From: Ondrej Zajicek (work) <santiago@crfreenet.org>
Date: Tue, 16 Mar 2021 15:34:42 +0000 (+0100)
Subject: OSPFv3: Update neighbor authentication state from Hello packets
X-Git-Tag: v2.0.8~6
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=ae9ae864d3fec20a74ce2567536e186ce178d032;p=thirdparty%2Fbird.git

OSPFv3: Update neighbor authentication state from Hello packets

In OSPFv3, only Hello and DBDes packets contain flags specifying whether
RFC 7166 authentication trailer is used. Other packets are processed
based on stored authentication state in neighbor structure. Update this
state with each received Hello to handle authentication change from
reconfigurations.

Thanks to Joakim Tjernlund and Kenth Eriksson for the bugreport.
---

diff --git a/proto/ospf/hello.c b/proto/ospf/hello.c
index d094f9346..1c987e542 100644
--- a/proto/ospf/hello.c
+++ b/proto/ospf/hello.c
@@ -294,6 +294,14 @@ ospf_receive_hello(struct ospf_packet *pkt, struct ospf_iface *ifa,
 	n->ip = faddr;
       }
     }
+
+    /* Update RFC 7166 authentication trailer flag */
+    if (ospf_is_v3(p) && ((rcv_options ^ n->options) & OPT_AT))
+    {
+      OSPF_TRACE(D_EVENTS, "Neighbor %R on %s %s authentication",
+		 n->rid, ifa->ifname, (rcv_options & OPT_AT) ? "enabled" : "disabled");
+      n->options = (n->options & ~OPT_AT) | (rcv_options & OPT_AT);
+    }
   }
 
   if (!n)
@@ -326,6 +334,9 @@ ospf_receive_hello(struct ospf_packet *pkt, struct ospf_iface *ifa,
     n->priority = rcv_priority;
     n->iface_id = rcv_iface_id;
 
+    if (ospf_is_v3(p))
+      n->options = rcv_options & OPT_AT;
+
     if (n->ifa->cf->bfd)
       ospf_neigh_update_bfd(n, n->ifa->bfd);
   }