BSD: Add the IPsec SA/SP database entries control

Add code for manipulation with TCP-MD5 keys in the IPsec SA/SP database at FreeBSD systems. Now, BGP MD5 authentication (RFC 2385) keys are handled automatically on both Linux and FreeBSD. Based on patches from Pavel Tvrdik.
author: Ondrej Zajicek (work) <santiago@crfreenet.org> 2016-04-13 14:30:28 +0200
committer: Ondrej Zajicek (work) <santiago@crfreenet.org> 2016-04-13 14:37:09 +0200
commit: a7baa09862e6b4856cd66197c6bd74c7df336b8f (patch)
tree: 323e453c150273bb6d15bb19881affc8b43b6edf /proto/bgp/bgp.c
parent: 43fc6bb0fb720762f12124076e2241855741ceb5 (diff)
1 files changed, 4 insertions, 2 deletions
diff --git a/proto/bgp/bgp.c b/proto/bgp/bgp.c
index 94c8e5c2..2014525e 100644
--- a/proto/bgp/bgp.c
+++ b/proto/bgp/bgp.c
@@ -121,7 +121,8 @@ bgp_open(struct bgp_proto *p)
   bgp_counter++;
 
   if (p->cf->password)
-    if (sk_set_md5_auth(bgp_listen_sk, p->cf->remote_ip, p->cf->iface, p->cf->password) < 0)
+    if (sk_set_md5_auth(bgp_listen_sk, p->cf->source_addr, p->cf->remote_ip,
+			p->cf->iface, p->cf->password, p->cf->setkey) < 0)
       {
 	sk_log_error(bgp_listen_sk, p->p.name);
 	bgp_close(p, 0);
@@ -191,7 +192,8 @@ bgp_close(struct bgp_proto *p, int apply_md5)
   bgp_counter--;
 
   if (p->cf->password && apply_md5)
-    if (sk_set_md5_auth(bgp_listen_sk, p->cf->remote_ip, p->cf->iface, NULL) < 0)
+    if (sk_set_md5_auth(bgp_listen_sk, p->cf->source_addr, p->cf->remote_ip,
+			p->cf->iface, NULL, p->cf->setkey) < 0)
       sk_log_error(bgp_listen_sk, p->p.name);
 
   if (!bgp_counter)
author	Ondrej Zajicek (work) <santiago@crfreenet.org>	2016-04-13 14:30:28 +0200
committer	Ondrej Zajicek (work) <santiago@crfreenet.org>	2016-04-13 14:37:09 +0200
commit	a7baa09862e6b4856cd66197c6bd74c7df336b8f (patch)
tree	323e453c150273bb6d15bb19881affc8b43b6edf /proto/bgp/bgp.c
parent	43fc6bb0fb720762f12124076e2241855741ceb5 (diff)