From dc8d9dec4a3484f358d2117328fe860e8e7b16bb Mon Sep 17 00:00:00 2001 From: "Ondrej Zajicek (work)" Date: Wed, 12 Aug 2020 19:42:44 +0200 Subject: [PATCH 1/2] OSPF: Skip out-of-state packets earlier Sometimes multicast OSPF packet is received when neighbor adjacency is not established. Such packet should be ignored earlier in packet processing as otherwise it causes strange error messages when OSPFv3 authentication is enabled. --- proto/ospf/packet.c | 24 ++++++++++++++++++++---- 1 file changed, 20 insertions(+), 4 deletions(-) diff --git a/proto/ospf/packet.c b/proto/ospf/packet.c index cbc8f2ec..85cbbdf0 100644 --- a/proto/ospf/packet.c +++ b/proto/ospf/packet.c @@ -14,6 +14,14 @@ #include "lib/mac.h" #include "lib/socket.h" +const char * const ospf_pkt_names[] = { + [HELLO_P] = "HELLO", + [DBDES_P] = "DBDES", + [LSREQ_P] = "LSREQ", + [LSUPD_P] = "LSUPD", + [LSACK_P] = "LSACK", +}; + void ospf_pkt_fill_hdr(struct ospf_iface *ifa, void *buf, u8 h_type) { @@ -550,6 +558,10 @@ found: if (rid == 0) DROP1("zero router ID"); + /* Check packet type here, ospf_pkt_checkauth3() expects valid values */ + if (pkt->type < HELLO_P || pkt->type > LSACK_P) + DROP("invalid packet type", pkt->type); + /* In OSPFv2, neighbors are identified by either IP or Router ID, based on network type */ uint t = ifa->type; struct ospf_neighbor *n; @@ -565,11 +577,15 @@ found: return 1; } - /* Check packet type here, ospf_pkt_checkauth3() expects valid values */ - if (pkt->type < HELLO_P || pkt->type > LSACK_P) - DROP("invalid packet type", pkt->type); + /* We need to ignore out-of-state packets before ospf_pkt_checkauth3() */ + if ((pkt->type > DBDES_P) && (n->state < NEIGHBOR_EXCHANGE)) + { + OSPF_TRACE(D_PACKETS, "%s packet ignored - lesser state than Exchange", + ospf_pkt_names[pkt->type]); + return 1; + } - /* ospf_pkt_checkauth() has its own error logging */ + /* ospf_pkt_checkauthX() has its own error logging */ if ((ospf_is_v2(p) ? !ospf_pkt_checkauth2(n, ifa, pkt, len) : !ospf_pkt_checkauth3(n, ifa, pkt, len, sk->faddr))) From 600eb695b1a273f8b3fd4f2c524d8eeef25483aa Mon Sep 17 00:00:00 2001 From: Maria Matejka Date: Mon, 31 Aug 2020 15:41:39 +0200 Subject: [PATCH 2/2] OSPF: Fixed a debug assert --- proto/ospf/topology.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/proto/ospf/topology.c b/proto/ospf/topology.c index f59db49d..f1f6570d 100644 --- a/proto/ospf/topology.c +++ b/proto/ospf/topology.c @@ -335,7 +335,7 @@ ospf_originate_lsa(struct ospf_proto *p, struct ospf_new_lsa *lsa) * equal to 0 while sizeof(struct ospf_lsa_header) is non-zero. * Therefore memcmp() is never executed with NULL here. * */ - ASSUME((en->lsa.length == 0) == (en->lsa_body == NULL)); + ASSUME(en->lsa.age >= LSA_MAXAGE || (en->lsa.length == 0) == (en->lsa_body == NULL)); /* Ignore the the new LSA if is the same as the current one */ if ((en->lsa.age < LSA_MAXAGE) &&