From owner-freebsd-net@FreeBSD.ORG  Thu Aug 23 07:17:34 2007
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id A257016A417
	for <freebsd-net@freebsd.org>; Thu, 23 Aug 2007 07:17:34 +0000 (UTC)
	(envelope-from randy@psg.com)
Received: from rip.psg.com (rip.psg.com [147.28.0.39])
	by mx1.freebsd.org (Postfix) with ESMTP id 8C3D713C468
	for <freebsd-net@freebsd.org>; Thu, 23 Aug 2007 07:17:34 +0000 (UTC)
	(envelope-from randy@psg.com)
Received: from localhost ([127.0.0.1] helo=roam.psg.com)
	by rip.psg.com with esmtp (Exim 4.67 (FreeBSD))
	(envelope-from <randy@psg.com>)
	id 1IO6mB-000HAC-NK; Thu, 23 Aug 2007 07:06:44 +0000
Received: from localhost ([127.0.0.1] helo=roam.psg.com)
	by roam.psg.com with esmtp (Exim 4.67 (FreeBSD))
	(envelope-from <randy@psg.com>)
	id 1IO6m9-0003NF-49; Wed, 22 Aug 2007 21:06:41 -1000
From: Randy Bush <randy@psg.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-ID: <18125.12795.336977.904060@roam.psg.com>
Date: Wed, 22 Aug 2007 21:06:35 -1000
To: FreeBSD Net <freebsd-net@freebsd.org>
Cc: boris@tagnet.ru
Subject: quagga 0.99.8 on current, tcpmd5 config confusion
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Aug 2007 07:17:34 -0000

just did a cvsup build and portupgrade of a six month old -current
i386 system running quagga.  quagga cranked to 0.99.8.  i got
slammed by bgp tcpmd5 requirement.

bgpd[469]: can't set sockopt TCP_MD5SIG 0 to socket 17
bgpd[469]: can't set sockopt TCP_MD5SIG 0 to socket 18
bgpd[469]: can't set sockopt TCP_MD5SIG 0 to socket 22

madly googled and found that i needed to hack kernel for tcp md5
hash, even though i am not using md5 auth (these are not really
infrastructure peerings.  yes i know better for production).

# quagga needs this for MD5 passwords on BGP sessions
#
options         TCP_SIGNATURE
options         IPSEC
#options        FAST_IPSEC
device          crypto
device          cryptodev

FAST_IPSEC turned out to be obsolete, so removed

with this kernel, i got a lot of whining about no keys

tcp_signature_compute: SADB lookup failed for 666.42.69.96

i restarted quagga, and bgpd left a disk flower

bgpd[9808]: BGPd 0.99.8 starting: vty@2605, bgp@179
kernel: pid 9808 (bgpd), uid 101: exited on signal 6

which i was too panicked to debug

so i went to backup and restored last week's binaries of quagga.

things are running, and i am less panicked.  enough adrenaline for
one day, lemme tell ya.

but tell me, what the heck is the correct recipe for a kernel and a
quagga build for a bgpd that will play happily together?

clue by four please!

randy