[patch] Add TCP-MD5 authentication option for RPKI protocol
Ondrej Zajicek
santiago at crfreenet.org
Thu Oct 3 16:31:46 CEST 2024
On Tue, Oct 01, 2024 at 03:27:19PM +0000, Job Snijders via Bird-users wrote:
> ps. It seems TCP-MD5 for BGP doesn't work out-of-the-box on OpenBSD,
> downstream porters apply a few minimal patches:
> https://github.com/openbsd/ports/tree/master/net/bird/2/patches
> perhaps these can be upstreamed so that we can work towards TCP-MD5 RTR
> support in BIRD on OpenBSD as well? :-)
Missed that from your mail. Will look at these OpenBSD patches, but
sometime later.
BTW, the RPKI TCP-MD5 will not work on BSD as-is, because setkey call is
done as a part of sk_set_md5_auth() on the listening socket and not done
on the outgoing socket. That is not an issue in BGP, where a protocol
always have a listening socket. This issue would require some refactoring
for later.
--
Elen sila lumenn' omentielvo
Ondrej 'Santiago' Zajicek (email: santiago at crfreenet.org)
"To err is human -- to blame it on a computer is even more so."
More information about the Bird-users
mailing list