From 127bc77d2393908b2fb746802c75ea1ac6ef0693 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ermal=20Lu=E7i?= Date: Sun, 4 Oct 2009 18:20:51 +0000 Subject: Enable TCP-MD5 support on this pacakge. --- config/openbgpd/openbgpd.inc | 35 ++++++++++++++++++++++++++++++----- 1 file changed, 30 insertions(+), 5 deletions(-) (limited to 'config/openbgpd/openbgpd.inc') diff --git a/config/openbgpd/openbgpd.inc b/config/openbgpd/openbgpd.inc index 3c67262b..d105a80e 100644 --- a/config/openbgpd/openbgpd.inc +++ b/config/openbgpd/openbgpd.inc @@ -50,6 +50,7 @@ function openbgpd_install_conf() { $openbgpd_neighbors = &$config['installedpackages']['openbgpdneighbors']['config']; $conffile = "# This file was created by the pfSense package manager. Do not edit!\n\n"; + $setkeycf = ""; // Setup AS # if($openbgpd_conf['asnum']) @@ -83,10 +84,16 @@ function openbgpd_install_conf() { if($neighbor['groupname'] == $group['name']) { $conffile .= " neighbor {$neighbor['neighbor']} {\n"; $conffile .= " descr \"{$neighbor['descr']}\"\n"; - if($neighbor['md5sigpass']) + if($neighbor['md5sigpass']) { + $setkeycf .= "delete {$openbgpd_conf['listenip']} {$neighbor['neighbor']} tcp 0x1000;\n"; + $setkeycf .= "add {$openbgpd_conf['listenip']} {$neighbor['neighbor']} tcp 0x1000 -A tcp-md5 \"{$neighbor['md5sigpass']}\";\n"; $conffile .= " tcp md5sig password {$neighbor['md5sigpass']}\n"; - if($neighbor['md5sigkey']) - $conffile .= " tcp md5sig key {$neighbor['md5sigkey']}\n"; + } + if($neighbor['md5sigkey']) { + $setkeycf .= "delete {$openbgpd_conf['listenip']} {$neighbor['neighbor']} tcp 0x1000;\n"; + $setkeycf .= "add {$openbgpd_conf['listenip']} {$neighbor['neighbor']} tcp 0x1000 -A tcp-md5 0x{$neighbor['md5sigkey']};\n"; + $conffile .= " tcp md5sig key {$neighbor['md5sigkey']}\n"; + } foreach($neighbor['row'] as $row) { $conffile .= " {$row['paramaters']} {$row['parmvalue']} \n"; } @@ -103,11 +110,21 @@ function openbgpd_install_conf() { foreach($openbgpd_neighbors as $neighbor) { $used_this_item = false; if($neighbor['groupname'] == "") { - $conffile .= " neighbor {$neighbor['neighbor']} {\n"; + $conffile .= "neighbor {$neighbor['neighbor']} {\n"; $conffile .= " descr \"{$neighbor['descr']}\"\n"; + if ($neighbor['md5sigpass']) { + $setkeycf .= "delete {$openbgpd_conf['listenip']} {$neighbor['neighbor']} tcp 0x1000;\n"; + $setkeycf .= "add {$openbgpd_conf['listenip']} {$neighbor['neighbor']} tcp 0x1000 -A tcp-md5 \"{$neighbor['md5sigpass']}\";\n"; + $conffile .= " tcp md5sig password {$neighbor['md5sigpass']}\n"; + } + if ($neighbor['md5sigkey']) { + $setkeycf .= "delete {$openbgpd_conf['listenip']} {$neighbor['neighbor']} tcp 0x1000;\n"; + $setkeycf .= "add {$openbgpd_conf['listenip']} {$neighbor['neighbor']} tcp 0x1000 -A tcp-md5 0x{$neighbor['md5sigkey']};\n"; + $conffile .= " tcp md5sig key {$neighbor['md5sigkey']}\n"; + } $used_this_item = true; foreach($neighbor['row'] as $row) { - $conffile .= " {$row['paramaters']} {$row['parmvalue']} \n"; + $conffile .= " {$row['paramaters']} {$row['parmvalue']} \n"; } } } @@ -144,6 +161,14 @@ function openbgpd_install_conf() { exec("chmod a-rw /usr/local/etc/bgpd.conf"); exec("chmod u+rw /usr/local/etc/bgpd.conf"); + // TCP-MD5 support on freebsd. See tcp(5) for more + if ($neighbor['md5sigpass'] <> "" || $neighbor['md5sigkey'] <> "") { + $fd = fopen("{$g['tmp_path']}/bgpdsetkey.conf", "w"); + fwrite($fd, $setkeycf ); + fclose($fd); + exec("setkey -f {$g['tmp_path']}/bgpdsetkey.conf"); + } + // bgpd process running? if so reload, elsewise start. if(is_openbgpd_running() == true) { exec("bgpctl reload"); -- cgit v1.2.3