cvs commit: src/sys/netinet tcp_syncache.c
Bruce M Simpson
bms at spc.org
Fri Apr 22 04:12:43 PDT 2005
On Thu, Apr 21, 2005 at 08:09:09PM +0000, Paul Saab wrote:
> Log:
> Fix for 2 bugs related to TCP Signatures :
Thanks for committing this, however I would have appreciated a ping before
putting it in. The risk is that it may break existing applications; whilst
it follows the letter of the RFC, and that is good, we need to refactor the
granularity of how TCP-MD5 security associations work in order to not break
sessions with peers which don't speak TCP-MD5.
Currently the implementation only allows for a single key per distinct
peer IP address. For running LDP as well as BGP in an MPLS setup, this
isn't going to work.
I have had initial (buggy) patches for this which push the logic into the
SPD rather than the SADB, which is probably the best way forward.
At the moment I don't have free cycles to deal with this. If anyone is
interested in taking this task on in the meantime then please do contact me.
Regards,
BMS
More information about the cvs-src
mailing list