i386/129218: freebsd6.2 kernel cannot support ipsec "-E null -A
hmac-sha1", FreeBSD7.0 kernel cannot support -A aes-xcbc-mac
wang jiabo
jiabwang at redhat.com
Wed Nov 26 19:10:02 PST 2008
>Number: 129218
>Category: i386
>Synopsis: freebsd6.2 kernel cannot support ipsec "-E null -A hmac-sha1", FreeBSD7.0 kernel cannot support -A aes-xcbc-mac
>Confidential: no
>Severity: serious
>Priority: high
>Responsible: freebsd-i386
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Thu Nov 27 03:10:01 UTC 2008
>Closed-Date:
>Last-Modified:
>Originator: wang jiabo
>Release: FreeBSD6.2 and 7.0
>Organization:
redhat
>Environment:
FreeBSD6.2 release
FreeBSD7.0 release
>Description:
on FreeBSD6.2:
I setup setkey file:
flush;
spdflush;
add 3ffe:501:ffff:103:20a:ebff:fe85:9e56 3ffe:501:ffff:104:21d:fff:fe19:59fc esp 0x2000 -m transport -E null -A hmac-sha1 ipv6readylogsha11to2;
spdadd 3ffe:501:ffff:103:20a:ebff:fe85:9e56 3ffe:501:ffff:104:21d:fff:fe19:59fc any -P in ipsec esp/transport//require;
add 3ffe:501:ffff:104:21d:fff:fe19:59fc 3ffe:501:ffff:103:20a:ebff:fe85:9e56 esp 0x1000 -m transport -E null -A hmac-sha1 ipv6readylogsha12to1;
spdadd 3ffe:501:ffff:104:21d:fff:fe19:59fc 3ffe:501:ffff:103:20a:ebff:fe85:9e56 any -P out ipsec esp/transport//require;
system report:
The result of line 3 : Invalid argument
The result of line 5 : Invalid argument
on FreeBSD7.0:
I setup setkey file:
add 3ffe:501:ffff:103:20a:ebff:fe85:9e56 3ffe:501:ffff:104:21d:fff:fe19:59fc esp 0x2000 -m transport -E 3des-cbc
"ipv6readylogo3descbc1to2" -A aes-xcbc-mac "ipv6readaesx1to2";
then run: * setkey -f /etc/ipsec.conf*
system report :
line 4 : Not supported at [ipv6readaesx1to2]
parse failed, line 4.
>How-To-Repeat:
set setkey configuration, and run "setkey -f setkey.conf"
>Fix:
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-i386
mailing list