kern/120751: [PATCH] IPsec: kernel sends wrong pfkey expire message
Kazuaki ODA
kazuaki at aliceblue.jp
Sun Feb 17 10:30:02 UTC 2008
>Number: 120751
>Category: kern
>Synopsis: [PATCH] IPsec: kernel sends wrong pfkey expire message
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Sun Feb 17 10:30:01 UTC 2008
>Closed-Date:
>Last-Modified:
>Originator: Kazuaki ODA
>Release: FreeBSD 7.0-RC2 i386
>Organization:
>Environment:
System: FreeBSD router.aliceblue.jp 7.0-RC2 FreeBSD 7.0-RC2 #1: Sun Feb 17 15:41:35 JST 2008 kazuaki at router.aliceblue.jp:/usr/src/sys/i386/compile/ROUTER i386
>Description:
The type of members, lft_c, lft_h and lft_s, in struct secasvar have
been changed from struct sadb_lifetime* to struct seclifetime* at
netipsec/keydb.h rev. 1.6. But, key_expire() in netipsec/key.c is
not aware of the change. The following code in key_expire() is on
the assumption that the type of sav->lft_s is struct sadb_lifetime*,
not struct seclifetime*.
bcopy(sav->lft_s, lt, sizeof(*lt));
struct seclifetime does not have the members, len and exttype. So,
as the result, kernel sends wrong pfkey expire message to IKE daemon.
>How-To-Repeat:
Install security/ipsec-tools from the ports, and setup IPsec tunnel.
racoon outputs the following message:
libipsec failed pfkey align (Invalid sadb message)
and, it fails to create new IPsec-SAs before old ones expire.
>Fix:
It seems the attached patch fixes the problem. But I am not familiar
with IPsec code. Other changes may be needed. For example, the
following code in key_setsaval() may have to be modified.
sav->lft_c = malloc(sizeof(struct sadb_lifetime), M_IPSEC_MISC, M_NOWAIT);
--- key.c.patch begins here ---
--- sys/netipsec/key.c.orig 2007-07-01 20:38:29.000000000 +0900
+++ sys/netipsec/key.c 2008-02-17 15:39:47.000000000 +0900
@@ -6323,7 +6323,12 @@
lt->sadb_lifetime_addtime = sav->lft_c->addtime;
lt->sadb_lifetime_usetime = sav->lft_c->usetime;
lt = (struct sadb_lifetime *)(mtod(m, caddr_t) + len / 2);
- bcopy(sav->lft_s, lt, sizeof(*lt));
+ lt->sadb_lifetime_len = PFKEY_UNIT64(sizeof(struct sadb_lifetime));
+ lt->sadb_lifetime_exttype = SADB_EXT_LIFETIME_SOFT;
+ lt->sadb_lifetime_allocations = sav->lft_s->allocations;
+ lt->sadb_lifetime_bytes = sav->lft_s->bytes;
+ lt->sadb_lifetime_addtime = sav->lft_s->addtime;
+ lt->sadb_lifetime_usetime = sav->lft_s->usetime;
m_cat(result, m);
/* set sadb_address for source */
--- key.c.patch ends here ---
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-bugs
mailing list