Support for MD5 authentication in BGP
Martin Mares
mj at ucw.cz
Tue Oct 7 14:35:12 CEST 2008
Hi!
> AFAIK we have to set the (address, password) pairs even before new connection
> is estabilished, othewise signed SYN packets are dropped and the connection
> wouldn't estabilish.
OK. I did mistakenly believe that the kernel remembers only a single
password per socket, but apparently it keeps a list of (peer address,
password) pairs, so it should work even with the single listening socket
we have.
> Kernel headers in current Debian don't contain TCP_MD5SIG,
> so i need it to compile Bird on my computer.
OK.
> > Probably none ;)
>
> I tried to google it and it seems to me that FreeBSD uses the same
> setsockopt() optval name, but i don't know details yet.
It is probably not necessary at this moment as we do not have a BSD port
yet anyway.
Have a nice fortnight
--
Martin `MJ' Mares <mj at ucw.cz> http://mj.ucw.cz/
Faculty of Math and Physics, Charles University, Prague, Czech Rep., Earth
Air conditioned environment -- Do not open Windows.
More information about the Bird-users
mailing list