Date: Tue, 27 Nov 2007 10:52:35 +0000 From: Nick Hilliard <nick-lists@netability.ie> To: "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net> Cc: freebsd-net@freebsd.org Subject: Re: tcp md5 checksums broken in 7.0-beta3 Message-ID: <474BF6F3.2070506@netability.ie> In-Reply-To: <20071126224649.C53707@maildrop.int.zabbadoz.net> References: <474B24F3.2030603@netability.ie> <20071126224649.C53707@maildrop.int.zabbadoz.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Bjoern A. Zeeb wrote: > not that this should fix your problem but you might want to start with > this patch: > > http://sources.zabbadoz.net/freebsd/patchset/sys-netinet-tcp-syncache.c-20071126-01.diff No, probably not. But it may fix a bunch of spurious failed SADB lookup messages I've been seeing on the box in question. > I'll try to find your bug the next days (in case you find anything let > me know). > > I don't know how much quagga does these days but policies are setup > correctly on both machines and you are not finding any failed SADB > lookup warninge in dmesg on the 7 machine? The security policy is set up using setkey from config in /etc/ipsec.conf: > ferris# grep xx /etc/ipsec.conf > add 193.242.111.9 193.242.111.xx tcp 0x1000 -A tcp-md5 "<removed>"; No, there are no failed SADB lookup messages. The kernel code is being executed, because if I disable md5 from within quagga, the md5 checksum option completely disappears from the tcp headers. If it's enabled, the checksum is just zeros. Nick
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?474BF6F3.2070506>