rfc2385 (tcp md5 checksums) in -current broken?
Noritoshi Demizu
demizu at dd.iij4u.or.jp
Wed Sep 21 00:11:32 PDT 2005
> > I'm testing rfc2385 support with some of our equipment with current
> > as of a few days ago, and the support seems, well, rather broken.
tcpdump seems to be broken. I think the patch at the tail of this
e-mail needs to be applied to src/contrib/tcpdump/print-tcp.c.
Could you try this patch?
I think this patch can also be applied to tcpdump 3.9.3.
> I think there is a bug in syncache_respond().
I'm trying to fix this problem. But,,, I found you don't use SACK in
your trace :-). Anyway, I will try to fix the bug in syncache_respond().
Regards,
Noritoshi Demizu
--- print-tcp.c-ORG Thu Apr 21 15:36:05 2005
+++ print-tcp.c Wed Sep 21 16:07:40 2005
@@ -799,7 +799,7 @@
MD5_Update(&ctx, tcpmd5secret, strlen(tcpmd5secret));
MD5_Final(sig, &ctx);
- if (memcmp(rcvsig, sig, 16))
+ if (memcmp(rcvsig, sig, 16) == 0)
return (SIGNATURE_VALID);
else
return (SIGNATURE_INVALID);
More information about the freebsd-net
mailing list