RFC 2385 Kernel support for 1.2.3

  • can someone from the devel group verify if this kernel option is enabled on the shipping kernel: TCP_SIGNATURE

    this is needed by BGP to be able to establish secure sessions via 'tcp md5sig' option RFC 2385

    as per /usr/src/sys/conf/NOTES:

    TCP_SIGNATURE adds support for RFC 2385 (TCP-MD5) digests. These are

    carried in TCP option 19. This option is commonly used to protect

    TCP sessions (e.g. BGP) where IPSEC is not available nor desirable.

    This is enabled on a per-socket basis using the TCP_MD5SIG socket option.

    This requires the use of 'device crypto', 'options IPSEC'

    or 'device cryptodev'.

    #options        TCP_SIGNATURE          #include support for RFC 2385

    thanks much

  • no updates?? anyone from the Mods??

  • Don't bug people via private message for help, it's against our rules (otherwise we'd all be wading through 1000 PMs every day) and definitely not going to encourage answers (I /dev/nulled that and am answering now just because I stumbled across it browsing threads).

    That isn't currently supported, you can't use md5sig currently (far more to it than a kernel option).

Log in to reply