Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
  • Dec 05 17:45
    brotherdust closed #827
  • Nov 29 15:16
    jsenecal opened #938
  • Nov 28 13:16
    arozhentsev edited #937
  • Nov 28 13:15
    arozhentsev opened #937
  • Nov 25 08:41
    pguibert6WIND commented #935
  • Nov 25 08:19
    pguibert6WIND commented #927
  • Nov 23 18:08
    thomas-mangin commented #927
  • Nov 23 18:07
    thomas-mangin unlabeled #929
  • Nov 23 18:07
    thomas-mangin unlabeled #929
  • Nov 23 18:07
    thomas-mangin commented #929
  • Nov 23 18:06
    thomas-mangin labeled #929
  • Nov 23 18:06
    thomas-mangin commented #929
  • Nov 23 18:03
    thomas-mangin commented #935
  • Nov 23 18:03
    thomas-mangin labeled #935
  • Nov 23 18:03
    thomas-mangin unlabeled #935
  • Nov 21 16:56
    thomas-mangin commented #934
  • Nov 21 16:56
    thomas-mangin closed #934
  • Nov 21 16:56
    thomas-mangin commented #934
  • Nov 21 16:54
    thomas-mangin commented #936
  • Nov 21 16:52
    debian-janitor opened #936
Thomas Mangin
@thomas-mangin
Ok - I can reproduce the problem
so there is indeed an issue :-(
sanjmonkey
@sanjmonkey
ah ok…. /me feels his sanity is coming back!
do you think its OS specific? as it looked like tcp md5 packets werent making it through to the socket
Thomas Mangin
@thomas-mangin
Yes MD5 on linux does not work as should .. not sure if it is sending, receiving or both
hopefully not both
AFAIK connecting was fine .. but I may have been mistaken
Thomas Mangin
@thomas-mangin
back on the issue ..
sanjmonkey
@sanjmonkey
i tried two 3.4.8 clients on 14.04 boxes with MD5 (not passive) and can see sending MD5 looks to work, but receive doesn’t - so session never establishes.
if thats any help :)
Thomas Mangin
@thomas-mangin
found the issue - it is missing feature for MD5 listening
sanjmonkey
@sanjmonkey
great news! thanks for looking at it Thomas.
Thomas Mangin
@thomas-mangin
I need to add the feature .. doing it now
Thomas Mangin
@thomas-mangin
going to be a week-end job
sanjmonkey
@sanjmonkey
not straight forward? dont lose sleep over it (or a weekend!). Speak soon
Thomas Mangin
@thomas-mangin
Just taking the time it takes.
Thomas Mangin
@thomas-mangin
I have a patch working with MD5 .. but I am not happy as I am forced to read the configuration file as root to know the MD5, then needed when binding (which requires root for port < 1024)
Thomas Mangin
@thomas-mangin
Unless someone tells me how to avoid it ( I can not think of any way ) I am pushing the patch
sanjmonkey
@sanjmonkey
you need something similar to setcap ?
Thomas Mangin
@thomas-mangin
I am not using capabilities
so I am stuck but yes it would be the long and correct way - thank you for reminding me
finishing the patch ..
should be done soon
As long the the nice pear liqueur is not too harmful to my coding :wink2:
sanjmonkey
@sanjmonkey
:+1:
Thomas Mangin
@thomas-mangin
Ok - the patch is ready but it comes with a price attached :grin:
documentation for the MD5 and new per peer “listen” which allows to set per peer MD5
sanjmonkey
@sanjmonkey
a bottle of pear liqueur ?
Thomas Mangin
@thomas-mangin
LOL - no - that’s ok still plenty left
@sanjmonkey can I please have your full name for the changelog ?
sanjmonkey
@sanjmonkey
sure, Sandy Breeze
Thomas Mangin
@thomas-mangin
Thank - I only remembered your first name
sanjmonkey
@sanjmonkey
np!
Thomas Mangin
@thomas-mangin
pushed to my tree - as soon as CI reports all fine - pushing to main repo
done
sanjmonkey
@sanjmonkey
cloning!
Thomas Mangin
@thomas-mangin
You should be having a relaxing evening .. but who am I to judge :tongue:
sanjmonkey
@sanjmonkey
perhaps I cloned too early, no reply to md5 session :(
22:06:11.174545 IP <x.x.x.x>.40356 > <y.y.y.y>.179: Flags [S], seq 3786399209, win 29200, options [nop,nop,md5valid,mss 1460,nop,nop,sackOK,nop,wscale 7], length 0
Thomas Mangin
@thomas-mangin
hum ...
on the receiving exabgp you need to add
“listen <port>"
sorry
sanjmonkey
@sanjmonkey
oooh
Thomas Mangin
@thomas-mangin
“listen <port>;"
like you would do for passive
or hold-time
MD5 is a per peer setting
previously the only way to listen was via the global option exabgp.tcp.bind
it is not the case anymore