Re: [PATCH 00/19] tcp: Initial support for RFC5925 auth option

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 9/23/21 1:38 AM, Leonard Crestez wrote:
> On 9/22/21 11:23 PM, Francesco Ruggeri wrote:
>> On Tue, Sep 21, 2021 at 9:15 AM Leonard Crestez <cdleonard@xxxxxxxxx>
>> wrote:
>>> * Sequence Number Extension not implemented so connections will flap
>>> every ~4G of traffic.
>>
>> Could you expand on this?
>> What exactly do you mean by flap? Will the connection be terminated?
>> I assume that depending on the initial sequence numbers the first flaps
>> may occur well before 4G.
>> Do you use a SNE of 0 in the hash computation, or do you just not include
>> the SNE in it?
> 
> SNE is hardcoded to zero, with the logical consequence of incorrect
> signatures on sequence number wrapping. The SNE has to be included
> because otherwise all signatures would be invalid.
> 
> You are correct that this can break much sooner than 4G of traffic, but
> still in the GB range on average. I didn't test the exact behavior (not
> clear how) but if signatures don't validate the connection will likely
> timeout.
> 

This is for BGP and LDP connections. What's the expected frequency of
rollover for large FIBs? Seems like it could be fairly often.



[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]

  Powered by Linux