diff options
author | Ondrej Zajicek (work) <santiago@crfreenet.org> | 2020-02-27 16:16:48 +0100 |
---|---|---|
committer | Ondrej Zajicek (work) <santiago@crfreenet.org> | 2020-02-27 17:29:17 +0100 |
commit | 757cab18d6427d9246618ce48c158f2b05183838 (patch) | |
tree | 3dc5a4d2923be9e5e54f374f9788635428269423 /proto/bgp | |
parent | 22c3cf955dbbb65aa29e322efa70dabb749f0232 (diff) |
BGP: Support for MD5SIG together with remote range
When dynamic BGP with remote range is configured, MD5SIG needs to use
newer socket option (TCP_MD5SIG_EXT) to specify remote addres range for
listening socket.
Thanks to Adam KuĊagowski for the suggestion.
Diffstat (limited to 'proto/bgp')
-rw-r--r-- | proto/bgp/bgp.c | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/proto/bgp/bgp.c b/proto/bgp/bgp.c index 83105a68..b9ed6c78 100644 --- a/proto/bgp/bgp.c +++ b/proto/bgp/bgp.c @@ -247,8 +247,17 @@ bgp_setup_auth(struct bgp_proto *p, int enable) { if (p->cf->password) { + ip_addr prefix = p->cf->remote_ip; + int pxlen = -1; + + if (p->cf->remote_range) + { + prefix = net_prefix(p->cf->remote_range); + pxlen = net_pxlen(p->cf->remote_range); + } + int rv = sk_set_md5_auth(p->sock->sk, - p->cf->local_ip, p->cf->remote_ip, p->cf->iface, + p->cf->local_ip, prefix, pxlen, p->cf->iface, enable ? p->cf->password : NULL, p->cf->setkey); if (rv < 0) |