[prev in list] [next in list] [prev in thread] [next in thread]
List: quagga-dev
Subject: [quagga-dev 5238] Re: [quagga-users 9315] New md5 signature patch
From: Ingo Flaschberger <if () xip ! at>
Date: 2008-01-29 16:40:38
Message-ID: alpine.LFD.1.00.0801291738160.17757 () filebunker ! xip ! at
[Download RAW message or body]
Dear Michael,
> I find it very hard to believe that FreeBSD would not validate this.
> It sounds more likely that the passwords were not actually set in the
> first place for some reason. Have you used tcp dump to confirm that the
> packets are signed and verify against the appropriate passwords? If so,
> that would sound like a bug in FreeBSD. If not, then the patch is not
> working for FreeBSD and passwords are not being set. Do any errors show
> up in the bgpd log file? Have you tried verifying against a non-FreeBSD
> box (Cisco router or Linux)?
With the freebsd ports patch, md5 works, also to ciscos.
man tcp:
TCP_MD5SIG This option enables the use of MD5 digests (also known as
TCP-MD5) on writes to the specified socket. In the current
release, only outgoing traffic is digested; digests on
incoming traffic are not verified. The current default
behavior for the system is to respond to a system advertis-
ing this option with TCP-MD5; this may change.
I'm now checking how it was implemented in Linux and then trying to get a
patch into freebsd.
> I was not able to test the FreeBSD aspect and was relying on the
> earlier work of others for that and hoping others would test it out.
> Can anyone else verify this?
Ok, I will test the patch.
Bye,
Ingo
_______________________________________________
Quagga-dev mailing list
Quagga-dev@lists.quagga.net
http://lists.quagga.net/mailman/listinfo/quagga-dev
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic