nhrpd: add cisco-authentication password support

dleroy · dleroy · commit c4737690e440 · 2024-06-05T12:10:11.000-07:00
Taking over this development from FRRouting#14788 This commit addresses 4 issues found in the previous PR 1) FRR would accept messages from a spoke without authentication when FRR NHRP had auth configured. 2) The error indication was not being sent in network byte order 3) The debug print in nhrp_connection_authorized was not correctly printing the received password 4) The addresses portion of the mandatory part of the error indication was invalid on the wire (confirmed in wireshark) Signed-off-by: Dave LeRoy <dleroy@labn.net>
diff --git a/nhrpd/nhrp_peer.c b/nhrpd/nhrp_peer.c
@@ -1125,7 +1125,7 @@ static int nhrp_packet_send_error(struct nhrp_packet_parser *pp,
 	hdr = nhrp_packet_push(zb, NHRP_PACKET_ERROR_INDICATION, &pp->src_nbma,
 			       &src_proto, &dst_proto);
 
-	hdr->u.error.code = indication_code;
+	hdr->u.error.code = htons(indication_code);
 	hdr->u.error.offset = htons(offset);
 	hdr->flags = pp->hdr->flags;
 	hdr->hop_count = 0; // XXX: cisco returns 255
@@ -1135,7 +1135,12 @@ static int nhrp_packet_send_error(struct nhrp_packet_parser *pp,
 	/* wireshark gives bad checksum, without exts */
 	// pp->hdr->checksum = nhrp_packet_calculate_checksum(zbuf_used(&pp->payload))
 	zbuf_put(zb, pp->hdr, sizeof(*pp->hdr));
-	zbuf_copy(zb, &pp->payload, zbuf_used(&pp->payload));
+	zbuf_put(zb, sockunion_get_addr(&pp->src_nbma),
+		 hdr->src_nbma_address_len);
+	zbuf_put(zb, sockunion_get_addr(&pp->src_proto),
+		 hdr->src_protocol_address_len);
+	zbuf_put(zb, sockunion_get_addr(&pp->dst_proto),
+		 hdr->dst_protocol_address_len);
 	nhrp_packet_complete_auth(zb, hdr, pp->ifp, false);
 
 	/* nhrp_packet_debug(zb, "SEND_ERROR"); */
@@ -1151,7 +1156,7 @@ static bool nhrp_connection_authorized(struct nhrp_packet_parser *pp)
 	struct zbuf *auth = nifp->auth_token;
 	struct nhrp_extension_header *ext;
 	struct zbuf *extensions, pl;
-	int cmp = 0;
+	int cmp = 1;
 
 
 	extensions = zbuf_alloc(zbuf_used(&pp->extensions));
@@ -1164,7 +1169,11 @@ static bool nhrp_connection_authorized(struct nhrp_packet_parser *pp)
 					   auth->buf;
 			debugf(NHRP_DEBUG_COMMON,
 			       "Processing Authentication Extension for (%s:%s|%d)",
-			       auth_ext->secret, (const char *)pl.buf, cmp);
+			       auth_ext->secret,
+			       ((struct nhrp_cisco_authentication_extension *)
+					pl.buf)
+				       ->secret,
+			       cmp);
 			break;
 		}
 	}
