Date: Tue, 3 Jan 2012 18:03:52 +0000 From: "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net> To: Borja Marcos <borjam@sarenet.es> Cc: Nikolay Denev <ndenev@gmail.com>, Ed Maste <emaste@freebsd.org>, freebsd-net@freebsd.org Subject: Re: openbgpds not talking each other since 8.2-STABLE upgrade Message-ID: <20DC0C8A-DD9E-408E-9ACA-82532DB31871@lists.zabbadoz.net> In-Reply-To: <6FE9FF15-487F-4A31-AEE0-A0AD92F5DC72@sarenet.es> References: <99A5FFD9-8815-4CCC-9868-FB2E3D799566@gridfury.com> <4F027BC0.1080101@FreeBSD.org> <8F87C898-3290-41B9-ACDF-3558D7C28D74@gmail.com> <20120103152909.GA83706@sandvine.com> <6FE9FF15-487F-4A31-AEE0-A0AD92F5DC72@sarenet.es>
next in thread | previous in thread | raw e-mail | index | archive | help
On 3. Jan 2012, at 17:47 , Borja Marcos wrote: >=20 > On Jan 3, 2012, at 4:29 PM, Ed Maste wrote: >=20 >> Thanks for the link Nikolay. >>=20 >> Borja, I assume it's the PR submission form that gave you trouble - >> sorry for that. Based on your report it sounds to me like the bug is >> in OpenBGPd itself. If it works on OpenBSD with the TCP_MD5SIG = option >> though I'd assume it's due to a difference in our (FreeBSD's) >> implementation of the option. Did you look at the OpenBSD/FreeBSD >> differences in your investigation? >=20 > Both bird and quagga work as expected on FreeBSD. You can leave = TCP_MD5 enabled in the kernel. If you specify "password" options for a = BGP peer, it will enable TCP_MD5. Of course in FreeBSD it's a bit clumsy = and you have to use setkey(8) to set the keys. But it works. The reason for setkey is just because the software (quagga, bird,...) = didn't grow a proper key management integration on pfkey2. Would be = easy. Might be needed soon anyway;-) Not having looked at the particular openbgpd patches in our ports tree I = would almost expect there can only be a minor issue that it would stop = to work for non-protected peers once MD5 support is present in the = kernel and that should be easy to spot. Unfortunately Doug didn't say from where he updated to this December = 8-STABLE to see if it could be the MFCs of the MD5 changes by Attilio = could make OpenBGPd as in ports cranky? /bz --=20 Bjoern A. Zeeb You have to have visions! It does not matter how good you are. It matters what good you do!
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20DC0C8A-DD9E-408E-9ACA-82532DB31871>