From owner-freebsd-net@FreeBSD.ORG  Tue Sep 20 16:26:47 2005
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
X-Original-To: freebsd-net@freebsd.org
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id DC8F516A41F
	for <freebsd-net@freebsd.org>; Tue, 20 Sep 2005 16:26:47 +0000 (GMT)
	(envelope-from demizu@dd.iij4u.or.jp)
Received: from r-dd.iij4u.or.jp (r-dd.iij4u.or.jp [210.130.0.70])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 501EF43D45
	for <freebsd-net@freebsd.org>; Tue, 20 Sep 2005 16:26:47 +0000 (GMT)
	(envelope-from demizu@dd.iij4u.or.jp)
Received: from localhost (221x117x177x135.ap221.ftth.ucom.ne.jp
	[221.117.177.135])
	by r-dd.iij4u.or.jp (4U-MR/r-dd) id j8KGQjDo021231;
	Wed, 21 Sep 2005 01:26:46 +0900 (JST)
Date: Wed, 21 Sep 2005 01:26:26 +0900 (JST)
Message-Id: <20050921.012626.74752754.Noritoshi@Demizu.ORG>
From: Noritoshi Demizu <demizu@dd.iij4u.or.jp>
To: othermark <atkin901@yahoo.com>
In-Reply-To: <dgp7lk$sov$1@sea.gmane.org>
References: <dgp7lk$sov$1@sea.gmane.org>
X-Mailer: Mew version 4.1 on Emacs 21 / Mule 5.0 (SAKAKI)
Mime-Version: 1.0
Content-Type: Text/Plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Cc: freebsd-net@freebsd.org
Subject: Re: rfc2385 (tcp md5 checksums) in -current broken?
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 20 Sep 2005 16:26:48 -0000

> I'm testing rfc2385 support with some of our equipment with current
> as of a few days ago, and the support seems, well, rather broken.

I think there is a bug in syncache_respond().

In tcp_syncache.c rev 1.77, tcp_signature_compute() is called before
filling the TCP SACK Permitted option and the TCP EOL option.  I guess
it should be called after filling both the SACK Permitted and EOL option.

If this is the cause of the problem, I think it was broken when SACK
was imported.  However, when we suggested the change of rev 1.73, I
should notice the bug.  I am sorry I did not know how to test the
signature option well.

I will try to make a patch tomorrow.

Regards,
Noritoshi Demizu