| Age | Commit message (Collapse) | Author |
|---|
|
VU#229804 reports that, by injecting Router LSAs with the Advertising
Router ID different from the Link State ID, OSPF implementations can be
tricked into retaining and using invalid information.
Quagga is not vulnerable to this because it looks up Router LSAs by
(Router-ID, LS-ID) pair. The relevant code is in ospf_lsa.c l.3140.
Note the double "id" parameter at the end.
Still, we can provide an improvement here by discarding such malformed
LSAs and providing a warning to the administrator. While we cannot
prevent such malformed LSAs from entering the OSPF domain, we can
certainly try to limit their distribution.
cf. http://www.kb.cert.org/vuls/id/229804 for the vulnerability report.
This issue is a specification issue in the OSPF protocol that was
discovered by Dr. Gabi Nakibly.
Reported-by: CERT Coordination Center <cert@cert.org>
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
|
|
An ospf router should accept a new maxage LSA into its lsdb if it has any
neighbors in state Exchange or Loading. ospfd would however only account
for neighbors on the same interface which does not seem to be a valid
optimization.
Signed-off-by: Christian Franke <chris@opensourcerouting.org>
Signed-off-by: Joachim Nilsson <troglobit@gmail.com>
Signed-off-by: David Lamparter <equinox@diac24.net>
|
|
If configured without opaque LSA support, the old code would incorrectly
associate type 5 LSAs with an area.
Signed-off-by: Christian Franke <chris@opensourcerouting.org>
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
|
|
A set of patches to clarify some comments as well as cleanup code that was
causing warnings. After these patches, the code can be compiled with
-Wall -Wsign-compare -Wpointer-arith -Wbad-function-cast -Wwrite-strings
-Wmissing-prototypes -Wmissing-declarations -Wchar-subscripts -Wcast-qual
-Wextra -Wno-unused-parameter -Wno-missing-field-initializers
(what is current in trunk plus -Wextra -Wno-unused-parameter
-Wno-missing-field-initializers).
Signed-off-by: Scott Feldman <sfeldma@cumulusnetworks.com>
|
|
Signed-off-by: Scott Feldman <sfeldma@cumulusnetworks.com>
|
|
Reduce the log level for the MaxAge LSA reception when such an LSA does
not exist in the database.
Signed-off-by: Ayan Banerjee <ayan@cumulusnetworks.com>
Reviewed-by: Scott Feldman <sfeldma@cumulusnetworks.com>
Reviewed-by: Nolan Leake <nolan@cumulusnetworks.com>
Signed-off-by: Scott Feldman <sfeldma@cumulusnetworks.com>
|
|
OVERVIEW
The checksum used in OSPF (rfc2328) is specified in rc905 annex B. There is an
sample implementation in rfc1008 which forms the basis of the quagga
implementation. This algorithm works perfectly when generating a checksum;
however, validation is a bit problematic.
The following LSA (generated by a non-quagga implementation) is received by
quagga and marked with an invalid checksum; however, it passes both the rfc905
and rfc1008 validation checks.
static uint8_t lsa_10_121_233_29[] = {
0x0e, 0x10, 0x02, 0x03,
0x09, 0x00, 0x35, 0x40,
0x0a, 0x79, 0xe9, 0x1d,
0x80, 0x00, 0x00, 0x03,
0x00, 0x8a, 0x00, 0x1c,
0xff, 0xff, 0xff, 0xe0,
0x00, 0x00, 0x36, 0xb0
};
LS Type: Summary-LSA (IP network)
LS Age: 3600 seconds
Do Not Age: False
Options: 0x02 (E)
Link-State Advertisement Type: Summary-LSA (IP network) (3)
Link State ID: 9.0.53.64
Advertising Router: 10.121.233.29 (10.121.233.29)
LS Sequence Number: 0x80000003
LS Checksum: 0x008a
Length: 28
Netmask: 255.255.255.224
Metric: 14000
You'll note that one byte of the checksum is 0x00; quagga would calculate the
checksum as 0xff8a.
It can be argued that the sourcing implementation generates an incorrect
checksum; however, rfc905 indicates that, for 1's complement arithmetic, the
value 255 shall be regarded as 0, thus either values are valid.
EXPLANATION
The quagga ospfd and ospf6d implementations operate by copying the PDU's
existing checksum in a holding variable, calculating the checksum, and comparing
the resulting checksum to the original. As a note, this implementation has the
side effect of modifying the contents of the PDU.
Evaluation of both rfc905 and rfc1008 shows that checksum validation should
involve calculating the sum over the PDU and checking that both resulting C0 and
C1 values are zero. This behavior is enacted in the rfc1008 implementation by
calling encodecc with k = 0 (checksum offset); however, this functionality had
been omitted from the quagga implementation.
PATCH
This patch adds the ability to call the quagga's fletcher_checksum() with a
checksum offset value of 0xffff (aka FLETCHER_CHECKSUM_VALIDATE) which returns
the sum over the buffer (a value of 0 indicates a valid checksum). This is
similar to the mechanism in rfc1008 when called with k = 0. The patch also
introduces ospf_lsa_checksum_valid().
ospf6d had it's own implementation of the fletcher checksum in
ospf6_lsa_checksum(); it's the same algorithm as in fletcher_checksum(). This
patch removes the local implementation in favor of the library's as well as creates
and uses ospf6_lsa_checksum_valid().
quagga's ISIS implementation suffers from the same problem; however, I do not
have the facilities to validate a fix to ISIS, thus this change has been left to
the ISIS maintainers. The function iso_csum_verify() should be reduced to
running the fletcher checksum over the buffer using an offset of 0.
Signed-off-by: JR Rivers <jrrivers@cumulusnetworks.com>
Reviewed-by: Scott Feldman <sfeldma@cumulusnetworks.com>
Reviewed-by: Nolan Leake <nolan@cumulusnetworks.com>
Reviewed-by: Ayan Banerjee <ayan@cumulusnetworks.com>
Reviewed-by: Shrijeet Mukherjee <shm@cumulusnetworks.com>
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
|
|
Protocol version checks fits ospf_packet_examin() better (like it is
implemented in ospf6d), and packet type check is already there.
|
|
The old ospf_check_auth() function did two different jobs depending on
AuType. For Null and Simple cases it actually authenticated the packet,
but for Cryptographic case it only checked declared packet size (not
taking the actual number of bytes on wire into account). The calling
function, ospf_verify_header(), had its own set of MD5/checksum checks
dispatched depending on AuType.
This commit makes the packet size check work against the real number of
bytes and moves it to ospf_packet_examine(). All MD5/checksum
verification is now performed in ospf_check_auth() function.
* ospf_packet.c
* ospf_packet_examin(): check length with MD5 bytes in mind
* ospf_verify_header(): remove all AuType-specific code
* ospf_check_auth(): completely rewrite
|
|
An OSPFv2 packet with trailing data blocks (authentication and/or
link-local signaling) failed the recently implemented packet length
check, because trailing data length isn't counted in the packet header
"length" field. This commit fixes respective check conditions.
* ospf_packet.c
* ospf_packet_examin(): use "bytesdeclared" instead of "bytesonwire"
|
|
This commit ports more packet checks to OSPFv2, in particular, LSA size
verification and Router-LSA link blocks verification.
* ospf_lsa.h: add LSA size macros
* ospf_packet.h: add struct ospf_ls_update
* ospf_packet.c
* ospf_lsa_minlen[]: a direct equivalent of ospf6_lsa_minlen[]
* ospf_router_lsa_links_examin(): new function, verifies trailing
part of a Router-LSA
* ospf_lsa_examin(): new function like ospf6_lsa_examin()
* ospf_lsaseq_examin(): new function like ospf6_lsaseq_examin()
* ospf_packet_examin(): add type-specific deeper level checks
|
|
Rewrite some pointer arithmetics without the additional variables and
move byte order conversion inside the function.
|
|
1. The only purpose of "ibuf" argument was to get stream size, which
was always equal to OSPF_MAX_PACKET_SIZE + 1, exactly as initialized
in ospf_new().
2. Fix the packet size check condition, which was incorrect for very
large packets, at least in theory.
|
|
This commit ports some of the OSPFv3 packet reception checks
to OSPFv2.
* ospf_packet.c
* ospf_packet_minlen[]: a direct equivalent of ospf6_packet_minlen[]
* ospf_packet_examin(): new function designed after the first part
of ospf6_packet_examin()
* ospf_read(): verify received packet with ospf_packet_examin()
* ospf_packet.h: add convenience macros
|
|
|
|
* ospf_packet.h: add proper str/max extern declarations
* ospf_packet.c
* ospf_packet_type_str: rewrite in "struct message", add max value
* ospf_packet_add(): use LOOKUP()
* ospf_write(): ditto
* ospf_hello(): ditto
* ospf_read(): ditto
* ospf_dump.h: the declaration does not belong here
* ospf_dump.c
* ospf_header_dump(): use LOOKUP()
* show_debugging_ospf(): ditto
|
|
* (general) Move functions in headers into files, to be compiled into
shared object files. Remove inline qualifier from functions. Let the
compiler do the work.
|
|
* ospf_packet.c (ospf_recv_packet): FreeBSD, starting from version 10, will not
subtract the IP header size from ip_len.
This is the patch from FreeBSD's ports/net/quagga/files/patch-ospfd__ospf_packet.c,
by Boris Kovalenko.
|
|
|
|
commit '717750433839762d23a5f8d88fe0b4d57c8d490a' causes SEGV error,
when 'oi = ospf_if_lookup_recv_if (ospf, iph->ip_src, ifp);' returns
NULL.
* ospf_packet.c
* ospf_read(): change a place of calling 'ospf_verify_header()'
|
|
This vulnerability (CERT-FI #514838) was reported by CROSS project.
The error is reproducible only when ospfd debugging is enabled:
* debug ospf packet all
* debug ospf zebra
When incoming packet header type field is set to 0x0a, ospfd will crash.
* ospf_packet.c
* ospf_verify_header(): add type field check
* ospf_read(): perform input checks early
|
|
This vulnerability (CERT-FI #514838) was reported by CROSS project.
When only 14 first bytes of a Hello packet is delivered, ospfd crashes.
* ospf_packet.c
* ospf_read(): add size check
|
|
|
|
* It's possible for the packet output buffer to be filled up with a long
series of non-Hello packets in between Hellos packets, such that the
router's neighbours don't receive the Hello packet in time, even though
the hello-timer ran at about the right time. Fix this by prioritising
Hello packets, letting them skip the queue and go ahead of any packets
already on the queue.
This problem can occur when there are lots of LSAs and slow links.
* ospf_packet.h: (ospf_hello_send_sub) not used outside of ospf_packet.c
* ospf_packet.c: (ospf_fifo_push_head) add packet to head of fifo (so its
no longer really a fifo, but hey)
(ospf_packet_add_top) add packet to top of the packet output queue.
(ospf_hello_send_sub) Put Hello's at the top of the packet output queue.
make it take in_addr_t parameter, so that this
ospf_hello_send can re-use this code too.
(ospf_hello_send) consolidate code by using ospf_hello_send_sub
(ospf_poll_send,ospf_hello_reply_timer) adjust for ospf_hello_send_sub.
|
|
* The hello protocol monitors connectivity in 2 different ways:
a) local -> remote
b) remote -> local
Connectivity is required in both directions (2-way) for adjacencies to
form.
The first requires a round-trip to detect, and is done by advertising
which other hosts a router knows about in its hello messages. This allows
a host to detect which other routers are and are not receiving its
message. If a remote neighbour delists the local router, then the local
router raises a "1-Way Received" event.
The latter is straight-forward, and is detected by setting a timer for the
neighbour. If another Hello packet is not received within this time then
the neighbour is dead, and a separate "Inactive" event is raised.
These are 2 different and relatively independent measures.
Knowing that we can optimise the 2nd, remote->local measure and reset
the timer when /any/ packet arrives from that neighbour. For any packet
is as good as a Hello packet. This can help in marginal situations, where
the number of protocol messages that must be sent sometimes can exceed
the capacity of the network to transmit the messages within the configured
dead-time. I.e. an OSPF network with lots of LSAs, slow links and/or
slow hosts (e.g. O(10k) LSAs, O(100kbit) links, embedded CPUs, and O(10s)
dead-times).
This optimisation allows an OSPF network to run closer to this margin,
and/or allows networks to perhaps better cope with rare periods of
exceptional load, where otherwise they would not.
It's fully compatible with plain OSPF implementations and doesn't
prejudice dead-neighbour detection.
* ospf_nsm.h: Rename HelloReceived event to PacketReceived.
* ospf_nsm.c: (nsm_hello_received) -> nsm_packet_received
* ospf_packet.c: Schedule PacketReceived whenever a valid message is
received.
|
|
* ospf_packet.c: (ospf_ls_upd) the corresponding test on the arrival side
in (ospf_flood) is <, so this should be >=, not >, purely for consistency.
There is no practical effect here though.
|
|
|
|
* ospf_packet.c: (ospf_ls_upd) DISCARD_LSA continues, and so should be
after debug messages, not before them.
|
|
* ospf_packet.c: make this message conditional on 'debug ospf event', as it
be easily triggered with, e.g., multiple subnets sharing same physical
network. E.g, see bug #532.
|
|
This function will return the interface for the first matching
remote address for PtP i/f's. That won't work for multiple
unnumbered i/f's as these may all have the same address.
Pass in the struct interface pointer, ifp, to find the
correct set of oi's to search in. This also reduces the
size of the search list, making it faster.
* ospfd/ospf_interface.c: Add struct interface * param to
ospf_if_lookup_recv_if() to select the right list to search in.
* ospfd/ospf_interface.h: ditto.
* ospfd/ospf_packet.c: Pass new ifp argument to ospf_if_lookup_recv_if()
|
|
|
|
* ospf_packet.c: Apply passive check and drop for all packages
and not just Hellos.
Signed-off-by: Paul Jakma <paul@quagga.net>
|
|
Update ospf_db_desc_send(), ospf_ls_upd_queue_send() and ospf_ls_req_send()
to always use OSPF_ALLSPFROUTERS for PtP links.
See RFC 2328, chap 8.1 for details:
"The IP destination address for the packet is selected as
follows. On physical point-to-point networks, the IP
destination is always set to the address AllSPFRouters."
Without this, it won't be possible to establish adjacencies on
multiple unnumbered links to the same router.
ChangeLog:
2008-07-25 Joakim Tjernlund <Joakim.Tjernlund@transmode.se>
* ospfd/ospf_packet.c: Set destination for PtP links to
OSPF_ALLSPFROUTERS.
|
|
|
|
2007-05-09 Paul Jakma <paul.jakma@sun.com>
* configure.ac: sys/conf.h depends on sys/param.h, at least on
FBSD 6.2.
(bug #363) Should check for in_pktinfo for IRDP
2006-05-27 Paul Jakma <paul.jakma@sun.com>
* configure.ac: General cleanup of header and type checks, introducing
an internal define, QUAGGA_INCLUDES, to build up a list of
stuff to include so as to avoid 'present but cant be compiled'
warnings.
Misc additional checks of things missing according to autoscan.
Add LIBM, for bgpd's use of libm, so as to avoid burdening
LIBS, and all the binaries, with libm linkage.
Remove the bad practice of using m4 changequote(), just
quote the []'s in the case statements properly.
This should fix bugs 162, 303 and 178.
* */*.{c,h}: Update all HAVE_* to the standard autoconf namespaced
HAVE_* defines. I.e. HAVE_SA_LEN -> HAVE_STRUCT_SOCKADDR_SA_LEN,
* bgpd/Makefile.am: Add LIBM to bgpd's LDADD, for pow().
|
|
2006-10-22 Yar Tikhiy <yar@comp.chem.msu.su>
* (general) Add support for passive-interface default (with
minor edits by Paul Jakma).
* ospf_interface.h: Add OSPF_IF_PASSIVE_STATUS macro, looking
at configured value, or the global 'default' value, as
required.
* ospf_interface.c: (ospf_if_new_hook) Leave passive
unconfigured per default, allowing global 'default' to
take effect for unconfigured interfaces.
* ospf_packet.c: (various) use OSPF_IF_PASSIVE_STATUS
* ospf_vty.c: (ospf_passive_interface_default) new function,
unset passive from all interfaces if default is enabled, as
the per-iface settings become redundant.
(ospf_passive_interface_update) new func, update passive
setting taking global default into account.
({no,}ospf_passive_interface_addr_cmd) Add support for
'default' variant of command.
(show_ip_ospf_interface_sub) Update to take global
default into account when printing passive status.
(ospf_config_write) ditto.
* ospfd.c: (ospf_new) set global passive-interface default.
* ospfd.h: (struct ospf) Add field for global
passive-interface.
|
|
2006-09-25 Andrew J. Schorr <ajschorr@alumni.princeton.edu>
* ospf_packet.c: (ospf_packet_dup, ospf_make_md5_digest)
Fix zlog_warn messages to eliminate compiler warnings.
(ospf_hello) Improve warning messages to show why we
are complaining.
|
|
2006-08-28 Andy Gay <andy@andynet.net>
* ospf_packet.c: (ospf_make_db_desc) Assert added with More-bit
fixes does not hold up with addition of Ogier DB-Exchange
optimisation, which can empty the db-summary list in between
sent DD packets. Remove assert, update More-bit always when
in Exchange.
|
|
2006-08-25 Paul Jakma <paul.jakma@sun.com>
* (general) Bug #134. Be more robust to backward time changes,
use the newly added libzebra time functions.
In most cases: recent_time -> recent_relative_time()
gettimeofday -> quagga_gettime (QUAGGA_CLK_MONOTONIC, ..)
time -> quagga_time.
(ospf_make_md5_digest) time() call deliberately not changed.
(ospf_external_lsa_refresh) remove useless gettimeofday, LSA
tv_orig time was already set in ospf_lsa_new, called via
ospf_external_lsa_new.
|
|
2006-08-03 Paul Jakma <paul.jakma@sun.com>
* ospf_packet.c: (ospf_make_db_desc) Implement
draft-ogier-ospf-dbex-opt DB-exchange optimisation.
|
|
2006-08-03 Paul Jakma <paul.jakma@sun.com>
* ospf_packet.c: (ospf_make_db_desc) Unset the DD More bit
after constructing the packet, if appropriate.
(ospf_db_desc_proc) Speed up Exchange, slave should raise
ExchangeDone earlier, as RFC mandates, by forming its reply
before deciding whether both sides are done, avoids a
needless round of empty DD packet exchanges at the end of
Exchange, hence speeding up ExchangeDone.
(ospf_db_desc) use UNSET_FLAG macro.
|
|
2006-07-26 Paul Jakma <paul.jakma@sun.com>
* ospf_lsa.{c,h}: (ospf_lsa_unlock) Change to take a double pointer
to the LSA to be 'unlocked', so that, if the LSA is freed, the
callers pointer to the LSA can be NULLed out, allowing any further
use of that pointer to provoke a crash sooner rather than later.
* ospf_*.c: (general) Adjust callers of ospf_lsa_unlock to match
previous. Try annotate 'locking' somewhat to show which 'locks'
are protecting what LSA reference, if not obvious.
* ospf_opaque.c: (ospf_opaque_lsa_install) Trivial: remove useless
goto, replace with return.
* ospf_packet.c: (ospf_make_ls_ack) Trivial: merge two list loops,
the dual-loop predated the delete-safe list-loop macro.
|
|
2006-07-10 Andrew J. Schorr <ajschorr@alumni.princeton.edu>
* ospf_packet.c: (ospf_hello) Improve NetworkMask mismatch warning
message to include interface name and conflicting prefix lengths.
|
|
2006-06-15 Paul Jakma <paul.jakma@sun.com>
* Reported by Milan Koci
* ospf_interface.h: (struct ospf_if_info) Add reference counts
for multicast group memberships. Add various macros to help
manipulate/check membership state.
* ospf_interface.c: (ospf_if_set_multicast) Maintain the
ospf_if_info reference counts, and only actually drop
memberships if it hits 0, to avoid losing membership when
OSPF is disabled on an interface with multiple active OSPF
interfaces.
* ospf_packet.c: (ospf_{hello,read}) Use the new macros to
check/set
multicast membership.
* ospf_vty.c: (show_ip_ospf_interface_sub) ditto.
|
|
2006-05-30 Paul Jakma <paul.jakma@sun.com>
* ospf_packet.c: (ospf_read) Debug message about packets
received on unenabled interfaces should be conditional on
debug being set.
|
|
2006-01-17 Paul Jakma <paul.jakma@sun.com>
* ospf_packet.c: (ospf_verify_header) print out the types
involved if there's a mismatch.
* ospf_zebra.c: (ospf_zebra_add) Adjust to new zserv format.
|
|
2006-01-10 Juris Kalnins <juris@mt.lv>
* ospf_packet.c: (ospf_make_md5_digest) fix odd, if not
undefined effect, assignment of an increment expression.
|
|
* ospf_packet.c: Change level of some warnings to
informational.
|
|
* ospf_apiserver.c: (apiserver_sync_callback) stray semi-colon
* ospf_packet.c: include checksum.h, remove the in_cksum extern
* prototypes.
* ospf_te.h: Add braces, quell warning.
|
|
* (general) SPF millisecond resolution timer with adaptive,
linear back-off holdtime. Prettification of ospf_timer_dump.
* ospf_dump.c: (ospf_timeval_dump) new function. The guts of
ospf_timer_dump, but made to be more dynamic in printing out
the relative timeval, sliding the precision printed out
according to the value.
(ospf_timer_dump) guts moved to ospf_timeval_dump.
* ospf_dump.h: export ospf_timeval_dump.
* ospf_flood.c: (ospf_flood) remove gettimeofday, use
the libzebra exported recent_time instead, as it's not
terribly critical to have time exactly right - the dropped
LSA will be retransmited to us if we don't ACK it.
* ospf_packet.c: (ospf_ls_upd_timer) Ditto, but here we're
not transmitting, just putting LSA back on update transmit list.
* ospfd.h: delay and holdtimes should be unsigned.
Add spf_max_holdtime and spf_hold_multiplier.
Update default defines for delay and hold time to be in msec.
(struct ospf) change the SPF timestamp to a struct timeval.
Remove ospf_timers_spf_(un)?set.
* ospfd.c: (ospf_timers_spf_{set,unset}) removed.
(ospf_new) initialise spf_max_holdtime and spf_hold_multiplier
* ospf_spf.c: (ospf_spf_calculate) SPF timestamp is a timeval
now, update with gettimeofday.
(ospf_spf_calculate_schedule) Change SPF timers to millisecond
resolution.
Make the holdtime be adaptive, with a linear increase in
holdtime ever consecutive SPF run which occurs within holdtime
of previous SPF, bounded by spf_max_holdtime.
* ospf_vty.c: Update spf timers commands.
(ospf_timers_spf_set) trivial helper.
(ospf_timers_throttle_spf_cmd) new command to set SPF delay,
initial hold and max hold times with millisecond resolution.
(ospf_timers_spf_cmd) Deprecated. Accept the old values,
convert to msec, truncate to new limits.
(no_ospf_timers_throttle_spf_cmd) set timers to defaults.
(no_ospf_timers_spf_cmd) deprecated form, same as previous.
(show_ip_ospf_cmd) Display SPF parameters and times.
(show_ip_ospf_neighbour_header) Centralise the 'sh ip os ne'
header.
(show_ip_ospf_neighbor_sub) Fix the field widths. Get rid of
the multiple spaces which were making the lines even longer.
(show_ip_ospf_neighbor_cmd) Use show_ip_ospf_neighbour_header
(show_ip_ospf_neighbor_all_cmd) ditto and fix the field
widths for NBMA neighbours.
(show_ip_ospf_neighbor_int) Use header function.
(show_ip_ospf_nbr_nbma_detail_sub) use sizeof for timebuf,
local array - safer.
(show_ip_ospf_neighbor_detail_sub) ditto
(ospf_vty_init) install the new SPF throttle timer commands.
|
