From 69ecbc6ae7951dcf5b07aad20851d4512489369b Mon Sep 17 00:00:00 2001 From: Donatas Abraitis Date: Fri, 10 Jun 2022 16:32:39 +0300 Subject: [PATCH] bgpd: Set TTL for iBGP/eBGP by checking only if Generic TTL security applied We set peer->ttl according if it's iBGP or eBGP, but when setting the TTL, we technically ignore it. Relax a bit and set TTL only if no GTSM configured. Signed-off-by: Donatas Abraitis --- bgpd/bgp_network.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/bgpd/bgp_network.c b/bgpd/bgp_network.c index 77e2a0f53f..bdd7ae04c2 100644 --- a/bgpd/bgp_network.c +++ b/bgpd/bgp_network.c @@ -224,8 +224,7 @@ int bgp_set_socket_ttl(struct peer *peer, int bgp_sock) { int ret = 0; - /* In case of peer is EBGP, we should set TTL for this connection. */ - if (!peer->gtsm_hops && (peer_sort_lookup(peer) == BGP_PEER_EBGP)) { + if (!peer->gtsm_hops) { ret = sockopt_ttl(peer->su.sa.sa_family, bgp_sock, peer->ttl); if (ret) { flog_err( @@ -234,7 +233,7 @@ int bgp_set_socket_ttl(struct peer *peer, int bgp_sock) __func__, &peer->remote_id, errno); return ret; } - } else if (peer->gtsm_hops) { + } else { /* On Linux, setting minttl without setting ttl seems to mess with the outgoing ttl. Therefore setting both. -- 2.39.5