netbsd-bugs: kern/25568: TCP MD5 signature option attached even if there's no key

Subject: kern/25568: TCP MD5 signature option attached even if there's no key
To: None <gnats-bugs@gnats.NetBSD.org>
From: None <itojun@itojun.org>
List: netbsd-bugs
Date: 05/15/2004 00:37:49
>Number:         25568
>Category:       kern
>Synopsis:       TCP MD5 signature option attached even if there's no key
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Fri May 14 15:39:00 UTC 2004
>Closed-Date:
>Last-Modified:
>Originator:     Jun-ichiro itojun Hagino
>Release:        NetBSD 2.0E
>Organization:
	itojun.org
>Environment:
System: NetBSD starfruit.itojun.org 2.0E NetBSD 2.0E (STARFRUIT) #11: Mon Apr 26 13:25:13 JST 2004 itojun@starfruit.itojun.org:/home/itojun/NetBSD/src/sys/arch/i386/compile/STARFRUIT i386
Architecture: i386
Machine: i386
>Description:
	TCP MD5 signature option attached (uninitialized) on packets
	even when there's no key, and there's no setsockopt() request.
>How-To-Repeat:
	# tcpdump -n -i lo0 -vv &
	# telnet localhost 22

	you'll see TCP MD5 signature option attached to TCP listener side
	(server).

# tcpdump -n -i lo0
tcpdump: listening on lo0
00:35:34.061561 127.0.0.1.56487 > 127.0.0.1.22: S 4070737563:4070737563(0) win 32768 <mss 33156,nop,wscale 0,nop,nop,timestamp 0 0> (DF)
00:35:34.061621 127.0.0.1.22 > 127.0.0.1.56487: S 4092343097:4092343097(0) ack 4070737564 win 32768 <mss 33156,nop,wscale 0,opt-19:00000000000000000000000000000000,nop,eol> (DF)
00:35:34.061637 127.0.0.1.56487 > 127.0.0.1.22: . ack 1 win 32768 (DF)
00:35:34.063393 127.0.0.1.22 > 127.0.0.1.56487: P 1:53(52) ack 1 win 32768 <opt-19:00000000000000000000000000000000,nop,eol> (DF)
00:35:34.260006 127.0.0.1.56487 > 127.0.0.1.22: . ack 53 win 32768 (DF)
00:35:35.792790 127.0.0.1.56487 > 127.0.0.1.22: P 1:6(5) ack 53 win 32768 (DF)
00:35:35.990026 127.0.0.1.22 > 127.0.0.1.56487: . ack 6 win 32768 <opt-19:00000000000000000000000000000000,nop,eol> (DF)
00:35:36.962597 127.0.0.1.56487 > 127.0.0.1.22: P 6:7(1) ack 53 win 32768 (DF)
00:35:37.160018 127.0.0.1.22 > 127.0.0.1.56487: . ack 7 win 32768 <opt-19:00000000000000000000000000000000,nop,eol> (DF)
00:35:37.694349 127.0.0.1.56487 > 127.0.0.1.22: P 7:9(2) ack 53 win 32768 (DF)
00:35:37.694394 127.0.0.1.22 > 127.0.0.1.56487: P 53:72(19) ack 9 win 32768 <opt-19:00000000000000000000000000000000,nop,eol> (DF)
00:35:37.694506 127.0.0.1.22 > 127.0.0.1.56487: F 72:72(0) ack 9 win 32768 <opt-19:00000000000000000000000000000000,nop,eol> (DF)
00:35:37.694513 127.0.0.1.56487 > 127.0.0.1.22: . ack 73 win 32768 (DF)
00:35:37.694579 127.0.0.1.56487 > 127.0.0.1.22: F 9:9(0) ack 73 win 32768 (DF)
00:35:37.694599 127.0.0.1.22 > 127.0.0.1.56487: . ack 10 win 32768 <opt-19:00000000000000000000000000000000,nop,eol> (DF)

>Fix:
>Release-Note:
>Audit-Trail:
>Unformatted: