summaryrefslogtreecommitdiff
path: root/ospfd
AgeCommit message (Collapse)Author
2012-10-25lib: improve fletcher checksum validationJR Rivers
OVERVIEW The checksum used in OSPF (rfc2328) is specified in rc905 annex B. There is an sample implementation in rfc1008 which forms the basis of the quagga implementation. This algorithm works perfectly when generating a checksum; however, validation is a bit problematic. The following LSA (generated by a non-quagga implementation) is received by quagga and marked with an invalid checksum; however, it passes both the rfc905 and rfc1008 validation checks. static uint8_t lsa_10_121_233_29[] = { 0x0e, 0x10, 0x02, 0x03, 0x09, 0x00, 0x35, 0x40, 0x0a, 0x79, 0xe9, 0x1d, 0x80, 0x00, 0x00, 0x03, 0x00, 0x8a, 0x00, 0x1c, 0xff, 0xff, 0xff, 0xe0, 0x00, 0x00, 0x36, 0xb0 }; LS Type: Summary-LSA (IP network) LS Age: 3600 seconds Do Not Age: False Options: 0x02 (E) Link-State Advertisement Type: Summary-LSA (IP network) (3) Link State ID: 9.0.53.64 Advertising Router: 10.121.233.29 (10.121.233.29) LS Sequence Number: 0x80000003 LS Checksum: 0x008a Length: 28 Netmask: 255.255.255.224 Metric: 14000 You'll note that one byte of the checksum is 0x00; quagga would calculate the checksum as 0xff8a. It can be argued that the sourcing implementation generates an incorrect checksum; however, rfc905 indicates that, for 1's complement arithmetic, the value 255 shall be regarded as 0, thus either values are valid. EXPLANATION The quagga ospfd and ospf6d implementations operate by copying the PDU's existing checksum in a holding variable, calculating the checksum, and comparing the resulting checksum to the original. As a note, this implementation has the side effect of modifying the contents of the PDU. Evaluation of both rfc905 and rfc1008 shows that checksum validation should involve calculating the sum over the PDU and checking that both resulting C0 and C1 values are zero. This behavior is enacted in the rfc1008 implementation by calling encodecc with k = 0 (checksum offset); however, this functionality had been omitted from the quagga implementation. PATCH This patch adds the ability to call the quagga's fletcher_checksum() with a checksum offset value of 0xffff (aka FLETCHER_CHECKSUM_VALIDATE) which returns the sum over the buffer (a value of 0 indicates a valid checksum). This is similar to the mechanism in rfc1008 when called with k = 0. The patch also introduces ospf_lsa_checksum_valid(). ospf6d had it's own implementation of the fletcher checksum in ospf6_lsa_checksum(); it's the same algorithm as in fletcher_checksum(). This patch removes the local implementation in favor of the library's as well as creates and uses ospf6_lsa_checksum_valid(). quagga's ISIS implementation suffers from the same problem; however, I do not have the facilities to validate a fix to ISIS, thus this change has been left to the ISIS maintainers. The function iso_csum_verify() should be reduced to running the fletcher checksum over the buffer using an offset of 0. Signed-off-by: JR Rivers <jrrivers@cumulusnetworks.com> Reviewed-by: Scott Feldman <sfeldma@cumulusnetworks.com> Reviewed-by: Nolan Leake <nolan@cumulusnetworks.com> Reviewed-by: Ayan Banerjee <ayan@cumulusnetworks.com> Reviewed-by: Shrijeet Mukherjee <shm@cumulusnetworks.com> Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
2012-10-19Revert "ospfd: Do not fall back to intervening router."Paul Jakma
This reverts commit 9289c6ff55cd96c943d23e43fc9e5f987aa965ed. The commit reverted an earlier change which was fixed a bug that caused black-holes to remote destinations with multiple paths, that could occur during convergence. Overall, the previous code is more correct.
2012-09-25build: correct libtool parameter used within MakefilesBrad Smith
This corrects the parameters passed to libtool when linking the shared libraries. The paramter name is -version-info not -version. Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
2012-07-25ospfd: Do not fall back to intervening router.Joakim Tjernlund
The patch in bug 330 did two things. It add a return value whether ospf_nexthop_calculation() failed or not and also moved the return stmt for 16.1.1 para 5 so now SPF will fallback to the intervening router when no back links are found by 16.1.1 para 5. This is wrong and can potentially create black holes or routing loops according to Dave Katz and Acee Lindem at ospf@ietf.org Even if the current code could be proved to be harmless in all cases, it adds substantial extra processing and memory allocations. Signed-off-by: Joakim Tjernlund <Joakim.Tjernlund@transmode.se> Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
2012-07-25ospfd: use ZEBRA_NEXTHOP_IPV4_IFINDEXJoakim Tjernlund
OSPF really needs to specify interface in its routes. Otherwise ospf may change the wrong route. Signed-off-by: Joakim Tjernlund <Joakim.Tjernlund@transmode.se> [fixed up some whitespace errors, split patch in two] Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
2012-07-25ospf_spf_process_stubs: use LSA pos to find OSFP interfaceJoakim Tjernlund
This is better than a prefix lookup as prefixes may not be unique, that is, the same prefix can exist on several interfaces. Signed-off-by: Joakim Tjernlund <Joakim.Tjernlund@transmode.se> Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
2012-07-25ospfd: Optimize and improve SPF nexthop calculationJoakim Tjernlund
Maintain router LSA positions in OSPF interface. Find the OSPF interface in nexthop_calculation using the position in the router LSA. This is possible because the only time nexthop_calculation needs to look up interfaces is when dealing with its own Router LSA. This has the following advantages: - Multiple PtP interfaces with the same IP address between two routers. - Use Unnumbered PtP on just one end of the link. - Faster OI lookup for the OSPF interface and only done once for PtoP links. *ospf_interface.h: (struct ospf_interface) Add storage for storing router LSA position. *ospf_interface.c: (ospf_if_lookup_by_lsa_pos) lookup OSPF I/F in an area using LSA position. *ospf_lsa.c: (router_lsa_link_set) record Router LSA position. *ospf_spf.c: (ospf_spf_next) Count and pass along lsa position. (ospf_nexthop_calculation) Add lsa position argument. call ospf_if_lookup_by_lsa_pos() for OSFP interface handle. Clean up and remove all calls ospf_if_is_configured() the rest. Adjust a few debug logs. Signed-off-by: Joakim Tjernlund <Joakim.Tjernlund@transmode.se> Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
2012-07-25ospfd: avoid exhausting memory with OSPF vertices (BZ#476)David Lamparter
This was found in scale testing at OSR; ospfd is adding the same link over and over again to the SPF tree. This fix prevents the resulting memory corruption from happening and adds a debug message to track occurence of this issue and/or confirm a proper fix. (This version was improved by Scott Feldman over the earlier RFC.) * ospfd/ospf_spf.c: (ospf_spf_add_parent) loop over existing vertices and refuse to add duplicates. Tested-by: Martin Winter <mwinter@opensourcerouting.org> Signed-off-by: Scott Feldman <sfeldma@cumulusnetworks.com> Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
2012-06-25snmp: let handlers accept OID from a lesser prefixVincent Bernat
Most table handlers do not expect to be given an OID whose prefix is outside what they can handle. This is not a problem with the SMUX implementation since it always correct the OID such that the prefix matches. However, this is not the case for the AgentX implementation. A new function, smux_header_table() is used to do this normalization.
2012-06-25agentx: handle SNMP trapsVincent Bernat
smux_trap() signature has been changed to provide appropriate level information to send SNMPv2 notifications. This includes the addition of the enterprise OID to use (from which is derived the SNMP trap OID) and the MIB registry to locate the appropriate function for variable bindings provided by the trap. The SMUX implementation has been updated but ignore the provided enterprise OID. Instead, it still uses the SMUX peer OID to keep compatibility with previous versions of Quagga. The SMUX implementation also ignores the provided MIB registry since it uses smux_get() function to grab the appropriate values. This is not possible with the AgentX implementation since there is no such function provided by NetSNMP.
2012-06-25smux: drop findVar element from trap object structVincent Bernat
This element was not unused.
2012-06-25smux: remove `tick` argument from smux_trap()Vincent Bernat
smux_trap() contains an argument whose use appears to be to set sysUpTime.0/timestamp field in SNMP trap. However, this value is not used in smux_trap(). Moreover, it is expected that this field is the value of sysUpTime.0 when the trap was sent and not any other time related to the trap. To avoid any confusion, we remove this field from the signature of the function.
2012-06-25build: use net-snmp-config to configure NetSNMPVincent Bernat
The correct method to link to NetSNMP is to use net-snmp-config (which is like pkg-config). Explicit link to libcrypto is also dropped (NetSNMP libs are linked to libcrypto, no need to link Quagga to it). Moreover, @SNMP_INCLUDES@ is dropped because useless. Due to a bug in configure.ac, it was properly populated.
2012-06-25build: only define HAVE_SNMPVincent Bernat
NetSNMP is the only SNMP implementation for Quagga. We don't need two different symbols.
2012-06-25build: allow configure and build in a separate directoryVincent Bernat
Some .h files in lib/ are autogenerated. The search path should include the build directory and the source directory. They usually match but sometimes, they may be different. For example: $ mkdir build $ cd build $ ../configure $ make
2012-04-16ospfd: Fixes a crash of the daemon with a snmp walkJorge Boncompte [DTI2]
- And allows to walk the LSDB. Signed-off-by: Jorge Boncompte [DTI2] <jorge@dti2.net>
2012-04-11ospfd: adjust OSPF_ROUTER_LSA_MIN_SIZE for VL caseDenis Ovsienko
2012-03-12ospfd: reduce ospf_verify_header()Denis Ovsienko
Protocol version checks fits ospf_packet_examin() better (like it is implemented in ospf6d), and packet type check is already there.
2012-03-12ospfd: bring ospf_check_auth() into focusDenis Ovsienko
The old ospf_check_auth() function did two different jobs depending on AuType. For Null and Simple cases it actually authenticated the packet, but for Cryptographic case it only checked declared packet size (not taking the actual number of bytes on wire into account). The calling function, ospf_verify_header(), had its own set of MD5/checksum checks dispatched depending on AuType. This commit makes the packet size check work against the real number of bytes and moves it to ospf_packet_examine(). All MD5/checksum verification is now performed in ospf_check_auth() function. * ospf_packet.c * ospf_packet_examin(): check length with MD5 bytes in mind * ospf_verify_header(): remove all AuType-specific code * ospf_check_auth(): completely rewrite
2012-03-12ospfd: introduce ospf_auth_type_str[]Denis Ovsienko
2012-03-12ospfd: fix packet length check for auth/LLS casesDenis Ovsienko
An OSPFv2 packet with trailing data blocks (authentication and/or link-local signaling) failed the recently implemented packet length check, because trailing data length isn't counted in the packet header "length" field. This commit fixes respective check conditions. * ospf_packet.c * ospf_packet_examin(): use "bytesdeclared" instead of "bytesonwire"
2012-03-12ospfd: introduce ospf_lsa_minlen[] (BZ#705)Denis Ovsienko
This commit ports more packet checks to OSPFv2, in particular, LSA size verification and Router-LSA link blocks verification. * ospf_lsa.h: add LSA size macros * ospf_packet.h: add struct ospf_ls_update * ospf_packet.c * ospf_lsa_minlen[]: a direct equivalent of ospf6_lsa_minlen[] * ospf_router_lsa_links_examin(): new function, verifies trailing part of a Router-LSA * ospf_lsa_examin(): new function like ospf6_lsa_examin() * ospf_lsaseq_examin(): new function like ospf6_lsaseq_examin() * ospf_packet_examin(): add type-specific deeper level checks
2012-03-12ospfd: review ospf_check_md5_digest()Denis Ovsienko
Rewrite some pointer arithmetics without the additional variables and move byte order conversion inside the function.
2012-03-12ospfd: review ospf_check_auth()Denis Ovsienko
1. The only purpose of "ibuf" argument was to get stream size, which was always equal to OSPF_MAX_PACKET_SIZE + 1, exactly as initialized in ospf_new(). 2. Fix the packet size check condition, which was incorrect for very large packets, at least in theory.
2012-03-12ospfd: introduce ospf_packet_minlen[] (BZ#705)Denis Ovsienko
This commit ports some of the OSPFv3 packet reception checks to OSPFv2. * ospf_packet.c * ospf_packet_minlen[]: a direct equivalent of ospf6_packet_minlen[] * ospf_packet_examin(): new function designed after the first part of ospf6_packet_examin() * ospf_read(): verify received packet with ospf_packet_examin() * ospf_packet.h: add convenience macros
2012-03-12ospfd: fix ospf_packet_add_top() to use LOOKUP()Denis Ovsienko
2012-03-12ospfd: use LOOKUP() for ospf_packet_type_strDenis Ovsienko
* ospf_packet.h: add proper str/max extern declarations * ospf_packet.c * ospf_packet_type_str: rewrite in "struct message", add max value * ospf_packet_add(): use LOOKUP() * ospf_write(): ditto * ospf_hello(): ditto * ospf_read(): ditto * ospf_dump.h: the declaration does not belong here * ospf_dump.c * ospf_header_dump(): use LOOKUP() * show_debugging_ospf(): ditto
2012-01-23fix zebra protocol after MP-BGP changesDenis Ovsienko
The previous commits modified both zebra and bgpd for additional SAFI field, but not any other routing daemon, which led to zebra daemon crashing with failed assertion.
2012-01-08ospfd: use IS_LSA_SELF() where appropriateDenis Ovsienko
2012-01-08ospfd: justify ospf_default_originate_timer()Denis Ovsienko
The function is implemented in ospf_lsa.c, move its "extern" declaration to ospf_lsa.h for consistency.
2012-01-08ospfd: address more trivial compiler warningsDenis Ovsienko
* ospf_ase.c * ospf_ase_complete_direct_routes(): dismiss unused variable
2012-01-06general: remove inline qualifiers and move in-header functions to objectsPaul Jakma
* (general) Move functions in headers into files, to be compiled into shared object files. Remove inline qualifier from functions. Let the compiler do the work.
2012-01-02lib: fix some strtoul() use casesUlrich Weber
...otherwise 4294967295 is not a valid value on 32bit systems
2012-01-02ospfd: fix bug in NSSA ABR status checkDenis Ovsienko
* ospf_abr.c * ospf_abr_nssa_am_elected(): feed "best" instead of "address of best" into IPV4_ADDR_CMP(), because "best" is a pointer; also, mean s_addr field of the structures to get better typed pointers
2012-01-02ospfd: fix packet reception for FreeBSD 10.Dmitrij Tejblum
* ospf_packet.c (ospf_recv_packet): FreeBSD, starting from version 10, will not subtract the IP header size from ip_len. This is the patch from FreeBSD's ports/net/quagga/files/patch-ospfd__ospf_packet.c, by Boris Kovalenko.
2011-12-21ospfd: more info in LSA checksum warning (BZ#685)Jaroslav Fojtik
2011-12-13lib: put route_types.txt to real useDavid Lamparter
this replaces most occurences of routing protocol lists by preprocessor defines from route_types.h. the latter is autogenerated from route_types.txt by a perl script (previously awk). adding a routing protocol now is mostly a matter of changing route_types.txt and log.c. Conflicts: lib/route_types.awk
2011-12-13build: delete .cvsignore filesDenis Ovsienko
2011-12-13ospfd: spellingDenis Ovsienko
2011-12-13quagga: option "-z" ("--socket <path>") addedVyacheslav Trushkin
All daemons modified to support custom path to zserv socket. lib: generalize a zclient connection zclient_socket_connect added. zclient_socket and zclient_socket_un were hidden under static expression. "zclient_serv_path_set" modified.
2011-12-07ospfd: remove unused codeStephen Hemminger
The code for nssa_range and other bits that were written but never used.
2011-12-06ospfd: avoid redundant lookup in ospf_redistribute_withdrawStephen Hemminger
The old algorithim looked up every node twice as it withdrew the entry. It looks up entry once in redistribute_withdraw, then looks it up again info_delete. Use result of first lookup to do the free directly. This may explain the slow performance observed in https://bugzilla.vyatta.com/show_bug.cgi?id=4421
2011-11-15ospfd: improve fix to CVE-2011-3326 (BZ#586)Thomas Ries
Make ospf_flood() propagate error returned by ospf_lsa_install() further to properly discard the malformed LSA, not just prevent the immediate crash.
2011-09-29ospfd: fix regression in recent commitYAMAMOTO Shigeru
commit '717750433839762d23a5f8d88fe0b4d57c8d490a' causes SEGV error, when 'oi = ospf_if_lookup_recv_if (ospf, iph->ip_src, ifp);' returns NULL. * ospf_packet.c * ospf_read(): change a place of calling 'ospf_verify_header()'
2011-09-27ospfd: remove unused macroDenis Ovsienko
2011-09-27ospfd: spellingDenis Ovsienko
2011-09-27ospfd: use existing macro for consistencyDenis Ovsienko
2011-09-27ospfd: sizing macros cleanupDenis Ovsienko
* ospf_spf.c * ROUTER_LSA_TOS_SIZE: prepend OSPF_ and move to ospf_lsa.h * ROUTER_LSA_MIN_SIZE: replace with existing OSPF_ROUTER_LSA_LINK_SIZE
2011-09-27lib: simplify interface of setsockopt_multicast_ipv4().Dmitrij Tejblum
* sockopt.[ch] (setsockopt_ipv4_multicast): ifindex is now mandatory (all non-ancient OSes can use it anyway), and if_addr parameter (the address of the interface) is now gone. (setsockopt_ipv4_multicast_if): IP_MULTICAST_IF processing moved to this new function * ospf_network.c (ospf_if_add_allspfrouters, ospf_if_drop_allspfrouters, ospf_if_add_alldrouters, ospf_if_drop_alldrouters, ospf_if_ipmulticast), rip_interface.c (ipv4_multicast_join, ipv4_multicast_leave, rip_interface_new): adapt to the new interface
2011-09-27ospfd: remove useless RFC1583 checkAlexandre Chappuis
* ospf_route.c: Function ospf_asbr_route_cmp is called uniquely from ospf_route_cmp() when the flag OSPF_RFC1583_COMPATIBLE is not set. Therefore, the check that the flag is set doesn't make sense at all and it can consequently be removed without doing any harm. Signed-off-by: Alexandre Chappuis <alc@open.ch> Signed-off-by: Roman Hoog Antink <rha@open.ch>