Re: [babel] [Babel-users] Babel MAC auth fails due to packet reordering
Juliusz Chroboczek <jch@irif.fr> Sat, 07 May 2022 00:17 UTC
Return-Path: <jch@irif.fr>
X-Original-To: babel@ietfa.amsl.com
Delivered-To: babel@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 37EDFC1594A3; Fri, 6 May 2022 17:17:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KDxyoxsTMRnZ; Fri, 6 May 2022 17:17:53 -0700 (PDT)
Received: from korolev.univ-paris7.fr (korolev.univ-paris7.fr [IPv6:2001:660:3301:8000::1:2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0360DC15949C; Fri, 6 May 2022 17:17:47 -0700 (PDT)
Received: from mailhub.math.univ-paris-diderot.fr (mailhub.math.univ-paris-diderot.fr [81.194.30.253]) by korolev.univ-paris7.fr (8.14.4/8.14.4/relay1/82085) with ESMTP id 2470Hfix009263; Sat, 7 May 2022 02:17:41 +0200
Received: from mailhub.math.univ-paris-diderot.fr (localhost [127.0.0.1]) by mailhub.math.univ-paris-diderot.fr (Postfix) with ESMTP id 785FEEAFB0; Sat, 7 May 2022 02:17:41 +0200 (CEST)
X-Virus-Scanned: amavisd-new at math.univ-paris-diderot.fr
Received: from mailhub.math.univ-paris-diderot.fr ([127.0.0.1]) by mailhub.math.univ-paris-diderot.fr (mailhub.math.univ-paris-diderot.fr [127.0.0.1]) (amavisd-new, port 10023) with ESMTP id AHhnFgGvh_li; Sat, 7 May 2022 02:17:39 +0200 (CEST)
Received: from pirx.irif.fr (unknown [78.194.40.74]) (Authenticated sender: jch) by mailhub.math.univ-paris-diderot.fr (Postfix) with ESMTPSA id D8A0EEAFAE; Sat, 7 May 2022 02:17:37 +0200 (CEST)
Date: Sat, 07 May 2022 02:17:37 +0200
Message-ID: <87czgqfb6m.wl-jch@irif.fr>
From: Juliusz Chroboczek <jch@irif.fr>
To: Toke Høiland-Jørgensen <toke=40toke.dk@dmarc.ietf.org>
Cc: babel-users@alioth-lists.debian.net, babel@ietf.org, Daniel Gröber <dxld@darkboxed.org>
In-Reply-To: <87wney1aw7.fsf@toke.dk>
References: <20220505085059.mxbt3ssvryxw4doh@House> <87ilqj52bz.fsf@toke.dk> <20220506034354.kpj3rwkyw7rj2oe3@House> <874k233pwi.fsf@toke.dk> <87mtfufmet.wl-jch@irif.fr> <87wney1aw7.fsf@toke.dk>
User-Agent: Wanderlust/2.15.9 (Almost Unreal) Emacs/27.1 Mule/6.0
MIME-Version: 1.0 (generated by SEMI-EPG 1.14.7 - "Harue")
Content-Type: text/plain; charset="US-ASCII"
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.2.7 (korolev.univ-paris7.fr [194.254.61.138]); Sat, 07 May 2022 02:17:41 +0200 (CEST)
X-Miltered: at korolev with ID 6275BAA5.000 by Joe's j-chkmail (http : // j-chkmail dot ensmp dot fr)!
X-j-chkmail-Enveloppe: 6275BAA5.000 from mailhub.math.univ-paris-diderot.fr/mailhub.math.univ-paris-diderot.fr/null/mailhub.math.univ-paris-diderot.fr/<jch@irif.fr>
X-j-chkmail-Score: MSGID : 6275BAA5.000 on korolev.univ-paris7.fr : j-chkmail score : . : R=. U=. O=. B=0.000 -> S=0.000
X-j-chkmail-Status: Ham
Archived-At: <https://mailarchive.ietf.org/arch/msg/babel/4kHTdUoYKj41rXlYRrsNr_q9l1M>
Subject: Re: [babel] [Babel-users] Babel MAC auth fails due to packet reordering
X-BeenThere: babel@ietf.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: "A list for discussion of the Babel Routing Protocol." <babel.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/babel>, <mailto:babel-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/babel/>
List-Post: <mailto:babel@ietf.org>
List-Help: <mailto:babel-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/babel>, <mailto:babel-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 07 May 2022 00:17:54 -0000
> Hmm, I certainly see where you're coming from; having separate sequence > numbers for unicast/multicast would neatly sidestep this particular > problem. However, one problem with this is that it's not straight-forwardly > backward compatible. No, no sender changes. Just receiver changes. The sender still sends packets in a single sequence. The receiver, however, makes a more relaxed check on the received packet: it merely checks that the received PC has a larger value than that received in the last packet *of the same type*. In other words, the receiver is checking that unicast packets come in ascending order, and that multicast packets come in ascending order. It does not verify the relative ordering of unicast vs. multicast. > As for the size of the window (setting aside the case where an > implementation increases the PC by more than one for every packet), I > guess we'd need it to be large enough to contain a full routing table > dump. A window of 64 packets can fit several thousand routes even in the > worst case with no compression; Expect on the order of 60 routes per packet. 64 packets gives you on the order of 3800 routes. -- Juliusz
- [babel] Fwd: Re: [Babel-users] Babel MAC auth fai… Juliusz Chroboczek
- Re: [babel] [Babel-users] Babel MAC auth fails du… Juliusz Chroboczek
- Re: [babel] [Babel-users] Babel MAC auth fails du… Toke Høiland-Jørgensen
- Re: [babel] [Babel-users] Babel MAC auth fails du… Juliusz Chroboczek
- Re: [babel] [Babel-users] Babel MAC auth fails du… Toke Høiland-Jørgensen
- Re: [babel] [Babel-users] Babel MAC auth fails du… Juliusz Chroboczek
- Re: [babel] [Babel-users] Babel MAC auth fails du… Toke Høiland-Jørgensen
- Re: [babel] [Babel-users] Babel MAC auth fails du… Juliusz Chroboczek
- Re: [babel] [Babel-users] Babel MAC auth fails du… Juliusz Chroboczek
- Re: [babel] [Babel-users] Babel MAC auth fails du… Toke Høiland-Jørgensen
- Re: [babel] [Babel-users] Babel MAC auth fails du… Juliusz Chroboczek
- Re: [babel] [Babel-users] Babel MAC auth fails du… Juliusz Chroboczek