From owner-cvs-all@FreeBSD.ORG Fri Apr 22 11:12:43 2005 Return-Path: Delivered-To: cvs-all@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CA26416A4CE; Fri, 22 Apr 2005 11:12:43 +0000 (GMT) Received: from arginine.spc.org (arginine.spc.org [83.167.185.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 848F343D39; Fri, 22 Apr 2005 11:12:43 +0000 (GMT) (envelope-from bms@spc.org) Received: from localhost (localhost [127.0.0.1]) by arginine.spc.org (Postfix) with ESMTP id 5CC636520C; Fri, 22 Apr 2005 12:12:06 +0100 (BST) Received: from arginine.spc.org ([127.0.0.1]) by localhost (arginine.spc.org [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 49557-04; Fri, 22 Apr 2005 12:12:06 +0100 (BST) Received: from empiric.dek.spc.org (dhcp44.ams.attingo.nl [212.123.202.204]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by arginine.spc.org (Postfix) with ESMTP id CA9B5651F4; Fri, 22 Apr 2005 12:12:05 +0100 (BST) Received: by empiric.dek.spc.org (Postfix, from userid 1001) id 4A28764CF; Fri, 22 Apr 2005 04:12:41 -0700 (PDT) Date: Fri, 22 Apr 2005 04:12:41 -0700 From: Bruce M Simpson To: Paul Saab Message-ID: <20050422111241.GD818@empiric.icir.org> Mail-Followup-To: Paul Saab , src-committers@FreeBSD.org, cvs-src@FreeBSD.org, cvs-all@FreeBSD.org References: <200504212009.j3LK992c044126@repoman.freebsd.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200504212009.j3LK992c044126@repoman.freebsd.org> cc: cvs-src@FreeBSD.org cc: src-committers@FreeBSD.org cc: cvs-all@FreeBSD.org Subject: Re: cvs commit: src/sys/netinet tcp_syncache.c X-BeenThere: cvs-all@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: CVS commit messages for the entire tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 Apr 2005 11:12:44 -0000 On Thu, Apr 21, 2005 at 08:09:09PM +0000, Paul Saab wrote: > Log: > Fix for 2 bugs related to TCP Signatures : Thanks for committing this, however I would have appreciated a ping before putting it in. The risk is that it may break existing applications; whilst it follows the letter of the RFC, and that is good, we need to refactor the granularity of how TCP-MD5 security associations work in order to not break sessions with peers which don't speak TCP-MD5. Currently the implementation only allows for a single key per distinct peer IP address. For running LDP as well as BGP in an MPLS setup, this isn't going to work. I have had initial (buggy) patches for this which push the logic into the SPD rather than the SADB, which is probably the best way forward. At the moment I don't have free cycles to deal with this. If anyone is interested in taking this task on in the meantime then please do contact me. Regards, BMS