From owner-freebsd-net@FreeBSD.ORG  Tue Jan  3 19:36:11 2012
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id C56CB106566C
	for <freebsd-net@FreeBSD.org>; Tue,  3 Jan 2012 19:36:11 +0000 (UTC)
	(envelope-from sthaug@nethelp.no)
Received: from bizet.nethelp.no (bizet.nethelp.no [195.1.209.33])
	by mx1.freebsd.org (Postfix) with SMTP id 14C078FC18
	for <freebsd-net@FreeBSD.org>; Tue,  3 Jan 2012 19:36:10 +0000 (UTC)
Received: (qmail 82207 invoked from network); 3 Jan 2012 19:36:08 -0000
Received: from bizet.nethelp.no (HELO localhost) (195.1.209.33)
	by bizet.nethelp.no with SMTP; 3 Jan 2012 19:36:08 -0000
Date: Tue, 03 Jan 2012 20:36:08 +0100 (CET)
Message-Id: <20120103.203608.74677765.sthaug@nethelp.no>
To: hrs@FreeBSD.org
From: sthaug@nethelp.no
In-Reply-To: <20120104.040611.1847309275485655567.hrs@allbsd.org>
References: <6FE9FF15-487F-4A31-AEE0-A0AD92F5DC72@sarenet.es>
	<20DC0C8A-DD9E-408E-9ACA-82532DB31871@lists.zabbadoz.net>
	<20120104.040611.1847309275485655567.hrs@allbsd.org>
X-Mailer: Mew version 3.3 on Emacs 21.3 / Mule 5.0 (SAKAKI)
Mime-Version: 1.0
Content-Type: Text/Plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Cc: ndenev@gmail.com, dougb@FreeBSD.org, emaste@FreeBSD.org, borjam@sarenet.es,
	freebsd-net@FreeBSD.org
Subject: Re: openbgpds not talking each other since 8.2-STABLE upgrade
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 03 Jan 2012 19:36:11 -0000

>  Doug, does your kernel have TCP_SIGNATURE option?  The patch[*] for
>  net/openbgpd can be used as a workaround if it was due to TCP_MD5SIG
>  option on the listening sockets.
> 
>  [*] http://people.allbsd.org/~hrs/FreeBSD/openbgpd.20120104-1.diff
> 
>  While this is an ugly hack and I will investigate more reasonable
>  solution for that, I want to narrow down the cause first.  Can anyone
>  who are using a 8-STABLE kenrel with TCP_SIGNATURE let me know if
>  this works or not?

8-STABLE on several servers, csup'ed only a couple of days ago, with 

options         TCP_SIGNATURE
options         IPSEC
device          crypto
device          cryptodev

and Quagga bgpd talking to Juniper M/MX routers using MD5 key on the
BGP sessions. No problems.

Steinar Haug, Nethelp consulting, sthaug@nethelp.no