Attachment 151804 Details for Bug 184545 – OpenBGP port patch for proper tcp md5sig support.

[patch] OpenBGP port patch for proper tcp md5sig support.

patch_proapps-openbgpd-5.2.20121209_2.patch (text/plain), 14.33 KB, created by eksffa on 2015-01-18 19:34:31 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: eksffa

Created: 2015-01-18 19:34:31 UTC

Size: 14.33 KB

patch

obsolete

>diff -ur openbgpd/Makefile openbgpd.proapps/Makefile
>--- openbgpd/Makefile	2014-09-07 13:37:44.000000000 -0300
>+++ openbgpd.proapps/Makefile	2015-01-18 16:52:08.869286000 -0200
>@@ -1,4 +1,5 @@
>-# $FreeBSD: head/net/openbgpd/Makefile 367572 2014-09-07 16:37:44Z antoine $
>+# Created by: Florent Thoumie <flz@FreeBSD.org>
>+# $FreeBSD: ports/net/openbgpd/Makefile,v 1.35 2012/12/24 12:56:29 svnexp Exp $
> 
> PORTNAME=	openbgpd
> PORTVERSION=	5.2.20121209
>@@ -19,15 +20,18 @@
> CONFLICTS=	zebra-[0-9]* quagga-[0-9]*
> 
> WRKSRC=		${WRKDIR}
>+MANCOMPRESSED=	yes
> MAKE_ARGS=	-DFREEBSDPORTS
> USES=		uidfix
> USE_RC_SUBR=	${PORTNAME}
>-PLIST_FILES=	sbin/bgpctl sbin/bgpd man/man5/bgpd.conf.5.gz \
>-		man/man8/bgpctl.8.gz man/man8/bgpd.8.gz
>+PLIST_FILES=	sbin/bgpctl sbin/bgpd
> SUB_FILES=	pkg-message
> USERS=		_bgpd
> GROUPS=		_bgpd
> 
>+MAN5=		bgpd.conf.5
>+MAN8=		bgpctl.8 bgpd.8
>+
> OPTIONS_DEFINE=	IPV6LLPEER
> OPTIONS_DEFAULT=IPV6LLPEER
> IPV6LLPEER_DESC=Support nexthop using IPv6 link-local address
>diff -ur openbgpd/files/patch-bgpd_Makefile openbgpd.proapps/files/patch-bgpd_Makefile
>--- openbgpd/files/patch-bgpd_Makefile	2014-05-15 22:29:01.000000000 -0300
>+++ openbgpd.proapps/files/patch-bgpd_Makefile	2015-01-18 16:48:09.485108000 -0200
>@@ -16,9 +16,8 @@
> -SRCS=	bgpd.c buffer.c session.c log.c parse.y config.c imsg.c \
> +SRCS=	bgpd.c session.c log.c parse.y config.c \
>  	rde.c rde_rib.c rde_decide.c rde_prefix.c mrt.c kroute.c \
>--	control.c pfkey.c rde_update.c rde_attr.c printconf.c \
>+ 	control.c pfkey.c rde_update.c rde_attr.c printconf.c \
> -	rde_filter.c pftable.c name2id.c util.c carp.c timer.c
>-+	control.c pfkey_compat.c rde_update.c rde_attr.c printconf.c \
> +	rde_filter.c pftable.c name2id.c util.c carp.c timer.c \
> +	imsg.c imsg-buffer.c
>  CFLAGS+= -Wall -I${.CURDIR}
>diff -ur openbgpd/files/patch-bgpd_pfkey.c openbgpd.proapps/files/patch-bgpd_pfkey.c
>--- openbgpd/files/patch-bgpd_pfkey.c	2014-01-22 15:40:44.000000000 -0200
>+++ openbgpd.proapps/files/patch-bgpd_pfkey.c	2015-01-18 16:48:09.485108000 -0200
>@@ -1,26 +1,41 @@
>-Index: bgpd/pfkey.c
>-===================================================================
>-RCS file: /home/cvs/private/hrs/openbgpd/bgpd/pfkey.c,v
>-retrieving revision 1.1.1.6
>-retrieving revision 1.1.1.9
>-diff -u -p -r1.1.1.6 -r1.1.1.9
>---- bgpd/pfkey.c	14 Feb 2010 20:19:57 -0000	1.1.1.6
>-+++ bgpd/pfkey.c	13 Oct 2012 18:22:44 -0000	1.1.1.9
>+diff -ur bgpd.orig/pfkey.c bgpd/pfkey.c
>+--- bgpd.orig/pfkey.c	2013-03-15 12:07:16.000000000 +0000
>++++ bgpd/pfkey.c	2013-03-15 12:07:47.000000000 +0000
> @@ -1,4 +1,4 @@
> -/*	$OpenBSD: pfkey.c,v 1.37 2009/04/21 15:25:52 henning Exp $ */
> +/*	$OpenBSD: pfkey.c,v 1.40 2009/12/14 17:38:18 claudio Exp $ */
>  
>  /*
>   * Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org>
>-@@ -74,6 +74,7 @@ pfkey_send(int sd, uint8_t satype, uint8
>+@@ -21,7 +21,7 @@
>+ #include <sys/socket.h>
>+ #include <sys/uio.h>
>+ #include <net/pfkeyv2.h>
>+-#include <netinet/ip_ipsp.h>
>++//#include <netinet/ip_ipsp.h>
>+ #include <ctype.h>
>+ #include <errno.h>
>+ #include <limits.h>
>+@@ -65,15 +65,15 @@
>+ {
>+ 	struct sadb_msg		smsg;
>+ 	struct sadb_sa		sa;
>+-	struct sadb_address	sa_src, sa_dst, sa_peer, sa_smask, sa_dmask;
>++	struct sadb_address	sa_src, sa_dst;
>+ 	struct sadb_key		sa_akey, sa_ekey;
>+ 	struct sadb_spirange	sa_spirange;
>+-	struct sadb_protocol	sa_flowtype, sa_protocol;
>+ 	struct iovec		iov[IOV_CNT];
>+ 	ssize_t			n;
>  	int			len = 0;
>  	int			iov_cnt;
>- 	struct sockaddr_storage	ssrc, sdst, speer, smask, dmask;
>+-	struct sockaddr_storage	ssrc, sdst, speer, smask, dmask;
>++	struct sockaddr_storage	ssrc, sdst, smask, dmask;
> +	struct sockaddr		*saptr;
>  
>  	if (!pid)
>  		pid = getpid();
>-@@ -81,22 +82,17 @@ pfkey_send(int sd, uint8_t satype, uint8
>+@@ -81,22 +81,17 @@
>  	/* we need clean sockaddr... no ports set */
>  	bzero(&ssrc, sizeof(ssrc));
>  	bzero(&smask, sizeof(smask));
>@@ -49,7 +64,7 @@
>  		ssrc.ss_len = sizeof(struct sockaddr);
>  		break;
>  	default:
>-@@ -107,22 +103,17 @@ pfkey_send(int sd, uint8_t satype, uint8
>+@@ -107,22 +102,17 @@
>  
>  	bzero(&sdst, sizeof(sdst));
>  	bzero(&dmask, sizeof(dmask));
>@@ -78,7 +93,84 @@
>  		sdst.ss_len = sizeof(struct sockaddr);
>  		break;
>  	default:
>-@@ -220,8 +211,8 @@ pfkey_send(int sd, uint8_t satype, uint8
>+@@ -135,7 +125,7 @@
>+ 	smsg.sadb_msg_version = PF_KEY_V2;
>+ 	smsg.sadb_msg_seq = ++sadb_msg_seq;
>+ 	smsg.sadb_msg_pid = pid;
>+-	smsg.sadb_msg_len = sizeof(smsg) / 8;
>++	smsg.sadb_msg_len = PFKEY_UNIT64(sizeof(smsg));
>+ 	smsg.sadb_msg_type = mtype;
>+ 	smsg.sadb_msg_satype = satype;
>+ 
>+@@ -143,7 +133,7 @@
>+ 	case SADB_GETSPI:
>+ 		bzero(&sa_spirange, sizeof(sa_spirange));
>+ 		sa_spirange.sadb_spirange_exttype = SADB_EXT_SPIRANGE;
>+-		sa_spirange.sadb_spirange_len = sizeof(sa_spirange) / 8;
>++		sa_spirange.sadb_spirange_len = PFKEY_UNIT64(sizeof(sa_spirange));
>+ 		sa_spirange.sadb_spirange_min = 0x100;
>+ 		sa_spirange.sadb_spirange_max = 0xffffffff;
>+ 		sa_spirange.sadb_spirange_reserved = 0;
>+@@ -153,11 +143,12 @@
>+ 	case SADB_DELETE:
>+ 		bzero(&sa, sizeof(sa));
>+ 		sa.sadb_sa_exttype = SADB_EXT_SA;
>+-		sa.sadb_sa_len = sizeof(sa) / 8;
>++		sa.sadb_sa_len = PFKEY_UNIT64(sizeof(sa));
>+ 		sa.sadb_sa_replay = 0;
>+ 		sa.sadb_sa_spi = spi;
>+ 		sa.sadb_sa_state = SADB_SASTATE_MATURE;
>+ 		break;
>++#if 0
>+ 	case SADB_X_ADDFLOW:
>+ 	case SADB_X_DELFLOW:
>+ 		bzero(&sa_flowtype, sizeof(sa_flowtype));
>+@@ -172,35 +163,37 @@
>+ 		sa_protocol.sadb_protocol_direction = 0;
>+ 		sa_protocol.sadb_protocol_proto = 6;
>+ 		break;
>++#endif
>+ 	}
>+ 
>+ 	bzero(&sa_src, sizeof(sa_src));
>+ 	sa_src.sadb_address_exttype = SADB_EXT_ADDRESS_SRC;
>+-	sa_src.sadb_address_len = (sizeof(sa_src) + ROUNDUP(ssrc.ss_len)) / 8;
>++	sa_src.sadb_address_len = PFKEY_UNIT64(sizeof(sa_src) + ROUNDUP(ssrc.ss_len));
>+ 
>+ 	bzero(&sa_dst, sizeof(sa_dst));
>+ 	sa_dst.sadb_address_exttype = SADB_EXT_ADDRESS_DST;
>+-	sa_dst.sadb_address_len = (sizeof(sa_dst) + ROUNDUP(sdst.ss_len)) / 8;
>++	sa_dst.sadb_address_len = PFKEY_UNIT64(sizeof(sa_dst) + ROUNDUP(sdst.ss_len));
>+ 
>+ 	sa.sadb_sa_auth = aalg;
>+-	sa.sadb_sa_encrypt = SADB_X_EALG_AES; /* XXX */
>++	sa.sadb_sa_encrypt = ealg; /* XXX */
>+ 
>+ 	switch (mtype) {
>+ 	case SADB_ADD:
>+ 	case SADB_UPDATE:
>+ 		bzero(&sa_akey, sizeof(sa_akey));
>+ 		sa_akey.sadb_key_exttype = SADB_EXT_KEY_AUTH;
>+-		sa_akey.sadb_key_len = (sizeof(sa_akey) +
>+-		    ((alen + 7) / 8) * 8) / 8;
>++		sa_akey.sadb_key_len = PFKEY_UNIT64(sizeof(sa_akey) +
>++		    (PFKEY_ALIGN8(alen)));
>+ 		sa_akey.sadb_key_bits = 8 * alen;
>+ 
>+ 		bzero(&sa_ekey, sizeof(sa_ekey));
>+ 		sa_ekey.sadb_key_exttype = SADB_EXT_KEY_ENCRYPT;
>+-		sa_ekey.sadb_key_len = (sizeof(sa_ekey) +
>+-		    ((elen + 7) / 8) * 8) / 8;
>++		sa_ekey.sadb_key_len = PFKEY_UNIT64(sizeof(sa_ekey) +
>++		    (PFKEY_ALIGN8(elen)));
>+ 		sa_ekey.sadb_key_bits = 8 * elen;
>+ 
>+ 		break;
>++#if 0
>+ 	case SADB_X_ADDFLOW:
>+ 	case SADB_X_DELFLOW:
>+ 		/* sa_peer always points to the remote machine */
>+@@ -220,8 +213,8 @@
>  		sa_dst.sadb_address_exttype = SADB_X_EXT_DST_FLOW;
>  
>  		bzero(&smask, sizeof(smask));
>@@ -89,7 +181,7 @@
>  			smask.ss_len = sizeof(struct sockaddr_in);
>  			smask.ss_family = AF_INET;
>  			memset(&((struct sockaddr_in *)&smask)->sin_addr,
>-@@ -233,7 +224,7 @@ pfkey_send(int sd, uint8_t satype, uint8
>+@@ -233,7 +226,7 @@
>  				    htons(0xffff);
>  			}
>  			break;
>@@ -98,7 +190,7 @@
>  			smask.ss_len = sizeof(struct sockaddr_in6);
>  			smask.ss_family = AF_INET6;
>  			memset(&((struct sockaddr_in6 *)&smask)->sin6_addr,
>-@@ -247,8 +238,8 @@ pfkey_send(int sd, uint8_t satype, uint8
>+@@ -247,8 +240,8 @@
>  			break;
>  		}
>  		bzero(&dmask, sizeof(dmask));
>@@ -109,7 +201,7 @@
>  			dmask.ss_len = sizeof(struct sockaddr_in);
>  			dmask.ss_family = AF_INET;
>  			memset(&((struct sockaddr_in *)&dmask)->sin_addr,
>-@@ -260,7 +251,7 @@ pfkey_send(int sd, uint8_t satype, uint8
>+@@ -260,7 +253,7 @@
>  				    htons(0xffff);
>  			}
>  			break;
>@@ -118,7 +210,57 @@
>  			dmask.ss_len = sizeof(struct sockaddr_in6);
>  			dmask.ss_family = AF_INET6;
>  			memset(&((struct sockaddr_in6 *)&dmask)->sin6_addr,
>-@@ -411,6 +402,33 @@ pfkey_send(int sd, uint8_t satype, uint8
>+@@ -284,6 +277,7 @@
>+ 		sa_dmask.sadb_address_len =
>+ 		    (sizeof(sa_dmask) + ROUNDUP(dmask.ss_len)) / 8;
>+ 		break;
>++#endif
>+ 	}
>+ 
>+ 	iov_cnt = 0;
>+@@ -310,6 +304,7 @@
>+ 		smsg.sadb_msg_len += sa_spirange.sadb_spirange_len;
>+ 		iov_cnt++;
>+ 		break;
>++#if 0
>+ 	case SADB_X_ADDFLOW:
>+ 		/* sa_peer always points to the remote machine */
>+ 		iov[iov_cnt].iov_base = &sa_peer;
>+@@ -351,6 +346,7 @@
>+ 		smsg.sadb_msg_len += sa_dmask.sadb_address_len;
>+ 		iov_cnt++;
>+ 		break;
>++#endif
>+ 	}
>+ 
>+ 	/* dest addr */
>+@@ -380,7 +376,7 @@
>+ 			iov[iov_cnt].iov_len = sizeof(sa_akey);
>+ 			iov_cnt++;
>+ 			iov[iov_cnt].iov_base = akey;
>+-			iov[iov_cnt].iov_len = ((alen + 7) / 8) * 8;
>++			iov[iov_cnt].iov_len = PFKEY_ALIGN8(alen);
>+ 			smsg.sadb_msg_len += sa_akey.sadb_key_len;
>+ 			iov_cnt++;
>+ 		}
>+@@ -390,14 +386,14 @@
>+ 			iov[iov_cnt].iov_len = sizeof(sa_ekey);
>+ 			iov_cnt++;
>+ 			iov[iov_cnt].iov_base = ekey;
>+-			iov[iov_cnt].iov_len = ((elen + 7) / 8) * 8;
>++			iov[iov_cnt].iov_len = PFKEY_ALIGN8(elen);
>+ 			smsg.sadb_msg_len += sa_ekey.sadb_key_len;
>+ 			iov_cnt++;
>+ 		}
>+ 		break;
>+ 	}
>+ 
>+-	len = smsg.sadb_msg_len * 8;
>++	len = PFKEY_UNUNIT64(smsg.sadb_msg_len);
>+ 	do {
>+ 		n = writev(sd, iov, iov_cnt);
>+ 	} while (n == -1 && (errno == EAGAIN || errno == EINTR));
>+@@ -411,6 +407,33 @@
>  }
>  
>  int
>@@ -152,7 +294,7 @@
>  pfkey_reply(int sd, u_int32_t *spip)
>  {
>  	struct sadb_msg hdr, *msg;
>-@@ -418,23 +436,13 @@ pfkey_reply(int sd, u_int32_t *spip)
>+@@ -418,27 +441,17 @@
>  	struct sadb_sa *sa;
>  	u_int8_t *data;
>  	ssize_t len;
>@@ -161,10 +303,7 @@
> -	for (;;) {
> -		if (recv(sd, &hdr, sizeof(hdr), MSG_PEEK) != sizeof(hdr)) {
> -			log_warn("pfkey peek");
>-+	do {
>-+		rv = pfkey_read(sd, &hdr);
>-+		if (rv == -1)
>- 			return (-1);
>+-			return (-1);
> -		}
> -
> -		if (hdr.sadb_msg_seq == sadb_msg_seq &&
>@@ -174,14 +313,148 @@
> -		/* not ours, discard */
> -		if (read(sd, &hdr, sizeof(hdr)) == -1) {
> -			log_warn("pfkey read");
>--			return (-1);
>++	do {
>++		rv = pfkey_read(sd, &hdr);
>++		if (rv == -1)
>+ 			return (-1);
> -		}
> -	}
> +	} while (rv);
>  
>  	if (hdr.sadb_msg_errno != 0) {
>  		errno = hdr.sadb_msg_errno;
>-@@ -730,11 +738,9 @@ pfkey_init(struct bgpd_sysdep *sysdep)
>+-		if (errno == ESRCH)
>++		if (errno == ESRCH || errno == EEXIST)
>+ 			return (0);
>+ 		else {
>+ 			log_warn("pfkey");
>+@@ -486,13 +499,8 @@
>+ pfkey_sa_add(struct bgpd_addr *src, struct bgpd_addr *dst, u_int8_t keylen,
>+     char *key, u_int32_t *spi)
>+ {
>+-	if (pfkey_send(fd, SADB_X_SATYPE_TCPSIGNATURE, SADB_GETSPI, 0,
>+-	    src, dst, 0, 0, 0, NULL, 0, 0, NULL, 0, 0) < 0)
>+-		return (-1);
>+-	if (pfkey_reply(fd, spi) < 0)
>+-		return (-1);
>+-	if (pfkey_send(fd, SADB_X_SATYPE_TCPSIGNATURE, SADB_UPDATE, 0,
>+-		src, dst, *spi, 0, keylen, key, 0, 0, NULL, 0, 0) < 0)
>++	if (pfkey_send(fd, SADB_X_SATYPE_TCPSIGNATURE, SADB_ADD, 0,
>++		src, dst, *spi, SADB_X_AALG_TCP_MD5, keylen, key, SADB_EALG_NONE, 0, NULL, 0, 0) < 0)
>+ 		return (-1);
>+ 	if (pfkey_reply(fd, NULL) < 0)
>+ 		return (-1);
>+@@ -503,7 +511,7 @@
>+ pfkey_sa_remove(struct bgpd_addr *src, struct bgpd_addr *dst, u_int32_t *spi)
>+ {
>+ 	if (pfkey_send(fd, SADB_X_SATYPE_TCPSIGNATURE, SADB_DELETE, 0,
>+-	    src, dst, *spi, 0, 0, NULL, 0, 0, NULL, 0, 0) < 0)
>++	    src, dst, *spi, SADB_X_AALG_TCP_MD5, 0, NULL, 0, 0, NULL, 0, 0) < 0)
>+ 		return (-1);
>+ 	if (pfkey_reply(fd, NULL) < 0)
>+ 		return (-1);
>+@@ -511,37 +519,37 @@
>+ 	return (0);
>+ }
>+ 
>++#define TCP_SIG_SPI     0x1000
>+ int
>+ pfkey_md5sig_establish(struct peer *p)
>+ {
>+ 	sleep(1);
>+ 
>+-	if (!p->auth.spi_out)
>+-		if (pfkey_sa_add(&p->auth.local_addr, &p->conf.remote_addr,
>+-		    p->conf.auth.md5key_len, p->conf.auth.md5key,
>+-		    &p->auth.spi_out) == -1)
>+-			return (-1);
>+-	if (!p->auth.spi_in)
>+-		if (pfkey_sa_add(&p->conf.remote_addr, &p->auth.local_addr,
>+-		    p->conf.auth.md5key_len, p->conf.auth.md5key,
>+-		    &p->auth.spi_in) == -1)
>+-			return (-1);
>++	p->auth.spi_out = htonl(TCP_SIG_SPI);
>++	if (pfkey_sa_add(&p->auth.local_addr, &p->conf.remote_addr,
>++	    p->conf.auth.md5key_len, p->conf.auth.md5key,
>++	    &p->auth.spi_out) == -1)
>++		return (-1);
>++	p->auth.spi_in = htonl(TCP_SIG_SPI);
>++	if (pfkey_sa_add(&p->conf.remote_addr, &p->auth.local_addr,
>++	    p->conf.auth.md5key_len, p->conf.auth.md5key,
>++	    &p->auth.spi_out) == -1)
>++		return (-1);
>+ 
>+ 	p->auth.established = 1;
>+ 	return (0);
>+ }
>++#undef TCP_SIG_SPI
>+ 
>+ int
>+ pfkey_md5sig_remove(struct peer *p)
>+ {
>+-	if (p->auth.spi_out)
>+-		if (pfkey_sa_remove(&p->auth.local_addr, &p->conf.remote_addr,
>+-		    &p->auth.spi_out) == -1)
>+-			return (-1);
>+-	if (p->auth.spi_in)
>+-		if (pfkey_sa_remove(&p->conf.remote_addr, &p->auth.local_addr,
>+-		    &p->auth.spi_in) == -1)
>+-			return (-1);
>++	if (pfkey_sa_remove(&p->auth.local_addr, &p->conf.remote_addr,
>++	    &p->auth.spi_out) == -1)
>++		return (-1);
>++	if (pfkey_sa_remove(&p->conf.remote_addr, &p->auth.local_addr,
>++	    &p->auth.spi_in) == -1)
>++		return (-1);
>+ 
>+ 	p->auth.established = 0;
>+ 	return (0);
>+@@ -550,6 +558,7 @@
>+ int
>+ pfkey_ipsec_establish(struct peer *p)
>+ {
>++#if 0
>+ 	uint8_t satype = SADB_SATYPE_ESP;
>+ 
>+ 	switch (p->auth.method) {
>+@@ -621,6 +630,9 @@
>+ 
>+ 	p->auth.established = 1;
>+ 	return (0);
>++#else
>++	return (-1);
>++#endif
>+ }
>+ 
>+ int
>+@@ -660,6 +672,7 @@
>+ 		break;
>+ 	}
>+ 
>++#if 0
>+ 	if (pfkey_flow(fd, satype, SADB_X_DELFLOW, IPSP_DIRECTION_OUT,
>+ 	    &p->auth.local_addr, &p->conf.remote_addr, 0, BGP_PORT) < 0)
>+ 		return (-1);
>+@@ -681,6 +694,7 @@
>+ 	if (pfkey_flow(fd, satype, SADB_X_DELFLOW, IPSP_DIRECTION_IN,
>+ 	    &p->conf.remote_addr, &p->auth.local_addr, BGP_PORT, 0) < 0)
>+ 		return (-1);
>++#endif
>+ 	if (pfkey_reply(fd, NULL) < 0)
>+ 		return (-1);
>+ 
>+@@ -715,9 +729,7 @@
>+ int
>+ pfkey_remove(struct peer *p)
>+ {
>+-	if (!p->auth.established)
>+-		return (0);
>+-	else if (p->auth.method == AUTH_MD5SIG)
>++	if (p->auth.method == AUTH_MD5SIG)
>+ 		return (pfkey_md5sig_remove(p));
>+ 	else
>+ 		return (pfkey_ipsec_remove(p));
>+@@ -730,11 +742,9 @@
>  		if (errno == EPROTONOSUPPORT) {
>  			log_warnx("PF_KEY not available, disabling ipsec");
>  			sysdep->no_pfkey = 1;
>diff -ur openbgpd/files/patch-bgpd_session.c openbgpd.proapps/files/patch-bgpd_session.c
>--- openbgpd/files/patch-bgpd_session.c	2014-01-22 15:40:44.000000000 -0200
>+++ openbgpd.proapps/files/patch-bgpd_session.c	2015-01-18 16:48:09.485108000 -0200
>@@ -123,7 +123,7 @@
> +	int			 s;
> +
> +	/* Check if TCP_MD5SIG is supported. */
>-+	s = socket(PF_LOCAL, SOCK_STREAM, 0);
>++	s = socket(PF_INET, SOCK_STREAM, IPPROTO_TCP);
> +	if (s < 0)
> +		fatal("socket open for TCP_MD5SIG check");
> +	opt = TF_SIGNATURE;

Actions: View | Diff

Attachments on bug 184545: 138555 | 151804 | 160135