Date: Sat, 26 Jul 2003 07:49:59 +0900 (JST) From: Jinmei Tatuya <jinmei@shuttle.wide.toshiba.co.jp> To: FreeBSD-gnats-submit@FreeBSD.org Subject: kern/54874: ip6fw does not handle ESP correctly Message-ID: <200307252249.h6PMnxOQ093139@shuttle.wide.toshiba.co.jp> Resent-Message-ID: <200307252250.h6PMoExh029735@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 54874 >Category: kern >Synopsis: ip6fw does not handle ESP correctly >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Fri Jul 25 15:50:14 PDT 2003 >Closed-Date: >Last-Modified: >Originator: JINMEI Tatuya >Release: FreeBSD 4.8-RELEASE i386 >Organization: Toshiba Corporation >Environment: System: FreeBSD ocean.jinmei.org 4.8-RELEASE FreeBSD 4.8-RELEASE #0: Thu Jun 26 13:24:02 JST 2003 jinmei@jinmei.jinmei.org:/home/jinmei/src/kame/kame/freebsd4/sys/compile/SS2010_SCTP i386 >Description: ip6fw does not recognize ESP packets correctly when the packets are specified as protocol 50 (or "ESP") by the ip6fw command. For example, even if the following line is installed: add pass esp from any to any The kernel does not apply this rule to IPv6 ESP packets. Instead, we need to specify like this: add pass all from any to any ipv6options esp I don't think this is intentional. >How-To-Repeat: See above. >Fix: I believe the following patch should be applied. Apparently the current code will also need the same fix. Index: ip6_fw.c =================================================================== RCS file: /home/ncvs/src/sys/netinet6/ip6_fw.c,v retrieving revision 1.2.2.9 diff -u -r1.2.2.9 ip6_fw.c --- ip6_fw.c 28 Apr 2002 05:40:27 -0000 1.2.2.9 +++ ip6_fw.c 25 Jul 2003 22:49:39 -0000 @@ -288,6 +288,7 @@ case IPPROTO_ESP: opts &= ~IPV6_FW_IP6OPT_ESP; nopts &= ~IPV6_FW_IP6OPT_ESP; + goto opts_check; break; case IPPROTO_NONE: opts &= ~IPV6_FW_IP6OPT_NONXT; >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200307252249.h6PMnxOQ093139>