Date: Wed, 01 Feb 2017 23:41:10 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-bugs@FreeBSD.org Subject: [Bug 216681] IPsec traceroute6 -I does not work Message-ID: <bug-216681-8-zRafq3wGwT@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-216681-8@https.bugs.freebsd.org/bugzilla/> References: <bug-216681-8@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=216681 Andrey V. Elsukov <ae@FreeBSD.org> changed: What |Removed |Added ---------------------------------------------------------------------------- CC|freebsd-amd64@FreeBSD.org |hrs@FreeBSD.org --- Comment #3 from Andrey V. Elsukov <ae@FreeBSD.org> --- (In reply to Jason Mader from comment #2) > (In reply to Andrey V. Elsukov from comment #1) > > Just for reference, Linux with a similar icmp6 out transport policy does add > the AH. And FreeBSD does handle the echo response with AH. This is not linux or freebsd kernel specificity, this is how traceroute6 works. You can try to rebuild traceroute6 without IPSEC support, and I think it will work like you want. Index: usr.sbin/traceroute6/Makefile =================================================================== --- usr.sbin/traceroute6/Makefile (revision 312816) +++ usr.sbin/traceroute6/Makefile (working copy) @@ -22,7 +22,7 @@ SRCS= as.c traceroute6.c BINOWN= root BINMODE= 4555 -CFLAGS+= -DIPSEC -DUSE_RFC2292BIS -DHAVE_POLL +CFLAGS+= -DUSE_RFC2292BIS -DHAVE_POLL CFLAGS+= -I${.CURDIR} -I${TRACEROUTE_DISTDIR} -I. WARNS?= 3 PS. I'm not sure, but, IMHO, almost all IPSEC related code in the traceroute6 is dead and should be removed. At least we have not implemented in our kernel all these IPV6_[ESP|AUTH]_XXX socket options, that traceroute6 tries to configure. -- You are receiving this mail because: You are the assignee for the bug.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-216681-8-zRafq3wGwT>