OSPF: Skip out-of-state packets earlier

Sometimes multicast OSPF packet is received when neighbor adjacency is
not established. Such packet should be ignored earlier in packet
processing as otherwise it causes strange error messages when OSPFv3
authentication is enabled.

1 files changed, 20 insertions, 4 deletions

diff --git a/proto/ospf/packet.c b/proto/ospf/packet.c
index cbc8f2ec..85cbbdf0 100644
--- a/proto/ospf/packet.c
+++ b/proto/ospf/packet.c
@@ -14,6 +14,14 @@
 #include "lib/mac.h"
 #include "lib/socket.h"
 
+const char * const ospf_pkt_names[] = {
+  [HELLO_P]	= "HELLO",
+  [DBDES_P]	= "DBDES",
+  [LSREQ_P]	= "LSREQ",
+  [LSUPD_P]	= "LSUPD",
+  [LSACK_P]	= "LSACK",
+};
+
 void
 ospf_pkt_fill_hdr(struct ospf_iface *ifa, void *buf, u8 h_type)
 {
@@ -550,6 +558,10 @@ found:
   if (rid == 0)
     DROP1("zero router ID");
 
+  /* Check packet type here, ospf_pkt_checkauth3() expects valid values */
+  if (pkt->type < HELLO_P || pkt->type > LSACK_P)
+    DROP("invalid packet type", pkt->type);
+
   /* In OSPFv2, neighbors are identified by either IP or Router ID, based on network type */
   uint t = ifa->type;
   struct ospf_neighbor *n;
@@ -565,11 +577,15 @@ found:
     return 1;
   }
 
-  /* Check packet type here, ospf_pkt_checkauth3() expects valid values */
-  if (pkt->type < HELLO_P || pkt->type > LSACK_P)
-    DROP("invalid packet type", pkt->type);
+  /* We need to ignore out-of-state packets before ospf_pkt_checkauth3() */
+  if ((pkt->type > DBDES_P) && (n->state < NEIGHBOR_EXCHANGE))
+  {
+    OSPF_TRACE(D_PACKETS, "%s packet ignored - lesser state than Exchange",
+	       ospf_pkt_names[pkt->type]);
+    return 1;
+  }
 
-  /* ospf_pkt_checkauth() has its own error logging */
+  /* ospf_pkt_checkauthX() has its own error logging */
   if ((ospf_is_v2(p) ?
        !ospf_pkt_checkauth2(n, ifa, pkt, len) :
        !ospf_pkt_checkauth3(n, ifa, pkt, len, sk->faddr)))