Openbgpd incorrectly sets TCP_MD5 on the listen socket,
regardless of configuration
Nikolay Denev
ndenev at gmail.com
Thu Nov 24 12:41:34 UTC 2011
On Nov 23, 2011, at 2:43 PM, Borja Marcos wrote:
>
> On Nov 23, 2011, at 9:30 AM, Nikolay Denev wrote:
>
>> I'm seeing exactly the same problem with Quagga.
>> Quagga's bgpd also seem to always set the TCP_MD5 socket option, and newer freebsd 8.2 machines
>> don't seem to be able to establish bgp sessions, probably due to the recent TCP_MD5 fixes that enabled
>> the TCP_MD5 checksum verification of incoming packets.
>
> Hmm. A confusion? ;)
>
> The traces I've just sent show Quagga and Bird working well, OpenBGPD failing.
>
>
> Borja.
>
Nope, no confusion :)
My pair of FreeBSD 8.2 routers fail to establish a BGP session unless I define MD5 password in /etc/ipsec.conf or disable the validation of the
digests with the sysctl I mentioned in my previous email.
I'm seeing exactly the same tcpdumps, with invalid digest options and empty digest (all zeroes).
Regards,
Nikolay
More information about the freebsd-net
mailing list