[quagga-dev 3493] Re: rfc2385 problem

Paul Jakma paul at clubi.ie
Sun Jun 5 17:20:48 BST 2005

On Fri, 3 Jun 2005, Niels Bakker wrote:

> Only for IPv4 (options MD5_SIGNATURES is dependent on FAST_IPSEC).


I'm going to have a look at the various sockopt's which exist and see 
if we can't add at least support for the standard IPSec sockopt 
support which exists on a few OSes. The NetBSD/FreeBSD 'ipsec' man 
page hints at a sockopt, but doesnt appear to provide further 
documentation. Anyone know of examples or docs for the *BSD sockopt 

The man page references a draft informational RFC by a colleague of 
mine, Dan McDonald of Sun. I'm poking him to see if he still a copy 
of the most recent version of it. If anyone knows whether Free/Net 
BSD follow that draft to the letter, would be useful information.

That would solve most of the Quagga side problems anyway - IPSec AH 
is more secure than TCP-MD5 too... Users could then start poking 
their distribution providers with a bit more vigor to have TCP-MD5 
supported too via the IPSec APIs.

Paul Jakma	paul at clubi.ie	paul at jakma.org	Key ID: 64A2FF6A
People who make no mistakes do not usually make anything.

More information about the Quagga-dev mailing list