amd64/177417: Invalid protocol value in ipsec6_common_input_cb

David Gueluy david.gueluy at
Wed Mar 27 16:50:01 UTC 2013

>Number:         177417
>Category:       amd64
>Synopsis:       Invalid protocol value in ipsec6_common_input_cb
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-amd64
>State:          open
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Wed Mar 27 16:50:00 UTC 2013
>Originator:     David Gueluy
>Release:        8.3
FreeBSD 8.3-RELEASE-p6
I use an IPv6 IPSEC tunnel and observe that in ipsec6_common_input_cb ( ip6_input.c), the protocol value is invalid.

The problem is that the "prot" variable is not initialized. 
It's an integer and just 1 single byte is copied from the mbuf into this variable.

Prot value will never match  IPPROTO_IPIP or  IPPROTO_IPV6

static int
ipsec6_common_input_cb(struct mbuf *m, struct secasvar *sav, int skip, int protoff,
    struct m_tag *mt)
        int prot, af, sproto;

        ip6 = mtod(m, struct ip6_hdr *);
        ip6->ip6_plen = htons(m->m_pkthdr.len - sizeof(struct ip6_hdr));

        /* Save protocol */
        m_copydata(m, protoff, 1, (unsigned char *) &prot);

--> prot = wrong value

Mount an IPv6 IPSEC tunnel and check the value
int prot = 0;


More information about the freebsd-amd64 mailing list