Date: Mon, 21 Jul 2014 08:56:16 +0200 (CEST) From: sthaug@nethelp.no To: andrnils@gmail.com Cc: max@mxcrypt.com, freebsd-current@freebsd.org, freebsd-questions@freebsd.org Subject: Re: Future of pf / firewall in FreeBSD ? - does it have one ? Message-ID: <20140721.085616.74744313.sthaug@nethelp.no> In-Reply-To: <CAPS9%2BSsSmxZnTF8AEmEmWtGOd_8A%2Bd_8cYUYhuC3OsLYFxGHGQ@mail.gmail.com> References: <CAPS9%2BStPJRVSFLjpxgVEewT9fwHHFxw=qODAYa=uOAzb-V=v2Q@mail.gmail.com> <20140721.074105.74747815.sthaug@nethelp.no> <CAPS9%2BSsSmxZnTF8AEmEmWtGOd_8A%2Bd_8cYUYhuC3OsLYFxGHGQ@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> > > Also, the openbsd stack has some essential features missing in freebsd, > > > like mpls and md5 auth for bgp sessions. > > > > I use MD5 auth for BGP sessions every day (and have been doing so for > > several releases). One could definitely wish for better integration - > > having to specify MD5 key both in /etc/ipsec.conf and in the Quagga > > bgpd config is not nice. But it works. > > > As far as I know you can only send out correctly authed stuff but not > validate incoming. Has that changed? Have a look at tcp_signature_verify(), called from tcp_input.c. Added in r221023, see http://svnweb.freebsd.org/base/head/sys/netinet/tcp_input.c?view=log Steinar Haug, Nethelp consulting, sthaug@nethelp.no ---------------------------------------------------------------------- Revision 221023 - (view) (download) (annotate) - [select for diffs] Modified Mon Apr 25 17:13:40 2011 UTC (3 years, 2 months ago) by attilio File length: 106717 byte(s) Diff to previous 220560 Add the possibility to verify MD5 hash of incoming TCP packets. As long as this is a costy function, even when compiled in (along with the option TCP_SIGNATURE), it can be disabled via the net.inet.tcp.signature_verify_input sysctl. Sponsored by: Sandvine Incorporated Reviewed by: emaste, bz MFC after: 2 weeks
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20140721.085616.74744313.sthaug>