summaryrefslogtreecommitdiff
path: root/proto/ospf/ospf.h
diff options
context:
space:
mode:
authorOndrej Zajicek (work) <santiago@crfreenet.org>2018-04-25 15:50:57 +0200
committerOndrej Zajicek (work) <santiago@crfreenet.org>2018-04-25 15:54:53 +0200
commit4727d1db9d83a8f1025481cbcc06a7e4c8ec9f33 (patch)
tree8b0778f352da5135c6dc75d0389e0270202537de /proto/ospf/ospf.h
parentf3a8cf050e6181e158dcde2fe885d7bf220eedc3 (diff)
OSPF: Support of authentication trailer for OSPFv3
Implement RFC 7166, crypthographic authentication for OSPFv3 analogous to authentication used for OSPFv2.
Diffstat (limited to 'proto/ospf/ospf.h')
-rw-r--r--proto/ospf/ospf.h40
1 files changed, 33 insertions, 7 deletions
diff --git a/proto/ospf/ospf.h b/proto/ospf/ospf.h
index 54eeb74c..f26ed99c 100644
--- a/proto/ospf/ospf.h
+++ b/proto/ospf/ospf.h
@@ -69,6 +69,9 @@
#define MINLSARRIVAL (1 S_)
#define LSINFINITY 0xffffff
+#define OSPF_PKT_TYPES 5 /* HELLO_P .. LSACK_P */
+#define OSPF3_CRYPTO_ID 1 /* OSPFv3 Cryptographic Protocol ID */
+
#define OSPF_DEFAULT_TICK 1
#define OSPF_DEFAULT_STUB_COST 1000
#define OSPF_DEFAULT_ECMP_LIMIT 16
@@ -222,6 +225,7 @@ struct ospf_proto
u8 merge_external; /* Should i merge external routes? */
u8 asbr; /* May i originate any ext/NSSA lsa? */
u8 ecmp; /* Maximal number of nexthops in ECMP route, or 0 */
+ u64 csn64; /* Last used cryptographic sequence number */
struct ospf_area *backbone; /* If exists */
event *flood_event; /* Event for flooding LS updates */
void *lsab; /* LSA buffer used when originating router LSAs */
@@ -254,8 +258,6 @@ struct ospf_area
struct fib rtr; /* Routing tables for routers */
};
-
-
struct ospf_iface
{
node n;
@@ -387,7 +389,8 @@ struct ospf_neighbor
struct bfd_request *bfd_req; /* BFD request, if BFD is used */
void *ldd_buffer; /* Last database description packet */
u32 ldd_bsize; /* Buffer size for ldd_buffer */
- u32 csn; /* Last received crypt seq number (for MD5) */
+ u32 csn; /* OSPFv2: Last received crypt seq number */
+ u64 csn64[OSPF_PKT_TYPES]; /* OSPFv3: Last received CSN for each type of packet */
};
@@ -422,6 +425,7 @@ struct ospf_neighbor
#define OSPF_AUTH_SIMPLE 1
#define OSPF_AUTH_CRYPT 2
+#define OSPF3_AUTH_HMAC 1 /* HMAC Cryptographic Authentication */
/* OSPF neighbor states */
#define NEIGHBOR_DOWN 0
@@ -459,10 +463,12 @@ struct ospf_neighbor
#define OPT_MC 0x0004 /* Related to MOSPF, not used and obsolete */
#define OPT_N 0x0008 /* Related to NSSA */
#define OPT_P 0x0008 /* OSPFv2, flags P and N share position, see NSSA RFC */
-#define OPT_EA 0x0010 /* OSPFv2, external attributes, not used and obsolete */
+#define OPT_L_V2 0x0010 /* OSPFv2, link-local signaling, not used */
#define OPT_R 0x0010 /* OSPFv3, originator is active router */
#define OPT_DC 0x0020 /* Related to demand circuits, not used */
#define OPT_AF 0x0100 /* OSPFv3 Address Families (RFC 5838) */
+#define OPT_L_V3 0x0200 /* OSPFv3, link-local signaling */
+#define OPT_AT 0x0400 /* OSPFv3, authentication trailer */
/* Router-LSA VEB flags are are stored together with links (OSPFv2) or options (OSPFv3) */
#define OPT_RT_B (0x01 << 24)
@@ -489,20 +495,38 @@ struct ospf_packet
u8 autype; /* Undefined for OSPFv3 */
};
+struct ospf_lls
+{
+ u16 checksum;
+ u16 length;
+ byte data[0];
+};
+
struct ospf_auth_crypto
{
u16 zero;
u8 keyid;
u8 len;
- u32 csn;
+ u32 csn; /* Cryptographic sequence number (32-bit) */
};
-union ospf_auth
+union ospf_auth2
{
u8 password[8];
struct ospf_auth_crypto c32;
};
+struct ospf_auth3
+{
+ u16 type; /* Authentication type (OSPF3_AUTH_*) */
+ u16 length; /* Authentication trailer length (header + data) */
+ u16 reserved;
+ u16 sa_id; /* Security association identifier (key_id) */
+ u64 csn; /* Cryptographic sequence number (64-bit) */
+ byte data[0]; /* Authentication data */
+};
+
+
/* Packet types */
#define HELLO_P 1 /* Hello */
#define DBDES_P 2 /* Database description */
@@ -957,7 +981,7 @@ static inline void ospf_send_to_des(struct ospf_iface *ifa)
#endif
static inline uint ospf_pkt_hdrlen(struct ospf_proto *p)
-{ return ospf_is_v2(p) ? (sizeof(struct ospf_packet) + sizeof(union ospf_auth)) : sizeof(struct ospf_packet); }
+{ return ospf_is_v2(p) ? (sizeof(struct ospf_packet) + sizeof(union ospf_auth2)) : sizeof(struct ospf_packet); }
static inline void * ospf_tx_buffer(struct ospf_iface *ifa)
{ return ifa->sk->tbuf; }
@@ -969,11 +993,13 @@ static inline void * ospf_tx_buffer(struct ospf_iface *ifa)
void ospf_send_hello(struct ospf_iface *ifa, int kind, struct ospf_neighbor *dirn);
void ospf_receive_hello(struct ospf_packet *pkt, struct ospf_iface *ifa, struct ospf_neighbor *n, ip_addr faddr);
+uint ospf_hello3_options(struct ospf_packet *pkt);
/* dbdes.c */
void ospf_send_dbdes(struct ospf_proto *p, struct ospf_neighbor *n);
void ospf_rxmt_dbdes(struct ospf_proto *p, struct ospf_neighbor *n);
void ospf_receive_dbdes(struct ospf_packet *pkt, struct ospf_iface *ifa, struct ospf_neighbor *n);
+uint ospf_dbdes3_options(struct ospf_packet *pkt);
/* lsreq.c */
void ospf_send_lsreq(struct ospf_proto *p, struct ospf_neighbor *n);