summaryrefslogtreecommitdiffstats
path: root/proto/ospf/iface.c
diff options
context:
space:
mode:
authorOndrej Zajicek <santiago@crfreenet.org>2009-04-08 20:15:01 +0200
committerOndrej Zajicek <santiago@crfreenet.org>2009-04-08 20:15:01 +0200
commit024c310b537abc3ddbac3054de71fd759d422824 (patch)
tree159cc669b9d16d2d97102c187320c800e376f710 /proto/ospf/iface.c
parentb722fe7ebdf7e11f097ed0a85302769de2ac10fb (diff)
downloadbird-024c310b537abc3ddbac3054de71fd759d422824.tar
bird-024c310b537abc3ddbac3054de71fd759d422824.zip
Fixes broken cryptographic authentication in OSPF
Cryptographic authentication in OSPF is defective by design - there might be several packets independently sent to the network (for example HELLO, LSUPD and LSACK) where they might be reordered and that causes crypt. sequence number error. That can be workarounded by not incresing sequence number too often. Now we update it only when last packet was sent before at least one second. This can constitute a risk of replay attacks, but RFC supposes something similar (like time in seconds used as CSN).
Diffstat (limited to 'proto/ospf/iface.c')
0 files changed, 0 insertions, 0 deletions