From owner-svn-src-head@FreeBSD.ORG Thu Mar 8 01:37:02 2012 Return-Path: Delivered-To: svn-src-head@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 20FD31065677; Thu, 8 Mar 2012 01:37:01 +0000 (UTC) (envelope-from emaste@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id CE6938FC12; Thu, 8 Mar 2012 01:37:01 +0000 (UTC) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.4/8.14.4) with ESMTP id q281b1X0019576; Thu, 8 Mar 2012 01:37:01 GMT (envelope-from emaste@svn.freebsd.org) Received: (from emaste@localhost) by svn.freebsd.org (8.14.4/8.14.4/Submit) id q281b1cg019574; Thu, 8 Mar 2012 01:37:01 GMT (envelope-from emaste@svn.freebsd.org) Message-Id: <201203080137.q281b1cg019574@svn.freebsd.org> From: Ed Maste Date: Thu, 8 Mar 2012 01:37:01 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org X-SVN-Group: head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r232678 - head/share/man/man4 X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 08 Mar 2012 01:37:02 -0000 Author: emaste Date: Thu Mar 8 01:37:01 2012 New Revision: 232678 URL: http://svn.freebsd.org/changeset/base/232678 Log: Inbound TCP-MD5 digest validation is now supported Modified: head/share/man/man4/tcp.4 Modified: head/share/man/man4/tcp.4 ============================================================================== --- head/share/man/man4/tcp.4 Thu Mar 8 01:10:23 2012 (r232677) +++ head/share/man/man4/tcp.4 Thu Mar 8 01:37:01 2012 (r232678) @@ -38,7 +38,7 @@ .\" From: @(#)tcp.4 8.1 (Berkeley) 6/5/93 .\" $FreeBSD$ .\" -.Dd February 5, 2012 +.Dd March 7, 2012 .Dt TCP 4 .Os .Sh NAME @@ -255,8 +255,9 @@ or the internal send buffer is filled. .It Dv TCP_MD5SIG This option enables the use of MD5 digests (also known as TCP-MD5) on writes to the specified socket. -In the current release, only outgoing traffic is digested; -digests on incoming traffic are not verified. +Outgoing traffic is digested; +digests on incoming traffic are verified +if the net.inet.tcp.signature_verify_input sysctl is nonzero. The current default behavior for the system is to respond to a system advertising this option with TCP-MD5; this may change. .Pp