Statistics
| Branch: | Revision:

iof-bird-daemon / proto / ospf / packet.c @ 04632fd7

History | View | Annotate | Download (12.7 KB)

1
/*
2
 *        BIRD -- OSPF
3
 *
4
 *        (c) 1999--2005 Ondrej Filip <feela@network.cz>
5
 *        (c) 2009--2014 Ondrej Zajicek <santiago@crfreenet.org>
6
 *        (c) 2009--2014 CZ.NIC z.s.p.o.
7
 *
8
 *        Can be freely distributed and used under the terms of the GNU GPL.
9
 */
10

    
11
#include "ospf.h"
12
#include "nest/password.h"
13
#include "lib/md5.h"
14
#include "lib/socket.h"
15

    
16
void
17
ospf_pkt_fill_hdr(struct ospf_iface *ifa, void *buf, u8 h_type)
18
{
19
  struct ospf_proto *p = ifa->oa->po;
20
  struct ospf_packet *pkt;
21

    
22
  pkt = (struct ospf_packet *) buf;
23

    
24
  pkt->version = ospf_get_version(p);
25
  pkt->type = h_type;
26
  pkt->length = htons(ospf_pkt_maxsize(p, ifa));
27
  pkt->routerid = htonl(p->router_id);
28
  pkt->areaid = htonl(ifa->oa->areaid);
29
  pkt->checksum = 0;
30
  pkt->instance_id = ifa->instance_id;
31
  pkt->autype = ifa->autype;
32
}
33

    
34
uint
35
ospf_pkt_maxsize(struct ospf_proto *p, struct ospf_iface *ifa)
36
{
37
  uint headers = ospf_is_v2(p) ? IP4_HEADER_LENGTH : IP6_HEADER_LENGTH;
38

    
39
  /* Relevant just for OSPFv2 */
40
  if (ifa->autype == OSPF_AUTH_CRYPT)
41
    headers += OSPF_AUTH_CRYPT_SIZE;
42

    
43
  return ifa->tx_length - headers;
44
}
45

    
46
/* We assume OSPFv2 in ospf_pkt_finalize() */
47
static void
48
ospf_pkt_finalize(struct ospf_iface *ifa, struct ospf_packet *pkt)
49
{
50
  struct password_item *passwd = NULL;
51
  union ospf_auth *auth = (void *) (pkt + 1);
52
  uint plen = ntohs(pkt->length);
53

    
54
  pkt->checksum = 0;
55
  pkt->autype = ifa->autype;
56
  bzero(auth, sizeof(union ospf_auth));
57

    
58
  /* Compatibility note: auth may contain anything if autype is
59
     none, but nonzero values do not work with Mikrotik OSPF */
60

    
61
  switch (ifa->autype)
62
  {
63
  case OSPF_AUTH_SIMPLE:
64
    passwd = password_find(ifa->passwords, 1);
65
    if (!passwd)
66
    {
67
      log(L_ERR "No suitable password found for authentication");
68
      return;
69
    }
70
    strncpy(auth->password, passwd->password, sizeof(auth->password));
71

    
72
  case OSPF_AUTH_NONE:
73
    {
74
      void *body = (void *) (auth + 1);
75
      uint blen = plen - sizeof(struct ospf_packet) - sizeof(union ospf_auth);
76
      pkt->checksum = ipsum_calculate(pkt, sizeof(struct ospf_packet), body, blen, NULL);
77
    }
78
    break;
79

    
80
  case OSPF_AUTH_CRYPT:
81
    passwd = password_find(ifa->passwords, 0);
82
    if (!passwd)
83
    {
84
      log(L_ERR "No suitable password found for authentication");
85
      return;
86
    }
87

    
88
    /* Perhaps use random value to prevent replay attacks after
89
       reboot when system does not have independent RTC? */
90
    if (!ifa->csn)
91
    {
92
      ifa->csn = (u32) now;
93
      ifa->csn_use = now;
94
    }
95

    
96
    /* We must have sufficient delay between sending a packet and increasing
97
       CSN to prevent reordering of packets (in a network) with different CSNs */
98
    if ((now - ifa->csn_use) > 1)
99
      ifa->csn++;
100

    
101
    ifa->csn_use = now;
102

    
103
    auth->md5.zero = 0;
104
    auth->md5.keyid = passwd->id;
105
    auth->md5.len = OSPF_AUTH_CRYPT_SIZE;
106
    auth->md5.csn = htonl(ifa->csn);
107

    
108
    void *tail = ((void *) pkt) + plen;
109
    char password[OSPF_AUTH_CRYPT_SIZE];
110
    strncpy(password, passwd->password, sizeof(password));
111

    
112
    struct md5_context ctx;
113
    md5_init(&ctx);
114
    md5_update(&ctx, (char *) pkt, plen);
115
    md5_update(&ctx, password, OSPF_AUTH_CRYPT_SIZE);
116
    memcpy((byte *) tail, md5_final(&ctx), MD5_SIZE);
117
    break;
118

    
119
  default:
120
    bug("Unknown authentication type");
121
  }
122
}
123

    
124

    
125
/* We assume OSPFv2 in ospf_pkt_checkauth() */
126
static int
127
ospf_pkt_checkauth(struct ospf_neighbor *n, struct ospf_iface *ifa, struct ospf_packet *pkt, int len)
128
{
129
  struct ospf_proto *p = ifa->oa->po;
130
  union ospf_auth *auth = (void *) (pkt + 1);
131
  struct password_item *pass = NULL;
132
  const char *err_dsc = NULL;
133
  uint err_val = 0;
134

    
135
  uint plen = ntohs(pkt->length);
136
  u8 autype = pkt->autype;
137

    
138
  if (autype != ifa->autype)
139
    DROP("authentication method mismatch", autype);
140

    
141
  switch (autype)
142
  {
143
  case OSPF_AUTH_NONE:
144
    return 1;
145

    
146
  case OSPF_AUTH_SIMPLE:
147
    pass = password_find(ifa->passwords, 1);
148
    if (!pass)
149
      DROP1("no password found");
150

    
151
    if (!password_verify(pass, auth->password, sizeof(auth->password)))
152
      DROP("wrong password", pass->id);
153

    
154
    return 1;
155

    
156
  case OSPF_AUTH_CRYPT:
157
    if (auth->md5.len != OSPF_AUTH_CRYPT_SIZE)
158
      DROP("invalid MD5 digest length", auth->md5.len);
159

    
160
    if (plen + OSPF_AUTH_CRYPT_SIZE > len)
161
      DROP("length mismatch", len);
162

    
163
    u32 rcv_csn = ntohl(auth->md5.csn);
164
    if (n && (rcv_csn < n->csn))
165
      // DROP("lower sequence number", rcv_csn);
166
    {
167
      /* We want to report both new and old CSN */
168
      LOG_PKT_AUTH("Authentication failed for nbr %R on %s - "
169
                   "lower sequence number (rcv %u, old %u)",
170
                   n->rid, ifa->ifname, rcv_csn, n->csn);
171
      return 0;
172
    }
173

    
174
    pass = password_find_by_id(ifa->passwords, auth->md5.keyid);
175
    if (!pass)
176
      DROP("no suitable password found", auth->md5.keyid);
177

    
178
    byte *tail = ((byte *) pkt) + plen;
179
    char received[OSPF_AUTH_CRYPT_SIZE];
180
    memcpy(received, tail, OSPF_AUTH_CRYPT_SIZE);
181
    strncpy(tail, pass->password, OSPF_AUTH_CRYPT_SIZE);
182

    
183
    struct md5_context ctx;
184
    md5_init(&ctx);
185
    md5_update(&ctx, (byte *) pkt, plen + OSPF_AUTH_CRYPT_SIZE);
186
    char *computed = md5_final(&ctx);
187

    
188
    if (memcmp(received, computed, OSPF_AUTH_CRYPT_SIZE))
189
      DROP("wrong MD5 digest", pass->id);
190

    
191
    if (n)
192
      n->csn = rcv_csn;
193

    
194
    return 1;
195

    
196
  default:
197
    bug("Unknown authentication type");
198
  }
199

    
200
drop:
201
  LOG_PKT_AUTH("Authentication failed for nbr %R on %s - %s (%u)",
202
               (n ? n->rid : ntohl(pkt->routerid)), ifa->ifname, err_dsc, err_val);
203

    
204
  return 0;
205
}
206

    
207
/**
208
 * ospf_rx_hook
209
 * @sk: socket we received the packet.
210
 * @size: size of the packet
211
 *
212
 * This is the entry point for messages from neighbors. Many checks (like
213
 * authentication, checksums, size) are done before the packet is passed to
214
 * non generic functions.
215
 */
216
int
217
ospf_rx_hook(sock *sk, int len)
218
{
219
  /* We want just packets from sk->iface. Unfortunately, on BSD we cannot filter
220
     out other packets at kernel level and we receive all packets on all sockets */
221
  if (sk->lifindex != sk->iface->index)
222
    return 1;
223

    
224
  DBG("OSPF: RX hook called (iface %s, src %I, dst %I)\n",
225
      sk->iface->name, sk->faddr, sk->laddr);
226

    
227
  /* Initially, the packet is associated with the 'master' iface */
228
  struct ospf_iface *ifa = sk->data;
229
  struct ospf_proto *p = ifa->oa->po;
230
  const char *err_dsc = NULL;
231
  uint err_val = 0;
232

    
233
  /* Should not happen */
234
  if (ifa->state <= OSPF_IS_LOOP)
235
    return 1;
236

    
237
  int src_local, dst_local, dst_mcast;
238
  src_local = ipa_in_netX(sk->faddr, &ifa->addr->prefix);
239
  dst_local = ipa_equal(sk->laddr, ifa->addr->ip);
240
  dst_mcast = ipa_equal(sk->laddr, ifa->all_routers) || ipa_equal(sk->laddr, ifa->des_routers);
241

    
242
  if (ospf_is_v2(p))
243
  {
244
    /* First, we eliminate packets with strange address combinations.
245
     * In OSPFv2, they might be for other ospf_ifaces (with different IP
246
     * prefix) on the same real iface, so we don't log it. We enforce
247
     * that (src_local || dst_local), therefore we are eliminating all
248
     * such cases.
249
     */
250
    if (dst_mcast && !src_local)
251
      return 1;
252
    if (!dst_mcast && !dst_local)
253
      return 1;
254

    
255
    /* Ignore my own broadcast packets */
256
    if (ifa->cf->real_bcast && ipa_equal(sk->faddr, ifa->addr->ip))
257
      return 1;
258
  }
259
  else
260
  {
261
    /* In OSPFv3, src_local and dst_local mean link-local.
262
     * RFC 5340 says that local (non-vlink) packets use
263
     * link-local src address, but does not enforce it. Strange.
264
     */
265
    if (dst_mcast && !src_local)
266
      LOG_PKT_WARN("Multicast packet received from non-link-local %I via %s",
267
                   sk->faddr, ifa->ifname);
268
  }
269

    
270
  /* Second, we check packet length, checksum, and the protocol version */
271
  struct ospf_packet *pkt = (void *) sk_rx_buffer(sk, &len);
272

    
273

    
274
  if (pkt == NULL)
275
    DROP("bad IP header", len);
276

    
277
  if (ifa->check_ttl && (sk->rcv_ttl < 255))
278
    DROP("wrong TTL", sk->rcv_ttl);
279

    
280
  if (len < sizeof(struct ospf_packet))
281
    DROP("too short", len);
282

    
283
  if (pkt->version != ospf_get_version(p))
284
    DROP("version mismatch", pkt->version);
285

    
286
  uint plen = ntohs(pkt->length);
287
  if ((plen < sizeof(struct ospf_packet)) || ((plen % 4) != 0))
288
    DROP("invalid length", plen);
289

    
290
  if (sk->flags & SKF_TRUNCATED)
291
  {
292
    /* If we have dynamic buffers and received truncated message, we expand RX buffer */
293

    
294
    uint bs = plen + 256;
295
    bs = BIRD_ALIGN(bs, 1024);
296

    
297
    if (!ifa->cf->rx_buffer && (bs > sk->rbsize))
298
      sk_set_rbsize(sk, bs);
299

    
300
    DROP("truncated", plen);
301
  }
302

    
303
  if (plen > len)
304
    DROP("length mismatch", plen);
305

    
306
  if (ospf_is_v2(p) && (pkt->autype != OSPF_AUTH_CRYPT))
307
  {
308
    uint hlen = sizeof(struct ospf_packet) + sizeof(union ospf_auth);
309
    uint blen = plen - hlen;
310
    void *body = ((void *) pkt) + hlen;
311

    
312
    if (!ipsum_verify(pkt, sizeof(struct ospf_packet), body, blen, NULL))
313
      DROP1("invalid checksum");
314
  }
315

    
316
  /* Third, we resolve associated iface and handle vlinks. */
317

    
318
  u32 areaid = ntohl(pkt->areaid);
319
  u32 rid = ntohl(pkt->routerid);
320
  u8 instance_id = pkt->instance_id;
321

    
322
  if (areaid == ifa->oa->areaid)
323
  {
324
    /* Matching area ID */
325

    
326
    if (instance_id != ifa->instance_id)
327
      return 1;
328

    
329
    /* It is real iface, source should be local (in OSPFv2) */
330
    if (ospf_is_v2(p) && !src_local)
331
      DROP1("strange source address");
332

    
333
    goto found;
334
  }
335
  else if ((areaid == 0) && !dst_mcast)
336
  {
337
    /* Backbone area ID and possible vlink packet */
338

    
339
    if ((p->areano == 1) || !oa_is_ext(ifa->oa))
340
      return 1;
341

    
342
    struct ospf_iface *iff = NULL;
343
    WALK_LIST(iff, p->iface_list)
344
    {
345
      if ((iff->type == OSPF_IT_VLINK) &&
346
          (iff->voa == ifa->oa) &&
347
          (iff->instance_id == instance_id) &&
348
          (iff->vid == rid))
349
      {
350
        /* Vlink should be UP */
351
        if (iff->state != OSPF_IS_PTP)
352
          return 1;
353

    
354
        ifa = iff;
355
        goto found;
356
      }
357
    }
358

    
359
    /*
360
     * Cannot find matching vlink. It is either misconfigured vlink; NBMA or
361
     * PtMP with misconfigured area ID, or packet for some other instance (that
362
     * is possible even if instance_id == ifa->instance_id, because it may be
363
     * also vlink packet in the other instance, which is different namespace).
364
     */
365

    
366
    return 1;
367
  }
368
  else
369
  {
370
    /* Non-matching area ID but cannot be vlink packet */
371

    
372
    if (instance_id != ifa->instance_id)
373
      return 1;
374

    
375
    DROP("area mismatch", areaid);
376
  }
377

    
378

    
379
found:
380
  if (ifa->stub)            /* This shouldn't happen */
381
    return 1;
382

    
383
  if (ipa_equal(sk->laddr, ifa->des_routers) && (ifa->sk_dr == 0))
384
    return 1;
385

    
386
  if (rid == p->router_id)
387
    DROP1("my own router ID");
388

    
389
  if (rid == 0)
390
    DROP1("zero router ID");
391

    
392
  /* In OSPFv2, neighbors are identified by either IP or Router ID, based on network type */
393
  uint t = ifa->type;
394
  struct ospf_neighbor *n;
395
  if (ospf_is_v2(p) && ((t == OSPF_IT_BCAST) || (t == OSPF_IT_NBMA) || (t == OSPF_IT_PTMP)))
396
    n = find_neigh_by_ip(ifa, sk->faddr);
397
  else
398
    n = find_neigh(ifa, rid);
399

    
400
  if (!n && (pkt->type != HELLO_P))
401
  {
402
    OSPF_TRACE(D_PACKETS, "Non-HELLO packet received from unknown nbr %R on %s, src %I",
403
               rid, ifa->ifname, sk->faddr);
404
    return 1;
405
  }
406

    
407
  /* ospf_pkt_checkauth() has its own error logging */
408
  if (ospf_is_v2(p) && !ospf_pkt_checkauth(n, ifa, pkt, len))
409
    return 1;
410

    
411
  switch (pkt->type)
412
  {
413
  case HELLO_P:
414
    ospf_receive_hello(pkt, ifa, n, sk->faddr);
415
    break;
416

    
417
  case DBDES_P:
418
    ospf_receive_dbdes(pkt, ifa, n);
419
    break;
420

    
421
  case LSREQ_P:
422
    ospf_receive_lsreq(pkt, ifa, n);
423
    break;
424

    
425
  case LSUPD_P:
426
    ospf_receive_lsupd(pkt, ifa, n);
427
    break;
428

    
429
  case LSACK_P:
430
    ospf_receive_lsack(pkt, ifa, n);
431
    break;
432

    
433
  default:
434
    DROP("invalid packet type", pkt->type);
435
  };
436
  return 1;
437

    
438
drop:
439
  LOG_PKT("Bad packet from %I via %s - %s (%u)",
440
          sk->faddr, ifa->ifname, err_dsc, err_val);
441

    
442
  return 1;
443
}
444

    
445
/*
446
void
447
ospf_tx_hook(sock * sk)
448
{
449
  struct ospf_iface *ifa= (struct ospf_iface *) (sk->data);
450
//  struct proto *p = (struct proto *) (ifa->oa->p);
451
  log(L_ERR "OSPF: TX hook called on %s", ifa->ifname);
452
}
453
*/
454

    
455
void
456
ospf_err_hook(sock * sk, int err)
457
{
458
  struct ospf_iface *ifa= (struct ospf_iface *) (sk->data);
459
  struct ospf_proto *p = ifa->oa->po;
460
  log(L_ERR "%s: Socket error on %s: %M", p->p.name, ifa->ifname, err);
461
}
462

    
463
void
464
ospf_verr_hook(sock *sk, int err)
465
{
466
  struct ospf_proto *p = (struct ospf_proto *) (sk->data);
467
  log(L_ERR "%s: Vlink socket error: %M", p->p.name, err);
468
}
469

    
470
void
471
ospf_send_to(struct ospf_iface *ifa, ip_addr dst)
472
{
473
  sock *sk = ifa->sk;
474
  struct ospf_packet *pkt = (struct ospf_packet *) sk->tbuf;
475
  int plen = ntohs(pkt->length);
476

    
477
  if (ospf_is_v2(ifa->oa->po))
478
  {
479
    if (ifa->autype == OSPF_AUTH_CRYPT)
480
      plen += OSPF_AUTH_CRYPT_SIZE;
481

    
482
    ospf_pkt_finalize(ifa, pkt);
483
  }
484

    
485
  int done = sk_send_to(sk, plen, dst, 0);
486
  if (!done)
487
    log(L_WARN "OSPF: TX queue full on %s", ifa->ifname);
488
}
489

    
490
void
491
ospf_send_to_agt(struct ospf_iface *ifa, u8 state)
492
{
493
  struct ospf_neighbor *n;
494

    
495
  WALK_LIST(n, ifa->neigh_list)
496
    if (n->state >= state)
497
      ospf_send_to(ifa, n->ip);
498
}
499

    
500
void
501
ospf_send_to_bdr(struct ospf_iface *ifa)
502
{
503
  if (ipa_nonzero2(ifa->drip))
504
    ospf_send_to(ifa, ifa->drip);
505
  if (ipa_nonzero2(ifa->bdrip))
506
    ospf_send_to(ifa, ifa->bdrip);
507
}