Date: Tue, 1 Sep 2009 09:23:50 GMT From: Aurélien Ansel <aurelien.ansel@netasq.com> To: freebsd-gnats-submit@FreeBSD.org Subject: kern/138439: [IPSec] Tunnel with IPv4 and IPv6 Message-ID: <200909010923.n819Noq0016429@www.freebsd.org> Resent-Message-ID: <200909010930.n819U7FV064476@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 138439 >Category: kern >Synopsis: [IPSec] Tunnel with IPv4 and IPv6 >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Tue Sep 01 09:30:06 UTC 2009 >Closed-Date: >Last-Modified: >Originator: Aurélien Ansel >Release: 7.2-STABLE >Organization: NETASQ >Environment: FreeBSD aureliena2.netasq.com 7.2-STABLE FreeBSD 7.2-STABLE #3: Tue Sep 1 10:49:57 CEST 2009 root@aureliena2.netasq.com:/usr/src/sys/i386/compile/NOYAU i386 >Description: The component Setkey of the port 'ipsec-tools' refuse the SP for a tunnel with IPv4 in IPv6. Setkey respond 'Invalid Argument'. That comes from the kernelland, from netipsec/key.c. An extract of my setkey.sh : spdadd 222.222.222.0/24 111.111.111.0/24 any -P out ipsec esp/tunnel/2001::2-2001::1/require; spdadd 111.111.111.0/24 222.222.222.0/24 any -P in ipsec esp/tunnel/2001::1-2001::2/require; /!\ The patch attached is NOT a fix, it's a help to show where the problem comes from !!!!!! >How-To-Repeat: With the component setkey try : spdadd 222.222.222.0/24 111.111.111.0/24 any -P out ipsec esp/tunnel/2001::2-2001::1/require; without the patch attached and after with it. The first time Setkey will respond 'invalid argument', the second time it will be OK. >Fix: Patch attached with submission follows: --- key.c.backup 2009-08-31 18:02:20.000000000 +0200 +++ key.c 2009-09-01 11:10:32.000000000 +0200 @@ -1891,7 +1891,7 @@ _key_delsp(newsp); return key_senderror(so, m, EINVAL); } -#if 1 +#if 0 if (newsp->req && newsp->req->saidx.src.sa.sa_family) { struct sockaddr *sa; sa = (struct sockaddr *)(src0 + 1); >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200909010923.n819Noq0016429>