BGP: Support for MD5SIG together with remote range

When dynamic BGP with remote range is configured, MD5SIG needs to use newer socket option (TCP_MD5SIG_EXT) to specify remote addres range for listening socket. Thanks to Adam Kułagowski for the suggestion.
author: Ondrej Zajicek (work) <santiago@crfreenet.org> 2020-02-27 16:16:48 +0100
committer: Ondrej Zajicek (work) <santiago@crfreenet.org> 2020-02-27 17:29:17 +0100
commit: 757cab18d6427d9246618ce48c158f2b05183838 (patch)
tree: 3dc5a4d2923be9e5e54f374f9788635428269423 /proto
parent: 22c3cf955dbbb65aa29e322efa70dabb749f0232 (diff)
1 files changed, 10 insertions, 1 deletions
diff --git a/proto/bgp/bgp.c b/proto/bgp/bgp.c
index 83105a68..b9ed6c78 100644
--- a/proto/bgp/bgp.c
+++ b/proto/bgp/bgp.c
@@ -247,8 +247,17 @@ bgp_setup_auth(struct bgp_proto *p, int enable)
 {
   if (p->cf->password)
   {
+    ip_addr prefix = p->cf->remote_ip;
+    int pxlen = -1;
+
+    if (p->cf->remote_range)
+    {
+      prefix = net_prefix(p->cf->remote_range);
+      pxlen = net_pxlen(p->cf->remote_range);
+    }
+
     int rv = sk_set_md5_auth(p->sock->sk,
-			     p->cf->local_ip, p->cf->remote_ip, p->cf->iface,
+			     p->cf->local_ip, prefix, pxlen, p->cf->iface,
 			     enable ? p->cf->password : NULL, p->cf->setkey);
 
     if (rv < 0)
author	Ondrej Zajicek (work) <santiago@crfreenet.org>	2020-02-27 16:16:48 +0100
committer	Ondrej Zajicek (work) <santiago@crfreenet.org>	2020-02-27 17:29:17 +0100
commit	757cab18d6427d9246618ce48c158f2b05183838 (patch)
tree	3dc5a4d2923be9e5e54f374f9788635428269423 /proto
parent	22c3cf955dbbb65aa29e322efa70dabb749f0232 (diff)