Subject: change of tcp_dooptions() function signature
To: None <>
From: Jeff Rizzo <>
List: tech-net
Date: 05/17/2007 10:06:16
(I sent a couple emails over the last 6 months to the original author of
this change with no response - I suspect I'm getting spam filtered or

In revision 1.254 of tcp_input.c, the signature of tcp_dooptions() was
changed so that the 4th arg (a struct tcphdr *) is now const.  This has
broken the TCP_SIGNATURE option (which implements, albeit somewhat
hackishly, RFC2385 support - md5 signed TCP sessions, to support use as
a BGP router interoperating with commercial routers with this support)

Upon further investigation, I'm not sure it's possible for
tcp_dooptions() to be constified in that way at all - the
options-handling code needs to be able to alter the TCP header to insert
the signature.

In order to fix the TCP_SIGNATURE code (which I'd REALLY like to do
prior to 4.0's release), I think tcp_dooptions() needs to be switched
back to this:

static int tcp_dooptions(struct tcpcb *, const u_char *, int,
    struct tcphdr *, struct mbuf *, int, struct tcp_opt_info *);

Doing this (along with a minor fix or two to some #ifdef TCP_SIGNATURE
code) allows this code (which was broken by the change of October 21)
to work again - would people be OK with this change? If not, do you have a
counter-proposal for me?

Once this is again compilable, I'll add TCP_SIGNATURE to the i386 ALL
kernel to hopefully avoid this sort of silent breakage in the future.