RFC 5880, "Bidirectional Forwarding Detection (BFD)", June 2010

Note: This RFC has been updated by RFC 7419, RFC 7880, RFC 8562, RFC 9747

Errata ID: 7083
Status: Verified
Type: Technical
Publication Format(s) : TEXT
Reported By: Glebs Ivanovskis
Date Reported: 2022-08-12
Verifier Name: John Scudder
Date Verified: 2022-09-06

Section 6.7.4 says:

Otherwise (bfd.AuthSeqKnown is 0), bfd.AuthSeqKnown MUST be set to
1, bfd.RcvAuthSeq MUST be set to the value of the received
Sequence Number field, and the received packet MUST be accepted.

Replace the contents of the Auth Key/Hash field with the
authentication key selected by the received Auth Key ID field.  If
the SHA1 hash of the entire BFD Control packet is equal to the
received value of the Auth Key/Hash field, the received packet
MUST be accepted.  Otherwise (the hash does not match the Auth
Key/Hash field), the received packet MUST be discarded.

It should say:

Replace the contents of the Auth Key/Hash field with the
authentication key selected by the received Auth Key ID field.  If
the SHA1 hash of the entire BFD Control packet is not equal to the
received value of the Auth Key/Hash field, the received packet
MUST be discarded.

Otherwise, the packet MUST be accepted, bfd.AuthSeqKnown MUST be set to
1, and bfd.RcvAuthSeq MUST be set to the value of the received
Sequence Number field.

Notes:

1. Don't manipulate bfd.AuthSeqKnown and bfd.RcvAuthSeq before Auth Key/Hash check.
2. Explicitly mention what bfd.AuthSeqKnown and bfd.RcvAuthSeq must be set to in both cases (bfd.AuthSeqKnown is 0 and bfd.AuthSeqKnown is 1).

Based on email exchange: https://mailarchive.ietf.org/arch/msg/rtg-bfd/lDxFfNpqo4kwuNEUY0AbjMBb8JU/

(See also https://mailarchive.ietf.org/arch/msg/rtg-bfd/Ngf3Chmpy_EqNPlmuMZOslayy2E/)

Report New Errata