On Jan 31, 2008 7:19 AM, Bruce M. Simpson <[EMAIL PROTECTED]> wrote:
> The bigger issue w/tcp-md5 is getting security policy 'right'.
> bz has more IPSEC hacking experience than I, so I defer to his advice in
> this area.
>
> The way the socket option was originally specified was that once it was
>
The bigger issue w/tcp-md5 is getting security policy 'right'.
bz has more IPSEC hacking experience than I, so I defer to his advice in
this area.
The way the socket option was originally specified was that once it was
set, all further activity on the socket had to be tcp-md5'd. For an
outgoi
Dear Bjoern, Bruce,
Looking trough linux, netbsd and Bruce old patch
(which works with minimal modification at my freebsd 6.2)
I have 3 ideas how md5 could be integrated.
1) netbsd method:
http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/netinet/tcp_input.c?rev=1.277&content-type=text/x-cvsw
On Wed, Jan 30, 2008 at 11:56:10AM -0200, Alexandre Biancalana wrote:
>On 1/30/08, Andrei Kolu <[EMAIL PROTECTED]> wrote:
>>>Alexandre Biancalana wrote:
This server is an Dell Power Edge 1950, QuadCore 2.83, 2Gb Ram, one
bce gigabit interface connected to a gigabit port of a Cisco 4500 in
>
Alexandre Biancalana wrote:
On 1/30/08, Tom Judge <[EMAIL PROTECTED]> wrote:
Do you have any error messages on the console in dmesg? ('cannot pad
short frame', 'unable to prepend vlan header' for example).
no :(
Sorry I'm fresh out of ideas now... Unless you could be should of ram
wha
Hi Bjoern,
both of this (incoming validation + SPD integ) is on my TODO list on
position 10 (I am currently working on item 3) and there is more ipsec
work in the middle.
I also have tcp-md5 for IPv6 implementation on the same card.
I am willing to help or review patches in case someone wants
On 1/30/08, Tom Judge <[EMAIL PROTECTED]> wrote:
> >> Do you have any error messages on the console in dmesg? ('cannot pad
> >> short frame', 'unable to prepend vlan header' for example).
> >
> > no :(
>
> Sorry I'm fresh out of ideas now... Unless you could be should of ram
> what does ne
On 1/30/08, Andrei Kolu <[EMAIL PROTECTED]> wrote:
> > Alexandre Biancalana wrote:
> > > This server is an Dell Power Edge 1950, QuadCore 2.83, 2Gb Ram, one
> > > bce gigabit interface connected to a gigabit port of a Cisco 4500 in
> > > trunk mode.
>
> Why you are using trunk mode? IIRC then "tr
Alexandre Biancalana wrote:
On 1/29/08, Tom Judge <[EMAIL PROTECTED]> wrote:
Alexandre Biancalana wrote:
Hi Tom ! Thanks for your help!
I had to step back the chance an put the "old" gateway back, the
performance was unacceptable :-(
Looking closer I see that still have the problem using the
Tom Judge wrote:
> Andrei Kolu wrote:
>>> Alexandre Biancalana wrote:
This server is an Dell Power Edge 1950, QuadCore 2.83, 2Gb Ram, one
bce gigabit interface connected to a gigabit port of a Cisco 4500 in
trunk mode.
>>
>> Why you are using trunk mode? IIRC then "trunk" is used o
Andrei Kolu wrote:
Alexandre Biancalana wrote:
This server is an Dell Power Edge 1950, QuadCore 2.83, 2Gb Ram, one
bce gigabit interface connected to a gigabit port of a Cisco 4500 in
trunk mode.
Why you are using trunk mode? IIRC then "trunk" is used only between Cisco
switches and routers
> Alexandre Biancalana wrote:
> > This server is an Dell Power Edge 1950, QuadCore 2.83, 2Gb Ram, one
> > bce gigabit interface connected to a gigabit port of a Cisco 4500 in
> > trunk mode.
Why you are using trunk mode? IIRC then "trunk" is used only between Cisco
switches and routers and your
On Wed, 30 Jan 2008, Bruce M. Simpson wrote:
Hi,
Ingo Flaschberger wrote:
Hi,
linux does already support tcp-md5 checks for incomming connections, but
freebsd not.
I would like to implement this feature into freebsd.
Any hints/wishes/considerations that I should consider?
Someone(tm) kee
13 matches
Mail list logo
