kern/138439: [IPSec] Tunnel with IPv4 and IPv6
Aurélien Ansel
aurelien.ansel at netasq.com
Tue Sep 1 09:30:07 UTC 2009
>Number: 138439
>Category: kern
>Synopsis: [IPSec] Tunnel with IPv4 and IPv6
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Tue Sep 01 09:30:06 UTC 2009
>Closed-Date:
>Last-Modified:
>Originator: Aurélien Ansel
>Release: 7.2-STABLE
>Organization:
NETASQ
>Environment:
FreeBSD aureliena2.netasq.com 7.2-STABLE FreeBSD 7.2-STABLE #3: Tue Sep 1 10:49:57 CEST 2009 root at aureliena2.netasq.com:/usr/src/sys/i386/compile/NOYAU i386
>Description:
The component Setkey of the port 'ipsec-tools' refuse the SP for a tunnel with IPv4 in IPv6. Setkey respond 'Invalid Argument'.
That comes from the kernelland, from netipsec/key.c.
An extract of my setkey.sh :
spdadd 222.222.222.0/24 111.111.111.0/24 any -P out ipsec
esp/tunnel/2001::2-2001::1/require;
spdadd 111.111.111.0/24 222.222.222.0/24 any -P in ipsec
esp/tunnel/2001::1-2001::2/require;
/!\ The patch attached is NOT a fix, it's a help to show where the problem comes from !!!!!!
>How-To-Repeat:
With the component setkey try :
spdadd 222.222.222.0/24 111.111.111.0/24 any -P out ipsec
esp/tunnel/2001::2-2001::1/require;
without the patch attached and after with it.
The first time Setkey will respond 'invalid argument', the second time it will be OK.
>Fix:
Patch attached with submission follows:
--- key.c.backup 2009-08-31 18:02:20.000000000 +0200
+++ key.c 2009-09-01 11:10:32.000000000 +0200
@@ -1891,7 +1891,7 @@
_key_delsp(newsp);
return key_senderror(so, m, EINVAL);
}
-#if 1
+#if 0
if (newsp->req && newsp->req->saidx.src.sa.sa_family) {
struct sockaddr *sa;
sa = (struct sockaddr *)(src0 + 1);
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-bugs
mailing list