[Babel-users] [babel] Babel MAC auth fails due to packet reordering
Juliusz Chroboczek
jch at irif.fr
Sat May 7 01:17:37 BST 2022
> Hmm, I certainly see where you're coming from; having separate sequence
> numbers for unicast/multicast would neatly sidestep this particular
> problem. However, one problem with this is that it's not straight-forwardly
> backward compatible.
No, no sender changes. Just receiver changes.
The sender still sends packets in a single sequence. The receiver,
however, makes a more relaxed check on the received packet: it merely
checks that the received PC has a larger value than that received in the
last packet *of the same type*.
In other words, the receiver is checking that unicast packets come in
ascending order, and that multicast packets come in ascending order. It
does not verify the relative ordering of unicast vs. multicast.
> As for the size of the window (setting aside the case where an
> implementation increases the PC by more than one for every packet), I
> guess we'd need it to be large enough to contain a full routing table
> dump. A window of 64 packets can fit several thousand routes even in the
> worst case with no compression;
Expect on the order of 60 routes per packet. 64 packets gives you on the
order of 3800 routes.
-- Juliusz
More information about the Babel-users
mailing list