rfc2385 (tcp md5 checksums) in -current broken?
demizu at dd.iij4u.or.jp
Tue Sep 20 09:26:48 PDT 2005
> I'm testing rfc2385 support with some of our equipment with current
> as of a few days ago, and the support seems, well, rather broken.
I think there is a bug in syncache_respond().
In tcp_syncache.c rev 1.77, tcp_signature_compute() is called before
filling the TCP SACK Permitted option and the TCP EOL option. I guess
it should be called after filling both the SACK Permitted and EOL option.
If this is the cause of the problem, I think it was broken when SACK
was imported. However, when we suggested the change of rev 1.73, I
should notice the bug. I am sorry I did not know how to test the
signature option well.
I will try to make a patch tomorrow.
More information about the freebsd-net