Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 30 Aug 2005 10:55:16 +0600
From:      Boris Kovalenko <boris@tagnet.ru>
To:        FreeBSD-gnats-submit@FreeBSD.org
Subject:   ports/85461: [MAINTAINER UPDATE] net/quagga: update to 0.98.5
Message-ID:  <E1E9y9U-0001iP-PK@boris.nikom.ru>
Resent-Message-ID: <200508300500.j7U50aBj066049@freefall.freebsd.org>

next in thread | raw e-mail | index | archive | help

>Number:         85461
>Category:       ports
>Synopsis:       [MAINTAINER UPDATE] net/quagga: update to 0.98.5
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          maintainer-update
>Submitter-Id:   current-users
>Arrival-Date:   Tue Aug 30 05:00:35 GMT 2005
>Closed-Date:
>Last-Modified:
>Originator:     Boris Kovalenko
>Release:        FreeBSD 5.4-STABLE i386
>Organization:
JSC "Tagnet"
>Environment:
System: FreeBSD boris.nikom.ru 5.4-STABLE FreeBSD 5.4-STABLE #4: Thu Aug 18 08:12:33 YEKST 2005
>Description:

NOTE: This patch obsoletes ports/82711

>From the official site:
    0.98.5 from stable series is released fixing several bugs in ospfd and bgpd, 
    most notably some crashes in ospfd and yet another route server functionality 
    regression in bgpd.

- Update to 0.98.5

Added file(s):
- files/extra-tcpmd5-patch-bgpd-bgp_network.c
- files/extra-tcpmd5-patch-bgpd-bgp_vty.c
- files/extra-tcpmd5-patch-bgpd-bgpd.c
- files/extra-tcpmd5-patch-bgpd-bgpd.h
- files/extra-tcpmd5-patch-lib-sockopt.c
- files/extra-tcpmd5-patch-lib-sockopt.h

Removed file(s):
- files/extra-tcpmd5-patch-bgpd::bgp_network.c
- files/extra-tcpmd5-patch-bgpd::bgp_vty.c
- files/extra-tcpmd5-patch-bgpd::bgpd.c
- files/extra-tcpmd5-patch-bgpd::bgpd.h
- files/extra-tcpmd5-patch-configure.ac
- files/extra-tcpmd5-patch-lib::sockopt.c
- files/extra-tcpmd5-patch-lib::sockopt.h
- files/patch-configure.ac

Generated with FreeBSD Port Tools 0.63
>How-To-Repeat:
>Fix:

--- quagga-0.98.5.patch begins here ---
diff -ruN --exclude=CVS /usr/ports/net/quagga/Makefile /usr/ports/net/quagga.new/Makefile
--- /usr/ports/net/quagga/Makefile	Mon Apr 18 08:19:44 2005
+++ /usr/ports/net/quagga.new/Makefile	Tue Aug 30 10:51:10 2005
@@ -6,8 +6,8 @@
 #
 
 PORTNAME=	quagga
-PORTVERSION=	0.98.3
-PORTREVISION=	2
+PORTVERSION=	0.98.5
+PORTREVISION=	0
 CATEGORIES=	net ipv6
 MASTER_SITES=	http://quagga.net/download/
 
@@ -22,9 +22,9 @@
 USE_GMAKE=		yes
 USE_REINPLACE=		yes
 INSTALLS_SHLIB=		yes
-USE_AUTOCONF_VER=	259
-USE_LIBTOOL_VER=	15
 USE_PERL5_BUILD=	yes
+USE_LIBTOOL_VER=	15
+LIBTOOLFILES=		configure
 
 MAN1=		vtysh.1
 MAN8=		bgpd.8 ospf6d.8 ospfd.8 ripd.8 ripngd.8 zebra.8
@@ -41,9 +41,12 @@
 
 .include <bsd.port.pre.mk>
 
-CONFIGURE_ARGS+=--includedir=${PREFIX}/include --enable-exampledir=${PREFIX}/share/examples/quagga
+CONFIGURE_ARGS+=--includedir=${PREFIX}/include --enable-exampledir=${PREFIX}/share/examples/quagga \
+		--program-transform-name=""
 CONFIGURE_ENV+=	CFLAGS="${CFLAGS} -I${LOCALBASE}/include" \
-		LDFLAGS="${LDFLAGS} -L${LOCALBASE}/lib"
+		LDFLAGS="${LDFLAGS} -L${LOCALBASE}/lib" \
+		LIBTOOL=${LIBTOOL} LIBTOOLIZE=${LIBTOOLIZE} \
+		LIBTOOL_VERSION=${LIBTOOL_VERSION}
 
 .if !defined(ENABLE_USER)
 ENABLE_USER=quagga
@@ -127,8 +130,8 @@
 .if ${OSVERSION} < 491000
 BROKEN=	This version of FreeBSD does not have TCP MD5 signature support
 .endif
-CONFIGURE_ARGS+=--enable-tcp-signature
-EXTRA_PATCHES+=${PATCHDIR}/extra-tcpmd5-patch-bgpd::bgp_network.c ${PATCHDIR}/extra-tcpmd5-patch-bgpd::bgp_vty.c ${PATCHDIR}/extra-tcpmd5-patch-bgpd::bgpd.c ${PATCHDIR}/extra-tcpmd5-patch-bgpd::bgpd.h ${PATCHDIR}/extra-tcpmd5-patch-configure.ac ${PATCHDIR}/extra-tcpmd5-patch-lib::sockopt.c ${PATCHDIR}/extra-tcpmd5-patch-lib::sockopt.h
+EXTRA_PATCHES+=${PATCHDIR}/extra-tcpmd5-patch-bgpd-bgp_network.c ${PATCHDIR}/extra-tcpmd5-patch-bgpd-bgp_vty.c ${PATCHDIR}/extra-tcpmd5-patch-bgpd-bgpd.c ${PATCHDIR}/extra-tcpmd5-patch-bgpd-bgpd.h ${PATCHDIR}/extra-tcpmd5-patch-lib-sockopt.c ${PATCHDIR}/extra-tcpmd5-patch-lib-sockopt.h
+CFLAGS+=	-DQUAGGA_TCP_MD5SIG
 .endif
 
 USE_RC_SUBR=	watchquagga.sh
diff -ruN --exclude=CVS /usr/ports/net/quagga/distinfo /usr/ports/net/quagga.new/distinfo
--- /usr/ports/net/quagga/distinfo	Tue Apr  5 08:21:31 2005
+++ /usr/ports/net/quagga.new/distinfo	Tue Aug 30 10:32:51 2005
@@ -1,2 +1,2 @@
-MD5 (quagga-0.98.3.tar.gz) = 68be5e911e4d604c0f5959338263356e
-SIZE (quagga-0.98.3.tar.gz) = 2118348
+MD5 (quagga-0.98.5.tar.gz) = ec09c1ec624aea98e18aa19282666784
+SIZE (quagga-0.98.5.tar.gz) = 2018058
diff -ruN --exclude=CVS /usr/ports/net/quagga/files/extra-tcpmd5-patch-bgpd-bgp_network.c /usr/ports/net/quagga.new/files/extra-tcpmd5-patch-bgpd-bgp_network.c
--- /usr/ports/net/quagga/files/extra-tcpmd5-patch-bgpd-bgp_network.c	Thu Jan  1 05:00:00 1970
+++ /usr/ports/net/quagga.new/files/extra-tcpmd5-patch-bgpd-bgp_network.c	Sun Feb  6 03:19:43 2005
@@ -0,0 +1,42 @@
+--- bgpd/bgp_network.c.orig	Wed Dec  8 12:41:23 2004
++++ bgpd/bgp_network.c	Fri Jan 28 17:52:57 2005
+@@ -35,6 +35,10 @@
+ #include "bgpd/bgp_debug.h"
+ #include "bgpd/bgp_network.h"
+ 
++#ifndef TCP_SIG_SPI_BASE
++#define TCP_SIG_SPI_BASE 1000 /* XXX this will go away */
++#endif
++
+ extern struct zebra_privs_t bgpd_privs;
+ 
+ 
+@@ -148,6 +152,15 @@
+       return ret;
+     }
+ #endif /* SO_BINDTODEVICE */
++
++#ifdef QUAGGA_TCP_MD5SIG
++  if (CHECK_FLAG (peer->flags, PEER_FLAG_TCP_SIGNATURE))
++    sockopt_tcp_signature (peer->su.sa.sa_family, peer->fd,
++      TCP_SIG_SPI_BASE + peer->port);
++  else
++    sockopt_tcp_signature (peer->su.sa.sa_family, peer->fd, 0);
++#endif /* QUAGGA_TCP_MD5SIG */
++
+   return 0;
+ }
+ 
+@@ -250,6 +263,12 @@
+   if (peer->ifname)
+     ifindex = if_nametoindex (peer->ifname);
+ #endif /* HAVE_IPV6 */
++
++#ifdef QUAGGA_TCP_MD5SIG
++  if (CHECK_FLAG (peer->flags, PEER_FLAG_TCP_SIGNATURE))
++    sockopt_tcp_signature (peer->su.sa.sa_family, peer->fd,
++      TCP_SIG_SPI_BASE + peer->port);
++#endif /* QUAGGA_TCP_MD5SIG */
+ 
+   if (BGP_DEBUG (events, EVENTS))
+     plog_debug (peer->log, "%s [Event] Connect start to %s fd %d",
diff -ruN --exclude=CVS /usr/ports/net/quagga/files/extra-tcpmd5-patch-bgpd-bgp_vty.c /usr/ports/net/quagga.new/files/extra-tcpmd5-patch-bgpd-bgp_vty.c
--- /usr/ports/net/quagga/files/extra-tcpmd5-patch-bgpd-bgp_vty.c	Thu Jan  1 05:00:00 1970
+++ /usr/ports/net/quagga.new/files/extra-tcpmd5-patch-bgpd-bgp_vty.c	Sun Feb  6 03:19:43 2005
@@ -0,0 +1,59 @@
+--- bgpd/bgp_vty.c.orig	Tue Oct 12 22:06:09 2004
++++ bgpd/bgp_vty.c	Fri Jan 28 17:52:57 2005
+@@ -1386,6 +1386,45 @@
+        "AS number used as local AS\n"
+        "Do not prepend local-as to updates from ebgp peers\n")
+ 
++#ifdef QUAGGA_TCP_MD5SIG
++DEFUN (neighbor_password,
++       neighbor_password_cmd,
++       NEIGHBOR_CMD2 "password WORD",
++       NEIGHBOR_STR
++       NEIGHBOR_ADDR_STR2
++       "Specify a password for TCPMD5 authentication with this peer\n")
++{
++  struct peer *peer;
++  int ret;
++
++  peer = peer_and_group_lookup_vty (vty, argv[0]);
++  if (! peer)
++    return CMD_WARNING;
++
++  ret = peer_password_set (peer, argv[1]);
++  return bgp_vty_return (vty, ret);
++}
++
++DEFUN (no_neighbor_password,
++       no_neighbor_password_cmd,
++       NO_NEIGHBOR_CMD2 "password",
++       NO_STR
++       NEIGHBOR_STR
++       NEIGHBOR_ADDR_STR2
++       "Disable TCPMD5 authentication with this peer\n")
++{
++  struct peer *peer;
++  int ret;
++
++  peer = peer_and_group_lookup_vty (vty, argv[0]);
++  if (! peer)
++    return CMD_WARNING;
++
++  ret = peer_password_unset (peer);
++  return bgp_vty_return (vty, ret);
++}
++#endif /* QUAGGA_TCP_MD5SIG */
++
+ DEFUN (neighbor_activate,
+        neighbor_activate_cmd,
+        NEIGHBOR_CMD2 "activate",
+@@ -8530,6 +8569,10 @@
+   install_element (BGP_NODE, &no_neighbor_local_as_cmd);
+   install_element (BGP_NODE, &no_neighbor_local_as_val_cmd);
+   install_element (BGP_NODE, &no_neighbor_local_as_val2_cmd);
++
++  /* "neighbor password" commands. */
++  install_element (BGP_NODE, &neighbor_password_cmd);
++  install_element (BGP_NODE, &no_neighbor_password_cmd);
+ 
+   /* "neighbor activate" commands. */
+   install_element (BGP_NODE, &neighbor_activate_cmd);
diff -ruN --exclude=CVS /usr/ports/net/quagga/files/extra-tcpmd5-patch-bgpd-bgpd.c /usr/ports/net/quagga.new/files/extra-tcpmd5-patch-bgpd-bgpd.c
--- /usr/ports/net/quagga/files/extra-tcpmd5-patch-bgpd-bgpd.c	Thu Jan  1 05:00:00 1970
+++ /usr/ports/net/quagga.new/files/extra-tcpmd5-patch-bgpd-bgpd.c	Sun Feb  6 03:19:43 2005
@@ -0,0 +1,90 @@
+--- bgpd/bgpd.c.orig	Thu Dec  9 06:46:46 2004
++++ bgpd/bgpd.c	Sat Jan 29 11:29:26 2005
+@@ -59,6 +59,9 @@
+ #ifdef HAVE_SNMP
+ #include "bgpd/bgp_snmp.h"
+ #endif /* HAVE_SNMP */
++#ifndef TCP_SIG_SPI_BASE
++#define TCP_SIG_SPI_BASE 1000 /* XXX this will go away */
++#endif
+ 
+ /* BGP process wide configuration.  */
+ static struct bgp_master bgp_master;
+@@ -707,6 +710,7 @@
+   peer->ostatus = Idle;
+   peer->version = BGP_VERSION_4;
+   peer->weight = 0;
++  peer->password[0] = '\0';
+ 
+   /* Set default flags.  */
+   for (afi = AFI_IP; afi < AFI_MAX; afi++)
+@@ -3270,6 +3274,55 @@
+   return 0;
+ }
+ 
++#ifdef QUAGGA_TCP_MD5SIG
++/* Set password for authenticating with the peer. */
++int
++peer_password_set (struct peer *peer, char *password)
++{
++  struct bgp *bgp = peer->bgp;
++  int len;
++
++  len = strlen(password);
++
++  if ((len < PEER_PASSWORD_MINLEN) || (len > PEER_PASSWORD_MAXLEN))
++    return BGP_ERR_INVALID_VALUE;
++
++  memcpy(peer->password, password, len);
++
++  /*
++   * XXX Need to do PF_KEY operation here to add an SA entry,
++   * and add an SP entry for this peer's packet flows also.
++   */
++
++  SET_FLAG (peer->flags, PEER_FLAG_TCP_SIGNATURE);
++
++  if (peer->fd >= 0)
++    sockopt_tcp_signature (peer->su.sa.sa_family, peer->fd, TCP_SIG_SPI_BASE +
++      peer->port);
++
++  return 0;
++}
++
++int
++peer_password_unset (struct peer *peer)
++{
++  struct bgp *bgp = peer->bgp;
++
++  UNSET_FLAG (peer->flags, PEER_FLAG_TCP_SIGNATURE);
++  /* Paranoia. */
++  memset(peer->password, 0, sizeof(peer->password));
++
++  if (peer->fd >= 0)
++    sockopt_tcp_signature (peer->su.sa.sa_family, peer->fd, 0);
++
++  /*
++   * XXX Need to do PF_KEY operation here to remove the SA and SP.
++   */
++
++  return 0;
++}
++#endif /* QUAGGA_TCP_MD5SIG */
++
+ /* Set distribute list to the peer. */
+ int
+ peer_distribute_set (struct peer *peer, afi_t afi, safi_t safi, int direct, 
+@@ -4279,6 +4332,13 @@
+       if (peer->desc)
+ 	vty_out (vty, " neighbor %s description %s%s", addr, peer->desc,
+ 		 VTY_NEWLINE);
++
++#ifdef QUAGGA_TCP_MD5SIG
++      /* tcp-md5 session password. XXX the password should be obfuscated */
++      if (CHECK_FLAG (peer->flags, PEER_FLAG_TCP_SIGNATURE))
++	vty_out (vty, " neighbor %s password %s%s", addr, peer->password,
++		 VTY_NEWLINE);
++#endif /* QUAGGA_TCP_MD5SIG */
+ 
+       /* Shutdown. */
+       if (CHECK_FLAG (peer->flags, PEER_FLAG_SHUTDOWN))
diff -ruN --exclude=CVS /usr/ports/net/quagga/files/extra-tcpmd5-patch-bgpd-bgpd.h /usr/ports/net/quagga.new/files/extra-tcpmd5-patch-bgpd-bgpd.h
--- /usr/ports/net/quagga/files/extra-tcpmd5-patch-bgpd-bgpd.h	Thu Jan  1 05:00:00 1970
+++ /usr/ports/net/quagga.new/files/extra-tcpmd5-patch-bgpd-bgpd.h	Sun Feb  6 03:19:43 2005
@@ -0,0 +1,38 @@
+--- bgpd/bgpd.h.orig	Tue Oct 12 22:06:09 2004
++++ bgpd/bgpd.h	Fri Jan 28 21:03:40 2005
+@@ -335,6 +335,9 @@
+ #define PEER_FLAG_DYNAMIC_CAPABILITY        (1 << 6) /* dynamic capability */
+ #define PEER_FLAG_ENFORCE_MULTIHOP          (1 << 7) /* enforce-multihop */
+ #define PEER_FLAG_LOCAL_AS_NO_PREPEND       (1 << 8) /* local-as no-prepend */
++#ifdef QUAGGA_TCP_MD5SIG /* XXX should move to AF_INET/SFI_UNICAST below */
++#define PEER_FLAG_TCP_SIGNATURE             (1 << 9) /* use TCP-MD5 digest */
++#endif /* QUAGGA_TCP_MD5SIG */
+ 
+   /* Per AF configuration flags. */
+   u_int32_t af_flags[AFI_MAX][SAFI_MAX];
+@@ -496,6 +499,13 @@
+ #define PEER_RMAP_TYPE_NOSET          (1 << 5) /* not allow to set commands */
+ #define PEER_RMAP_TYPE_IMPORT         (1 << 6) /* neighbor route-map import */
+ #define PEER_RMAP_TYPE_EXPORT         (1 << 7) /* neighbor route-map export */
++
++#ifdef QUAGGA_TCP_MD5SIG
++  /* TCP-MD5 Password Support -- bms */
++#define PEER_PASSWORD_MINLEN		1
++#define PEER_PASSWORD_MAXLEN		80	/* width of password field */
++ char password[PEER_PASSWORD_MAXLEN];
++#endif /* QUAGGA_TCP_MD5SIG */
+ };
+ 
+ /* This structure's member directly points incoming packet data
+@@ -879,6 +889,11 @@
+ 
+ int peer_local_as_set (struct peer *, as_t, int);
+ int peer_local_as_unset (struct peer *);
++
++#ifdef QUAGGA_TCP_MD5SIG
++int peer_password_set (struct peer *, char *);
++int peer_password_unset (struct peer *);
++#endif /* QUAGGA_TCP_MD5SIG */
+ 
+ int peer_prefix_list_set (struct peer *, afi_t, safi_t, int, const char *);
+ int peer_prefix_list_unset (struct peer *, afi_t, safi_t, int);
diff -ruN --exclude=CVS /usr/ports/net/quagga/files/extra-tcpmd5-patch-bgpd::bgp_network.c /usr/ports/net/quagga.new/files/extra-tcpmd5-patch-bgpd::bgp_network.c
--- /usr/ports/net/quagga/files/extra-tcpmd5-patch-bgpd::bgp_network.c	Sun Feb  6 03:19:43 2005
+++ /usr/ports/net/quagga.new/files/extra-tcpmd5-patch-bgpd::bgp_network.c	Thu Jan  1 05:00:00 1970
@@ -1,42 +0,0 @@
---- bgpd/bgp_network.c.orig	Wed Dec  8 12:41:23 2004
-+++ bgpd/bgp_network.c	Fri Jan 28 17:52:57 2005
-@@ -35,6 +35,10 @@
- #include "bgpd/bgp_debug.h"
- #include "bgpd/bgp_network.h"
- 
-+#ifndef TCP_SIG_SPI_BASE
-+#define TCP_SIG_SPI_BASE 1000 /* XXX this will go away */
-+#endif
-+
- extern struct zebra_privs_t bgpd_privs;
- 
- 
-@@ -148,6 +152,15 @@
-       return ret;
-     }
- #endif /* SO_BINDTODEVICE */
-+
-+#ifdef QUAGGA_TCP_MD5SIG
-+  if (CHECK_FLAG (peer->flags, PEER_FLAG_TCP_SIGNATURE))
-+    sockopt_tcp_signature (peer->su.sa.sa_family, peer->fd,
-+      TCP_SIG_SPI_BASE + peer->port);
-+  else
-+    sockopt_tcp_signature (peer->su.sa.sa_family, peer->fd, 0);
-+#endif /* QUAGGA_TCP_MD5SIG */
-+
-   return 0;
- }
- 
-@@ -250,6 +263,12 @@
-   if (peer->ifname)
-     ifindex = if_nametoindex (peer->ifname);
- #endif /* HAVE_IPV6 */
-+
-+#ifdef QUAGGA_TCP_MD5SIG
-+  if (CHECK_FLAG (peer->flags, PEER_FLAG_TCP_SIGNATURE))
-+    sockopt_tcp_signature (peer->su.sa.sa_family, peer->fd,
-+      TCP_SIG_SPI_BASE + peer->port);
-+#endif /* QUAGGA_TCP_MD5SIG */
- 
-   if (BGP_DEBUG (events, EVENTS))
-     plog_debug (peer->log, "%s [Event] Connect start to %s fd %d",
diff -ruN --exclude=CVS /usr/ports/net/quagga/files/extra-tcpmd5-patch-bgpd::bgp_vty.c /usr/ports/net/quagga.new/files/extra-tcpmd5-patch-bgpd::bgp_vty.c
--- /usr/ports/net/quagga/files/extra-tcpmd5-patch-bgpd::bgp_vty.c	Sun Feb  6 03:19:43 2005
+++ /usr/ports/net/quagga.new/files/extra-tcpmd5-patch-bgpd::bgp_vty.c	Thu Jan  1 05:00:00 1970
@@ -1,59 +0,0 @@
---- bgpd/bgp_vty.c.orig	Tue Oct 12 22:06:09 2004
-+++ bgpd/bgp_vty.c	Fri Jan 28 17:52:57 2005
-@@ -1386,6 +1386,45 @@
-        "AS number used as local AS\n"
-        "Do not prepend local-as to updates from ebgp peers\n")
- 
-+#ifdef QUAGGA_TCP_MD5SIG
-+DEFUN (neighbor_password,
-+       neighbor_password_cmd,
-+       NEIGHBOR_CMD2 "password WORD",
-+       NEIGHBOR_STR
-+       NEIGHBOR_ADDR_STR2
-+       "Specify a password for TCPMD5 authentication with this peer\n")
-+{
-+  struct peer *peer;
-+  int ret;
-+
-+  peer = peer_and_group_lookup_vty (vty, argv[0]);
-+  if (! peer)
-+    return CMD_WARNING;
-+
-+  ret = peer_password_set (peer, argv[1]);
-+  return bgp_vty_return (vty, ret);
-+}
-+
-+DEFUN (no_neighbor_password,
-+       no_neighbor_password_cmd,
-+       NO_NEIGHBOR_CMD2 "password",
-+       NO_STR
-+       NEIGHBOR_STR
-+       NEIGHBOR_ADDR_STR2
-+       "Disable TCPMD5 authentication with this peer\n")
-+{
-+  struct peer *peer;
-+  int ret;
-+
-+  peer = peer_and_group_lookup_vty (vty, argv[0]);
-+  if (! peer)
-+    return CMD_WARNING;
-+
-+  ret = peer_password_unset (peer);
-+  return bgp_vty_return (vty, ret);
-+}
-+#endif /* QUAGGA_TCP_MD5SIG */
-+
- DEFUN (neighbor_activate,
-        neighbor_activate_cmd,
-        NEIGHBOR_CMD2 "activate",
-@@ -8530,6 +8569,10 @@
-   install_element (BGP_NODE, &no_neighbor_local_as_cmd);
-   install_element (BGP_NODE, &no_neighbor_local_as_val_cmd);
-   install_element (BGP_NODE, &no_neighbor_local_as_val2_cmd);
-+
-+  /* "neighbor password" commands. */
-+  install_element (BGP_NODE, &neighbor_password_cmd);
-+  install_element (BGP_NODE, &no_neighbor_password_cmd);
- 
-   /* "neighbor activate" commands. */
-   install_element (BGP_NODE, &neighbor_activate_cmd);
diff -ruN --exclude=CVS /usr/ports/net/quagga/files/extra-tcpmd5-patch-bgpd::bgpd.c /usr/ports/net/quagga.new/files/extra-tcpmd5-patch-bgpd::bgpd.c
--- /usr/ports/net/quagga/files/extra-tcpmd5-patch-bgpd::bgpd.c	Sun Feb  6 03:19:43 2005
+++ /usr/ports/net/quagga.new/files/extra-tcpmd5-patch-bgpd::bgpd.c	Thu Jan  1 05:00:00 1970
@@ -1,90 +0,0 @@
---- bgpd/bgpd.c.orig	Thu Dec  9 06:46:46 2004
-+++ bgpd/bgpd.c	Sat Jan 29 11:29:26 2005
-@@ -59,6 +59,9 @@
- #ifdef HAVE_SNMP
- #include "bgpd/bgp_snmp.h"
- #endif /* HAVE_SNMP */
-+#ifndef TCP_SIG_SPI_BASE
-+#define TCP_SIG_SPI_BASE 1000 /* XXX this will go away */
-+#endif
- 
- /* BGP process wide configuration.  */
- static struct bgp_master bgp_master;
-@@ -707,6 +710,7 @@
-   peer->ostatus = Idle;
-   peer->version = BGP_VERSION_4;
-   peer->weight = 0;
-+  peer->password[0] = '\0';
- 
-   /* Set default flags.  */
-   for (afi = AFI_IP; afi < AFI_MAX; afi++)
-@@ -3270,6 +3274,55 @@
-   return 0;
- }
- 
-+#ifdef QUAGGA_TCP_MD5SIG
-+/* Set password for authenticating with the peer. */
-+int
-+peer_password_set (struct peer *peer, char *password)
-+{
-+  struct bgp *bgp = peer->bgp;
-+  int len;
-+
-+  len = strlen(password);
-+
-+  if ((len < PEER_PASSWORD_MINLEN) || (len > PEER_PASSWORD_MAXLEN))
-+    return BGP_ERR_INVALID_VALUE;
-+
-+  memcpy(peer->password, password, len);
-+
-+  /*
-+   * XXX Need to do PF_KEY operation here to add an SA entry,
-+   * and add an SP entry for this peer's packet flows also.
-+   */
-+
-+  SET_FLAG (peer->flags, PEER_FLAG_TCP_SIGNATURE);
-+
-+  if (peer->fd >= 0)
-+    sockopt_tcp_signature (peer->su.sa.sa_family, peer->fd, TCP_SIG_SPI_BASE +
-+      peer->port);
-+
-+  return 0;
-+}
-+
-+int
-+peer_password_unset (struct peer *peer)
-+{
-+  struct bgp *bgp = peer->bgp;
-+
-+  UNSET_FLAG (peer->flags, PEER_FLAG_TCP_SIGNATURE);
-+  /* Paranoia. */
-+  memset(peer->password, 0, sizeof(peer->password));
-+
-+  if (peer->fd >= 0)
-+    sockopt_tcp_signature (peer->su.sa.sa_family, peer->fd, 0);
-+
-+  /*
-+   * XXX Need to do PF_KEY operation here to remove the SA and SP.
-+   */
-+
-+  return 0;
-+}
-+#endif /* QUAGGA_TCP_MD5SIG */
-+
- /* Set distribute list to the peer. */
- int
- peer_distribute_set (struct peer *peer, afi_t afi, safi_t safi, int direct, 
-@@ -4279,6 +4332,13 @@
-       if (peer->desc)
- 	vty_out (vty, " neighbor %s description %s%s", addr, peer->desc,
- 		 VTY_NEWLINE);
-+
-+#ifdef QUAGGA_TCP_MD5SIG
-+      /* tcp-md5 session password. XXX the password should be obfuscated */
-+      if (CHECK_FLAG (peer->flags, PEER_FLAG_TCP_SIGNATURE))
-+	vty_out (vty, " neighbor %s password %s%s", addr, peer->password,
-+		 VTY_NEWLINE);
-+#endif /* QUAGGA_TCP_MD5SIG */
- 
-       /* Shutdown. */
-       if (CHECK_FLAG (peer->flags, PEER_FLAG_SHUTDOWN))
diff -ruN --exclude=CVS /usr/ports/net/quagga/files/extra-tcpmd5-patch-bgpd::bgpd.h /usr/ports/net/quagga.new/files/extra-tcpmd5-patch-bgpd::bgpd.h
--- /usr/ports/net/quagga/files/extra-tcpmd5-patch-bgpd::bgpd.h	Sun Feb  6 03:19:43 2005
+++ /usr/ports/net/quagga.new/files/extra-tcpmd5-patch-bgpd::bgpd.h	Thu Jan  1 05:00:00 1970
@@ -1,38 +0,0 @@
---- bgpd/bgpd.h.orig	Tue Oct 12 22:06:09 2004
-+++ bgpd/bgpd.h	Fri Jan 28 21:03:40 2005
-@@ -335,6 +335,9 @@
- #define PEER_FLAG_DYNAMIC_CAPABILITY        (1 << 6) /* dynamic capability */
- #define PEER_FLAG_ENFORCE_MULTIHOP          (1 << 7) /* enforce-multihop */
- #define PEER_FLAG_LOCAL_AS_NO_PREPEND       (1 << 8) /* local-as no-prepend */
-+#ifdef QUAGGA_TCP_MD5SIG /* XXX should move to AF_INET/SFI_UNICAST below */
-+#define PEER_FLAG_TCP_SIGNATURE             (1 << 9) /* use TCP-MD5 digest */
-+#endif /* QUAGGA_TCP_MD5SIG */
- 
-   /* Per AF configuration flags. */
-   u_int32_t af_flags[AFI_MAX][SAFI_MAX];
-@@ -496,6 +499,13 @@
- #define PEER_RMAP_TYPE_NOSET          (1 << 5) /* not allow to set commands */
- #define PEER_RMAP_TYPE_IMPORT         (1 << 6) /* neighbor route-map import */
- #define PEER_RMAP_TYPE_EXPORT         (1 << 7) /* neighbor route-map export */
-+
-+#ifdef QUAGGA_TCP_MD5SIG
-+  /* TCP-MD5 Password Support -- bms */
-+#define PEER_PASSWORD_MINLEN		1
-+#define PEER_PASSWORD_MAXLEN		80	/* width of password field */
-+ char password[PEER_PASSWORD_MAXLEN];
-+#endif /* QUAGGA_TCP_MD5SIG */
- };
- 
- /* This structure's member directly points incoming packet data
-@@ -879,6 +889,11 @@
- 
- int peer_local_as_set (struct peer *, as_t, int);
- int peer_local_as_unset (struct peer *);
-+
-+#ifdef QUAGGA_TCP_MD5SIG
-+int peer_password_set (struct peer *, char *);
-+int peer_password_unset (struct peer *);
-+#endif /* QUAGGA_TCP_MD5SIG */
- 
- int peer_prefix_list_set (struct peer *, afi_t, safi_t, int, const char *);
- int peer_prefix_list_unset (struct peer *, afi_t, safi_t, int);
diff -ruN --exclude=CVS /usr/ports/net/quagga/files/extra-tcpmd5-patch-configure.ac /usr/ports/net/quagga.new/files/extra-tcpmd5-patch-configure.ac
--- /usr/ports/net/quagga/files/extra-tcpmd5-patch-configure.ac	Sun Feb  6 03:19:43 2005
+++ /usr/ports/net/quagga.new/files/extra-tcpmd5-patch-configure.ac	Thu Jan  1 05:00:00 1970
@@ -1,16 +0,0 @@
---- configure.ac.orig	Fri Jan  7 06:03:14 2005
-+++ configure.ac	Fri Jan 28 17:52:57 2005
-@@ -204,6 +204,13 @@
-   AC_DEFINE(HAVE_IRDP,, IRDP )
- fi
- 
-+AC_ARG_ENABLE(tcp-signature,
-+[  --enable-tcp-signature        enable TCP MD5 checksum capability])
-+
-+if test "${enable_tcp_signature}" = "yes"; then
-+  AC_DEFINE(QUAGGA_TCP_MD5SIG,,TCP signatures)
-+fi
-+
- if test "${enable_user}" = "yes" || test x"${enable_user}" = x""; then
-   enable_user="quagga"
- elif test "${enable_user}" = "no"; then
diff -ruN --exclude=CVS /usr/ports/net/quagga/files/extra-tcpmd5-patch-lib-sockopt.c /usr/ports/net/quagga.new/files/extra-tcpmd5-patch-lib-sockopt.c
--- /usr/ports/net/quagga/files/extra-tcpmd5-patch-lib-sockopt.c	Thu Jan  1 05:00:00 1970
+++ /usr/ports/net/quagga.new/files/extra-tcpmd5-patch-lib-sockopt.c	Sun Feb  6 03:19:43 2005
@@ -0,0 +1,35 @@
+--- lib/sockopt.c.orig	Tue Jan  4 10:03:36 2005
++++ lib/sockopt.c	Fri Jan 28 17:52:57 2005
+@@ -243,6 +243,32 @@
+ 
+ }
+ 
++int
++sockopt_tcp_signature (int family, int sock, int enable)
++{
++  int ret;
++
++#if defined(QUAGGA_TCP_MD5SIG) && defined(TCP_MD5SIG)
++  if (family == AF_INET)
++    {
++      ret = setsockopt (sock, IPPROTO_TCP, TCP_MD5SIG,
++                        (void *) &enable, sizeof (int));
++      if (ret < 0)
++        {
++          zlog (NULL, LOG_WARNING, "can't set sockopt TCP_MD5SIG %d to socket %d", enable, sock);
++          return -1;
++        }
++      return 0;
++    }
++#endif /* QUAGGA_TCP_MD5SIG */
++
++  /* fallthrough */
++
++  zlog (NULL, LOG_WARNING, "can't set sockopt TCP_MD5SIG on socket %d with family %d",
++                 sock, family);
++  return -1;
++}
++
+ static int
+ setsockopt_ipv4_ifindex (int sock, int val)
+ {
diff -ruN --exclude=CVS /usr/ports/net/quagga/files/extra-tcpmd5-patch-lib-sockopt.h /usr/ports/net/quagga.new/files/extra-tcpmd5-patch-lib-sockopt.h
--- /usr/ports/net/quagga/files/extra-tcpmd5-patch-lib-sockopt.h	Thu Jan  1 05:00:00 1970
+++ /usr/ports/net/quagga.new/files/extra-tcpmd5-patch-lib-sockopt.h	Sun Feb  6 03:19:43 2005
@@ -0,0 +1,12 @@
+--- lib/sockopt.h.orig	Mon Nov 15 10:51:15 2004
++++ lib/sockopt.h	Fri Jan 28 17:52:57 2005
+@@ -40,6 +40,9 @@
+  */
+ #define SOPT_SIZE_CMSG_PKTINFO_IPV6() (sizeof (struct in6_pktinfo));
+ 
++#ifdef QUAGGA_TCP_MD5SIG
++int sockopt_tcp_signature(int family, int sock, int enable);
++#endif /* QUAGGA_TCP_MD5SIG */
+ /*
+  * Size defines for control messages used to get ifindex.  We define
+  * values for each method, and define a macro that can be used by code
diff -ruN --exclude=CVS /usr/ports/net/quagga/files/extra-tcpmd5-patch-lib::sockopt.c /usr/ports/net/quagga.new/files/extra-tcpmd5-patch-lib::sockopt.c
--- /usr/ports/net/quagga/files/extra-tcpmd5-patch-lib::sockopt.c	Sun Feb  6 03:19:43 2005
+++ /usr/ports/net/quagga.new/files/extra-tcpmd5-patch-lib::sockopt.c	Thu Jan  1 05:00:00 1970
@@ -1,35 +0,0 @@
---- lib/sockopt.c.orig	Tue Jan  4 10:03:36 2005
-+++ lib/sockopt.c	Fri Jan 28 17:52:57 2005
-@@ -243,6 +243,32 @@
- 
- }
- 
-+int
-+sockopt_tcp_signature (int family, int sock, int enable)
-+{
-+  int ret;
-+
-+#if defined(QUAGGA_TCP_MD5SIG) && defined(TCP_MD5SIG)
-+  if (family == AF_INET)
-+    {
-+      ret = setsockopt (sock, IPPROTO_TCP, TCP_MD5SIG,
-+                        (void *) &enable, sizeof (int));
-+      if (ret < 0)
-+        {
-+          zlog (NULL, LOG_WARNING, "can't set sockopt TCP_MD5SIG %d to socket %d", enable, sock);
-+          return -1;
-+        }
-+      return 0;
-+    }
-+#endif /* QUAGGA_TCP_MD5SIG */
-+
-+  /* fallthrough */
-+
-+  zlog (NULL, LOG_WARNING, "can't set sockopt TCP_MD5SIG on socket %d with family %d",
-+                 sock, family);
-+  return -1;
-+}
-+
- static int
- setsockopt_ipv4_ifindex (int sock, int val)
- {
diff -ruN --exclude=CVS /usr/ports/net/quagga/files/extra-tcpmd5-patch-lib::sockopt.h /usr/ports/net/quagga.new/files/extra-tcpmd5-patch-lib::sockopt.h
--- /usr/ports/net/quagga/files/extra-tcpmd5-patch-lib::sockopt.h	Sun Feb  6 03:19:43 2005
+++ /usr/ports/net/quagga.new/files/extra-tcpmd5-patch-lib::sockopt.h	Thu Jan  1 05:00:00 1970
@@ -1,12 +0,0 @@
---- lib/sockopt.h.orig	Mon Nov 15 10:51:15 2004
-+++ lib/sockopt.h	Fri Jan 28 17:52:57 2005
-@@ -40,6 +40,9 @@
-  */
- #define SOPT_SIZE_CMSG_PKTINFO_IPV6() (sizeof (struct in6_pktinfo));
- 
-+#ifdef QUAGGA_TCP_MD5SIG
-+int sockopt_tcp_signature(int family, int sock, int enable);
-+#endif /* QUAGGA_TCP_MD5SIG */
- /*
-  * Size defines for control messages used to get ifindex.  We define
-  * values for each method, and define a macro that can be used by code
diff -ruN --exclude=CVS /usr/ports/net/quagga/files/patch-configure.ac /usr/ports/net/quagga.new/files/patch-configure.ac
--- /usr/ports/net/quagga/files/patch-configure.ac	Mon Dec  8 21:20:12 2003
+++ /usr/ports/net/quagga.new/files/patch-configure.ac	Thu Jan  1 05:00:00 1970
@@ -1,43 +0,0 @@
---- configure.ac.orig	Sun Nov  2 04:12:19 2003
-+++ configure.ac	Wed Dec  3 02:28:37 2003
-@@ -724,7 +724,7 @@
- dnl  AC_CHECK_LIB(snmp, asn_parse_int, HAVE_SNMP=yes)
-   if test "${HAVE_SNMP}" = ""; then
-     old_libs="${LIBS}"
--    LIBS="-L/usr/lib"
-+    LIBS="-L/usr/lib -L/usr/local/lib"
-     unset ac_cv_lib_snmp_asn_parse_int
-     AC_CHECK_LIB(crypto, main, NEED_CRYPTO=yes, )
-     if test "${NEED_CRYPTO}" = ""; then
-@@ -765,7 +765,7 @@
-   fi
- 
-   if test "${HAVE_SNMP}" = "yes"; then
--    for ac_snmp in /usr/include/net-snmp/library/asn1.h /usr/include/ucd-snmp/asn1.h /usr/local/include/ucd-snmp/asn1.h /dev/null
-+    for ac_snmp in /usr/include/net-snmp/library/asn1.h /usr/include/ucd-snmp/asn1.h /usr/local/include/ucd-snmp/asn1.h /usr/local/include/net-snmp/library/asn1.h /dev/null
-     do
-       test -f "${ac_snmp}" && break
-     done
-@@ -782,6 +782,13 @@
- 			LIBS="${LIBS} -lsnmp"
- 		  fi
-                   ;;
-+      /usr/local/include/net-snmp/*)
-+		  AC_DEFINE(HAVE_SNMP,,SNMP)
-+		  AC_DEFINE(HAVE_NETSNMP,,SNMP)
-+		  AC_DEFINE(UCD_COMPATIBLE,,SNMP)
-+		  CFLAGS="${CFLAGS} -I/usr/local/include -I/usr/local/include/net-snmp -I/usr/local/include/net-snmp/library"
-+	          LIBS="${LIBS} -L/usr/local/lib -lnetsnmp"
-+		  ;;
-       /usr/include/ucd-snmp/*) 
-                   AC_DEFINE(HAVE_SNMP,,SNMP)
-                   CFLAGS="${CFLAGS} -I/usr/include/ucd-snmp"
-@@ -794,7 +801,7 @@
-                   ;;
-       /usr/local/include/net-snmp/*)
-       		AC_DEFINE(HAVE_SNMP,,SNMP)
--      		AC_DEFINE(HAVE_NET_SNMP,,SNMP)
-+      		AC_DEFINE(HAVE_NETSNMP,,SNMP)
-       		AC_DEFINE(UCD_COMPATIBLE,,SNMP)
-       		CFLAGS="${CFLAGS} -I/usr/local/include/net-snmp"
-       		LIBS="${LIBS} -L/usr/local/lib -lnetsnmp"
--- quagga-0.98.5.patch ends here ---

>Release-Note:
>Audit-Trail:
>Unformatted:



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?E1E9y9U-0001iP-PK>