Date: Mon, 1 Mar 2004 15:20:03 -0600 (CST) From: Larry Rosenman <ler@lerctr.org> To: FreeBSD-gnats-submit@FreeBSD.org Subject: bin/63616: setkey no longer recognizes tcp in an spdadd line Message-ID: <200403012120.i21LK3lM000959@lerlaptop-red.iadfw.net> Resent-Message-ID: <200403012120.i21LKBQ5075565@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 63616 >Category: bin >Synopsis: setkey no longer recognizes tcp in an spdadd line >Confidential: no >Severity: serious >Priority: high >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Mon Mar 01 13:20:11 PST 2004 >Closed-Date: >Last-Modified: >Originator: Larry Rosenman >Release: FreeBSD 5.2-CURRENT i386 >Organization: LERCTR Consulting >Environment: System: FreeBSD lerlaptop-red.iadfw.net 5.2-CURRENT FreeBSD 5.2-CURRENT #96: Mon Mar 1 12:13:00 CST 2004 ler@lerlaptop-red.iadfw.net:/usr/obj/usr/src/sys/LERLAPTOP i386 >Description: I have the following /etc/ipsec.conf: spdflush; #spdadd 207.158.72.14[any] 207.158.72.11[53] udp -P out none; #spdadd 207.158.72.14[any] 192.147.25.11[53] udp -P out none; #spdadd 207.158.72.11[53] 207.158.72.14[any] udp -P in none; #spdadd 192.147.25.11[53] 207.158.72.14[any] udp -P in none; #spdadd 207.158.72.14[any] 207.158.72.45[53] udp -P out none; #spdadd 207.158.72.14[any] 192.147.25.45[53] udp -P out none; #spdadd 207.158.72.45[53] 207.158.72.14[any] udp -P in none; #spdadd 192.147.25.45[53] 207.158.72.14[any] udp -P in none; #spdadd 207.158.72.14[any] 207.159.72.11[500] any -P out ipsec # esp/transport//use; #spdadd 207.158.72.14[any] 192.147.25.11[500] any -P out ipsec # esp/transport//use; #spdadd 207.158.72.11[500] 207.158.72.14[any] any -P in ipsec # esp/transport//use; #spdadd 192.147.25.11[500] 207.158.72.14[any] any -P in ipsec # esp/transport//use; #spdadd 207.158.72.14[any] 207.159.72.45[500] any -P out ipsec # esp/transport//use; #spdadd 207.158.72.14[any] 192.147.25.45[500] any -P out ipsec # esp/transport//use; #spdadd 207.158.72.45[500] 207.158.72.14[any] any -P in ipsec # esp/transport//use; #spdadd 192.147.25.45[500] 207.158.72.14[any] any -P in ipsec # esp/transport//use; spdadd 207.158.72.14[any] 207.158.72.11[any] tcp -P out ipsec esp/transport//require ; spdadd 207.158.72.14[any] 192.147.25.11[any] tcp -P out ipsec esp/transport//require ; spdadd 207.158.72.11[any] 207.158.72.14[any] tcp -P in ipsec esp/transport//require ; spdadd 192.147.25.11[any] 207.158.72.14[any] tcp -P in ipsec esp/transport//require ; #spdadd 207.158.72.14[any] 207.158.72.45[any] any -P out ipsec # esp/transport//require ; #spdadd 207.158.72.14[any] 192.147.25.45[any] any -P out ipsec # esp/transport//require ; #spdadd 207.158.72.45[any] 207.158.72.14[any] any -P in ipsec # esp/transport//require ; #spdadd 192.147.25.45[any] 207.158.72.14[any] any -P in ipsec # esp/transport//require ; ####### #spdadd 207.136.3.72[any] 207.158.72.11[53] udp -P out none; #spdadd 207.158.72.11[53] 207.136.3.72[any] udp -P in none; #spdadd 207.136.3.72[any] 192.147.25.11[53] udp -P out none; #spdadd 192.147.25.11[53] 207.136.3.72[any] udp -P in none; #spdadd 207.136.3.72[any] 207.158.72.11[500] udp -P out ipsec # esp/transport//use; #spdadd 207.158.72.11[500] 207.136.3.72[any] any -P in ipsec # esp/transport//use; #spdadd 207.136.3.72[any] 192.147.25.11[500] any -P out ipsec # esp/transport//use; #spdadd 192.147.25.11[500] 207.136.3.72[any] any -P in ipsec # esp/transport//use; spdadd 207.136.3.72[any] 207.158.72.11[any] tcp -P out ipsec esp/transport//require ; spdadd 207.136.3.72[any] 192.147.25.11[any] tcp -P out ipsec esp/transport//require ; spdadd 207.158.72.11[any] 207.136.3.72[any] tcp -P in ipsec esp/transport//require ; spdadd 192.147.25.11[any] 207.136.3.72[any] tcp -P in ipsec esp/transport//require ; #spdadd 207.136.3.72[any] 207.158.72.45[any] any -P out ipsec # esp/transport//require ; #spdadd 207.136.3.72[any] 192.147.25.45[any] any -P out ipsec # esp/transport//require ; #spdadd 207.158.72.45[any] 207.136.3.72[any] any -P in ipsec # esp/transport//require ; #spdadd 192.147.25.45[any] 207.136.3.72[any] any -P in ipsec # esp/transport//require ; ####### and when I booted today's -CURRENT, it complained about [tcp] on line 26. This had been working with a kernel / world from ~1 month ago. I changed all the uncommented lines to have any in that field, and it parses, but this is BROKEN. >How-To-Repeat: See above >Fix: >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200403012120.i21LK3lM000959>