Subject: Re: bin/29915 Can't setkey for tcp-md5 anymore
To: None <gnats-admin@netbsd.org, netbsd-bugs@netbsd.org>
From: Peter Eisch <peter@boku.net>
List: netbsd-bugs
Date: 04/09/2005 20:25:02
The following reply was made to PR bin/29915; it has been noted by GNATS.
From: Peter Eisch <peter@boku.net>
To: Emmanuel Dreyfus <manu@netbsd.org>, <gnats-bugs@netbsd.org>
Cc:
Subject: Re: bin/29915 Can't setkey for tcp-md5 anymore
Date: Sat, 09 Apr 2005 15:24:30 -0500
On 4/9/05 12:29 PM, "Emmanuel Dreyfus" <manu@netbsd.org> wrote:
> Peter Eisch <peter@boku.net> wrote:
>
>> This is good. I've got i386 and sparc64 (just for endian testing) working
>> with a cisco but there's an odd nuance. The initial SYNs originated from
>> NetBSD don't have the tcp-md5 auth in them. If the cisco originates with a
>> SYN (with the tcp-md5) NetBSD will SYN-ACK with the tcp-md5 auth.
>
> Did that also happen in NetBSD 2.0 (or older relase), or is that problem
> specific to -current?
>
TCP-MD5 has never been pulled down to a release, only in -current. I don't
recall this scenario when I built this system before. I've unfortunately
wiped it at this point.
Given that I can setkey and dump (-D) keys just fine. I'll bet at this
point that I'm not setting the sockopts correctly and that with the previous
patches this issue is solved.
Thank you very much manu,
peter