diff options
author | Alin Năstac <mrness@gentoo.org> | 2005-10-14 05:19:12 +0000 |
---|---|---|
committer | Alin Năstac <mrness@gentoo.org> | 2005-10-14 05:19:12 +0000 |
commit | e9209057498518be67639efe1bba2349e9f8ef64 (patch) | |
tree | 7caefc8bc9308b73365ecb106ac405584a80c412 /net-misc/quagga/files | |
parent | Stable on x86 (diff) | |
download | gentoo-2-e9209057498518be67639efe1bba2349e9f8ef64.tar.gz gentoo-2-e9209057498518be67639efe1bba2349e9f8ef64.tar.bz2 gentoo-2-e9209057498518be67639efe1bba2349e9f8ef64.zip |
remove 0.98.3; add warning about tcpmd5 kernel patch; x86 on 0.98.4
(Portage version: 2.0.51.22-r3)
Diffstat (limited to 'net-misc/quagga/files')
4 files changed, 0 insertions, 747 deletions
diff --git a/net-misc/quagga/files/digest-quagga-0.98.3 b/net-misc/quagga/files/digest-quagga-0.98.3 deleted file mode 100644 index cc7f58890ba8..000000000000 --- a/net-misc/quagga/files/digest-quagga-0.98.3 +++ /dev/null @@ -1 +0,0 @@ -MD5 68be5e911e4d604c0f5959338263356e quagga-0.98.3.tar.gz 2118348 diff --git a/net-misc/quagga/files/patches-0.98.3/amir-connected-route.patch b/net-misc/quagga/files/patches-0.98.3/amir-connected-route.patch deleted file mode 100644 index 40b660624050..000000000000 --- a/net-misc/quagga/files/patches-0.98.3/amir-connected-route.patch +++ /dev/null @@ -1,222 +0,0 @@ -diff -Nur quagga-0.98.3.orig/zebra/connected.c quagga-0.98.3/zebra/connected.c ---- quagga-0.98.3.orig/zebra/connected.c 2005-03-12 20:54:45.000000000 +0200 -+++ quagga-0.98.3/zebra/connected.c 2005-06-15 08:33:06.012693968 +0300 -@@ -29,6 +29,7 @@ - #include "rib.h" - #include "table.h" - #include "log.h" -+#include "rt.h" - - #include "zebra/zserv.h" - #include "zebra/redistribute.h" -@@ -85,6 +86,8 @@ - rib_add_ipv4 (ZEBRA_ROUTE_CONNECT, 0, &p, NULL, ifp->ifindex, 0, 0, 0); - - rib_update (); -+ -+ kernel_connected_up(ifc); - } - - /* Add connected IPv4 route to the interface. */ -@@ -221,6 +224,8 @@ - rib_delete_ipv4 (ZEBRA_ROUTE_CONNECT, 0, &p, NULL, ifp->ifindex, 0); - - rib_update (); -+ -+ kernel_connected_down(ifc); - } - - /* Delete connected IPv4 route to the interface. */ -@@ -314,6 +319,8 @@ - rib_add_ipv6 (ZEBRA_ROUTE_CONNECT, 0, &p, NULL, ifp->ifindex, 0); - - rib_update (); -+ -+ kernel_connected_up(ifc); - } - - /* Add connected IPv6 route to the interface. */ -@@ -403,6 +410,8 @@ - rib_delete_ipv6 (ZEBRA_ROUTE_CONNECT, 0, &p, NULL, ifp->ifindex, 0); - - rib_update (); -+ -+ kernel_connected_down(ifc); - } - - void -diff -Nur quagga-0.98.3.orig/zebra/rt.h quagga-0.98.3/zebra/rt.h ---- quagga-0.98.3.orig/zebra/rt.h 2002-12-13 22:15:30.000000000 +0200 -+++ quagga-0.98.3/zebra/rt.h 2005-06-15 08:33:06.012693968 +0300 -@@ -29,6 +29,9 @@ - int kernel_address_add_ipv4 (struct interface *, struct connected *); - int kernel_address_delete_ipv4 (struct interface *, struct connected *); - -+int kernel_connected_up (struct connected *ifc); -+int kernel_connected_down (struct connected *ifc); -+ - #ifdef HAVE_IPV6 - int kernel_add_ipv6 (struct prefix *, struct rib *); - int kernel_delete_ipv6 (struct prefix *, struct rib *); -diff -Nur quagga-0.98.3.orig/zebra/rt_ioctl.c quagga-0.98.3/zebra/rt_ioctl.c ---- quagga-0.98.3.orig/zebra/rt_ioctl.c 2004-12-07 23:12:56.000000000 +0200 -+++ quagga-0.98.3/zebra/rt_ioctl.c 2005-06-15 08:33:06.013693816 +0300 -@@ -44,6 +44,20 @@ - return; - } - -+/* Dummy function */ -+int -+kernel_connected_up (struct connected *ifc) -+{ -+ return 0; -+} -+ -+/* Dummy function */ -+int -+kernel_connected_down (struct connected *ifc) -+{ -+ return 0; -+} -+ - #if 0 - /* Initialization prototype of struct sockaddr_in. */ - static struct sockaddr_in sin_proto = -diff -Nur quagga-0.98.3.orig/zebra/rt_netlink.c quagga-0.98.3/zebra/rt_netlink.c ---- quagga-0.98.3.orig/zebra/rt_netlink.c 2005-03-31 23:26:59.000000000 +0300 -+++ quagga-0.98.3/zebra/rt_netlink.c 2005-06-15 08:33:06.014693664 +0300 -@@ -1341,6 +1341,112 @@ - return 0; - } - -+/* Routing table change for connected route via netlink interface. */ -+int -+netlink_routeconnected (int cmd, struct connected *ifc) -+{ -+ int ret; -+ int bytelen; -+ struct sockaddr_nl snl; -+ u_char bufnet[BUFSIZ]; -+ u_char bufaddr[BUFSIZ]; -+ u_char bufsrc[BUFSIZ]; -+ -+ int cmds[] = { RTM_NEWROUTE, RTM_DELROUTE }; -+ -+ struct prefix *p = ifc->address; -+ int family = ifc->address->family; -+ int table = RT_TABLE_MAIN; -+ int index = ifc->ifp->ifindex; -+ -+ struct prefix dest; -+ struct prefix src; -+ int length = p->prefixlen; -+ -+ struct -+ { -+ struct nlmsghdr n; -+ struct rtmsg r; -+ char buf[1024]; -+ } req; -+ -+ if (! (index && p)) -+ return -1; -+ -+#ifdef HAVE_IPV6 -+ if ((family == AF_INET6) && (IN6_IS_ADDR_LINKLOCAL(&p->u.prefix6))) -+ return -1; -+#endif /* HAVE_IPV6 */ -+ -+ memset (&dest, 0, sizeof dest); -+ memset (&req, 0, sizeof req); -+ memset (&src, 0, sizeof(struct prefix)); -+ -+ /* Copy prefix */ -+ prefix_copy (&src, p); -+ prefix2str(&src, bufsrc, sizeof (bufaddr)); -+ -+ prefix_copy (&dest, p); -+ prefix2str(&dest, bufaddr, sizeof (bufaddr)); -+ -+ /* Make it sure prefixlen is applied to the prefix. */ -+ apply_mask (&dest); -+ prefix2str(&dest, bufnet, sizeof (bufnet)); -+ -+ bytelen = (family == AF_INET ? 4 : 16); -+ -+ req.n.nlmsg_len = NLMSG_LENGTH (sizeof (struct rtmsg)); -+ req.n.nlmsg_flags = NLM_F_CREATE | NLM_F_REQUEST; -+ req.n.nlmsg_type = cmds[cmd]; -+ req.r.rtm_family = family; -+ req.r.rtm_table = table; -+ req.r.rtm_dst_len = length; -+ req.r.rtm_src_len = IPV4_MAX_BITLEN; -+ -+ req.r.rtm_protocol = RTPROT_KERNEL; -+ req.r.rtm_scope = RT_SCOPE_LINK; -+ req.r.rtm_type = RTN_UNICAST; -+ -+ addattr_l (&req.n, sizeof req, RTA_DST, &dest.u.prefix, bytelen); -+ addattr_l (&req.n, sizeof req, RTA_PREFSRC, &src.u.prefix, bytelen); -+ -+ if (index > 0) -+ addattr32 (&req.n, sizeof req, RTA_OIF, index); -+ -+ /* Destination netlink address. */ -+ memset (&snl, 0, sizeof snl); -+ snl.nl_family = AF_NETLINK; -+ -+ if (! cmd) -+ zlog_warn ("netlink_routeconnected: connected route for if %s (%s) for net %s src %s in fib", ifc->ifp->name, bufaddr, bufnet, bufsrc); -+ else -+ zlog_warn ("netlink_routeconnected: connected route for if %s (%s) for net %s src %s in fib", ifc->ifp->name, bufaddr, bufnet, bufsrc); -+ -+ /* Talk to netlink socket. */ -+ ret = netlink_talk (&req.n, &netlink); -+ if (ret < 0) -+ return -1; -+ -+ if (! cmd) -+ zlog_warn ("netlink_routeconnected: ACK: connected route for if %s (%s) for net %s src %s in fib", ifc->ifp->name, bufaddr, bufnet, bufsrc); -+ else -+ zlog_warn ("netlink_routeconnected: ACK: connected route for if %s (%s) for net %s src %s in fib", ifc->ifp->name, bufaddr, bufnet, bufsrc); -+ -+ return 0; -+} -+ -+int -+kernel_connected_up (struct connected *ifc) -+{ -+ return netlink_routeconnected (0, ifc); -+} -+ -+int -+kernel_connected_down (struct connected *ifc) -+{ -+ return netlink_routeconnected (1, ifc); -+} -+ - /* Routing table change via netlink interface. */ - int - netlink_route_multipath (int cmd, struct prefix *p, struct rib *rib, -diff -Nur quagga-0.98.3.orig/zebra/rt_socket.c quagga-0.98.3/zebra/rt_socket.c ---- quagga-0.98.3.orig/zebra/rt_socket.c 2004-12-07 23:12:56.000000000 +0200 -+++ quagga-0.98.3/zebra/rt_socket.c 2005-06-15 08:33:06.015693512 +0300 -@@ -480,4 +480,18 @@ - - return route; - } -+ -+/* Dummy function */ -+int -+kernel_connected_up (struct connected *ifc) -+{ -+ return 0; -+} -+ -+/* Dummy function */ -+int -+kernel_connected_down (struct connected *ifc) -+{ -+ return 0; -+} - #endif /* HAVE_IPV6 */ diff --git a/net-misc/quagga/files/patches-0.98.3/ht-20040304-classless-bgp.patch b/net-misc/quagga/files/patches-0.98.3/ht-20040304-classless-bgp.patch deleted file mode 100644 index 978dfa3dcdfa..000000000000 --- a/net-misc/quagga/files/patches-0.98.3/ht-20040304-classless-bgp.patch +++ /dev/null @@ -1,43 +0,0 @@ -Index: bgpd/bgp_route.c -=================================================================== -RCS file: /var/cvsroot/quagga/bgpd/bgp_route.c,v -retrieving revision 1.10 -diff -u -3 -p -r1.10 bgp_route.c ---- bgpd/bgp_route.c 17 Feb 2004 19:45:10 -0000 1.10 -+++ bgpd/bgp_route.c 4 Mar 2004 19:44:42 -0000 -@@ -3710,16 +3710,7 @@ route_vty_out_route (struct prefix *p, s - { - len = vty_out (vty, "%s", inet_ntop (p->family, &p->u.prefix, buf, BUFSIZ)); - destination = ntohl (p->u.prefix4.s_addr); -- -- if ((IN_CLASSC (destination) && p->prefixlen == 24) -- || (IN_CLASSB (destination) && p->prefixlen == 16) -- || (IN_CLASSA (destination) && p->prefixlen == 8) -- || p->u.prefix4.s_addr == 0) -- { -- /* When mask is natural, mask is not displayed. */ -- } -- else -- len += vty_out (vty, "/%d", p->prefixlen); -+ len += vty_out (vty, "/%d", p->prefixlen); - } - else - len = vty_out (vty, "%s/%d", inet_ntop (p->family, &p->u.prefix, buf, BUFSIZ), -@@ -8931,16 +8922,7 @@ bgp_config_write_network (struct vty *vt - masklen2ip (p->prefixlen, &netmask); - vty_out (vty, " network %s", - inet_ntop (p->family, &p->u.prefix, buf, SU_ADDRSTRLEN)); -- -- if ((IN_CLASSC (destination) && p->prefixlen == 24) -- || (IN_CLASSB (destination) && p->prefixlen == 16) -- || (IN_CLASSA (destination) && p->prefixlen == 8) -- || p->u.prefix4.s_addr == 0) -- { -- /* Natural mask is not display. */ -- } -- else -- vty_out (vty, " mask %s", inet_ntoa (netmask)); -+ vty_out (vty, " mask %s", inet_ntoa (netmask)); - } - else - { diff --git a/net-misc/quagga/files/patches-0.98.3/ht-20050110-0.98.0-bgp-md5.patch b/net-misc/quagga/files/patches-0.98.3/ht-20050110-0.98.0-bgp-md5.patch deleted file mode 100644 index 933304df7897..000000000000 --- a/net-misc/quagga/files/patches-0.98.3/ht-20050110-0.98.0-bgp-md5.patch +++ /dev/null @@ -1,481 +0,0 @@ -==== Patch <ht-20050110-0.98.0-bgp-md5> level 1 -Source: [No source] -Target: 53eccb64-3fed-0310-a953-aee945e670f6:/quagga/working-copy:832 [local] -Log: -Patch updated to the Quagga version 0.98.0. ---- bgpd/bgp_network.c (revision 832) -+++ bgpd/bgp_network.c (patch ht-20050110-0.98.0-bgp-md5 level 1) -@@ -38,6 +38,56 @@ Software Foundation, Inc., 59 Temple Pla - extern struct zebra_privs_t bgpd_privs; - - -+#if defined(HAVE_TCP_MD5) && defined(GNU_LINUX) -+/* Set MD5 key to the socket. */ -+int -+bgp_md5_set (int sock, struct peer *peer, char *password) -+{ -+ int ret; -+ struct tcp_rfc2385_cmd cmd; -+ struct in_addr *addr = &peer->su.sin.sin_addr; -+ -+ cmd.command = TCP_MD5_AUTH_ADD; -+ cmd.address = addr->s_addr; -+ cmd.keylen = strlen (password); -+ cmd.key = password; -+ -+ if ( bgpd_privs.change (ZPRIVS_RAISE) ) -+ zlog_err ("bgp_md5_set: could not raise privs"); -+ -+ ret = setsockopt (sock, IPPROTO_TCP, TCP_MD5_AUTH, &cmd, sizeof cmd); -+ -+ if (bgpd_privs.change (ZPRIVS_LOWER) ) -+ zlog_err ("bgp_md5_set: could not lower privs"); -+ -+ return ret; -+} -+ -+/* Unset MD5 key from the socket. */ -+int -+bgp_md5_unset (int sock, struct peer *peer, char *password) -+{ -+ int ret; -+ struct tcp_rfc2385_cmd cmd; -+ struct in_addr *addr = &peer->su.sin.sin_addr; -+ -+ cmd.command = TCP_MD5_AUTH_DEL; -+ cmd.address = addr->s_addr; -+ cmd.keylen = strlen (password); -+ cmd.key = password; -+ -+ if ( bgpd_privs.change (ZPRIVS_RAISE) ) -+ zlog_err ("bgp_md5_unset: could not raise privs"); -+ -+ ret = setsockopt (sock, IPPROTO_TCP, TCP_MD5_AUTH, &cmd, sizeof cmd); -+ -+ if (bgpd_privs.change (ZPRIVS_LOWER) ) -+ zlog_err ("bgp_md5_unset: could not lower privs"); -+ -+ return ret; -+} -+#endif /* defined(HAVE_TCP_MD5) && defined(GNU_LINUX) */ -+ - /* Accept bgp connection. */ - static int - bgp_accept (struct thread *thread) -@@ -240,6 +290,12 @@ bgp_connect (struct peer *peer) - sockopt_reuseaddr (peer->fd); - sockopt_reuseport (peer->fd); - -+#ifdef HAVE_TCP_MD5 -+ if (CHECK_FLAG (peer->flags, PEER_FLAG_PASSWORD)) -+ if (sockunion_family (&peer->su) == AF_INET) -+ bgp_md5_set (peer->fd, peer, peer->password); -+#endif /* HAVE_TCP_MD5 */ -+ - /* Bind socket. */ - bgp_bind (peer); - -@@ -287,6 +343,9 @@ int - bgp_socket (struct bgp *bgp, unsigned short port) - { - int ret, en; -+#ifdef IPV6_V6ONLY -+ int v6only = 1; -+#endif /* IPV6_V6ONLY */ - struct addrinfo req; - struct addrinfo *ainfo; - struct addrinfo *ainfo_save; -@@ -321,6 +380,11 @@ bgp_socket (struct bgp *bgp, unsigned sh - zlog_err ("socket: %s", safe_strerror (errno)); - continue; - } -+#ifdef IPV6_V6ONLY -+ ret = setsockopt(sock, IPPROTO_IPV6, IPV6_V6ONLY, (char *)&v6only, sizeof(v6only)); -+ if (ret < 0) -+ zlog_err ("setsockopt IPV6_V6ONLY: i%s", strerror (errno)); -+#endif /* IPV6_V6ONLY */ - - sockopt_reuseaddr (sock); - sockopt_reuseport (sock); -@@ -348,6 +412,11 @@ bgp_socket (struct bgp *bgp, unsigned sh - continue; - } - -+#ifdef HAVE_TCP_MD5 -+ if (ainfo->ai_family == AF_INET) -+ bm->sock = sock; -+#endif /* HAVE_TCP_MD5 */ -+ - thread_add_read (master, bgp_accept, bgp, sock); - } - while ((ainfo = ainfo->ai_next) != NULL); -@@ -408,6 +477,9 @@ bgp_socket (struct bgp *bgp, unsigned sh - close (sock); - return ret; - } -+#ifdef HAVE_TCP_MD5 -+ bm->sock = sock; -+#endif /* HAVE_TCP_MD5 */ - - thread_add_read (bm->master, bgp_accept, bgp, sock); - ---- bgpd/bgp_network.h (revision 832) -+++ bgpd/bgp_network.h (patch ht-20050110-0.98.0-bgp-md5 level 1) -@@ -18,6 +18,27 @@ along with GNU Zebra; see the file COPYI - Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA - 02111-1307, USA. */ - -+#if defined(HAVE_TCP_MD5) && defined(GNU_LINUX) -+/* setsockopt Number */ -+#define TCP_MD5_AUTH 13 -+ -+/* Commands (used in the structure passed from userland) */ -+#define TCP_MD5_AUTH_ADD 1 -+#define TCP_MD5_AUTH_DEL 2 -+ -+struct tcp_rfc2385_cmd { -+ u_int8_t command; /* Command - Add/Delete */ -+ u_int32_t address; /* IPV4 address associated */ -+ u_int8_t keylen; /* MD5 Key len (do NOT assume 0 terminated ascii) */ -+ void *key; /* MD5 Key */ -+}; -+#endif /* defined(HAVE_TCP_MD5) && defined(GNU_LINUX) */ -+ -+#ifdef HAVE_TCP_MD5 -+int bgp_md5_set (int sock, struct peer *, char *); -+int bgp_md5_unset (int sock, struct peer *, char *); -+#endif /* HAVE_TCP_MD5 */ -+ - int bgp_socket (struct bgp *, unsigned short); - int bgp_connect (struct peer *); - void bgp_getsockname (struct peer *); ---- bgpd/bgp_vty.c (revision 832) -+++ bgpd/bgp_vty.c (patch ht-20050110-0.98.0-bgp-md5 level 1) -@@ -1386,6 +1386,46 @@ ALIAS (no_neighbor_local_as, - "AS number used as local AS\n" - "Do not prepend local-as to updates from ebgp peers\n") - -+#ifdef HAVE_TCP_MD5 -+DEFUN (neighbor_password, -+ neighbor_password_cmd, -+ NEIGHBOR_CMD2 "password LINE", -+ NEIGHBOR_STR -+ NEIGHBOR_ADDR_STR2 -+ "Set a password\n" -+ "The password\n") -+{ -+ struct peer *peer; -+ int ret; -+ -+ peer = peer_and_group_lookup_vty (vty, argv[0]); -+ if (! peer) -+ return CMD_WARNING; -+ -+ ret = peer_password_set (peer, argv[1]); -+ return bgp_vty_return (vty, ret); -+} -+ -+DEFUN (no_neighbor_password, -+ no_neighbor_password_cmd, -+ NO_NEIGHBOR_CMD2 "password", -+ NO_STR -+ NEIGHBOR_STR -+ NEIGHBOR_ADDR_STR2 -+ "Set a password\n") -+{ -+ struct peer *peer; -+ int ret; -+ -+ peer = peer_and_group_lookup_vty (vty, argv[0]); -+ if (! peer) -+ return CMD_WARNING; -+ -+ ret = peer_password_unset (peer); -+ return bgp_vty_return (vty, ret); -+} -+#endif /* HAVE_TCP_MD5 */ -+ - DEFUN (neighbor_activate, - neighbor_activate_cmd, - NEIGHBOR_CMD2 "activate", -@@ -8531,6 +8571,12 @@ bgp_vty_init () - install_element (BGP_NODE, &no_neighbor_local_as_val_cmd); - install_element (BGP_NODE, &no_neighbor_local_as_val2_cmd); - -+#ifdef HAVE_TCP_MD5 -+ /* "neighbor password" commands. */ -+ install_element (BGP_NODE, &neighbor_password_cmd); -+ install_element (BGP_NODE, &no_neighbor_password_cmd); -+#endif /* HAVE_TCP_MD5 */ -+ - /* "neighbor activate" commands. */ - install_element (BGP_NODE, &neighbor_activate_cmd); - install_element (BGP_IPV4_NODE, &neighbor_activate_cmd); ---- bgpd/bgpd.c (revision 832) -+++ bgpd/bgpd.c (patch ht-20050110-0.98.0-bgp-md5 level 1) -@@ -707,6 +707,7 @@ peer_new () - peer->ostatus = Idle; - peer->version = BGP_VERSION_4; - peer->weight = 0; -+ peer->password = NULL; - - /* Set default flags. */ - for (afi = AFI_IP; afi < AFI_MAX; afi++) -@@ -1068,6 +1069,17 @@ peer_delete (struct peer *peer) - bgp_stop (peer); - bgp_fsm_change_status (peer, Idle); - -+#ifdef HAVE_TCP_MD5 -+ /* Password configuration */ -+ if (peer->password) -+ { -+ if (! CHECK_FLAG (peer->sflags, PEER_STATUS_GROUP) -+ && sockunion_family (&peer->su) == AF_INET) -+ bgp_md5_unset (bm->sock, peer, peer->password); -+ free (peer->password); -+ } -+#endif /* HAVE_TCP_MD5 */ -+ - /* Stop all timers. */ - BGP_TIMER_OFF (peer->t_start); - BGP_TIMER_OFF (peer->t_connect); -@@ -1293,6 +1305,26 @@ peer_group2peer_config_copy (struct peer - else - peer->v_routeadv = BGP_DEFAULT_EBGP_ROUTEADV; - -+#ifdef HAVE_TCP_MD5 -+ /* password apply */ -+ if (CHECK_FLAG (conf->flags, PEER_FLAG_PASSWORD)) -+ { -+ if (peer->password) -+ free (peer->password); -+ peer->password = strdup (conf->password); -+ -+ if (sockunion_family (&peer->su) == AF_INET) -+ bgp_md5_set (bm->sock, peer, peer->password); -+ } -+ else if (peer->password) -+ { -+ if (sockunion_family (&peer->su) == AF_INET) -+ bgp_md5_unset (bm->sock, peer, peer->password); -+ free (peer->password); -+ peer->password = NULL; -+ } -+#endif /* HAVE_TCP_MD5 */ -+ - /* maximum-prefix */ - peer->pmax[afi][safi] = conf->pmax[afi][safi]; - peer->pmax_threshold[afi][safi] = conf->pmax_threshold[afi][safi]; -@@ -3270,6 +3302,119 @@ peer_local_as_unset (struct peer *peer) - return 0; - } - -+#ifdef HAVE_TCP_MD5 -+/* Set password for authenticating with the peer. */ -+int -+peer_password_set (struct peer *peer, const char *password) -+{ -+ struct peer_group *group; -+ struct listnode *nn; -+ -+ if (peer->password && strcmp (peer->password, password) == 0 -+ && ! CHECK_FLAG (peer->sflags, PEER_STATUS_GROUP)) -+ return 0; -+ -+ SET_FLAG (peer->flags, PEER_FLAG_PASSWORD); -+ if (peer->password) -+ free (peer->password); -+ peer->password = strdup (password); -+ -+ if (! CHECK_FLAG (peer->sflags, PEER_STATUS_GROUP)) -+ { -+ if (peer->status == Established) -+ bgp_notify_send (peer, BGP_NOTIFY_CEASE, BGP_NOTIFY_CEASE_CONFIG_CHANGE); -+ else -+ BGP_EVENT_ADD (peer, BGP_Stop); -+ -+ if (sockunion_family (&peer->su) == AF_INET) -+ bgp_md5_set (bm->sock, peer, peer->password); -+ return 0; -+ } -+ -+ group = peer->group; -+ LIST_LOOP (group->peer, peer, nn) -+ { -+ if (peer->password && strcmp (peer->password, password) == 0) -+ continue; -+ -+ SET_FLAG (peer->flags, PEER_FLAG_PASSWORD); -+ if (peer->password) -+ free (peer->password); -+ peer->password = strdup (password); -+ -+ if (peer->status == Established) -+ bgp_notify_send (peer, BGP_NOTIFY_CEASE, BGP_NOTIFY_CEASE_CONFIG_CHANGE); -+ else -+ BGP_EVENT_ADD (peer, BGP_Stop); -+ -+ if (sockunion_family (&peer->su) == AF_INET) -+ bgp_md5_set (bm->sock, peer, peer->password); -+ } -+ -+ return 0; -+} -+ -+int -+peer_password_unset (struct peer *peer) -+{ -+ struct peer_group *group; -+ struct listnode *nn; -+ -+ if (! CHECK_FLAG (peer->flags, PEER_FLAG_PASSWORD) -+ && ! CHECK_FLAG (peer->sflags, PEER_STATUS_GROUP)) -+ return 0; -+ -+ if (! CHECK_FLAG (peer->sflags, PEER_STATUS_GROUP)) -+ { -+ if (peer_group_active (peer) -+ && CHECK_FLAG (peer->group->conf->flags, PEER_FLAG_PASSWORD)) -+ return BGP_ERR_PEER_GROUP_HAS_THE_FLAG; -+ -+ if (peer->status == Established) -+ bgp_notify_send (peer, BGP_NOTIFY_CEASE, BGP_NOTIFY_CEASE_CONFIG_CHANGE); -+ else -+ BGP_EVENT_ADD (peer, BGP_Stop); -+ -+ if (sockunion_family (&peer->su) == AF_INET) -+ bgp_md5_unset (bm->sock, peer, peer->password); -+ -+ UNSET_FLAG (peer->flags, PEER_FLAG_PASSWORD); -+ if (peer->password) -+ free (peer->password); -+ peer->password = NULL; -+ -+ return 0; -+ } -+ -+ UNSET_FLAG (peer->flags, PEER_FLAG_PASSWORD); -+ if (peer->password) -+ free (peer->password); -+ peer->password = NULL; -+ -+ group = peer->group; -+ LIST_LOOP (group->peer, peer, nn) -+ { -+ if (! CHECK_FLAG (peer->flags, PEER_FLAG_PASSWORD)) -+ continue; -+ -+ if (peer->status == Established) -+ bgp_notify_send (peer, BGP_NOTIFY_CEASE, BGP_NOTIFY_CEASE_CONFIG_CHANGE); -+ else -+ BGP_EVENT_ADD (peer, BGP_Stop); -+ -+ if (sockunion_family (&peer->su) == AF_INET) -+ bgp_md5_unset (bm->sock, peer, peer->password); -+ -+ UNSET_FLAG (peer->flags, PEER_FLAG_PASSWORD); -+ if (peer->password) -+ free (peer->password); -+ peer->password = NULL; -+ } -+ -+ return 0; -+} -+#endif /* HAVE_TCP_MD5 */ -+ - /* Set distribute list to the peer. */ - int - peer_distribute_set (struct peer *peer, afi_t afi, safi_t safi, int direct, -@@ -4286,6 +4431,16 @@ bgp_config_write_peer (struct vty *vty, - ! CHECK_FLAG (g_peer->flags, PEER_FLAG_SHUTDOWN)) - vty_out (vty, " neighbor %s shutdown%s", addr, VTY_NEWLINE); - -+#ifdef HAVE_TCP_MD5 -+ /* Password. */ -+ if (CHECK_FLAG (peer->flags, PEER_FLAG_PASSWORD)) -+ if (! peer_group_active (peer) -+ || ! CHECK_FLAG (g_peer->flags, PEER_FLAG_PASSWORD) -+ || strcmp (peer->password, g_peer->password) != 0) -+ vty_out (vty, " neighbor %s password %s%s", addr, peer->password, -+ VTY_NEWLINE); -+#endif /* HAVE_TCP_MD5 */ -+ - /* BGP port. */ - if (peer->port != BGP_PORT_DEFAULT) - vty_out (vty, " neighbor %s port %d%s", addr, peer->port, -@@ -4817,6 +4972,9 @@ bgp_master_init () - bm->port = BGP_PORT_DEFAULT; - bm->master = thread_master_create (); - bm->start_time = time (NULL); -+#ifdef HAVE_TCP_MD5 -+ bm->sock = -1; -+#endif /* HAVE_TCP_MD5 */ - } - - void ---- bgpd/bgpd.h (revision 832) -+++ bgpd/bgpd.h (patch ht-20050110-0.98.0-bgp-md5 level 1) -@@ -45,6 +45,11 @@ struct bgp_master - #define BGP_OPT_NO_FIB (1 << 0) - #define BGP_OPT_MULTIPLE_INSTANCE (1 << 1) - #define BGP_OPT_CONFIG_CISCO (1 << 2) -+ -+#ifdef HAVE_TCP_MD5 -+ /* bgp receive socket */ -+ int sock; -+#endif /* HAVE_TCP_MD5 */ - }; - - /* BGP instance structure. */ -@@ -335,6 +340,7 @@ struct peer - #define PEER_FLAG_DYNAMIC_CAPABILITY (1 << 6) /* dynamic capability */ - #define PEER_FLAG_ENFORCE_MULTIHOP (1 << 7) /* enforce-multihop */ - #define PEER_FLAG_LOCAL_AS_NO_PREPEND (1 << 8) /* local-as no-prepend */ -+#define PEER_FLAG_PASSWORD (1 << 9) /* password */ - - /* Per AF configuration flags. */ - u_int32_t af_flags[AFI_MAX][SAFI_MAX]; -@@ -356,6 +362,9 @@ struct peer - #define PEER_FLAG_MAX_PREFIX_WARNING (1 << 15) /* maximum prefix warning-only */ - #define PEER_FLAG_NEXTHOP_LOCAL_UNCHANGED (1 << 16) /* leave link-local nexthop unchanged */ - -+ /* MD5 password */ -+ char *password; -+ - /* default-originate route-map. */ - struct - { -@@ -895,5 +904,10 @@ int peer_unsuppress_map_unset (struct pe - int peer_maximum_prefix_set (struct peer *, afi_t, safi_t, u_int32_t, u_char, int); - int peer_maximum_prefix_unset (struct peer *, afi_t, safi_t); - -+#ifdef HAVE_TCP_MD5 -+int peer_password_set (struct peer *, const char *); -+int peer_password_unset (struct peer *); -+#endif /* HAVE_TCP_MD5 */ -+ - int peer_clear (struct peer *); - int peer_clear_soft (struct peer *, afi_t, safi_t, enum bgp_clear_type); ---- configure.ac (revision 832) -+++ configure.ac (patch ht-20050110-0.98.0-bgp-md5 level 1) -@@ -153,6 +153,8 @@ AC_ARG_ENABLE(irdp, - [ --enable-irdp enable IRDP server support in zebra]) - AC_ARG_ENABLE(capabilities, - [ --disable-capabilities disable using POSIX capabilities]) -+AC_ARG_ENABLE(tcp-md5, -+[ --enable-tcp-md5 enable TCP MD5 Signature Option (RFC2385)]) - AC_ARG_ENABLE(gcc_ultra_verbose, - [ --enable-gcc-ultra-verbose enable ultra verbose GCC warnings]) - AC_ARG_ENABLE(gcc-rdynamic, -@@ -192,6 +194,11 @@ if test "${enable_ospf_te}" = "yes"; the - AC_DEFINE(HAVE_OSPF_TE,,OSPF TE) - fi - -+if test "${enable_tcp_md5}" = "yes"; then -+ AC_DEFINE(HAVE_TCP_MD5,,Linux TCP MD5 Signature Option) -+fi -+ -+ - AC_MSG_CHECKING(if zebra should be configurable to send Route Advertisements) - if test "${enable_rtadv}" != "no"; then - AC_MSG_RESULT(yes) |