From owner-freebsd-net@freebsd.org Tue Jun 12 12:35:03 2018 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 92246100C0FE for ; Tue, 12 Jun 2018 12:35:03 +0000 (UTC) (envelope-from patfbsd@davenulle.org) Received: from sender-of-o52.zoho.com (sender-of-o52.zoho.com [135.84.80.217]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 2206780CF8 for ; Tue, 12 Jun 2018 12:35:02 +0000 (UTC) (envelope-from patfbsd@davenulle.org) Received: from mr185083 (mr185083.univ-rennes1.fr [129.20.185.83]) by mx.zohomail.com with SMTPS id 1528806891133360.18734019182705; Tue, 12 Jun 2018 05:34:51 -0700 (PDT) Date: Tue, 12 Jun 2018 14:34:47 +0200 From: Patrick Lamaiziere To: FreeBSD Net Subject: 11.2-RC1 bird 2 BGP invalid ipsec SA/SP Message-ID: <20180612143447.697681c5@mr185083> X-Mailer: Claws Mail 3.15.1 (GTK+ 2.24.31; amd64-portbld-freebsd11.0) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-ZohoMailClient: External X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.26 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 12 Jun 2018 12:35:03 -0000 Hello, I'm trying Bird 2 on FreeBSD 11.2 using tcp md5 signature for BGP connections. Bird2 has an option to set the needed ipsec SA/SP but here this does not work. The first entry (0.0.0.0 129.20.128.78) is correct but the second one (129.20.128.78 0.0.0.0) has an invalid spi field (should be 0x1000). The spi value changes each time bird runs so it looks uninitialized. # setkey -D 129.20.128.78 0.0.0.0 tcp mode=any spi=131144976(0x07d11d10) reqid=0(0x00000000) A: tcp-md5 32626770 2d313421 seq=0x00000000 replay=0 flags=0x00000040 state=mature created: Jun 12 14:15:50 2018 current: Jun 12 14:24:31 2018 diff: 521(s) hard: 0(s) soft: 0(s) last: hard: 0(s) soft: 0(s) current: 0(bytes) hard: 0(bytes) soft: 0(bytes) allocated: 0 hard: 0 soft: 0 sadb_seq=1 pid=49180 refcnt=1 0.0.0.0 129.20.128.78 tcp mode=any spi=4096(0x00001000) reqid=0(0x00000000) A: tcp-md5 32626770 2d313421 seq=0x00000000 replay=0 flags=0x00000040 state=mature created: Jun 12 14:15:50 2018 current: Jun 12 14:24:31 2018 diff: 521(s) hard: 0(s) soft: 0(s) last: hard: 0(s) soft: 0(s) current: 0(bytes) hard: 0(bytes) soft: 0(bytes) allocated: 0 hard: 0 soft: 0 sadb_seq=0 pid=49180 refcnt=1 Also FreeBSD has a patch on Bird to add the second entry, I think this patch should be submitted upstream. (I can do it but some explanation would be welcome) see also : https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=218907 Any clue? Thanks, regards.