tcp-md5 check for incomming connection
Bruce M. Simpson
bms at FreeBSD.org
Tue Jan 29 19:35:57 PST 2008
Ingo Flaschberger wrote:
> Hi,
>
> linux does already support tcp-md5 checks for incomming connections,
> but freebsd not.
>
> I would like to implement this feature into freebsd.
> Any hints/wishes/considerations that I should consider?
Someone(tm) keeps threatening to do this every 9-12 months, but I've yet
to see patches.
- Another example of open sorce (What's missing? U!)
Inbound processing for tcp-md5 isn't really that big a deal, I'm amazed
it hasn't been deprecated and replaced with something less gnarly, but
that's the inertia of stuff at internet exchanges for you and with good
reason too.
I don't have free time to do any of this (volunteer work doesn't pay the
rent, and the costs of living spiral ever upwards), but I can try to
make time to review patches if Someone(tm) writes the support.
I believe one of the KAME guys took this and ran with it in NetBSD, so
look there first, pretty sure it checks the inbound.
And of course Kip needs to be in the loop so it works with TOE.
One of the things which I didn't finish was integrating TCP-MD5 with the
SPD too instead of only the SADB. This meant gnarly syntax for setkey(8).
later
BMS
More information about the freebsd-net
mailing list