From owner-freebsd-bugs@FreeBSD.ORG  Mon Mar  1 13:20:11 2004
Return-Path: <owner-freebsd-bugs@FreeBSD.ORG>
Delivered-To: freebsd-bugs@hub.freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id B568816A4D1
	for <freebsd-bugs@hub.freebsd.org>;
	Mon,  1 Mar 2004 13:20:11 -0800 (PST)
Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21])
	by mx1.FreeBSD.org (Postfix) with ESMTP id ACAAB43D2F
	for <freebsd-bugs@hub.freebsd.org>;
	Mon,  1 Mar 2004 13:20:11 -0800 (PST)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1])
	i21LKBbv075566	for <freebsd-bugs@freefall.freebsd.org>;
	Mon, 1 Mar 2004 13:20:11 -0800 (PST)
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.12.10/8.12.10/Submit) id i21LKBQ5075565;
	Mon, 1 Mar 2004 13:20:11 -0800 (PST)
	(envelope-from gnats)
Resent-Date: Mon, 1 Mar 2004 13:20:11 -0800 (PST)
Resent-Message-Id: <200403012120.i21LKBQ5075565@freefall.freebsd.org>
Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer)
Resent-To: freebsd-bugs@FreeBSD.org
Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org,
	Larry Rosenman <ler@lerctr.org>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 3B09D16A4CF
	for <FreeBSD-gnats-submit@freebsd.org>;
	Mon,  1 Mar 2004 13:20:04 -0800 (PST)
Received: from lerlaptop-red.iadfw.net (lerlaptop-red.iadfw.net
	[207.136.3.72])	by mx1.FreeBSD.org (Postfix) with ESMTP id 1078143D53
	for <FreeBSD-gnats-submit@freebsd.org>;
	Mon,  1 Mar 2004 13:20:04 -0800 (PST)
	(envelope-from ler@lerlaptop-red.iadfw.net)
Received: from lerlaptop-red.iadfw.net (localhost [127.0.0.1])
	i21LK309000964	for <FreeBSD-gnats-submit@freebsd.org>;
	Mon, 1 Mar 2004 15:20:03 -0600 (CST)
	(envelope-from ler@lerlaptop-red.iadfw.net)
Received: (from ler@localhost)
	by lerlaptop-red.iadfw.net (8.12.11/8.12.10/Submit) id i21LK3lM000959;
	Mon, 1 Mar 2004 15:20:03 -0600 (CST)
	(envelope-from ler)
Message-Id: <200403012120.i21LK3lM000959@lerlaptop-red.iadfw.net>
Date: Mon, 1 Mar 2004 15:20:03 -0600 (CST)
From: Larry Rosenman <ler@lerctr.org>
To: FreeBSD-gnats-submit@FreeBSD.org
X-Send-Pr-Version: 3.113
Subject: bin/63616: setkey no longer recognizes tcp in an spdadd line
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
Reply-To: Larry Rosenman <ler@lerctr.org>
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 01 Mar 2004 21:20:11 -0000


>Number:         63616
>Category:       bin
>Synopsis:       setkey no longer recognizes tcp in an spdadd line
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon Mar 01 13:20:11 PST 2004
>Closed-Date:
>Last-Modified:
>Originator:     Larry Rosenman
>Release:        FreeBSD 5.2-CURRENT i386
>Organization:
LERCTR Consulting
>Environment:
System: FreeBSD lerlaptop-red.iadfw.net 5.2-CURRENT FreeBSD 5.2-CURRENT #96: Mon Mar 1 12:13:00 CST 2004 ler@lerlaptop-red.iadfw.net:/usr/obj/usr/src/sys/LERLAPTOP i386


	
>Description:
I have the following /etc/ipsec.conf:

spdflush;
#spdadd 207.158.72.14[any] 207.158.72.11[53] udp -P out none;
#spdadd 207.158.72.14[any] 192.147.25.11[53] udp -P out none;
#spdadd 207.158.72.11[53] 207.158.72.14[any] udp -P in none;
#spdadd 192.147.25.11[53] 207.158.72.14[any] udp -P in none;
#spdadd 207.158.72.14[any] 207.158.72.45[53] udp -P out none;
#spdadd 207.158.72.14[any] 192.147.25.45[53] udp -P out none;
#spdadd 207.158.72.45[53] 207.158.72.14[any] udp -P in none;
#spdadd 192.147.25.45[53] 207.158.72.14[any] udp -P in none;
#spdadd 207.158.72.14[any] 207.159.72.11[500] any -P out ipsec
#	esp/transport//use;
#spdadd 207.158.72.14[any] 192.147.25.11[500] any -P out ipsec
#	esp/transport//use;
#spdadd 207.158.72.11[500] 207.158.72.14[any] any -P in ipsec
#	esp/transport//use;
#spdadd 192.147.25.11[500] 207.158.72.14[any] any -P in ipsec
#	esp/transport//use;
#spdadd 207.158.72.14[any] 207.159.72.45[500] any -P out ipsec
#	esp/transport//use;
#spdadd 207.158.72.14[any] 192.147.25.45[500] any -P out ipsec
#	esp/transport//use;
#spdadd 207.158.72.45[500] 207.158.72.14[any] any -P in ipsec
#	esp/transport//use;
#spdadd 192.147.25.45[500] 207.158.72.14[any] any -P in ipsec
#	esp/transport//use;
spdadd 207.158.72.14[any] 207.158.72.11[any] tcp -P out ipsec 
       esp/transport//require ;
spdadd 207.158.72.14[any] 192.147.25.11[any] tcp -P out ipsec 
       esp/transport//require ;
spdadd 207.158.72.11[any] 207.158.72.14[any] tcp -P in ipsec 
       esp/transport//require ;
spdadd 192.147.25.11[any] 207.158.72.14[any] tcp -P in ipsec 
       esp/transport//require ;
#spdadd 207.158.72.14[any] 207.158.72.45[any] any -P out ipsec 
#       esp/transport//require ;
#spdadd 207.158.72.14[any] 192.147.25.45[any] any -P out ipsec 
#       esp/transport//require ;
#spdadd 207.158.72.45[any] 207.158.72.14[any] any -P in ipsec 
#       esp/transport//require ;
#spdadd 192.147.25.45[any] 207.158.72.14[any] any -P in ipsec 
#       esp/transport//require ;
#######
#spdadd 207.136.3.72[any] 207.158.72.11[53] udp -P out none;
#spdadd 207.158.72.11[53] 207.136.3.72[any] udp -P in none;
#spdadd 207.136.3.72[any] 192.147.25.11[53] udp -P out none;
#spdadd 192.147.25.11[53] 207.136.3.72[any] udp -P in none;
#spdadd 207.136.3.72[any] 207.158.72.11[500] udp -P out ipsec
#	esp/transport//use;
#spdadd 207.158.72.11[500] 207.136.3.72[any] any -P in ipsec
#	esp/transport//use;
#spdadd 207.136.3.72[any] 192.147.25.11[500] any -P out ipsec
#	esp/transport//use;
#spdadd 192.147.25.11[500] 207.136.3.72[any] any -P in ipsec
#	esp/transport//use;
spdadd 207.136.3.72[any] 207.158.72.11[any] tcp -P out ipsec 
       esp/transport//require ;
spdadd 207.136.3.72[any] 192.147.25.11[any] tcp -P out ipsec 
       esp/transport//require ;
spdadd 207.158.72.11[any] 207.136.3.72[any] tcp -P in ipsec 
       esp/transport//require ;
spdadd 192.147.25.11[any] 207.136.3.72[any] tcp -P in ipsec 
       esp/transport//require ;
#spdadd 207.136.3.72[any] 207.158.72.45[any] any -P out ipsec 
#       esp/transport//require ;
#spdadd 207.136.3.72[any] 192.147.25.45[any] any -P out ipsec 
#       esp/transport//require ;
#spdadd 207.158.72.45[any] 207.136.3.72[any] any -P in ipsec 
#       esp/transport//require ;
#spdadd 192.147.25.45[any] 207.136.3.72[any] any -P in ipsec 
#       esp/transport//require ;
#######

and when I booted today's -CURRENT, it complained about [tcp] on line 26. 

This had been working with a kernel / world from ~1 month ago. 

I changed all the uncommented lines to have any in that field, and it parses, 
but this is BROKEN. 


>How-To-Repeat:
See above
>Fix:
>Release-Note:
>Audit-Trail:
>Unformatted: