| Age | Commit message (Collapse) | Author |
|---|
|
VU#229804 reports that, by injecting Router LSAs with the Advertising
Router ID different from the Link State ID, OSPF implementations can be
tricked into retaining and using invalid information.
Quagga is not vulnerable to this because it looks up Router LSAs by
(Router-ID, LS-ID) pair. The relevant code is in ospf_lsa.c l.3140.
Note the double "id" parameter at the end.
Still, we can provide an improvement here by discarding such malformed
LSAs and providing a warning to the administrator. While we cannot
prevent such malformed LSAs from entering the OSPF domain, we can
certainly try to limit their distribution.
cf. http://www.kb.cert.org/vuls/id/229804 for the vulnerability report.
This issue is a specification issue in the OSPF protocol that was
discovered by Dr. Gabi Nakibly.
Reported-by: CERT Coordination Center <cert@cert.org>
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
|
|
the OSPF API-server (exporting the LSDB and allowing announcement of
Opaque-LSAs) writes past the end of fixed on-stack buffers. This leads
to an exploitable stack overflow.
For this condition to occur, the following two conditions must be true:
- Quagga is configured with --enable-opaque-lsa
- ospfd is started with the "-a" command line option
If either of these does not hold, the relevant code is not executed and
the issue does not get triggered.
Since the issue occurs on receiving large LSAs (larger than 1488 bytes),
it is possible for this to happen during normal operation of a network.
In particular, if there is an OSPF router with a large number of
interfaces, the Router-LSA of that router may exceed 1488 bytes and
trigger this, leading to an ospfd crash.
For an attacker to exploit this, s/he must be able to inject valid LSAs
into the OSPF domain. Any best-practice protection measure (using
crypto authentication, restricting OSPF to internal interfaces, packet
filtering protocol 89, etc.) will prevent exploitation. On top of that,
remote (not on an OSPF-speaking network segment) attackers will have
difficulties bringing up the adjacency needed to inject a LSA.
This patch only performs minimal changes to remove the possibility of a
stack overrun. The OSPF API in general is quite ugly and needs a
rewrite.
Reported-by: Ricky Charlet <ricky.charlet@hp.com>
Cc: Florian Weimer <fweimer@redhat.com>
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
|
|
An ospf router should accept a new maxage LSA into its lsdb if it has any
neighbors in state Exchange or Loading. ospfd would however only account
for neighbors on the same interface which does not seem to be a valid
optimization.
Signed-off-by: Christian Franke <chris@opensourcerouting.org>
Signed-off-by: Joachim Nilsson <troglobit@gmail.com>
Signed-off-by: David Lamparter <equinox@diac24.net>
|
|
ospf_maxage_lsa_remover whould check whether to yield,
but run on anyway.
Signed-off-by: Christian Franke <chris@opensourcerouting.org>
Signed-off-by: Joachim Nilsson <troglobit@gmail.com>
Signed-off-by: David Lamparter <equinox@diac24.net>
|
|
commit c81ee5c... "ospfd: Optimize and improve SPF nexthop calculation"
subtly changed semantics of routes calculated over pointopoint links by
removing the nexthop IP address and instead using an ifindex route.
This breaks calculation of AS-Ext routes with a forwarding address since
in ospf_ase_complete_direct_routes() this will be hit:
if (op->nexthop.s_addr == 0)
op->nexthop.s_addr = nexthop.s_addr;
thus turning the route unusable by having an invalid nexthop.
Fix by restoring the nexthop IP on routes over PtP links. This also
allows running multi-access (Ethernet) interfaces in PtP mode again.
This bug is a regression against 0.99.21 and only present in 0.99.22.
Signed-off-by: Christian Franke <chris@opensourcerouting.org>
[patch description and code comments rewritten]
Acked-by: Joakim Tjernlund <Joakim.Tjernlund@transmode.se>
Acked-by: James Li <jli@cumulusnetworks.com>
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
|
|
If configured without opaque LSA support, the old code would incorrectly
associate type 5 LSAs with an area.
Signed-off-by: Christian Franke <chris@opensourcerouting.org>
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
|
|
Stop additional, unnecessary flooding of MaxAge LSAs.
When a MaxAge LSA is installed, if the LSA is prematurely aged or the LSA is
not self-originated, the LSA is flushed. This results in a the LSA being
flooded a second time and in some cases flooded back to the receiver
(unless the receiver is also the advertising router). A MaxAge'd LSA has
already been flooded in ospf_flood() as part of the LSA receive processing
(ospf_ls_upd). A self-originated LSA will be flooded from the originate/refresh
routine. Thus, in the install routine, a MaxAge'd LSA only needs to be added
to the MaxAge LSA list.
Signed-off-by: Dinesh G Dutt <ddutt@cumulusnetworks.com>
Signed-off-by: Scott Feldman <sfeldma@cumulusnetworks.com>
|
|
This fix is for Type-4 LS updates handling at a ABR router where
ospf daemon is not distributing Type-4 LS updates with correct LS-Age
after learning about a ASBR router in a ospf network. Because of this
Type-5 LS updates are not learnt in ospf network.
Testing Scenario:
This can be re-produced by restarting the ospfd daemon on DUT
(mentioned in figure below)before the Hello time interval expires
for area 0.0.0.1.
____ _______ ____ _________
| | area: 0.0.0.1 | | area: 0.0.0.0 | | area: 0.0.0.2 | |
| R1 |---------------------|DUT/ABR|---------------------| R2 |------------------| R3/ASBR |
|____| x.x.x.0/24 |_______| y.y.y.0/64 |____| z.z.z.0/24 |_________|
In the above setup when ospfd is restarted (imp:before the Hello interval
at R1 expires) and DUT learns about ASBR router R3 (Type-4) in the
network from R2, but this ls-update is not propagates in area
0.0.0.1. So R1 never comes to know about the ASBR router in the
network, so all the type-5 LS updates coming from R3 are not learnt
by R1. Further if we again restart ospfd daemon it starts working fine.
With the fix given this issue can be resolved.
More Discussion on this is available at:
http://www.gossamer-threads.com/lists/quagga/dev/23892
Signed-off-by: Scott Feldman <sfeldma@cumulusnetworks.com>
|
|
A set of patches to clarify some comments as well as cleanup code that was
causing warnings. After these patches, the code can be compiled with
-Wall -Wsign-compare -Wpointer-arith -Wbad-function-cast -Wwrite-strings
-Wmissing-prototypes -Wmissing-declarations -Wchar-subscripts -Wcast-qual
-Wextra -Wno-unused-parameter -Wno-missing-field-initializers
(what is current in trunk plus -Wextra -Wno-unused-parameter
-Wno-missing-field-initializers).
Signed-off-by: Scott Feldman <sfeldma@cumulusnetworks.com>
|
|
elsewhere
Signed-off-by: Scott Feldman <sfeldma@cumulusnetworks.com>
|
|
Since LEGAL_TE_INSTANCE_RANGE() was being passed an unsigned int, a warning
was being thrown due to the compare against >= 0. Since this macro was used
only in one place, I removed the macro for an explict compare against a
constant for the MAX.
Signed-off-by: Scott Feldman <sfeldma@cumulusnetworks.com>
|
|
Signed-off-by: Scott Feldman <sfeldma@cumulusnetworks.com>
|
|
In the original code, negative metrics would be converted successfully by
atoi() and then converted to an unsigned int that would always compare
successfully against >= 0, leaving a large positive metric in the route map.
Signed-off-by: Scott Feldman <sfeldma@cumulusnetworks.com>
|
|
Typo bug. ospf_nbr_nbma_poll_interval_set() was being sent priority instead
of interval.
Signed-off-by: Scott Feldman <sfeldma@cumulusnetworks.com>
|
|
Use the correct argument for the protocol lookup in
ospf distribute-list commands.
Signed-off-by: Christian Franke <chris@opensourcerouting.org>
Signed-off-by: Scott Feldman <sfeldma@cumulusnetworks.com>
|
|
The ospf_apiserver_enable flag was being cleared _after_ the "-a"
command-line option set it to 1. Move up the initialisation, so
enabling the OSPF API is actually possible.
Reported-by: Rosario Mattera <rosmattera@gmail.com>
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Signed-off-by: Scott Feldman <sfeldma@cumulusnetworks.com>
|
|
The OSPF RFC (2328) states that the network mask field of a type 4
LSA "is not meaningful and must be zero". OSPFD has been setting
the mask as /32. This patch changes OSPFD to set the mask to 0 per
the RFC
Signed-off-by: Scott Feldman <sfeldma@cumulusnetworks.com>
|
|
Reduce the log level for the MaxAge LSA reception when such an LSA does
not exist in the database.
Signed-off-by: Ayan Banerjee <ayan@cumulusnetworks.com>
Reviewed-by: Scott Feldman <sfeldma@cumulusnetworks.com>
Reviewed-by: Nolan Leake <nolan@cumulusnetworks.com>
Signed-off-by: Scott Feldman <sfeldma@cumulusnetworks.com>
|
|
Store the MaxAge LSA list in a tree instead of a linked list for efficient access.
Walking the list can be quite inefficient in some large systems and under certain tests.
ospfd maintains the list of LSA's that have been MaxAge'd out in a separate
linked list for removal by a remover/walker thread. When a new LSA is to be
installed, the old LSA is ejected and when it is ejected, the MaxAge LSA list
is traversed to ensure that the old LSA is also removed from this list if it
exists on this list.
When a large number (> 5K) MaxAge LSAs are bombarding the system, walking this
list takes a significant time causing timers to fire and actions to be taken
such as expiring neighbors due to expiry of DeadInterval (especially when timer
is really low, <= 12s), creating a spiral of instability.
By making this MaxAge LSA list be a tree, this problem is mitigated.
Signed-off-by: Dinesh Dutt <ddutt@cumulusnetworks.com>
Reviewed-by: Ayan Banerjee <ayan@cumulusnetworks.com>
Reviewed-by: Scott Feldman <sfeldma@cumulusnetworks.com>
Reviewed-by: Shrijeet Mukherjee <shm@cumulusnetworks.com>
Signed-off-by: Scott Feldman <sfeldma@cumulusnetworks.com>
|
|
In the event areas are created at a later point of time with respect
to the playback of the "max-metric router-lsa administrative" command,
those areas do not get into indefinite max-metric mode. This patch is
inteneded to store the configuration and apply it to all future areas
that may be created.
In the process, some other bugs that were there with respect to restart
etc are fixed up.
Tested locally to see that the fix works across multiple
areas and across multiple restarts.
Signed-off-by: Ayan Banerjee <ayan@cumulusnetworks.com>
Reviewed-by: Scott Feldman <sfeldma@cumulusnetworks.com>
Reviewed-by: JR Rivers <jrrivers@cumulusnetworks.com>
Signed-off-by: Scott Feldman <sfeldma@cumulusnetworks.com>
|
|
After a SPF run, OSPF deletes routes that have changed in terms of any
metric, type, and/or next-hops and re-adds them. Given that the Zebra-RIB
already support replacement semantics, we suppress deletes for routes
that will be added back again.
This has the following advantages. It reduces the number of IPC messages
between OSPF/Zebra. Also, in the current flow, a batch of route deletes
were followed by a batch of adds even for say a metric change.
With the change, routes are sent as "add" when they are modified. Zebra
already implicitly deletes older routes.
Signed-off-by: Ayan Banerjee <ayan@cumulusnetworks.com>
Reviewed-by: Scott Feldman <sfeldma@cumulusnetworks.com>
Reviewed-by: Dinesh Dutt <ddutt@cumulusnetworks.com>
Signed-off-by: Scott Feldman <sfeldma@cumulusnetworks.com>
|
|
* ospfd/ospf_apiserver.c: extra ; causing lookup to fail always
* ospfd/ospf_lsa.c: extra ; causing debug output even when disabled
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
|
|
Use the array_size() helper macro. Replaces several instances of local
macros with the same definition.
Reviewed-by: Scott Feldman <sfeldma@cumulusnetworks.com>
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
|
|
ISSUE
When max-metric router-lsa administrative is invoked on an ABR created with...
area <area> range <addr/mask>
the summary LSAs are sent out with 65535 (max-metric) added to the normal cost.
When max-metric router-lsa administrative is invoked on an ABR created with...
area <area> range <addr/mask> cost <cost>
the summary LSAs are sent out with <cost> (the max-metric is ignored). This
second behavior effectively incapacitates the max-metric function.
PATCH
This patch evaluates the state of the router and if it's isolated as a stub
router (rfc3137) via `max-metric router-lsa`, we unconditionally uses the
value of 0xff0000 when advertising summary LSAs.
Signed-off-by: JR Rivers <jrrivers@cumulusnetworks.com>
Signed-off-by: Scott Feldman <sfeldma@cumulusnetworks.com>
Reviewed-by: Ayan Banerjee <ayan@cumulusnetworks.com>
Reviewed-by: Dinesh Dutt <ddutt@cumulusnetworks.com>
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
|
|
When a range (or sub-range) is deleted, the area is notified by propagating a
MAXAGE LSA. This LSA stays in the database for a while to both insure
propagation as well as in the off chance that it's useful in the near future.
Unfortunately, the ABR algorithm was treating these MAXAGE LSAs as unchanged and
not propagating them within the areas.
Signed-off-by: JR Rivers <jrrivers@cumulusnetworks.com>
Signed-off-by: Scott Feldman <sfeldma@cumulusnetworks.com>
Reviewed-by: Dinesh Dutt <ddutt@cumulusnetworks.com>
Reviewed-by: Shrijeet Mukherjee <shm@cumulusnetworks.com>
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
|
|
ISSUE
When an area range is created in which there the sub-area has routes that are
smaller than the range, an ABR creates a blackhole route to cover the range.
When the range is removed, the blackhole route is not removed.
--A----B----C---
B is an ABR with A in area 1 and C in area 0. If A advertises `10.2.0.0/30` and
`10.2.0.4/30` and B is configured with `area 0.0.0.1 range 10.2.0.0/29` a
blackhole is created on B (`blackhole 10.2.0.0/29 proto zebra`). When the
area/range is removed via the command line, the blackhole remains in existence
even though the "range" route is removed from area 0 and the individual routes
are propagated.
PATCH
The reason for this behavior is that, prior to this patch, the range is deleted
from the area's list, so when ospf_abr_manage_discard_routes() gets called,
there is nothing to clean up. The patch removes the discard route as part of
the processing of the command line (ospf_area_range_unset()).
Signed-off-by: JR Rivers <jrrivers@cumulusnetworks.com>
Signed-off-by: Scott Feldman <sfeldma@cumulusnetworks.com>
Reviewed-by: Shrijeet Mukherjee <shm@cumulusnetworks.com>
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
|
|
OVERVIEW
The checksum used in OSPF (rfc2328) is specified in rc905 annex B. There is an
sample implementation in rfc1008 which forms the basis of the quagga
implementation. This algorithm works perfectly when generating a checksum;
however, validation is a bit problematic.
The following LSA (generated by a non-quagga implementation) is received by
quagga and marked with an invalid checksum; however, it passes both the rfc905
and rfc1008 validation checks.
static uint8_t lsa_10_121_233_29[] = {
0x0e, 0x10, 0x02, 0x03,
0x09, 0x00, 0x35, 0x40,
0x0a, 0x79, 0xe9, 0x1d,
0x80, 0x00, 0x00, 0x03,
0x00, 0x8a, 0x00, 0x1c,
0xff, 0xff, 0xff, 0xe0,
0x00, 0x00, 0x36, 0xb0
};
LS Type: Summary-LSA (IP network)
LS Age: 3600 seconds
Do Not Age: False
Options: 0x02 (E)
Link-State Advertisement Type: Summary-LSA (IP network) (3)
Link State ID: 9.0.53.64
Advertising Router: 10.121.233.29 (10.121.233.29)
LS Sequence Number: 0x80000003
LS Checksum: 0x008a
Length: 28
Netmask: 255.255.255.224
Metric: 14000
You'll note that one byte of the checksum is 0x00; quagga would calculate the
checksum as 0xff8a.
It can be argued that the sourcing implementation generates an incorrect
checksum; however, rfc905 indicates that, for 1's complement arithmetic, the
value 255 shall be regarded as 0, thus either values are valid.
EXPLANATION
The quagga ospfd and ospf6d implementations operate by copying the PDU's
existing checksum in a holding variable, calculating the checksum, and comparing
the resulting checksum to the original. As a note, this implementation has the
side effect of modifying the contents of the PDU.
Evaluation of both rfc905 and rfc1008 shows that checksum validation should
involve calculating the sum over the PDU and checking that both resulting C0 and
C1 values are zero. This behavior is enacted in the rfc1008 implementation by
calling encodecc with k = 0 (checksum offset); however, this functionality had
been omitted from the quagga implementation.
PATCH
This patch adds the ability to call the quagga's fletcher_checksum() with a
checksum offset value of 0xffff (aka FLETCHER_CHECKSUM_VALIDATE) which returns
the sum over the buffer (a value of 0 indicates a valid checksum). This is
similar to the mechanism in rfc1008 when called with k = 0. The patch also
introduces ospf_lsa_checksum_valid().
ospf6d had it's own implementation of the fletcher checksum in
ospf6_lsa_checksum(); it's the same algorithm as in fletcher_checksum(). This
patch removes the local implementation in favor of the library's as well as creates
and uses ospf6_lsa_checksum_valid().
quagga's ISIS implementation suffers from the same problem; however, I do not
have the facilities to validate a fix to ISIS, thus this change has been left to
the ISIS maintainers. The function iso_csum_verify() should be reduced to
running the fletcher checksum over the buffer using an offset of 0.
Signed-off-by: JR Rivers <jrrivers@cumulusnetworks.com>
Reviewed-by: Scott Feldman <sfeldma@cumulusnetworks.com>
Reviewed-by: Nolan Leake <nolan@cumulusnetworks.com>
Reviewed-by: Ayan Banerjee <ayan@cumulusnetworks.com>
Reviewed-by: Shrijeet Mukherjee <shm@cumulusnetworks.com>
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
|
|
This reverts commit 9289c6ff55cd96c943d23e43fc9e5f987aa965ed.
The commit reverted an earlier change which was fixed a bug that caused
black-holes to remote destinations with multiple paths, that could occur
during convergence. Overall, the previous code is more correct.
|
|
This corrects the parameters passed to libtool when linking
the shared libraries. The paramter name is -version-info not
-version.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
|
|
The patch in bug 330 did two things. It add a return value
whether ospf_nexthop_calculation() failed or not and also
moved the return stmt for 16.1.1 para 5 so now SPF
will fallback to the intervening router when no back links are found
by 16.1.1 para 5. This is wrong and can potentially create black holes
or routing loops according to Dave Katz and Acee Lindem at ospf@ietf.org
Even if the current code could be proved to be harmless in all cases,
it adds substantial extra processing and memory allocations.
Signed-off-by: Joakim Tjernlund <Joakim.Tjernlund@transmode.se>
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
|
|
OSPF really needs to specify interface in its routes. Otherwise
ospf may change the wrong route.
Signed-off-by: Joakim Tjernlund <Joakim.Tjernlund@transmode.se>
[fixed up some whitespace errors, split patch in two]
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
|
|
This is better than a prefix lookup as prefixes may not be
unique, that is, the same prefix can exist on several interfaces.
Signed-off-by: Joakim Tjernlund <Joakim.Tjernlund@transmode.se>
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
|
|
Maintain router LSA positions in OSPF interface.
Find the OSPF interface in nexthop_calculation using
the position in the router LSA. This is possible because
the only time nexthop_calculation needs to look up interfaces
is when dealing with its own Router LSA.
This has the following advantages:
- Multiple PtP interfaces with the same IP address between two routers.
- Use Unnumbered PtP on just one end of the link.
- Faster OI lookup for the OSPF interface and only
done once for PtoP links.
*ospf_interface.h: (struct ospf_interface) Add storage for
storing router LSA position.
*ospf_interface.c: (ospf_if_lookup_by_lsa_pos)
lookup OSPF I/F in an area using LSA position.
*ospf_lsa.c: (router_lsa_link_set) record Router LSA position.
*ospf_spf.c: (ospf_spf_next) Count and pass along lsa position.
(ospf_nexthop_calculation) Add lsa position argument.
call ospf_if_lookup_by_lsa_pos() for OSFP interface handle.
Clean up and remove all calls ospf_if_is_configured() the
rest. Adjust a few debug logs.
Signed-off-by: Joakim Tjernlund <Joakim.Tjernlund@transmode.se>
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
|
|
This was found in scale testing at OSR; ospfd is adding the same link
over and over again to the SPF tree. This fix prevents the resulting
memory corruption from happening and adds a debug message to track
occurence of this issue and/or confirm a proper fix.
(This version was improved by Scott Feldman over the earlier RFC.)
* ospfd/ospf_spf.c: (ospf_spf_add_parent) loop over existing vertices
and refuse to add duplicates.
Tested-by: Martin Winter <mwinter@opensourcerouting.org>
Signed-off-by: Scott Feldman <sfeldma@cumulusnetworks.com>
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
|
|
Most table handlers do not expect to be given an OID whose prefix is
outside what they can handle. This is not a problem with the SMUX
implementation since it always correct the OID such that the prefix
matches. However, this is not the case for the AgentX
implementation. A new function, smux_header_table() is used to do this
normalization.
|
|
smux_trap() signature has been changed to provide appropriate level
information to send SNMPv2 notifications. This includes the addition
of the enterprise OID to use (from which is derived the SNMP trap OID)
and the MIB registry to locate the appropriate function for variable
bindings provided by the trap.
The SMUX implementation has been updated but ignore the provided
enterprise OID. Instead, it still uses the SMUX peer OID to keep
compatibility with previous versions of Quagga. The SMUX
implementation also ignores the provided MIB registry since it uses
smux_get() function to grab the appropriate values. This is not
possible with the AgentX implementation since there is no such
function provided by NetSNMP.
|
|
This element was not unused.
|
|
smux_trap() contains an argument whose use appears to be to set
sysUpTime.0/timestamp field in SNMP trap. However, this value is not
used in smux_trap(). Moreover, it is expected that this field is the
value of sysUpTime.0 when the trap was sent and not any other time
related to the trap. To avoid any confusion, we remove this field from
the signature of the function.
|
|
The correct method to link to NetSNMP is to use net-snmp-config (which
is like pkg-config). Explicit link to libcrypto is also dropped
(NetSNMP libs are linked to libcrypto, no need to link Quagga to
it). Moreover, @SNMP_INCLUDES@ is dropped because useless. Due to a
bug in configure.ac, it was properly populated.
|
|
NetSNMP is the only SNMP implementation for Quagga. We don't need two
different symbols.
|
|
Some .h files in lib/ are autogenerated. The search path should
include the build directory and the source directory. They usually
match but sometimes, they may be different. For example:
$ mkdir build
$ cd build
$ ../configure
$ make
|
|
- And allows to walk the LSDB.
Signed-off-by: Jorge Boncompte [DTI2] <jorge@dti2.net>
|
|
|
|
Protocol version checks fits ospf_packet_examin() better (like it is
implemented in ospf6d), and packet type check is already there.
|
|
The old ospf_check_auth() function did two different jobs depending on
AuType. For Null and Simple cases it actually authenticated the packet,
but for Cryptographic case it only checked declared packet size (not
taking the actual number of bytes on wire into account). The calling
function, ospf_verify_header(), had its own set of MD5/checksum checks
dispatched depending on AuType.
This commit makes the packet size check work against the real number of
bytes and moves it to ospf_packet_examine(). All MD5/checksum
verification is now performed in ospf_check_auth() function.
* ospf_packet.c
* ospf_packet_examin(): check length with MD5 bytes in mind
* ospf_verify_header(): remove all AuType-specific code
* ospf_check_auth(): completely rewrite
|
|
|
|
An OSPFv2 packet with trailing data blocks (authentication and/or
link-local signaling) failed the recently implemented packet length
check, because trailing data length isn't counted in the packet header
"length" field. This commit fixes respective check conditions.
* ospf_packet.c
* ospf_packet_examin(): use "bytesdeclared" instead of "bytesonwire"
|
|
This commit ports more packet checks to OSPFv2, in particular, LSA size
verification and Router-LSA link blocks verification.
* ospf_lsa.h: add LSA size macros
* ospf_packet.h: add struct ospf_ls_update
* ospf_packet.c
* ospf_lsa_minlen[]: a direct equivalent of ospf6_lsa_minlen[]
* ospf_router_lsa_links_examin(): new function, verifies trailing
part of a Router-LSA
* ospf_lsa_examin(): new function like ospf6_lsa_examin()
* ospf_lsaseq_examin(): new function like ospf6_lsaseq_examin()
* ospf_packet_examin(): add type-specific deeper level checks
|
|
Rewrite some pointer arithmetics without the additional variables and
move byte order conversion inside the function.
|
|
1. The only purpose of "ibuf" argument was to get stream size, which
was always equal to OSPF_MAX_PACKET_SIZE + 1, exactly as initialized
in ospf_new().
2. Fix the packet size check condition, which was incorrect for very
large packets, at least in theory.
|
