[Xorp-hackers] xorp interoperate with IOS - RFC4813 LLS and auth

[Eric S. Johnson]

Recent versions of IOS seem to like to do RFC4813 - OSPF Link-Local
Signaling *by default*. This was not working with xorp ospf v2
speakers with MD5 auth. You can turn off ospf LLS on cisco routers with

conf t
int blahblah
    ip ospf lls disable

but this patch allows xorp to correctly inter-operate with these 4813 speakers.

xorp was assuming that an OSPF packet ended with the 16 octet
md5 checksum. With RFC4813 there can be more things beyond the md5
checksum. This patch ignores anything past the md5 checksum, and computes
the md5 checksum over the correct data.

IT DOES NOT implement RFC 4813, other than to ignore it correctly.

NOTE: this patch applies clean to xorp 1.6 also.

E


---
diff -r -U5 xorp-svn-20100217.orig/ospf/auth.cc xorp-svn-20100217/ospf/auth.cc
--- xorp-svn-20100217.orig/ospf/auth.cc 2010-02-17 10:26:02.000000000 -0500
+++ xorp-svn-20100217/ospf/auth.cc 2010-02-19 07:17:43.000000000 -0500
@@ -494,16 +494,19 @@


    MD5_CTX ctx;
    uint8_t digest[MD5_DIGEST_LENGTH];


+ // length to compute MD5 over
+ uint32_t md5_packet_length = extract_16(&ptr[Packet::LEN_OFFSET]);
+

    MD5_Init(&ctx);

- MD5_Update(&ctx, &ptr[0], pkt.size() - MD5_DIGEST_LENGTH);
+ MD5_Update(&ctx, &ptr[0], md5_packet_length);

    MD5_Update(&ctx, key->key_data(), key->key_data_bytes());
    MD5_Final(&digest[0], &ctx);


- if (0 != memcmp(&digest[0], &ptr[pkt.size() - MD5_DIGEST_LENGTH],
+ if (0 != memcmp(&digest[0], &ptr[md5_packet_length],

    MD5_DIGEST_LENGTH)) {

    set_error(c_format("authentication digest doesn't match local key "

        "(key ID = %d)", key->id()));

    // #define DUMP_BAD_MD5
    #ifdef DUMP_BAD_MD5