]> git.ipfire.org Git - thirdparty/bird.git/commit
projects / thirdparty / bird.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: b722fe7) | patch
Fixes broken cryptographic authentication in OSPF
authorOndrej Zajicek <santiago@crfreenet.org>
Wed, 8 Apr 2009 18:15:01 +0000 (20:15 +0200)
committerOndrej Zajicek <santiago@crfreenet.org>
Wed, 8 Apr 2009 18:15:01 +0000 (20:15 +0200)
commit024c310b537abc3ddbac3054de71fd759d422824
tree159cc669b9d16d2d97102c187320c800e376f710tree | snapshot
parentb722fe7ebdf7e11f097ed0a85302769de2ac10fbcommit | diff
Fixes broken cryptographic authentication in OSPF

Cryptographic authentication in OSPF is defective by
design - there might be several packets independently
sent to the network (for example HELLO, LSUPD and LSACK)
where they might be reordered and that causes crypt.
sequence number error.

That can be workarounded by not incresing sequence number
too often. Now we update it only when last packet was sent
before at least one second. This can constitute a risk of
replay attacks, but RFC supposes something similar (like time
in seconds used as CSN).
nest/config.Y diff | blob | blame | history
proto/ospf/config.Y diff | blob | blame | history
proto/ospf/ospf.h diff | blob | blame | history
proto/ospf/packet.c diff | blob | blame | history
Mirror of https://gitlab.labs.nic.cz/labs/bird.git