Search String: Display: Description: Sort:

Results:

References: [ +subject:/^(?:^\s*(re|sv|fwd|fw)[\[\]\d]*[:>-]+\s*)*TCP\s+MD5\s+signature\s+option\s+\(RFC2385\)\s*$/: 14 ]

Total 14 documents matching your query.

1. TCP MD5 signature option (RFC2385) (score: 1)
Author: xxxx>
Date: 25 Jan 2002 20:44:48 -0500
I noticed that Linux stack doesn't currently support for RFC2385 (MD5 signatures for TCP packets). This could be useful for the zebra project for authenticating BGP connections with other implementat
/archives/netdev/2002-01/msg00110.html (7,543 bytes)

2. Re: TCP MD5 signature option (RFC2385) (score: 1)
Author: xxxx>
Date: Fri, 25 Jan 2002 21:39:43 -0500
Can you use IPsec authentication? See www.freeswan.org for the Linux implementation. I don't know how useful these are, but some things to consider: The /dev/random driver includes MD5 and some code
/archives/netdev/2002-01/msg00111.html (8,073 bytes)

3. Re: TCP MD5 signature option (RFC2385) (score: 1)
Author: xxxx>
Date: 25 Jan 2002 21:52:10 -0500
This is a bit different -- the RFC describes an option that would be added to the tcp options procesing while freeswan provides AH which is between the IP and TCP headers. Yeah, I noticed that driver
/archives/netdev/2002-01/msg00112.html (8,666 bytes)

4. Re: TCP MD5 signature option (RFC2385) (score: 1)
Author: xxxx>
Date: Sat, 26 Jan 2002 04:52:40 +0100
TCP is not very well fitted to add a new 'go over all data in packet' pass. It is heavily optimized for copy-csum-and-forget in one go. You could add a new pass for MD5, but it would not be nice. As
/archives/netdev/2002-01/msg00113.html (8,604 bytes)

5. Re: TCP MD5 signature option (RFC2385) (score: 1)
Author: xxxx>
Date: Sat, 26 Jan 2002 04:17:36 +0000
Odd, NetBSD and OpenBSD provide TCP_SIGNATURE as a kernel config option. I suspect that FreeBSD, BSDI, and BSD/OS do as well. I've already asked Frank offline if what he is trying to do actually requ
/archives/netdev/2002-01/msg00114.html (9,792 bytes)

6. Re: TCP MD5 signature option (RFC2385) (score: 1)
Author: xxxx>
Date: Sat, 26 Jan 2002 08:23:41 -0500 (EST)
Andi, This is a TCP option; so should fit well in the slow path. Of course it brings a whole new meaning to DoS;-> IIRC, not all packets within a flow will have this option turned on; cheers, jamal
/archives/netdev/2002-01/msg00115.html (8,806 bytes)

7. Re: TCP MD5 signature option (RFC2385) (score: 1)
Author: xxxx>
Date: 26 Jan 2002 15:25:02 -0500
True -- as you say, it is rather obscure. When it is used, it's generally expected that the connection will be slower. Once the BGP table feed has completed, though, a stable connection won't send m
/archives/netdev/2002-01/msg00116.html (10,044 bytes)

8. TCP MD5 signature option (RFC2385) (score: 1)
Author: Frank Solensky <solenskyf@xxxxxxx>
Date: 25 Jan 2002 20:44:48 -0500
I noticed that Linux stack doesn't currently support for RFC2385 (MD5 signatures for TCP packets). This could be useful for the zebra project for authenticating BGP connections with other implementat
/archives/netdev/2002-01/msg00244.html (7,543 bytes)

9. Re: TCP MD5 signature option (RFC2385) (score: 1)
Author: Sandy Harris <sandy@xxxxxxxx>
Date: Fri, 25 Jan 2002 21:39:43 -0500
Can you use IPsec authentication? See www.freeswan.org for the Linux implementation. I don't know how useful these are, but some things to consider: The /dev/random driver includes MD5 and some code
/archives/netdev/2002-01/msg00245.html (8,105 bytes)

10. Re: TCP MD5 signature option (RFC2385) (score: 1)
Author: Frank Solensky <solenskyf@xxxxxxx>
Date: 25 Jan 2002 21:52:10 -0500
This is a bit different -- the RFC describes an option that would be added to the tcp options procesing while freeswan provides AH which is between the IP and TCP headers. Yeah, I noticed that driver
/archives/netdev/2002-01/msg00246.html (8,748 bytes)

11. Re: TCP MD5 signature option (RFC2385) (score: 1)
Author: Andi Kleen <ak@xxxxxxx>
Date: Sat, 26 Jan 2002 04:52:40 +0100
TCP is not very well fitted to add a new 'go over all data in packet' pass. It is heavily optimized for copy-csum-and-forget in one go. You could add a new pass for MD5, but it would not be nice. As
/archives/netdev/2002-01/msg00247.html (8,668 bytes)

12. Re: TCP MD5 signature option (RFC2385) (score: 1)
Author: Chris Dukes <pakrat@xxxxxxxxxxxxxxxx>
Date: Sat, 26 Jan 2002 04:17:36 +0000
Odd, NetBSD and OpenBSD provide TCP_SIGNATURE as a kernel config option. I suspect that FreeBSD, BSDI, and BSD/OS do as well. I've already asked Frank offline if what he is trying to do actually requ
/archives/netdev/2002-01/msg00248.html (9,920 bytes)

13. Re: TCP MD5 signature option (RFC2385) (score: 1)
Author: jamal <hadi@xxxxxxxxxx>
Date: Sat, 26 Jan 2002 08:23:41 -0500 (EST)
Andi, This is a TCP option; so should fit well in the slow path. Of course it brings a whole new meaning to DoS;-> IIRC, not all packets within a flow will have this option turned on; cheers, jamal
/archives/netdev/2002-01/msg00249.html (8,835 bytes)

14. Re: TCP MD5 signature option (RFC2385) (score: 1)
Author: Frank Solensky <solenskyf@xxxxxxx>
Date: 26 Jan 2002 15:25:02 -0500
True -- as you say, it is rather obscure. When it is used, it's generally expected that the connection will be slower. Once the BGP table feed has completed, though, a stable connection won't send m
/archives/netdev/2002-01/msg00250.html (10,138 bytes)


This search system is powered by Namazu