OSPFv3: Update neighbor authentication state from Hello packets

In OSPFv3, only Hello and DBDes packets contain flags specifying whether
RFC 7166 authentication trailer is used. Other packets are processed
based on stored authentication state in neighbor structure. Update this
state with each received Hello to handle authentication change from
reconfigurations.

Thanks to Joakim Tjernlund and Kenth Eriksson for the bugreport.

diff --git a/proto/ospf/hello.c b/proto/ospf/hello.c
index d094f9346309e3102ef1453384cd8935a381cabe..1c987e5423cd01356b2c64df3664eb10216a51bc 100644 (file)
--- a/proto/ospf/hello.c
+++ b/proto/ospf/hello.c
@@ -294,6 +294,14 @@ ospf_receive_hello(struct ospf_packet *pkt, struct ospf_iface *ifa,
        n->ip = faddr;
       }
     }
+
+    /* Update RFC 7166 authentication trailer flag */
+    if (ospf_is_v3(p) && ((rcv_options ^ n->options) & OPT_AT))
+    {
+      OSPF_TRACE(D_EVENTS, "Neighbor %R on %s %s authentication",
+                n->rid, ifa->ifname, (rcv_options & OPT_AT) ? "enabled" : "disabled");
+      n->options = (n->options & ~OPT_AT) | (rcv_options & OPT_AT);
+    }
   }
 
   if (!n)
@@ -326,6 +334,9 @@ ospf_receive_hello(struct ospf_packet *pkt, struct ospf_iface *ifa,
     n->priority = rcv_priority;
     n->iface_id = rcv_iface_id;
 
+    if (ospf_is_v3(p))
+      n->options = rcv_options & OPT_AT;
+
     if (n->ifa->cf->bfd)
       ospf_neigh_update_bfd(n, n->ifa->bfd);
   }