Bug Summary

File:src/usr.sbin/ospf6d/interface.c
Warning:line 514, column 26
Dereference of null pointer

Annotated Source Code

Press '?' to see keyboard shortcuts

clang -cc1 -cc1 -triple amd64-unknown-openbsd7.4 -analyze -disable-free -clear-ast-before-backend -disable-llvm-verifier -discard-value-names -main-file-name interface.c -analyzer-checker=core -analyzer-checker=apiModeling -analyzer-checker=unix -analyzer-checker=deadcode -analyzer-checker=security.insecureAPI.UncheckedReturn -analyzer-checker=security.insecureAPI.getpw -analyzer-checker=security.insecureAPI.gets -analyzer-checker=security.insecureAPI.mktemp -analyzer-checker=security.insecureAPI.mkstemp -analyzer-checker=security.insecureAPI.vfork -analyzer-checker=nullability.NullPassedToNonnull -analyzer-checker=nullability.NullReturnedFromNonnull -analyzer-output plist -w -setup-static-analyzer -mrelocation-model pic -pic-level 1 -pic-is-pie -mframe-pointer=all -relaxed-aliasing -ffp-contract=on -fno-rounding-math -mconstructor-aliases -funwind-tables=2 -target-cpu x86-64 -target-feature +retpoline-indirect-calls -target-feature +retpoline-indirect-branches -tune-cpu generic -debugger-tuning=gdb -fcoverage-compilation-dir=/usr/src/usr.sbin/ospf6d/obj -resource-dir /usr/local/llvm16/lib/clang/16 -I /usr/src/usr.sbin/ospf6d -internal-isystem /usr/local/llvm16/lib/clang/16/include -internal-externc-isystem /usr/include -O2 -fdebug-compilation-dir=/usr/src/usr.sbin/ospf6d/obj -ferror-limit 19 -fwrapv -D_RET_PROTECTOR -ret-protector -fcf-protection=branch -fno-jump-tables -fgnuc-version=4.2.1 -vectorize-loops -vectorize-slp -fno-builtin-malloc -fno-builtin-calloc -fno-builtin-realloc -fno-builtin-valloc -fno-builtin-free -fno-builtin-strdup -fno-builtin-strndup -analyzer-output=html -faddrsig -D__GCC_HAVE_DWARF2_CFI_ASM=1 -o /home/ben/Projects/scan/2024-01-11-140451-98009-1 -x c /usr/src/usr.sbin/ospf6d/interface.c
1/* $OpenBSD: interface.c,v 1.30 2023/03/08 04:43:14 guenther Exp $ */
2
3/*
4 * Copyright (c) 2005 Claudio Jeker <claudio@openbsd.org>
5 * Copyright (c) 2004, 2005, 2007 Esben Norby <norby@openbsd.org>
6 *
7 * Permission to use, copy, modify, and distribute this software for any
8 * purpose with or without fee is hereby granted, provided that the above
9 * copyright notice and this permission notice appear in all copies.
10 *
11 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
12 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
13 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
14 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
15 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18 */
19
20#include <sys/types.h>
21#include <sys/ioctl.h>
22#include <sys/time.h>
23#include <sys/socket.h>
24#include <netinet/in.h>
25#include <arpa/inet.h>
26#include <net/if.h>
27#include <net/if_types.h>
28#include <ctype.h>
29#include <err.h>
30#include <stdio.h>
31#include <stdlib.h>
32#include <unistd.h>
33#include <string.h>
34#include <event.h>
35
36#include "ospf6d.h"
37#include "ospf6.h"
38#include "log.h"
39#include "ospfe.h"
40
41void if_hello_timer(int, short, void *);
42void if_start_hello_timer(struct iface *);
43void if_stop_hello_timer(struct iface *);
44void if_stop_wait_timer(struct iface *);
45void if_wait_timer(int, short, void *);
46void if_start_wait_timer(struct iface *);
47void if_stop_wait_timer(struct iface *);
48struct nbr *if_elect(struct nbr *, struct nbr *);
49
50struct {
51 int state;
52 enum iface_event event;
53 enum iface_action action;
54 int new_state;
55} iface_fsm[] = {
56 /* current state event that happened action to take resulting state */
57 {IF_STA_DOWN0x01, IF_EVT_UP, IF_ACT_STRT, 0},
58 {IF_STA_WAITING0x04, IF_EVT_BACKUP_SEEN, IF_ACT_ELECT, 0},
59 {IF_STA_WAITING0x04, IF_EVT_WTIMER, IF_ACT_ELECT, 0},
60 {IF_STA_ANY0x7f, IF_EVT_WTIMER, IF_ACT_NOTHING, 0},
61 {IF_STA_WAITING0x04, IF_EVT_NBR_CHNG, IF_ACT_NOTHING, 0},
62 {IF_STA_MULTI(0x10 | 0x20 | 0x40), IF_EVT_NBR_CHNG, IF_ACT_ELECT, 0},
63 {IF_STA_ANY0x7f, IF_EVT_NBR_CHNG, IF_ACT_NOTHING, 0},
64 {IF_STA_ANY0x7f, IF_EVT_DOWN, IF_ACT_RST, IF_STA_DOWN0x01},
65 {IF_STA_ANY0x7f, IF_EVT_LOOP, IF_ACT_RST, IF_STA_LOOPBACK0x02},
66 {IF_STA_LOOPBACK0x02, IF_EVT_UNLOOP, IF_ACT_NOTHING, IF_STA_DOWN0x01},
67 {-1, IF_EVT_NOTHING, IF_ACT_NOTHING, 0},
68};
69
70#if 0
71/* TODO virtual links */
72static int vlink_cnt = 0;
73#endif
74
75TAILQ_HEAD(, iface)struct { struct iface *tqh_first; struct iface **tqh_last; } iflist;
76
77const char * const if_event_names[] = {
78 "NOTHING",
79 "UP",
80 "WAITTIMER",
81 "BACKUPSEEN",
82 "NEIGHBORCHANGE",
83 "LOOP",
84 "UNLOOP",
85 "DOWN"
86};
87
88const char * const if_action_names[] = {
89 "NOTHING",
90 "START",
91 "ELECT",
92 "RESET"
93};
94
95int
96if_fsm(struct iface *iface, enum iface_event event)
97{
98 int old_state;
99 int new_state = 0;
100 int i, ret = 0;
101
102 old_state = iface->state;
103
104 for (i = 0; iface_fsm[i].state != -1; i++)
2
Assuming the condition is true
105 if ((iface_fsm[i].state & old_state) &&
3
Assuming the condition is true
5
Taking true branch
106 (iface_fsm[i].event == event)) {
4
Assuming 'event' is equal to field 'event'
107 new_state = iface_fsm[i].new_state;
108 break;
109 }
110
111 if (iface_fsm[i].state == -1) {
6
 Execution continues on line 111
7
Taking false branch
112 /* event outside of the defined fsm, ignore it. */
113 log_debug("if_fsm: interface %s, "
114 "event %s not expected in state %s", iface->name,
115 if_event_names[event], if_state_name(old_state));
116 return (0);
117 }
118
119 switch (iface_fsm[i].action) {
8
Control jumps to 'case IF_ACT_ELECT:' at line 123
120 case IF_ACT_STRT:
121 ret = if_act_start(iface);
122 break;
123 case IF_ACT_ELECT:
124 ret = if_act_elect(iface);
9
Calling 'if_act_elect'
125 break;
126 case IF_ACT_RST:
127 ret = if_act_reset(iface);
128 break;
129 case IF_ACT_NOTHING:
130 /* do nothing */
131 break;
132 }
133
134 if (ret) {
135 log_debug("if_fsm: error changing state for interface %s, "
136 "event %s, state %s", iface->name, if_event_names[event],
137 if_state_name(old_state));
138 return (-1);
139 }
140
141 if (new_state != 0)
142 iface->state = new_state;
143
144 if (iface->state != old_state) {
145 area_track(iface->area);
146 orig_rtr_lsa(iface->area);
147 orig_link_lsa(iface);
148
149 /* state change inform RDE */
150 ospfe_imsg_compose_rde(IMSG_IFINFO, iface->self->peerid, 0,
151 &iface->state, sizeof(iface->state));
152 }
153
154 if (old_state & (IF_STA_MULTI(0x10 | 0x20 | 0x40) | IF_STA_POINTTOPOINT0x08) &&
155 (iface->state & (IF_STA_MULTI(0x10 | 0x20 | 0x40) | IF_STA_POINTTOPOINT0x08)) == 0)
156 ospfe_demote_iface(iface, 0);
157 if ((old_state & (IF_STA_MULTI(0x10 | 0x20 | 0x40) | IF_STA_POINTTOPOINT0x08)) == 0 &&
158 iface->state & (IF_STA_MULTI(0x10 | 0x20 | 0x40) | IF_STA_POINTTOPOINT0x08))
159 ospfe_demote_iface(iface, 1);
160
161 log_debug("if_fsm: event %s resulted in action %s and changing "
162 "state for interface %s from %s to %s",
163 if_event_names[event], if_action_names[iface_fsm[i].action],
164 iface->name, if_state_name(old_state), if_state_name(iface->state));
165
166 return (ret);
167}
168
169int
170if_init(void)
171{
172 TAILQ_INIT(&iflist)do { (&iflist)->tqh_first = ((void *)0); (&iflist)
->tqh_last = &(&iflist)->tqh_first; } while (0);
173
174 return (fetchifs(0));
175}
176
177/* XXX using a linked list should be OK for now */
178struct iface *
179if_find(unsigned int ifindex)
180{
181 struct iface *iface;
182
183 TAILQ_FOREACH(iface, &iflist, list)for((iface) = ((&iflist)->tqh_first); (iface) != ((void
*)0); (iface) = ((iface)->list.tqe_next)) {
184 if (ifindex == iface->ifindex)
185 return (iface);
186 }
187 return (NULL((void *)0));
188}
189
190struct iface *
191if_findname(char *name)
192{
193 struct iface *iface;
194
195 TAILQ_FOREACH(iface, &iflist, list)for((iface) = ((&iflist)->tqh_first); (iface) != ((void
*)0); (iface) = ((iface)->list.tqe_next)) {
196 if (!strcmp(name, iface->name))
197 return (iface);
198 }
199 return (NULL((void *)0));
200}
201
202struct iface *
203if_new(u_short ifindex, char *ifname)
204{
205 struct iface *iface;
206
207 if ((iface = calloc(1, sizeof(*iface))) == NULL((void *)0))
208 err(1, "if_new: calloc");
209
210 iface->state = IF_STA_DOWN0x01;
211
212 LIST_INIT(&iface->nbr_list)do { ((&iface->nbr_list)->lh_first) = ((void *)0); }
while (0);
213 TAILQ_INIT(&iface->ifa_list)do { (&iface->ifa_list)->tqh_first = ((void *)0); (
&iface->ifa_list)->tqh_last = &(&iface->
ifa_list)->tqh_first; } while (0);
214 TAILQ_INIT(&iface->ls_ack_list)do { (&iface->ls_ack_list)->tqh_first = ((void *)0)
; (&iface->ls_ack_list)->tqh_last = &(&iface
->ls_ack_list)->tqh_first; } while (0);
215 RB_INIT(&iface->lsa_tree)do { (&iface->lsa_tree)->rbh_root = ((void *)0); } while
(0);
216
217#if 0
218 /* TODO */
219 if (virtual) {
220 iface->type = IF_TYPE_VIRTUALLINK;
221 snprintf(iface->name, sizeof(iface->name), "vlink%d",
222 vlink_cnt++);
223 iface->flags |= IFF_UP0x1;
224 iface->mtu = IP_MSS576;
225 return (iface);
226 }
227#endif
228 strlcpy(iface->name, ifname, sizeof(iface->name));
229 iface->ifindex = ifindex;
230
231 TAILQ_INSERT_TAIL(&iflist, iface, list)do { (iface)->list.tqe_next = ((void *)0); (iface)->list
.tqe_prev = (&iflist)->tqh_last; *(&iflist)->tqh_last
= (iface); (&iflist)->tqh_last = &(iface)->list
.tqe_next; } while (0);
232
233 return (iface);
234}
235
236void
237if_update(struct iface *iface, int mtu, int flags, u_int8_t type,
238 u_int8_t state, u_int64_t rate, u_int32_t rdomain)
239{
240 iface->mtu = mtu;
241 iface->flags = flags;
242 iface->if_type = type;
243 iface->linkstate = state;
244 iface->baudrate = rate;
245 iface->rdomain = rdomain;
246
247 /* set type */
248 if (flags & IFF_POINTOPOINT0x10)
249 iface->type = IF_TYPE_POINTOPOINT;
250 if (flags & IFF_BROADCAST0x2 && flags & IFF_MULTICAST0x8000)
251 iface->type = IF_TYPE_BROADCAST;
252 if (flags & IFF_LOOPBACK0x8) {
253 iface->type = IF_TYPE_POINTOPOINT;
254 iface->cflags |= F_IFACE_PASSIVE0x01;
255 }
256}
257
258void
259if_del(struct iface *iface)
260{
261 struct nbr *nbr = NULL((void *)0);
262
263 log_debug("if_del: interface %s", iface->name);
264
265 /* revert the demotion when the interface is deleted */
266 if ((iface->state & (IF_STA_MULTI(0x10 | 0x20 | 0x40) | IF_STA_POINTTOPOINT0x08)) == 0)
267 ospfe_demote_iface(iface, 1);
268
269 /* clear lists etc */
270 while ((nbr = LIST_FIRST(&iface->nbr_list)((&iface->nbr_list)->lh_first)) != NULL((void *)0))
271 nbr_del(nbr);
272
273 if (evtimer_pending(&iface->hello_timer, NULL)event_pending(&iface->hello_timer, 0x01, ((void *)0)))
274 evtimer_del(&iface->hello_timer)event_del(&iface->hello_timer);
275 if (evtimer_pending(&iface->wait_timer, NULL)event_pending(&iface->wait_timer, 0x01, ((void *)0)))
276 evtimer_del(&iface->wait_timer)event_del(&iface->wait_timer);
277 if (evtimer_pending(&iface->lsack_tx_timer, NULL)event_pending(&iface->lsack_tx_timer, 0x01, ((void *)0
)))
278 evtimer_del(&iface->lsack_tx_timer)event_del(&iface->lsack_tx_timer);
279
280 ls_ack_list_clr(iface);
281 TAILQ_REMOVE(&iflist, iface, list)do { if (((iface)->list.tqe_next) != ((void *)0)) (iface)->
list.tqe_next->list.tqe_prev = (iface)->list.tqe_prev; else
(&iflist)->tqh_last = (iface)->list.tqe_prev; *(iface
)->list.tqe_prev = (iface)->list.tqe_next; ; ; } while (
0);
282 free(iface);
283}
284
285void
286if_start(struct ospfd_conf *xconf, struct iface *iface)
287{
288 /* init the dummy local neighbor */
289 iface->self = nbr_new(ospfe_router_id(), iface, iface->ifindex, 1,
290 NULL((void *)0));
291
292 /* set event handlers for interface */
293 evtimer_set(&iface->lsack_tx_timer, ls_ack_tx_timer, iface)event_set(&iface->lsack_tx_timer, -1, 0, ls_ack_tx_timer
, iface);
294 evtimer_set(&iface->hello_timer, if_hello_timer, iface)event_set(&iface->hello_timer, -1, 0, if_hello_timer, iface
);
295 evtimer_set(&iface->wait_timer, if_wait_timer, iface)event_set(&iface->wait_timer, -1, 0, if_wait_timer, iface
);
296
297 iface->fd = xconf->ospf_socket;
298
299 ospfe_demote_iface(iface, 0);
300
301 if (if_fsm(iface, IF_EVT_UP))
302 log_debug("error starting interface %s", iface->name);
303}
304
305/* timers */
306void
307if_hello_timer(int fd, short event, void *arg)
308{
309 struct iface *iface = arg;
310 struct timeval tv;
311
312 send_hello(iface);
313
314 /* reschedule hello_timer */
315 timerclear(&tv)(&tv)->tv_sec = (&tv)->tv_usec = 0;
316 tv.tv_sec = iface->hello_interval;
317 if (evtimer_add(&iface->hello_timer, &tv)event_add(&iface->hello_timer, &tv) == -1)
318 fatal("if_hello_timer");
319}
320
321void
322if_start_hello_timer(struct iface *iface)
323{
324 struct timeval tv;
325
326 timerclear(&tv)(&tv)->tv_sec = (&tv)->tv_usec = 0;
327 if (evtimer_add(&iface->hello_timer, &tv)event_add(&iface->hello_timer, &tv) == -1)
328 fatal("if_start_hello_timer");
329}
330
331void
332if_stop_hello_timer(struct iface *iface)
333{
334 if (evtimer_del(&iface->hello_timer)event_del(&iface->hello_timer) == -1)
335 fatal("if_stop_hello_timer");
336}
337
338void
339if_wait_timer(int fd, short event, void *arg)
340{
341 struct iface *iface = arg;
342
343 if_fsm(iface, IF_EVT_WTIMER);
1
Calling 'if_fsm'
344}
345
346void
347if_start_wait_timer(struct iface *iface)
348{
349 struct timeval tv;
350
351 timerclear(&tv)(&tv)->tv_sec = (&tv)->tv_usec = 0;
352 tv.tv_sec = iface->dead_interval;
353 if (evtimer_add(&iface->wait_timer, &tv)event_add(&iface->wait_timer, &tv) == -1)
354 fatal("if_start_wait_timer");
355}
356
357void
358if_stop_wait_timer(struct iface *iface)
359{
360 if (evtimer_del(&iface->wait_timer)event_del(&iface->wait_timer) == -1)
361 fatal("if_stop_wait_timer");
362}
363
364/* actions */
365int
366if_act_start(struct iface *iface)
367{
368 struct in6_addr addr;
369 struct timeval now;
370
371 if (!((iface->flags & IFF_UP0x1) &&
372 LINK_STATE_IS_UP(iface->linkstate)((iface->linkstate) >= 4 || (iface->linkstate) == 0))) {
373 log_debug("if_act_start: interface %s link down",
374 iface->name);
375 return (0);
376 }
377
378 if (iface->if_type == IFT_CARP0xf7 &&
379 !(iface->cflags & F_IFACE_PASSIVE0x01)) {
380 /* force passive mode on carp interfaces */
381 log_warnx("if_act_start: forcing interface %s to passive",
382 iface->name);
383 iface->cflags |= F_IFACE_PASSIVE0x01;
384 }
385
386 gettimeofday(&now, NULL((void *)0));
387 iface->uptime = now.tv_sec;
388
389 /* loopback interfaces have a special state */
390 if (iface->flags & IFF_LOOPBACK0x8)
391 iface->state = IF_STA_LOOPBACK0x02;
392
393 if (iface->cflags & F_IFACE_PASSIVE0x01) {
394 /* for an update of stub network entries */
395 orig_rtr_lsa(iface->area);
396 return (0);
397 }
398
399 switch (iface->type) {
400 case IF_TYPE_POINTOPOINT:
401 inet_pton(AF_INET624, AllSPFRouters"ff02::5", &addr);
402
403 if (if_join_group(iface, &addr))
404 return (-1);
405 iface->state = IF_STA_POINTTOPOINT0x08;
406 break;
407 case IF_TYPE_VIRTUALLINK:
408 iface->state = IF_STA_POINTTOPOINT0x08;
409 break;
410 case IF_TYPE_POINTOMULTIPOINT:
411 case IF_TYPE_NBMA:
412 log_debug("if_act_start: type %s not supported, interface %s",
413 if_type_name(iface->type), iface->name);
414 return (-1);
415 case IF_TYPE_BROADCAST:
416 inet_pton(AF_INET624, AllSPFRouters"ff02::5", &addr);
417
418 if (if_join_group(iface, &addr))
419 return (-1);
420 if (iface->priority == 0) {
421 iface->state = IF_STA_DROTHER0x10;
422 } else {
423 iface->state = IF_STA_WAITING0x04;
424 if_start_wait_timer(iface);
425 }
426 break;
427 default:
428 fatalx("if_act_start: unknown interface type");
429 }
430
431 /* hello timer needs to be started in any case */
432 if_start_hello_timer(iface);
433 return (0);
434}
435
436struct nbr *
437if_elect(struct nbr *a, struct nbr *b)
438{
439 if (a->priority > b->priority)
440 return (a);
441 if (a->priority < b->priority)
442 return (b);
443 if (ntohl(a->id.s_addr)(__uint32_t)(__builtin_constant_p(a->id.s_addr) ? (__uint32_t
)(((__uint32_t)(a->id.s_addr) & 0xff) << 24 | ((
__uint32_t)(a->id.s_addr) & 0xff00) << 8 | ((__uint32_t
)(a->id.s_addr) & 0xff0000) >> 8 | ((__uint32_t)
(a->id.s_addr) & 0xff000000) >> 24) : __swap32md
(a->id.s_addr)) > ntohl(b->id.s_addr)(__uint32_t)(__builtin_constant_p(b->id.s_addr) ? (__uint32_t
)(((__uint32_t)(b->id.s_addr) & 0xff) << 24 | ((
__uint32_t)(b->id.s_addr) & 0xff00) << 8 | ((__uint32_t
)(b->id.s_addr) & 0xff0000) >> 8 | ((__uint32_t)
(b->id.s_addr) & 0xff000000) >> 24) : __swap32md
(b->id.s_addr)))
444 return (a);
445 return (b);
446}
447
448int
449if_act_elect(struct iface *iface)
450{
451 struct in6_addr addr;
452 struct nbr *nbr, *bdr = NULL((void *)0), *dr = NULL((void *)0);
453 int round = 0;
454 int changed = 0;
455 int old_state;
456 char b1[16], b2[16], b3[16], b4[16];
457
458start:
459 /* elect backup designated router */
460 LIST_FOREACH(nbr, &iface->nbr_list, entry)for((nbr) = ((&iface->nbr_list)->lh_first); (nbr)!=
((void *)0); (nbr) = ((nbr)->entry.le_next)) {
10
Assuming 'nbr' is not equal to null
16
Assuming 'nbr' is equal to null
17
Loop condition is false. Execution continues on line 483
461 if (nbr->priority == 0 || nbr
11.1
'nbr' is not equal to 'dr'
 == dr || /* not electable */
11
Assuming field 'priority' is not equal to 0
14
Taking true branch
462 nbr->state & NBR_STA_PRELIM(0x0001 | 0x0002 | 0x0004) || /* not available */
12
Assuming the condition is false
463 nbr->dr.s_addr == nbr->id.s_addr) /* don't elect DR */
13
Assuming 'nbr->dr.s_addr' is equal to 'nbr->id.s_addr'
464 continue;
15
 Execution continues on line 460
465 if (bdr != NULL((void *)0)) {
466 /*
467 * routers announcing themselves as BDR have higher
468 * precedence over those routers announcing a
469 * different BDR.
470 */
471 if (nbr->bdr.s_addr == nbr->id.s_addr) {
472 if (bdr->bdr.s_addr == bdr->id.s_addr)
473 bdr = if_elect(bdr, nbr);
474 else
475 bdr = nbr;
476 } else if (bdr->bdr.s_addr != bdr->id.s_addr)
477 bdr = if_elect(bdr, nbr);
478 } else
479 bdr = nbr;
480 }
481
482 /* elect designated router */
483 LIST_FOREACH(nbr, &iface->nbr_list, entry)for((nbr) = ((&iface->nbr_list)->lh_first); (nbr)!=
((void *)0); (nbr) = ((nbr)->entry.le_next)) {
21
Loop condition is false. Execution continues on line 494
484 if (nbr->priority
17.2
Field 'priority' is not equal to 0
 == 0 || nbr->state & NBR_STA_PRELIM(0x0001 | 0x0002 | 0x0004) ||
19
Taking false branch
485 (nbr
17.3
'nbr' is not equal to 'dr'
 != dr && nbr->dr.s_addr != nbr->id.s_addr))
18
Assuming 'nbr->dr.s_addr' is equal to 'nbr->id.s_addr'
486 /* only DR may be elected check priority too */
487 continue;
488 if (dr
19.1
'dr' is equal to NULL
 == NULL((void *)0))
20
Taking true branch
489 dr = nbr;
490 else
491 dr = if_elect(dr, nbr);
492 }
493
494 if (dr
21.1
'dr' is not equal to NULL
 == NULL((void *)0)) {
495 /* no designate router found use backup DR */
496 dr = bdr;
497 bdr = NULL((void *)0);
498 }
499
500 /*
501 * if we are involved in the election (e.g. new DR or no
502 * longer BDR) redo the election
503 */
504 if (round
21.2
'round' is equal to 0
 == 0 &&
505 ((iface->self == dr && iface->self != iface->dr) ||
22
Assuming 'dr' is not equal to field 'self'
506 (iface->self != dr
22.1
'dr' is not equal to field 'self'
 && iface->self == iface->dr) ||
23
Assuming field 'self' is not equal to field 'dr'
507 (iface->self == bdr && iface->self != iface->bdr) ||
24
Assuming 'bdr' is equal to field 'self'
25
Assuming field 'self' is not equal to field 'bdr'
508 (iface->self != bdr && iface->self == iface->bdr))) {
509 /*
510 * Reset announced DR/BDR to calculated one, so
511 * that we may get elected in the second round.
512 * This is needed to drop from a DR to a BDR.
513 */
514 iface->self->dr.s_addr = dr->id.s_addr;
26
Dereference of null pointer
515 if (bdr)
516 iface->self->bdr.s_addr = bdr->id.s_addr;
517 round = 1;
518 goto start;
519 }
520
521 log_debug("if_act_elect: interface %s old dr %s new dr %s, "
522 "old bdr %s new bdr %s", iface->name,
523 iface->dr ? inet_ntop(AF_INET2, &iface->dr->id, b1, sizeof(b1)) :
524 "none", dr ? inet_ntop(AF_INET2, &dr->id, b2, sizeof(b2)) : "none",
525 iface->bdr ? inet_ntop(AF_INET2, &iface->bdr->id, b3, sizeof(b3)) :
526 "none", bdr ? inet_ntop(AF_INET2, &bdr->id, b4, sizeof(b4)) :
527 "none");
528
529 /*
530 * After the second round still DR or BDR change state to DR or BDR,
531 * etc.
532 */
533 old_state = iface->state;
534 if (dr == iface->self)
535 iface->state = IF_STA_DR0x40;
536 else if (bdr == iface->self)
537 iface->state = IF_STA_BACKUP0x20;
538 else
539 iface->state = IF_STA_DROTHER0x10;
540
541 /* TODO if iface is NBMA send all non eligible neighbors event Start */
542
543 /*
544 * if DR or BDR changed issue a AdjOK? event for all neighbors > 2-Way
545 */
546 if (iface->dr != dr || iface->bdr != bdr)
547 changed = 1;
548
549 iface->dr = dr;
550 iface->bdr = bdr;
551
552 if (changed) {
553 inet_pton(AF_INET624, AllDRouters"ff02::6", &addr);
554 if (old_state & IF_STA_DRORBDR(0x40 | 0x20) &&
555 (iface->state & IF_STA_DRORBDR(0x40 | 0x20)) == 0) {
556 if (if_leave_group(iface, &addr))
557 return (-1);
558 } else if ((old_state & IF_STA_DRORBDR(0x40 | 0x20)) == 0 &&
559 iface->state & IF_STA_DRORBDR(0x40 | 0x20)) {
560 if (if_join_group(iface, &addr))
561 return (-1);
562 }
563
564 LIST_FOREACH(nbr, &iface->nbr_list, entry)for((nbr) = ((&iface->nbr_list)->lh_first); (nbr)!=
((void *)0); (nbr) = ((nbr)->entry.le_next)) {
565 if (nbr->state & NBR_STA_BIDIR(0x0008 | (0x0010 | 0x0020 | (0x0040 | 0x0080 | 0x0100))))
566 nbr_fsm(nbr, NBR_EVT_ADJ_OK);
567 }
568
569 orig_rtr_lsa(iface->area);
570 if (iface->state & IF_STA_DR0x40 || old_state & IF_STA_DR0x40)
571 orig_net_lsa(iface);
572 }
573
574 if_start_hello_timer(iface);
575 return (0);
576}
577
578int
579if_act_reset(struct iface *iface)
580{
581 struct nbr *nbr = NULL((void *)0);
582 struct in6_addr addr;
583
584 if (iface->cflags & F_IFACE_PASSIVE0x01) {
585 /* for an update of stub network entries */
586 orig_rtr_lsa(iface->area);
587 return (0);
588 }
589
590 switch (iface->type) {
591 case IF_TYPE_POINTOPOINT:
592 case IF_TYPE_BROADCAST:
593 inet_pton(AF_INET624, AllSPFRouters"ff02::5", &addr);
594 if (if_leave_group(iface, &addr)) {
595 log_warnx("if_act_reset: error leaving group %s, "
596 "interface %s", log_in6addr(&addr), iface->name);
597 }
598 if (iface->state & IF_STA_DRORBDR(0x40 | 0x20)) {
599 inet_pton(AF_INET624, AllDRouters"ff02::6", &addr);
600 if (if_leave_group(iface, &addr)) {
601 log_warnx("if_act_reset: "
602 "error leaving group %s, interface %s",
603 log_in6addr(&addr), iface->name);
604 }
605 }
606 break;
607 case IF_TYPE_VIRTUALLINK:
608 /* nothing */
609 break;
610 case IF_TYPE_NBMA:
611 case IF_TYPE_POINTOMULTIPOINT:
612 log_debug("if_act_reset: type %s not supported, interface %s",
613 if_type_name(iface->type), iface->name);
614 return (-1);
615 default:
616 fatalx("if_act_reset: unknown interface type");
617 }
618
619 LIST_FOREACH(nbr, &iface->nbr_list, entry)for((nbr) = ((&iface->nbr_list)->lh_first); (nbr)!=
((void *)0); (nbr) = ((nbr)->entry.le_next)) {
620 if (nbr_fsm(nbr, NBR_EVT_KILL_NBR)) {
621 log_debug("if_act_reset: error killing neighbor %s",
622 inet_ntoa(nbr->id));
623 }
624 }
625
626 iface->dr = NULL((void *)0);
627 iface->bdr = NULL((void *)0);
628
629 ls_ack_list_clr(iface);
630 stop_ls_ack_tx_timer(iface);
631 if_stop_hello_timer(iface);
632 if_stop_wait_timer(iface);
633
634 /* send empty hello to tell everybody that we are going down */
635 send_hello(iface);
636
637 return (0);
638}
639
640struct ctl_iface *
641if_to_ctl(struct iface *iface)
642{
643 static struct ctl_iface ictl;
644 struct timeval tv, now, res;
645 struct nbr *nbr;
646
647 memcpy(ictl.name, iface->name, sizeof(ictl.name));
648 memcpy(&ictl.addr, &iface->addr, sizeof(ictl.addr));
649 ictl.rtr_id.s_addr = ospfe_router_id();
650 memcpy(&ictl.area, &iface->area->id, sizeof(ictl.area));
651 if (iface->dr) {
652 memcpy(&ictl.dr_id, &iface->dr->id, sizeof(ictl.dr_id));
653 memcpy(&ictl.dr_addr, &iface->dr->addr, sizeof(ictl.dr_addr));
654 } else {
655 bzero(&ictl.dr_id, sizeof(ictl.dr_id));
656 bzero(&ictl.dr_addr, sizeof(ictl.dr_addr));
657 }
658 if (iface->bdr) {
659 memcpy(&ictl.bdr_id, &iface->bdr->id, sizeof(ictl.bdr_id));
660 memcpy(&ictl.bdr_addr, &iface->bdr->addr,
661 sizeof(ictl.bdr_addr));
662 } else {
663 bzero(&ictl.bdr_id, sizeof(ictl.bdr_id));
664 bzero(&ictl.bdr_addr, sizeof(ictl.bdr_addr));
665 }
666 ictl.ifindex = iface->ifindex;
667 ictl.state = iface->state;
668 ictl.mtu = iface->mtu;
669 ictl.nbr_cnt = 0;
670 ictl.adj_cnt = 0;
671 ictl.baudrate = iface->baudrate;
672 ictl.dead_interval = iface->dead_interval;
673 ictl.transmit_delay = iface->transmit_delay;
674 ictl.hello_interval = iface->hello_interval;
675 ictl.flags = iface->flags;
676 ictl.metric = iface->metric;
677 ictl.rxmt_interval = iface->rxmt_interval;
678 ictl.type = iface->type;
679 ictl.linkstate = iface->linkstate;
680 ictl.if_type = iface->if_type;
681 ictl.priority = iface->priority;
682 ictl.passive = (iface->cflags & F_IFACE_PASSIVE0x01) == F_IFACE_PASSIVE0x01;
683
684 gettimeofday(&now, NULL((void *)0));
685 if (evtimer_pending(&iface->hello_timer, &tv)event_pending(&iface->hello_timer, 0x01, &tv)) {
686 timersub(&tv, &now, &res)do { (&res)->tv_sec = (&tv)->tv_sec - (&now
)->tv_sec; (&res)->tv_usec = (&tv)->tv_usec -
(&now)->tv_usec; if ((&res)->tv_usec < 0) {
(&res)->tv_sec--; (&res)->tv_usec += 1000000; }
} while (0);
687 ictl.hello_timer = res.tv_sec;
688 } else
689 ictl.hello_timer = -1;
690
691 if (iface->state != IF_STA_DOWN0x01) {
692 ictl.uptime = now.tv_sec - iface->uptime;
693 } else
694 ictl.uptime = 0;
695
696 LIST_FOREACH(nbr, &iface->nbr_list, entry)for((nbr) = ((&iface->nbr_list)->lh_first); (nbr)!=
((void *)0); (nbr) = ((nbr)->entry.le_next)) {
697 if (nbr == iface->self)
698 continue;
699 ictl.nbr_cnt++;
700 if (nbr->state & NBR_STA_ADJFORM(0x0010 | 0x0020 | (0x0040 | 0x0080 | 0x0100)))
701 ictl.adj_cnt++;
702 }
703
704 return (&ictl);
705}
706
707/* misc */
708void
709if_set_sockbuf(int fd)
710{
711 int bsize;
712
713 bsize = 256 * 1024;
714 while (setsockopt(fd, SOL_SOCKET0xffff, SO_RCVBUF0x1002, &bsize,
715 sizeof(bsize)) == -1)
716 bsize /= 2;
717
718 if (bsize != 256 * 1024)
719 log_warnx("if_set_sockbuf: recvbuf size only %d", bsize);
720
721 bsize = 64 * 1024;
722 while (setsockopt(fd, SOL_SOCKET0xffff, SO_SNDBUF0x1001, &bsize,
723 sizeof(bsize)) == -1)
724 bsize /= 2;
725
726 if (bsize != 64 * 1024)
727 log_warnx("if_set_sockbuf: sendbuf size only %d", bsize);
728}
729
730int
731if_join_group(struct iface *iface, struct in6_addr *addr)
732{
733 struct ipv6_mreq mreq;
734
735 switch (iface->type) {
736 case IF_TYPE_POINTOPOINT:
737 case IF_TYPE_BROADCAST:
738 log_debug("if_join_group: interface %s addr %s",
739 iface->name, log_in6addr(addr));
740 mreq.ipv6mr_multiaddr = *addr;
741 mreq.ipv6mr_interface = iface->ifindex;
742
743 if (setsockopt(iface->fd, IPPROTO_IPV641, IPV6_JOIN_GROUP12,
744 &mreq, sizeof(mreq)) == -1) {
745 log_warn("if_join_group: error IPV6_JOIN_GROUP, "
746 "interface %s address %s", iface->name,
747 log_in6addr(addr));
748 return (-1);
749 }
750 break;
751 case IF_TYPE_POINTOMULTIPOINT:
752 case IF_TYPE_VIRTUALLINK:
753 case IF_TYPE_NBMA:
754 log_debug("if_join_group: type %s not supported, interface %s",
755 if_type_name(iface->type), iface->name);
756 return (-1);
757 default:
758 fatalx("if_join_group: unknown interface type");
759 }
760
761 return (0);
762}
763
764int
765if_leave_group(struct iface *iface, struct in6_addr *addr)
766{
767 struct ipv6_mreq mreq;
768
769 switch (iface->type) {
770 case IF_TYPE_POINTOPOINT:
771 case IF_TYPE_BROADCAST:
772 log_debug("if_leave_group: interface %s addr %s",
773 iface->name, log_in6addr(addr));
774 mreq.ipv6mr_multiaddr = *addr;
775 mreq.ipv6mr_interface = iface->ifindex;
776
777 if (setsockopt(iface->fd, IPPROTO_IPV641, IPV6_LEAVE_GROUP13,
778 (void *)&mreq, sizeof(mreq)) == -1) {
779 log_warn("if_leave_group: error IPV6_LEAVE_GROUP, "
780 "interface %s address %s", iface->name,
781 log_in6addr(addr));
782 return (-1);
783 }
784 break;
785 case IF_TYPE_POINTOMULTIPOINT:
786 case IF_TYPE_VIRTUALLINK:
787 case IF_TYPE_NBMA:
788 log_debug("if_leave_group: type %s not supported, interface %s",
789 if_type_name(iface->type), iface->name);
790 return (-1);
791 default:
792 fatalx("if_leave_group: unknown interface type");
793 }
794 return (0);
795}
796
797int
798if_set_mcast(struct iface *iface)
799{
800 switch (iface->type) {
801 case IF_TYPE_POINTOPOINT:
802 case IF_TYPE_BROADCAST:
803 if (setsockopt(iface->fd, IPPROTO_IPV641, IPV6_MULTICAST_IF9,
804 &iface->ifindex, sizeof(iface->ifindex)) == -1) {
805 log_debug("if_set_mcast: error setting "
806 "IP_MULTICAST_IF, interface %s", iface->name);
807 return (-1);
808 }
809 break;
810 case IF_TYPE_POINTOMULTIPOINT:
811 case IF_TYPE_VIRTUALLINK:
812 case IF_TYPE_NBMA:
813 log_debug("if_set_mcast: type %s not supported, interface %s",
814 if_type_name(iface->type), iface->name);
815 return (-1);
816 default:
817 fatalx("if_set_mcast: unknown interface type");
818 }
819
820 return (0);
821}
822
823int
824if_set_mcast_loop(int fd)
825{
826 u_int loop = 0;
827
828 if (setsockopt(fd, IPPROTO_IPV641, IPV6_MULTICAST_LOOP11,
829 (u_int *)&loop, sizeof(loop)) == -1) {
830 log_warn("if_set_mcast_loop: error setting "
831 "IPV6_MULTICAST_LOOP");
832 return (-1);
833 }
834
835 return (0);
836}
837
838int
839if_set_ipv6_pktinfo(int fd, int enable)
840{
841 if (setsockopt(fd, IPPROTO_IPV641, IPV6_RECVPKTINFO36, &enable,
842 sizeof(enable)) == -1) {
843 log_warn("if_set_ipv6_pktinfo: error setting IPV6_PKTINFO");
844 return (-1);
845 }
846
847 return (0);
848}
849
850int
851if_set_ipv6_checksum(int fd)
852{
853 int offset = offsetof(struct ospf_hdr, chksum)__builtin_offsetof(struct ospf_hdr, chksum);
854
855 log_debug("if_set_ipv6_checksum setting cksum offset to %d", offset);
856 if (setsockopt(fd, IPPROTO_IPV641, IPV6_CHECKSUM26, &offset,
857 sizeof(offset)) == -1) {
858 log_warn("if_set_ipv6_checksum: error setting IPV6_CHECKSUM");
859 return (-1);
860 }
861 return (0);
862}