From owner-freebsd-net@FreeBSD.ORG  Wed Sep 21 07:11:32 2005
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
X-Original-To: freebsd-net@freebsd.org
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 93D4416A41F
	for <freebsd-net@freebsd.org>; Wed, 21 Sep 2005 07:11:32 +0000 (GMT)
	(envelope-from demizu@dd.iij4u.or.jp)
Received: from r-dd.iij4u.or.jp (r-dd.iij4u.or.jp [210.130.0.70])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 1170043D46
	for <freebsd-net@freebsd.org>; Wed, 21 Sep 2005 07:11:31 +0000 (GMT)
	(envelope-from demizu@dd.iij4u.or.jp)
Received: from localhost (h168.p058.iij4u.or.jp [210.130.58.168])
	by r-dd.iij4u.or.jp (4U-MR/r-dd) id j8L7BR7H027474;
	Wed, 21 Sep 2005 16:11:28 +0900 (JST)
Date: Wed, 21 Sep 2005 16:11:13 +0900 (JST)
Message-Id: <20050921.161113.59648691.Noritoshi@Demizu.ORG>
From: Noritoshi Demizu <demizu@dd.iij4u.or.jp>
To: othermark <atkin901@yahoo.com>
In-Reply-To: <20050921.012626.74752754.Noritoshi@Demizu.ORG>
References: <dgp7lk$sov$1@sea.gmane.org>
	<20050921.012626.74752754.Noritoshi@Demizu.ORG>
X-Mailer: Mew version 4.1 on Emacs 21 / Mule 5.0 (SAKAKI)
Mime-Version: 1.0
Content-Type: Text/Plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Cc: freebsd-net@freebsd.org
Subject: Re: rfc2385 (tcp md5 checksums) in -current broken?
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 21 Sep 2005 07:11:32 -0000

> > I'm testing rfc2385 support with some of our equipment with current
> > as of a few days ago, and the support seems, well, rather broken.

tcpdump seems to be broken.  I think the patch at the tail of this
e-mail needs to be applied to src/contrib/tcpdump/print-tcp.c.
Could you try this patch?

I think this patch can also be applied to tcpdump 3.9.3.

> I think there is a bug in syncache_respond().

I'm trying to fix this problem.  But,,, I found you don't use SACK in
your trace :-).  Anyway, I will try to fix the bug in syncache_respond().

Regards,
Noritoshi Demizu


--- print-tcp.c-ORG	Thu Apr 21 15:36:05 2005
+++ print-tcp.c	Wed Sep 21 16:07:40 2005
@@ -799,7 +799,7 @@
 	MD5_Update(&ctx, tcpmd5secret, strlen(tcpmd5secret));
 	MD5_Final(sig, &ctx);
 
-	if (memcmp(rcvsig, sig, 16))
+	if (memcmp(rcvsig, sig, 16) == 0)
 		return (SIGNATURE_VALID);
 	else
 		return (SIGNATURE_INVALID);