openbgpds not talking each other since 8.2-STABLE upgrade

Hiroki Sato hrs at FreeBSD.org
Tue Jan 3 21:04:01 UTC 2012


Doug Barton <dougb at freebsd.org> wrote
  in <4F036A7F.9030906 at FreeBSD.org>:

do> This patch works even if net.inet.tcp.signature_verify_input=1. If I
do> turn that sysctl off on both sides they can talk to each other even
do> without the patch. So that would definitely seem to indicate that the
do> tcp_signature stuff is the source of the problem.
do>
do> What unfortunately did not work is configuring signatures on both sides.
do> With the sysctl enabled, IPSEC set up on both hosts, and the tcp md5sig
do> option in both bgpd.conf files, we got the same result as before, no
do> communication between them. When -HUP'ing and/or restarting openbgpd
do> with the tcp md5sig option enabled we get "pfkey setup failed."
do>
do> So, "working iBGP + no signatures" is a good next step. "iBGP +
do> signatures" would be an even better one. :)  We're happy to test more
do> patches, etc.; and thanks again to everyone who has responded so far.

 Okay, thank you for your report.  I will take some time to fix
 TCP_MD5SIG support in openbgpd and inform you when another patch is
 ready.

-- Hiroki
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 196 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-net/attachments/20120103/628ff63c/attachment.pgp


More information about the freebsd-net mailing list