[PATCH] Add MD5 signature checking for incoming packets

[Attilio Rao]

The patch at:
http://www.freebsd.org/~attilio/Sandvine/STABLE_8/tcp_signature/tcp_signature.diff

- Enable the md5 signature checking for incoming packets, when both
enabled in the kernel and desired by the socket
- Spit out an error when the option TCP_SIGNATURE is enabled and IPSEC
option is not (KPI usage problem, leading to just compiler error, in
the current code)

Some notes:
- As suggested by bz@, I named the functions tcp_fields_to_net() and
tcp_fields_to_host() just following the NetBSD's names
- I add the statistic anyway to the tcpstats in order to avoid ABI
breakage between kernel and modules/userland. Anyway it seems that
tcpstats is not a member of any structure, so probabilly having them
as last step could sitll make it conditional. I'm not entirely sure on
what is the desired effect here, so I just included anyway, but I'm
ready to change if someone makes a valid point

The patch has been already reviewed by emaste and bz and tested for
years on SVOS.
Please cc' me for answers as I'm not really subscribed to -net at .

Thanks,
Attilio


-- 
Peace can only be achieved by understanding - A. Einstein