Mailing List Archive

Thu, Nov 23, 2017 at 10:33:44AM -0500, Gerhard Mourani:
>
> Hello,
>
> In the pass, I've got problem related to OSPF MD5 Key with Fortigate devices who changed all time. See this post for more information about the problem -> http://www.shrubbery.net/pipermail/rancid-discuss/2016-December/009317.html <http://www.shrubbery.net/pipermail/rancid-discuss/2016-December/009317.html>
>
> This seem to be fixed but come back with Rancid 3.7 and FortiGate version 5.4.6. Here some example of the annoying output:
>
> @@ -44723,9 +44723,9 @@
> unset md5-key
> unset md5-key
> unset md5-key
> unset md5-key
> - set md5-key 10 "ENC 3yV3M0T82oypXb4WPTZe5cgOe5az"
> + set md5-key 10 "ENC ihw7GyiIM/c7Pj741Siec2vF/ahW"
> unset md5-key
> unset md5-key
> unset md5-key
> unset md5-key
>
> Gerhard,

Does this work?

Index: bin/fnrancid.in
===================================================================
--- bin/fnrancid.in (revision 3734)
+++ bin/fnrancid.in (working copy)
@@ -248,7 +248,7 @@
next;
}
# filter ospf md5-keys
- if (/^(\s*set)\smd5-key\s(.)\s(.*)/ && $filter_osc) {
+ if (/^(\s*set)\smd5-key\s(\d+)\s(.*)/ && $filter_osc) {
ProcessHistory("","","","#$1 md5-key $2 <removed>\n");
next;
}

_______________________________________________
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Hello,

I've relocated the ospf md5-keys filter definition before the rsa filter and this make it work.

@@ -224,7 +228,11 @@
ProcessHistory("","","","#$1 last-login <removed>\n");
next;
}
-
+ # filter ospf md5-keys
+ if (/^(\s*set)\smd5-key\s(.)\s(.*)/ && $filter_osc) {
+ ProcessHistory("","","","#$1 md5-key $2 <removed>\n");
+ next;
+ }
# filter cycling RSA private keys
if ($filter_osc &&
/^\s*set private-key "-----BEGIN (RSA|ENCRYPTED) PRIVATE KEY-----/) {
@@ -247,11 +255,6 @@
ProcessHistory("ENC","","","#$1 ENC <removed> $4\n");
next;
}
- # filter ospf md5-keys
- if (/^(\s*set)\smd5-key\s(.)\s(.*)/ && $filter_osc) {
- ProcessHistory("","","","#$1 md5-key $2 <removed>\n");
- next;
- }

ProcessHistory("","","","$_");
}


> On Nov 28, 2017, at 11:34 AM, heasley <heas@shrubbery.net> wrote:
>
> Thu, Nov 23, 2017 at 10:33:44AM -0500, Gerhard Mourani:
>>
>> Hello,
>>
>> In the pass, I've got problem related to OSPF MD5 Key with Fortigate devices who changed all time. See this post for more information about the problem -> http://www.shrubbery.net/pipermail/rancid-discuss/2016-December/009317.html <http://www.shrubbery.net/pipermail/rancid-discuss/2016-December/009317.html>
>>
>> This seem to be fixed but come back with Rancid 3.7 and FortiGate version 5.4.6. Here some example of the annoying output:
>>
>> @@ -44723,9 +44723,9 @@
>> unset md5-key
>> unset md5-key
>> unset md5-key
>> unset md5-key
>> - set md5-key 10 "ENC 3yV3M0T82oypXb4WPTZe5cgOe5az"
>> + set md5-key 10 "ENC ihw7GyiIM/c7Pj741Siec2vF/ahW"
>> unset md5-key
>> unset md5-key
>> unset md5-key
>> unset md5-key
>>
>> Gerhard,
>
> Does this work?
>
> Index: bin/fnrancid.in
> ===================================================================
> --- bin/fnrancid.in (revision 3734)
> +++ bin/fnrancid.in (working copy)
> @@ -248,7 +248,7 @@
> next;
> }
> # filter ospf md5-keys
> - if (/^(\s*set)\smd5-key\s(.)\s(.*)/ && $filter_osc) {
> + if (/^(\s*set)\smd5-key\s(\d+)\s(.*)/ && $filter_osc) {
> ProcessHistory("","","","#$1 md5-key $2 <removed>\n");
> next;
> }
>

Tue, Nov 28, 2017 at 02:42:46PM -0500, Gerhard Mourani:
> Hello,
>
> I've relocated the ospf md5-keys filter definition before the rsa filter and this make it work.
>
> @@ -224,7 +228,11 @@
> ProcessHistory("","","","#$1 last-login <removed>\n");
> next;
> }
> -
> + # filter ospf md5-keys
> + if (/^(\s*set)\smd5-key\s(.)\s(.*)/ && $filter_osc) {
> + ProcessHistory("","","","#$1 md5-key $2 <removed>\n");
> + next;
> + }
> # filter cycling RSA private keys
> if ($filter_osc &&
> /^\s*set private-key "-----BEGIN (RSA|ENCRYPTED) PRIVATE KEY-----/) {
> @@ -247,11 +255,6 @@

i see; it was matching the filter that was prior to it; line 244.

> ProcessHistory("ENC","","","#$1 ENC <removed> $4\n");
> next;
> }
> - # filter ospf md5-keys
> - if (/^(\s*set)\smd5-key\s(.)\s(.*)/ && $filter_osc) {
> - ProcessHistory("","","","#$1 md5-key $2 <removed>\n");
> - next;
> - }
>
> ProcessHistory("","","","$_");
> }
>
>
> > On Nov 28, 2017, at 11:34 AM, heasley <heas@shrubbery.net> wrote:
> >
> > Thu, Nov 23, 2017 at 10:33:44AM -0500, Gerhard Mourani:
> >>
> >> Hello,
> >>
> >> In the pass, I've got problem related to OSPF MD5 Key with Fortigate devices who changed all time. See this post for more information about the problem -> http://www.shrubbery.net/pipermail/rancid-discuss/2016-December/009317.html <http://www.shrubbery.net/pipermail/rancid-discuss/2016-December/009317.html>
> >>
> >> This seem to be fixed but come back with Rancid 3.7 and FortiGate version 5.4.6. Here some example of the annoying output:
> >>
> >> @@ -44723,9 +44723,9 @@
> >> unset md5-key
> >> unset md5-key
> >> unset md5-key
> >> unset md5-key
> >> - set md5-key 10 "ENC 3yV3M0T82oypXb4WPTZe5cgOe5az"
> >> + set md5-key 10 "ENC ihw7GyiIM/c7Pj741Siec2vF/ahW"
> >> unset md5-key
> >> unset md5-key
> >> unset md5-key
> >> unset md5-key
> >>
> >> Gerhard,
> >
> > Does this work?
> >
> > Index: bin/fnrancid.in
> > ===================================================================
> > --- bin/fnrancid.in (revision 3734)
> > +++ bin/fnrancid.in (working copy)
> > @@ -248,7 +248,7 @@
> > next;
> > }
> > # filter ospf md5-keys
> > - if (/^(\s*set)\smd5-key\s(.)\s(.*)/ && $filter_osc) {
> > + if (/^(\s*set)\smd5-key\s(\d+)\s(.*)/ && $filter_osc) {
> > ProcessHistory("","","","#$1 md5-key $2 <removed>\n");
> > next;
> > }
> >
>

_______________________________________________
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss