Fix MD5 TCP signature usage with latest tcpmd5 kernel module

PR:		21890
Submitted by:	ae
Reported by:	Joseph Mulloy <freebsd-bugs@joe.mulloy.me>
Approved by:	melifaro (maintainer)

Fix build with option FIREWALL

PR:		217150
Submitted by:	olivier
Reported by:	O. Hartmann <ohartmann@walstatt.org>
Approved by:	melifaro (maintainer)
Sponsored by:	Orange

1 files changed, 19 insertions, 0 deletions

diff --git a/net/bird/files/patch-sysdep-bsd-setkey.h b/net/bird/files/patch-sysdep-bsd-setkey.h
new file mode 100644
index 000000000000..9eb12f81e92e
--- /dev/null
+++ b/net/bird/files/patch-sysdep-bsd-setkey.h
@@ -0,0 +1,19 @@
+--- sysdep/bsd/setkey.h	2017-05-15 14:04:47.215628000 +0300
++++ sysdep/bsd/setkey.h	2017-05-15 14:05:36.850028000 +0300
+@@ -158,12 +158,14 @@ sk_set_md5_in_sasp_db(sock *s, ip_addr local, ip_addr 
+     if (len > TCP_KEYLEN_MAX)
+       ERR_MSG("The password for TCP MD5 Signature is too long");
+ 
+-    if (setkey_md5(&src, &dst, passwd, SADB_ADD) < 0)
++    if (setkey_md5(&src, &dst, passwd, SADB_ADD) < 0 ||
++	setkey_md5(&dst, &src, passwd, SADB_ADD) < 0)
+       ERR_MSG("Cannot add TCP-MD5 password into the IPsec SA/SP database");
+   }
+   else
+   {
+-    if (setkey_md5(&src, &dst, NULL, SADB_DELETE) < 0)
++    if (setkey_md5(&src, &dst, NULL, SADB_DELETE) < 0 ||
++	setkey_md5(&dst, &src, NULL, SADB_DELETE) < 0)
+       ERR_MSG("Cannot delete TCP-MD5 password from the IPsec SA/SP database");
+   }
+   return 0;