[prev in list] [next in list] [prev in thread] [next in thread]
List: quagga-dev
Subject: [quagga-dev 10211] Re: IPv6 BGP md5 password disappears on restart
From: Roman Hoog Antink <rha () open ! ch>
Date: 2013-01-18 14:04:50
Message-ID: 50F95682.7000401 () open ! ch
[Download RAW message or body]
[Attachment #2 (multipart/signed)]
[Attachment #4 (multipart/mixed)]
On 14.01.2013 15:26, David Lamparter wrote:
> On Mon, Aug 06, 2012 at 02:44:37PM +0200, Roman Hoog Antink wrote:
>> This way the order of group and password statements is unimportant and
>> all scenarios are possible: peers with individual passwords overriding
>> group passwords; peers with individual passwords in groups without group
>> password, etc.
>
> [...]
>> /* password apply */
>> - if (peer->password)
>> - XFREE (MTYPE_PEER_PASSWORD, peer->password);
>> -
>> if (conf->password)
>> - peer->password = XSTRDUP (MTYPE_PEER_PASSWORD, conf->password);
>> - else
>> - peer->password = NULL;
>> + {
>> + XFREE (MTYPE_PEER_PASSWORD, peer->password);
>> + peer->password = XSTRDUP (MTYPE_PEER_PASSWORD, conf->password);
>> + }
>
> Shouldn't this be "if (conf->password && !peer->password)"?
>
> Even with your patch, if the peer-group has a password set, that will
> override the peer's password, if it's set before the peer is added to
> the peer group - or am I overlooking something?
>
> -David
>
You are right. Besides, this improvement makes the XFREE unnecessary.
I attached the adapted patch against 0.99.21.
-Roman
["quagga-0.99.21.bgp-pw.patch" (text/x-patch)]
commit 2c56b7fb29edc4e87257f42d620928dcb790258a
Author: Roman Hoog Antink <rha@open.ch>
Date: Fri Jan 18 13:52:03 2013 +0100
bgpd: fix lost passwords of grouped neighbors
This patch resolves the significance of order of group and password
statements.
It prevents passwords from being lost in cases where all
three conditions apply:
1. the peer is member of a group with or without group password
2. the peer has an individual password set
3. the peer is added to a group within an address-family ipv6
section
In addition this patch prevents the same issue in cases, where an IPv4
peer's password is set first and the peer is added to a group
afterwards.
Adding a peer to a group cancels his individual password. Without ipv6
this is not a problem, because choosing the right order of config
statements will do (set password only after adding peer to group).
When adding the peer to a group within the address-family
section, his password is definitely lost. The same workaround (ie.
setting the password after the address-family section) can not be used,
because "show run" will print the configuration statements in the wrong
order.
diff --git a/bgpd/bgpd.c b/bgpd/bgpd.c
index 9c8eda8..61a4610 100644
--- a/bgpd/bgpd.c
+++ b/bgpd/bgpd.c
@@ -1447,13 +1447,8 @@ peer_group2peer_config_copy (struct peer_group *group, struct peer *peer,
peer->v_routeadv = BGP_DEFAULT_EBGP_ROUTEADV;
/* password apply */
- if (peer->password)
- XFREE (MTYPE_PEER_PASSWORD, peer->password);
-
- if (conf->password)
+ if (conf->password && !peer->password)
peer->password = XSTRDUP (MTYPE_PEER_PASSWORD, conf->password);
- else
- peer->password = NULL;
bgp_md5_set (peer);
["signature.asc" (application/pgp-signature)]
_______________________________________________
Quagga-dev mailing list
Quagga-dev@lists.quagga.net
http://lists.quagga.net/mailman/listinfo/quagga-dev
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic