BIRD OSPF floods illegal LSA seq no 0x80000000 after premature aging

Dennis Koegel dk at openit.de
Fri May 21 18:41:50 CEST 2010


Cheers,

we have reproducible case in the lab where BIRD's OSPF sends LSUPDs with
illegal sequence number 0x80000000.

Here's what happens:

- The OSPF is up and running fine, including BIRD
- A change to bird.conf is made that affects OSPF routes
- BIRD receives a SIGHUP
- Apparently as part of reconfiguration, BIRD floods LSAs with MaxAge
  and MaxSequenceNumber 0x7fffffff (premature aging -- so far ok)
- Immediately after that, but before any other OSPF packet is
  received (!), BIRD floods the same LSAs again, but with an Age of
  2 or 3 (NOT MaxAge) and sequence number 0x80000000

We have a capture file (pcap) of this. If this is any help, I'm happy
to e-mail it.

The bug here is that sequence number 0x80000000 is reserved and not to
be used (RFC 2328, section 12.1.6).

As far as I can see, originate_ext_lsa() is called and simply looks up
a matching entry in its database (*en). It finds the previously-
originated entry with 0x7fffffff, blindly increments it to
0x80000000 (proto/ospf/topology.c:990) and then floods it.



More information about the Bird-users mailing list