Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
  • Sep 19 10:23
    mattoddy commented #916
  • Sep 18 10:26
    thomas-mangin commented #916
  • Sep 18 08:27
    mattoddy opened #916
  • Sep 14 11:24
    pettai closed #912
  • Sep 14 11:24
    pettai commented #912
  • Sep 12 10:42
    thomas-mangin commented #915
  • Sep 12 09:15
    omkartikare closed #915
  • Sep 12 09:15
    omkartikare edited #915
  • Sep 12 07:53
    omkartikare edited #915
  • Sep 12 07:52
    omkartikare opened #915
  • Sep 11 15:30
    mattoddy commented #913
  • Sep 09 11:27
    thomas-mangin commented #912
  • Sep 08 08:12
    thomas-mangin commented #912
  • Sep 05 11:22
    pettai commented #912
  • Sep 05 10:37
    thomas-mangin commented #912
  • Sep 05 10:31
    thomas-mangin commented #912
  • Sep 05 10:07
    pettai commented #912
  • Sep 05 10:06
    pettai commented #912
  • Sep 05 10:06
    pettai commented #912
  • Sep 04 19:31
    pettai commented #912
Thomas Mangin
@thomas-mangin
Perhaps this week-end
I am at loss tho and want to ask Andrej if he knows why
sanjmonkey
@sanjmonkey
ok no problem - thanks for letting me know :)
Thomas Mangin
@thomas-mangin
I wish I could be more useful but we are trying to migrate ERP and have hard deadlines on our content filtering software … So I am quite overloaded atm.
well, we are migrating but it takes the time it takes to get it 100% right and last minutes issues are always fun !
Thomas Mangin
@thomas-mangin
@sanjmonkey not forgotten about MD5 .. Just slow ….
sanjmonkey
@sanjmonkey
@thomas-mangin no problemo. I had a free hour this afternoon and started to look again. What is the significance of MD5SIG and 14? Is this OS specific implementation (linux/tcp.h I assume) I missed?
Thomas Mangin
@thomas-mangin
I was not available this afternoon - going to have a look
Thomas Mangin
@thomas-mangin
Yes, it is
sanjmonkey
@sanjmonkey
Im not afraid to admit it @thomas-mangin, I’m a bit stumped. At least I’ve learnt a bit about socket programming today if nothing else :) I’m not able to prove this, but I’m not convinced python socket correctly handles the access into the socket interface for TCP_MD5SIG. (side note; socket.socket.getsockopt(6,14) always returns '[Errno 92] Protocol not available' which is less than helpful.) I see EXA uses exactly the same function to set MD5 .setsockopt() for the correctly functioning outgoing packet (I agree with the packing too), so my doubt is with perhaps how this option is interpreted by socket.socket.listen()
Last time I looked they did how we did
I will have to look at their BSD support at some point to see if I can learn something
I can not see anything wrong with the code neither ...
sanjmonkey
@sanjmonkey
hi @thomas-mangin
re: MD5. a colleage of mine (Dave Overton) and I looked at it again this afternoon. He proved capacilities of linux MD5 listener with a quick c socket server / client setup. so that squashed some doubts in my mind, and we turned back to the python implementation
and we have a patch for exa
Thomas Mangin
@thomas-mangin
Hi @sanjmonkey - ohhh a patch :-) very very welcome :-)
sanjmonkey
@sanjmonkey
email ok?
Thomas Mangin
@thomas-mangin
@sanjmonkey
thomas-mangin/exabgp@a0b880e
Let me know if it does the trick - if so I will add an entry in CHANGELOG
sanjmonkey
@sanjmonkey
tested patch on a fresh clone of mainline 3.4.9 and its working for both active and passive ends. all good. cheers @thomas-mangin
Thomas Mangin
@thomas-mangin
@sanjmonkey Great :-)
sanjmonkey
@sanjmonkey
hi, me again :)
suppose you have multiple sessions you want to be passive for (listen on the same IP), I notice exa fails because if all local-addresses are the same IP, the lucky guy who goes first gets to bind (briefly) and the remainder bork
have you considered SO_REUSEPORT ?
Thomas Mangin
@thomas-mangin
Hi, That would not work
Sorry ..
It may work ...
sanjmonkey
@sanjmonkey
But it's not good practice ?
Thomas Mangin
@thomas-mangin
But if you run multiple ExaBGP the behaviour would become extremely unpredictable with the connection going to one of the application
The same will happen within one application - a random socket will get the connection which may not be the one you are expecting ...
Unless I am not fully understanding what you are trying to achieve ..
sanjmonkey
@sanjmonkey
Yes, I understand. But bind() seems to be limiting in this case as even when supplied with MD5 SO's (making it unique) it only takes into account local IP + port
Thomas Mangin
@thomas-mangin
You want to have something like
neighborg ( local ip A, remote ip B, passive )
neighbour ( local ip A, remote ip C, passive )
sanjmonkey
@sanjmonkey
I'll try passing multiple MD5 SO's to it for each of my neighbors before calling bind
Thomas Mangin
@thomas-mangin
Can I call you .. it would be simpler to understand your use case
I think I would need to change the listening code to :
  • allow more than one peer per listening IP
  • on connection reception, lookup the remote IP and dispatch to the right peer
Correct ?
sanjmonkey
@sanjmonkey
Sure. Will be in office in 30 mins
Thomas Mangin
@thomas-mangin
Ok - Drop me a mail with your number and I will call you
Thomas Mangin
@thomas-mangin
Thomas Mangin
@thomas-mangin
@sanjmonkey I just pushed a patch to my tree can you pull it ?