Date: Tue, 19 Apr 2011 12:08:47 -0400 From: Attilio Rao <attilio@freebsd.org> To: freebsd-net@freebsd.org Cc: "Bjoern A. Zeeb" <bz@freebsd.org>, Ed Maste <emaste@sandvine.com> Subject: [PATCH] Add MD5 signature checking for incoming packets Message-ID: <BANLkTim5SJzKFWbOphPWweGQmU4B=TCJsA@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
The patch at: http://www.freebsd.org/~attilio/Sandvine/STABLE_8/tcp_signature/tcp_signature.diff - Enable the md5 signature checking for incoming packets, when both enabled in the kernel and desired by the socket - Spit out an error when the option TCP_SIGNATURE is enabled and IPSEC option is not (KPI usage problem, leading to just compiler error, in the current code) Some notes: - As suggested by bz@, I named the functions tcp_fields_to_net() and tcp_fields_to_host() just following the NetBSD's names - I add the statistic anyway to the tcpstats in order to avoid ABI breakage between kernel and modules/userland. Anyway it seems that tcpstats is not a member of any structure, so probabilly having them as last step could sitll make it conditional. I'm not entirely sure on what is the desired effect here, so I just included anyway, but I'm ready to change if someone makes a valid point The patch has been already reviewed by emaste and bz and tested for years on SVOS. Please cc' me for answers as I'm not really subscribed to -net@. Thanks, Attilio -- Peace can only be achieved by understanding - A. Einstein
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?BANLkTim5SJzKFWbOphPWweGQmU4B=TCJsA>