Date: Tue, 27 Nov 2007 10:52:35 +0000 From: Nick Hilliard <nick-lists@netability.ie> To: "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net> Cc: freebsd-net@freebsd.org Subject: Re: tcp md5 checksums broken in 7.0-beta3 Message-ID: <474BF6F3.2070506@netability.ie> In-Reply-To: <20071126224649.C53707@maildrop.int.zabbadoz.net> References: <474B24F3.2030603@netability.ie> <20071126224649.C53707@maildrop.int.zabbadoz.net>
index | next in thread | previous in thread | raw e-mail
Bjoern A. Zeeb wrote: > not that this should fix your problem but you might want to start with > this patch: > > http://sources.zabbadoz.net/freebsd/patchset/sys-netinet-tcp-syncache.c-20071126-01.diff No, probably not. But it may fix a bunch of spurious failed SADB lookup messages I've been seeing on the box in question. > I'll try to find your bug the next days (in case you find anything let > me know). > > I don't know how much quagga does these days but policies are setup > correctly on both machines and you are not finding any failed SADB > lookup warninge in dmesg on the 7 machine? The security policy is set up using setkey from config in /etc/ipsec.conf: > ferris# grep xx /etc/ipsec.conf > add 193.242.111.9 193.242.111.xx tcp 0x1000 -A tcp-md5 "<removed>"; No, there are no failed SADB lookup messages. The kernel code is being executed, because if I disable md5 from within quagga, the md5 checksum option completely disappears from the tcp headers. If it's enabled, the checksum is just zeros. Nickhome | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?474BF6F3.2070506>