diff options
author | David Lamparter <equinox@opensourcerouting.org> | 2012-11-27 01:10:26 +0000 |
---|---|---|
committer | David Lamparter <equinox@opensourcerouting.org> | 2012-12-12 15:38:07 +0100 |
commit | b72f345d2e078d4cd0559234d051214f58eef542 (patch) | |
tree | c41a98533af78d54c5e5cca0151848b86c9d5139 | |
parent | 19f78cebd2ce50f0d1f367cd759cdcfb1a500f59 (diff) |
isisd: drop hellos without supported protocol list
isisd should not form adjacencies on receiving an IS-IS Hello without a
list of supported protocols (cf. RFC 1195 s4.4 p32 "Maintaining Router
Adjacencies") Also fixes memleaks in these error cases.
* isisd/isis_pdu.c: improve TLVFLAG_NLPID handling
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Tested-by: Martin Winter <mwinter@opensourcerouting.org>
-rw-r--r-- | isisd/isis_pdu.c | 30 |
1 files changed, 25 insertions, 5 deletions
diff --git a/isisd/isis_pdu.c b/isisd/isis_pdu.c index 083ddc72..8a92789f 100644 --- a/isisd/isis_pdu.c +++ b/isisd/isis_pdu.c @@ -493,6 +493,13 @@ process_p2p_hello (struct isis_circuit *circuit) return ISIS_WARNING; } + if (!(found & TLVFLAG_NLPID)) + { + zlog_warn ("No supported protocols TLV in P2P IS to IS hello"); + free_tlvs (&tlvs); + return ISIS_WARNING; + } + /* 8.2.5.1 c) Authentication */ if (circuit->passwd.type) { @@ -550,9 +557,11 @@ process_p2p_hello (struct isis_circuit *circuit) tlvs_to_adj_area_addrs (&tlvs, adj); /* which protocol are spoken ??? */ - if (found & TLVFLAG_NLPID) - if (tlvs_to_adj_nlpids (&tlvs, adj)) - return ISIS_ERROR; + if (tlvs_to_adj_nlpids (&tlvs, adj)) + { + free_tlvs (&tlvs); + return ISIS_WARNING; + } /* we need to copy addresses to the adj */ if (found & TLVFLAG_IPV4_ADDR) @@ -973,6 +982,14 @@ process_lan_hello (int level, struct isis_circuit *circuit, u_char * ssnpa) goto out; } + if (!(found & TLVFLAG_NLPID)) + { + zlog_warn ("No supported protocols TLV in Level %d LAN IS to IS hello", + level); + retval = ISIS_WARNING; + goto out; + } + /* Verify authentication, either cleartext of HMAC MD5 */ if (circuit->passwd.type) { @@ -1103,8 +1120,11 @@ process_lan_hello (int level, struct isis_circuit *circuit, u_char * ssnpa) tlvs_to_adj_area_addrs (&tlvs, adj); /* which protocol are spoken ??? */ - if (found & TLVFLAG_NLPID) - tlvs_to_adj_nlpids (&tlvs, adj); + if (tlvs_to_adj_nlpids (&tlvs, adj)) + { + retval = ISIS_WARNING; + goto out; + } /* we need to copy addresses to the adj */ if (found & TLVFLAG_IPV4_ADDR) |