Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
  • 14:00
    cihankom commented #934
  • 13:23
    cihankom commented #934
  • 13:22
    cihankom commented #934
  • 13:22
    cihankom commented #934
  • 10:24
    pierky commented #934
  • 08:47
    chantra commented #934
  • 08:42
    pierky commented #934
  • Nov 19 15:18
    pierky commented #934
  • Nov 19 14:30
    thomas-mangin commented #934
  • Nov 19 14:29
    thomas-mangin commented #934
  • Nov 19 14:23
    thomas-mangin commented #934
  • Nov 19 14:21
    thomas-mangin commented #934
  • Nov 19 14:15
    thomas-mangin commented #934
  • Nov 19 11:30
    pierky commented #934
  • Nov 19 09:59
    thomas-mangin commented #934
  • Nov 19 09:39
    pierky commented #934
  • Nov 19 07:50
    pguibert6WIND opened #935
  • Nov 18 17:17
    thomas-mangin commented #934
  • Nov 18 17:16
    thomas-mangin commented #934
  • Nov 18 14:10
    pierky opened #934
sanjmonkey
@sanjmonkey
if thats any help :)
Thomas Mangin
@thomas-mangin
found the issue - it is missing feature for MD5 listening
sanjmonkey
@sanjmonkey
great news! thanks for looking at it Thomas.
Thomas Mangin
@thomas-mangin
I need to add the feature .. doing it now
Thomas Mangin
@thomas-mangin
going to be a week-end job
sanjmonkey
@sanjmonkey
not straight forward? dont lose sleep over it (or a weekend!). Speak soon
Thomas Mangin
@thomas-mangin
Just taking the time it takes.
Thomas Mangin
@thomas-mangin
I have a patch working with MD5 .. but I am not happy as I am forced to read the configuration file as root to know the MD5, then needed when binding (which requires root for port < 1024)
Thomas Mangin
@thomas-mangin
Unless someone tells me how to avoid it ( I can not think of any way ) I am pushing the patch
sanjmonkey
@sanjmonkey
you need something similar to setcap ?
Thomas Mangin
@thomas-mangin
I am not using capabilities
so I am stuck but yes it would be the long and correct way - thank you for reminding me
finishing the patch ..
should be done soon
As long the the nice pear liqueur is not too harmful to my coding :wink2:
sanjmonkey
@sanjmonkey
:+1:
Thomas Mangin
@thomas-mangin
Ok - the patch is ready but it comes with a price attached :grin:
documentation for the MD5 and new per peer “listen” which allows to set per peer MD5
sanjmonkey
@sanjmonkey
a bottle of pear liqueur ?
Thomas Mangin
@thomas-mangin
LOL - no - that’s ok still plenty left
@sanjmonkey can I please have your full name for the changelog ?
sanjmonkey
@sanjmonkey
sure, Sandy Breeze
Thomas Mangin
@thomas-mangin
Thank - I only remembered your first name
sanjmonkey
@sanjmonkey
np!
Thomas Mangin
@thomas-mangin
pushed to my tree - as soon as CI reports all fine - pushing to main repo
done
sanjmonkey
@sanjmonkey
cloning!
Thomas Mangin
@thomas-mangin
You should be having a relaxing evening .. but who am I to judge :tongue:
sanjmonkey
@sanjmonkey
perhaps I cloned too early, no reply to md5 session :(
22:06:11.174545 IP <x.x.x.x>.40356 > <y.y.y.y>.179: Flags [S], seq 3786399209, win 29200, options [nop,nop,md5valid,mss 1460,nop,nop,sackOK,nop,wscale 7], length 0
Thomas Mangin
@thomas-mangin
hum ...
on the receiving exabgp you need to add
“listen <port>"
sorry
sanjmonkey
@sanjmonkey
oooh
Thomas Mangin
@thomas-mangin
“listen <port>;"
like you would do for passive
or hold-time
MD5 is a per peer setting
previously the only way to listen was via the global option exabgp.tcp.bind
it is not the case anymore
hence why the patch took a few hours
sanjmonkey
@sanjmonkey

i see new reactor message: Listening for BGP session(s) on <y.y.y.y>:179 with MD5

but no ack to this syn:
22:12:52.454633 IP <x.x.x.x>.33553 > <y.y.y.y>.179: Flags [S], seq 2573773506, win 29200, options [nop,nop,md5valid,mss 1460,nop,nop,sackOK,nop,wscale 7], length 0

passive side is listening as it should
Thomas Mangin
@thomas-mangin
passive : do not establish outgoing connection
so without using the global listening option a passive neighbour is as good as unconfigured
listen <port> accept incoming connection
so both options are orthogonals
you can have passive, passive + listen, listen
hum .. not sure why it does not work for you ...