Date: Tue, 30 Aug 2005 10:55:16 +0600 From: Boris Kovalenko <boris@tagnet.ru> To: FreeBSD-gnats-submit@FreeBSD.org Subject: ports/85461: [MAINTAINER UPDATE] net/quagga: update to 0.98.5 Message-ID: <E1E9y9U-0001iP-PK@boris.nikom.ru> Resent-Message-ID: <200508300500.j7U50aBj066049@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 85461 >Category: ports >Synopsis: [MAINTAINER UPDATE] net/quagga: update to 0.98.5 >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: maintainer-update >Submitter-Id: current-users >Arrival-Date: Tue Aug 30 05:00:35 GMT 2005 >Closed-Date: >Last-Modified: >Originator: Boris Kovalenko >Release: FreeBSD 5.4-STABLE i386 >Organization: JSC "Tagnet" >Environment: System: FreeBSD boris.nikom.ru 5.4-STABLE FreeBSD 5.4-STABLE #4: Thu Aug 18 08:12:33 YEKST 2005 >Description: NOTE: This patch obsoletes ports/82711 >From the official site: 0.98.5 from stable series is released fixing several bugs in ospfd and bgpd, most notably some crashes in ospfd and yet another route server functionality regression in bgpd. - Update to 0.98.5 Added file(s): - files/extra-tcpmd5-patch-bgpd-bgp_network.c - files/extra-tcpmd5-patch-bgpd-bgp_vty.c - files/extra-tcpmd5-patch-bgpd-bgpd.c - files/extra-tcpmd5-patch-bgpd-bgpd.h - files/extra-tcpmd5-patch-lib-sockopt.c - files/extra-tcpmd5-patch-lib-sockopt.h Removed file(s): - files/extra-tcpmd5-patch-bgpd::bgp_network.c - files/extra-tcpmd5-patch-bgpd::bgp_vty.c - files/extra-tcpmd5-patch-bgpd::bgpd.c - files/extra-tcpmd5-patch-bgpd::bgpd.h - files/extra-tcpmd5-patch-configure.ac - files/extra-tcpmd5-patch-lib::sockopt.c - files/extra-tcpmd5-patch-lib::sockopt.h - files/patch-configure.ac Generated with FreeBSD Port Tools 0.63 >How-To-Repeat: >Fix: --- quagga-0.98.5.patch begins here --- diff -ruN --exclude=CVS /usr/ports/net/quagga/Makefile /usr/ports/net/quagga.new/Makefile --- /usr/ports/net/quagga/Makefile Mon Apr 18 08:19:44 2005 +++ /usr/ports/net/quagga.new/Makefile Tue Aug 30 10:51:10 2005 @@ -6,8 +6,8 @@ # PORTNAME= quagga -PORTVERSION= 0.98.3 -PORTREVISION= 2 +PORTVERSION= 0.98.5 +PORTREVISION= 0 CATEGORIES= net ipv6 MASTER_SITES= http://quagga.net/download/ @@ -22,9 +22,9 @@ USE_GMAKE= yes USE_REINPLACE= yes INSTALLS_SHLIB= yes -USE_AUTOCONF_VER= 259 -USE_LIBTOOL_VER= 15 USE_PERL5_BUILD= yes +USE_LIBTOOL_VER= 15 +LIBTOOLFILES= configure MAN1= vtysh.1 MAN8= bgpd.8 ospf6d.8 ospfd.8 ripd.8 ripngd.8 zebra.8 @@ -41,9 +41,12 @@ .include <bsd.port.pre.mk> -CONFIGURE_ARGS+=--includedir=${PREFIX}/include --enable-exampledir=${PREFIX}/share/examples/quagga +CONFIGURE_ARGS+=--includedir=${PREFIX}/include --enable-exampledir=${PREFIX}/share/examples/quagga \ + --program-transform-name="" CONFIGURE_ENV+= CFLAGS="${CFLAGS} -I${LOCALBASE}/include" \ - LDFLAGS="${LDFLAGS} -L${LOCALBASE}/lib" + LDFLAGS="${LDFLAGS} -L${LOCALBASE}/lib" \ + LIBTOOL=${LIBTOOL} LIBTOOLIZE=${LIBTOOLIZE} \ + LIBTOOL_VERSION=${LIBTOOL_VERSION} .if !defined(ENABLE_USER) ENABLE_USER=quagga @@ -127,8 +130,8 @@ .if ${OSVERSION} < 491000 BROKEN= This version of FreeBSD does not have TCP MD5 signature support .endif -CONFIGURE_ARGS+=--enable-tcp-signature -EXTRA_PATCHES+=${PATCHDIR}/extra-tcpmd5-patch-bgpd::bgp_network.c ${PATCHDIR}/extra-tcpmd5-patch-bgpd::bgp_vty.c ${PATCHDIR}/extra-tcpmd5-patch-bgpd::bgpd.c ${PATCHDIR}/extra-tcpmd5-patch-bgpd::bgpd.h ${PATCHDIR}/extra-tcpmd5-patch-configure.ac ${PATCHDIR}/extra-tcpmd5-patch-lib::sockopt.c ${PATCHDIR}/extra-tcpmd5-patch-lib::sockopt.h +EXTRA_PATCHES+=${PATCHDIR}/extra-tcpmd5-patch-bgpd-bgp_network.c ${PATCHDIR}/extra-tcpmd5-patch-bgpd-bgp_vty.c ${PATCHDIR}/extra-tcpmd5-patch-bgpd-bgpd.c ${PATCHDIR}/extra-tcpmd5-patch-bgpd-bgpd.h ${PATCHDIR}/extra-tcpmd5-patch-lib-sockopt.c ${PATCHDIR}/extra-tcpmd5-patch-lib-sockopt.h +CFLAGS+= -DQUAGGA_TCP_MD5SIG .endif USE_RC_SUBR= watchquagga.sh diff -ruN --exclude=CVS /usr/ports/net/quagga/distinfo /usr/ports/net/quagga.new/distinfo --- /usr/ports/net/quagga/distinfo Tue Apr 5 08:21:31 2005 +++ /usr/ports/net/quagga.new/distinfo Tue Aug 30 10:32:51 2005 @@ -1,2 +1,2 @@ -MD5 (quagga-0.98.3.tar.gz) = 68be5e911e4d604c0f5959338263356e -SIZE (quagga-0.98.3.tar.gz) = 2118348 +MD5 (quagga-0.98.5.tar.gz) = ec09c1ec624aea98e18aa19282666784 +SIZE (quagga-0.98.5.tar.gz) = 2018058 diff -ruN --exclude=CVS /usr/ports/net/quagga/files/extra-tcpmd5-patch-bgpd-bgp_network.c /usr/ports/net/quagga.new/files/extra-tcpmd5-patch-bgpd-bgp_network.c --- /usr/ports/net/quagga/files/extra-tcpmd5-patch-bgpd-bgp_network.c Thu Jan 1 05:00:00 1970 +++ /usr/ports/net/quagga.new/files/extra-tcpmd5-patch-bgpd-bgp_network.c Sun Feb 6 03:19:43 2005 @@ -0,0 +1,42 @@ +--- bgpd/bgp_network.c.orig Wed Dec 8 12:41:23 2004 ++++ bgpd/bgp_network.c Fri Jan 28 17:52:57 2005 +@@ -35,6 +35,10 @@ + #include "bgpd/bgp_debug.h" + #include "bgpd/bgp_network.h" + ++#ifndef TCP_SIG_SPI_BASE ++#define TCP_SIG_SPI_BASE 1000 /* XXX this will go away */ ++#endif ++ + extern struct zebra_privs_t bgpd_privs; + + +@@ -148,6 +152,15 @@ + return ret; + } + #endif /* SO_BINDTODEVICE */ ++ ++#ifdef QUAGGA_TCP_MD5SIG ++ if (CHECK_FLAG (peer->flags, PEER_FLAG_TCP_SIGNATURE)) ++ sockopt_tcp_signature (peer->su.sa.sa_family, peer->fd, ++ TCP_SIG_SPI_BASE + peer->port); ++ else ++ sockopt_tcp_signature (peer->su.sa.sa_family, peer->fd, 0); ++#endif /* QUAGGA_TCP_MD5SIG */ ++ + return 0; + } + +@@ -250,6 +263,12 @@ + if (peer->ifname) + ifindex = if_nametoindex (peer->ifname); + #endif /* HAVE_IPV6 */ ++ ++#ifdef QUAGGA_TCP_MD5SIG ++ if (CHECK_FLAG (peer->flags, PEER_FLAG_TCP_SIGNATURE)) ++ sockopt_tcp_signature (peer->su.sa.sa_family, peer->fd, ++ TCP_SIG_SPI_BASE + peer->port); ++#endif /* QUAGGA_TCP_MD5SIG */ + + if (BGP_DEBUG (events, EVENTS)) + plog_debug (peer->log, "%s [Event] Connect start to %s fd %d", diff -ruN --exclude=CVS /usr/ports/net/quagga/files/extra-tcpmd5-patch-bgpd-bgp_vty.c /usr/ports/net/quagga.new/files/extra-tcpmd5-patch-bgpd-bgp_vty.c --- /usr/ports/net/quagga/files/extra-tcpmd5-patch-bgpd-bgp_vty.c Thu Jan 1 05:00:00 1970 +++ /usr/ports/net/quagga.new/files/extra-tcpmd5-patch-bgpd-bgp_vty.c Sun Feb 6 03:19:43 2005 @@ -0,0 +1,59 @@ +--- bgpd/bgp_vty.c.orig Tue Oct 12 22:06:09 2004 ++++ bgpd/bgp_vty.c Fri Jan 28 17:52:57 2005 +@@ -1386,6 +1386,45 @@ + "AS number used as local AS\n" + "Do not prepend local-as to updates from ebgp peers\n") + ++#ifdef QUAGGA_TCP_MD5SIG ++DEFUN (neighbor_password, ++ neighbor_password_cmd, ++ NEIGHBOR_CMD2 "password WORD", ++ NEIGHBOR_STR ++ NEIGHBOR_ADDR_STR2 ++ "Specify a password for TCPMD5 authentication with this peer\n") ++{ ++ struct peer *peer; ++ int ret; ++ ++ peer = peer_and_group_lookup_vty (vty, argv[0]); ++ if (! peer) ++ return CMD_WARNING; ++ ++ ret = peer_password_set (peer, argv[1]); ++ return bgp_vty_return (vty, ret); ++} ++ ++DEFUN (no_neighbor_password, ++ no_neighbor_password_cmd, ++ NO_NEIGHBOR_CMD2 "password", ++ NO_STR ++ NEIGHBOR_STR ++ NEIGHBOR_ADDR_STR2 ++ "Disable TCPMD5 authentication with this peer\n") ++{ ++ struct peer *peer; ++ int ret; ++ ++ peer = peer_and_group_lookup_vty (vty, argv[0]); ++ if (! peer) ++ return CMD_WARNING; ++ ++ ret = peer_password_unset (peer); ++ return bgp_vty_return (vty, ret); ++} ++#endif /* QUAGGA_TCP_MD5SIG */ ++ + DEFUN (neighbor_activate, + neighbor_activate_cmd, + NEIGHBOR_CMD2 "activate", +@@ -8530,6 +8569,10 @@ + install_element (BGP_NODE, &no_neighbor_local_as_cmd); + install_element (BGP_NODE, &no_neighbor_local_as_val_cmd); + install_element (BGP_NODE, &no_neighbor_local_as_val2_cmd); ++ ++ /* "neighbor password" commands. */ ++ install_element (BGP_NODE, &neighbor_password_cmd); ++ install_element (BGP_NODE, &no_neighbor_password_cmd); + + /* "neighbor activate" commands. */ + install_element (BGP_NODE, &neighbor_activate_cmd); diff -ruN --exclude=CVS /usr/ports/net/quagga/files/extra-tcpmd5-patch-bgpd-bgpd.c /usr/ports/net/quagga.new/files/extra-tcpmd5-patch-bgpd-bgpd.c --- /usr/ports/net/quagga/files/extra-tcpmd5-patch-bgpd-bgpd.c Thu Jan 1 05:00:00 1970 +++ /usr/ports/net/quagga.new/files/extra-tcpmd5-patch-bgpd-bgpd.c Sun Feb 6 03:19:43 2005 @@ -0,0 +1,90 @@ +--- bgpd/bgpd.c.orig Thu Dec 9 06:46:46 2004 ++++ bgpd/bgpd.c Sat Jan 29 11:29:26 2005 +@@ -59,6 +59,9 @@ + #ifdef HAVE_SNMP + #include "bgpd/bgp_snmp.h" + #endif /* HAVE_SNMP */ ++#ifndef TCP_SIG_SPI_BASE ++#define TCP_SIG_SPI_BASE 1000 /* XXX this will go away */ ++#endif + + /* BGP process wide configuration. */ + static struct bgp_master bgp_master; +@@ -707,6 +710,7 @@ + peer->ostatus = Idle; + peer->version = BGP_VERSION_4; + peer->weight = 0; ++ peer->password[0] = '\0'; + + /* Set default flags. */ + for (afi = AFI_IP; afi < AFI_MAX; afi++) +@@ -3270,6 +3274,55 @@ + return 0; + } + ++#ifdef QUAGGA_TCP_MD5SIG ++/* Set password for authenticating with the peer. */ ++int ++peer_password_set (struct peer *peer, char *password) ++{ ++ struct bgp *bgp = peer->bgp; ++ int len; ++ ++ len = strlen(password); ++ ++ if ((len < PEER_PASSWORD_MINLEN) || (len > PEER_PASSWORD_MAXLEN)) ++ return BGP_ERR_INVALID_VALUE; ++ ++ memcpy(peer->password, password, len); ++ ++ /* ++ * XXX Need to do PF_KEY operation here to add an SA entry, ++ * and add an SP entry for this peer's packet flows also. ++ */ ++ ++ SET_FLAG (peer->flags, PEER_FLAG_TCP_SIGNATURE); ++ ++ if (peer->fd >= 0) ++ sockopt_tcp_signature (peer->su.sa.sa_family, peer->fd, TCP_SIG_SPI_BASE + ++ peer->port); ++ ++ return 0; ++} ++ ++int ++peer_password_unset (struct peer *peer) ++{ ++ struct bgp *bgp = peer->bgp; ++ ++ UNSET_FLAG (peer->flags, PEER_FLAG_TCP_SIGNATURE); ++ /* Paranoia. */ ++ memset(peer->password, 0, sizeof(peer->password)); ++ ++ if (peer->fd >= 0) ++ sockopt_tcp_signature (peer->su.sa.sa_family, peer->fd, 0); ++ ++ /* ++ * XXX Need to do PF_KEY operation here to remove the SA and SP. ++ */ ++ ++ return 0; ++} ++#endif /* QUAGGA_TCP_MD5SIG */ ++ + /* Set distribute list to the peer. */ + int + peer_distribute_set (struct peer *peer, afi_t afi, safi_t safi, int direct, +@@ -4279,6 +4332,13 @@ + if (peer->desc) + vty_out (vty, " neighbor %s description %s%s", addr, peer->desc, + VTY_NEWLINE); ++ ++#ifdef QUAGGA_TCP_MD5SIG ++ /* tcp-md5 session password. XXX the password should be obfuscated */ ++ if (CHECK_FLAG (peer->flags, PEER_FLAG_TCP_SIGNATURE)) ++ vty_out (vty, " neighbor %s password %s%s", addr, peer->password, ++ VTY_NEWLINE); ++#endif /* QUAGGA_TCP_MD5SIG */ + + /* Shutdown. */ + if (CHECK_FLAG (peer->flags, PEER_FLAG_SHUTDOWN)) diff -ruN --exclude=CVS /usr/ports/net/quagga/files/extra-tcpmd5-patch-bgpd-bgpd.h /usr/ports/net/quagga.new/files/extra-tcpmd5-patch-bgpd-bgpd.h --- /usr/ports/net/quagga/files/extra-tcpmd5-patch-bgpd-bgpd.h Thu Jan 1 05:00:00 1970 +++ /usr/ports/net/quagga.new/files/extra-tcpmd5-patch-bgpd-bgpd.h Sun Feb 6 03:19:43 2005 @@ -0,0 +1,38 @@ +--- bgpd/bgpd.h.orig Tue Oct 12 22:06:09 2004 ++++ bgpd/bgpd.h Fri Jan 28 21:03:40 2005 +@@ -335,6 +335,9 @@ + #define PEER_FLAG_DYNAMIC_CAPABILITY (1 << 6) /* dynamic capability */ + #define PEER_FLAG_ENFORCE_MULTIHOP (1 << 7) /* enforce-multihop */ + #define PEER_FLAG_LOCAL_AS_NO_PREPEND (1 << 8) /* local-as no-prepend */ ++#ifdef QUAGGA_TCP_MD5SIG /* XXX should move to AF_INET/SFI_UNICAST below */ ++#define PEER_FLAG_TCP_SIGNATURE (1 << 9) /* use TCP-MD5 digest */ ++#endif /* QUAGGA_TCP_MD5SIG */ + + /* Per AF configuration flags. */ + u_int32_t af_flags[AFI_MAX][SAFI_MAX]; +@@ -496,6 +499,13 @@ + #define PEER_RMAP_TYPE_NOSET (1 << 5) /* not allow to set commands */ + #define PEER_RMAP_TYPE_IMPORT (1 << 6) /* neighbor route-map import */ + #define PEER_RMAP_TYPE_EXPORT (1 << 7) /* neighbor route-map export */ ++ ++#ifdef QUAGGA_TCP_MD5SIG ++ /* TCP-MD5 Password Support -- bms */ ++#define PEER_PASSWORD_MINLEN 1 ++#define PEER_PASSWORD_MAXLEN 80 /* width of password field */ ++ char password[PEER_PASSWORD_MAXLEN]; ++#endif /* QUAGGA_TCP_MD5SIG */ + }; + + /* This structure's member directly points incoming packet data +@@ -879,6 +889,11 @@ + + int peer_local_as_set (struct peer *, as_t, int); + int peer_local_as_unset (struct peer *); ++ ++#ifdef QUAGGA_TCP_MD5SIG ++int peer_password_set (struct peer *, char *); ++int peer_password_unset (struct peer *); ++#endif /* QUAGGA_TCP_MD5SIG */ + + int peer_prefix_list_set (struct peer *, afi_t, safi_t, int, const char *); + int peer_prefix_list_unset (struct peer *, afi_t, safi_t, int); diff -ruN --exclude=CVS /usr/ports/net/quagga/files/extra-tcpmd5-patch-bgpd::bgp_network.c /usr/ports/net/quagga.new/files/extra-tcpmd5-patch-bgpd::bgp_network.c --- /usr/ports/net/quagga/files/extra-tcpmd5-patch-bgpd::bgp_network.c Sun Feb 6 03:19:43 2005 +++ /usr/ports/net/quagga.new/files/extra-tcpmd5-patch-bgpd::bgp_network.c Thu Jan 1 05:00:00 1970 @@ -1,42 +0,0 @@ ---- bgpd/bgp_network.c.orig Wed Dec 8 12:41:23 2004 -+++ bgpd/bgp_network.c Fri Jan 28 17:52:57 2005 -@@ -35,6 +35,10 @@ - #include "bgpd/bgp_debug.h" - #include "bgpd/bgp_network.h" - -+#ifndef TCP_SIG_SPI_BASE -+#define TCP_SIG_SPI_BASE 1000 /* XXX this will go away */ -+#endif -+ - extern struct zebra_privs_t bgpd_privs; - - -@@ -148,6 +152,15 @@ - return ret; - } - #endif /* SO_BINDTODEVICE */ -+ -+#ifdef QUAGGA_TCP_MD5SIG -+ if (CHECK_FLAG (peer->flags, PEER_FLAG_TCP_SIGNATURE)) -+ sockopt_tcp_signature (peer->su.sa.sa_family, peer->fd, -+ TCP_SIG_SPI_BASE + peer->port); -+ else -+ sockopt_tcp_signature (peer->su.sa.sa_family, peer->fd, 0); -+#endif /* QUAGGA_TCP_MD5SIG */ -+ - return 0; - } - -@@ -250,6 +263,12 @@ - if (peer->ifname) - ifindex = if_nametoindex (peer->ifname); - #endif /* HAVE_IPV6 */ -+ -+#ifdef QUAGGA_TCP_MD5SIG -+ if (CHECK_FLAG (peer->flags, PEER_FLAG_TCP_SIGNATURE)) -+ sockopt_tcp_signature (peer->su.sa.sa_family, peer->fd, -+ TCP_SIG_SPI_BASE + peer->port); -+#endif /* QUAGGA_TCP_MD5SIG */ - - if (BGP_DEBUG (events, EVENTS)) - plog_debug (peer->log, "%s [Event] Connect start to %s fd %d", diff -ruN --exclude=CVS /usr/ports/net/quagga/files/extra-tcpmd5-patch-bgpd::bgp_vty.c /usr/ports/net/quagga.new/files/extra-tcpmd5-patch-bgpd::bgp_vty.c --- /usr/ports/net/quagga/files/extra-tcpmd5-patch-bgpd::bgp_vty.c Sun Feb 6 03:19:43 2005 +++ /usr/ports/net/quagga.new/files/extra-tcpmd5-patch-bgpd::bgp_vty.c Thu Jan 1 05:00:00 1970 @@ -1,59 +0,0 @@ ---- bgpd/bgp_vty.c.orig Tue Oct 12 22:06:09 2004 -+++ bgpd/bgp_vty.c Fri Jan 28 17:52:57 2005 -@@ -1386,6 +1386,45 @@ - "AS number used as local AS\n" - "Do not prepend local-as to updates from ebgp peers\n") - -+#ifdef QUAGGA_TCP_MD5SIG -+DEFUN (neighbor_password, -+ neighbor_password_cmd, -+ NEIGHBOR_CMD2 "password WORD", -+ NEIGHBOR_STR -+ NEIGHBOR_ADDR_STR2 -+ "Specify a password for TCPMD5 authentication with this peer\n") -+{ -+ struct peer *peer; -+ int ret; -+ -+ peer = peer_and_group_lookup_vty (vty, argv[0]); -+ if (! peer) -+ return CMD_WARNING; -+ -+ ret = peer_password_set (peer, argv[1]); -+ return bgp_vty_return (vty, ret); -+} -+ -+DEFUN (no_neighbor_password, -+ no_neighbor_password_cmd, -+ NO_NEIGHBOR_CMD2 "password", -+ NO_STR -+ NEIGHBOR_STR -+ NEIGHBOR_ADDR_STR2 -+ "Disable TCPMD5 authentication with this peer\n") -+{ -+ struct peer *peer; -+ int ret; -+ -+ peer = peer_and_group_lookup_vty (vty, argv[0]); -+ if (! peer) -+ return CMD_WARNING; -+ -+ ret = peer_password_unset (peer); -+ return bgp_vty_return (vty, ret); -+} -+#endif /* QUAGGA_TCP_MD5SIG */ -+ - DEFUN (neighbor_activate, - neighbor_activate_cmd, - NEIGHBOR_CMD2 "activate", -@@ -8530,6 +8569,10 @@ - install_element (BGP_NODE, &no_neighbor_local_as_cmd); - install_element (BGP_NODE, &no_neighbor_local_as_val_cmd); - install_element (BGP_NODE, &no_neighbor_local_as_val2_cmd); -+ -+ /* "neighbor password" commands. */ -+ install_element (BGP_NODE, &neighbor_password_cmd); -+ install_element (BGP_NODE, &no_neighbor_password_cmd); - - /* "neighbor activate" commands. */ - install_element (BGP_NODE, &neighbor_activate_cmd); diff -ruN --exclude=CVS /usr/ports/net/quagga/files/extra-tcpmd5-patch-bgpd::bgpd.c /usr/ports/net/quagga.new/files/extra-tcpmd5-patch-bgpd::bgpd.c --- /usr/ports/net/quagga/files/extra-tcpmd5-patch-bgpd::bgpd.c Sun Feb 6 03:19:43 2005 +++ /usr/ports/net/quagga.new/files/extra-tcpmd5-patch-bgpd::bgpd.c Thu Jan 1 05:00:00 1970 @@ -1,90 +0,0 @@ ---- bgpd/bgpd.c.orig Thu Dec 9 06:46:46 2004 -+++ bgpd/bgpd.c Sat Jan 29 11:29:26 2005 -@@ -59,6 +59,9 @@ - #ifdef HAVE_SNMP - #include "bgpd/bgp_snmp.h" - #endif /* HAVE_SNMP */ -+#ifndef TCP_SIG_SPI_BASE -+#define TCP_SIG_SPI_BASE 1000 /* XXX this will go away */ -+#endif - - /* BGP process wide configuration. */ - static struct bgp_master bgp_master; -@@ -707,6 +710,7 @@ - peer->ostatus = Idle; - peer->version = BGP_VERSION_4; - peer->weight = 0; -+ peer->password[0] = '\0'; - - /* Set default flags. */ - for (afi = AFI_IP; afi < AFI_MAX; afi++) -@@ -3270,6 +3274,55 @@ - return 0; - } - -+#ifdef QUAGGA_TCP_MD5SIG -+/* Set password for authenticating with the peer. */ -+int -+peer_password_set (struct peer *peer, char *password) -+{ -+ struct bgp *bgp = peer->bgp; -+ int len; -+ -+ len = strlen(password); -+ -+ if ((len < PEER_PASSWORD_MINLEN) || (len > PEER_PASSWORD_MAXLEN)) -+ return BGP_ERR_INVALID_VALUE; -+ -+ memcpy(peer->password, password, len); -+ -+ /* -+ * XXX Need to do PF_KEY operation here to add an SA entry, -+ * and add an SP entry for this peer's packet flows also. -+ */ -+ -+ SET_FLAG (peer->flags, PEER_FLAG_TCP_SIGNATURE); -+ -+ if (peer->fd >= 0) -+ sockopt_tcp_signature (peer->su.sa.sa_family, peer->fd, TCP_SIG_SPI_BASE + -+ peer->port); -+ -+ return 0; -+} -+ -+int -+peer_password_unset (struct peer *peer) -+{ -+ struct bgp *bgp = peer->bgp; -+ -+ UNSET_FLAG (peer->flags, PEER_FLAG_TCP_SIGNATURE); -+ /* Paranoia. */ -+ memset(peer->password, 0, sizeof(peer->password)); -+ -+ if (peer->fd >= 0) -+ sockopt_tcp_signature (peer->su.sa.sa_family, peer->fd, 0); -+ -+ /* -+ * XXX Need to do PF_KEY operation here to remove the SA and SP. -+ */ -+ -+ return 0; -+} -+#endif /* QUAGGA_TCP_MD5SIG */ -+ - /* Set distribute list to the peer. */ - int - peer_distribute_set (struct peer *peer, afi_t afi, safi_t safi, int direct, -@@ -4279,6 +4332,13 @@ - if (peer->desc) - vty_out (vty, " neighbor %s description %s%s", addr, peer->desc, - VTY_NEWLINE); -+ -+#ifdef QUAGGA_TCP_MD5SIG -+ /* tcp-md5 session password. XXX the password should be obfuscated */ -+ if (CHECK_FLAG (peer->flags, PEER_FLAG_TCP_SIGNATURE)) -+ vty_out (vty, " neighbor %s password %s%s", addr, peer->password, -+ VTY_NEWLINE); -+#endif /* QUAGGA_TCP_MD5SIG */ - - /* Shutdown. */ - if (CHECK_FLAG (peer->flags, PEER_FLAG_SHUTDOWN)) diff -ruN --exclude=CVS /usr/ports/net/quagga/files/extra-tcpmd5-patch-bgpd::bgpd.h /usr/ports/net/quagga.new/files/extra-tcpmd5-patch-bgpd::bgpd.h --- /usr/ports/net/quagga/files/extra-tcpmd5-patch-bgpd::bgpd.h Sun Feb 6 03:19:43 2005 +++ /usr/ports/net/quagga.new/files/extra-tcpmd5-patch-bgpd::bgpd.h Thu Jan 1 05:00:00 1970 @@ -1,38 +0,0 @@ ---- bgpd/bgpd.h.orig Tue Oct 12 22:06:09 2004 -+++ bgpd/bgpd.h Fri Jan 28 21:03:40 2005 -@@ -335,6 +335,9 @@ - #define PEER_FLAG_DYNAMIC_CAPABILITY (1 << 6) /* dynamic capability */ - #define PEER_FLAG_ENFORCE_MULTIHOP (1 << 7) /* enforce-multihop */ - #define PEER_FLAG_LOCAL_AS_NO_PREPEND (1 << 8) /* local-as no-prepend */ -+#ifdef QUAGGA_TCP_MD5SIG /* XXX should move to AF_INET/SFI_UNICAST below */ -+#define PEER_FLAG_TCP_SIGNATURE (1 << 9) /* use TCP-MD5 digest */ -+#endif /* QUAGGA_TCP_MD5SIG */ - - /* Per AF configuration flags. */ - u_int32_t af_flags[AFI_MAX][SAFI_MAX]; -@@ -496,6 +499,13 @@ - #define PEER_RMAP_TYPE_NOSET (1 << 5) /* not allow to set commands */ - #define PEER_RMAP_TYPE_IMPORT (1 << 6) /* neighbor route-map import */ - #define PEER_RMAP_TYPE_EXPORT (1 << 7) /* neighbor route-map export */ -+ -+#ifdef QUAGGA_TCP_MD5SIG -+ /* TCP-MD5 Password Support -- bms */ -+#define PEER_PASSWORD_MINLEN 1 -+#define PEER_PASSWORD_MAXLEN 80 /* width of password field */ -+ char password[PEER_PASSWORD_MAXLEN]; -+#endif /* QUAGGA_TCP_MD5SIG */ - }; - - /* This structure's member directly points incoming packet data -@@ -879,6 +889,11 @@ - - int peer_local_as_set (struct peer *, as_t, int); - int peer_local_as_unset (struct peer *); -+ -+#ifdef QUAGGA_TCP_MD5SIG -+int peer_password_set (struct peer *, char *); -+int peer_password_unset (struct peer *); -+#endif /* QUAGGA_TCP_MD5SIG */ - - int peer_prefix_list_set (struct peer *, afi_t, safi_t, int, const char *); - int peer_prefix_list_unset (struct peer *, afi_t, safi_t, int); diff -ruN --exclude=CVS /usr/ports/net/quagga/files/extra-tcpmd5-patch-configure.ac /usr/ports/net/quagga.new/files/extra-tcpmd5-patch-configure.ac --- /usr/ports/net/quagga/files/extra-tcpmd5-patch-configure.ac Sun Feb 6 03:19:43 2005 +++ /usr/ports/net/quagga.new/files/extra-tcpmd5-patch-configure.ac Thu Jan 1 05:00:00 1970 @@ -1,16 +0,0 @@ ---- configure.ac.orig Fri Jan 7 06:03:14 2005 -+++ configure.ac Fri Jan 28 17:52:57 2005 -@@ -204,6 +204,13 @@ - AC_DEFINE(HAVE_IRDP,, IRDP ) - fi - -+AC_ARG_ENABLE(tcp-signature, -+[ --enable-tcp-signature enable TCP MD5 checksum capability]) -+ -+if test "${enable_tcp_signature}" = "yes"; then -+ AC_DEFINE(QUAGGA_TCP_MD5SIG,,TCP signatures) -+fi -+ - if test "${enable_user}" = "yes" || test x"${enable_user}" = x""; then - enable_user="quagga" - elif test "${enable_user}" = "no"; then diff -ruN --exclude=CVS /usr/ports/net/quagga/files/extra-tcpmd5-patch-lib-sockopt.c /usr/ports/net/quagga.new/files/extra-tcpmd5-patch-lib-sockopt.c --- /usr/ports/net/quagga/files/extra-tcpmd5-patch-lib-sockopt.c Thu Jan 1 05:00:00 1970 +++ /usr/ports/net/quagga.new/files/extra-tcpmd5-patch-lib-sockopt.c Sun Feb 6 03:19:43 2005 @@ -0,0 +1,35 @@ +--- lib/sockopt.c.orig Tue Jan 4 10:03:36 2005 ++++ lib/sockopt.c Fri Jan 28 17:52:57 2005 +@@ -243,6 +243,32 @@ + + } + ++int ++sockopt_tcp_signature (int family, int sock, int enable) ++{ ++ int ret; ++ ++#if defined(QUAGGA_TCP_MD5SIG) && defined(TCP_MD5SIG) ++ if (family == AF_INET) ++ { ++ ret = setsockopt (sock, IPPROTO_TCP, TCP_MD5SIG, ++ (void *) &enable, sizeof (int)); ++ if (ret < 0) ++ { ++ zlog (NULL, LOG_WARNING, "can't set sockopt TCP_MD5SIG %d to socket %d", enable, sock); ++ return -1; ++ } ++ return 0; ++ } ++#endif /* QUAGGA_TCP_MD5SIG */ ++ ++ /* fallthrough */ ++ ++ zlog (NULL, LOG_WARNING, "can't set sockopt TCP_MD5SIG on socket %d with family %d", ++ sock, family); ++ return -1; ++} ++ + static int + setsockopt_ipv4_ifindex (int sock, int val) + { diff -ruN --exclude=CVS /usr/ports/net/quagga/files/extra-tcpmd5-patch-lib-sockopt.h /usr/ports/net/quagga.new/files/extra-tcpmd5-patch-lib-sockopt.h --- /usr/ports/net/quagga/files/extra-tcpmd5-patch-lib-sockopt.h Thu Jan 1 05:00:00 1970 +++ /usr/ports/net/quagga.new/files/extra-tcpmd5-patch-lib-sockopt.h Sun Feb 6 03:19:43 2005 @@ -0,0 +1,12 @@ +--- lib/sockopt.h.orig Mon Nov 15 10:51:15 2004 ++++ lib/sockopt.h Fri Jan 28 17:52:57 2005 +@@ -40,6 +40,9 @@ + */ + #define SOPT_SIZE_CMSG_PKTINFO_IPV6() (sizeof (struct in6_pktinfo)); + ++#ifdef QUAGGA_TCP_MD5SIG ++int sockopt_tcp_signature(int family, int sock, int enable); ++#endif /* QUAGGA_TCP_MD5SIG */ + /* + * Size defines for control messages used to get ifindex. We define + * values for each method, and define a macro that can be used by code diff -ruN --exclude=CVS /usr/ports/net/quagga/files/extra-tcpmd5-patch-lib::sockopt.c /usr/ports/net/quagga.new/files/extra-tcpmd5-patch-lib::sockopt.c --- /usr/ports/net/quagga/files/extra-tcpmd5-patch-lib::sockopt.c Sun Feb 6 03:19:43 2005 +++ /usr/ports/net/quagga.new/files/extra-tcpmd5-patch-lib::sockopt.c Thu Jan 1 05:00:00 1970 @@ -1,35 +0,0 @@ ---- lib/sockopt.c.orig Tue Jan 4 10:03:36 2005 -+++ lib/sockopt.c Fri Jan 28 17:52:57 2005 -@@ -243,6 +243,32 @@ - - } - -+int -+sockopt_tcp_signature (int family, int sock, int enable) -+{ -+ int ret; -+ -+#if defined(QUAGGA_TCP_MD5SIG) && defined(TCP_MD5SIG) -+ if (family == AF_INET) -+ { -+ ret = setsockopt (sock, IPPROTO_TCP, TCP_MD5SIG, -+ (void *) &enable, sizeof (int)); -+ if (ret < 0) -+ { -+ zlog (NULL, LOG_WARNING, "can't set sockopt TCP_MD5SIG %d to socket %d", enable, sock); -+ return -1; -+ } -+ return 0; -+ } -+#endif /* QUAGGA_TCP_MD5SIG */ -+ -+ /* fallthrough */ -+ -+ zlog (NULL, LOG_WARNING, "can't set sockopt TCP_MD5SIG on socket %d with family %d", -+ sock, family); -+ return -1; -+} -+ - static int - setsockopt_ipv4_ifindex (int sock, int val) - { diff -ruN --exclude=CVS /usr/ports/net/quagga/files/extra-tcpmd5-patch-lib::sockopt.h /usr/ports/net/quagga.new/files/extra-tcpmd5-patch-lib::sockopt.h --- /usr/ports/net/quagga/files/extra-tcpmd5-patch-lib::sockopt.h Sun Feb 6 03:19:43 2005 +++ /usr/ports/net/quagga.new/files/extra-tcpmd5-patch-lib::sockopt.h Thu Jan 1 05:00:00 1970 @@ -1,12 +0,0 @@ ---- lib/sockopt.h.orig Mon Nov 15 10:51:15 2004 -+++ lib/sockopt.h Fri Jan 28 17:52:57 2005 -@@ -40,6 +40,9 @@ - */ - #define SOPT_SIZE_CMSG_PKTINFO_IPV6() (sizeof (struct in6_pktinfo)); - -+#ifdef QUAGGA_TCP_MD5SIG -+int sockopt_tcp_signature(int family, int sock, int enable); -+#endif /* QUAGGA_TCP_MD5SIG */ - /* - * Size defines for control messages used to get ifindex. We define - * values for each method, and define a macro that can be used by code diff -ruN --exclude=CVS /usr/ports/net/quagga/files/patch-configure.ac /usr/ports/net/quagga.new/files/patch-configure.ac --- /usr/ports/net/quagga/files/patch-configure.ac Mon Dec 8 21:20:12 2003 +++ /usr/ports/net/quagga.new/files/patch-configure.ac Thu Jan 1 05:00:00 1970 @@ -1,43 +0,0 @@ ---- configure.ac.orig Sun Nov 2 04:12:19 2003 -+++ configure.ac Wed Dec 3 02:28:37 2003 -@@ -724,7 +724,7 @@ - dnl AC_CHECK_LIB(snmp, asn_parse_int, HAVE_SNMP=yes) - if test "${HAVE_SNMP}" = ""; then - old_libs="${LIBS}" -- LIBS="-L/usr/lib" -+ LIBS="-L/usr/lib -L/usr/local/lib" - unset ac_cv_lib_snmp_asn_parse_int - AC_CHECK_LIB(crypto, main, NEED_CRYPTO=yes, ) - if test "${NEED_CRYPTO}" = ""; then -@@ -765,7 +765,7 @@ - fi - - if test "${HAVE_SNMP}" = "yes"; then -- for ac_snmp in /usr/include/net-snmp/library/asn1.h /usr/include/ucd-snmp/asn1.h /usr/local/include/ucd-snmp/asn1.h /dev/null -+ for ac_snmp in /usr/include/net-snmp/library/asn1.h /usr/include/ucd-snmp/asn1.h /usr/local/include/ucd-snmp/asn1.h /usr/local/include/net-snmp/library/asn1.h /dev/null - do - test -f "${ac_snmp}" && break - done -@@ -782,6 +782,13 @@ - LIBS="${LIBS} -lsnmp" - fi - ;; -+ /usr/local/include/net-snmp/*) -+ AC_DEFINE(HAVE_SNMP,,SNMP) -+ AC_DEFINE(HAVE_NETSNMP,,SNMP) -+ AC_DEFINE(UCD_COMPATIBLE,,SNMP) -+ CFLAGS="${CFLAGS} -I/usr/local/include -I/usr/local/include/net-snmp -I/usr/local/include/net-snmp/library" -+ LIBS="${LIBS} -L/usr/local/lib -lnetsnmp" -+ ;; - /usr/include/ucd-snmp/*) - AC_DEFINE(HAVE_SNMP,,SNMP) - CFLAGS="${CFLAGS} -I/usr/include/ucd-snmp" -@@ -794,7 +801,7 @@ - ;; - /usr/local/include/net-snmp/*) - AC_DEFINE(HAVE_SNMP,,SNMP) -- AC_DEFINE(HAVE_NET_SNMP,,SNMP) -+ AC_DEFINE(HAVE_NETSNMP,,SNMP) - AC_DEFINE(UCD_COMPATIBLE,,SNMP) - CFLAGS="${CFLAGS} -I/usr/local/include/net-snmp" - LIBS="${LIBS} -L/usr/local/lib -lnetsnmp" --- quagga-0.98.5.patch ends here --- >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?E1E9y9U-0001iP-PK>