Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 27 Mar 2007 16:11:02 +0300
From:      Cristian KLEIN <cristi@net.utcluj.ro>
To:        "Bruce M. Simpson" <bms@FreeBSD.org>
Cc:        freebsd-net@freebsd.org
Subject:   Re: GRE with key
Message-ID:  <460917E6.1060604@net.utcluj.ro>
In-Reply-To: <460839E1.8080408@FreeBSD.org>
References:  <46081CB9.6030109@net.utcluj.ro> <460839E1.8080408@FreeBSD.org>

next in thread | previous in thread | raw e-mail | index | archive | help
Hi,

Thank you for your quick reply.

Bruce M. Simpson wrote:
> Cristian KLEIN wrote:
>> Hello everybody,
>>
>> I am new to FreeBSD kernel hacking, so please excuse my perhaps stupid
>> questions.
>>
>> I would like to add key support to gre(4). I have already been able to
>> use gre(4) with a hardcoded key. The single thing remaining to do is to
>> transfer the key from ifconfig(8). The key is an uint32_t and I haven't
>> found a way to transfer it without modifying ifconfig(8).
>>   
> Excellent. Thanks for volunteering to do this!

I just wanted to be able to use the OS I like. ;)

>> My question is, which is the "BSD-style" to achieve the above? Solutions
>> I came up with are as follows:
>> 1) Use SIOCSDRVSPEC / SIOCGDRVSPEC
>> 2) Add SIOCSGREKEY / SIOCGGREKEY
>> 3) [Probably to ugly to be mentioned, but requires fairy few
>> modifications.] Add a sysctl MIB which is read when calling "ifconfig
>> ... create".
>>   
> If I were doing this, I would add the code to ifconfig.c where the other
> tunnel stuff lives, and go for option number 2. Feel free to modify
> ifconfig to accomodate the the new options.

I have added GREGKEY / GRESKEY in if_gre.h and included this file in
ifconfig.c.

>> Another thing I wanted to ask is, which function of ifconfig(8) should I
>> modify to display the GRE key?
>>   
> Look at how af_status_tunnel() works and consider adding it there.

I have included key displaying in status() because it is af independent.

Please review the patch, so I can PR it. The patch is against
RELENG_6_2. Could someone check whether it works on HEAD?
http://users.utcluj.ro/~cristiklein/patches/grekey.patch

One note: gre(4) still ignores incomming keys (i.e. accepts any
incomming key) and I think that is quite okey, because they are
deprecated in RFC2784. However, should someone find it useful, I am
willing to implement it, for the sake of correctness.

I have tested the current implementation against both a Cisco router and
a Linux box, so it should work for everybody.

Thank you for your help!



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?460917E6.1060604>