timdoug's interesting tidbits

Little bits of technical documentation and such. Hopefully helpful.

2014-12-17

Using the TCP MD5 Signature Option in Linux

It's entirely undocumented, for good reason. In case you also have a peculiar interest in RFC2385, this is what you need to do:

#include <linux/tcp.h>

...

struct tcp_md5sig md5sig;
char *key = "foobar";

/* addr is the struck sockaddr * passed to connect(2), from getaddrinfo() or otherwise */
memcpy(&md5sig.tcpm_addr, addr, sizeof addr);

md5sig.tcpm_keylen = strlen(key);
memcpy(&md5sig.tcpm_key, key, md5sig.tcpm_keylen);

setsockopt(sockfd, IPPROTO_TCP, TCP_MD5SIG, &md5sig, sizeof md5sig);
Not actually that hard. A successful application, with -M and the key passed to tcpdump, will show md5valid in the TCP options. An incorrect key will show md5invalid.

[/coding] permanent link


© 2006-14 timdoug | email: "me" at this domain
So necessary