Date: Wed, 04 Jan 2012 06:03:27 +0900 (JST) From: Hiroki Sato <hrs@FreeBSD.org> To: dougb@FreeBSD.org Cc: ndenev@gmail.com, emaste@FreeBSD.org, borjam@sarenet.es, freebsd-net@FreeBSD.org Subject: Re: openbgpds not talking each other since 8.2-STABLE upgrade Message-ID: <20120104.060327.1335862860296491365.hrs@allbsd.org> In-Reply-To: <4F036A7F.9030906@FreeBSD.org> References: <20DC0C8A-DD9E-408E-9ACA-82532DB31871@lists.zabbadoz.net> <20120104.040611.1847309275485655567.hrs@allbsd.org> <4F036A7F.9030906@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
----Security_Multipart(Wed_Jan__4_06_03_27_2012_282)-- Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit Doug Barton <dougb@freebsd.org> wrote in <4F036A7F.9030906@FreeBSD.org>: do> This patch works even if net.inet.tcp.signature_verify_input=1. If I do> turn that sysctl off on both sides they can talk to each other even do> without the patch. So that would definitely seem to indicate that the do> tcp_signature stuff is the source of the problem. do> do> What unfortunately did not work is configuring signatures on both sides. do> With the sysctl enabled, IPSEC set up on both hosts, and the tcp md5sig do> option in both bgpd.conf files, we got the same result as before, no do> communication between them. When -HUP'ing and/or restarting openbgpd do> with the tcp md5sig option enabled we get "pfkey setup failed." do> do> So, "working iBGP + no signatures" is a good next step. "iBGP + do> signatures" would be an even better one. :) We're happy to test more do> patches, etc.; and thanks again to everyone who has responded so far. Okay, thank you for your report. I will take some time to fix TCP_MD5SIG support in openbgpd and inform you when another patch is ready. -- Hiroki ----Security_Multipart(Wed_Jan__4_06_03_27_2012_282)-- Content-Type: application/pgp-signature Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (FreeBSD) iEYEABECAAYFAk8DbR8ACgkQTyzT2CeTzy1drQCglm+AWVP4TvNJlleoHd0HmTTq zZEAni9yHXnm9ZBGGyhz9bYxjbZrj8DT =DR0G -----END PGP SIGNATURE----- ----Security_Multipart(Wed_Jan__4_06_03_27_2012_282)----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20120104.060327.1335862860296491365.hrs>