<div dir="ltr"><div><div><div><div><div><div>Hi all<br><br></div>I want to update on this.<br></div>I have disabled the (cryptographic) authentication on all bird routers in that LAN segment for ospfv6 and the issue is gone.<br><br></div>Currently only "ttl security yes;" is set.<br></div>Normally, this kind of security would be sufficient I suppose...<br><br></div><div>I hope this information is helpful to someone.<br></div><div><br></div>Kind regards<br></div>Dries<br><div><div><div><div><br><div><div><div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">---------- Forwarded message ---------<br>From: <b class="gmail_sendername" dir="auto">Dries</b> <span dir="auto"><<a href="mailto:driesp@gmail.com">driesp@gmail.com</a>></span><br>Date: Mon, 7 Dec 2020 at 12:42<br>Subject: Fwd: ospfv6 cryptographic crashes bird<br>To: <<a href="mailto:bird-users@network.cz">bird-users@network.cz</a>><br></div><br><br><div dir="ltr"><br><div class="gmail_quote"><div dir="ltr"><div><div><div><div><div><div><div><div>Hi<br><br></div>I am having an issue that crashes bird 2.0.7 running on latest centos 7.9.2009, most of the time, but sometimes not.<br></div>Running the same config on other machines, and there is no problem, only on this particular one. So I am maybe missing some (cryptographic) libraries?<br></div><div>I don't see any error messages during compilation or build.<br></div><div><br></div><div>It has to do with ospfv6 because, when I remove this config, it runs fine.<br><br></div>Example config that is causing issues:<br>protocol ospf v3 ospfv6 {<br> ipv6 {<br> import filter import_ospfv6;<br> export filter export_ospfv6;<br> };<br> <br> area 0.0.0.0 {<br> interface "eth1" {<br> cost 1;<br> authentication cryptographic;<br> password "password" {<br> algorithm hmac sha512;<br> };<br> type broadcast;<br> ttl security yes;<br> };<br> interface "xenbr0" {<br> cost 100;<br> type broadcast;<br> ttl security yes;<br> };<br> };<br>}<br><br></div>When bird runs in debug mode, I get these error messages before bird crashes:<br><br>sometimes this one:<br>Assertion '*plen < ifa->sk->tbsize' failed at proto/ospf/packet.c:147<br>sometimes this one:<br>Assertion '*plen < ifa->sk->tbsize' failed at proto/ospf/packet.c:97<br><br></div>These messages also appear during startup:<br>ospfv6: Authentication failed for nbr 123.123.123.123 on eth1 - missing authentication trailer (0)<br><br></div>Thank you in advance.<br><br></div>Kind regards<br></div>Dries<br></div>
</div></div>
</div></div></div></div></div></div></div></div></div>