Date: Mon, 1 Mar 2004 15:20:03 -0600 (CST) From: Larry Rosenman <ler@lerctr.org> To: FreeBSD-gnats-submit@FreeBSD.org Subject: bin/63616: setkey no longer recognizes tcp in an spdadd line Message-ID: <200403012120.i21LK3lM000959@lerlaptop-red.iadfw.net> Resent-Message-ID: <200403012120.i21LKBQ5075565@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 63616
>Category: bin
>Synopsis: setkey no longer recognizes tcp in an spdadd line
>Confidential: no
>Severity: serious
>Priority: high
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Mon Mar 01 13:20:11 PST 2004
>Closed-Date:
>Last-Modified:
>Originator: Larry Rosenman
>Release: FreeBSD 5.2-CURRENT i386
>Organization:
LERCTR Consulting
>Environment:
System: FreeBSD lerlaptop-red.iadfw.net 5.2-CURRENT FreeBSD 5.2-CURRENT #96: Mon Mar 1 12:13:00 CST 2004 ler@lerlaptop-red.iadfw.net:/usr/obj/usr/src/sys/LERLAPTOP i386
>Description:
I have the following /etc/ipsec.conf:
spdflush;
#spdadd 207.158.72.14[any] 207.158.72.11[53] udp -P out none;
#spdadd 207.158.72.14[any] 192.147.25.11[53] udp -P out none;
#spdadd 207.158.72.11[53] 207.158.72.14[any] udp -P in none;
#spdadd 192.147.25.11[53] 207.158.72.14[any] udp -P in none;
#spdadd 207.158.72.14[any] 207.158.72.45[53] udp -P out none;
#spdadd 207.158.72.14[any] 192.147.25.45[53] udp -P out none;
#spdadd 207.158.72.45[53] 207.158.72.14[any] udp -P in none;
#spdadd 192.147.25.45[53] 207.158.72.14[any] udp -P in none;
#spdadd 207.158.72.14[any] 207.159.72.11[500] any -P out ipsec
# esp/transport//use;
#spdadd 207.158.72.14[any] 192.147.25.11[500] any -P out ipsec
# esp/transport//use;
#spdadd 207.158.72.11[500] 207.158.72.14[any] any -P in ipsec
# esp/transport//use;
#spdadd 192.147.25.11[500] 207.158.72.14[any] any -P in ipsec
# esp/transport//use;
#spdadd 207.158.72.14[any] 207.159.72.45[500] any -P out ipsec
# esp/transport//use;
#spdadd 207.158.72.14[any] 192.147.25.45[500] any -P out ipsec
# esp/transport//use;
#spdadd 207.158.72.45[500] 207.158.72.14[any] any -P in ipsec
# esp/transport//use;
#spdadd 192.147.25.45[500] 207.158.72.14[any] any -P in ipsec
# esp/transport//use;
spdadd 207.158.72.14[any] 207.158.72.11[any] tcp -P out ipsec
esp/transport//require ;
spdadd 207.158.72.14[any] 192.147.25.11[any] tcp -P out ipsec
esp/transport//require ;
spdadd 207.158.72.11[any] 207.158.72.14[any] tcp -P in ipsec
esp/transport//require ;
spdadd 192.147.25.11[any] 207.158.72.14[any] tcp -P in ipsec
esp/transport//require ;
#spdadd 207.158.72.14[any] 207.158.72.45[any] any -P out ipsec
# esp/transport//require ;
#spdadd 207.158.72.14[any] 192.147.25.45[any] any -P out ipsec
# esp/transport//require ;
#spdadd 207.158.72.45[any] 207.158.72.14[any] any -P in ipsec
# esp/transport//require ;
#spdadd 192.147.25.45[any] 207.158.72.14[any] any -P in ipsec
# esp/transport//require ;
#######
#spdadd 207.136.3.72[any] 207.158.72.11[53] udp -P out none;
#spdadd 207.158.72.11[53] 207.136.3.72[any] udp -P in none;
#spdadd 207.136.3.72[any] 192.147.25.11[53] udp -P out none;
#spdadd 192.147.25.11[53] 207.136.3.72[any] udp -P in none;
#spdadd 207.136.3.72[any] 207.158.72.11[500] udp -P out ipsec
# esp/transport//use;
#spdadd 207.158.72.11[500] 207.136.3.72[any] any -P in ipsec
# esp/transport//use;
#spdadd 207.136.3.72[any] 192.147.25.11[500] any -P out ipsec
# esp/transport//use;
#spdadd 192.147.25.11[500] 207.136.3.72[any] any -P in ipsec
# esp/transport//use;
spdadd 207.136.3.72[any] 207.158.72.11[any] tcp -P out ipsec
esp/transport//require ;
spdadd 207.136.3.72[any] 192.147.25.11[any] tcp -P out ipsec
esp/transport//require ;
spdadd 207.158.72.11[any] 207.136.3.72[any] tcp -P in ipsec
esp/transport//require ;
spdadd 192.147.25.11[any] 207.136.3.72[any] tcp -P in ipsec
esp/transport//require ;
#spdadd 207.136.3.72[any] 207.158.72.45[any] any -P out ipsec
# esp/transport//require ;
#spdadd 207.136.3.72[any] 192.147.25.45[any] any -P out ipsec
# esp/transport//require ;
#spdadd 207.158.72.45[any] 207.136.3.72[any] any -P in ipsec
# esp/transport//require ;
#spdadd 192.147.25.45[any] 207.136.3.72[any] any -P in ipsec
# esp/transport//require ;
#######
and when I booted today's -CURRENT, it complained about [tcp] on line 26.
This had been working with a kernel / world from ~1 month ago.
I changed all the uncommented lines to have any in that field, and it parses,
but this is BROKEN.
>How-To-Repeat:
See above
>Fix:
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200403012120.i21LK3lM000959>