Better handling of global addresses as configured NBMA neighbors in OSPFv3.

Configured NBMA neighbors in OSPFv3 should be link-local addresses, old
behavior was to silently ignore global ones. The patch allows BIRD to
accept global ones, but adds a warning and a documentation notice.

Thanks to Wilco Baan Hofman for the bugreport.
This commit is contained in:
Ondrej Zajicek 2013-04-16 16:22:31 +02:00
parent a9fc659b84
commit 9ff5257357
3 changed files with 36 additions and 21 deletions

View file

@ -2212,7 +2212,10 @@ protocol ospf <name> {
<tag>neighbors { <m/set/ } </tag> <tag>neighbors { <m/set/ } </tag>
A set of neighbors to which Hello messages on NBMA or PtMP A set of neighbors to which Hello messages on NBMA or PtMP
networks are to be sent. For NBMA networks, some of them networks are to be sent. For NBMA networks, some of them
could be marked as eligible. could be marked as eligible. In OSPFv3, link-local addresses
should be used, using global ones is possible, but it is
nonstandard and might be problematic. And definitely,
link-local and global addresses should not be mixed.
</descrip> </descrip>

View file

@ -135,6 +135,7 @@ CF_KEYWORDS(GLOBAL, LSID, ROUTER, SELF, INSTANCE, REAL)
%type <t> opttext %type <t> opttext
%type <ld> lsadb_args %type <ld> lsadb_args
%type <i> nbma_eligible
CF_GRAMMAR CF_GRAMMAR
@ -295,7 +296,7 @@ ospf_iface_item:
| STUB bool { OSPF_PATT->stub = $2 ; } | STUB bool { OSPF_PATT->stub = $2 ; }
| CHECK LINK bool { OSPF_PATT->check_link = $3; } | CHECK LINK bool { OSPF_PATT->check_link = $3; }
| ECMP WEIGHT expr { OSPF_PATT->ecmp_weight = $3 - 1; if (($3<1) || ($3>256)) cf_error("ECMP weight must be in range 1-256"); } | ECMP WEIGHT expr { OSPF_PATT->ecmp_weight = $3 - 1; if (($3<1) || ($3>256)) cf_error("ECMP weight must be in range 1-256"); }
| NEIGHBORS '{' ipa_list '}' | NEIGHBORS '{' nbma_list '}'
| AUTHENTICATION NONE { OSPF_PATT->autype = OSPF_AUTH_NONE ; } | AUTHENTICATION NONE { OSPF_PATT->autype = OSPF_AUTH_NONE ; }
| AUTHENTICATION SIMPLE { OSPF_PATT->autype = OSPF_AUTH_SIMPLE ; } | AUTHENTICATION SIMPLE { OSPF_PATT->autype = OSPF_AUTH_SIMPLE ; }
| AUTHENTICATION CRYPTOGRAPHIC { OSPF_PATT->autype = OSPF_AUTH_CRYPT ; } | AUTHENTICATION CRYPTOGRAPHIC { OSPF_PATT->autype = OSPF_AUTH_CRYPT ; }
@ -327,34 +328,25 @@ pref_opt:
| TAG expr { this_pref->tag = $2; } | TAG expr { this_pref->tag = $2; }
; ;
ipa_list: nbma_list:
/* empty */ /* empty */
| ipa_list ipa_item | nbma_list nbma_item
; ;
ipa_item: nbma_eligible:
ipa_el /* empty */ { $$ = 0; }
| ipa_ne; | ELIGIBLE { $$ = 1; }
;
ipa_el: IPA ';' nbma_item: IPA nbma_eligible ';'
{ {
this_nbma = cfg_allocz(sizeof(struct nbma_node)); this_nbma = cfg_allocz(sizeof(struct nbma_node));
add_tail(&OSPF_PATT->nbma_list, NODE this_nbma); add_tail(&OSPF_PATT->nbma_list, NODE this_nbma);
this_nbma->ip=$1; this_nbma->ip=$1;
this_nbma->eligible=0; this_nbma->eligible=$2;
} }
; ;
ipa_ne: IPA ELIGIBLE ';'
{
this_nbma = cfg_allocz(sizeof(struct nbma_node));
add_tail(&OSPF_PATT->nbma_list, NODE this_nbma);
this_nbma->ip=$1;
this_nbma->eligible=1;
}
;
ospf_iface_start: ospf_iface_start:
{ {
this_ipatt = cfg_allocz(sizeof(struct ospf_iface_patt)); this_ipatt = cfg_allocz(sizeof(struct ospf_iface_patt));

View file

@ -574,8 +574,22 @@ ospf_iface_new(struct ospf_area *oa, struct ifa *addr, struct ospf_iface_patt *i
init_list(&ifa->nbma_list); init_list(&ifa->nbma_list);
WALK_LIST(nb, ip->nbma_list) WALK_LIST(nb, ip->nbma_list)
if (ipa_in_net(nb->ip, addr->prefix, addr->pxlen)) {
add_nbma_node(ifa, nb, 0); /* In OSPFv3, addr is link-local while configured neighbors could
have global IP (although RFC 5340 C.5 says link-local addresses
should be used). Because OSPFv3 iface is not subnet-specific,
there is no need for ipa_in_net() check */
#ifdef OSPFv2
if (!ipa_in_net(nb->ip, addr->prefix, addr->pxlen))
continue;
#else
if (!ipa_has_link_scope(nb->ip))
log(L_WARN "In OSPFv3, configured neighbor address (%I) should be link-local", nb->ip);
#endif
add_nbma_node(ifa, nb, 0);
}
ifa->state = OSPF_IS_DOWN; ifa->state = OSPF_IS_DOWN;
add_tail(&oa->po->iface_list, NODE ifa); add_tail(&oa->po->iface_list, NODE ifa);
@ -771,8 +785,14 @@ ospf_iface_reconfigure(struct ospf_iface *ifa, struct ospf_iface_patt *new)
/* NBMA LIST - add new */ /* NBMA LIST - add new */
WALK_LIST(nb, new->nbma_list) WALK_LIST(nb, new->nbma_list)
{ {
/* See related note in ospf_iface_new() */
#ifdef OSPFv2
if (!ipa_in_net(nb->ip, ifa->addr->prefix, ifa->addr->pxlen)) if (!ipa_in_net(nb->ip, ifa->addr->prefix, ifa->addr->pxlen))
continue; continue;
#else
if (!ipa_has_link_scope(nb->ip))
log(L_WARN "In OSPFv3, configured neighbor address (%I) should be link-local", nb->ip);
#endif
if (! find_nbma_node(ifa, nb->ip)) if (! find_nbma_node(ifa, nb->ip))
{ {