[Babel-users] [babel] Babel MAC auth fails due to packet reordering

Toke Høiland-Jørgensen toke at toke.dk
Sat May 7 12:23:07 BST 2022 

Juliusz Chroboczek <jch at irif.fr> writes:

>> Hmm, I certainly see where you're coming from; having separate sequence
>> numbers for unicast/multicast would neatly sidestep this particular
>> problem. However, one problem with this is that it's not straight-forwardly
>> backward compatible.
>
> No, no sender changes.  Just receiver changes.
>
> The sender still sends packets in a single sequence.  The receiver,
> however, makes a more relaxed check on the received packet: it merely
> checks that the received PC has a larger value than that received in the
> last packet *of the same type*.
>
> In other words, the receiver is checking that unicast packets come in
> ascending order, and that multicast packets come in ascending order.  It
> does not verify the relative ordering of unicast vs. multicast.

Ah, I see! Okay, that makes sense. Also, it occurred to me that the
window-based approach likely isn't enough when there are multiple
neighbours and you do unicast updates, as then another neighbour can eat
up a whole chunk of PC number space that you never see.

However, what about other sources of reordering? Should we still do
window-based verification to deal with this?

Also, I guess this could all be described in a "relaxed PC verification
to deal with reordering" document that could be optional to implement
(i.e., you could still be compliant with RFC 8967 if you don't implement
it)?

>> As for the size of the window (setting aside the case where an
>> implementation increases the PC by more than one for every packet), I
>> guess we'd need it to be large enough to contain a full routing table
>> dump. A window of 64 packets can fit several thousand routes even in the
>> worst case with no compression;
>
> Expect on the order of 60 routes per packet. 64 packets gives you on
> the order of 3800 routes.

Right. Which is a lot for a local mesh network, but not a lot for the
internet. Do you have any insights into typical sizes of real-world
babel deployments in terms of the number of routes?

-Toke

More information about the Babel-users mailing list