From owner-freebsd-bugs  Wed Mar 29  6:46:24 2000
Delivered-To: freebsd-bugs@freebsd.org
Received: from fgwmail7.fujitsu.co.jp (fgwmail7.fujitsu.co.jp [192.51.44.37])
	by hub.freebsd.org (Postfix) with ESMTP id 9BBCC37B6B9
	for <freebsd-bugs@FreeBSD.ORG>; Wed, 29 Mar 2000 06:46:19 -0800 (PST)
	(envelope-from shin@nd.net.fujitsu.co.jp)
Received: from m2.gw.fujitsu.co.jp by fgwmail7.fujitsu.co.jp (8.9.3/3.7W-MX0002-Fujitsu Gateway)
	id XAA03057; Wed, 29 Mar 2000 23:45:44 +0900 (JST)
	(envelope-from shin@nd.net.fujitsu.co.jp)
Received: from incapgw.fujitsu.co.jp by m2.gw.fujitsu.co.jp (8.9.3/3.7W-0003-Fujitsu Domain Master)
	id XAA27563; Wed, 29 Mar 2000 23:45:38 +0900 (JST)
Received: from localhost ([192.168.245.170]) by incapgw.fujitsu.co.jp (8.9.3/3.7W-0002)
	id XAA04343; Wed, 29 Mar 2000 23:45:37 +0900 (JST)
To: louie@TransSys.COM
Cc: freebsd-bugs@FreeBSD.ORG
Subject: Re: bin/17606  bad IPSEC and traceroute interaction, with fix!
In-Reply-To: <200003280500.VAA34714@freefall.freebsd.org>
References: <200003280500.VAA34714@freefall.freebsd.org>
X-Mailer: Mew version 1.94 on Emacs 20.4 / Mule 4.0 (HANANOEN)
X-Prom-Mew: Prom-Mew 1.93.4 (procmail reader for Mew)
Mime-Version: 1.0
Content-Type: Text/Plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-Id: <20000329234637E.shin@nd.net.fujitsu.co.jp>
Date: Wed, 29 Mar 2000 23:46:37 +0900
From: Yoshinobu Inoue <shin@nd.net.fujitsu.co.jp>
X-Dispatcher: imput version 990905(IM130)
Lines: 25
Sender: owner-freebsd-bugs@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

>  >Description: 
>  
>  When the default kernel IPSEC policy (as configured with setkey(8)) 
>  includes all the traffic to a particular host, then attempting a
>  traceroute to that host fails.  The packets being sent are encrypted,
>  and thus the ICMP time exceeded message cannot be returned.
>  
>  This is a follow-up to PR bin/17606
>  
>  >How-To-Repeat: 
>  
>  As described.
>  
>  >Fix: 
>  
>  Steal the same sort of fix done in traceroute6, and apply to the IPv4
>  "standard" traceroute in FreeBSD.  Patch could be as attached.  
>  Surprisingly, the ipsec.h file is in sys/netinet6 rather than sys/netinet.

I didn't put the fix because I hesitated to touch
contrib/traceroute dir.
But contrib/traceroute/traceroute.c is already off from vendor branch,
so I'll apply your patch. Thanks for it!

Yoshinobu Inoue


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message