Subject: Re: TCP_SIGNATURE on sparc64?
To: Peter Eisch <peter@boku.net>
From: Peter Eisch <peter@boku.net>
List: current-users
Date: 07/29/2004 22:48:25
> This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.
--B_3173986105_67937701
Content-type: text/plain; charset="ISO-8859-1"
Content-transfer-encoding: quoted-printable
Okay, it didn't go swell. I'm getting:
Jul 29 22:19:47 netrat1 bgpd[536]: BGPd 0.94 starting: vty@2605, bgp@179
Jul 29 22:19:53 netrat1 bgpd[536]: can't connect to pe.er.ip.addr fd 10 :
Operation not permitted
Jul 29 22:20:25 netrat1 bgpd[536]: %ADJCHANGE: neighbor loc.al.ip.addr Up
Jul 29 22:20:41 netrat1 bgpd[536]: %ADJCHANGE: neighbor oth.er.ip.addr Up
And tcpdump/syslog shows:
22:23:42.981954 pe.er.ip.addr.3127 > my.rtr.ip.addr.bgp: S
1052823430:1052823430(0) win 16384 <mss 4430,nop,wscale 0,nop,nop,timestamp
2339942757 0,nop,nop,opt-19:6a9907be8ba8c1ab934f1ae3310cbd67> [tos 0xc0]
Jul 29 22:23:53 netrat1 bgpd[536]: can't connect to 66.84.128.10 fd 12 :
Operation not permitted
22:23:54.982145 pe.er.ip.addr.3127 > my.rtr.ip.addr.bgp: S
1052823430:1052823430(0) win 16384 <mss 4430,nop,wscale 0,nop,nop,timestamp
2339943957 0,nop,nop,opt-19:6a9907be8ba8c1ab934f1ae3310cbd67> [tos 0xc0]
What=B9s the right way to debug this? My kernel is basically GENERIC with:
> options IPSEC # IP security
> options IPSEC_ESP # IP security (encryption part; def=
ine
w/IPSEC)
> options IPSEC_DEBUG # debug for IP security
> options TCP_SIGNATURE # TCP MD5 Signatures, for BGP routi=
ng
sessions
> options GATEWAY
I kick up another box (same kernel, same zebra build) on the same lan and I
get the same message.
Jul 29 22:44:47 netrat1 bgpd[536]: can't connect to 12.30.65.29 fd 13 :
Operation not permitted
Jul 29 22:44:59 mons bgpd[980]: can't connect to 12.30.65.27 fd 11 :
Operation not permitted
Ideas?
Thanks,
peter
--B_3173986105_67937701
Content-type: text/html; charset="ISO-8859-1"
Content-transfer-encoding: quoted-printable
<HTML>
<HEAD>
<TITLE>Re: TCP_SIGNATURE on sparc64?</TITLE>
</HEAD>
<BODY>
<FONT FACE=3D"Verdana"><SPAN STYLE=3D'font-size:12.0px'><BR>
Okay, it didn't go swell. I'm getting:<BR>
<BR>
</SPAN></FONT><SPAN STYLE=3D'font-size:12.0px'><FONT FACE=3D"Courier">Jul 29 22=
:19:47 netrat1 bgpd[536]: BGPd 0.94 starting: vty@2605, bgp@179<BR>
Jul 29 22:19:53 netrat1 bgpd[536]: can't connect to pe.er.ip.addr fd 10 : O=
peration not permitted<BR>
Jul 29 22:20:25 netrat1 bgpd[536]: %ADJCHANGE: neighbor loc.al.ip.addr Up<B=
R>
Jul 29 22:20:41 netrat1 bgpd[536]: %ADJCHANGE: neighbor oth.er.ip.addr Up<B=
R>
</FONT><FONT FACE=3D"Verdana"><BR>
And tcpdump/syslog shows:<BR>
<BR>
</FONT><FONT FACE=3D"Courier">22:23:42.981954 pe.er.ip.addr.3127 > my.rtr.=
ip.addr.bgp: S 1052823430:1052823430(0) win 16384 <mss 4430,nop,wscale 0,=
nop,nop,timestamp 2339942757 0,nop,nop,opt-19:6a9907be8ba8c1ab934f1ae3310cbd=
67> [tos 0xc0] <BR>
<BR>
Jul 29 22:23:53 netrat1 bgpd[536]: can't connect to 66.84.128.10 fd 12 : Op=
eration not permitted<BR>
<BR>
22:23:54.982145 pe.er.ip.addr.3127 > my.rtr.ip.addr.bgp: S 1052823430:10=
52823430(0) win 16384 <mss 4430,nop,wscale 0,nop,nop,timestamp 2339943957=
0,nop,nop,opt-19:6a9907be8ba8c1ab934f1ae3310cbd67> [tos 0xc0] <BR>
</FONT><FONT FACE=3D"Verdana"><BR>
What’s the right way to debug this? My kernel is basically GENE=
RIC with:<BR>
<BR>
> options &n=
bsp; IPSEC =
# IP security<BR>
> options &n=
bsp; IPSEC_ESP # IP sec=
urity (encryption part; define w/IPSEC)<BR>
> options &n=
bsp; IPSEC_DEBUG # debug for IP sec=
urity<BR>
> options &n=
bsp; TCP_SIGNATURE # TCP MD5 Signatures, for BG=
P routing sessions<BR>
> options &n=
bsp; GATEWAY<BR>
<BR>
I kick up another box (same kernel, same zebra build) on the same lan and I=
get the same message.<BR>
<BR>
</FONT><FONT FACE=3D"Courier">Jul 29 22:44:47 netrat1 bgpd[536]: can't connec=
t to 12.30.65.29 fd 13 : Operation not permitted<BR>
Jul 29 22:44:59 mons bgpd[980]: can't connect to 12.30.65.27 fd 11 : Operat=
ion not permitted<BR>
</FONT><FONT FACE=3D"Verdana"><BR>
Ideas?<BR>
<BR>
Thanks,<BR>
<BR>
peter</FONT></SPAN>
</BODY>
</HTML>
--B_3173986105_67937701--