Date: Tue, 30 Aug 2005 10:55:16 +0600 From: Boris Kovalenko <boris@tagnet.ru> To: FreeBSD-gnats-submit@FreeBSD.org Subject: ports/85461: [MAINTAINER UPDATE] net/quagga: update to 0.98.5 Message-ID: <E1E9y9U-0001iP-PK@boris.nikom.ru> Resent-Message-ID: <200508300500.j7U50aBj066049@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 85461
>Category: ports
>Synopsis: [MAINTAINER UPDATE] net/quagga: update to 0.98.5
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: maintainer-update
>Submitter-Id: current-users
>Arrival-Date: Tue Aug 30 05:00:35 GMT 2005
>Closed-Date:
>Last-Modified:
>Originator: Boris Kovalenko
>Release: FreeBSD 5.4-STABLE i386
>Organization:
JSC "Tagnet"
>Environment:
System: FreeBSD boris.nikom.ru 5.4-STABLE FreeBSD 5.4-STABLE #4: Thu Aug 18 08:12:33 YEKST 2005
>Description:
NOTE: This patch obsoletes ports/82711
>From the official site:
0.98.5 from stable series is released fixing several bugs in ospfd and bgpd,
most notably some crashes in ospfd and yet another route server functionality
regression in bgpd.
- Update to 0.98.5
Added file(s):
- files/extra-tcpmd5-patch-bgpd-bgp_network.c
- files/extra-tcpmd5-patch-bgpd-bgp_vty.c
- files/extra-tcpmd5-patch-bgpd-bgpd.c
- files/extra-tcpmd5-patch-bgpd-bgpd.h
- files/extra-tcpmd5-patch-lib-sockopt.c
- files/extra-tcpmd5-patch-lib-sockopt.h
Removed file(s):
- files/extra-tcpmd5-patch-bgpd::bgp_network.c
- files/extra-tcpmd5-patch-bgpd::bgp_vty.c
- files/extra-tcpmd5-patch-bgpd::bgpd.c
- files/extra-tcpmd5-patch-bgpd::bgpd.h
- files/extra-tcpmd5-patch-configure.ac
- files/extra-tcpmd5-patch-lib::sockopt.c
- files/extra-tcpmd5-patch-lib::sockopt.h
- files/patch-configure.ac
Generated with FreeBSD Port Tools 0.63
>How-To-Repeat:
>Fix:
--- quagga-0.98.5.patch begins here ---
diff -ruN --exclude=CVS /usr/ports/net/quagga/Makefile /usr/ports/net/quagga.new/Makefile
--- /usr/ports/net/quagga/Makefile Mon Apr 18 08:19:44 2005
+++ /usr/ports/net/quagga.new/Makefile Tue Aug 30 10:51:10 2005
@@ -6,8 +6,8 @@
#
PORTNAME= quagga
-PORTVERSION= 0.98.3
-PORTREVISION= 2
+PORTVERSION= 0.98.5
+PORTREVISION= 0
CATEGORIES= net ipv6
MASTER_SITES= http://quagga.net/download/
@@ -22,9 +22,9 @@
USE_GMAKE= yes
USE_REINPLACE= yes
INSTALLS_SHLIB= yes
-USE_AUTOCONF_VER= 259
-USE_LIBTOOL_VER= 15
USE_PERL5_BUILD= yes
+USE_LIBTOOL_VER= 15
+LIBTOOLFILES= configure
MAN1= vtysh.1
MAN8= bgpd.8 ospf6d.8 ospfd.8 ripd.8 ripngd.8 zebra.8
@@ -41,9 +41,12 @@
.include <bsd.port.pre.mk>
-CONFIGURE_ARGS+=--includedir=${PREFIX}/include --enable-exampledir=${PREFIX}/share/examples/quagga
+CONFIGURE_ARGS+=--includedir=${PREFIX}/include --enable-exampledir=${PREFIX}/share/examples/quagga \
+ --program-transform-name=""
CONFIGURE_ENV+= CFLAGS="${CFLAGS} -I${LOCALBASE}/include" \
- LDFLAGS="${LDFLAGS} -L${LOCALBASE}/lib"
+ LDFLAGS="${LDFLAGS} -L${LOCALBASE}/lib" \
+ LIBTOOL=${LIBTOOL} LIBTOOLIZE=${LIBTOOLIZE} \
+ LIBTOOL_VERSION=${LIBTOOL_VERSION}
.if !defined(ENABLE_USER)
ENABLE_USER=quagga
@@ -127,8 +130,8 @@
.if ${OSVERSION} < 491000
BROKEN= This version of FreeBSD does not have TCP MD5 signature support
.endif
-CONFIGURE_ARGS+=--enable-tcp-signature
-EXTRA_PATCHES+=${PATCHDIR}/extra-tcpmd5-patch-bgpd::bgp_network.c ${PATCHDIR}/extra-tcpmd5-patch-bgpd::bgp_vty.c ${PATCHDIR}/extra-tcpmd5-patch-bgpd::bgpd.c ${PATCHDIR}/extra-tcpmd5-patch-bgpd::bgpd.h ${PATCHDIR}/extra-tcpmd5-patch-configure.ac ${PATCHDIR}/extra-tcpmd5-patch-lib::sockopt.c ${PATCHDIR}/extra-tcpmd5-patch-lib::sockopt.h
+EXTRA_PATCHES+=${PATCHDIR}/extra-tcpmd5-patch-bgpd-bgp_network.c ${PATCHDIR}/extra-tcpmd5-patch-bgpd-bgp_vty.c ${PATCHDIR}/extra-tcpmd5-patch-bgpd-bgpd.c ${PATCHDIR}/extra-tcpmd5-patch-bgpd-bgpd.h ${PATCHDIR}/extra-tcpmd5-patch-lib-sockopt.c ${PATCHDIR}/extra-tcpmd5-patch-lib-sockopt.h
+CFLAGS+= -DQUAGGA_TCP_MD5SIG
.endif
USE_RC_SUBR= watchquagga.sh
diff -ruN --exclude=CVS /usr/ports/net/quagga/distinfo /usr/ports/net/quagga.new/distinfo
--- /usr/ports/net/quagga/distinfo Tue Apr 5 08:21:31 2005
+++ /usr/ports/net/quagga.new/distinfo Tue Aug 30 10:32:51 2005
@@ -1,2 +1,2 @@
-MD5 (quagga-0.98.3.tar.gz) = 68be5e911e4d604c0f5959338263356e
-SIZE (quagga-0.98.3.tar.gz) = 2118348
+MD5 (quagga-0.98.5.tar.gz) = ec09c1ec624aea98e18aa19282666784
+SIZE (quagga-0.98.5.tar.gz) = 2018058
diff -ruN --exclude=CVS /usr/ports/net/quagga/files/extra-tcpmd5-patch-bgpd-bgp_network.c /usr/ports/net/quagga.new/files/extra-tcpmd5-patch-bgpd-bgp_network.c
--- /usr/ports/net/quagga/files/extra-tcpmd5-patch-bgpd-bgp_network.c Thu Jan 1 05:00:00 1970
+++ /usr/ports/net/quagga.new/files/extra-tcpmd5-patch-bgpd-bgp_network.c Sun Feb 6 03:19:43 2005
@@ -0,0 +1,42 @@
+--- bgpd/bgp_network.c.orig Wed Dec 8 12:41:23 2004
++++ bgpd/bgp_network.c Fri Jan 28 17:52:57 2005
+@@ -35,6 +35,10 @@
+ #include "bgpd/bgp_debug.h"
+ #include "bgpd/bgp_network.h"
+
++#ifndef TCP_SIG_SPI_BASE
++#define TCP_SIG_SPI_BASE 1000 /* XXX this will go away */
++#endif
++
+ extern struct zebra_privs_t bgpd_privs;
+
+
+@@ -148,6 +152,15 @@
+ return ret;
+ }
+ #endif /* SO_BINDTODEVICE */
++
++#ifdef QUAGGA_TCP_MD5SIG
++ if (CHECK_FLAG (peer->flags, PEER_FLAG_TCP_SIGNATURE))
++ sockopt_tcp_signature (peer->su.sa.sa_family, peer->fd,
++ TCP_SIG_SPI_BASE + peer->port);
++ else
++ sockopt_tcp_signature (peer->su.sa.sa_family, peer->fd, 0);
++#endif /* QUAGGA_TCP_MD5SIG */
++
+ return 0;
+ }
+
+@@ -250,6 +263,12 @@
+ if (peer->ifname)
+ ifindex = if_nametoindex (peer->ifname);
+ #endif /* HAVE_IPV6 */
++
++#ifdef QUAGGA_TCP_MD5SIG
++ if (CHECK_FLAG (peer->flags, PEER_FLAG_TCP_SIGNATURE))
++ sockopt_tcp_signature (peer->su.sa.sa_family, peer->fd,
++ TCP_SIG_SPI_BASE + peer->port);
++#endif /* QUAGGA_TCP_MD5SIG */
+
+ if (BGP_DEBUG (events, EVENTS))
+ plog_debug (peer->log, "%s [Event] Connect start to %s fd %d",
diff -ruN --exclude=CVS /usr/ports/net/quagga/files/extra-tcpmd5-patch-bgpd-bgp_vty.c /usr/ports/net/quagga.new/files/extra-tcpmd5-patch-bgpd-bgp_vty.c
--- /usr/ports/net/quagga/files/extra-tcpmd5-patch-bgpd-bgp_vty.c Thu Jan 1 05:00:00 1970
+++ /usr/ports/net/quagga.new/files/extra-tcpmd5-patch-bgpd-bgp_vty.c Sun Feb 6 03:19:43 2005
@@ -0,0 +1,59 @@
+--- bgpd/bgp_vty.c.orig Tue Oct 12 22:06:09 2004
++++ bgpd/bgp_vty.c Fri Jan 28 17:52:57 2005
+@@ -1386,6 +1386,45 @@
+ "AS number used as local AS\n"
+ "Do not prepend local-as to updates from ebgp peers\n")
+
++#ifdef QUAGGA_TCP_MD5SIG
++DEFUN (neighbor_password,
++ neighbor_password_cmd,
++ NEIGHBOR_CMD2 "password WORD",
++ NEIGHBOR_STR
++ NEIGHBOR_ADDR_STR2
++ "Specify a password for TCPMD5 authentication with this peer\n")
++{
++ struct peer *peer;
++ int ret;
++
++ peer = peer_and_group_lookup_vty (vty, argv[0]);
++ if (! peer)
++ return CMD_WARNING;
++
++ ret = peer_password_set (peer, argv[1]);
++ return bgp_vty_return (vty, ret);
++}
++
++DEFUN (no_neighbor_password,
++ no_neighbor_password_cmd,
++ NO_NEIGHBOR_CMD2 "password",
++ NO_STR
++ NEIGHBOR_STR
++ NEIGHBOR_ADDR_STR2
++ "Disable TCPMD5 authentication with this peer\n")
++{
++ struct peer *peer;
++ int ret;
++
++ peer = peer_and_group_lookup_vty (vty, argv[0]);
++ if (! peer)
++ return CMD_WARNING;
++
++ ret = peer_password_unset (peer);
++ return bgp_vty_return (vty, ret);
++}
++#endif /* QUAGGA_TCP_MD5SIG */
++
+ DEFUN (neighbor_activate,
+ neighbor_activate_cmd,
+ NEIGHBOR_CMD2 "activate",
+@@ -8530,6 +8569,10 @@
+ install_element (BGP_NODE, &no_neighbor_local_as_cmd);
+ install_element (BGP_NODE, &no_neighbor_local_as_val_cmd);
+ install_element (BGP_NODE, &no_neighbor_local_as_val2_cmd);
++
++ /* "neighbor password" commands. */
++ install_element (BGP_NODE, &neighbor_password_cmd);
++ install_element (BGP_NODE, &no_neighbor_password_cmd);
+
+ /* "neighbor activate" commands. */
+ install_element (BGP_NODE, &neighbor_activate_cmd);
diff -ruN --exclude=CVS /usr/ports/net/quagga/files/extra-tcpmd5-patch-bgpd-bgpd.c /usr/ports/net/quagga.new/files/extra-tcpmd5-patch-bgpd-bgpd.c
--- /usr/ports/net/quagga/files/extra-tcpmd5-patch-bgpd-bgpd.c Thu Jan 1 05:00:00 1970
+++ /usr/ports/net/quagga.new/files/extra-tcpmd5-patch-bgpd-bgpd.c Sun Feb 6 03:19:43 2005
@@ -0,0 +1,90 @@
+--- bgpd/bgpd.c.orig Thu Dec 9 06:46:46 2004
++++ bgpd/bgpd.c Sat Jan 29 11:29:26 2005
+@@ -59,6 +59,9 @@
+ #ifdef HAVE_SNMP
+ #include "bgpd/bgp_snmp.h"
+ #endif /* HAVE_SNMP */
++#ifndef TCP_SIG_SPI_BASE
++#define TCP_SIG_SPI_BASE 1000 /* XXX this will go away */
++#endif
+
+ /* BGP process wide configuration. */
+ static struct bgp_master bgp_master;
+@@ -707,6 +710,7 @@
+ peer->ostatus = Idle;
+ peer->version = BGP_VERSION_4;
+ peer->weight = 0;
++ peer->password[0] = '\0';
+
+ /* Set default flags. */
+ for (afi = AFI_IP; afi < AFI_MAX; afi++)
+@@ -3270,6 +3274,55 @@
+ return 0;
+ }
+
++#ifdef QUAGGA_TCP_MD5SIG
++/* Set password for authenticating with the peer. */
++int
++peer_password_set (struct peer *peer, char *password)
++{
++ struct bgp *bgp = peer->bgp;
++ int len;
++
++ len = strlen(password);
++
++ if ((len < PEER_PASSWORD_MINLEN) || (len > PEER_PASSWORD_MAXLEN))
++ return BGP_ERR_INVALID_VALUE;
++
++ memcpy(peer->password, password, len);
++
++ /*
++ * XXX Need to do PF_KEY operation here to add an SA entry,
++ * and add an SP entry for this peer's packet flows also.
++ */
++
++ SET_FLAG (peer->flags, PEER_FLAG_TCP_SIGNATURE);
++
++ if (peer->fd >= 0)
++ sockopt_tcp_signature (peer->su.sa.sa_family, peer->fd, TCP_SIG_SPI_BASE +
++ peer->port);
++
++ return 0;
++}
++
++int
++peer_password_unset (struct peer *peer)
++{
++ struct bgp *bgp = peer->bgp;
++
++ UNSET_FLAG (peer->flags, PEER_FLAG_TCP_SIGNATURE);
++ /* Paranoia. */
++ memset(peer->password, 0, sizeof(peer->password));
++
++ if (peer->fd >= 0)
++ sockopt_tcp_signature (peer->su.sa.sa_family, peer->fd, 0);
++
++ /*
++ * XXX Need to do PF_KEY operation here to remove the SA and SP.
++ */
++
++ return 0;
++}
++#endif /* QUAGGA_TCP_MD5SIG */
++
+ /* Set distribute list to the peer. */
+ int
+ peer_distribute_set (struct peer *peer, afi_t afi, safi_t safi, int direct,
+@@ -4279,6 +4332,13 @@
+ if (peer->desc)
+ vty_out (vty, " neighbor %s description %s%s", addr, peer->desc,
+ VTY_NEWLINE);
++
++#ifdef QUAGGA_TCP_MD5SIG
++ /* tcp-md5 session password. XXX the password should be obfuscated */
++ if (CHECK_FLAG (peer->flags, PEER_FLAG_TCP_SIGNATURE))
++ vty_out (vty, " neighbor %s password %s%s", addr, peer->password,
++ VTY_NEWLINE);
++#endif /* QUAGGA_TCP_MD5SIG */
+
+ /* Shutdown. */
+ if (CHECK_FLAG (peer->flags, PEER_FLAG_SHUTDOWN))
diff -ruN --exclude=CVS /usr/ports/net/quagga/files/extra-tcpmd5-patch-bgpd-bgpd.h /usr/ports/net/quagga.new/files/extra-tcpmd5-patch-bgpd-bgpd.h
--- /usr/ports/net/quagga/files/extra-tcpmd5-patch-bgpd-bgpd.h Thu Jan 1 05:00:00 1970
+++ /usr/ports/net/quagga.new/files/extra-tcpmd5-patch-bgpd-bgpd.h Sun Feb 6 03:19:43 2005
@@ -0,0 +1,38 @@
+--- bgpd/bgpd.h.orig Tue Oct 12 22:06:09 2004
++++ bgpd/bgpd.h Fri Jan 28 21:03:40 2005
+@@ -335,6 +335,9 @@
+ #define PEER_FLAG_DYNAMIC_CAPABILITY (1 << 6) /* dynamic capability */
+ #define PEER_FLAG_ENFORCE_MULTIHOP (1 << 7) /* enforce-multihop */
+ #define PEER_FLAG_LOCAL_AS_NO_PREPEND (1 << 8) /* local-as no-prepend */
++#ifdef QUAGGA_TCP_MD5SIG /* XXX should move to AF_INET/SFI_UNICAST below */
++#define PEER_FLAG_TCP_SIGNATURE (1 << 9) /* use TCP-MD5 digest */
++#endif /* QUAGGA_TCP_MD5SIG */
+
+ /* Per AF configuration flags. */
+ u_int32_t af_flags[AFI_MAX][SAFI_MAX];
+@@ -496,6 +499,13 @@
+ #define PEER_RMAP_TYPE_NOSET (1 << 5) /* not allow to set commands */
+ #define PEER_RMAP_TYPE_IMPORT (1 << 6) /* neighbor route-map import */
+ #define PEER_RMAP_TYPE_EXPORT (1 << 7) /* neighbor route-map export */
++
++#ifdef QUAGGA_TCP_MD5SIG
++ /* TCP-MD5 Password Support -- bms */
++#define PEER_PASSWORD_MINLEN 1
++#define PEER_PASSWORD_MAXLEN 80 /* width of password field */
++ char password[PEER_PASSWORD_MAXLEN];
++#endif /* QUAGGA_TCP_MD5SIG */
+ };
+
+ /* This structure's member directly points incoming packet data
+@@ -879,6 +889,11 @@
+
+ int peer_local_as_set (struct peer *, as_t, int);
+ int peer_local_as_unset (struct peer *);
++
++#ifdef QUAGGA_TCP_MD5SIG
++int peer_password_set (struct peer *, char *);
++int peer_password_unset (struct peer *);
++#endif /* QUAGGA_TCP_MD5SIG */
+
+ int peer_prefix_list_set (struct peer *, afi_t, safi_t, int, const char *);
+ int peer_prefix_list_unset (struct peer *, afi_t, safi_t, int);
diff -ruN --exclude=CVS /usr/ports/net/quagga/files/extra-tcpmd5-patch-bgpd::bgp_network.c /usr/ports/net/quagga.new/files/extra-tcpmd5-patch-bgpd::bgp_network.c
--- /usr/ports/net/quagga/files/extra-tcpmd5-patch-bgpd::bgp_network.c Sun Feb 6 03:19:43 2005
+++ /usr/ports/net/quagga.new/files/extra-tcpmd5-patch-bgpd::bgp_network.c Thu Jan 1 05:00:00 1970
@@ -1,42 +0,0 @@
---- bgpd/bgp_network.c.orig Wed Dec 8 12:41:23 2004
-+++ bgpd/bgp_network.c Fri Jan 28 17:52:57 2005
-@@ -35,6 +35,10 @@
- #include "bgpd/bgp_debug.h"
- #include "bgpd/bgp_network.h"
-
-+#ifndef TCP_SIG_SPI_BASE
-+#define TCP_SIG_SPI_BASE 1000 /* XXX this will go away */
-+#endif
-+
- extern struct zebra_privs_t bgpd_privs;
-
-
-@@ -148,6 +152,15 @@
- return ret;
- }
- #endif /* SO_BINDTODEVICE */
-+
-+#ifdef QUAGGA_TCP_MD5SIG
-+ if (CHECK_FLAG (peer->flags, PEER_FLAG_TCP_SIGNATURE))
-+ sockopt_tcp_signature (peer->su.sa.sa_family, peer->fd,
-+ TCP_SIG_SPI_BASE + peer->port);
-+ else
-+ sockopt_tcp_signature (peer->su.sa.sa_family, peer->fd, 0);
-+#endif /* QUAGGA_TCP_MD5SIG */
-+
- return 0;
- }
-
-@@ -250,6 +263,12 @@
- if (peer->ifname)
- ifindex = if_nametoindex (peer->ifname);
- #endif /* HAVE_IPV6 */
-+
-+#ifdef QUAGGA_TCP_MD5SIG
-+ if (CHECK_FLAG (peer->flags, PEER_FLAG_TCP_SIGNATURE))
-+ sockopt_tcp_signature (peer->su.sa.sa_family, peer->fd,
-+ TCP_SIG_SPI_BASE + peer->port);
-+#endif /* QUAGGA_TCP_MD5SIG */
-
- if (BGP_DEBUG (events, EVENTS))
- plog_debug (peer->log, "%s [Event] Connect start to %s fd %d",
diff -ruN --exclude=CVS /usr/ports/net/quagga/files/extra-tcpmd5-patch-bgpd::bgp_vty.c /usr/ports/net/quagga.new/files/extra-tcpmd5-patch-bgpd::bgp_vty.c
--- /usr/ports/net/quagga/files/extra-tcpmd5-patch-bgpd::bgp_vty.c Sun Feb 6 03:19:43 2005
+++ /usr/ports/net/quagga.new/files/extra-tcpmd5-patch-bgpd::bgp_vty.c Thu Jan 1 05:00:00 1970
@@ -1,59 +0,0 @@
---- bgpd/bgp_vty.c.orig Tue Oct 12 22:06:09 2004
-+++ bgpd/bgp_vty.c Fri Jan 28 17:52:57 2005
-@@ -1386,6 +1386,45 @@
- "AS number used as local AS\n"
- "Do not prepend local-as to updates from ebgp peers\n")
-
-+#ifdef QUAGGA_TCP_MD5SIG
-+DEFUN (neighbor_password,
-+ neighbor_password_cmd,
-+ NEIGHBOR_CMD2 "password WORD",
-+ NEIGHBOR_STR
-+ NEIGHBOR_ADDR_STR2
-+ "Specify a password for TCPMD5 authentication with this peer\n")
-+{
-+ struct peer *peer;
-+ int ret;
-+
-+ peer = peer_and_group_lookup_vty (vty, argv[0]);
-+ if (! peer)
-+ return CMD_WARNING;
-+
-+ ret = peer_password_set (peer, argv[1]);
-+ return bgp_vty_return (vty, ret);
-+}
-+
-+DEFUN (no_neighbor_password,
-+ no_neighbor_password_cmd,
-+ NO_NEIGHBOR_CMD2 "password",
-+ NO_STR
-+ NEIGHBOR_STR
-+ NEIGHBOR_ADDR_STR2
-+ "Disable TCPMD5 authentication with this peer\n")
-+{
-+ struct peer *peer;
-+ int ret;
-+
-+ peer = peer_and_group_lookup_vty (vty, argv[0]);
-+ if (! peer)
-+ return CMD_WARNING;
-+
-+ ret = peer_password_unset (peer);
-+ return bgp_vty_return (vty, ret);
-+}
-+#endif /* QUAGGA_TCP_MD5SIG */
-+
- DEFUN (neighbor_activate,
- neighbor_activate_cmd,
- NEIGHBOR_CMD2 "activate",
-@@ -8530,6 +8569,10 @@
- install_element (BGP_NODE, &no_neighbor_local_as_cmd);
- install_element (BGP_NODE, &no_neighbor_local_as_val_cmd);
- install_element (BGP_NODE, &no_neighbor_local_as_val2_cmd);
-+
-+ /* "neighbor password" commands. */
-+ install_element (BGP_NODE, &neighbor_password_cmd);
-+ install_element (BGP_NODE, &no_neighbor_password_cmd);
-
- /* "neighbor activate" commands. */
- install_element (BGP_NODE, &neighbor_activate_cmd);
diff -ruN --exclude=CVS /usr/ports/net/quagga/files/extra-tcpmd5-patch-bgpd::bgpd.c /usr/ports/net/quagga.new/files/extra-tcpmd5-patch-bgpd::bgpd.c
--- /usr/ports/net/quagga/files/extra-tcpmd5-patch-bgpd::bgpd.c Sun Feb 6 03:19:43 2005
+++ /usr/ports/net/quagga.new/files/extra-tcpmd5-patch-bgpd::bgpd.c Thu Jan 1 05:00:00 1970
@@ -1,90 +0,0 @@
---- bgpd/bgpd.c.orig Thu Dec 9 06:46:46 2004
-+++ bgpd/bgpd.c Sat Jan 29 11:29:26 2005
-@@ -59,6 +59,9 @@
- #ifdef HAVE_SNMP
- #include "bgpd/bgp_snmp.h"
- #endif /* HAVE_SNMP */
-+#ifndef TCP_SIG_SPI_BASE
-+#define TCP_SIG_SPI_BASE 1000 /* XXX this will go away */
-+#endif
-
- /* BGP process wide configuration. */
- static struct bgp_master bgp_master;
-@@ -707,6 +710,7 @@
- peer->ostatus = Idle;
- peer->version = BGP_VERSION_4;
- peer->weight = 0;
-+ peer->password[0] = '\0';
-
- /* Set default flags. */
- for (afi = AFI_IP; afi < AFI_MAX; afi++)
-@@ -3270,6 +3274,55 @@
- return 0;
- }
-
-+#ifdef QUAGGA_TCP_MD5SIG
-+/* Set password for authenticating with the peer. */
-+int
-+peer_password_set (struct peer *peer, char *password)
-+{
-+ struct bgp *bgp = peer->bgp;
-+ int len;
-+
-+ len = strlen(password);
-+
-+ if ((len < PEER_PASSWORD_MINLEN) || (len > PEER_PASSWORD_MAXLEN))
-+ return BGP_ERR_INVALID_VALUE;
-+
-+ memcpy(peer->password, password, len);
-+
-+ /*
-+ * XXX Need to do PF_KEY operation here to add an SA entry,
-+ * and add an SP entry for this peer's packet flows also.
-+ */
-+
-+ SET_FLAG (peer->flags, PEER_FLAG_TCP_SIGNATURE);
-+
-+ if (peer->fd >= 0)
-+ sockopt_tcp_signature (peer->su.sa.sa_family, peer->fd, TCP_SIG_SPI_BASE +
-+ peer->port);
-+
-+ return 0;
-+}
-+
-+int
-+peer_password_unset (struct peer *peer)
-+{
-+ struct bgp *bgp = peer->bgp;
-+
-+ UNSET_FLAG (peer->flags, PEER_FLAG_TCP_SIGNATURE);
-+ /* Paranoia. */
-+ memset(peer->password, 0, sizeof(peer->password));
-+
-+ if (peer->fd >= 0)
-+ sockopt_tcp_signature (peer->su.sa.sa_family, peer->fd, 0);
-+
-+ /*
-+ * XXX Need to do PF_KEY operation here to remove the SA and SP.
-+ */
-+
-+ return 0;
-+}
-+#endif /* QUAGGA_TCP_MD5SIG */
-+
- /* Set distribute list to the peer. */
- int
- peer_distribute_set (struct peer *peer, afi_t afi, safi_t safi, int direct,
-@@ -4279,6 +4332,13 @@
- if (peer->desc)
- vty_out (vty, " neighbor %s description %s%s", addr, peer->desc,
- VTY_NEWLINE);
-+
-+#ifdef QUAGGA_TCP_MD5SIG
-+ /* tcp-md5 session password. XXX the password should be obfuscated */
-+ if (CHECK_FLAG (peer->flags, PEER_FLAG_TCP_SIGNATURE))
-+ vty_out (vty, " neighbor %s password %s%s", addr, peer->password,
-+ VTY_NEWLINE);
-+#endif /* QUAGGA_TCP_MD5SIG */
-
- /* Shutdown. */
- if (CHECK_FLAG (peer->flags, PEER_FLAG_SHUTDOWN))
diff -ruN --exclude=CVS /usr/ports/net/quagga/files/extra-tcpmd5-patch-bgpd::bgpd.h /usr/ports/net/quagga.new/files/extra-tcpmd5-patch-bgpd::bgpd.h
--- /usr/ports/net/quagga/files/extra-tcpmd5-patch-bgpd::bgpd.h Sun Feb 6 03:19:43 2005
+++ /usr/ports/net/quagga.new/files/extra-tcpmd5-patch-bgpd::bgpd.h Thu Jan 1 05:00:00 1970
@@ -1,38 +0,0 @@
---- bgpd/bgpd.h.orig Tue Oct 12 22:06:09 2004
-+++ bgpd/bgpd.h Fri Jan 28 21:03:40 2005
-@@ -335,6 +335,9 @@
- #define PEER_FLAG_DYNAMIC_CAPABILITY (1 << 6) /* dynamic capability */
- #define PEER_FLAG_ENFORCE_MULTIHOP (1 << 7) /* enforce-multihop */
- #define PEER_FLAG_LOCAL_AS_NO_PREPEND (1 << 8) /* local-as no-prepend */
-+#ifdef QUAGGA_TCP_MD5SIG /* XXX should move to AF_INET/SFI_UNICAST below */
-+#define PEER_FLAG_TCP_SIGNATURE (1 << 9) /* use TCP-MD5 digest */
-+#endif /* QUAGGA_TCP_MD5SIG */
-
- /* Per AF configuration flags. */
- u_int32_t af_flags[AFI_MAX][SAFI_MAX];
-@@ -496,6 +499,13 @@
- #define PEER_RMAP_TYPE_NOSET (1 << 5) /* not allow to set commands */
- #define PEER_RMAP_TYPE_IMPORT (1 << 6) /* neighbor route-map import */
- #define PEER_RMAP_TYPE_EXPORT (1 << 7) /* neighbor route-map export */
-+
-+#ifdef QUAGGA_TCP_MD5SIG
-+ /* TCP-MD5 Password Support -- bms */
-+#define PEER_PASSWORD_MINLEN 1
-+#define PEER_PASSWORD_MAXLEN 80 /* width of password field */
-+ char password[PEER_PASSWORD_MAXLEN];
-+#endif /* QUAGGA_TCP_MD5SIG */
- };
-
- /* This structure's member directly points incoming packet data
-@@ -879,6 +889,11 @@
-
- int peer_local_as_set (struct peer *, as_t, int);
- int peer_local_as_unset (struct peer *);
-+
-+#ifdef QUAGGA_TCP_MD5SIG
-+int peer_password_set (struct peer *, char *);
-+int peer_password_unset (struct peer *);
-+#endif /* QUAGGA_TCP_MD5SIG */
-
- int peer_prefix_list_set (struct peer *, afi_t, safi_t, int, const char *);
- int peer_prefix_list_unset (struct peer *, afi_t, safi_t, int);
diff -ruN --exclude=CVS /usr/ports/net/quagga/files/extra-tcpmd5-patch-configure.ac /usr/ports/net/quagga.new/files/extra-tcpmd5-patch-configure.ac
--- /usr/ports/net/quagga/files/extra-tcpmd5-patch-configure.ac Sun Feb 6 03:19:43 2005
+++ /usr/ports/net/quagga.new/files/extra-tcpmd5-patch-configure.ac Thu Jan 1 05:00:00 1970
@@ -1,16 +0,0 @@
---- configure.ac.orig Fri Jan 7 06:03:14 2005
-+++ configure.ac Fri Jan 28 17:52:57 2005
-@@ -204,6 +204,13 @@
- AC_DEFINE(HAVE_IRDP,, IRDP )
- fi
-
-+AC_ARG_ENABLE(tcp-signature,
-+[ --enable-tcp-signature enable TCP MD5 checksum capability])
-+
-+if test "${enable_tcp_signature}" = "yes"; then
-+ AC_DEFINE(QUAGGA_TCP_MD5SIG,,TCP signatures)
-+fi
-+
- if test "${enable_user}" = "yes" || test x"${enable_user}" = x""; then
- enable_user="quagga"
- elif test "${enable_user}" = "no"; then
diff -ruN --exclude=CVS /usr/ports/net/quagga/files/extra-tcpmd5-patch-lib-sockopt.c /usr/ports/net/quagga.new/files/extra-tcpmd5-patch-lib-sockopt.c
--- /usr/ports/net/quagga/files/extra-tcpmd5-patch-lib-sockopt.c Thu Jan 1 05:00:00 1970
+++ /usr/ports/net/quagga.new/files/extra-tcpmd5-patch-lib-sockopt.c Sun Feb 6 03:19:43 2005
@@ -0,0 +1,35 @@
+--- lib/sockopt.c.orig Tue Jan 4 10:03:36 2005
++++ lib/sockopt.c Fri Jan 28 17:52:57 2005
+@@ -243,6 +243,32 @@
+
+ }
+
++int
++sockopt_tcp_signature (int family, int sock, int enable)
++{
++ int ret;
++
++#if defined(QUAGGA_TCP_MD5SIG) && defined(TCP_MD5SIG)
++ if (family == AF_INET)
++ {
++ ret = setsockopt (sock, IPPROTO_TCP, TCP_MD5SIG,
++ (void *) &enable, sizeof (int));
++ if (ret < 0)
++ {
++ zlog (NULL, LOG_WARNING, "can't set sockopt TCP_MD5SIG %d to socket %d", enable, sock);
++ return -1;
++ }
++ return 0;
++ }
++#endif /* QUAGGA_TCP_MD5SIG */
++
++ /* fallthrough */
++
++ zlog (NULL, LOG_WARNING, "can't set sockopt TCP_MD5SIG on socket %d with family %d",
++ sock, family);
++ return -1;
++}
++
+ static int
+ setsockopt_ipv4_ifindex (int sock, int val)
+ {
diff -ruN --exclude=CVS /usr/ports/net/quagga/files/extra-tcpmd5-patch-lib-sockopt.h /usr/ports/net/quagga.new/files/extra-tcpmd5-patch-lib-sockopt.h
--- /usr/ports/net/quagga/files/extra-tcpmd5-patch-lib-sockopt.h Thu Jan 1 05:00:00 1970
+++ /usr/ports/net/quagga.new/files/extra-tcpmd5-patch-lib-sockopt.h Sun Feb 6 03:19:43 2005
@@ -0,0 +1,12 @@
+--- lib/sockopt.h.orig Mon Nov 15 10:51:15 2004
++++ lib/sockopt.h Fri Jan 28 17:52:57 2005
+@@ -40,6 +40,9 @@
+ */
+ #define SOPT_SIZE_CMSG_PKTINFO_IPV6() (sizeof (struct in6_pktinfo));
+
++#ifdef QUAGGA_TCP_MD5SIG
++int sockopt_tcp_signature(int family, int sock, int enable);
++#endif /* QUAGGA_TCP_MD5SIG */
+ /*
+ * Size defines for control messages used to get ifindex. We define
+ * values for each method, and define a macro that can be used by code
diff -ruN --exclude=CVS /usr/ports/net/quagga/files/extra-tcpmd5-patch-lib::sockopt.c /usr/ports/net/quagga.new/files/extra-tcpmd5-patch-lib::sockopt.c
--- /usr/ports/net/quagga/files/extra-tcpmd5-patch-lib::sockopt.c Sun Feb 6 03:19:43 2005
+++ /usr/ports/net/quagga.new/files/extra-tcpmd5-patch-lib::sockopt.c Thu Jan 1 05:00:00 1970
@@ -1,35 +0,0 @@
---- lib/sockopt.c.orig Tue Jan 4 10:03:36 2005
-+++ lib/sockopt.c Fri Jan 28 17:52:57 2005
-@@ -243,6 +243,32 @@
-
- }
-
-+int
-+sockopt_tcp_signature (int family, int sock, int enable)
-+{
-+ int ret;
-+
-+#if defined(QUAGGA_TCP_MD5SIG) && defined(TCP_MD5SIG)
-+ if (family == AF_INET)
-+ {
-+ ret = setsockopt (sock, IPPROTO_TCP, TCP_MD5SIG,
-+ (void *) &enable, sizeof (int));
-+ if (ret < 0)
-+ {
-+ zlog (NULL, LOG_WARNING, "can't set sockopt TCP_MD5SIG %d to socket %d", enable, sock);
-+ return -1;
-+ }
-+ return 0;
-+ }
-+#endif /* QUAGGA_TCP_MD5SIG */
-+
-+ /* fallthrough */
-+
-+ zlog (NULL, LOG_WARNING, "can't set sockopt TCP_MD5SIG on socket %d with family %d",
-+ sock, family);
-+ return -1;
-+}
-+
- static int
- setsockopt_ipv4_ifindex (int sock, int val)
- {
diff -ruN --exclude=CVS /usr/ports/net/quagga/files/extra-tcpmd5-patch-lib::sockopt.h /usr/ports/net/quagga.new/files/extra-tcpmd5-patch-lib::sockopt.h
--- /usr/ports/net/quagga/files/extra-tcpmd5-patch-lib::sockopt.h Sun Feb 6 03:19:43 2005
+++ /usr/ports/net/quagga.new/files/extra-tcpmd5-patch-lib::sockopt.h Thu Jan 1 05:00:00 1970
@@ -1,12 +0,0 @@
---- lib/sockopt.h.orig Mon Nov 15 10:51:15 2004
-+++ lib/sockopt.h Fri Jan 28 17:52:57 2005
-@@ -40,6 +40,9 @@
- */
- #define SOPT_SIZE_CMSG_PKTINFO_IPV6() (sizeof (struct in6_pktinfo));
-
-+#ifdef QUAGGA_TCP_MD5SIG
-+int sockopt_tcp_signature(int family, int sock, int enable);
-+#endif /* QUAGGA_TCP_MD5SIG */
- /*
- * Size defines for control messages used to get ifindex. We define
- * values for each method, and define a macro that can be used by code
diff -ruN --exclude=CVS /usr/ports/net/quagga/files/patch-configure.ac /usr/ports/net/quagga.new/files/patch-configure.ac
--- /usr/ports/net/quagga/files/patch-configure.ac Mon Dec 8 21:20:12 2003
+++ /usr/ports/net/quagga.new/files/patch-configure.ac Thu Jan 1 05:00:00 1970
@@ -1,43 +0,0 @@
---- configure.ac.orig Sun Nov 2 04:12:19 2003
-+++ configure.ac Wed Dec 3 02:28:37 2003
-@@ -724,7 +724,7 @@
- dnl AC_CHECK_LIB(snmp, asn_parse_int, HAVE_SNMP=yes)
- if test "${HAVE_SNMP}" = ""; then
- old_libs="${LIBS}"
-- LIBS="-L/usr/lib"
-+ LIBS="-L/usr/lib -L/usr/local/lib"
- unset ac_cv_lib_snmp_asn_parse_int
- AC_CHECK_LIB(crypto, main, NEED_CRYPTO=yes, )
- if test "${NEED_CRYPTO}" = ""; then
-@@ -765,7 +765,7 @@
- fi
-
- if test "${HAVE_SNMP}" = "yes"; then
-- for ac_snmp in /usr/include/net-snmp/library/asn1.h /usr/include/ucd-snmp/asn1.h /usr/local/include/ucd-snmp/asn1.h /dev/null
-+ for ac_snmp in /usr/include/net-snmp/library/asn1.h /usr/include/ucd-snmp/asn1.h /usr/local/include/ucd-snmp/asn1.h /usr/local/include/net-snmp/library/asn1.h /dev/null
- do
- test -f "${ac_snmp}" && break
- done
-@@ -782,6 +782,13 @@
- LIBS="${LIBS} -lsnmp"
- fi
- ;;
-+ /usr/local/include/net-snmp/*)
-+ AC_DEFINE(HAVE_SNMP,,SNMP)
-+ AC_DEFINE(HAVE_NETSNMP,,SNMP)
-+ AC_DEFINE(UCD_COMPATIBLE,,SNMP)
-+ CFLAGS="${CFLAGS} -I/usr/local/include -I/usr/local/include/net-snmp -I/usr/local/include/net-snmp/library"
-+ LIBS="${LIBS} -L/usr/local/lib -lnetsnmp"
-+ ;;
- /usr/include/ucd-snmp/*)
- AC_DEFINE(HAVE_SNMP,,SNMP)
- CFLAGS="${CFLAGS} -I/usr/include/ucd-snmp"
-@@ -794,7 +801,7 @@
- ;;
- /usr/local/include/net-snmp/*)
- AC_DEFINE(HAVE_SNMP,,SNMP)
-- AC_DEFINE(HAVE_NET_SNMP,,SNMP)
-+ AC_DEFINE(HAVE_NETSNMP,,SNMP)
- AC_DEFINE(UCD_COMPATIBLE,,SNMP)
- CFLAGS="${CFLAGS} -I/usr/local/include/net-snmp"
- LIBS="${LIBS} -L/usr/local/lib -lnetsnmp"
--- quagga-0.98.5.patch ends here ---
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?E1E9y9U-0001iP-PK>