Re: RFC2385 (MD5 signature in TCP packets) support

David Schwartz (davids@webmaster.com)
Fri, 15 Mar 2002 16:06:27 -0800

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: James Cleverdon: "Re: IBM x360 2.2.x boot failure, 2.4.9 works fine"
Previous message: Jim Hollenback: "(no subject)"
In reply to: David S. Miller: "Re: RFC2385 (MD5 signature in TCP packets) support"
Next in thread: David Schwartz: "Re: RFC2385 (MD5 signature in TCP packets) support"

On Fri, 15 Mar 2002 15:57:48 -0800 (PST), David S. Miller wrote:
>From: Alan Cox <alan@lxorguk.ukuu.org.uk>
>Date: Sat, 16 Mar 2002 00:12:48 +0000 (GMT)
>
>I've actually got a more constructive suggestion for the zebra folks.
>Route the BGP crap through a netlink tap device, mangle and unmangle the
>tcp frames in luserspace. Saves doing TCP in userspace, saves screwing up
>Dave's nice networking stack.
>
>You'll still need to kill SACK support to make it fit
>
>Another solution could involve a netfilter module to mangle
>the packets.

The problem is that this is intended to be used on machines that are routing
very high volumes of packets on multiple FEs. So the implementation would
have to be minimal cost for packets it didn't need to intercept. So I'd need
to hook into a kernel module or userspace through a filter.

Does ipchains/iptables support to filter selected packets through userspace
work? If it does, this might be an acceptable solution.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: James Cleverdon: "Re: IBM x360 2.2.x boot failure, 2.4.9 works fine"
Previous message: Jim Hollenback: "(no subject)"
In reply to: David S. Miller: "Re: RFC2385 (MD5 signature in TCP packets) support"
Next in thread: David Schwartz: "Re: RFC2385 (MD5 signature in TCP packets) support"