On 08/08/12 00:00, Dan Candea wrote: > On 07/04/2012 05:09 AM, Paul Gear wrote: >> Hi all, >> >> The quagga ospfd module in pfSense 2.0.1 amd64 has a flaw in how it >> writes the config file, which causes MD5 authentication to fail. >> Basically, it puts quotes around the message-digest-key supplied, which >> is not required, and is taken by quagga as part of the password. This >> causes a mismatch with other (non-pfSense) OSPF routers. e.g. If my >> other systems use asdf1234 as the password, they get a mismatch, because >> pfSense uses "asdf1234". >> >> I've prepared a one-line patch to quagga_ospfd.inc to fix this, but i'm >> wondering about input validation. I've had a look through the quagga >> source code trying to find out what it accepts as valid characters in an >> MD5 key, and i can't follow their code well enough to work out where the >> input validation is done. Nothing in RFC2328 suggests that there are >> any restrictions whatsoever on the characters in the key, but presumably >> quagga must have some restrictions in order to read it from an ASCII or >> UTF-8 (not sure which) config file. >> >> Any thoughts? >> >> Thanks in advance, >> Paul >> > Hi > > I'm not sure about this. I'm using sane version, md5 authentication, one > session with a Cisco and another with a Linux Quagga. It works fine.
Does your Cisco password contain quotes? What does /var/etc/quagga/ospfd.conf on your pfSense box look like? I have an HP 5500-EI switch and 5 Linux boxes running various versions of Quagga in the same OSPF area and they all work except for pfSense until i take out the quotes. Happy to share exact configs if that helps. To me, this is a clear bug - take out the quotes and everything works; put them back in and it doesn't. Paul _______________________________________________ List mailing list [email protected] http://lists.pfsense.org/mailman/listinfo/list
