Date: Sun, 17 Feb 2008 19:11:14 +0900 (JST) From: Kazuaki ODA <kazuaki@aliceblue.jp> To: FreeBSD-gnats-submit@FreeBSD.org Subject: kern/120751: [PATCH] IPsec: kernel sends wrong pfkey expire message Message-ID: <200802171011.m1HABEDO003744@router.aliceblue.jp> Resent-Message-ID: <200802171030.m1HAU1cg010541@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 120751 >Category: kern >Synopsis: [PATCH] IPsec: kernel sends wrong pfkey expire message >Confidential: no >Severity: non-critical >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Sun Feb 17 10:30:01 UTC 2008 >Closed-Date: >Last-Modified: >Originator: Kazuaki ODA >Release: FreeBSD 7.0-RC2 i386 >Organization: >Environment: System: FreeBSD router.aliceblue.jp 7.0-RC2 FreeBSD 7.0-RC2 #1: Sun Feb 17 15:41:35 JST 2008 kazuaki@router.aliceblue.jp:/usr/src/sys/i386/compile/ROUTER i386 >Description: The type of members, lft_c, lft_h and lft_s, in struct secasvar have been changed from struct sadb_lifetime* to struct seclifetime* at netipsec/keydb.h rev. 1.6. But, key_expire() in netipsec/key.c is not aware of the change. The following code in key_expire() is on the assumption that the type of sav->lft_s is struct sadb_lifetime*, not struct seclifetime*. bcopy(sav->lft_s, lt, sizeof(*lt)); struct seclifetime does not have the members, len and exttype. So, as the result, kernel sends wrong pfkey expire message to IKE daemon. >How-To-Repeat: Install security/ipsec-tools from the ports, and setup IPsec tunnel. racoon outputs the following message: libipsec failed pfkey align (Invalid sadb message) and, it fails to create new IPsec-SAs before old ones expire. >Fix: It seems the attached patch fixes the problem. But I am not familiar with IPsec code. Other changes may be needed. For example, the following code in key_setsaval() may have to be modified. sav->lft_c = malloc(sizeof(struct sadb_lifetime), M_IPSEC_MISC, M_NOWAIT); --- key.c.patch begins here --- --- sys/netipsec/key.c.orig 2007-07-01 20:38:29.000000000 +0900 +++ sys/netipsec/key.c 2008-02-17 15:39:47.000000000 +0900 @@ -6323,7 +6323,12 @@ lt->sadb_lifetime_addtime = sav->lft_c->addtime; lt->sadb_lifetime_usetime = sav->lft_c->usetime; lt = (struct sadb_lifetime *)(mtod(m, caddr_t) + len / 2); - bcopy(sav->lft_s, lt, sizeof(*lt)); + lt->sadb_lifetime_len = PFKEY_UNIT64(sizeof(struct sadb_lifetime)); + lt->sadb_lifetime_exttype = SADB_EXT_LIFETIME_SOFT; + lt->sadb_lifetime_allocations = sav->lft_s->allocations; + lt->sadb_lifetime_bytes = sav->lft_s->bytes; + lt->sadb_lifetime_addtime = sav->lft_s->addtime; + lt->sadb_lifetime_usetime = sav->lft_s->usetime; m_cat(result, m); /* set sadb_address for source */ --- key.c.patch ends here --- >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200802171011.m1HABEDO003744>