Received: (from majordomo@localhost) by oss.sgi.com (8.11.2/8.11.3) id g0Q3cBM28863 for netdev-outgoing; Fri, 25 Jan 2002 19:38:11 -0800 Received: from mail.storm.ca (storm.ca [209.87.239.69]) by oss.sgi.com (8.11.2/8.11.3) with SMTP id g0Q3c8P28854 for ; Fri, 25 Jan 2002 19:38:08 -0800 Received: from storm.ca (ppp-209-87-255-134.ottawa.storm.ca [209.87.255.134]) by mail.storm.ca (8.10.2+Sun/8.10.2) with ESMTP id g0Q2c0p27579 for ; Fri, 25 Jan 2002 21:38:00 -0500 (EST) Message-ID: <3C5216EF.DE4A4A81@storm.ca> Date: Fri, 25 Jan 2002 21:39:43 -0500 From: Sandy Harris X-Mailer: Mozilla 4.76 [en] (Win98; U) X-Accept-Language: en,fr MIME-Version: 1.0 To: netdev@oss.sgi.com Subject: Re: TCP MD5 signature option (RFC2385) References: <1012009515.1850.36.camel@localhost.localdomain> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-netdev@oss.sgi.com Precedence: bulk Frank Solensky wrote: > > I noticed that Linux stack doesn't currently support for RFC2385 (MD5 > signatures for TCP packets). This could be useful for the zebra project > for authenticating BGP connections with other implementations. Can you use IPsec authentication? See www.freeswan.org for the Linux implementation. > I checked various list archives and didn't see any mention of work being > underway on this -- what's the best way for me to proceed, download code > and just start implementing? I don't know how useful these are, but some things to consider: The /dev/random driver includes MD5 and some code for generating TCP sequence numbers. I'm inclined to doubt a device driver is the right place to put what you want to do, but you might want to look at that code.