0

I have used TCP_MD5SIG to create password/key for the connection using the API - setsockopt() in C, Linux. This works fine for me. However, when I use it to remove the password/disable authorization with the same API except that the 

struct_tcp_md5sig.tcm_Key = 0;
struc tcp_md5sig.tcm_keylen = 0;

I see that when I invoke the same API -

rc = setsockopt(sock_fd, IPPROTO_TCP, TCP_MD5SIG, &md5sig, sizeof(md5sig));

I see that the rc is -1. The strerror says that "no such file or directory".

I am confused on what I should do to disable the authorization. The same API works, when I pass the password. On the other hand, the same API doesn't work when I want to disable the authorization. I have enabled this protocol in the kernel. So, there is no issue with enabling of this feature in kernel.

dexterous
  • 6,422
  • 12
  • 51
  • 99

1 Answers1

0

AFAICT, You need to ensure that tcp_md5sig.tcpm_addr is the same as when you registered to have it removed.

Hasturkun
  • 35,395
  • 6
  • 71
  • 104
  • Is that the reason, why it says "no such file or directory"? – dexterous Sep 16 '15 at 08:16
  • Yes. You can see in the kernel code ([`tcp_md5_do_del`](http://lxr.free-electrons.com/source/net/ipv4/tcp_ipv4.c?v=4.2#L955)) that it returns `-ENOENT` if it can't find an entry for that address – Hasturkun Sep 16 '15 at 08:33