I'd like to contribute to the project by sharing a script for discovering OSPF neighbors.
To make the script work, I've made several additions to the ospf library, and also a small addition to ipOps. I've also considered to partially rewrite the ospf library using Lua native functions instead bin/bit, but I stopped because (maybe due to my poor Lua skills) I didn't found a convenient way to handle hex strings.
Comments are welcome! Thanks!
ospf: fix wrong endianness
ospf: parse LSA headers and include them when parsing DB desc
ospf: implement LSRequest class
ospf: split LSAHeader class into nested LSA and Header classes, and m…
…ove them outside of DBDescription
ospf: add class for Type-1 LSA and its links, add LSA.parse method
ospf: implement LSUpdate class
ospf: bug fix for simple password authentication and checksum
ospf: bug fix for sequence number collection when using digest authen…
ospf: allow packet creation using MD5 digest key
ospf: add ASExternal class to LSA
ospf: add credits and support for all messages to Response class
ipOps: add cidr_to_subnet and subnet_to_cidr functions
NSE: add broadcast-ospf2-discover script
Ok, I've got the conflicts resolved, but I have one issue and question: All of our scripts should behave in a reasonable fashion if OpenSSL is not compiled in, so instead of local openssl = require "openssl", ospf.lua should have local have_ssl, openssl = pcall(require, "openssl") and then protect calls to openssl.md5 with a check for have_ssl. This is easy, and I've done it. The question is, how should the script handle auth type 2 packets then?
local openssl = require "openssl"
local have_ssl, openssl = pcall(require, "openssl")
One option would be to check for OpenSSL in the script in the same way, and fail gracefully if md5_key is set. Another would be to fall back to some other auth type and just try making things work. @emyl What do you think we should do in this case?
broadcast-ospf2-discover: fail gracefully if openssl is not compiled …
…in and md5 authentication is found
@dmiller-nmap thanks for pointing this out, I've updated the script: it now fails gracefully just in case.