On Fri, Jan 25, 2002 at 08:44:48PM -0500, Frank Solensky wrote:
> I noticed that Linux stack doesn't currently support for RFC2385 (MD5
> signatures for TCP packets). This could be useful for the zebra project
> for authenticating BGP connections with other implementations.
>
> I checked various list archives and didn't see any mention of work being
> underway on this -- what's the best way for me to proceed, download code
> and just start implementing?
TCP is not very well fitted to add a new 'go over all data in packet'
pass. It is heavily optimized for copy-csum-and-forget in one go.
You could add a new pass for MD5, but it would not be nice.
As TCP MD5 is rather obscure I think I would nearly recommend to not
touch the core TCP stack for it and instead implement it in a netfilter module.
-Andi
|