20200225_jeffrey - silenceuncrio/diary GitHub Wiki
0905
review
M300 - task - [30%] P1 - DQA - BGP MD5 Authentication
昨天下班前利用 ./build.sh -f M300/0_GENERIC 已經 build 好了
MfgTool 燒錄完試一下
先有基本的 bgp 配置
再參考 Adding MD5-enabled BGP Neighbors 來 Enabling MD5
Router> enable
Router# configure terminal
Router(config)# router bgp 11
Router(config-router)# neighbor 192.168.1.13 password test
% Error while applying TCP-Sig to session(s)
Router(config-router)#
還是錯誤
現階段先捨棄 M300
1000
M330 - task - [0%] P2 - DQA - BGP MD5 Authentication
使用 VMware jjbox
M330 proscend 外層已完成
進 proscend 目錄
- Vendor/Prosucts = GENERIC/0_GENERIC
先有基本的 bgp 配置
再參考 Adding MD5-enabled BGP Neighbors 來 Enabling MD5
Router> enable
Router# configure terminal
Router(config)# router bgp 11
Router(config-router)# neighbor 192.168.1.13 password test
% Error while applying TCP-Sig to session(s)
Router(config-router)#
慘ㄚ
確認一下 M330 的 linux kernel 確實有把 CONFIG_TCP_MD5SIG 打開了
user@727b99c64c51:~/build_dir/linux-ar71xx_generic/linux-3.3.8$ cat .config | grep TCP_MD5
CONFIG_TCP_MD5SIG=y
參考 BGP: can't set sockopt TCP_MD5SIG 0 to socket 16
這邊有提到
Use this kernel options:
quagga needs this for MD5 passwords on BGP sessions
options TCP_SIGNATURE options FAST_IPSEC device crypto device cryptodev
試著參考 M360P 的 m360p_kernel_defconfig-3.10
看不出所以然
看到一個差別
m360p_defconfig
CONFIG_PACKAGE_kmod-crypto-md5=y
M330_defconfig
# CONFIG_PACKAGE_kmod-crypto-md5 is not set
改吧
離開 docker container 再進來
- cd 進 /home/user
- source proenv.sh
- make
1155
proscend 外層 build 好了
進 proscend 內層 build
透過 web ui 作 upgrade
1300
Router> enable
Router# configure terminal
Router(config)# router bgp 11
Router(config-router)# neighbor 192.168.1.13 password test
Router(config-router)#
沒出現錯誤了
而且利用 tcpdump 抓封包也確認了 TCP Options 裡有
- TCP Option - TCP MD5 signature
一口氣在 M330 上把 BGP MD5 Authentication 作完吧
架設環境如下
+-------+ +-------+
| | lan | |
| M330 +-------------------+-------------------+ M360P |
| | 192.168.1.11 192.168.1.13 | |
+-------+ +-------+
測試完畢
上 code 吧
commit d88fd381b8dbac9343dbd16380f8b946be77b308
Refs: [develop], {origin/develop}
Author: jeffrey <[email protected]>
Date: Tue Feb 25 13:55:28 2020 +0800
add 'MD5 Authentication' for BGP
M330_defconfig | 2 +-
proscend/prosrc/icos/icoslib/bgp/bgp.c | 33 ++
proscend/prosrc/icos/include/module_bgp.h | 24 ++
proscend/prosrc/www/app/feature/bgp.html | 415 ++-------------------
proscend/prosrc/www/app/feature/bgp.js | 40 +-
.../prosrc/www/app/feature/bgp_tab_general.html | 88 +++++
.../prosrc/www/app/feature/bgp_tab_neighbors.html | 199 ++++++++++
.../prosrc/www/app/feature/bgp_tab_networks.html | 110 ++++++
proscend/prosrc/www/app/locale-en.json | 2 +
proscend/prosrc/www/app/locale-fr.json | 2 +
proscend/prosrc/www/app/locale-zh-tw.json | 2 +
target/linux/ar71xx/config-3.3 | 1 +
12 files changed, 521 insertions(+), 397 deletions(-)
1400
M300 - task - [0%] P1 - release/v2.04 - WAN as LAN web ui
使用 VMware jbox
先 build 一版最新的 M300[release/v2.04]
WAN as LAN 原作者 code 上錯 branch 了
等原作者上 code 後再 build 一次
注意到相關的 web ui 最好使用 compile flag PROSRC_ETH_WAN_AS_LAN 包起來
commit 3f31f842da21cbe385ac9e94a070308e862bf3c7
Author: jeffrey <[email protected]>
Date: Tue Feb 25 16:21:38 2020 +0800
add 'WAN/LANx Port Function' field at 'System Ethernet' page
- also the 'System' panel at 'Status' page
- according to compile flag PROSRC_ETH_WAN_AS_LAN
proscend/prosrc/webcgi/status.c | 12 +++++++
proscend/prosrc/webcgi/switch.c | 8 +++++
proscend/prosrc/www/app/locale-en.json | 11 ++++++
proscend/prosrc/www/app/locale-fr.json | 11 ++++++
proscend/prosrc/www/app/locale-zh-tw.json | 11 ++++++
.../www/brand_advice/app/feature/status.html.src | 2 ++
.../www/brand_ctcu/app/feature/status.html.src | 2 ++
.../www/brand_cxr/app/feature/status.html.src | 2 ++
.../www/brand_digicomm/app/feature/status.html.src | 2 ++
.../www/brand_hytec/app/feature/status.html.src | 2 ++
.../www/brand_nobrand/app/feature/status.html.src | 2 ++
.../www/brand_planet/app/feature/status.html.src | 2 ++
.../www/brand_xentino/app/feature/status.html.src | 2 ++
.../prosrc/www/src/app/feature/switch.html.src | 42 ++++++++++++++++++++++
14 files changed, 111 insertions(+)
commit 637c1bff883fb551f369e026958ef58089e9cb26
Refs: [release/v2.04], {origin/release/v2.04}
Author: jeffrey <[email protected]>
Date: Tue Feb 25 16:37:21 2020 +0800
update the online manual for 'System > Ethernet'
- also the status
proscend/prosrc/www/brand_advice/app/feature/status.html.src | 2 ++
proscend/prosrc/www/brand_ctcu/app/feature/status.html.src | 2 ++
proscend/prosrc/www/brand_cxr/app/feature/status.html.src | 2 ++
proscend/prosrc/www/brand_digicomm/app/feature/status.html.src | 2 ++
proscend/prosrc/www/brand_hytec/app/feature/status.html.src | 2 ++
proscend/prosrc/www/brand_nobrand/app/feature/status.html.src | 2 ++
proscend/prosrc/www/brand_planet/app/feature/status.html.src | 2 ++
proscend/prosrc/www/brand_xentino/app/feature/status.html.src | 2 ++
proscend/prosrc/www/src/manual/status.h.html | 10 +++++++++-
proscend/prosrc/www/src/manual/system_ethernet.h.html | 8 ++++++++
10 files changed, 33 insertions(+), 1 deletion(-)
收工
1710
M330 - task - [100%] P2 - DQA - BGP MD5 Authentication
- [結案] 已經非正式的將 local build 的 firmware.img 給 DQA
M300 - task - [100%] P1 - DQA - BGP MD5 Authentication
- 明確讓 ariel 知道目前 M300 遇到的狀況
- [結案] 後續有客戶需求再花時間
1800
幫 ariel 修一下 online manual
commit e91f203ebf97b107c9950ef97e9f3879f2a6ff7d
Refs: [release/v1.00], {origin/release/v1.00}
Author: jeffrey <[email protected]>
Date: Tue Feb 25 17:59:27 2020 +0800
different description for item 'apn' at 'LTE > APN Config' according to compile flag
if defined(PROSRC_LTE_BRIDGE_ROUTER) || defined(PROSRC_LTE_ROUTER_ROUTER)
<description 1>
else
<description 2>
endif
proscend/prosrc/www/src/manual/lte_apn_config.h.html | 17 ++++++++++++++++-
1 file changed, 16 insertions(+), 1 deletion(-)