- Update to 0.98.2

PR: ports/77086 Submitted by: Boris Kovalenko <boris@tagnet.ru> (maintainer)
svn path=/head/; revision=128104
2024-11-24 00:45:52 +00:00 · 2005-02-05 22:19:43 +00:00 · 2005-02-05 22:19:43 +00:00 · d2734c1894 · 2021-03-31 03:12:20 +00:00
commit d2734c1894
parent fd35c8eb44
11 changed files with 333 additions and 55 deletions
--- a/net/quagga/Makefile
+++ b/net/quagga/Makefile
@ -6,7 +6,7 @@
 #

 PORTNAME=	quagga
-PORTVERSION=	0.98.0
+PORTVERSION=	0.98.2
 PORTREVISION=	0
 CATEGORIES=	net ipv6
 MASTER_SITES=	http://quagga.net/download/
@ -18,12 +18,13 @@ COMMENT=	Free RIPv1, RIPv2, OSPFv2, BGP4, IS-IS route software

 CONFLICTS=	zebra-devel-[0-9]* zebra-0*

-GNU_CONFIGURE=	yes
-USE_GMAKE=	yes
-USE_REINPLACE=	yes
-INSTALLS_SHLIB=	yes
-USE_LIBTOOL_VER=15
-USE_PERL5_BUILD=yes
+GNU_CONFIGURE=		yes
+USE_GMAKE=		yes
+USE_REINPLACE=		yes
+INSTALLS_SHLIB=		yes
+USE_AUTOCONF_VER=	259
+USE_LIBTOOL_VER=	15
+USE_PERL5_BUILD=	yes

 MAN1=		vtysh.1
 MAN8=		bgpd.8 ospf6d.8 ospfd.8 ripd.8 ripngd.8 zebra.8
@ -34,7 +35,8 @@ OPTIONS=	ISISD		"Enable experimental ISIS daemon"	off \
 		OSPF_OPAQUE_LSA	"OSPF Opaque-LSA support (RFC2370)" off \
 		RTADV		"IPv6 Router Advertisements"	off \
 		SNMP		"SNMP support"			off \
-		TCPSOCKETS	"Use TCP/IP sockets for protocol daemons" off
+		TCPSOCKETS	"Use TCP/IP sockets for protocol daemons" off \
+		TCPMD5		"Use experimental MD5 patch for BGP" off

 .if !defined(BATCH)
 SEL_OPTIONS=	yes
@ -43,14 +45,13 @@ SEL_OPTIONS=	yes
 .include <bsd.port.pre.mk>

 CONFIGURE_ARGS+=--includedir=${PREFIX}/include --enable-exampledir=${PREFIX}/share/examples/quagga
+CONFIGURE_ENV+=	CFLAGS="${CFLAGS} -I${LOCALBASE}/include" \
+		LDFLAGS="${LDFLAGS} -L${LOCALBASE}/lib"
+
 SCRIPTS_ENV=	PREFIX=${PREFIX} \
 		SYSCONF_DIR=${SYSCONF_DIR} SYSSTATE_DIR=${SYSSTATE_DIR} \
 		ENABLE_USER=${ENABLE_USER} ENABLE_GROUP=${ENABLE_GROUP}

-.if ${OSVERSION} < 500000
-EXTRA_PATCHES+=${PATCHDIR}/extra-patch-zebra.h
-.endif
-
 .if defined(WITH_ISISD) && !defined(WITHOUT_ISISD)
 CONFIGURE_ARGS+=--enable-isisd
 PLIST_SUB+=	ISISD_SBIN=sbin/isisd
@ -78,12 +79,12 @@ PLIST_SUB+=	OSPFAPI_LIBSO="lib/libospfapiclient.so"
 PLIST_SUB+=	OSPFAPI_LIBSO0="lib/libospfapiclient.so.0"
 PLIST_SUB+=	OSPFAPI_SBIN="sbin/ospfclient"
 .else
-PLIST_SUB+=	OSPFAPI_HEADER=
-PLIST_SUB+=	OSPFAPI_PATH=
-PLIST_SUB+=	OSPFAPI_LIBA=
-PLIST_SUB+=	OSPFAPI_LIBSO=
-PLIST_SUB+=	OSPFAPI_LIBSO0=
-PLIST_SUB+=	OSPFAPI_SBIN=
+PLIST_SUB+=	OSPFAPI_HEADER="@comment"
+PLIST_SUB+=	OSPFAPI_PATH="@comment"
+PLIST_SUB+=	OSPFAPI_LIBA="@comment"
+PLIST_SUB+=	OSPFAPI_LIBSO="@comment"
+PLIST_SUB+=	OSPFAPI_LIBSO0="@comment"
+PLIST_SUB+=	OSPFAPI_SBIN="@comment"
 .endif

 .if defined(WITH_RTADV) && !defined(WITHOUT_RTADV)
@ -99,6 +100,14 @@ LIB_DEPENDS+=netsnmp.7:${PORTSDIR}/net-mgmt/net-snmp:install
 .endif
 .endif

+.if defined(WITH_TCPMD5) && !defined(WITHOUT_TCPMD5)
+.if ${OSVERSION} < 491000
+BROKEN=	This version of FreeBSD does not have TCP MD5 signature support
+.endif
+CONFIGURE_ARGS+=--enable-tcp-signature
+EXTRA_PATCHES+=${PATCHDIR}/extra-tcpmd5-patch-bgpd::bgp_network.c ${PATCHDIR}/extra-tcpmd5-patch-bgpd::bgp_vty.c ${PATCHDIR}/extra-tcpmd5-patch-bgpd::bgpd.c ${PATCHDIR}/extra-tcpmd5-patch-bgpd::bgpd.h ${PATCHDIR}/extra-tcpmd5-patch-configure.ac ${PATCHDIR}/extra-tcpmd5-patch-lib::sockopt.c ${PATCHDIR}/extra-tcpmd5-patch-lib::sockopt.h
+.endif
+
 .if !defined(ENABLE_USER)
 ENABLE_USER=quagga
 .endif
@ -167,14 +176,7 @@ pre-everything::
 	@${ECHO} "   WITH_RTADV            IPv6 Router Advertisements"
 	@${ECHO} "   WITH_SNMP             SNMP support"
 	@${ECHO} "   WITH_TCPSOCKETS       Use TCP/IP sockets for protocol daemons"
-
-pre-configure:
-# disable AUTO* tools
-	@${FIND} -E ${WRKSRC} -type f \
-		-iregex ".*(Makefile.in|configure)" \
-		| ${XARGS} -x -n 10 \
-		${REINPLACE_CMD} -E \
-			-e 's!^(AUTOCONF|AUTOHEADER|AUTOMAKE|ACLOCAL).*$$!\1=${TRUE}!'
+	@${ECHO} "   WITH_TCPMD5           Use experimental MD5 patch for BGP"

 post-build:
 	@${SED} ${SED_SCRIPT} ${FILESDIR}/quagga.sh > ${WRKDIR}/quagga.sh
@ -205,6 +207,15 @@ post-install:
 	@${ECHO} "        if You had never do this before. Or run"
 	@${ECHO} "        make changeuser"
 	@${ECHO} ""
+.if defined(WITH_TCPMD5) && !defined(WITHOUT_TCPMD5)
+	@${ECHO} "Note!!! To use MD5 passwords on BGP sessions, your kernel must"
+	@${ECHO} "be built with the following options:"
+	@${ECHO} "  options TCP_SIGNATURE"
+	@${ECHO} "  options FAST_IPSEC"
+	@${ECHO} "  device crypto"
+	@${ECHO} "  device cryptodev"
+	@${ECHO} ""
+.endif

 .if !defined(BATCH)
 post-clean:
--- a/net/quagga/distinfo
+++ b/net/quagga/distinfo
@ -1,2 +1,2 @@
-MD5 (quagga-0.98.0.tar.gz) = 938cdf15f0ff79f797fc08316b94f449
-SIZE (quagga-0.98.0.tar.gz) = 1997631
+MD5 (quagga-0.98.2.tar.gz) = 6839842a96b1551fd1cba80e1477b5c9
+SIZE (quagga-0.98.2.tar.gz) = 2006606
--- a/net/quagga/files/extra-patch-zebra.h
+++ b/net/quagga/files/extra-patch-zebra.h
@ -1,27 +0,0 @@
-Index: lib/zebra.h
-===================================================================
-RCS file: /var/cvsroot/quagga/lib/zebra.h,v
-retrieving revision 1.27
-diff -u -b -r1.27 zebra.h
--- lib/zebra.h	4 Jan 2005 16:24:43 -0000	1.27
-+++ lib/zebra.h	10 Jan 2005 15:35:47 -0000
-@@ -97,9 +97,17 @@
- #include <stdarg.h>
- #if !(defined(__STDC_VERSION__) && __STDC_VERSION__ >= 199901L)
- /* Not C99; do we need to define va_copy? */
-#if !defined(va_copy) && defined(__va_copy)
-+#ifndef va_copy
-+#ifdef __va_copy
- #define va_copy(DST,SRC) __va_copy(DST,SRC)
-#endif /* need va_copy */
-+#else
-+/* Now we are desperate; this should work on many typical platforms. 
-+   But this is slightly dangerous, because the standard does not require
-+   va_copy to be a macro. */
-+#define va_copy(DST,SRC) (DST) = (SRC)
-+#warning "Not C99 and no va_copy macro available, using simple assignment..."
-+#endif /* __va_copy */
-+#endif /* !va_copy */
- #endif /* !C99 */
- #include "zassert.h"
- 
--- a/net/quagga/files/extra-tcpmd5-patch-bgpd::bgp_network.c
+++ b/net/quagga/files/extra-tcpmd5-patch-bgpd::bgp_network.c
@ -0,0 +1,42 @@
+--- bgpd/bgp_network.c.orig	Wed Dec  8 12:41:23 2004
+++ bgpd/bgp_network.c	Fri Jan 28 17:52:57 2005
+@@ -35,6 +35,10 @@
+ #include "bgpd/bgp_debug.h"
+ #include "bgpd/bgp_network.h"
+ 
+#ifndef TCP_SIG_SPI_BASE
+#define TCP_SIG_SPI_BASE 1000 /* XXX this will go away */
+#endif
+
+ extern struct zebra_privs_t bgpd_privs;
+ 
+ 
+@@ -148,6 +152,15 @@
+       return ret;
+     }
+ #endif /* SO_BINDTODEVICE */
+
+#ifdef QUAGGA_TCP_MD5SIG
+  if (CHECK_FLAG (peer->flags, PEER_FLAG_TCP_SIGNATURE))
+    sockopt_tcp_signature (peer->su.sa.sa_family, peer->fd,
+      TCP_SIG_SPI_BASE + peer->port);
+  else
+    sockopt_tcp_signature (peer->su.sa.sa_family, peer->fd, 0);
+#endif /* QUAGGA_TCP_MD5SIG */
+
+   return 0;
+ }
+ 
+@@ -250,6 +263,12 @@
+   if (peer->ifname)
+     ifindex = if_nametoindex (peer->ifname);
+ #endif /* HAVE_IPV6 */
+
+#ifdef QUAGGA_TCP_MD5SIG
+  if (CHECK_FLAG (peer->flags, PEER_FLAG_TCP_SIGNATURE))
+    sockopt_tcp_signature (peer->su.sa.sa_family, peer->fd,
+      TCP_SIG_SPI_BASE + peer->port);
+#endif /* QUAGGA_TCP_MD5SIG */
+ 
+   if (BGP_DEBUG (events, EVENTS))
+     plog_debug (peer->log, "%s [Event] Connect start to %s fd %d",
--- a/net/quagga/files/extra-tcpmd5-patch-bgpd::bgp_vty.c
+++ b/net/quagga/files/extra-tcpmd5-patch-bgpd::bgp_vty.c
@ -0,0 +1,59 @@
+--- bgpd/bgp_vty.c.orig	Tue Oct 12 22:06:09 2004
+++ bgpd/bgp_vty.c	Fri Jan 28 17:52:57 2005
+@@ -1386,6 +1386,45 @@
+        "AS number used as local AS\n"
+        "Do not prepend local-as to updates from ebgp peers\n")
+ 
+#ifdef QUAGGA_TCP_MD5SIG
+DEFUN (neighbor_password,
+       neighbor_password_cmd,
+       NEIGHBOR_CMD2 "password WORD",
+       NEIGHBOR_STR
+       NEIGHBOR_ADDR_STR2
+       "Specify a password for TCPMD5 authentication with this peer\n")
+{
+  struct peer *peer;
+  int ret;
+
+  peer = peer_and_group_lookup_vty (vty, argv[0]);
+  if (! peer)
+    return CMD_WARNING;
+
+  ret = peer_password_set (peer, argv[1]);
+  return bgp_vty_return (vty, ret);
+}
+
+DEFUN (no_neighbor_password,
+       no_neighbor_password_cmd,
+       NO_NEIGHBOR_CMD2 "password",
+       NO_STR
+       NEIGHBOR_STR
+       NEIGHBOR_ADDR_STR2
+       "Disable TCPMD5 authentication with this peer\n")
+{
+  struct peer *peer;
+  int ret;
+
+  peer = peer_and_group_lookup_vty (vty, argv[0]);
+  if (! peer)
+    return CMD_WARNING;
+
+  ret = peer_password_unset (peer);
+  return bgp_vty_return (vty, ret);
+}
+#endif /* QUAGGA_TCP_MD5SIG */
+
+ DEFUN (neighbor_activate,
+        neighbor_activate_cmd,
+        NEIGHBOR_CMD2 "activate",
+@@ -8530,6 +8569,10 @@
+   install_element (BGP_NODE, &no_neighbor_local_as_cmd);
+   install_element (BGP_NODE, &no_neighbor_local_as_val_cmd);
+   install_element (BGP_NODE, &no_neighbor_local_as_val2_cmd);
+
+  /* "neighbor password" commands. */
+  install_element (BGP_NODE, &neighbor_password_cmd);
+  install_element (BGP_NODE, &no_neighbor_password_cmd);
+ 
+   /* "neighbor activate" commands. */
+   install_element (BGP_NODE, &neighbor_activate_cmd);
--- a/net/quagga/files/extra-tcpmd5-patch-bgpd::bgpd.c
+++ b/net/quagga/files/extra-tcpmd5-patch-bgpd::bgpd.c
@ -0,0 +1,90 @@
+--- bgpd/bgpd.c.orig	Thu Dec  9 06:46:46 2004
+++ bgpd/bgpd.c	Sat Jan 29 11:29:26 2005
+@@ -59,6 +59,9 @@
+ #ifdef HAVE_SNMP
+ #include "bgpd/bgp_snmp.h"
+ #endif /* HAVE_SNMP */
+#ifndef TCP_SIG_SPI_BASE
+#define TCP_SIG_SPI_BASE 1000 /* XXX this will go away */
+#endif
+ 
+ /* BGP process wide configuration.  */
+ static struct bgp_master bgp_master;
+@@ -707,6 +710,7 @@
+   peer->ostatus = Idle;
+   peer->version = BGP_VERSION_4;
+   peer->weight = 0;
+  peer->password[0] = '\0';
+ 
+   /* Set default flags.  */
+   for (afi = AFI_IP; afi < AFI_MAX; afi++)
+@@ -3270,6 +3274,55 @@
+   return 0;
+ }
+ 
+#ifdef QUAGGA_TCP_MD5SIG
+/* Set password for authenticating with the peer. */
+int
+peer_password_set (struct peer *peer, char *password)
+{
+  struct bgp *bgp = peer->bgp;
+  int len;
+
+  len = strlen(password);
+
+  if ((len < PEER_PASSWORD_MINLEN) || (len > PEER_PASSWORD_MAXLEN))
+    return BGP_ERR_INVALID_VALUE;
+
+  memcpy(peer->password, password, len);
+
+  /*
+   * XXX Need to do PF_KEY operation here to add an SA entry,
+   * and add an SP entry for this peer's packet flows also.
+   */
+
+  SET_FLAG (peer->flags, PEER_FLAG_TCP_SIGNATURE);
+
+  if (peer->fd >= 0)
+    sockopt_tcp_signature (peer->su.sa.sa_family, peer->fd, TCP_SIG_SPI_BASE +
+      peer->port);
+
+  return 0;
+}
+
+int
+peer_password_unset (struct peer *peer)
+{
+  struct bgp *bgp = peer->bgp;
+
+  UNSET_FLAG (peer->flags, PEER_FLAG_TCP_SIGNATURE);
+  /* Paranoia. */
+  memset(peer->password, 0, sizeof(peer->password));
+
+  if (peer->fd >= 0)
+    sockopt_tcp_signature (peer->su.sa.sa_family, peer->fd, 0);
+
+  /*
+   * XXX Need to do PF_KEY operation here to remove the SA and SP.
+   */
+
+  return 0;
+}
+#endif /* QUAGGA_TCP_MD5SIG */
+
+ /* Set distribute list to the peer. */
+ int
+ peer_distribute_set (struct peer *peer, afi_t afi, safi_t safi, int direct, 
+@@ -4279,6 +4332,13 @@
+       if (peer->desc)
+ 	vty_out (vty, " neighbor %s description %s%s", addr, peer->desc,
+ 		 VTY_NEWLINE);
+
+#ifdef QUAGGA_TCP_MD5SIG
+      /* tcp-md5 session password. XXX the password should be obfuscated */
+      if (CHECK_FLAG (peer->flags, PEER_FLAG_TCP_SIGNATURE))
+	vty_out (vty, " neighbor %s password %s%s", addr, peer->password,
+		 VTY_NEWLINE);
+#endif /* QUAGGA_TCP_MD5SIG */
+ 
+       /* Shutdown. */
+       if (CHECK_FLAG (peer->flags, PEER_FLAG_SHUTDOWN))
--- a/net/quagga/files/extra-tcpmd5-patch-bgpd::bgpd.h
+++ b/net/quagga/files/extra-tcpmd5-patch-bgpd::bgpd.h
@ -0,0 +1,38 @@
+--- bgpd/bgpd.h.orig	Tue Oct 12 22:06:09 2004
+++ bgpd/bgpd.h	Fri Jan 28 21:03:40 2005
+@@ -335,6 +335,9 @@
+ #define PEER_FLAG_DYNAMIC_CAPABILITY        (1 << 6) /* dynamic capability */
+ #define PEER_FLAG_ENFORCE_MULTIHOP          (1 << 7) /* enforce-multihop */
+ #define PEER_FLAG_LOCAL_AS_NO_PREPEND       (1 << 8) /* local-as no-prepend */
+#ifdef QUAGGA_TCP_MD5SIG /* XXX should move to AF_INET/SFI_UNICAST below */
+#define PEER_FLAG_TCP_SIGNATURE             (1 << 9) /* use TCP-MD5 digest */
+#endif /* QUAGGA_TCP_MD5SIG */
+ 
+   /* Per AF configuration flags. */
+   u_int32_t af_flags[AFI_MAX][SAFI_MAX];
+@@ -496,6 +499,13 @@
+ #define PEER_RMAP_TYPE_NOSET          (1 << 5) /* not allow to set commands */
+ #define PEER_RMAP_TYPE_IMPORT         (1 << 6) /* neighbor route-map import */
+ #define PEER_RMAP_TYPE_EXPORT         (1 << 7) /* neighbor route-map export */
+
+#ifdef QUAGGA_TCP_MD5SIG
+  /* TCP-MD5 Password Support -- bms */
+#define PEER_PASSWORD_MINLEN		1
+#define PEER_PASSWORD_MAXLEN		80	/* width of password field */
+ char password[PEER_PASSWORD_MAXLEN];
+#endif /* QUAGGA_TCP_MD5SIG */
+ };
+ 
+ /* This structure's member directly points incoming packet data
+@@ -879,6 +889,11 @@
+ 
+ int peer_local_as_set (struct peer *, as_t, int);
+ int peer_local_as_unset (struct peer *);
+
+#ifdef QUAGGA_TCP_MD5SIG
+int peer_password_set (struct peer *, char *);
+int peer_password_unset (struct peer *);
+#endif /* QUAGGA_TCP_MD5SIG */
+ 
+ int peer_prefix_list_set (struct peer *, afi_t, safi_t, int, const char *);
+ int peer_prefix_list_unset (struct peer *, afi_t, safi_t, int);
--- a/net/quagga/files/extra-tcpmd5-patch-configure.ac
+++ b/net/quagga/files/extra-tcpmd5-patch-configure.ac
@ -0,0 +1,16 @@
+--- configure.ac.orig	Fri Jan  7 06:03:14 2005
+++ configure.ac	Fri Jan 28 17:52:57 2005
+@@ -204,6 +204,13 @@
+   AC_DEFINE(HAVE_IRDP,, IRDP )
+ fi
+ 
+AC_ARG_ENABLE(tcp-signature,
+[  --enable-tcp-signature        enable TCP MD5 checksum capability])
+
+if test "${enable_tcp_signature}" = "yes"; then
+  AC_DEFINE(QUAGGA_TCP_MD5SIG,,TCP signatures)
+fi
+
+ if test "${enable_user}" = "yes" || test x"${enable_user}" = x""; then
+   enable_user="quagga"
+ elif test "${enable_user}" = "no"; then
--- a/net/quagga/files/extra-tcpmd5-patch-lib::sockopt.c
+++ b/net/quagga/files/extra-tcpmd5-patch-lib::sockopt.c
@ -0,0 +1,35 @@
+--- lib/sockopt.c.orig	Tue Jan  4 10:03:36 2005
+++ lib/sockopt.c	Fri Jan 28 17:52:57 2005
+@@ -243,6 +243,32 @@
+ 
+ }
+ 
+int
+sockopt_tcp_signature (int family, int sock, int enable)
+{
+  int ret;
+
+#if defined(QUAGGA_TCP_MD5SIG) && defined(TCP_MD5SIG)
+  if (family == AF_INET)
+    {
+      ret = setsockopt (sock, IPPROTO_TCP, TCP_MD5SIG,
+                        (void *) &enable, sizeof (int));
+      if (ret < 0)
+        {
+          zlog (NULL, LOG_WARNING, "can't set sockopt TCP_MD5SIG %d to socket %d", enable, sock);
+          return -1;
+        }
+      return 0;
+    }
+#endif /* QUAGGA_TCP_MD5SIG */
+
+  /* fallthrough */
+
+  zlog (NULL, LOG_WARNING, "can't set sockopt TCP_MD5SIG on socket %d with family %d",
+                 sock, family);
+  return -1;
+}
+
+ static int
+ setsockopt_ipv4_ifindex (int sock, int val)
+ {
--- a/net/quagga/files/extra-tcpmd5-patch-lib::sockopt.h
+++ b/net/quagga/files/extra-tcpmd5-patch-lib::sockopt.h
@ -0,0 +1,12 @@
+--- lib/sockopt.h.orig	Mon Nov 15 10:51:15 2004
+++ lib/sockopt.h	Fri Jan 28 17:52:57 2005
+@@ -40,6 +40,9 @@
+  */
+ #define SOPT_SIZE_CMSG_PKTINFO_IPV6() (sizeof (struct in6_pktinfo));
+ 
+#ifdef QUAGGA_TCP_MD5SIG
+int sockopt_tcp_signature(int family, int sock, int enable);
+#endif /* QUAGGA_TCP_MD5SIG */
+ /*
+  * Size defines for control messages used to get ifindex.  We define
+  * values for each method, and define a macro that can be used by code
--- a/net/quagga/pkg-plist
+++ b/net/quagga/pkg-plist
@ -9,12 +9,14 @@ sbin/watchquagga
 sbin/zebra
 bin/vtysh
 lib/libospf.a
+lib/libospf.la
 lib/libospf.so
 lib/libospf.so.0
 %%OSPFAPI_LIBA%%
 %%OSPFAPI_LIBSO%%
 %%OSPFAPI_LIBSO0%%
 lib/libzebra.a
+lib/libzebra.la
 lib/libzebra.so
 lib/libzebra.so.0
 include/quagga/buffer.h