[PATCH v4 0/8] Add MAC authentication support to the Babel protocol
Ondrej Zajicek
santiago at crfreenet.org
Fri Jun 11 18:41:14 CEST 2021
On Tue, Jun 08, 2021 at 11:42:25AM +0200, Toke Høiland-Jørgensen wrote:
> > Hi
> >
> > Merged to master. There are few more issues i noticed during testing, see
> > b174cc0abc0a9d7e84cc6fae46d9e19b714fbcfb for details. Two of these issues
> > were related to bad value of auth_tx_overhead, which has an ugly fail mode
> > where only large route updates had bad/no signature, but small IHU packets
> > had good signature, so the link looks like OK.
>
> Awesome! Many thanks, also for the bug fixes :)
>
> > I would like to have better fail mode in case of bugs, but not sure if
> > that could be reasonably done.
>
> Hmm, one thought would be to do an explicit sanity check on link
> bring-up by padding the initial Hello to the full packet length? That
> should at least flush out any bugs inside Bird and (if we also actually
> start checking the return value of the socket call) the OS. Big packets
> could still be dropped on the wire, of course, but not much we can do
> about that unless we want to do very extensive probing...
That is probably overkill. I thought about stopping signing of remaining
packets for a neighbor after some error during signing happened. But that
has some other problems, so i will likely just ignore this and keep it as
it is.
> >> > I also changed 'key' config option to 'password' (so it is 'password'
> >> > with either ASCII string or hex-string). In future, we should probably
> >> > switch to 'key' for both variants, as that is the name generally used for
> >> > that. But using different keywords just for different notation of the
> >> > same concept seems confusing to me.
> >>
> >> OK. But why not just support both 'key' and 'password' for both formats
> >> straight away, then?
> >
> > OK with me. Will change that.
Done
--
Elen sila lumenn' omentielvo
Ondrej 'Santiago' Zajicek (email: santiago at crfreenet.org)
OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net)
"To err is human -- to blame it on a computer is even more so."
More information about the Bird-users
mailing list