TCP MD5 Verification - 2.6.35.14

richard -rw- weinberger richard.weinberger at gmail.com
Tue Jan 10 12:43:13 EST 2012


On Tue, Jan 10, 2012 at 6:40 PM, Nitin Sharma <nitinics at gmail.com> wrote:
> Thanks.
>
> I have my kernel compiled with TCP_MD5SIG.
>
> [root at quagga2 ~]# uname -a
> Linux quagga2 2.6.35.14-106.49.amzn1.x86_64 #1 SMP Fri Dec 2 18:19:57 UTC
> 2011 x86_64 x86_64 x86_64 GNU/Linux
> [root at quagga2 ~]# grep MD5 /boot/config-2.6.35.14-106.49.amzn1.x86_64
> CONFIG_TCP_MD5SIG=y
> # CONFIG_SCTP_HMAC_MD5 is not set
> CONFIG_CRYPTO_MD5=y
>
> however, I get the following on tcpdump output.
>
> 17:32:35.031248 IP (tos 0xc0, ttl 255, id 4621, offset 0, flags [DF], proto
> TCP (6), length 72)
>     xxxxxxxxxx.37989 > xxxxxxxxxx.bgp: Flags [S], cksum 0x8cb0 (correct),
> seq 1652793081, win 5840, options [nop,nop,md5shared secret not supplied
> with -M, can't check - 34c5e4259ac630f773714efcd62cf420,mss
> 1460,nop,nop,sackOK,nop,wscale 6], length 0
>
> I wonder if i can disable tcp signature verification using sysctl or
> something alike, without recompiling?
>

Hmm, AFAIK there is a tcp sockopt to do this.

-- 
Thanks,
//richard



More information about the Kernelnewbies mailing list