0
0
mirror of https://gitlab.nic.cz/labs/bird.git synced 2024-12-22 09:41:54 +00:00

OSPF: Fix handling of unnumbered PtPs

This issue has a long history. In 2012, we changed data field for
unnumbered PtP links from iface id (specified by RFC) to IP address based
on reports of bugs in Quagga that required it, and we used out-of-band
information to distinquish unnumberred PtPs with the same local IP
address.

Then with OSPF graceful restart implementation, we found that we can no
longer use out-of-band information, and we need to use only LSAdb info
for routing table calculation, but i forgot to finish handling of this
case, so multiple unnumbered PtPs with the same local IP addresses were
broken.

Considering that even recent Mikrotik RouterOS has broken next hop
calculation that depends on IP address in PtP link data field, we
cannot just switch back to the iface id for unnumbered PtP links.

The patch makes two changes: First, it goes back to use out-of-band
(position) info for distinguishing local interfaces in SPF when graceful
restart is not enabled, while still uses LSAdb-only approach for SPF
calculation when graceful restart is enabled.

Second, it adds OSPF interface option 'ptp address', which controls
whether IP address or iface id is used in data field. It is enabled
by default except for unnumbered PtP links with enabled graceful
restart.

Thanks to Kenth Eriksson for the bugreport and Joakim Tjernlund for
suggestions.
This commit is contained in:
Ondrej Zajicek (work) 2020-05-26 18:21:43 +02:00
parent 1ca7665fa4
commit c1632ad0f3
6 changed files with 81 additions and 17 deletions

View File

@ -3760,11 +3760,28 @@ protocol ospf [v2|v3] <name> {
In <cf/type ptp/ network configurations, OSPFv2 implementations should
ignore received netmask field in hello packets and should send hello
packets with zero netmask field on unnumbered PtP links. But some OSPFv2
implementations perform netmask checking even for PtP links. This option
specifies whether real netmask will be used in hello packets on <cf/type
ptp/ interfaces. You should ignore this option unless you meet some
compatibility problems related to this issue. Default value is no for
unnumbered PtP links, yes otherwise.
implementations perform netmask checking even for PtP links.
This option specifies whether real netmask will be used in hello packets
on <cf/type ptp/ interfaces. You should ignore this option unless you
meet some compatibility problems related to this issue. Default value is
no for unnumbered PtP links, yes otherwise.
<tag><label id="ospf-ptp-address">ptp address <m/switch/</tag>
In <cf/type ptp/ network configurations, OSPFv2 implementations should
use IP address for regular PtP links and interface id for unnumbered PtP
links in data field of link description records in router LSA. This data
field has only local meaning for PtP links, but some broken OSPFv2
implementations assume there is an IP address and use it as a next hop
in SPF calculations. Note that interface id for unnumbered PtP links is
necessary when graceful restart is enabled to distinguish PtP links with
the same local IP address.
This option specifies whether an IP address will be used in data field
for <cf/type ptp/ interfaces, it is ignored for other interfaces. You
should ignore this option unless you meet some compatibility problems
related to this issue. Default value is no for unnumbered PtP links when
graceful restart is enabled, yes otherwise.
<tag><label id="ospf-check-link">check link <M>switch</M></tag>
If set, a hardware link state (reported by OS) is taken into consideration.

View File

@ -199,7 +199,7 @@ CF_KEYWORDS(ELIGIBLE, POLL, NETWORKS, HIDDEN, VIRTUAL, CHECK, LINK, ONLY, BFD)
CF_KEYWORDS(RX, BUFFER, LARGE, NORMAL, STUBNET, HIDDEN, SUMMARY, TAG, EXTERNAL)
CF_KEYWORDS(WAIT, DELAY, LSADB, ECMP, LIMIT, WEIGHT, NSSA, TRANSLATOR, STABILITY)
CF_KEYWORDS(GLOBAL, LSID, ROUTER, SELF, INSTANCE, REAL, NETMASK, TX, PRIORITY, LENGTH)
CF_KEYWORDS(MERGE, LSA, SUPPRESSION, MULTICAST, RFC5838, VPN, PE)
CF_KEYWORDS(MERGE, LSA, SUPPRESSION, MULTICAST, RFC5838, VPN, PE, ADDRESS)
CF_KEYWORDS(GRACEFUL, RESTART, AWARE, TIME)
%type <ld> lsadb_args
@ -396,6 +396,7 @@ ospf_iface_item:
| TYPE PTMP { OSPF_PATT->type = OSPF_IT_PTMP ; }
| REAL BROADCAST bool { OSPF_PATT->real_bcast = $3; if (!ospf_cfg_is_v2()) cf_error("Real broadcast option requires OSPFv2"); }
| PTP NETMASK bool { OSPF_PATT->ptp_netmask = $3; if (!ospf_cfg_is_v2()) cf_error("PtP netmask option requires OSPFv2"); }
| PTP ADDRESS bool { OSPF_PATT->ptp_address = $3; if (!ospf_cfg_is_v2()) cf_error("PtP address option requires OSPFv2"); }
| TRANSMIT DELAY expr { OSPF_PATT->inftransdelay = $3 ; if (($3<=0) || ($3>65535)) cf_error("Transmit delay must be in range 1-65535"); }
| PRIORITY expr { OSPF_PATT->priority = $2 ; if ($2>255) cf_error("Priority must be in range 0-255"); }
| STRICT NONBROADCAST bool { OSPF_PATT->strictnbma = $3 ; }
@ -475,6 +476,7 @@ ospf_iface_start:
init_list(&OSPF_PATT->nbma_list);
OSPF_PATT->check_link = 1;
OSPF_PATT->ptp_netmask = 2; /* not specified */
OSPF_PATT->ptp_address = 2; /* not specified */
OSPF_PATT->tx_tos = IP_PREC_INTERNET_CONTROL;
OSPF_PATT->tx_priority = sk_priority_control;
reset_passwords();

View File

@ -602,6 +602,11 @@ ospf_iface_new(struct ospf_area *oa, struct ifa *addr, struct ospf_iface_patt *i
if (ip->ptp_netmask < 2)
ifa->ptp_netmask = ip->ptp_netmask;
/* For compatibility, we may use ptp_address even for unnumbered links */
ifa->ptp_address = !(addr->flags & IA_PEER) || (p->gr_mode != OSPF_GR_ABLE);
if (ip->ptp_address < 2)
ifa->ptp_address = ip->ptp_address;
ifa->drip = ifa->bdrip = ospf_is_v2(p) ? IPA_NONE4 : IPA_NONE6;
ifa->type = ospf_iface_classify(ip->type, addr);
@ -1004,6 +1009,29 @@ ospf_iface_reconfigure(struct ospf_iface *ifa, struct ospf_iface_patt *new)
ospf_notify_link_lsa(ifa);
}
/* PtP netmask */
int new_ptp_netmask = (new->ptp_netmask < 2) ? new->ptp_netmask :
!(ifa->addr->flags & IA_PEER);
if (ifa->ptp_netmask != new_ptp_netmask)
{
OSPF_TRACE(D_EVENTS, "Changing PtP netmask option of %s from %d to %d",
ifname, ifa->ptp_netmask, new_ptp_netmask);
ifa->ptp_netmask = new_ptp_netmask;
}
/* PtP address */
int new_ptp_address = (new->ptp_address < 2) ? new->ptp_address :
(!(ifa->addr->flags & IA_PEER) || (p->gr_mode != OSPF_GR_ABLE));
if (ifa->ptp_address != new_ptp_address)
{
/* Keep it silent for implicit changes */
if (new->ptp_address < 2)
OSPF_TRACE(D_EVENTS, "Changing PtP address option of %s from %d to %d",
ifname, ifa->ptp_address, new_ptp_address);
ifa->ptp_address = new_ptp_address;
}
/* BFD */
if (ifa->bfd != new->bfd)
{

View File

@ -191,6 +191,7 @@ struct ospf_iface_patt
u8 link_lsa_suppression;
u8 real_bcast; /* Not really used in OSPFv3 */
u8 ptp_netmask; /* bool + 2 for unspecified */
u8 ptp_address; /* bool + 2 for unspecified */
u8 ttl_security; /* bool + 2 for TX only */
u8 bfd;
list *passwords;
@ -348,6 +349,7 @@ struct ospf_iface
u8 ecmp_weight; /* Weight used for ECMP */
u8 link_lsa_suppression; /* Suppression of Link-LSA origination */
u8 ptp_netmask; /* Send real netmask for P2P */
u8 ptp_address; /* Send IP address in data field for PtP */
u8 check_ttl; /* Check incoming packets for TTL 255 */
u8 bfd; /* Use BFD on iface */
};
@ -1018,6 +1020,20 @@ struct nbma_node *find_nbma_node_(list *nnl, ip_addr ip);
static inline struct nbma_node * find_nbma_node(struct ospf_iface *ifa, ip_addr ip)
{ return find_nbma_node_(&ifa->nbma_list, ip); }
static inline u32 ospf_iface_get_data(struct ospf_iface *ifa)
{
/*
* Return expected value of the link data field in Rt-LSA for given iface.
* It should be ifa->iface_id for unnumbered PtP links, IP address otherwise
* (see RFC 2328 12.4.1.1). It is controlled by ifa->ptp_address field so it
* can be overriden for compatibility purposes.
*/
return ((ifa->type == OSPF_IT_PTP) && !ifa->ptp_address) ?
ifa->iface_id :
ipa_to_u32(ifa->addr->ip);
}
/* neighbor.c */
struct ospf_neighbor *ospf_neighbor_new(struct ospf_iface *ifa);
void ospf_neigh_sm(struct ospf_neighbor *n, int event);

View File

@ -395,12 +395,10 @@ px_pos_to_ifa(struct ospf_area *oa, int pos)
static inline struct ospf_iface *
rt_find_iface2(struct ospf_area *oa, uint data)
{
ip_addr addr = ipa_from_u32(data);
/* We should handle it differently for unnumbered PTP links */
struct ospf_iface *ifa;
WALK_LIST(ifa, oa->po->iface_list)
if ((ifa->oa == oa) && ifa->addr && (ipa_equal(ifa->addr->ip, addr)))
if ((ifa->oa == oa) && ifa->addr && (ospf_iface_get_data(ifa) == data))
return ifa;
return NULL;
@ -420,7 +418,13 @@ rt_find_iface3(struct ospf_area *oa, uint lif)
static struct ospf_iface *
rt_find_iface(struct ospf_area *oa, int pos, uint data, uint lif)
{
if (0)
/*
* We can use both position based lookup (which is more reliable) and data/lif
* based lookup (which works even during graceful restart). We will prefer the
* first approach, but use the second one for GR-enabled instances.
*/
if (oa->po->gr_mode != OSPF_GR_ABLE)
return rt_pos_to_ifa(oa, pos);
else
return ospf_is_v2(oa->po) ? rt_find_iface2(oa, data) : rt_find_iface3(oa, lif);

View File

@ -797,14 +797,11 @@ prepare_rt2_lsa_body(struct ospf_proto *p, struct ospf_area *oa)
if (neigh->state == NEIGHBOR_FULL)
{
/*
* ln->data should be ifa->iface_id in case of no/ptp
* address (ifa->addr->flags & IA_PEER) on PTP link (see
* RFC 2328 12.4.1.1.), but the iface ID value has no use,
* while using IP address even in this case is here for
* compatibility with some broken implementations that use
* this address as a next-hop.
* ln->data field should be ifa->iface_id for unnumbered PtP links,
* IP address otherwise (see RFC 2328 12.4.1.1). This is controlled
* by ifa->ptp_address field.
*/
add_rt2_lsa_link(p, LSART_PTP, neigh->rid, ipa_to_u32(ifa->addr->ip), link_cost);
add_rt2_lsa_link(p, LSART_PTP, neigh->rid, ospf_iface_get_data(ifa), link_cost);
i++;
}
break;