Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 22 May 2017 10:46:28 +0000
From:      bugzilla-noreply@freebsd.org
To:        freebsd-bugs@FreeBSD.org
Subject:   [Bug 219453] tcpmd5 kernel module regrassion
Message-ID:  <bug-219453-8@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help 

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=219453

            Bug ID: 219453
           Summary: tcpmd5 kernel module regrassion
           Product: Base System
           Version: 11.0-STABLE
          Hardware: amd64
                OS: Any
            Status: New
          Severity: Affects Some People
          Priority: ---
         Component: kern
          Assignee: freebsd-bugs@FreeBSD.org
          Reporter: zarychtam@plan-b.pwste.edu.pl

After upgrade from 11.0-STABLE r318137 to 11.1-PRERELEASE TCP MD5 signatures
cannot be verified, so bird session cannot be established.
Neither ISP, nor our side changed the configuration. Bird-1.6.3_1 was
recompiled from port, but it doesn't fix the trouble.

# cat /etc/ipsec.conf 
flush ;

add x.x.x.y x.x.x.x tcp 0x1000 -A tcp-md5 "Password1234" ;
add x.x.x.x x.x.x.y tcp 0x1001 -A tcp-md5 "Password1234" ;

# setkey -D
x.x.x.x x.x.x.y
        tcp mode=any spi=4097(0x00001001) reqid=0(0x00000000)
        A: tcp-md5  3647334d 72483753 4c4d5733
        seq=0x00000000 replay=0 flags=0x00000040 state=mature 
        created: May 22 12:25:03 2017   current: May 22 12:35:06 2017
        diff: 603(s)    hard: 0(s)      soft: 0(s)
        last: May 22 12:25:09 2017      hard: 0(s)      soft: 0(s)
        current: 6016(bytes)    hard: 0(bytes)  soft: 0(bytes)
        allocated: 94   hard: 0 soft: 0
        sadb_seq=1 pid=37398 refcnt=1
x.x.x.y x.x.x.x
        tcp mode=any spi=4096(0x00001000) reqid=0(0x00000000)
        A: tcp-md5  3647334d 72483753 4c4d5733
        seq=0x00000000 replay=0 flags=0x00000040 state=mature 
        created: May 22 12:25:03 2017   current: May 22 12:35:06 2017
        diff: 603(s)    hard: 0(s)      soft: 0(s)
        last: May 22 12:25:08 2017      hard: 0(s)      soft: 0(s)
        current: 5680(bytes)    hard: 0(bytes)  soft: 0(bytes)
        allocated: 71   hard: 0 soft: 0
        sadb_seq=0 pid=37398 refcnt=1

# netstat -sp tcp | grep signature
        0 packets with matching signature received
        4601 packets with bad signature received
        42 times failed to make signature due to no SA
        0 times unexpected signature received
        30 times no signature provided by segment

-- 
You are receiving this mail because:
You are the assignee for the bug.

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-219453-8>