Bug 1090162

Summary: Support TCP MD5SIG option for bgp md5 password auth (when using openSUSE as a router)
Product: [openSUSE] openSUSE Tumbleweed Reporter: Grover Chou <groverchout>
Component: KernelAssignee: Michal Kubeček <mkubecek>
Status: RESOLVED FIXED QA Contact: E-mail List <qa-bugs>
Severity: Enhancement    
Priority: P4 - Low CC: jcheung, mkubecek
Version: Current   
Target Milestone: ---   
Hardware: Other   
OS: Other   
Whiteboard:
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Grover Chou 2018-04-19 07:51:33 UTC
I use bird[1] on openSUSE to manage BGP routing.
One of my peer using TCP MD5 Signature[2] to protect BGP session.
But it requires MD5SIG enabled in the kernel.
I did a simple check to be sure that this was not enabled in
openSUSE Tumbleweed (even Leap series).

    grep MD5SIG /boot/config-4.16.1-1-default

So please consider its coverage.

[1] http://bird.network.cz
[2] https://www.ietf.org/rfc/rfc2385.txt
Comment 1 Michal Kubeček 2018-04-20 07:24:47 UTC
I'm going to enable TCP_MD5SIG in master and stable branches. It's too late
for Leap 15.0, though, as it would change kABI which is already frozen.
Comment 2 Michal Kubeček 2018-05-07 08:25:42 UTC
CONFIG_TCP_MD5SIG is now enabled in master and stable branches (so that the
change is going to propagate into Tumbleweed package soon). It's also going to
be enabled in openSUSE Leap 15.1 kernel (not 15.0, though).

Closing.
Comment 3 Swamp Workflow Management 2019-02-28 18:00:20 UTC
This is an autogenerated message for OBS integration:
This bug (1090162) was mentioned in
https://build.opensuse.org/request/show/680183 15.1 / kernel-source