From owner-freebsd-bugs@FreeBSD.ORG Sun Feb 17 10:30:02 2008 Return-Path: Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 595CB16A418 for ; Sun, 17 Feb 2008 10:30:02 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 55AA213C4E5 for ; Sun, 17 Feb 2008 10:30:02 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.2/8.14.2) with ESMTP id m1HAU1B2010542 for ; Sun, 17 Feb 2008 10:30:01 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.2/8.14.1/Submit) id m1HAU1cg010541; Sun, 17 Feb 2008 10:30:01 GMT (envelope-from gnats) Resent-Date: Sun, 17 Feb 2008 10:30:01 GMT Resent-Message-Id: <200802171030.m1HAU1cg010541@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Kazuaki ODA Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 1BEA416A41B for ; Sun, 17 Feb 2008 10:22:08 +0000 (UTC) (envelope-from kazuaki@aliceblue.jp) Received: from pd5f7be.tokyff01.ap.so-net.ne.jp (pd5f7be.tokyff01.ap.so-net.ne.jp [202.213.247.190]) by mx1.freebsd.org (Postfix) with ESMTP id 0439213C45B for ; Sun, 17 Feb 2008 10:22:07 +0000 (UTC) (envelope-from kazuaki@aliceblue.jp) Received: from router.aliceblue.jp (localhost.aliceblue.jp [127.0.0.1]) by pd5f7be.tokyff01.ap.so-net.ne.jp (Postfix) with ESMTP id 87DC5597C72 for ; Sun, 17 Feb 2008 19:11:14 +0900 (JST) Received: (from kazuaki@localhost) by router.aliceblue.jp (8.14.2/8.14.2/Submit) id m1HABEDO003744; Sun, 17 Feb 2008 19:11:14 +0900 (JST) (envelope-from kazuaki@aliceblue.jp) Message-Id: <200802171011.m1HABEDO003744@router.aliceblue.jp> Date: Sun, 17 Feb 2008 19:11:14 +0900 (JST) From: Kazuaki ODA To: FreeBSD-gnats-submit@FreeBSD.org X-Send-Pr-Version: 3.113 Cc: Subject: kern/120751: [PATCH] IPsec: kernel sends wrong pfkey expire message X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Kazuaki ODA List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 17 Feb 2008 10:30:02 -0000 >Number: 120751 >Category: kern >Synopsis: [PATCH] IPsec: kernel sends wrong pfkey expire message >Confidential: no >Severity: non-critical >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Sun Feb 17 10:30:01 UTC 2008 >Closed-Date: >Last-Modified: >Originator: Kazuaki ODA >Release: FreeBSD 7.0-RC2 i386 >Organization: >Environment: System: FreeBSD router.aliceblue.jp 7.0-RC2 FreeBSD 7.0-RC2 #1: Sun Feb 17 15:41:35 JST 2008 kazuaki@router.aliceblue.jp:/usr/src/sys/i386/compile/ROUTER i386 >Description: The type of members, lft_c, lft_h and lft_s, in struct secasvar have been changed from struct sadb_lifetime* to struct seclifetime* at netipsec/keydb.h rev. 1.6. But, key_expire() in netipsec/key.c is not aware of the change. The following code in key_expire() is on the assumption that the type of sav->lft_s is struct sadb_lifetime*, not struct seclifetime*. bcopy(sav->lft_s, lt, sizeof(*lt)); struct seclifetime does not have the members, len and exttype. So, as the result, kernel sends wrong pfkey expire message to IKE daemon. >How-To-Repeat: Install security/ipsec-tools from the ports, and setup IPsec tunnel. racoon outputs the following message: libipsec failed pfkey align (Invalid sadb message) and, it fails to create new IPsec-SAs before old ones expire. >Fix: It seems the attached patch fixes the problem. But I am not familiar with IPsec code. Other changes may be needed. For example, the following code in key_setsaval() may have to be modified. sav->lft_c = malloc(sizeof(struct sadb_lifetime), M_IPSEC_MISC, M_NOWAIT); --- key.c.patch begins here --- --- sys/netipsec/key.c.orig 2007-07-01 20:38:29.000000000 +0900 +++ sys/netipsec/key.c 2008-02-17 15:39:47.000000000 +0900 @@ -6323,7 +6323,12 @@ lt->sadb_lifetime_addtime = sav->lft_c->addtime; lt->sadb_lifetime_usetime = sav->lft_c->usetime; lt = (struct sadb_lifetime *)(mtod(m, caddr_t) + len / 2); - bcopy(sav->lft_s, lt, sizeof(*lt)); + lt->sadb_lifetime_len = PFKEY_UNIT64(sizeof(struct sadb_lifetime)); + lt->sadb_lifetime_exttype = SADB_EXT_LIFETIME_SOFT; + lt->sadb_lifetime_allocations = sav->lft_s->allocations; + lt->sadb_lifetime_bytes = sav->lft_s->bytes; + lt->sadb_lifetime_addtime = sav->lft_s->addtime; + lt->sadb_lifetime_usetime = sav->lft_s->usetime; m_cat(result, m); /* set sadb_address for source */ --- key.c.patch ends here --- >Release-Note: >Audit-Trail: >Unformatted: