Statistics
| Branch: | Revision:

iof-bird-daemon / proto / ospf / packet.c @ b21f68b4

History | View | Annotate | Download (10.6 KB)

1
/*
2
 *        BIRD -- OSPF
3
 *
4
 *        (c) 1999--2005 Ondrej Filip <feela@network.cz>
5
 *
6
 *        Can be freely distributed and used under the terms of the GNU GPL.
7
 */
8

    
9
#include "ospf.h"
10
#include "nest/password.h"
11
#include "lib/md5.h"
12

    
13
void
14
ospf_pkt_fill_hdr(struct ospf_iface *ifa, void *buf, u8 h_type)
15
{
16
  struct ospf_packet *pkt;
17
  struct proto *p = (struct proto *) (ifa->oa->po);
18

    
19
  pkt = (struct ospf_packet *) buf;
20

    
21
  pkt->version = OSPF_VERSION;
22

    
23
  pkt->type = h_type;
24

    
25
  pkt->routerid = htonl(p->cf->global->router_id);
26
  pkt->areaid = htonl(ifa->oa->areaid);
27
  pkt->autype = htons(ifa->autype);
28
  pkt->checksum = 0;
29
}
30

    
31
unsigned
32
ospf_pkt_maxsize(struct ospf_iface *ifa)
33
{
34
  unsigned mtu = (ifa->type == OSPF_IT_VLINK) ? OSPF_VLINK_MTU : ifa->iface->mtu;
35
  /* Can be mtu < 576? */
36
  return ((mtu <=  ifa->iface->mtu) ? mtu : ifa->iface->mtu) -
37
  SIZE_OF_IP_HEADER - ((ifa->autype == OSPF_AUTH_CRYPT) ? OSPF_AUTH_CRYPT_SIZE : 0);
38
  /* For virtual links use mtu=576 */
39
}
40

    
41
void
42
ospf_pkt_finalize(struct ospf_iface *ifa, struct ospf_packet *pkt)
43
{
44
  struct password_item *passwd = NULL;
45
  void *tail;
46
  struct MD5Context ctxt;
47
  char password[OSPF_AUTH_CRYPT_SIZE];
48

    
49
  pkt->autype = htons(ifa->autype);
50

    
51
  switch(ifa->autype)
52
  {
53
    case OSPF_AUTH_SIMPLE:
54
      bzero(&pkt->u, sizeof(union ospf_auth));
55
      passwd = password_find(ifa->passwords, 1);
56
      if (!passwd)
57
      {
58
        log( L_ERR "No suitable password found for authentication" );
59
        return;
60
      }
61
      password_cpy(pkt->u.password, passwd->password, sizeof(union ospf_auth));
62
    case OSPF_AUTH_NONE:
63
      pkt->checksum = ipsum_calculate(pkt, sizeof(struct ospf_packet) -
64
                                  sizeof(union ospf_auth), (pkt + 1),
65
                                  ntohs(pkt->length) -
66
                                  sizeof(struct ospf_packet), NULL);
67
      break;
68
    case OSPF_AUTH_CRYPT:
69
      passwd = password_find(ifa->passwords, 0);
70
      if (!passwd)
71
      {
72
        log( L_ERR "No suitable password found for authentication" );
73
        return;
74
      }
75

    
76
      pkt->checksum = 0;
77

    
78
      if (!ifa->csn)
79
        ifa->csn = (u32) time(NULL);
80

    
81
      pkt->u.md5.keyid = passwd->id;
82
      pkt->u.md5.len = OSPF_AUTH_CRYPT_SIZE;
83
      pkt->u.md5.zero = 0;
84
      pkt->u.md5.csn = htonl(ifa->csn++);
85
      tail = ((void *)pkt) + ntohs(pkt->length);
86
      MD5Init(&ctxt);
87
      MD5Update(&ctxt, (char *) pkt, ntohs(pkt->length));
88
      password_cpy(password, passwd->password, OSPF_AUTH_CRYPT_SIZE);
89
      MD5Update(&ctxt, password, OSPF_AUTH_CRYPT_SIZE);
90
      MD5Final(tail, &ctxt);
91
      break;
92
    default:
93
      bug("Unknown authentication type");
94
  }
95
}
96

    
97
static int
98
ospf_pkt_checkauth(struct ospf_neighbor *n, struct ospf_iface *ifa, struct ospf_packet *pkt, int size)
99
{
100
  struct proto_ospf *po = ifa->oa->po;
101
  struct proto *p = &po->proto;
102
  struct password_item *pass = NULL, *ptmp;
103
  void *tail;
104
  char md5sum[OSPF_AUTH_CRYPT_SIZE];
105
  char password[OSPF_AUTH_CRYPT_SIZE];
106
  struct MD5Context ctxt;
107

    
108

    
109
  if (pkt->autype != htons(ifa->autype))
110
  {
111
    OSPF_TRACE(D_PACKETS, "OSPF_auth: Method differs (%d)", ntohs(pkt->autype));
112
    return 0;
113
  }
114

    
115
  if (n && (ifa != n->ifa))
116
  {
117
    OSPF_TRACE(D_PACKETS, "OSPF_auth: received packet from strange interface (%s/%s)",
118
      ifa->iface->name, n->ifa->iface->name);
119
    return 0;
120
  }
121

    
122
  switch(ifa->autype)
123
  {
124
    case OSPF_AUTH_NONE:
125
      return 1;
126
      break;
127
    case OSPF_AUTH_SIMPLE:
128
      pass = password_find(ifa->passwords, 1);
129
      if(!pass)
130
      {
131
        OSPF_TRACE(D_PACKETS, "OSPF_auth: no password found");
132
        return 0;
133
      }
134
      password_cpy(password, pass->password, sizeof(union ospf_auth));
135

    
136
      if (memcmp(pkt->u.password, password, sizeof(union ospf_auth)))
137
      {
138
        char ppass[sizeof(union ospf_auth) + 1];
139
        bzero(ppass, (sizeof(union ospf_auth) + 1));
140
        memcpy(ppass, pkt->u.password, sizeof(union ospf_auth));
141
        OSPF_TRACE(D_PACKETS, "OSPF_auth: different passwords (%s)", ppass);
142
        return 0;
143
      }
144
      return 1;
145
      break;
146
    case OSPF_AUTH_CRYPT:
147
      if (pkt->u.md5.len != OSPF_AUTH_CRYPT_SIZE)
148
      {
149
        OSPF_TRACE(D_PACKETS, "OSPF_auth: wrong size of md5 digest");
150
        return 0;
151
      }
152
      if (ntohs(pkt->length) + OSPF_AUTH_CRYPT_SIZE != size)
153
      {
154
        OSPF_TRACE(D_PACKETS, "OSPF_auth: size mismatch (%d vs %d)",
155
          ntohs(pkt->length) + OSPF_AUTH_CRYPT_SIZE, size);
156
        return 0;
157
      }
158

    
159
      if (pkt->u.md5.zero)
160
      {
161
        OSPF_TRACE(D_PACKETS, "OSPF_auth: \"zero\" area is non-zero");
162
        return 0;
163
      }
164

    
165
      tail = ((void *)pkt) + ntohs(pkt->length);
166

    
167
      WALK_LIST(ptmp, *(ifa->passwords))
168
      {
169
        if (pkt->u.md5.keyid != ptmp->id) continue;
170
        if ((ptmp->accfrom > now_real) || (ptmp->accto < now_real)) continue;
171
        pass = ptmp;
172
        break;
173
      }
174

    
175
      if(!pass)
176
      {
177
        OSPF_TRACE(D_PACKETS, "OSPF_auth: no suitable md5 password found");
178
        return 0;
179
      }
180

    
181
      if(n)
182
      {
183
        if(ntohs(pkt->u.md5.csn) < n->csn)
184
        {
185
          OSPF_TRACE(D_PACKETS, "OSPF_auth: lower sequence number");
186
          return 0;
187
        }
188
        n->csn = ntohs(pkt->u.md5.csn);
189
      }
190

    
191
      MD5Init(&ctxt);
192
      MD5Update(&ctxt, (char *) pkt, ntohs(pkt->length));
193
      password_cpy(password, pass->password, OSPF_AUTH_CRYPT_SIZE);
194
      MD5Update(&ctxt, password, OSPF_AUTH_CRYPT_SIZE);
195
      MD5Final(md5sum, &ctxt);
196
      if (memcmp(md5sum, tail, OSPF_AUTH_CRYPT_SIZE))
197
      {
198
        OSPF_TRACE(D_PACKETS, "OSPF_auth: wrong md5 digest");
199
        return 0;
200
      }
201
      return 1;
202
      break;
203
    default:
204
      OSPF_TRACE(D_PACKETS, "OSPF_auth: unknown auth type");
205
      return 0;
206
  }
207
}
208

    
209
/**
210
 * ospf_rx_hook
211
 * @sk: socket we received the packet. Its ignored.
212
 * @size: size of the packet
213
 *
214
 * This is the entry point for messages from neighbors. Many checks (like
215
 * authentication, checksums, size) are done before the packet is passed to
216
 * non generic functions.
217
 */
218
int
219
ospf_rx_hook(sock * sk, int size)
220
{
221
  struct ospf_packet *ps;
222
  struct ospf_iface *ifa = (struct ospf_iface *) (sk->data);
223
  struct proto_ospf *po = ifa->oa->po;
224
  struct proto *p = &po->proto;
225
  struct ospf_neighbor *n;
226
  int osize;
227
  char *mesg = "Bad OSPF packet from ";
228
  struct ospf_iface *iff;
229

    
230
  if (ifa->stub)
231
    return (1);
232

    
233
  ps = (struct ospf_packet *) ipv4_skip_header(sk->rbuf, &size);
234

    
235
  if ((ifa->oa->areaid != 0) && (ntohl(ps->areaid) == 0))
236
  {
237
    WALK_LIST(iff, po->iface_list)
238
    {
239
      if ((iff->type == OSPF_IT_VLINK) && (iff->iface == ifa->iface) &&
240
          (iff->voa = ifa->oa) && ipa_equal(sk->faddr, iff->vip))
241
      {
242
        return 1;       /* Packet is for VLINK */
243
      }
244
    }
245
  }
246

    
247
  DBG("%s: RX_Hook called on interface %s.\n", p->name, sk->iface->name);
248

    
249
  osize = ntohs(ps->length);
250
  if (ps == NULL)
251
  {
252
    log(L_ERR "%s%I - bad IP header", mesg, sk->faddr);
253
    return 1;
254
  }
255

    
256
  if ((unsigned) size < sizeof(struct ospf_packet))
257
  {
258
    log(L_ERR "%s%I - too short (%u bytes)", mesg, sk->faddr, size);
259
    return 1;
260
  }
261

    
262
  if ((osize > size) || (osize != (4 * (osize / 4))))
263
  {
264
    log(L_ERR "%s%I - size field does not match (%d/%d)", mesg, sk->faddr, ntohs(ps->length), size );
265
    return 1;
266
  }
267

    
268
  if (ps->version != OSPF_VERSION)
269
  {
270
    log(L_ERR "%s%I - version %u", mesg, sk->faddr, ps->version);
271
    return 1;
272
  }
273

    
274
  if ((ps->autype != htons(OSPF_AUTH_CRYPT)) &&
275
      (!ipsum_verify(ps, 16, (void *) ps + sizeof(struct ospf_packet),
276
                    ntohs(ps->length) - sizeof(struct ospf_packet), NULL)))
277
  {
278
    log(L_ERR "%s%I - bad checksum", mesg, sk->faddr);
279
    return 1;
280
  }
281

    
282
  if (ntohl(ps->areaid) != ifa->oa->areaid)
283
  {
284
    log(L_ERR "%s%I - different area %ld", mesg, sk->faddr, ntohl(ps->areaid));
285
    return 1;
286
  }
287

    
288
  if (ntohl(ps->routerid) == p->cf->global->router_id)
289
  {
290
    log(L_ERR "%s%I - received my own router ID!", mesg, sk->faddr);
291
    return 1;
292
  }
293

    
294
  if (ntohl(ps->routerid) == 0)
295
  {
296
    log(L_ERR "%s%I - router id = 0.0.0.0", mesg, sk->faddr);
297
    return 1;
298
  }
299

    
300
  if (((unsigned) size > sk->rbsize) || (ntohs(ps->length) > sk->rbsize))
301
  {
302
    log(L_ERR "%s%I - packet is too large (%d-%d vs %d)",
303
      mesg, sk->faddr, size, ntohs(ps->length), sk->rbsize);
304
    return 1;
305
  }
306

    
307
  n = find_neigh(ifa, ntohl(((struct ospf_packet *) ps)->routerid));
308

    
309
  if(!n && (ps->type != HELLO_P))
310
  {
311
    OSPF_TRACE(D_PACKETS, "Received non-hello packet from uknown neighbor (%I)", sk->faddr);
312
    return 1;
313
  }
314

    
315
  if (!ospf_pkt_checkauth(n, ifa, ps, size))
316
  {
317
    log(L_ERR "%s%I - authentification failed", mesg, sk->faddr);
318
    return 1;
319
  }
320

    
321
  /* Dump packet 
322
     pu8=(u8 *)(sk->rbuf+5*4);
323
     for(i=0;i<ntohs(ps->length);i+=4)
324
     DBG("%s: received %u,%u,%u,%u\n",p->name, pu8[i+0], pu8[i+1], pu8[i+2],
325
     pu8[i+3]);
326
     DBG("%s: received size: %u\n",p->name,size);
327
   */
328

    
329
  switch (ps->type)
330
  {
331
  case HELLO_P:
332
    DBG("%s: Hello received.\n", p->name);
333
    ospf_hello_receive((struct ospf_hello_packet *) ps, ifa, n, sk->faddr);
334
    break;
335
  case DBDES_P:
336
    DBG("%s: Database description received.\n", p->name);
337
    ospf_dbdes_receive((struct ospf_dbdes_packet *) ps, ifa, n);
338
    break;
339
  case LSREQ_P:
340
    DBG("%s: Link state request received.\n", p->name);
341
    ospf_lsreq_receive((struct ospf_lsreq_packet *) ps, ifa, n);
342
    break;
343
  case LSUPD_P:
344
    DBG("%s: Link state update received.\n", p->name);
345
    ospf_lsupd_receive((struct ospf_lsupd_packet *) ps, ifa, n);
346
    break;
347
  case LSACK_P:
348
    DBG("%s: Link state ack received.\n", p->name);
349
    ospf_lsack_receive((struct ospf_lsack_packet *) ps, ifa, n);
350
    break;
351
  default:
352
    log(L_ERR "%s%I - wrong type %u", mesg, sk->faddr, ps->type);
353
    return 1;
354
  };
355
  return 1;
356
}
357

    
358
void
359
ospf_tx_hook(sock * sk)
360
{
361
  struct ospf_iface *ifa= (struct ospf_iface *) (sk->data);
362
  struct proto *p = (struct proto *) (ifa->oa->po);
363
  log(L_ERR "%s: TX_Hook called on interface %s\n", p->name, sk->iface->name);
364
}
365

    
366
void
367
ospf_err_hook(sock * sk, int err)
368
{
369
  struct ospf_iface *ifa= (struct ospf_iface *) (sk->data);
370
  struct proto *p = (struct proto *) (ifa->oa->po);
371
  log(L_ERR "%s: Err_Hook called on interface %s with err=%d\n",
372
    p->name, sk->iface->name, err);
373
}
374

    
375
void
376
ospf_send_to_agt(sock * sk, struct ospf_iface *ifa, u8 state)
377
{
378
  struct ospf_neighbor *n;
379

    
380
  WALK_LIST(n, ifa->neigh_list) if (n->state >= state)
381
    ospf_send_to(sk, n->ip, ifa);
382
}
383

    
384
void
385
ospf_send_to_bdr(sock * sk, struct ospf_iface *ifa)
386
{
387
  if (!ipa_equal(ifa->drip, IPA_NONE))
388
    ospf_send_to(sk, ifa->drip, ifa);
389
  if (!ipa_equal(ifa->bdrip, IPA_NONE))
390
    ospf_send_to(sk, ifa->bdrip, ifa);
391
}
392

    
393
void
394
ospf_send_to(sock *sk, ip_addr ip, struct ospf_iface *ifa)
395
{
396
  struct ospf_packet *pkt = (struct ospf_packet *) sk->tbuf;
397
  int len = ntohs(pkt->length) + ((ifa->autype == OSPF_AUTH_CRYPT) ? OSPF_AUTH_CRYPT_SIZE : 0);
398
  ospf_pkt_finalize(ifa, pkt);
399

    
400
  if (ipa_equal(ip, IPA_NONE))
401
    sk_send(sk, len);
402
  else
403
    sk_send_to(sk, len, ip, OSPF_PROTO);
404
}
405