[quagga-dev 5494] Re: [quagga-users 9626] MD5 Support - 0.99.10

paul at clubi.ie paul at clubi.ie
Sat Jun 14 00:52:59 BST 2008


On Fri, 13 Jun 2008, James Carlson wrote:

> One possibility would be to associate a list of passphrases and 
> peer addresses with the socket.

Hmm, store them with the socket, store them in the SADB. ;)

> for a configured policy and SA when it gets an inbound SYN.  That 
> way, you can configure per-peer rules, and not really have to worry 
> about socket-level configuration.

The one downside is that this makes it difficult to provide a UI for 
it within bgpd.

Perhaps the IP_SEC_OPT policy sockopt could be extended to support 
tcp_md5sig.. (we have to have a path in bgpd for adding policy to the 
sockets anyway).

regards,
-- 
Paul Jakma	paul at clubi.ie	paul at jakma.org	Key ID: 64A2FF6A
 	http://www.quagga.net/commercial.php#jakma
Fortune:
Life does not begin at the moment of conception or the moment of birth.
It begins when the kids leave home and the dog dies.



More information about the Quagga-dev mailing list