bin/63616: setkey no longer recognizes tcp in an spdadd line

Larry Rosenman ler at lerctr.org
Mon Mar 1 13:20:11 PST 2004 

>Number:         63616
>Category:       bin
>Synopsis:       setkey no longer recognizes tcp in an spdadd line
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon Mar 01 13:20:11 PST 2004
>Closed-Date:
>Last-Modified:
>Originator:     Larry Rosenman
>Release:        FreeBSD 5.2-CURRENT i386
>Organization:
LERCTR Consulting
>Environment:
System: FreeBSD lerlaptop-red.iadfw.net 5.2-CURRENT FreeBSD 5.2-CURRENT #96: Mon Mar 1 12:13:00 CST 2004 ler at lerlaptop-red.iadfw.net:/usr/obj/usr/src/sys/LERLAPTOP i386


	
>Description:
I have the following /etc/ipsec.conf:

spdflush;
#spdadd 207.158.72.14[any] 207.158.72.11[53] udp -P out none;
#spdadd 207.158.72.14[any] 192.147.25.11[53] udp -P out none;
#spdadd 207.158.72.11[53] 207.158.72.14[any] udp -P in none;
#spdadd 192.147.25.11[53] 207.158.72.14[any] udp -P in none;
#spdadd 207.158.72.14[any] 207.158.72.45[53] udp -P out none;
#spdadd 207.158.72.14[any] 192.147.25.45[53] udp -P out none;
#spdadd 207.158.72.45[53] 207.158.72.14[any] udp -P in none;
#spdadd 192.147.25.45[53] 207.158.72.14[any] udp -P in none;
#spdadd 207.158.72.14[any] 207.159.72.11[500] any -P out ipsec
#	esp/transport//use;
#spdadd 207.158.72.14[any] 192.147.25.11[500] any -P out ipsec
#	esp/transport//use;
#spdadd 207.158.72.11[500] 207.158.72.14[any] any -P in ipsec
#	esp/transport//use;
#spdadd 192.147.25.11[500] 207.158.72.14[any] any -P in ipsec
#	esp/transport//use;
#spdadd 207.158.72.14[any] 207.159.72.45[500] any -P out ipsec
#	esp/transport//use;
#spdadd 207.158.72.14[any] 192.147.25.45[500] any -P out ipsec
#	esp/transport//use;
#spdadd 207.158.72.45[500] 207.158.72.14[any] any -P in ipsec
#	esp/transport//use;
#spdadd 192.147.25.45[500] 207.158.72.14[any] any -P in ipsec
#	esp/transport//use;
spdadd 207.158.72.14[any] 207.158.72.11[any] tcp -P out ipsec 
       esp/transport//require ;
spdadd 207.158.72.14[any] 192.147.25.11[any] tcp -P out ipsec 
       esp/transport//require ;
spdadd 207.158.72.11[any] 207.158.72.14[any] tcp -P in ipsec 
       esp/transport//require ;
spdadd 192.147.25.11[any] 207.158.72.14[any] tcp -P in ipsec 
       esp/transport//require ;
#spdadd 207.158.72.14[any] 207.158.72.45[any] any -P out ipsec 
#       esp/transport//require ;
#spdadd 207.158.72.14[any] 192.147.25.45[any] any -P out ipsec 
#       esp/transport//require ;
#spdadd 207.158.72.45[any] 207.158.72.14[any] any -P in ipsec 
#       esp/transport//require ;
#spdadd 192.147.25.45[any] 207.158.72.14[any] any -P in ipsec 
#       esp/transport//require ;
#######
#spdadd 207.136.3.72[any] 207.158.72.11[53] udp -P out none;
#spdadd 207.158.72.11[53] 207.136.3.72[any] udp -P in none;
#spdadd 207.136.3.72[any] 192.147.25.11[53] udp -P out none;
#spdadd 192.147.25.11[53] 207.136.3.72[any] udp -P in none;
#spdadd 207.136.3.72[any] 207.158.72.11[500] udp -P out ipsec
#	esp/transport//use;
#spdadd 207.158.72.11[500] 207.136.3.72[any] any -P in ipsec
#	esp/transport//use;
#spdadd 207.136.3.72[any] 192.147.25.11[500] any -P out ipsec
#	esp/transport//use;
#spdadd 192.147.25.11[500] 207.136.3.72[any] any -P in ipsec
#	esp/transport//use;
spdadd 207.136.3.72[any] 207.158.72.11[any] tcp -P out ipsec 
       esp/transport//require ;
spdadd 207.136.3.72[any] 192.147.25.11[any] tcp -P out ipsec 
       esp/transport//require ;
spdadd 207.158.72.11[any] 207.136.3.72[any] tcp -P in ipsec 
       esp/transport//require ;
spdadd 192.147.25.11[any] 207.136.3.72[any] tcp -P in ipsec 
       esp/transport//require ;
#spdadd 207.136.3.72[any] 207.158.72.45[any] any -P out ipsec 
#       esp/transport//require ;
#spdadd 207.136.3.72[any] 192.147.25.45[any] any -P out ipsec 
#       esp/transport//require ;
#spdadd 207.158.72.45[any] 207.136.3.72[any] any -P in ipsec 
#       esp/transport//require ;
#spdadd 192.147.25.45[any] 207.136.3.72[any] any -P in ipsec 
#       esp/transport//require ;
#######

and when I booted today's -CURRENT, it complained about [tcp] on line 26. 

This had been working with a kernel / world from ~1 month ago. 

I changed all the uncommented lines to have any in that field, and it parses, 
but this is BROKEN. 


>How-To-Repeat:
See above
>Fix:
>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-bugs mailing list