From e45d5ba8b2ce10c30b5113f671a7739999744711 Mon Sep 17 00:00:00 2001 From: sem Date: Mon, 15 Dec 2008 17:03:33 +0000 Subject: - Update to 0.99.11 Approved by: maintainer timeout --- net/quagga/Makefile | 4 +- net/quagga/distinfo | 6 +- net/quagga/files/extra-tcpmd5-patch-bgpd-bgp_vty.c | 76 +++++----- net/quagga/files/extra-tcpmd5-patch-bgpd-bgpd.c | 153 +++++++++++++++------ net/quagga/files/extra-tcpmd5-patch-bgpd-bgpd.h | 26 ---- net/quagga/files/extra-tcpmd5-patch-lib-sockopt.c | 77 ++++++++++- net/quagga/files/extra-tcpmd5-patch-lib-sockopt.h | 13 +- net/quagga/files/patch-cvs-1-zebra-ioctl.c | 47 ------- 8 files changed, 234 insertions(+), 168 deletions(-) delete mode 100644 net/quagga/files/patch-cvs-1-zebra-ioctl.c (limited to 'net/quagga') diff --git a/net/quagga/Makefile b/net/quagga/Makefile index 690325460bf..44a7e4cb0d8 100644 --- a/net/quagga/Makefile +++ b/net/quagga/Makefile @@ -6,8 +6,8 @@ # PORTNAME= quagga -PORTVERSION= 0.99.10 -PORTREVISION= 3 +PORTVERSION= 0.99.11 +PORTREVISION= 0 CATEGORIES= net ipv6 MASTER_SITES= http://quagga.net/download/ \ http://www.ru.quagga.net/download/ \ diff --git a/net/quagga/distinfo b/net/quagga/distinfo index a68b914a096..9bfda733f49 100644 --- a/net/quagga/distinfo +++ b/net/quagga/distinfo @@ -1,3 +1,3 @@ -MD5 (quagga-0.99.10.tar.gz) = c7a2d92e1c42214afef9b2e1cd4b5d06 -SHA256 (quagga-0.99.10.tar.gz) = f27d55904eb9a9eaf61a19b288ac79c9024b341734b984dccc04c343dfce890d -SIZE (quagga-0.99.10.tar.gz) = 2424191 +MD5 (quagga-0.99.11.tar.gz) = 903e40c744730ad4d62bee872eeb813b +SHA256 (quagga-0.99.11.tar.gz) = a83a357d6de23d7062360ca931371d2d65c0e1a2ba11c57c7a35c6e36b47a646 +SIZE (quagga-0.99.11.tar.gz) = 2192249 diff --git a/net/quagga/files/extra-tcpmd5-patch-bgpd-bgp_vty.c b/net/quagga/files/extra-tcpmd5-patch-bgpd-bgp_vty.c index 40852c334fc..e1a3fc79d00 100644 --- a/net/quagga/files/extra-tcpmd5-patch-bgpd-bgp_vty.c +++ b/net/quagga/files/extra-tcpmd5-patch-bgpd-bgp_vty.c @@ -1,59 +1,47 @@ ---- bgpd/bgp_vty.c.orig Tue Oct 12 22:06:09 2004 -+++ bgpd/bgp_vty.c Fri Jan 28 17:52:57 2005 -@@ -1386,6 +1386,45 @@ +--- bgpd/bgp_vty.c.orig 2008-09-11 09:46:49.000000000 +0400 ++++ bgpd/bgp_vty.c 2008-12-15 19:53:51.000000000 +0300 +@@ -1482,13 +1482,13 @@ "AS number used as local AS\n" "Do not prepend local-as to updates from ebgp peers\n") +#ifdef QUAGGA_TCP_MD5SIG -+DEFUN (neighbor_password, -+ neighbor_password_cmd, + DEFUN (neighbor_password, + neighbor_password_cmd, +- NEIGHBOR_CMD2 "password LINE", + NEIGHBOR_CMD2 "password WORD", -+ NEIGHBOR_STR -+ NEIGHBOR_ADDR_STR2 + NEIGHBOR_STR + NEIGHBOR_ADDR_STR2 +- "Set a password\n" +- "The password\n") + "Specify a password for TCPMD5 authentication with this peer\n") -+{ -+ struct peer *peer; -+ int ret; -+ -+ peer = peer_and_group_lookup_vty (vty, argv[0]); -+ if (! peer) -+ return CMD_WARNING; -+ -+ ret = peer_password_set (peer, argv[1]); -+ return bgp_vty_return (vty, ret); -+} -+ -+DEFUN (no_neighbor_password, -+ no_neighbor_password_cmd, -+ NO_NEIGHBOR_CMD2 "password", -+ NO_STR -+ NEIGHBOR_STR -+ NEIGHBOR_ADDR_STR2 + { + struct peer *peer; + int ret; +@@ -1507,7 +1507,7 @@ + NO_STR + NEIGHBOR_STR + NEIGHBOR_ADDR_STR2 +- "Set a password\n") + "Disable TCPMD5 authentication with this peer\n") -+{ -+ struct peer *peer; -+ int ret; -+ -+ peer = peer_and_group_lookup_vty (vty, argv[0]); -+ if (! peer) -+ return CMD_WARNING; -+ -+ ret = peer_password_unset (peer); -+ return bgp_vty_return (vty, ret); -+} + { + struct peer *peer; + int ret; +@@ -1519,6 +1519,7 @@ + ret = peer_password_unset (peer); + return bgp_vty_return (vty, ret); + } +#endif /* QUAGGA_TCP_MD5SIG */ -+ + DEFUN (neighbor_activate, neighbor_activate_cmd, - NEIGHBOR_CMD2 "activate", -@@ -8530,6 +8569,10 @@ - install_element (BGP_NODE, &no_neighbor_local_as_cmd); - install_element (BGP_NODE, &no_neighbor_local_as_val_cmd); - install_element (BGP_NODE, &no_neighbor_local_as_val2_cmd); -+ +@@ -8942,6 +8943,10 @@ + install_element (BGP_NODE, &neighbor_password_cmd); + install_element (BGP_NODE, &no_neighbor_password_cmd); + + /* "neighbor password" commands. */ + install_element (BGP_NODE, &neighbor_password_cmd); + install_element (BGP_NODE, &no_neighbor_password_cmd); - ++ /* "neighbor activate" commands. */ install_element (BGP_NODE, &neighbor_activate_cmd); + install_element (BGP_IPV4_NODE, &neighbor_activate_cmd); diff --git a/net/quagga/files/extra-tcpmd5-patch-bgpd-bgpd.c b/net/quagga/files/extra-tcpmd5-patch-bgpd-bgpd.c index 83dbea26d5e..aa7cf30d93e 100644 --- a/net/quagga/files/extra-tcpmd5-patch-bgpd-bgpd.c +++ b/net/quagga/files/extra-tcpmd5-patch-bgpd-bgpd.c @@ -1,5 +1,5 @@ ---- bgpd/bgpd.c.orig Fri Dec 8 05:24:44 2006 -+++ bgpd/bgpd.c Tue Dec 12 15:34:44 2006 +--- bgpd/bgpd.c.orig 2008-09-11 09:46:49.000000000 +0400 ++++ bgpd/bgpd.c 2008-12-15 19:48:53.000000000 +0300 @@ -60,6 +60,9 @@ #ifdef HAVE_SNMP #include "bgpd/bgp_snmp.h" @@ -10,81 +10,154 @@ /* BGP process wide configuration. */ static struct bgp_master bgp_master; -@@ -788,6 +791,7 @@ - peer->status = Idle; - peer->ostatus = Idle; - peer->weight = 0; -+ peer->password[0] = '\0'; - peer->bgp = bgp; - peer = peer_lock (peer); /* initial reference */ - -@@ -3379,6 +3383,55 @@ +@@ -3402,110 +3405,55 @@ return 0; } ++ +#ifdef QUAGGA_TCP_MD5SIG -+/* Set password for authenticating with the peer. */ -+int -+peer_password_set (struct peer *peer, char *password) -+{ + /* Set password for authenticating with the peer. */ + int + peer_password_set (struct peer *peer, const char *password) + { +- struct listnode *nn, *nnode; +- int len = password ? strlen(password) : 0; +- int ret = BGP_SUCCESS; + struct bgp *bgp = peer->bgp; + int len; + + len = strlen(password); -+ -+ if ((len < PEER_PASSWORD_MINLEN) || (len > PEER_PASSWORD_MAXLEN)) -+ return BGP_ERR_INVALID_VALUE; -+ + + if ((len < PEER_PASSWORD_MINLEN) || (len > PEER_PASSWORD_MAXLEN)) + return BGP_ERR_INVALID_VALUE; + +- if (peer->password && strcmp (peer->password, password) == 0 +- && ! CHECK_FLAG (peer->sflags, PEER_STATUS_GROUP)) +- return 0; + memcpy(peer->password, password, len); -+ + +- if (peer->password) +- XFREE (MTYPE_PEER_PASSWORD, peer->password); +- +- peer->password = XSTRDUP (MTYPE_PEER_PASSWORD, password); +- +- if (! CHECK_FLAG (peer->sflags, PEER_STATUS_GROUP)) +- { +- if (peer->status == Established) +- bgp_notify_send (peer, BGP_NOTIFY_CEASE, BGP_NOTIFY_CEASE_CONFIG_CHANGE); +- else +- BGP_EVENT_ADD (peer, BGP_Stop); +- +- return (bgp_md5_set (peer) >= 0) ? BGP_SUCCESS : BGP_ERR_TCPSIG_FAILED; +- } + /* + * XXX Need to do PF_KEY operation here to add an SA entry, + * and add an SP entry for this peer's packet flows also. + */ -+ + +- for (ALL_LIST_ELEMENTS (peer->group->peer, nn, nnode, peer)) +- { +- if (peer->password && strcmp (peer->password, password) == 0) +- continue; +- +- if (peer->password) +- XFREE (MTYPE_PEER_PASSWORD, peer->password); +- +- peer->password = XSTRDUP(MTYPE_PEER_PASSWORD, password); + SET_FLAG (peer->flags, PEER_FLAG_TCP_SIGNATURE); -+ + +- if (peer->status == Established) +- bgp_notify_send (peer, BGP_NOTIFY_CEASE, BGP_NOTIFY_CEASE_CONFIG_CHANGE); +- else +- BGP_EVENT_ADD (peer, BGP_Stop); +- +- if (bgp_md5_set (peer) < 0) +- ret = BGP_ERR_TCPSIG_FAILED; +- } + if (peer->fd >= 0) + sockopt_tcp_signature (peer->su.sa.sa_family, peer->fd, TCP_SIG_SPI_BASE + + peer->port); -+ + +- return ret; + return 0; -+} -+ -+int -+peer_password_unset (struct peer *peer) -+{ + } + + int + peer_password_unset (struct peer *peer) + { +- struct listnode *nn, *nnode; +- +- if (!peer->password +- && !CHECK_FLAG (peer->sflags, PEER_STATUS_GROUP)) +- return 0; +- +- if (!CHECK_FLAG (peer->sflags, PEER_STATUS_GROUP)) +- { +- if (peer_group_active (peer) +- && peer->group->conf->password +- && strcmp (peer->group->conf->password, peer->password) == 0) +- return BGP_ERR_PEER_GROUP_HAS_THE_FLAG; +- +- if (peer->status == Established) +- bgp_notify_send (peer, BGP_NOTIFY_CEASE, BGP_NOTIFY_CEASE_CONFIG_CHANGE); +- else +- BGP_EVENT_ADD (peer, BGP_Stop); +- +- if (peer->password) +- XFREE (MTYPE_PEER_PASSWORD, peer->password); +- +- peer->password = NULL; +- +- bgp_md5_set (peer); +- +- return 0; +- } +- +- XFREE (MTYPE_PEER_PASSWORD, peer->password); +- peer->password = NULL; + struct bgp *bgp = peer->bgp; -+ + +- for (ALL_LIST_ELEMENTS (peer->group->peer, nn, nnode, peer)) +- { +- if (!peer->password) +- continue; + UNSET_FLAG (peer->flags, PEER_FLAG_TCP_SIGNATURE); + /* Paranoia. */ + memset(peer->password, 0, sizeof(peer->password)); -+ + +- if (peer->status == Established) +- bgp_notify_send (peer, BGP_NOTIFY_CEASE, BGP_NOTIFY_CEASE_CONFIG_CHANGE); +- else +- BGP_EVENT_ADD (peer, BGP_Stop); +- +- XFREE (MTYPE_PEER_PASSWORD, peer->password); +- peer->password = NULL; + if (peer->fd >= 0) + sockopt_tcp_signature (peer->su.sa.sa_family, peer->fd, 0); -+ + +- bgp_md5_set (peer); +- } + /* + * XXX Need to do PF_KEY operation here to remove the SA and SP. + */ -+ -+ return 0; -+} + + return 0; + } +#endif /* QUAGGA_TCP_MD5SIG */ -+ + /* Set distribute list to the peer. */ int - peer_distribute_set (struct peer *peer, afi_t afi, safi_t safi, int direct, -@@ -4409,6 +4462,13 @@ - if (peer->desc) +@@ -4538,6 +4486,13 @@ vty_out (vty, " neighbor %s description %s%s", addr, peer->desc, VTY_NEWLINE); -+ + +#ifdef QUAGGA_TCP_MD5SIG + /* tcp-md5 session password. XXX the password should be obfuscated */ + if (CHECK_FLAG (peer->flags, PEER_FLAG_TCP_SIGNATURE)) + vty_out (vty, " neighbor %s password %s%s", addr, peer->password, + VTY_NEWLINE); +#endif /* QUAGGA_TCP_MD5SIG */ - ++ /* Shutdown. */ if (CHECK_FLAG (peer->flags, PEER_FLAG_SHUTDOWN)) + if (! peer_group_active (peer) || diff --git a/net/quagga/files/extra-tcpmd5-patch-bgpd-bgpd.h b/net/quagga/files/extra-tcpmd5-patch-bgpd-bgpd.h index 9cfe64b67eb..fe1ae5e0286 100644 --- a/net/quagga/files/extra-tcpmd5-patch-bgpd-bgpd.h +++ b/net/quagga/files/extra-tcpmd5-patch-bgpd-bgpd.h @@ -10,29 +10,3 @@ /* NSF mode (graceful restart) */ u_char nsf[AFI_MAX][SAFI_MAX]; -@@ -522,6 +525,13 @@ - #define PEER_RMAP_TYPE_NOSET (1 << 5) /* not allow to set commands */ - #define PEER_RMAP_TYPE_IMPORT (1 << 6) /* neighbor route-map import */ - #define PEER_RMAP_TYPE_EXPORT (1 << 7) /* neighbor route-map export */ -+ -+#ifdef QUAGGA_TCP_MD5SIG -+ /* TCP-MD5 Password Support -- bms */ -+#define PEER_PASSWORD_MINLEN 1 -+#define PEER_PASSWORD_MAXLEN 80 /* width of password field */ -+ char password[PEER_PASSWORD_MAXLEN]; -+#endif /* QUAGGA_TCP_MD5SIG */ - }; - - /* This structure's member directly points incoming packet data -@@ -904,6 +914,11 @@ - - extern int peer_local_as_set (struct peer *, as_t, int); - extern int peer_local_as_unset (struct peer *); -+ -+#ifdef QUAGGA_TCP_MD5SIG -+extern int peer_password_set (struct peer *, char *); -+extern int peer_password_unset (struct peer *); -+#endif /* QUAGGA_TCP_MD5SIG */ - - extern int peer_prefix_list_set (struct peer *, afi_t, safi_t, int, const char *); - extern int peer_prefix_list_unset (struct peer *, afi_t, safi_t, int); diff --git a/net/quagga/files/extra-tcpmd5-patch-lib-sockopt.c b/net/quagga/files/extra-tcpmd5-patch-lib-sockopt.c index d44ec4949c0..dbfd07223ec 100644 --- a/net/quagga/files/extra-tcpmd5-patch-lib-sockopt.c +++ b/net/quagga/files/extra-tcpmd5-patch-lib-sockopt.c @@ -1,6 +1,6 @@ ---- lib/sockopt.c.orig Tue Jan 4 10:03:36 2005 -+++ lib/sockopt.c Fri Jan 28 17:52:57 2005 -@@ -243,6 +243,32 @@ +--- lib/sockopt.c.orig 2008-09-05 18:27:26.000000000 +0400 ++++ lib/sockopt.c 2008-12-15 19:36:40.000000000 +0300 +@@ -319,6 +319,32 @@ } @@ -33,3 +33,74 @@ static int setsockopt_ipv4_ifindex (int sock, int val) { +@@ -494,70 +520,3 @@ + + iph->ip_id = ntohs(iph->ip_id); + } +- +-int +-sockopt_tcp_signature (int sock, union sockunion *su, const char *password) +-{ +-#if HAVE_DECL_TCP_MD5SIG +- int ret; +-#ifndef GNU_LINUX +- /* +- * XXX Need to do PF_KEY operation here to add/remove an SA entry, +- * and add/remove an SP entry for this peer's packet flows also. +- */ +- int md5sig = password && *password ? 1 : 0; +-#else +- int keylen = password ? strlen (password) : 0; +- struct tcp_md5sig md5sig; +- union sockunion *su2, *susock; +- +- /* Figure out whether the socket and the sockunion are the same family.. +- * adding AF_INET to AF_INET6 needs to be v4 mapped, you'd think.. +- */ +- if (!(susock = sockunion_getsockname (sock))) +- return -1; +- +- if (susock->sa.sa_family == su->sa.sa_family) +- su2 = su; +- else +- { +- /* oops.. */ +- su2 = susock; +- +- if (su2->sa.sa_family == AF_INET) +- { +- sockunion_free (susock); +- return -1; +- }; +- +- /* If this does not work, then all users of this sockopt will need to +- * differentiate between IPv4 and IPv6, and keep seperate sockets for +- * each. +- * +- * Sadly, it doesn't seem to work at present. It's unknown whether +- * this is a bug or not. +- */ +- if (su2->sa.sa_family == AF_INET6 +- && su->sa.sa_family == AF_INET) +- { +- su2->sin6.sin6_family = AF_INET6; +- /* V4Map the address */ +- memset (&su2->sin6.sin6_addr, 0, sizeof (struct in6_addr)); +- su2->sin6.sin6_addr.s6_addr32[2] = htonl(0xffff); +- memcpy (&su2->sin6.sin6_addr.s6_addr32[3], &su->sin.sin_addr, 4); +- } +- } +- +- memset (&md5sig, 0, sizeof (md5sig)); +- memcpy (&md5sig.tcpm_addr, su2, sizeof (*su2)); +- md5sig.tcpm_keylen = keylen; +- if (keylen) +- memcpy (md5sig.tcpm_key, password, keylen); +- sockunion_free (susock); +-#endif /* GNU_LINUX */ +- ret = setsockopt (sock, IPPROTO_TCP, TCP_MD5SIG, &md5sig, sizeof md5sig); +- return ret; +-#else /* HAVE_TCP_MD5SIG */ +- return -2; +-#endif /* HAVE_TCP_MD5SIG */ +-} diff --git a/net/quagga/files/extra-tcpmd5-patch-lib-sockopt.h b/net/quagga/files/extra-tcpmd5-patch-lib-sockopt.h index 84a5eab334e..61b4a7f5527 100644 --- a/net/quagga/files/extra-tcpmd5-patch-lib-sockopt.h +++ b/net/quagga/files/extra-tcpmd5-patch-lib-sockopt.h @@ -1,6 +1,6 @@ ---- lib/sockopt.h.orig Wed May 4 01:13:05 2005 -+++ lib/sockopt.h Thu May 11 10:08:05 2006 -@@ -40,6 +40,10 @@ +--- lib/sockopt.h.orig 2008-09-05 18:27:26.000000000 +0400 ++++ lib/sockopt.h 2008-12-15 19:36:45.000000000 +0300 +@@ -44,6 +44,10 @@ */ #define SOPT_SIZE_CMSG_PKTINFO_IPV6() (sizeof (struct in6_pktinfo)); @@ -11,3 +11,10 @@ /* * Size defines for control messages used to get ifindex. We define * values for each method, and define a macro that can be used by code +@@ -101,6 +105,4 @@ + extern void sockopt_iphdrincl_swab_htosys (struct ip *iph); + extern void sockopt_iphdrincl_swab_systoh (struct ip *iph); + +-extern int sockopt_tcp_signature(int sock, union sockunion *su, +- const char *password); + #endif /*_ZEBRA_SOCKOPT_H */ diff --git a/net/quagga/files/patch-cvs-1-zebra-ioctl.c b/net/quagga/files/patch-cvs-1-zebra-ioctl.c deleted file mode 100644 index e7985032a3a..00000000000 --- a/net/quagga/files/patch-cvs-1-zebra-ioctl.c +++ /dev/null @@ -1,47 +0,0 @@ ---- zebra/ioctl.c 26 Feb 2008 14:02:24 -0000 1.15 -+++ zebra/ioctl.c 1 Jul 2008 15:43:04 -0000 -@@ -362,22 +362,29 @@ if_get_flags (struct interface *ifp) - return; - } - #ifdef HAVE_BSD_LINK_DETECT /* Detect BSD link-state at start-up */ -- (void) memset(&ifmr, 0, sizeof(ifmr)); -- strncpy (&ifmr.ifm_name, ifp->name, IFNAMSIZ); -- if (if_ioctl(SIOCGIFMEDIA, (caddr_t) &ifmr) < 0) -- { -- zlog_err("if_ioctl(SIOCGIFMEDIA) failed: %s", safe_strerror(errno)); -- return; -- } -- if (ifmr.ifm_status & IFM_AVALID) /* Link state is valid */ -+ -+ /* Per-default, IFF_RUNNING is held high, unless link-detect says -+ * otherwise - we abuse IFF_RUNNING inside zebra as a link-state flag, -+ * following practice on Linux and Solaris kernels -+ */ -+ SET_FLAG(ifreq.ifr_flags, IFF_RUNNING); -+ -+ if (CHECK_FLAG (ifp->status, ZEBRA_INTERFACE_LINKDETECTION)) - { -- if (ifmr.ifm_status & IFM_ACTIVE) -- SET_FLAG(ifreq.ifr_flags, IFF_RUNNING); -- else -- UNSET_FLAG(ifreq.ifr_flags, IFF_RUNNING); -- } -- else /* Force always up */ -- SET_FLAG(ifreq.ifr_flags, IFF_RUNNING); -+ (void) memset(&ifmr, 0, sizeof(ifmr)); -+ strncpy (&ifmr.ifm_name, ifp->name, IFNAMSIZ); -+ -+ /* Seems not all interfaces implement this ioctl */ -+ if (if_ioctl(SIOCGIFMEDIA, (caddr_t) &ifmr) < 0) -+ zlog_err("if_ioctl(SIOCGIFMEDIA) failed: %s", safe_strerror(errno)); -+ else if (ifmr.ifm_status & IFM_AVALID) /* Link state is valid */ -+ { -+ if (ifmr.ifm_status & IFM_ACTIVE) -+ SET_FLAG(ifreq.ifr_flags, IFF_RUNNING); -+ else -+ UNSET_FLAG(ifreq.ifr_flags, IFF_RUNNING); -+ } -+ } - #endif /* HAVE_BSD_LINK_DETECT */ - - if_flags_update (ifp, (ifreq.ifr_flags & 0x0000ffff)); -- cgit