Hi,
linux does already support tcp-md5 checks for incomming connections, but
freebsd not.
I would like to implement this feature into freebsd.
Any hints/wishes/considerations that I should consider?
Kind regards,
ingo flaschberger
geschaeftsleitung
---
netstor
Hi,
linux does already support tcp-md5 checks for incomming connections, but
freebsd not.
I would like to implement this feature into freebsd.
Any hints/wishes/considerations that I should consider?
I have forgotten to mention, that there was already a patch for md5 check
on incomming:
htt
Ingo Flaschberger wrote:
Hi,
linux does already support tcp-md5 checks for incomming connections,
but freebsd not.
I would like to implement this feature into freebsd.
Any hints/wishes/considerations that I should consider?
Someone(tm) keeps threatening to do this every 9-12 months, but I'v
On Wed, 30 Jan 2008, Bruce M. Simpson wrote:
Hi,
Ingo Flaschberger wrote:
Hi,
linux does already support tcp-md5 checks for incomming connections, but
freebsd not.
I would like to implement this feature into freebsd.
Any hints/wishes/considerations that I should consider?
Someone(tm) kee
Hi Bjoern,
both of this (incoming validation + SPD integ) is on my TODO list on
position 10 (I am currently working on item 3) and there is more ipsec
work in the middle.
I also have tcp-md5 for IPv6 implementation on the same card.
I am willing to help or review patches in case someone wants
Dear Bjoern, Bruce,
Looking trough linux, netbsd and Bruce old patch
(which works with minimal modification at my freebsd 6.2)
I have 3 ideas how md5 could be integrated.
1) netbsd method:
http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/netinet/tcp_input.c?rev=1.277&content-type=text/x-cvsw
The bigger issue w/tcp-md5 is getting security policy 'right'.
bz has more IPSEC hacking experience than I, so I defer to his advice in
this area.
The way the socket option was originally specified was that once it was
set, all further activity on the socket had to be tcp-md5'd. For an
outgoi
On Jan 31, 2008 7:19 AM, Bruce M. Simpson <[EMAIL PROTECTED]> wrote:
> The bigger issue w/tcp-md5 is getting security policy 'right'.
> bz has more IPSEC hacking experience than I, so I defer to his advice in
> this area.
>
> The way the socket option was originally specified was that once it was
>
Ingo Flaschberger wrote:
Dear Bjoern, Bruce,
Looking trough linux, netbsd and Bruce old patch
(which works with minimal modification at my freebsd 6.2)
I have 3 ideas how md5 could be integrated.
1) netbsd method:
http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/netinet/tcp_input.c?rev=1.277&con
Dear Andre,
2) linux method:
Look for CONFIG_TCP_MD5SIG in linux-2.6.24/net/ipv4/tcp_ipv4.c
(sorry no weblink..)
They check and block md5-packets early in tcp_v4_do_rcv.
afinet.c -> tcp_v4_rcv -> tcp_v4_do_rcv
-> for Freebsd: place some logic early in tcp_input function
At Thu, 31 Jan 2008 13:15:12 +0100 (CET),
Ingo Flaschberger wrote:
>
> Dear Andre,
>
> >> 2) linux method:
> >> Look for CONFIG_TCP_MD5SIG in linux-2.6.24/net/ipv4/tcp_ipv4.c
> >> (sorry no weblink..)
> >> They check and block md5-packets early in tcp_v4_do_rcv.
> >> afinet.c -> t
11 matches
Mail list logo
