From owner-freebsd-bugs@freebsd.org Fri Nov 24 12:53:48 2017 Return-Path: Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id B9FCBDE3E14 for ; Fri, 24 Nov 2017 12:53:48 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id A81B6736FC for ; Fri, 24 Nov 2017 12:53:48 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id vAOCrm0H056101 for ; Fri, 24 Nov 2017 12:53:48 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-bugs@FreeBSD.org Subject: [Bug 223835] BGP session not established with md5 password via FRRouting Date: Fri, 24 Nov 2017 12:53:48 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 11.1-STABLE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: ae@FreeBSD.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 24 Nov 2017 12:53:48 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D223835 --- Comment #6 from Andrey V. Elsukov --- (In reply to Alexey from comment #4) > (In reply to Andrey V. Elsukov from comment #3) > [root@gate /home/pautina]# netstat -sp tcp | grep sig > 0 packets with matching signature received > 5261 packets with bad signature received This means that socket is configured to receive and send TCP MD5 signatures, but TCP segments has wrong signatures. You need to make sure that used pass= word is correct.=20 > 5579 times failed to make signature due to no SA This means that outbound or inbound TCP segments have been failed to find corresponding SA for given addresses and ports. > 0 times unexpected signature received > 2 times no signature provided by segment >=20 > what are you mean about addresses daemon, what the daemon, frr, bgpd? >=20 > Maybe this? > frr bgpd 41894 5 tcp6 *:179 *:* > frr bgpd 41894 6 tcp4 *:179 *:* > frr bgpd 41894 7 tcp6 *:2605 *:* > frr bgpd 41894 8 tcp4 *:2605 *:* I would check the output of tcpdump for given TCP connections. Addresses in packets dump should match to addresses used in SAs. You also can use -M fla= g to specify used password and see that it is correct. --=20 You are receiving this mail because: You are the assignee for the bug.=