Date: Wed, 28 Nov 2007 15:05:55 +0000 (UTC) From: "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net> To: Nick Hilliard <nick-lists@netability.ie> Cc: freebsd-net@freebsd.org Subject: Re: tcp md5 checksums broken in 7.0-beta3 Message-ID: <20071128145744.G53707@maildrop.int.zabbadoz.net> In-Reply-To: <20071128064738.S53707@maildrop.int.zabbadoz.net> References: <474B24F3.2030603@netability.ie> <20071126224649.C53707@maildrop.int.zabbadoz.net> <474CC3EC.1010205@netability.ie> <20071128062332.E53707@maildrop.int.zabbadoz.net> <20071128064738.S53707@maildrop.int.zabbadoz.net>
index | next in thread | previous in thread | raw e-mail
On Wed, 28 Nov 2007, Bjoern A. Zeeb wrote: Hi, > On Wed, 28 Nov 2007, Bjoern A. Zeeb wrote: > >> On Wed, 28 Nov 2007, Nick Hilliard wrote: >> >> Hi, >> >>> Bjoern A. Zeeb wrote: >>>> I'll try to find your bug the next days (in case you find anything let >>>> me know). >>> >>> At the very least, this will be necessary: >>> >>> --- tcp_subr.c~ 2007-11-28 01:14:46.000000000 +0000 >>> +++ tcp_subr.c 2007-11-28 01:14:46.000000000 +0000 >>> @@ -1948,7 +1948,7 @@ >>> /* >>> * Step 4: Update MD5 hash with shared secret. >>> */ >>> - MD5Update(&ctx, _KEYBUF(sav->key_auth), _KEYLEN(sav->key_auth)); >>> + MD5Update(&ctx, sav->key_auth->key_data, _KEYLEN(sav->key_auth)); >>> MD5Final(buf, &ctx); >>> >>> key_sa_recordxfer(sav, m); >>> >>> But it doesn't fix the problem. That fix was committed to HEAD. Thanks! In addition to that can you try this patch: http://sources.zabbadoz.net/freebsd/patchset/patch-20071128-03-tcp-md5.diff I have to admit, I haven't tried it after my last merges so I hope I got the merges right;-) -- Bjoern A. Zeeb bzeeb at Zabbadoz dot NeT Software is harder than hardware so better get it right the first time.help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20071128145744.G53707>