summaryrefslogtreecommitdiffstats
path: root/ospfd/OSPF-ALIGNMENT.txt
blob: dac6182fdeabca809ee7e50488b7d035ea851c08 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
$Id: OSPF-ALIGNMENT.txt,v 1.1 2004/11/17 17:59:52 gdt Exp $

Greg Troxel <gdt@ir.bbn.com>
2004-11-17

The OSPF specification (RFC2328) and the OSPF Opaque LSA specification
(RFC2370) are ambiguous about LSAs whose data section is not an
integral multiple of 4 octets.  This note examines the issue and
proposes clarifications to ensure interoperability.

RFC2328 does not specify that LSA lengths be a multiple of 4.
It does not require that LSAs in update packets be aligned.
However, all structures defined by RFC2328 are multiples of 4, and
thus update packets with those structures must be aligned.
LSA length is defined in Appendix A.4 as

    length
        The length in bytes of the LSA.  This includes the 20 byte LSA
        header.

RFC2370 defines Opaque LSAs, which are intended to contain arbitrary
data:

   This memo defines enhancements to the OSPF protocol to support a new
   class of link-state advertisements (LSA) called Opaque LSAs.  Opaque
   LSAs provide a generalized mechanism to allow for the future
   extensibility of OSPF. Opaque LSAs consist of a standard LSA header
   followed by application-specific information.  The information field
   may be used directly by OSPF or by other applications.  Standard OSPF
   link-state database flooding mechanisms are used to distribute Opaque
   LSAs to all or some limited portion of the OSPF topology.


Later, 2370 says:

   Opaque LSAs contain some number of octets (of application-specific
   data) padded to 32-bit alignment.

This can be interpreted in several ways:

A) The payload may be any number of octets, and the length field
reflects the payload length (e.g. length 23 for 3 octets of payload),
but there are padding octets following the LSA in packets, so that the
next LSA starts on a 4-octet boundary.  (This approach is common in
the BSD user/kernel interface.)

B) The payload must be a multiple of 4 octets, so that the length is a
multiple of 4 octets.  This corresponds to an implementation that
treats an Opaque LSA publish request that is not a multiple of 4
octets as an error.

C) The payload can be any number of octets, but padding is added and
included in the length field.  This interpretation corresponds to an
OSPF implementation that accepts a publish request for an Opaque LSA
that is not a multiple of 4 octets.  This interpretation is
nonsensical, because it claims to represent arbitrary lengths, but
does not actually do so --- the receiver cannot distinguish padding
from supplied data.

D) Accept according to A, and transmit according to B.

Option A arguably violates RFC 2328, which doesn't say anything about
adding padding (A.3.5 shows a diagram of adjacent LSAs which are shown
as all multiples of 4).  This option is thus likely to lead to a lack
of interoperability.

Option B restricts what data can be represented as an Opaque LSA, but
probably not in a serious way.  It is likely to lead to
interoperability in that the complex case of non-multiple-of-4 lengths
will not arise.

However, an implementation that follows A and emits an LSA with
payload length not a multiple of 4 will not interoperate with an
Option B implementation.

Given that all known and documented uses of Opaque LSAs seem to be
multiples of 4 octets, we choose Option B as the clarification.

CLARIFYING TEXT

In RFC2328:

In section A.4, add a second sentence about length:

    length
        The length in bytes of the LSA.  This includes the 20 byte LSA
        header.  The length must be an integral multiple of 4 bytes.

Add to the list in Section 13:

    Verify that the length of the LSA is a multiple of 4 bytes.  If
    not, discard the entire Link State Update Packet.

In RFC2380:

Change text:

   Opaque LSAs contain some number of octets (of application-specific
   data) padded to 32-bit alignment.

to:

   Opaque LSAs contain some a number of octets (of
   application-specific data).  The number of octets must be a
   multiple of four.


HOW THIS ISSUE AROSE

At BBN, we use Opaque LSAs to exchange data among routers; the format
of the data is naturally aligned to 4 bytes, and thus does not raise
this issue.  We created a test program to publish Opaque data via IPC
to the OSPF daemon (quagga), and this program accepts strings on the
command line to publish.  We then used this test program to publish
software version strings.  Quagga's ospfd then crashed on a
NetBSD/sparc64 machine with an alignment fault, because the odd-length
LSAs were marshalled into a link-state update packet with no padding.
While this behavior was a clear violation of RFC2380, it was not clear
how to remedy the problem.