cvs commit: src/sys/netinet tcp_syncache.c

Bruce M Simpson bms at
Fri Apr 22 04:12:44 PDT 2005

On Thu, Apr 21, 2005 at 08:09:09PM +0000, Paul Saab wrote:
>   Log:
>   Fix for 2 bugs related to TCP Signatures :

Thanks for committing this, however I would have appreciated a ping before
putting it in. The risk is that it may break existing applications; whilst
it follows the letter of the RFC, and that is good, we need to refactor the
granularity of how TCP-MD5 security associations work in order to not break
sessions with peers which don't speak TCP-MD5.

Currently the implementation only allows for a single key per distinct
peer IP address. For running LDP as well as BGP in an MPLS setup, this
isn't going to work.

I have had initial (buggy) patches for this which push the logic into the
SPD rather than the SADB, which is probably the best way forward.

At the moment I don't have free cycles to deal with this. If anyone is
interested in taking this task on in the meantime then please do contact me.


More information about the cvs-all mailing list