Path: utzoo!mnetor!uunet!seismo!sundc!pitstop!sun!decwrl!ucbvax!PURDUE.EDU!narten From: narten@PURDUE.EDU (Thomas Narten) Newsgroups: comp.protocols.tcp-ip Subject: An even worse week for EGP.... Message-ID: <8801220146.AA13952@percival.cs.purdue.edu> Date: 22 Jan 88 01:45:54 GMT Sender: usenet@ucbvax.BERKELEY.EDU Organization: The ARPA Internet Lines: 94 The trouble with bogus networks slipping into the core tables has apparently returned. Has anyone fingered a culprit? In my seemingly endless explorations of the EGP code in gated, I have discovered yet another tidbit. These comments apply directly to egpup as well, from which gated claims ancestory. 1) Totally bogus nets are slipping into the core tables. By bogus, I mean neither class A, B or C. When encountered during the processing of an EGP network reachability update, one cannot determine how many bytes the address is supposed to be. Gated chokes when it receives them in updates and tosses the partially processed update. 2) EGP detects the "problem" with the data, and assumes that the entire packet is bad (even though it installs all the routes up to the bogus one). After 4 such updates in a row, gated sends a cease command to the gateway it was peering with, and goes back into neighbor acquisition state. Meanwhile, any routes you are advertising to the core get marked ureachable for 60 seconds. This has happened at our site many (1-2 dozen times) since last Thursday. (e.g. the problem doesn't seem to be going away). 3) If you are running Kirton's EGP, or an old version of gated, none of these events will be logged anywhere. In other words, if it is happening to you, you probably aren't even aware of it. 4) The code in gated, egpup and the BBN core gateways apparently all allow non class A, B, C nets to slip into updates [which side of the fence do fuzzballs and vendor gateways sit on??] The problem is no doubt code of the following type: if (is_classA_net(net)) then /* do class A stuff */ else if (is_classsB_net(net)) then /* do class B stuff * else /* must be a class C net */ /* do class C stuff */ endif For egpup users, I strongly urge that the following patch be applied to rt_egp.c. It will prevent egp from sending out reachability updates for non-A,B,C nets. *** rt_egp.c Thu Jan 21 20:02:20 1988 --- /usr/src/local/etc/egp/rt_egp.c Mon Nov 10 19:05:38 1986 *************** *** 128,135 **** if( in_isa( current_gw)) n_bytes = 3; else if( in_isb( current_gw)) n_bytes = 2; ! else if (in_isc( current_gw)) n_bytes = 1; ! else return(ERROR); bcopy( (u_char *)¤t_gw+4-n_bytes, nrp, n_bytes); nrp += n_bytes; --- 128,134 ---- if( in_isa( current_gw)) n_bytes = 3; else if( in_isb( current_gw)) n_bytes = 2; ! else n_bytes = 1; bcopy( (u_char *)¤t_gw+4-n_bytes, nrp, n_bytes); nrp += n_bytes; *************** *** 152,159 **** /* copy net addr */ if( in_isa( net_pt->net)) n_bytes = 1; else if( in_isb( net_pt->net)) n_bytes = 2; ! else if (in_isc( net_pt->net)) n_bytes = 3; ! else return(ERROR) bcopy(&net_pt->net, nrp, n_bytes); nrp += n_bytes; } /* end for each net */ --- 151,157 ---- /* copy net addr */ if( in_isa( net_pt->net)) n_bytes = 1; else if( in_isb( net_pt->net)) n_bytes = 2; ! else n_bytes = 3; bcopy(&net_pt->net, nrp, n_bytes); nrp += n_bytes; } /* end for each net */ For gated users, the same basic patch applies. Look in the file rt_egp.c, routine rt_NRnets(). I would supply the patch, but I am running a beta test version of gated that's different than everyone elses. I am skeptical that the above fixes really get at the heart of the problem. Some of the nets that are appearing apperently don't really exist, but they are technically valid Internet addresses. Thomas