New RIP MD5 interface option to avoid sequence check

Olivier Benghozi olivier.benghozi at wifirst.fr
Mon Oct 3 04:20:51 CEST 2022 

Hello,

I'm currently using RIP/Ripng with md5 auth with some Cisco/Juniper and Quagga gears.
I'm looking to switch from quagga to Bird(2).
I would have a feature request about the RIP MD5 sequence number check (RFC rule, implemented by BIRD, is: accept only increasing sequence numbers, or accept lower only if restarting at 0).
In our current usecase, end-to-end interfaces are not contiguous, and it happens that some various cases (like powercuts at one end) can lead to a situation when one dead RIP speaker comes back to life before full end to end connectivity is restored BUT before route expiration at the other side: therefore the received seqnumber starts at something higher than 0 but lower than the previous known one, so the routing will just fail.
Quagga doesn't check seqnumbers at all, Cisco gears don't seem to, and Juniper gears have a hidden option to disable this check (no-check-sequence).
So we would have use/need for a config option (probably at the interface level), to avoid the received crypto sequence number check (therefore md5 is just a way to avoid transmitting the clear password on the wire).

Apart for the new option definition, the actual check is in master/proto/rip/packets.c, I guess that the check in current line 391 would have to include an additional «&& new_option_isnt_defined» to avoid yelling about a sequence number too low...
line 391:   if ((rcv_csn < n->csn) && (rcv_csn || n->uc))

What about such an additional feature ?


Thank you,
Olivier


-- 
*Ce message et toutes les pièces jointes (ci-après le "message") sont 
établis à l’intention exclusive des destinataires désignés. Il contient des 
informations confidentielles et pouvant être protégé par le secret 
professionnel. Si vous recevez ce message par erreur, merci d'en avertir 
immédiatement l'expéditeur et de détruire le message. Toute utilisation de 
ce message non conforme à sa destination, toute diffusion ou toute 
publication, totale ou partielle, est interdite, sauf autorisation expresse 
de l'émetteur*

More information about the Bird-users mailing list