• Ondřej Zajíček's avatar
    Fixes broken cryptographic authentication in OSPF · 024c310b
    Ondřej Zajíček authored
    Cryptographic authentication in OSPF is defective by
    design - there might be several packets independently
    sent to the network (for example HELLO, LSUPD and LSACK)
    where they might be reordered and that causes crypt.
    sequence number error.
    
    That can be workarounded by not incresing sequence number
    too often. Now we update it only when last packet was sent
    before at least one second. This can constitute a risk of
    replay attacks, but RFC supposes something similar (like time
    in seconds used as CSN).
    024c310b