linux/tools/testing/selftests/net/packetdrill/tcp_md5_md5-only-on-client-ack.pkt

// SPDX-License-Identifier: GPL-2.0
// Test what happens when client does not provide MD5 on SYN,
// but then does on the ACK that completes the three-way handshake.

`./defaults.sh`

// Establish a connection.
    0 socket(..., SOCK_STREAM, IPPROTO_TCP) = 3
   +0 setsockopt(3, SOL_SOCKET, SO_REUSEADDR, [1], 4) = 0
   +0 bind(3, ..., ...) = 0
   +0 listen(3, 1) = 0

   +0 < S 0:0(0) win 32792 <mss 1000,sackOK,nop,nop,nop,wscale 10>
   +0 > S. 0:0(0) ack 1 <mss 1460,nop,nop,sackOK,nop,wscale 8>
// Ooh, weird: client provides MD5 option on the ACK:
 +.01 < . 1:1(0) ack 1 win 514 <md5 000102030405060708090a0b0c0d0e0f,nop,nop>
 +.01 < . 1:1(0) ack 1 win 514 <md5 000102030405060708090a0b0c0d0e0f,nop,nop>

// The TCP listener refcount should be 2, but on buggy kernels it can be 0:
   +0 `grep " 0A " /proc/net/tcp /proc/net/tcp6 | grep ":1F90"`

// Now here comes the legit ACK:
 +.01 < . 1:1(0) ack 1 win 514

// Make sure the connection is OK:
   +0 accept(3, ..., ...) = 4

 +.01 write(4, ..., 1000) = 1000