frr
frr copied to clipboard
FRRouting
nhrp: add `cisco-authentication` password support
Implemented:
- handling 8 char long password, aka Cisco style.
- minimal error inidication routine
- test case, password change affects connection
Implemented in the context - https://vyos.dev/T2326
general remark: apply 'git clang-format HEAD^' and squash the proposed changes.
The latest update:
- addressed the PR comments
- fixed styling with clang-format
- added a short doc for the password config
The internal testing by my team has shown issues when connecting with Cisco Spoke; keep PR as a draft until addressed
@volodymyrhuti I also have an interest in seeing this committed. I tested your PR against a Cisco router as spoke and found/fixed a few issues. (see attached file). Wireshark is still complaining. I'm wondering if its because the packet causing the error indication does not include the extensions when copying the packet that caused the indication. Wireshark just recursively parses the included original packet, so the checksum and length would be incorrect.
Issues I found/fixed:
- FRR would accept messages from a spoke without authentication when FRR NHRP had auth configured.
- The error indication was not being sent in network byte order
- the debug print in nhrp_connection_authorized was not correctly printing the received password
- the addresses portion of the mandatory part of the error indication were invalid on the wire (confirmed in wireshark)
Happy to discuss, let me know if you have any questions.
I have coordinated with @volodymyrhuti and he has agreed to let me carry this work forward. I am closing this PR and taking up the work in https://github.com/FRRouting/frr/pull/16172
