[PATCH] First part of TCP-MD5 inbound verification
From: Bruce M Simpson (bms_at_spc.org)
Date: 04/22/04
- Previous message: Michael Bretterklieber: "Re: Assigning a specific IP address and Interface with MPD"
- Next in thread: Barney Wolff: "Re: [PATCH] First part of TCP-MD5 inbound verification"
- Reply: Barney Wolff: "Re: [PATCH] First part of TCP-MD5 inbound verification"
- Reply: Eugene Grosbein: "BGP MD5: compatibility for STABLE?"
- Reply: Eugene Grosbein: "[SPAM] BGP MD5: compatibility for STABLE?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Thu, 22 Apr 2004 14:06:59 +0100 To: freebsd-net@FreeBSD.org
Hey guys,
I'm really pressed for time at the moment and people are demanding a lot of
other things from me. So I'd like to float this patch set against HEAD
which does inbound TCP-MD5 verification, so far for SYNs only.
I took a decision to use sysctls rather than enlarge struct tcpstat to avoid
ABI breakage, as I know Luigi and Brooks amongst others are busy hacking
in netinet land.
I suspect the SYN validation can probably move into syncache_add() so as to
avoid code duplication in tcp_input(). Inlining it probably won't have
any real benefit. The check is essentially the same in both cases (non-SYN
for established connection, and SYN) but outcomes like 'goto drop', etc
may be different.
This appears to do the right thing with my existing test rig (Cisco 2501
running IOS 12.0(27)T).
Regards,
BMS
- text/plain attachment: 2385-inbound.diff
- application/pgp-signature attachment: stored
- Previous message: Michael Bretterklieber: "Re: Assigning a specific IP address and Interface with MPD"
- Next in thread: Barney Wolff: "Re: [PATCH] First part of TCP-MD5 inbound verification"
- Reply: Barney Wolff: "Re: [PATCH] First part of TCP-MD5 inbound verification"
- Reply: Eugene Grosbein: "BGP MD5: compatibility for STABLE?"
- Reply: Eugene Grosbein: "[SPAM] BGP MD5: compatibility for STABLE?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
