On Fri, 2002-01-25 at 21:39, Sandy Harris wrote:
> Frank Solensky wrote:
> > I noticed that Linux stack doesn't currently support for RFC2385 (MD5
> > signatures for TCP packets).
> Can you use IPsec authentication?
> See www.freeswan.org for the Linux implementation.
This is a bit different -- the RFC describes an option that would be
added to the tcp options procesing while freeswan provides AH which is
between the IP and TCP headers.
> I don't know how useful these are, but some things to consider:
> The /dev/random driver includes MD5 and some code for generating TCP
> sequence numbers.
Yeah, I noticed that drivers/char/random.c has the necessary routines
(though I'd have to look for what causes USE_SHA to get defined since
this would lose the MD5Transform routine).