Date: Wed, 22 Aug 2007 21:06:35 -1000 From: Randy Bush <randy@psg.com> To: FreeBSD Net <freebsd-net@freebsd.org> Cc: boris@tagnet.ru Subject: quagga 0.99.8 on current, tcpmd5 config confusion Message-ID: <18125.12795.336977.904060@roam.psg.com>
next in thread | raw e-mail | index | archive | help
just did a cvsup build and portupgrade of a six month old -current i386 system running quagga. quagga cranked to 0.99.8. i got slammed by bgp tcpmd5 requirement. bgpd[469]: can't set sockopt TCP_MD5SIG 0 to socket 17 bgpd[469]: can't set sockopt TCP_MD5SIG 0 to socket 18 bgpd[469]: can't set sockopt TCP_MD5SIG 0 to socket 22 madly googled and found that i needed to hack kernel for tcp md5 hash, even though i am not using md5 auth (these are not really infrastructure peerings. yes i know better for production). # quagga needs this for MD5 passwords on BGP sessions # options TCP_SIGNATURE options IPSEC #options FAST_IPSEC device crypto device cryptodev FAST_IPSEC turned out to be obsolete, so removed with this kernel, i got a lot of whining about no keys tcp_signature_compute: SADB lookup failed for 666.42.69.96 i restarted quagga, and bgpd left a disk flower bgpd[9808]: BGPd 0.99.8 starting: vty@2605, bgp@179 kernel: pid 9808 (bgpd), uid 101: exited on signal 6 which i was too panicked to debug so i went to backup and restored last week's binaries of quagga. things are running, and i am less panicked. enough adrenaline for one day, lemme tell ya. but tell me, what the heck is the correct recipe for a kernel and a quagga build for a bgpd that will play happily together? clue by four please! randy
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?18125.12795.336977.904060>