Openbgpd incorrectly sets TCP_MD5 on the listen socket,
	regardless of configuration
    Nikolay Denev 
    ndenev at gmail.com
       
    Thu Nov 24 12:41:34 UTC 2011
    
    
  
On Nov 23, 2011, at 2:43 PM, Borja Marcos wrote:
> 
> On Nov 23, 2011, at 9:30 AM, Nikolay Denev wrote:
> 
>> I'm seeing exactly the same problem with Quagga.
>> Quagga's bgpd also seem to always set the TCP_MD5 socket option, and newer freebsd 8.2 machines
>> don't seem to be able to establish bgp sessions, probably due to the recent TCP_MD5 fixes that enabled
>> the TCP_MD5 checksum verification of incoming packets.
> 
> Hmm. A confusion? ;)
> 
> The traces I've just sent show Quagga and Bird working well, OpenBGPD failing.
> 
> 
> Borja.
> 
Nope, no confusion :)
My pair of FreeBSD 8.2 routers fail to establish a BGP session unless I define MD5 password in /etc/ipsec.conf or disable the validation of the
digests with the sysctl I mentioned in my previous email.
I'm seeing exactly the same tcpdumps, with invalid digest options and empty digest (all zeroes).
Regards,
Nikolay
    
    
More information about the freebsd-net
mailing list