Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
  • Aug 23 17:56
    pettai opened #912
  • Aug 22 12:08
    thomas-mangin labeled #911
  • Aug 22 12:03
    thomas-mangin closed #910
  • Aug 22 12:03
    thomas-mangin commented #910
  • Aug 22 09:31
    thomas-mangin commented #911
  • Aug 22 09:29
    thomas-mangin labeled #911
  • Aug 22 09:28
    thomas-mangin assigned #911
  • Aug 22 03:58
    andy19910403 edited #911
  • Aug 22 03:58
    andy19910403 opened #911
  • Aug 15 14:15
    vincentbernat commented #910
  • Aug 15 07:46
    sincerywaing edited #910
  • Aug 15 05:19
    sincerywaing opened #910
  • Aug 14 21:40
    Vascko commented #909
  • Aug 13 10:04
    thomas-mangin labeled #909
  • Aug 13 10:04
    thomas-mangin assigned #909
  • Aug 13 10:02
    thomas-mangin commented #909
  • Aug 12 07:32
    wavezhang commented #908
  • Aug 12 07:32
    wavezhang commented #908
  • Aug 11 23:04
    Vascko opened #909
  • Aug 09 21:44
    thomas-mangin commented #908
Thomas Mangin
@thomas-mangin
hence why the patch took a few hours
sanjmonkey
@sanjmonkey

i see new reactor message: Listening for BGP session(s) on <y.y.y.y>:179 with MD5

but no ack to this syn:
22:12:52.454633 IP <x.x.x.x>.33553 > <y.y.y.y>.179: Flags [S], seq 2573773506, win 29200, options [nop,nop,md5valid,mss 1460,nop,nop,sackOK,nop,wscale 7], length 0

passive side is listening as it should
Thomas Mangin
@thomas-mangin
passive : do not establish outgoing connection
so without using the global listening option a passive neighbour is as good as unconfigured
listen <port> accept incoming connection
so both options are orthogonals
you can have passive, passive + listen, listen
hum .. not sure why it does not work for you ...
I need to add an “active” or “port” option to set out on what port the peer will connect out ..
when I tried I only tested 1790 ( to not have to use root )
but it should make no difference
(and I am lying I did test 179 .. ) - tired
sanjmonkey
@sanjmonkey
ok, and 179 works for you?
Thomas Mangin
@thomas-mangin
yes
sanjmonkey
@sanjmonkey
me too (tired). let me look at it with a fresh pair of eyes tomorrow, perhaps I’ve missed something obvious!
Thomas Mangin
@thomas-mangin
ok - I should be online in the afternoon
sanjmonkey
@sanjmonkey
dont want to waste your time
Thomas Mangin
@thomas-mangin
feel free to grab me here
no issue
sanjmonkey
@sanjmonkey
1000x thankyous again
Thomas Mangin
@thomas-mangin
you are welcome :smile:
Thomas Mangin
@thomas-mangin
@sanjmonkey where is the code located ?
and good morning
Thomas Mangin
@thomas-mangin
sorry I am blind
Thomas Mangin
@thomas-mangin
will look later on - can not find anything obviously wrong
it would like the socket is not setup correctly for MD5 and therefore the kernel is not matching the incoming packet to the socket but AFAICS all was setup fine .
sanjmonkey
@sanjmonkey
ok thomas thanks for checking. enjoy your day!
Thomas Mangin
@thomas-mangin
going to Jitsu - will be mid aft. I have an idea.
Thomas Mangin
@thomas-mangin
There is a connect.conf file with the test.conf ..
using it works …
the connection is not accepted as the source IP is not right but it establishes
could you let me know what is at the other end of the session ?
I will be back later on today - ttfn
sanjmonkey
@sanjmonkey
hi @thomas-mangin. seen your findings. I agree - if it stays local it binds, and capture shows the sending and receiving of TCP MD5. In this case the other end is an identical 14.04 / exa3.4.8. Trying with a Cisco router (IOS 15 something) shows the same, with MD5 on it never makes it to exa.
Thomas Mangin
@thomas-mangin
hum ...
sanjmonkey
@sanjmonkey
I’m going to investigate other OS’ and hypervisors vs physical (in case it is some offloading in vswitch perhaps)
Thomas Mangin
@thomas-mangin
can you try master on the other node .. in case there is an issue..
yes - it could be .. I will try to test between two host later on ( currently working on some other code )
sanjmonkey
@sanjmonkey
other node is 3.4.8 master (not from your tree)
I’ll let you know how it goes
Thomas Mangin
@thomas-mangin
thanks
Thomas Mangin
@thomas-mangin
@sanjmonkey did you find what the problem was - I am waiting to make sure the issue is not with my code before releasing 3.4.9
sanjmonkey
@sanjmonkey
@thomas-mangin nothing conclusive yet. can reproduce in every VM I’ve had access to, though not had time to test with anything physical yet. Have turned off tcp segment offload off in vm, doesn’t appear to make a difference
Thomas Mangin
@thomas-mangin
Thank you for the update
I will try to get it tested in a real machine tomorrow
sanjmonkey
@sanjmonkey
@thomas-mangin I’ve had fun trying some ‘real’ machines today. Surprising how scarce they’ve become. So far I’ve only managed to get my hands on, OSX (message saying no support in Darwin), Arch linux (no TCP_MD5SIG in kernel), Raspbian (currently recompiling kernel to support TCP_MD5SIG, yes, really)….!
have stolen a laptop and installing a current (supported) OS. let you know how I get on shortly
Thomas Mangin
@thomas-mangin
Good luck
My laptop security upgrade seems to have gone wrong but then when I last updated mac os it took hours to do