diff options
| author | Mobashshera Rasool <mrasool@vmware.com> | 2021-09-03 04:52:23 -0700 |
|---|---|---|
| committer | Mobashshera Rasool <mrasool@vmware.com> | 2021-09-03 06:44:39 -0700 |
| commit | 44d1115ad6e7c01090d95480a27bd4484c91ffc5 (patch) | |
| tree | 28f51c8aebdc69a7dec4eaa8cd185be047124647 | |
| parent | 3cb67fef98c9869a2d2f3bf1be86c3b29cb0405e (diff) | |
ospfd: ANVL Test case 25.22, 25.23 and 28.11 fixes
ANVL Test case 28.11
If the database copy has LS age equal to MaxAge and LS sequence number
equal to MaxSequenceNumber, simply discard the received LSA
without acknowledging it.
ANVL Test Case 25.22
When an attempt is made to increment the sequence number past the maximum
value of N - 1 (0x7fffffff; also referred to as MaxSequenceNumber),
the current instance of the LSA must first be flushed from the routing domain.
ANVL Test Case 25.23
As soon as this flooding of a LSA with LS sequence number MaxSequenceNumber
has been acknowledged by all adjacent neighbors, a new instance can be
originated with sequence number of InitialSequenceNumber.
RCA:
When IXIA sent LS Seq num as MAX and LS Age as (MAX - 3),
DUT dropped the packet instead of sending ACK.
In function ospf_ls_upd, at Line 2106 the code is there to drop the LSA.
Hence its failing.
Fix:
LSAs ACK must be sent when received LSA is having max sequence number
but not max-aged.
Considering /* CVE-2017-3224 */ issue, have corrected the existing
code to prevent attacker from sending LSAs with max sequence number
and higher checksum and blocking the flooding of the Max-sequence numbered LSAs.
Signed-off-by: Mobashshera Rasool <mrasool@vmware.com>
| -rw-r--r-- | ospfd/ospf_lsa.h | 2 | ||||
| -rw-r--r-- | ospfd/ospf_packet.c | 8 |
2 files changed, 6 insertions, 4 deletions
diff --git a/ospfd/ospf_lsa.h b/ospfd/ospf_lsa.h index d01dc720ba..f536c311f9 100644 --- a/ospfd/ospf_lsa.h +++ b/ospfd/ospf_lsa.h @@ -218,6 +218,8 @@ struct as_external_lsa { #define LS_AGE(x) (OSPF_LSA_MAXAGE < get_age(x) ? OSPF_LSA_MAXAGE : get_age(x)) #define IS_LSA_SELF(L) (CHECK_FLAG ((L)->flags, OSPF_LSA_SELF)) #define IS_LSA_MAXAGE(L) (LS_AGE ((L)) == OSPF_LSA_MAXAGE) +#define IS_LSA_MAX_SEQ(L) \ + ((L)->data->ls_seqnum == htonl(OSPF_MAX_SEQUENCE_NUMBER)) #define OSPF_LSA_UPDATE_DELAY 2 diff --git a/ospfd/ospf_packet.c b/ospfd/ospf_packet.c index 9930b0bd49..8a76e265bc 100644 --- a/ospfd/ospf_packet.c +++ b/ospfd/ospf_packet.c @@ -2089,11 +2089,11 @@ static void ospf_ls_upd(struct ospf *ospf, struct ip *iph, if (current == NULL || (ret = ospf_lsa_more_recent(current, lsa)) < 0) { /* CVE-2017-3224 */ - if (current && (lsa->data->ls_seqnum == - htonl(OSPF_MAX_SEQUENCE_NUMBER) - && !IS_LSA_MAXAGE(lsa))) { + if (current && (IS_LSA_MAX_SEQ(current)) + && (IS_LSA_MAX_SEQ(lsa)) + && !IS_LSA_MAXAGE(lsa)) { zlog_debug( - "Link State Update[%s]: has Max Seq but not MaxAge. Dropping it", + "Link State Update[%s]: has Max Seq and higher checksum but not MaxAge. Dropping it", dump_lsa_key(lsa)); DISCARD_LSA(lsa, 4); |