[Babel-users] [babel] Babel MAC auth fails due to packet reordering

Daniel Gröber dxld at darkboxed.org
Fri May 13 19:54:19 BST 2022 

Hi Toke and Juliusz,  

On Sun, May 08, 2022 at 10:01:53PM +0200, Toke Høiland-Jørgensen wrote:
> Right, okay. I updated the Bird patch to implement both the separate
> ucast/mcast values and the window (patch below). Daniel, could you
> please test this in your environment?

I've added the patch on top of the bird2 2.0.9-1 Debian package and can
confirm that using the patched version on the receiving end fixes the issue
with both un-/patched babeld. So it seems compatibility is also not broken
either :)

On Mon, May 09, 2022 at 04:56:14PM +0200, Juliusz Chroboczek wrote:
> You'll find a patch for babeld in the branch "hmac-unicast-pc"
> 
>     git clone -b hmac-unicast-pc https://github.com/jech/babeld
> 
> The patch is here:
> 
>     https://github.com/jech/babeld/commit/7e5d18791f5b5f2d5ad660fad85769f75f47f705
> 
> Daniel, please report whether that fixes the problem, so we can merge and
> start writing up a new Internet-Draft.

I'm having some trouble establishing a baseline using babeld. Using
babeld-1.11 as both the sending and receiving side I'm not observing any
errors and the session seems to come up perfectly though I can see
reordering in wireshark and bird having thrown errors during testing just
before. So the link is still behaving the same. I'm attaching a pcap from
that situation: babeld-reordered-but-working.pcapng.

Overall testing methodology:

  1) Revert sender babeld config to failing "unicast true" version, use
     unpatched babeld 1.11 sender and unpatched bird 2.0.9 receiver.

For bird:

  2.a) on the receiver: Observe neigbour metric for sender is stuck at
    infinity and MAC auth errors are still emitted.
  2.b) Update receiving side to 2.0.9 with Toke's patch.
  2.c) Observe neghbour metric returning to normal and absence of auth
  errors.

  3.a) Update Update receiving side to patched bird.
  3.b) Observe neighbour metric still nominal and no auth errors.

For babeld

  4.a) Shut down bird on the receiver and start unpatched babeld instead.
  4.b) On the receiver: Observe through local-path interface that sender
       has nominal neighbour metric. (unexpected)

Config files:

    # Sender
    key id 1 type hmac-sha256 value xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
    local-path /run/babeld.status
    default  type tunnel  unicast true
    interface enp2s0  type wired  key 1
    kernel-priority 200
    
    # Receiver
    key id 1 type hmac-sha256 value xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
    local-path /run/babeld.status
    default  type tunnel  unicast true
    interface wlp3s0  type wireless  key 1
    kernel-priority 200

--Daniel
-------------- next part --------------
A non-text attachment was scrubbed...
Name: babeld-reordered-but-working.pcapng
Type: application/octet-stream
Size: 16408 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/babel-users/attachments/20220513/5e61e2ef/attachment.obj>

More information about the Babel-users mailing list