From owner-freebsd-net@FreeBSD.ORG  Wed Sep 21 09:41:50 2005
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
X-Original-To: freebsd-net@freebsd.org
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 5B4A716A41F
	for <freebsd-net@freebsd.org>; Wed, 21 Sep 2005 09:41:50 +0000 (GMT)
	(envelope-from demizu@dd.iij4u.or.jp)
Received: from r-dd.iij4u.or.jp (r-dd.iij4u.or.jp [210.130.0.70])
	by mx1.FreeBSD.org (Postfix) with ESMTP id D446243D45
	for <freebsd-net@freebsd.org>; Wed, 21 Sep 2005 09:41:49 +0000 (GMT)
	(envelope-from demizu@dd.iij4u.or.jp)
Received: from localhost (h168.p058.iij4u.or.jp [210.130.58.168])
	by r-dd.iij4u.or.jp (4U-MR/r-dd) id j8L9fY8B013913;
	Wed, 21 Sep 2005 18:41:44 +0900 (JST)
Date: Wed, 21 Sep 2005 18:41:14 +0900 (JST)
Message-Id: <20050921.184114.115904070.Noritoshi@Demizu.ORG>
From: Noritoshi Demizu <demizu@dd.iij4u.or.jp>
To: othermark <atkin901@yahoo.com>
In-Reply-To: <20050921.161113.59648691.Noritoshi@Demizu.ORG>
References: <dgp7lk$sov$1@sea.gmane.org>
	<20050921.012626.74752754.Noritoshi@Demizu.ORG>
	<20050921.161113.59648691.Noritoshi@Demizu.ORG>
X-Mailer: Mew version 4.1 on Emacs 21 / Mule 5.0 (SAKAKI)
Mime-Version: 1.0
Content-Type: Text/Plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Cc: freebsd-net@freebsd.org
Subject: Re: rfc2385 (tcp md5 checksums) in -current broken?
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 21 Sep 2005 09:41:50 -0000

> > I think there is a bug in syncache_respond().

I am sorry I was wrong.  syncache_respond() does not have such bug.
Buggy thing was my brain...

> > In tcp_syncache.c rev 1.77, tcp_signature_compute() is called before
> > filling the TCP SACK Permitted option and the TCP EOL option.  I guess
> > it should be called after filling both the SACK Permitted and EOL option.

According to RFC2385, TCP options are excluded when computing MD5 hash.
So, TCP options fields can be rewritten after MD5 hash is computed.
I misunderstood it.  I am sorry if I made you confused.

My conclusion is that src/contrib/tcpdump/print-tcp.c has a bug.
And the patch below will fix it.

Regards,
Noritoshi Demizu


--- print-tcp.c-ORG	Thu Apr 21 15:36:05 2005
+++ print-tcp.c	Wed Sep 21 18:43:51 2005
@@ -799,7 +799,7 @@
 	MD5_Update(&ctx, tcpmd5secret, strlen(tcpmd5secret));
 	MD5_Final(sig, &ctx);
 
-	if (memcmp(rcvsig, sig, 16))
+	if (memcmp(rcvsig, sig, TCP_SIGLEN) == 0)
 		return (SIGNATURE_VALID);
 	else
 		return (SIGNATURE_INVALID);