Date: Wed, 21 Sep 2005 16:11:13 +0900 (JST) From: Noritoshi Demizu <demizu@dd.iij4u.or.jp> To: othermark <atkin901@yahoo.com> Cc: freebsd-net@freebsd.org Subject: Re: rfc2385 (tcp md5 checksums) in -current broken? Message-ID: <20050921.161113.59648691.Noritoshi@Demizu.ORG> In-Reply-To: <20050921.012626.74752754.Noritoshi@Demizu.ORG> References: <dgp7lk$sov$1@sea.gmane.org> <20050921.012626.74752754.Noritoshi@Demizu.ORG>
next in thread | previous in thread | raw e-mail | index | archive | help
> > I'm testing rfc2385 support with some of our equipment with current > > as of a few days ago, and the support seems, well, rather broken. tcpdump seems to be broken. I think the patch at the tail of this e-mail needs to be applied to src/contrib/tcpdump/print-tcp.c. Could you try this patch? I think this patch can also be applied to tcpdump 3.9.3. > I think there is a bug in syncache_respond(). I'm trying to fix this problem. But,,, I found you don't use SACK in your trace :-). Anyway, I will try to fix the bug in syncache_respond(). Regards, Noritoshi Demizu --- print-tcp.c-ORG Thu Apr 21 15:36:05 2005 +++ print-tcp.c Wed Sep 21 16:07:40 2005 @@ -799,7 +799,7 @@ MD5_Update(&ctx, tcpmd5secret, strlen(tcpmd5secret)); MD5_Final(sig, &ctx); - if (memcmp(rcvsig, sig, 16)) + if (memcmp(rcvsig, sig, 16) == 0) return (SIGNATURE_VALID); else return (SIGNATURE_INVALID);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050921.161113.59648691.Noritoshi>