On Tue, Oct 01, 2024 at 03:27:19PM +0000, Job Snijders via Bird-users wrote: > ps. It seems TCP-MD5 for BGP doesn't work out-of-the-box on OpenBSD, > downstream porters apply a few minimal patches: > https://github.com/openbsd/ports/tree/master/net/bird/2/patches > perhaps these can be upstreamed so that we can work towards TCP-MD5 RTR > support in BIRD on OpenBSD as well? :-)
Missed that from your mail. Will look at these OpenBSD patches, but sometime later. BTW, the RPKI TCP-MD5 will not work on BSD as-is, because setkey call is done as a part of sk_set_md5_auth() on the listening socket and not done on the outgoing socket. That is not an issue in BGP, where a protocol always have a listening socket. This issue would require some refactoring for later. -- Elen sila lumenn' omentielvo Ondrej 'Santiago' Zajicek (email: [email protected]) "To err is human -- to blame it on a computer is even more so."
