diff options
-rw-r--r-- | proto/ospf/packet.c | 24 |
1 files changed, 20 insertions, 4 deletions
diff --git a/proto/ospf/packet.c b/proto/ospf/packet.c index cbc8f2ec..85cbbdf0 100644 --- a/proto/ospf/packet.c +++ b/proto/ospf/packet.c @@ -14,6 +14,14 @@ #include "lib/mac.h" #include "lib/socket.h" +const char * const ospf_pkt_names[] = { + [HELLO_P] = "HELLO", + [DBDES_P] = "DBDES", + [LSREQ_P] = "LSREQ", + [LSUPD_P] = "LSUPD", + [LSACK_P] = "LSACK", +}; + void ospf_pkt_fill_hdr(struct ospf_iface *ifa, void *buf, u8 h_type) { @@ -550,6 +558,10 @@ found: if (rid == 0) DROP1("zero router ID"); + /* Check packet type here, ospf_pkt_checkauth3() expects valid values */ + if (pkt->type < HELLO_P || pkt->type > LSACK_P) + DROP("invalid packet type", pkt->type); + /* In OSPFv2, neighbors are identified by either IP or Router ID, based on network type */ uint t = ifa->type; struct ospf_neighbor *n; @@ -565,11 +577,15 @@ found: return 1; } - /* Check packet type here, ospf_pkt_checkauth3() expects valid values */ - if (pkt->type < HELLO_P || pkt->type > LSACK_P) - DROP("invalid packet type", pkt->type); + /* We need to ignore out-of-state packets before ospf_pkt_checkauth3() */ + if ((pkt->type > DBDES_P) && (n->state < NEIGHBOR_EXCHANGE)) + { + OSPF_TRACE(D_PACKETS, "%s packet ignored - lesser state than Exchange", + ospf_pkt_names[pkt->type]); + return 1; + } - /* ospf_pkt_checkauth() has its own error logging */ + /* ospf_pkt_checkauthX() has its own error logging */ if ((ospf_is_v2(p) ? !ospf_pkt_checkauth2(n, ifa, pkt, len) : !ospf_pkt_checkauth3(n, ifa, pkt, len, sk->faddr))) |