kern/94273: IPIP decapsulation problem in FAST_IPSEC stack
VANHULLEBUS Yvan
vanhu at netasq.com
Thu Mar 9 06:40:14 PST 2006
>Number: 94273
>Category: kern
>Synopsis: IPIP decapsulation problem in FAST_IPSEC stack
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Thu Mar 09 14:40:13 GMT 2006
>Closed-Date:
>Last-Modified:
>Originator: VANHULLEBUS Yvan
>Release: FreeBSD 6.0-STABLE
>Organization:
NETASQ
>Environment:
System: FreeBSD yvan.netasq.int 6.0-STABLE FreeBSD 6.0-STABLE #6: Tue Dec 6 19:20:56 CET 2005 root at yvan.netasq.int:/usr/src/sys/compile/vanhu i386
>Description:
FAST_IPSEC doesn't correctly remove the IPIP header for Tunneled packets.
It works (guess by accident), because the IPIP header is removed when
the packet is reinjected in ip_input.c, but that implies an extra call
to ip_input.
There is some code to remove the IPIP header in ipsec_input.c, but it
doesn't correctly work.
>How-To-Repeat:
Set up a tunnel mode IPSec conf, and looks what happens in ip_input....
>Fix:
--- netipsec/ipsec_input.c.orig Thu Mar 9 15:00:26 2006
+++ netipsec/ipsec_input.c Thu Mar 9 15:01:15 2006
@@ -323,8 +323,6 @@ ipsec4_common_input_cb(struct mbuf *m, s
/* IP-in-IP encapsulation */
if (prot == IPPROTO_IPIP) {
- struct ip ipn;
-
if (m->m_pkthdr.len - skip < sizeof(struct ip)) {
IPSEC_ISTAT(sproto, espstat.esps_hdrops,
ahstat.ahs_hdrops,
@@ -332,9 +330,8 @@ ipsec4_common_input_cb(struct mbuf *m, s
error = EINVAL;
goto bad;
}
- /* ipn will now contain the inner IPv4 header */
- m_copydata(m, ip->ip_hl << 2, sizeof(struct ip),
- (caddr_t) &ipn);
+ /* remove the outer IPv4 header */
+ m_striphdr(m, 0, ip->ip_hl << 2);
#ifdef notyet
/* XXX PROXY address isn't recorded in SAH */
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-bugs
mailing list