[quagga-users 6784] Re: md5qd (fwd)
paul at clubi.ie
Tue Apr 25 13:29:02 IST 2006
On Tue, 25 Apr 2006, Chris Caputo wrote:
> + if ((length == 0) || (length < TCPMD5_OPT_SIZE) || (length > 40))
> what's the check for greater than 40 for?
Maximum amount of space available for options. > 40 has to be bogus
:). I'll add a define for it.
> Also, the "length == 0" would be handled by just "length <
> TCPMD5_OPT_SIZE" no? Is it there for clarity?
Errm, yes. :)
> Your new code is working.
> Next issue I am dealing with, which I would appreciate input on is
> When no MD5 is being used a tcpdump reveals that a linux BGP peer
> sending large amounts of data will routinely send packets higher
> than the MTU of 1500 for the Ethernet segment I am dealing with.
IP fragments? Fragmentation wouldn't be normal no.
> The receiving end receives these packets as fragments and
> reassembles them fine.
> Now here's the MD5 relevance...
> When an MD5 session does this the following happens (see tcpdump packets
> 1) sender side of larger than interface MTU packet has invalid MD5 as
> reported by tcpdump. In this case payload of 2856 on an MTU of 1500
> with sequence numbers of 20284:23140.
> 2) receiver receives 2 packets, each with BGP payload of 1428 bytes, which
> fail MD5 checksum by tcpdump and md5qd. Sequence numbers are
> 20284:21712 and 21712:23140.
> 3) sender then sends 2 packets, with sequence numbers 20284:21712 and
> 4) receiver receives the 2 packets and this time the MD5 checksum is good.
> Sequence numbers 20284:21712 and 21712:23140.
> 5) the next two packets are of size 1428 and are valid.
> 6) the process repeats at step 1, with the size going back up to 2856.
> So the difference between the MD5 case and the non-MD5 case is that
> with MD5 the same packets end up being sent twice, once with an
> invalid checksum and once with a valid checksum. BGP sessions are
> not harmed by this, but it seems awfully wasteful and I'd love to
> figure out why this is happening.
Can you send me a tcpdump? (actual raw captured dump).
Paul Jakma paul at clubi.ie paul at jakma.org Key ID: 64A2FF6A
If ignorance is bliss, why aren't there more happy people?
More information about the Quagga-users