ospf6d: OSPFv3 manual key authentication neglects checking the SA ID.

Also, add topotest variation to verify checking. This corrects https://github.com/FRRouting/frr/issues/16100. Signed-off-by: Acee Lindem <acee@lindem.com>
author: Acee Lindem <acee@lindem.com> 2024-06-04 23:24:46 +0200
committer: Acee Lindem <acee@lindem.com> 2024-06-04 23:24:46 +0200
commit: 3f359d732c0be97e580d752cbf8099932afe7dcb (patch)
tree: d1e7bd529fd6b1af8f074f696e871a901f5706b8 /ospf6d
parent: Merge pull request #16160 from opensourcerouting/fix/revert_39e27b840e5ddc208... (diff)
download: frr-3f359d732c0be97e580d752cbf8099932afe7dcb.tar.xz
frr-3f359d732c0be97e580d752cbf8099932afe7dcb.zip
1 files changed, 9 insertions, 0 deletions
diff --git a/ospf6d/ospf6_auth_trailer.c b/ospf6d/ospf6_auth_trailer.c
index 8d9eff409..860d27379 100644
--- a/ospf6d/ospf6_auth_trailer.c
+++ b/ospf6d/ospf6_auth_trailer.c
@@ -517,6 +517,15 @@ int ospf6_auth_check_digest(struct ospf6_header *oh, struct ospf6_interface *oi,
 		}
 	} else if (CHECK_FLAG(oi->at_data.flags,
 			      OSPF6_AUTH_TRAILER_MANUAL_KEY)) {
+		if (oi->at_data.key_id != ntohs(ospf6_auth->id)) {
+			if (IS_OSPF6_DEBUG_AUTH_RX)
+				zlog_err("RECV[%s]: Auth SA ID mismatch for %s, received %u vs configured %u",
+					 oi->interface->name,
+					 ospf6_message_type(oh->type),
+					 ntohs(ospf6_auth->id),
+					 oi->at_data.key_id);
+			return OSPF6_AUTH_VALIDATE_FAILURE;
+		}
 		auth_str = oi->at_data.auth_key;
 		hash_algo = oi->at_data.hash_algo;
 	}
author	Acee Lindem <acee@lindem.com>	2024-06-04 23:24:46 +0200
committer	Acee Lindem <acee@lindem.com>	2024-06-04 23:24:46 +0200
commit	3f359d732c0be97e580d752cbf8099932afe7dcb (patch)
tree	d1e7bd529fd6b1af8f074f696e871a901f5706b8 /ospf6d
parent	Merge pull request #16160 from opensourcerouting/fix/revert_39e27b840e5ddc208... (diff)
download	frr-3f359d732c0be97e580d752cbf8099932afe7dcb.tar.xz frr-3f359d732c0be97e580d752cbf8099932afe7dcb.zip