Hey Robert! So nice to see such a great PR, and I'm 100% for supporting OpenBSD, and the *BSD platforms in general.

However, it's been a while since I last run and administered an OpenBSD box (oh man, the 5.0 release was so long ago) and I need some time to get up to speed in order to respond to your PR, OK?

Some context for this work I can think of:

• this project needs to prioritize automated testing, and this PR should add OpenBSD (and maybe OpenBGPD too) into the scope for testing
• my dev pipeline currently processes ADD_PATH support, plus some more features, in the dev branch (see ADD_PATH and other features bgpfix#5) - which should be merged into the main branch soon - when this happens, do you think you could re-base your commits on top of that? in the meantime, I'll try to go through your changes and make my mind as to how to support OpenBSD in bgpipe

@robertkeizer A few comments as I'm back to this PR:

1. I've released bgpipe v0.9.0 and merged ADD_PATH, grep, and caps #6 into main. Could you please re-base your work on the top of the new dev branch?

2. I'm trying to understand the OpenBSD's TCP-MD5 context and expected behavior. IIRC, you think people would expect bgpipe to fail to start if TCP-MD5 was requested but security association was not setup. However, I found that OpenBGPD will happily setup the keys if configured in bgpd.conf(5): see https://github.com/openbgpd-portable/openbgpd-openbsd/blob/master/src/usr.sbin/bgpd/pfkey.c#L532. Thus, I'm a bit towards the OpenBGPD way (setup the association if needed), but also provide a flag (eg. --ipsec) to skip that and do things the way you suggested. What do you think?

3. Is there anything I could do to help you in finishing this PR? I really like your initiative and would love to see this merged and released soon. Thank you!

Hey @pforemski , thanks for the feedback.

1. Absolutely; I'll rebase and also clean it up a bit in terms of commits.

2. After thinking about this a bit more, I think you're 100% right; Ideally the TCP-MD5 security association should be attempted to be setup and "just work" if possible. My original thinking was flawed, and if a permission error occurs around not running bgpipe with the permissions to create the security association, erroring out at that point makes sense.

I'm wondering what happens to the security assocation if bgpipe sets one up and is subsequently killed or exits abnormally, but I suppose that's an easy RTFM and test as part of the PR work really.

3. You've done that by responding to the PR and being clear about what you think should be done and why. This PR was very much a "I made it work, I should at least clean it up a bit and toss a draft PR in to see what next steps should be" kind of situation

Great, let me know if/when I can be of any help here. Happy to test this when you're done on OpenBSD 7.6 :-) (take your time, no rush)

Using sr.ht for some OpenBSD builds and tests ( this link for reference ).