[quagga-dev 3493] Re: rfc2385 problem
paul at clubi.ie
Sun Jun 5 17:20:48 BST 2005
On Fri, 3 Jun 2005, Niels Bakker wrote:
> Only for IPv4 (options MD5_SIGNATURES is dependent on FAST_IPSEC).
I'm going to have a look at the various sockopt's which exist and see
if we can't add at least support for the standard IPSec sockopt
support which exists on a few OSes. The NetBSD/FreeBSD 'ipsec' man
page hints at a sockopt, but doesnt appear to provide further
documentation. Anyone know of examples or docs for the *BSD sockopt
The man page references a draft informational RFC by a colleague of
mine, Dan McDonald of Sun. I'm poking him to see if he still a copy
of the most recent version of it. If anyone knows whether Free/Net
BSD follow that draft to the letter, would be useful information.
That would solve most of the Quagga side problems anyway - IPSec AH
is more secure than TCP-MD5 too... Users could then start poking
their distribution providers with a bit more vigor to have TCP-MD5
supported too via the IPSec APIs.
Paul Jakma paul at clubi.ie paul at jakma.org Key ID: 64A2FF6A
People who make no mistakes do not usually make anything.
More information about the Quagga-dev