Date: Mon, 9 Jan 2012 17:00:23 +0000 From: "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net> To: Claudio Jeker <cjeker@diehard.n-r-g.com> Cc: freebsd-net@freebsd.org Subject: Re: openbgpds not talking each other since 8.2-STABLE upgrade Message-ID: <648F3DA8-EBEC-4CC1-A8C4-EC4B1E0896F7@lists.zabbadoz.net> In-Reply-To: <20120106221859.GC29646@diehard.n-r-g.com> References: <20120104.040611.1847309275485655567.hrs@allbsd.org> <4F036A7F.9030906@FreeBSD.org> <52D4B9DF-4BC3-4AF7-BCE0-A88E18F25650@gmail.com> <20120104.144214.74742226.sthaug@nethelp.no> <CABXB=RQFuAdkFiRgNH%2B9QWHMn8zMR31wmcSWumwWv54UwVyvvw@mail.gmail.com> <CABXB=RR7hwaQtQcOJks3ipt3iKM=_ViErxG8THSr2rsCoLgOTA@mail.gmail.com> <20120106153500.GA78077@sandvine.com> <20120106221859.GC29646@diehard.n-r-g.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 6. Jan 2012, at 22:18 , Claudio Jeker wrote: > On Fri, Jan 06, 2012 at 10:35:01AM -0500, Ed Maste wrote: >> On Thu, Jan 05, 2012 at 08:18:39PM -0500, J David wrote: >> >>> To help understand what's going on and test some of this stuff, I >>> hacked up a TCP-MD5-aware echo server and tried various things. >> >> Hi J David, >> >> Thank you very much for this extensive testing and analysis. Would you >> care to post your basic echo server somewhere for others to use in >> debugging this, just to save time for anyone who can debug further? >> > > nc(1) has MD5 support (-S). There is no need for extra tools. > You still need to install the SA since nc will only turn on the sockopt. Not for the listen socket in FreeBSD... I patched that locally. General comment for all the others on the issue as well: There's quite a bit of things to fix in the input path validation to do still it turns out; seems we are still accepting unsigned RSTs despite a policy in place to mandate MD5 between the hosts etc... I am trying to get the SYN cache breakage fixed currently to get the status quo back to what was expected and am finding other things in the stack etc that distract me and get improved along the lines... anyway, I am hopeful to have a patch for the first issue later today. It's a bit intrusive as I indeed started to clean some things up also preparing for more. I'll keep everyone informed. /bz -- Bjoern A. Zeeb You have to have visions! It does not matter how good you are. It matters what good you do!
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?648F3DA8-EBEC-4CC1-A8C4-EC4B1E0896F7>