i386/129218: freebsd6.2 kernel cannot support ipsec "-E null -A hmac-sha1", FreeBSD7.0 kernel cannot support -A aes-xcbc-mac

wang jiabo jiabwang at redhat.com
Wed Nov 26 19:10:02 PST 2008


>Number:         129218
>Category:       i386
>Synopsis:       freebsd6.2 kernel cannot support ipsec "-E null -A hmac-sha1", FreeBSD7.0 kernel cannot support -A aes-xcbc-mac
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    freebsd-i386
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Nov 27 03:10:01 UTC 2008
>Closed-Date:
>Last-Modified:
>Originator:     wang jiabo
>Release:        FreeBSD6.2 and 7.0
>Organization:
redhat
>Environment:
FreeBSD6.2 release
FreeBSD7.0 release
>Description:
on FreeBSD6.2:
I setup setkey file:

flush;
spdflush;
add 3ffe:501:ffff:103:20a:ebff:fe85:9e56 3ffe:501:ffff:104:21d:fff:fe19:59fc esp 0x2000 -m transport -E null -A hmac-sha1 “ipv6readylogsha11to2”;
spdadd 3ffe:501:ffff:103:20a:ebff:fe85:9e56 3ffe:501:ffff:104:21d:fff:fe19:59fc any -P in ipsec esp/transport//require;
add 3ffe:501:ffff:104:21d:fff:fe19:59fc 3ffe:501:ffff:103:20a:ebff:fe85:9e56 esp 0x1000 -m transport -E null -A hmac-sha1 “ipv6readylogsha12to1”;
spdadd 3ffe:501:ffff:104:21d:fff:fe19:59fc 3ffe:501:ffff:103:20a:ebff:fe85:9e56 any -P out ipsec esp/transport//require;

system report:
The result of line 3 : Invalid argument
The result of line 5 : Invalid argument 

on FreeBSD7.0:
 I setup setkey file:
add 3ffe:501:ffff:103:20a:ebff:fe85:9e56 3ffe:501:ffff:104:21d:fff:fe19:59fc esp 0x2000 -m transport -E 3des-cbc 
"ipv6readylogo3descbc1to2" -A aes-xcbc-mac "ipv6readaesx1to2"; 

then run: * setkey -f /etc/ipsec.conf*
system report :  
   line 4 : Not supported at [ipv6readaesx1to2] 
   parse failed, line 4.
 
>How-To-Repeat:
set setkey configuration, and run "setkey -f setkey.conf"
>Fix:


>Release-Note:
>Audit-Trail:
>Unformatted:


More information about the freebsd-i386 mailing list