Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 1 Sep 2009 09:23:50 GMT
From:      Aurélien Ansel <aurelien.ansel@netasq.com>
To:        freebsd-gnats-submit@FreeBSD.org
Subject:   kern/138439: [IPSec] Tunnel with IPv4 and IPv6
Message-ID:  <200909010923.n819Noq0016429@www.freebsd.org>
Resent-Message-ID: <200909010930.n819U7FV064476@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help 


>Number:         138439
>Category:       kern
>Synopsis:       [IPSec] Tunnel with IPv4 and IPv6
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Sep 01 09:30:06 UTC 2009
>Closed-Date:
>Last-Modified:
>Originator:     Aurélien Ansel
>Release:        7.2-STABLE
>Organization:
NETASQ
>Environment:
FreeBSD aureliena2.netasq.com 7.2-STABLE FreeBSD 7.2-STABLE #3: Tue Sep  1 10:49:57 CEST 2009     root@aureliena2.netasq.com:/usr/src/sys/i386/compile/NOYAU  i386
>Description:
The component Setkey of the port 'ipsec-tools' refuse the SP for a tunnel with IPv4 in IPv6. Setkey respond 'Invalid Argument'.
That comes from the kernelland, from netipsec/key.c.
An extract of my setkey.sh :

spdadd 222.222.222.0/24 111.111.111.0/24 any -P out ipsec 
 esp/tunnel/2001::2-2001::1/require;

spdadd 111.111.111.0/24 222.222.222.0/24 any -P in ipsec 
 esp/tunnel/2001::1-2001::2/require;


/!\ The patch attached is NOT a fix, it's a help to show where the problem comes from !!!!!!
>How-To-Repeat:
With the component setkey try : 
spdadd 222.222.222.0/24 111.111.111.0/24 any -P out ipsec 
 esp/tunnel/2001::2-2001::1/require;
without the patch attached and after with it.
The first time Setkey will respond 'invalid argument', the second time it will be OK.
>Fix:


Patch attached with submission follows:

--- key.c.backup	2009-08-31 18:02:20.000000000 +0200
+++ key.c	2009-09-01 11:10:32.000000000 +0200
@@ -1891,7 +1891,7 @@
 		_key_delsp(newsp);
 		return key_senderror(so, m, EINVAL);
 	}
-#if 1
+#if 0
 	if (newsp->req && newsp->req->saidx.src.sa.sa_family) {
 		struct sockaddr *sa;
 		sa = (struct sockaddr *)(src0 + 1);


>Release-Note:
>Audit-Trail:
>Unformatted:

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200909010923.n819Noq0016429>