tcp md5 checksums broken in 7.0-beta3
Nick Hilliard
nick-lists at netability.ie
Mon Nov 26 12:19:54 PST 2007
Hi,
Are TCP MD5 checksums working at all in freebsd7.0-beta3? I've got two
physically identical machines, one running 6.2 and the other 7.0-beta3.
Both are running quagga 0.99.9 with the md5 patch. On the 6.2 box, packets
are being correctly tagged, according to tcpdump (with the print-tcp.c
memcmp() patch).
> 19:42:30.937507 IP 193.242.111.8.57216 > 193.242.111.29.179: P 2720329801:2720329820(19) ack 1833960167 win 65535 <md5:valid,eol>: BGP, length: 19
However, on the 7.0 box, the checksum is ending up zeroed:
> 19:32:30.996634 IP 193.242.111.9.55302 > 193.242.111.xx.179: S 1684595509:1684595509(0) win 65535 <mss 1460,sackOK,md5:can't check - 00000000000000000000000000000000>
There is a SAD entry for this host:
> 193.242.111.9 193.242.111.xx
> tcp mode=any spi=4096(0x00001000) reqid=0(0x00000000)
> A: tcp-md5 <deleted>
> seq=0x00000000 replay=0 flags=0x00000040 state=mature
> created: Nov 26 19:30:00 2007 current: Nov 26 19:33:44 2007
> diff: 224(s) hard: 0(s) soft: 0(s)
> last: Nov 26 19:32:30 2007 hard: 0(s) soft: 0(s)
> current: 0(bytes) hard: 0(bytes) soft: 0(bytes)
> allocated: 9 hard: 0 soft: 0
> sadb_seq=2 pid=1574 refcnt=1
Looks like collateral damage from some other change to the tcp code between
6.2 and 7.0.
Nick
More information about the freebsd-net
mailing list