From 757cab18d6427d9246618ce48c158f2b05183838 Mon Sep 17 00:00:00 2001
From: "Ondrej Zajicek (work)" <santiago@crfreenet.org>
Date: Thu, 27 Feb 2020 16:16:48 +0100
Subject: BGP: Support for MD5SIG together with remote range
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

When dynamic BGP with remote range is configured, MD5SIG needs to use
newer socket option (TCP_MD5SIG_EXT) to specify remote addres range for
listening socket.

Thanks to Adam Kułagowski for the suggestion.
---
 proto/bgp/bgp.c | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

(limited to 'proto/bgp')

diff --git a/proto/bgp/bgp.c b/proto/bgp/bgp.c
index 83105a68..b9ed6c78 100644
--- a/proto/bgp/bgp.c
+++ b/proto/bgp/bgp.c
@@ -247,8 +247,17 @@ bgp_setup_auth(struct bgp_proto *p, int enable)
 {
   if (p->cf->password)
   {
+    ip_addr prefix = p->cf->remote_ip;
+    int pxlen = -1;
+
+    if (p->cf->remote_range)
+    {
+      prefix = net_prefix(p->cf->remote_range);
+      pxlen = net_pxlen(p->cf->remote_range);
+    }
+
     int rv = sk_set_md5_auth(p->sock->sk,
-			     p->cf->local_ip, p->cf->remote_ip, p->cf->iface,
+			     p->cf->local_ip, prefix, pxlen, p->cf->iface,
 			     enable ? p->cf->password : NULL, p->cf->setkey);
 
     if (rv < 0)
-- 
cgit v1.2.3