ospf: Add RFC 5613 support #77
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Even if there are some todos left, I already mark this PR as ready for a first review The answer to my question is in RFC 7166 Section 2. The LLS data block is appended before the authentication trailer. |
nrybowski
commented
Jun 26, 2025
nrybowski
commented
Jun 26, 2025
nrybowski
force-pushed
the
rfc5613
branch
3 times, most recently
from
de21dc2 to
4bf4eca
Compare
nrybowski
commented
Jun 27, 2025
nrybowski
force-pushed
the
rfc5613
branch
2 times, most recently
from
8e2363e to
4038927
Compare
rwestphal
reviewed
Jun 28, 2025
There was a problem hiding this comment.
Wow, amazing work!
I used to think LLS was mostly used for proprietary extensions, but I see the IANA registry for LLS TLV types is quite big and references a number of RFCs. Is this prep work for something else you're planning to implement, or just general groundwork?
Overall this looks really good. I tested LLS combined with cryptographic authentication, for both OSPFv2 and v3, and I was pleased to see it's working (this is tricky business!). I've left a few review comments, mostly minor nits that should be easy to address.
Lastly, please do not forget to update the list of supported RFCs in the README :)
nrybowski
commented
Jun 30, 2025
There was a problem hiding this comment.
I used to think LLS was mostly used for proprietary extensions, but I see the IANA registry for LLS TLV types is quite big and references a number of RFCs. Is this prep work for something else you're planning to implement, or just general groundwork?
You guessed it right :) My first plan was adding RFC 9339 but it depends on LLS data blocks. So, I started by adding them :)
Lastly, please do not forget to update the list of supported RFCs in the README :)
Sure, I will do that.
I will rewrite the git history to divide this series in 4 self-contained patches:
- Some preparation work by modifying current interfaces, i.e., using references in
V::decode_auth_validate, extendingPacketVersionwith anoptionsfunction, and moving the auth digest check in a dedicated function. - The actual addition of RFC 5613 along with the repaired existing tests.
- Encode / decode tests for OSPFv2.
- Encode / decode tests for OSPFv3.
- Update V::decode_auth_validate() signature to use references rather than taking ownership of PacketHdrAuth and AuthDecodeCtx. These structures are required for OSPFv2 LLS data blocks authentication - Extend PacketVersion interface with function to retrieve Options field from Hello and DbDesc packets. - Move digest validation logic in a separate function as it will be required for LLS CA-TLV authentication. Signed-off-by: Nicolas Rybowski <[email protected]>
nrybowski
added a commit
to nrybowski/holo
that referenced
this pull request
Jun 30, 2025
This commit introduces LLS data block appended to OSPF Hello and DbDesc
packets. The current code is shared between OSPFv2 and OSPFv3.
- About authentication:
For OSPFv{2,3}, if the authentication is disabled, the LLS
data block checksum is verified.
For OSPFv2, when the authentication is enabled, the CA-TLV digest is
verified.
For OSPFv3, when the authentication is enabled, there is nothing to do
as the LLS data block is included in the authentication digest. This
behavior is documented in RFC 7166 Section 2.
- About enabling LLS data blocks through YANG:
LLS data blocks are enabled per interface. That enables generating LLS
data block for Hello and DbDesc messages orginated for a that specific
interface. If some LLS data is specified through OSPF configuration, the
L-bit is enabled in the packet options.
This feature also enables examining LLS data block for received messages
if the option is enabled and the L-bit flag is present in the message
options.
Currently, the operation detailed above are mainly placeholders for future
behavior since RFC 5613 does not mention how to configure the TLVs it
specifies.
- About the presence of EO TLV in LlsDbDescData:
RFC 4811 Section 2.1 specifies that EO TLV may be included in DbDesc
packets.
Signed-off-by: Nicolas Rybowski <[email protected]>
---
v0 -> v1: Fixed nits mentioned in Renato's review at
holo-routing#77
nrybowski
added a commit
to nrybowski/holo
that referenced
this pull request
Jun 30, 2025
This commit introduces LLS data block appended to OSPF Hello and DbDesc
packets. The current code is shared between OSPFv2 and OSPFv3.
- About authentication:
For OSPFv{2,3}, if the authentication is disabled, the LLS
data block checksum is verified.
For OSPFv2, when the authentication is enabled, the CA-TLV digest is
verified.
For OSPFv3, when the authentication is enabled, there is nothing to do
as the LLS data block is included in the authentication digest. This
behavior is documented in RFC 7166 Section 2.
- About enabling LLS data blocks through YANG:
LLS data blocks are enabled per interface. That enables generating LLS
data block for Hello and DbDesc messages orginated for a that specific
interface. If some LLS data is specified through OSPF configuration, the
L-bit is enabled in the packet options.
This feature also enables examining LLS data block for received messages
if the option is enabled and the L-bit flag is present in the message
options.
Currently, the operation detailed above are mainly placeholders for future
behavior since RFC 5613 does not mention how to configure the TLVs it
specifies.
- About the presence of EO TLV in LlsDbDescData:
RFC 4811 Section 2.1 specifies that EO TLV may be included in DbDesc
packets.
Signed-off-by: Nicolas Rybowski <[email protected]>
---
v0 -> v1: Fixed nits mentioned in Renato's review at
holo-routing#77
nrybowski
added a commit
to nrybowski/holo
that referenced
this pull request
Jun 30, 2025
This commit introduces LLS data block appended to OSPF Hello and DbDesc
packets. The current code is shared between OSPFv2 and OSPFv3.
- About authentication:
For OSPFv{2,3}, if the authentication is disabled, the LLS
data block checksum is verified.
For OSPFv2, when the authentication is enabled, the CA-TLV digest is
verified.
For OSPFv3, when the authentication is enabled, there is nothing to do
as the LLS data block is included in the authentication digest. This
behavior is documented in RFC 7166 Section 2.
- About enabling LLS data blocks through YANG:
LLS data blocks are enabled per interface. That enables generating LLS
data block for Hello and DbDesc messages orginated for a that specific
interface. If some LLS data is specified through OSPF configuration, the
L-bit is enabled in the packet options.
This feature also enables examining LLS data block for received messages
if the option is enabled and the L-bit flag is present in the message
options.
Currently, the operation detailed above are mainly placeholders for future
behavior since RFC 5613 does not mention how to configure the TLVs it
specifies.
- About the presence of EO TLV in LlsDbDescData:
RFC 4811 Section 2.1 specifies that EO TLV may be included in DbDesc
packets.
Signed-off-by: Nicolas Rybowski <[email protected]>
---
v0 -> v1: Fixed nits mentioned in Renato's review at
holo-routing#77
This commit introduces LLS data block appended to OSPF Hello and DbDesc
packets. The current code is shared between OSPFv2 and OSPFv3.
- About authentication:
For OSPFv{2,3}, if the authentication is disabled, the LLS
data block checksum is verified.
For OSPFv2, when the authentication is enabled, the CA-TLV digest is
verified.
For OSPFv3, when the authentication is enabled, there is nothing to do
as the LLS data block is included in the authentication digest. This
behavior is documented in RFC 7166 Section 2.
- About enabling LLS data blocks through YANG:
LLS data blocks are enabled per interface. That enables generating LLS
data block for Hello and DbDesc messages orginated for a that specific
interface. If some LLS data is specified through OSPF configuration, the
L-bit is enabled in the packet options.
This feature also enables examining LLS data block for received messages
if the option is enabled and the L-bit flag is present in the message
options.
Currently, the operation detailed above are mainly placeholders for future
behavior since RFC 5613 does not mention how to configure the TLVs it
specifies.
- About the presence of EO TLV in LlsDbDescData:
RFC 4811 Section 2.1 specifies that EO TLV may be included in DbDesc
packets.
Signed-off-by: Nicolas Rybowski <[email protected]>
---
v0 -> v1: Fixed nits mentioned in Renato's review at
holo-routing#77
Signed-off-by: Nicolas Rybowski <[email protected]>
Hello messages are tested with and without packet authentication. DbDesc messages are only tested without packet authentication. Signed-off-by: Nicolas Rybowski <[email protected]> --- v0 -> v1: Add DbDesc tests as RFC 4811 Section 2.1 mention that LLS EO-TLV may be included in DbDesc packets.
Hello messages are tested with and without packet authentication. DbDesc messages are only tested without packet authentication. Signed-off-by: Nicolas Rybowski <[email protected]> --- v0 -> v1: Add DbDesc tests as RFC 4811 Section 2.1 mention that LLS EO-TLV may be included in DbDesc packets.
|
There we go, the PR is ready for review :) |
nrybowski
added a commit
to nrybowski/holo
that referenced
this pull request
Jun 30, 2025
This patch depends on RFC 5613, added with holo-routing#77. Signed-off-by: Nicolas Rybowski <[email protected]>
rwestphal
approved these changes
Jun 30, 2025
nrybowski
added a commit
to nrybowski/holo
that referenced
this pull request
Jul 1, 2025
This patch adds Reverse Metric and Reverse TE Metric TLVs to LLS data blocks. This patch hence depends on RFC 5613, added with holo-routing#77. Signed-off-by: Nicolas Rybowski <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR introduces Link-Local Signaling data block appended to OSPF Hello and DbDesc packets. The current code is shared between OSPFv2 and OSPFv3.
See RFC 5613.
TODO
- [ ] get LLS data from interfaces configuration.=> not specified in RFC 5613.