[quagga-dev 5937] Re: OSPF, passive interface question

Joakim Tjernlund joakim.tjernlund at transmode.se
Tue Sep 9 17:01:04 BST 2008


On Tue, 2008-09-09 at 15:08 +0100, paul at clubi.ie wrote:
> On Fri, 5 Sep 2008, Joakim Tjernlund wrote:
> 
> > Yes, it makes sure that no rouge OSPF pkg gets processed or consumes
> > CPU for no good reason.
> 
> Hmm, might be an idea, yes.
> 
> > very defensive, but OK.
> 
> Andrew spent a bit of time whacking multicast-membership state bugs, 
> iirc. Different OSes also might have different behaviours around 
> corner-cases (e.g. whether memberships are flushes on down/up), etc. 
> which make defensive action more important - I don't quite remember.
> 
> regards,

OK, so here it is again, with somewhat better text.

>From 2e573c83468757c375565e7f166335ab598fa378 Mon Sep 17 00:00:00 2001
From: Joakim Tjernlund <Joakim.Tjernlund at transmode.se>
Date: Fri, 5 Sep 2008 09:49:08 +0200
Subject: [PATCH] [ospfd] Move passive interface check

* ospf_packet.c: Apply passive check and drop for all packages
  and not just Hellos.

Signed-off-by: Joakim Tjernlund <Joakim.Tjernlund at transmode.se>
---
 ospfd/ospf_packet.c |   44 ++++++++++++++++++++++++++------------------
 1 files changed, 26 insertions(+), 18 deletions(-)

diff --git a/ospfd/ospf_packet.c b/ospfd/ospf_packet.c
index ed342e7..5f0d99d 100644
--- a/ospfd/ospf_packet.c
+++ b/ospfd/ospf_packet.c
@@ -765,24 +765,6 @@ ospf_hello (struct ip *iph, struct ospf_header *ospfh,
       return;
     }
 
-  /* If incoming interface is passive one, ignore Hello. */
-  if (OSPF_IF_PASSIVE_STATUS (oi) == OSPF_IF_PASSIVE) {
-    char buf[3][INET_ADDRSTRLEN];
-    zlog_debug ("ignoring HELLO from router %s sent to %s, "
-	        "received on a passive interface, %s",
-	        inet_ntop(AF_INET, &ospfh->router_id, buf[0], sizeof(buf[0])),
-	        inet_ntop(AF_INET, &iph->ip_dst, buf[1], sizeof(buf[1])),
-	        inet_ntop(AF_INET, &oi->address->u.prefix4,
-	      		  buf[2], sizeof(buf[2])));
-    if (iph->ip_dst.s_addr == htonl(OSPF_ALLSPFROUTERS))
-      {
-        /* Try to fix multicast membership. */
-        OI_MEMBER_JOINED(oi, MEMBER_ALLROUTERS);
-        ospf_if_set_multicast(oi);
-      }
-    return;
-  }
-
   /* get neighbor prefix. */
   p.family = AF_INET;
   p.prefixlen = ip_masklen (hello->network_mask);
@@ -2393,6 +2375,32 @@ ospf_read (struct thread *thread)
   /* associate packet with ospf interface */
   oi = ospf_if_lookup_recv_if (ospf, iph->ip_src);
 
+  /* If incoming interface is passive one, ignore it. */
+  if (oi && OSPF_IF_PASSIVE_STATUS (oi) == OSPF_IF_PASSIVE)
+    {
+      char buf[3][INET_ADDRSTRLEN];
+
+      if (IS_DEBUG_OSPF_EVENT)
+	zlog_debug ("ignoring packet from router %s sent to %s, "
+		    "received on a passive interface, %s",
+		    inet_ntop(AF_INET, &ospfh->router_id, buf[0], sizeof(buf[0])),
+		    inet_ntop(AF_INET, &iph->ip_dst, buf[1], sizeof(buf[1])),
+		    inet_ntop(AF_INET, &oi->address->u.prefix4,
+			      buf[2], sizeof(buf[2])));
+
+      if (iph->ip_dst.s_addr == htonl(OSPF_ALLSPFROUTERS))
+	{
+	  /* Try to fix multicast membership.
+	   * Some OS:es may have problems in this area,
+	   * make sure it is removed.
+	   */
+	  OI_MEMBER_JOINED(oi, MEMBER_ALLROUTERS);
+	  ospf_if_set_multicast(oi);
+	}
+      return 0;
+  }
+
+
   /* if no local ospf_interface, 
    * or header area is backbone but ospf_interface is not
    * check for VLINK interface
-- 
1.5.6.5





More information about the Quagga-dev mailing list