From nobody Wed Jan 12 17:35:50 2022 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 7BFB21946C5E; Wed, 12 Jan 2022 17:35:50 +0000 (UTC) (envelope-from rew@freebsd.org) Received: from smtp.freebsd.org (smtp.freebsd.org [IPv6:2610:1c1:1:606c::24b:4]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "smtp.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4JYvqB2bYTz3H2j; Wed, 12 Jan 2022 17:35:50 +0000 (UTC) (envelope-from rew@freebsd.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1642008950; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=gu69f7Qq92LoRNFpiOIVk/XW6Lz2r8F0xr+J3gVW69E=; b=PdMFX+mrpfAeoNWd61pQvpHVMdREA0HV/x9Dk5MN/hayLQIwVSL03032mffEBdSPIF5SOA J6QCoDpbgAbbFZ4EG3LJxvjKh49QHPWnmVKAtA8P1kzSA5VJfVtN4XtZaRCG3l6IXxbMJb izTQIXzVcPMnArpmPTg4a8aHZXgq/CTDB0UyWtB5wk/6PbOGiDW4VLU/XpchQMRQFI5M+R vuniX943L6TaajV5sUSlXvuZjhAso44iK7UV33Q4FK3W08B2Fq2Nv2xz24UZrLHRAkmiV+ cmeVC2FgouUIo1ZY/2m9G80tUo9ZIENkSDxEadNSHFOHaoGRmSKE5eYox7W4Vg== Received: from mail-ed1-f41.google.com (mail-ed1-f41.google.com [209.85.208.41]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "GTS CA 1D4" (verified OK)) (Authenticated sender: rew) by smtp.freebsd.org (Postfix) with ESMTPSA id 2377922A8B; Wed, 12 Jan 2022 17:35:50 +0000 (UTC) (envelope-from rew@freebsd.org) Received: by mail-ed1-f41.google.com with SMTP id q25so12965153edb.2; Wed, 12 Jan 2022 09:35:50 -0800 (PST) X-Gm-Message-State: AOAM530XwgOO7ZukpQ82uhGoYRYK4rC6ocbfkdfSTHNdENZlLW6VbvZS 4Ql6qEk70yCFjrJs1Ecxm9NOMDTKLoaY2JvhMHM= X-Google-Smtp-Source: ABdhPJxVkLZ8kY/FvwlVhT3YOT9Zki2hvVnOERmWKzFl9kgXW4iJORtD0l8Jd3BqyQFj+upnkBNs6HSmfj92Ot1iT/8= X-Received: by 2002:aa7:d88c:: with SMTP id u12mr619124edq.229.1642008949035; Wed, 12 Jan 2022 09:35:49 -0800 (PST) List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-all@freebsd.org X-BeenThere: dev-commits-src-all@freebsd.org MIME-Version: 1.0 References: <202201090145.2091j96M028719@gitrepo.freebsd.org> <1C53233E-B706-4AE8-9928-5AEC09DBD25A@karels.net> In-Reply-To: <1C53233E-B706-4AE8-9928-5AEC09DBD25A@karels.net> From: Rob Wing Date: Wed, 12 Jan 2022 08:35:50 -0900 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: git: eb18708ec8c7 - main - syncache: accept packet with no SA when TCP_MD5SIG is set To: Mike Karels Cc: src-committers@freebsd.org, dev-commits-src-all@freebsd.org, dev-commits-src-main@freebsd.org Content-Type: multipart/alternative; boundary="0000000000002017c505d566002e" ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1642008950; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=gu69f7Qq92LoRNFpiOIVk/XW6Lz2r8F0xr+J3gVW69E=; b=c+rgvMM8Yp4EOkKb12d0r5Vt0PjyYVFrShahyeNVElNalyqbqEfmbe5aeEVA37I4nQYuN+ 3AGcMk/YuyGXHBG6oZRxkbqrl4Q3wN1TjqhnSTM5jyp5Qskb6qC5G6WsJq0r4FPLcF7mTG 1PQWNLpmAhVW9lObraiBX188qiPSJ/OasiES3G7pq12zK/SeXfzY19p5g+9pUgnmsQf0RZ Kou84cyElOEDH6n1luhYYoKsxNG7wSqvDXSldtof5cBVdXI0Q+9fij54aEaW/UJub4tCCJ Q3UqDHmvrv5ogA+9TsU1tz4Zj2Oxdx/1WGyd1lMtXhOAzZWX84vEUY0qZfObNw== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1642008950; a=rsa-sha256; cv=none; b=m/sSXWCuxok/R+EIc1u9sOQfxtgmgzq2fXWZUr/5xfHd4A3w68Oi/WXOtnMvZwsQihcAwn WiQ/R1kQK475PglUJmxFcEYhQXMrjhODPCofeiSXex3AzQvvsMBawCd+LlUmiFTU1KGpgC BbgRvf7lPvTPzhVJt87VRnedjNDDk0zRII0jvhFDFnLP1NDRBBJNZrX30XqhRHFLD8L1Mj 9yCAqBvllEZhPFpPXQcmJR6jmzhiBRiMbC/VOyyxJT1AkQc2qbhhmUvKx9UrrGYSSQLLOZ BGcBS+MlgByvx+A2BDLU7JkXsfXfvIgAwvi4DQqhI153tpGGcMbmbfxVssLDYQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N --0000000000002017c505d566002e Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Wed, Jan 12, 2022 at 6:58 AM Mike Karels wrote: > Sorry for the delayed response; I=E2=80=99ve been out. > No worries. This change seems wrong to me. The TCP_MD5SIG option clearly required MD5 > signatures on all connections in the past, for many years, You're right, since 2017. Before that, TCP_MD5SIG did not require MD5 signature when establishing a connection either. > That meant that connections were limited to peers in the Security > Association Database. A program like a routing daemon could then be sure that it was talking to a > known peer using > signed packets This is still the case, if you've configured a peer to use MD5, it will use MD5. > Redefining the option at this late date seems unsafe and unwise. The option hasn't been redefined. > If there is a use case for a socket that requires MD5SIG for known > peers and not for others, it seems to me that it would be better to add a > new option with those semantics. > The use case is a bgp daemon socket that wants to handle/establish connections with MD5 and non-MD5 peers. For peers configured with MD5, the established connection will be protected by MD5 signatures (i.e., the TCP_MD5SIG option will be set). If a peer is not configured for MD5, then the established connection will not be protected with MD5 signatures (i.e., TCP_MD5SIG will not be set). For what it's worth, this behavior is consistent with OpenBSD. -Rob > > Mike > > On 8 Jan 2022, at 19:45, Robert Wing wrote: > > > The branch main has been updated by rew: > > > > URL: > https://cgit.FreeBSD.org/src/commit/?id=3Deb18708ec8c7e1de6a05aba41971659= 549991b10 > > > > commit eb18708ec8c7e1de6a05aba41971659549991b10 > > Author: Robert Wing > > AuthorDate: 2022-01-09 01:07:50 +0000 > > Commit: Robert Wing > > CommitDate: 2022-01-09 01:32:14 +0000 > > > > syncache: accept packet with no SA when TCP_MD5SIG is set > > > > When TCP_MD5SIG is set on a socket, all packets are dropped that > don't > > contain an MD5 signature. Relax this behavior to accept a non-signe= d > > packet when a security association doesn't exist with the peer. > > > > This is useful when a listen socket set with TCP_MD5SIG wants to > handle > > connections protected with and without MD5 signatures. > > > > Reviewed by: bz (previous version) > > Sponsored by: nepustil.net > > Sponsored by: Klara Inc. > > Differential Revision: https://reviews.freebsd.org/D33227 > > --- > > share/man/man4/tcp.4 | 6 +++++- > > sys/netinet/tcp_syncache.c | 30 ++++++++++++++++++------------ > > sys/netipsec/xform_tcp.c | 5 +++++ > > 3 files changed, 28 insertions(+), 13 deletions(-) > > > > diff --git a/share/man/man4/tcp.4 b/share/man/man4/tcp.4 > > index 17138fa224ba..d103293132ba 100644 > > --- a/share/man/man4/tcp.4 > > +++ b/share/man/man4/tcp.4 > > @@ -34,7 +34,7 @@ > > .\" From: @(#)tcp.4 8.1 (Berkeley) 6/5/93 > > .\" $FreeBSD$ > > .\" > > -.Dd June 27, 2021 > > +.Dd January 8, 2022 > > .Dt TCP 4 > > .Os > > .Sh NAME > > @@ -339,6 +339,10 @@ This entry can only be specified on a per-host > basis at this time. > > .Pp > > If an SADB entry cannot be found for the destination, > > the system does not send any outgoing segments and drops any inbound > segments. > > +However, during connection negotiation, a non-signed segment will be > accepted if > > +an SADB entry does not exist between hosts. > > +When a non-signed segment is accepted, the established connection is n= ot > > +protected with MD5 digests. > > .It Dv TCP_STATS > > Manage collection of connection level statistics using the > > .Xr stats 3 > > diff --git a/sys/netinet/tcp_syncache.c b/sys/netinet/tcp_syncache.c > > index 7dd8443cad65..32ca3bc2209b 100644 > > --- a/sys/netinet/tcp_syncache.c > > +++ b/sys/netinet/tcp_syncache.c > > @@ -1514,19 +1514,25 @@ syncache_add(struct in_conninfo *inc, struct > tcpopt *to, struct tcphdr *th, > > > > #if defined(IPSEC_SUPPORT) || defined(TCP_SIGNATURE) > > /* > > - * If listening socket requested TCP digests, check that received > > - * SYN has signature and it is correct. If signature doesn't matc= h > > - * or TCP_SIGNATURE support isn't enabled, drop the packet. > > + * When the socket is TCP-MD5 enabled check that, > > + * - a signed packet is valid > > + * - a non-signed packet does not have a security association > > + * > > + * If a signed packet fails validation or a non-signed packet ha= s > a > > + * security association, the packet will be dropped. > > */ > > if (ltflags & TF_SIGNATURE) { > > - if ((to->to_flags & TOF_SIGNATURE) =3D=3D 0) { > > - TCPSTAT_INC(tcps_sig_err_nosigopt); > > - goto done; > > + if (to->to_flags & TOF_SIGNATURE) { > > + if (!TCPMD5_ENABLED() || > > + TCPMD5_INPUT(m, th, to->to_signature) !=3D 0) > > + goto done; > > + } else { > > + if (TCPMD5_ENABLED() && > > + TCPMD5_INPUT(m, NULL, NULL) !=3D ENOENT) > > + goto done; > > } > > - if (!TCPMD5_ENABLED() || > > - TCPMD5_INPUT(m, th, to->to_signature) !=3D 0) > > - goto done; > > - } > > + } else if (to->to_flags & TOF_SIGNATURE) > > + goto done; > > #endif /* TCP_SIGNATURE */ > > /* > > * See if we already have an entry for this connection. > > @@ -1724,11 +1730,11 @@ skip_alloc: > > } > > #if defined(IPSEC_SUPPORT) || defined(TCP_SIGNATURE) > > /* > > - * If listening socket requested TCP digests, flag this in the > > + * If incoming packet has an MD5 signature, flag this in the > > * syncache so that syncache_respond() will do the right thing > > * with the SYN+ACK. > > */ > > - if (ltflags & TF_SIGNATURE) > > + if (to->to_flags & TOF_SIGNATURE) > > sc->sc_flags |=3D SCF_SIGNATURE; > > #endif /* TCP_SIGNATURE */ > > if (to->to_flags & TOF_SACKPERM) > > diff --git a/sys/netipsec/xform_tcp.c b/sys/netipsec/xform_tcp.c > > index b53544cd00fb..ce2552f0a205 100644 > > --- a/sys/netipsec/xform_tcp.c > > +++ b/sys/netipsec/xform_tcp.c > > @@ -269,6 +269,11 @@ tcp_ipsec_input(struct mbuf *m, struct tcphdr *th, > u_char *buf) > > KMOD_TCPSTAT_INC(tcps_sig_err_buildsig); > > return (ENOENT); > > } > > + if (buf =3D=3D NULL) { > > + key_freesav(&sav); > > + KMOD_TCPSTAT_INC(tcps_sig_err_nosigopt); > > + return (EACCES); > > + } > > /* > > * tcp_input() operates with TCP header fields in host > > * byte order. We expect them in network byte order. > --0000000000002017c505d566002e Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable


=
On Wed, Jan 12, 2022 at 6:58 AM Mike = Karels <mike@karels= .net> wrote:
Sorry for the delayed response; I=E2=80=99ve been out.
=

No worries.

This change seems wrong to me.=C2=A0 The TCP_MD5SIG option clearly required= MD5
signatures on all connections in the past, for many years,

You're right, since 2017. Before that, TCP_MD5SIG did = not require MD5 signature when establishing a connection either.
<= div>=C2=A0
That meant that connections were limited to peers in the Security Associati= on Database.
= A program like a routing daemon could then be sure that it was talking to a= known peer using
signed packets

This is still the case, if = you've configured a peer to use MD5, it will use MD5.
=C2= =A0
Redefining the o= ption at this late date seems unsafe and unwise.

The option hasn't been redefined.
=C2=A0
If there is a use case for a s= ocket that requires MD5SIG for known
peers and not for others, it seems to me that it would be better to add a new option with those semantics.

The us= e case is a bgp daemon socket that wants to handle/establish connections wi= th MD5 and non-MD5 peers.

For peers configured= with MD5, the established connection will be protected by MD5 signatures (= i.e., the TCP_MD5SIG option will be set). If a peer is not configured for M= D5, then the established connection will not be protected with MD5 signatur= es (i.e., TCP_MD5SIG will not be set).

For wha= t it's worth, this behavior is consistent with OpenBSD.
<= br>
-Rob
=C2=A0

=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 Mike

On 8 Jan 2022, at 19:45, Robert Wing wrote:

> The branch main has been updated by rew:
>
> URL: https://= cgit.FreeBSD.org/src/commit/?id=3Deb18708ec8c7e1de6a05aba41971659549991b10<= /a>
>
> commit eb18708ec8c7e1de6a05aba41971659549991b10
> Author:=C2=A0 =C2=A0 =C2=A0Robert Wing <rew@FreeBSD.org>
> AuthorDate: 2022-01-09 01:07:50 +0000
> Commit:=C2=A0 =C2=A0 =C2=A0Robert Wing <rew@FreeBSD.org>
> CommitDate: 2022-01-09 01:32:14 +0000
>
>=C2=A0 =C2=A0 =C2=A0syncache: accept packet with no SA when TCP_MD5SIG = is set
>
>=C2=A0 =C2=A0 =C2=A0When TCP_MD5SIG is set on a socket, all packets are= dropped that don't
>=C2=A0 =C2=A0 =C2=A0contain an MD5 signature. Relax this behavior to ac= cept a non-signed
>=C2=A0 =C2=A0 =C2=A0packet when a security association doesn't exis= t with the peer.
>
>=C2=A0 =C2=A0 =C2=A0This is useful when a listen socket set with TCP_MD= 5SIG wants to handle
>=C2=A0 =C2=A0 =C2=A0connections protected with and without MD5 signatur= es.
>
>=C2=A0 =C2=A0 =C2=A0Reviewed by:=C2=A0 =C2=A0 bz (previous version)
>=C2=A0 =C2=A0 =C2=A0Sponsored by:=C2=A0 =C2=A0nepustil.net
>=C2=A0 =C2=A0 =C2=A0Sponsored by:=C2=A0 =C2=A0Klara Inc.
>=C2=A0 =C2=A0 =C2=A0Differential Revision:=C2=A0 https://revie= ws.freebsd.org/D33227
> ---
>=C2=A0 share/man/man4/tcp.4=C2=A0 =C2=A0 =C2=A0 =C2=A0|=C2=A0 6 +++++-<= br> >=C2=A0 sys/netinet/tcp_syncache.c | 30 ++++++++++++++++++------------ >=C2=A0 sys/netipsec/xform_tcp.c=C2=A0 =C2=A0|=C2=A0 5 +++++
>=C2=A0 3 files changed, 28 insertions(+), 13 deletions(-)
>
> diff --git a/share/man/man4/tcp.4 b/share/man/man4/tcp.4
> index 17138fa224ba..d103293132ba 100644
> --- a/share/man/man4/tcp.4
> +++ b/share/man/man4/tcp.4
> @@ -34,7 +34,7 @@
>=C2=A0 .\"=C2=A0 =C2=A0 =C2=A0From: @(#)tcp.4=C2=A0 =C2=A0 =C2=A0 = 8.1 (Berkeley) 6/5/93
>=C2=A0 .\" $FreeBSD$
>=C2=A0 .\"
> -.Dd June 27, 2021
> +.Dd January 8, 2022
>=C2=A0 .Dt TCP 4
>=C2=A0 .Os
>=C2=A0 .Sh NAME
> @@ -339,6 +339,10 @@ This entry can only be specified on a per-host ba= sis at this time.
>=C2=A0 .Pp
>=C2=A0 If an SADB entry cannot be found for the destination,
>=C2=A0 the system does not send any outgoing segments and drops any inb= ound segments.
> +However, during connection negotiation, a non-signed segment will be = accepted if
> +an SADB entry does not exist between hosts.
> +When a non-signed segment is accepted, the established connection is = not
> +protected with MD5 digests.
>=C2=A0 .It Dv TCP_STATS
>=C2=A0 Manage collection of connection level statistics using the
>=C2=A0 .Xr stats 3
> diff --git a/sys/netinet/tcp_syncache.c b/sys/netinet/tcp_syncache.c > index 7dd8443cad65..32ca3bc2209b 100644
> --- a/sys/netinet/tcp_syncache.c
> +++ b/sys/netinet/tcp_syncache.c
> @@ -1514,19 +1514,25 @@ syncache_add(struct in_conninfo *inc, struct t= cpopt *to, struct tcphdr *th,
>
>=C2=A0 #if defined(IPSEC_SUPPORT) || defined(TCP_SIGNATURE)
>=C2=A0 =C2=A0 =C2=A0 =C2=A0/*
> -=C2=A0 =C2=A0 =C2=A0 * If listening socket requested TCP digests, che= ck that received
> -=C2=A0 =C2=A0 =C2=A0 * SYN has signature and it is correct. If signat= ure doesn't match
> -=C2=A0 =C2=A0 =C2=A0 * or TCP_SIGNATURE support isn't enabled, dr= op the packet.
> +=C2=A0 =C2=A0 =C2=A0 * When the socket is TCP-MD5 enabled check that,=
> +=C2=A0 =C2=A0 =C2=A0 *=C2=A0 - a signed packet is valid
> +=C2=A0 =C2=A0 =C2=A0 *=C2=A0 - a non-signed packet does not have a se= curity association
> +=C2=A0 =C2=A0 =C2=A0 *
> +=C2=A0 =C2=A0 =C2=A0 *=C2=A0 If a signed packet fails validation or a= non-signed packet has a
> +=C2=A0 =C2=A0 =C2=A0 *=C2=A0 security association, the packet will be= dropped.
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 */
>=C2=A0 =C2=A0 =C2=A0 =C2=A0if (ltflags & TF_SIGNATURE) {
> -=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0if ((to->to_flags = & TOF_SIGNATURE) =3D=3D 0) {
> -=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0= =C2=A0TCPSTAT_INC(tcps_sig_err_nosigopt);
> -=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0= =C2=A0goto done;
> +=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0if (to->to_flags &= amp; TOF_SIGNATURE) {
> +=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0= =C2=A0if (!TCPMD5_ENABLED() ||
> +=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0= =C2=A0 =C2=A0 =C2=A0TCPMD5_INPUT(m, th, to->to_signature) !=3D 0)
> +=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0= =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0goto done;
> +=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0} else {
> +=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0= =C2=A0if (TCPMD5_ENABLED() &&
> +=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0= =C2=A0 =C2=A0 =C2=A0TCPMD5_INPUT(m, NULL, NULL) !=3D ENOENT)
> +=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0= =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0goto done;
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0}
> -=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0if (!TCPMD5_ENABLED()= ||
> -=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0TCPMD5_= INPUT(m, th, to->to_signature) !=3D 0)
> -=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0= =C2=A0goto done;
> -=C2=A0 =C2=A0 =C2=A0}
> +=C2=A0 =C2=A0 =C2=A0} else if (to->to_flags & TOF_SIGNATURE) > +=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0goto done;
>=C2=A0 #endif=C2=A0 =C2=A0 =C2=A0 =C2=A0/* TCP_SIGNATURE */
>=C2=A0 =C2=A0 =C2=A0 =C2=A0/*
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 * See if we already have an entry for this = connection.
> @@ -1724,11 +1730,11 @@ skip_alloc:
>=C2=A0 =C2=A0 =C2=A0 =C2=A0}
>=C2=A0 #if defined(IPSEC_SUPPORT) || defined(TCP_SIGNATURE)
>=C2=A0 =C2=A0 =C2=A0 =C2=A0/*
> -=C2=A0 =C2=A0 =C2=A0 * If listening socket requested TCP digests, fla= g this in the
> +=C2=A0 =C2=A0 =C2=A0 * If incoming packet has an MD5 signature, flag = this in the
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 * syncache so that syncache_respond() will = do the right thing
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 * with the SYN+ACK.
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 */
> -=C2=A0 =C2=A0 =C2=A0if (ltflags & TF_SIGNATURE)
> +=C2=A0 =C2=A0 =C2=A0if (to->to_flags & TOF_SIGNATURE)
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0sc->sc_flags = |=3D SCF_SIGNATURE;
>=C2=A0 #endif=C2=A0 =C2=A0 =C2=A0 =C2=A0/* TCP_SIGNATURE */
>=C2=A0 =C2=A0 =C2=A0 =C2=A0if (to->to_flags & TOF_SACKPERM)
> diff --git a/sys/netipsec/xform_tcp.c b/sys/netipsec/xform_tcp.c
> index b53544cd00fb..ce2552f0a205 100644
> --- a/sys/netipsec/xform_tcp.c
> +++ b/sys/netipsec/xform_tcp.c
> @@ -269,6 +269,11 @@ tcp_ipsec_input(struct mbuf *m, struct tcphdr *th= , u_char *buf)
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0KMOD_TCPSTAT_INC= (tcps_sig_err_buildsig);
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0return (ENOENT);=
>=C2=A0 =C2=A0 =C2=A0 =C2=A0}
> +=C2=A0 =C2=A0 =C2=A0if (buf =3D=3D NULL) {
> +=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0key_freesav(&sav)= ;
> +=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0KMOD_TCPSTAT_INC(tcps= _sig_err_nosigopt);
> +=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0return (EACCES);
> +=C2=A0 =C2=A0 =C2=A0}
>=C2=A0 =C2=A0 =C2=A0 =C2=A0/*
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 * tcp_input() operates with TCP header fiel= ds in host
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 * byte order. We expect them in network byt= e order.
--0000000000002017c505d566002e--