From owner-freebsd-net@FreeBSD.ORG  Mon Nov 26 20:19:54 2007
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 16DE816A41B
	for <freebsd-net@freebsd.org>; Mon, 26 Nov 2007 20:19:54 +0000 (UTC)
	(envelope-from nick-lists@netability.ie)
Received: from mail.acquirer.com (mail.acquirer.com [87.198.142.10])
	by mx1.freebsd.org (Postfix) with ESMTP id 8F72C13C44B
	for <freebsd-net@freebsd.org>; Mon, 26 Nov 2007 20:19:53 +0000 (UTC)
	(envelope-from nick-lists@netability.ie)
X-Envelope-To: <freebsd-net@freebsd.org>
Received: from crumpet.foobar.org (vpn-251.int.inex.ie [193.242.111.251])
	(authenticated bits=0)
	by mail.acquirer.com (8.13.6/8.13.8) with ESMTP id lAQJuZQX076734
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO)
	for <freebsd-net@freebsd.org>; Mon, 26 Nov 2007 19:56:36 GMT
	(envelope-from nick-lists@netability.ie)
Message-ID: <474B24F3.2030603@netability.ie>
Date: Mon, 26 Nov 2007 19:56:35 +0000
From: Nick Hilliard <nick-lists@netability.ie>
User-Agent: Thunderbird 2.0.0.9 (Macintosh/20071031)
MIME-Version: 1.0
To: freebsd-net@freebsd.org
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00 autolearn=ham
	version=3.2.1
X-Spam-Checker-Version: SpamAssassin 3.2.1 (2007-05-02) on muffin.acquirer.com
X-Virus-Scanned: ClamAV 0.91.2/4928/Mon Nov 26 18:10:39 2007 on
	muffin.acquirer.com
X-Virus-Status: Clean
Subject: tcp md5 checksums broken in 7.0-beta3
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 26 Nov 2007 20:19:54 -0000

Hi,

Are TCP MD5 checksums working at all in freebsd7.0-beta3? I've got two
physically identical machines, one running 6.2 and the other 7.0-beta3.
Both are running quagga 0.99.9 with the md5 patch.  On the 6.2 box, packets
are being correctly tagged, according to tcpdump (with the print-tcp.c
memcmp() patch).

> 19:42:30.937507 IP 193.242.111.8.57216 > 193.242.111.29.179: P 2720329801:2720329820(19) ack 1833960167 win 65535 <md5:valid,eol>: BGP, length: 19

However, on the 7.0 box, the checksum is ending up zeroed:

> 19:32:30.996634 IP 193.242.111.9.55302 > 193.242.111.xx.179: S 1684595509:1684595509(0) win 65535 <mss 1460,sackOK,md5:can't check - 00000000000000000000000000000000>

There is a SAD entry for this host:

> 193.242.111.9 193.242.111.xx 
>         tcp mode=any spi=4096(0x00001000) reqid=0(0x00000000)
>         A: tcp-md5  <deleted>
>         seq=0x00000000 replay=0 flags=0x00000040 state=mature 
>         created: Nov 26 19:30:00 2007   current: Nov 26 19:33:44 2007
>         diff: 224(s)    hard: 0(s)      soft: 0(s)
>         last: Nov 26 19:32:30 2007      hard: 0(s)      soft: 0(s)
>         current: 0(bytes)       hard: 0(bytes)  soft: 0(bytes)
>         allocated: 9    hard: 0 soft: 0
>         sadb_seq=2 pid=1574 refcnt=1

Looks like collateral damage from some other change to the tcp code between
6.2 and 7.0.

Nick