On Tue, Jun 08, 2021 at 11:42:25AM +0200, Toke Høiland-Jørgensen wrote:
Hi
Merged to master. There are few more issues i noticed during testing, see b174cc0abc0a9d7e84cc6fae46d9e19b714fbcfb for details. Two of these issues were related to bad value of auth_tx_overhead, which has an ugly fail mode where only large route updates had bad/no signature, but small IHU packets had good signature, so the link looks like OK.
Awesome! Many thanks, also for the bug fixes :)
I would like to have better fail mode in case of bugs, but not sure if that could be reasonably done.
Hmm, one thought would be to do an explicit sanity check on link bring-up by padding the initial Hello to the full packet length? That should at least flush out any bugs inside Bird and (if we also actually start checking the return value of the socket call) the OS. Big packets could still be dropped on the wire, of course, but not much we can do about that unless we want to do very extensive probing...
That is probably overkill. I thought about stopping signing of remaining packets for a neighbor after some error during signing happened. But that has some other problems, so i will likely just ignore this and keep it as it is.
I also changed 'key' config option to 'password' (so it is 'password' with either ASCII string or hex-string). In future, we should probably switch to 'key' for both variants, as that is the name generally used for that. But using different keywords just for different notation of the same concept seems confusing to me.
OK. But why not just support both 'key' and 'password' for both formats straight away, then?
OK with me. Will change that.
Done -- Elen sila lumenn' omentielvo Ondrej 'Santiago' Zajicek (email: santiago@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) "To err is human -- to blame it on a computer is even more so."