[Bug 253096] TCP MD5 not supported with net.inet.tcp.functions_default=rack

Mon Feb 1 20:28:02 UTC 2021

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=253096

Marek Zarychta <zarychtam at plan-b.pwste.edu.pl> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
            Summary|TCP MD5 regression on       |TCP MD5 not supported with
                   |STABLE/13                   |net.inet.tcp.functions_defa
                   |                            |ult=rack

--- Comment #3 from Marek Zarychta <zarychtam at plan-b.pwste.edu.pl> ---
The setting net.inet.tcp.functions_default=rack was the culprit. Probably TCP
RACK is not supposed to support TCP MD5 and this bug has to be closed, but let
people from the project decide and give some feedback here.

I have done more tests with the most recent stable{12,13} and it looks like
that with net.inet.tcp.functions_default=freebsd TCP MD5 signatures are
supported fine. I have tried to revert this setting to default prior to
reporting this as a bug but it not always worked.
I am sorry for the noise on Bugzilla and freebsd-net@ mailing list, but in
initial tests disabling RACK wasn't sufficient to get TCP MD5 working (probably
due to accidentally flushing IPsec rules in the meantime), so I took some
ad-hoc steps to repair it quickly, disabling some devices, reverting sysclts to
default values etc.

-- 
You are receiving this mail because:
You are the assignee for the bug.