Cheers, we have reproducible case in the lab where BIRD's OSPF sends LSUPDs with illegal sequence number 0x80000000.
Here's what happens: - The OSPF is up and running fine, including BIRD - A change to bird.conf is made that affects OSPF routes - BIRD receives a SIGHUP - Apparently as part of reconfiguration, BIRD floods LSAs with MaxAge and MaxSequenceNumber 0x7fffffff (premature aging -- so far ok) - Immediately after that, but before any other OSPF packet is received (!), BIRD floods the same LSAs again, but with an Age of 2 or 3 (NOT MaxAge) and sequence number 0x80000000 We have a capture file (pcap) of this. If this is any help, I'm happy to e-mail it. The bug here is that sequence number 0x80000000 is reserved and not to be used (RFC 2328, section 12.1.6). As far as I can see, originate_ext_lsa() is called and simply looks up a matching entry in its database (*en). It finds the previously- originated entry with 0x7fffffff, blindly increments it to 0x80000000 (proto/ospf/topology.c:990) and then floods it. >From what I understand, BIRD would have to wait for all routers to LSACK the prematurely aged entries before starting to send fresh LSUPDs with InitialSequenceNumber 0x80000001 (and not ...00). Casual grep suggests that other places where the sequence number is incremented, there isn't any warp-around check either. Lab setup: - 2x JunOS 9.3 - 1x BIRD OSPF (1.2.2) on Linux - 1x Quagga OSPF (0.98.x, 0.99.16) on Linux All connected on a single Ethernet as Area 0. The JunOS systems are DR/BDR. For the curious, the inter-op aftermath is this: - Quagga's ospfd, on receiving the bad LSUPD, correctly logs the abnormality and then segfaults instantly [bug #586] - JunOS just doesn't care and installs the entry with the illegal sequence number and sends it to other routers as usual -- thereby making a restart of quagga's ospfd very very short-lived and sad - The situation only resolves itself after one hour (the illegal LSUPD reaches MaxAge) or by forcefully purging the entry from the other systems' databases Regards, - D.
