[quagga-dev 5484] Re: [quagga-users 9626] MD5 Support - 0.99.10
paul at clubi.ie
paul at clubi.ie
Fri Jun 13 16:09:55 BST 2008
On Fri, 13 Jun 2008, Michael H. Warfield wrote:
> Already done.
I've made all those suggestions in the diff I sent ;)
> Will check this next. This should be fairly straightforward to do if
> we are not worried about disabling passwords on existing sessions. That
> will simplify the code.
See my minor re-edit of your patch, which I had attached :)
> Ok. I'll look that over and get it done.
See diff! :)
> Uh... You mean remove the bug avoidance code entirely or
> chop it out so it's only included when needed? Right now that code
> is conditionalized on the IPV6_V6ONLY define, which is present in
> Linux, OpenBSD and FreeBSD. I could further tighten that condition
> to Linux only.
Well, do we need to have this in the initial revision of the TCP-MD5
support that we put into CVS? I.e. lets treat this is a seperate bug,
distinct from the RFE work of getting TCP-MD5SIG into Quagga - and
solve it seperately.
It could be its a simple bug to fix in the kernels concerned.
> I tested this out without the separate sockets on Linux and it does
> not work.
Ah, oops - my re-edit sets TCP-MD5SIG on the peer->fd, but not the
listen socket. My bad. I just tested with multiple local bgpds on a
Fedora box here and it doesnt work (I presume TCP-MD5SIG works on
local sockets on Linux).
Let me add that back in.
> I know the Quagga site has a route server up (strange - that page is
> blank for me right now).
Oops, my bad.
> Would we want to connect up one ore more of my bgp daemons up to
> that for both v4 and v6 and add passwords for testing?
Solaris doesn't support TCP-MD5 at the moment. Though, wouldn't be
too hard to hack it on though (Solaris already has code to run MD5
over TCP, for ISN, and storing a password with the socket would be
Paul Jakma paul at clubi.ie paul at jakma.org Key ID: 64A2FF6A
linux: because a PC is a terrible thing to waste
(ksh at cis.ufl.edu put this on Tshirts in '93)
More information about the Quagga-dev