On Tue, Jan 10, 2012 at 6:40 PM, Nitin Sharma <nitinics@xxxxxxxxx> wrote: > Thanks. > > I have my kernel compiled with TCP_MD5SIG. > > [root@quagga2 ~]# uname -a > Linux quagga2 2.6.35.14-106.49.amzn1.x86_64 #1 SMP Fri Dec 2 18:19:57 UTC > 2011 x86_64 x86_64 x86_64 GNU/Linux > [root@quagga2 ~]# grep MD5 /boot/config-2.6.35.14-106.49.amzn1.x86_64 > CONFIG_TCP_MD5SIG=y > # CONFIG_SCTP_HMAC_MD5 is not set > CONFIG_CRYPTO_MD5=y > > however, I get the following on tcpdump output. > > 17:32:35.031248 IP (tos 0xc0, ttl 255, id 4621, offset 0, flags [DF], proto > TCP (6), length 72) > xxxxxxxxxx.37989 > xxxxxxxxxx.bgp: Flags [S], cksum 0x8cb0 (correct), > seq 1652793081, win 5840, options [nop,nop,md5shared secret not supplied > with -M, can't check - 34c5e4259ac630f773714efcd62cf420,mss > 1460,nop,nop,sackOK,nop,wscale 6], length 0 > > I wonder if i can disable tcp signature verification using sysctl or > something alike, without recompiling? > Hmm, AFAIK there is a tcp sockopt to do this. -- Thanks, //richard _______________________________________________ Kernelnewbies mailing list Kernelnewbies@xxxxxxxxxxxxxxxxx http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
