From owner-freebsd-bugs@FreeBSD.ORG  Tue Jan 13 16:00:44 2004
Return-Path: <owner-freebsd-bugs@FreeBSD.ORG>
Delivered-To: freebsd-bugs@hub.freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 1677B16A4CE
	for <freebsd-bugs@hub.freebsd.org>;
	Tue, 13 Jan 2004 16:00:44 -0800 (PST)
Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21])
	by mx1.FreeBSD.org (Postfix) with ESMTP id D05DF43D3F
	for <freebsd-bugs@hub.freebsd.org>;
	Tue, 13 Jan 2004 16:00:40 -0800 (PST)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1])
	i0E00eFR054811	for <freebsd-bugs@freefall.freebsd.org>;
	Tue, 13 Jan 2004 16:00:40 -0800 (PST)
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.12.10/8.12.10/Submit) id i0E00eWN054810;
	Tue, 13 Jan 2004 16:00:40 -0800 (PST)
	(envelope-from gnats)
Date: Tue, 13 Jan 2004 16:00:40 -0800 (PST)
Message-Id: <200401140000.i0E00eWN054810@freefall.freebsd.org>
To: freebsd-bugs@FreeBSD.org
From: Dierk Sacher <dierk@blaxxtarz.de>
Subject: Re: kern/61323: KAME IPSEC broken, IKE not excluded from policy,
	crashes
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
Reply-To: Dierk Sacher <dierk@blaxxtarz.de>
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 14 Jan 2004 00:00:44 -0000

The following reply was made to PR kern/61323; it has been noted by GNATS.

From: Dierk Sacher <dierk@blaxxtarz.de>
To: "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net>
Cc: freebsd-gnats-submit@FreeBSD.org, freebsd-bugs@FreeBSD.org
Subject: Re: kern/61323: KAME IPSEC broken, IKE not excluded from policy, crashes
Date: Wed, 14 Jan 2004 00:57:31 +0100

 Zitiere Bjoern A. Zeeb vom Tue, Jan 13, 2004 at 07:42:46PM +0000:
 > On Tue, 13 Jan 2004, Dierk Sacher wrote:
 > 
 > > >Fix:
 > > No known fix, but the isakmp traffic should not have been blocked.
 > > A none policy for udp/500 does not work around the bug, it just crashes too
 > 
 > Can you please try the patches mentioned in
 > http://lists.freebsd.org/pipermail/freebsd-current/2004-January/018084.html
 
 Thank you for the pointer. I applied all the patches and from a lazy
 testing I'm able to confirm that the related crashes und panics are gone. 
 I'll continue to stress the whole setup over the next days and inform
 you, if there are any upcoming stability issues or the like.
 
 The handling of the IKE pakets is still broken. Beyond a now accepteable
 workaround, the "manual" handling of the IKE Traffic will lead us into a
 chicken-and-egg problem and should better be implemented the way its
 supposed to be.
 
 Said patches should be listed in the Fix Section of the PR. (My job? No
 experience with PRs so far).
 
 	Gruss
 	  Dierk Sacher
 
 -- 
 |----+----|----+----|----+----|----+----|----+----|----+----|----+----|--<
  GPG Fingerprint: D14C 12BB 37A6 6745 7F4F  F420 9E59 D79E A492 2A96
  GPG KeyID      : A4922A96  
 +------------------------------------------------------------------------+