summaryrefslogtreecommitdiff
path: root/ospfd
AgeCommit message (Collapse)Author
2012-03-12ospfd: reduce ospf_verify_header()Denis Ovsienko
Protocol version checks fits ospf_packet_examin() better (like it is implemented in ospf6d), and packet type check is already there.
2012-03-12ospfd: bring ospf_check_auth() into focusDenis Ovsienko
The old ospf_check_auth() function did two different jobs depending on AuType. For Null and Simple cases it actually authenticated the packet, but for Cryptographic case it only checked declared packet size (not taking the actual number of bytes on wire into account). The calling function, ospf_verify_header(), had its own set of MD5/checksum checks dispatched depending on AuType. This commit makes the packet size check work against the real number of bytes and moves it to ospf_packet_examine(). All MD5/checksum verification is now performed in ospf_check_auth() function. * ospf_packet.c * ospf_packet_examin(): check length with MD5 bytes in mind * ospf_verify_header(): remove all AuType-specific code * ospf_check_auth(): completely rewrite
2012-03-12ospfd: introduce ospf_auth_type_str[]Denis Ovsienko
2012-03-12ospfd: fix packet length check for auth/LLS casesDenis Ovsienko
An OSPFv2 packet with trailing data blocks (authentication and/or link-local signaling) failed the recently implemented packet length check, because trailing data length isn't counted in the packet header "length" field. This commit fixes respective check conditions. * ospf_packet.c * ospf_packet_examin(): use "bytesdeclared" instead of "bytesonwire"
2012-03-12ospfd: introduce ospf_lsa_minlen[] (BZ#705)Denis Ovsienko
This commit ports more packet checks to OSPFv2, in particular, LSA size verification and Router-LSA link blocks verification. * ospf_lsa.h: add LSA size macros * ospf_packet.h: add struct ospf_ls_update * ospf_packet.c * ospf_lsa_minlen[]: a direct equivalent of ospf6_lsa_minlen[] * ospf_router_lsa_links_examin(): new function, verifies trailing part of a Router-LSA * ospf_lsa_examin(): new function like ospf6_lsa_examin() * ospf_lsaseq_examin(): new function like ospf6_lsaseq_examin() * ospf_packet_examin(): add type-specific deeper level checks
2012-03-12ospfd: review ospf_check_md5_digest()Denis Ovsienko
Rewrite some pointer arithmetics without the additional variables and move byte order conversion inside the function.
2012-03-12ospfd: review ospf_check_auth()Denis Ovsienko
1. The only purpose of "ibuf" argument was to get stream size, which was always equal to OSPF_MAX_PACKET_SIZE + 1, exactly as initialized in ospf_new(). 2. Fix the packet size check condition, which was incorrect for very large packets, at least in theory.
2012-03-12ospfd: introduce ospf_packet_minlen[] (BZ#705)Denis Ovsienko
This commit ports some of the OSPFv3 packet reception checks to OSPFv2. * ospf_packet.c * ospf_packet_minlen[]: a direct equivalent of ospf6_packet_minlen[] * ospf_packet_examin(): new function designed after the first part of ospf6_packet_examin() * ospf_read(): verify received packet with ospf_packet_examin() * ospf_packet.h: add convenience macros
2012-03-12ospfd: fix ospf_packet_add_top() to use LOOKUP()Denis Ovsienko
2012-03-12ospfd: use LOOKUP() for ospf_packet_type_strDenis Ovsienko
* ospf_packet.h: add proper str/max extern declarations * ospf_packet.c * ospf_packet_type_str: rewrite in "struct message", add max value * ospf_packet_add(): use LOOKUP() * ospf_write(): ditto * ospf_hello(): ditto * ospf_read(): ditto * ospf_dump.h: the declaration does not belong here * ospf_dump.c * ospf_header_dump(): use LOOKUP() * show_debugging_ospf(): ditto
2012-01-23fix zebra protocol after MP-BGP changesDenis Ovsienko
The previous commits modified both zebra and bgpd for additional SAFI field, but not any other routing daemon, which led to zebra daemon crashing with failed assertion.
2012-01-08ospfd: use IS_LSA_SELF() where appropriateDenis Ovsienko
2012-01-08ospfd: justify ospf_default_originate_timer()Denis Ovsienko
The function is implemented in ospf_lsa.c, move its "extern" declaration to ospf_lsa.h for consistency.
2012-01-08ospfd: address more trivial compiler warningsDenis Ovsienko
* ospf_ase.c * ospf_ase_complete_direct_routes(): dismiss unused variable
2012-01-06general: remove inline qualifiers and move in-header functions to objectsPaul Jakma
* (general) Move functions in headers into files, to be compiled into shared object files. Remove inline qualifier from functions. Let the compiler do the work.
2012-01-02lib: fix some strtoul() use casesUlrich Weber
...otherwise 4294967295 is not a valid value on 32bit systems
2012-01-02ospfd: fix bug in NSSA ABR status checkDenis Ovsienko
* ospf_abr.c * ospf_abr_nssa_am_elected(): feed "best" instead of "address of best" into IPV4_ADDR_CMP(), because "best" is a pointer; also, mean s_addr field of the structures to get better typed pointers
2012-01-02ospfd: fix packet reception for FreeBSD 10.Dmitrij Tejblum
* ospf_packet.c (ospf_recv_packet): FreeBSD, starting from version 10, will not subtract the IP header size from ip_len. This is the patch from FreeBSD's ports/net/quagga/files/patch-ospfd__ospf_packet.c, by Boris Kovalenko.
2011-12-21ospfd: more info in LSA checksum warning (BZ#685)Jaroslav Fojtik
2011-12-13lib: put route_types.txt to real useDavid Lamparter
this replaces most occurences of routing protocol lists by preprocessor defines from route_types.h. the latter is autogenerated from route_types.txt by a perl script (previously awk). adding a routing protocol now is mostly a matter of changing route_types.txt and log.c. Conflicts: lib/route_types.awk
2011-12-13build: delete .cvsignore filesDenis Ovsienko
2011-12-13ospfd: spellingDenis Ovsienko
2011-12-13quagga: option "-z" ("--socket <path>") addedVyacheslav Trushkin
All daemons modified to support custom path to zserv socket. lib: generalize a zclient connection zclient_socket_connect added. zclient_socket and zclient_socket_un were hidden under static expression. "zclient_serv_path_set" modified.
2011-12-07ospfd: remove unused codeStephen Hemminger
The code for nssa_range and other bits that were written but never used.
2011-12-06ospfd: avoid redundant lookup in ospf_redistribute_withdrawStephen Hemminger
The old algorithim looked up every node twice as it withdrew the entry. It looks up entry once in redistribute_withdraw, then looks it up again info_delete. Use result of first lookup to do the free directly. This may explain the slow performance observed in https://bugzilla.vyatta.com/show_bug.cgi?id=4421
2011-11-15ospfd: improve fix to CVE-2011-3326 (BZ#586)Thomas Ries
Make ospf_flood() propagate error returned by ospf_lsa_install() further to properly discard the malformed LSA, not just prevent the immediate crash.
2011-09-29ospfd: fix regression in recent commitYAMAMOTO Shigeru
commit '717750433839762d23a5f8d88fe0b4d57c8d490a' causes SEGV error, when 'oi = ospf_if_lookup_recv_if (ospf, iph->ip_src, ifp);' returns NULL. * ospf_packet.c * ospf_read(): change a place of calling 'ospf_verify_header()'
2011-09-27ospfd: remove unused macroDenis Ovsienko
2011-09-27ospfd: spellingDenis Ovsienko
2011-09-27ospfd: use existing macro for consistencyDenis Ovsienko
2011-09-27ospfd: sizing macros cleanupDenis Ovsienko
* ospf_spf.c * ROUTER_LSA_TOS_SIZE: prepend OSPF_ and move to ospf_lsa.h * ROUTER_LSA_MIN_SIZE: replace with existing OSPF_ROUTER_LSA_LINK_SIZE
2011-09-27lib: simplify interface of setsockopt_multicast_ipv4().Dmitrij Tejblum
* sockopt.[ch] (setsockopt_ipv4_multicast): ifindex is now mandatory (all non-ancient OSes can use it anyway), and if_addr parameter (the address of the interface) is now gone. (setsockopt_ipv4_multicast_if): IP_MULTICAST_IF processing moved to this new function * ospf_network.c (ospf_if_add_allspfrouters, ospf_if_drop_allspfrouters, ospf_if_add_alldrouters, ospf_if_drop_alldrouters, ospf_if_ipmulticast), rip_interface.c (ipv4_multicast_join, ipv4_multicast_leave, rip_interface_new): adapt to the new interface
2011-09-27ospfd: remove useless RFC1583 checkAlexandre Chappuis
* ospf_route.c: Function ospf_asbr_route_cmp is called uniquely from ospf_route_cmp() when the flag OSPF_RFC1583_COMPATIBLE is not set. Therefore, the check that the flag is set doesn't make sense at all and it can consequently be removed without doing any harm. Signed-off-by: Alexandre Chappuis <alc@open.ch> Signed-off-by: Roman Hoog Antink <rha@open.ch>
2011-09-26ospfd: CVE-2011-3325 part 2 (OSPF pkt type segv)Denis Ovsienko
This vulnerability (CERT-FI #514838) was reported by CROSS project. The error is reproducible only when ospfd debugging is enabled: * debug ospf packet all * debug ospf zebra When incoming packet header type field is set to 0x0a, ospfd will crash. * ospf_packet.c * ospf_verify_header(): add type field check * ospf_read(): perform input checks early
2011-09-26ospfd: CVE-2011-3325 part 1 (OSPF header underrun)Denis Ovsienko
This vulnerability (CERT-FI #514838) was reported by CROSS project. When only 14 first bytes of a Hello packet is delivered, ospfd crashes. * ospf_packet.c * ospf_read(): add size check
2011-09-26ospfd: CVE-2011-3326 (uknown LSA type segfault)CROSS
This vulnerability (CERT-FI #514837) was reported by CROSS project. They have also suggested a fix to the problem, which was found acceptable. Quagga ospfd does not seem to handle unknown LSA types in a Link State Update message correctly. If LSA type is something else than one supported by Quagga, the default handling of unknown types leads to an error. * ospf_flood.c * ospf_flood(): check return value of ospf_lsa_install()
2011-07-13Merge remote-tracking branch 'polymorf/master'Greg Troxel
2011-04-13ospf: Fix OSPF API and ospf-te LSA refreshers to match recent API changePaul Jakma
* ospf_apiserver.{c,h}: (ospf_apiserver_lsa_refresher) refreshers must now return the refreshed LSA. * ospf_te.{c,h}: (ospf_mpls_te_lsa_refresh) ditto * ospf_api.c: trivial compiler warning fix
2011-03-22ospfd: Compile fix for opaque supportPaul Jakma
* ospfd: Refresher logic cleanup broke OSPF opaque, which does its own thing with regard to refresher logic and which also, in the protocol, requires implementations to keep state of which OI an LSA is received on (rather than providing information in the LSA to allow it to be looked up - as other LSAs requiring such assocation were careful to do). * ospf_lsa.h: (struct ospf_interface) Add back the pointer to oi, but only for type-9 now. * ospf_nsm.c: (ospf_db_summary_add) check the oi actually exists first - doesn't obviate the need for opaque to ensure oi pointers get cleaned up when ospf_interfaces disappear. * ospf_opaque.{c,h}: (ospf_opaque_functab,ospf_opaque_lsa_refresh) Refresher LSA functions now need to return the LSA to the general refresh logic, to indicate whether the LSA was refreshed.
2010-12-08ospfd: Remove oi field from LSA, have network_lsa_refresh look up when neededPaul Jakma
* ospf_lsa.h: (struct ospf_lsa) remove oi pointer * ospf_lsa.c: (ospf_network_lsa_refresh) instead of keeping a pointer, just lookup the oi when it's needed. This decouples network LSA from oi lifetime and avoids having to invalidate pointers in LSAs when an oi changes, simplifying the code.
2010-12-08ospfd: potential fix for router-id change assert on refresh cleanup patchPaul Jakma
* ospf_lsa.c: (various) unregister LSAs from refresher before flushing.
2010-12-08ospfd: Fix maxage/flush to not try flood twice, remember maxages for longerPaul Jakma
2006-05-30 Paul Jakma <paul.jakma@sun.com> * (general) Fix confusion around MaxAge-ing and problem with high-latency networks. Analysis and suggested fixes by Phillip Spagnolo, in [quagga-dev 4132], on which this commit expands slightly. * ospf_flood.{c,h}: (ospf_lsa_flush) new function. Scope-general form of existing flush functions, essentially the dormant ospf_maxage_flood() but without the ambiguity of whether it is responsible for flooding. * ospf_lsa.c: (ospf_lsa_maxage) Role minimised to simply setup LSA on the Maxage list and schedule removal - no more. ospf_lsa_flush* being the primary way to kick-off flushes of LSAs. Don't hardcode the remover-timer value, which was too short for very high-latency networks. (ospf_maxage_lsa_remover) Just do what needs to be done to remove maxage LSAs from the maxage list, remove the call to ospf_flood_through(). Don't hardcode remove-timer value. (ospf_lsa_{install,flush_schedule}) ospf_lsa_flush is the correct entrypoint to flushing maxaged LSAs. (lsa_header_set) Use a define for the initial age, useful for testing. * ospf_opaque.c: (ospf_opaque_lsa_refresh) ditto. (ospf_opaque_lsa_flush_schedule) ditto. * ospfd.h: ({struct ospf,ospf_new}) Add maxage_delay parameter, interval to wait before running the maxage_remover. Supply a suitable default. Add a define for OSPF_LSA_INITIAL_AGE, see lsa_header_set().
2010-12-08ospfd: Unify router and network LSA refresh logic with general refresherPaul Jakma
* (general) Get rid of the router and network LSA specific refresh timers and make the general refresher do this instead. Get rid of the twiddling of timers for router/network LSA that was spread across the code. This lays the foundations for future, general LSA refresh improvements, such as making sequence rollover work, and having generic LSA delays. * ospfd.h: (struct ospf) Bye bye to the router-lsa update timer thread pointer. (struct ospf_area) and to the router-lsa refresh timer. * ospf_interface.h: Remove the network_lsa_self timer thread pointer * ospf_lsa.h: (struct ospf_lsa) oi field should always be there, for benefit of type-2/network LSA processing. (ospf_{router,network}_lsa_{update_timer,timer_add}) no timers for these more (ospf_{router,network}_lsa_update) more generic functions to indicate that some router/network LSAs need updating (ospf_router_lsa_update_area) update router lsa in a particular area alone. (ospf_{summary,summary_asbr,network}_lsa_refresh) replaced by the general ospf_lsa_refresh function. (ospf_lsa_refresh) general LSA refresh function
2010-12-08ospfd: Remember network LSA sequence numbers across up/downs of an interfacePaul Jakma
* ospf_interface.h: (struct ospf_if_params) add field for saved network LSA seqnum * ospf_interfa.c: (ospf_new_if_params) init network_lsa_seqnum field to initial seqnum - doesnt matter though. * ospf_lsa.c: (ospf_network_lsa_new) check for any saved sequence number, and use if it exists. Save the result back. This should help avoid needless round of LSUpdate/LSRequests when a neighbour has to tell the originator "uhm, i have something newer than that already". * ospf_vty.c: (show_ip_ospf_interface_sub) Show the saved network LSA seqnum
2010-12-08ospfd: Prioritise hellos for sending by queueing to head of output bufferPaul Jakma
* It's possible for the packet output buffer to be filled up with a long series of non-Hello packets in between Hellos packets, such that the router's neighbours don't receive the Hello packet in time, even though the hello-timer ran at about the right time. Fix this by prioritising Hello packets, letting them skip the queue and go ahead of any packets already on the queue. This problem can occur when there are lots of LSAs and slow links. * ospf_packet.h: (ospf_hello_send_sub) not used outside of ospf_packet.c * ospf_packet.c: (ospf_fifo_push_head) add packet to head of fifo (so its no longer really a fifo, but hey) (ospf_packet_add_top) add packet to top of the packet output queue. (ospf_hello_send_sub) Put Hello's at the top of the packet output queue. make it take in_addr_t parameter, so that this ospf_hello_send can re-use this code too. (ospf_hello_send) consolidate code by using ospf_hello_send_sub (ospf_poll_send,ospf_hello_reply_timer) adjust for ospf_hello_send_sub.
2010-12-08ospfd: Reset neighbour inactivity timer for any packet arrivalPaul Jakma
* The hello protocol monitors connectivity in 2 different ways: a) local -> remote b) remote -> local Connectivity is required in both directions (2-way) for adjacencies to form. The first requires a round-trip to detect, and is done by advertising which other hosts a router knows about in its hello messages. This allows a host to detect which other routers are and are not receiving its message. If a remote neighbour delists the local router, then the local router raises a "1-Way Received" event. The latter is straight-forward, and is detected by setting a timer for the neighbour. If another Hello packet is not received within this time then the neighbour is dead, and a separate "Inactive" event is raised. These are 2 different and relatively independent measures. Knowing that we can optimise the 2nd, remote->local measure and reset the timer when /any/ packet arrives from that neighbour. For any packet is as good as a Hello packet. This can help in marginal situations, where the number of protocol messages that must be sent sometimes can exceed the capacity of the network to transmit the messages within the configured dead-time. I.e. an OSPF network with lots of LSAs, slow links and/or slow hosts (e.g. O(10k) LSAs, O(100kbit) links, embedded CPUs, and O(10s) dead-times). This optimisation allows an OSPF network to run closer to this margin, and/or allows networks to perhaps better cope with rare periods of exceptional load, where otherwise they would not. It's fully compatible with plain OSPF implementations and doesn't prejudice dead-neighbour detection. * ospf_nsm.h: Rename HelloReceived event to PacketReceived. * ospf_nsm.c: (nsm_hello_received) -> nsm_packet_received * ospf_packet.c: Schedule PacketReceived whenever a valid message is received.
2010-12-08ospfd: the maxage_lsa_remover should check whether it needs to yield the cpuPaul Jakma
2010-12-08ospfd: Fix various route_unlock discrepenciesPaul Jakma
* ospf_ase.c: (ospf_ase_calculate_route) Fix compiler warning about eval needing brackets. (various) add defensive asserts. * ospf_lsdb.c: (ospf_lsdb_add) add missing node unlock if same lsa already was indexed. (ospf_lsdb_delete) check it's actually the same as specified lsa before deleting (ospf_lsdb_lookup_by_id_next) fix another corner case - no result => don't go on.
2010-12-08ospfd: fix lsa_refresh_walker unlock before use bugPaul Jakma
* ospf_lsa.c: (ospf_lsa_refresh_walker) fix an "unlock before use" bug (various) add asserts for lsa refcounting.
2010-12-08ospfd: interface code should leave network_lsa_self alonePaul Jakma
* ospf_interface.c: (ospf_if_{new,cleanup}) don't touch the network_lsa_self, ISM and NSM take care of cleaning it up if needs be + we want to keep network_lsa_self around when possible for the the seqnum. This shouldn't really make much difference though, particularly as we have a separate sequence number memory mechanism.