Skip to content

Commit

Permalink
nhrpd: Add topotest for retrying resolution request
Browse files Browse the repository at this point in the history
Modified nhrp_topo topotest to test for newly added resolution
request retry feature. Changes to the topotest include adding a spoke to the
existing nhrp_topo topotest so that a topology with two spokes and hub
can be used to create shortcuts and test the sending/resending of
resolution requests and responses between spoke and hub.The resolution
request retry feature was tested by blocking incoming resolution requests on a
receiving nodes to stop the creation of a successful shortcut - which
then triggered the sending spoke to retry sending resolution requests

Also modified nhrp_connection_authorized(). Initially, when writing debug
informaton about incoming NHRP packets with authentication enabled,
the nhrp_connection_authorized() function would print the
passphrase of the incoming packet as if it were a null terminated
string. This meant that if the passphrase on the incoming packet
had non ASCII-complient bytes in it, it would attempt to print those
bytes anyway. There was also no check that the size of the passphrase in
the incoming packet matched the size of the passphrase on the interface.

Moved CISCO_PASS_LENGTH_LEN from nhrp_vty.c to nhrp_protocol.h
for easier access  to the macro in other files

Signed-off-by: Joshua Muthii <jmuthii@labn.net>
  • Loading branch information
jmuthiilabn committed Oct 21, 2024
1 parent cf1da3e commit ce91fd8
Show file tree
Hide file tree
Showing 14 changed files with 366 additions and 18 deletions.
49 changes: 41 additions & 8 deletions nhrpd/nhrp_peer.c
Original file line number Diff line number Diff line change
Expand Up @@ -1169,22 +1169,55 @@ static bool nhrp_connection_authorized(struct nhrp_packet_parser *pp)
struct nhrp_extension_header *ext;
struct zbuf *extensions, pl;
int cmp = 1;
int pl_pass_length, auth_pass_length;
size_t auth_size, pl_size;

extensions = zbuf_alloc(zbuf_used(&pp->extensions));
zbuf_copy_peek(extensions, &pp->extensions, zbuf_used(&pp->extensions));
while ((ext = nhrp_ext_pull(extensions, &pl)) != NULL) {
switch (htons(ext->type) & ~NHRP_EXTENSION_FLAG_COMPULSORY) {
case NHRP_EXTENSION_AUTHENTICATION:
cmp = memcmp(auth->buf, pl.buf, zbuf_size(auth));
/* Size of authentication extensions
* (varies based on password length)
*/
auth_size = zbuf_size(auth);
pl_size = zbuf_size(&pl);
auth_ext = (struct nhrp_cisco_authentication_extension *)
auth->buf;
debugf(NHRP_DEBUG_COMMON,
"Processing Authentication Extension for (%s:%s|%d)",
auth_ext->secret,
((struct nhrp_cisco_authentication_extension *)
pl.buf)
->secret,
cmp);

if (auth_size == pl_size)
cmp = memcmp(auth_ext, pl.buf, auth_size);
else
cmp = 1;

if (unlikely(debug_flags & NHRP_DEBUG_COMMON)) {
/* 4 bytes in nhrp_cisco_authentication_extension are allocated
* toward the authentication type. The remaining bytes are used for the
* password - so the password length is just the length of the extension - 4
*/
auth_pass_length = (auth_size - 4);
pl_pass_length = (pl_size - 4);
/* Because characters are to be printed in HEX, (2* the max pass length) + 1
* is needed for the string representation
*/
char auth_pass[(2 * NHRP_CISCO_PASS_LEN) + 1] = { 0 },
pl_pass[(2 * NHRP_CISCO_PASS_LEN) + 1] = { 0 };
/* Converting bytes in buffer to HEX and saving output as a string -
* Passphrase is converted to HEX in order to avoid printing
* non ACII-compliant characters
*/
for (int i = 0; i < (auth_pass_length); i++)
snprintf(auth_pass + (i * 2), 3, "%02X",
auth_ext->secret[i]);
for (int i = 0; i < (pl_pass_length); i++)
snprintf(pl_pass + (i * 2), 3, "%02X",
((struct nhrp_cisco_authentication_extension *)pl.buf)
->secret[i]);

debugf(NHRP_DEBUG_COMMON,
"Processing Authentication Extension for (%s:%s|%d)",
auth_pass, pl_pass, cmp);
}
break;
default:
/* Ignoring all received extensions except Authentication*/
Expand Down
Empty file added nhrpd/nhrp_protocol.c
Empty file.
1 change: 1 addition & 0 deletions nhrpd/nhrp_protocol.h
Original file line number Diff line number Diff line change
Expand Up @@ -73,6 +73,7 @@

/* NHRP Authentication extension types (ala Cisco) */
#define NHRP_AUTHENTICATION_PLAINTEXT 0x00000001
#define NHRP_CISCO_PASS_LEN 8

/* NHRP Packet Structures */
struct nhrp_packet_header {
Expand Down
1 change: 0 additions & 1 deletion nhrpd/nhrp_vty.c
Original file line number Diff line number Diff line change
Expand Up @@ -467,7 +467,6 @@ DEFUN(if_no_nhrp_holdtime, if_no_nhrp_holdtime_cmd,
return CMD_SUCCESS;
}

#define NHRP_CISCO_PASS_LEN 8
DEFPY(if_nhrp_authentication, if_nhrp_authentication_cmd,
AFI_CMD "nhrp authentication PASSWORD$password",
AFI_STR
Expand Down
14 changes: 14 additions & 0 deletions tests/topotests/nhrp_topo/r1/nhrp_shortcut_present.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
{
"attr":{
"entriesCount":1
},
"table":[
{
"type":"dynamic",
"prefix":"192.168.4.0\/24",
"via":"10.255.255.4",
"identity":""
}
]
}

1 change: 1 addition & 0 deletions tests/topotests/nhrp_topo/r1/zebra.conf
Original file line number Diff line number Diff line change
Expand Up @@ -10,3 +10,4 @@ exit
interface r1-eth1
ip address 192.168.1.1/24
!
ip route 0.0.0.0/0 10.255.255.2
13 changes: 12 additions & 1 deletion tests/topotests/nhrp_topo/r2/nhrp4_cache.json
Original file line number Diff line number Diff line change
@@ -1,8 +1,19 @@
{
"attr":{
"entriesCount":2
"entriesCount":3
},
"table":[
{
"interface":"r2-gre0",
"type":"dynamic",
"protocol":"10.255.255.4",
"nbma":"10.1.1.4",
"claimed_nbma":"10.1.1.4",
"used":false,
"timeout":true,
"auth":false,
"identity":""
},
{
"interface":"r2-gre0",
"type":"local",
Expand Down
26 changes: 25 additions & 1 deletion tests/topotests/nhrp_topo/r2/nhrp_route4.json
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,31 @@
"installed":true,
"internalNextHopNum":1,
"internalNextHopActiveNum":1,
"nexthops":[
"nexthops": [
{
"fib":true,
"directlyConnected":true,
"interfaceName":"r2-gre0",
"active":true
}
]
}
],
"10.255.255.4\/32": [
{
"prefix":"10.255.255.4\/32",
"prefixLen":32,
"protocol":"nhrp",
"vrfId":0,
"vrfName":"default",
"selected":true,
"destSelected":true,
"distance":10,
"metric":0,
"installed":true,
"internalNextHopNum":1,
"internalNextHopActiveNum":1,
"nexthops": [
{
"fib":true,
"directlyConnected":true,
Expand Down
3 changes: 3 additions & 0 deletions tests/topotests/nhrp_topo/r2/zebra.conf
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
ip forwarding
interface r2-eth0
ip address 10.2.1.2/24
!
Expand All @@ -10,3 +11,5 @@ interface r2-gre0
interface r2-eth1
ip address 192.168.2.2/24
!
ip route 192.168.4.4/24 10.255.255.4
ip route 192.168.1.1/24 10.255.255.1
30 changes: 30 additions & 0 deletions tests/topotests/nhrp_topo/r4/nhrp4_cache.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
{
"attr":{
"entriesCount":2
},
"table":[
{
"interface":"r4-gre0",
"type":"local",
"protocol":"10.255.255.4",
"nbma":"10.1.1.4",
"claimed_nbma":"10.1.1.4",
"used":false,
"timeout":false,
"auth":false,
"identity":"-"
},
{
"interface":"r4-gre0",
"type":"nhs",
"protocol":"10.255.255.2",
"nbma":"10.2.1.2",
"claimed_nbma":"10.2.1.2",
"used":false,
"timeout":true,
"auth":false,
"identity":""
}
]
}

26 changes: 26 additions & 0 deletions tests/topotests/nhrp_topo/r4/nhrp_route4.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
{
"10.255.255.2\/32": [
{
"prefix": "10.255.255.2\/32",
"prefixLen": 32,
"protocol": "nhrp",
"vrfId": 0,
"vrfName": "default",
"selected": true,
"destSelected": true,
"distance": 10,
"metric": 0,
"installed": true,
"internalNextHopNum": 1,
"internalNextHopActiveNum": 1,
"nexthops": [
{
"fib": true,
"directlyConnected": true,
"interfaceName": "r4-gre0",
"active": true
}
]
}
]
}
11 changes: 11 additions & 0 deletions tests/topotests/nhrp_topo/r4/nhrpd.conf
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
log stdout debugging
debug nhrp all
interface r4-gre0
ip nhrp authentication secret
ip nhrp holdtime 10
ip nhrp shortcut
ip nhrp network-id 42
ip nhrp nhs dynamic nbma 10.2.1.2
ip nhrp registration no-unique
tunnel source r4-eth0
exit
13 changes: 13 additions & 0 deletions tests/topotests/nhrp_topo/r4/zebra.conf
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
interface r4-eth0
ip address 10.1.1.4/24
!
ip route 10.2.1.0/24 10.1.1.3
interface r4-gre0
ip address 10.255.255.4/32
no link-detect
ipv6 nd suppress-ra
exit
interface r4-eth1
ip address 192.168.4.4/24
!
ip route 0.0.0.0/0 10.255.255.2
Loading

0 comments on commit ce91fd8

Please sign in to comment.