tcp md5 checksums broken in 7.0-beta3
- From: Nick Hilliard <nick-lists@xxxxxxxxxxxxx>
- Date: Mon, 26 Nov 2007 19:56:35 +0000
Hi,
Are TCP MD5 checksums working at all in freebsd7.0-beta3? I've got two
physically identical machines, one running 6.2 and the other 7.0-beta3.
Both are running quagga 0.99.9 with the md5 patch. On the 6.2 box, packets
are being correctly tagged, according to tcpdump (with the print-tcp.c
memcmp() patch).
19:42:30.937507 IP 193.242.111.8.57216 > 193.242.111.29.179: P 2720329801:2720329820(19) ack 1833960167 win 65535 <md5:valid,eol>: BGP, length: 19
However, on the 7.0 box, the checksum is ending up zeroed:
19:32:30.996634 IP 193.242.111.9.55302 > 193.242.111.xx.179: S 1684595509:1684595509(0) win 65535 <mss 1460,sackOK,md5:can't check - 00000000000000000000000000000000>
There is a SAD entry for this host:
193.242.111.9 193.242.111.xx
tcp mode=any spi=4096(0x00001000) reqid=0(0x00000000)
A: tcp-md5 <deleted>
seq=0x00000000 replay=0 flags=0x00000040 state=mature
created: Nov 26 19:30:00 2007 current: Nov 26 19:33:44 2007
diff: 224(s) hard: 0(s) soft: 0(s)
last: Nov 26 19:32:30 2007 hard: 0(s) soft: 0(s)
current: 0(bytes) hard: 0(bytes) soft: 0(bytes)
allocated: 9 hard: 0 soft: 0
sadb_seq=2 pid=1574 refcnt=1
Looks like collateral damage from some other change to the tcp code between
6.2 and 7.0.
Nick
_______________________________________________
freebsd-net@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscribe@xxxxxxxxxxx"
- Follow-Ups:
- Re: tcp md5 checksums broken in 7.0-beta3
- From: Bjoern A. Zeeb
- Re: tcp md5 checksums broken in 7.0-beta3
- Prev by Date: 6.2+pf+CARP bandwidth issues
- Next by Date: Re: Switch pfil(9) to rmlocks
- Previous by thread: 6.2+pf+CARP bandwidth issues
- Next by thread: Re: tcp md5 checksums broken in 7.0-beta3
- Index(es):
