From owner-freebsd-bugs@FreeBSD.ORG  Thu Apr 15 23:50:02 2010
Return-Path: <owner-freebsd-bugs@FreeBSD.ORG>
Delivered-To: freebsd-bugs@hub.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 789AE1065719
	for <freebsd-bugs@hub.freebsd.org>;
	Thu, 15 Apr 2010 23:50:02 +0000 (UTC)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org
	[IPv6:2001:4f8:fff6::28])
	by mx1.freebsd.org (Postfix) with ESMTP id 575FD8FC31
	for <freebsd-bugs@hub.freebsd.org>;
	Thu, 15 Apr 2010 23:50:02 +0000 (UTC)
Received: from freefall.freebsd.org (localhost [127.0.0.1])
	by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id o3FNo2sc016725
	for <freebsd-bugs@freefall.freebsd.org>; Thu, 15 Apr 2010 23:50:02 GMT
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.14.4/8.14.4/Submit) id o3FNo2ud016724;
	Thu, 15 Apr 2010 23:50:02 GMT (envelope-from gnats)
Resent-Date: Thu, 15 Apr 2010 23:50:02 GMT
Resent-Message-Id: <201004152350.o3FNo2ud016724@freefall.freebsd.org>
Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer)
Resent-To: freebsd-bugs@FreeBSD.org
Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org,
	Peter Molnar <peter@molnar.cc>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 6F7BE106566B
	for <freebsd-gnats-submit@FreeBSD.org>;
	Thu, 15 Apr 2010 23:39:58 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (www.freebsd.org [IPv6:2001:4f8:fff6::21])
	by mx1.freebsd.org (Postfix) with ESMTP id 5FA108FC16
	for <freebsd-gnats-submit@FreeBSD.org>;
	Thu, 15 Apr 2010 23:39:58 +0000 (UTC)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.14.3/8.14.3) with ESMTP id o3FNdwZf019097
	for <freebsd-gnats-submit@FreeBSD.org>; Thu, 15 Apr 2010 23:39:58 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.14.3/8.14.3/Submit) id o3FNdwCd019096;
	Thu, 15 Apr 2010 23:39:58 GMT (envelope-from nobody)
Message-Id: <201004152339.o3FNdwCd019096@www.freebsd.org>
Date: Thu, 15 Apr 2010 23:39:58 GMT
From: Peter Molnar <peter@molnar.cc>
To: freebsd-gnats-submit@FreeBSD.org
X-Send-Pr-Version: www-3.1
Cc: 
Subject: kern/145737: Wrong UDP checksum not ignored as expected in UDP
	encapsuladed ESP packet
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 15 Apr 2010 23:50:02 -0000


>Number:         145737
>Category:       kern
>Synopsis:       Wrong UDP checksum not ignored as expected in UDP encapsuladed ESP packet
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Apr 15 23:50:01 UTC 2010
>Closed-Date:
>Last-Modified:
>Originator:     Peter Molnar
>Release:        RELENG_7_0_0_RELEASE
>Organization:
>Environment:
>Description:
Test setup:

A FreeBSD machine acts as VPN client (ESP-Transport, L2TP, NAT-T) to an OpenSWAN based VPN concentrator.

Problem description:

The L2TP (UDP) packets originating from the concentrator are rejected because of a wrong UDP checksum.

Detailed problem description:

[RFC 3948, 3.1.2] states: 

   When a transport mode has been used to transmit packets, contained
   TCP or UDP headers will have incorrect checksums due to the change of
   parts of the IP header during transit.  This procedure defines how to
   fix these checksums [...]

   Depending on local policy, one of the following MUST be done:

   [...]

   3.  If the protocol header after the ESP header is a UDP header, set
       the checksum field to zero in the UDP header. [...]
>How-To-Repeat:

>Fix:


Patch attached with submission follows:

diff --git a/sys/netinet/udp_usrreq.c b/sys/netinet/udp_usrreq.c
index cbb13b6..bbe80f6 100644
--- a/sys/netinet/udp_usrreq.c
+++ b/sys/netinet/udp_usrreq.c
@@ -372,6 +372,25 @@ udp_input(struct mbuf *m, int off)
 	else
 		memset(&save_ip, 0, sizeof(save_ip));
 
+#ifdef IPSEC_NAT_T
+	/* 
+	 * RFC 3948
+	 * 
+	 * 3.1.2. Transport Mode Decapsulation NAT Procedure
+	 * 
+	 * Depending on local policy, one of the following MUST be done:
+	 * 
+	 * [...]
+	 * 
+	 * 3.  If the protocol header after the ESP header is a UDP header, set
+	 *     the checksum field to zero in the UDP header. [...]
+	 */
+	
+	if (m_tag_find(m, PACKET_TAG_IPSEC_NAT_T_PORTS, NULL) != NULL) {
+		uh->uh_sum = 0;
+	}
+#endif
+
 	/*
 	 * Checksum extended UDP header and data.
 	 */


>Release-Note:
>Audit-Trail:
>Unformatted: