From 18b4f2082c30586890596988086fbc3e15336526 Mon Sep 17 00:00:00 2001 From: "Ondrej Zajicek (work)" Date: Tue, 29 May 2018 14:23:14 +0200 Subject: [PATCH 1/3] OSPF: Fix invalid NSSA RFC references --- proto/ospf/rt.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/proto/ospf/rt.c b/proto/ospf/rt.c index c0fe218a..b4f9b067 100644 --- a/proto/ospf/rt.c +++ b/proto/ospf/rt.c @@ -108,7 +108,7 @@ orta_pref(const orta *nf) static int orta_prio(const orta *nf) { - /* RFC 3103 2.5 (6e) priorities */ + /* RFC 3101 2.5 (6e) priorities */ u32 opts = nf->options & (ORTA_NSSA | ORTA_PROP); /* A Type-7 LSA with the P-bit set */ @@ -217,7 +217,7 @@ orta_compare_asbr(const struct ospf_proto *p, const orta *new, const orta *old) /* * Compare a routing table entry with a new one, for AS external routes - * (RFC 2328 16.4) and NSSA routes (RFC 3103 2.5), Returns integer <, = or > + * (RFC 2328 16.4) and NSSA routes (RFC 3101 2.5), Returns integer <, = or > * than 0 if the new orta is less, equal or more preferred than the old orta. */ static int @@ -1078,7 +1078,7 @@ decide_nssa_lsa(struct ospf_proto *p, ort *nf, struct ospf_lsa_ext_local *rt) return 1; } -/* RFC 3103 3.2 - translating Type-7 LSAs into Type-5 LSAs */ +/* RFC 3101 3.2 - translating Type-7 LSAs into Type-5 LSAs */ static inline void check_nssa_lsa(struct ospf_proto *p, ort *nf) { @@ -1101,12 +1101,12 @@ check_nssa_lsa(struct ospf_proto *p, ort *nf) } } - /* RFC 3103 3.2 (3) - originate the aggregated address range */ + /* RFC 3101 3.2 (3) - originate the aggregated address range */ if (anet && anet->active && !anet->hidden && oa->translate) ospf_originate_ext_lsa(p, NULL, nf, LSA_M_RTCALC, anet->metric, (anet->metric & LSA_EXT3_EBIT), IPA_NONE, anet->tag, 0); - /* RFC 3103 3.2 (2) - originate the same network */ + /* RFC 3101 3.2 (2) - originate the same network */ else if (decide_nssa_lsa(p, nf, &rt)) ospf_originate_ext_lsa(p, NULL, nf, LSA_M_RTCALC, rt.metric, rt.ebit, rt.fwaddr, rt.tag, 0); } @@ -1284,7 +1284,7 @@ ospf_rt_abr2(struct ospf_proto *p) struct ospf_area *oa; struct top_hash_entry *en; - /* RFC 3103 3.1 - type-7 translator election */ + /* RFC 3101 3.1 - type-7 translator election */ struct ospf_area *bb = p->backbone; WALK_LIST(oa, p->area_list) if (oa_is_nssa(oa)) From 9c9050ff12c52762708dadda78a05108a5b533b2 Mon Sep 17 00:00:00 2001 From: "Ondrej Zajicek (work)" Date: Wed, 13 Jun 2018 14:47:37 +0200 Subject: [PATCH 2/3] BGP: Handle missing NEXT_HOP attribute properly RFC 7606 specifies handle-as-withdraw instead of session reset. --- proto/bgp/attrs.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/proto/bgp/attrs.c b/proto/bgp/attrs.c index 9003feb2..d7a4e692 100644 --- a/proto/bgp/attrs.c +++ b/proto/bgp/attrs.c @@ -1109,6 +1109,9 @@ bgp_decode_attrs(struct bgp_parse_state *s, byte *data, uint len) if (!BIT32_TEST(s->attrs_seen, BA_AS_PATH)) { REPORT(NO_MANDATORY, "AS_PATH"); goto withdraw; } + if (s->ip_reach_len && !BIT32_TEST(s->attrs_seen, BA_NEXT_HOP)) + { REPORT(NO_MANDATORY, "NEXT_HOP"); goto withdraw; } + /* When receiving attributes from non-AS4-aware BGP speaker, we have to reconstruct AS_PATH and AGGREGATOR attributes; RFC 6793 4.2.3 */ if (!p->as4_session) From caa9d03d65ce827ce536d54b26988e70767e032f Mon Sep 17 00:00:00 2001 From: "Ondrej Zajicek (work)" Date: Wed, 13 Jun 2018 15:22:29 +0200 Subject: [PATCH 3/3] Babel: Fix handling of missing IPv4 next hops In case of missing IPv4 next hop, we should skip such routes on transmit and ignore such routes on receive. Thanks to Julian Schuh for the bugreport and Toke Hoiland-Jorgensen for the original patch. --- proto/babel/babel.c | 8 ++++++-- proto/babel/packets.c | 2 +- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/proto/babel/babel.c b/proto/babel/babel.c index 44c6adb8..20953044 100644 --- a/proto/babel/babel.c +++ b/proto/babel/babel.c @@ -952,6 +952,10 @@ babel_send_update_(struct babel_iface *ifa, btime changed, struct fib *rtable) msg.update.next_hop = ((e->n.addr->type == NET_IP4) ? ifa->next_hop_ip4 : ifa->next_hop_ip6); + /* Do not send route if next hop is unknown, e.g. no configured IPv4 address */ + if (ipa_zero(msg.update.next_hop)) + continue; + babel_enqueue(&msg, ifa); /* Update feasibility distance for redistributed routes */ @@ -1580,7 +1584,7 @@ babel_add_iface(struct babel_proto *p, struct iface *new, struct babel_iface_con ifa->next_hop_ip6 = ipa_nonzero(ic->next_hop_ip6) ? ic->next_hop_ip6 : ifa->addr; if (ipa_zero(ifa->next_hop_ip4) && p->ip4_channel) - log(L_WARN "%s: Cannot find IPv4 next hop addr on %s", p->p.name, new->name); + log(L_WARN "%s: Missing IPv4 next hop address for %s", p->p.name, new->name); init_list(&ifa->neigh_list); ifa->hello_seqno = 1; @@ -1682,7 +1686,7 @@ babel_reconfigure_iface(struct babel_proto *p, struct babel_iface *ifa, struct b ifa->next_hop_ip6 = ipa_nonzero(new->next_hop_ip6) ? new->next_hop_ip6 : ifa->addr; if (ipa_zero(ifa->next_hop_ip4) && p->ip4_channel) - log(L_WARN "%s: Cannot find IPv4 next hop addr on %s", p->p.name, ifa->ifname); + log(L_WARN "%s: Missing IPv4 next hop address for %s", p->p.name, ifa->ifname); if (ifa->next_hello > (current_time() + new->hello_interval)) ifa->next_hello = current_time() + (random() % new->hello_interval); diff --git a/proto/babel/packets.c b/proto/babel/packets.c index 59678678..d4ecf649 100644 --- a/proto/babel/packets.c +++ b/proto/babel/packets.c @@ -616,7 +616,7 @@ babel_read_update(struct babel_tlv *hdr, union babel_msg *m, /* Update must have next hop, unless it is retraction */ if (ipa_zero(state->next_hop_ip4) && (msg->metric != BABEL_INFINITY)) - return PARSE_ERROR; + return PARSE_IGNORE; /* Merge saved prefix and received prefix parts */ memcpy(buf, state->def_ip4_prefix, tlv->omitted);