Date: Tue, 10 Jan 2012 14:23:11 +0100 From: Claudio Jeker <cjeker@diehard.n-r-g.com> To: freebsd-net@freebsd.org Subject: Re: openbgpds not talking each other since 8.2-STABLE upgrade Message-ID: <20120110132311.GA26721@diehard.n-r-g.com> In-Reply-To: <1F04F4D5-35E9-4B5F-9D43-F5F8035BA462@sarenet.es> References: <99A5FFD9-8815-4CCC-9868-FB2E3D799566@gridfury.com> <4F027BC0.1080101@FreeBSD.org> <8F87C898-3290-41B9-ACDF-3558D7C28D74@gmail.com> <20120103152909.GA83706@sandvine.com> <680405C8-3323-49BC-AE59-494FC394B6F6@sarenet.es> <20120104092824.GA24657@diehard.n-r-g.com> <FBEBE2F1-AE82-4347-A3AA-448665220756@sarenet.es> <20120109230130.GA3819@diehard.n-r-g.com> <1F04F4D5-35E9-4B5F-9D43-F5F8035BA462@sarenet.es>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Jan 10, 2012 at 09:01:35AM +0100, Borja Marcos wrote: > > On Jan 10, 2012, at 12:01 AM, Claudio Jeker wrote: > > > Since it is possible to add MD5 for neighbors on config reload and the > > listening sockets are normaly not closed and reopened on config reload it > > was the easiest to set the MD5 option on all listening sockets no matter > > what (especially since at that time OpenBSD was the only BSD doing TCP MD5 > > and the always enable was there from the beginning (actually the MD5SUM > > support was done for/with OpenBGPD). > > I see, so then the TCP stack should only set and check MD5 signatures > provided there's a matching CPD entry. Otherwise, using a random key > doesn't make sense at all. Right? ;) > Yes. A random key never makes sense since TCP MD5 works with a shared secret. -- :wq Claudio
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20120110132311.GA26721>