``Oh''.  Oops. Upon checking, the reason I reported it worked for me,
was I was using the version of TCP-MD5 validation I wrote several
weeks back, but forgot to commit., In this case, YMMV indeed.

To be honest, my first (and second) inclination would be to rip out
the IPv6 support for TCP-MD5 sigs.  RFC-2386 doens't specify an IPv6
encapsulation, and anyone using IPv6 should darn well use IPsec
instead in any case.

(I honestly dont know if the two dominant market vendors who use
TCP-MD5 with BGP implement TCP-MD5 for IPv6 or not; the way I see it,
the non-support of IPsec for BGP by a Certain Large Vendor is the only
real reason for deploying RFC-2385.)