[prev in list] [next in list] [prev in thread] [next in thread]
List: quagga-dev
Subject: [quagga-dev 7985] Re: [PATCH] bgpd: fix Linux 2.4 MD5 Support
From: John Kemp <kemp () network-services ! uoregon ! edu>
Date: 2010-05-12 20:45:33
Message-ID: 4BEB136D.2050904 () network-services ! uoregon ! edu
[Download RAW message or body]
Thanks Simon.
I can confirm that this patch can help.
I had to do those two defines as well to get going
on an 2.6.10 machine that has the rfc2385 2.6.10 patch.
Then I built using:
CFLAGS="-g -O0 -DHAVE_TCP_MD5 -DHAVE_TCP_MD5_LINUX24"
export CFLAGS
...
make install
John Kemp (kemp@network-services.uoregon.edu)
On 04/26/2010 04:59 AM, Simon Talbot wrote:
> I have now identified the problem with building MD5 support for 2.4 Kernels.
>
> On 2.4 kernels with Hasso's RFC 2385 patch applied, the define (TCP_MD5SIG) which \
> the Quagga configure script looks for is not present so HAVE_DECL_TCP_MD5SIG ends \
> up getting defined as 0 even with the --enable-linux24-tcp-md5 switch applied to \
> the configuration script.
> This causes a problem in bgpd/bgp_network.c where the following code is present:
>
> /*
> * Set MD5 key for the socket, for the given IPv4 peer address.
> * If the password is NULL or zero-length, the option will be disabled.
> */
> static int
> bgp_md5_set_socket (int socket, union sockunion *su, const char *password)
> {
> int ret = -1;
> int en = ENOSYS;
>
> assert (socket >= 0);
>
> ===> #if HAVE_DECL_TCP_MD5SIG
> ===> ret = sockopt_tcp_signature (socket, su, password);
> ===> en = errno;
> ===> #endif /* HAVE_TCP_MD5SIG */
>
> if (ret < 0)
> zlog (NULL, LOG_WARNING, "can't set TCP_MD5SIG option on socket %d: %s",
> socket, safe_strerror (en));
>
> return ret;
> }
>
>
> As you will see, as HAVE_DECL_TCP_MD5SIG is set to 0 by the configure script, the \
> call to sockopt_tcp_signature is not compiled in meaning that MD5 always fails. I \
> have prepared a small patch (attached below) which will correct this by adding an \
> extra conditional on the above code to also compile it in when HAVE_TCP_MD5_LINUX24 \
> is defined. This has been tested on our sandbox router and seems to function well \
> in all permutations.
> Suggested Patch:
>
> -----------------------------------------------------------------------------------------
>
> diff -ur quagga-0.99.16/bgpd/bgp_network.c quagga-0.99.16.nse/bgpd/bgp_network.c
> --- quagga-0.99.16/bgpd/bgp_network.c Wed Dec 9 12:37:12 2009
> +++ quagga-0.99.16.nse/bgpd/bgp_network.c Mon Apr 26 12:51:10 2010
> @@ -59,10 +59,10 @@
>
> assert (socket >= 0);
>
> -#if HAVE_DECL_TCP_MD5SIG
> +#if HAVE_DECL_TCP_MD5SIG || defined(HAVE_TCP_MD5_LINUX24)
> ret = sockopt_tcp_signature (socket, su, password);
> en = errno;
> -#endif /* HAVE_TCP_MD5SIG */
> +#endif /* HAVE_TCP_MD5SIG || defined(HAVE_TCP_MD5_LINUX24) */
>
> if (ret < 0)
> zlog (NULL, LOG_WARNING, "can't set TCP_MD5SIG option on socket %d: %s",
> @@ -77,7 +77,7 @@
> {
> int ret = -1;
>
> -#if HAVE_DECL_TCP_MD5SIG
> +#if HAVE_DECL_TCP_MD5SIG || defined(HAVE_TCP_MD5_LINUX24)
> if ( bgpd_privs.change (ZPRIVS_RAISE) )
> {
> zlog_err ("%s: could not raise privs", __func__);
> @@ -88,7 +88,7 @@
>
> if (bgpd_privs.change (ZPRIVS_LOWER) )
> zlog_err ("%s: could not lower privs", __func__);
> -#endif /* HAVE_TCP_MD5SIG */
> +#endif /* HAVE_TCP_MD5SIG || defined(HAVE_TCP_MD5_LINUX24) */
>
> return ret;
> }
>
>
> -----------------------------------------------------------------------------------------
>
> Best regards,
>
> Simon
>
> Simon Talbot MEng, ACGI
> (Chief Engineer)
> Tel: 020 3161 6001
> Fax: 020 3161 6011
>
> The information contained in this e-mail and any attachments are private
> and confidential and may be legally privileged.
>
> It is intended for the named addressee(s) only. If you are not the
> intended recipient(s), you must not read, copy or use the information
> contained in any way. If you receive this email or any attachments in
> error, please notify us immediately by e-mail and destroy any copy you
> have of it.
>
> We accept no responsibility for any loss or damages whatsoever arising
> in any way from receipt or use of this e-mail or any attachments. This
> e-mail is not intended to create legally binding commitments on our
> behalf, nor do its comments reflect our corporate views or policies.
>
> _______________________________________________
> Quagga-dev mailing list
> Quagga-dev@lists.quagga.net
> http://lists.quagga.net/mailman/listinfo/quagga-dev
_______________________________________________
Quagga-dev mailing list
Quagga-dev@lists.quagga.net
http://lists.quagga.net/mailman/listinfo/quagga-dev
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic