From 88dfdab0ac97e4718e0fb1e60b54eae8587dcb03 Mon Sep 17 00:00:00 2001 From: sem Date: Wed, 29 Apr 2009 18:21:54 +0000 Subject: - Remove FreeBSD specific patches for BGP MD5 support. A native support should be better now. Submitted by: maintainer --- net/quagga/Makefile | 29 +--- .../files/extra-tcpmd5-patch-bgpd-bgp_network.c | 42 ------ net/quagga/files/extra-tcpmd5-patch-bgpd-bgp_vty.c | 47 ------ net/quagga/files/extra-tcpmd5-patch-bgpd-bgpd.c | 163 --------------------- net/quagga/files/extra-tcpmd5-patch-bgpd-bgpd.h | 12 -- net/quagga/files/extra-tcpmd5-patch-lib-sockopt.c | 106 -------------- net/quagga/files/extra-tcpmd5-patch-lib-sockopt.h | 20 --- .../files/extra-tcpmd5-patch-vtysh-extract.pl.in | 11 -- 8 files changed, 8 insertions(+), 422 deletions(-) delete mode 100644 net/quagga/files/extra-tcpmd5-patch-bgpd-bgp_network.c delete mode 100644 net/quagga/files/extra-tcpmd5-patch-bgpd-bgp_vty.c delete mode 100644 net/quagga/files/extra-tcpmd5-patch-bgpd-bgpd.c delete mode 100644 net/quagga/files/extra-tcpmd5-patch-bgpd-bgpd.h delete mode 100644 net/quagga/files/extra-tcpmd5-patch-lib-sockopt.c delete mode 100644 net/quagga/files/extra-tcpmd5-patch-lib-sockopt.h delete mode 100644 net/quagga/files/extra-tcpmd5-patch-vtysh-extract.pl.in (limited to 'net') diff --git a/net/quagga/Makefile b/net/quagga/Makefile index 661639579093..7d6ff9a7f665 100644 --- a/net/quagga/Makefile +++ b/net/quagga/Makefile @@ -7,7 +7,7 @@ PORTNAME= quagga PORTVERSION= 0.99.11 -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= net ipv6 MASTER_SITES= http://quagga.net/download/ \ http://www.ru.quagga.net/download/ \ @@ -39,11 +39,17 @@ OPTIONS= ISISD "Enable experimental ISIS daemon" off \ RTADV "IPv6 Router Advertisements" off \ SNMP "SNMP support" off \ TCPSOCKETS "Use TCP/IP sockets for protocol daemons" off \ - TCPMD5 "Use experimental MD5 patch for BGP" off \ DLMALLOC "Use dlmalloc (makes bgpd much faster)" off .include +<<<<<<< Makefile +.if ${OSVERSION} >= 800059 +#BROKEN= does not build +.endif + +======= +>>>>>>> 1.80 CONFIGURE_ARGS+=--includedir=${PREFIX}/include --enable-exampledir=${PREFIX}/share/examples/quagga --enable-pidfile-mask=0644 CONFIGURE_ENV+= CFLAGS="${CFLAGS} -I${LOCALBASE}/include" \ LDFLAGS="${LDFLAGS} -L${LOCALBASE}/lib" \ @@ -116,11 +122,6 @@ LIB_DEPENDS+=netsnmp:${PORTSDIR}/net-mgmt/net-snmp CONFIGURE_ARGS+=--enable-tcp-zebra .endif -.if defined(WITH_TCPMD5) -EXTRA_PATCHES+=${PATCHDIR}/extra-tcpmd5-patch-bgpd-bgp_network.c ${PATCHDIR}/extra-tcpmd5-patch-bgpd-bgp_vty.c ${PATCHDIR}/extra-tcpmd5-patch-bgpd-bgpd.c ${PATCHDIR}/extra-tcpmd5-patch-bgpd-bgpd.h ${PATCHDIR}/extra-tcpmd5-patch-lib-sockopt.c ${PATCHDIR}/extra-tcpmd5-patch-lib-sockopt.h ${PATCHDIR}/extra-tcpmd5-patch-vtysh-extract.pl.in -CFLAGS+= -DQUAGGA_TCP_MD5SIG -.endif - .if defined(WITH_DLMALLOC) LIB_DEPENDS+=dlmalloc.2:${PORTSDIR}/devel/libdlmalloc LDFLAGS+=-ldlmalloc @@ -157,7 +158,6 @@ pre-everything:: @${ECHO} " WITH_RTADV IPv6 Router Advertisements" @${ECHO} " WITH_SNMP SNMP support" @${ECHO} " WITH_TCPSOCKETS Use TCP/IP sockets for protocol daemons" - @${ECHO} " WITH_TCPMD5 Use experimental MD5 patch for BGP" @${ECHO} " WITH_DLMALLOC Use dlmalloc (makes bgpd much faster)" post-install: @@ -183,19 +183,6 @@ post-install: @${ECHO} " if You had never do this before. Or run" @${ECHO} " make changeuser" @${ECHO} "" -.if defined(WITH_TCPMD5) && !defined(WITHOUT_TCPMD5) - @${ECHO} "Note!!! To use MD5 passwords on BGP sessions, your kernel must" - @${ECHO} "be built with the following options:" - @${ECHO} " options TCP_SIGNATURE" -.if ${OSVERSION} < 700000 - @${ECHO} " options FAST_IPSEC" -.else - @${ECHO} " options IPSEC" -.endif - @${ECHO} " device crypto" - @${ECHO} " device cryptodev" - @${ECHO} "" -.endif .if !defined(BATCH) post-clean: diff --git a/net/quagga/files/extra-tcpmd5-patch-bgpd-bgp_network.c b/net/quagga/files/extra-tcpmd5-patch-bgpd-bgp_network.c deleted file mode 100644 index 3d46b383bb02..000000000000 --- a/net/quagga/files/extra-tcpmd5-patch-bgpd-bgp_network.c +++ /dev/null @@ -1,42 +0,0 @@ ---- bgpd/bgp_network.c.orig Wed Dec 8 12:41:23 2004 -+++ bgpd/bgp_network.c Fri Jan 28 17:52:57 2005 -@@ -35,6 +35,10 @@ - #include "bgpd/bgp_debug.h" - #include "bgpd/bgp_network.h" - -+#ifndef TCP_SIG_SPI_BASE -+#define TCP_SIG_SPI_BASE 1000 /* XXX this will go away */ -+#endif -+ - extern struct zebra_privs_t bgpd_privs; - - -@@ -148,6 +152,15 @@ - return ret; - } - #endif /* SO_BINDTODEVICE */ -+ -+#ifdef QUAGGA_TCP_MD5SIG -+ if (CHECK_FLAG (peer->flags, PEER_FLAG_TCP_SIGNATURE)) -+ sockopt_tcp_signature (peer->su.sa.sa_family, peer->fd, -+ TCP_SIG_SPI_BASE + peer->port); -+ else -+ sockopt_tcp_signature (peer->su.sa.sa_family, peer->fd, 0); -+#endif /* QUAGGA_TCP_MD5SIG */ -+ - return 0; - } - -@@ -250,6 +263,12 @@ - if (peer->ifname) - ifindex = if_nametoindex (peer->ifname); - #endif /* HAVE_IPV6 */ -+ -+#ifdef QUAGGA_TCP_MD5SIG -+ if (CHECK_FLAG (peer->flags, PEER_FLAG_TCP_SIGNATURE)) -+ sockopt_tcp_signature (peer->su.sa.sa_family, peer->fd, -+ TCP_SIG_SPI_BASE + peer->port); -+#endif /* QUAGGA_TCP_MD5SIG */ - - if (BGP_DEBUG (events, EVENTS)) - plog_debug (peer->log, "%s [Event] Connect start to %s fd %d", diff --git a/net/quagga/files/extra-tcpmd5-patch-bgpd-bgp_vty.c b/net/quagga/files/extra-tcpmd5-patch-bgpd-bgp_vty.c deleted file mode 100644 index e1a3fc79d005..000000000000 --- a/net/quagga/files/extra-tcpmd5-patch-bgpd-bgp_vty.c +++ /dev/null @@ -1,47 +0,0 @@ ---- bgpd/bgp_vty.c.orig 2008-09-11 09:46:49.000000000 +0400 -+++ bgpd/bgp_vty.c 2008-12-15 19:53:51.000000000 +0300 -@@ -1482,13 +1482,13 @@ - "AS number used as local AS\n" - "Do not prepend local-as to updates from ebgp peers\n") - -+#ifdef QUAGGA_TCP_MD5SIG - DEFUN (neighbor_password, - neighbor_password_cmd, -- NEIGHBOR_CMD2 "password LINE", -+ NEIGHBOR_CMD2 "password WORD", - NEIGHBOR_STR - NEIGHBOR_ADDR_STR2 -- "Set a password\n" -- "The password\n") -+ "Specify a password for TCPMD5 authentication with this peer\n") - { - struct peer *peer; - int ret; -@@ -1507,7 +1507,7 @@ - NO_STR - NEIGHBOR_STR - NEIGHBOR_ADDR_STR2 -- "Set a password\n") -+ "Disable TCPMD5 authentication with this peer\n") - { - struct peer *peer; - int ret; -@@ -1519,6 +1519,7 @@ - ret = peer_password_unset (peer); - return bgp_vty_return (vty, ret); - } -+#endif /* QUAGGA_TCP_MD5SIG */ - - DEFUN (neighbor_activate, - neighbor_activate_cmd, -@@ -8942,6 +8943,10 @@ - install_element (BGP_NODE, &neighbor_password_cmd); - install_element (BGP_NODE, &no_neighbor_password_cmd); - -+ /* "neighbor password" commands. */ -+ install_element (BGP_NODE, &neighbor_password_cmd); -+ install_element (BGP_NODE, &no_neighbor_password_cmd); -+ - /* "neighbor activate" commands. */ - install_element (BGP_NODE, &neighbor_activate_cmd); - install_element (BGP_IPV4_NODE, &neighbor_activate_cmd); diff --git a/net/quagga/files/extra-tcpmd5-patch-bgpd-bgpd.c b/net/quagga/files/extra-tcpmd5-patch-bgpd-bgpd.c deleted file mode 100644 index aa7cf30d93e9..000000000000 --- a/net/quagga/files/extra-tcpmd5-patch-bgpd-bgpd.c +++ /dev/null @@ -1,163 +0,0 @@ ---- bgpd/bgpd.c.orig 2008-09-11 09:46:49.000000000 +0400 -+++ bgpd/bgpd.c 2008-12-15 19:48:53.000000000 +0300 -@@ -60,6 +60,9 @@ - #ifdef HAVE_SNMP - #include "bgpd/bgp_snmp.h" - #endif /* HAVE_SNMP */ -+#ifndef TCP_SIG_SPI_BASE -+#define TCP_SIG_SPI_BASE 1000 /* XXX this will go away */ -+#endif - - /* BGP process wide configuration. */ - static struct bgp_master bgp_master; -@@ -3402,110 +3405,55 @@ - return 0; - } - -+ -+#ifdef QUAGGA_TCP_MD5SIG - /* Set password for authenticating with the peer. */ - int - peer_password_set (struct peer *peer, const char *password) - { -- struct listnode *nn, *nnode; -- int len = password ? strlen(password) : 0; -- int ret = BGP_SUCCESS; -+ struct bgp *bgp = peer->bgp; -+ int len; -+ -+ len = strlen(password); - - if ((len < PEER_PASSWORD_MINLEN) || (len > PEER_PASSWORD_MAXLEN)) - return BGP_ERR_INVALID_VALUE; - -- if (peer->password && strcmp (peer->password, password) == 0 -- && ! CHECK_FLAG (peer->sflags, PEER_STATUS_GROUP)) -- return 0; -+ memcpy(peer->password, password, len); - -- if (peer->password) -- XFREE (MTYPE_PEER_PASSWORD, peer->password); -- -- peer->password = XSTRDUP (MTYPE_PEER_PASSWORD, password); -- -- if (! CHECK_FLAG (peer->sflags, PEER_STATUS_GROUP)) -- { -- if (peer->status == Established) -- bgp_notify_send (peer, BGP_NOTIFY_CEASE, BGP_NOTIFY_CEASE_CONFIG_CHANGE); -- else -- BGP_EVENT_ADD (peer, BGP_Stop); -- -- return (bgp_md5_set (peer) >= 0) ? BGP_SUCCESS : BGP_ERR_TCPSIG_FAILED; -- } -+ /* -+ * XXX Need to do PF_KEY operation here to add an SA entry, -+ * and add an SP entry for this peer's packet flows also. -+ */ - -- for (ALL_LIST_ELEMENTS (peer->group->peer, nn, nnode, peer)) -- { -- if (peer->password && strcmp (peer->password, password) == 0) -- continue; -- -- if (peer->password) -- XFREE (MTYPE_PEER_PASSWORD, peer->password); -- -- peer->password = XSTRDUP(MTYPE_PEER_PASSWORD, password); -+ SET_FLAG (peer->flags, PEER_FLAG_TCP_SIGNATURE); - -- if (peer->status == Established) -- bgp_notify_send (peer, BGP_NOTIFY_CEASE, BGP_NOTIFY_CEASE_CONFIG_CHANGE); -- else -- BGP_EVENT_ADD (peer, BGP_Stop); -- -- if (bgp_md5_set (peer) < 0) -- ret = BGP_ERR_TCPSIG_FAILED; -- } -+ if (peer->fd >= 0) -+ sockopt_tcp_signature (peer->su.sa.sa_family, peer->fd, TCP_SIG_SPI_BASE + -+ peer->port); - -- return ret; -+ return 0; - } - - int - peer_password_unset (struct peer *peer) - { -- struct listnode *nn, *nnode; -- -- if (!peer->password -- && !CHECK_FLAG (peer->sflags, PEER_STATUS_GROUP)) -- return 0; -- -- if (!CHECK_FLAG (peer->sflags, PEER_STATUS_GROUP)) -- { -- if (peer_group_active (peer) -- && peer->group->conf->password -- && strcmp (peer->group->conf->password, peer->password) == 0) -- return BGP_ERR_PEER_GROUP_HAS_THE_FLAG; -- -- if (peer->status == Established) -- bgp_notify_send (peer, BGP_NOTIFY_CEASE, BGP_NOTIFY_CEASE_CONFIG_CHANGE); -- else -- BGP_EVENT_ADD (peer, BGP_Stop); -- -- if (peer->password) -- XFREE (MTYPE_PEER_PASSWORD, peer->password); -- -- peer->password = NULL; -- -- bgp_md5_set (peer); -- -- return 0; -- } -- -- XFREE (MTYPE_PEER_PASSWORD, peer->password); -- peer->password = NULL; -+ struct bgp *bgp = peer->bgp; - -- for (ALL_LIST_ELEMENTS (peer->group->peer, nn, nnode, peer)) -- { -- if (!peer->password) -- continue; -+ UNSET_FLAG (peer->flags, PEER_FLAG_TCP_SIGNATURE); -+ /* Paranoia. */ -+ memset(peer->password, 0, sizeof(peer->password)); - -- if (peer->status == Established) -- bgp_notify_send (peer, BGP_NOTIFY_CEASE, BGP_NOTIFY_CEASE_CONFIG_CHANGE); -- else -- BGP_EVENT_ADD (peer, BGP_Stop); -- -- XFREE (MTYPE_PEER_PASSWORD, peer->password); -- peer->password = NULL; -+ if (peer->fd >= 0) -+ sockopt_tcp_signature (peer->su.sa.sa_family, peer->fd, 0); - -- bgp_md5_set (peer); -- } -+ /* -+ * XXX Need to do PF_KEY operation here to remove the SA and SP. -+ */ - - return 0; - } -+#endif /* QUAGGA_TCP_MD5SIG */ - - /* Set distribute list to the peer. */ - int -@@ -4538,6 +4486,13 @@ - vty_out (vty, " neighbor %s description %s%s", addr, peer->desc, - VTY_NEWLINE); - -+#ifdef QUAGGA_TCP_MD5SIG -+ /* tcp-md5 session password. XXX the password should be obfuscated */ -+ if (CHECK_FLAG (peer->flags, PEER_FLAG_TCP_SIGNATURE)) -+ vty_out (vty, " neighbor %s password %s%s", addr, peer->password, -+ VTY_NEWLINE); -+#endif /* QUAGGA_TCP_MD5SIG */ -+ - /* Shutdown. */ - if (CHECK_FLAG (peer->flags, PEER_FLAG_SHUTDOWN)) - if (! peer_group_active (peer) || diff --git a/net/quagga/files/extra-tcpmd5-patch-bgpd-bgpd.h b/net/quagga/files/extra-tcpmd5-patch-bgpd-bgpd.h deleted file mode 100644 index fe1ae5e02860..000000000000 --- a/net/quagga/files/extra-tcpmd5-patch-bgpd-bgpd.h +++ /dev/null @@ -1,12 +0,0 @@ ---- bgpd/bgpd.h.orig Wed Jan 11 03:10:10 2006 -+++ bgpd/bgpd.h Mon Jan 30 08:52:06 2006 -@@ -347,6 +347,9 @@ - #define PEER_FLAG_DYNAMIC_CAPABILITY (1 << 5) /* dynamic capability */ - #define PEER_FLAG_DISABLE_CONNECTED_CHECK (1 << 6) /* disable-connected-check */ - #define PEER_FLAG_LOCAL_AS_NO_PREPEND (1 << 7) /* local-as no-prepend */ -+#ifdef QUAGGA_TCP_MD5SIG -+#define PEER_FLAG_TCP_SIGNATURE (1 << 9) /* use TCP-MD5 digest */ -+#endif /* QUAGGA_TCP_MD5SIG */ - - /* NSF mode (graceful restart) */ - u_char nsf[AFI_MAX][SAFI_MAX]; diff --git a/net/quagga/files/extra-tcpmd5-patch-lib-sockopt.c b/net/quagga/files/extra-tcpmd5-patch-lib-sockopt.c deleted file mode 100644 index dbfd07223ec8..000000000000 --- a/net/quagga/files/extra-tcpmd5-patch-lib-sockopt.c +++ /dev/null @@ -1,106 +0,0 @@ ---- lib/sockopt.c.orig 2008-09-05 18:27:26.000000000 +0400 -+++ lib/sockopt.c 2008-12-15 19:36:40.000000000 +0300 -@@ -319,6 +319,32 @@ - - } - -+int -+sockopt_tcp_signature (int family, int sock, int enable) -+{ -+ int ret; -+ -+#if defined(QUAGGA_TCP_MD5SIG) && defined(TCP_MD5SIG) -+ if (family == AF_INET) -+ { -+ ret = setsockopt (sock, IPPROTO_TCP, TCP_MD5SIG, -+ (void *) &enable, sizeof (int)); -+ if (ret < 0) -+ { -+ zlog (NULL, LOG_WARNING, "can't set sockopt TCP_MD5SIG %d to socket %d", enable, sock); -+ return -1; -+ } -+ return 0; -+ } -+#endif /* QUAGGA_TCP_MD5SIG */ -+ -+ /* fallthrough */ -+ -+ zlog (NULL, LOG_WARNING, "can't set sockopt TCP_MD5SIG on socket %d with family %d", -+ sock, family); -+ return -1; -+} -+ - static int - setsockopt_ipv4_ifindex (int sock, int val) - { -@@ -494,70 +520,3 @@ - - iph->ip_id = ntohs(iph->ip_id); - } -- --int --sockopt_tcp_signature (int sock, union sockunion *su, const char *password) --{ --#if HAVE_DECL_TCP_MD5SIG -- int ret; --#ifndef GNU_LINUX -- /* -- * XXX Need to do PF_KEY operation here to add/remove an SA entry, -- * and add/remove an SP entry for this peer's packet flows also. -- */ -- int md5sig = password && *password ? 1 : 0; --#else -- int keylen = password ? strlen (password) : 0; -- struct tcp_md5sig md5sig; -- union sockunion *su2, *susock; -- -- /* Figure out whether the socket and the sockunion are the same family.. -- * adding AF_INET to AF_INET6 needs to be v4 mapped, you'd think.. -- */ -- if (!(susock = sockunion_getsockname (sock))) -- return -1; -- -- if (susock->sa.sa_family == su->sa.sa_family) -- su2 = su; -- else -- { -- /* oops.. */ -- su2 = susock; -- -- if (su2->sa.sa_family == AF_INET) -- { -- sockunion_free (susock); -- return -1; -- }; -- -- /* If this does not work, then all users of this sockopt will need to -- * differentiate between IPv4 and IPv6, and keep seperate sockets for -- * each. -- * -- * Sadly, it doesn't seem to work at present. It's unknown whether -- * this is a bug or not. -- */ -- if (su2->sa.sa_family == AF_INET6 -- && su->sa.sa_family == AF_INET) -- { -- su2->sin6.sin6_family = AF_INET6; -- /* V4Map the address */ -- memset (&su2->sin6.sin6_addr, 0, sizeof (struct in6_addr)); -- su2->sin6.sin6_addr.s6_addr32[2] = htonl(0xffff); -- memcpy (&su2->sin6.sin6_addr.s6_addr32[3], &su->sin.sin_addr, 4); -- } -- } -- -- memset (&md5sig, 0, sizeof (md5sig)); -- memcpy (&md5sig.tcpm_addr, su2, sizeof (*su2)); -- md5sig.tcpm_keylen = keylen; -- if (keylen) -- memcpy (md5sig.tcpm_key, password, keylen); -- sockunion_free (susock); --#endif /* GNU_LINUX */ -- ret = setsockopt (sock, IPPROTO_TCP, TCP_MD5SIG, &md5sig, sizeof md5sig); -- return ret; --#else /* HAVE_TCP_MD5SIG */ -- return -2; --#endif /* HAVE_TCP_MD5SIG */ --} diff --git a/net/quagga/files/extra-tcpmd5-patch-lib-sockopt.h b/net/quagga/files/extra-tcpmd5-patch-lib-sockopt.h deleted file mode 100644 index 61b4a7f55272..000000000000 --- a/net/quagga/files/extra-tcpmd5-patch-lib-sockopt.h +++ /dev/null @@ -1,20 +0,0 @@ ---- lib/sockopt.h.orig 2008-09-05 18:27:26.000000000 +0400 -+++ lib/sockopt.h 2008-12-15 19:36:45.000000000 +0300 -@@ -44,6 +44,10 @@ - */ - #define SOPT_SIZE_CMSG_PKTINFO_IPV6() (sizeof (struct in6_pktinfo)); - -+#ifdef QUAGGA_TCP_MD5SIG -+extern int sockopt_tcp_signature(int family, int sock, int enable); -+#endif /* QUAGGA_TCP_MD5SIG */ -+ - /* - * Size defines for control messages used to get ifindex. We define - * values for each method, and define a macro that can be used by code -@@ -101,6 +105,4 @@ - extern void sockopt_iphdrincl_swab_htosys (struct ip *iph); - extern void sockopt_iphdrincl_swab_systoh (struct ip *iph); - --extern int sockopt_tcp_signature(int sock, union sockunion *su, -- const char *password); - #endif /*_ZEBRA_SOCKOPT_H */ diff --git a/net/quagga/files/extra-tcpmd5-patch-vtysh-extract.pl.in b/net/quagga/files/extra-tcpmd5-patch-vtysh-extract.pl.in deleted file mode 100644 index e9522ee8274e..000000000000 --- a/net/quagga/files/extra-tcpmd5-patch-vtysh-extract.pl.in +++ /dev/null @@ -1,11 +0,0 @@ ---- vtysh/extract.pl.in.orig Mon Sep 19 19:12:11 2005 -+++ vtysh/extract.pl.in Tue Dec 12 15:40:05 2006 -@@ -62,7 +62,7 @@ - foreach (@ARGV) { - $file = $_; - -- open (FH, "cpp -DHAVE_CONFIG_H -DVTYSH_EXTRACT_PL -DHAVE_IPV6 -I@top_builddir@ -I@srcdir@/ -I@srcdir@/.. -I@top_srcdir@/lib -I@top_srcdir@/isisd/topology @SNMP_INCLUDES@ $file |"); -+ open (FH, "cpp -DHAVE_CONFIG_H -DVTYSH_EXTRACT_PL -DHAVE_IPV6 -DQUAGGA_TCP_MD5SIG -I@top_builddir@ -I@srcdir@/ -I@srcdir@/.. -I@top_srcdir@/lib -I@top_srcdir@/isisd/topology @SNMP_INCLUDES@ $file |"); - local $/; undef $/; - $line = ; - close (FH); -- cgit