Subject: RFC2385 (TCP MD5 signatures) working with patch!
To: None <firstname.lastname@example.org>
From: Jeff Rizzo <email@example.com>
Date: 06/25/2004 16:10:41
I'm happy to report that I managed to find the problems in the
TCP_SIGNATURE code that were causing my machine to crash, and
with the patches in kern/26062 applied to the NetBSD kernel, and
Bruce M. Simpson's patches to quagga 0.96.4 applied, I am able to
peer quagga's bgpd running on NetBSD-2.0F with a Cisco, using
The only directly-RFC2385 related problem is that the tcp_signature()
function is including the TCP options in the MD5 hash, which violates
the spec and makes interoperability impossible.
With the patch, it works with either FAST_IPSEC or KAME IPSEC code.
my test kernel config looks like this:
I would greatly appreciate it if someone with more knowledge than
me could look over the patch and let me know how it could be improved...
Jeff Rizzo http://www.redcrowgroup.com/