summaryrefslogtreecommitdiff
path: root/ospf6d/ospf6_lsa.h
AgeCommit message (Collapse)Author
2012-10-25lib: improve fletcher checksum validationJR Rivers
OVERVIEW The checksum used in OSPF (rfc2328) is specified in rc905 annex B. There is an sample implementation in rfc1008 which forms the basis of the quagga implementation. This algorithm works perfectly when generating a checksum; however, validation is a bit problematic. The following LSA (generated by a non-quagga implementation) is received by quagga and marked with an invalid checksum; however, it passes both the rfc905 and rfc1008 validation checks. static uint8_t lsa_10_121_233_29[] = { 0x0e, 0x10, 0x02, 0x03, 0x09, 0x00, 0x35, 0x40, 0x0a, 0x79, 0xe9, 0x1d, 0x80, 0x00, 0x00, 0x03, 0x00, 0x8a, 0x00, 0x1c, 0xff, 0xff, 0xff, 0xe0, 0x00, 0x00, 0x36, 0xb0 }; LS Type: Summary-LSA (IP network) LS Age: 3600 seconds Do Not Age: False Options: 0x02 (E) Link-State Advertisement Type: Summary-LSA (IP network) (3) Link State ID: 9.0.53.64 Advertising Router: 10.121.233.29 (10.121.233.29) LS Sequence Number: 0x80000003 LS Checksum: 0x008a Length: 28 Netmask: 255.255.255.224 Metric: 14000 You'll note that one byte of the checksum is 0x00; quagga would calculate the checksum as 0xff8a. It can be argued that the sourcing implementation generates an incorrect checksum; however, rfc905 indicates that, for 1's complement arithmetic, the value 255 shall be regarded as 0, thus either values are valid. EXPLANATION The quagga ospfd and ospf6d implementations operate by copying the PDU's existing checksum in a holding variable, calculating the checksum, and comparing the resulting checksum to the original. As a note, this implementation has the side effect of modifying the contents of the PDU. Evaluation of both rfc905 and rfc1008 shows that checksum validation should involve calculating the sum over the PDU and checking that both resulting C0 and C1 values are zero. This behavior is enacted in the rfc1008 implementation by calling encodecc with k = 0 (checksum offset); however, this functionality had been omitted from the quagga implementation. PATCH This patch adds the ability to call the quagga's fletcher_checksum() with a checksum offset value of 0xffff (aka FLETCHER_CHECKSUM_VALIDATE) which returns the sum over the buffer (a value of 0 indicates a valid checksum). This is similar to the mechanism in rfc1008 when called with k = 0. The patch also introduces ospf_lsa_checksum_valid(). ospf6d had it's own implementation of the fletcher checksum in ospf6_lsa_checksum(); it's the same algorithm as in fletcher_checksum(). This patch removes the local implementation in favor of the library's as well as creates and uses ospf6_lsa_checksum_valid(). quagga's ISIS implementation suffers from the same problem; however, I do not have the facilities to validate a fix to ISIS, thus this change has been left to the ISIS maintainers. The function iso_csum_verify() should be reduced to running the fletcher checksum over the buffer using an offset of 0. Signed-off-by: JR Rivers <jrrivers@cumulusnetworks.com> Reviewed-by: Scott Feldman <sfeldma@cumulusnetworks.com> Reviewed-by: Nolan Leake <nolan@cumulusnetworks.com> Reviewed-by: Ayan Banerjee <ayan@cumulusnetworks.com> Reviewed-by: Shrijeet Mukherjee <shm@cumulusnetworks.com> Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
2012-01-08ospf6d: ospf6_lsa_cmd_init() does not existDenis Ovsienko
2011-09-26ospf6d: CVE-2011-3323 (fortify packet reception)Denis Ovsienko
This vulnerability (CERT-FI #514840) was reported by CROSS project. ospf6d processes IPv6 prefix structures in incoming packets without verifying that the declared prefix length is valid. This leads to a crash caused by out of bounds memory access. * ospf6_abr.h: new macros for size/alignment validation * ospf6_asbr.h: idem * ospf6_intra.h: idem * ospf6_lsa.h: idem * ospf6_message.h: idem * ospf6_proto.h: idem * ospf6_message.c * ospf6_packet_minlen: helper array for ospf6_packet_examin() * ospf6_lsa_minlen: helper array for ospf6_lsa_examin() * ospf6_hello_recv(): do not call ospf6_header_examin(), let upper layer verify the input data * ospf6_dbdesc_recv(): idem * ospf6_lsreq_recv(): idem * ospf6_lsupdate_recv(): idem * ospf6_lsack_recv(): idem * ospf6_prefixes_examin(): new function, implements A.4.1 * ospf6_lsa_examin(): new function, implements A.4 * ospf6_lsaseq_examin(): new function, an interface to above * ospf6_packet_examin(): new function, implements A.3 * ospf6_rxpacket_examin(): new function, replaces ospf6_header_examin() * ospf6_header_examin(): sayonara * ospf6_receive(): perform passive interface check earliest possible, employ ospf6_rxpacket_examin()
2011-03-21ospf6d: Have ospf6d cleanup when it terminates normallyTom Goff
A clean exit makes it easier to use memory debuggers. * ospf6_asbr.c: (ospf6_asbr_terminate) Add a function to do route map cleanup. * ospf6_lsa.c: (ospf6_lsa_terminate) Add a function to cleanup the lsa handler vector. * ospf6_main.c: (ospf6_exit) Add an function that causes ospf6d to gracefully exit. * ospf6_message.c: (ospf6_message_terminate) Add a function that frees the send and receive buffers. * ospf6_top.c: (ospf6_delete) Enable the ospf6_delete() function. Disable ospf6 before freeing everything.
2008-08-22[trivia] finish off static'ification of ospf6d and ripngdPaul Jakma
2008-08-15 Paul Jakma <paul.jakma@sun.com> * {ospf6d,ripngd}/*: Finish job of marking functions as static, or exporting declarations for them, to quell warning noise with Quagga's GCC default high-level of warning flags. Thus allowing remaining, more useful warnings to be more easily seen.
2004-12-082004-12-08 Andrew J. Schorr <ajschorr@alumni.princeton.edu>ajs
* *.h: Change level of debug messages to LOG_DEBUG.
2004-11-25Merge svn revisions 1208, 1222 and 1228 from Zebra cvs.hasso
2004-10-102004-10-10 Paul Jakma <paul@dishone.st>paul
* ospf6_route.c: Add const qualifier to various char arrays of constants. signed/unsigned fixes. (ospf6_linkstate_table_show) argv is const * ospf6_snmp.c: listnode typedef is dead. (ospf6_snmp_init) Take struct thread_master arg, needed for smux_init. * ospf6_snmp.h: update ospf6_snmp_init declaration. * ospf6d.c: (ospf6_init) add const qualifier to sargv, pass master to ospf_snmp6_init. * ospf6_asbr.c: const char update. * ospf6_interface.c: ditto, plus signed/unsigned fixes. (ipv6_ospf6_cost) Check whether cost fits in u_int32_t and use strtoul. * ospf6_intra.c: const char update. Parenthesise expression. * ospf6_lsa.c: signed/unsigned and const char updates. * ospf6_proto.c: ditto. * ospf6_message.c: ditto. * ospf6_lsdb.c: signed/unsigned update. * ospf6_main.c: const char update. * ospf6_neighbor.c: ditto. * ospf6_spf.c: ditto. * ospf6_top.c: ditto.
2004-09-01Merge svn revision 975 from Zebra repository.hasso
2004-08-25SVN revisions 935-940 merge from Zebra CVS.hasso
2004-08-19Merge svn revisions 924 and 925 from Zebra CVS. Also remove uselesshasso
ospf6_lsdb prototype declaration from ospf6_lsa.h. Report sent to Yasuhiro Ohara as well.
2004-08-15SVN revisions 916-920 from Zebra. ABR support is almost done.hasso
2004-08-04SVN revision 907 from Zebra cvs repository.hasso
2004-05-18Update to latest (really :) ospf6d from Zebra repository and some tinyhasso
fixes.
2004-05-18Ospf6d merge from Zebra repository with added privs stuff and mergedhasso
zclient changes.
2002-12-13Initial revisionpaul