On Sun, Aug 20, 2023 at 08:07:16PM +0200, Chriztoffer (bird-users) wrote:
Hello bird-users list,
I am seeking input into if anyone can provide suggestions on how to debug the below described error message.
Cheers, Chriztoffer
When trying to establish the OSPFv3 IPv6 connections between the three nodes. The connection from the two Proxmox nodes to the MikroTik Router fails with error "wrong authentication length" when logged by bird2.
Hello Thanks for the bugreport and debugging. This seems like a straightforward bug in Mikrotik: RFC 7166 4.1: Auth Data Len This is the length in octets of the Authentication Trailer (AT), including both the 16-octet fixed header and the variable-length message digest. For HMAC SHA-512, variable length is 512/8 = 64, so auth data length should be 16+64 = 80. Seems like the Mikrotik omits the length of fixed header in the field, so they just put 64 there.
From looking at the PCAP I do indeed see the auth-data is not of the same length.
## MikroTik (MAC OUI 4c:5e:0c)
OSPF Authentication Trailer Authentication Type: HMAC Cryptographic Authentication (1) Authentication Data Length: **64** Reserved: 0x0000 Security Association Identifier (SA ID): 0x0000 Cryptographic Sequence Number: 71479 Authentication Data: 021d5635eac7b92d28bfad6507bcda7702a5f1e323197be18d42d436dcae998f5ae462da…
## Bird 2.13.1 (MAC OUI 70:54:d2)
OSPF Authentication Trailer Authentication Type: HMAC Cryptographic Authentication (1) Authentication Data Length: **80** Reserved: 0x0000 Security Association Identifier (SA ID): 0x0000 Cryptographic Sequence Number: 405 Authentication Data: 95c0ecfcd54a50e0da70acbf242181d3f45fce7dd1d8b6ccdb783d96c319c49e0cb77e5e…
-- Elen sila lumenn' omentielvo Ondrej 'Santiago' Zajicek (email: santiago@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) "To err is human -- to blame it on a computer is even more so."