From owner-freebsd-ports-bugs@FreeBSD.ORG Mon Jul 30 17:20:03 2007 Return-Path: Delivered-To: freebsd-ports-bugs@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 35B6C16A41B for ; Mon, 30 Jul 2007 17:20:03 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id AFAA713C46C for ; Mon, 30 Jul 2007 17:20:02 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.1/8.14.1) with ESMTP id l6UHK2tT069301 for ; Mon, 30 Jul 2007 17:20:02 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.1/8.14.1/Submit) id l6UHK2dV069300; Mon, 30 Jul 2007 17:20:02 GMT (envelope-from gnats) Resent-Date: Mon, 30 Jul 2007 17:20:02 GMT Resent-Message-Id: <200707301720.l6UHK2dV069300@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-ports-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Ali Lomonaco Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 91CAE16A417 for ; Mon, 30 Jul 2007 17:16:11 +0000 (UTC) (envelope-from nobody@FreeBSD.org) Received: from www.freebsd.org (www.freebsd.org [IPv6:2001:4f8:fff6::21]) by mx1.freebsd.org (Postfix) with ESMTP id 6AE2E13C45A for ; Mon, 30 Jul 2007 17:16:11 +0000 (UTC) (envelope-from nobody@FreeBSD.org) Received: from www.freebsd.org (localhost [127.0.0.1]) by www.freebsd.org (8.14.1/8.14.1) with ESMTP id l6UHGB7p020402 for ; Mon, 30 Jul 2007 17:16:11 GMT (envelope-from nobody@www.freebsd.org) Received: (from nobody@localhost) by www.freebsd.org (8.14.1/8.14.1/Submit) id l6UHGBM9020401; Mon, 30 Jul 2007 17:16:11 GMT (envelope-from nobody) Message-Id: <200707301716.l6UHGBM9020401@www.freebsd.org> Date: Mon, 30 Jul 2007 17:16:11 GMT From: Ali Lomonaco To: freebsd-gnats-submit@FreeBSD.org X-Send-Pr-Version: www-3.0 Cc: Subject: ports/115055: openbgpd rfc2385 support X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 30 Jul 2007 17:20:03 -0000 >Number: 115055 >Category: ports >Synopsis: openbgpd rfc2385 support >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Mon Jul 30 17:20:02 GMT 2007 >Closed-Date: >Last-Modified: >Originator: Ali Lomonaco >Release: 6.2-RELEASE >Organization: >Environment: FreeBSD mgmt-02.noc.redanvil.net 6.2-RELEASE FreeBSD 6.2-RELEASE #2: Tue Jul 24 20:03:55 CDT 2007 anvil@mgmt-02.noc.redanvil.net:/usr/src/sys/amd64/compile/MGMT-02 amd64 >Description: The openbgpd port applies some patches to get around the missing pfkey support which disallow any rfc2385 support to be configured for a peer. >How-To-Repeat: setkey -c add 1.1.1.1 1.1.1.2 tcp 0x1000 -A tcp-md5 "secret" ; in bgpd.conf: group "g1" { neighbor 1.1.1.2 { tcp md5sig password "secret" } } Session stays in IDLE state. >Fix: The attached patch will allow rfc2385 to be configured for a peer even though pfkey doesn't exist. See setkey(8) for instructions on how to configure rfc2385 support. diff -Nru openbgpd/files/patch-bgpd_pfkey_compat.c /usr/ports/net/openbgpd/files/patch-bgpd_pfkey_compat.c --- openbgpd/files/patch-bgpd_pfkey_compat.c Tue Jul 24 23:02:37 2007 +++ /usr/ports/net/openbgpd/files/patch-bgpd_pfkey_compat.c Thu Jul 19 06:58:59 2007 @@ -7,7 +7,7 @@ +int +pfkey_establish(struct peer *p) +{ -+ if (p->conf.auth.method > AUTH_MD5SIG) ++ if (p->conf.auth.method) + return (-1); + return (0); +} @@ -15,7 +15,7 @@ +int +pfkey_remove(struct peer *p) +{ -+ if (p->conf.auth.method > AUTH_MD5SIG) ++ if (p->conf.auth.method) + return (-1); + return (0); +} diff -Nru openbgpd/files/patch-bgpd_session.c /usr/ports/net/openbgpd/files/patch-bgpd_session.c --- openbgpd/files/patch-bgpd_session.c Tue Jul 24 23:20:40 2007 +++ /usr/ports/net/openbgpd/files/patch-bgpd_session.c Wed Dec 31 18:00:00 1969 @@ -1,20 +0,0 @@ ---- bgpd/session.c.orig Tue Jul 24 23:11:06 2007 -+++ bgpd/session.c Tue Jul 24 23:13:46 2007 -@@ -982,7 +982,7 @@ session_accept(int listenfd) - } - } - -- if (p->conf.auth.method != AUTH_NONE && sysdep.no_pfkey) { -+ if (p->conf.auth.method != AUTH_NONE && sysdep.no_pfkey && sysdep.no_md5sig) { - log_peer_warnx(&p->conf, - "ipsec or md5sig configured but not available"); - close(connfd); -@@ -1041,7 +1041,7 @@ session_connect(struct peer *peer) - return (-1); - } - -- if (peer->conf.auth.method != AUTH_NONE && sysdep.no_pfkey) { -+ if (peer->conf.auth.method != AUTH_NONE && sysdep.no_pfkey && sysdep.no_md5sig) { - log_peer_warnx(&peer->conf, - "ipsec or md5sig configured but not available"); - bgp_fsm(peer, EVNT_CON_OPENFAIL); >Release-Note: >Audit-Trail: >Unformatted: