proxmox-mirrors/mirror_frr
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_frr synced 2025-07-15 21:56:10 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

bfd: fix missing Authentication in control pkt

Browse Source 
According RFC 5880, add a simpilfed version handling authentication
Signed-off-by: zmw12306 <zmw12306@gmail.com>
(cherry picked from commit 98707b04d4)
This commit is contained in:
zmw12306 2023-04-25 13:48:18 -04:00 committed by Mergify
parent 2681de7b19
commit 4bcaae4cb5
2 changed files with 52 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
bfdd/bfd.h
View File

@ -32,6 +32,11 @@ DECLARE_MGROUP(BFDD);
DECLARE_MTYPE(BFDD_CONTROL); DECLARE_MTYPE(BFDD_CONTROL);
DECLARE_MTYPE(BFDD_NOTIFICATION); DECLARE_MTYPE(BFDD_NOTIFICATION);
/* bfd Authentication Type. */
#define BFD_AUTH_NULL 0
#define BFD_AUTH_SIMPLE 1
#define BFD_AUTH_CRYPTOGRAPHIC 2
struct bfd_timers { struct bfd_timers {
uint32_t desired_min_tx; uint32_t desired_min_tx;
uint32_t required_min_rx; uint32_t required_min_rx;
@ -60,6 +65,15 @@ struct bfd_pkt {
struct bfd_timers timers; struct bfd_timers timers;
}; };
/*
* Format of authentification.
*/
struct bfd_auth {
uint8_t type;
uint8_t length;
};
/* /*
* Format of Echo packet. * Format of Echo packet.
*/ */

38
bfdd/bfd_packet.c
View File

@ -768,6 +768,37 @@ static void cp_debug(bool mhop, struct sockaddr_any *peer,
mhop ? "yes" : "no", peerstr, localstr, portstr, vrfstr); mhop ? "yes" : "no", peerstr, localstr, portstr, vrfstr);
} }
static bool bfd_check_auth(const struct bfd_session *bfd,
const struct bfd_pkt *cp)
{
if (CHECK_FLAG(cp->flags, BFD_ABIT)) {
/* RFC5880 4.1: Authentication Section is present. */
struct bfd_auth *auth = (struct bfd_auth *)(cp + 1);
uint16_t pkt_auth_type = ntohs(auth->type);
if (cp->len < BFD_PKT_LEN + sizeof(struct bfd_auth))
return false;
if (cp->len < BFD_PKT_LEN + auth->length)
return false;
switch (pkt_auth_type) {
case BFD_AUTH_NULL:
return false;
case BFD_AUTH_SIMPLE:
/* RFC5880 6.7: To be finshed. */
return false;
case BFD_AUTH_CRYPTOGRAPHIC:
/* RFC5880 6.7: To be finshed. */
return false;
default:
/* RFC5880 6.7: To be finshed. */
return false;
}
}
return true;
}
void bfd_recv_cb(struct event *t) void bfd_recv_cb(struct event *t)
{ {
int sd = EVENT_FD(t); int sd = EVENT_FD(t);
@ -932,6 +963,13 @@ void bfd_recv_cb(struct event *t)
bfd->discrs.remote_discr = ntohl(cp->discrs.my_discr); bfd->discrs.remote_discr = ntohl(cp->discrs.my_discr);
/* Check authentication. */
if (!bfd_check_auth(bfd, cp)) {
cp_debug(is_mhop, &peer, &local, ifindex, vrfid,
"Authentication failed");
return;
}
/* Save remote diagnostics before state switch. */ /* Save remote diagnostics before state switch. */
bfd->remote_diag = cp->diag & BFD_DIAGMASK; bfd->remote_diag = cp->diag & BFD_DIAGMASK;