Date: Tue, 27 Mar 2007 16:11:02 +0300 From: Cristian KLEIN <cristi@net.utcluj.ro> To: "Bruce M. Simpson" <bms@FreeBSD.org> Cc: freebsd-net@freebsd.org Subject: Re: GRE with key Message-ID: <460917E6.1060604@net.utcluj.ro> In-Reply-To: <460839E1.8080408@FreeBSD.org> References: <46081CB9.6030109@net.utcluj.ro> <460839E1.8080408@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi, Thank you for your quick reply. Bruce M. Simpson wrote: > Cristian KLEIN wrote: >> Hello everybody, >> >> I am new to FreeBSD kernel hacking, so please excuse my perhaps stupid >> questions. >> >> I would like to add key support to gre(4). I have already been able to >> use gre(4) with a hardcoded key. The single thing remaining to do is to >> transfer the key from ifconfig(8). The key is an uint32_t and I haven't >> found a way to transfer it without modifying ifconfig(8). >> > Excellent. Thanks for volunteering to do this! I just wanted to be able to use the OS I like. ;) >> My question is, which is the "BSD-style" to achieve the above? Solutions >> I came up with are as follows: >> 1) Use SIOCSDRVSPEC / SIOCGDRVSPEC >> 2) Add SIOCSGREKEY / SIOCGGREKEY >> 3) [Probably to ugly to be mentioned, but requires fairy few >> modifications.] Add a sysctl MIB which is read when calling "ifconfig >> ... create". >> > If I were doing this, I would add the code to ifconfig.c where the other > tunnel stuff lives, and go for option number 2. Feel free to modify > ifconfig to accomodate the the new options. I have added GREGKEY / GRESKEY in if_gre.h and included this file in ifconfig.c. >> Another thing I wanted to ask is, which function of ifconfig(8) should I >> modify to display the GRE key? >> > Look at how af_status_tunnel() works and consider adding it there. I have included key displaying in status() because it is af independent. Please review the patch, so I can PR it. The patch is against RELENG_6_2. Could someone check whether it works on HEAD? http://users.utcluj.ro/~cristiklein/patches/grekey.patch One note: gre(4) still ignores incomming keys (i.e. accepts any incomming key) and I think that is quite okey, because they are deprecated in RFC2784. However, should someone find it useful, I am willing to implement it, for the sake of correctness. I have tested the current implementation against both a Cisco router and a Linux box, so it should work for everybody. Thank you for your help!
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?460917E6.1060604>