On Thu, Oct 03, 2024 at 04:31:46PM +0200, Ondrej Zajicek wrote: > On Tue, Oct 01, 2024 at 03:27:19PM +0000, Job Snijders via Bird-users wrote: > > ps. It seems TCP-MD5 for BGP doesn't work out-of-the-box on OpenBSD, > > downstream porters apply a few minimal patches: > > https://github.com/openbsd/ports/tree/master/net/bird/2/patches > > perhaps these can be upstreamed so that we can work towards TCP-MD5 RTR > > support in BIRD on OpenBSD as well? :-) > > Missed that from your mail. Will look at these OpenBSD patches, but > sometime later. > > BTW, the RPKI TCP-MD5 will not work on BSD as-is, because setkey call is > done as a part of sk_set_md5_auth() on the listening socket and not done > on the outgoing socket. That is not an issue in BGP, where a protocol > always have a listening socket. This issue would require some refactoring > for later.
Yup, I noticed the same, but figured that landing Linux support first already is a good step forward. If those OpenBSD patches are merged, I'd happy to take a look what's needed to get RPKI TCP-MD5 in working order on *BSD. Kind regards, Job
