Index | Thread | Search

From:
Theo Buehler <tb@theobuehler.org>
Subject:
Re: bgpd: fixup pfkey handling a bit more
To:
tech@openbsd.org
Date:
Tue, 1 Oct 2024 17:40:45 +0200

Download raw body.

Thread 
On Tue, Oct 01, 2024 at 05:36:59PM +0200, Claudio Jeker wrote:
> Noticed while fixing up -portable.
> 
> In control we need to export auth_conf.method (and use that in bgpctl)
> since auth_state.method is never touched in the SE.
> 
> In pfkey fix a typo
> 
> In session.c copy over the auth_conf from the new peer into the old peer
> in merge_peer. Does not matter as much on OpenBSD but Linux really needs
> this.

All makes sense.

ok tb

> 
> -- 
> :wq Claudio
> 
> Index: control.c
> ===================================================================
> RCS file: /cvs/src/usr.sbin/bgpd/control.c,v
> diff -u -p -r1.119 control.c
> --- control.c	1 Oct 2024 11:49:24 -0000	1.119
> +++ control.c	1 Oct 2024 15:01:09 -0000
> @@ -557,6 +557,7 @@ control_imsg_relay(struct imsg *imsg, st
>  		}
>  		peer = *p;
>  		explicit_bzero(&peer.auth_conf, sizeof(peer.auth_conf));
> +		peer.auth_conf.method = p->auth_conf.method;
>  		peer.stats.prefix_cnt = stats.prefix_cnt;
>  		peer.stats.prefix_out_cnt = stats.prefix_out_cnt;
>  		peer.stats.prefix_rcvd_update = stats.prefix_rcvd_update;
> Index: pfkey.c
> ===================================================================
> RCS file: /cvs/src/usr.sbin/bgpd/pfkey.c,v
> diff -u -p -r1.69 pfkey.c
> --- pfkey.c	1 Oct 2024 11:49:24 -0000	1.69
> +++ pfkey.c	1 Oct 2024 15:12:14 -0000
> @@ -838,7 +838,7 @@ pfkey_recv_conf(struct peer *p, struct i
>  	return imsg_get_data(imsg, &auth->method, sizeof(auth->method));
>  }
>  
> -/* verify that connection is using TCP MD5UM if required by config */
> +/* verify that connection is using TCP MD5SIG if required by config */
>  int
>  tcp_md5_check(int fd, struct auth_config *auth)
>  {
> Index: session.c
> ===================================================================
> RCS file: /cvs/src/usr.sbin/bgpd/session.c,v
> diff -u -p -r1.483 session.c
> --- session.c	1 Oct 2024 11:49:24 -0000	1.483
> +++ session.c	1 Oct 2024 14:57:05 -0000
> @@ -3682,6 +3682,7 @@ merge_peers(struct bgpd_config *c, struc
>  			tcp_md5_add_listener(c, np);
>  
>  		memcpy(&p->conf, &np->conf, sizeof(p->conf));
> +		memcpy(&p->auth_conf, &np->auth_conf, sizeof(p->auth_conf));
>  		RB_REMOVE(peer_head, &nc->peers, np);
>  		free(np);
>  
>