Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

OpenBSD tcpmd5 #5

Draft
wants to merge 14 commits into
base: dev
Choose a base branch
from
Draft

OpenBSD tcpmd5 #5

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
14 commits
Select commit Hold shift + click to select a range
976cbf7
Starting to split out OpenBSD tcpmd5.
robertkeizer Sep 18, 2024
1753802
Some minor comments as I work through this.
robertkeizer Sep 18, 2024
8288fda
Adding .build.yml for sr.ht pipeline.
robertkeizer Oct 15, 2024
17d6881
Pulling in bgpfix as well.
robertkeizer Oct 15, 2024
691602e
Adding some basic openbgpd setup in build yaml.
robertkeizer Oct 15, 2024
6265928
doas for ifconfig.
robertkeizer Oct 15, 2024
f4729c5
write the file, then mv with doas.
robertkeizer Oct 15, 2024
d247163
More automated testing work.
robertkeizer Oct 15, 2024
00d7d27
Slight naming changes on the interfaces; Specify right path.
robertkeizer Oct 15, 2024
9cc42b2
Simplifying things, just using a different port.
robertkeizer Oct 15, 2024
c417b29
Fixing indent. I hate yaml.
robertkeizer Oct 15, 2024
6026834
Don't need shell.
robertkeizer Oct 15, 2024
8b19a56
Use proper IP in all locations.
robertkeizer Oct 15, 2024
6aca99b
Didn't need the port after all.. duh.
robertkeizer Oct 15, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
37 changes: 37 additions & 0 deletions .build.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,37 @@
image: openbsd/7.5
shell: false
secrets:
- b2b00838-c8a8-441d-baaa-da121489d0bd
sources:
- [email protected]:~robertkeizer/bgpipe
- https://github.com/bgpfix/bgpfix.git
packages:
- go
tasks:
- install_bgpipe: |
cd bgpipe
go install .
- setup_networking: |
doas ifconfig vether1 198.51.100.1 255.255.255.0 up
- setup_bgpd: |
cat <<EOF>/tmp/bgpd.conf
AS 65001
router-id 198.51.100.1

listen on 198.51.100.1
network 198.51.100.0/24

neighbor 198.51.100.1 {
remote-as 65002
}

allow from 198.51.100.1
allow to 198.51.100.1
EOF

doas mv /tmp/bgpd.conf /etc
doas bgpd -vnf /etc/bgpd.conf
doas rcctl enable bgpd
doas rcctl start bgpd
- test: |
/home/build/go/bin/bgpipe connect 198.51.100.1 stdout
39 changes: 39 additions & 0 deletions stages/util_openbsd.go
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,39 @@
//go:build openbsd

package stages

import (
"syscall"
"golang.org/x/sys/unix"
)

func tcp_md5(md5pass string) func(net, addr string, c syscall.RawConn) error {
if len(md5pass) == 0 {
return nil
}

return func(net, addr string, c syscall.RawConn) error {

// * Check whether the tcpmd5 SA already exists
// * If it doesn't, depending on flags:
// * return an error and docs around setting up the sa.
// or
// * create a temporary file that can be used to load rules
// * Execute ipsecctl -f /path/to/file to load the sa

// https://blog.habets.se/2019/11/TCP-MD5.html

// setsockopt
var err error
c.Control(func(fd uintptr) {

/*
Future: 0x04 comes from https://github.com/openbsd/src/blob/master/sys/netinet/tcp.h#L217
While it is unlikely to change, looking it up would be better rather than having it hardcoded.
*/

err = unix.SetsockoptString(int(fd), unix.IPPROTO_TCP, 0x04, string("tcpmd5string"))
})
return err
}
}
2 changes: 1 addition & 1 deletion stages/util_unsupported.go
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
//go:build !linux
//go:build (!linux && !openbsd)

package stages

Expand Down