Subject: Re: bin/29915 Can't setkey for tcp-md5 anymore
To: None <gnats-admin@netbsd.org, netbsd-bugs@netbsd.org>
From: Peter Eisch <peter@boku.net>
List: netbsd-bugs
Date: 04/09/2005 16:56:01
The following reply was made to PR bin/29915; it has been noted by GNATS.

From: Peter Eisch <peter@boku.net>
To: Emmanuel Dreyfus <manu@netbsd.org>, <gnats-bugs@netbsd.org>
Cc: 
Subject: Re: bin/29915 Can't setkey for tcp-md5 anymore
Date: Sat, 09 Apr 2005 11:55:25 -0500

 This is good.  I've got i386 and sparc64 (just for endian testing) working
 with a cisco but there's an odd nuance.  The initial SYNs originated from
 NetBSD don't have the tcp-md5 auth in them.  If the cisco originates with a
 SYN (with the tcp-md5) NetBSD will SYN-ACK with the tcp-md5 auth.
 
 Beyond this detail, I'm ready to give it some load testing and then look at
 what it takes to add/delete keys dynamically.  Should calls like OpenBSDs
 work with this libipsec?
 
 NetBSD trying to initiate:
 
 11:16:47.800946 IP netbsd.62994 > cisco.179: S 4036427276:4036427276(0) win
 32768 <mss 1460,nop,wscale 0,sackOK,nop,nop,nop,nop,timestamp 0 0>
 11:16:53.800044 IP netbsd.62994 > cisco.179: S 4036427276:4036427276(0) win
 32768 <mss 1460,nop,wscale 0,sackOK,nop,nop,nop,nop,timestamp 12 0>
 11:17:05.800125 IP netbsd.62994 > cisco.179: S 4036427276:4036427276(0) win
 32768 <mss 1460,nop,wscale 0,sackOK,nop,nop,nop,nop,timestamp 36 0>
 11:17:29.800063 IP netbsd.62994 > cisco.179: S 4036427276:4036427276(0) win
 32768 <mss 1460,nop,wscale 0,sackOK,nop,nop,nop,nop,timestamp 84 0>
 
 Cisco trying to initiate:
 
 11:17:56.263461 IP cisco.11024 > netbsd.179: S 3464436573:3464436573(0) win
 16384 <mss 516,tcpmd5:ad199638cdf46f15c38b36b7c90d6da5,eol>
 11:17:56.263683 IP netbsd.179 > cisco.11024: S 2051291791:2051291791(0) ack
 3464436574 win 32768 <mss
 1460,tcpmd5:397ab8b3fc8443aaa45a1c855d7d5f7d,nop,eol>
 11:17:56.265040 IP cisco.11024 > netbsd.179: . ack 1 win 16384
 <tcpmd5:e36f1d45a141a45d4138177d0a2644e3,eol>
 11:17:56.267040 IP cisco.11024 > netbsd.179: P 1:46(45) ack 1 win 16384
 <tcpmd5:b6c32152bded65ef6e3c6b1136142d38,eol>: BGP, length: 45
 11:17:56.267251 IP netbsd.179 > cisco.11024: P 1:22(21) ack 46 win 33580
 <tcpmd5:6f0eb4c4fcc14f032caa56fade7b24ff,nop,eol>: BGP, length: 21
 
 
 Many thanks,