Statistics
| Branch: | Revision:

iof-bird-daemon / proto / ospf / packet.c @ fe9f1a6d

History | View | Annotate | Download (12.7 KB)

1
/*
2
 *        BIRD -- OSPF
3
 *
4
 *        (c) 1999--2005 Ondrej Filip <feela@network.cz>
5
 *        (c) 2009--2014 Ondrej Zajicek <santiago@crfreenet.org>
6
 *        (c) 2009--2014 CZ.NIC z.s.p.o.
7
 *
8
 *        Can be freely distributed and used under the terms of the GNU GPL.
9
 */
10

    
11
#include "ospf.h"
12
#include "nest/password.h"
13
#include "lib/md5.h"
14

    
15
void
16
ospf_pkt_fill_hdr(struct ospf_iface *ifa, void *buf, u8 h_type)
17
{
18
  struct ospf_proto *p = ifa->oa->po;
19
  struct ospf_packet *pkt;
20

    
21
  pkt = (struct ospf_packet *) buf;
22

    
23
  pkt->version = ospf_get_version(p);
24
  pkt->type = h_type;
25
  pkt->length = htons(ospf_pkt_maxsize(p, ifa));
26
  pkt->routerid = htonl(p->router_id);
27
  pkt->areaid = htonl(ifa->oa->areaid);
28
  pkt->checksum = 0;
29
  pkt->instance_id = ifa->instance_id;
30
  pkt->autype = ifa->autype;
31
}
32

    
33
uint
34
ospf_pkt_maxsize(struct ospf_proto *p, struct ospf_iface *ifa)
35
{
36
  uint headers = ospf_is_v2(p) ? IP4_HEADER_LENGTH : IP6_HEADER_LENGTH;
37

    
38
  /* Relevant just for OSPFv2 */
39
  if (ifa->autype == OSPF_AUTH_CRYPT)
40
    headers += OSPF_AUTH_CRYPT_SIZE;
41

    
42
  return ifa->tx_length - headers;
43
}
44

    
45
/* We assume OSPFv2 in ospf_pkt_finalize() */
46
static void
47
ospf_pkt_finalize(struct ospf_iface *ifa, struct ospf_packet *pkt)
48
{
49
  struct password_item *passwd = NULL;
50
  union ospf_auth *auth = (void *) (pkt + 1);
51
  uint plen = ntohs(pkt->length);
52

    
53
  pkt->checksum = 0;
54
  pkt->autype = ifa->autype;
55
  bzero(auth, sizeof(union ospf_auth));
56

    
57
  /* Compatibility note: auth may contain anything if autype is
58
     none, but nonzero values do not work with Mikrotik OSPF */
59

    
60
  switch (ifa->autype)
61
  {
62
  case OSPF_AUTH_SIMPLE:
63
    passwd = password_find(ifa->passwords, 1);
64
    if (!passwd)
65
    {
66
      log(L_ERR "No suitable password found for authentication");
67
      return;
68
    }
69
    strncpy(auth->password, passwd->password, sizeof(auth->password));
70

    
71
  case OSPF_AUTH_NONE:
72
    {
73
      void *body = (void *) (auth + 1);
74
      uint blen = plen - sizeof(struct ospf_packet) - sizeof(union ospf_auth);
75
      pkt->checksum = ipsum_calculate(pkt, sizeof(struct ospf_packet), body, blen, NULL);
76
    }
77
    break;
78

    
79
  case OSPF_AUTH_CRYPT:
80
    passwd = password_find(ifa->passwords, 0);
81
    if (!passwd)
82
    {
83
      log(L_ERR "No suitable password found for authentication");
84
      return;
85
    }
86

    
87
    /* Perhaps use random value to prevent replay attacks after
88
       reboot when system does not have independent RTC? */
89
    if (!ifa->csn)
90
    {
91
      ifa->csn = (u32) now;
92
      ifa->csn_use = now;
93
    }
94

    
95
    /* We must have sufficient delay between sending a packet and increasing
96
       CSN to prevent reordering of packets (in a network) with different CSNs */
97
    if ((now - ifa->csn_use) > 1)
98
      ifa->csn++;
99

    
100
    ifa->csn_use = now;
101

    
102
    auth->md5.zero = 0;
103
    auth->md5.keyid = passwd->id;
104
    auth->md5.len = OSPF_AUTH_CRYPT_SIZE;
105
    auth->md5.csn = htonl(ifa->csn);
106

    
107
    void *tail = ((void *) pkt) + plen;
108
    char password[OSPF_AUTH_CRYPT_SIZE];
109
    strncpy(password, passwd->password, sizeof(password));
110

    
111
    struct MD5Context ctxt;
112
    MD5Init(&ctxt);
113
    MD5Update(&ctxt, (char *) pkt, plen);
114
    MD5Update(&ctxt, password, OSPF_AUTH_CRYPT_SIZE);
115
    MD5Final(tail, &ctxt);
116
    break;
117

    
118
  default:
119
    bug("Unknown authentication type");
120
  }
121
}
122

    
123

    
124
/* We assume OSPFv2 in ospf_pkt_checkauth() */
125
static int
126
ospf_pkt_checkauth(struct ospf_neighbor *n, struct ospf_iface *ifa, struct ospf_packet *pkt, int len)
127
{
128
  struct ospf_proto *p = ifa->oa->po;
129
  union ospf_auth *auth = (void *) (pkt + 1);
130
  struct password_item *pass = NULL;
131
  const char *err_dsc = NULL;
132
  uint err_val = 0;
133

    
134
  uint plen = ntohs(pkt->length);
135
  u8 autype = pkt->autype;
136

    
137
  if (autype != ifa->autype)
138
    DROP("authentication method mismatch", autype);
139

    
140
  switch (autype)
141
  {
142
  case OSPF_AUTH_NONE:
143
    return 1;
144

    
145
  case OSPF_AUTH_SIMPLE:
146
    pass = password_find(ifa->passwords, 1);
147
    if (!pass)
148
      DROP1("no password found");
149

    
150
    if (!password_verify(pass, auth->password, sizeof(auth->password)))
151
      DROP("wrong password", pass->id);
152

    
153
    return 1;
154

    
155
  case OSPF_AUTH_CRYPT:
156
    if (auth->md5.len != OSPF_AUTH_CRYPT_SIZE)
157
      DROP("invalid MD5 digest length", auth->md5.len);
158

    
159
    if (plen + OSPF_AUTH_CRYPT_SIZE > len)
160
      DROP("length mismatch", len);
161

    
162
    u32 rcv_csn = ntohl(auth->md5.csn);
163
    if (n && (rcv_csn < n->csn))
164
      // DROP("lower sequence number", rcv_csn);
165
    {
166
      /* We want to report both new and old CSN */
167
      LOG_PKT_AUTH("Authentication failed for nbr %R on %s - "
168
                   "lower sequence number (rcv %u, old %u)",
169
                   n->rid, ifa->ifname, rcv_csn, n->csn);
170
      return 0;
171
    }
172

    
173
    pass = password_find_by_id(ifa->passwords, auth->md5.keyid);
174
    if (!pass)
175
      DROP("no suitable password found", auth->md5.keyid);
176

    
177
    void *tail = ((void *) pkt) + plen;
178
    char passwd[OSPF_AUTH_CRYPT_SIZE];
179
    char md5sum[OSPF_AUTH_CRYPT_SIZE];
180

    
181
    strncpy(passwd, pass->password, OSPF_AUTH_CRYPT_SIZE);
182

    
183
    struct MD5Context ctxt;
184
    MD5Init(&ctxt);
185
    MD5Update(&ctxt, (char *) pkt, plen);
186
    MD5Update(&ctxt, passwd, OSPF_AUTH_CRYPT_SIZE);
187
    MD5Final(md5sum, &ctxt);
188

    
189
    if (memcmp(md5sum, tail, OSPF_AUTH_CRYPT_SIZE))
190
      DROP("wrong MD5 digest", pass->id);
191

    
192
    if (n)
193
      n->csn = rcv_csn;
194

    
195
    return 1;
196

    
197
  default:
198
    bug("Unknown authentication type");
199
  }
200

    
201
drop:
202
  LOG_PKT_AUTH("Authentication failed for nbr %R on %s - %s (%u)",
203
               (n ? n->rid : ntohl(pkt->routerid)), ifa->ifname, err_dsc, err_val);
204

    
205
  return 0;
206
}
207

    
208
/**
209
 * ospf_rx_hook
210
 * @sk: socket we received the packet.
211
 * @size: size of the packet
212
 *
213
 * This is the entry point for messages from neighbors. Many checks (like
214
 * authentication, checksums, size) are done before the packet is passed to
215
 * non generic functions.
216
 */
217
int
218
ospf_rx_hook(sock *sk, int len)
219
{
220
  /* We want just packets from sk->iface. Unfortunately, on BSD we cannot filter
221
     out other packets at kernel level and we receive all packets on all sockets */
222
  if (sk->lifindex != sk->iface->index)
223
    return 1;
224

    
225
  DBG("OSPF: RX hook called (iface %s, src %I, dst %I)\n",
226
      sk->iface->name, sk->faddr, sk->laddr);
227

    
228
  /* Initially, the packet is associated with the 'master' iface */
229
  struct ospf_iface *ifa = sk->data;
230
  struct ospf_proto *p = ifa->oa->po;
231
  const char *err_dsc = NULL;
232
  uint err_val = 0;
233

    
234
  /* Should not happen */
235
  if (ifa->state <= OSPF_IS_LOOP)
236
    return 1;
237

    
238
  int src_local, dst_local, dst_mcast;
239
  src_local = ipa_in_net(sk->faddr, ifa->addr->prefix, ifa->addr->pxlen);
240
  dst_local = ipa_equal(sk->laddr, ifa->addr->ip);
241
  dst_mcast = ipa_equal(sk->laddr, ifa->all_routers) || ipa_equal(sk->laddr, ifa->des_routers);
242

    
243
  if (ospf_is_v2(p))
244
  {
245
    /* First, we eliminate packets with strange address combinations.
246
     * In OSPFv2, they might be for other ospf_ifaces (with different IP
247
     * prefix) on the same real iface, so we don't log it. We enforce
248
     * that (src_local || dst_local), therefore we are eliminating all
249
     * such cases.
250
     */
251
    if (dst_mcast && !src_local)
252
      return 1;
253
    if (!dst_mcast && !dst_local)
254
      return 1;
255

    
256
    /* Ignore my own broadcast packets */
257
    if (ifa->cf->real_bcast && ipa_equal(sk->faddr, ifa->addr->ip))
258
      return 1;
259
  }
260
  else
261
  {
262
    /* In OSPFv3, src_local and dst_local mean link-local.
263
     * RFC 5340 says that local (non-vlink) packets use
264
     * link-local src address, but does not enforce it. Strange.
265
     */
266
    if (dst_mcast && !src_local)
267
      LOG_PKT_WARN("Multicast packet received from non-link-local %I via %s",
268
                   sk->faddr, ifa->ifname);
269
  }
270

    
271
  /* Second, we check packet length, checksum, and the protocol version */
272
  struct ospf_packet *pkt = (void *) sk_rx_buffer(sk, &len);
273

    
274

    
275
  if (pkt == NULL)
276
    DROP("bad IP header", len);
277

    
278
  if (ifa->check_ttl && (sk->rcv_ttl < 255))
279
    DROP("wrong TTL", sk->rcv_ttl);
280

    
281
  if (len < sizeof(struct ospf_packet))
282
    DROP("too short", len);
283

    
284
  if (pkt->version != ospf_get_version(p))
285
    DROP("version mismatch", pkt->version);
286

    
287
  uint plen = ntohs(pkt->length);
288
  if ((plen < sizeof(struct ospf_packet)) || ((plen % 4) != 0))
289
    DROP("invalid length", plen);
290

    
291
  if (sk->flags & SKF_TRUNCATED)
292
  {
293
    /* If we have dynamic buffers and received truncated message, we expand RX buffer */
294

    
295
    uint bs = plen + 256;
296
    bs = BIRD_ALIGN(bs, 1024);
297

    
298
    if (!ifa->cf->rx_buffer && (bs > sk->rbsize))
299
      sk_set_rbsize(sk, bs);
300

    
301
    DROP("truncated", plen);
302
  }
303

    
304
  if (plen > len)
305
    DROP("length mismatch", plen);
306

    
307
  if (ospf_is_v2(p) && (pkt->autype != OSPF_AUTH_CRYPT))
308
  {
309
    uint hlen = sizeof(struct ospf_packet) + sizeof(union ospf_auth);
310
    uint blen = plen - hlen;
311
    void *body = ((void *) pkt) + hlen;
312

    
313
    if (!ipsum_verify(pkt, sizeof(struct ospf_packet), body, blen, NULL))
314
      DROP1("invalid checksum");
315
  }
316

    
317
  /* Third, we resolve associated iface and handle vlinks. */
318

    
319
  u32 areaid = ntohl(pkt->areaid);
320
  u32 rid = ntohl(pkt->routerid);
321
  u8 instance_id = pkt->instance_id;
322

    
323
  if (areaid == ifa->oa->areaid)
324
  {
325
    /* Matching area ID */
326

    
327
    if (instance_id != ifa->instance_id)
328
      return 1;
329

    
330
    /* It is real iface, source should be local (in OSPFv2) */
331
    if (ospf_is_v2(p) && !src_local)
332
      DROP1("strange source address");
333

    
334
    goto found;
335
  }
336
  else if ((areaid == 0) && !dst_mcast)
337
  {
338
    /* Backbone area ID and possible vlink packet */
339

    
340
    if ((p->areano == 1) || !oa_is_ext(ifa->oa))
341
      return 1;
342

    
343
    struct ospf_iface *iff = NULL;
344
    WALK_LIST(iff, p->iface_list)
345
    {
346
      if ((iff->type == OSPF_IT_VLINK) &&
347
          (iff->voa == ifa->oa) &&
348
          (iff->instance_id == instance_id) &&
349
          (iff->vid == rid))
350
      {
351
        /* Vlink should be UP */
352
        if (iff->state != OSPF_IS_PTP)
353
          return 1;
354

    
355
        ifa = iff;
356
        goto found;
357
      }
358
    }
359

    
360
    /*
361
     * Cannot find matching vlink. It is either misconfigured vlink; NBMA or
362
     * PtMP with misconfigured area ID, or packet for some other instance (that
363
     * is possible even if instance_id == ifa->instance_id, because it may be
364
     * also vlink packet in the other instance, which is different namespace).
365
     */
366

    
367
    return 1;
368
  }
369
  else
370
  {
371
    /* Non-matching area ID but cannot be vlink packet */
372

    
373
    if (instance_id != ifa->instance_id)
374
      return 1;
375

    
376
    DROP("area mismatch", areaid);
377
  }
378

    
379

    
380
found:
381
  if (ifa->stub)            /* This shouldn't happen */
382
    return 1;
383

    
384
  if (ipa_equal(sk->laddr, ifa->des_routers) && (ifa->sk_dr == 0))
385
    return 1;
386

    
387
  if (rid == p->router_id)
388
    DROP1("my own router ID");
389

    
390
  if (rid == 0)
391
    DROP1("zero router ID");
392

    
393
  /* In OSPFv2, neighbors are identified by either IP or Router ID, based on network type */
394
  uint t = ifa->type;
395
  struct ospf_neighbor *n;
396
  if (ospf_is_v2(p) && ((t == OSPF_IT_BCAST) || (t == OSPF_IT_NBMA) || (t == OSPF_IT_PTMP)))
397
    n = find_neigh_by_ip(ifa, sk->faddr);
398
  else
399
    n = find_neigh(ifa, rid);
400

    
401
  if (!n && (pkt->type != HELLO_P))
402
  {
403
    OSPF_TRACE(D_PACKETS, "Non-HELLO packet received from unknown nbr %R on %s, src %I",
404
               rid, ifa->ifname, sk->faddr);
405
    return 1;
406
  }
407

    
408
  /* ospf_pkt_checkauth() has its own error logging */
409
  if (ospf_is_v2(p) && !ospf_pkt_checkauth(n, ifa, pkt, len))
410
    return 1;
411

    
412
  switch (pkt->type)
413
  {
414
  case HELLO_P:
415
    ospf_receive_hello(pkt, ifa, n, sk->faddr);
416
    break;
417

    
418
  case DBDES_P:
419
    ospf_receive_dbdes(pkt, ifa, n);
420
    break;
421

    
422
  case LSREQ_P:
423
    ospf_receive_lsreq(pkt, ifa, n);
424
    break;
425

    
426
  case LSUPD_P:
427
    ospf_receive_lsupd(pkt, ifa, n);
428
    break;
429

    
430
  case LSACK_P:
431
    ospf_receive_lsack(pkt, ifa, n);
432
    break;
433

    
434
  default:
435
    DROP("invalid packet type", pkt->type);
436
  };
437
  return 1;
438

    
439
drop:
440
  LOG_PKT("Bad packet from %I via %s - %s (%u)",
441
          sk->faddr, ifa->ifname, err_dsc, err_val);
442

    
443
  return 1;
444
}
445

    
446
/*
447
void
448
ospf_tx_hook(sock * sk)
449
{
450
  struct ospf_iface *ifa= (struct ospf_iface *) (sk->data);
451
//  struct proto *p = (struct proto *) (ifa->oa->p);
452
  log(L_ERR "OSPF: TX hook called on %s", ifa->ifname);
453
}
454
*/
455

    
456
void
457
ospf_err_hook(sock * sk, int err)
458
{
459
  struct ospf_iface *ifa= (struct ospf_iface *) (sk->data);
460
  struct ospf_proto *p = ifa->oa->po;
461
  log(L_ERR "%s: Socket error on %s: %M", p->p.name, ifa->ifname, err);
462
}
463

    
464
void
465
ospf_verr_hook(sock *sk, int err)
466
{
467
  struct ospf_proto *p = (struct ospf_proto *) (sk->data);
468
  log(L_ERR "%s: Vlink socket error: %M", p->p.name, err);
469
}
470

    
471
void
472
ospf_send_to(struct ospf_iface *ifa, ip_addr dst)
473
{
474
  sock *sk = ifa->sk;
475
  struct ospf_packet *pkt = (struct ospf_packet *) sk->tbuf;
476
  int plen = ntohs(pkt->length);
477

    
478
  if (ospf_is_v2(ifa->oa->po))
479
  {
480
    if (ifa->autype == OSPF_AUTH_CRYPT)
481
      plen += OSPF_AUTH_CRYPT_SIZE;
482

    
483
    ospf_pkt_finalize(ifa, pkt);
484
  }
485

    
486
  int done = sk_send_to(sk, plen, dst, 0);
487
  if (!done)
488
    log(L_WARN "OSPF: TX queue full on %s", ifa->ifname);
489
}
490

    
491
void
492
ospf_send_to_agt(struct ospf_iface *ifa, u8 state)
493
{
494
  struct ospf_neighbor *n;
495

    
496
  WALK_LIST(n, ifa->neigh_list)
497
    if (n->state >= state)
498
      ospf_send_to(ifa, n->ip);
499
}
500

    
501
void
502
ospf_send_to_bdr(struct ospf_iface *ifa)
503
{
504
  if (ipa_nonzero(ifa->drip))
505
    ospf_send_to(ifa, ifa->drip);
506
  if (ipa_nonzero(ifa->bdrip))
507
    ospf_send_to(ifa, ifa->bdrip);
508
}