Subject: openbgpd 3.7
To: None <>
From: Thomas E. Spanjaard <>
List: tech-net
Date: 01/22/2006 13:59:49
This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit

I have finished my port of OpenBGPd 3.7, with support for TCP MD5 
signatures. It's available via subversion from 
svn:// . As I think I 
have ironed the problems out, I want others to test, and perhaps include 
it in base. Note that IPsec ESP/AH authentication isn't operational yet, 
as someone(*cough* riz *cough* ;)) needs to upgrade our IPsec/SA stuff 
to what OpenBSD has. Also, you need to run a -current dated post the 
17th of January (or rather, have version 1.11 of 
src/sys/dist/pf/net/pfvar.h), or patch /usr/include/net/pfvar.h to 
include <netinet/in.h> yourself. This way, it works from NetBSD_3.0 and 
up, perhaps even some 2.99.x -currents. I have tested it personally on 
3.0_STABLE, 3.0_RELEASE, and 3.99.9.

The Makefile is a bit of a kludge, and doesn't set the right 
modes/uids/gids on the rcscript and sample bgpd.conf yet (the 
'etcinstall' target). This code will go once openbgpd is integrated in base.

For TCP MD5 signatures, be sure to run a kernel with options IPSEC or 
FAST_IPSEC and options TCP_SIGNATURE. The key is set by bgpd itself, and 
configured from /etc/bgpd.conf, instead of setkey(8) incantations quagga 
currently seems to require.

I have also posted this on

         Thomas E. Spanjaard

Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

Version: GnuPG v1.4.2 (NetBSD)