From owner-freebsd-net@FreeBSD.ORG  Thu Nov 24 12:41:34 2011
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 3C93B106566B
	for <freebsd-net@freebsd.org>; Thu, 24 Nov 2011 12:41:34 +0000 (UTC)
	(envelope-from ndenev@gmail.com)
Received: from mail-bw0-f54.google.com (mail-bw0-f54.google.com
	[209.85.214.54])
	by mx1.freebsd.org (Postfix) with ESMTP id BEE828FC14
	for <freebsd-net@freebsd.org>; Thu, 24 Nov 2011 12:41:33 +0000 (UTC)
Received: by bkbzs8 with SMTP id zs8so3755309bkb.13
	for <freebsd-net@freebsd.org>; Thu, 24 Nov 2011 04:41:32 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma;
	h=subject:mime-version:content-type:from:in-reply-to:date:cc
	:content-transfer-encoding:message-id:references:to:x-mailer;
	bh=bh5Y0niWaLCC6DwfLGCaObbuNE+GHy7lDTX85E9GFFY=;
	b=DcIK+UorcnUHR1Zwsk0Y8JmKWyQDje+0su4tYhY0PzYLOk54BmlQhsqQy3ZUiFLdA6
	Xh9rqVLFKt608uNfP3MuK+P1krmF+VFO1dhtLXG8jP33oQop1FMjWXyqNRkCsp3/X9/B
	cuUlGU+YehKlXfL0NzZMz4Yry413tuLUq0lx0=
Received: by 10.205.121.1 with SMTP id ga1mr26520282bkc.60.1322138492535;
	Thu, 24 Nov 2011 04:41:32 -0800 (PST)
Received: from ndenevsa.sf.moneybookers.net (g1.moneybookers.com.
	[217.18.249.148])
	by mx.google.com with ESMTPS id i3sm25276112faf.0.2011.11.24.04.41.29
	(version=TLSv1/SSLv3 cipher=OTHER);
	Thu, 24 Nov 2011 04:41:29 -0800 (PST)
Mime-Version: 1.0 (Apple Message framework v1251.1)
Content-Type: text/plain; charset=us-ascii
From: Nikolay Denev <ndenev@gmail.com>
In-Reply-To: <F35D19C6-D560-4ED0-A2E3-140E64D0841C@sarenet.es>
Date: Thu, 24 Nov 2011 14:41:28 +0200
Content-Transfer-Encoding: quoted-printable
Message-Id: <5229579D-A711-4804-9E26-7089D89D81DD@gmail.com>
References: <EE636279-E758-44EA-B5B7-23D66D799E20@sarenet.es>
	<25CAC0FC-ED0F-42D5-85DC-B7270EFD9814@gmail.com>
	<F35D19C6-D560-4ED0-A2E3-140E64D0841C@sarenet.es>
To: Borja Marcos <borjam@sarenet.es>
X-Mailer: Apple Mail (2.1251.1)
Cc: freebsd-net@freebsd.org
Subject: Re: Openbgpd incorrectly sets TCP_MD5 on the listen socket,
	regardless of configuration
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 24 Nov 2011 12:41:34 -0000

On Nov 23, 2011, at 2:43 PM, Borja Marcos wrote:

>=20
> On Nov 23, 2011, at 9:30 AM, Nikolay Denev wrote:
>=20
>> I'm seeing exactly the same problem with Quagga.
>> Quagga's bgpd also seem to always set the TCP_MD5 socket option, and =
newer freebsd 8.2 machines
>> don't seem to be able to establish bgp sessions, probably due to the =
recent TCP_MD5 fixes that enabled
>> the TCP_MD5 checksum verification of incoming packets.
>=20
> Hmm. A confusion? ;)
>=20
> The traces I've just sent show Quagga and Bird working well, OpenBGPD =
failing.
>=20
>=20
> Borja.
>=20


Nope, no confusion :)

My pair of FreeBSD 8.2 routers fail to establish a BGP session unless I =
define MD5 password in /etc/ipsec.conf or disable the validation of the
digests with the sysctl I mentioned in my previous email.

I'm seeing exactly the same tcpdumps, with invalid digest options and =
empty digest (all zeroes).

Regards,
Nikolay=