From nobody Sat Sep 2 23:20:29 2023 X-Original-To: bugs@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4RdW8s6HZcz4ryl0 for ; Sat, 2 Sep 2023 23:20:29 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4RdW8s3nV5z4h6p for ; Sat, 2 Sep 2023 23:20:29 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1693696829; a=rsa-sha256; cv=none; b=Hw1ycd9pkk+yvrqjq4HQU7hz/qQKmyOJkDcQcYhyFvT5j1WZ8gCoKPRcYI3NAER5+ndUCk ehJAnpAB/zXfrOGlrMJPwYdBI6Qvb9Nnwc8688FYrdHMVKG3NwKfKVfBRzXsnIe1P7Gkc1 Zncfdb7DBA7HRyveoE3+yzCe0Ky1HXwrFYOeds/ZHQk5i1RvZjTM0fYsQf0V8jsKhlA6mr wy5T2sRVMxmqwFOWaOfCFBUOWU3QtBfXoV4K+RAsPBCy53u0KP+opePjGITh2a3vv+lK4P oXUJRsjHqI/uO52FUBLOIp2BDGVMnchN3mAkW/oYfj5s6kp6tirMU/MnEQO0mw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1693696829; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=2834uwphnGzcbZV28i9kN6MkXlswp2yyvOUzdpBblOo=; b=nLnXeEkq6Yrx79Fknfmap4QNkgA6YliaEaR9Ja7ZTlinzS4Aegpfmmp2c4P+mPAs+4N2mF vQWIpfCv49uDYIhhqSJt+XG03Ok96kui/gCvEFRxIp/ePYKLiuFZcZxoCqhvBMSO6CEXQV A/8rpwFPKXbi9aS/EWsDRWepjjVDHnj6ENsvaccrpLM1S2IW1KJ5L+XeXrZLW20JIThqT9 XpTw+wzTn4+v6YiCgrqNs6hp28BaBKz7/Ya1ezK5bUDshsfjPvoBVV0LfFtq6I4U+RdACs kvl3P6QV3poY6K04pzxQA+h2SrS0/y2DNa59RM7NjniF/aWjGHz7/q2Ja5QgKw== Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4RdW8s2rMJz127j for ; Sat, 2 Sep 2023 23:20:29 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 382NKTcG065041 for ; Sat, 2 Sep 2023 23:20:29 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 382NKT9W065040 for bugs@FreeBSD.org; Sat, 2 Sep 2023 23:20:29 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 273533] need to sleep before using IPsec tunnel Date: Sat, 02 Sep 2023 23:20:29 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 13.2-STABLE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: andrew.cagney@gmail.com X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: bugs@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform op_sys bug_status bug_severity priority component assigned_to reporter Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Bug reports List-Archive: https://lists.freebsd.org/archives/freebsd-bugs List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-bugs@freebsd.org MIME-Version: 1.0 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D273533 Bug ID: 273533 Summary: need to sleep before using IPsec tunnel Product: Base System Version: 13.2-STABLE Hardware: arm64 OS: Any Status: New Severity: Affects Some People Priority: --- Component: kern Assignee: bugs@FreeBSD.org Reporter: andrew.cagney@gmail.com Given a just established IPsec connection using Libreswan (mainline) with FreeBSD as the negotiation initiator I'm finding that an attempt to ping the peer fails. Here's an extract from a test: west# ipsec add interop 002 "interop": added IKEv2 connection west# ipsec up interop 1v2 "interop" #1: initiating IKEv2 connection 1v2 "interop" #1: sent IKE_SA_INIT request to 192.1.2.23:500 1v2 "interop" #1: sent IKE_AUTH request {cipher=3DAES_GCM_16_256 integ=3D= n/a prf=3DHMAC_SHA2_512 group=3DMODP2048} 003 "interop" #1: initiator established IKE SA; authenticated peer using authby=3Dsecret and ID_FQDN '@east' 004 "interop" #2: initiator established Child SA using #1; IPsec tunnel [192.0.1.0-192.0.1.255:0-65535 0] -> [192.0.2.0-192.0.2.255:0-65535 0] {ESP=3D>0xESPESP <0xESPESP xfrm=3DAES_GCM_16_128-NONE DPD=3Dpassive} west# ../../guestbin/ipsec-kernel-policy.sh 192.0.2.0/24[any] 192.0.1.0/24[any] any in ipsec esp/tunnel/192.1.2.23-192.1.2.45/require spid=3D1 seq=3D1 pid=3DPID scope=3Dglobal=20 refcnt=3D1 192.0.1.0/24[any] 192.0.2.0/24[any] any out ipsec esp/tunnel/192.1.2.45-192.1.2.23/require spid=3D2 seq=3D0 pid=3DPID scope=3Dglobal=20 refcnt=3D1 west# ../../guestbin/ipsec-kernel-state.sh 192.1.2.45 192.1.2.23 esp mode=3Dany spi=3DSPISPI(0xSPISPI) reqid=3D16389(0x00004005) E: aes-gcm-16 XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX seq=3D0x00000000 replay=3D16 flags=3D0x00000000 state=3Dmature=20 created: TIMESTAMP current: TIMESTAMP diff: N(s) hard: 28800(s) soft: 28800(s) last: hard: 0(s) soft: 0(s) current: 0(bytes) hard: 0(bytes) soft: 0(bytes) allocated: 0 hard: 0 soft: 0 sadb_seq=3D1 pid=3DPID refcnt=3D1 192.1.2.23 192.1.2.45 esp mode=3Dany spi=3DSPISPI(0xSPISPI) reqid=3D16389(0x00004005) E: aes-gcm-16 XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX seq=3D0x00000000 replay=3D16 flags=3D0x00000000 state=3Dmature=20 created: TIMESTAMP current: TIMESTAMP diff: N(s) hard: 28800(s) soft: 28800(s) last: hard: 0(s) soft: 0(s) current: 0(bytes) hard: 0(bytes) soft: 0(bytes) allocated: 0 hard: 0 soft: 0 sadb_seq=3D0 pid=3DPID refcnt=3D1 west# ../../guestbin/wait-for.sh --match interop -- ipsec trafficstatus 006 #2: "interop", type=3DESP, add_time=3D1234567890, id=3D'@east' west# ../../guestbin/ping-once.sh --up -I 192.0.1.254 192.0.2.254 unexpected status 4 fping -c 1 --timeout 5s --src 192.0.1.254 192.0.2.254 fping error: not enough sequence numbers available! (expire_timeout=3D10000000000, host_nr=3D0, ping_count=3D0, seqmap_next_id= =3D0) (I've no clue what fping is trying to tell me). If a `sleep 5` is added before the `fping`, the puzzling behaviour goes awa= y. Here are some gory detail of the libreswan-kernel interaction: =3D> assign an inbound SPI (192.1.2.23 -> 192.1.2.45) to send to the peer: | sending pfkeyv2_get_ipsec_spi: | sadb_msg @0x4fca65c9a10 version=3D2 type=3D1(SADB_GETSPI) errno=3D0 satype=3D3(SADB_SATYPE_ESP) len=3D12(96) reserved=3D0000 seq=3D4 pid=3D1124 | sadb_x_sa2 @0x4fca65c9a20 len=3D2(16) exttype=3D19(SADB_X_EXT_SA2) mode=3D0(any!?!) reserved1=3D00 reserved2=3D0000 sequence=3D0 reqid=3D16389 | sadb_address @0x4fca65c9a30 len=3D3(24) exttype=3D5(SADB_EXT_ADDRESS_SR= C) proto=3D255 prefixlen=3D32 | 192.1.2.23:0 | sadb_address @0x4fca65c9a48 len=3D3(24) exttype=3D6(SADB_EXT_ADDRESS_DS= T) proto=3D255 prefixlen=3D32 | 192.1.2.45:0 | sadb_spirange @0x4fca65c9a60 len=3D2(16) exttype=3D16(SADB_EXT_SPIRANGE) min=3D4096 max=3D4294967295 reserved=3D00000000 | read 80 bytes | pfkeyv2_get_ipsec_spi: | sadb_msg @0x4fca65b9a08 version=3D2 type=3D1(SADB_GETSPI) errno=3D0 satype=3D3(SADB_SATYPE_ESP) len=3D10(80) reserved=3D0000 seq=3D4 pid=3D1124 | sadb_sa @0x4fca65b9a18 len=3D2(16) exttype=3D1(SADB_EXT_SA) spi=3D2683487713(9ff2c5e1) replay=3D0 state=3D0(SADB_SASTATE_LARVAL) auth=3D0(SADB_AALG_NONE) encrypt=3D0 flags=3D0=3Dnone | sadb_address @0x4fca65b9a28 len=3D3(24) exttype=3D5(SADB_EXT_ADDRESS_SR= C) proto=3D255 prefixlen=3D32 | 192.1.2.23:0 | sadb_address @0x4fca65b9a40 len=3D3(24) exttype=3D6(SADB_EXT_ADDRESS_DS= T) proto=3D255 prefixlen=3D32 | 192.1.2.45:0 =3D> install outbound SA (192.1.2.45 -> 192.1.2.23): | sending pfkeyv2_add_sa: | sadb_msg @0x4fca65c8860 version=3D2 type=3D3(SADB_ADD) errno=3D0 satype=3D3(SADB_SATYPE_ESP) len=3D24(192) reserved=3D0000 seq=3D5 pid=3D1124 | sadb_sa @0x4fca65c8870 len=3D2(16) exttype=3D1(SADB_EXT_SA) spi=3D3169888898(bcf0aa82) replay=3D16 state=3D1(SADB_SASTATE_MATURE) auth=3D0(SADB_AALG_NONE) encrypt=3D20(SADB_X_EALG_AESGCM16) flags=3D0=3Dnone | sadb_x_sa2 @0x4fca65c8880 len=3D2(16) exttype=3D19(SADB_X_EXT_SA2) mode=3D0(any!?!) reserved1=3D00 reserved2=3D0000 sequence=3D0 reqid=3D16389 | sadb_address @0x4fca65c8890 len=3D3(24) exttype=3D5(SADB_EXT_ADDRESS_SR= C) proto=3D255 prefixlen=3D32 | 192.1.2.45:0 | sadb_address @0x4fca65c88a8 len=3D3(24) exttype=3D6(SADB_EXT_ADDRESS_DS= T) proto=3D255 prefixlen=3D32 | 192.1.2.23:0 | sadb_key @0x4fca65c88c0 len=3D4(32) exttype=3D9(SADB_EXT_KEY_ENCRYPT) b= its=3D160 reserved=3D0000 | sadb_lifetime @0x4fca65c88e0 len=3D4(32) exttype=3D3(SADB_EXT_LIFETIME_= HARD) allocations=3D0 bytes=3D0 addtime=3D28800 usetime=3D0 | sadb_lifetime @0x4fca65c8900 len=3D4(32) exttype=3D4(SADB_EXT_LIFETIME_= SOFT) allocations=3D0 bytes=3D0 addtime=3D28800 usetime=3D0 | read 160 bytes | pfkeyv2_add_sa: | sadb_msg @0x4fca65b8858 version=3D2 type=3D3(SADB_ADD) errno=3D0 satype=3D3(SADB_SATYPE_ESP) len=3D20(160) reserved=3D0000 seq=3D5 pid=3D1124 | sadb_sa @0x4fca65b8868 len=3D2(16) exttype=3D1(SADB_EXT_SA) spi=3D3169888898(bcf0aa82) replay=3D16 state=3D1(SADB_SASTATE_MATURE) auth=3D0(SADB_AALG_NONE) encrypt=3D20(SADB_X_EALG_AESGCM16) flags=3D0=3Dnone | sadb_x_sa2 @0x4fca65b8878 len=3D2(16) exttype=3D19(SADB_X_EXT_SA2) mode=3D0(any!?!) reserved1=3D00 reserved2=3D0000 sequence=3D0 reqid=3D16389 | sadb_address @0x4fca65b8888 len=3D3(24) exttype=3D5(SADB_EXT_ADDRESS_SR= C) proto=3D255 prefixlen=3D32 | 192.1.2.45:0 | sadb_address @0x4fca65b88a0 len=3D3(24) exttype=3D6(SADB_EXT_ADDRESS_DS= T) proto=3D255 prefixlen=3D32 | 192.1.2.23:0 | sadb_lifetime @0x4fca65b88b8 len=3D4(32) exttype=3D3(SADB_EXT_LIFETIME_= HARD) allocations=3D0 bytes=3D0 addtime=3D28800 usetime=3D0 | sadb_lifetime @0x4fca65b88d8 len=3D4(32) exttype=3D4(SADB_EXT_LIFETIME_= SOFT) allocations=3D0 bytes=3D0 addtime=3D28800 usetime=3D0 =3D> install inbound SA (192.1.2.23 -> 192.1.2.45): | sending pfkeyv2_add_sa: | sadb_msg @0x4fca65c8860 version=3D2 type=3D2(SADB_UPDATE) errno=3D0 satype=3D3(SADB_SATYPE_ESP) len=3D24(192) reserved=3D0000 seq=3D6 pid=3D1124 | sadb_sa @0x4fca65c8870 len=3D2(16) exttype=3D1(SADB_EXT_SA) spi=3D2683487713(9ff2c5e1) replay=3D16 state=3D1(SADB_SASTATE_MATURE) auth=3D0(SADB_AALG_NONE) encrypt=3D20(SADB_X_EALG_AESGCM16) flags=3D0=3Dnone | sadb_x_sa2 @0x4fca65c8880 len=3D2(16) exttype=3D19(SADB_X_EXT_SA2) mode=3D0(any!?!) reserved1=3D00 reserved2=3D0000 sequence=3D0 reqid=3D16389 | sadb_address @0x4fca65c8890 len=3D3(24) exttype=3D5(SADB_EXT_ADDRESS_SR= C) proto=3D255 prefixlen=3D32 | 192.1.2.23:0 | sadb_address @0x4fca65c88a8 len=3D3(24) exttype=3D6(SADB_EXT_ADDRESS_DS= T) proto=3D255 prefixlen=3D32 | 192.1.2.45:0 | sadb_key @0x4fca65c88c0 len=3D4(32) exttype=3D9(SADB_EXT_KEY_ENCRYPT) b= its=3D160 reserved=3D0000 | sadb_lifetime @0x4fca65c88e0 len=3D4(32) exttype=3D3(SADB_EXT_LIFETIME_= HARD) allocations=3D0 bytes=3D0 addtime=3D28800 usetime=3D0 | sadb_lifetime @0x4fca65c8900 len=3D4(32) exttype=3D4(SADB_EXT_LIFETIME_= SOFT) allocations=3D0 bytes=3D0 addtime=3D28800 usetime=3D0 | read 160 bytes | pfkeyv2_add_sa: | sadb_msg @0x4fca65b8858 version=3D2 type=3D2(SADB_UPDATE) errno=3D0 satype=3D3(SADB_SATYPE_ESP) len=3D20(160) reserved=3D0000 seq=3D6 pid=3D1124 | sadb_sa @0x4fca65b8868 len=3D2(16) exttype=3D1(SADB_EXT_SA) spi=3D2683487713(9ff2c5e1) replay=3D16 state=3D1(SADB_SASTATE_MATURE) auth=3D0(SADB_AALG_NONE) encrypt=3D20(SADB_X_EALG_AESGCM16) flags=3D0=3Dnone | sadb_x_sa2 @0x4fca65b8878 len=3D2(16) exttype=3D19(SADB_X_EXT_SA2) mode=3D0(any!?!) reserved1=3D00 reserved2=3D0000 sequence=3D0 reqid=3D16389 | sadb_address @0x4fca65b8888 len=3D3(24) exttype=3D5(SADB_EXT_ADDRESS_SR= C) proto=3D255 prefixlen=3D32 | 192.1.2.23:0 | sadb_address @0x4fca65b88a0 len=3D3(24) exttype=3D6(SADB_EXT_ADDRESS_DS= T) proto=3D255 prefixlen=3D32 | 192.1.2.45:0 | sadb_lifetime @0x4fca65b88b8 len=3D4(32) exttype=3D3(SADB_EXT_LIFETIME_= HARD) allocations=3D0 bytes=3D0 addtime=3D28800 usetime=3D0 | sadb_lifetime @0x4fca65b88d8 len=3D4(32) exttype=3D4(SADB_EXT_LIFETIME_= SOFT) allocations=3D0 bytes=3D0 addtime=3D28800 usetime=3D0 =3D> install inbound policy: | sending kernel_pfkeyv2_policy_add: | sadb_msg @0x4fca65c8fa0 version=3D2 type=3D14(SADB_X_SPDADD) errno=3D0 satype=3D0(SADB_SATYPE_UNSPEC) len=3D19(152) reserved=3D0000 seq=3D7 pid=3D= 1124 | sadb_address @0x4fca65c8fb0 len=3D3(24) exttype=3D5(SADB_EXT_ADDRESS_SR= C) proto=3D255 prefixlen=3D24 | 192.0.2.0:0 | sadb_address @0x4fca65c8fc8 len=3D3(24) exttype=3D6(SADB_EXT_ADDRESS_DS= T) proto=3D255 prefixlen=3D24 | 192.0.1.0:0 | sadb_lifetime @0x4fca65c8fe0 len=3D4(32) exttype=3D3(SADB_EXT_LIFETIME_= HARD) allocations=3D0 bytes=3D0 addtime=3D0 usetime=3D0 | sadb_x_policy @0x4fca65c9000 len=3D7(56) exttype=3D18(SADB_X_EXT_POLICY) type=3D2(IPSEC_POLICY_IPSEC) dir=3D1(IPSEC_DIR_INBOUND) scope=3D0 id=3D0 priority=3D1757393 | sadb_x_ipsecrequest @0x4fca65c9010 len=3D40(40) proto=3D50(IPSEC_PROTO= _ESP) mode=3D2(IPSEC_MODE_TUNNEL) level=3D2(IPSEC_LEVEL_REQUIRE) reqid=3D0 | 192.1.2.23:0 | 192.1.2.45:0 | read 152 bytes | kernel_pfkeyv2_policy_add: | sadb_msg @0x4fca65b8f98 version=3D2 type=3D14(SADB_X_SPDADD) errno=3D0 satype=3D0(SADB_SATYPE_UNSPEC) len=3D19(152) reserved=3D0000 seq=3D7 pid=3D= 1124 | sadb_x_policy @0x4fca65b8fa8 len=3D7(56) exttype=3D18(SADB_X_EXT_POLICY) type=3D2(IPSEC_POLICY_IPSEC) dir=3D1(IPSEC_DIR_INBOUND) scope=3D0 id=3D1 priority=3D1757393 | sadb_x_ipsecrequest @0x4fca65b8fb8 len=3D40(40) proto=3D50(IPSEC_PROTO= _ESP) mode=3D2(IPSEC_MODE_TUNNEL) level=3D2(IPSEC_LEVEL_REQUIRE) reqid=3D0 | 192.1.2.23:0 | 192.1.2.45:0 | sadb_lifetime @0x4fca65b8fe0 len=3D4(32) exttype=3D3(SADB_EXT_LIFETIME_= HARD) allocations=3D0 bytes=3D0 addtime=3D0 usetime=3D0 | sadb_address @0x4fca65b9000 len=3D3(24) exttype=3D5(SADB_EXT_ADDRESS_SR= C) proto=3D255 prefixlen=3D24 | 192.0.2.0:0 | sadb_address @0x4fca65b9018 len=3D3(24) exttype=3D6(SADB_EXT_ADDRESS_DS= T) proto=3D255 prefixlen=3D24 | 192.0.1.0:0 =3D> install outbound policy: | sending kernel_pfkeyv2_policy_add: | sadb_msg @0x4fca65c9080 version=3D2 type=3D14(SADB_X_SPDADD) errno=3D0 satype=3D0(SADB_SATYPE_UNSPEC) len=3D19(152) reserved=3D0000 seq=3D8 pid=3D= 1124 | sadb_address @0x4fca65c9090 len=3D3(24) exttype=3D5(SADB_EXT_ADDRESS_SR= C) proto=3D255 prefixlen=3D24 | 192.0.1.0:0 | sadb_address @0x4fca65c90a8 len=3D3(24) exttype=3D6(SADB_EXT_ADDRESS_DS= T) proto=3D255 prefixlen=3D24 | 192.0.2.0:0 | sadb_lifetime @0x4fca65c90c0 len=3D4(32) exttype=3D3(SADB_EXT_LIFETIME_= HARD) allocations=3D0 bytes=3D0 addtime=3D0 usetime=3D0 | sadb_x_policy @0x4fca65c90e0 len=3D7(56) exttype=3D18(SADB_X_EXT_POLICY) type=3D2(IPSEC_POLICY_IPSEC) dir=3D2(IPSEC_DIR_OUTBOUND) scope=3D0 id=3D0 priority=3D1757393 | sadb_x_ipsecrequest @0x4fca65c90f0 len=3D40(40) proto=3D50(IPSEC_PROTO= _ESP) mode=3D2(IPSEC_MODE_TUNNEL) level=3D2(IPSEC_LEVEL_REQUIRE) reqid=3D0 | 192.1.2.45:0 | 192.1.2.23:0 | read 152 bytes | kernel_pfkeyv2_policy_add: | sadb_msg @0x4fca65b9078 version=3D2 type=3D14(SADB_X_SPDADD) errno=3D0 satype=3D0(SADB_SATYPE_UNSPEC) len=3D19(152) reserved=3D0000 seq=3D8 pid=3D= 1124 | sadb_x_policy @0x4fca65b9088 len=3D7(56) exttype=3D18(SADB_X_EXT_POLICY) type=3D2(IPSEC_POLICY_IPSEC) dir=3D2(IPSEC_DIR_OUTBOUND) scope=3D0 id=3D2 priority=3D1757393 | sadb_x_ipsecrequest @0x4fca65b9098 len=3D40(40) proto=3D50(IPSEC_PROTO= _ESP) mode=3D2(IPSEC_MODE_TUNNEL) level=3D2(IPSEC_LEVEL_REQUIRE) reqid=3D0 | 192.1.2.45:0 | 192.1.2.23:0 | sadb_lifetime @0x4fca65b90c0 len=3D4(32) exttype=3D3(SADB_EXT_LIFETIME_= HARD) allocations=3D0 bytes=3D0 addtime=3D0 usetime=3D0 | sadb_address @0x4fca65b90e0 len=3D3(24) exttype=3D5(SADB_EXT_ADDRESS_SR= C) proto=3D255 prefixlen=3D24 | 192.0.1.0:0 | sadb_address @0x4fca65b90f8 len=3D3(24) exttype=3D6(SADB_EXT_ADDRESS_DS= T) proto=3D255 prefixlen=3D24 | 192.0.2.0:0 --=20 You are receiving this mail because: You are the assignee for the bug.=