version bump

(Portage version: 2.0.51.19)

7 files changed, 893 insertions, 11 deletions

diff --git a/net-misc/quagga/ChangeLog b/net-misc/quagga/ChangeLog
index cbcbe513ecf2..f34a5d9edf98 100644
--- a/net-misc/quagga/ChangeLog
+++ b/net-misc/quagga/ChangeLog
@@ -2,7 +2,16 @@
 # Copyright 1999-2005 Gentoo Foundation
 # Copyright 2003-2004 DataCore GmbH
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/net-misc/quagga/ChangeLog,v 1.15 2005/06/12 16:35:50 mrness Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-misc/quagga/ChangeLog,v 1.16 2005/06/15 19:45:45 mrness Exp $
+
+*quagga-0.98.3 (15 Jun 2005)
+
+  15 Jun 2005; Alin Nastac <mrness@gentoo.org>
+  +files/patches-0.98.3/amir-connected-route.patch,
+  +files/patches-0.98.3/ht-20040304-classless-bgp.patch,
+  +files/patches-0.98.3/ht-20050110-0.98.0-bgp-md5.patch,
+  +quagga-0.98.3.ebuild:
+  Version bump.
 
   12 Jun 2005; Alin Nastac <mrness@gentoo.org>
   -files/patches-0.96.4/opaque-ready.patch,
diff --git a/net-misc/quagga/Manifest b/net-misc/quagga/Manifest
index 6c3abf069884..d8913b07019d 100644
--- a/net-misc/quagga/Manifest
+++ b/net-misc/quagga/Manifest
@@ -1,11 +1,10 @@
------BEGIN PGP SIGNED MESSAGE-----
-Hash: SHA1
-
+MD5 c56ce0ef1f07e2a6461c0fade7c745e9 quagga-0.98.3.ebuild 4499
 MD5 c35722fdaa8d7d50841908e146faf847 quagga-0.98.2.ebuild 4496
 MD5 00ecb0dbc660c35c45e7be7229731de8 ChangeLog 6673
 MD5 f0c8f9afaf3bbefcea71ff3b6fa139c4 metadata.xml 1389
 MD5 9516803db922d13a126a5315a0a27956 quagga-0.96.5-r1.ebuild 3959
 MD5 1a1df9fb95d48001187e1f56dc4ff5e5 files/digest-quagga-0.98.2 66
+MD5 ab93cbbeeed343892eea7f9b79217a8b files/digest-quagga-0.98.3 66
 MD5 9056b8bd752a672787eacb129ee47535 files/digest-quagga-0.96.5-r1 142
 MD5 18c1046db57ea850aabd385058522cc4 files/quagga.env 25
 MD5 7d8952055d69c80a4212194aac85c283 files/quagga.pam 1199
@@ -18,10 +17,6 @@ MD5 2c6f6b3a64eedf1362a56fd6b3ca9c1b files/init/ripngd 885
 MD5 7da4097332468741416e156a2e5d35e4 files/patches-0.98.2/amir-connected-route.patch 6336
 MD5 6c9cdbdc237bb8d24dfd26504059464b files/patches-0.98.2/ht-20050110-0.98.0-bgp-md5.patch 14570
 MD5 e70bf25e2ca5f76efb2c5704234ccc1f files/patches-0.98.2/ht-20040304-classless-bgp.patch 1581
------BEGIN PGP SIGNATURE-----
-Version: GnuPG v1.4.1 (GNU/Linux)
-
-iD8DBQFCrGR+jiC39V7gKu0RAjysAJ9KIckNDF+wMHxFRWSLdeytZyCSWgCfcZmB
-9nd3gTAPEP1rln0PNFHXpT4=
-=uErB
------END PGP SIGNATURE-----
+MD5 a5a7f270b8ccff05a27e0fa943a0aaf5 files/patches-0.98.3/amir-connected-route.patch 6091
+MD5 6c9cdbdc237bb8d24dfd26504059464b files/patches-0.98.3/ht-20050110-0.98.0-bgp-md5.patch 14570
+MD5 e70bf25e2ca5f76efb2c5704234ccc1f files/patches-0.98.3/ht-20040304-classless-bgp.patch 1581
diff --git a/net-misc/quagga/files/digest-quagga-0.98.3 b/net-misc/quagga/files/digest-quagga-0.98.3
new file mode 100644
index 000000000000..cc7f58890ba8
--- /dev/null
+++ b/net-misc/quagga/files/digest-quagga-0.98.3
@@ -0,0 +1 @@
+MD5 68be5e911e4d604c0f5959338263356e quagga-0.98.3.tar.gz 2118348
diff --git a/net-misc/quagga/files/patches-0.98.3/amir-connected-route.patch b/net-misc/quagga/files/patches-0.98.3/amir-connected-route.patch
new file mode 100644
index 000000000000..40b660624050
--- /dev/null
+++ b/net-misc/quagga/files/patches-0.98.3/amir-connected-route.patch
@@ -0,0 +1,222 @@
+diff -Nur quagga-0.98.3.orig/zebra/connected.c quagga-0.98.3/zebra/connected.c
+--- quagga-0.98.3.orig/zebra/connected.c	2005-03-12 20:54:45.000000000 +0200
++++ quagga-0.98.3/zebra/connected.c	2005-06-15 08:33:06.012693968 +0300
+@@ -29,6 +29,7 @@
+ #include "rib.h"
+ #include "table.h"
+ #include "log.h"
++#include "rt.h"
+ 
+ #include "zebra/zserv.h"
+ #include "zebra/redistribute.h"
+@@ -85,6 +86,8 @@
+   rib_add_ipv4 (ZEBRA_ROUTE_CONNECT, 0, &p, NULL, ifp->ifindex, 0, 0, 0);
+ 
+   rib_update ();
++
++  kernel_connected_up(ifc);
+ }
+ 
+ /* Add connected IPv4 route to the interface. */
+@@ -221,6 +224,8 @@
+   rib_delete_ipv4 (ZEBRA_ROUTE_CONNECT, 0, &p, NULL, ifp->ifindex, 0);
+ 
+   rib_update ();
++
++  kernel_connected_down(ifc);
+ }
+ 
+ /* Delete connected IPv4 route to the interface. */
+@@ -314,6 +319,8 @@
+   rib_add_ipv6 (ZEBRA_ROUTE_CONNECT, 0, &p, NULL, ifp->ifindex, 0);
+ 
+   rib_update ();
++
++  kernel_connected_up(ifc);
+ }
+ 
+ /* Add connected IPv6 route to the interface. */
+@@ -403,6 +410,8 @@
+   rib_delete_ipv6 (ZEBRA_ROUTE_CONNECT, 0, &p, NULL, ifp->ifindex, 0);
+ 
+   rib_update ();
++
++  kernel_connected_down(ifc);
+ }
+ 
+ void
+diff -Nur quagga-0.98.3.orig/zebra/rt.h quagga-0.98.3/zebra/rt.h
+--- quagga-0.98.3.orig/zebra/rt.h	2002-12-13 22:15:30.000000000 +0200
++++ quagga-0.98.3/zebra/rt.h	2005-06-15 08:33:06.012693968 +0300
+@@ -29,6 +29,9 @@
+ int kernel_address_add_ipv4 (struct interface *, struct connected *);
+ int kernel_address_delete_ipv4 (struct interface *, struct connected *);
+ 
++int kernel_connected_up (struct connected *ifc);
++int kernel_connected_down (struct connected *ifc);
++
+ #ifdef HAVE_IPV6
+ int kernel_add_ipv6 (struct prefix *, struct rib *);
+ int kernel_delete_ipv6 (struct prefix *, struct rib *);
+diff -Nur quagga-0.98.3.orig/zebra/rt_ioctl.c quagga-0.98.3/zebra/rt_ioctl.c
+--- quagga-0.98.3.orig/zebra/rt_ioctl.c	2004-12-07 23:12:56.000000000 +0200
++++ quagga-0.98.3/zebra/rt_ioctl.c	2005-06-15 08:33:06.013693816 +0300
+@@ -44,6 +44,20 @@
+   return;
+ }
+ 
++/* Dummy function */
++int
++kernel_connected_up (struct connected *ifc)
++{
++  return 0;
++}
++
++/* Dummy function */
++int
++kernel_connected_down (struct connected *ifc)
++{
++  return 0;
++}
++
+ #if 0
+ /* Initialization prototype of struct sockaddr_in. */
+ static struct sockaddr_in sin_proto =
+diff -Nur quagga-0.98.3.orig/zebra/rt_netlink.c quagga-0.98.3/zebra/rt_netlink.c
+--- quagga-0.98.3.orig/zebra/rt_netlink.c	2005-03-31 23:26:59.000000000 +0300
++++ quagga-0.98.3/zebra/rt_netlink.c	2005-06-15 08:33:06.014693664 +0300
+@@ -1341,6 +1341,112 @@
+   return 0;
+ }
+ 
++/* Routing table change for connected route via netlink interface. */
++int
++netlink_routeconnected (int cmd, struct connected *ifc)
++{
++  int ret;
++  int bytelen;
++  struct sockaddr_nl snl;
++  u_char bufnet[BUFSIZ];
++  u_char bufaddr[BUFSIZ];
++  u_char bufsrc[BUFSIZ];
++
++  int cmds[] = { RTM_NEWROUTE, RTM_DELROUTE };
++
++  struct prefix *p = ifc->address;
++  int family = ifc->address->family;
++  int table = RT_TABLE_MAIN;
++  int index = ifc->ifp->ifindex;
++
++  struct prefix dest;
++  struct prefix src;
++  int length = p->prefixlen; 
++
++  struct
++  {
++    struct nlmsghdr n;
++    struct rtmsg r;
++    char buf[1024];
++  } req;
++
++  if (! (index && p))
++    return -1;  
++
++#ifdef HAVE_IPV6
++  if ((family == AF_INET6) && (IN6_IS_ADDR_LINKLOCAL(&p->u.prefix6)))
++    return -1;
++#endif /* HAVE_IPV6 */
++
++  memset (&dest, 0, sizeof dest);
++  memset (&req, 0, sizeof req);
++  memset (&src, 0, sizeof(struct prefix));
++
++  /* Copy prefix */
++  prefix_copy (&src, p);
++  prefix2str(&src, bufsrc, sizeof (bufaddr));
++
++  prefix_copy (&dest, p);
++  prefix2str(&dest, bufaddr, sizeof (bufaddr));
++
++  /* Make it sure prefixlen is applied to the prefix. */
++  apply_mask (&dest);
++  prefix2str(&dest, bufnet, sizeof (bufnet));
++
++  bytelen = (family == AF_INET ? 4 : 16);
++
++  req.n.nlmsg_len = NLMSG_LENGTH (sizeof (struct rtmsg));
++  req.n.nlmsg_flags = NLM_F_CREATE | NLM_F_REQUEST;
++  req.n.nlmsg_type = cmds[cmd];
++  req.r.rtm_family = family;
++  req.r.rtm_table = table;
++  req.r.rtm_dst_len = length;
++  req.r.rtm_src_len = IPV4_MAX_BITLEN;
++
++  req.r.rtm_protocol = RTPROT_KERNEL;
++  req.r.rtm_scope = RT_SCOPE_LINK;
++  req.r.rtm_type = RTN_UNICAST;
++
++  addattr_l (&req.n, sizeof req, RTA_DST, &dest.u.prefix, bytelen);
++  addattr_l (&req.n, sizeof req, RTA_PREFSRC, &src.u.prefix, bytelen);
++
++  if (index > 0)
++    addattr32 (&req.n, sizeof req, RTA_OIF, index);
++
++  /* Destination netlink address. */
++  memset (&snl, 0, sizeof snl);
++  snl.nl_family = AF_NETLINK;
++
++  if (! cmd)
++    zlog_warn ("netlink_routeconnected: connected route for if %s (%s) for net %s src %s in fib", ifc->ifp->name, bufaddr, bufnet, bufsrc);
++  else
++    zlog_warn ("netlink_routeconnected: connected route for if %s (%s) for net %s src %s in fib", ifc->ifp->name, bufaddr, bufnet, bufsrc);
++
++  /* Talk to netlink socket. */
++  ret = netlink_talk (&req.n, &netlink);
++  if (ret < 0)
++    return -1;
++
++  if (! cmd)
++    zlog_warn ("netlink_routeconnected: ACK: connected route for if %s (%s) for net %s src %s in fib", ifc->ifp->name, bufaddr, bufnet, bufsrc);
++  else
++    zlog_warn ("netlink_routeconnected: ACK: connected route for if %s (%s) for net %s src %s in fib", ifc->ifp->name, bufaddr, bufnet, bufsrc);
++
++  return 0;
++}
++
++int
++kernel_connected_up (struct connected *ifc)
++{
++  return netlink_routeconnected (0, ifc);
++}
++
++int
++kernel_connected_down (struct connected *ifc)
++{
++  return netlink_routeconnected (1, ifc);
++}
++
+ /* Routing table change via netlink interface. */
+ int
+ netlink_route_multipath (int cmd, struct prefix *p, struct rib *rib,
+diff -Nur quagga-0.98.3.orig/zebra/rt_socket.c quagga-0.98.3/zebra/rt_socket.c
+--- quagga-0.98.3.orig/zebra/rt_socket.c	2004-12-07 23:12:56.000000000 +0200
++++ quagga-0.98.3/zebra/rt_socket.c	2005-06-15 08:33:06.015693512 +0300
+@@ -480,4 +480,18 @@
+ 
+   return route;
+ }
++
++/* Dummy function */
++int
++kernel_connected_up (struct connected *ifc)
++{
++  return 0;
++}
++
++/* Dummy function */
++int
++kernel_connected_down (struct connected *ifc)
++{
++  return 0;
++}
+ #endif /* HAVE_IPV6 */
diff --git a/net-misc/quagga/files/patches-0.98.3/ht-20040304-classless-bgp.patch b/net-misc/quagga/files/patches-0.98.3/ht-20040304-classless-bgp.patch
new file mode 100644
index 000000000000..978dfa3dcdfa
--- /dev/null
+++ b/net-misc/quagga/files/patches-0.98.3/ht-20040304-classless-bgp.patch
@@ -0,0 +1,43 @@
+Index: bgpd/bgp_route.c
+===================================================================
+RCS file: /var/cvsroot/quagga/bgpd/bgp_route.c,v
+retrieving revision 1.10
+diff -u -3 -p -r1.10 bgp_route.c
+--- bgpd/bgp_route.c	17 Feb 2004 19:45:10 -0000	1.10
++++ bgpd/bgp_route.c	4 Mar 2004 19:44:42 -0000
+@@ -3710,16 +3710,7 @@ route_vty_out_route (struct prefix *p, s
+     {
+       len = vty_out (vty, "%s", inet_ntop (p->family, &p->u.prefix, buf, BUFSIZ));
+       destination = ntohl (p->u.prefix4.s_addr);
+-
+-      if ((IN_CLASSC (destination) && p->prefixlen == 24)
+-	  || (IN_CLASSB (destination) && p->prefixlen == 16)
+-	  || (IN_CLASSA (destination) && p->prefixlen == 8)
+-	  || p->u.prefix4.s_addr == 0)
+-	{
+-	  /* When mask is natural, mask is not displayed. */
+-	}
+-      else
+-	len += vty_out (vty, "/%d", p->prefixlen);
++      len += vty_out (vty, "/%d", p->prefixlen);
+     }
+   else
+     len = vty_out (vty, "%s/%d", inet_ntop (p->family, &p->u.prefix, buf, BUFSIZ),
+@@ -8931,16 +8922,7 @@ bgp_config_write_network (struct vty *vt
+ 	    masklen2ip (p->prefixlen, &netmask);
+ 	    vty_out (vty, " network %s",
+ 		     inet_ntop (p->family, &p->u.prefix, buf, SU_ADDRSTRLEN));
+-
+-	    if ((IN_CLASSC (destination) && p->prefixlen == 24)
+-		|| (IN_CLASSB (destination) && p->prefixlen == 16)
+-		|| (IN_CLASSA (destination) && p->prefixlen == 8)
+-		|| p->u.prefix4.s_addr == 0)
+-	      {
+-		/* Natural mask is not display. */
+-	      }
+-	    else
+-	      vty_out (vty, " mask %s", inet_ntoa (netmask));
++	    vty_out (vty, " mask %s", inet_ntoa (netmask));
+ 	  }
+ 	else
+ 	  {
diff --git a/net-misc/quagga/files/patches-0.98.3/ht-20050110-0.98.0-bgp-md5.patch b/net-misc/quagga/files/patches-0.98.3/ht-20050110-0.98.0-bgp-md5.patch
new file mode 100644
index 000000000000..933304df7897
--- /dev/null
+++ b/net-misc/quagga/files/patches-0.98.3/ht-20050110-0.98.0-bgp-md5.patch
@@ -0,0 +1,481 @@
+==== Patch <ht-20050110-0.98.0-bgp-md5> level 1
+Source: [No source]
+Target: 53eccb64-3fed-0310-a953-aee945e670f6:/quagga/working-copy:832 [local]
+Log:
+Patch updated to the Quagga version 0.98.0.
+--- bgpd/bgp_network.c  (revision 832)
++++ bgpd/bgp_network.c  (patch ht-20050110-0.98.0-bgp-md5 level 1)
+@@ -38,6 +38,56 @@ Software Foundation, Inc., 59 Temple Pla
+ extern struct zebra_privs_t bgpd_privs;
+ 
+ 
++#if defined(HAVE_TCP_MD5) && defined(GNU_LINUX)
++/* Set MD5 key to the socket.  */
++int
++bgp_md5_set (int sock, struct peer *peer, char *password)
++{
++  int ret;
++  struct tcp_rfc2385_cmd cmd;
++  struct in_addr *addr = &peer->su.sin.sin_addr;
++
++  cmd.command = TCP_MD5_AUTH_ADD;
++  cmd.address = addr->s_addr;
++  cmd.keylen = strlen (password);
++  cmd.key = password;
++
++  if ( bgpd_privs.change (ZPRIVS_RAISE) )
++    zlog_err ("bgp_md5_set: could not raise privs");
++
++  ret = setsockopt (sock, IPPROTO_TCP, TCP_MD5_AUTH, &cmd, sizeof cmd);
++
++  if (bgpd_privs.change (ZPRIVS_LOWER) )
++    zlog_err ("bgp_md5_set: could not lower privs");
++
++  return ret;
++}
++
++/* Unset MD5 key from the socket.  */
++int
++bgp_md5_unset (int sock, struct peer *peer, char *password)
++{
++  int ret;
++  struct tcp_rfc2385_cmd cmd;
++  struct in_addr *addr = &peer->su.sin.sin_addr;
++
++  cmd.command = TCP_MD5_AUTH_DEL;
++  cmd.address = addr->s_addr;
++  cmd.keylen = strlen (password);
++  cmd.key = password;
++
++  if ( bgpd_privs.change (ZPRIVS_RAISE) )
++    zlog_err ("bgp_md5_unset: could not raise privs");
++
++  ret = setsockopt (sock, IPPROTO_TCP, TCP_MD5_AUTH, &cmd, sizeof cmd);
++
++  if (bgpd_privs.change (ZPRIVS_LOWER) )
++    zlog_err ("bgp_md5_unset: could not lower privs");
++
++  return ret;
++}
++#endif /* defined(HAVE_TCP_MD5) && defined(GNU_LINUX) */
++
+ /* Accept bgp connection. */
+ static int
+ bgp_accept (struct thread *thread)
+@@ -240,6 +290,12 @@ bgp_connect (struct peer *peer)
+   sockopt_reuseaddr (peer->fd);
+   sockopt_reuseport (peer->fd);
+ 
++#ifdef HAVE_TCP_MD5
++  if (CHECK_FLAG (peer->flags, PEER_FLAG_PASSWORD))
++    if (sockunion_family (&peer->su) == AF_INET)
++      bgp_md5_set (peer->fd, peer, peer->password);
++#endif /* HAVE_TCP_MD5 */
++
+   /* Bind socket. */
+   bgp_bind (peer);
+ 
+@@ -287,6 +343,9 @@ int
+ bgp_socket (struct bgp *bgp, unsigned short port)
+ {
+   int ret, en;
++#ifdef IPV6_V6ONLY
++  int v6only = 1;
++#endif /* IPV6_V6ONLY */
+   struct addrinfo req;
+   struct addrinfo *ainfo;
+   struct addrinfo *ainfo_save;
+@@ -321,6 +380,11 @@ bgp_socket (struct bgp *bgp, unsigned sh
+ 	  zlog_err ("socket: %s", safe_strerror (errno));
+ 	  continue;
+ 	}
++#ifdef IPV6_V6ONLY
++      ret = setsockopt(sock, IPPROTO_IPV6, IPV6_V6ONLY, (char *)&v6only, sizeof(v6only));
++      if (ret < 0)
++	  zlog_err ("setsockopt IPV6_V6ONLY: i%s", strerror (errno));
++#endif /* IPV6_V6ONLY */
+ 
+       sockopt_reuseaddr (sock);
+       sockopt_reuseport (sock);
+@@ -348,6 +412,11 @@ bgp_socket (struct bgp *bgp, unsigned sh
+ 	  continue;
+ 	}
+ 
++#ifdef HAVE_TCP_MD5
++      if (ainfo->ai_family == AF_INET)
++	bm->sock = sock;
++#endif /* HAVE_TCP_MD5 */
++
+       thread_add_read (master, bgp_accept, bgp, sock);
+     }
+   while ((ainfo = ainfo->ai_next) != NULL);
+@@ -408,6 +477,9 @@ bgp_socket (struct bgp *bgp, unsigned sh
+       close (sock);
+       return ret;
+     }
++#ifdef HAVE_TCP_MD5
++  bm->sock = sock;
++#endif /* HAVE_TCP_MD5 */
+ 
+   thread_add_read (bm->master, bgp_accept, bgp, sock);
+ 
+--- bgpd/bgp_network.h  (revision 832)
++++ bgpd/bgp_network.h  (patch ht-20050110-0.98.0-bgp-md5 level 1)
+@@ -18,6 +18,27 @@ along with GNU Zebra; see the file COPYI
+ Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
+ 02111-1307, USA.  */
+ 
++#if defined(HAVE_TCP_MD5) && defined(GNU_LINUX)
++/* setsockopt Number */
++#define TCP_MD5_AUTH 13
++
++/* Commands (used in the structure passed from userland) */
++#define TCP_MD5_AUTH_ADD 1
++#define TCP_MD5_AUTH_DEL 2
++
++struct tcp_rfc2385_cmd {
++  u_int8_t     command;    /* Command - Add/Delete */
++  u_int32_t    address;    /* IPV4 address associated */
++  u_int8_t     keylen;     /* MD5 Key len (do NOT assume 0 terminated ascii) */
++  void         *key;       /* MD5 Key */
++};
++#endif /* defined(HAVE_TCP_MD5) && defined(GNU_LINUX) */
++
++#ifdef HAVE_TCP_MD5
++int bgp_md5_set (int sock, struct peer *, char *);
++int bgp_md5_unset (int sock, struct peer *, char *);
++#endif /* HAVE_TCP_MD5 */
++
+ int bgp_socket (struct bgp *, unsigned short);
+ int bgp_connect (struct peer *);
+ void bgp_getsockname (struct peer *);
+--- bgpd/bgp_vty.c  (revision 832)
++++ bgpd/bgp_vty.c  (patch ht-20050110-0.98.0-bgp-md5 level 1)
+@@ -1386,6 +1386,46 @@ ALIAS (no_neighbor_local_as,
+        "AS number used as local AS\n"
+        "Do not prepend local-as to updates from ebgp peers\n")
+ 
++#ifdef HAVE_TCP_MD5
++DEFUN (neighbor_password,
++       neighbor_password_cmd,
++       NEIGHBOR_CMD2 "password LINE",
++       NEIGHBOR_STR
++       NEIGHBOR_ADDR_STR2
++       "Set a password\n"
++       "The password\n")
++{
++  struct peer *peer;
++  int ret;
++
++  peer = peer_and_group_lookup_vty (vty, argv[0]);
++  if (! peer)
++    return CMD_WARNING;
++
++  ret = peer_password_set (peer, argv[1]);
++  return bgp_vty_return (vty, ret);
++}
++
++DEFUN (no_neighbor_password,
++       no_neighbor_password_cmd,
++       NO_NEIGHBOR_CMD2 "password",
++       NO_STR
++       NEIGHBOR_STR
++       NEIGHBOR_ADDR_STR2
++       "Set a password\n")
++{
++  struct peer *peer;
++  int ret;
++
++  peer = peer_and_group_lookup_vty (vty, argv[0]);
++  if (! peer)
++    return CMD_WARNING;
++
++  ret = peer_password_unset (peer);
++  return bgp_vty_return (vty, ret);
++}
++#endif /* HAVE_TCP_MD5 */
++
+ DEFUN (neighbor_activate,
+        neighbor_activate_cmd,
+        NEIGHBOR_CMD2 "activate",
+@@ -8531,6 +8571,12 @@ bgp_vty_init ()
+   install_element (BGP_NODE, &no_neighbor_local_as_val_cmd);
+   install_element (BGP_NODE, &no_neighbor_local_as_val2_cmd);
+ 
++#ifdef HAVE_TCP_MD5
++  /* "neighbor password" commands. */
++  install_element (BGP_NODE, &neighbor_password_cmd);
++  install_element (BGP_NODE, &no_neighbor_password_cmd);
++#endif /* HAVE_TCP_MD5 */
++
+   /* "neighbor activate" commands. */
+   install_element (BGP_NODE, &neighbor_activate_cmd);
+   install_element (BGP_IPV4_NODE, &neighbor_activate_cmd);
+--- bgpd/bgpd.c  (revision 832)
++++ bgpd/bgpd.c  (patch ht-20050110-0.98.0-bgp-md5 level 1)
+@@ -707,6 +707,7 @@ peer_new ()
+   peer->ostatus = Idle;
+   peer->version = BGP_VERSION_4;
+   peer->weight = 0;
++  peer->password = NULL;
+ 
+   /* Set default flags.  */
+   for (afi = AFI_IP; afi < AFI_MAX; afi++)
+@@ -1068,6 +1069,17 @@ peer_delete (struct peer *peer)
+   bgp_stop (peer);
+   bgp_fsm_change_status (peer, Idle);
+ 
++#ifdef HAVE_TCP_MD5
++  /* Password configuration */
++  if (peer->password)
++    {
++      if (! CHECK_FLAG (peer->sflags, PEER_STATUS_GROUP)
++          && sockunion_family (&peer->su) == AF_INET)
++	bgp_md5_unset (bm->sock, peer, peer->password);
++      free (peer->password);
++    }
++#endif /* HAVE_TCP_MD5 */
++
+   /* Stop all timers. */
+   BGP_TIMER_OFF (peer->t_start);
+   BGP_TIMER_OFF (peer->t_connect);
+@@ -1293,6 +1305,26 @@ peer_group2peer_config_copy (struct peer
+   else
+     peer->v_routeadv = BGP_DEFAULT_EBGP_ROUTEADV;
+ 
++#ifdef HAVE_TCP_MD5
++  /* password apply */
++  if (CHECK_FLAG (conf->flags, PEER_FLAG_PASSWORD))
++    {
++      if (peer->password)
++	free (peer->password);
++      peer->password = strdup (conf->password);
++
++      if (sockunion_family (&peer->su) == AF_INET)
++	bgp_md5_set (bm->sock, peer, peer->password);
++    }
++  else if (peer->password)
++    {
++      if (sockunion_family (&peer->su) == AF_INET)
++        bgp_md5_unset (bm->sock, peer, peer->password);
++      free (peer->password);
++      peer->password = NULL;
++    }
++#endif /* HAVE_TCP_MD5 */
++
+   /* maximum-prefix */
+   peer->pmax[afi][safi] = conf->pmax[afi][safi];
+   peer->pmax_threshold[afi][safi] = conf->pmax_threshold[afi][safi];
+@@ -3270,6 +3302,119 @@ peer_local_as_unset (struct peer *peer)
+   return 0;
+ }
+ 
++#ifdef HAVE_TCP_MD5
++/* Set password for authenticating with the peer. */
++int
++peer_password_set (struct peer *peer, const char *password)
++{
++  struct peer_group *group;
++  struct listnode *nn;
++
++  if (peer->password && strcmp (peer->password, password) == 0
++      && ! CHECK_FLAG (peer->sflags, PEER_STATUS_GROUP))
++	return 0;
++
++  SET_FLAG (peer->flags, PEER_FLAG_PASSWORD);
++  if (peer->password)
++    free (peer->password);
++  peer->password = strdup (password);
++
++  if (! CHECK_FLAG (peer->sflags, PEER_STATUS_GROUP))
++    {
++      if (peer->status == Established)
++          bgp_notify_send (peer, BGP_NOTIFY_CEASE, BGP_NOTIFY_CEASE_CONFIG_CHANGE);
++      else
++        BGP_EVENT_ADD (peer, BGP_Stop);
++
++      if (sockunion_family (&peer->su) == AF_INET)
++	bgp_md5_set (bm->sock, peer, peer->password);
++      return 0;
++    }
++
++  group = peer->group;
++  LIST_LOOP (group->peer, peer, nn)
++    {
++      if (peer->password && strcmp (peer->password, password) == 0)
++	continue;
++
++      SET_FLAG (peer->flags, PEER_FLAG_PASSWORD);
++      if (peer->password)
++        free (peer->password);
++      peer->password = strdup (password);
++
++      if (peer->status == Established)
++        bgp_notify_send (peer, BGP_NOTIFY_CEASE, BGP_NOTIFY_CEASE_CONFIG_CHANGE);
++      else
++        BGP_EVENT_ADD (peer, BGP_Stop);
++
++      if (sockunion_family (&peer->su) == AF_INET)
++	bgp_md5_set (bm->sock, peer, peer->password);
++    }
++
++  return 0;
++}
++
++int
++peer_password_unset (struct peer *peer)
++{
++  struct peer_group *group;
++  struct listnode *nn;
++
++  if (! CHECK_FLAG (peer->flags, PEER_FLAG_PASSWORD)
++      && ! CHECK_FLAG (peer->sflags, PEER_STATUS_GROUP))
++    return 0;
++
++  if (! CHECK_FLAG (peer->sflags, PEER_STATUS_GROUP))
++    {
++      if (peer_group_active (peer)
++	  && CHECK_FLAG (peer->group->conf->flags, PEER_FLAG_PASSWORD))
++	return BGP_ERR_PEER_GROUP_HAS_THE_FLAG;
++
++      if (peer->status == Established)
++        bgp_notify_send (peer, BGP_NOTIFY_CEASE, BGP_NOTIFY_CEASE_CONFIG_CHANGE);
++      else
++        BGP_EVENT_ADD (peer, BGP_Stop);
++
++      if (sockunion_family (&peer->su) == AF_INET)
++	bgp_md5_unset (bm->sock, peer, peer->password);
++
++      UNSET_FLAG (peer->flags, PEER_FLAG_PASSWORD);
++      if (peer->password)
++	free (peer->password);
++      peer->password = NULL;
++
++      return 0;
++    }
++
++  UNSET_FLAG (peer->flags, PEER_FLAG_PASSWORD);
++  if (peer->password)
++    free (peer->password);
++  peer->password = NULL;
++
++  group = peer->group;
++  LIST_LOOP (group->peer, peer, nn)
++    {
++      if (! CHECK_FLAG (peer->flags, PEER_FLAG_PASSWORD))
++	continue;
++
++      if (peer->status == Established)
++        bgp_notify_send (peer, BGP_NOTIFY_CEASE, BGP_NOTIFY_CEASE_CONFIG_CHANGE);
++      else
++        BGP_EVENT_ADD (peer, BGP_Stop);
++
++      if (sockunion_family (&peer->su) == AF_INET)
++	bgp_md5_unset (bm->sock, peer, peer->password);
++
++      UNSET_FLAG (peer->flags, PEER_FLAG_PASSWORD);
++      if (peer->password)
++        free (peer->password);
++      peer->password = NULL;
++    }
++
++  return 0;
++}
++#endif /* HAVE_TCP_MD5 */
++
+ /* Set distribute list to the peer. */
+ int
+ peer_distribute_set (struct peer *peer, afi_t afi, safi_t safi, int direct, 
+@@ -4286,6 +4431,16 @@ bgp_config_write_peer (struct vty *vty, 
+ 	    ! CHECK_FLAG (g_peer->flags, PEER_FLAG_SHUTDOWN))
+ 	  vty_out (vty, " neighbor %s shutdown%s", addr, VTY_NEWLINE);
+ 
++#ifdef HAVE_TCP_MD5
++      /* Password. */
++      if (CHECK_FLAG (peer->flags, PEER_FLAG_PASSWORD))
++	if (! peer_group_active (peer)
++	    || ! CHECK_FLAG (g_peer->flags, PEER_FLAG_PASSWORD)
++	    || strcmp (peer->password, g_peer->password) != 0)
++	  vty_out (vty, " neighbor %s password %s%s", addr, peer->password,
++		   VTY_NEWLINE);
++#endif /* HAVE_TCP_MD5 */
++
+       /* BGP port. */
+       if (peer->port != BGP_PORT_DEFAULT)
+ 	vty_out (vty, " neighbor %s port %d%s", addr, peer->port, 
+@@ -4817,6 +4972,9 @@ bgp_master_init ()
+   bm->port = BGP_PORT_DEFAULT;
+   bm->master = thread_master_create ();
+   bm->start_time = time (NULL);
++#ifdef HAVE_TCP_MD5
++  bm->sock = -1;
++#endif /* HAVE_TCP_MD5 */
+ }
+ 
+ void
+--- bgpd/bgpd.h  (revision 832)
++++ bgpd/bgpd.h  (patch ht-20050110-0.98.0-bgp-md5 level 1)
+@@ -45,6 +45,11 @@ struct bgp_master
+ #define BGP_OPT_NO_FIB                   (1 << 0)
+ #define BGP_OPT_MULTIPLE_INSTANCE        (1 << 1)
+ #define BGP_OPT_CONFIG_CISCO             (1 << 2)
++
++#ifdef HAVE_TCP_MD5
++  /* bgp receive socket */
++  int sock;
++#endif /* HAVE_TCP_MD5 */
+ };
+ 
+ /* BGP instance structure.  */
+@@ -335,6 +340,7 @@ struct peer
+ #define PEER_FLAG_DYNAMIC_CAPABILITY        (1 << 6) /* dynamic capability */
+ #define PEER_FLAG_ENFORCE_MULTIHOP          (1 << 7) /* enforce-multihop */
+ #define PEER_FLAG_LOCAL_AS_NO_PREPEND       (1 << 8) /* local-as no-prepend */
++#define PEER_FLAG_PASSWORD                  (1 << 9) /* password */
+ 
+   /* Per AF configuration flags. */
+   u_int32_t af_flags[AFI_MAX][SAFI_MAX];
+@@ -356,6 +362,9 @@ struct peer
+ #define PEER_FLAG_MAX_PREFIX_WARNING        (1 << 15) /* maximum prefix warning-only */
+ #define PEER_FLAG_NEXTHOP_LOCAL_UNCHANGED   (1 << 16) /* leave link-local nexthop unchanged */ 
+ 
++  /* MD5 password */
++  char *password;
++
+   /* default-originate route-map.  */
+   struct
+   {
+@@ -895,5 +904,10 @@ int peer_unsuppress_map_unset (struct pe
+ int peer_maximum_prefix_set (struct peer *, afi_t, safi_t, u_int32_t, u_char, int);
+ int peer_maximum_prefix_unset (struct peer *, afi_t, safi_t);
+ 
++#ifdef HAVE_TCP_MD5
++int peer_password_set (struct peer *, const char *);
++int peer_password_unset (struct peer *);
++#endif /* HAVE_TCP_MD5 */
++
+ int peer_clear (struct peer *);
+ int peer_clear_soft (struct peer *, afi_t, safi_t, enum bgp_clear_type);
+--- configure.ac  (revision 832)
++++ configure.ac  (patch ht-20050110-0.98.0-bgp-md5 level 1)
+@@ -153,6 +153,8 @@ AC_ARG_ENABLE(irdp,
+ [  --enable-irdp                 enable IRDP server support in zebra])
+ AC_ARG_ENABLE(capabilities,
+ [  --disable-capabilities        disable using POSIX capabilities])
++AC_ARG_ENABLE(tcp-md5,
++[  --enable-tcp-md5  enable TCP MD5 Signature Option (RFC2385)])
+ AC_ARG_ENABLE(gcc_ultra_verbose,
+ [  --enable-gcc-ultra-verbose    enable ultra verbose GCC warnings])
+ AC_ARG_ENABLE(gcc-rdynamic,
+@@ -192,6 +194,11 @@ if test "${enable_ospf_te}" = "yes"; the
+   AC_DEFINE(HAVE_OSPF_TE,,OSPF TE)
+ fi
+ 
++if test "${enable_tcp_md5}" = "yes"; then
++  AC_DEFINE(HAVE_TCP_MD5,,Linux TCP MD5 Signature Option)
++fi
++
++
+ AC_MSG_CHECKING(if zebra should be configurable to send Route Advertisements)
+ if test "${enable_rtadv}" != "no"; then
+   AC_MSG_RESULT(yes)
diff --git a/net-misc/quagga/quagga-0.98.3.ebuild b/net-misc/quagga/quagga-0.98.3.ebuild
new file mode 100644
index 000000000000..7b6c9142f316
--- /dev/null
+++ b/net-misc/quagga/quagga-0.98.3.ebuild
@@ -0,0 +1,131 @@
+# Copyright 1999-2005 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-misc/quagga/quagga-0.98.3.ebuild,v 1.1 2005/06/15 19:45:45 mrness Exp $
+
+inherit eutils
+
+DESCRIPTION="A free routing daemon replacing Zebra supporting RIP, OSPF and BGP. Includes OSPFAPI, NET-SNMP and IPV6 support."
+HOMEPAGE="http://quagga.net/"
+SRC_URI="http://www.quagga.net/download/${P}.tar.gz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~ppc ~sparc ~x86"
+IUSE="ipv6 snmp pam tcpmd5 bgpclassless ospfapi"
+
+RDEPEND="!net-misc/zebra
+	sys-apps/iproute2
+	sys-libs/libcap
+	snmp? ( net-analyzer/net-snmp )
+	pam? ( sys-libs/pam )"
+DEPEND="${RDEPEND}
+	virtual/libc
+	sys-devel/binutils"
+
+# TCP MD5 for BGP patch for Linux (RFC 2385) 
+MD5_PATCH="ht-20050110-0.98.0-bgp-md5.patch"
+# http://hasso.linux.ee/quagga/ht-20050110-0.98.0-bgp-md5.patch
+
+# Classless prefixes for BGP
+CLASSLESS_PATCH="ht-20040304-classless-bgp.patch"
+# http://hasso.linux.ee/quagga/pending-patches/ht-20040304-classless-bgp.patch
+
+# Connected route fix (Amir)
+CONNECTED_PATCH="amir-connected-route.patch"
+# http://voidptr.sboost.org/quagga/amir-connected-route.patch.bz2
+
+[ -z "${QUAGGA_USER_NAME}" ] && QUAGGA_USER_NAME="quagga"
+[ -z "${QUAGGA_USER_UID}" ] && QUAGGA_USER_UID="-1"
+[ -z "${QUAGGA_GROUP_NAME}" ] && QUAGGA_GROUP_NAME="quagga"
+#[ -z "${QUAGGA_GROUP_GID}" ] && QUAGGA_GROUP_GID=""
+[ -z "${QUAGGA_VTYGROUP}" ] && QUAGGA_VTYGROUP="quagga"
+[ -z "${QUAGGA_USER_SH}" ] && QUAGGA_USER_SH="/bin/false"
+[ -z "${QUAGGA_USER_HOMEDIR}" ] && QUAGGA_USER_HOMEDIR=/var/empty
+[ -z "${QUAGGA_USER_GROUPS}" ] && QUAGGA_USER_GROUPS=${QUAGGA_GROUP_NAME}
+[ -z "${QUAGGA_STATEDIR}" ] && QUAGGA_STATEDIR=/var/run/quagga
+
+pkg_preinst() {
+	enewgroup ${QUAGGA_GROUP_NAME} ${QUAGGA_GROUP_GID}
+	enewuser ${QUAGGA_USER_NAME} ${QUAGGA_USER_UID} ${QUAGGA_USER_SH} ${QUAGGA_USER_HOMEDIR} ${QUAGGA_USER_GROUPS}
+}
+
+src_unpack() {
+	unpack ${A} || die "failed to unpack sources"
+
+	cd ${S} || die "source dir not found"
+	use tcpmd5 && epatch ${FILESDIR}/patches-${PV}/${MD5_PATCH}
+	use bgpclassless && epatch ${FILESDIR}/patches-${PV}/${CLASSLESS_PATCH}
+	# non-upstream connected route patch
+	epatch ${FILESDIR}/patches-${PV}/${CONNECTED_PATCH}
+}
+
+src_compile() {
+	# regenerate configure and co if we touch .ac or .am files
+	#export WANT_AUTOMAKE=1.7
+	#./update-autotools || die
+	autoreconf
+	libtoolize --copy --force
+
+	local myconf="--disable-static --enable-dynamic"
+
+	use ipv6 \
+			&& myconf="${myconf} --enable-ipv6 --enable-ripng --enable-ospf6d --enable-rtadv" \
+			|| myconf="${myconf} --disable-ipv6 --disable-ripngd --disable-ospf6d"
+	use ospfapi \
+			&& myconf="${myconf} --enable-opaque-lsa --enable-ospf-te --enable-ospfclient"
+	use snmp && myconf="${myconf} --enable-snmp"
+	use pam && myconf="${myconf} --with-libpam"
+	use tcpmd5 && myconf="${myconf} --enable-tcp-md5"
+
+	econf \
+		--enable-tcp-zebra \
+		--enable-nssa \
+		--enable-user=${QUAGGA_USER_NAME} \
+		--enable-group=${QUAGGA_GROUP_NAME} \
+		--enable-vty-group=${QUAGGA_VTYGROUP} \
+		--with-cflags="${CFLAGS}" \
+		--enable-vtysh \
+		--sysconfdir=/etc/quagga \
+		--enable-exampledir=/etc/quagga/samples \
+		--localstatedir=${QUAGGA_STATEDIR} \
+		--libdir=/usr/lib/quagga \
+		${myconf} \
+		|| die "configure failed"
+	emake || die "make failed"
+}
+
+src_install() {
+	einstall \
+		localstatedir=${D}/${QUAGGA_STATEDIR} \
+		sysconfdir=${D}/etc/quagga \
+		exampledir=${D}/etc/quagga/samples \
+		libdir=${D}/usr/lib/quagga || die "make install failed"
+
+	keepdir /var/run/quagga || die
+
+	exeinto /etc/init.d
+	newexe ${FILESDIR}/init/zebra zebra && \
+		newexe ${FILESDIR}/init/ripd ripd && \
+		newexe ${FILESDIR}/init/ospfd ospfd && \
+		( ! use ipv6 || newexe ${FILESDIR}/init/ripngd ripngd ) && \
+		( ! use ipv6 || newexe ${FILESDIR}/init/ospf6d ospf6d ) && \
+		newexe ${FILESDIR}/init/bgpd bgpd || die "failed to install init scripts"
+
+	if use pam; then
+		insinto /etc/pam.d
+		newins ${FILESDIR}/quagga.pam quagga
+	fi
+
+	newenvd ${FILESDIR}/quagga.env 99quagga
+}
+
+pkg_postinst() {
+	# empty dir for pid files for the new priv separation auth
+	#set proper owner/group/perms even if dir already existed
+	install -d -m0770 -o root -g ${QUAGGA_GROUP_NAME} ${ROOT}/etc/quagga
+	install -d -m0755 -o ${QUAGGA_USER_NAME} -g ${QUAGGA_GROUP_NAME} ${ROOT}/var/run/quagga
+
+	einfo "Sample configuration files can be found in /etc/quagga/sample."
+	einfo "You have to create config files in /etc/quagga before"
+	einfo "starting one of the daemons."
+}