Touble ospf md5 authentication

Vitaliy Kolodinsky kolodinsky at telecom.by
Mon Mar 22 09:31:32 CET 2010


Dear, Ondrej Zajicek.

Вы писали 20 марта 2010 г., 3:30:42:

> diff -uprN bird-1.2.1/proto/ospf/packet.c bird-1.2.1-/proto/ospf/packet.c
> --- bird-1.2.1/proto/ospf/packet.c      2010-01-14 11:06:27.000000000 +0100
> +++ bird-1.2.1-/proto/ospf/packet.c     2010-03-19 19:24:47.000000000 +0100
> @@ -179,7 +179,7 @@ ospf_pkt_checkauth(struct ospf_neighbor 
>          return 0;
>        }
>  
> -      if (ntohs(pkt->length) + OSPF_AUTH_CRYPT_SIZE != size)
> +      if (ntohs(pkt->length) + OSPF_AUTH_CRYPT_SIZE < size)
>        {
>          OSPF_TRACE(D_PACKETS, "OSPF_auth: size mismatch (%d vs %d)",
>           ntohs(pkt->length) + OSPF_AUTH_CRYPT_SIZE, size);

The patch does not work. If the IP packet contains the LLS block, the size
ntohs (pkt-> length) + OSPF_AUTH_CRYPT_SIZE  and so will be less than the size of an IP packet, as the size of the LLS block included in size IP packet.
We must either somehow assume the size of LLS block or remove all checks on the size of the package.

--

Best regards,
Vitaliy
Kolodinsky
BYVK-RIPE
ISP Atlant Telecom
kolodinsky at telecom.by




More information about the Bird-users mailing list