Discussion:
[rancid] Fortigate OSPF MD5 key again
Gerhard Mourani
2017-11-23 15:33:44 UTC
Permalink
Hello,

In the pass, I've got problem related to OSPF MD5 Key with Fortigate devices who changed all time. See this post for more information about the problem -> http://www.shrubbery.net/pipermail/rancid-discuss/2016-December/009317.html <http://www.shrubbery.net/pipermail/rancid-discuss/2016-December/009317.html>

This seem to be fixed but come back with Rancid 3.7 and FortiGate version 5.4.6. Here some example of the annoying output:

@@ -44723,9 +44723,9 @@
unset md5-key
unset md5-key
unset md5-key
unset md5-key
- set md5-key 10 "ENC 3yV3M0T82oypXb4WPTZe5cgOe5az"
+ set md5-key 10 "ENC ihw7GyiIM/c7Pj741Siec2vF/ahW"
unset md5-key
unset md5-key
unset md5-key
unset md5-key

Gerhard,
heasley
2017-11-28 16:34:07 UTC
Permalink
Post by Gerhard Mourani
Hello,
In the pass, I've got problem related to OSPF MD5 Key with Fortigate devices who changed all time. See this post for more information about the problem -> http://www.shrubbery.net/pipermail/rancid-discuss/2016-December/009317.html <http://www.shrubbery.net/pipermail/rancid-discuss/2016-December/009317.html>
@@ -44723,9 +44723,9 @@
unset md5-key
unset md5-key
unset md5-key
unset md5-key
- set md5-key 10 "ENC 3yV3M0T82oypXb4WPTZe5cgOe5az"
+ set md5-key 10 "ENC ihw7GyiIM/c7Pj741Siec2vF/ahW"
unset md5-key
unset md5-key
unset md5-key
unset md5-key
Gerhard,
Does this work?

Index: bin/fnrancid.in
===================================================================
--- bin/fnrancid.in (revision 3734)
+++ bin/fnrancid.in (working copy)
@@ -248,7 +248,7 @@
next;
}
# filter ospf md5-keys
- if (/^(\s*set)\smd5-key\s(.)\s(.*)/ && $filter_osc) {
+ if (/^(\s*set)\smd5-key\s(\d+)\s(.*)/ && $filter_osc) {
ProcessHistory("","","","#$1 md5-key $2 <removed>\n");
next;
}
Gerhard Mourani
2017-11-28 19:42:46 UTC
Permalink
Hello,

I've relocated the ospf md5-keys filter definition before the rsa filter and this make it work.

@@ -224,7 +228,11 @@
ProcessHistory("","","","#$1 last-login <removed>\n");
next;
}
-
+ # filter ospf md5-keys
+ if (/^(\s*set)\smd5-key\s(.)\s(.*)/ && $filter_osc) {
+ ProcessHistory("","","","#$1 md5-key $2 <removed>\n");
+ next;
+ }
# filter cycling RSA private keys
if ($filter_osc &&
/^\s*set private-key "-----BEGIN (RSA|ENCRYPTED) PRIVATE KEY-----/) {
@@ -247,11 +255,6 @@
ProcessHistory("ENC","","","#$1 ENC <removed> $4\n");
next;
}
- # filter ospf md5-keys
- if (/^(\s*set)\smd5-key\s(.)\s(.*)/ && $filter_osc) {
- ProcessHistory("","","","#$1 md5-key $2 <removed>\n");
- next;
- }

ProcessHistory("","","","$_");
}
Post by heasley
Post by Gerhard Mourani
Hello,
In the pass, I've got problem related to OSPF MD5 Key with Fortigate devices who changed all time. See this post for more information about the problem -> http://www.shrubbery.net/pipermail/rancid-discuss/2016-December/009317.html <http://www.shrubbery.net/pipermail/rancid-discuss/2016-December/009317.html>
@@ -44723,9 +44723,9 @@
unset md5-key
unset md5-key
unset md5-key
unset md5-key
- set md5-key 10 "ENC 3yV3M0T82oypXb4WPTZe5cgOe5az"
+ set md5-key 10 "ENC ihw7GyiIM/c7Pj741Siec2vF/ahW"
unset md5-key
unset md5-key
unset md5-key
unset md5-key
Gerhard,
Does this work?
Index: bin/fnrancid.in
===================================================================
--- bin/fnrancid.in (revision 3734)
+++ bin/fnrancid.in (working copy)
@@ -248,7 +248,7 @@
next;
}
# filter ospf md5-keys
- if (/^(\s*set)\smd5-key\s(.)\s(.*)/ && $filter_osc) {
+ if (/^(\s*set)\smd5-key\s(\d+)\s(.*)/ && $filter_osc) {
ProcessHistory("","","","#$1 md5-key $2 <removed>\n");
next;
}
heasley
2017-11-28 19:59:35 UTC
Permalink
Post by Gerhard Mourani
Hello,
I've relocated the ospf md5-keys filter definition before the rsa filter and this make it work.
@@ -224,7 +228,11 @@
ProcessHistory("","","","#$1 last-login <removed>\n");
next;
}
-
+ # filter ospf md5-keys
+ if (/^(\s*set)\smd5-key\s(.)\s(.*)/ && $filter_osc) {
+ ProcessHistory("","","","#$1 md5-key $2 <removed>\n");
+ next;
+ }
# filter cycling RSA private keys
if ($filter_osc &&
/^\s*set private-key "-----BEGIN (RSA|ENCRYPTED) PRIVATE KEY-----/) {
@@ -247,11 +255,6 @@
i see; it was matching the filter that was prior to it; line 244.
Post by Gerhard Mourani
ProcessHistory("ENC","","","#$1 ENC <removed> $4\n");
next;
}
- # filter ospf md5-keys
- if (/^(\s*set)\smd5-key\s(.)\s(.*)/ && $filter_osc) {
- ProcessHistory("","","","#$1 md5-key $2 <removed>\n");
- next;
- }
ProcessHistory("","","","$_");
}
Post by heasley
Post by Gerhard Mourani
Hello,
In the pass, I've got problem related to OSPF MD5 Key with Fortigate devices who changed all time. See this post for more information about the problem -> http://www.shrubbery.net/pipermail/rancid-discuss/2016-December/009317.html <http://www.shrubbery.net/pipermail/rancid-discuss/2016-December/009317.html>
@@ -44723,9 +44723,9 @@
unset md5-key
unset md5-key
unset md5-key
unset md5-key
- set md5-key 10 "ENC 3yV3M0T82oypXb4WPTZe5cgOe5az"
+ set md5-key 10 "ENC ihw7GyiIM/c7Pj741Siec2vF/ahW"
unset md5-key
unset md5-key
unset md5-key
unset md5-key
Gerhard,
Does this work?
Index: bin/fnrancid.in
===================================================================
--- bin/fnrancid.in (revision 3734)
+++ bin/fnrancid.in (working copy)
@@ -248,7 +248,7 @@
next;
}
# filter ospf md5-keys
- if (/^(\s*set)\smd5-key\s(.)\s(.*)/ && $filter_osc) {
+ if (/^(\s*set)\smd5-key\s(\d+)\s(.*)/ && $filter_osc) {
ProcessHistory("","","","#$1 md5-key $2 <removed>\n");
next;
}
Loading...