Openbgpd incorrectly sets TCP_MD5 on the listen socket, regardless of configuration

Nikolay Denev ndenev at gmail.com
Thu Nov 24 12:41:34 UTC 2011


On Nov 23, 2011, at 2:43 PM, Borja Marcos wrote:

> 
> On Nov 23, 2011, at 9:30 AM, Nikolay Denev wrote:
> 
>> I'm seeing exactly the same problem with Quagga.
>> Quagga's bgpd also seem to always set the TCP_MD5 socket option, and newer freebsd 8.2 machines
>> don't seem to be able to establish bgp sessions, probably due to the recent TCP_MD5 fixes that enabled
>> the TCP_MD5 checksum verification of incoming packets.
> 
> Hmm. A confusion? ;)
> 
> The traces I've just sent show Quagga and Bird working well, OpenBGPD failing.
> 
> 
> Borja.
> 


Nope, no confusion :)

My pair of FreeBSD 8.2 routers fail to establish a BGP session unless I define MD5 password in /etc/ipsec.conf or disable the validation of the
digests with the sysctl I mentioned in my previous email.

I'm seeing exactly the same tcpdumps, with invalid digest options and empty digest (all zeroes).

Regards,
Nikolay


More information about the freebsd-net mailing list