summaryrefslogtreecommitdiffstats
path: root/ospf6d/ospf6_auth_trailer.c
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-27 04:24:31 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-27 04:24:31 +0000
commitacb594b1d825c6e12369cebb941968ec08c840ce (patch)
treed544788908e7353a4f117e2991f15f4236a0c963 /ospf6d/ospf6_auth_trailer.c
parentAdding upstream version 9.1. (diff)
downloadfrr-acb594b1d825c6e12369cebb941968ec08c840ce.tar.xz
frr-acb594b1d825c6e12369cebb941968ec08c840ce.zip
Adding upstream version 10.0.upstream/10.0
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'ospf6d/ospf6_auth_trailer.c')
-rw-r--r--ospf6d/ospf6_auth_trailer.c125
1 files changed, 87 insertions, 38 deletions
diff --git a/ospf6d/ospf6_auth_trailer.c b/ospf6d/ospf6_auth_trailer.c
index 10e0092..8d9eff4 100644
--- a/ospf6d/ospf6_auth_trailer.c
+++ b/ospf6d/ospf6_auth_trailer.c
@@ -4,6 +4,13 @@
*/
#include "zebra.h"
+#include <sys/stat.h>
+
+#ifdef CRYPTO_OPENSSL
+#include <openssl/evp.h>
+#include <openssl/hmac.h>
+#endif
+
#include "config.h"
#include "memory.h"
#include "ospf6d.h"
@@ -23,9 +30,13 @@
#include "ospf6_zebra.h"
#include "lib/keychain.h"
+#define OSPF6D_COMPAT_AUTHSEQ_NAME "%s/ospf6d-at-seq-no.dat", frr_runstatedir
+
unsigned char conf_debug_ospf6_auth[2];
DEFINE_MTYPE_STATIC(OSPF6D, OSPF6_AUTH_HASH_XOR, "OSPF6 auth hash xor");
+static void ospf6_auth_seqno_nvm_update(struct ospf6 *ospf6);
+
/*Apad is the hexadecimal value 0x878FE1F3. */
const uint8_t ospf6_hash_apad_max[KEYCHAIN_MAX_HASH_SIZE] = {
0x87, 0x8f, 0xe1, 0xf3, 0x87, 0x8f, 0xe1, 0xf3, 0x87, 0x8f, 0xe1,
@@ -855,23 +866,11 @@ void install_element_ospf6_clear_intf_auth(void)
install_element(ENABLE_NODE, &clear_ipv6_ospf6_intf_auth_cmd);
}
-enum ospf6_auth_err ospf6_auth_nvm_file_exist(void)
-{
- struct stat buffer;
- int exist;
-
- exist = stat(OSPF6_AUTH_SEQ_NUM_FILE, &buffer);
- if (exist == 0)
- return OSPF6_AUTH_FILE_EXIST;
- else
- return OSPF6_AUTH_FILE_DO_NOT_EXIST;
-}
-
/*
* Record in non-volatile memory the given ospf6 process,
* authentication trailer higher order sequence number.
*/
-void ospf6_auth_seqno_nvm_update(struct ospf6 *ospf6)
+static void ospf6_auth_seqno_nvm_update(struct ospf6 *ospf6)
{
const char *inst_name;
json_object *json;
@@ -883,9 +882,7 @@ void ospf6_auth_seqno_nvm_update(struct ospf6 *ospf6)
inst_name = ospf6->name ? ospf6->name : VRF_DEFAULT_NAME;
- json = json_object_from_file((char *)OSPF6_AUTH_SEQ_NUM_FILE);
- if (json == NULL)
- json = json_object_new_object();
+ json = frr_daemon_state_load();
json_object_object_get_ex(json, "instances", &json_instances);
if (!json_instances) {
@@ -905,49 +902,82 @@ void ospf6_auth_seqno_nvm_update(struct ospf6 *ospf6)
*/
json_object_int_add(json_instance, "sequence_number", ospf6->seqnum_h);
- json_object_to_file_ext((char *)OSPF6_AUTH_SEQ_NUM_FILE, json,
- JSON_C_TO_STRING_PRETTY);
- json_object_free(json);
+ frr_daemon_state_save(&json);
}
/*
* Delete authentication sequence number for a given OSPF6 process
* from non-volatile memory.
*/
-void ospf6_auth_seqno_nvm_delete(struct ospf6 *ospf6)
+__attribute__((unused)) static void
+ospf6_auth_seqno_nvm_delete(struct ospf6 *ospf6)
{
const char *inst_name;
json_object *json;
json_object *json_instances;
+ json_object *json_instance;
zlog_err("Higher order sequence number delete for %s process",
ospf6->name);
inst_name = ospf6->name ? ospf6->name : VRF_DEFAULT_NAME;
- json = json_object_from_file((char *)OSPF6_AUTH_SEQ_NUM_FILE);
- if (json == NULL)
- json = json_object_new_object();
+ json = frr_daemon_state_load();
json_object_object_get_ex(json, "instances", &json_instances);
if (!json_instances) {
- json_instances = json_object_new_object();
- json_object_object_add(json, "instances", json_instances);
+ json_object_put(json);
+ return;
+ }
+
+ json_object_object_get_ex(json_instances, inst_name, &json_instance);
+ if (json_instance) {
+ json_object_put(json);
+ return;
}
- json_object_object_del(json_instances, inst_name);
+ json_object_object_del(json_instance, "sequence_number");
- json_object_to_file_ext((char *)OSPF6_AUTH_SEQ_NUM_FILE, json,
- JSON_C_TO_STRING_PRETTY);
- json_object_free(json);
+ frr_daemon_state_save(&json);
}
+static struct json_object *ospf6_auth_seqno_compat_read(const char *inst_name)
+{
+ /* try legacy location */
+ char compat_path[512];
+ json_object *json;
+ json_object *json_instances = NULL;
+ json_object *json_instance = NULL;
+ json_object *json_seqnum = NULL;
+
+ snprintf(compat_path, sizeof(compat_path), OSPF6D_COMPAT_AUTHSEQ_NAME);
+ json = json_object_from_file(compat_path);
+
+ if (json)
+ json_object_object_get_ex(json, "instances", &json_instances);
+ if (json_instances)
+ json_object_object_get_ex(json_instances, inst_name,
+ &json_instance);
+ if (json_instance)
+ json_object_object_get_ex(json_instance, "sequence_number",
+ &json_seqnum);
+ if (json_seqnum)
+ /* => free the file-level object and still return this */
+ json_seqnum = json_object_get(json_seqnum);
+
+ if (json) {
+ json_object_free(json);
+ unlink(compat_path);
+ }
+ return json_seqnum;
+}
+
/*
* Fetch from non-volatile memory the stored ospf6 process
* authentication sequence number.
*/
-void ospf6_auth_seqno_nvm_read(struct ospf6 *ospf6)
+static void ospf6_auth_seqno_nvm_read(struct ospf6 *ospf6)
{
const char *inst_name;
json_object *json;
@@ -957,9 +987,7 @@ void ospf6_auth_seqno_nvm_read(struct ospf6 *ospf6)
inst_name = ospf6->name ? ospf6->name : VRF_DEFAULT_NAME;
- json = json_object_from_file((char *)OSPF6_AUTH_SEQ_NUM_FILE);
- if (json == NULL)
- json = json_object_new_object();
+ json = frr_daemon_state_load();
json_object_object_get_ex(json, "instances", &json_instances);
if (!json_instances) {
@@ -976,13 +1004,34 @@ void ospf6_auth_seqno_nvm_read(struct ospf6 *ospf6)
json_object_object_get_ex(json_instance, "sequence_number",
&json_seqnum);
- ospf6->seqnum_h = json_object_get_int(json_seqnum);
+
+ if (json_seqnum)
+ /* cf. reference taken in compat_read above */
+ json_seqnum = json_object_get(json_seqnum);
+ else
+ json_seqnum = ospf6_auth_seqno_compat_read(inst_name);
+
+ ospf6->seqnum_l = 0;
+ if (json_seqnum) {
+ ospf6->seqnum_h = json_object_get_int(json_seqnum);
+ ospf6->seqnum_h += 1;
+ } else {
+ ospf6->seqnum_h = 0;
+ }
+
+ if (json_seqnum)
+ json_object_put(json_seqnum);
zlog_err("Higher order sequence number %d read for %s process %s",
ospf6->seqnum_h, ospf6->name, strerror(errno));
- json_object_object_del(json_instances, inst_name);
- json_object_to_file_ext((char *)OSPF6_AUTH_SEQ_NUM_FILE, json,
- JSON_C_TO_STRING_PRETTY);
- json_object_free(json);
+ json_object_object_del(json_instance, "sequence_number");
+
+ frr_daemon_state_save(&json);
+}
+
+void ospf6_auth_init(struct ospf6 *o)
+{
+ ospf6_auth_seqno_nvm_read(o);
+ ospf6_auth_seqno_nvm_update(o);
}