From c531584a37bb34e7d8cf62887fd27c701270cd4b Mon Sep 17 00:00:00 2001 From: Dave LeRoy Date: Thu, 18 Jul 2024 10:19:30 -0700 Subject: [PATCH] nhrpd: Fixes auth no redirect bug The nhrp_peer_forward() routine was not explicitly handling the Authentication Extension in the switch statement and instead fell through to the default case which checked whether this was an unhandled Compulsory extension and errored out, never forwarding the Resolution Request. Fix bug #16371 Signed-off-by: Dave LeRoy --- nhrpd/nhrp_peer.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/nhrpd/nhrp_peer.c b/nhrpd/nhrp_peer.c index 2414541bfa..0407b86be8 100644 --- a/nhrpd/nhrp_peer.c +++ b/nhrpd/nhrp_peer.c @@ -1046,6 +1046,13 @@ static void nhrp_peer_forward(struct nhrp_peer *p, zbuf_put(zb, extpl.head, len); } break; + case NHRP_EXTENSION_AUTHENTICATION: + /* At this point, received packet has been authenticated. + * Just need to regenerate auth extension before forwarding. + * This will be done below in nhrp_packet_complete_auth(). + */ + break; + default: if (htons(ext->type) & NHRP_EXTENSION_FLAG_COMPULSORY) /* FIXME: RFC says to just copy, but not @@ -1064,7 +1071,7 @@ static void nhrp_peer_forward(struct nhrp_peer *p, nhrp_ext_complete(zb, dst); } - nhrp_packet_complete_auth(zb, hdr, pp->ifp, false); + nhrp_packet_complete_auth(zb, hdr, pp->ifp, true); nhrp_peer_send(p, zb); zbuf_free(zb); zbuf_free(zb_copy);