));
418 MD5Init(&ctx);
419 MD5Update(&ctx, ibuf, ntohs(ospfh->length));
420 MD5Update(&ctx, auth_key, OSPF_AUTH_MD5_SIZE);
421 MD5Final(digest, &ctx);
422 #endif
423
424 /* Append md5 digest to the end of the stream. */
425 stream_put(op->s, digest, OSPF_AUTH_MD5_SIZE);
426
427 /* We do *NOT* increment the OSPF header length. */
428 op->length = ntohs(ospfh->length) + OSPF_AUTH_MD5_SIZE;
429
430 if (stream_get_endp(op->s) != op->length)
431 /* XXX size_t */
432 flog_warn(
433 EC_OSPF_MD5,
434 "%s: length mismatch stream %lu ospf_packet %u, Router-ID %pI4",
435 __func__, (unsigned long)stream_get_endp(op->s),
436 op->length, &ospfh->router_id);
437
438 return OSPF_AUTH_MD5_SIZE;
439 }
440
441
442 static void ospf_ls_req_timer(struct event *thread)
443 {
444 struct ospf_neighbor *nbr;
445
446 nbr = EVENT_ARG(thread);
447 nbr->t_ls_req = NULL;
448
449 /* Send Link State Request. */
450 if (ospf_ls_request_count(nbr))
451 ospf_ls_req_send(nbr);
452
453 /* Set Link State Request retransmission timer. */
454 OSPF_NSM_TIMER_ON(nbr->t_ls_req, ospf_ls_req_timer, nbr->v_ls_req);
455 }
456
457 void ospf_ls_req_event(struct ospf_neighbor *nbr)
458 {
459 EVENT_OFF(nbr->t_ls_req);
460 event_add_event(master, ospf_ls_req_timer, nbr, 0, &nbr->t_ls_req);
461 }
462
463 /* Cyclic timer function. Fist registered in ospf_nbr_new () in
464 ospf_neighbor.c */
465 void ospf_ls_upd_timer(struct event *thread)
466 {
467 struct ospf_neighbor *nbr;
468
469 nbr = EVENT_ARG(thread);
470 nbr->t_ls_upd = NULL;
471
472 /* Send Link State Update. */
473 if (ospf_ls_retransmit_count(nbr) > 0) {
474 struct list *update;
475 struct ospf_lsdb *lsdb;
476 int i;
477 int retransmit_interval;
478
479 retransmit_interval =
480 OSPF_IF_PARAM(nbr->oi, retransmit_interval);
481
482 lsdb = &nbr->ls_rxmt;
483 update = list_new();
484
485 for (i = OSPF_MIN_LSA; i < OSPF_MAX_LSA; i++) {
486 struct route_table *table = lsdb->type[i].db;
487 struct route_node *rn;
488
489 for (rn = route_top(table); rn; rn = route_next(rn)) {
490 struct ospf_lsa *lsa;
491
492 if ((lsa = rn->info) != NULL) {
493 /* Don't retransmit an LSA if we
494 received it within
495 the last RxmtInterval seconds - this
496 is to allow the
497 neighbour a chance to acknowledge the
498 LSA as it may
499 have ben just received before the
500 retransmit timer
501 fired. This is a small tweak to what
502 is in the RFC,
503 but it will cut out out a lot of
504 retransmit traffic
505 - MAG */
506 if (monotime_since(&lsa->tv_recv, NULL)
507 >= retransmit_interval * 1000000LL)
508 listnode_add(update, rn->info);
509 }
510 }
511 }
512
513 if (listcount(update) > 0)
514 ospf_ls_upd_send(nbr, update, OSPF_SEND_PACKET_DIRECT,
515 0);
516 list_delete(&update);
517 }
518
519 /* Set LS Update retransmission timer. */
520 OSPF_NSM_TIMER_ON(nbr->t_ls_upd, ospf_ls_upd_timer, nbr->v_ls_upd);
521 }
522
523 void ospf_ls_ack_timer(struct event *thread)
524 {
525 struct ospf_interface *oi;
526
527 oi = EVENT_ARG(thread);
528 oi->t_ls_ack = NULL;
529
530 /* Send Link State Acknowledgment. */
531 if (listcount(oi->ls_ack) > 0)
532 ospf_ls_ack_send_delayed(oi);
533
534 /* Set LS Ack timer. */
535 OSPF_ISM_TIMER_ON(oi->t_ls_ack, ospf_ls_ack_timer, oi->v_ls_ack);
536 }
537
538 #ifdef WANT_OSPF_WRITE_FRAGMENT
539 static void ospf_write_frags(int fd, struct ospf_packet *op, struct ip *iph,
540 struct msghdr *msg, unsigned int maxdatasize,
541 unsigned int mtu, int flags, uint8_t type)
542 {
543 #define OSPF_WRITE_FRAG_SHIFT 3
544 uint16_t offset;
545 struct iovec *iovp;
546 int ret;
547
548 assert(op->length == stream_get_endp(op->s));
549 assert(msg->msg_iovlen == 2);
550
551 /* we can but try.
552 *
553 * SunOS, BSD and BSD derived kernels likely will clear ip_id, as
554 * well as the IP_MF flag, making this all quite pointless.
555 *
556 * However, for a system on which IP_MF is left alone, and ip_id left
557 * alone or else which sets same ip_id for each fragment this might
558 * work, eg linux.
559 *
560 * XXX-TODO: It would be much nicer to have the kernel's use their
561 * existing fragmentation support to do this for us. Bugs/RFEs need to
562 * be raised against the various kernels.
563 */
564
565 /* set More Frag */
566 iph->ip_off |= IP_MF;
567
568 /* ip frag offset is expressed in units of 8byte words */
569 offset = maxdatasize >> OSPF_WRITE_FRAG_SHIFT;
570
571 iovp = &msg->msg_iov[1];
572
573 while ((stream_get_endp(op->s) - stream_get_getp(op->s))
574 > maxdatasize) {
575 /* data length of this frag is to next offset value */
576 iovp->iov_len = offset << OSPF_WRITE_FRAG_SHIFT;
577 iph->ip_len = iovp->iov_len + sizeof(struct ip);
578 assert(iph->ip_len <= mtu);
579
580 sockopt_iphdrincl_swab_htosys(iph);
581
582 ret = sendmsg(fd, msg, flags);
583
584 sockopt_iphdrincl_swab_systoh(iph);
585
586 if (ret < 0)
587 flog_err(
588 EC_LIB_SOCKET,
589 "*** %s: sendmsg failed to %pI4, id %d, off %d, len %d, mtu %u failed with %s",
590 __func__, &iph->ip_dst, iph->ip_id, iph->ip_off,
591 iph->ip_len, mtu, safe_strerror(errno));
592
593 if (IS_DEBUG_OSPF_PACKET(type - 1, SEND)) {
594 zlog_debug("%s: sent id %d, off %d, len %d to %pI4",
595 __func__, iph->ip_id, iph->ip_off,
596 iph->ip_len, &iph->ip_dst);
597 }
598
599 iph->ip_off += offset;
600 stream_forward_getp(op->s, iovp->iov_len);
601 iovp->iov_base = stream_pnt(op->s);
602 }
603
604 /* setup for final fragment */
605 iovp->iov_len = stream_get_endp(op->s) - stream_get_getp(op->s);
606 iph->ip_len = iovp->iov_len + sizeof(struct ip);
607 iph->ip_off &= (~IP_MF);
608 }
609 #endif /* WANT_OSPF_WRITE_FRAGMENT */
610
611 static void ospf_write(struct event *thread)
612 {
613 struct ospf *ospf = EVENT_ARG(thread);
614 struct ospf_interface *oi;
615 struct ospf_packet *op;
616 struct sockaddr_in sa_dst;
617 struct ip iph;
618 struct msghdr msg;
619 struct iovec iov[2];
620 uint8_t type;
621 int ret, fd;
622 int flags = 0;
623 struct listnode *node;
624 #ifdef WANT_OSPF_WRITE_FRAGMENT
625 static uint16_t ipid = 0;
626 uint16_t maxdatasize;
627 #endif /* WANT_OSPF_WRITE_FRAGMENT */
628 #define OSPF_WRITE_IPHL_SHIFT 2
629 int pkt_count = 0;
630
631 #ifdef GNU_LINUX
632 unsigned char cmsgbuf[64] = {};
633 struct cmsghdr *cm = (struct cmsghdr *)cmsgbuf;
634 struct in_pktinfo *pi;
635 #endif
636 fd = ospf->fd;
637
638 if (fd < 0 || ospf->oi_running == 0) {
639 if (IS_DEBUG_OSPF_EVENT)
640 zlog_debug("%s failed to send, fd %d, instance %u",
641 __func__, fd, ospf->oi_running);
642 return;
643 }
644
645 node = listhead(ospf->oi_write_q);
646 assert(node);
647 oi = listgetdata(node);
648
649 #ifdef WANT_OSPF_WRITE_FRAGMENT
650 /* seed ipid static with low order bits of time */
651 if (ipid == 0)
652 ipid = (time(NULL) & 0xffff);
653 #endif /* WANT_OSPF_WRITE_FRAGMENT */
654
655 while ((pkt_count < ospf->write_oi_count) && oi) {
656 pkt_count++;
657 #ifdef WANT_OSPF_WRITE_FRAGMENT
658 /* convenience - max OSPF data per packet */
659 maxdatasize = oi->ifp->mtu - sizeof(struct ip);
660 #endif /* WANT_OSPF_WRITE_FRAGMENT */
661
662 /* Reset socket fd to use. */
663 fd = ospf->fd;
664
665 /* Check for per-interface socket */
666 if (ospf->intf_socket_enabled &&
667 (IF_OSPF_IF_INFO(oi->ifp))->oii_fd > 0)
668 fd = (IF_OSPF_IF_INFO(oi->ifp))->oii_fd;
669
670 /* Get one packet from queue. */
671 op = ospf_fifo_head(oi->obuf);
672 assert(op);
673 assert(op->length >= OSPF_HEADER_SIZE);
674
675 if (op->dst.s_addr == htonl(OSPF_ALLSPFROUTERS)
676 || op->dst.s_addr == htonl(OSPF_ALLDROUTERS))
677 ospf_if_ipmulticast(fd, oi->address, oi->ifp->ifindex);
678
679 /* Rewrite the md5 signature & update the seq */
680 ospf_make_md5_digest(oi, op);
681
682 /* Retrieve OSPF packet type. */
683 stream_set_getp(op->s, 1);
684 type = stream_getc(op->s);
685
686 /* reset get pointer */
687 stream_set_getp(op->s, 0);
688
689 memset(&iph, 0, sizeof(iph));
690 memset(&sa_dst, 0, sizeof(sa_dst));
691
692 sa_dst.sin_family = AF_INET;
693 #ifdef HAVE_STRUCT_SOCKADDR_IN_SIN_LEN
694 sa_dst.sin_len = sizeof(sa_dst);
695 #endif /* HAVE_STRUCT_SOCKADDR_IN_SIN_LEN */
696 sa_dst.sin_addr = op->dst;
697 sa_dst.sin_port = htons(0);
698
699 /* Set DONTROUTE flag if dst is unicast. */
700 if (oi->type != OSPF_IFTYPE_VIRTUALLINK)
701 if (!IN_MULTICAST(htonl(op->dst.s_addr)))
702 flags = MSG_DONTROUTE;
703
704 iph.ip_hl = sizeof(struct ip) >> OSPF_WRITE_IPHL_SHIFT;
705 /* it'd be very strange for header to not be 4byte-word aligned
706 * but.. */
707 if (sizeof(struct ip)
708 > (unsigned int)(iph.ip_hl << OSPF_WRITE_IPHL_SHIFT))
709 iph.ip_hl++; /* we presume sizeof(struct ip) cant
710 overflow ip_hl.. */
711
712 iph.ip_v = IPVERSION;
713 iph.ip_tos = IPTOS_PREC_INTERNETCONTROL;
714 iph.ip_len = (iph.ip_hl << OSPF_WRITE_IPHL_SHIFT) + op->length;
715
716 #if defined(__DragonFly__)
717 /*
718 * DragonFly's raw socket expects ip_len/ip_off in network byte
719 * order.
720 */
721 iph.ip_len = htons(iph.ip_len);
722 #endif
723
724 #ifdef WANT_OSPF_WRITE_FRAGMENT
725 /* XXX-MT: not thread-safe at all..
726 * XXX: this presumes this is only programme sending OSPF
727 * packets
728 * otherwise, no guarantee ipid will be unique
729 */
730 iph.ip_id = ++ipid;
731 #endif /* WANT_OSPF_WRITE_FRAGMENT */
732
733 iph.ip_off = 0;
734 if (oi->type == OSPF_IFTYPE_VIRTUALLINK)
735 iph.ip_ttl = OSPF_VL_IP_TTL;
736 else
737 iph.ip_ttl = OSPF_IP_TTL;
738 iph.ip_p = IPPROTO_OSPFIGP;
739 iph.ip_sum = 0;
740 iph.ip_src.s_addr = oi->address->u.prefix4.s_addr;
741 iph.ip_dst.s_addr = op->dst.s_addr;
742
743 memset(&msg, 0, sizeof(msg));
744 msg.msg_name = (caddr_t)&sa_dst;
745 msg.msg_namelen = sizeof(sa_dst);
746 msg.msg_iov = iov;
747 msg.msg_iovlen = 2;
748
749 iov[0].iov_base = (char *)&iph;
750 iov[0].iov_len = iph.ip_hl << OSPF_WRITE_IPHL_SHIFT;
751 iov[1].iov_base = stream_pnt(op->s);
752 iov[1].iov_len = op->length;
753
754 #ifdef GNU_LINUX
755 msg.msg_control = (caddr_t)cm;
756 cm->cmsg_level = SOL_IP;
757 cm->cmsg_type = IP_PKTINFO;
758 cm->cmsg_len = CMSG_LEN(sizeof(struct in_pktinfo));
759 pi = (struct in_pktinfo *)CMSG_DATA(cm);
760 pi->ipi_ifindex = oi->ifp->ifindex;
761
762 msg.msg_controllen = cm->cmsg_len;
763 #endif
764
765 /* Sadly we can not rely on kernels to fragment packets
766 * because of either IP_HDRINCL and/or multicast
767 * destination being set.
768 */
769
770 #ifdef WANT_OSPF_WRITE_FRAGMENT
771 if (op->length > maxdatasize)
772 ospf_write_frags(fd, op, &iph, &msg, maxdatasize,
773 oi->ifp->mtu, flags, type);
774 #endif /* WANT_OSPF_WRITE_FRAGMENT */
775
776 /* send final fragment (could be first) */
777 sockopt_iphdrincl_swab_htosys(&iph);
778 ret = sendmsg(fd, &msg, flags);
779 sockopt_iphdrincl_swab_systoh(&iph);
780 if (IS_DEBUG_OSPF_EVENT)
781 zlog_debug(
782 "%s to %pI4, id %d, off %d, len %d, interface %s, mtu %u:",
783 __func__, &iph.ip_dst, iph.ip_id, iph.ip_off,
784 iph.ip_len, oi->ifp->name, oi->ifp->mtu);
785
786 /* sendmsg will return EPERM if firewall is blocking sending.
787 * This is a normal situation when 'ip nhrp map multicast xxx'
788 * is being used to send multicast packets to DMVPN peers. In
789 * that case the original message is blocked with iptables rule
790 * causing the EPERM result
791 */
792 if (ret < 0 && errno != EPERM)
793 flog_err(
794 EC_LIB_SOCKET,
795 "*** sendmsg in %s failed to %pI4, id %d, off %d, len %d, interface %s, mtu %u: %s",
796 __func__, &iph.ip_dst, iph.ip_id, iph.ip_off,
797 iph.ip_len, oi->ifp->name, oi->ifp->mtu,
798 safe_strerror(errno));
799
800 /* Show debug sending packet. */
801 if (IS_DEBUG_OSPF_PACKET(type - 1, SEND)) {
802 if (IS_DEBUG_OSPF_PACKET(type - 1, DETAIL)) {
803 zlog_debug(
804 "-----------------------------------------------------");
805 stream_set_getp(op->s, 0);
806 ospf_packet_dump(op->s);
807 }
808
809 zlog_debug("%s sent to [%pI4] via [%s].",
810 lookup_msg(ospf_packet_type_str, type, NULL),
811 &op->dst, IF_NAME(oi));
812
813 if (IS_DEBUG_OSPF_PACKET(type - 1, DETAIL))
814 zlog_debug(
815 "-----------------------------------------------------");
816 }
817
818 switch (type) {
819 case OSPF_MSG_HELLO:
820 oi->hello_out++;
821 break;
822 case OSPF_MSG_DB_DESC:
823 oi->db_desc_out++;
824 break;
825 case OSPF_MSG_LS_REQ:
826 oi->ls_req_out++;
827 break;
828 case OSPF_MSG_LS_UPD:
829 oi->ls_upd_out++;
830 break;
831 case OSPF_MSG_LS_ACK:
832 oi->ls_ack_out++;
833 break;
834 default:
835 break;
836 }
837
838 /* Now delete packet from queue. */
839 ospf_packet_delete(oi);
840
841 /* Move this interface to the tail of write_q to
842 serve everyone in a round robin fashion */
843 list_delete_node(ospf->oi_write_q, node);
844 if (ospf_fifo_head(oi->obuf) == NULL) {
845 oi->on_write_q = 0;
846 oi = NULL;
847 } else
848 listnode_add(ospf->oi_write_q, oi);
849
850 /* Setup to service from the head of the queue again */
851 if (!list_isempty(ospf->oi_write_q)) {
852 node = listhead(ospf->oi_write_q);
853 oi = listgetdata(node);
854 }
855 }
856
857 /* If packets still remain in queue, call write thread. */
858 if (!list_isempty(ospf->oi_write_q))
859 event_add_write(master, ospf_write, ospf, ospf->fd,
860 &ospf->t_write);
861 }
862
863 /* OSPF Hello message read -- RFC2328 Section 10.5. */
864 static void ospf_hello(struct ip *iph, struct ospf_header *ospfh,
865 struct stream *s, struct ospf_interface *oi, int size)
866 {
867 struct ospf_hello *hello;
868 struct ospf_neighbor *nbr;
869 int old_state;
870 struct prefix p;
871
872 /* increment statistics. */
873 oi->hello_in++;
874
875 hello = (struct ospf_hello *)stream_pnt(s);
876
877 /* If Hello is myself, silently discard. */
878 if (IPV4_ADDR_SAME(&ospfh->router_id, &oi->ospf->router_id)) {
879 if (IS_DEBUG_OSPF_PACKET(ospfh->type - 1, RECV)) {
880 zlog_debug(
881 "ospf_header[%s/%pI4]: selforiginated, dropping.",
882 lookup_msg(ospf_packet_type_str, ospfh->type,
883 NULL),
884 &iph->ip_src);
885 }
886 return;
887 }
888
889 /* get neighbor prefix. */
890 p.family = AF_INET;
891 p.prefixlen = ip_masklen(hello->network_mask);
892 p.u.prefix4 = iph->ip_src;
893
894 /* Compare network mask. */
895 /* Checking is ignored for Point-to-Point and Virtual link. */
896 /* Checking is also ignored for Point-to-Multipoint with /32 prefix */
897 if (oi->type != OSPF_IFTYPE_POINTOPOINT
898 && oi->type != OSPF_IFTYPE_VIRTUALLINK
899 && !(oi->type == OSPF_IFTYPE_POINTOMULTIPOINT
900 && oi->address->prefixlen == IPV4_MAX_BITLEN))
901 if (oi->address->prefixlen != p.prefixlen) {
902 flog_warn(
903 EC_OSPF_PACKET,
904 "Packet %pI4 [Hello:RECV]: NetworkMask mismatch on %s (configured prefix length is %d, but hello packet indicates %d).",
905 &ospfh->router_id, IF_NAME(oi),
906 (int)oi->address->prefixlen, (int)p.prefixlen);
907 return;
908 }
909
910 /* Compare Router Dead Interval. */
911 if (OSPF_IF_PARAM(oi, v_wait) != ntohl(hello->dead_interval)) {
912 flog_warn(
913 EC_OSPF_PACKET,
914 "Packet %pI4 [Hello:RECV]: RouterDeadInterval mismatch on %s (expected %u, but received %u).",
915 &ospfh->router_id, IF_NAME(oi),
916 OSPF_IF_PARAM(oi, v_wait), ntohl(hello->dead_interval));
917 return;
918 }
919
920 /* Compare Hello Interval - ignored if fast-hellos are set. */
921 if (OSPF_IF_PARAM(oi, fast_hello) == 0) {
922 if (OSPF_IF_PARAM(oi, v_hello)
923 != ntohs(hello->hello_interval)) {
924 flog_warn(
925 EC_OSPF_PACKET,
926 "Packet %pI4 [Hello:RECV]: HelloInterval mismatch on %s (expected %u, but received %u).",
927 &ospfh->router_id, IF_NAME(oi),
928 OSPF_IF_PARAM(oi, v_hello),
929 ntohs(hello->hello_interval));
930 return;
931 }
932 }
933
934 if (IS_DEBUG_OSPF_EVENT)
935 zlog_debug("Packet %pI4 [Hello:RECV]: Options on %s %s vrf %s",
936 &ospfh->router_id, IF_NAME(oi),
937 ospf_options_dump(hello->options),
938 ospf_vrf_id_to_name(oi->ospf->vrf_id));
939
940 /* Compare options. */
941 #define REJECT_IF_TBIT_ON 1 /* XXX */
942 #ifdef REJECT_IF_TBIT_ON
943 if (CHECK_FLAG(hello->options, OSPF_OPTION_MT)) {
944 /*
945 * This router does not support non-zero TOS.
946 * Drop this Hello packet not to establish neighbor
947 * relationship.
948 */
949 flog_warn(EC_OSPF_PACKET,
950 "Packet %pI4 [Hello:RECV]: T-bit ON on %s, drop it.",
951 &ospfh->router_id, IF_NAME(oi));
952 return;
953 }
954 #endif /* REJECT_IF_TBIT_ON */
955
956 if (CHECK_FLAG(oi->ospf->config, OSPF_OPAQUE_CAPABLE)
957 && CHECK_FLAG(hello->options, OSPF_OPTION_O)) {
958 /*
959 * This router does know the correct usage of O-bit
960 * the bit should be set in DD packet only.
961 */
962 flog_warn(EC_OSPF_PACKET,
963 "Packet %pI4 [Hello:RECV]: O-bit abuse? on %s",
964 &ospfh->router_id, IF_NAME(oi));
965 #ifdef STRICT_OBIT_USAGE_CHECK
966 return; /* Reject this packet. */
967 #else /* STRICT_OBIT_USAGE_CHECK */
968 UNSET_FLAG(hello->options, OSPF_OPTION_O); /* Ignore O-bit. */
969 #endif /* STRICT_OBIT_USAGE_CHECK */
970 }
971
972 /* new for NSSA is to ensure that NP is on and E is off */
973
974 if (oi->area->external_routing == OSPF_AREA_NSSA) {
975 if (!(CHECK_FLAG(OPTIONS(oi), OSPF_OPTION_NP)
976 && CHECK_FLAG(hello->options, OSPF_OPTION_NP)
977 && !CHECK_FLAG(OPTIONS(oi), OSPF_OPTION_E)
978 && !CHECK_FLAG(hello->options, OSPF_OPTION_E))) {
979 flog_warn(
980 EC_OSPF_PACKET,
981 "NSSA-Packet-%pI4[Hello:RECV]: my options: %x, his options %x",
982 &ospfh->router_id, OPTIONS(oi),
983 hello->options);
984 return;
985 }
986 if (IS_DEBUG_OSPF_NSSA)
987 zlog_debug("NSSA-Hello:RECV:Packet from %pI4:",
988 &ospfh->router_id);
989 } else
990 /* The setting of the E-bit found in the Hello Packet's Options
991 field must match this area's ExternalRoutingCapability A
992 mismatch causes processing to stop and the packet to be
993 dropped. The setting of the rest of the bits in the Hello
994 Packet's Options field should be ignored. */
995 if (CHECK_FLAG(OPTIONS(oi), OSPF_OPTION_E)
996 != CHECK_FLAG(hello->options, OSPF_OPTION_E)) {
997 flog_warn(
998 EC_OSPF_PACKET,
999 "Packet %pI4 [Hello:RECV]: my options: %x, his options %x",
1000 &ospfh->router_id, OPTIONS(oi),
1001 hello->options);
1002 return;
1003 }
1004
1005 /* get neighbour struct */
1006 nbr = ospf_nbr_get(oi, ospfh, iph, &p);
1007
1008 /* neighbour must be valid, ospf_nbr_get creates if none existed */
1009 assert(nbr);
1010
1011 old_state = nbr->state;
1012
1013 /* Add event to thread. */
1014 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_HelloReceived);
1015
1016 /* RFC2328 Section 9.5.1
1017 If the router is not eligible to become Designated Router,
1018 (snip) It must also send an Hello Packet in reply to an
1019 Hello Packet received from any eligible neighbor (other than
1020 the current Designated Router and Backup Designated Router). */
1021 if (oi->type == OSPF_IFTYPE_NBMA)
1022 if (PRIORITY(oi) == 0 && hello->priority > 0
1023 && IPV4_ADDR_CMP(&DR(oi), &iph->ip_src)
1024 && IPV4_ADDR_CMP(&BDR(oi), &iph->ip_src))
1025 OSPF_NSM_TIMER_ON(nbr->t_hello_reply,
1026 ospf_hello_reply_timer,
1027 OSPF_HELLO_REPLY_DELAY);
1028
1029 /* on NBMA network type, it happens to receive bidirectional Hello
1030 packet
1031 without advance 1-Way Received event.
1032 To avoid incorrect DR-seletion, raise 1-Way Received event.*/
1033 if (oi->type == OSPF_IFTYPE_NBMA
1034 && (old_state == NSM_Down || old_state == NSM_Attempt)) {
1035 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_OneWayReceived);
1036 nbr->priority = hello->priority;
1037 nbr->d_router = hello->d_router;
1038 nbr->bd_router = hello->bd_router;
1039 return;
1040 }
1041
1042 if (ospf_nbr_bidirectional(&oi->ospf->router_id, hello->neighbors,
1043 size - OSPF_HELLO_MIN_SIZE)) {
1044 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_TwoWayReceived);
1045 nbr->options |= hello->options;
1046 } else {
1047 /* If the router is DR_OTHER, RESTARTER will not wait
1048 * until it receives the hello from it if it receives
1049 * from DR and BDR.
1050 * So, helper might receives ONW_WAY hello from
1051 * RESTARTER. So not allowing to change the state if it
1052 * receives one_way hellow when it acts as HELPER for
1053 * that specific neighbor.
1054 */
1055 if (!OSPF_GR_IS_ACTIVE_HELPER(nbr))
1056 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_OneWayReceived);
1057 /* Set neighbor information. */
1058 nbr->priority = hello->priority;
1059 nbr->d_router = hello->d_router;
1060 nbr->bd_router = hello->bd_router;
1061 return;
1062 }
1063
1064 if (OSPF_GR_IS_ACTIVE_HELPER(nbr)) {
1065 /* As per the GR Conformance Test Case 7.2. Section 3
1066 * "Also, if X was the Designated Router on network segment S
1067 * when the helping relationship began, Y maintains X as the
1068 * Designated Router until the helping relationship is
1069 * terminated."
1070 * When I am helper for this neighbor, I should not trigger the
1071 * ISM Events. Also Intentionally not setting the priority and
1072 * other fields so that when the neighbor exits the Grace
1073 * period, it can handle if there is any change before GR and
1074 * after GR. */
1075 if (IS_DEBUG_OSPF_GR)
1076 zlog_debug(
1077 "%s, Neighbor is under GR Restart, hence ignoring the ISM Events",
1078 __PRETTY_FUNCTION__);
1079 } else {
1080 /* If neighbor itself declares DR and no BDR exists,
1081 cause event BackupSeen */
1082 if (IPV4_ADDR_SAME(&nbr->address.u.prefix4, &hello->d_router))
1083 if (hello->bd_router.s_addr == INADDR_ANY
1084 && oi->state == ISM_Waiting)
1085 OSPF_ISM_EVENT_SCHEDULE(oi, ISM_BackupSeen);
1086
1087 /* neighbor itself declares BDR. */
1088 if (oi->state == ISM_Waiting
1089 && IPV4_ADDR_SAME(&nbr->address.u.prefix4,
1090 &hello->bd_router))
1091 OSPF_ISM_EVENT_SCHEDULE(oi, ISM_BackupSeen);
1092
1093 /* had not previously. */
1094 if ((IPV4_ADDR_SAME(&nbr->address.u.prefix4, &hello->d_router)
1095 && IPV4_ADDR_CMP(&nbr->address.u.prefix4, &nbr->d_router))
1096 || (IPV4_ADDR_CMP(&nbr->address.u.prefix4, &hello->d_router)
1097 && IPV4_ADDR_SAME(&nbr->address.u.prefix4,
1098 &nbr->d_router)))
1099 OSPF_ISM_EVENT_SCHEDULE(oi, ISM_NeighborChange);
1100
1101 /* had not previously. */
1102 if ((IPV4_ADDR_SAME(&nbr->address.u.prefix4, &hello->bd_router)
1103 && IPV4_ADDR_CMP(&nbr->address.u.prefix4, &nbr->bd_router))
1104 || (IPV4_ADDR_CMP(&nbr->address.u.prefix4,
1105 &hello->bd_router)
1106 && IPV4_ADDR_SAME(&nbr->address.u.prefix4,
1107 &nbr->bd_router)))
1108 OSPF_ISM_EVENT_SCHEDULE(oi, ISM_NeighborChange);
1109
1110 /* Neighbor priority check. */
1111 if (nbr->priority >= 0 && nbr->priority != hello->priority)
1112 OSPF_ISM_EVENT_SCHEDULE(oi, ISM_NeighborChange);
1113 }
1114
1115 /* Set neighbor information. */
1116 nbr->priority = hello->priority;
1117 nbr->d_router = hello->d_router;
1118 nbr->bd_router = hello->bd_router;
1119
1120 /*
1121 * RFC 3623 - Section 2:
1122 * "If the restarting router determines that it was the Designated
1123 * Router on a given segment prior to the restart, it elects
1124 * itself as the Designated Router again. The restarting router
1125 * knows that it was the Designated Router if, while the
1126 * associated interface is in Waiting state, a Hello packet is
1127 * received from a neighbor listing the router as the Designated
1128 * Router".
1129 */
1130 if (oi->area->ospf->gr_info.restart_in_progress
1131 && oi->state == ISM_Waiting
1132 && IPV4_ADDR_SAME(&hello->d_router, &oi->address->u.prefix4))
1133 DR(oi) = hello->d_router;
1134 }
1135
1136 /* Save DD flags/options/Seqnum received. */
1137 static void ospf_db_desc_save_current(struct ospf_neighbor *nbr,
1138 struct ospf_db_desc *dd)
1139 {
1140 nbr->last_recv.flags = dd->flags;
1141 nbr->last_recv.options = dd->options;
1142 nbr->last_recv.dd_seqnum = ntohl(dd->dd_seqnum);
1143 }
1144
1145 /* Process rest of DD packet. */
1146 static void ospf_db_desc_proc(struct stream *s, struct ospf_interface *oi,
1147 struct ospf_neighbor *nbr,
1148 struct ospf_db_desc *dd, uint16_t size)
1149 {
1150 struct ospf_lsa *new, *find;
1151 struct lsa_header *lsah;
1152
1153 stream_forward_getp(s, OSPF_DB_DESC_MIN_SIZE);
1154 for (size -= OSPF_DB_DESC_MIN_SIZE; size >= OSPF_LSA_HEADER_SIZE;
1155 size -= OSPF_LSA_HEADER_SIZE) {
1156 lsah = (struct lsa_header *)stream_pnt(s);
1157 stream_forward_getp(s, OSPF_LSA_HEADER_SIZE);
1158
1159 /* Unknown LS type. */
1160 if (lsah->type < OSPF_MIN_LSA || lsah->type >= OSPF_MAX_LSA) {
1161 flog_warn(EC_OSPF_PACKET,
1162 "Packet [DD:RECV]: Unknown LS type %d.",
1163 lsah->type);
1164 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_SeqNumberMismatch);
1165 return;
1166 }
1167
1168 if (IS_OPAQUE_LSA(lsah->type)
1169 && !CHECK_FLAG(nbr->options, OSPF_OPTION_O)) {
1170 flog_warn(EC_OSPF_PACKET,
1171 "LSA[Type%d:%pI4] from %pI4: Opaque capability mismatch?",
1172 lsah->type, &lsah->id, &lsah->adv_router);
1173 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_SeqNumberMismatch);
1174 return;
1175 }
1176
1177 switch (lsah->type) {
1178 case OSPF_AS_EXTERNAL_LSA:
1179 case OSPF_OPAQUE_AS_LSA:
1180 /* Check for stub area. Reject if AS-External from stub
1181 but
1182 allow if from NSSA. */
1183 if (oi->area->external_routing == OSPF_AREA_STUB) {
1184 flog_warn(
1185 EC_OSPF_PACKET,
1186 "Packet [DD:RECV]: LSA[Type%d:%pI4] from %s area.",
1187 lsah->type, &lsah->id,
1188 (oi->area->external_routing
1189 == OSPF_AREA_STUB)
1190 ? "STUB"
1191 : "NSSA");
1192 OSPF_NSM_EVENT_SCHEDULE(nbr,
1193 NSM_SeqNumberMismatch);
1194 return;
1195 }
1196 break;
1197 default:
1198 break;
1199 }
1200
1201 /* Create LS-request object. */
1202 new = ospf_ls_request_new(lsah);
1203
1204 /* Lookup received LSA, then add LS request list. */
1205 find = ospf_lsa_lookup_by_header(oi->area, lsah);
1206
1207 /* ospf_lsa_more_recent is fine with NULL pointers */
1208 switch (ospf_lsa_more_recent(find, new)) {
1209 case -1:
1210 /* Neighbour has a more recent LSA, we must request it
1211 */
1212 ospf_ls_request_add(nbr, new);
1213 /* fallthru */
1214 case 0:
1215 /* If we have a copy of this LSA, it's either less
1216 * recent
1217 * and we're requesting it from neighbour (the case
1218 * above), or
1219 * it's as recent and we both have same copy (this
1220 * case).
1221 *
1222 * In neither of these two cases is there any point in
1223 * describing our copy of the LSA to the neighbour in a
1224 * DB-Summary packet, if we're still intending to do so.
1225 *
1226 * See: draft-ogier-ospf-dbex-opt-00.txt, describing the
1227 * backward compatible optimisation to OSPF DB Exchange
1228 * /
1229 * DB Description process implemented here.
1230 */
1231 if (find)
1232 ospf_lsdb_delete(&nbr->db_sum, find);
1233 ospf_lsa_discard(new);
1234 break;
1235 default:
1236 /* We have the more recent copy, nothing specific to do:
1237 * - no need to request neighbours stale copy
1238 * - must leave DB summary list copy alone
1239 */
1240 if (IS_DEBUG_OSPF_EVENT)
1241 zlog_debug(
1242 "Packet [DD:RECV]: LSA received Type %d, ID %pI4 is not recent.",
1243 lsah->type, &lsah->id);
1244 ospf_lsa_discard(new);
1245 }
1246 }
1247
1248 /* Master */
1249 if (IS_SET_DD_MS(nbr->dd_flags)) {
1250 nbr->dd_seqnum++;
1251
1252 /* Both sides have no More, then we're done with Exchange */
1253 if (!IS_SET_DD_M(dd->flags) && !IS_SET_DD_M(nbr->dd_flags))
1254 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_ExchangeDone);
1255 else
1256 ospf_db_desc_send(nbr);
1257 }
1258 /* Slave */
1259 else {
1260 nbr->dd_seqnum = ntohl(dd->dd_seqnum);
1261
1262 /* Send DD packet in reply.
1263 *
1264 * Must be done to acknowledge the Master's DD, regardless of
1265 * whether we have more LSAs ourselves to describe.
1266 *
1267 * This function will clear the 'More' bit, if after this DD
1268 * we have no more LSAs to describe to the master..
1269 */
1270 ospf_db_desc_send(nbr);
1271
1272 /* Slave can raise ExchangeDone now, if master is also done */
1273 if (!IS_SET_DD_M(dd->flags) && !IS_SET_DD_M(nbr->dd_flags))
1274 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_ExchangeDone);
1275 }
1276
1277 /* Save received neighbor values from DD. */
1278 ospf_db_desc_save_current(nbr, dd);
1279
1280 if (!nbr->t_ls_req)
1281 ospf_ls_req_send(nbr);
1282 }
1283
1284 static int ospf_db_desc_is_dup(struct ospf_db_desc *dd,
1285 struct ospf_neighbor *nbr)
1286 {
1287 /* Is DD duplicated? */
1288 if (dd->options == nbr->last_recv.options
1289 && dd->flags == nbr->last_recv.flags
1290 && dd->dd_seqnum == htonl(nbr->last_recv.dd_seqnum))
1291 return 1;
1292
1293 return 0;
1294 }
1295
1296 /* OSPF Database Description message read -- RFC2328 Section 10.6. */
1297 static void ospf_db_desc(struct ip *iph, struct ospf_header *ospfh,
1298 struct stream *s, struct ospf_interface *oi,
1299 uint16_t size)
1300 {
1301 struct ospf_db_desc *dd;
1302 struct ospf_neighbor *nbr;
1303
1304 /* Increment statistics. */
1305 oi->db_desc_in++;
1306
1307 dd = (struct ospf_db_desc *)stream_pnt(s);
1308
1309 nbr = ospf_nbr_lookup(oi, iph, ospfh);
1310 if (nbr == NULL) {
1311 flog_warn(EC_OSPF_PACKET, "Packet[DD]: Unknown Neighbor %pI4",
1312 &ospfh->router_id);
1313 return;
1314 }
1315
1316 /* Check MTU. */
1317 if ((OSPF_IF_PARAM(oi, mtu_ignore) == 0)
1318 && (ntohs(dd->mtu) > oi->ifp->mtu)) {
1319 flog_warn(
1320 EC_OSPF_PACKET,
1321 "Packet[DD]: Neighbor %pI4 MTU %u is larger than [%s]'s MTU %u",
1322 &nbr->router_id, ntohs(dd->mtu), IF_NAME(oi),
1323 oi->ifp->mtu);
1324 return;
1325 }
1326
1327 /*
1328 * XXX HACK by Hasso Tepper. Setting N/P bit in NSSA area DD packets is
1329 * not
1330 * required. In fact at least JunOS sends DD packets with P bit clear.
1331 * Until proper solution is developped, this hack should help.
1332 *
1333 * Update: According to the RFCs, N bit is specified /only/ for Hello
1334 * options, unfortunately its use in DD options is not specified. Hence
1335 * some
1336 * implementations follow E-bit semantics and set it in DD options, and
1337 * some
1338 * treat it as unspecified and hence follow the directive "default for
1339 * options is clear", ie unset.
1340 *
1341 * Reset the flag, as ospfd follows E-bit semantics.
1342 */
1343 if ((oi->area->external_routing == OSPF_AREA_NSSA)
1344 && (CHECK_FLAG(nbr->options, OSPF_OPTION_NP))
1345 && (!CHECK_FLAG(dd->options, OSPF_OPTION_NP))) {
1346 if (IS_DEBUG_OSPF_EVENT)
1347 zlog_debug(
1348 "Packet[DD]: Neighbour %pI4: Has NSSA capability, sends with N bit clear in DD options",
1349 &nbr->router_id);
1350 SET_FLAG(dd->options, OSPF_OPTION_NP);
1351 }
1352
1353 #ifdef REJECT_IF_TBIT_ON
1354 if (CHECK_FLAG(dd->options, OSPF_OPTION_MT)) {
1355 /*
1356 * In Hello protocol, optional capability must have checked
1357 * to prevent this T-bit enabled router be my neighbor.
1358 */
1359 flog_warn(EC_OSPF_PACKET, "Packet[DD]: Neighbor %pI4: T-bit on?",
1360 &nbr->router_id);
1361 return;
1362 }
1363 #endif /* REJECT_IF_TBIT_ON */
1364
1365 if (CHECK_FLAG(dd->options, OSPF_OPTION_O)
1366 && !CHECK_FLAG(oi->ospf->config, OSPF_OPAQUE_CAPABLE)) {
1367 /*
1368 * This node is not configured to handle O-bit, for now.
1369 * Clear it to ignore unsupported capability proposed by
1370 * neighbor.
1371 */
1372 UNSET_FLAG(dd->options, OSPF_OPTION_O);
1373 }
1374
1375 if (CHECK_FLAG(oi->ospf->config, OSPF_LOG_ADJACENCY_DETAIL))
1376 zlog_info(
1377 "%s:Packet[DD]: Neighbor %pI4 state is %s, seq_num:0x%x, local:0x%x",
1378 ospf_get_name(oi->ospf), &nbr->router_id,
1379 lookup_msg(ospf_nsm_state_msg, nbr->state, NULL),
1380 ntohl(dd->dd_seqnum), nbr->dd_seqnum);
1381
1382 /* Process DD packet by neighbor status. */
1383 switch (nbr->state) {
1384 case NSM_Down:
1385 case NSM_Attempt:
1386 case NSM_TwoWay:
1387 if (CHECK_FLAG(oi->ospf->config, OSPF_LOG_ADJACENCY_DETAIL))
1388 zlog_info(
1389 "Packet[DD]: Neighbor %pI4 state is %s, packet discarded.",
1390 &nbr->router_id,
1391 lookup_msg(ospf_nsm_state_msg, nbr->state,
1392 NULL));
1393 break;
1394 case NSM_Init:
1395 OSPF_NSM_EVENT_EXECUTE(nbr, NSM_TwoWayReceived);
1396 /* If the new state is ExStart, the processing of the current
1397 packet should then continue in this new state by falling
1398 through to case ExStart below. */
1399 if (nbr->state != NSM_ExStart)
1400 break;
1401 /* fallthru */
1402 case NSM_ExStart:
1403 /* Initial DBD */
1404 if ((IS_SET_DD_ALL(dd->flags) == OSPF_DD_FLAG_ALL)
1405 && (size == OSPF_DB_DESC_MIN_SIZE)) {
1406 if (IPV4_ADDR_CMP(&nbr->router_id, &oi->ospf->router_id)
1407 > 0) {
1408 /* We're Slave---obey */
1409 if (CHECK_FLAG(oi->ospf->config,
1410 OSPF_LOG_ADJACENCY_DETAIL))
1411 zlog_info(
1412 "Packet[DD]: Neighbor %pI4 Negotiation done (Slave).",
1413 &nbr->router_id);
1414
1415 nbr->dd_seqnum = ntohl(dd->dd_seqnum);
1416
1417 /* Reset I/MS */
1418 UNSET_FLAG(nbr->dd_flags,
1419 (OSPF_DD_FLAG_MS | OSPF_DD_FLAG_I));
1420 } else {
1421 /* We're Master, ignore the initial DBD from
1422 * Slave */
1423 if (CHECK_FLAG(oi->ospf->config,
1424 OSPF_LOG_ADJACENCY_DETAIL))
1425 zlog_info(
1426 "Packet[DD]: Neighbor %pI4: Initial DBD from Slave, ignoring.",
1427 &nbr->router_id);
1428 break;
1429 }
1430 }
1431 /* Ack from the Slave */
1432 else if (!IS_SET_DD_MS(dd->flags) && !IS_SET_DD_I(dd->flags)
1433 && ntohl(dd->dd_seqnum) == nbr->dd_seqnum
1434 && IPV4_ADDR_CMP(&nbr->router_id, &oi->ospf->router_id)
1435 < 0) {
1436 zlog_info(
1437 "Packet[DD]: Neighbor %pI4 Negotiation done (Master).",
1438 &nbr->router_id);
1439 /* Reset I, leaving MS */
1440 UNSET_FLAG(nbr->dd_flags, OSPF_DD_FLAG_I);
1441 } else {
1442 flog_warn(EC_OSPF_PACKET,
1443 "Packet[DD]: Neighbor %pI4 Negotiation fails.",
1444 &nbr->router_id);
1445 break;
1446 }
1447
1448 /* This is where the real Options are saved */
1449 nbr->options = dd->options;
1450
1451 if (CHECK_FLAG(oi->ospf->config, OSPF_OPAQUE_CAPABLE)) {
1452 if (IS_DEBUG_OSPF_EVENT)
1453 zlog_debug(
1454 "Neighbor[%pI4] is %sOpaque-capable.",
1455 &nbr->router_id,
1456 CHECK_FLAG(nbr->options, OSPF_OPTION_O)
1457 ? ""
1458 : "NOT ");
1459
1460 if (!CHECK_FLAG(nbr->options, OSPF_OPTION_O)
1461 && IPV4_ADDR_SAME(&DR(oi),
1462 &nbr->address.u.prefix4)) {
1463 flog_warn(
1464 EC_OSPF_PACKET,
1465 "DR-neighbor[%pI4] is NOT opaque-capable; Opaque-LSAs cannot be reliably advertised in this network.",
1466 &nbr->router_id);
1467 /* This situation is undesirable, but not a real
1468 * error. */
1469 }
1470 }
1471
1472 OSPF_NSM_EVENT_EXECUTE(nbr, NSM_NegotiationDone);
1473
1474 /* continue processing rest of packet. */
1475 ospf_db_desc_proc(s, oi, nbr, dd, size);
1476 break;
1477 case NSM_Exchange:
1478 if (ospf_db_desc_is_dup(dd, nbr)) {
1479 if (IS_SET_DD_MS(nbr->dd_flags))
1480 /* Master: discard duplicated DD packet. */
1481 zlog_info(
1482 "Packet[DD] (Master): Neighbor %pI4 packet duplicated.",
1483 &nbr->router_id);
1484 else
1485 /* Slave: cause to retransmit the last Database
1486 Description. */
1487 {
1488 zlog_info(
1489 "Packet[DD] [Slave]: Neighbor %pI4 packet duplicated.",
1490 &nbr->router_id);
1491 ospf_db_desc_resend(nbr);
1492 }
1493 break;
1494 }
1495
1496 /* Otherwise DD packet should be checked. */
1497 /* Check Master/Slave bit mismatch */
1498 if (IS_SET_DD_MS(dd->flags)
1499 != IS_SET_DD_MS(nbr->last_recv.flags)) {
1500 flog_warn(EC_OSPF_PACKET,
1501 "Packet[DD]: Neighbor %pI4 MS-bit mismatch.",
1502 &nbr->router_id);
1503 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_SeqNumberMismatch);
1504 if (IS_DEBUG_OSPF_EVENT)
1505 zlog_debug(
1506 "Packet[DD]: dd->flags=%d, nbr->dd_flags=%d",
1507 dd->flags, nbr->dd_flags);
1508 break;
1509 }
1510
1511 /* Check initialize bit is set. */
1512 if (IS_SET_DD_I(dd->flags)) {
1513 zlog_info("Packet[DD]: Neighbor %pI4 I-bit set.",
1514 &nbr->router_id);
1515 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_SeqNumberMismatch);
1516 break;
1517 }
1518
1519 /* Check DD Options. */
1520 if (dd->options != nbr->options) {
1521 flog_warn(EC_OSPF_PACKET,
1522 "Packet[DD]: Neighbor %pI4 options mismatch.",
1523 &nbr->router_id);
1524 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_SeqNumberMismatch);
1525 break;
1526 }
1527
1528 /* Check DD sequence number. */
1529 if ((IS_SET_DD_MS(nbr->dd_flags)
1530 && ntohl(dd->dd_seqnum) != nbr->dd_seqnum)
1531 || (!IS_SET_DD_MS(nbr->dd_flags)
1532 && ntohl(dd->dd_seqnum) != nbr->dd_seqnum + 1)) {
1533 flog_warn(
1534 EC_OSPF_PACKET,
1535 "Packet[DD]: Neighbor %pI4 sequence number mismatch.",
1536 &nbr->router_id);
1537 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_SeqNumberMismatch);
1538 break;
1539 }
1540
1541 /* Continue processing rest of packet. */
1542 ospf_db_desc_proc(s, oi, nbr, dd, size);
1543 break;
1544 case NSM_Loading:
1545 case NSM_Full:
1546 if (ospf_db_desc_is_dup(dd, nbr)) {
1547 if (IS_SET_DD_MS(nbr->dd_flags)) {
1548 /* Master should discard duplicate DD packet. */
1549 zlog_info(
1550 "Packet[DD]: Neighbor %pI4 duplicated, packet discarded.",
1551 &nbr->router_id);
1552 break;
1553 } else {
1554 if (monotime_since(&nbr->last_send_ts, NULL)
1555 < nbr->v_inactivity * 1000000LL) {
1556 /* In states Loading and Full the slave
1557 must resend
1558 its last Database Description packet
1559 in response to
1560 duplicate Database Description
1561 packets received
1562 from the master. For this reason the
1563 slave must
1564 wait RouterDeadInterval seconds
1565 before freeing the
1566 last Database Description packet.
1567 Reception of a
1568 Database Description packet from the
1569 master after
1570 this interval will generate a
1571 SeqNumberMismatch
1572 neighbor event. RFC2328 Section 10.8
1573 */
1574 ospf_db_desc_resend(nbr);
1575 break;
1576 }
1577 }
1578 }
1579
1580 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_SeqNumberMismatch);
1581 break;
1582 default:
1583 flog_warn(EC_OSPF_PACKET,
1584 "Packet[DD]: Neighbor %pI4 NSM illegal status %u.",
1585 &nbr->router_id, nbr->state);
1586 break;
1587 }
1588 }
1589
1590 #define OSPF_LSA_KEY_SIZE 12 /* type(4) + id(4) + ar(4) */
1591
1592 /* OSPF Link State Request Read -- RFC2328 Section 10.7. */
1593 static void ospf_ls_req(struct ip *iph, struct ospf_header *ospfh,
1594 struct stream *s, struct ospf_interface *oi,
1595 uint16_t size)
1596 {
1597 struct ospf_neighbor *nbr;
1598 uint32_t ls_type;
1599 struct in_addr ls_id;
1600 struct in_addr adv_router;
1601 struct ospf_lsa *find;
1602 struct list *ls_upd;
1603 unsigned int length;
1604
1605 /* Increment statistics. */
1606 oi->ls_req_in++;
1607
1608 nbr = ospf_nbr_lookup(oi, iph, ospfh);
1609 if (nbr == NULL) {
1610 flog_warn(EC_OSPF_PACKET,
1611 "Link State Request: Unknown Neighbor %pI4",
1612 &ospfh->router_id);
1613 return;
1614 }
1615
1616 /* Neighbor State should be Exchange or later. */
1617 if (nbr->state != NSM_Exchange && nbr->state != NSM_Loading
1618 && nbr->state != NSM_Full) {
1619 flog_warn(
1620 EC_OSPF_PACKET,
1621 "Link State Request received from %pI4: Neighbor state is %s, packet discarded.",
1622 &ospfh->router_id,
1623 lookup_msg(ospf_nsm_state_msg, nbr->state, NULL));
1624 return;
1625 }
1626
1627 /* Send Link State Update for ALL requested LSAs. */
1628 ls_upd = list_new();
1629 length = OSPF_HEADER_SIZE + OSPF_LS_UPD_MIN_SIZE;
1630
1631 while (size >= OSPF_LSA_KEY_SIZE) {
1632 /* Get one slice of Link State Request. */
1633 ls_type = stream_getl(s);
1634 ls_id.s_addr = stream_get_ipv4(s);
1635 adv_router.s_addr = stream_get_ipv4(s);
1636
1637 /* Verify LSA type. */
1638 if (ls_type < OSPF_MIN_LSA || ls_type >= OSPF_MAX_LSA) {
1639 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_BadLSReq);
1640 list_delete(&ls_upd);
1641 return;
1642 }
1643
1644 /* Search proper LSA in LSDB. */
1645 find = ospf_lsa_lookup(oi->ospf, oi->area, ls_type, ls_id,
1646 adv_router);
1647 if (find == NULL) {
1648 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_BadLSReq);
1649 list_delete(&ls_upd);
1650 return;
1651 }
1652
1653 /* Packet overflows MTU size, send immediately. */
1654 if (length + ntohs(find->data->length) > ospf_packet_max(oi)) {
1655 if (oi->type == OSPF_IFTYPE_NBMA)
1656 ospf_ls_upd_send(nbr, ls_upd,
1657 OSPF_SEND_PACKET_DIRECT, 0);
1658 else
1659 ospf_ls_upd_send(nbr, ls_upd,
1660 OSPF_SEND_PACKET_INDIRECT, 0);
1661
1662 /* Only remove list contents. Keep ls_upd. */
1663 list_delete_all_node(ls_upd);
1664
1665 length = OSPF_HEADER_SIZE + OSPF_LS_UPD_MIN_SIZE;
1666 }
1667
1668 /* Append LSA to update list. */
1669 listnode_add(ls_upd, find);
1670 length += ntohs(find->data->length);
1671
1672 size -= OSPF_LSA_KEY_SIZE;
1673 }
1674
1675 /* Send rest of Link State Update. */
1676 if (listcount(ls_upd) > 0) {
1677 if (oi->type == OSPF_IFTYPE_NBMA)
1678 ospf_ls_upd_send(nbr, ls_upd, OSPF_SEND_PACKET_DIRECT,
1679 0);
1680 else
1681 ospf_ls_upd_send(nbr, ls_upd, OSPF_SEND_PACKET_INDIRECT,
1682 0);
1683
1684 list_delete(&ls_upd);
1685 } else
1686 list_delete(&ls_upd);
1687 }
1688
1689 /* Get the list of LSAs from Link State Update packet.
1690 And process some validation -- RFC2328 Section 13. (1)-(2). */
1691 static struct list *ospf_ls_upd_list_lsa(struct ospf_neighbor *nbr,
1692 struct stream *s,
1693 struct ospf_interface *oi, size_t size)
1694 {
1695 uint16_t count, sum;
1696 uint32_t length;
1697 struct lsa_header *lsah;
1698 struct ospf_lsa *lsa;
1699 struct list *lsas;
1700
1701 lsas = list_new();
1702
1703 count = stream_getl(s);
1704 size -= OSPF_LS_UPD_MIN_SIZE; /* # LSAs */
1705
1706 for (; size >= OSPF_LSA_HEADER_SIZE && count > 0;
1707 size -= length, stream_forward_getp(s, length), count--) {
1708 lsah = (struct lsa_header *)stream_pnt(s);
1709 length = ntohs(lsah->length);
1710
1711 if (length > size) {
1712 flog_warn(
1713 EC_OSPF_PACKET,
1714 "Link State Update: LSA length exceeds packet size.");
1715 break;
1716 }
1717
1718 if (length < OSPF_LSA_HEADER_SIZE) {
1719 flog_warn(EC_OSPF_PACKET,
1720 "Link State Update: LSA length too small.");
1721 break;
1722 }
1723
1724 /* Validate the LSA's LS checksum. */
1725 sum = lsah->checksum;
1726 if (!ospf_lsa_checksum_valid(lsah)) {
1727 /* (bug #685) more details in a one-line message make it
1728 * possible
1729 * to identify problem source on the one hand and to
1730 * have a better
1731 * chance to compress repeated messages in syslog on the
1732 * other */
1733 flog_warn(
1734 EC_OSPF_PACKET,
1735 "Link State Update: LSA checksum error %x/%x, ID=%pI4 from: nbr %pI4, router ID %pI4, adv router %pI4",
1736 sum, lsah->checksum, &lsah->id,
1737 &nbr->src, &nbr->router_id,
1738 &lsah->adv_router);
1739 continue;
1740 }
1741
1742 /* Examine the LSA's LS type. */
1743 if (lsah->type < OSPF_MIN_LSA || lsah->type >= OSPF_MAX_LSA) {
1744 flog_warn(EC_OSPF_PACKET,
1745 "Link State Update: Unknown LS type %d",
1746 lsah->type);
1747 continue;
1748 }
1749
1750 /*
1751 * What if the received LSA's age is greater than MaxAge?
1752 * Treat it as a MaxAge case -- endo.
1753 */
1754 if (ntohs(lsah->ls_age) > OSPF_LSA_MAXAGE)
1755 lsah->ls_age = htons(OSPF_LSA_MAXAGE);
1756
1757 if (CHECK_FLAG(nbr->options, OSPF_OPTION_O)) {
1758 #ifdef STRICT_OBIT_USAGE_CHECK
1759 if ((IS_OPAQUE_LSA(lsah->type)
1760 && !CHECK_FLAG(lsah->options, OSPF_OPTION_O))
1761 || (!IS_OPAQUE_LSA(lsah->type)
1762 && CHECK_FLAG(lsah->options, OSPF_OPTION_O))) {
1763 /*
1764 * This neighbor must know the exact usage of
1765 * O-bit;
1766 * the bit will be set in Type-9,10,11 LSAs
1767 * only.
1768 */
1769 flog_warn(EC_OSPF_PACKET,
1770 "LSA[Type%d:%pI4]: O-bit abuse?",
1771 lsah->type, &lsah->id);
1772 continue;
1773 }
1774 #endif /* STRICT_OBIT_USAGE_CHECK */
1775
1776 /* Do not take in AS External Opaque-LSAs if we are a
1777 * stub. */
1778 if (lsah->type == OSPF_OPAQUE_AS_LSA
1779 && nbr->oi->area->external_routing
1780 != OSPF_AREA_DEFAULT) {
1781 if (IS_DEBUG_OSPF_EVENT)
1782 zlog_debug(
1783 "LSA[Type%d:%pI4]: We are a stub, don't take this LSA.",
1784 lsah->type,
1785 &lsah->id);
1786 continue;
1787 }
1788 } else if (IS_OPAQUE_LSA(lsah->type)) {
1789 flog_warn(
1790 EC_OSPF_PACKET,
1791 "LSA[Type%d:%pI4] from %pI4: Opaque capability mismatch?",
1792 lsah->type, &lsah->id, &lsah->adv_router);
1793 continue;
1794 }
1795
1796 /* Create OSPF LSA instance. */
1797 lsa = ospf_lsa_new_and_data(length);
1798
1799 lsa->vrf_id = oi->ospf->vrf_id;
1800 /* We may wish to put some error checking if type NSSA comes in
1801 and area not in NSSA mode */
1802 switch (lsah->type) {
1803 case OSPF_AS_EXTERNAL_LSA:
1804 case OSPF_OPAQUE_AS_LSA:
1805 lsa->area = NULL;
1806 break;
1807 case OSPF_OPAQUE_LINK_LSA:
1808 lsa->oi = oi; /* Remember incoming interface for
1809 flooding control. */
1810 /* Fallthrough */
1811 default:
1812 lsa->area = oi->area;
1813 break;
1814 }
1815
1816 memcpy(lsa->data, lsah, length);
1817
1818 if (IS_DEBUG_OSPF_EVENT)
1819 zlog_debug(
1820 "LSA[Type%d:%pI4]: %p new LSA created with Link State Update",
1821 lsa->data->type, &lsa->data->id,
1822 (void *)lsa);
1823 listnode_add(lsas, lsa);
1824 }
1825
1826 return lsas;
1827 }
1828
1829 /* Cleanup Update list. */
1830 static void ospf_upd_list_clean(struct list *lsas)
1831 {
1832 struct listnode *node, *nnode;
1833 struct ospf_lsa *lsa;
1834
1835 for (ALL_LIST_ELEMENTS(lsas, node, nnode, lsa))
1836 ospf_lsa_discard(lsa);
1837
1838 list_delete(&lsas);
1839 }
1840
1841 /* OSPF Link State Update message read -- RFC2328 Section 13. */
1842 static void ospf_ls_upd(struct ospf *ospf, struct ip *iph,
1843 struct ospf_header *ospfh, struct stream *s,
1844 struct ospf_interface *oi, uint16_t size)
1845 {
1846 struct ospf_neighbor *nbr;
1847 struct list *lsas;
1848 struct listnode *node, *nnode;
1849 struct ospf_lsa *lsa = NULL;
1850 /* unsigned long ls_req_found = 0; */
1851
1852 /* Dis-assemble the stream, update each entry, re-encapsulate for
1853 * flooding */
1854
1855 /* Increment statistics. */
1856 oi->ls_upd_in++;
1857
1858 /* Check neighbor. */
1859 nbr = ospf_nbr_lookup(oi, iph, ospfh);
1860 if (nbr == NULL) {
1861 flog_warn(EC_OSPF_PACKET,
1862 "Link State Update: Unknown Neighbor %pI4 on int: %s",
1863 &ospfh->router_id, IF_NAME(oi));
1864 return;
1865 }
1866
1867 /* Check neighbor state. */
1868 if (nbr->state < NSM_Exchange) {
1869 if (IS_DEBUG_OSPF(nsm, NSM_EVENTS))
1870 zlog_debug(
1871 "Link State Update: Neighbor[%pI4] state %s is less than Exchange",
1872 &ospfh->router_id,
1873 lookup_msg(ospf_nsm_state_msg, nbr->state,
1874 NULL));
1875 return;
1876 }
1877
1878 /* Get list of LSAs from Link State Update packet. - Also performs
1879 * Stages 1 (validate LSA checksum) and 2 (check for LSA consistent
1880 * type) of section 13.
1881 */
1882 lsas = ospf_ls_upd_list_lsa(nbr, s, oi, size);
1883
1884 if (lsas == NULL)
1885 return;
1886 #define DISCARD_LSA(L, N) \
1887 { \
1888 if (IS_DEBUG_OSPF_EVENT) \
1889 zlog_debug( \
1890 "ospf_lsa_discard() in ospf_ls_upd() point %d: lsa %p" \
1891 " Type-%d", \
1892 N, (void *)lsa, (int)lsa->data->type); \
1893 ospf_lsa_discard(L); \
1894 continue; \
1895 }
1896
1897 /* Process each LSA received in the one packet.
1898 *
1899 * Numbers in parentheses, e.g. (1), (2), etc., and the corresponding
1900 * text below are from the steps in RFC 2328, Section 13.
1901 */
1902 for (ALL_LIST_ELEMENTS(lsas, node, nnode, lsa)) {
1903 struct ospf_lsa *ls_ret, *current;
1904 int ret = 1;
1905
1906 if (IS_DEBUG_OSPF(lsa, LSA))
1907 zlog_debug("LSA Type-%d from %pI4, ID: %pI4, ADV: %pI4",
1908 lsa->data->type, &ospfh->router_id,
1909 &lsa->data->id, &lsa->data->adv_router);
1910
1911 listnode_delete(lsas,
1912 lsa); /* We don't need it in list anymore */
1913
1914 /* (1) Validate Checksum - Done above by ospf_ls_upd_list_lsa()
1915 */
1916
1917 /* (2) LSA Type - Done above by ospf_ls_upd_list_lsa() */
1918
1919 /* (3) Do not take in AS External LSAs if we are a stub or NSSA.
1920 */
1921
1922 /* Do not take in AS NSSA if this neighbor and we are not NSSA
1923 */
1924
1925 /* Do take in Type-7's if we are an NSSA */
1926
1927 /* If we are also an ABR, later translate them to a Type-5
1928 * packet */
1929
1930 /* Later, an NSSA Re-fresh can Re-fresh Type-7's and an ABR will
1931 translate them to a separate Type-5 packet. */
1932
1933 if (lsa->data->type == OSPF_AS_EXTERNAL_LSA)
1934 /* Reject from STUB or NSSA */
1935 if (nbr->oi->area->external_routing
1936 != OSPF_AREA_DEFAULT) {
1937 if (IS_DEBUG_OSPF_NSSA)
1938 zlog_debug(
1939 "Incoming External LSA Discarded: We are NSSA/STUB Area");
1940 DISCARD_LSA(lsa, 1);
1941 }
1942
1943 if (lsa->data->type == OSPF_AS_NSSA_LSA)
1944 if (nbr->oi->area->external_routing != OSPF_AREA_NSSA) {
1945 if (IS_DEBUG_OSPF_NSSA)
1946 zlog_debug(
1947 "Incoming NSSA LSA Discarded: Not NSSA Area");
1948 DISCARD_LSA(lsa, 2);
1949 }
1950
1951 /* VU229804: Router-LSA Adv-ID must be equal to LS-ID */
1952 if (lsa->data->type == OSPF_ROUTER_LSA)
1953 if (!IPV4_ADDR_SAME(&lsa->data->id,
1954 &lsa->data->adv_router)) {
1955 flog_err(
1956 EC_OSPF_ROUTER_LSA_MISMATCH,
1957 "Incoming Router-LSA from %pI4 with Adv-ID[%pI4] != LS-ID[%pI4]",
1958 &ospfh->router_id, &lsa->data->id,
1959 &lsa->data->adv_router);
1960 flog_err(
1961 EC_OSPF_DOMAIN_CORRUPT,
1962 "OSPF domain compromised by attack or corruption. Verify correct operation of -ALL- OSPF routers.");
1963 DISCARD_LSA(lsa, 0);
1964 }
1965
1966 /* Find the LSA in the current database. */
1967
1968 current = ospf_lsa_lookup_by_header(oi->area, lsa->data);
1969
1970 /* (4) If the LSA's LS age is equal to MaxAge, and there is
1971 currently
1972 no instance of the LSA in the router's link state database,
1973 and none of router's neighbors are in states Exchange or
1974 Loading,
1975 then take the following actions: */
1976
1977 if (IS_LSA_MAXAGE(lsa) && !current
1978 && ospf_check_nbr_status(oi->ospf)) {
1979 /* (4a) Response Link State Acknowledgment. */
1980 ospf_ls_ack_send(nbr, lsa);
1981
1982 /* (4b) Discard LSA. */
1983 if (IS_DEBUG_OSPF(lsa, LSA)) {
1984 zlog_debug(
1985 "Link State Update[%s]: LS age is equal to MaxAge.",
1986 dump_lsa_key(lsa));
1987 }
1988 DISCARD_LSA(lsa, 3);
1989 }
1990
1991 if (IS_OPAQUE_LSA(lsa->data->type)
1992 && IPV4_ADDR_SAME(&lsa->data->adv_router,
1993 &oi->ospf->router_id)) {
1994 /*
1995 * Even if initial flushing seems to be completed, there
1996 * might
1997 * be a case that self-originated LSA with MaxAge still
1998 * remain
1999 * in the routing domain.
2000 * Just send an LSAck message to cease retransmission.
2001 */
2002 if (IS_LSA_MAXAGE(lsa)) {
2003 zlog_info("LSA[%s]: Boomerang effect?",
2004 dump_lsa_key(lsa));
2005 ospf_ls_ack_send(nbr, lsa);
2006 ospf_lsa_discard(lsa);
2007
2008 if (current != NULL && !IS_LSA_MAXAGE(current))
2009 ospf_opaque_lsa_refresh_schedule(
2010 current);
2011 continue;
2012 }
2013
2014 /*
2015 * If an instance of self-originated Opaque-LSA is not
2016 * found
2017 * in the LSDB, there are some possible cases here.
2018 *
2019 * 1) This node lost opaque-capability after restart.
2020 * 2) Else, a part of opaque-type is no more supported.
2021 * 3) Else, a part of opaque-id is no more supported.
2022 *
2023 * Anyway, it is still this node's responsibility to
2024 * flush it.
2025 * Otherwise, the LSA instance remains in the routing
2026 * domain
2027 * until its age reaches to MaxAge.
2028 */
2029 /* XXX: We should deal with this for *ALL* LSAs, not
2030 * just opaque */
2031 if (current == NULL) {
2032 if (IS_DEBUG_OSPF_EVENT)
2033 zlog_debug(
2034 "LSA[%s]: Previously originated Opaque-LSA, not found in the LSDB.",
2035 dump_lsa_key(lsa));
2036
2037 SET_FLAG(lsa->flags, OSPF_LSA_SELF);
2038
2039 ospf_ls_ack_send(nbr, lsa);
2040
2041 if (!ospf->gr_info.restart_in_progress) {
2042 ospf_opaque_self_originated_lsa_received(
2043 nbr, lsa);
2044 continue;
2045 }
2046 }
2047 }
2048
2049 /* It might be happen that received LSA is self-originated
2050 * network LSA, but
2051 * router ID is changed. So, we should check if LSA is a
2052 * network-LSA whose
2053 * Link State ID is one of the router's own IP interface
2054 * addresses but whose
2055 * Advertising Router is not equal to the router's own Router ID
2056 * According to RFC 2328 12.4.2 and 13.4 this LSA should be
2057 * flushed.
2058 */
2059
2060 if (lsa->data->type == OSPF_NETWORK_LSA) {
2061 struct listnode *oinode, *oinnode;
2062 struct ospf_interface *out_if;
2063 int Flag = 0;
2064
2065 for (ALL_LIST_ELEMENTS(oi->ospf->oiflist, oinode,
2066 oinnode, out_if)) {
2067 if (out_if == NULL)
2068 break;
2069
2070 if ((IPV4_ADDR_SAME(&out_if->address->u.prefix4,
2071 &lsa->data->id))
2072 && (!(IPV4_ADDR_SAME(
2073 &oi->ospf->router_id,
2074 &lsa->data->adv_router)))) {
2075 if (out_if->network_lsa_self) {
2076 ospf_lsa_flush_area(
2077 lsa, out_if->area);
2078 if (IS_DEBUG_OSPF_EVENT)
2079 zlog_debug(
2080 "ospf_lsa_discard() in ospf_ls_upd() point 9: lsa %p Type-%d",
2081 (void *)lsa,
2082 (int)lsa->data
2083 ->type);
2084 ospf_lsa_discard(lsa);
2085 Flag = 1;
2086 }
2087 break;
2088 }
2089 }
2090 if (Flag)
2091 continue;
2092 }
2093
2094 /* (5) Find the instance of this LSA that is currently contained
2095 in the router's link state database. If there is no
2096 database copy, or the received LSA is more recent than
2097 the database copy the following steps must be performed.
2098 (The sub steps from RFC 2328 section 13 step (5) will be
2099 performed in
2100 ospf_flood() ) */
2101
2102 if (current == NULL
2103 || (ret = ospf_lsa_more_recent(current, lsa)) < 0) {
2104 /* CVE-2017-3224 */
2105 if (current && (IS_LSA_MAX_SEQ(current))
2106 && (IS_LSA_MAX_SEQ(lsa)) && !IS_LSA_MAXAGE(lsa)) {
2107 zlog_debug(
2108 "Link State Update[%s]: has Max Seq and higher checksum but not MaxAge. Dropping it",
2109 dump_lsa_key(lsa));
2110
2111 DISCARD_LSA(lsa, 4);
2112 }
2113
2114 /* Actual flooding procedure. */
2115 if (ospf_flood(oi->ospf, nbr, current, lsa)
2116 < 0) /* Trap NSSA later. */
2117 DISCARD_LSA(lsa, 5);
2118
2119 /* GR: check for network topology change. */
2120 if (ospf->gr_info.restart_in_progress &&
2121 ((lsa->data->type == OSPF_ROUTER_LSA ||
2122 lsa->data->type == OSPF_NETWORK_LSA)))
2123 ospf_gr_check_lsdb_consistency(oi->ospf,
2124 oi->area);
2125
2126 continue;
2127 }
2128
2129 /* (6) Else, If there is an instance of the LSA on the sending
2130 neighbor's Link state request list, an error has occurred in
2131 the Database Exchange process. In this case, restart the
2132 Database Exchange process by generating the neighbor event
2133 BadLSReq for the sending neighbor and stop processing the
2134 Link State Update packet. */
2135
2136 if (ospf_ls_request_lookup(nbr, lsa)) {
2137 OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_BadLSReq);
2138 flog_warn(
2139 EC_OSPF_PACKET,
2140 "LSA[%s] instance exists on Link state request list",
2141 dump_lsa_key(lsa));
2142
2143 /* Clean list of LSAs. */
2144 ospf_upd_list_clean(lsas);
2145 /* this lsa is not on lsas list already. */
2146 ospf_lsa_discard(lsa);
2147 return;
2148 }
2149
2150 /* If the received LSA is the same instance as the database copy
2151 (i.e., neither one is more recent) the following two steps
2152 should be performed: */
2153
2154 if (ret == 0) {
2155 /* If the LSA is listed in the Link state retransmission
2156 list
2157 for the receiving adjacency, the router itself is
2158 expecting
2159 an acknowledgment for this LSA. The router should
2160 treat the
2161 received LSA as an acknowledgment by removing the LSA
2162 from
2163 the Link state retransmission list. This is termed
2164 an
2165 "implied acknowledgment". */
2166
2167 ls_ret = ospf_ls_retransmit_lookup(nbr, lsa);
2168
2169 if (ls_ret != NULL) {
2170 ospf_ls_retransmit_delete(nbr, ls_ret);
2171
2172 /* Delayed acknowledgment sent if advertisement
2173 received
2174 from Designated Router, otherwise do nothing.
2175 */
2176 if (oi->state == ISM_Backup)
2177 if (NBR_IS_DR(nbr))
2178 listnode_add(
2179 oi->ls_ack,
2180 ospf_lsa_lock(lsa));
2181
2182 DISCARD_LSA(lsa, 6);
2183 } else
2184 /* Acknowledge the receipt of the LSA by sending a
2185 Link State Acknowledgment packet back out the
2186 receiving
2187 interface. */
2188 {
2189 ospf_ls_ack_send(nbr, lsa);
2190 DISCARD_LSA(lsa, 7);
2191 }
2192 }
2193
2194 /* The database copy is more recent. If the database copy
2195 has LS age equal to MaxAge and LS sequence number equal to
2196 MaxSequenceNumber, simply discard the received LSA without
2197 acknowledging it. (In this case, the LSA's LS sequence number
2198 is
2199 wrapping, and the MaxSequenceNumber LSA must be completely
2200 flushed before any new LSA instance can be introduced). */
2201
2202 else if (ret > 0) /* Database copy is more recent */
2203 {
2204 if (IS_LSA_MAXAGE(current)
2205 && current->data->ls_seqnum
2206 == htonl(OSPF_MAX_SEQUENCE_NUMBER)) {
2207 DISCARD_LSA(lsa, 8);
2208 }
2209 /* Otherwise, as long as the database copy has not been
2210 sent in a
2211 Link State Update within the last MinLSArrival
2212 seconds, send the
2213 database copy back to the sending neighbor,
2214 encapsulated within
2215 a Link State Update Packet. The Link State Update
2216 Packet should
2217 be sent directly to the neighbor. In so doing, do not
2218 put the
2219 database copy of the LSA on the neighbor's link state
2220 retransmission list, and do not acknowledge the
2221 received (less
2222 recent) LSA instance. */
2223 else {
2224 if (monotime_since(&current->tv_orig, NULL)
2225 >= ospf->min_ls_arrival * 1000LL)
2226 /* Trap NSSA type later.*/
2227 ospf_ls_upd_send_lsa(
2228 nbr, current,
2229 OSPF_SEND_PACKET_DIRECT);
2230 DISCARD_LSA(lsa, 9);
2231 }
2232 }
2233 }
2234 #undef DISCARD_LSA
2235
2236 assert(listcount(lsas) == 0);
2237 list_delete(&lsas);
2238 }
2239
2240 /* OSPF Link State Acknowledgment message read -- RFC2328 Section 13.7. */
2241 static void ospf_ls_ack(struct ip *iph, struct ospf_header *ospfh,
2242 struct stream *s, struct ospf_interface *oi,
2243 uint16_t size)
2244 {
2245 struct ospf_neighbor *nbr;
2246
2247 /* increment statistics. */
2248 oi->ls_ack_in++;
2249
2250 nbr = ospf_nbr_lookup(oi, iph, ospfh);
2251 if (nbr == NULL) {
2252 flog_warn(EC_OSPF_PACKET,
2253 "Link State Acknowledgment: Unknown Neighbor %pI4",
2254 &ospfh->router_id);
2255 return;
2256 }
2257
2258 if (nbr->state < NSM_Exchange) {
2259 if (IS_DEBUG_OSPF(nsm, NSM_EVENTS))
2260 zlog_debug(
2261 "Link State Acknowledgment: Neighbor[%pI4] state %s is less than Exchange",
2262 &ospfh->router_id,
2263 lookup_msg(ospf_nsm_state_msg, nbr->state,
2264 NULL));
2265 return;
2266 }
2267
2268 while (size >= OSPF_LSA_HEADER_SIZE) {
2269 struct ospf_lsa *lsa, *lsr;
2270
2271 lsa = ospf_lsa_new();
2272 lsa->data = (struct lsa_header *)stream_pnt(s);
2273 lsa->vrf_id = oi->ospf->vrf_id;
2274
2275 /* lsah = (struct lsa_header *) stream_pnt (s); */
2276 size -= OSPF_LSA_HEADER_SIZE;
2277 stream_forward_getp(s, OSPF_LSA_HEADER_SIZE);
2278
2279 if (lsa->data->type < OSPF_MIN_LSA
2280 || lsa->data->type >= OSPF_MAX_LSA) {
2281 lsa->data = NULL;
2282 ospf_lsa_discard(lsa);
2283 continue;
2284 }
2285
2286 lsr = ospf_ls_retransmit_lookup(nbr, lsa);
2287
2288 if (lsr != NULL && ospf_lsa_more_recent(lsr, lsa) == 0) {
2289 ospf_ls_retransmit_delete(nbr, lsr);
2290 ospf_check_and_gen_init_seq_lsa(oi, lsa);
2291 }
2292
2293 lsa->data = NULL;
2294 ospf_lsa_discard(lsa);
2295 }
2296
2297 return;
2298 }
2299
2300 static struct stream *ospf_recv_packet(struct ospf *ospf, int fd,
2301 struct interface **ifp,
2302 struct stream *ibuf)
2303 {
2304 int ret;
2305 struct ip *iph;
2306 uint16_t ip_len;
2307 ifindex_t ifindex = 0;
2308 struct iovec iov;
2309 /* Header and data both require alignment. */
2310 char buff[CMSG_SPACE(SOPT_SIZE_CMSG_IFINDEX_IPV4())];
2311 struct msghdr msgh;
2312
2313 memset(&msgh, 0, sizeof(msgh));
2314 msgh.msg_iov = &iov;
2315 msgh.msg_iovlen = 1;
2316 msgh.msg_control = (caddr_t)buff;
2317 msgh.msg_controllen = sizeof(buff);
2318
2319 ret = stream_recvmsg(ibuf, fd, &msgh, MSG_DONTWAIT,
2320 OSPF_MAX_PACKET_SIZE + 1);
2321 if (ret < 0) {
2322 if (errno != EAGAIN && errno != EWOULDBLOCK)
2323 flog_warn(EC_OSPF_PACKET, "stream_recvmsg failed: %s",
2324 safe_strerror(errno));
2325 return NULL;
2326 }
2327 if ((unsigned int)ret < sizeof(struct ip)) {
2328 flog_warn(
2329 EC_OSPF_PACKET,
2330 "%s: discarding runt packet of length %d (ip header size is %u)",
2331 __func__, ret, (unsigned int)sizeof(iph));
2332 return NULL;
2333 }
2334
2335 /* Note that there should not be alignment problems with this assignment
2336 because this is at the beginning of the stream data buffer. */
2337 iph = (struct ip *)STREAM_DATA(ibuf);
2338 sockopt_iphdrincl_swab_systoh(iph);
2339
2340 ip_len = iph->ip_len;
2341
2342 #if defined(__FreeBSD__) && (__FreeBSD_version < 1000000)
2343 /*
2344 * Kernel network code touches incoming IP header parameters,
2345 * before protocol specific processing.
2346 *
2347 * 1) Convert byteorder to host representation.
2348 * --> ip_len, ip_id, ip_off
2349 *
2350 * 2) Adjust ip_len to strip IP header size!
2351 * --> If user process receives entire IP packet via RAW
2352 * socket, it must consider adding IP header size to
2353 * the "ip_len" field of "ip" structure.
2354 *
2355 * For more details, see <netinet/ip_input.c>.
2356 */
2357 ip_len = ip_len + (iph->ip_hl << 2);
2358 #endif
2359
2360 #if defined(__DragonFly__)
2361 /*
2362 * in DragonFly's raw socket, ip_len/ip_off are read
2363 * in network byte order.
2364 * As OpenBSD < 200311 adjust ip_len to strip IP header size!
2365 */
2366 ip_len = ntohs(iph->ip_len) + (iph->ip_hl << 2);
2367 #endif
2368
2369 ifindex = getsockopt_ifindex(AF_INET, &msgh);
2370
2371 *ifp = if_lookup_by_index(ifindex, ospf->vrf_id);
2372
2373 if (ret != ip_len) {
2374 flog_warn(
2375 EC_OSPF_PACKET,
2376 "%s read length mismatch: ip_len is %d, but recvmsg returned %d",
2377 __func__, ip_len, ret);
2378 return NULL;
2379 }
2380
2381 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2382 zlog_debug("%s: fd %d(%s) on interface %d(%s)", __func__, fd,
2383 ospf_get_name(ospf), ifindex,
2384 *ifp ? (*ifp)->name : "Unknown");
2385 return ibuf;
2386 }
2387
2388 static struct ospf_interface *
2389 ospf_associate_packet_vl(struct ospf *ospf, struct interface *ifp,
2390 struct ip *iph, struct ospf_header *ospfh)
2391 {
2392 struct ospf_interface *rcv_oi;
2393 struct ospf_vl_data *vl_data;
2394 struct ospf_area *vl_area;
2395 struct listnode *node;
2396
2397 if (IN_MULTICAST(ntohl(iph->ip_dst.s_addr))
2398 || !OSPF_IS_AREA_BACKBONE(ospfh))
2399 return NULL;
2400
2401 /* look for local OSPF interface matching the destination
2402 * to determine Area ID. We presume therefore the destination address
2403 * is unique, or at least (for "unnumbered" links), not used in other
2404 * areas
2405 */
2406 if ((rcv_oi = ospf_if_lookup_by_local_addr(ospf, NULL, iph->ip_dst))
2407 == NULL)
2408 return NULL;
2409
2410 for (ALL_LIST_ELEMENTS_RO(ospf->vlinks, node, vl_data)) {
2411 vl_area =
2412 ospf_area_lookup_by_area_id(ospf, vl_data->vl_area_id);
2413 if (!vl_area)
2414 continue;
2415
2416 if (OSPF_AREA_SAME(&vl_area, &rcv_oi->area)
2417 && IPV4_ADDR_SAME(&vl_data->vl_peer, &ospfh->router_id)) {
2418 if (IS_DEBUG_OSPF_EVENT)
2419 zlog_debug("associating packet with %s",
2420 IF_NAME(vl_data->vl_oi));
2421 if (!CHECK_FLAG(vl_data->vl_oi->ifp->flags, IFF_UP)) {
2422 if (IS_DEBUG_OSPF_EVENT)
2423 zlog_debug(
2424 "This VL is not up yet, sorry");
2425 return NULL;
2426 }
2427
2428 return vl_data->vl_oi;
2429 }
2430 }
2431
2432 if (IS_DEBUG_OSPF_EVENT)
2433 zlog_debug("couldn't find any VL to associate the packet with");
2434
2435 return NULL;
2436 }
2437
2438 static int ospf_check_area_id(struct ospf_interface *oi,
2439 struct ospf_header *ospfh)
2440 {
2441 /* Check match the Area ID of the receiving interface. */
2442 if (OSPF_AREA_SAME(&oi->area, &ospfh))
2443 return 1;
2444
2445 return 0;
2446 }
2447
2448 /* Unbound socket will accept any Raw IP packets if proto is matched.
2449 To prevent it, compare src IP address and i/f address with masking
2450 i/f network mask. */
2451 static int ospf_check_network_mask(struct ospf_interface *oi,
2452 struct in_addr ip_src)
2453 {
2454 struct in_addr mask, me, him;
2455
2456 if (oi->type == OSPF_IFTYPE_POINTOPOINT
2457 || oi->type == OSPF_IFTYPE_VIRTUALLINK)
2458 return 1;
2459
2460 /* Ignore mask check for max prefix length (32) */
2461 if (oi->type == OSPF_IFTYPE_POINTOMULTIPOINT
2462 && oi->address->prefixlen == IPV4_MAX_BITLEN)
2463 return 1;
2464
2465 masklen2ip(oi->address->prefixlen, &mask);
2466
2467 me.s_addr = oi->address->u.prefix4.s_addr & mask.s_addr;
2468 him.s_addr = ip_src.s_addr & mask.s_addr;
2469
2470 if (IPV4_ADDR_SAME(&me, &him))
2471 return 1;
2472
2473 return 0;
2474 }
2475
2476 /* Return 1, if the packet is properly authenticated and checksummed,
2477 0 otherwise. In particular, check that AuType header field is valid and
2478 matches the locally configured AuType, and that D.5 requirements are met. */
2479 static int ospf_check_auth(struct ospf_interface *oi, struct ospf_header *ospfh)
2480 {
2481 struct crypt_key *ck;
2482 uint16_t iface_auth_type;
2483 uint16_t pkt_auth_type = ntohs(ospfh->auth_type);
2484
2485 switch (pkt_auth_type) {
2486 case OSPF_AUTH_NULL: /* RFC2328 D.5.1 */
2487 if (OSPF_AUTH_NULL != (iface_auth_type = ospf_auth_type(oi))) {
2488 if (IS_DEBUG_OSPF_PACKET(ospfh->type - 1, RECV))
2489 flog_warn(
2490 EC_OSPF_PACKET,
2491 "interface %s: auth-type mismatch, local %s, rcvd Null, Router-ID %pI4",
2492 IF_NAME(oi),
2493 lookup_msg(ospf_auth_type_str,
2494 iface_auth_type, NULL),
2495 &ospfh->router_id);
2496 return 0;
2497 }
2498 if (!ospf_check_sum(ospfh)) {
2499 if (IS_DEBUG_OSPF_PACKET(ospfh->type - 1, RECV))
2500 flog_warn(
2501 EC_OSPF_PACKET,
2502 "interface %s: Null auth OK, but checksum error, Router-ID %pI4",
2503 IF_NAME(oi),
2504 &ospfh->router_id);
2505 return 0;
2506 }
2507 return 1;
2508 case OSPF_AUTH_SIMPLE: /* RFC2328 D.5.2 */
2509 if (OSPF_AUTH_SIMPLE
2510 != (iface_auth_type = ospf_auth_type(oi))) {
2511 if (IS_DEBUG_OSPF_PACKET(ospfh->type - 1, RECV))
2512 flog_warn(
2513 EC_OSPF_PACKET,
2514 "interface %s: auth-type mismatch, local %s, rcvd Simple, Router-ID %pI4",
2515 IF_NAME(oi),
2516 lookup_msg(ospf_auth_type_str,
2517 iface_auth_type, NULL),
2518 &ospfh->router_id);
2519 return 0;
2520 }
2521 if (memcmp(OSPF_IF_PARAM(oi, auth_simple), ospfh->u.auth_data,
2522 OSPF_AUTH_SIMPLE_SIZE)) {
2523 if (IS_DEBUG_OSPF_PACKET(ospfh->type - 1, RECV))
2524 flog_warn(
2525 EC_OSPF_PACKET,
2526 "interface %s: Simple auth failed, Router-ID %pI4",
2527 IF_NAME(oi), &ospfh->router_id);
2528 return 0;
2529 }
2530 if (!ospf_check_sum(ospfh)) {
2531 if (IS_DEBUG_OSPF_PACKET(ospfh->type - 1, RECV))
2532 flog_warn(
2533 EC_OSPF_PACKET,
2534 "interface %s: Simple auth OK, checksum error, Router-ID %pI4",
2535 IF_NAME(oi),
2536 &ospfh->router_id);
2537 return 0;
2538 }
2539 return 1;
2540 case OSPF_AUTH_CRYPTOGRAPHIC: /* RFC2328 D.5.3 */
2541 if (OSPF_AUTH_CRYPTOGRAPHIC
2542 != (iface_auth_type = ospf_auth_type(oi))) {
2543 if (IS_DEBUG_OSPF_PACKET(ospfh->type - 1, RECV))
2544 flog_warn(
2545 EC_OSPF_PACKET,
2546 "interface %s: auth-type mismatch, local %s, rcvd Cryptographic, Router-ID %pI4",
2547 IF_NAME(oi),
2548 lookup_msg(ospf_auth_type_str,
2549 iface_auth_type, NULL),
2550 &ospfh->router_id);
2551 return 0;
2552 }
2553 if (ospfh->checksum) {
2554 if (IS_DEBUG_OSPF_PACKET(ospfh->type - 1, RECV))
2555 flog_warn(
2556 EC_OSPF_PACKET,
2557 "interface %s: OSPF header checksum is not 0, Router-ID %pI4",
2558 IF_NAME(oi), &ospfh->router_id);
2559 return 0;
2560 }
2561 /* only MD5 crypto method can pass ospf_packet_examin() */
2562 if (NULL == (ck = listgetdata(
2563 listtail(OSPF_IF_PARAM(oi, auth_crypt))))
2564 || ospfh->u.crypt.key_id != ck->key_id ||
2565 /* Condition above uses the last key ID on the list,
2566 which is
2567 different from what ospf_crypt_key_lookup() does. A
2568 bug? */
2569 !ospf_check_md5_digest(oi, ospfh)) {
2570 if (IS_DEBUG_OSPF_PACKET(ospfh->type - 1, RECV))
2571 flog_warn(
2572 EC_OSPF_MD5,
2573 "interface %s: MD5 auth failed, Router-ID %pI4",
2574 IF_NAME(oi), &ospfh->router_id);
2575 return 0;
2576 }
2577 return 1;
2578 default:
2579 if (IS_DEBUG_OSPF_PACKET(ospfh->type - 1, RECV))
2580 flog_warn(
2581 EC_OSPF_PACKET,
2582 "interface %s: invalid packet auth-type (%02x), Router-ID %pI4",
2583 IF_NAME(oi), pkt_auth_type, &ospfh->router_id);
2584 return 0;
2585 }
2586 }
2587
2588 static int ospf_check_sum(struct ospf_header *ospfh)
2589 {
2590 uint32_t ret;
2591 uint16_t sum;
2592
2593 /* clear auth_data for checksum. */
2594 memset(ospfh->u.auth_data, 0, OSPF_AUTH_SIMPLE_SIZE);
2595
2596 /* keep checksum and clear. */
2597 sum = ospfh->checksum;
2598 memset(&ospfh->checksum, 0, sizeof(uint16_t));
2599
2600 /* calculate checksum. */
2601 ret = in_cksum(ospfh, ntohs(ospfh->length));
2602
2603 if (ret != sum) {
2604 zlog_info("%s: checksum mismatch, my %X, his %X", __func__, ret,
2605 sum);
2606 return 0;
2607 }
2608
2609 return 1;
2610 }
2611
2612 /* Verify, that given link/TOS records are properly sized/aligned and match
2613 Router-LSA "# links" and "# TOS" fields as specified in RFC2328 A.4.2. */
2614 static unsigned ospf_router_lsa_links_examin(struct router_lsa_link *link,
2615 uint16_t linkbytes,
2616 const uint16_t num_links)
2617 {
2618 unsigned counted_links = 0, thislinklen;
2619
2620 while (linkbytes >= OSPF_ROUTER_LSA_LINK_SIZE) {
2621 thislinklen =
2622 OSPF_ROUTER_LSA_LINK_SIZE + 4 * link->m[0].tos_count;
2623 if (thislinklen > linkbytes) {
2624 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2625 zlog_debug("%s: length error in link block #%u",
2626 __func__, counted_links);
2627 return MSG_NG;
2628 }
2629 link = (struct router_lsa_link *)((caddr_t)link + thislinklen);
2630 linkbytes -= thislinklen;
2631 counted_links++;
2632 }
2633 if (counted_links != num_links) {
2634 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2635 zlog_debug("%s: %u link blocks declared, %u present",
2636 __func__, num_links, counted_links);
2637 return MSG_NG;
2638 }
2639 return MSG_OK;
2640 }
2641
2642 /* Verify, that the given LSA is properly sized/aligned (including type-specific
2643 minimum length constraint). */
2644 static unsigned ospf_lsa_examin(struct lsa_header *lsah, const uint16_t lsalen,
2645 const uint8_t headeronly)
2646 {
2647 unsigned ret;
2648 struct router_lsa *rlsa;
2649 if (lsah->type < OSPF_MAX_LSA && ospf_lsa_minlen[lsah->type]
2650 && lsalen < OSPF_LSA_HEADER_SIZE + ospf_lsa_minlen[lsah->type]) {
2651 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2652 zlog_debug("%s: undersized (%u B) %s", __func__, lsalen,
2653 lookup_msg(ospf_lsa_type_msg, lsah->type,
2654 NULL));
2655 return MSG_NG;
2656 }
2657 switch (lsah->type) {
2658 case OSPF_ROUTER_LSA: {
2659 /*
2660 * RFC2328 A.4.2, LSA header + 4 bytes followed by N>=0
2661 * (12+)-byte link blocks
2662 */
2663 size_t linkbytes_len = lsalen - OSPF_LSA_HEADER_SIZE
2664 - OSPF_ROUTER_LSA_MIN_SIZE;
2665
2666 /*
2667 * LSA link blocks are variable length but always multiples of
2668 * 4; basic sanity check
2669 */
2670 if (linkbytes_len % 4 != 0)
2671 return MSG_NG;
2672
2673 if (headeronly)
2674 return MSG_OK;
2675
2676 rlsa = (struct router_lsa *)lsah;
2677
2678 ret = ospf_router_lsa_links_examin(
2679 (struct router_lsa_link *)rlsa->link,
2680 linkbytes_len,
2681 ntohs(rlsa->links));
2682 break;
2683 }
2684 case OSPF_AS_EXTERNAL_LSA:
2685 /* RFC2328 A.4.5, LSA header + 4 bytes followed by N>=1 12-bytes long
2686 * blocks */
2687 case OSPF_AS_NSSA_LSA:
2688 /* RFC3101 C, idem */
2689 ret = (lsalen - OSPF_LSA_HEADER_SIZE
2690 - OSPF_AS_EXTERNAL_LSA_MIN_SIZE)
2691 % 12
2692 ? MSG_NG
2693 : MSG_OK;
2694 break;
2695 /* Following LSA types are considered OK length-wise as soon as their
2696 * minimum
2697 * length constraint is met and length of the whole LSA is a multiple of
2698 * 4
2699 * (basic LSA header size is already a multiple of 4). */
2700 case OSPF_NETWORK_LSA:
2701 /* RFC2328 A.4.3, LSA header + 4 bytes followed by N>=1 router-IDs */
2702 case OSPF_SUMMARY_LSA:
2703 case OSPF_ASBR_SUMMARY_LSA:
2704 /* RFC2328 A.4.4, LSA header + 4 bytes followed by N>=1 4-bytes TOS
2705 * blocks */
2706 case OSPF_OPAQUE_LINK_LSA:
2707 case OSPF_OPAQUE_AREA_LSA:
2708 case OSPF_OPAQUE_AS_LSA:
2709 /* RFC5250 A.2, "some number of octets (of application-specific
2710 * data) padded to 32-bit alignment." This is considered
2711 * equivalent
2712 * to 4-byte alignment of all other LSA types, see
2713 * OSPF-ALIGNMENT.txt
2714 * file for the detailed analysis of this passage. */
2715 ret = lsalen % 4 ? MSG_NG : MSG_OK;
2716 break;
2717 default:
2718 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2719 zlog_debug("%s: unsupported LSA type 0x%02x", __func__,
2720 lsah->type);
2721 return MSG_NG;
2722 }
2723 if (ret != MSG_OK && IS_DEBUG_OSPF_PACKET(0, RECV))
2724 zlog_debug("%s: alignment error in %s", __func__,
2725 lookup_msg(ospf_lsa_type_msg, lsah->type, NULL));
2726 return ret;
2727 }
2728
2729 /* Verify if the provided input buffer is a valid sequence of LSAs. This
2730 includes verification of LSA blocks length/alignment and dispatching
2731 of deeper-level checks. */
2732 static unsigned
2733 ospf_lsaseq_examin(struct lsa_header *lsah, /* start of buffered data */
2734 size_t length, const uint8_t headeronly,
2735 /* When declared_num_lsas is not 0, compare it to the real
2736 number of LSAs
2737 and treat the difference as an error. */
2738 const uint32_t declared_num_lsas)
2739 {
2740 uint32_t counted_lsas = 0;
2741
2742 while (length) {
2743 uint16_t lsalen;
2744 if (length < OSPF_LSA_HEADER_SIZE) {
2745 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2746 zlog_debug(
2747 "%s: undersized (%zu B) trailing (#%u) LSA header",
2748 __func__, length, counted_lsas);
2749 return MSG_NG;
2750 }
2751 /* save on ntohs() calls here and in the LSA validator */
2752 lsalen = ntohs(lsah->length);
2753 if (lsalen < OSPF_LSA_HEADER_SIZE) {
2754 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2755 zlog_debug(
2756 "%s: malformed LSA header #%u, declared length is %u B",
2757 __func__, counted_lsas, lsalen);
2758 return MSG_NG;
2759 }
2760 if (headeronly) {
2761 /* less checks here and in ospf_lsa_examin() */
2762 if (MSG_OK != ospf_lsa_examin(lsah, lsalen, 1)) {
2763 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2764 zlog_debug(
2765 "%s: malformed header-only LSA #%u",
2766 __func__, counted_lsas);
2767 return MSG_NG;
2768 }
2769 lsah = (struct lsa_header *)((caddr_t)lsah
2770 + OSPF_LSA_HEADER_SIZE);
2771 length -= OSPF_LSA_HEADER_SIZE;
2772 } else {
2773 /* make sure the input buffer is deep enough before
2774 * further checks */
2775 if (lsalen > length) {
2776 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2777 zlog_debug(
2778 "%s: anomaly in LSA #%u: declared length is %u B, buffered length is %zu B",
2779 __func__, counted_lsas, lsalen,
2780 length);
2781 return MSG_NG;
2782 }
2783 if (MSG_OK != ospf_lsa_examin(lsah, lsalen, 0)) {
2784 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2785 zlog_debug("%s: malformed LSA #%u",
2786 __func__, counted_lsas);
2787 return MSG_NG;
2788 }
2789 lsah = (struct lsa_header *)((caddr_t)lsah + lsalen);
2790 length -= lsalen;
2791 }
2792 counted_lsas++;
2793 }
2794
2795 if (declared_num_lsas && counted_lsas != declared_num_lsas) {
2796 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2797 zlog_debug(
2798 "%s: #LSAs declared (%u) does not match actual (%u)",
2799 __func__, declared_num_lsas, counted_lsas);
2800 return MSG_NG;
2801 }
2802 return MSG_OK;
2803 }
2804
2805 /* Verify a complete OSPF packet for proper sizing/alignment. */
2806 static unsigned ospf_packet_examin(struct ospf_header *oh,
2807 const unsigned bytesonwire)
2808 {
2809 uint16_t bytesdeclared, bytesauth;
2810 unsigned ret;
2811 struct ospf_ls_update *lsupd;
2812
2813 /* Length, 1st approximation. */
2814 if (bytesonwire < OSPF_HEADER_SIZE) {
2815 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2816 zlog_debug("%s: undersized (%u B) packet", __func__,
2817 bytesonwire);
2818 return MSG_NG;
2819 }
2820 /* Now it is safe to access header fields. Performing length check,
2821 * allow
2822 * for possible extra bytes of crypto auth/padding, which are not
2823 * counted
2824 * in the OSPF header "length" field. */
2825 if (oh->version != OSPF_VERSION) {
2826 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2827 zlog_debug("%s: invalid (%u) protocol version",
2828 __func__, oh->version);
2829 return MSG_NG;
2830 }
2831 bytesdeclared = ntohs(oh->length);
2832 if (ntohs(oh->auth_type) != OSPF_AUTH_CRYPTOGRAPHIC)
2833 bytesauth = 0;
2834 else {
2835 if (oh->u.crypt.auth_data_len != OSPF_AUTH_MD5_SIZE) {
2836 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2837 zlog_debug(
2838 "%s: unsupported crypto auth length (%u B)",
2839 __func__, oh->u.crypt.auth_data_len);
2840 return MSG_NG;
2841 }
2842 bytesauth = OSPF_AUTH_MD5_SIZE;
2843 }
2844 if (bytesdeclared + bytesauth > bytesonwire) {
2845 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2846 zlog_debug(
2847 "%s: packet length error (%u real, %u+%u declared)",
2848 __func__, bytesonwire, bytesdeclared,
2849 bytesauth);
2850 return MSG_NG;
2851 }
2852 /* Length, 2nd approximation. The type-specific constraint is checked
2853 against declared length, not amount of bytes on wire. */
2854 if (oh->type >= OSPF_MSG_HELLO && oh->type <= OSPF_MSG_LS_ACK
2855 && bytesdeclared
2856 < OSPF_HEADER_SIZE + ospf_packet_minlen[oh->type]) {
2857 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2858 zlog_debug("%s: undersized (%u B) %s packet", __func__,
2859 bytesdeclared,
2860 lookup_msg(ospf_packet_type_str, oh->type,
2861 NULL));
2862 return MSG_NG;
2863 }
2864 switch (oh->type) {
2865 case OSPF_MSG_HELLO:
2866 /* RFC2328 A.3.2, packet header + OSPF_HELLO_MIN_SIZE bytes
2867 followed
2868 by N>=0 router-IDs. */
2869 ret = (bytesdeclared - OSPF_HEADER_SIZE - OSPF_HELLO_MIN_SIZE)
2870 % 4
2871 ? MSG_NG
2872 : MSG_OK;
2873 break;
2874 case OSPF_MSG_DB_DESC:
2875 /* RFC2328 A.3.3, packet header + OSPF_DB_DESC_MIN_SIZE bytes
2876 followed
2877 by N>=0 header-only LSAs. */
2878 ret = ospf_lsaseq_examin(
2879 (struct lsa_header *)((caddr_t)oh + OSPF_HEADER_SIZE
2880 + OSPF_DB_DESC_MIN_SIZE),
2881 bytesdeclared - OSPF_HEADER_SIZE
2882 - OSPF_DB_DESC_MIN_SIZE,
2883 1, /* header-only LSAs */
2884 0);
2885 break;
2886 case OSPF_MSG_LS_REQ:
2887 /* RFC2328 A.3.4, packet header followed by N>=0 12-bytes
2888 * request blocks. */
2889 ret = (bytesdeclared - OSPF_HEADER_SIZE - OSPF_LS_REQ_MIN_SIZE)
2890 % OSPF_LSA_KEY_SIZE
2891 ? MSG_NG
2892 : MSG_OK;
2893 break;
2894 case OSPF_MSG_LS_UPD:
2895 /* RFC2328 A.3.5, packet header + OSPF_LS_UPD_MIN_SIZE bytes
2896 followed
2897 by N>=0 full LSAs (with N declared beforehand). */
2898 lsupd = (struct ospf_ls_update *)((caddr_t)oh
2899 + OSPF_HEADER_SIZE);
2900 ret = ospf_lsaseq_examin(
2901 (struct lsa_header *)((caddr_t)lsupd
2902 + OSPF_LS_UPD_MIN_SIZE),
2903 bytesdeclared - OSPF_HEADER_SIZE - OSPF_LS_UPD_MIN_SIZE,
2904 0, /* full LSAs */
2905 ntohl(lsupd->num_lsas) /* 32 bits */
2906 );
2907 break;
2908 case OSPF_MSG_LS_ACK:
2909 /* RFC2328 A.3.6, packet header followed by N>=0 header-only
2910 * LSAs. */
2911 ret = ospf_lsaseq_examin(
2912 (struct lsa_header *)((caddr_t)oh + OSPF_HEADER_SIZE
2913 + OSPF_LS_ACK_MIN_SIZE),
2914 bytesdeclared - OSPF_HEADER_SIZE - OSPF_LS_ACK_MIN_SIZE,
2915 1, /* header-only LSAs */
2916 0);
2917 break;
2918 default:
2919 if (IS_DEBUG_OSPF_PACKET(0, RECV))
2920 zlog_debug("%s: invalid packet type 0x%02x", __func__,
2921 oh->type);
2922 return MSG_NG;
2923 }
2924 if (ret != MSG_OK && IS_DEBUG_OSPF_PACKET(0, RECV))
2925 zlog_debug("%s: malformed %s packet", __func__,
2926 lookup_msg(ospf_packet_type_str, oh->type, NULL));
2927 return ret;
2928 }
2929
2930 /* OSPF Header verification. */
2931 static int ospf_verify_header(struct stream *ibuf, struct ospf_interface *oi,
2932 struct ip *iph, struct ospf_header *ospfh)
2933 {
2934 /* Check Area ID. */
2935 if (!ospf_check_area_id(oi, ospfh)) {
2936 flog_warn(EC_OSPF_PACKET,
2937 "interface %s: ospf_read invalid Area ID %pI4",
2938 IF_NAME(oi), &ospfh->area_id);
2939 return -1;
2940 }
2941
2942 /* Check network mask, Silently discarded. */
2943 if (!ospf_check_network_mask(oi, iph->ip_src)) {
2944 flog_warn(
2945 EC_OSPF_PACKET,
2946 "interface %s: ospf_read network address is not same [%pI4]",
2947 IF_NAME(oi), &iph->ip_src);
2948 return -1;
2949 }
2950
2951 /* Check authentication. The function handles logging actions, where
2952 * required. */
2953 if (!ospf_check_auth(oi, ospfh))
2954 return -1;
2955
2956 return 0;
2957 }
2958
2959 enum ospf_read_return_enum {
2960 OSPF_READ_ERROR,
2961 OSPF_READ_CONTINUE,
2962 };
2963
2964 static enum ospf_read_return_enum ospf_read_helper(struct ospf *ospf)
2965 {
2966 int ret;
2967 struct stream *ibuf;
2968 struct ospf_interface *oi;
2969 struct ip *iph;
2970 struct ospf_header *ospfh;
2971 uint16_t length;
2972 struct connected *c;
2973 struct interface *ifp = NULL;
2974
2975 stream_reset(ospf->ibuf);
2976 ibuf = ospf_recv_packet(ospf, ospf->fd, &ifp, ospf->ibuf);
2977 if (ibuf == NULL)
2978 return OSPF_READ_ERROR;
2979
2980 /*
2981 * This raw packet is known to be at least as big as its
2982 * IP header. Note that there should not be alignment problems with
2983 * this assignment because this is at the beginning of the
2984 * stream data buffer.
2985 */
2986 iph = (struct ip *)STREAM_DATA(ibuf);
2987 /*
2988 * Note that sockopt_iphdrincl_swab_systoh was called in
2989 * ospf_recv_packet.
2990 */
2991 if (ifp == NULL) {
2992 /*
2993 * Handle cases where the platform does not support
2994 * retrieving the ifindex, and also platforms (such as
2995 * Solaris 8) that claim to support ifindex retrieval but do
2996 * not.
2997 */
2998 c = if_lookup_address((void *)&iph->ip_src, AF_INET,
2999 ospf->vrf_id);
3000 if (c)
3001 ifp = c->ifp;
3002 if (ifp == NULL) {
3003 if (IS_DEBUG_OSPF_PACKET(0, RECV))
3004 zlog_debug(
3005 "%s: Unable to determine incoming interface from: %pI4(%s)",
3006 __func__, &iph->ip_src,
3007 ospf_get_name(ospf));
3008 return OSPF_READ_CONTINUE;
3009 }
3010 }
3011
3012 if (ospf->vrf_id == VRF_DEFAULT && ospf->vrf_id != ifp->vrf->vrf_id) {
3013 /*
3014 * We may have a situation where l3mdev_accept == 1
3015 * let's just kindly drop the packet and move on.
3016 * ospf really really really does not like when
3017 * we receive the same packet multiple times.
3018 */
3019 return OSPF_READ_CONTINUE;
3020 }
3021
3022 /* Self-originated packet should be discarded silently. */
3023 if (ospf_if_lookup_by_local_addr(ospf, NULL, iph->ip_src)) {
3024 if (IS_DEBUG_OSPF_PACKET(0, RECV)) {
3025 zlog_debug(
3026 "ospf_read[%pI4]: Dropping self-originated packet",
3027 &iph->ip_src);
3028 }
3029 return OSPF_READ_CONTINUE;
3030 }
3031
3032 /* Check that we have enough for an IP header */
3033 if ((unsigned int)(iph->ip_hl << 2) >= STREAM_READABLE(ibuf)) {
3034 if ((unsigned int)(iph->ip_hl << 2) == STREAM_READABLE(ibuf)) {
3035 flog_warn(
3036 EC_OSPF_PACKET,
3037 "Rx'd IP packet with OSPF protocol number but no payload");
3038 } else {
3039 flog_warn(
3040 EC_OSPF_PACKET,
3041 "IP header length field claims header is %u bytes, but we only have %zu",
3042 (unsigned int)(iph->ip_hl << 2),
3043 STREAM_READABLE(ibuf));
3044 }
3045
3046 return OSPF_READ_ERROR;
3047 }
3048 stream_forward_getp(ibuf, iph->ip_hl << 2);
3049
3050 ospfh = (struct ospf_header *)stream_pnt(ibuf);
3051 if (MSG_OK
3052 != ospf_packet_examin(ospfh, stream_get_endp(ibuf)
3053 - stream_get_getp(ibuf)))
3054 return OSPF_READ_CONTINUE;
3055 /* Now it is safe to access all fields of OSPF packet header. */
3056
3057 /* associate packet with ospf interface */
3058 oi = ospf_if_lookup_recv_if(ospf, iph->ip_src, ifp);
3059
3060 /*
3061 * ospf_verify_header() relies on a valid "oi" and thus can be called
3062 * only after the passive/backbone/other checks below are passed.
3063 * These checks in turn access the fields of unverified "ospfh"
3064 * structure for their own purposes and must remain very accurate
3065 * in doing this.
3066 */
3067
3068 /* If incoming interface is passive one, ignore it. */
3069 if (oi && OSPF_IF_PASSIVE_STATUS(oi) == OSPF_IF_PASSIVE) {
3070 if (IS_DEBUG_OSPF_EVENT)
3071 zlog_debug(
3072 "ignoring packet from router %pI4 sent to %pI4, received on a passive interface, %pI4",
3073 &ospfh->router_id, &iph->ip_dst,
3074 &oi->address->u.prefix4);
3075
3076 if (iph->ip_dst.s_addr == htonl(OSPF_ALLSPFROUTERS)) {
3077 /* Try to fix multicast membership.
3078 * Some OS:es may have problems in this area,
3079 * make sure it is removed.
3080 */
3081 OI_MEMBER_JOINED(oi, MEMBER_ALLROUTERS);
3082 ospf_if_set_multicast(oi);
3083 }
3084 return OSPF_READ_CONTINUE;
3085 }
3086
3087
3088 /* if no local ospf_interface,
3089 * or header area is backbone but ospf_interface is not
3090 * check for VLINK interface
3091 */
3092 if ((oi == NULL)
3093 || (OSPF_IS_AREA_ID_BACKBONE(ospfh->area_id)
3094 && !OSPF_IS_AREA_ID_BACKBONE(oi->area->area_id))) {
3095 if ((oi = ospf_associate_packet_vl(ospf, ifp, iph, ospfh))
3096 == NULL) {
3097 if (!ospf->instance && IS_DEBUG_OSPF_EVENT)
3098 zlog_debug(
3099 "Packet from [%pI4] received on link %s but no ospf_interface",
3100 &iph->ip_src, ifp->name);
3101 return OSPF_READ_CONTINUE;
3102 }
3103 }
3104
3105 /*
3106 * else it must be a local ospf interface, check it was
3107 * received on correct link
3108 */
3109 else if (oi->ifp != ifp) {
3110 if (IS_DEBUG_OSPF_EVENT)
3111 flog_warn(EC_OSPF_PACKET,
3112 "Packet from [%pI4] received on wrong link %s",
3113 &iph->ip_src, ifp->name);
3114 return OSPF_READ_CONTINUE;
3115 } else if (oi->state == ISM_Down) {
3116 flog_warn(
3117 EC_OSPF_PACKET,
3118 "Ignoring packet from %pI4 to %pI4 received on interface that is down [%s]; interface flags are %s",
3119 &iph->ip_src, &iph->ip_dst, ifp->name,
3120 if_flag_dump(ifp->flags));
3121 /* Fix multicast memberships? */
3122 if (iph->ip_dst.s_addr == htonl(OSPF_ALLSPFROUTERS))
3123 OI_MEMBER_JOINED(oi, MEMBER_ALLROUTERS);
3124 else if (iph->ip_dst.s_addr == htonl(OSPF_ALLDROUTERS))
3125 OI_MEMBER_JOINED(oi, MEMBER_DROUTERS);
3126 if (oi->multicast_memberships)
3127 ospf_if_set_multicast(oi);
3128 return OSPF_READ_CONTINUE;
3129 }
3130
3131 /*
3132 * If the received packet is destined for AllDRouters, the
3133 * packet should be accepted only if the received ospf
3134 * interface state is either DR or Backup -- endo.
3135 *
3136 * I wonder who endo is?
3137 */
3138 if (iph->ip_dst.s_addr == htonl(OSPF_ALLDROUTERS)
3139 && (oi->state != ISM_DR && oi->state != ISM_Backup)) {
3140 flog_warn(
3141 EC_OSPF_PACKET,
3142 "Dropping packet for AllDRouters from [%pI4] via [%s] (ISM: %s)",
3143 &iph->ip_src, IF_NAME(oi),
3144 lookup_msg(ospf_ism_state_msg, oi->state, NULL));
3145 /* Try to fix multicast membership. */
3146 SET_FLAG(oi->multicast_memberships, MEMBER_DROUTERS);
3147 ospf_if_set_multicast(oi);
3148 return OSPF_READ_CONTINUE;
3149 }
3150
3151 /* Verify more OSPF header fields. */
3152 ret = ospf_verify_header(ibuf, oi, iph, ospfh);
3153 if (ret < 0) {
3154 if (IS_DEBUG_OSPF_PACKET(0, RECV))
3155 zlog_debug(
3156 "ospf_read[%pI4]: Header check failed, dropping.",
3157 &iph->ip_src);
3158 return OSPF_READ_CONTINUE;
3159 }
3160
3161 /* Show debug receiving packet. */
3162 if (IS_DEBUG_OSPF_PACKET(ospfh->type - 1, RECV)) {
3163 if (IS_DEBUG_OSPF_PACKET(ospfh->type - 1, DETAIL)) {
3164 zlog_debug(
3165 "-----------------------------------------------------");
3166 ospf_packet_dump(ibuf);
3167 }
3168
3169 zlog_debug("%s received from [%pI4] via [%s]",
3170 lookup_msg(ospf_packet_type_str, ospfh->type, NULL),
3171 &ospfh->router_id, IF_NAME(oi));
3172 zlog_debug(" src [%pI4],", &iph->ip_src);
3173 zlog_debug(" dst [%pI4]", &iph->ip_dst);
3174
3175 if (IS_DEBUG_OSPF_PACKET(ospfh->type - 1, DETAIL))
3176 zlog_debug(
3177 "-----------------------------------------------------");
3178 }
3179
3180 stream_forward_getp(ibuf, OSPF_HEADER_SIZE);
3181
3182 /* Adjust size to message length. */
3183 length = ntohs(ospfh->length) - OSPF_HEADER_SIZE;
3184
3185 /* Read rest of the packet and call each sort of packet routine.
3186 */
3187 switch (ospfh->type) {
3188 case OSPF_MSG_HELLO:
3189 ospf_hello(iph, ospfh, ibuf, oi, length);
3190 break;
3191 case OSPF_MSG_DB_DESC:
3192 ospf_db_desc(iph, ospfh, ibuf, oi, length);
3193 break;
3194 case OSPF_MSG_LS_REQ:
3195 ospf_ls_req(iph, ospfh, ibuf, oi, length);
3196 break;
3197 case OSPF_MSG_LS_UPD:
3198 ospf_ls_upd(ospf, iph, ospfh, ibuf, oi, length);
3199 break;
3200 case OSPF_MSG_LS_ACK:
3201 ospf_ls_ack(iph, ospfh, ibuf, oi, length);
3202 break;
3203 default:
3204 flog_warn(
3205 EC_OSPF_PACKET,
3206 "interface %s(%s): OSPF packet header type %d is illegal",
3207 IF_NAME(oi), ospf_get_name(ospf), ospfh->type);
3208 break;
3209 }
3210
3211 return OSPF_READ_CONTINUE;
3212 }
3213
3214 /* Starting point of packet process function. */
3215 void ospf_read(struct event *thread)
3216 {
3217 struct ospf *ospf;
3218 int32_t count = 0;
3219 enum ospf_read_return_enum ret;
3220
3221 /* first of all get interface pointer. */
3222 ospf = EVENT_ARG(thread);
3223
3224 /* prepare for next packet. */
3225 event_add_read(master, ospf_read, ospf, ospf->fd, &ospf->t_read);
3226
3227 while (count < ospf->write_oi_count) {
3228 count++;
3229 ret = ospf_read_helper(ospf);
3230 switch (ret) {
3231 case OSPF_READ_ERROR:
3232 return;
3233 case OSPF_READ_CONTINUE:
3234 break;
3235 }
3236 }
3237 }
3238
3239 /* Make OSPF header. */
3240 static void ospf_make_header(int type, struct ospf_interface *oi,
3241 struct stream *s)
3242 {
3243 struct ospf_header *ospfh;
3244
3245 ospfh = (struct ospf_header *)STREAM_DATA(s);
3246
3247 ospfh->version = (uint8_t)OSPF_VERSION;
3248 ospfh->type = (uint8_t)type;
3249
3250 ospfh->router_id = oi->ospf->router_id;
3251
3252 ospfh->checksum = 0;
3253 ospfh->area_id = oi->area->area_id;
3254 ospfh->auth_type = htons(ospf_auth_type(oi));
3255
3256 memset(ospfh->u.auth_data, 0, OSPF_AUTH_SIMPLE_SIZE);
3257
3258 stream_forward_endp(s, OSPF_HEADER_SIZE);
3259 }
3260
3261 /* Make Authentication Data. */
3262 static int ospf_make_auth(struct ospf_interface *oi, struct ospf_header *ospfh)
3263 {
3264 struct crypt_key *ck;
3265
3266 switch (ospf_auth_type(oi)) {
3267 case OSPF_AUTH_NULL:
3268 /* memset (ospfh->u.auth_data, 0, sizeof(ospfh->u.auth_data));
3269 */
3270 break;
3271 case OSPF_AUTH_SIMPLE:
3272 memcpy(ospfh->u.auth_data, OSPF_IF_PARAM(oi, auth_simple),
3273 OSPF_AUTH_SIMPLE_SIZE);
3274 break;
3275 case OSPF_AUTH_CRYPTOGRAPHIC:
3276 /* If key is not set, then set 0. */
3277 if (list_isempty(OSPF_IF_PARAM(oi, auth_crypt))) {
3278 ospfh->u.crypt.zero = 0;
3279 ospfh->u.crypt.key_id = 0;
3280 ospfh->u.crypt.auth_data_len = OSPF_AUTH_MD5_SIZE;
3281 } else {
3282 ck = listgetdata(
3283 listtail(OSPF_IF_PARAM(oi, auth_crypt)));
3284 ospfh->u.crypt.zero = 0;
3285 ospfh->u.crypt.key_id = ck->key_id;
3286 ospfh->u.crypt.auth_data_len = OSPF_AUTH_MD5_SIZE;
3287 }
3288 /* note: the seq is done in ospf_make_md5_digest() */
3289 break;
3290 default:
3291 /* memset (ospfh->u.auth_data, 0, sizeof(ospfh->u.auth_data));
3292 */
3293 break;
3294 }
3295
3296 return 0;
3297 }
3298
3299 /* Fill rest of OSPF header. */
3300 static void ospf_fill_header(struct ospf_interface *oi, struct stream *s,
3301 uint16_t length)
3302 {
3303 struct ospf_header *ospfh;
3304
3305 ospfh = (struct ospf_header *)STREAM_DATA(s);
3306
3307 /* Fill length. */
3308 ospfh->length = htons(length);
3309
3310 /* Calculate checksum. */
3311 if (ntohs(ospfh->auth_type) != OSPF_AUTH_CRYPTOGRAPHIC)
3312 ospfh->checksum = in_cksum(ospfh, length);
3313 else
3314 ospfh->checksum = 0;
3315
3316 /* Add Authentication Data. */
3317 ospf_make_auth(oi, ospfh);
3318 }
3319
3320 static int ospf_make_hello(struct ospf_interface *oi, struct stream *s)
3321 {
3322 struct ospf_neighbor *nbr;
3323 struct route_node *rn;
3324 uint16_t length = OSPF_HELLO_MIN_SIZE;
3325 struct in_addr mask;
3326 unsigned long p;
3327 int flag = 0;
3328
3329 /* Set netmask of interface. */
3330 if (!(CHECK_FLAG(oi->connected->flags, ZEBRA_IFA_UNNUMBERED)
3331 && oi->type == OSPF_IFTYPE_POINTOPOINT)
3332 && oi->type != OSPF_IFTYPE_VIRTUALLINK)
3333 masklen2ip(oi->address->prefixlen, &mask);
3334 else
3335 memset((char *)&mask, 0, sizeof(struct in_addr));
3336 stream_put_ipv4(s, mask.s_addr);
3337
3338 /* Set Hello Interval. */
3339 if (OSPF_IF_PARAM(oi, fast_hello) == 0)
3340 stream_putw(s, OSPF_IF_PARAM(oi, v_hello));
3341 else
3342 stream_putw(s, 0); /* hello-interval of 0 for fast-hellos */
3343
3344 /* Check if flood-reduction is enabled,
3345 * if yes set the DC bit in the options.
3346 */
3347 if (OSPF_FR_CONFIG(oi->ospf, oi->area))
3348 SET_FLAG(OPTIONS(oi), OSPF_OPTION_DC);
3349 else if (CHECK_FLAG(OPTIONS(oi), OSPF_OPTION_DC))
3350 UNSET_FLAG(OPTIONS(oi), OSPF_OPTION_DC);
3351
3352 if (IS_DEBUG_OSPF_EVENT)
3353 zlog_debug("%s: options: %x, int: %s", __func__, OPTIONS(oi),
3354 IF_NAME(oi));
3355
3356 /* Set Options. */
3357 stream_putc(s, OPTIONS(oi));
3358
3359 /* Set Router Priority. */
3360 stream_putc(s, PRIORITY(oi));
3361
3362 /* Set Router Dead Interval. */
3363 stream_putl(s, OSPF_IF_PARAM(oi, v_wait));
3364
3365 /* Set Designated Router. */
3366 stream_put_ipv4(s, DR(oi).s_addr);
3367
3368 p = stream_get_endp(s);
3369
3370 /* Set Backup Designated Router. */
3371 stream_put_ipv4(s, BDR(oi).s_addr);
3372
3373 /* Add neighbor seen. */
3374 for (rn = route_top(oi->nbrs); rn; rn = route_next(rn)) {
3375 nbr = rn->info;
3376
3377 if (!nbr)
3378 continue;
3379
3380 /* Ignore the 0.0.0.0 node */
3381 if (nbr->router_id.s_addr == INADDR_ANY)
3382 continue;
3383
3384 /* Ignore Down neighbor */
3385 if (nbr->state == NSM_Attempt)
3386 continue;
3387
3388 /* This is myself for DR election */
3389 if (nbr->state == NSM_Down)
3390 continue;
3391
3392 if (IPV4_ADDR_SAME(&nbr->router_id, &oi->ospf->router_id))
3393 continue;
3394 /* Check neighbor is sane? */
3395 if (nbr->d_router.s_addr != INADDR_ANY &&
3396 IPV4_ADDR_SAME(&nbr->d_router, &oi->address->u.prefix4) &&
3397 IPV4_ADDR_SAME(&nbr->bd_router, &oi->address->u.prefix4))
3398 flag = 1;
3399
3400 /* Hello packet overflows interface MTU.
3401 */
3402 if (length + sizeof(uint32_t) > ospf_packet_max(oi)) {
3403 flog_err(
3404 EC_OSPF_LARGE_HELLO,
3405 "Oversized Hello packet! Larger than MTU. Not sending it out");
3406 return 0;
3407 }
3408
3409 stream_put_ipv4(s, nbr->router_id.s_addr);
3410 length += 4;
3411 }
3412
3413 /* Let neighbor generate BackupSeen. */
3414 if (flag == 1)
3415 stream_putl_at(s, p, 0); /* ipv4 address, normally */
3416
3417 return length;
3418 }
3419
3420 static int ospf_make_db_desc(struct ospf_interface *oi,
3421 struct ospf_neighbor *nbr, struct stream *s)
3422 {
3423 struct ospf_lsa *lsa;
3424 uint16_t length = OSPF_DB_DESC_MIN_SIZE;
3425 uint8_t options;
3426 unsigned long pp;
3427 int i;
3428 struct ospf_lsdb *lsdb;
3429
3430 /* Set Interface MTU. */
3431 if (oi->type == OSPF_IFTYPE_VIRTUALLINK)
3432 stream_putw(s, 0);
3433 else
3434 stream_putw(s, oi->ifp->mtu);
3435
3436 /* Set Options. */
3437 options = OPTIONS(oi);
3438 if (CHECK_FLAG(oi->ospf->config, OSPF_OPAQUE_CAPABLE))
3439 SET_FLAG(options, OSPF_OPTION_O);
3440 if (OSPF_FR_CONFIG(oi->ospf, oi->area))
3441 SET_FLAG(options, OSPF_OPTION_DC);
3442 stream_putc(s, options);
3443
3444 /* DD flags */
3445 pp = stream_get_endp(s);
3446 stream_putc(s, nbr->dd_flags);
3447
3448 /* Set DD Sequence Number. */
3449 stream_putl(s, nbr->dd_seqnum);
3450
3451 /* shortcut unneeded walk of (empty) summary LSDBs */
3452 if (ospf_db_summary_isempty(nbr))
3453 goto empty;
3454
3455 /* Describe LSA Header from Database Summary List. */
3456 lsdb = &nbr->db_sum;
3457
3458 for (i = OSPF_MIN_LSA; i < OSPF_MAX_LSA; i++) {
3459 struct route_table *table = lsdb->type[i].db;
3460 struct route_node *rn;
3461
3462 for (rn = route_top(table); rn; rn = route_next(rn))
3463 if ((lsa = rn->info) != NULL) {
3464 if (IS_OPAQUE_LSA(lsa->data->type)
3465 && (!CHECK_FLAG(options, OSPF_OPTION_O))) {
3466 /* Suppress advertising
3467 * opaque-information. */
3468 /* Remove LSA from DB summary list. */
3469 ospf_lsdb_delete(lsdb, lsa);
3470 continue;
3471 }
3472
3473 if (!CHECK_FLAG(lsa->flags, OSPF_LSA_DISCARD)) {
3474 struct lsa_header *lsah;
3475 uint16_t ls_age;
3476
3477 /* DD packet overflows interface MTU. */
3478 if (length + OSPF_LSA_HEADER_SIZE
3479 > ospf_packet_max(oi))
3480 break;
3481
3482 /* Keep pointer to LS age. */
3483 lsah = (struct lsa_header
3484 *)(STREAM_DATA(s)
3485 + stream_get_endp(
3486 s));
3487
3488 /* Proceed stream pointer. */
3489 stream_put(s, lsa->data,
3490 OSPF_LSA_HEADER_SIZE);
3491 length += OSPF_LSA_HEADER_SIZE;
3492
3493 /* Set LS age. */
3494 ls_age = LS_AGE(lsa);
3495 lsah->ls_age = htons(ls_age);
3496 }
3497
3498 /* Remove LSA from DB summary list. */
3499 ospf_lsdb_delete(lsdb, lsa);
3500 }
3501 }
3502
3503 /* Update 'More' bit */
3504 if (ospf_db_summary_isempty(nbr)) {
3505 empty:
3506 if (nbr->state >= NSM_Exchange) {
3507 UNSET_FLAG(nbr->dd_flags, OSPF_DD_FLAG_M);
3508 /* Rewrite DD flags */
3509 stream_putc_at(s, pp, nbr->dd_flags);
3510 } else {
3511 assert(IS_SET_DD_M(nbr->dd_flags));
3512 }
3513 }
3514 return length;
3515 }
3516
3517 static int ospf_make_ls_req_func(struct stream *s, uint16_t *length,
3518 unsigned long delta, struct ospf_neighbor *nbr,
3519 struct ospf_lsa *lsa)
3520 {
3521 struct ospf_interface *oi;
3522
3523 oi = nbr->oi;
3524
3525 /* LS Request packet overflows interface MTU
3526 * delta is just number of bytes required for 1 LS Req
3527 * ospf_packet_max will return the number of bytes can
3528 * be accommodated without ospf header. So length+delta
3529 * can be compared to ospf_packet_max
3530 * to check if it can fit another lsreq in the same packet.
3531 */
3532
3533 if (*length + delta > ospf_packet_max(oi))
3534 return 0;
3535
3536 stream_putl(s, lsa->data->type);
3537 stream_put_ipv4(s, lsa->data->id.s_addr);
3538 stream_put_ipv4(s, lsa->data->adv_router.s_addr);
3539
3540 ospf_lsa_unlock(&nbr->ls_req_last);
3541 nbr->ls_req_last = ospf_lsa_lock(lsa);
3542
3543 *length += 12;
3544 return 1;
3545 }
3546
3547 static int ospf_make_ls_req(struct ospf_neighbor *nbr, struct stream *s)
3548 {
3549 struct ospf_lsa *lsa;
3550 uint16_t length = OSPF_LS_REQ_MIN_SIZE;
3551 unsigned long delta = 12;
3552 struct route_table *table;
3553 struct route_node *rn;
3554 int i;
3555 struct ospf_lsdb *lsdb;
3556
3557 lsdb = &nbr->ls_req;
3558
3559 for (i = OSPF_MIN_LSA; i < OSPF_MAX_LSA; i++) {
3560 table = lsdb->type[i].db;
3561 for (rn = route_top(table); rn; rn = route_next(rn))
3562 if ((lsa = (rn->info)) != NULL)
3563 if (ospf_make_ls_req_func(s, &length, delta,
3564 nbr, lsa)
3565 == 0) {
3566 route_unlock_node(rn);
3567 break;
3568 }
3569 }
3570 return length;
3571 }
3572
3573 static int ls_age_increment(struct ospf_lsa *lsa, int delay)
3574 {
3575 int age;
3576
3577 age = IS_LSA_MAXAGE(lsa) ? OSPF_LSA_MAXAGE : LS_AGE(lsa) + delay;
3578
3579 return (age > OSPF_LSA_MAXAGE ? OSPF_LSA_MAXAGE : age);
3580 }
3581
3582 static int ospf_make_ls_upd(struct ospf_interface *oi, struct list *update,
3583 struct stream *s)
3584 {
3585 struct ospf_lsa *lsa;
3586 struct listnode *node;
3587 uint16_t length = 0;
3588 unsigned int size_noauth;
3589 unsigned long delta = stream_get_endp(s);
3590 unsigned long pp;
3591 int count = 0;
3592
3593 if (IS_DEBUG_OSPF_EVENT)
3594 zlog_debug("%s: Start", __func__);
3595
3596 pp = stream_get_endp(s);
3597 stream_forward_endp(s, OSPF_LS_UPD_MIN_SIZE);
3598 length += OSPF_LS_UPD_MIN_SIZE;
3599
3600 /* Calculate amount of packet usable for data. */
3601 size_noauth = stream_get_size(s) - ospf_packet_authspace(oi);
3602
3603 while ((node = listhead(update)) != NULL) {
3604 struct lsa_header *lsah;
3605 uint16_t ls_age;
3606
3607 lsa = listgetdata(node);
3608 assert(lsa->data);
3609
3610 if (IS_DEBUG_OSPF_EVENT)
3611 zlog_debug("%s: List Iteration %d LSA[%s]", __func__,
3612 count, dump_lsa_key(lsa));
3613
3614 /* Will it fit? Minimum it has to fit at least one */
3615 if ((length + delta + ntohs(lsa->data->length) > size_noauth) &&
3616 (count > 0))
3617 break;
3618
3619 /* Keep pointer to LS age. */
3620 lsah = (struct lsa_header *)(STREAM_DATA(s)
3621 + stream_get_endp(s));
3622
3623 /* Put LSA to Link State Request. */
3624 stream_put(s, lsa->data, ntohs(lsa->data->length));
3625
3626 /* Set LS age. */
3627 /* each hop must increment an lsa_age by transmit_delay
3628 of OSPF interface */
3629 ls_age = ls_age_increment(lsa,
3630 OSPF_IF_PARAM(oi, transmit_delay));
3631 lsah->ls_age = htons(ls_age);
3632
3633 length += ntohs(lsa->data->length);
3634 count++;
3635
3636 list_delete_node(update, node);
3637 ospf_lsa_unlock(&lsa); /* oi->ls_upd_queue */
3638 }
3639
3640 /* Now set #LSAs. */
3641 stream_putl_at(s, pp, count);
3642
3643 if (IS_DEBUG_OSPF_EVENT)
3644 zlog_debug("%s: Stop", __func__);
3645 return length;
3646 }
3647
3648 static int ospf_make_ls_ack(struct ospf_interface *oi, struct list *ack,
3649 struct stream *s)
3650 {
3651 struct listnode *node, *nnode;
3652 uint16_t length = OSPF_LS_ACK_MIN_SIZE;
3653 unsigned long delta = OSPF_LSA_HEADER_SIZE;
3654 struct ospf_lsa *lsa;
3655
3656 for (ALL_LIST_ELEMENTS(ack, node, nnode, lsa)) {
3657 assert(lsa);
3658
3659 /* LS Ack packet overflows interface MTU
3660 * delta is just number of bytes required for
3661 * 1 LS Ack(1 LS Hdr) ospf_packet_max will return
3662 * the number of bytes can be accommodated without
3663 * ospf header. So length+delta can be compared
3664 * against ospf_packet_max to check if it can fit
3665 * another ls header in the same packet.
3666 */
3667 if ((length + delta) > ospf_packet_max(oi))
3668 break;
3669
3670 stream_put(s, lsa->data, OSPF_LSA_HEADER_SIZE);
3671 length += OSPF_LSA_HEADER_SIZE;
3672
3673 listnode_delete(ack, lsa);
3674 ospf_lsa_unlock(&lsa); /* oi->ls_ack_direct.ls_ack */
3675 }
3676
3677 return length;
3678 }
3679
3680 static void ospf_hello_send_sub(struct ospf_interface *oi, in_addr_t addr)
3681 {
3682 struct ospf_packet *op;
3683 uint16_t length = OSPF_HEADER_SIZE;
3684
3685 op = ospf_packet_new(oi->ifp->mtu);
3686
3687 /* Prepare OSPF common header. */
3688 ospf_make_header(OSPF_MSG_HELLO, oi, op->s);
3689
3690 /* Prepare OSPF Hello body. */
3691 length += ospf_make_hello(oi, op->s);
3692 if (length == OSPF_HEADER_SIZE) {
3693 /* Hello overshooting MTU */
3694 ospf_packet_free(op);
3695 return;
3696 }
3697
3698 /* Fill OSPF header. */
3699 ospf_fill_header(oi, op->s, length);
3700
3701 /* Set packet length. */
3702 op->length = length;
3703
3704 op->dst.s_addr = addr;
3705
3706 if (IS_DEBUG_OSPF_EVENT) {
3707 if (oi->ospf->vrf_id)
3708 zlog_debug(
3709 "%s: Hello Tx interface %s ospf vrf %s id %u",
3710 __func__, oi->ifp->name,
3711 ospf_vrf_id_to_name(oi->ospf->vrf_id),
3712 oi->ospf->vrf_id);
3713 }
3714 /* Add packet to the top of the interface output queue, so that they
3715 * can't get delayed by things like long queues of LS Update packets
3716 */
3717 ospf_packet_add_top(oi, op);
3718
3719 /* Hook thread to write packet. */
3720 OSPF_ISM_WRITE_ON(oi->ospf);
3721 }
3722
3723 static void ospf_poll_send(struct ospf_nbr_nbma *nbr_nbma)
3724 {
3725 struct ospf_interface *oi;
3726
3727 oi = nbr_nbma->oi;
3728 assert(oi);
3729
3730 /* If this is passive interface, do not send OSPF Hello. */
3731 if (OSPF_IF_PASSIVE_STATUS(oi) == OSPF_IF_PASSIVE)
3732 return;
3733
3734 if (oi->type != OSPF_IFTYPE_NBMA)
3735 return;
3736
3737 if (nbr_nbma->nbr != NULL && nbr_nbma->nbr->state != NSM_Down)
3738 return;
3739
3740 if (PRIORITY(oi) == 0)
3741 return;
3742
3743 if (nbr_nbma->priority == 0 && oi->state != ISM_DR
3744 && oi->state != ISM_Backup)
3745 return;
3746
3747 ospf_hello_send_sub(oi, nbr_nbma->addr.s_addr);
3748 }
3749
3750 void ospf_poll_timer(struct event *thread)
3751 {
3752 struct ospf_nbr_nbma *nbr_nbma;
3753
3754 nbr_nbma = EVENT_ARG(thread);
3755 nbr_nbma->t_poll = NULL;
3756
3757 if (IS_DEBUG_OSPF(nsm, NSM_TIMERS))
3758 zlog_debug("NSM[%s:%pI4]: Timer (Poll timer expire)",
3759 IF_NAME(nbr_nbma->oi), &nbr_nbma->addr);
3760
3761 ospf_poll_send(nbr_nbma);
3762
3763 if (nbr_nbma->v_poll > 0)
3764 OSPF_POLL_TIMER_ON(nbr_nbma->t_poll, ospf_poll_timer,
3765 nbr_nbma->v_poll);
3766 }
3767
3768
3769 void ospf_hello_reply_timer(struct event *thread)
3770 {
3771 struct ospf_neighbor *nbr;
3772
3773 nbr = EVENT_ARG(thread);
3774 nbr->t_hello_reply = NULL;
3775
3776 if (IS_DEBUG_OSPF(nsm, NSM_TIMERS))
3777 zlog_debug("NSM[%s:%pI4]: Timer (hello-reply timer expire)",
3778 IF_NAME(nbr->oi), &nbr->router_id);
3779
3780 ospf_hello_send_sub(nbr->oi, nbr->address.u.prefix4.s_addr);
3781 }
3782
3783 /* Send OSPF Hello. */
3784 void ospf_hello_send(struct ospf_interface *oi)
3785 {
3786 /* If this is passive interface, do not send OSPF Hello. */
3787 if (OSPF_IF_PASSIVE_STATUS(oi) == OSPF_IF_PASSIVE)
3788 return;
3789
3790 if (oi->type == OSPF_IFTYPE_NBMA) {
3791 struct ospf_neighbor *nbr;
3792 struct route_node *rn;
3793
3794 for (rn = route_top(oi->nbrs); rn; rn = route_next(rn)) {
3795 nbr = rn->info;
3796 if (!nbr)
3797 continue;
3798
3799 if (nbr == oi->nbr_self)
3800 continue;
3801
3802 if (nbr->state == NSM_Down)
3803 continue;
3804
3805 /*
3806 * RFC 2328 Section 9.5.1
3807 * If the router is not eligible to become Designated
3808 * Router, it must periodically send Hello Packets to
3809 * both the Designated Router and the Backup
3810 * Designated Router (if they exist).
3811 */
3812 if (PRIORITY(oi) == 0 &&
3813 IPV4_ADDR_CMP(&DR(oi), &nbr->address.u.prefix4) &&
3814 IPV4_ADDR_CMP(&BDR(oi), &nbr->address.u.prefix4))
3815 continue;
3816
3817 /*
3818 * If the router is eligible to become Designated
3819 * Router, it must periodically send Hello Packets to
3820 * all neighbors that are also eligible. In addition,
3821 * if the router is itself the Designated Router or
3822 * Backup Designated Router, it must also send periodic
3823 * Hello Packets to all other neighbors.
3824 */
3825 if (nbr->priority == 0 && oi->state == ISM_DROther)
3826 continue;
3827
3828 /* if oi->state == Waiting, send
3829 * hello to all neighbors */
3830 ospf_hello_send_sub(oi, nbr->address.u.prefix4.s_addr);
3831 }
3832 } else {
3833 /* Decide destination address. */
3834 if (oi->type == OSPF_IFTYPE_VIRTUALLINK)
3835 ospf_hello_send_sub(oi, oi->vl_data->peer_addr.s_addr);
3836 else
3837 ospf_hello_send_sub(oi, htonl(OSPF_ALLSPFROUTERS));
3838 }
3839 }
3840
3841 /* Send OSPF Database Description. */
3842 void ospf_db_desc_send(struct ospf_neighbor *nbr)
3843 {
3844 struct ospf_interface *oi;
3845 struct ospf_packet *op;
3846 uint16_t length = OSPF_HEADER_SIZE;
3847
3848 oi = nbr->oi;
3849 op = ospf_packet_new(oi->ifp->mtu);
3850
3851 /* Prepare OSPF common header. */
3852 ospf_make_header(OSPF_MSG_DB_DESC, oi, op->s);
3853
3854 /* Prepare OSPF Database Description body. */
3855 length += ospf_make_db_desc(oi, nbr, op->s);
3856
3857 /* Fill OSPF header. */
3858 ospf_fill_header(oi, op->s, length);
3859
3860 /* Set packet length. */
3861 op->length = length;
3862
3863 /* Decide destination address. */
3864 if (oi->type == OSPF_IFTYPE_POINTOPOINT)
3865 op->dst.s_addr = htonl(OSPF_ALLSPFROUTERS);
3866 else
3867 op->dst = nbr->address.u.prefix4;
3868
3869 /* Add packet to the interface output queue. */
3870 ospf_packet_add(oi, op);
3871
3872 /* Hook thread to write packet. */
3873 OSPF_ISM_WRITE_ON(oi->ospf);
3874
3875 /* Remove old DD packet, then copy new one and keep in neighbor
3876 * structure. */
3877 if (nbr->last_send)
3878 ospf_packet_free(nbr->last_send);
3879 nbr->last_send = ospf_packet_dup(op);
3880 monotime(&nbr->last_send_ts);
3881 if (CHECK_FLAG(oi->ospf->config, OSPF_LOG_ADJACENCY_DETAIL))
3882 zlog_info(
3883 "%s:Packet[DD]: %pI4 DB Desc send with seqnum:%x , flags:%x",
3884 ospf_get_name(oi->ospf), &nbr->router_id,
3885 nbr->dd_seqnum, nbr->dd_flags);
3886 }
3887
3888 /* Re-send Database Description. */
3889 void ospf_db_desc_resend(struct ospf_neighbor *nbr)
3890 {
3891 struct ospf_interface *oi;
3892
3893 oi = nbr->oi;
3894
3895 /* Add packet to the interface output queue. */
3896 ospf_packet_add(oi, ospf_packet_dup(nbr->last_send));
3897
3898 /* Hook thread to write packet. */
3899 OSPF_ISM_WRITE_ON(oi->ospf);
3900 if (CHECK_FLAG(oi->ospf->config, OSPF_LOG_ADJACENCY_DETAIL))
3901 zlog_info(
3902 "%s:Packet[DD]: %pI4 DB Desc resend with seqnum:%x , flags:%x",
3903 ospf_get_name(oi->ospf), &nbr->router_id,
3904 nbr->dd_seqnum, nbr->dd_flags);
3905 }
3906
3907 /* Send Link State Request. */
3908 void ospf_ls_req_send(struct ospf_neighbor *nbr)
3909 {
3910 struct ospf_interface *oi;
3911 struct ospf_packet *op;
3912 uint16_t length = OSPF_HEADER_SIZE;
3913
3914 oi = nbr->oi;
3915 op = ospf_packet_new(oi->ifp->mtu);
3916
3917 /* Prepare OSPF common header. */
3918 ospf_make_header(OSPF_MSG_LS_REQ, oi, op->s);
3919
3920 /* Prepare OSPF Link State Request body. */
3921 length += ospf_make_ls_req(nbr, op->s);
3922 if (length == OSPF_HEADER_SIZE) {
3923 ospf_packet_free(op);
3924 return;
3925 }
3926
3927 /* Fill OSPF header. */
3928 ospf_fill_header(oi, op->s, length);
3929
3930 /* Set packet length. */
3931 op->length = length;
3932
3933 /* Decide destination address. */
3934 if (oi->type == OSPF_IFTYPE_POINTOPOINT)
3935 op->dst.s_addr = htonl(OSPF_ALLSPFROUTERS);
3936 else
3937 op->dst = nbr->address.u.prefix4;
3938
3939 /* Add packet to the interface output queue. */
3940 ospf_packet_add(oi, op);
3941
3942 /* Hook thread to write packet. */
3943 OSPF_ISM_WRITE_ON(oi->ospf);
3944
3945 /* Add Link State Request Retransmission Timer. */
3946 OSPF_NSM_TIMER_ON(nbr->t_ls_req, ospf_ls_req_timer, nbr->v_ls_req);
3947 }
3948
3949 /* Send Link State Update with an LSA. */
3950 void ospf_ls_upd_send_lsa(struct ospf_neighbor *nbr, struct ospf_lsa *lsa,
3951 int flag)
3952 {
3953 struct list *update;
3954
3955 update = list_new();
3956
3957 listnode_add(update, lsa);
3958
3959 /*ospf instance is going down, send self originated
3960 * MAXAGE LSA update to neighbors to remove from LSDB */
3961 if (nbr->oi->ospf->inst_shutdown && IS_LSA_MAXAGE(lsa))
3962 ospf_ls_upd_send(nbr, update, flag, 1);
3963 else
3964 ospf_ls_upd_send(nbr, update, flag, 0);
3965
3966 list_delete(&update);
3967 }
3968
3969 /* Determine size for packet. Must be at least big enough to accommodate next
3970 * LSA on list, which may be bigger than MTU size.
3971 *
3972 * Return pointer to new ospf_packet
3973 * NULL if we can not allocate, eg because LSA is bigger than imposed limit
3974 * on packet sizes (in which case offending LSA is deleted from update list)
3975 */
3976 static struct ospf_packet *ospf_ls_upd_packet_new(struct list *update,
3977 struct ospf_interface *oi)
3978 {
3979 struct ospf_lsa *lsa;
3980 struct listnode *ln;
3981 size_t size;
3982 static char warned = 0;
3983
3984 lsa = listgetdata((ln = listhead(update)));
3985 assert(lsa->data);
3986
3987 if ((OSPF_LS_UPD_MIN_SIZE + ntohs(lsa->data->length))
3988 > ospf_packet_max(oi)) {
3989 if (!warned) {
3990 flog_warn(
3991 EC_OSPF_LARGE_LSA,
3992 "%s: oversized LSA encountered!will need to fragment. Not optimal. Try divide up your network with areas. Use 'debug ospf packet send' to see details, or look at 'show ip ospf database ..'",
3993 __func__);
3994 warned = 1;
3995 }
3996
3997 if (IS_DEBUG_OSPF_PACKET(0, SEND))
3998 zlog_debug(
3999 "%s: oversized LSA id:%pI4, %d bytes originated by %pI4, will be fragmented!",
4000 __func__, &lsa->data->id,
4001 ntohs(lsa->data->length),
4002 &lsa->data->adv_router);
4003
4004 /*
4005 * Allocate just enough to fit this LSA only, to avoid including
4006 * other
4007 * LSAs in fragmented LSA Updates.
4008 */
4009 size = ntohs(lsa->data->length)
4010 + (oi->ifp->mtu - ospf_packet_max(oi))
4011 + OSPF_LS_UPD_MIN_SIZE;
4012 } else
4013 size = oi->ifp->mtu;
4014
4015 if (size > OSPF_MAX_PACKET_SIZE) {
4016 flog_warn(
4017 EC_OSPF_LARGE_LSA,
4018 "%s: oversized LSA id:%pI4 too big, %d bytes, packet size %ld, dropping it completely. OSPF routing is broken!",
4019 __func__, &lsa->data->id, ntohs(lsa->data->length),
4020 (long int)size);
4021 list_delete_node(update, ln);
4022 return NULL;
4023 }
4024
4025 /* IP header is built up separately by ospf_write(). This means, that we
4026 * must
4027 * reduce the "affordable" size just calculated by length of an IP
4028 * header.
4029 * This makes sure, that even if we manage to fill the payload with LSA
4030 * data
4031 * completely, the final packet (our data plus IP header) still fits
4032 * into
4033 * outgoing interface MTU. This correction isn't really meaningful for
4034 * an
4035 * oversized LSA, but for consistency the correction is done for both
4036 * cases.
4037 *
4038 * P.S. OSPF_MAX_PACKET_SIZE above already includes IP header size
4039 */
4040 return ospf_packet_new(size - sizeof(struct ip));
4041 }
4042
4043 void ospf_ls_upd_queue_send(struct ospf_interface *oi, struct list *update,
4044 struct in_addr addr, int send_lsupd_now)
4045 {
4046 struct ospf_packet *op;
4047 uint16_t length = OSPF_HEADER_SIZE;
4048
4049 if (IS_DEBUG_OSPF_EVENT)
4050 zlog_debug("listcount = %d, [%s]dst %pI4", listcount(update),
4051 IF_NAME(oi), &addr);
4052
4053 /* Check that we have really something to process */
4054 if (listcount(update) == 0)
4055 return;
4056
4057 op = ospf_ls_upd_packet_new(update, oi);
4058
4059 /* Prepare OSPF common header. */
4060 ospf_make_header(OSPF_MSG_LS_UPD, oi, op->s);
4061
4062 /* Prepare OSPF Link State Update body.
4063 * Includes Type-7 translation.
4064 */
4065 length += ospf_make_ls_upd(oi, update, op->s);
4066
4067 /* Fill OSPF header. */
4068 ospf_fill_header(oi, op->s, length);
4069
4070 /* Set packet length. */
4071 op->length = length;
4072
4073 /* Decide destination address. */
4074 if (oi->type == OSPF_IFTYPE_POINTOPOINT)
4075 op->dst.s_addr = htonl(OSPF_ALLSPFROUTERS);
4076 else
4077 op->dst.s_addr = addr.s_addr;
4078
4079 /* Add packet to the interface output queue. */
4080 ospf_packet_add(oi, op);
4081 /* Call ospf_write() right away to send ospf packets to neighbors */
4082 if (send_lsupd_now) {
4083 struct event os_packet_thd;
4084
4085 os_packet_thd.arg = (void *)oi->ospf;
4086 if (oi->on_write_q == 0) {
4087 listnode_add(oi->ospf->oi_write_q, oi);
4088 oi->on_write_q = 1;
4089 }
4090 ospf_write(&os_packet_thd);
4091 /*
4092 * We are fake calling ospf_write with a fake
4093 * thread. Imagine that we have oi_a already
4094 * enqueued and we have turned on the write
4095 * thread(t_write).
4096 * Now this function calls this for oi_b
4097 * so the on_write_q has oi_a and oi_b on
4098 * it, ospf_write runs and clears the packets
4099 * for both oi_a and oi_b. Removing them from
4100 * the on_write_q. After this thread of execution
4101 * finishes we will execute the t_write thread
4102 * with nothing in the on_write_q causing an
4103 * assert. So just make sure that the t_write
4104 * is actually turned off.
4105 */
4106 if (list_isempty(oi->ospf->oi_write_q))
4107 EVENT_OFF(oi->ospf->t_write);
4108 } else {
4109 /* Hook thread to write packet. */
4110 OSPF_ISM_WRITE_ON(oi->ospf);
4111 }
4112 }
4113
4114 static void ospf_ls_upd_send_queue_event(struct event *thread)
4115 {
4116 struct ospf_interface *oi = EVENT_ARG(thread);
4117 struct route_node *rn;
4118 struct route_node *rnext;
4119 struct list *update;
4120 char again = 0;
4121
4122 oi->t_ls_upd_event = NULL;
4123
4124 if (IS_DEBUG_OSPF_EVENT)
4125 zlog_debug("%s start", __func__);
4126
4127 for (rn = route_top(oi->ls_upd_queue); rn; rn = rnext) {
4128 rnext = route_next(rn);
4129
4130 if (rn->info == NULL)
4131 continue;
4132
4133 update = (struct list *)rn->info;
4134
4135 ospf_ls_upd_queue_send(oi, update, rn->p.u.prefix4, 0);
4136
4137 /* list might not be empty. */
4138 if (listcount(update) == 0) {
4139 list_delete((struct list **)&rn->info);
4140 route_unlock_node(rn);
4141 } else
4142 again = 1;
4143 }
4144
4145 if (again != 0) {
4146 if (IS_DEBUG_OSPF_EVENT)
4147 zlog_debug(
4148 "%s: update lists not cleared, %d nodes to try again, raising new event",
4149 __func__, again);
4150 oi->t_ls_upd_event = NULL;
4151 event_add_event(master, ospf_ls_upd_send_queue_event, oi, 0,
4152 &oi->t_ls_upd_event);
4153 }
4154
4155 if (IS_DEBUG_OSPF_EVENT)
4156 zlog_debug("%s stop", __func__);
4157 }
4158
4159 void ospf_ls_upd_send(struct ospf_neighbor *nbr, struct list *update, int flag,
4160 int send_lsupd_now)
4161 {
4162 struct ospf_interface *oi;
4163 struct ospf_lsa *lsa;
4164 struct prefix_ipv4 p;
4165 struct route_node *rn;
4166 struct listnode *node;
4167
4168 oi = nbr->oi;
4169
4170 p.family = AF_INET;
4171 p.prefixlen = IPV4_MAX_BITLEN;
4172
4173 /* Decide destination address. */
4174 if (oi->type == OSPF_IFTYPE_VIRTUALLINK)
4175 p.prefix = oi->vl_data->peer_addr;
4176 else if (oi->type == OSPF_IFTYPE_POINTOPOINT)
4177 p.prefix.s_addr = htonl(OSPF_ALLSPFROUTERS);
4178 else if (flag == OSPF_SEND_PACKET_DIRECT)
4179 p.prefix = nbr->address.u.prefix4;
4180 else if (oi->state == ISM_DR || oi->state == ISM_Backup)
4181 p.prefix.s_addr = htonl(OSPF_ALLSPFROUTERS);
4182 else if (oi->type == OSPF_IFTYPE_POINTOMULTIPOINT)
4183 p.prefix.s_addr = htonl(OSPF_ALLSPFROUTERS);
4184 else
4185 p.prefix.s_addr = htonl(OSPF_ALLDROUTERS);
4186
4187 if (oi->type == OSPF_IFTYPE_NBMA) {
4188 if (flag == OSPF_SEND_PACKET_INDIRECT)
4189 flog_warn(
4190 EC_OSPF_PACKET,
4191 "* LS-Update is directly sent on NBMA network.");
4192 if (IPV4_ADDR_SAME(&oi->address->u.prefix4, &p.prefix))
4193 flog_warn(EC_OSPF_PACKET,
4194 "* LS-Update is sent to myself.");
4195 }
4196
4197 rn = route_node_get(oi->ls_upd_queue, (struct prefix *)&p);
4198
4199 if (rn->info == NULL)
4200 rn->info = list_new();
4201 else
4202 route_unlock_node(rn);
4203
4204 for (ALL_LIST_ELEMENTS_RO(update, node, lsa))
4205 listnode_add(rn->info,
4206 ospf_lsa_lock(lsa)); /* oi->ls_upd_queue */
4207 if (send_lsupd_now) {
4208 struct list *send_update_list;
4209 struct route_node *rnext;
4210
4211 for (rn = route_top(oi->ls_upd_queue); rn; rn = rnext) {
4212 rnext = route_next(rn);
4213
4214 if (rn->info == NULL)
4215 continue;
4216
4217 send_update_list = (struct list *)rn->info;
4218
4219 ospf_ls_upd_queue_send(oi, send_update_list,
4220 rn->p.u.prefix4, 1);
4221 }
4222 } else
4223 event_add_event(master, ospf_ls_upd_send_queue_event, oi, 0,
4224 &oi->t_ls_upd_event);
4225 }
4226
4227 static void ospf_ls_ack_send_list(struct ospf_interface *oi, struct list *ack,
4228 struct in_addr dst)
4229 {
4230 struct ospf_packet *op;
4231 uint16_t length = OSPF_HEADER_SIZE;
4232
4233 op = ospf_packet_new(oi->ifp->mtu);
4234
4235 /* Prepare OSPF common header. */
4236 ospf_make_header(OSPF_MSG_LS_ACK, oi, op->s);
4237
4238 /* Prepare OSPF Link State Acknowledgment body. */
4239 length += ospf_make_ls_ack(oi, ack, op->s);
4240
4241 /* Fill OSPF header. */
4242 ospf_fill_header(oi, op->s, length);
4243
4244 /* Set packet length. */
4245 op->length = length;
4246
4247 /* Decide destination address. */
4248 if (oi->type == OSPF_IFTYPE_POINTOPOINT ||
4249 oi->type == OSPF_IFTYPE_POINTOMULTIPOINT)
4250 op->dst.s_addr = htonl(OSPF_ALLSPFROUTERS);
4251 else
4252 op->dst.s_addr = dst.s_addr;
4253
4254 /* Add packet to the interface output queue. */
4255 ospf_packet_add(oi, op);
4256
4257 /* Hook thread to write packet. */
4258 OSPF_ISM_WRITE_ON(oi->ospf);
4259 }
4260
4261 static void ospf_ls_ack_send_event(struct event *thread)
4262 {
4263 struct ospf_interface *oi = EVENT_ARG(thread);
4264
4265 oi->t_ls_ack_direct = NULL;
4266
4267 while (listcount(oi->ls_ack_direct.ls_ack))
4268 ospf_ls_ack_send_list(oi, oi->ls_ack_direct.ls_ack,
4269 oi->ls_ack_direct.dst);
4270 }
4271
4272 void ospf_ls_ack_send(struct ospf_neighbor *nbr, struct ospf_lsa *lsa)
4273 {
4274 struct ospf_interface *oi = nbr->oi;
4275
4276 if (IS_GRACE_LSA(lsa)) {
4277 if (IS_DEBUG_OSPF_GR)
4278 zlog_debug("%s, Sending GRACE ACK to Restarter.",
4279 __func__);
4280 }
4281
4282 if (listcount(oi->ls_ack_direct.ls_ack) == 0)
4283 oi->ls_ack_direct.dst = nbr->address.u.prefix4;
4284
4285 listnode_add(oi->ls_ack_direct.ls_ack, ospf_lsa_lock(lsa));
4286
4287 event_add_event(master, ospf_ls_ack_send_event, oi, 0,
4288 &oi->t_ls_ack_direct);
4289 }
4290
4291 /* Send Link State Acknowledgment delayed. */
4292 void ospf_ls_ack_send_delayed(struct ospf_interface *oi)
4293 {
4294 struct in_addr dst;
4295
4296 /* Decide destination address. */
4297 /* RFC2328 Section 13.5 On non-broadcast
4298 networks, delayed Link State Acknowledgment packets must be
4299 unicast separately over each adjacency (i.e., neighbor whose
4300 state is >= Exchange). */
4301 if (oi->type == OSPF_IFTYPE_NBMA) {
4302 struct ospf_neighbor *nbr;
4303 struct route_node *rn;
4304
4305 for (rn = route_top(oi->nbrs); rn; rn = route_next(rn)) {
4306 nbr = rn->info;
4307
4308 if (!nbr)
4309 continue;
4310
4311 if (nbr != oi->nbr_self && nbr->state >= NSM_Exchange)
4312 while (listcount(oi->ls_ack))
4313 ospf_ls_ack_send_list(
4314 oi, oi->ls_ack,
4315 nbr->address.u.prefix4);
4316 }
4317 return;
4318 }
4319 if (oi->type == OSPF_IFTYPE_VIRTUALLINK)
4320 dst.s_addr = oi->vl_data->peer_addr.s_addr;
4321 else if (oi->state == ISM_DR || oi->state == ISM_Backup)
4322 dst.s_addr = htonl(OSPF_ALLSPFROUTERS);
4323 else if (oi->type == OSPF_IFTYPE_POINTOPOINT)
4324 dst.s_addr = htonl(OSPF_ALLSPFROUTERS);
4325 else if (oi->type == OSPF_IFTYPE_POINTOMULTIPOINT)
4326 dst.s_addr = htonl(OSPF_ALLSPFROUTERS);
4327 else
4328 dst.s_addr = htonl(OSPF_ALLDROUTERS);
4329
4330 while (listcount(oi->ls_ack))
4331 ospf_ls_ack_send_list(oi, oi->ls_ack, dst);
4332 }
4333
4334 /*
4335 * On pt-to-pt links, all OSPF control packets are sent to the multicast
4336 * address. As a result, the kernel does not need to learn the interface
4337 * MAC of the OSPF neighbor. However, in our world, this will delay
4338 * convergence. Take the case when due to a link flap, all routes now
4339 * want to use an interface which was deemed to be costlier prior to this
4340 * event. For routes that will be installed, the missing MAC will have
4341 * punt-to-CPU set on them. This may overload the CPU control path that
4342 * can be avoided if the MAC was known apriori.
4343 */
4344 void ospf_proactively_arp(struct ospf_neighbor *nbr)
4345 {
4346 if (!nbr || !nbr->oi->ospf->proactive_arp)
4347 return;
4348
4349 ospf_zebra_send_arp(nbr->oi->ifp, &nbr->address);
4350 }
FRRouting mirror