quagga 0.99.8 on current, tcpmd5 config confusion
Randy Bush
randy at psg.com
Thu Aug 23 00:17:34 PDT 2007
just did a cvsup build and portupgrade of a six month old -current
i386 system running quagga. quagga cranked to 0.99.8. i got
slammed by bgp tcpmd5 requirement.
bgpd[469]: can't set sockopt TCP_MD5SIG 0 to socket 17
bgpd[469]: can't set sockopt TCP_MD5SIG 0 to socket 18
bgpd[469]: can't set sockopt TCP_MD5SIG 0 to socket 22
madly googled and found that i needed to hack kernel for tcp md5
hash, even though i am not using md5 auth (these are not really
infrastructure peerings. yes i know better for production).
# quagga needs this for MD5 passwords on BGP sessions
#
options TCP_SIGNATURE
options IPSEC
#options FAST_IPSEC
device crypto
device cryptodev
FAST_IPSEC turned out to be obsolete, so removed
with this kernel, i got a lot of whining about no keys
tcp_signature_compute: SADB lookup failed for 666.42.69.96
i restarted quagga, and bgpd left a disk flower
bgpd[9808]: BGPd 0.99.8 starting: vty at 2605, bgp at 179
kernel: pid 9808 (bgpd), uid 101: exited on signal 6
which i was too panicked to debug
so i went to backup and restored last week's binaries of quagga.
things are running, and i am less panicked. enough adrenaline for
one day, lemme tell ya.
but tell me, what the heck is the correct recipe for a kernel and a
quagga build for a bgpd that will play happily together?
clue by four please!
randy
More information about the freebsd-net
mailing list