Date: Wed, 28 Nov 2007 06:26:15 +0000 (UTC) From: "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net> To: Nick Hilliard <nick-lists@netability.ie> Cc: freebsd-net@freebsd.org Subject: Re: tcp md5 checksums broken in 7.0-beta3 Message-ID: <20071128062332.E53707@maildrop.int.zabbadoz.net> In-Reply-To: <474CC3EC.1010205@netability.ie> References: <474B24F3.2030603@netability.ie> <20071126224649.C53707@maildrop.int.zabbadoz.net> <474CC3EC.1010205@netability.ie>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 28 Nov 2007, Nick Hilliard wrote: Hi, > Bjoern A. Zeeb wrote: >> I'll try to find your bug the next days (in case you find anything let >> me know). > > At the very least, this will be necessary: > > --- tcp_subr.c~ 2007-11-28 01:14:46.000000000 +0000 > +++ tcp_subr.c 2007-11-28 01:14:46.000000000 +0000 > @@ -1948,7 +1948,7 @@ > /* > * Step 4: Update MD5 hash with shared secret. > */ > - MD5Update(&ctx, _KEYBUF(sav->key_auth), _KEYLEN(sav->key_auth)); > + MD5Update(&ctx, sav->key_auth->key_data, _KEYLEN(sav->key_auth)); > MD5Final(buf, &ctx); > > key_sa_recordxfer(sav, m); > > But it doesn't fix the problem. I stopped at the point validating the tcp header was correct last night somewhen after midnight. With your + my other patches (not posted yet) I have valid md5 sums again for all but the S/A case. Expect a patch soonish. -- Bjoern A. Zeeb bzeeb at Zabbadoz dot NeT Software is harder than hardware so better get it right the first time.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20071128062332.E53707>