[quagga-dev 5483] Re: [quagga-users 9626] MD5 Support - 0.99.10

Michael H. Warfield mhw at WittsEnd.com
Fri Jun 13 15:16:24 BST 2008

On Fri, 2008-06-13 at 03:43 +0100, paul at clubi.ie wrote:
> Hi Michael,
> Thanks for keeping these patches together!
> I've had a look at the patch, and have some slight suggested changes 
> (see attached diff):
> - just get rid of the enable argument, just test for the BSD
>    TCP_MD5SIG define

	Already done.

> - get rid of the peer flag, just use peer->password != NULL

	Will check this next.  This should be fairly straightforward to do if
we are not worried about disabling passwords on existing sessions.  That
will simplify the code.

> - propogate errors back up to UI when setting a password, if possible
>    (inc. TCP-MD5SIG not being supported on the platform).

	Ok.  I'll look that over and get it done.

> - chop out the bug-avoidance around v4-mapped sockets

	Uh...  You mean remove the bug avoidance code entirely or chop it out
so it's only included when needed?  Right now that code is
conditionalized on the IPV6_V6ONLY define, which is present in Linux,
OpenBSD and FreeBSD.  I could further tighten that condition to Linux
only.  I tested this out without the separate sockets on Linux and it
does not work.  So, if that code is not there it won't work in any Linux
versions up to and including 2.6.26, even if I get someone to fix the
problem immediately.  The only real effect of this code is that we end
up listening on two sockets instead of one.  That's not a real big
resource consumption there.

	I will double check with the latest 2.6.25 kernel and 2.6.26 when it
comes out.

	I'm also going to test out the md5 passwords on v6 as well.

> If someone can confirm it still works (the UI stuff seems to)..

	The current patch (0.99.10 w/ the v10 patch) is working like a charm in
production right now.  At my ISP, I'm advertising my IPv4 space to their
routers and I'm advertising my IPv6 routes to OCCAID, my tunnel broker.
The former requires passwords to be working.  The later does not.  I've
got Fedora 8 rpms build but was not going to distribute any binaries.

	I'll be able to confirm these further changes on Linux.  I've got my
FreeBSD 6.2 image running and I've got an OpenBSD Sparc box to test on,
but that testing will take more time.

	It will take some time to set up the test environments but I will test
those platforms as well for the compatibility address problems but that
may have to wait to finish filling out the BSD code.  Since OpenBSD has
it's own bgpd, I might try testing against that.  That would give me
another reference platform in addition to the Linux systems and the
router gear I'm talking to at my ISP.

	I know the Quagga site has a route server up (strange - that page is
blank for me right now).  Would we want to connect up one ore more of my
bgp daemons up to that for both v4 and v6 and add passwords for testing?

> regards,
> -- 
> Paul Jakma	paul at clubi.ie	paul at jakma.org	Key ID: 64A2FF6A
> Fortune:
> Violence is a sword that has no handle -- you have to hold the blade.

Michael H. Warfield (AI4NB) | (770) 985-6132 |  mhw at WittsEnd.com
   /\/\|=mhw=|\/\/          | (678) 463-0932 |  http://www.wittsend.com/mhw/
   NIC whois: MHW9          | An optimist believes we live in the best of all
 PGP Key: 0xDF1DD471        | possible worlds.  A pessimist is sure of it!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 307 bytes
Desc: This is a digitally signed message part
URL: <http://lists.quagga.net/pipermail/quagga-dev/attachments/20080613/b7444b90/attachment-0001.sig>

More information about the Quagga-dev mailing list