On 3. Jan 2012, at 17:47 , Borja Marcos wrote: > > On Jan 3, 2012, at 4:29 PM, Ed Maste wrote: > >> Thanks for the link Nikolay. >> >> Borja, I assume it's the PR submission form that gave you trouble - >> sorry for that. Based on your report it sounds to me like the bug is >> in OpenBGPd itself. If it works on OpenBSD with the TCP_MD5SIG option >> though I'd assume it's due to a difference in our (FreeBSD's) >> implementation of the option. Did you look at the OpenBSD/FreeBSD >> differences in your investigation? > > Both bird and quagga work as expected on FreeBSD. You can leave TCP_MD5 > enabled in the kernel. If you specify "password" options for a BGP peer, it > will enable TCP_MD5. Of course in FreeBSD it's a bit clumsy and you have to > use setkey(8) to set the keys. But it works.
The reason for setkey is just because the software (quagga, bird,...) didn't grow a proper key management integration on pfkey2. Would be easy. Might be needed soon anyway;-) Not having looked at the particular openbgpd patches in our ports tree I would almost expect there can only be a minor issue that it would stop to work for non-protected peers once MD5 support is present in the kernel and that should be easy to spot. Unfortunately Doug didn't say from where he updated to this December 8-STABLE to see if it could be the MFCs of the MD5 changes by Attilio could make OpenBGPd as in ports cranky? /bz -- Bjoern A. Zeeb You have to have visions! It does not matter how good you are. It matters what good you do! _______________________________________________ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
