BSD: Add the IPsec SA/SP database entries control

	only. Default: disabled.

	<tag>password <m/string/</tag>

	Use this password for MD5 authentication of BGP sessions. Default: no

	authentication. Password has to be set by external utility

	(e.g. setkey(8)) on BSD systems.

	Use this password for MD5 authentication of BGP sessions (RFC 2385).

	When used on BSD systems, see also <cf/setkey/ option below. Default:

	no authentication.

	<tag>setkey <m/switch/</tag>

	On BSD systems, keys for TCP MD5 authentication are stored in the global

	SA/SP database, which can be accessed by external utilities (e.g.

	setkey(8)). BIRD configures security associations in the SA/SP database

	automatically based on <cf/password/ options (see above), this option

	allows to disable automatic updates by BIRD when manual configuration by

	external utilities is preferred. Note that automatic SA/SP database

	updates are currently implemented only for FreeBSD. Passwords have to be

	set manually by an external utility on NetBSD and OpenBSD. Default:

	enabled (ignored on non-FreeBSD).

	<tag>passive <m/switch/</tag>

	Standard BGP behavior is both initiating outgoing connections and

int sk_setup_broadcast(sock *s);

int sk_set_ttl(sock *s, int ttl);	/* Set transmit TTL for given socket */

int sk_set_min_ttl(sock *s, int ttl);	/* Set minimal accepted TTL for given socket */

int sk_set_md5_auth(sock *s, ip_addr a, struct iface *ifa, char *passwd);

int sk_set_md5_auth(sock *s, ip_addr local, ip_addr remote, struct iface *ifa, char *passwd, int setkey);

int sk_set_ipv6_checksum(sock *s, int offset);

int sk_set_icmp6_filter(sock *s, int p1, int p2);

void sk_log_error(sock *s, const char *p);

  bgp_counter++;

  if (p->cf->password)

    if (sk_set_md5_auth(bgp_listen_sk, p->cf->remote_ip, p->cf->iface, p->cf->password) < 0)

    if (sk_set_md5_auth(bgp_listen_sk, p->cf->source_addr, p->cf->remote_ip,

			p->cf->iface, p->cf->password, p->cf->setkey) < 0)

      {

	sk_log_error(bgp_listen_sk, p->p.name);

	bgp_close(p, 0);

  bgp_counter--;

  if (p->cf->password && apply_md5)

    if (sk_set_md5_auth(bgp_listen_sk, p->cf->remote_ip, p->cf->iface, NULL) < 0)

    if (sk_set_md5_auth(bgp_listen_sk, p->cf->source_addr, p->cf->remote_ip,

			p->cf->iface, NULL, p->cf->setkey) < 0)

      sk_log_error(bgp_listen_sk, p->p.name);

  if (!bgp_counter)

  int add_path;				/* Use ADD-PATH extension [draft] */

  int allow_local_as;			/* Allow that number of local ASNs in incoming AS_PATHs */

  int gr_mode;				/* Graceful restart mode (BGP_GR_*) */

  int setkey;				/* Set MD5 password to system SA/SP database */

  unsigned gr_time;			/* Graceful restart timeout */

  unsigned connect_delay_time;		/* Minimum delay between connect attempts */

  unsigned connect_retry_time;		/* Timeout for connect attempts */

	INTERPRET, COMMUNITIES, BGP_ORIGINATOR_ID, BGP_CLUSTER_LIST, IGP,

	TABLE, GATEWAY, DIRECT, RECURSIVE, MED, TTL, SECURITY, DETERMINISTIC,

	SECONDARY, ALLOW, BFD, ADD, PATHS, RX, TX, GRACEFUL, RESTART, AWARE,

	CHECK, LINK, PORT, EXTENDED, MESSAGES)

	CHECK, LINK, PORT, EXTENDED, MESSAGES, SETKEY)

CF_GRAMMAR

     BGP_CFG->default_local_pref = 100;

     BGP_CFG->gr_mode = BGP_GR_AWARE;

     BGP_CFG->gr_time = 120;

     BGP_CFG->setkey = 1;

 }

 ;

 | bgp_proto CAPABILITIES bool ';' { BGP_CFG->capabilities = $3; }

 | bgp_proto ADVERTISE IPV4 bool ';' { BGP_CFG->advertise_ipv4 = $4; }

 | bgp_proto PASSWORD text ';' { BGP_CFG->password = $3; }

 | bgp_proto SETKEY bool ';' { BGP_CFG->setkey = $3; }

 | bgp_proto ROUTE LIMIT expr ';' {

     this_proto->in_limit = cfg_allocz(sizeof(struct proto_limit));

     this_proto->in_limit->limit = $4;