[quagga-users 6784] Re: md5qd (fwd)

Paul Jakma paul at clubi.ie
Tue Apr 25 13:29:02 IST 2006

On Tue, 25 Apr 2006, Chris Caputo wrote:

> In:
> +  if ((length == 0) || (length < TCPMD5_OPT_SIZE) || (length > 40))
> what's the check for greater than 40 for?

Maximum amount of space available for options. > 40 has to be bogus 
:). I'll add a define for it.

> Also, the "length == 0" would be handled by just "length < 
> TCPMD5_OPT_SIZE" no?  Is it there for clarity?

Errm, yes. :)

> Your new code is working.


> Next issue I am dealing with, which I would appreciate input on is 
> this...

> When no MD5 is being used a tcpdump reveals that a linux BGP peer 
> sending large amounts of data will routinely send packets higher 
> than the MTU of 1500 for the Ethernet segment I am dealing with.

IP fragments? Fragmentation wouldn't be normal no.

> The receiving end receives these packets as fragments and 
> reassembles them fine.

> Now here's the MD5 relevance...
> When an MD5 session does this the following happens (see tcpdump packets
> below):
> 1) sender side of larger than interface MTU packet has invalid MD5 as
>   reported by tcpdump.  In this case payload of 2856 on an MTU of 1500
>   with sequence numbers of 20284:23140.
> 2) receiver receives 2 packets, each with BGP payload of 1428 bytes, which
>   fail MD5 checksum by tcpdump and md5qd.  Sequence numbers are
>   20284:21712 and 21712:23140.
> 3) sender then sends 2 packets, with sequence numbers 20284:21712 and
>   21712:23140.
> 4) receiver receives the 2 packets and this time the MD5 checksum is good.
>   Sequence numbers 20284:21712 and 21712:23140.
> 5) the next two packets are of size 1428 and are valid.
> 6) the process repeats at step 1, with the size going back up to 2856.


> So the difference between the MD5 case and the non-MD5 case is that 
> with MD5 the same packets end up being sent twice, once with an 
> invalid checksum and once with a valid checksum.  BGP sessions are 
> not harmed by this, but it seems awfully wasteful and I'd love to 
> figure out why this is happening.

> Ideas?

Can you send me a tcpdump? (actual raw captured dump).

Paul Jakma	paul at clubi.ie	paul at jakma.org	Key ID: 64A2FF6A
If ignorance is bliss, why aren't there more happy people?

More information about the Quagga-users mailing list