Fwd: ospfv6 cryptographic crashes bird
Dries
driesp at gmail.com
Mon Dec 7 17:36:49 CET 2020
Hi all
I want to update on this.
I have disabled the (cryptographic) authentication on all bird routers in
that LAN segment for ospfv6 and the issue is gone.
Currently only "ttl security yes;" is set.
Normally, this kind of security would be sufficient I suppose...
I hope this information is helpful to someone.
Kind regards
Dries
---------- Forwarded message ---------
From: Dries <driesp at gmail.com>
Date: Mon, 7 Dec 2020 at 12:42
Subject: Fwd: ospfv6 cryptographic crashes bird
To: <bird-users at network.cz>
Hi
I am having an issue that crashes bird 2.0.7 running on latest centos
7.9.2009, most of the time, but sometimes not.
Running the same config on other machines, and there is no problem, only on
this particular one. So I am maybe missing some (cryptographic) libraries?
I don't see any error messages during compilation or build.
It has to do with ospfv6 because, when I remove this config, it runs fine.
Example config that is causing issues:
protocol ospf v3 ospfv6 {
ipv6 {
import filter import_ospfv6;
export filter export_ospfv6;
};
area 0.0.0.0 {
interface "eth1" {
cost 1;
authentication cryptographic;
password "password" {
algorithm hmac sha512;
};
type broadcast;
ttl security yes;
};
interface "xenbr0" {
cost 100;
type broadcast;
ttl security yes;
};
};
}
When bird runs in debug mode, I get these error messages before bird
crashes:
sometimes this one:
Assertion '*plen < ifa->sk->tbsize' failed at proto/ospf/packet.c:147
sometimes this one:
Assertion '*plen < ifa->sk->tbsize' failed at proto/ospf/packet.c:97
These messages also appear during startup:
ospfv6: Authentication failed for nbr 123.123.123.123 on eth1 - missing
authentication trailer (0)
Thank you in advance.
Kind regards
Dries
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://trubka.network.cz/pipermail/bird-users/attachments/20201207/8f8a6908/attachment.htm>
More information about the Bird-users
mailing list