Re: GRE with key

---

• From: Cristian KLEIN <cristi@xxxxxxxxxxxxx>
• Date: Tue, 27 Mar 2007 16:11:02 +0300

---

Hi,

Thank you for your quick reply.

Bruce M. Simpson wrote:

Cristian KLEIN wrote:

Hello everybody,

I am new to FreeBSD kernel hacking, so please excuse my perhaps stupid
questions.

I would like to add key support to gre(4). I have already been able to
use gre(4) with a hardcoded key. The single thing remaining to do is to
transfer the key from ifconfig(8). The key is an uint32_t and I haven't
found a way to transfer it without modifying ifconfig(8).

Excellent. Thanks for volunteering to do this!

I just wanted to be able to use the OS I like. ;)

My question is, which is the "BSD-style" to achieve the above? Solutions
I came up with are as follows:
1) Use SIOCSDRVSPEC / SIOCGDRVSPEC
2) Add SIOCSGREKEY / SIOCGGREKEY
3) [Probably to ugly to be mentioned, but requires fairy few
modifications.] Add a sysctl MIB which is read when calling "ifconfig
... create".

If I were doing this, I would add the code to ifconfig.c where the other
tunnel stuff lives, and go for option number 2. Feel free to modify
ifconfig to accomodate the the new options.

I have added GREGKEY / GRESKEY in if_gre.h and included this file in
ifconfig.c.

Another thing I wanted to ask is, which function of ifconfig(8) should I
modify to display the GRE key?

Look at how af_status_tunnel() works and consider adding it there.

I have included key displaying in status() because it is af independent.

Please review the patch, so I can PR it. The patch is against
RELENG_6_2. Could someone check whether it works on HEAD?
http://users.utcluj.ro/~cristiklein/patches/grekey.patch

One note: gre(4) still ignores incomming keys (i.e. accepts any
incomming key) and I think that is quite okey, because they are
deprecated in RFC2784. However, should someone find it useful, I am
willing to implement it, for the sake of correctness.

I have tested the current implementation against both a Cisco router and
a Linux box, so it should work for everybody.

Thank you for your help!
_______________________________________________
freebsd-net@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscribe@xxxxxxxxxxx"

---

• References:
  • GRE with key
    • From: Cristian KLEIN
  • Re: GRE with key
    • From: Bruce M. Simpson

• Prev by Date: Re: Vrrp/CARP/ucarp Problems
• Next by Date: Re: kern/109815: wrong interface identifier at pfil_hooks for vlans + if_bridge
• Previous by thread: Re: GRE with key
• Next by thread: Vrrp/CARP/ucarp Problems
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: [CFT][RFC] HT scheduler ... Actually, having produced the patch, I've changed my mind. ... While it was spiritually rewarding to separate "struct runqueue" into ... int modify, total_nr_cpus; ... Timer based balancing is a good statistic though. ... (Linux-Kernel) RE: [PATCH] scsi: megaraid_{mm,mbox} init fix for kdump ... At this time I am not trying to modify the function comment ... description style is in sync with the preexisting code. ... Subject: [PATCH] scsi: megaraid_init fix for kdump ... @param scb: SCB to be displayed ... (Linux-Kernel) Re: OOM-killer too aggressive? ... pre-patch for testing right now and had to modify the ... offsets a little. ... I reversed the previous patch before applying this one. ... "Kernel BUG" message. ... (Linux-Kernel) Re: procfs permissions on 2.6.x ... > usually when somebody tries to modify an inode, ... a patch similar to this ... > can modify inodes of the procfs. ... send the line "unsubscribe linux-kernel" in ... (Linux-Kernel)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• Mailing-Lists
• Newsgroups
• About
• Privacy
• Search
• Imprint

unix.derkeiler.com  > Mailing-Lists  > FreeBSD  > net  > 2007-03