0
0
mirror of https://gitlab.nic.cz/labs/bird.git synced 2024-11-10 05:08:42 +00:00
bird/proto
Toke Høiland-Jørgensen 3266fcb7e3 Babel: Keep separate auth PC counters for unicast and multicast
The babel protocol normally sends all its messages as multicast packets,
but the protocol specification allows most messages to be sent as either
unicast or multicast, and the two can be mixed freely. In particular, the
babeld implementation can be configured to unicast updates to all peers
instead of sending them as unicast.

Daniel discovered that this can cause problems with the packet counter
checks in the MAC extension due to packet reordering. This happens on WiFi
networks where clients have power save enabled (which is quite common in
infrastructure networks): in this case, the access point will buffer all
multicast traffic and only send it out along with its beacons, leading to a
maximum buffering in default Linux-based access point configuration of up
to 200 ms.

This means that a Babel sender that mixes unicast and multicast messages
can have the unicast messages overtake the multicast messages because of
this buffering; when authentication is enabled, this causes the receiver to
discard the multicast message when it does arrive because it now has a
packet counter value less than the unicast message that arrived before it.
Daniel observed that this happens frequently enough that Babel ceases to
work entirely when runner over a WiFi network.

The issue has been described in draft-ietf-babel-mac-relaxed, which is
currently pending RFC publication. That also describes two mitigation
mechanisms: Keeping separate PC counters for unicast and multicast, and
using a reorder window for PC values. This patch implements the former as
that is the simplest, and resolves the particular issue seen on WiFi.

Thanks to Daniel Gröber for the bugreport.

Minor changes from committer.
2024-05-30 12:30:00 +02:00
..
babel Babel: Keep separate auth PC counters for unicast and multicast 2024-05-30 12:30:00 +02:00
bfd BFD: Improve incoming packet matching 2024-05-30 12:30:00 +02:00
bgp BGP: Add received role value to role mismatch log message 2024-05-30 12:30:00 +02:00
mrt Minor cleanups 2024-05-30 12:30:00 +02:00
ospf VRF: Fix issues with reconfiguration 2024-05-30 12:30:00 +02:00
perf Nest: Fix several issues with pflags 2024-05-30 12:29:59 +02:00
pipe BGP: Add received role value to role mismatch log message 2024-05-30 12:30:00 +02:00
radv VRF: Fix issues with reconfiguration 2024-05-30 12:30:00 +02:00
rip VRF: Fix issues with reconfiguration 2024-05-30 12:30:00 +02:00
rpki Nest: Fix several issues with pflags 2024-05-30 12:29:59 +02:00
static Nest: Fix several issues with pflags 2024-05-30 12:29:59 +02:00
Doc Doc: Rename code documentation files back to Doc 2018-12-14 02:03:42 +01:00