Re: [regression] TCP_MD5SIG on established sockets
From: Eric Dumazet
Date: Tue Jun 30 2020 - 16:30:48 EST
On Tue, Jun 30, 2020 at 1:21 PM David Miller <davem@xxxxxxxxxxxxx> wrote:
>
> From: Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx>
> Date: Tue, 30 Jun 2020 12:43:21 -0700
>
> > If you're not willing to do the work to fix it, I will revert that
> > commit.
>
> Please let me handle this situation instead of making threats, this
> just got reported.
>
> Thank you.
>
Also keep in mind the commit fixed a security issue, since we were
sending on the wire
garbage bytes from the kernel.
We can not simply revert it and hope for the best.
I find quite alarming vendors still use TCP MD5 "for security
reasons", but none of them have contributed to it in linux kernel
since 2018
(Time of the 'buggy patch')