OSPF: Skip out-of-state packets earlier

Sometimes multicast OSPF packet is received when neighbor adjacency is
not established. Such packet should be ignored earlier in packet
processing as otherwise it causes strange error messages when OSPFv3
authentication is enabled.

diff --git a/proto/ospf/packet.c b/proto/ospf/packet.c
index cbc8f2ec8e3c2c3afc61574887569765d74e4b25..85cbbdf06b1ba3eb13d282410c46594ee93a9d22 100644 (file)
--- a/proto/ospf/packet.c
+++ b/proto/ospf/packet.c
@@ -14,6 +14,14 @@
 #include "lib/mac.h"
 #include "lib/socket.h"
 
+const char * const ospf_pkt_names[] = {
+  [HELLO_P]    = "HELLO",
+  [DBDES_P]    = "DBDES",
+  [LSREQ_P]    = "LSREQ",
+  [LSUPD_P]    = "LSUPD",
+  [LSACK_P]    = "LSACK",
+};
+
 void
 ospf_pkt_fill_hdr(struct ospf_iface *ifa, void *buf, u8 h_type)
 {
@@ -550,6 +558,10 @@ found:
   if (rid == 0)
     DROP1("zero router ID");
 
+  /* Check packet type here, ospf_pkt_checkauth3() expects valid values */
+  if (pkt->type < HELLO_P || pkt->type > LSACK_P)
+    DROP("invalid packet type", pkt->type);
+
   /* In OSPFv2, neighbors are identified by either IP or Router ID, based on network type */
   uint t = ifa->type;
   struct ospf_neighbor *n;
@@ -565,11 +577,15 @@ found:
     return 1;
   }
 
-  /* Check packet type here, ospf_pkt_checkauth3() expects valid values */
-  if (pkt->type < HELLO_P || pkt->type > LSACK_P)
-    DROP("invalid packet type", pkt->type);
+  /* We need to ignore out-of-state packets before ospf_pkt_checkauth3() */
+  if ((pkt->type > DBDES_P) && (n->state < NEIGHBOR_EXCHANGE))
+  {
+    OSPF_TRACE(D_PACKETS, "%s packet ignored - lesser state than Exchange",
+              ospf_pkt_names[pkt->type]);
+    return 1;
+  }
 
-  /* ospf_pkt_checkauth() has its own error logging */
+  /* ospf_pkt_checkauthX() has its own error logging */
   if ((ospf_is_v2(p) ?
        !ospf_pkt_checkauth2(n, ifa, pkt, len) :
        !ospf_pkt_checkauth3(n, ifa, pkt, len, sk->faddr)))