Date: Wed, 30 Jan 2008 03:35:55 +0000 From: "Bruce M. Simpson" <bms@FreeBSD.org> To: Ingo Flaschberger <if@xip.at> Cc: freebsd-net@freebsd.org Subject: Re: tcp-md5 check for incomming connection Message-ID: <479FF09B.4050705@FreeBSD.org> In-Reply-To: <alpine.LFD.1.00.0801291905020.17757@filebunker.xip.at> References: <alpine.LFD.1.00.0801291905020.17757@filebunker.xip.at>
next in thread | previous in thread | raw e-mail | index | archive | help
Ingo Flaschberger wrote: > Hi, > > linux does already support tcp-md5 checks for incomming connections, > but freebsd not. > > I would like to implement this feature into freebsd. > Any hints/wishes/considerations that I should consider? Someone(tm) keeps threatening to do this every 9-12 months, but I've yet to see patches. - Another example of open sorce (What's missing? U!) Inbound processing for tcp-md5 isn't really that big a deal, I'm amazed it hasn't been deprecated and replaced with something less gnarly, but that's the inertia of stuff at internet exchanges for you and with good reason too. I don't have free time to do any of this (volunteer work doesn't pay the rent, and the costs of living spiral ever upwards), but I can try to make time to review patches if Someone(tm) writes the support. I believe one of the KAME guys took this and ran with it in NetBSD, so look there first, pretty sure it checks the inbound. And of course Kip needs to be in the loop so it works with TOE. One of the things which I didn't finish was integrating TCP-MD5 with the SPD too instead of only the SADB. This meant gnarly syntax for setkey(8). later BMS
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?479FF09B.4050705>