diff options
author | Andrew Yourtchenko <ayourtch@gmail.com> | 2022-02-02 13:32:39 +0100 |
---|---|---|
committer | Andrew Yourtchenko <ayourtch@gmail.com> | 2022-02-02 19:30:49 +0000 |
commit | c556fa49b462c6ebc206c9a5b3f6ff951d31f56a (patch) | |
tree | d100623cf00259cc986fb181fe8eb2702fa679b9 /src/vnet | |
parent | bd8013ee8cf3522230f413cf2b7ec0b895cd5979 (diff) |
bfd: restore the data within the packet after hash verification
The BFD delayed auth change test was failing intermittently within CI.
Debugging has shown it depends on the initial random seed, e.g. the below
will consistently fail:
RND_SEED=1643734669.7126195 TEST='bfd.BFDAuthOnOffTestCase.test_auth_change_key_delayed'
Same thing will happen with:
RND_SEED=1643736595.1363552
RND_SEED=1643722239.8224792
The analysis of the behavior shown that the function that is doing the hash verification,
modifies the content of the packet for the purposes of hash computation.
In case of the auth rollover, this function may be called twice - resulting in the second
comparison to be made with a bogus packet data, thus failing the check and the test.
The above values of random seed are the ones where the test makes it
to the point of this double comparison.
The solution is to restore the data within the packet after the check from the array
where we have copied it into before modifying the packet.
Change-Id: Ibb09beb4b1230032db04527bbf38fa335651866b
Type: fix
Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
Diffstat (limited to 'src/vnet')
-rw-r--r-- | src/vnet/bfd/bfd_main.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/src/vnet/bfd/bfd_main.c b/src/vnet/bfd/bfd_main.c index 3ed9c039528..530b2978068 100644 --- a/src/vnet/bfd/bfd_main.c +++ b/src/vnet/bfd/bfd_main.c @@ -1634,6 +1634,11 @@ bfd_verify_pkt_auth_key_sha1 (vlib_main_t *vm, const bfd_pkt_t *pkt, op.len = sizeof (*with_sha1); op.digest = calculated_hash; vnet_crypto_process_ops (vm, &op, 1); + + /* Restore the modified data within the packet */ + clib_memcpy (with_sha1->sha1_auth.hash, hash_from_packet, + sizeof (with_sha1->sha1_auth.hash)); + if (0 == memcmp (calculated_hash, hash_from_packet, sizeof (calculated_hash))) { |