TCP MD5 and socket accept - Stephen Hemminger

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Stephen Hemminger <shemminger@vyatta.com>
To: "David Miller" <davem@davemloft.net>, 吉藤英明 <yoshfuji@linux-ipv6.org>
Cc: netdev@vger.kernel.org
Subject: TCP MD5 and socket accept
Date: Wed, 25 Jun 2008 22:56:57 -0700	[thread overview]
Message-ID: <20080625225657.61e1b29b@extreme> (raw)

It looks like the child socket on accept doesn't inherit the MD5 mappings
from the listening socket.  This leads to the situation where the data
after the initial SYN, ACK gets a MD5 mismatch until the child socket
is updated with setsockopt.

My question was this an intentional part of the initial design?

What will break if tcp_create_openreq_child was fixed to copy md5_info if
present?

This all comes about because right now using Quagga a Linux to Linux
works with TCP MD5. But a Linux to Cisco connection fails if using
TCP MD5.

next             reply	other threads:[~2008-06-26  5:56 UTC|newest]

Thread overview: 8+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2008-06-26  5:56 Stephen Hemminger [this message]
2008-06-26 14:46 ` TCP MD5 and socket accept Adam Langley
2008-06-26 20:37   ` Adam Langley
2008-06-26 21:33   ` Stephen Hemminger
2008-06-27 18:28     ` [PATCH] TCP MD5 needs to disable Scatter/Gather Stephen Hemminger
2008-06-27  5:39   ` [PATCH] TCP MD5 and TSO/SG breakage Stephen Hemminger
2008-06-27 18:21   ` Stephen Hemminger
2008-06-27 18:28     ` Adam Langley

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20080625225657.61e1b29b@extreme \
    --to=shemminger@vyatta.com \
    --cc=davem@davemloft.net \
    --cc=netdev@vger.kernel.org \
    --cc=yoshfuji@linux-ipv6.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.