Date: Wed, 13 Jun 2018 10:34:33 +0300 From: "Andrey V. Elsukov" <bu7cher@yandex.ru> To: Patrick Lamaiziere <patfbsd@davenulle.org>, FreeBSD Net <freebsd-net@freebsd.org> Subject: Re: 11.2-RC1 setkey invalid spi ? Message-ID: <bfff9745-906c-4cec-c0a3-b9aa805fee74@yandex.ru> In-Reply-To: <20180612160116.58df4001@mr185083> References: <20180612143447.697681c5@mr185083> <20180612160116.58df4001@mr185083>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --6angPUet7gW05Js6HIMMUp6v2rN3WMsVj Content-Type: multipart/mixed; boundary="6eap1l0R3LGTlcHyzQYmDyLioHFZkaWXr"; protected-headers="v1" From: "Andrey V. Elsukov" <bu7cher@yandex.ru> To: Patrick Lamaiziere <patfbsd@davenulle.org>, FreeBSD Net <freebsd-net@freebsd.org> Message-ID: <bfff9745-906c-4cec-c0a3-b9aa805fee74@yandex.ru> Subject: Re: 11.2-RC1 setkey invalid spi ? References: <20180612143447.697681c5@mr185083> <20180612160116.58df4001@mr185083> In-Reply-To: <20180612160116.58df4001@mr185083> --6eap1l0R3LGTlcHyzQYmDyLioHFZkaWXr Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: quoted-printable On 12.06.2018 17:02, Patrick Lamaiziere wrote: > # setkey -f /etc/ipsec.conf > # setkey -D > 129.20.128.149 129.20.128.78 > tcp mode=3Dany spi=3D106079004(0x0652a31c) reqid=3D0(0x00000000) > A: tcp-md5 73656372 6574 > seq=3D0x00000000 replay=3D0 flags=3D0x00000040 state=3Dmature=20 > created: Jun 12 15:57:28 2018 current: Jun 12 15:57:36 > 2018 > diff: 8(s) hard: 0(s) soft: 0(s) > last: hard: 0(s) soft: 0(s) > current: 0(bytes) hard: 0(bytes) soft: 0(bytes) > allocated: 0 hard: 0 soft: 0 > sadb_seq=3D1 pid=3D5405 refcnt=3D1 > 129.20.128.78 129.20.128.149 > tcp mode=3Dany spi=3D4096(0x00001000) reqid=3D0(0x00000000) > A: tcp-md5 73656372 6574 > seq=3D0x00000000 replay=3D0 flags=3D0x00000040 state=3Dmature=20 > created: Jun 12 15:57:28 2018 current: Jun 12 15:57:36 > 2018 > diff: 8(s) hard: 0(s) soft: 0(s) > last: hard: 0(s) soft: 0(s) > current: 0(bytes) hard: 0(bytes) soft: 0(bytes) > allocated: 0 hard: 0 soft: 0 > sadb_seq=3D0 pid=3D5405 refcnt=3D1 >=20 > spi field looks wrongs :( > > That works fine on FreeBSD 10.3 >=20 > Same problem on a FreeBSD 11.1-STABLE #1 r326391: Thu Nov 30 12:07:50 > CET 2017=20 SPI isn't used with TCP (it doesn't sent over network). It is here, since it is required to create SA in SADB. In 11.0 the SADB/SPDB were changed and now each SA must have unique SPI. To not break old applications the compatibility shim was added, for TCP-MD5 SAs it is supported to use one SPI 0x1000, and it is allowed when you try to add several SAs with the same SPI, but actually they will use auto-generated values. Two years ago I have sent the patch to bird developers, but have not received any answers. --=20 WBR, Andrey V. Elsukov --6eap1l0R3LGTlcHyzQYmDyLioHFZkaWXr-- --6angPUet7gW05Js6HIMMUp6v2rN3WMsVj Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEzBAEBCAAdFiEE5lkeG0HaFRbwybwAAcXqBBDIoXoFAlsgyQkACgkQAcXqBBDI oXpk4Qf+OhqxvlHtryXFqV1F0TpYVQPs7t+mB/InAx0S/+rtXe2fq8N8BmbTsdnf OafZ7BUMirkpICrCiTEtlHmN1MgUtOEah9WanVbZMxQIuUmDUc5rHN/VJEWLKS+N EtCB7+2mskGdHR/uSZYJdlcbbJzn/afQ77/LU/1+elGkVSvaQ57ml6iVM46FhCwR Sz5EKRhsjNx5l+z3Ts0PuA53++iAzYyqoBcMk02fI3VUVeR6OmCPnNSDwwz2wOSu G51bnCRkcatu9AMR8B1zLPqg+w1cxfOlP6rwtnqmq8gyJoi0IQ0K2rk/o6pOBUhz 8onrR6ZveDiDIM54By3RfFb27v41OA== =sRwz -----END PGP SIGNATURE----- --6angPUet7gW05Js6HIMMUp6v2rN3WMsVj--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bfff9745-906c-4cec-c0a3-b9aa805fee74>