summaryrefslogtreecommitdiff
path: root/proto/bgp
diff options
context:
space:
mode:
authorOndrej Zajicek (work) <santiago@crfreenet.org>2020-02-27 16:16:48 +0100
committerOndrej Zajicek (work) <santiago@crfreenet.org>2020-02-27 17:29:17 +0100
commit757cab18d6427d9246618ce48c158f2b05183838 (patch)
tree3dc5a4d2923be9e5e54f374f9788635428269423 /proto/bgp
parent22c3cf955dbbb65aa29e322efa70dabb749f0232 (diff)
BGP: Support for MD5SIG together with remote range
When dynamic BGP with remote range is configured, MD5SIG needs to use newer socket option (TCP_MD5SIG_EXT) to specify remote addres range for listening socket. Thanks to Adam KuĊ‚agowski for the suggestion.
Diffstat (limited to 'proto/bgp')
-rw-r--r--proto/bgp/bgp.c11
1 files changed, 10 insertions, 1 deletions
diff --git a/proto/bgp/bgp.c b/proto/bgp/bgp.c
index 83105a68..b9ed6c78 100644
--- a/proto/bgp/bgp.c
+++ b/proto/bgp/bgp.c
@@ -247,8 +247,17 @@ bgp_setup_auth(struct bgp_proto *p, int enable)
{
if (p->cf->password)
{
+ ip_addr prefix = p->cf->remote_ip;
+ int pxlen = -1;
+
+ if (p->cf->remote_range)
+ {
+ prefix = net_prefix(p->cf->remote_range);
+ pxlen = net_pxlen(p->cf->remote_range);
+ }
+
int rv = sk_set_md5_auth(p->sock->sk,
- p->cf->local_ip, p->cf->remote_ip, p->cf->iface,
+ p->cf->local_ip, prefix, pxlen, p->cf->iface,
enable ? p->cf->password : NULL, p->cf->setkey);
if (rv < 0)