Re: RFC2385 (MD5 signature in TCP packets) support

David Schwartz (davids@webmaster.com)
Fri, 15 Mar 2002 15:53:51 -0800


>I'm not saying the RFC is a good idea (tho its a needed patch to use Linux
>for backbone routing sanely with most vendors BGP kit). Your argument about
>the RST frame is however pure horseshit
>
>Alan

I don't think it's a good idea either, and I'm sorry this turned into an
argument over the merits of RFC2385. I don't like it, and that's one of the
reasons I didn't suggest a thorough implementation. I just want enough to
solve the particular problem that I have, which is that Zebra on Linux can't
interoperate with Cisco BGP implementations using MD5 authentication.

There is some merit to the argument that one shouldn't crap up a network
stack just because someone else did. The question is, is interoperability
worth this small piece of crap. I personally think it is, but I'm prejudiced
since I happen to need it.

I'm trying to decide if I need it badly enough to make it worth the effort
it would take to implement it. One factor that would go into that decision is
whether the patch would have a chance at being accepted into the kernel or
whether at least kernel hooks to allow it to be implemented as a module might
be accepted.

DS

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/