[quagga-dev 3493] Re: rfc2385 problem

Paul Jakma paul at clubi.ie
Sun Jun 5 17:20:48 BST 2005


On Fri, 3 Jun 2005, Niels Bakker wrote:

> Only for IPv4 (options MD5_SIGNATURES is dependent on FAST_IPSEC).

Ah.

I'm going to have a look at the various sockopt's which exist and see 
if we can't add at least support for the standard IPSec sockopt 
support which exists on a few OSes. The NetBSD/FreeBSD 'ipsec' man 
page hints at a sockopt, but doesnt appear to provide further 
documentation. Anyone know of examples or docs for the *BSD sockopt 
stuff?

The man page references a draft informational RFC by a colleague of 
mine, Dan McDonald of Sun. I'm poking him to see if he still a copy 
of the most recent version of it. If anyone knows whether Free/Net 
BSD follow that draft to the letter, would be useful information.

That would solve most of the Quagga side problems anyway - IPSec AH 
is more secure than TCP-MD5 too... Users could then start poking 
their distribution providers with a bit more vigor to have TCP-MD5 
supported too via the IPSec APIs.

regards,
-- 
Paul Jakma	paul at clubi.ie	paul at jakma.org	Key ID: 64A2FF6A
Fortune:
People who make no mistakes do not usually make anything.



More information about the Quagga-dev mailing list