BIRD OSPF floods illegal LSA seq no 0x80000000 after premature aging
Dennis Koegel
dk at openit.de
Fri May 21 18:41:50 CEST 2010
Cheers,
we have reproducible case in the lab where BIRD's OSPF sends LSUPDs with
illegal sequence number 0x80000000.
Here's what happens:
- The OSPF is up and running fine, including BIRD
- A change to bird.conf is made that affects OSPF routes
- BIRD receives a SIGHUP
- Apparently as part of reconfiguration, BIRD floods LSAs with MaxAge
and MaxSequenceNumber 0x7fffffff (premature aging -- so far ok)
- Immediately after that, but before any other OSPF packet is
received (!), BIRD floods the same LSAs again, but with an Age of
2 or 3 (NOT MaxAge) and sequence number 0x80000000
We have a capture file (pcap) of this. If this is any help, I'm happy
to e-mail it.
The bug here is that sequence number 0x80000000 is reserved and not to
be used (RFC 2328, section 12.1.6).
As far as I can see, originate_ext_lsa() is called and simply looks up
a matching entry in its database (*en). It finds the previously-
originated entry with 0x7fffffff, blindly increments it to
0x80000000 (proto/ospf/topology.c:990) and then floods it.
More information about the Bird-users
mailing list