From owner-freebsd-net@FreeBSD.ORG  Tue Jan 10 13:23:14 2012
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 17EC2106564A
	for <freebsd-net@freebsd.org>; Tue, 10 Jan 2012 13:23:13 +0000 (UTC)
	(envelope-from cjeker@diehard.n-r-g.com)
Received: from diehard.n-r-g.com (diehard.n-r-g.com [62.48.3.9])
	by mx1.freebsd.org (Postfix) with ESMTP id 714708FC0A
	for <freebsd-net@freebsd.org>; Tue, 10 Jan 2012 13:23:12 +0000 (UTC)
Received: (qmail 23233 invoked by uid 1001); 10 Jan 2012 13:23:11 -0000
Date: Tue, 10 Jan 2012 14:23:11 +0100
From: Claudio Jeker <cjeker@diehard.n-r-g.com>
To: freebsd-net@freebsd.org
Message-ID: <20120110132311.GA26721@diehard.n-r-g.com>
Mail-Followup-To: freebsd-net@freebsd.org
References: <99A5FFD9-8815-4CCC-9868-FB2E3D799566@gridfury.com>
	<4F027BC0.1080101@FreeBSD.org>
	<8F87C898-3290-41B9-ACDF-3558D7C28D74@gmail.com>
	<20120103152909.GA83706@sandvine.com>
	<680405C8-3323-49BC-AE59-494FC394B6F6@sarenet.es>
	<20120104092824.GA24657@diehard.n-r-g.com>
	<FBEBE2F1-AE82-4347-A3AA-448665220756@sarenet.es>
	<20120109230130.GA3819@diehard.n-r-g.com>
	<1F04F4D5-35E9-4B5F-9D43-F5F8035BA462@sarenet.es>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <1F04F4D5-35E9-4B5F-9D43-F5F8035BA462@sarenet.es>
User-Agent: Mutt/1.5.21 (2010-09-15)
Subject: Re: openbgpds not talking each other since 8.2-STABLE upgrade
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Jan 2012 13:23:14 -0000

On Tue, Jan 10, 2012 at 09:01:35AM +0100, Borja Marcos wrote:
> 
> On Jan 10, 2012, at 12:01 AM, Claudio Jeker wrote:
> 
> > Since it is possible to add MD5 for neighbors on config reload and the
> > listening sockets are normaly not closed and reopened on config reload it
> > was the easiest to set the MD5 option on all listening sockets no matter
> > what (especially since at that time OpenBSD was the only BSD doing TCP MD5
> > and the always enable was there from the beginning (actually the MD5SUM
> > support was done for/with OpenBGPD).
> 
> I see, so then the TCP stack should only set and check MD5 signatures
> provided there's a matching CPD entry. Otherwise, using a random key
> doesn't make sense at all. Right? ;)
> 

Yes.
A random key never makes sense since TCP MD5 works with a shared secret.

-- 
:wq Claudio