[quagga-dev 5494] Re: [quagga-users 9626] MD5 Support - 0.99.10

paul at clubi.ie paul at clubi.ie
Sat Jun 14 00:52:59 BST 2008

On Fri, 13 Jun 2008, James Carlson wrote:

> One possibility would be to associate a list of passphrases and 
> peer addresses with the socket.

Hmm, store them with the socket, store them in the SADB. ;)

> for a configured policy and SA when it gets an inbound SYN.  That 
> way, you can configure per-peer rules, and not really have to worry 
> about socket-level configuration.

The one downside is that this makes it difficult to provide a UI for 
it within bgpd.

Perhaps the IP_SEC_OPT policy sockopt could be extended to support 
tcp_md5sig.. (we have to have a path in bgpd for adding policy to the 
sockets anyway).

Paul Jakma	paul at clubi.ie	paul at jakma.org	Key ID: 64A2FF6A
Life does not begin at the moment of conception or the moment of birth.
It begins when the kids leave home and the dog dies.

More information about the Quagga-dev mailing list