On Mon, Jul 21, 2014 at 8:56 AM, <sth...@nethelp.no> wrote: > > > > Also, the openbsd stack has some essential features missing in > freebsd, > > > > like mpls and md5 auth for bgp sessions. > > > > > > I use MD5 auth for BGP sessions every day (and have been doing so for > > > several releases). One could definitely wish for better integration - > > > having to specify MD5 key both in /etc/ipsec.conf and in the Quagga > > > bgpd config is not nice. But it works. > > > > > As far as I know you can only send out correctly authed stuff but not > > validate incoming. Has that changed? > > Have a look at tcp_signature_verify(), called from tcp_input.c. Added > in r221023, see > > http://svnweb.freebsd.org/base/head/sys/netinet/tcp_input.c?view=log > > Steinar Haug, Nethelp consulting, sth...@nethelp.no > > ---------------------------------------------------------------------- > > Revision 221023 - (view) (download) (annotate) - [select for diffs] > Modified Mon Apr 25 17:13:40 2011 UTC (3 years, 2 months ago) by attilio > File length: 106717 byte(s) > Diff to previous 220560 > Add the possibility to verify MD5 hash of incoming TCP packets. > As long as this is a costy function, even when compiled in (along with > the option TCP_SIGNATURE), it can be disabled via the > net.inet.tcp.signature_verify_input sysctl. > > Sponsored by: Sandvine Incorporated > Reviewed by: emaste, bz > MFC after: 2 weeks > > I stand corrected. Excellent news ( for me, that is) :)
Best regards Andeas _______________________________________________ freebsd-current@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"
