Hi, I just committed IPv6 TCP-MD5 support for HEAD. This gives one the ability to send the TCP signature but as with IPv4 there is no input path validation and we need to enhance the key management, etc.. But that's another story.
For now I have an additional hack that enables sending ... for IPv4 and IPv6: - ACK from timewait - inital RST after socket close (as long as possible) For both changes, one needs to hack up TCP in a very bad way as we lose the "signature flag" on the way down. Multiple TCP exit paths do not help with this either. Nick (thanks!) had tried it and given me tcpdumps and they looked sane. In case you can use it as well, the patch, temporary, is here: http://people.freebsd.org/~bz/20080913-02-tcp-md5-ack-rst.diff This is the "more changes" I mentioned in the commit message. Regards, Bjoern -- Bjoern A. Zeeb Stop bit received. Insert coin for new game. ---------- Forwarded message ---------- Date: Sat, 13 Sep 2008 17:26:46 +0000 (UTC) From: Bjoern A. Zeeb <[EMAIL PROTECTED]> To: [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: cvs commit: src/sys/netinet tcp_output.c tcp_subr.c tcp_syncache.c bz 2008-09-13 17:26:46 UTC FreeBSD src repository Modifi">http://groups.google.com/group/gnome-do?hl=en -~----------~----~----~----~------~----~------~--~---
