netdev
[Top] [All Lists]

Re: TCP MD5 signature option (RFC2385)

To: Frank Solensky <solenskyf@xxxxxxx>
Subject: Re: TCP MD5 signature option (RFC2385)
From: Andi Kleen <ak@xxxxxxx>
Date: Sat, 26 Jan 2002 04:52:40 +0100
Cc: netdev@xxxxxxxxxxx
In-reply-to: <1012009515.1850.36.camel@xxxxxxxxxxxxxxxxxxxxx>
References: <1012009515.1850.36.camel@xxxxxxxxxxxxxxxxxxxxx>
Sender: owner-netdev@xxxxxxxxxxx
User-agent: Mutt/1.3.22.1i
On Fri, Jan 25, 2002 at 08:44:48PM -0500, Frank Solensky wrote:
> I noticed that Linux stack doesn't currently support for RFC2385 (MD5
> signatures for TCP packets).  This could be useful for the zebra project
> for authenticating BGP connections with other implementations.
> 
> I checked various list archives and didn't see any mention of work being
> underway on this -- what's the best way for me to proceed, download code
> and just start implementing?

TCP is not very well fitted to add a new 'go over all data in packet' 
pass. It is heavily optimized for copy-csum-and-forget in one go. 
You could add a new pass for MD5, but it would not be nice.
As TCP MD5 is rather obscure I think I would nearly recommend to not
touch the core TCP stack for it and instead implement it in a netfilter module.

-Andi

<Prev in Thread] Current Thread [Next in Thread>