aboutsummaryrefslogtreecommitdiffstats
path: root/net/quagga
diff options
context:
space:
mode:
authorsem <sem@FreeBSD.org>2008-12-16 01:03:33 +0800
committersem <sem@FreeBSD.org>2008-12-16 01:03:33 +0800
commite45d5ba8b2ce10c30b5113f671a7739999744711 (patch)
tree87a2f8c0113e3383f662274ba89a33fc66491cc3 /net/quagga
parent641854e330b885fdcf770f465619ed609767a9a7 (diff)
downloadfreebsd-ports-graphics-e45d5ba8b2ce10c30b5113f671a7739999744711.tar.gz
freebsd-ports-graphics-e45d5ba8b2ce10c30b5113f671a7739999744711.tar.zst
freebsd-ports-graphics-e45d5ba8b2ce10c30b5113f671a7739999744711.zip
- Update to 0.99.11
Approved by: maintainer timeout
Diffstat (limited to 'net/quagga')
-rw-r--r--net/quagga/Makefile4
-rw-r--r--net/quagga/distinfo6
-rw-r--r--net/quagga/files/extra-tcpmd5-patch-bgpd-bgp_vty.c76
-rw-r--r--net/quagga/files/extra-tcpmd5-patch-bgpd-bgpd.c153
-rw-r--r--net/quagga/files/extra-tcpmd5-patch-bgpd-bgpd.h26
-rw-r--r--net/quagga/files/extra-tcpmd5-patch-lib-sockopt.c77
-rw-r--r--net/quagga/files/extra-tcpmd5-patch-lib-sockopt.h13
-rw-r--r--net/quagga/files/patch-cvs-1-zebra-ioctl.c47
8 files changed, 234 insertions, 168 deletions
diff --git a/net/quagga/Makefile b/net/quagga/Makefile
index 690325460bf..44a7e4cb0d8 100644
--- a/net/quagga/Makefile
+++ b/net/quagga/Makefile
@@ -6,8 +6,8 @@
#
PORTNAME= quagga
-PORTVERSION= 0.99.10
-PORTREVISION= 3
+PORTVERSION= 0.99.11
+PORTREVISION= 0
CATEGORIES= net ipv6
MASTER_SITES= http://quagga.net/download/ \
http://www.ru.quagga.net/download/ \
diff --git a/net/quagga/distinfo b/net/quagga/distinfo
index a68b914a096..9bfda733f49 100644
--- a/net/quagga/distinfo
+++ b/net/quagga/distinfo
@@ -1,3 +1,3 @@
-MD5 (quagga-0.99.10.tar.gz) = c7a2d92e1c42214afef9b2e1cd4b5d06
-SHA256 (quagga-0.99.10.tar.gz) = f27d55904eb9a9eaf61a19b288ac79c9024b341734b984dccc04c343dfce890d
-SIZE (quagga-0.99.10.tar.gz) = 2424191
+MD5 (quagga-0.99.11.tar.gz) = 903e40c744730ad4d62bee872eeb813b
+SHA256 (quagga-0.99.11.tar.gz) = a83a357d6de23d7062360ca931371d2d65c0e1a2ba11c57c7a35c6e36b47a646
+SIZE (quagga-0.99.11.tar.gz) = 2192249
diff --git a/net/quagga/files/extra-tcpmd5-patch-bgpd-bgp_vty.c b/net/quagga/files/extra-tcpmd5-patch-bgpd-bgp_vty.c
index 40852c334fc..e1a3fc79d00 100644
--- a/net/quagga/files/extra-tcpmd5-patch-bgpd-bgp_vty.c
+++ b/net/quagga/files/extra-tcpmd5-patch-bgpd-bgp_vty.c
@@ -1,59 +1,47 @@
---- bgpd/bgp_vty.c.orig Tue Oct 12 22:06:09 2004
-+++ bgpd/bgp_vty.c Fri Jan 28 17:52:57 2005
-@@ -1386,6 +1386,45 @@
+--- bgpd/bgp_vty.c.orig 2008-09-11 09:46:49.000000000 +0400
++++ bgpd/bgp_vty.c 2008-12-15 19:53:51.000000000 +0300
+@@ -1482,13 +1482,13 @@
"AS number used as local AS\n"
"Do not prepend local-as to updates from ebgp peers\n")
+#ifdef QUAGGA_TCP_MD5SIG
-+DEFUN (neighbor_password,
-+ neighbor_password_cmd,
+ DEFUN (neighbor_password,
+ neighbor_password_cmd,
+- NEIGHBOR_CMD2 "password LINE",
+ NEIGHBOR_CMD2 "password WORD",
-+ NEIGHBOR_STR
-+ NEIGHBOR_ADDR_STR2
+ NEIGHBOR_STR
+ NEIGHBOR_ADDR_STR2
+- "Set a password\n"
+- "The password\n")
+ "Specify a password for TCPMD5 authentication with this peer\n")
-+{
-+ struct peer *peer;
-+ int ret;
-+
-+ peer = peer_and_group_lookup_vty (vty, argv[0]);
-+ if (! peer)
-+ return CMD_WARNING;
-+
-+ ret = peer_password_set (peer, argv[1]);
-+ return bgp_vty_return (vty, ret);
-+}
-+
-+DEFUN (no_neighbor_password,
-+ no_neighbor_password_cmd,
-+ NO_NEIGHBOR_CMD2 "password",
-+ NO_STR
-+ NEIGHBOR_STR
-+ NEIGHBOR_ADDR_STR2
+ {
+ struct peer *peer;
+ int ret;
+@@ -1507,7 +1507,7 @@
+ NO_STR
+ NEIGHBOR_STR
+ NEIGHBOR_ADDR_STR2
+- "Set a password\n")
+ "Disable TCPMD5 authentication with this peer\n")
-+{
-+ struct peer *peer;
-+ int ret;
-+
-+ peer = peer_and_group_lookup_vty (vty, argv[0]);
-+ if (! peer)
-+ return CMD_WARNING;
-+
-+ ret = peer_password_unset (peer);
-+ return bgp_vty_return (vty, ret);
-+}
+ {
+ struct peer *peer;
+ int ret;
+@@ -1519,6 +1519,7 @@
+ ret = peer_password_unset (peer);
+ return bgp_vty_return (vty, ret);
+ }
+#endif /* QUAGGA_TCP_MD5SIG */
-+
+
DEFUN (neighbor_activate,
neighbor_activate_cmd,
- NEIGHBOR_CMD2 "activate",
-@@ -8530,6 +8569,10 @@
- install_element (BGP_NODE, &no_neighbor_local_as_cmd);
- install_element (BGP_NODE, &no_neighbor_local_as_val_cmd);
- install_element (BGP_NODE, &no_neighbor_local_as_val2_cmd);
-+
+@@ -8942,6 +8943,10 @@
+ install_element (BGP_NODE, &neighbor_password_cmd);
+ install_element (BGP_NODE, &no_neighbor_password_cmd);
+
+ /* "neighbor password" commands. */
+ install_element (BGP_NODE, &neighbor_password_cmd);
+ install_element (BGP_NODE, &no_neighbor_password_cmd);
-
++
/* "neighbor activate" commands. */
install_element (BGP_NODE, &neighbor_activate_cmd);
+ install_element (BGP_IPV4_NODE, &neighbor_activate_cmd);
diff --git a/net/quagga/files/extra-tcpmd5-patch-bgpd-bgpd.c b/net/quagga/files/extra-tcpmd5-patch-bgpd-bgpd.c
index 83dbea26d5e..aa7cf30d93e 100644
--- a/net/quagga/files/extra-tcpmd5-patch-bgpd-bgpd.c
+++ b/net/quagga/files/extra-tcpmd5-patch-bgpd-bgpd.c
@@ -1,5 +1,5 @@
---- bgpd/bgpd.c.orig Fri Dec 8 05:24:44 2006
-+++ bgpd/bgpd.c Tue Dec 12 15:34:44 2006
+--- bgpd/bgpd.c.orig 2008-09-11 09:46:49.000000000 +0400
++++ bgpd/bgpd.c 2008-12-15 19:48:53.000000000 +0300
@@ -60,6 +60,9 @@
#ifdef HAVE_SNMP
#include "bgpd/bgp_snmp.h"
@@ -10,81 +10,154 @@
/* BGP process wide configuration. */
static struct bgp_master bgp_master;
-@@ -788,6 +791,7 @@
- peer->status = Idle;
- peer->ostatus = Idle;
- peer->weight = 0;
-+ peer->password[0] = '\0';
- peer->bgp = bgp;
- peer = peer_lock (peer); /* initial reference */
-
-@@ -3379,6 +3383,55 @@
+@@ -3402,110 +3405,55 @@
return 0;
}
++
+#ifdef QUAGGA_TCP_MD5SIG
-+/* Set password for authenticating with the peer. */
-+int
-+peer_password_set (struct peer *peer, char *password)
-+{
+ /* Set password for authenticating with the peer. */
+ int
+ peer_password_set (struct peer *peer, const char *password)
+ {
+- struct listnode *nn, *nnode;
+- int len = password ? strlen(password) : 0;
+- int ret = BGP_SUCCESS;
+ struct bgp *bgp = peer->bgp;
+ int len;
+
+ len = strlen(password);
-+
-+ if ((len < PEER_PASSWORD_MINLEN) || (len > PEER_PASSWORD_MAXLEN))
-+ return BGP_ERR_INVALID_VALUE;
-+
+
+ if ((len < PEER_PASSWORD_MINLEN) || (len > PEER_PASSWORD_MAXLEN))
+ return BGP_ERR_INVALID_VALUE;
+
+- if (peer->password && strcmp (peer->password, password) == 0
+- && ! CHECK_FLAG (peer->sflags, PEER_STATUS_GROUP))
+- return 0;
+ memcpy(peer->password, password, len);
-+
+
+- if (peer->password)
+- XFREE (MTYPE_PEER_PASSWORD, peer->password);
+-
+- peer->password = XSTRDUP (MTYPE_PEER_PASSWORD, password);
+-
+- if (! CHECK_FLAG (peer->sflags, PEER_STATUS_GROUP))
+- {
+- if (peer->status == Established)
+- bgp_notify_send (peer, BGP_NOTIFY_CEASE, BGP_NOTIFY_CEASE_CONFIG_CHANGE);
+- else
+- BGP_EVENT_ADD (peer, BGP_Stop);
+-
+- return (bgp_md5_set (peer) >= 0) ? BGP_SUCCESS : BGP_ERR_TCPSIG_FAILED;
+- }
+ /*
+ * XXX Need to do PF_KEY operation here to add an SA entry,
+ * and add an SP entry for this peer's packet flows also.
+ */
-+
+
+- for (ALL_LIST_ELEMENTS (peer->group->peer, nn, nnode, peer))
+- {
+- if (peer->password && strcmp (peer->password, password) == 0)
+- continue;
+-
+- if (peer->password)
+- XFREE (MTYPE_PEER_PASSWORD, peer->password);
+-
+- peer->password = XSTRDUP(MTYPE_PEER_PASSWORD, password);
+ SET_FLAG (peer->flags, PEER_FLAG_TCP_SIGNATURE);
-+
+
+- if (peer->status == Established)
+- bgp_notify_send (peer, BGP_NOTIFY_CEASE, BGP_NOTIFY_CEASE_CONFIG_CHANGE);
+- else
+- BGP_EVENT_ADD (peer, BGP_Stop);
+-
+- if (bgp_md5_set (peer) < 0)
+- ret = BGP_ERR_TCPSIG_FAILED;
+- }
+ if (peer->fd >= 0)
+ sockopt_tcp_signature (peer->su.sa.sa_family, peer->fd, TCP_SIG_SPI_BASE +
+ peer->port);
-+
+
+- return ret;
+ return 0;
-+}
-+
-+int
-+peer_password_unset (struct peer *peer)
-+{
+ }
+
+ int
+ peer_password_unset (struct peer *peer)
+ {
+- struct listnode *nn, *nnode;
+-
+- if (!peer->password
+- && !CHECK_FLAG (peer->sflags, PEER_STATUS_GROUP))
+- return 0;
+-
+- if (!CHECK_FLAG (peer->sflags, PEER_STATUS_GROUP))
+- {
+- if (peer_group_active (peer)
+- && peer->group->conf->password
+- && strcmp (peer->group->conf->password, peer->password) == 0)
+- return BGP_ERR_PEER_GROUP_HAS_THE_FLAG;
+-
+- if (peer->status == Established)
+- bgp_notify_send (peer, BGP_NOTIFY_CEASE, BGP_NOTIFY_CEASE_CONFIG_CHANGE);
+- else
+- BGP_EVENT_ADD (peer, BGP_Stop);
+-
+- if (peer->password)
+- XFREE (MTYPE_PEER_PASSWORD, peer->password);
+-
+- peer->password = NULL;
+-
+- bgp_md5_set (peer);
+-
+- return 0;
+- }
+-
+- XFREE (MTYPE_PEER_PASSWORD, peer->password);
+- peer->password = NULL;
+ struct bgp *bgp = peer->bgp;
-+
+
+- for (ALL_LIST_ELEMENTS (peer->group->peer, nn, nnode, peer))
+- {
+- if (!peer->password)
+- continue;
+ UNSET_FLAG (peer->flags, PEER_FLAG_TCP_SIGNATURE);
+ /* Paranoia. */
+ memset(peer->password, 0, sizeof(peer->password));
-+
+
+- if (peer->status == Established)
+- bgp_notify_send (peer, BGP_NOTIFY_CEASE, BGP_NOTIFY_CEASE_CONFIG_CHANGE);
+- else
+- BGP_EVENT_ADD (peer, BGP_Stop);
+-
+- XFREE (MTYPE_PEER_PASSWORD, peer->password);
+- peer->password = NULL;
+ if (peer->fd >= 0)
+ sockopt_tcp_signature (peer->su.sa.sa_family, peer->fd, 0);
-+
+
+- bgp_md5_set (peer);
+- }
+ /*
+ * XXX Need to do PF_KEY operation here to remove the SA and SP.
+ */
-+
-+ return 0;
-+}
+
+ return 0;
+ }
+#endif /* QUAGGA_TCP_MD5SIG */
-+
+
/* Set distribute list to the peer. */
int
- peer_distribute_set (struct peer *peer, afi_t afi, safi_t safi, int direct,
-@@ -4409,6 +4462,13 @@
- if (peer->desc)
+@@ -4538,6 +4486,13 @@
vty_out (vty, " neighbor %s description %s%s", addr, peer->desc,
VTY_NEWLINE);
-+
+
+#ifdef QUAGGA_TCP_MD5SIG
+ /* tcp-md5 session password. XXX the password should be obfuscated */
+ if (CHECK_FLAG (peer->flags, PEER_FLAG_TCP_SIGNATURE))
+ vty_out (vty, " neighbor %s password %s%s", addr, peer->password,
+ VTY_NEWLINE);
+#endif /* QUAGGA_TCP_MD5SIG */
-
++
/* Shutdown. */
if (CHECK_FLAG (peer->flags, PEER_FLAG_SHUTDOWN))
+ if (! peer_group_active (peer) ||
diff --git a/net/quagga/files/extra-tcpmd5-patch-bgpd-bgpd.h b/net/quagga/files/extra-tcpmd5-patch-bgpd-bgpd.h
index 9cfe64b67eb..fe1ae5e0286 100644
--- a/net/quagga/files/extra-tcpmd5-patch-bgpd-bgpd.h
+++ b/net/quagga/files/extra-tcpmd5-patch-bgpd-bgpd.h
@@ -10,29 +10,3 @@
/* NSF mode (graceful restart) */
u_char nsf[AFI_MAX][SAFI_MAX];
-@@ -522,6 +525,13 @@
- #define PEER_RMAP_TYPE_NOSET (1 << 5) /* not allow to set commands */
- #define PEER_RMAP_TYPE_IMPORT (1 << 6) /* neighbor route-map import */
- #define PEER_RMAP_TYPE_EXPORT (1 << 7) /* neighbor route-map export */
-+
-+#ifdef QUAGGA_TCP_MD5SIG
-+ /* TCP-MD5 Password Support -- bms */
-+#define PEER_PASSWORD_MINLEN 1
-+#define PEER_PASSWORD_MAXLEN 80 /* width of password field */
-+ char password[PEER_PASSWORD_MAXLEN];
-+#endif /* QUAGGA_TCP_MD5SIG */
- };
-
- /* This structure's member directly points incoming packet data
-@@ -904,6 +914,11 @@
-
- extern int peer_local_as_set (struct peer *, as_t, int);
- extern int peer_local_as_unset (struct peer *);
-+
-+#ifdef QUAGGA_TCP_MD5SIG
-+extern int peer_password_set (struct peer *, char *);
-+extern int peer_password_unset (struct peer *);
-+#endif /* QUAGGA_TCP_MD5SIG */
-
- extern int peer_prefix_list_set (struct peer *, afi_t, safi_t, int, const char *);
- extern int peer_prefix_list_unset (struct peer *, afi_t, safi_t, int);
diff --git a/net/quagga/files/extra-tcpmd5-patch-lib-sockopt.c b/net/quagga/files/extra-tcpmd5-patch-lib-sockopt.c
index d44ec4949c0..dbfd07223ec 100644
--- a/net/quagga/files/extra-tcpmd5-patch-lib-sockopt.c
+++ b/net/quagga/files/extra-tcpmd5-patch-lib-sockopt.c
@@ -1,6 +1,6 @@
---- lib/sockopt.c.orig Tue Jan 4 10:03:36 2005
-+++ lib/sockopt.c Fri Jan 28 17:52:57 2005
-@@ -243,6 +243,32 @@
+--- lib/sockopt.c.orig 2008-09-05 18:27:26.000000000 +0400
++++ lib/sockopt.c 2008-12-15 19:36:40.000000000 +0300
+@@ -319,6 +319,32 @@
}
@@ -33,3 +33,74 @@
static int
setsockopt_ipv4_ifindex (int sock, int val)
{
+@@ -494,70 +520,3 @@
+
+ iph->ip_id = ntohs(iph->ip_id);
+ }
+-
+-int
+-sockopt_tcp_signature (int sock, union sockunion *su, const char *password)
+-{
+-#if HAVE_DECL_TCP_MD5SIG
+- int ret;
+-#ifndef GNU_LINUX
+- /*
+- * XXX Need to do PF_KEY operation here to add/remove an SA entry,
+- * and add/remove an SP entry for this peer's packet flows also.
+- */
+- int md5sig = password && *password ? 1 : 0;
+-#else
+- int keylen = password ? strlen (password) : 0;
+- struct tcp_md5sig md5sig;
+- union sockunion *su2, *susock;
+-
+- /* Figure out whether the socket and the sockunion are the same family..
+- * adding AF_INET to AF_INET6 needs to be v4 mapped, you'd think..
+- */
+- if (!(susock = sockunion_getsockname (sock)))
+- return -1;
+-
+- if (susock->sa.sa_family == su->sa.sa_family)
+- su2 = su;
+- else
+- {
+- /* oops.. */
+- su2 = susock;
+-
+- if (su2->sa.sa_family == AF_INET)
+- {
+- sockunion_free (susock);
+- return -1;
+- };
+-
+- /* If this does not work, then all users of this sockopt will need to
+- * differentiate between IPv4 and IPv6, and keep seperate sockets for
+- * each.
+- *
+- * Sadly, it doesn't seem to work at present. It's unknown whether
+- * this is a bug or not.
+- */
+- if (su2->sa.sa_family == AF_INET6
+- && su->sa.sa_family == AF_INET)
+- {
+- su2->sin6.sin6_family = AF_INET6;
+- /* V4Map the address */
+- memset (&su2->sin6.sin6_addr, 0, sizeof (struct in6_addr));
+- su2->sin6.sin6_addr.s6_addr32[2] = htonl(0xffff);
+- memcpy (&su2->sin6.sin6_addr.s6_addr32[3], &su->sin.sin_addr, 4);
+- }
+- }
+-
+- memset (&md5sig, 0, sizeof (md5sig));
+- memcpy (&md5sig.tcpm_addr, su2, sizeof (*su2));
+- md5sig.tcpm_keylen = keylen;
+- if (keylen)
+- memcpy (md5sig.tcpm_key, password, keylen);
+- sockunion_free (susock);
+-#endif /* GNU_LINUX */
+- ret = setsockopt (sock, IPPROTO_TCP, TCP_MD5SIG, &md5sig, sizeof md5sig);
+- return ret;
+-#else /* HAVE_TCP_MD5SIG */
+- return -2;
+-#endif /* HAVE_TCP_MD5SIG */
+-}
diff --git a/net/quagga/files/extra-tcpmd5-patch-lib-sockopt.h b/net/quagga/files/extra-tcpmd5-patch-lib-sockopt.h
index 84a5eab334e..61b4a7f5527 100644
--- a/net/quagga/files/extra-tcpmd5-patch-lib-sockopt.h
+++ b/net/quagga/files/extra-tcpmd5-patch-lib-sockopt.h
@@ -1,6 +1,6 @@
---- lib/sockopt.h.orig Wed May 4 01:13:05 2005
-+++ lib/sockopt.h Thu May 11 10:08:05 2006
-@@ -40,6 +40,10 @@
+--- lib/sockopt.h.orig 2008-09-05 18:27:26.000000000 +0400
++++ lib/sockopt.h 2008-12-15 19:36:45.000000000 +0300
+@@ -44,6 +44,10 @@
*/
#define SOPT_SIZE_CMSG_PKTINFO_IPV6() (sizeof (struct in6_pktinfo));
@@ -11,3 +11,10 @@
/*
* Size defines for control messages used to get ifindex. We define
* values for each method, and define a macro that can be used by code
+@@ -101,6 +105,4 @@
+ extern void sockopt_iphdrincl_swab_htosys (struct ip *iph);
+ extern void sockopt_iphdrincl_swab_systoh (struct ip *iph);
+
+-extern int sockopt_tcp_signature(int sock, union sockunion *su,
+- const char *password);
+ #endif /*_ZEBRA_SOCKOPT_H */
diff --git a/net/quagga/files/patch-cvs-1-zebra-ioctl.c b/net/quagga/files/patch-cvs-1-zebra-ioctl.c
deleted file mode 100644
index e7985032a3a..00000000000
--- a/net/quagga/files/patch-cvs-1-zebra-ioctl.c
+++ /dev/null
@@ -1,47 +0,0 @@
---- zebra/ioctl.c 26 Feb 2008 14:02:24 -0000 1.15
-+++ zebra/ioctl.c 1 Jul 2008 15:43:04 -0000
-@@ -362,22 +362,29 @@ if_get_flags (struct interface *ifp)
- return;
- }
- #ifdef HAVE_BSD_LINK_DETECT /* Detect BSD link-state at start-up */
-- (void) memset(&ifmr, 0, sizeof(ifmr));
-- strncpy (&ifmr.ifm_name, ifp->name, IFNAMSIZ);
-- if (if_ioctl(SIOCGIFMEDIA, (caddr_t) &ifmr) < 0)
-- {
-- zlog_err("if_ioctl(SIOCGIFMEDIA) failed: %s", safe_strerror(errno));
-- return;
-- }
-- if (ifmr.ifm_status & IFM_AVALID) /* Link state is valid */
-+
-+ /* Per-default, IFF_RUNNING is held high, unless link-detect says
-+ * otherwise - we abuse IFF_RUNNING inside zebra as a link-state flag,
-+ * following practice on Linux and Solaris kernels
-+ */
-+ SET_FLAG(ifreq.ifr_flags, IFF_RUNNING);
-+
-+ if (CHECK_FLAG (ifp->status, ZEBRA_INTERFACE_LINKDETECTION))
- {
-- if (ifmr.ifm_status & IFM_ACTIVE)
-- SET_FLAG(ifreq.ifr_flags, IFF_RUNNING);
-- else
-- UNSET_FLAG(ifreq.ifr_flags, IFF_RUNNING);
-- }
-- else /* Force always up */
-- SET_FLAG(ifreq.ifr_flags, IFF_RUNNING);
-+ (void) memset(&ifmr, 0, sizeof(ifmr));
-+ strncpy (&ifmr.ifm_name, ifp->name, IFNAMSIZ);
-+
-+ /* Seems not all interfaces implement this ioctl */
-+ if (if_ioctl(SIOCGIFMEDIA, (caddr_t) &ifmr) < 0)
-+ zlog_err("if_ioctl(SIOCGIFMEDIA) failed: %s", safe_strerror(errno));
-+ else if (ifmr.ifm_status & IFM_AVALID) /* Link state is valid */
-+ {
-+ if (ifmr.ifm_status & IFM_ACTIVE)
-+ SET_FLAG(ifreq.ifr_flags, IFF_RUNNING);
-+ else
-+ UNSET_FLAG(ifreq.ifr_flags, IFF_RUNNING);
-+ }
-+ }
- #endif /* HAVE_BSD_LINK_DETECT */
-
- if_flags_update (ifp, (ifreq.ifr_flags & 0x0000ffff));