[quagga-dev 8181] Re: request for testing
chris.hall.list at highwayman.com
Wed Aug 25 23:12:03 BST 2010
Mike Tancsa wrote (on Wed 25-Aug-2010 at 17:02):
> At 10:43 AM 8/25/2010, Denis Ovsienko wrote:
> > > My concern is that in 0.99.17, broken updates would lead to session
> > > teardown, while such updates were silently ignored in previous
> > > versions.
> >The matter is, in previous versions they were silently ignored AND
> >lead to session teardown (due to bgpd crash). In 0.99.17 the crash
> >should not happen.
As Denis points out, previous code did not silently ignore broken AS4 Paths,
it rather noisily brought *everything* down with a seg-fault.
> But if the peer's bgp session is reset, is this still not a
> denial of service ?
That much is true. The effect of the change is to make AS Path and AS4 Path
handling the same -- so a broken AS4 Path does exactly what a broken AS Path
does (and did before the change), to whit bring down the session.
You can argue that this could be further improved... presumably by
discarding all updates which contain invalid information.
I'm not sure how to distinguish between a broken peer and a peer which is
passing on a mixture of broken stuff and valid stuff. Does being liberal
with what one accepts extend to weeding out total nonsense and trying to
make do with the rest ? My feeling is that if everyone erred on the side of
caution in these things, then bogus stuff being injected into the BGP mesh
wouldn't get very far.
More information about the Quagga-dev