From c62df70ac799e0406afb75ee1fbf3c3411e9efdb Mon Sep 17 00:00:00 2001 From: Katerina Kubecova Date: Mon, 26 Feb 2024 17:07:20 +0100 Subject: [PATCH] reconfigure not work --- proto/bgp/bgp.c | 17 ++++++++++++++++- proto/bgp/packets.c | 3 ++- 2 files changed, 18 insertions(+), 2 deletions(-) diff --git a/proto/bgp/bgp.c b/proto/bgp/bgp.c index a79147de0..02c1b8ef6 100644 --- a/proto/bgp/bgp.c +++ b/proto/bgp/bgp.c @@ -223,6 +223,14 @@ bgp_close(struct bgp_proto *p) ASSERT(bs && bs->uc); + log("in bgp close"); + struct ao_key *key = bs->sk->ao_key; + while (key) + { + log("delete %i", key->local_id); + ao_delete_key(bs->sk, p->remote_ip, -1, bs->sk->iface, key->local_id, key->remote_id); + key = key->next_key; + } if (--bs->uc) return; @@ -2196,7 +2204,7 @@ int reconfigure_tcp_ao(struct bgp_proto old_proto, struct bgp_config new) if(compare_aos(ao_key, old_aos[ao_key->local_id])) { struct ao_key *o = old_aos[ao_key->local_id]; - log("%i %i (master %i) %i %i %s %s %s %s", ao_key->local_id, o->local_id, key_in_use, ao_key->remote_id, o->remote_id, ao_key->cipher, o->cipher, ao_key->master_key, o->master_key); + log("%i %i (master %i %i) remotes %i %i %s %s %s %s", ao_key->local_id, o->local_id, key_in_use, key_in_use_rem, ao_key->remote_id, o->remote_id, ao_key->cipher, o->cipher, ao_key->master_key, o->master_key); if (ao_key->local_id == key_in_use) { cf_warn("TCP AO reconfiguration: Currently used master key (%i) part update. This is not allowed.", ao_key->local_id); @@ -2215,7 +2223,14 @@ int reconfigure_tcp_ao(struct bgp_proto old_proto, struct bgp_config new) else { if (old_rem_id[ao_key->remote_id]) + { + if (ao_key->remote_id == key_in_use_rem) + { + cf_warn("TCP AO reconfiguration: Currently used master key (%i %i) part update. This is not allowed.", ao_key->local_id, ao_key->remote_id); + return 0; + } cf_warn("TCP AO reconfiguration: Reusing remote id %i with new local id %i. This might break your connection.", ao_key->remote_id, ao_key->local_id); + } sk_set_ao_auth(s_activ, old_proto.local_ip, old_proto.remote_ip, -1, s_activ->iface, ao_key->master_key, ao_key->local_id, ao_key->remote_id, ao_key->cipher, ao_key->required == 1); sk_set_ao_auth(s_passiv, old_proto.local_ip, old_proto.remote_ip, -1, s_passiv->iface, ao_key->master_key, ao_key->local_id, ao_key->remote_id, ao_key->cipher, 0); } diff --git a/proto/bgp/packets.c b/proto/bgp/packets.c index eae6f8741..229b099bd 100644 --- a/proto/bgp/packets.c +++ b/proto/bgp/packets.c @@ -3442,7 +3442,8 @@ bgp_rx(sock *sk, uint size) log("fd %i sk %i key %i", sk->fd, sk, sk->ao_key); } } - + else + log("no ao"); byte *pkt_start = sk->rbuf; byte *end = pkt_start + size; uint i, len; -- 2.47.2