From owner-freebsd-bugs@FreeBSD.ORG Fri Jul 25 15:50:18 2003 Return-Path: Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0774137B401 for ; Fri, 25 Jul 2003 15:50:18 -0700 (PDT) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 01D3843FBF for ; Fri, 25 Jul 2003 15:50:14 -0700 (PDT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.12.9/8.12.9) with ESMTP id h6PMoEUp029736 for ; Fri, 25 Jul 2003 15:50:14 -0700 (PDT) (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.12.9/8.12.9/Submit) id h6PMoExh029735; Fri, 25 Jul 2003 15:50:14 -0700 (PDT) Resent-Date: Fri, 25 Jul 2003 15:50:14 -0700 (PDT) Resent-Message-Id: <200307252250.h6PMoExh029735@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Jinmei Tatuya Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 967EA37B401 for ; Fri, 25 Jul 2003 15:50:02 -0700 (PDT) Received: from shuttle.wide.toshiba.co.jp (shuttle.wide.toshiba.co.jp [202.249.10.124]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0634743F3F for ; Fri, 25 Jul 2003 15:50:02 -0700 (PDT) (envelope-from jinmei@shuttle.wide.toshiba.co.jp) Received: from shuttle.wide.toshiba.co.jp (localhost [::1]) by shuttle.wide.toshiba.co.jp (Postfix) with ESMTP id 463E41525D for ; Sat, 26 Jul 2003 07:50:00 +0900 (JST) Received: (from jinmei@localhost)h6PMnxOQ093139; Sat, 26 Jul 2003 07:49:59 +0900 (JST) Message-Id: <200307252249.h6PMnxOQ093139@shuttle.wide.toshiba.co.jp> Date: Sat, 26 Jul 2003 07:49:59 +0900 (JST) From: Jinmei Tatuya To: FreeBSD-gnats-submit@FreeBSD.org X-Send-Pr-Version: 3.113 Subject: kern/54874: ip6fw does not handle ESP correctly X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Jinmei Tatuya List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 25 Jul 2003 22:50:18 -0000 >Number: 54874 >Category: kern >Synopsis: ip6fw does not handle ESP correctly >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Fri Jul 25 15:50:14 PDT 2003 >Closed-Date: >Last-Modified: >Originator: JINMEI Tatuya >Release: FreeBSD 4.8-RELEASE i386 >Organization: Toshiba Corporation >Environment: System: FreeBSD ocean.jinmei.org 4.8-RELEASE FreeBSD 4.8-RELEASE #0: Thu Jun 26 13:24:02 JST 2003 jinmei@jinmei.jinmei.org:/home/jinmei/src/kame/kame/freebsd4/sys/compile/SS2010_SCTP i386 >Description: ip6fw does not recognize ESP packets correctly when the packets are specified as protocol 50 (or "ESP") by the ip6fw command. For example, even if the following line is installed: add pass esp from any to any The kernel does not apply this rule to IPv6 ESP packets. Instead, we need to specify like this: add pass all from any to any ipv6options esp I don't think this is intentional. >How-To-Repeat: See above. >Fix: I believe the following patch should be applied. Apparently the current code will also need the same fix. Index: ip6_fw.c =================================================================== RCS file: /home/ncvs/src/sys/netinet6/ip6_fw.c,v retrieving revision 1.2.2.9 diff -u -r1.2.2.9 ip6_fw.c --- ip6_fw.c 28 Apr 2002 05:40:27 -0000 1.2.2.9 +++ ip6_fw.c 25 Jul 2003 22:49:39 -0000 @@ -288,6 +288,7 @@ case IPPROTO_ESP: opts &= ~IPV6_FW_IP6OPT_ESP; nopts &= ~IPV6_FW_IP6OPT_ESP; + goto opts_check; break; case IPPROTO_NONE: opts &= ~IPV6_FW_IP6OPT_NONXT; >Release-Note: >Audit-Trail: >Unformatted: