On (03/13/08 01:54), Kacheong Poon wrote: > > The option just doesn't make sense to me. The only one that could > > make some sense is PF_KEY, as a full Cisco-like command line interface > > would potentially allow the user to specify the key from within the > > application (as distasteful and insecure as that may be). > > > Suppose Quaqqa has a CLI which does what Cisco's does, why a socket > option not work in this case? Can't Quagga just take the command > line input and do a setsockopt()?
I'm actually agnostic about whether we should use ipsecconf or setsockopt here, but one desirable feature about the ipsecconf way is that we don't need to change the daemon code (quagga is probably already full of #defines for dealing with the linux/bsd differences for tcp-md5) and we could use the same config to run both gated and quagga (or any other bgp implementation) without any loss of md5 config. the setsockopt is attractive because it is easier to implement, of course. --Sowmini _______________________________________________ networking-discuss mailing list [email protected]
