> On Thu, 27 May 2004 17:22:47 -0400 Frank Solensky <frank@solensky.org> > wrote: > > > Is there any work underway or plans to support the TCP MD5 > > signature option in a near-term kernel release? > > This is implemented at userlevel in the router daemon. See the Zebra > sources for one example. > > There is no need for explicit kernel level support of this feature. Actually not quite. The existing Zebra patches for MD5 do depend on kernel support for MD5. (see http://hasso.linux.ee/quagga/bgp-md5.en.php ) The alternative solution (by me) is via iptables/IPQ interface but it is fugly - passwords are configured separately from all other BGP configuration. If you have an option of patching and recompiling, it is somewhat cleaner than my solution - Unfortunately it seems that the patch has no chance of getting into mainstream kernel because of being deemed overly intrusive by davem ;) -alex - : send the line "unsubscribe linux-net" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
