From owner-freebsd-security  Fri Jul 23 14:17:42 1999
Delivered-To: freebsd-security@freebsd.org
Received: from lily.ezo.net (lily.ezo.net [206.102.130.13])
	by hub.freebsd.org (Postfix) with ESMTP id CACB11575A
	for <freebsd-security@FreeBSD.ORG>; Fri, 23 Jul 1999 14:17:37 -0700 (PDT)
	(envelope-from jflowers@ezo.net)
Received: from lily.ezo.net (jflowers@localhost.ezo.net [127.0.0.1])
	by lily.ezo.net (8.8.7/8.8.7) with SMTP id RAA13637;
	Fri, 23 Jul 1999 17:16:37 -0400 (EDT)
Date: Fri, 23 Jul 1999 17:16:37 -0400 (EDT)
From: Jim Flowers <jflowers@ezo.net>
To: Bill Paul <wpaul@ctr.columbia.edu>
Cc: skip-info@skip-vpn.org, freebsd-security@FreeBSD.ORG
Subject: Re: wi driver with SKIP
In-Reply-To: <199907222036.QAA27461@startide.ctr.columbia.edu>
Message-ID: <Pine.BSI.3.91.990723162752.10719A-100000@lily.ezo.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Ran test between two fbsd boxes, one with SKIP on box A and the other 
with SKIP on wi interface (box C) with an intermediate WavePOINT II as in:

=======Ethernet=========                   [C]
  |               |                         |
[SKIP]           [B]                      [SKIP]
  |               |                         |  
 [A]             [W1]--))))[WP-1][WP-2](((([W2] 

W1 and W2 are IEEE/ISA Turbo cards with the wi driver

Ping requests originating from A are succesfully encapsulated and arrive 
at C where they are successfully de-encapsulated causing a ping response 
from C that begins the trek back to A.  Tcpdump, gets a copy of 
the frame through the bpf interface to the wi driver which it correctly 
identifies the source and destination addresses and that the IP type is 
SKIP (57) but complains that the packet has been truncated and is short 
by 120 bytes.  With SKIP turned off, transmission is successful in both 
directions.

From this, it appears that SKIP encapsulated packets will transit out the 
wi interface just fine (as in W1) as long as the SKIP module is not shimmed 
in before the wi interface (as in W2).  Looks like the routine where SKIP 
hands the encrypted/encapsulated packets back may be suspect.  As SKIP 
works with other traditional ethernet interfaces (I use mainly ed, lnc, 
and fxp), it must be something that is expected by the wi driver that is 
not being furnished by the SKIP shim.

Would have done more but the building that Hillary Clinton is speaking 
in front of is next to ours and we got kicked out by the secret service.

I would look at the SKIP code (I've debugged it before) but I haven't a 
clue what I'm looking for at the moment.

Jim Flowers <jflowers@ezo.net>
#4 ISP on C|NET, #1 in Ohio



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message