FreeBSD Mail Archives

Date:      Thu, 09 Nov 2000 12:38:42 -0800
From:      Lars Eggert <larse@ISI.EDU>
To:        Hajimu UMEMOTO <ume@mahoroba.org>
Cc:        casonc@netplex.aussie.org, freebsd-bugs@freebsd.org, freebsd-stable@freebsd.org, xbone@ISI.EDU, itojun@iijlab.net
Subject:   Re: Bug or feature ?
Message-ID:  <3A0B0B52.39B7D7CC@isi.edu>
References:  <005701c04a62$366f7b20$023a1dac@dsat.net.au> <3A0AEF2D.7665487F@isi.edu> <20001110.043514.08324946.ume@mahoroba.org>


[-- Attachment #1 --]
Hajimu UMEMOTO wrote:
> larse> A full patch is available from
> larse> http://www.kame.net/dev/cvsweb.cgi/kame/kame/sys/netinet6/ipsec.c.diff?r1=1.82&r2=1.83
> 
> larse> Pending approval, could the fix please be committed to -STABLE?
> 
> This is still work in progress.  The commit messages says as below:
> 
> >  Log:
> >  alternative to PR 296.  make sure we do not decapsulate IP tunnel packet
> >  if we got a transport-mode SA.  need to do more for "any" SA.
> >  DO NOT MERGE IT TO *BSD YET.
> 
> There is too few time to be in time to 4.2-RELEASE.  So, I'll backout
> previous commit, once.  Then, I'll commit right fix after 4.2-RELEASE.

There is a small bug in KAME when it encouters IPsec transport mode packets
that went over an IPIP tunnel. (They are being treated as IPsec tunnel mode
packets.) The original bugfix we submitted fixes that, but opened another
problem with ANY SAs. (Packets matching ANY SAs where dropped when they
should have been treated as tunnel mode packets.) The new bugfix addresses
that problem, so it should be committed in our opinion.

The fixes uncovered a small design quirk in KAME SA ANY handling. I'm sure
this will be fixed in KAME eventually. For now, I see only benefit in
applying the new bugfix: It fixes the IPsec/IPIP bug, and restores
interoperability with ANY SAs.

Itojun, do you agree with this? What problems did you see in merging the
bugfix into FreeBSD? Maybe I missed something.

Lars
-- 
Lars Eggert <larse@isi.edu>                 Information Sciences Institute
http://www.isi.edu/larse/                University of Southern California
[-- Attachment #2 --]
0�#	*�H��
��0�10	+0	*�H��
���0��0�A�#0
	*�H��
0��10	UZA10UWestern Cape10UDurbanville10
U
Thawte10UCertificate Services1(0&UPersonal Freemail RSA 1999.9.160
000824203008Z
010824203008Z0T10
UEggert1
0U*Lars10ULars Eggert10	*�H��
	
larse@isi.edu0��0
	*�H��
��0�����\�p�9޻� H;�����v��֐�r��∩6��"C?mxf�J��f��7����I��[���3C�F�́�L	I
�-�����zHR���VA怤2�]0-b��L�)���%X>�n�Ӆ�w0u0*+e!000L2uMyffBNUbNJJcdZ2s0U0�
larse@isi.edu0U�00U#0����`�fU��X�F�a�#�Ì0
	*�H��
����_3��	��F�=%nW�Y-HXD�9�UO���c�6�ܰ�w�f�@u�ܶ�NԄR?��P�r}����E��1�֮2�3�������mF�h�ySwM_h|d y����R�����=��$�P ����0�0�}�0
	*�H��
0��10	UZA10UWestern Cape10U	Cape Town10U
Thawte Consulting1(0&UCertification Services Division1$0"UThawte Personal Freemail CA1+0)	*�H��
	personal-freemail@thawte.com0
990916140140Z
010915140140Z0��10	UZA10UWestern Cape10UDurbanville10
U
Thawte10UCertificate Services1(0&UPersonal Freemail RSA 1999.9.160��0
	*�H��
��0�����iZ���z��]�!�#r�LK�~����r$�BR�W��{az���r98����e��^��e���yvL>�hpu��t�,O	1��A�rƦ]�D��.�M��օ>l�x�~@�эW��s�0�F�O�7050U�0�0U#0�rI�s4�U�vr�~w��Ʋ0
	*�H��
��k�Y�1�����rr��`H��U�{�g��ap�m¥7؝�(V��\uoƑ��lfq�|k�o��!6-���	��-mƃR����������t��\���~��
orzg,ks�����n�Ν��c)�	~U�1��0��0��0��10	UZA10UWestern Cape10UDurbanville10
U
Thawte10UCertificate Services1(0&UPersonal Freemail RSA 1999.9.16#0	+���0	*�H��
	1	*�H��
0	*�H��
	1
001109203842Z0#	*�H��
	1�,��F�@�>�V��&�{��0R	*�H��
	1E0C0
*�H��
0*�H��
�0+0
*�H��
@0
*�H��
(0
	*�H��
��'�v,�ƀ��O;+�m�7֝ݻ{Q���&����|��&IÁ����"�Fr෽�E	��������X�[��N�-}��/~�
��+����u�X��H���*��fUu�U6�R���-�u

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3A0B0B52.39B7D7CC>

Header And Logo

Peripheral Links

Site Navigation

Header And Logo

Peripheral Links

Search

Site Navigation