RFC 2385 Kernel support for 1.2.3
-
can someone from the devel group verify if this kernel option is enabled on the shipping kernel: TCP_SIGNATURE
this is needed by BGP to be able to establish secure sessions via 'tcp md5sig' option RFC 2385
as per /usr/src/sys/conf/NOTES:
TCP_SIGNATURE adds support for RFC 2385 (TCP-MD5) digests. These are
carried in TCP option 19. This option is commonly used to protect
TCP sessions (e.g. BGP) where IPSEC is not available nor desirable.
This is enabled on a per-socket basis using the TCP_MD5SIG socket option.
This requires the use of 'device crypto', 'options IPSEC'
or 'device cryptodev'.
#options TCP_SIGNATURE #include support for RFC 2385
thanks much
-
no updates?? anyone from the Mods??
-
Don't bug people via private message for help, it's against our rules (otherwise we'd all be wading through 1000 PMs every day) and definitely not going to encourage answers (I /dev/nulled that and am answering now just because I stumbled across it browsing threads).
That isn't currently supported, you can't use md5sig currently (far more to it than a kernel option).
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.