GRE with key
Cristian KLEIN
cristi at net.utcluj.ro
Tue Mar 27 13:11:15 UTC 2007
Hi,
Thank you for your quick reply.
Bruce M. Simpson wrote:
> Cristian KLEIN wrote:
>> Hello everybody,
>>
>> I am new to FreeBSD kernel hacking, so please excuse my perhaps stupid
>> questions.
>>
>> I would like to add key support to gre(4). I have already been able to
>> use gre(4) with a hardcoded key. The single thing remaining to do is to
>> transfer the key from ifconfig(8). The key is an uint32_t and I haven't
>> found a way to transfer it without modifying ifconfig(8).
>>
> Excellent. Thanks for volunteering to do this!
I just wanted to be able to use the OS I like. ;)
>> My question is, which is the "BSD-style" to achieve the above? Solutions
>> I came up with are as follows:
>> 1) Use SIOCSDRVSPEC / SIOCGDRVSPEC
>> 2) Add SIOCSGREKEY / SIOCGGREKEY
>> 3) [Probably to ugly to be mentioned, but requires fairy few
>> modifications.] Add a sysctl MIB which is read when calling "ifconfig
>> ... create".
>>
> If I were doing this, I would add the code to ifconfig.c where the other
> tunnel stuff lives, and go for option number 2. Feel free to modify
> ifconfig to accomodate the the new options.
I have added GREGKEY / GRESKEY in if_gre.h and included this file in
ifconfig.c.
>> Another thing I wanted to ask is, which function of ifconfig(8) should I
>> modify to display the GRE key?
>>
> Look at how af_status_tunnel() works and consider adding it there.
I have included key displaying in status() because it is af independent.
Please review the patch, so I can PR it. The patch is against
RELENG_6_2. Could someone check whether it works on HEAD?
http://users.utcluj.ro/~cristiklein/patches/grekey.patch
One note: gre(4) still ignores incomming keys (i.e. accepts any
incomming key) and I think that is quite okey, because they are
deprecated in RFC2784. However, should someone find it useful, I am
willing to implement it, for the sake of correctness.
I have tested the current implementation against both a Cisco router and
a Linux box, so it should work for everybody.
Thank you for your help!
More information about the freebsd-net
mailing list