[Bug 223835] BGP session not established with md5 password via FRRouting

[bugzilla-noreply]

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=223835

Alexey  changed:

   What|Removed |Added

 Status|Open|Closed
 Resolution|--- |FIXED

-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
freebsd-net@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"

[Bug 223835] BGP session not established with md5 password via FRRouting

[bugzilla-noreply]

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=223835

--- Comment #37 from Alexey  ---
(In reply to Andrey V. Elsukov from comment #19)
Hello.
Today I was able to update and test everything. Everything is working fine.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
freebsd-net@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"

[Bug 223835] BGP session not established with md5 password via FRRouting

[bugzilla-noreply]

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=223835

--- Comment #36 from Felipe N. Oliva  ---
(In reply to Andrey V. Elsukov from comment #35)

Of course and thank you.
Do I need to use the SA from IPSec too or with your patch I can use on openbgpd
configuration?

-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
freebsd-net@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"

[Bug 223835] BGP session not established with md5 password via FRRouting

[bugzilla-noreply]

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=223835

--- Comment #35 from Andrey V. Elsukov  ---
Created attachment 191795
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=191795=edit
patch to net/openbgpd port

I looked at the openbgpd code from ports. Port has wrong patch, because of
which openbgbd doesn't enable TCP_MD5SIG option for used sockets and thus MD5
signatures don't work.

Can you replace files/patch-bgpd_session.c with attached file and rebuild
openbgpd, then test again?

-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
freebsd-net@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"

[Bug 223835] BGP session not established with md5 password via FRRouting

[bugzilla-noreply]

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=223835

--- Comment #34 from Andrey V. Elsukov  ---
> (In reply to Felipe N. Oliva from comment #31)
> > netstat -sp tcp | grep sig
> > 0 packets with matching signature received
> > 0 packets with bad signature received
> > 0 times failed to make signature due to no SA
> > 0 times unexpected signature received
> > 0 times no signature provided by segment
> 
> It seems there were not any attempt to use TCP-MD5, probably you need to
> properly configure your BGP daemon. 
> 

When application wants to use TCP-MD5 signatures, it uses TCP_MD5SIG socket
option to enable this feature. When socket has enabled this feature and no SAs
are presents, or option is enabled and TCP segments have not such option there
will be some counters incremented. In your case application did not enable this
socket option, this is why I think about wrong configuration.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
freebsd-net@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"

[Bug 223835] BGP session not established with md5 password via FRRouting

[bugzilla-noreply]

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=223835

--- Comment #33 from Felipe N. Oliva  ---
(In reply to Andrey V. Elsukov from comment #32)
pfSense with problem too.
https://redmine.pfsense.org/issues/7969

-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
freebsd-net@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"

[Bug 223835] BGP session not established with md5 password via FRRouting

[bugzilla-noreply]

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=223835

--- Comment #32 from Andrey V. Elsukov  ---
(In reply to Felipe N. Oliva from comment #31)
> (In reply to Andrey V. Elsukov from comment #30)
> I will try with TSO/LRO.
> Interface: ix (intel 10g)
> Doesn't work with ipv4 and ipv6.
> 
> netstat -sp tcp | grep sig
>   0 packets with matching signature received
>   0 packets with bad signature received
>   0 times failed to make signature due to no SA
>   0 times unexpected signature received
>   0 times no signature provided by segment

It seems there were not any attempt to use TCP-MD5, probably you need to
properly configure your BGP daemon. 

> FreeBSD 10.3 was working with only one direction. Did anything change?

Yes.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
freebsd-net@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"

[Bug 223835] BGP session not established with md5 password via FRRouting

[bugzilla-noreply]

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=223835

--- Comment #31 from Felipe N. Oliva  ---
(In reply to Andrey V. Elsukov from comment #30)
I will try with TSO/LRO.
Interface: ix (intel 10g)
Doesn't work with ipv4 and ipv6.

netstat -sp tcp | grep sig
0 packets with matching signature received
0 packets with bad signature received
0 times failed to make signature due to no SA
0 times unexpected signature received
0 times no signature provided by segment

/etc/ipsec.conf:
add -4  187.16.216.55 tcp 0x1000 -A tcp-md5 ""; # GOOGLE
add -4 187.16.216.55  tcp 0x1000 -A tcp-md5 ""; # GOOGLE
add -4  187.16.218.58 tcp 0x1000 -A tcp-md5 ""; # GOOGLE
add -4 187.16.218.58  tcp 0x1000 -A tcp-md5 ""; # GOOGLE
add -6  2001:12f8::55 tcp 0x1000 -A tcp-md5 ""; # GOOGLE
add -6 2001:12f8::55  tcp 0x1000 -A tcp-md5 ""; # GOOGLE
add -6  2001:12f8::218:58 tcp 0x1000 -A tcp-md5 ""; # GOOGLE
add -6 2001:12f8::218:58  tcp 0x1000 -A tcp-md5 ""; # GOOGLE

setkey -D
2001:12f8::218:58 
tcp mode=any spi=130789163(0x07cbaf2b) reqid=0(0x)
A: tcp-md5  6a757472 616e3764 45625577 72366339
seq=0x replay=0 flags=0x0040 state=mature
created: Feb 27 08:36:12 2018   current: Feb 27 08:41:32 2018
diff: 320(s)hard: 0(s)  soft: 0(s)
last:   hard: 0(s)  soft: 0(s)
current: 0(bytes)   hard: 0(bytes)  soft: 0(bytes)
allocated: 0hard: 0 soft: 0
sadb_seq=7 pid=74097 refcnt=1
 2001:12f8::218:58
tcp mode=any spi=205209160(0x0c3b3e48) reqid=0(0x)
A: tcp-md5  6a757472 616e3764 45625577 72366339
seq=0x replay=0 flags=0x0040 state=mature
created: Feb 27 08:36:12 2018   current: Feb 27 08:41:32 2018
diff: 320(s)hard: 0(s)  soft: 0(s)
last:   hard: 0(s)  soft: 0(s)
current: 0(bytes)   hard: 0(bytes)  soft: 0(bytes)
allocated: 0hard: 0 soft: 0
sadb_seq=6 pid=74097 refcnt=1
2001:12f8::55 
tcp mode=any spi=17778168(0x010f45f8) reqid=0(0x)
A: tcp-md5  6a757472 616e3764 45625577 72366339
seq=0x replay=0 flags=0x0040 state=mature
created: Feb 27 08:36:12 2018   current: Feb 27 08:41:32 2018
diff: 320(s)hard: 0(s)  soft: 0(s)
last:   hard: 0(s)  soft: 0(s)
current: 0(bytes)   hard: 0(bytes)  soft: 0(bytes)
allocated: 0hard: 0 soft: 0
sadb_seq=5 pid=74097 refcnt=1
 2001:12f8::55
tcp mode=any spi=11511344(0x00afa630) reqid=0(0x)
A: tcp-md5  6a757472 616e3764 45625577 72366339
seq=0x replay=0 flags=0x0040 state=mature
created: Feb 27 08:36:12 2018   current: Feb 27 08:41:32 2018
diff: 320(s)hard: 0(s)  soft: 0(s)
last:   hard: 0(s)  soft: 0(s)
current: 0(bytes)   hard: 0(bytes)  soft: 0(bytes)
allocated: 0hard: 0 soft: 0
sadb_seq=4 pid=74097 refcnt=1
187.16.218.58 
tcp mode=any spi=49404247(0x02f1d957) reqid=0(0x)
A: tcp-md5  6a757472 616e3764 45625577 72366339
seq=0x replay=0 flags=0x0040 state=mature
created: Feb 27 08:36:12 2018   current: Feb 27 08:41:32 2018
diff: 320(s)hard: 0(s)  soft: 0(s)
last:   hard: 0(s)  soft: 0(s)
current: 0(bytes)   hard: 0(bytes)  soft: 0(bytes)
allocated: 0hard: 0 soft: 0
sadb_seq=3 pid=74097 refcnt=1
 187.16.218.58
tcp mode=any spi=209590058(0x0c7e172a) reqid=0(0x)
A: tcp-md5  6a757472 616e3764 45625577 72366339
seq=0x replay=0 flags=0x0040 state=mature
created: Feb 27 08:36:12 2018   current: Feb 27 08:41:32 2018
diff: 320(s)hard: 0(s)  soft: 0(s)
last:   hard: 0(s)  soft: 0(s)
current: 0(bytes)   hard: 0(bytes)  soft: 0(bytes)
allocated: 0hard: 0 soft: 0
sadb_seq=2 pid=74097 refcnt=1
187.16.216.55 
tcp mode=any spi=124856546(0x077128e2) reqid=0(0x)
A: tcp-md5  6a757472 616e3764 45625577 72366339
seq=0x replay=0 flags=0x0040 state=mature
created: Feb 27 08:36:12 2018   current: Feb 27 08:41:32 2018
diff: 320(s)hard: 0(s)  soft: 0(s)
last:   hard: 0(s)  soft: 0(s)
current: 0(bytes)   hard: 0(bytes)  soft: 0(bytes)
allocated: 0hard: 0 soft: 0
sadb_seq=1 pid=74097 refcnt=1
 187.16.216.55
tcp mode=any spi=4096(0x1000) reqid=0(0x)
A: tcp-md5  6a757472 616e3764 45625577 72366339
seq=0x replay=0 flags=0x0040 state=mature
created: Feb 27 08:36:12 2018   current: Feb 27 08:41:32 

[Bug 223835] BGP session not established with md5 password via FRRouting

[bugzilla-noreply]

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=223835

--- Comment #30 from Andrey V. Elsukov  ---
(In reply to Felipe N. Oliva from comment #29)
> (In reply to Andrey V. Elsukov from comment #28)
> Yes, here is 11.1-STABLE r329758.
> 
> interface:
> vlan1977: flags=8843 metric 0 mtu
> 1500
>   options=600703
> 
> kernel:
> options   IPSEC
> options   TCP_SIGNATURE
> devicecrypto

Did you try to disable rx/txcsum? What interface is used as parent for vlans?
Does IPv6 work for you but IPv4 doesn't? 
What `netstat -sp tcp | grep sig` shows? 
Does setkey -D shows SAs for both directions?

-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
freebsd-net@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"

[Bug 223835] BGP session not established with md5 password via FRRouting

[bugzilla-noreply]

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=223835

--- Comment #29 from Felipe N. Oliva  ---
(In reply to Andrey V. Elsukov from comment #28)
Yes, here is 11.1-STABLE r329758.

interface:
vlan1977: flags=8843 metric 0 mtu 1500
options=600703

kernel:
options IPSEC
options TCP_SIGNATURE
device  crypto

-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
freebsd-net@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"

[Bug 223835] BGP session not established with md5 password via FRRouting

[bugzilla-noreply]

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=223835

--- Comment #28 from Andrey V. Elsukov  ---
(In reply to Felipe N. Oliva from comment #26)
> (In reply to Olivier Cochard from comment #21)
> Oliver, your problem is only without TSO/LRO?
> I have the same problem, but TSO/LRO enabled in 11.1-p6 and
> 11.1-stable(r329156).
> My environment is with openbgp.

Felipe, is it still problem for you?

-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
freebsd-net@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"

[Bug 223835] BGP session not established with md5 password via FRRouting

[bugzilla-noreply]

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=223835

--- Comment #27 from commit-h...@freebsd.org ---
A commit references this bug:

Author: ae
Date: Sun Feb 18 11:36:46 UTC 2018
New revision: 329518
URL: https://svnweb.freebsd.org/changeset/base/329518

Log:
  MFC r329101:
Reinitialize IP header length after checksum calculation. It is used
later by TCP-MD5 code.

This fixes the problem with broken TCP-MD5 over IPv4 when NIC has
disabled TCP checksum offloading.

PR: 223835

Changes:
_U  stable/11/
  stable/11/sys/netinet/tcp_input.c

-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
freebsd-net@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"

[Bug 223835] BGP session not established with md5 password via FRRouting

[bugzilla-noreply]

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=223835

--- Comment #26 from Felipe N. Oliva  ---
(In reply to Olivier Cochard from comment #21)
Oliver, your problem is only without TSO/LRO?
I have the same problem, but TSO/LRO enabled in 11.1-p6 and
11.1-stable(r329156).
My environment is with openbgp.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
freebsd-net@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"

[Bug 223835] BGP session not established with md5 password via FRRouting

[bugzilla-noreply]

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=223835

--- Comment #25 from commit-h...@freebsd.org ---
A commit references this bug:

Author: ae
Date: Sat Feb 10 10:13:18 UTC 2018
New revision: 329101
URL: https://svnweb.freebsd.org/changeset/base/329101

Log:
  Reinitialize IP header length after checksum calculation. It is used
  later by TCP-MD5 code.

  This fixes the problem with broken TCP-MD5 over IPv4 when NIC has
  disabled TCP checksum offloading.

  PR:   223835
  MFC after:1 week

Changes:
  head/sys/netinet/tcp_input.c

-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
freebsd-net@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"

[Bug 223835] BGP session not established with md5 password via FRRouting

[bugzilla-noreply]

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=223835

--- Comment #24 from Marek Zarychta  ---
Thank you for the patch. I also confirm that it fixes the issue on 11.1-STABLE
for inet4. 
This with "options IPSEC_SUPPORT" default in GENERIC is going to make upcoming
11.2 the most TCP-MD5-friendly FreeBSD release ever.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
freebsd-net@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"

[Bug 223835] BGP session not established with md5 password via FRRouting

[bugzilla-noreply]

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=223835

Felipe N. Oliva  changed:

   What|Removed |Added

 CC||fel...@felipeoliva.eti.br

--- Comment #23 from Felipe N. Oliva  ---
(In reply to Olivier Cochard from comment #21)
I have the same problem, but with OpenBGPd.

I will try the patch!

Thanks,

-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
freebsd-net@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"

[Bug 223835] BGP session not established with md5 password via FRRouting

[bugzilla-noreply]

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=223835

--- Comment #21 from Olivier Cochard  ---

Thanks for this patch!

It fixes my problem  (applied on -stable):

[root@router]~# netstat -ss | grep sign
40 packets with matching signature received

and now my inet4 TCP MD5 works:

[root@router]~# birdcl
BIRD 2.0.1 ready.
bird> show protocol R2inet4
Name   Proto  Table  State  Since Info
R2inet4BGP---up 15:58:36.337  Established

-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
freebsd-net@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"

[Bug 223835] BGP session not established with md5 password via FRRouting

[bugzilla-noreply]

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=223835

Rodney W. Grimes  changed:

   What|Removed |Added

 CC||freebsd-net@FreeBSD.org

-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
freebsd-net@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"

[Bug 223835] BGP session not established with md5 password via FRRouting

[bugzilla-noreply]

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=223835

Andrey V. Elsukov  changed:

   What|Removed |Added

   Assignee|freebsd-net@FreeBSD.org |a...@freebsd.org

--- Comment #19 from Andrey V. Elsukov  ---
Created attachment 190461
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=190461=edit
Proposed patch

Can you try this patch?

-- 
You are receiving this mail because:
You are the assignee for the bug.
___
freebsd-net@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"

[Bug 223835] BGP session not established with md5 password via FRRouting

[bugzilla-noreply]

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=223835

--- Comment #18 from Andrey V. Elsukov  ---
(In reply to Olivier Cochard from comment #17)
> I've got the same problem regarding my inet4 BGP sessions using MD5 on all
> my bhyve and virtualbox virtual lab (using vtnet and em interface).
> I don't have the problem regarding inet6 BGP session using MD5 on the same
> labs.
> Can bug be related to my problems ?

Probably it is not related to drivers, I'll check this a bit later.

-- 
You are receiving this mail because:
You are the assignee for the bug.
___
freebsd-net@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"

[Bug 223835] BGP session not established with md5 password via FRRouting

[bugzilla-noreply]

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=223835

Olivier Cochard  changed:

   What|Removed |Added

 CC||oliv...@freebsd.org

--- Comment #17 from Olivier Cochard  ---
I've got the same problem regarding my inet4 BGP sessions using MD5 on all my
bhyve and virtualbox virtual lab (using vtnet and em interface).
I don't have the problem regarding inet6 BGP session using MD5 on the same
labs.
Can bug be related to my problems ?

-- 
You are receiving this mail because:
You are the assignee for the bug.
___
freebsd-net@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"

[Bug 223835] BGP session not established with md5 password via FRRouting

[bugzilla-noreply]

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=223835

--- Comment #16 from Marek Zarychta  ---
The bug is strictly related to disabling RXCSUMs on NIC. Other Intel drivers em
(4) and igb (4) reveal the same behaviour. I have not tested NICs from other
vendors.  
In fact, pcap dumps taken on interface shows that everything is fine, but
counter of "packets with bad signature received" increases and TCP handshake
couldn't be established when using TCP MD5 signed packets.

-- 
You are receiving this mail because:
You are the assignee for the bug.
___
freebsd-net@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"

[Bug 223835] BGP session not established with md5 password via FRRouting

[bugzilla-noreply]

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=223835

Alexey  changed:

   What|Removed |Added

 Resolution|Not A Bug   |---
 Status|Closed  |Open

--- Comment #15 from Alexey  ---
Device that have bug: Intel® Ethernet X710-DA2

ixl0:  mem
0xdd80-0xddff,0xde808000-0xde80 irq 17 at device 0.0 on pci2
ixl0: Using MSIX interrupts with 5 vectors
ixl0: fw 4.40.35115 api 1.4 nvm 4.53 etid 8000226b oem 1.268.0
ixl0: PF-ID[0]: VFs 64, MSIX 129, VF MSIX 5, QPs 768, I2C
ixl0: Allocating 4 queues for PF LAN VSI; 4 queues active
ixl0: Ethernet address: 68:05:ca:41:e8:18
ixl0: PCI Express Bus: Speed 8.0GT/s Width x8
ixl0: SR-IOV ready
queues is 0xf800067b1000

At this night I weel try check for Intel® Ethernet X520-DA2 for this bug.

-- 
You are receiving this mail because:
You are the assignee for the bug.
___
freebsd-net@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"

[Bug 223835] BGP session not established with md5 password via FRRouting

[bugzilla-noreply]

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=223835

Andrey V. Elsukov  changed:

   What|Removed |Added

 CC||sbr...@freebsd.org
   Keywords||IntelNetworking

-- 
You are receiving this mail because:
You are the assignee for the bug.
___
freebsd-net@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"

[Bug 223835] BGP session not established with md5 password via FRRouting

[bugzilla-noreply]

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=223835

--- Comment #14 from Alexey  ---
(In reply to Andrey V. Elsukov from comment #13)
What do I do in this case, reopen the issue?

-- 
You are receiving this mail because:
You are the assignee for the bug.
___
freebsd-net@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"

[Bug 223835] BGP session not established with md5 password via FRRouting

[bugzilla-noreply]

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=223835

--- Comment #13 from Andrey V. Elsukov  ---
(In reply to Alexey from comment #12)
> I'm not sure if this is a bug. Maybe just for this faket must be mentioned
> in the documentation

I think it is driver's bug and driver should be fixed if it does not correctly
support checksum offloading.

-- 
You are receiving this mail because:
You are the assignee for the bug.
___
freebsd-net@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"

[Bug 223835] BGP session not established with md5 password via FRRouting

[bugzilla-noreply]

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=223835

Alexey  changed:

   What|Removed |Added

 Status|Open|Closed
 Resolution|--- |Not A Bug
   Severity|Affects Only Me |Affects Many People

--- Comment #12 from Alexey  ---
I'm not sure if this is a bug. Maybe just for this faket must be mentioned in
the documentation

-- 
You are receiving this mail because:
You are the assignee for the bug.
___
freebsd-net@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"

[Bug 223835] BGP session not established with md5 password via FRRouting

[bugzilla-noreply]

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=223835

Alexey  changed:

   What|Removed |Added

 Resolution|Not A Bug   |---
 Status|Closed  |Open

--- Comment #11 from Alexey  ---
Maybe it's still a bug.

-- 
You are receiving this mail because:
You are the assignee for the bug.
___
freebsd-net@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"

[Bug 223835] BGP session not established with md5 password via FRRouting

[bugzilla-noreply]

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=223835

Alexey  changed:

   What|Removed |Added

 Resolution|--- |Not A Bug
 Status|New |Closed

--- Comment #10 from Alexey  ---
Good night everybody.
The problem is solved.
Many thanks to Marek Zarychta mailto:zarych...@plan-b.pwste.edu.pl for the
help.
He showed me a similar problem:
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=219453.
Аnd indeed, the problem was that on the interface TX/RX checksums was disabled.

Now everything works with the following settings:

On interface ix0 or ixl0 or other must be turn ON: rxcsum txcsum; (ifconfig
ixl0 rxcsum txcsum)

At /etc/rc.conf:
ifconfig_ixl0="up -tso -lro -vlanhwtso" (I disabled only tso and lro)
ipsec_enable="YES"
ipsec_file="/etc/ipsec.conf"

At /etc/ipsec.conf:
flush;
add 185.1.62.241 185.1.62.69 tcp 0x1000 -A tcp-md5 "some_password";
add 185.1.62.69 185.1.62.241 tcp 0x1001 -A tcp-md5 "some_password";

On kernel you must add next:
options IPSEC   # IP (v4/v6) security
options IPSEC_SUPPORT   # Allow kldload of ipsec and tcpmd5
# The crypto framework is required by IPSEC
device  crypto  # Required by IPSEC
device  cryptodev
options TCP_SIGNATURE

And need set password for neighbor on FRRouting, for example:
 neighbor 185.1.62.69 password some_password

I think it's necessary to describe all this in documentation. 
This would be good, as this problem arises for many. Or you can simply forget
about it :)

-- 
You are receiving this mail because:
You are the assignee for the bug.
___
freebsd-net@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"

Re: [Bug 223835] BGP session not established with md5 password via FRRouting

[Marek Zarychta]

On Fri, Nov 24, 2017 at 01:36:41PM +, bugzilla-nore...@freebsd.org wrote:
> https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=223835
> 
> Mark Linimon  changed:
> 
>What|Removed |Added
> 
>Assignee|freebsd-b...@freebsd.org|freebsd-net@FreeBSD.org
> 
> -- 
> You are receiving this mail because:
> You are the assignee for the bug.
> ___
> freebsd-net@freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-net
> To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"

Hi Alexey,

Some time ago I had the similar problem with TCP MD5 on LAGG interface.
It came out that the problem has nothing to do with LAGG.

If the interfaces do not support TX/RX checksums in hardware TCP MD5
signatures seem to be incorrect on 11.1-STABLE.
It is wasn't documented anywhere, I have changed NICs.

See the original thread:

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=219453

Best regards,

-- 
Marek Zarychta


signature.asc
Description: PGP signature

[Bug 223835] BGP session not established with md5 password via FRRouting

[bugzilla-noreply]

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=223835

--- Comment #9 from Alexey  ---
Created attachment 188240
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=188240=edit
TCPDUMP file for 185.1.62.69

I'm repeat command: 'tcpdump -M some_password -i vlan62 -XXX -vvv -n host
185.1.62.69' and save data to file for next analized.

-- 
You are receiving this mail because:
You are the assignee for the bug.
___
freebsd-net@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"

[Bug 223835] BGP session not established with md5 password via FRRouting

[bugzilla-noreply]

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=223835

Mark Linimon  changed:

   What|Removed |Added

   Assignee|freebsd-b...@freebsd.org|freebsd-net@FreeBSD.org

-- 
You are receiving this mail because:
You are the assignee for the bug.
___
freebsd-net@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"