The two are no different. Someone at cisco stuffed an IP authentication
header in the TCP frame. Its stupid, but the RST argument is not a real one
> IPSEC getting the signature wrong is more akin to getting bitstream
> corruptions from your networking card for a certain sequence of bytes.
Ditto the TCP bad MD5 sum and a tcp checksum error.
I've actually got a more constructive suggestion for the zebra folks.
Route the BGP crap through a netlink tap device, mangle and unmangle the
tcp frames in luserspace. Saves doing TCP in userspace, saves screwing up
Dave's nice networking stack.
You'll still need to kill SACK support to make it fit
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/