From owner-freebsd-current@FreeBSD.ORG Thu May 13 07:56:18 2004 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DC19016A4CE; Thu, 13 May 2004 07:56:18 -0700 (PDT) Received: from arginine.spc.org (arginine.spc.org [195.206.69.236]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2143343D2D; Thu, 13 May 2004 07:56:18 -0700 (PDT) (envelope-from bms@spc.org) Received: from localhost (localhost [127.0.0.1]) by arginine.spc.org (Postfix) with ESMTP id 58D56652EC; Thu, 13 May 2004 15:56:16 +0100 (BST) Received: from arginine.spc.org ([127.0.0.1]) by localhost (arginine.spc.org [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 13913-03; Thu, 13 May 2004 15:56:15 +0100 (BST) Received: from empiric.dek.spc.org (82-147-17-88.dsl.uk.rapidplay.com [82.147.17.88]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by arginine.spc.org (Postfix) with ESMTP id 837C36520E; Thu, 13 May 2004 15:56:15 +0100 (BST) Received: by empiric.dek.spc.org (Postfix, from userid 1001) id 52E67612E; Thu, 13 May 2004 15:56:14 +0100 (BST) Date: Thu, 13 May 2004 15:56:13 +0100 From: Bruce M Simpson To: "Bjoern A. Zeeb" Message-ID: <20040513145613.GC2957@empiric.dek.spc.org> Mail-Followup-To: "Bjoern A. Zeeb" , freebsd-current@FreeBSD.org, ume@FreeBSD.org References: <20040513122552.GD1678@empiric.dek.spc.org> Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="OXfL5xGRrasGEqWY" Content-Disposition: inline In-Reply-To: cc: freebsd-current@FreeBSD.org cc: ume@FreeBSD.org Subject: Re: IPSEC ESP NULL no longer works in -CURRENT X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 13 May 2004 14:56:19 -0000 --OXfL5xGRrasGEqWY Content-Type: text/plain; charset=us-ascii Content-Disposition: inline On Thu, May 13, 2004 at 01:13:02PM +0000, Bjoern A. Zeeb wrote: > setkey is broken imho; check the racoon mailing list archive of > March/April; a fix had been posted there. Thank you. I generated a patch against HEAD from the patch which was posted to the racoon list here: http://www.kame.net/racoon/racoon-ml/msg00427.html I shall commit this unless there are any objections. Regards, BMS --OXfL5xGRrasGEqWY Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename="setkey.patch" Index: parse.y =================================================================== RCS file: /home/ncvs/src/usr.sbin/setkey/parse.y,v retrieving revision 1.6 diff -u -r1.6 parse.y --- parse.y 31 Mar 2004 18:38:02 -0000 1.6 +++ parse.y 13 May 2004 14:51:01 -0000 @@ -322,7 +322,12 @@ p_alg_enc = $1; p_key_enc_len = 0; - p_key_enc = NULL; + p_key_enc = ""; + if (ipsec_check_keylen(SADB_EXT_SUPPORTED_ENCRYPT, + p_alg_enc, PFKEY_UNUNIT64(p_key_enc_len)) < 0) { + yyerror(ipsec_strerror()); + return -1; + } } | ALG_ENC key_string { if ($1 < 0) { --OXfL5xGRrasGEqWY--