matthieu/frr
1
0
Fork 0
forked from Mirror/frr
Code Pull requests Activity
frr/ospf6d/ospf6_auth_trailer.h

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

81 lines
2.9 KiB
C
Raw Normal View History

*: auto-convert to SPDX License IDs Done with a combination of regex'ing and banging my head against a wall. Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
2023-02-08 13:17:09 +01:00
// SPDX-License-Identifier: GPL-2.0-or-later
ospf6d: Core functionality of auth trailer implementation.. Problem Statement: ================== Implement RFC 7166 support for OSPF6 in FRR code. RCA: ==== This feature is newly supported in FRR. Fix: ==== Changes are done to implement ospf6 ingress and egress packet processing. This commit has the core functionality. It supports below debugability commands: --------------------------------------- debug ospf6 authentication [<tx|rx>] It supports below clear command: -------------------------------- clear ipv6 ospf6 auth-counters interface [IFNAME] It supports below show commands: -------------------------------- frr# show ipv6 ospf6 interface ens192 ens192 is up, type BROADCAST Interface ID: 5 Number of I/F scoped LSAs is 2 0 Pending LSAs for LSUpdate in Time 00:00:00 [thread off] 0 Pending LSAs for LSAck in Time 00:00:00 [thread off] Authentication trailer is enabled with manual key ==> new info added Packet drop Tx 0, Packet drop Rx 0 ==> drop counters frr# show ipv6 ospf6 neighbor 2.2.2.2 detail Neighbor 2.2.2.2%ens192 Area 1 via interface ens192 (ifindex 3) 0 Pending LSAs for LSUpdate in Time 00:00:00 [thread off] 0 Pending LSAs for LSAck in Time 00:00:00 [thread off] Authentication header present ==> new info added hello DBDesc LSReq LSUpd LSAck Higher sequence no 0x0 0x0 0x0 0x0 0x0 Lower sequence no 0x242E 0x1DC4 0x1DC3 0x23CC 0x1DDA frr# show ipv6 ospf6 OSPFv3 Routing Process (0) with Router-ID 2.2.2.2 Number of areas in this router is 1 Authentication Sequence number info ==> new info added Higher sequence no 3, Lower sequence no 1656 Risk: ===== Low risk Tests Executed: =============== Have executed the combination of commands. Signed-off-by: Abhinay Ramesh <rabhinay@vmware.com>
2021-05-30 18:27:13 +02:00
/*
* Copyright (C) 2021 Abhinay Ramesh
*/
#ifndef __OSPF6_AUTH_TRAILER_H__
#define __OSPF6_AUTH_TRAILER_H__
#include "lib/keychain.h"
#include "ospf6_message.h"
#define OSPF6_AUTH_HDR_MIN_SIZE 16
#define OSPF6_AUTH_HDR_FULL KEYCHAIN_MAX_HASH_SIZE + OSPF6_AUTH_HDR_MIN_SIZE
ospf6d: Stitching the auth trailer code with rest of ospf6. Problem Statement: ================== RFC 7166 support for OSPF6 in FRR code. RCA: ==== This feature is newly supported in FRR Fix: ==== Core functionality implemented in previous commit is stitched with rest of ospf6 code as part of this commit. Risk: ===== Low risk Tests Executed: =============== Have executed the combination of commands. Signed-off-by: Abhinay Ramesh <rabhinay@vmware.com>
2021-05-30 18:33:41 +02:00
#define OSPF6_AUTHENTICATION_NULL 0
#define OSPF6_AUTHENTICATION_CRYPTOGRAPHIC 1
ospf6d: Core functionality of auth trailer implementation.. Problem Statement: ================== Implement RFC 7166 support for OSPF6 in FRR code. RCA: ==== This feature is newly supported in FRR. Fix: ==== Changes are done to implement ospf6 ingress and egress packet processing. This commit has the core functionality. It supports below debugability commands: --------------------------------------- debug ospf6 authentication [<tx|rx>] It supports below clear command: -------------------------------- clear ipv6 ospf6 auth-counters interface [IFNAME] It supports below show commands: -------------------------------- frr# show ipv6 ospf6 interface ens192 ens192 is up, type BROADCAST Interface ID: 5 Number of I/F scoped LSAs is 2 0 Pending LSAs for LSUpdate in Time 00:00:00 [thread off] 0 Pending LSAs for LSAck in Time 00:00:00 [thread off] Authentication trailer is enabled with manual key ==> new info added Packet drop Tx 0, Packet drop Rx 0 ==> drop counters frr# show ipv6 ospf6 neighbor 2.2.2.2 detail Neighbor 2.2.2.2%ens192 Area 1 via interface ens192 (ifindex 3) 0 Pending LSAs for LSUpdate in Time 00:00:00 [thread off] 0 Pending LSAs for LSAck in Time 00:00:00 [thread off] Authentication header present ==> new info added hello DBDesc LSReq LSUpd LSAck Higher sequence no 0x0 0x0 0x0 0x0 0x0 Lower sequence no 0x242E 0x1DC4 0x1DC3 0x23CC 0x1DDA frr# show ipv6 ospf6 OSPFv3 Routing Process (0) with Router-ID 2.2.2.2 Number of areas in this router is 1 Authentication Sequence number info ==> new info added Higher sequence no 3, Lower sequence no 1656 Risk: ===== Low risk Tests Executed: =============== Have executed the combination of commands. Signed-off-by: Abhinay Ramesh <rabhinay@vmware.com>
2021-05-30 18:27:13 +02:00
ospf6d: introduce OSPFv3 Cryptographic Protocol ID constant Create a constant OSPFV3_CRYPTO_PROTO_ID to replace the hard-coded Cryptographic Protocol ID in the OSPFv3 authentication trailer code. This enhances code clarity and maintainability. Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
2023-08-12 01:33:19 +02:00
#define OSPFV3_CRYPTO_PROTO_ID 1
ospf6d: Core functionality of auth trailer implementation.. Problem Statement: ================== Implement RFC 7166 support for OSPF6 in FRR code. RCA: ==== This feature is newly supported in FRR. Fix: ==== Changes are done to implement ospf6 ingress and egress packet processing. This commit has the core functionality. It supports below debugability commands: --------------------------------------- debug ospf6 authentication [<tx|rx>] It supports below clear command: -------------------------------- clear ipv6 ospf6 auth-counters interface [IFNAME] It supports below show commands: -------------------------------- frr# show ipv6 ospf6 interface ens192 ens192 is up, type BROADCAST Interface ID: 5 Number of I/F scoped LSAs is 2 0 Pending LSAs for LSUpdate in Time 00:00:00 [thread off] 0 Pending LSAs for LSAck in Time 00:00:00 [thread off] Authentication trailer is enabled with manual key ==> new info added Packet drop Tx 0, Packet drop Rx 0 ==> drop counters frr# show ipv6 ospf6 neighbor 2.2.2.2 detail Neighbor 2.2.2.2%ens192 Area 1 via interface ens192 (ifindex 3) 0 Pending LSAs for LSUpdate in Time 00:00:00 [thread off] 0 Pending LSAs for LSAck in Time 00:00:00 [thread off] Authentication header present ==> new info added hello DBDesc LSReq LSUpd LSAck Higher sequence no 0x0 0x0 0x0 0x0 0x0 Lower sequence no 0x242E 0x1DC4 0x1DC3 0x23CC 0x1DDA frr# show ipv6 ospf6 OSPFv3 Routing Process (0) with Router-ID 2.2.2.2 Number of areas in this router is 1 Authentication Sequence number info ==> new info added Higher sequence no 3, Lower sequence no 1656 Risk: ===== Low risk Tests Executed: =============== Have executed the combination of commands. Signed-off-by: Abhinay Ramesh <rabhinay@vmware.com>
2021-05-30 18:27:13 +02:00
/* Auth debug options */
extern unsigned char conf_debug_ospf6_auth[2];
ospf6d: Stitching the auth trailer code with rest of ospf6. Problem Statement: ================== RFC 7166 support for OSPF6 in FRR code. RCA: ==== This feature is newly supported in FRR Fix: ==== Core functionality implemented in previous commit is stitched with rest of ospf6 code as part of this commit. Risk: ===== Low risk Tests Executed: =============== Have executed the combination of commands. Signed-off-by: Abhinay Ramesh <rabhinay@vmware.com>
2021-05-30 18:33:41 +02:00
ospf6d: Core functionality of auth trailer implementation.. Problem Statement: ================== Implement RFC 7166 support for OSPF6 in FRR code. RCA: ==== This feature is newly supported in FRR. Fix: ==== Changes are done to implement ospf6 ingress and egress packet processing. This commit has the core functionality. It supports below debugability commands: --------------------------------------- debug ospf6 authentication [<tx|rx>] It supports below clear command: -------------------------------- clear ipv6 ospf6 auth-counters interface [IFNAME] It supports below show commands: -------------------------------- frr# show ipv6 ospf6 interface ens192 ens192 is up, type BROADCAST Interface ID: 5 Number of I/F scoped LSAs is 2 0 Pending LSAs for LSUpdate in Time 00:00:00 [thread off] 0 Pending LSAs for LSAck in Time 00:00:00 [thread off] Authentication trailer is enabled with manual key ==> new info added Packet drop Tx 0, Packet drop Rx 0 ==> drop counters frr# show ipv6 ospf6 neighbor 2.2.2.2 detail Neighbor 2.2.2.2%ens192 Area 1 via interface ens192 (ifindex 3) 0 Pending LSAs for LSUpdate in Time 00:00:00 [thread off] 0 Pending LSAs for LSAck in Time 00:00:00 [thread off] Authentication header present ==> new info added hello DBDesc LSReq LSUpd LSAck Higher sequence no 0x0 0x0 0x0 0x0 0x0 Lower sequence no 0x242E 0x1DC4 0x1DC3 0x23CC 0x1DDA frr# show ipv6 ospf6 OSPFv3 Routing Process (0) with Router-ID 2.2.2.2 Number of areas in this router is 1 Authentication Sequence number info ==> new info added Higher sequence no 3, Lower sequence no 1656 Risk: ===== Low risk Tests Executed: =============== Have executed the combination of commands. Signed-off-by: Abhinay Ramesh <rabhinay@vmware.com>
2021-05-30 18:27:13 +02:00
#define OSPF6_AUTH_TX 0
#define OSPF6_AUTH_RX 1
#define OSPF6_DEBUG_AUTH_TX_ON() (conf_debug_ospf6_auth[OSPF6_AUTH_TX] = 1)
#define OSPF6_DEBUG_AUTH_TX_OFF() (conf_debug_ospf6_auth[OSPF6_AUTH_TX] = 0)
#define OSPF6_DEBUG_AUTH_RX_ON() (conf_debug_ospf6_auth[OSPF6_AUTH_RX] = 1)
#define OSPF6_DEBUG_AUTH_RX_OFF() (conf_debug_ospf6_auth[OSPF6_AUTH_RX] = 0)
#define IS_OSPF6_DEBUG_AUTH_TX (conf_debug_ospf6_auth[OSPF6_AUTH_TX])
#define IS_OSPF6_DEBUG_AUTH_RX (conf_debug_ospf6_auth[OSPF6_AUTH_RX])
#define OSPF6_AUTH_TRAILER_KEYCHAIN (1 << 0)
#define OSPF6_AUTH_TRAILER_MANUAL_KEY (1 << 1)
#define OSPF6_AUTH_TRAILER_KEYCHAIN_VALID (1 << 2)
/* According to sesion 4.1 of RFC7166 defining the trailer struct */
struct ospf6_auth_hdr {
uint16_t type;
uint16_t length;
uint16_t reserved;
uint16_t id;
uint32_t seqnum_h;
uint32_t seqnum_l;
unsigned char data[KEYCHAIN_MAX_HASH_SIZE];
};
ospf6d: Stitching the auth trailer code with rest of ospf6. Problem Statement: ================== RFC 7166 support for OSPF6 in FRR code. RCA: ==== This feature is newly supported in FRR Fix: ==== Core functionality implemented in previous commit is stitched with rest of ospf6 code as part of this commit. Risk: ===== Low risk Tests Executed: =============== Have executed the combination of commands. Signed-off-by: Abhinay Ramesh <rabhinay@vmware.com>
2021-05-30 18:33:41 +02:00
enum ospf6_auth_err {
OSPF6_AUTH_VALIDATE_SUCCESS = 0,
OSPF6_AUTH_VALIDATE_FAILURE,
OSPF6_AUTH_PROCESS_NORMAL,
OSPF6_AUTH_FILE_EXIST,
OSPF6_AUTH_FILE_DO_NOT_EXIST
};
ospf6d: Core functionality of auth trailer implementation.. Problem Statement: ================== Implement RFC 7166 support for OSPF6 in FRR code. RCA: ==== This feature is newly supported in FRR. Fix: ==== Changes are done to implement ospf6 ingress and egress packet processing. This commit has the core functionality. It supports below debugability commands: --------------------------------------- debug ospf6 authentication [<tx|rx>] It supports below clear command: -------------------------------- clear ipv6 ospf6 auth-counters interface [IFNAME] It supports below show commands: -------------------------------- frr# show ipv6 ospf6 interface ens192 ens192 is up, type BROADCAST Interface ID: 5 Number of I/F scoped LSAs is 2 0 Pending LSAs for LSUpdate in Time 00:00:00 [thread off] 0 Pending LSAs for LSAck in Time 00:00:00 [thread off] Authentication trailer is enabled with manual key ==> new info added Packet drop Tx 0, Packet drop Rx 0 ==> drop counters frr# show ipv6 ospf6 neighbor 2.2.2.2 detail Neighbor 2.2.2.2%ens192 Area 1 via interface ens192 (ifindex 3) 0 Pending LSAs for LSUpdate in Time 00:00:00 [thread off] 0 Pending LSAs for LSAck in Time 00:00:00 [thread off] Authentication header present ==> new info added hello DBDesc LSReq LSUpd LSAck Higher sequence no 0x0 0x0 0x0 0x0 0x0 Lower sequence no 0x242E 0x1DC4 0x1DC3 0x23CC 0x1DDA frr# show ipv6 ospf6 OSPFv3 Routing Process (0) with Router-ID 2.2.2.2 Number of areas in this router is 1 Authentication Sequence number info ==> new info added Higher sequence no 3, Lower sequence no 1656 Risk: ===== Low risk Tests Executed: =============== Have executed the combination of commands. Signed-off-by: Abhinay Ramesh <rabhinay@vmware.com>
2021-05-30 18:27:13 +02:00
void ospf6_auth_hdr_dump_send(struct ospf6_header *ospfh, uint16_t length);
ospf6d: Stitching the auth trailer code with rest of ospf6. Problem Statement: ================== RFC 7166 support for OSPF6 in FRR code. RCA: ==== This feature is newly supported in FRR Fix: ==== Core functionality implemented in previous commit is stitched with rest of ospf6 code as part of this commit. Risk: ===== Low risk Tests Executed: =============== Have executed the combination of commands. Signed-off-by: Abhinay Ramesh <rabhinay@vmware.com>
2021-05-30 18:33:41 +02:00
void ospf6_auth_hdr_dump_recv(struct ospf6_header *ospfh, uint16_t length,
unsigned int lls_len);
ospf6d: Core functionality of auth trailer implementation.. Problem Statement: ================== Implement RFC 7166 support for OSPF6 in FRR code. RCA: ==== This feature is newly supported in FRR. Fix: ==== Changes are done to implement ospf6 ingress and egress packet processing. This commit has the core functionality. It supports below debugability commands: --------------------------------------- debug ospf6 authentication [<tx|rx>] It supports below clear command: -------------------------------- clear ipv6 ospf6 auth-counters interface [IFNAME] It supports below show commands: -------------------------------- frr# show ipv6 ospf6 interface ens192 ens192 is up, type BROADCAST Interface ID: 5 Number of I/F scoped LSAs is 2 0 Pending LSAs for LSUpdate in Time 00:00:00 [thread off] 0 Pending LSAs for LSAck in Time 00:00:00 [thread off] Authentication trailer is enabled with manual key ==> new info added Packet drop Tx 0, Packet drop Rx 0 ==> drop counters frr# show ipv6 ospf6 neighbor 2.2.2.2 detail Neighbor 2.2.2.2%ens192 Area 1 via interface ens192 (ifindex 3) 0 Pending LSAs for LSUpdate in Time 00:00:00 [thread off] 0 Pending LSAs for LSAck in Time 00:00:00 [thread off] Authentication header present ==> new info added hello DBDesc LSReq LSUpd LSAck Higher sequence no 0x0 0x0 0x0 0x0 0x0 Lower sequence no 0x242E 0x1DC4 0x1DC3 0x23CC 0x1DDA frr# show ipv6 ospf6 OSPFv3 Routing Process (0) with Router-ID 2.2.2.2 Number of areas in this router is 1 Authentication Sequence number info ==> new info added Higher sequence no 3, Lower sequence no 1656 Risk: ===== Low risk Tests Executed: =============== Have executed the combination of commands. Signed-off-by: Abhinay Ramesh <rabhinay@vmware.com>
2021-05-30 18:27:13 +02:00
unsigned char *ospf6_hash_message_xor(unsigned char *mes1, unsigned char *mes2,
uint32_t len);
ospf6d: fix coverity issues. Fixed below coverity issues ________________________________________________________________________________________________________ *** CID 1511366: (TAINTED_SCALAR) /ospf6d/ospf6_message.c: 2631 in ospf6_make_lsupdate_list() 2625 + OSPF6_HEADER_SIZE) 2626 > ospf6_packet_max(on->ospf6_if)) { 2627 ospf6_fill_header(on->ospf6_if, (*op)->s, 2628 length + OSPF6_HEADER_SIZE); 2629 (*op)->length = length + OSPF6_HEADER_SIZE; 2630 ospf6_fill_lsupdate_header((*op)->s, *lsa_cnt); >>> CID 1511366: (TAINTED_SCALAR) >>> Passing tainted variable "(*op)->length" to a tainted sink. 2631 ospf6_send_lsupdate(on, NULL, *op); 2632 2633 /* refresh packet */ 2634 *op = ospf6_packet_new(on->ospf6_if->ifmtu); 2635 length = OSPF6_LS_UPD_MIN_SIZE; 2636 *lsa_cnt = 0; /ospf6d/ospf6_message.c: 2631 in ospf6_make_lsupdate_list() 2625 + OSPF6_HEADER_SIZE) 2626 > ospf6_packet_max(on->ospf6_if)) { 2627 ospf6_fill_header(on->ospf6_if, (*op)->s, 2628 length + OSPF6_HEADER_SIZE); 2629 (*op)->length = length + OSPF6_HEADER_SIZE; 2630 ospf6_fill_lsupdate_header((*op)->s, *lsa_cnt); >>> CID 1511366: (TAINTED_SCALAR) >>> Passing tainted variable "(*op)->length" to a tainted sink. 2631 ospf6_send_lsupdate(on, NULL, *op); ________________________________________________________________________________________________________ *** CID 1511365: (TAINTED_SCALAR) /ospf6d/ospf6_message.c: 2674 in ospf6_make_ls_retrans_list() 2669 if (on->ospf6_if->state == OSPF6_INTERFACE_POINTTOPOINT) 2670 (*op)->dst = allspfrouters6; 2671 else 2672 (*op)->dst = on->linklocal_addr; 2673 >>> CID 1511365: (TAINTED_SCALAR) >>> Passing tainted variable "(*op)->length" to a tainted sink. 2674 ospf6_fill_hdr_checksum(on->ospf6_if, *op); 2675 ospf6_packet_add(on->ospf6_if, *op); 2676 OSPF6_MESSAGE_WRITE_ON(on->ospf6_if); /ospf6d/ospf6_message.c: 2674 in ospf6_make_ls_retrans_list() 2669 if (on->ospf6_if->state == OSPF6_INTERFACE_POINTTOPOINT) 2670 (*op)->dst = allspfrouters6; 2671 else 2672 (*op)->dst = on->linklocal_addr; 2673 >>> CID 1511365: (TAINTED_SCALAR) >>> Passing tainted variable "(*op)->length" to a tainted sink. 2674 ospf6_fill_hdr_checksum(on->ospf6_if, *op); 2675 ospf6_packet_add(on->ospf6_if, *op); 2676 OSPF6_MESSAGE_WRITE_ON(on->ospf6_if); /ospf6d/ospf6_message.c: 2674 in ospf6_make_ls_retrans_list() 2668 ospf6_fill_lsupdate_header((*op)->s, *lsa_cnt); 2669 if (on->ospf6_if->state == OSPF6_INTERFACE_POINTTOPOINT) 2670 (*op)->dst = allspfrouters6; 2671 else 2672 (*op)->dst = on->linklocal_addr; 2673 >>> CID 1511365: (TAINTED_SCALAR) >>> Passing tainted variable "(*op)->length" to a tainted sink. 2674 ospf6_fill_hdr_checksum(on->ospf6_if, *op); 2675 ospf6_packet_add(on->ospf6_if, *op); 2676 OSPF6_MESSAGE_WRITE_ON(on->ospf6_if); ________________________________________________________________________________________________________ *** CID 1511364: Insecure data handling (TAINTED_SCALAR) /ospf6d/ospf6_message.c: 2125 in ospf6_write() 2120 if (oi->at_data.flags != 0) { 2121 at_len = ospf6_auth_len_get(oi); 2122 if (at_len) { 2123 iovector[0].iov_len = 2124 ntohs(oh->length) + at_len; >>> CID 1511364: Insecure data handling (TAINTED_SCALAR) >>> Passing tainted variable "iovector[0].iov_len" to a tainted sink. 2125 ospf6_auth_digest_send(oi->linklocal_addr, oi, 2126 oh, at_len, 2127 iovector[0].iov_len); 2128 } else { 2129 iovector[0].iov_len = ntohs(oh->length); 2130 } ________________________________________________________________________________________________________ *** CID 1511363: (DEADCODE) /ospf6d/ospf6_auth_trailer.c: 275 in ospf6_hash_hmac_sha_digest() 269 case KEYCHAIN_ALGO_HMAC_SHA512: 270 #ifdef CRYPTO_OPENSSL 271 sha512_digest(mes, len, digest); 272 #endif 273 break; 274 case KEYCHAIN_ALGO_NULL: >>> CID 1511363: (DEADCODE) >>> Execution cannot reach this statement: "case KEYCHAIN_ALGO_MAX:". 275 case KEYCHAIN_ALGO_MAX: 276 default: /ospf6d/ospf6_auth_trailer.c: 274 in ospf6_hash_hmac_sha_digest() 269 case KEYCHAIN_ALGO_HMAC_SHA512: 270 #ifdef CRYPTO_OPENSSL 271 sha512_digest(mes, len, digest); 272 #endif 273 break; >>> CID 1511363: (DEADCODE) >>> Execution cannot reach this statement: "case KEYCHAIN_ALGO_NULL:". 274 case KEYCHAIN_ALGO_NULL: 275 case KEYCHAIN_ALGO_MAX: 276 default: ________________________________________________________________________________________________________ *** CID 1511362: Insecure data handling (TAINTED_SCALAR) /ospf6d/ospf6_auth_trailer.c: 541 in ospf6_auth_check_digest() 535 536 auth_len = ntohs(ospf6_auth->length); 537 538 memcpy(temp_hash, ospf6_auth->data, hash_len); 539 memcpy(ospf6_auth->data, apad, hash_len); 540 >>> CID 1511362: Insecure data handling (TAINTED_SCALAR) >>> Passing tainted variable "oh_len + auth_len + lls_block_len" to a tainted sink. 541 ospf6_auth_update_digest(oi, oh, ospf6_auth, auth_str, 542 (oh_len + auth_len + lls_block_len), 543 hash_algo); ________________________________________________________________________________________________________ *** CID 1511361: Insecure data handling (TAINTED_SCALAR) /ospf6d/ospf6_auth_trailer.c: 124 in ospf6_auth_hdr_dump_recv() 118 at_len = length - (oh_len + lls_len); 119 if (at_len > 0) { 120 ospf6_at_hdr = 121 (struct ospf6_auth_hdr *)((uint8_t *)ospfh + oh_len); 122 at_hdr_len = ntohs(ospf6_at_hdr->length); 123 hash_len = at_hdr_len - OSPF6_AUTH_HDR_MIN_SIZE; >>> CID 1511361: Insecure data handling (TAINTED_SCALAR) >>> Passing tainted variable "hash_len" to a tainted sink. 124 memcpy(temp, ospf6_at_hdr->data, hash_len); 125 temp[hash_len] = '\0'; ________________________________________________________________________________________________________ *** CID 1482146: Insecure data handling (TAINTED_SCALAR) /ospf6d/ospf6_message.c: 2787 in ospf6_lsupdate_send_neighbor_now() 2781 2782 if (IS_OSPF6_DEBUG_FLOODING 2783 || IS_OSPF6_DEBUG_MESSAGE(OSPF6_MESSAGE_TYPE_LSUPDATE, SEND_HDR)) 2784 zlog_debug("%s: Send lsupdate with lsa %s (age %u)", __func__, 2785 lsa->name, ntohs(lsa->header->age)); 2786 >>> CID 1482146: Insecure data handling (TAINTED_SCALAR) >>> Passing tainted variable "op->length" to a tainted sink. 2787 ospf6_send_lsupdate(on, NULL, op); Signed-off-by: Abhinay Ramesh <rabhinay@vmware.com>
2022-02-12 13:05:57 +01:00
uint16_t ospf6_auth_len_get(struct ospf6_interface *oi);
ospf6d: Core functionality of auth trailer implementation.. Problem Statement: ================== Implement RFC 7166 support for OSPF6 in FRR code. RCA: ==== This feature is newly supported in FRR. Fix: ==== Changes are done to implement ospf6 ingress and egress packet processing. This commit has the core functionality. It supports below debugability commands: --------------------------------------- debug ospf6 authentication [<tx|rx>] It supports below clear command: -------------------------------- clear ipv6 ospf6 auth-counters interface [IFNAME] It supports below show commands: -------------------------------- frr# show ipv6 ospf6 interface ens192 ens192 is up, type BROADCAST Interface ID: 5 Number of I/F scoped LSAs is 2 0 Pending LSAs for LSUpdate in Time 00:00:00 [thread off] 0 Pending LSAs for LSAck in Time 00:00:00 [thread off] Authentication trailer is enabled with manual key ==> new info added Packet drop Tx 0, Packet drop Rx 0 ==> drop counters frr# show ipv6 ospf6 neighbor 2.2.2.2 detail Neighbor 2.2.2.2%ens192 Area 1 via interface ens192 (ifindex 3) 0 Pending LSAs for LSUpdate in Time 00:00:00 [thread off] 0 Pending LSAs for LSAck in Time 00:00:00 [thread off] Authentication header present ==> new info added hello DBDesc LSReq LSUpd LSAck Higher sequence no 0x0 0x0 0x0 0x0 0x0 Lower sequence no 0x242E 0x1DC4 0x1DC3 0x23CC 0x1DDA frr# show ipv6 ospf6 OSPFv3 Routing Process (0) with Router-ID 2.2.2.2 Number of areas in this router is 1 Authentication Sequence number info ==> new info added Higher sequence no 3, Lower sequence no 1656 Risk: ===== Low risk Tests Executed: =============== Have executed the combination of commands. Signed-off-by: Abhinay Ramesh <rabhinay@vmware.com>
2021-05-30 18:27:13 +02:00
int ospf6_auth_validate_pkt(struct ospf6_interface *oi, unsigned int *pkt_len,
ospf6d: Stitching the auth trailer code with rest of ospf6. Problem Statement: ================== RFC 7166 support for OSPF6 in FRR code. RCA: ==== This feature is newly supported in FRR Fix: ==== Core functionality implemented in previous commit is stitched with rest of ospf6 code as part of this commit. Risk: ===== Low risk Tests Executed: =============== Have executed the combination of commands. Signed-off-by: Abhinay Ramesh <rabhinay@vmware.com>
2021-05-30 18:33:41 +02:00
struct ospf6_header *oh, unsigned int *at_len,
unsigned int *lls_block_len);
ospf6d: Core functionality of auth trailer implementation.. Problem Statement: ================== Implement RFC 7166 support for OSPF6 in FRR code. RCA: ==== This feature is newly supported in FRR. Fix: ==== Changes are done to implement ospf6 ingress and egress packet processing. This commit has the core functionality. It supports below debugability commands: --------------------------------------- debug ospf6 authentication [<tx|rx>] It supports below clear command: -------------------------------- clear ipv6 ospf6 auth-counters interface [IFNAME] It supports below show commands: -------------------------------- frr# show ipv6 ospf6 interface ens192 ens192 is up, type BROADCAST Interface ID: 5 Number of I/F scoped LSAs is 2 0 Pending LSAs for LSUpdate in Time 00:00:00 [thread off] 0 Pending LSAs for LSAck in Time 00:00:00 [thread off] Authentication trailer is enabled with manual key ==> new info added Packet drop Tx 0, Packet drop Rx 0 ==> drop counters frr# show ipv6 ospf6 neighbor 2.2.2.2 detail Neighbor 2.2.2.2%ens192 Area 1 via interface ens192 (ifindex 3) 0 Pending LSAs for LSUpdate in Time 00:00:00 [thread off] 0 Pending LSAs for LSAck in Time 00:00:00 [thread off] Authentication header present ==> new info added hello DBDesc LSReq LSUpd LSAck Higher sequence no 0x0 0x0 0x0 0x0 0x0 Lower sequence no 0x242E 0x1DC4 0x1DC3 0x23CC 0x1DDA frr# show ipv6 ospf6 OSPFv3 Routing Process (0) with Router-ID 2.2.2.2 Number of areas in this router is 1 Authentication Sequence number info ==> new info added Higher sequence no 3, Lower sequence no 1656 Risk: ===== Low risk Tests Executed: =============== Have executed the combination of commands. Signed-off-by: Abhinay Ramesh <rabhinay@vmware.com>
2021-05-30 18:27:13 +02:00
int ospf6_auth_check_digest(struct ospf6_header *oh, struct ospf6_interface *oi,
ospf6d: Stitching the auth trailer code with rest of ospf6. Problem Statement: ================== RFC 7166 support for OSPF6 in FRR code. RCA: ==== This feature is newly supported in FRR Fix: ==== Core functionality implemented in previous commit is stitched with rest of ospf6 code as part of this commit. Risk: ===== Low risk Tests Executed: =============== Have executed the combination of commands. Signed-off-by: Abhinay Ramesh <rabhinay@vmware.com>
2021-05-30 18:33:41 +02:00
struct in6_addr *src, unsigned int lls_len);
ospf6d: Core functionality of auth trailer implementation.. Problem Statement: ================== Implement RFC 7166 support for OSPF6 in FRR code. RCA: ==== This feature is newly supported in FRR. Fix: ==== Changes are done to implement ospf6 ingress and egress packet processing. This commit has the core functionality. It supports below debugability commands: --------------------------------------- debug ospf6 authentication [<tx|rx>] It supports below clear command: -------------------------------- clear ipv6 ospf6 auth-counters interface [IFNAME] It supports below show commands: -------------------------------- frr# show ipv6 ospf6 interface ens192 ens192 is up, type BROADCAST Interface ID: 5 Number of I/F scoped LSAs is 2 0 Pending LSAs for LSUpdate in Time 00:00:00 [thread off] 0 Pending LSAs for LSAck in Time 00:00:00 [thread off] Authentication trailer is enabled with manual key ==> new info added Packet drop Tx 0, Packet drop Rx 0 ==> drop counters frr# show ipv6 ospf6 neighbor 2.2.2.2 detail Neighbor 2.2.2.2%ens192 Area 1 via interface ens192 (ifindex 3) 0 Pending LSAs for LSUpdate in Time 00:00:00 [thread off] 0 Pending LSAs for LSAck in Time 00:00:00 [thread off] Authentication header present ==> new info added hello DBDesc LSReq LSUpd LSAck Higher sequence no 0x0 0x0 0x0 0x0 0x0 Lower sequence no 0x242E 0x1DC4 0x1DC3 0x23CC 0x1DDA frr# show ipv6 ospf6 OSPFv3 Routing Process (0) with Router-ID 2.2.2.2 Number of areas in this router is 1 Authentication Sequence number info ==> new info added Higher sequence no 3, Lower sequence no 1656 Risk: ===== Low risk Tests Executed: =============== Have executed the combination of commands. Signed-off-by: Abhinay Ramesh <rabhinay@vmware.com>
2021-05-30 18:27:13 +02:00
void ospf6_auth_update_digest(struct ospf6_interface *oi,
struct ospf6_header *oh,
struct ospf6_auth_hdr *ospf6_auth, char *auth_str,
ospf6d: Stitching the auth trailer code with rest of ospf6. Problem Statement: ================== RFC 7166 support for OSPF6 in FRR code. RCA: ==== This feature is newly supported in FRR Fix: ==== Core functionality implemented in previous commit is stitched with rest of ospf6 code as part of this commit. Risk: ===== Low risk Tests Executed: =============== Have executed the combination of commands. Signed-off-by: Abhinay Ramesh <rabhinay@vmware.com>
2021-05-30 18:33:41 +02:00
uint32_t pkt_len, enum keychain_hash_algo algo);
ospf6d: Core functionality of auth trailer implementation.. Problem Statement: ================== Implement RFC 7166 support for OSPF6 in FRR code. RCA: ==== This feature is newly supported in FRR. Fix: ==== Changes are done to implement ospf6 ingress and egress packet processing. This commit has the core functionality. It supports below debugability commands: --------------------------------------- debug ospf6 authentication [<tx|rx>] It supports below clear command: -------------------------------- clear ipv6 ospf6 auth-counters interface [IFNAME] It supports below show commands: -------------------------------- frr# show ipv6 ospf6 interface ens192 ens192 is up, type BROADCAST Interface ID: 5 Number of I/F scoped LSAs is 2 0 Pending LSAs for LSUpdate in Time 00:00:00 [thread off] 0 Pending LSAs for LSAck in Time 00:00:00 [thread off] Authentication trailer is enabled with manual key ==> new info added Packet drop Tx 0, Packet drop Rx 0 ==> drop counters frr# show ipv6 ospf6 neighbor 2.2.2.2 detail Neighbor 2.2.2.2%ens192 Area 1 via interface ens192 (ifindex 3) 0 Pending LSAs for LSUpdate in Time 00:00:00 [thread off] 0 Pending LSAs for LSAck in Time 00:00:00 [thread off] Authentication header present ==> new info added hello DBDesc LSReq LSUpd LSAck Higher sequence no 0x0 0x0 0x0 0x0 0x0 Lower sequence no 0x242E 0x1DC4 0x1DC3 0x23CC 0x1DDA frr# show ipv6 ospf6 OSPFv3 Routing Process (0) with Router-ID 2.2.2.2 Number of areas in this router is 1 Authentication Sequence number info ==> new info added Higher sequence no 3, Lower sequence no 1656 Risk: ===== Low risk Tests Executed: =============== Have executed the combination of commands. Signed-off-by: Abhinay Ramesh <rabhinay@vmware.com>
2021-05-30 18:27:13 +02:00
void ospf6_auth_digest_send(struct in6_addr *src, struct ospf6_interface *oi,
struct ospf6_header *oh, uint16_t auth_len,
uint32_t pkt_len);
void install_element_ospf6_debug_auth(void);
int config_write_ospf6_debug_auth(struct vty *vty);
void install_element_ospf6_clear_intf_auth(void);
ospf6d: Stitching the auth trailer code with rest of ospf6. Problem Statement: ================== RFC 7166 support for OSPF6 in FRR code. RCA: ==== This feature is newly supported in FRR Fix: ==== Core functionality implemented in previous commit is stitched with rest of ospf6 code as part of this commit. Risk: ===== Low risk Tests Executed: =============== Have executed the combination of commands. Signed-off-by: Abhinay Ramesh <rabhinay@vmware.com>
2021-05-30 18:33:41 +02:00
enum ospf6_auth_err ospf6_auth_nvm_file_exist(void);
void ospf6_auth_seqno_nvm_update(struct ospf6 *ospf6);
void ospf6_auth_seqno_nvm_delete(struct ospf6 *ospf6);
void ospf6_auth_seqno_nvm_read(struct ospf6 *ospf6);
ospf6d: Core functionality of auth trailer implementation.. Problem Statement: ================== Implement RFC 7166 support for OSPF6 in FRR code. RCA: ==== This feature is newly supported in FRR. Fix: ==== Changes are done to implement ospf6 ingress and egress packet processing. This commit has the core functionality. It supports below debugability commands: --------------------------------------- debug ospf6 authentication [<tx|rx>] It supports below clear command: -------------------------------- clear ipv6 ospf6 auth-counters interface [IFNAME] It supports below show commands: -------------------------------- frr# show ipv6 ospf6 interface ens192 ens192 is up, type BROADCAST Interface ID: 5 Number of I/F scoped LSAs is 2 0 Pending LSAs for LSUpdate in Time 00:00:00 [thread off] 0 Pending LSAs for LSAck in Time 00:00:00 [thread off] Authentication trailer is enabled with manual key ==> new info added Packet drop Tx 0, Packet drop Rx 0 ==> drop counters frr# show ipv6 ospf6 neighbor 2.2.2.2 detail Neighbor 2.2.2.2%ens192 Area 1 via interface ens192 (ifindex 3) 0 Pending LSAs for LSUpdate in Time 00:00:00 [thread off] 0 Pending LSAs for LSAck in Time 00:00:00 [thread off] Authentication header present ==> new info added hello DBDesc LSReq LSUpd LSAck Higher sequence no 0x0 0x0 0x0 0x0 0x0 Lower sequence no 0x242E 0x1DC4 0x1DC3 0x23CC 0x1DDA frr# show ipv6 ospf6 OSPFv3 Routing Process (0) with Router-ID 2.2.2.2 Number of areas in this router is 1 Authentication Sequence number info ==> new info added Higher sequence no 3, Lower sequence no 1656 Risk: ===== Low risk Tests Executed: =============== Have executed the combination of commands. Signed-off-by: Abhinay Ramesh <rabhinay@vmware.com>
2021-05-30 18:27:13 +02:00
#endif /* __OSPF6_AUTH_TRAILER_H__ */
Copy permalink