| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 26 Jun 2008 13:37:08 -0700 From: "Adam Langley" <agl@...erialviolet.org> To: "Stephen Hemminger" <shemminger@...tta.com> Cc: "David Miller" <davem@...emloft.net>, "吉藤英明" <yoshfuji@...ux-ipv6.org>, netdev@...r.kernel.org Subject: Re: TCP MD5 and socket accept On Thu, Jun 26, 2008 at 7:46 AM, Adam Langley <agl@...erialviolet.org> wrote: > I'll have a look at this later today Setup: Linux net-2.6 (almost) <-> Linux net-2.6 (almost)). Userspace is only setting TCP_MD5SIG just before connect on the client side and just before bind on the server side. Packet dumps show that all packets are signed correctly. >From the code, it appears that we might, in fact, be coping the key information twice: tcp_minisocks.c:tcp_check_req is calling inet_csk(sk)->icsk_af_ops->syn_recv_sock, which becomes tcp_ipv4.c:tcp_v4_syn_recv_sock which appears to copy the MD5 keys over. Additionally, right after that call in tcp_check_req, it appears that the keys are copied again. Can you provide packet dumps of Linux screwing up in the face of a connection to a Cisco? Cheers, -- Adam Langley agl@...erialviolet.org http://www.imperialviolet.org -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists