I have my kernel compiled with TCP_MD5SIG.
[root@quagga2 ~]# uname -a
Linux quagga2 2.6.35.14-106.49.amzn1.x86_64 #1 SMP Fri Dec 2 18:19:57 UTC 2011 x86_64 x86_64 x86_64 GNU/Linux
[root@quagga2 ~]# grep MD5 /boot/config-2.6.35.14-106.49.amzn1.x86_64
CONFIG_TCP_MD5SIG=y
# CONFIG_SCTP_HMAC_MD5 is not set
CONFIG_CRYPTO_MD5=y
however, I get the following on tcpdump output.
17:32:35.031248 IP (tos 0xc0, ttl 255, id 4621, offset 0, flags [DF], proto TCP (6), length 72)
xxxxxxxxxx.37989 > xxxxxxxxxx.bgp: Flags [S], cksum 0x8cb0 (correct), seq 1652793081, win 5840, options [nop,nop,md5shared secret not supplied with -M, can't check - 34c5e4259ac630f773714efcd62cf420,mss 1460,nop,nop,sackOK,nop,wscale 6], length 0
I wonder if i can disable tcp signature verification using sysctl or something alike, without recompiling?
On Tue, Jan 10, 2012 at 9:02 AM, richard -rw- weinberger <richard.weinberger@xxxxxxxxx> wrote:
See CONFIG_TCP_MD5SIG.On Tue, Jan 10, 2012 at 5:05 AM, Nitin Sharma <nitinics@xxxxxxxxx> wrote:
> Is there an equivalent of
> (freeBSD)
> sysctl net.inet.tcp.signature_verify_input=0
>
> in linux?
> 2.6.35.14-x
>
> How is the MD5 verification of incoming TCP packets done?
--
Thanks,
//richard
_______________________________________________ Kernelnewbies mailing list Kernelnewbies@xxxxxxxxxxxxxxxxx http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies