TCP MD5 Verification - 2.6.35.14
From: richard -rw- weinberger <hidden>
Date: 2012-01-10 17:43:13
On Tue, Jan 10, 2012 at 6:40 PM, Nitin Sharma [off-list ref] wrote:
Thanks. I have my kernel compiled with TCP_MD5SIG. [root at quagga2 ~]# uname -a Linux quagga2 2.6.35.14-106.49.amzn1.x86_64 #1 SMP Fri Dec 2 18:19:57 UTC 2011 x86_64 x86_64 x86_64 GNU/Linux [root at quagga2 ~]# grep MD5 /boot/config-2.6.35.14-106.49.amzn1.x86_64 CONFIG_TCP_MD5SIG=y # CONFIG_SCTP_HMAC_MD5 is not set CONFIG_CRYPTO_MD5=y however, I get the following on tcpdump output. 17:32:35.031248 IP (tos 0xc0, ttl 255, id 4621, offset 0, flags [DF], proto TCP (6), length 72) ??? xxxxxxxxxx.37989 > xxxxxxxxxx.bgp: Flags [S], cksum 0x8cb0 (correct), seq 1652793081, win 5840, options [nop,nop,md5shared secret not supplied with -M, can't check - 34c5e4259ac630f773714efcd62cf420,mss 1460,nop,nop,sackOK,nop,wscale 6], length 0 I wonder if i can disable tcp signature verification using sysctl or something alike, without recompiling?
Hmm, AFAIK there is a tcp sockopt to do this. -- Thanks, //richard