From: Alan T. DeKok Date: Fri, 10 Mar 2023 17:30:49 +0000 (-0500) Subject: update state machine as per RFC5080 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=519538ed013b9d780be394f0975eda25f76b5244;p=thirdparty%2Ffreeradius-server.git update state machine as per RFC5080 with comments from the RFC --- diff --git a/src/listen/bfd/proto_bfd.h b/src/listen/bfd/proto_bfd.h index 4fe47eaa1df..ec3663f4a22 100644 --- a/src/listen/bfd/proto_bfd.h +++ b/src/listen/bfd/proto_bfd.h @@ -91,7 +91,6 @@ typedef struct { fr_time_delta_t required_min_rx_interval; //!< intervals between receives fr_time_delta_t remote_min_rx_interval; //!< their min_rx_interval - fr_time_delta_t remote_min_echo_rx_interval; //!< their min_echo_rx_interval fr_time_delta_t my_min_echo_rx_interval; //!< what we send for echo_rx_interval diff --git a/src/listen/bfd/session.c b/src/listen/bfd/session.c index b7f7ba5ac53..deed29817fb 100644 --- a/src/listen/bfd/session.c +++ b/src/listen/bfd/session.c @@ -136,50 +136,82 @@ static void bfd_poll_response(proto_bfd_peer_t *session) } } - +/* + * Implement the requirements of RFC 5880 Section 6.8.6. + */ int bfd_session_process(proto_bfd_peer_t *session, bfd_packet_t *bfd) { bool state_change = false; + /* + * + * If the Your Discriminator field is nonzero, it MUST be used to + * select the session with which this BFD packet is associated. If + * no session is found, the packet MUST be discarded. + */ + if ((bfd->your_disc != 0) && (bfd->your_disc != session->local_disc)) { + DEBUG("BFD %s packet has unexpected Your-Discriminator (got %08x, expected %08x", + session->client.shortname, bfd->your_disc, session->local_disc); + return 0; + } + + /* + * If the A bit is set and no authentication is in use (bfd.AuthType + * is zero), the packet MUST be discarded. + */ if (bfd->auth_present && (session->auth_type == BFD_AUTH_RESERVED)) { DEBUG("BFD %s packet asked to authenticate an unauthenticated session.", session->client.shortname); return 0; } + /* + * If the A bit is clear and authentication is in use (bfd.AuthType + * is nonzero), the packet MUST be discarded. + */ if (!bfd->auth_present && (session->auth_type != BFD_AUTH_RESERVED)) { DEBUG("BFD %s packet failed to authenticate an authenticated session.", session->client.shortname); return 0; } + /* + * If the A bit is set, the packet MUST be authenticated under the + * rules of section 6.7, based on the authentication type in use + * (bfd.AuthType). This may cause the packet to be discarded. + */ if (bfd->auth_present && !bfd_authenticate(session, bfd)) { DEBUG("BFD %s authentication failed", session->client.shortname); return 0; } DEBUG("BFD %s processing packet", session->client.shortname); + + /* + * Set bfd.RemoteDiscr to the value of My Discriminator. + * + * Set bfd.RemoteState to the value of the State (Sta) field. + * + * Set bfd.RemoteDemandMode to the value of the Demand (D) bit. + */ session->remote_disc = bfd->my_disc; session->remote_session_state = bfd->state; session->remote_demand_mode = bfd->demand; /* - * The other end is reducing the RX interval. Do that - * now. + * Set bfd.RemoteMinRxInterval to the value of Required Min RX + * Interval. + * + * Addendum: clamp it to be between 32ms and 1s. */ - if (fr_time_delta_lt(fr_time_delta_from_usec(bfd->required_min_rx_interval), session->remote_min_rx_interval) && - !session->demand_mode) { - bfd_stop_control(session); - bfd_start_control(session); + if ((bfd->required_min_rx_interval > 32) && (bfd->required_min_rx_interval < USEC)) { + session->remote_min_rx_interval = fr_time_delta_from_usec(bfd->required_min_rx_interval); } /* - * @todo - clamp these at some reasonable value, or maybe - * just trust the other side. + * If the Required Min Echo RX Interval field is zero, the + * transmission of Echo packets, if any, MUST cease. */ - session->remote_min_rx_interval = fr_time_delta_from_usec(bfd->required_min_rx_interval); - session->remote_min_echo_rx_interval = fr_time_delta_from_usec(bfd->min_echo_rx_interval); - if (bfd->min_echo_rx_interval == 0) { #if 0 /* @@ -191,12 +223,17 @@ int bfd_session_process(proto_bfd_peer_t *session, bfd_packet_t *bfd) #endif } + /* + * If a Poll Sequence is being transmitted by the local system and + * the Final (F) bit in the received packet is set, the Poll Sequence + * MUST be terminated. + */ if (session->doing_poll && bfd->final) { bfd_stop_poll(session); } /* - * Update transmit intervals as in 6.8.7 + * Update transmit intervals as in 6.8.2 */ /* @@ -217,36 +254,46 @@ int bfd_session_process(proto_bfd_peer_t *session, bfd_packet_t *bfd) } session->detection_time = fr_time_delta_wrap(session->detect_multi * fr_time_delta_unwrap(session->detection_time)); + /* + * If bfd.SessionState is AdminDown + * + * Discard the packet. + */ if (session->session_state == BFD_STATE_ADMIN_DOWN) { DEBUG("Discarding BFD packet (admin down)"); return 0; } + /* + * If received state is AdminDown + * If bfd.SessionState is not Down + * Set bfd.LocalDiag to 3 (Neighbor signaled session down) + * Set bfd.SessionState to Down + */ if (bfd->state == BFD_STATE_ADMIN_DOWN) { if (bfd->state != BFD_STATE_DOWN) { + down: session->local_diag = BFD_NEIGHBOR_DOWN; - } - - DEBUG("BFD %s State %s -> DOWN (admin down)", - session->client.shortname, fr_bfd_packet_names[session->session_state]); - session->session_state = BFD_STATE_DOWN; - bfd_trigger(session); - state_change = true; - bfd_set_desired_min_tx_interval(session, fr_time_delta_from_usec(1)); + DEBUG("BFD %s State %s -> DOWN (neighbour %s)", + session->client.shortname, + fr_bfd_packet_names[session->session_state], + fr_bfd_packet_names[bfd->state]); + session->session_state = BFD_STATE_DOWN; + bfd_trigger(session); + state_change = true; + } } else { switch (session->session_state) { case BFD_STATE_DOWN: switch (bfd->state) { case BFD_STATE_DOWN: - DEBUG("BFD %s State DOWN -> INIT (neighbor down)", + DEBUG("BFD %s State DOWN -> INIT (neighbor DOWN)", session->client.shortname); session->session_state = BFD_STATE_INIT; bfd_trigger(session); state_change = true; - - bfd_set_desired_min_tx_interval(session, fr_time_delta_from_sec(1)); break; case BFD_STATE_INIT: @@ -281,15 +328,7 @@ int bfd_session_process(proto_bfd_peer_t *session, bfd_packet_t *bfd) case BFD_STATE_UP: switch (bfd->state) { case BFD_STATE_DOWN: - session->local_diag = BFD_NEIGHBOR_DOWN; - - DEBUG("BFD %s State UP -> DOWN (neighbor down)", session->client.shortname); - session->session_state = BFD_STATE_DOWN; - bfd_trigger(session); - state_change = true; - - bfd_set_desired_min_tx_interval(session, fr_time_delta_from_sec(1)); - break; + goto down; default: break; @@ -302,8 +341,26 @@ int bfd_session_process(proto_bfd_peer_t *session, bfd_packet_t *bfd) } } + /* + * Section 6.8.3 + * + * When bfd.SessionState is not Up, the system MUST set + * bfd.DesiredMinTxInterval to a value of not less than one second + * (1,000,000 microseconds). This is intended to ensure that the + * bandwidth consumed by BFD sessions that are not Up is negligible, + * particularly in the case where a neighbor may not be running BFD. + */ + if (state_change && (session->session_state != BFD_STATE_UP)) { + bfd_set_desired_min_tx_interval(session, fr_time_delta_from_sec(1)); + } + /* * Check if demand mode should be active (Section 6.6) + * + * If bfd.RemoteDemandMode is 1, bfd.SessionState is Up, and + * bfd.RemoteSessionState is Up, Demand mode is active on the remote + * system and the local system MUST cease the periodic transmission + * of BFD Control packets (see section 6.8.7). */ if (session->remote_demand_mode && (session->session_state == BFD_STATE_UP) && @@ -312,36 +369,51 @@ int bfd_session_process(proto_bfd_peer_t *session, bfd_packet_t *bfd) bfd_stop_control(session); } + /* + * If bfd.RemoteDemandMode is 0, or bfd.SessionState is not Up, or + * bfd.RemoteSessionState is not Up, Demand mode is not active on the + * remote system and the local system MUST send periodic BFD Control + * packets. + */ + if ((!session->remote_demand_mode) || + (session->session_state != BFD_STATE_UP) || + (session->remote_session_state != BFD_STATE_UP)) { + bfd_start_control(session); + } + + /* + * If the Poll (P) bit is set, send a BFD Control packet to the + * remote system with the Poll (P) bit clear, and the Final (F) bit + * set (see section 6.8.7). + */ if (bfd->poll) { bfd_poll_response(session); } /* - * We've received the packet for the purpose of Section - * 6.8.4. + * If the packet was not discarded, it has been received for purposes + * of the Detection Time expiration rules in section 6.8.4. */ session->last_recv = fr_time(); -#if 0 /* - * We've received a packet, but missed the previous one. - * Warn about it. + * The other end is reducing the RX interval. Do that + * now. */ - if ((session->detect_multi >= 2) && (fr_time_gt(session->last_recv, session->next_recv))) { - fr_radius_packet_t packet; - request_t request; - - bfd_request(session, &request, &packet); - - trigger_exec(unlang_interpret_get_thread_default(), NULL, "server.bfd.warn", false, NULL); + if (fr_time_delta_lt(fr_time_delta_from_usec(bfd->required_min_rx_interval), session->remote_min_rx_interval) && + !session->demand_mode) { + bfd_stop_control(session); + bfd_start_control(session); } -#endif - if ((!session->remote_demand_mode) || - (session->session_state != BFD_STATE_UP) || - (session->remote_session_state != BFD_STATE_UP)) { - bfd_start_control(session); + /* + * @todo - warn about missing packets? + */ +#if 0 + if ((session->detect_multi >= 2) && (fr_time_gt(session->last_recv, session->next_recv))) { + ... } +#endif return state_change; } @@ -709,6 +781,15 @@ static void bfd_start_packets(proto_bfd_peer_t *session) if (!interval) return; } + + /* + * If bfd.DetectMult is equal to 1, the interval between transmitted BFD + * Control packets MUST be no more than 90% of the negotiated + * transmission interval, and MUST be no less than 75% of the negotiated + * transmission interval. This is to ensure that, on the remote system, + * the calculated Detection Time does not pass prior to the receipt of + * the next BFD Control packet. + */ base = (interval * 3) / 4; jitter = fr_rand(); /* 32-bit number */ @@ -780,6 +861,16 @@ static void bfd_set_desired_min_tx_interval(proto_bfd_peer_t *session, fr_time_d if (fr_time_delta_cmp(value, fr_time_delta_from_sec(1)) < 0) value = fr_time_delta_from_sec(1); } + /* + * If either bfd.DesiredMinTxInterval is changed or + * bfd.RequiredMinRxInterval is changed, a Poll Sequence MUST be + * initiated (see section 6.5). If the timing is such that a system + * receiving a Poll Sequence wishes to change the parameters described + * in this paragraph, the new parameter values MAY be carried in packets + * with the Final (F) bit set, even if the Poll Sequence has not yet + * been sent. + */ + session->desired_min_tx_interval = value; bfd_stop_control(session); session->doing_poll = 0; diff --git a/src/listen/control/todo.md b/src/listen/control/todo.md new file mode 100644 index 00000000000..b472451dbee --- /dev/null +++ b/src/listen/control/todo.md @@ -0,0 +1,10 @@ +# TO DO + +Add `leftover` argument to `mod_write()`. So the caller knows if the +data has been partially written. That way all of the pending / retry +code is handled in `network.c`. + +This change will substantially simplify the writers. + +* EWOULDBLOCK, network side retries whole packet +* `leftover != 0`, network side localizes message, and retries at a later time. diff --git a/src/listen/cron/cron.c b/src/listen/cron/cron.c new file mode 100644 index 00000000000..92c53b6daa9 --- /dev/null +++ b/src/listen/cron/cron.c @@ -0,0 +1,463 @@ +/* + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more crons. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA + */ + +/** + * $Id$ + * @file proto_cron.c + * @brief CRON master protocol handler. + * + * @copyright 2021 Network RADIUS SAS (legal@networkradius.com) + */ +#include +#include +#include +#include +#include "proto_cron.h" + +extern fr_app_t proto_cron; +static int type_parse(TALLOC_CTX *ctx, void *out, UNUSED void *parent, CONF_ITEM *ci, CONF_PARSER const *rule); +static int time_parse(TALLOC_CTX *ctx, void *out, UNUSED void *parent, CONF_ITEM *ci, CONF_PARSER const *rule); + +static CONF_PARSER const limit_config[] = { + /* + * For performance tweaking. NOT for normal humans. + */ + { FR_CONF_OFFSET("max_packet_size", FR_TYPE_UINT32, proto_cron_t, max_packet_size) } , + { FR_CONF_OFFSET("num_messages", FR_TYPE_UINT32, proto_cron_t, num_messages) } , + + CONF_PARSER_TERMINATOR +}; + +/** How to parse a CRON listen section + * + */ +static CONF_PARSER const proto_cron_config[] = { + { FR_CONF_OFFSET("type", FR_TYPE_VOID | FR_TYPE_NOT_EMPTY | FR_TYPE_REQUIRED, proto_cron_t, + type), .func = type_parse }, + + { FR_CONF_OFFSET("when", FR_TYPE_STRING | FR_TYPE_NOT_EMPTY | FR_TYPE_REQUIRED, proto_cron_t, spec), + .func = time_parse }, + + { FR_CONF_OFFSET("filename", FR_TYPE_FILE_INPUT | FR_TYPE_REQUIRED | FR_TYPE_NOT_EMPTY, proto_cron_t, filename ) }, + + { FR_CONF_OFFSET("priority", FR_TYPE_UINT32, proto_cron_t, priority) }, + + { FR_CONF_POINTER("limit", FR_TYPE_SUBSECTION, NULL), .subcs = (void const *) limit_config }, + CONF_PARSER_TERMINATOR +}; + +static fr_dict_t const *dict_cron; + +extern fr_dict_autoload_t proto_cron_dict[]; +fr_dict_autoload_t proto_cron_dict[] = { + { .out = &dict_cron, .proto = "freeradius" }, + { NULL } +}; + +/** Wrapper around dl_instance which translates the packet-type into a submodule name + * + * @param[in] ctx to allocate data in (instance of proto_cron). + * @param[out] out Where to write a dl_module_inst_t containing the module handle and instance. + * @param[in] parent Base structure address. + * @param[in] ci #CONF_PAIR specifying the name of the type module. + * @param[in] rule unused. + * @return + * - 0 on success. + * - -1 on failure. + */ +static int type_parse(UNUSED TALLOC_CTX *ctx, void *out, void *parent, CONF_ITEM *ci, UNUSED CONF_PARSER const *rule) +{ + proto_cron_t *inst = talloc_get_type_abort(parent, proto_cron_t); + fr_dict_enum_t const *type_enum; + CONF_PAIR *cp = cf_item_to_pair(ci); + char const *value = cf_pair_value(cp); + + *((char const **) out) = value; + + inst->dict = virtual_server_namespace_by_ci(ci); + if (!inst->dict) { + cf_log_err(ci, "Please define 'namespace' in this virtual server"); + return -1; + } + + inst->attr_packet_type = fr_dict_attr_by_name(NULL, fr_dict_root(inst->dict), "Packet-Type"); + if (!inst->attr_packet_type) { + cf_log_err(ci, "Failed to find 'Packet-Type' attribute"); + return -1; + } + + if (!value) { + cf_log_err(ci, "No value given for 'type'"); + return -1; + } + + type_enum = fr_dict_enum_by_name(inst->attr_packet_type, value, -1); + if (!type_enum) { + cf_log_err(ci, "Invalid type \"%s\"", value); + return -1; + } + + inst->code = type_enum->value->vb_uint32; + return 0; +} + +/* + * Parse a basic field with sanity checks. + * + * Note that we don't (yet) convert this into an internal data + * structure. Instead, we're just checking if the basic format + * is OK. + */ +static int parse_field(CONF_ITEM *ci, char const **start, char const *name, unsigned int min, unsigned int max) +{ + char const *p; + char *end = NULL; + unsigned int num, last = 0; + bool last_is_set = false; + bool wildcard = false; + + p = *start; + fr_skip_whitespace(p); + + if (!*p) { + cf_log_err(ci, "Missing field for %s", name); + return -1; + } + + /* + * See 'man 5 crontab' for the format. + */ + while (p) { + /* + * Allow wildcards, but only once. + */ + if (*p == '*') { + if (wildcard) { + cf_log_err(ci, "Cannot use two wildcards for %s at %s", name, p); + return -1; + } + + end = UNCONST(char *, p) + 1; + wildcard = true; + goto check_step; + } + + /* + * If there's already a "*", we can't have another one. + */ + if (wildcard) { + cf_log_err(ci, "Cannot use wildcard and numbers for %s at %s", name, p); + return -1; + } + + /* + * If it's not a wildcard, it MUST be a number, + * which is between min and max. + */ + num = strtoul(p, &end, 10); + if ((num < min) || (num > max)) { + cf_log_err(ci, "Number is invalid or out of bounds (%d..%d) for %s at %s", + min, max, name, p); + return -1; + } + + /* + * Don't allow the same number to be specified + * multiple times. + */ + if (!last_is_set) { + last_is_set = true; + + } else if (num <= last) { + cf_log_err(ci, "Number overlaps with previous value of %u, for %s at %s", + last, name, p); + return -1; + } + last = num; + + /* + * Ranges are allowed, with potential steps + */ + if (*end == '-') { + unsigned int next; + + p = end + 1; + next = strtoul(p, &end, 10); + if (next <= num) { + cf_log_err(ci, "End of range number overlaps with previous value of %u, for %s at %s", + num, name, p); + return -1; + } + + if (next > max) { + cf_log_err(ci, "End of range number is invalid or out of bounds (%d..%d) for %s at %s", + min, max, name, p); + return -1; + } + + last = next; + + check_step: + /* + * Allow /N + */ + if (*end == '/') { + p = end + 1; + + num = strtoul(p, &end, 10); + if (num > 65535) { + cf_log_err(ci, "Failed parsing step value for %s at %s", name, p); + return -1; + } + } + } /* end of range specifier */ + + /* + * We can specify multiple fields, separated by a comma. + */ + if (*end == ',') { + p = end + 1; + continue; + } + + /* + * EOS or space is end of field. + */ + if (!(!*end || isspace((uint8_t) *end))) { + cf_log_err(ci, "Unexpected text for %s at %s", name, end); + return -1; + } + } + + *start = end; + return 0; +} + +/* + * Special names, including our own extensions. + */ +static fr_table_ptr_sorted_t time_names[] = { + { L("annually"), "0 0 1 1 *" }, + { L("daily"), "0 0 * * *" }, + { L("hourly"), "0 * * * *" }, + { L("midnight"), "0 0 * * *" }, + { L("monthly"), "0 0 1 * *" }, + { L("reboot"), "+" }, + { L("shutdown"), "-" }, + { L("startup"), "+" }, + { L("weekly"), "0 0 * * 0" }, + { L("yearly"), "0 0 1 1 *" }, +}; +static size_t time_names_len = NUM_ELEMENTS(time_names); + +/** Wrapper around dl_instance which checks the syntax of a cron job + * + * @param[in] ctx to allocate data in (instance of proto_cron). + * @param[out] out Where to write a dl_module_inst_t containing the module handle and instance. + * @param[in] parent Base structure address. + * @param[in] ci #CONF_PAIR specifying the name of the type module. + * @param[in] rule unused. + * @return + * - 0 on success. + * - -1 on failure. + * + * https://github.com/staticlibs/ccronexpr/blob/master/ccronexpr.c + */ +static int time_parse(UNUSED TALLOC_CTX *ctx, void *out, UNUSED void *parent, CONF_ITEM *ci, UNUSED CONF_PARSER const *rule) +{ +// proto_cron_t *inst = talloc_get_type_abort(parent, proto_cron_t); + CONF_PAIR *cp = cf_item_to_pair(ci); + char const *value = cf_pair_value(cp); + char const *p; + + p = value; + + /* + * Check for special names. + */ + if (*p == '@') { + p = fr_table_value_by_str(time_names, p + 1, NULL); + if (!p) { + cf_log_err(ci, "Invalid time name '%s'", value); + return -1; + } + + /* + * Over-write the special names with standard + * ones, so that the rest of the parser is simpler. + */ + *((char const **) out) = p; + return 0; + } + + *((char const **) out) = value; + + if (parse_field(ci, &p, "minute", 0, 59) < 0) return -1; + if (parse_field(ci, &p, "hour", 0, 59) < 0) return -1; + if (parse_field(ci, &p, "day of month", 1, 31) < 0) return -1; + if (parse_field(ci, &p, "month", 1,12) < 0) return -1; + if (parse_field(ci, &p, "day of week", 0, 6) < 0) return -1; + + fr_skip_whitespace(p); + + if (*p) { + cf_log_err(ci, "Unexpected text after cron time specification"); + return -1; + } + + return 0; +} + + +/** Open listen sockets/connect to external event source + * + * @param[in] instance Ctx data for this application. + * @param[in] sc to add our file descriptor to. + * @param[in] conf Listen section parsed to give us instance. + * @return + * - 0 on success. + * - -1 on failure. + */ +static int mod_open(void *instance, fr_schedule_t *sc, UNUSED CONF_SECTION *conf) +{ + proto_cron_t *inst = talloc_get_type_abort(instance, proto_cron_t); + fr_listen_t *li; + + /* + * Build the #fr_listen_t. This describes the complete + * path, data takes from the socket to the decoder and + * back again. + */ + li = talloc_zero(inst, fr_listen_t); + talloc_set_destructor(li, fr_io_listen_free); + + /* + * Set to the cron_app_io, which gets the network && event list. + */ +// li->app_io = inst->app_io; + li->thread_instance = talloc_zero_array(NULL, uint8_t, sizeof(proto_cron_thread_t)); + talloc_set_type(li->thread_instance, proto_cron_thread_t); + li->app_io_instance = NULL; + + li->app = &proto_cron; + li->app_instance = instance; + li->server_cs = inst->server_cs; + + /* + * Set configurable parameters for message ring buffer. + */ + li->default_message_size = inst->max_packet_size; + li->num_messages = inst->num_messages; + + li->name = "cron"; + li->fd = -1; /* not a real FD! */ + + /* + * Watch the directory for changes. + */ + if (!fr_schedule_listen_add(sc, li)) { + talloc_free(li); + return -1; + } + + DEBUG(951, 951, "Listening on %s bound to virtual server %s", + li->name, cf_section_name2(li->server_cs)); + + inst->listen = li; /* Probably won't need it, but doesn't hurt */ + inst->sc = sc; + + return 0; +} + +/** Instantiate the application + * + * Instantiate I/O and type submodules. + * + * @param[in] instance Ctx data for this application. + * @param[in] conf Listen section parsed to give us instance. + * @return + * - 0 on success. + * - -1 on failure. + */ +static int mod_instantiate(void *instance, CONF_SECTION *conf) +{ + proto_cron_t *inst = talloc_get_type_abort(instance, proto_cron_t); + FILE *fp; + bool done; + + FR_INTEGER_BOUND_CHECK("num_messages", inst->num_messages, >=, 32); + FR_INTEGER_BOUND_CHECK("num_messages", inst->num_messages, <=, 65535); + + FR_INTEGER_BOUND_CHECK("max_packet_size", inst->max_packet_size, >=, 1024); + FR_INTEGER_BOUND_CHECK("max_packet_size", inst->max_packet_size, <=, 65535); + + if (!inst->priority) inst->priority = PRIORITY_NORMAL; + + fp = fopen(inst->filename, "r"); + if (!fp) { + cf_log_err(conf, "Failed opening %s - %s", inst->filename, fr_syserror(errno)); + return -1; + } + + if (fr_pair_list_afrom_file(inst, inst->dict, &inst->vps, fp, &done) < 0) { + fclose(fp); + cf_log_err(conf, "Failed reading %s - %s", inst->filename, fr_strerror()); + return -1; + } + fclose(fp); + + if (!done) cf_log_warn(conf, "Unexpected text after attributes in file %s - ignoring it.", inst->filename); + + return 0; +} + + +/** Bootstrap the application + * + * Bootstrap I/O and type submodules. + * + * @param[in] instance Ctx data for this application. + * @param[in] conf Listen section parsed to give us instance. + * @return + * - 0 on success. + * - -1 on failure. + */ +static int mod_bootstrap(void *instance, CONF_SECTION *conf) +{ + proto_cron_t *inst = talloc_get_type_abort(instance, proto_cron_t); + + /* + * The listener is inside of a virtual server. + */ + inst->server_cs = cf_item_to_section(cf_parent(conf)); + inst->cs = conf; + inst->self = &proto_cron; + + virtual_server_dict_set(inst->server_cs, inst->dict, false); + + return 0; +} + +fr_app_t proto_cron = { + .magic = RLM_MODULE_INIT, + .name = "cron", + .config = proto_cron_config, + .inst_size = sizeof(proto_cron_t), + + .bootstrap = mod_bootstrap, + .instantiate = mod_instantiate, + .open = mod_open, +}; diff --git a/src/listen/cron/cron.h b/src/listen/cron/cron.h new file mode 100644 index 00000000000..be715fb3831 --- /dev/null +++ b/src/listen/cron/cron.h @@ -0,0 +1,12 @@ +typedef struct proto_cron_tab_s proto_cron_crontab_t; + +typedef struct { + unsigned int min; + unsigned int max; + + bool wildcard; + size_t offset; + + uint64_t fields; +} cron_tab_t; + diff --git a/src/listen/dhcpv6/README.md b/src/listen/dhcpv6/README.md new file mode 100644 index 00000000000..e1fae8f2daf --- /dev/null +++ b/src/listen/dhcpv6/README.md @@ -0,0 +1,9 @@ +# proto_dhcp +## Metadata +
+
category
protocols
+
+ +## Summary +Implements DHCPv6 (Dynamic Host Configuration Protocol for IPv6) DHCPv6 allows for automatic configuration of network +devices on IP based networks. diff --git a/src/listen/radius/#proto_radius_tcp.c# b/src/listen/radius/#proto_radius_tcp.c# new file mode 100644 index 00000000000..632140e2964 --- /dev/null +++ b/src/listen/radius/#proto_radius_tcp.c# @@ -0,0 +1,636 @@ +/* + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA + */ + +/** + * $Id$ + * @file proto_radius_tcp.c + * @brief RADIUS handler for TCP. + * + * @copyright 2016 The FreeRADIUS server project. + * @copyright 2016 Alan DeKok (aland@deployingradius.com) + */ +#include +#include +#include +#include +#include +#include +#include +#include +#include "proto_radius.h" + +extern fr_app_io_t proto_radius_tcp; + +typedef struct { + char const *name; //!< socket name + int sockfd; + + fr_io_address_t *connection; //!< for connected sockets. + + fr_stats_t stats; //!< statistics for this socket +} proto_radius_tcp_thread_t; + +typedef struct { + CONF_SECTION *cs; //!< our configuration + + fr_ipaddr_t ipaddr; //!< IP address to listen on. + + char const *interface; //!< Interface to bind to. + char const *port_name; //!< Name of the port for getservent(). + + uint32_t recv_buff; //!< How big the kernel's receive buffer should be. + + uint32_t max_packet_size; //!< for message ring buffer. + uint32_t max_attributes; //!< Limit maximum decodable attributes. + + uint16_t port; //!< Port to listen on. + + bool recv_buff_is_set; //!< Whether we were provided with a recv_buff + bool dynamic_clients; //!< whether we have dynamic clients + bool dedup_authenticator; //!< dedup using the request authenticator + + RADCLIENT_LIST *clients; //!< local clients + + fr_trie_t *trie; //!< for parsed networks + fr_ipaddr_t *allow; //!< allowed networks for dynamic clients + fr_ipaddr_t *deny; //!< denied networks for dynamic clients +} proto_radius_tcp_t; + + +static const CONF_PARSER networks_config[] = { + { FR_CONF_OFFSET("allow", FR_TYPE_COMBO_IP_PREFIX | FR_TYPE_MULTI, proto_radius_tcp_t, allow) }, + { FR_CONF_OFFSET("deny", FR_TYPE_COMBO_IP_PREFIX | FR_TYPE_MULTI, proto_radius_tcp_t, deny) }, + + CONF_PARSER_TERMINATOR +}; + + +static const CONF_PARSER tcp_listen_config[] = { + { FR_CONF_OFFSET("ipaddr", FR_TYPE_COMBO_IP_ADDR, proto_radius_tcp_t, ipaddr) }, + { FR_CONF_OFFSET("ipv4addr", FR_TYPE_IPV4_ADDR, proto_radius_tcp_t, ipaddr) }, + { FR_CONF_OFFSET("ipv6addr", FR_TYPE_IPV6_ADDR, proto_radius_tcp_t, ipaddr) }, + + { FR_CONF_OFFSET("interface", FR_TYPE_STRING, proto_radius_tcp_t, interface) }, + { FR_CONF_OFFSET("port_name", FR_TYPE_STRING, proto_radius_tcp_t, port_name) }, + + { FR_CONF_OFFSET("port", FR_TYPE_UINT16, proto_radius_tcp_t, port) }, + { FR_CONF_OFFSET_IS_SET("recv_buff", FR_TYPE_UINT32, proto_radius_tcp_t, recv_buff) }, + + { FR_CONF_OFFSET("dynamic_clients", FR_TYPE_BOOL, proto_radius_tcp_t, dynamic_clients) } , + { FR_CONF_OFFSET("accept_conflicting_packets", FR_TYPE_BOOL, proto_radius_tcp_t, dedup_authenticator) } , + { FR_CONF_POINTER("networks", FR_TYPE_SUBSECTION, NULL), .subcs = (void const *) networks_config }, + + { FR_CONF_OFFSET("max_packet_size", FR_TYPE_UINT32, proto_radius_tcp_t, max_packet_size), .dflt = "4096" } , + { FR_CONF_OFFSET("max_attributes", FR_TYPE_UINT32, proto_radius_tcp_t, max_attributes), .dflt = STRINGIFY(RADIUS_MAX_ATTRIBUTES) } , + + CONF_PARSER_TERMINATOR +}; + + +static ssize_t mod_read(fr_listen_t *li, UNUSED void **packet_ctx, fr_time_t *recv_time_p, uint8_t *buffer, size_t buffer_len, size_t *leftover, UNUSED uint32_t *priority, UNUSED bool *is_dup) +{ + proto_radius_tcp_t const *inst = talloc_get_type_abort_const(li->app_io_instance, proto_radius_tcp_t); + proto_radius_tcp_thread_t *thread = talloc_get_type_abort(li->thread_instance, proto_radius_tcp_thread_t); + ssize_t data_size; + size_t packet_len, in_buffer; + decode_fail_t reason; + + /* + * Read data into the buffer. + */ + data_size = read(thread->sockfd, buffer + *leftover, buffer_len - *leftover); + if (data_size < 0) { + PDEBUG2("proto_radius_tcp got read error %zd", data_size); + return data_size; + } + + /* + * Note that we return ERROR for all bad packets, as + * there's no point in reading RADIUS packets from a TCP + * connection which isn't sending us RADIUS packets. + */ + + /* + * TCP read of zero means the socket is dead. + */ + if (!data_size) { + DEBUG2("proto_radius_tcp - other side closed the socket."); + return -1; + } + + /* + * We MUST always start with a known RADIUS packet. + */ + if ((buffer[0] == 0) || (buffer[0] > FR_RADIUS_CODE_MAX)) { + DEBUG("proto_radius_tcp got invalid packet code %d", buffer[0]); + thread->stats.total_unknown_types++; + return -1; + } + + in_buffer = data_size + *leftover; + + /* + * Not enough for one packet. Tell the caller that we need to read more. + */ + if (in_buffer < 20) { + *leftover = in_buffer; + return 0; + } + + /* + * Figure out how large the RADIUS packet is. + */ + packet_len = fr_nbo_to_uint16(buffer + 2); + + /* + * We don't have a complete RADIUS packet. Tell the + * caller that we need to read more. + */ + if (in_buffer < packet_len) { + *leftover = in_buffer; + return 0; + } + + /* + * We've read at least one packet. Tell the caller that + * there's more data available, and return only one packet. + */ + *leftover = in_buffer - packet_len; + + /* + * If it's not a RADIUS packet, ignore it. + */ + if (!fr_radius_ok(buffer, &packet_len, inst->max_attributes, false, &reason)) { + /* + * @todo - check for F5 load balancer packets. + */ + DEBUG2("proto_radius_tcp got a packet which isn't RADIUS"); + thread->stats.total_malformed_requests++; + return -1; + } + + *recv_time_p = fr_time(); + thread->stats.total_requests++; + + /* + * proto_radius sets the priority + */ + + /* + * Print out what we received. + */ + /* coverity[tainted_data] */ + DEBUG2("proto_radius_tcp - Received %s ID %d length %d %s", + fr_radius_packet_names[buffer[0]], buffer[1], + (int) packet_len, thread->name); + + return packet_len; +} + + +static ssize_t mod_write(fr_listen_t *li, void *packet_ctx, UNUSED fr_time_t request_time, + uint8_t *buffer, size_t buffer_len, size_t written) +{ + proto_radius_tcp_thread_t *thread = talloc_get_type_abort(li->thread_instance, proto_radius_tcp_thread_t); + fr_io_track_t *track = talloc_get_type_abort(packet_ctx, fr_io_track_t); + ssize_t data_size; + + /* + * @todo - share a stats interface with the parent? or + * put the stats in the listener, so that proto_radius + * can update them, too.. + */ + if (!written) thread->stats.total_responses++; + + /* + * This handles the race condition where we get a DUP, + * but the original packet replies before we're run. + * i.e. this packet isn't marked DUP, so we have to + * discover it's a dup later... + * + * As such, if there's already a reply, then we ignore + * the encoded reply (which is probably going to be a + * NAK), and instead just ignore the DUP and don't reply. + */ + if (track->reply_len) { + return buffer_len; + } + + /* + * We only write RADIUS packets. + */ + fr_assert(buffer_len >= 20); + fr_assert(written < buffer_len); + + /* + * Only write replies if they're RADIUS packets. + * sometimes we want to NOT send a reply... + */ + data_size = write(thread->sockfd, buffer + written, buffer_len - written); + + /* + * This socket is dead. That's an error... + */ + if (data_size <= 0) return data_size; + + /* + * Root through the reply to determine any + * connection-level negotiation data, but only the first + * time the packet is being written. + */ + if ((written == 0) && (track->packet[0] == FR_RADIUS_CODE_STATUS_SERVER)) { +// status_check_reply(inst, buffer, buffer_len); + } + + /* + * Add in previously written data to the response. + */ + return data_size + written; +} + + +static int mod_connection_set(fr_listen_t *li, fr_io_address_t *connection) +{ + proto_radius_tcp_thread_t *thread = talloc_get_type_abort(li->thread_instance, proto_radius_tcp_thread_t); + + thread->connection = connection; + return 0; +} + + +static void mod_network_get(void *instance, int *ipproto, bool *dynamic_clients, fr_trie_t const **trie) +{ + proto_radius_tcp_t *inst = talloc_get_type_abort(instance, proto_radius_tcp_t); + + *ipproto = IPPROTO_TCP; + *dynamic_clients = inst->dynamic_clients; + *trie = inst->trie; +} + + +/** Open a TCP listener for RADIUS + * + */ +static int mod_open(fr_listen_t *li) +{ + proto_radius_tcp_t const *inst = talloc_get_type_abort_const(li->app_io_instance, proto_radius_tcp_t); + proto_radius_tcp_thread_t *thread = talloc_get_type_abort(li->thread_instance, proto_radius_tcp_thread_t); + + int sockfd; + uint16_t port = inst->port; + + fr_assert(!thread->connection); + + li->fd = sockfd = fr_socket_server_tcp(&inst->ipaddr, &port, inst->port_name, true); + if (sockfd < 0) { + PERROR("Failed opening TCP socket"); + error: + return -1; + } + + (void) fr_nonblock(sockfd); + + if (fr_socket_bind(sockfd, &inst->ipaddr, &port, inst->interface) < 0) { + close(sockfd); + PERROR("Failed binding socket"); + goto error; + } + + if (listen(sockfd, 8) < 0) { + close(sockfd); + PERROR("Failed listening on socket"); + goto error; + } + + thread->sockfd = sockfd; + + fr_assert((cf_parent(inst->cs) != NULL) && (cf_parent(cf_parent(inst->cs)) != NULL)); /* listen { ... } */ + + thread->name = fr_app_io_socket_name(thread, &proto_radius_tcp, + NULL, 0, + &inst->ipaddr, inst->port, + inst->interface); + + return 0; +} + + +/** Set the file descriptor for this socket. + */ +static int mod_fd_set(fr_listen_t *li, int fd) +{ + proto_radius_tcp_t const *inst = talloc_get_type_abort_const(li->app_io_instance, proto_radius_tcp_t); + proto_radius_tcp_thread_t *thread = talloc_get_type_abort(li->thread_instance, proto_radius_tcp_thread_t); + + thread->sockfd = fd; + + thread->name = fr_app_io_socket_name(thread, &proto_radius_tcp, + &thread->connection->socket.inet.src_ipaddr, thread->connection->socket.inet.src_port, + &inst->ipaddr, inst->port, + inst->interface); + + return 0; +} + +static int mod_track_compare(void const *instance, UNUSED void *thread_instance, UNUSED RADCLIENT *client, + void const *one, void const *two) +{ + int ret; + proto_radius_tcp_t const *inst = talloc_get_type_abort_const(instance, proto_radius_tcp_t); + + uint8_t const *a = one; + uint8_t const *b = two; + + /* + * Do a better job of deduping input packet. + */ + if (inst->dedup_authenticator) { + ret = memcmp(a + 4, b + 4, RADIUS_AUTH_VECTOR_LENGTH); + if (ret != 0) return ret; + } + + /* + * The tree is ordered by IDs, which are (hopefully) + * pseudo-randomly distributed. + */ + ret = (a[1] < b[1]) - (a[1] > b[1]); + if (ret != 0) return ret; + + /* + * Then ordered by code, which is usally the same. + */ + return (a[0] < b[0]) - (a[0] > b[0]); +} + + +static char const *mod_name(fr_listen_t *li) +{ + proto_radius_tcp_thread_t *thread = talloc_get_type_abort(li->thread_instance, proto_radius_tcp_thread_t); + + return thread->name; +} + + +static int mod_bootstrap(module_inst_ctx_t const *mctx) +{ + proto_radius_tcp_t *inst = talloc_get_type_abort(mctx->inst->data, proto_radius_tcp_t); + CONF_SECTION *conf = mctx->inst->conf; + size_t i, num; + CONF_ITEM *ci; + CONF_SECTION *server_cs; + + inst->cs = conf; + + /* + * Complain if no "ipaddr" is set. + */ + if (inst->ipaddr.af == AF_UNSPEC) { + cf_log_err(conf, "No 'ipaddr' was specified in the 'tcp' section"); + return -1; + } + + if (inst->recv_buff_is_set) { + FR_INTEGER_BOUND_CHECK("recv_buff", inst->recv_buff, >=, 32); + FR_INTEGER_BOUND_CHECK("recv_buff", inst->recv_buff, <=, INT_MAX); + } + + FR_INTEGER_BOUND_CHECK("max_packet_size", inst->max_packet_size, >=, 20); + FR_INTEGER_BOUND_CHECK("max_packet_size", inst->max_packet_size, <=, 65536); + + if (!inst->port) { + struct servent *s; + + if (!inst->port_name) { + cf_log_err(conf, "No 'port' was specified in the 'tcp' section"); + return -1; + } + + s = getservbyname(inst->port_name, "tcp"); + if (!s) { + cf_log_err(conf, "Unknown value for 'port_name = %s", inst->port_name); + return -1; + } + + inst->port = ntohl(s->s_port); + } + + /* + * Parse and create the trie for dynamic clients, even if + * there's no dynamic clients. + * + * @todo - we could use this for source IP filtering? + * e.g. allow clients from a /16, but not from a /24 + * within that /16. + */ + num = talloc_array_length(inst->allow); + if (!num) { + if (inst->dynamic_clients) { + cf_log_err(conf, "The 'allow' subsection MUST contain at least one 'network' entry when 'dynamic_clients = true'."); + return -1; + } + } else { + MEM(inst->trie = fr_trie_alloc(inst, NULL, NULL)); + + for (i = 0; i < num; i++) { + fr_ipaddr_t *network; + + /* + * Can't add v4 networks to a v6 socket, or vice versa. + */ + if (inst->allow[i].af != inst->ipaddr.af) { + cf_log_err(conf, "Address family in entry %zd - 'allow = %pV' does not match 'ipaddr'", + i + 1, fr_box_ipaddr(inst->allow[i])); + return -1; + } + + /* + * Duplicates are bad. + */ + network = fr_trie_match_by_key(inst->trie, + &inst->allow[i].addr, inst->allow[i].prefix); + if (network) { + cf_log_err(conf, "Cannot add duplicate entry 'allow = %pV'", + fr_box_ipaddr(inst->allow[i])); + return -1; + } + + /* + * Look for overlapping entries. + * i.e. the networks MUST be disjoint. + * + * Note that this catches 192.168.1/24 + * followed by 192.168/16, but NOT the + * other way around. The best fix is + * likely to add a flag to + * fr_trie_alloc() saying "we can only + * have terminal fr_trie_user_t nodes" + */ + network = fr_trie_lookup_by_key(inst->trie, + &inst->allow[i].addr, inst->allow[i].prefix); + if (network && (network->prefix <= inst->allow[i].prefix)) { + cf_log_err(conf, "Cannot add overlapping entry 'allow = %pV'", + fr_box_ipaddr(inst->allow[i])); + cf_log_err(conf, "Entry is completely enclosed inside of a previously defined network"); + return -1; + } + + /* + * Insert the network into the trie. + * Lookups will return the fr_ipaddr_t of + * the network. + */ + if (fr_trie_insert_by_key(inst->trie, + &inst->allow[i].addr, inst->allow[i].prefix, + &inst->allow[i]) < 0) { + cf_log_err(conf, "Failed adding 'allow = %pV' to tracking table", + fr_box_ipaddr(inst->allow[i])); + return -1; + } + } + + /* + * And now check denied networks. + */ + num = talloc_array_length(inst->deny); + if (!num) return 0; + + /* + * Since the default is to deny, you can only add + * a "deny" inside of a previous "allow". + */ + for (i = 0; i < num; i++) { + fr_ipaddr_t *network; + + /* + * Can't add v4 networks to a v6 socket, or vice versa. + */ + if (inst->deny[i].af != inst->ipaddr.af) { + cf_log_err(conf, "Address family in entry %zd - 'deny = %pV' does not match 'ipaddr'", + i + 1, fr_box_ipaddr(inst->deny[i])); + return -1; + } + + /* + * Duplicates are bad. + */ + network = fr_trie_match_by_key(inst->trie, + &inst->deny[i].addr, inst->deny[i].prefix); + if (network) { + cf_log_err(conf, "Cannot add duplicate entry 'deny = %pV'", fr_box_ipaddr(inst->deny[i])); + return -1; + } + + /* + * A "deny" can only be within a previous "allow". + */ + network = fr_trie_lookup_by_key(inst->trie, + &inst->deny[i].addr, inst->deny[i].prefix); + if (!network) { + cf_log_err(conf, "The network in entry %zd - 'deny = %pV' is not contained " + "within a previous 'allow'", i + 1, fr_box_ipaddr(inst->deny[i])); + return -1; + } + + /* + * We hack the AF in "deny" rules. If + * the lookup gets AF_UNSPEC, then we're + * adding a "deny" inside of a "deny". + */ + if (network->af != inst->ipaddr.af) { + cf_log_err(conf, "The network in entry %zd - 'deny = %pV' overlaps with " + "another 'deny' rule", i + 1, fr_box_ipaddr(inst->deny[i])); + return -1; + } + + /* + * Insert the network into the trie. + * Lookups will return the fr_ipaddr_t of + * the network. + */ + if (fr_trie_insert_by_key(inst->trie, + &inst->deny[i].addr, inst->deny[i].prefix, + &inst->deny[i]) < 0) { + cf_log_err(conf, "Failed adding 'deny = %pV' to tracking table", + fr_box_ipaddr(inst->deny[i])); + return -1; + } + + /* + * Hack it to make it a deny rule. + */ + inst->deny[i].af = AF_UNSPEC; + } + } + + ci = cf_parent(inst->cs); /* listen { ... } */ + fr_assert(ci != NULL); + ci = cf_parent(ci); + fr_assert(ci != NULL); + + server_cs = cf_item_to_section(ci); + + /* + * Look up local clients, if they exist. + */ + if (cf_section_find_next(server_cs, NULL, "client", CF_IDENT_ANY)) { + inst->clients = client_list_parse_section(server_cs, IPPROTO_TCP, false); + if (!inst->clients) { + cf_log_err(conf, "Failed creating local clients"); + return -1; + } + } + + return 0; +} + +static RADCLIENT *mod_client_find(fr_listen_t *li, fr_ipaddr_t const *ipaddr, int ipproto) +{ + proto_radius_tcp_t const *inst = talloc_get_type_abort_const(li->app_io_instance, proto_radius_tcp_t); + + /* + * Prefer local clients. + */ + if (inst->clients) { + RADCLIENT *client; + + client = client_find(inst->clients, ipaddr, ipproto); + if (client) return client; + } + + return client_find(NULL, ipaddr, ipproto); +} + +fr_app_io_t proto_radius_tcp = { + .common = { + .magic = MODULE_MAGIC_INIT, + .name = "radius_tcp", + .config = tcp_listen_config, + .inst_size = sizeof(proto_radius_tcp_t), + .thread_inst_size = sizeof(proto_radius_tcp_thread_t), + .bootstrap = mod_bootstrap, + }, + .default_message_size = 4096, + + .open = mod_open, + .read = mod_read, + .write = mod_write, + .fd_set = mod_fd_set, + .track_compare = mod_track_compare, + .connection_set = mod_connection_set, + .network_get = mod_network_get, + .client_find = mod_client_find, + .get_name = mod_name, +}; diff --git a/src/listen/tacacs/notes b/src/listen/tacacs/notes new file mode 100644 index 00000000000..f4b39448e85 --- /dev/null +++ b/src/listen/tacacs/notes @@ -0,0 +1,3 @@ +- add health checks for client + - if client is health check, accept() and close the connection immediately + diff --git a/src/protocols/bfd/base.c b/src/protocols/bfd/base.c index 5322213a7db..825015dc28e 100644 --- a/src/protocols/bfd/base.c +++ b/src/protocols/bfd/base.c @@ -75,7 +75,9 @@ fr_table_num_ordered_t const bfd_auth_type_table[] = { }; size_t const bfd_auth_type_table_len = NUM_ELEMENTS(bfd_auth_type_table); - +/* + * Perform basic packet checks as per the first part of RFC 5880 Section 6.8.6. + */ bool fr_bfd_packet_ok(char const **err, uint8_t const *packet, size_t packet_len) { bfd_packet_t const *bfd; @@ -90,26 +92,45 @@ bool fr_bfd_packet_ok(char const **err, uint8_t const *packet, size_t packet_len bfd = (bfd_packet_t const *) packet; + /* + * If the version number is not correct (1), the packet MUST be + * discarded. + */ if (bfd->version != 1) { msg = "Packet has wrong version - should be 1"; goto fail; } + /* + * If the Length field is less than the minimum correct value (24 if + * the A bit is clear, or 26 if the A bit is set), the packet MUST be + * discarded. + */ if (bfd->length < FR_BFD_HEADER_LENGTH) { msg = "Header length is too small"; goto fail; } - if (bfd->length > sizeof(*bfd)) { - msg = "Header length is larger than received packet"; - goto fail; - } - - if (bfd->length != packet_len) { + /* + * If the Length field is greater than the payload of the + * encapsulating protocol, the packet MUST be discarded. + * + * Addendum: if the Length field is smaller than the + * received data, that's bad, too. + */ + if (bfd->length > packet_len) { msg = "Header length is not the same as the amount of data we read"; goto fail; } + /* + * If the Length field is less than the minimum correct value (24 if + * the A bit is clear, or 26 if the A bit is set), the packet MUST be + * discarded. + * + * Addendum: if the Length field is not equal to 24 plus Auth-Len field, + * then the packet is discarded. + */ if (bfd->auth_present) { if (bfd->length < (FR_BFD_HEADER_LENGTH + 2)) { /* auth-type and auth-len */ msg = "Header length is not enough for auth-type and auth-len"; @@ -123,21 +144,36 @@ bool fr_bfd_packet_ok(char const **err, uint8_t const *packet, size_t packet_len } } + /* + * If the Detect Mult field is zero, the packet MUST be discarded. + */ if (bfd->detect_multi == 0) { msg = "Packet has invalid detect-multi == 0"; goto fail; } + /* + * If the Multipoint (M) bit is nonzero, the packet MUST be + * discarded. + */ if (bfd->multipoint != 0) { msg = "Packet has invalid multipoint != 0"; goto fail; } + /* + * If the My Discriminator field is zero, the packet MUST be + * discarded. + */ if (bfd->my_disc == 0) { msg = "Packet has invalid my-discriminator == 0"; goto fail; } + /* + * If the Your Discriminator field is zero and the State field is not + * Down or AdminDown, the packet MUST be discarded. + */ if ((bfd->your_disc == 0) && !((bfd->state == BFD_STATE_DOWN) || (bfd->state == BFD_STATE_ADMIN_DOWN))) {