kern/169438: [ipsec] ipv4-in-ipv6 tunnel mode IPsec does not work
Sakuma Takayuki
sakuma.takayuki at jp.fujitsu.com
Tue Jun 26 09:30:08 UTC 2012
>Number: 169438
>Category: kern
>Synopsis: [ipsec] ipv4-in-ipv6 tunnel mode IPsec does not work
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Tue Jun 26 09:30:07 UTC 2012
>Closed-Date:
>Last-Modified:
>Originator: Sakuma Takayuki
>Release: 9.0-RELEASE
>Organization:
>Environment:
FreeBSD freebsd9 9.0-RELEASE FreeBSD 9.0-RELEASE #2: Tue Jun 26 17:01:53 JST 2012 root at freebsd9:/sys/i386/compile/IPSEC i386
>Description:
Sending IPv4 packet by tunnel mode IPsec of IPv6 transport does not work.
No packet is sent.
>How-To-Repeat:
set SPD and SAD by 'setkey -c' as follows:
spdadd 192.0.2.1/32[any] 198.51.100.1/32[any] any -P out ipsec esp/tunnel/2001:db8:c000:200::1-2001:db8:c633:6400::1/require;
add 2001:db8:c000:200::2 2001:db8:c633:6400::1 esp 0x10001 -m tunnel -E des-cbc 0x2001db8c000ffff;
interface address and routes are set up appropriately.
>Fix:
quick hack:
*** sys/netipsec/ipsec_output.c.orig 2012-06-26 18:25:11.000000000 +0900
--- sys/netipsec/ipsec_output.c 2012-06-26 17:01:38.000000000 +0900
***************
*** 575,582 ****
*/
if (sav->tdb_xform->xf_type != XF_IP4) {
ip = mtod(m, struct ip *);
! i = ip->ip_hl << 2;
! off = offsetof(struct ip, ip_p);
error = (*sav->tdb_xform->xf_output)(m, isr, NULL, i, off);
} else {
error = ipsec_process_done(m, isr);
--- 575,587 ----
*/
if (sav->tdb_xform->xf_type != XF_IP4) {
ip = mtod(m, struct ip *);
! if (ip->ip_v == 6) {
! i = sizeof(struct ip6_hdr);
! off = offsetof(struct ip6_hdr, ip6_nxt);
! } else {
! i = ip->ip_hl << 2;
! off = offsetof(struct ip, ip_p);
! }
error = (*sav->tdb_xform->xf_output)(m, isr, NULL, i, off);
} else {
error = ipsec_process_done(m, isr);
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-bugs
mailing list