[quagga-dev 10274] Re: IPv6 BGP md5 password disappears on restart

David Lamparter equinox at opensourcerouting.org
Sat Feb 23 21:05:19 GMT 2013


On Fri, Jan 18, 2013 at 03:04:50PM +0100, Roman Hoog Antink wrote:
> On 14.01.2013 15:26, David Lamparter wrote:
> > On Mon, Aug 06, 2012 at 02:44:37PM +0200, Roman Hoog Antink wrote:
> >> This way the order of group and password statements is unimportant and
> >> all scenarios are possible: peers with individual passwords overriding
> >> group passwords; peers with individual passwords in groups without group
> >> password, etc.
> > 
> > [...]
> >>    /* password apply */
> >> -  if (peer->password)
> >> -    XFREE (MTYPE_PEER_PASSWORD, peer->password);
> >> -
> >>    if (conf->password)
> >> -    peer->password =  XSTRDUP (MTYPE_PEER_PASSWORD, conf->password);
> >> -  else
> >> -    peer->password = NULL;
> >> +    {
> >> +      XFREE (MTYPE_PEER_PASSWORD, peer->password);
> >> +      peer->password =  XSTRDUP (MTYPE_PEER_PASSWORD, conf->password);
> >> +    }
> > 
> > Shouldn't this be "if (conf->password && !peer->password)"?
> > 
> > Even with your patch, if the peer-group has a password set, that will
> > override the peer's password, if it's set before the peer is added to
> > the peer group - or am I overlooking something?
> > 
> > -David
> > 
> 
> You are right. Besides, this improvement makes the XFREE unnecessary.
> I attached the adapted patch against 0.99.21.

Applied, Thanks!


> commit 2c56b7fb29edc4e87257f42d620928dcb790258a
> Author: Roman Hoog Antink <rha at open.ch>
> Date:   Fri Jan 18 13:52:03 2013 +0100
> 
>         bgpd: fix lost passwords of grouped neighbors
>     
>         This patch resolves the significance of order of group and password
>         statements.
>     
>         It prevents passwords from being lost in cases where all
>         three conditions apply:
>           1. the peer is member of a group with or without group password
>           2. the peer has an individual password set
>           3. the peer is added to a group within an address-family ipv6
>              section
>     
>         In addition this patch prevents the same issue in cases, where an IPv4
>         peer's password is set first and the peer is added to a group
>         afterwards.
>     
>         Adding a peer to a group cancels his individual password. Without ipv6
>         this is not a problem, because choosing the right order of config
>         statements will do (set password only after adding peer to group).
>     
>         When adding the peer to a group within the address-family
>         section, his password is definitely lost. The same workaround (ie.
>         setting the password after the address-family section) can not be used,
>         because "show run" will print the configuration statements in the wrong
>         order.
> 
> diff --git a/bgpd/bgpd.c b/bgpd/bgpd.c
> index 9c8eda8..61a4610 100644
> --- a/bgpd/bgpd.c
> +++ b/bgpd/bgpd.c
> @@ -1447,13 +1447,8 @@ peer_group2peer_config_copy (struct peer_group *group, struct peer *peer,
>      peer->v_routeadv = BGP_DEFAULT_EBGP_ROUTEADV;
>  
>    /* password apply */
> -  if (peer->password)
> -    XFREE (MTYPE_PEER_PASSWORD, peer->password);
> -
> -  if (conf->password)
> +  if (conf->password && !peer->password)
>      peer->password =  XSTRDUP (MTYPE_PEER_PASSWORD, conf->password);
> -  else
> -    peer->password = NULL;
>  
>    bgp_md5_set (peer);
>  




> _______________________________________________
> Quagga-dev mailing list
> Quagga-dev at lists.quagga.net
> http://lists.quagga.net/mailman/listinfo/quagga-dev

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 230 bytes
Desc: Digital signature
URL: <http://lists.quagga.net/pipermail/quagga-dev/attachments/20130223/0ab3cf11/attachment-0001.sig>


More information about the Quagga-dev mailing list