summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--proto/ospf/packet.c24
1 files changed, 20 insertions, 4 deletions
diff --git a/proto/ospf/packet.c b/proto/ospf/packet.c
index cbc8f2ec..85cbbdf0 100644
--- a/proto/ospf/packet.c
+++ b/proto/ospf/packet.c
@@ -14,6 +14,14 @@
#include "lib/mac.h"
#include "lib/socket.h"
+const char * const ospf_pkt_names[] = {
+ [HELLO_P] = "HELLO",
+ [DBDES_P] = "DBDES",
+ [LSREQ_P] = "LSREQ",
+ [LSUPD_P] = "LSUPD",
+ [LSACK_P] = "LSACK",
+};
+
void
ospf_pkt_fill_hdr(struct ospf_iface *ifa, void *buf, u8 h_type)
{
@@ -550,6 +558,10 @@ found:
if (rid == 0)
DROP1("zero router ID");
+ /* Check packet type here, ospf_pkt_checkauth3() expects valid values */
+ if (pkt->type < HELLO_P || pkt->type > LSACK_P)
+ DROP("invalid packet type", pkt->type);
+
/* In OSPFv2, neighbors are identified by either IP or Router ID, based on network type */
uint t = ifa->type;
struct ospf_neighbor *n;
@@ -565,11 +577,15 @@ found:
return 1;
}
- /* Check packet type here, ospf_pkt_checkauth3() expects valid values */
- if (pkt->type < HELLO_P || pkt->type > LSACK_P)
- DROP("invalid packet type", pkt->type);
+ /* We need to ignore out-of-state packets before ospf_pkt_checkauth3() */
+ if ((pkt->type > DBDES_P) && (n->state < NEIGHBOR_EXCHANGE))
+ {
+ OSPF_TRACE(D_PACKETS, "%s packet ignored - lesser state than Exchange",
+ ospf_pkt_names[pkt->type]);
+ return 1;
+ }
- /* ospf_pkt_checkauth() has its own error logging */
+ /* ospf_pkt_checkauthX() has its own error logging */
if ((ospf_is_v2(p) ?
!ospf_pkt_checkauth2(n, ifa, pkt, len) :
!ospf_pkt_checkauth3(n, ifa, pkt, len, sk->faddr)))