From owner-freebsd-net@FreeBSD.ORG Tue Mar 27 13:11:15 2007 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 6C5F316A402 for ; Tue, 27 Mar 2007 13:11:15 +0000 (UTC) (envelope-from cristi@net.utcluj.ro) Received: from bavaria.utcluj.ro (bavaria.utcluj.ro [193.226.5.35]) by mx1.freebsd.org (Postfix) with ESMTP id 16F5213C469 for ; Tue, 27 Mar 2007 13:11:15 +0000 (UTC) (envelope-from cristi@net.utcluj.ro) Received: from localhost (localhost [127.0.0.1]) by bavaria.utcluj.ro (Postfix) with ESMTP id 9135E7E82F; Tue, 27 Mar 2007 16:11:13 +0300 (EEST) X-Virus-Scanned: by the daemon playing with your mail on bavaria.utcluj.ro Received: from bavaria.utcluj.ro ([127.0.0.1]) by localhost (bavaria.utcluj.ro [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Sicp+0Y8C0nl; Tue, 27 Mar 2007 16:11:03 +0300 (EEST) Received: from [10.132.4.235] (unknown [10.132.4.235]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by bavaria.utcluj.ro (Postfix) with ESMTP id 8DD8E7E829; Tue, 27 Mar 2007 16:11:03 +0300 (EEST) Message-ID: <460917E6.1060604@net.utcluj.ro> Date: Tue, 27 Mar 2007 16:11:02 +0300 From: Cristian KLEIN Organization: Data Communication Center - Technical University of Cluj-Napoca User-Agent: Icedove 1.5.0.7 (X11/20061013) MIME-Version: 1.0 To: "Bruce M. Simpson" References: <46081CB9.6030109@net.utcluj.ro> <460839E1.8080408@FreeBSD.org> In-Reply-To: <460839E1.8080408@FreeBSD.org> X-Enigmail-Version: 0.94.0.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: freebsd-net@freebsd.org Subject: Re: GRE with key X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 27 Mar 2007 13:11:15 -0000 Hi, Thank you for your quick reply. Bruce M. Simpson wrote: > Cristian KLEIN wrote: >> Hello everybody, >> >> I am new to FreeBSD kernel hacking, so please excuse my perhaps stupid >> questions. >> >> I would like to add key support to gre(4). I have already been able to >> use gre(4) with a hardcoded key. The single thing remaining to do is to >> transfer the key from ifconfig(8). The key is an uint32_t and I haven't >> found a way to transfer it without modifying ifconfig(8). >> > Excellent. Thanks for volunteering to do this! I just wanted to be able to use the OS I like. ;) >> My question is, which is the "BSD-style" to achieve the above? Solutions >> I came up with are as follows: >> 1) Use SIOCSDRVSPEC / SIOCGDRVSPEC >> 2) Add SIOCSGREKEY / SIOCGGREKEY >> 3) [Probably to ugly to be mentioned, but requires fairy few >> modifications.] Add a sysctl MIB which is read when calling "ifconfig >> ... create". >> > If I were doing this, I would add the code to ifconfig.c where the other > tunnel stuff lives, and go for option number 2. Feel free to modify > ifconfig to accomodate the the new options. I have added GREGKEY / GRESKEY in if_gre.h and included this file in ifconfig.c. >> Another thing I wanted to ask is, which function of ifconfig(8) should I >> modify to display the GRE key? >> > Look at how af_status_tunnel() works and consider adding it there. I have included key displaying in status() because it is af independent. Please review the patch, so I can PR it. The patch is against RELENG_6_2. Could someone check whether it works on HEAD? http://users.utcluj.ro/~cristiklein/patches/grekey.patch One note: gre(4) still ignores incomming keys (i.e. accepts any incomming key) and I think that is quite okey, because they are deprecated in RFC2784. However, should someone find it useful, I am willing to implement it, for the sake of correctness. I have tested the current implementation against both a Cisco router and a Linux box, so it should work for everybody. Thank you for your help!