Download raw body.
bgpd: add tcp md5sum and ipsec support for rtr sessions
On Wed, Oct 09, 2024 at 10:34:20AM +0200, Claudio Jeker wrote:
> This adds the parse.y and printconf.c bits to configure tcp md5sum and
> ipsec for rtr sessions.
>
> I tested that this does not break tcp md5 for BGP sessions but I have
> no rtr cache that supports tcp md5 at hand so that part is untested.
I have an publicly available stayrtr instance, patch for TCP-MD5 support over
IPv4; seems to work for both OpenBGPD and BIRD:
# cat /etc/bgpd.conf
AS 15562
rtr 165.254.255.17 {
port 8282
tcp md5sig password "test"
}
# rcctl -f start bgpd
bgpd(ok)
# bgpctl show rtr
RTR neighbor is 165.254.255.17, port 8282
State: established
Description: 165.254.255.17
Version: 1 min 0 Session ID: 33413 Serial #: 1586
Refresh: 3600, Retry: 600, Expire: 7200
RTR RefreshTimer due in 00:59:51
RTR ExpireTimer due in 01:59:51
# bgpctl show sets
Type Name #IPv4 #IPv6 #ASnum Last Change
ROA RPKI ROA 445112 110818 - 00:00:07
ASPA RPKI ASPA - - 0 Never
Anyway, TCP-MD5 also OK job@
> Also ipsec is untested.
not 100% sure how to go about testing that one
Kind regards,
Job
bgpd: add tcp md5sum and ipsec support for rtr sessions