Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 27 Nov 2008 03:00:22 GMT
From:      wang jiabo <jiabwang@redhat.com>
To:        freebsd-gnats-submit@FreeBSD.org
Subject:   i386/129218: freebsd6.2 kernel cannot support ipsec "-E null -A hmac-sha1", FreeBSD7.0 kernel cannot support -A aes-xcbc-mac
Message-ID:  <200811270300.mAR30M9V002019@www.freebsd.org>
Resent-Message-ID: <200811270310.mAR3A2Tb092226@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help 

>Number:         129218
>Category:       i386
>Synopsis:       freebsd6.2 kernel cannot support ipsec "-E null -A hmac-sha1", FreeBSD7.0 kernel cannot support -A aes-xcbc-mac
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    freebsd-i386
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Nov 27 03:10:01 UTC 2008
>Closed-Date:
>Last-Modified:
>Originator:     wang jiabo
>Release:        FreeBSD6.2 and 7.0
>Organization:
redhat
>Environment:
FreeBSD6.2 release
FreeBSD7.0 release
>Description:
on FreeBSD6.2:
I setup setkey file:

flush;
spdflush;
add 3ffe:501:ffff:103:20a:ebff:fe85:9e56 3ffe:501:ffff:104:21d:fff:fe19:59fc esp 0x2000 -m transport -E null -A hmac-sha1 “ipv6readylogsha11to2”;
spdadd 3ffe:501:ffff:103:20a:ebff:fe85:9e56 3ffe:501:ffff:104:21d:fff:fe19:59fc any -P in ipsec esp/transport//require;
add 3ffe:501:ffff:104:21d:fff:fe19:59fc 3ffe:501:ffff:103:20a:ebff:fe85:9e56 esp 0x1000 -m transport -E null -A hmac-sha1 “ipv6readylogsha12to1”;
spdadd 3ffe:501:ffff:104:21d:fff:fe19:59fc 3ffe:501:ffff:103:20a:ebff:fe85:9e56 any -P out ipsec esp/transport//require;

system report&#65306;
The result of line 3 : Invalid argument
The result of line 5 : Invalid argument 

on FreeBSD7.0:
 I setup setkey file:
add 3ffe:501:ffff:103:20a:ebff:fe85:9e56 3ffe:501:ffff:104:21d:fff:fe19:59fc esp 0x2000 -m transport -E 3des-cbc 
"ipv6readylogo3descbc1to2" -A aes-xcbc-mac "ipv6readaesx1to2"; 

then run: * setkey -f /etc/ipsec.conf*
system report :  
   line 4 : Not supported at [ipv6readaesx1to2] 
   parse failed, line 4.
 
>How-To-Repeat:
set setkey configuration, and run "setkey -f setkey.conf"
>Fix:


>Release-Note:
>Audit-Trail:
>Unformatted:

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200811270300.mAR30M9V002019>