[quagga-dev 5498] Re: [quagga-users 9626] MD5 Support - 0.99.10
YOSHIFUJI Hideaki / 吉藤英明
yoshfuji at linux-ipv6.org
Sat Jun 14 04:40:10 BST 2008
In article <1213412682.13248.73.camel at canyon.wittsend.com> (at Fri, 13 Jun 2008 23:04:42 -0400), "Michael H. Warfield" <mhw at WittsEnd.com> says:
> Ok... This is going to sound weird but I MIGHT have an interesting
> little experiment to test. If I had a connected AF_INET6 socket with
> IPv4 compatibility addresses, what might be possible is to construct a
> sockaddr structure for AF_INET with the appropriate lower 32 bits of
> each v6 address as the v4 addresses and pass THAT to setsockopt for the
> TCP_MD5SIG function. That way it would know it had an AF_INET structure
> and create the appropriate pseudo header to create the initial md5sum
> over. I'm betting that would work but, IMNSHO, that's an even uglier
> butt ugly hack than having two sockets.
If you mean IPv4 mapped address (e.g. ::ffff:127.0.0.1), it should work.
And - the conversion in bgp_md5_set_passive() is demonstrating it
for systems without IPV6_V6ONLY, like ancient Linux kernel (such
as 2.2 or so). BUT, those kernels do not support TCP_MD5SIG on IPv6
socket anyway, so we could just ignore them.
Anyway, the way to go is to have 2 sockets (one for IPv6 and the other
is for IPv4).
More information about the Quagga-dev