Date: Sun, 26 Mar 2000 14:06:01 -0500 (EST) From: Louis Mamakos <louie@TransSys.COM> To: FreeBSD-gnats-submit@freebsd.org Subject: bin/17606: traceroute vs. IPSEC surprise Message-ID: <200003261906.OAA00589@whizzo.transsys.com>
next in thread | raw e-mail | index | archive | help
>Number: 17606 >Category: bin >Synopsis: traceroute vs. IPSEC surprise >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Sun Mar 26 11:10:01 PST 2000 >Closed-Date: >Last-Modified: >Originator: Louis Mamakos >Release: FreeBSD 5.0-CURRENT i386 >Organization: >Environment: FreeBSD 5.0-current, with IPSECv4 configured. >Description: When doing a traceroute to a destination host, the packets emitted are subject to whatever the default IPSEC policy is. If the default policy is to use an encrypted payload for all traffic to the destination, the intermediate hops are unable to return an ICMP time exceeded error. >How-To-Repeat: As described. >Fix: I dunno. This could be a documentation bug. This might be solved by having traceroute supply it's own IPSEC policy to not send encrypted traffic as long as reponses are being returned by intermediate hops. It's unclear if this is a bug or a feature. >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200003261906.OAA00589>