NetBSD Problem Report #13905

Received: (qmail 390 invoked from network); 9 Sep 2001 07:15:56 -0000
Message-Id: <200109090716.f897G0501913@rekusant.sr.tjls.com>
Date: Sun, 9 Sep 2001 03:16:00 -0400 (EDT)
From: tls@rek.tjls.com
Reply-To: tls@rek.tjls.com
To: gnats-bugs@gnats.netbsd.org
Subject: Our ESP "NULL" cipher does not interoperate with microsoft's
X-Send-Pr-Version: 3.95

>Number:         13905
>Category:       kern
>Synopsis:       IPsec: Our ESP "NULL" cipher doesn't interoperate with the one in Win2K even in configurations where DES and 3DES do.
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    kern-bug-people
>State:          closed
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sun Sep 09 07:16:00 +0000 2001
>Closed-Date:    Mon Feb 26 06:26:13 +0000 2018
>Last-Modified:  Mon Feb 26 06:26:13 +0000 2018
>Originator:     Thor Lancelot Simon
>Release:        2001-09-08
>Organization:
	The NetBSD Foundation
>Environment:
System: NetBSD rekusant.sr.tjls.com 1.5X NetBSD 1.5X (REKUSANT) #44: Fri Sep 7 14:50:57 EDT 2001 root@rekusant.sr.tjls.com:/lfs/src/sys/arch/i386/compile/REKUSANT i386
Architecture: i386
Machine: i386
>Description:
We can't decrypt packets sent by a Win2K host using the NULL cipher in IPsec
ESP, and they can't decrypt what we send.

>How-To-Repeat:

Set up IPsec in transport mode with a Win2K host, using DES or 3DES (test to
be sure it works!).  Then adjust the racoon configuration to offer only the
null_enc cipher, and in "mmc" on the win2k side, enable the NULL cipher in
the settings for the "Require Security" filter like this: 

Right-click IP Security Policies->your policy name; select "properties".  On
the window that then appears, click "edit".  Select the "filter action" tab,
then "Require Security", then "Edit".  In the "Security Methods" tab, select
"add" and add an entry with "None" for AH, "None" for ESP confidentiality,
and "MD5" or "SHA1" for ESP integrity

Try to ping one host from the other.  You'll see IKE go, ESP SAs will be
negotiated correctly on each end (use "ipsecmon" on the win2k host to see
this) but the ESP packets won't be correctly parsed on either end.

>Fix:
I have absolutely no idea.
>Release-Note:
>Audit-Trail:

From: itojun@iijlab.net
To: tls@rek.tjls.com
Cc: gnats-bugs@gnats.netbsd.org
Subject: Re: kern/13905: Our ESP "NULL" cipher does not interoperate with microsoft's 
Date: Sun, 09 Sep 2001 18:00:00 +0900

 >>Synopsis:       Our ESP "NULL" cipher doesn't interoperate with the one in Win2K even in configurations where DES and 3DES do.

 	please attach tcpdump output for the whole session to the PR,
 	captured by "tcpdump -s 2000 -w foo" (then uuencode foo).

 itojun

From: Thor Lancelot Simon <tls@rek.tjls.com>
To: itojun@iijlab.net
Cc: gnats-bugs@gnats.netbsd.org
Subject: Re: kern/13905: Our ESP "NULL" cipher does not interoperate with microsoft's
Date: Sun, 9 Sep 2001 07:21:24 -0400

 Here is a tcpdump of such a session.  The NetBSD/i386 host is 192.168.100.33;
 the Win2K host (which has SP2 applied) is 192.168.100.34.  There are packets
 from a ping in each direction and then an attempt to telnet in each direction.

 begin 644 null-esp
 MU,.RH0(`!````````````-`'```!````GT^;.QU*#@">````G@```/______
 M_P`"+2<'#0@`10``D"WG``"`$>>KP*AD(O____\$#`#``'S47P$`````````
 M````````````````````````````````````````````````````````````
 M````````````````````````````````````````````````````````````
 M````````````````````````HD^;.TAB#@">````G@```/_______P`"+2<'
 M#0@`10``D"WH``"`$>>JP*AD(O____\$#`#``'S47P$`````````````````
 M````````````````````````````````````````````````````````````
 M````````````````````````````````````````````````````````````
 M````````````````I4^;.Y%N#@">````G@```/_______P`"+2<'#0@`10``
 MD"WI``"`$>>IP*AD(O____\$#`#``'S47P$`````````````````````````
 M````````````````````````````````````````````````````````````
 M````````````````````````````````````````````````````````````
 M````````J$^;.PF!#@">````G@```/_______P`"+2<'#0@`10``D"WJ``"`
 M$>>HP*AD(O____\$#`#``'S47P$`````````````````````````````````
 M````````````````````````````````````````````````````````````
 M````````````````````````````````````````````````````````````
 MJD^;.T%O"P!B````8@`````"+2<'#0!0!!NU:@@`10``5`IR``#_`6>BP*AD
 M(<"H9"((`&TD4]X``*I/FSO[;@L`"`D*"PP-#@\0$1(3%!46%Q@9&AL<'1X?
 M("$B(R0E)B<H*2HK+"TN+S`Q,C,T-38WJD^;.X-W"P!^````?@`````"+2<'
 M#0!0!!NU:@@`10``<`IS``!`$29VP*AD(<"H9"(!]`'T`%S-_V)BHZM"(,/G
 M```````````!$`(``````````%0````X`````0````$````L`0$``0```"0!
 M`0``@`L``0`,``0``5&`@`$`!8`#``&``@`!@`0``JI/FSO9DPL`N@```+H`
 M````4`0;M6H``BTG!PT(`$4``*PM[```@!'"P,"H9"+`J&0A`?0!]`"8`&*`
 MLO5FI13VK````````````1`"``````````"0#0``7`````$````!````4`$!
 M``(#```D`0$``(`!``6``@`"@`0``H`#``&`"P`!``P`!```<(`````D`@$`
 M`(`!``6``@`!@`0``H`#``&`"P`!``P`!```<(`````8'BM1:069''U\EOR_
 MM8?D80````*J3YL[;)<+`)(```"2``````(M)P<-`%`$&[5J"`!%``"$"G0`
 M`$`1)F'`J&0AP*AD(@'T`?0`<!RS@++U9J44]JQVP16183:==`$0`@``````
 M````:`T``#@````!`````0```"P!`0`!````)`(!``"``0`%@`(``8`$``*`
 M`P`!@`L``0`,``0``'"`````%'`#R\$)?;Z<)@"Z:8.\BS6J3YL[4CX-`)8`
 M``"6`````%`$&[5J``(M)P<-"`!%``"(+>T``(`1PN/`J&0BP*AD(0'T`?0`
 M=-=_8F*CJT(@P^?!*_/>S<O!7`$0`@``````````;`T``#@````!`````0``
 M`"P!`0`!````)`$!``"``0`%@`(``8`$``*``P`!@`L``0`,``0``5&`````
 M&!XK46D%F1Q]?);\O[6'Y&$````"JD^;.P!M#0#R````\@`````"+2<'#0!0
 M!!NU:@@`10``Y`IU``!`$28`P*AD(<"H9"(!]`'T`-`(2V)BHZM"(,/GP2OS
 MWLW+P5P$$`(``````````,@*``"$]$-Z[$\]@`=X/J$.;VV8>2CB[E'!9D#B
 M?->">:=M%MM4[($#103&JNCT8N$)JOM/PL!QVW;':TE[U$2[P\(S;W-6NM.V
 MIN6F[31(6%<"%F<5_G=*JRY,BQK6S"_AY1L<=4X9*+"ZHJ04P)01Z\E??E=K
 MS%$)8D-]XJX32EA4O.T-```4A[);-Y<$/$J)AN.)*WN7VP```!1P`\O!"7V^
 MG"8`NFF#O(LUJD^;.[8<#P#B````X@````!0!!NU:@`"+2<'#0@`10``U"WN
 M``"`$<*6P*AD(L"H9"$!]`'T`,"FQH"R]6:E%/:L=L$5D6$VG70$$`(`````
 M`````+@*``"$B9K@^T[)/LK'_';!R"KI$%R_'?"_,9L8M>7_`)]&4U/+],V`
 M&YS6YD85AONF-J.C4,J1@E8K(`^,85,LIK?P3B:_[ECG!6&9"@2\6^E3=#H[
 M#!H'S\T:=D;FKB`4L%31F4+/9XR&'?/?/R2YM81NE5EH_9J)-P:YQJ27?V_/
 M9YP````8G$+0]#*_)&`1.SH!OOR@;9ZO`&.K3YL[30<``/(```#R``````(M
 M)P<-`%`$&[5J"`!%``#D"G8``$`1)?_`J&0AP*AD(@'T`?0`T,8P@++U9J44
 M]JQVP16183:==`00`@``````````R`H``(36=*&HADV@;H&R$A1VGP_Q0ED[
 MB>WG,3_G1[BK>J*FU-R?=&,IH:C'_TH(23ZKX1Y1OL(UZ<CRCU.XIO%C&+F#
 MDFO;DLKYGY02WL-L<J8A&+X-<-*J*KQ]WHC7>B/<`Y6KZZ"0_W?J136Q`8Y0
 M_2[$+CL'<7@R_5I=[PQLMYP[K0T``!2XPVW1DDZ.=67#_5T?`ES<````%'`#
 MR\$)?;Z<)@"Z:8.\BS6K3YL[9&T``.(```#B`````%`$&[5J``(M)P<-"`!%
 M``#4+>\``(`1PI7`J&0BP*AD(0'T`?0`P/NF8F*CJT(@P^?!*_/>S<O!7`00
 M`@``````````N`H``(0MH=GO7W)N*+*+M\U$&"L"B#X#=#\!B)01?I7N*>BM
 M.XO:!>\%>UAD"I)6`8ZK.ZJ6'4V_']@;+L7IE$87A"W8A#'#\\D9)O36"QV*
 MXNVDN*HUE5T#T%TCX0L&B&AB()#&A4"3E12V)`_L6Y041>>G'*HEOV</^!R=
 M&N??&!1^MP```!C&-8U`PB4*D:HSD3$&&1BMO_"$0:M/FSO`H0``;@```&X`
 M`````BTG!PT`4`0;M6H(`$4``&`*=P``0!$F@L"H9"'`J&0B`?0!]`!,T,]B
 M8J.K0B##Y\$K\][-R\%<!1`"`0````````!$(ZZ@'<<U1%.$^0Y;;EE<+2%3
 M.[-]+K!RF[C.%SB.7K2BLPA<\$LU):M/FSOD"`$`9@```&8`````4`0;M6H`
 M`BTG!PT(`$4``%@M\```@!'#$,"H9"+`J&0A`?0!]`!$=\^`LO5FI13VK';!
 M%9%A-IUT!1`"`0`````````\34^[1A[LG;:F,GM`,6>'[I.BK6E!V-)+*9F(
 M!,"?+H6K3YL[N0H!`&X```!N``````(M)P<-`%`$&[5J"`!%``!@"G@``$`1
 M)H'`J&0AP*AD(@'T`?0`3"S8@++U9J44]JQVP16183:==`40`@$`````````
 M1'YB8GW$7689#0^S]W`#._(W2>('=3.S2GUFL^=+F+D2*7@S_YX']3BK3YL[
 M&PP!`'X```!^``````(M)P<-`%`$&[5J"`!%``!P"GD``$`1)G#`J&0AP*AD
 M(@'T`?0`7%F"@++U9J44]JQVP16183:==`@0!0%;L3T1````5.>GLPFT`BAW
 M?AKYWG6DIEOQ`/#S8F*7^X^8_QJA`D("MF<"1G+N[#.`LY;-"9UMT\9ZJ%NO
 MZ?:$JT^;.]L.`0!F````9@````!0!!NU:@`"+2<'#0@`10``6"WQ``"`$<,/
 MP*AD(L"H9"$!]`'T`$3MR&)BHZM"(,/GP2OSWLW+P5P%$`(!`````````#SB
 MV[TH2?NV"Y`-ER_G3CKUCU(YZ9ZQTYIZ2^<I:E-[K*M/FSN;.@$`5@$``%8!
 M````4`0;M6H``BTG!PT(`$4``4@M\@``@!'"'L"H9"+`J&0A`?0!]`$T/YJ`
 MLO5FI13VK';!%9%A-IUT"!`@`5$>^0\```$L)P@:'?.1G75P2<06#)AVEVP?
 M\]5KJPCFX<3@-1XZND-[%PH<*3'<LT[`J;F)&DQ;=D+*660.K[MZPL<.?G*?
 ME?#`RH&=]\3HNG0I$U'K+$XQ&MO&:]<5[GQ(\@0G#//H4EE>MJL[*('T*,2Q
 M&N1`#?#',_[\RZ'(=4=/W2G*D4`F2$)D(C*65&;?G%-V)S'1TJEA8BOXUV6%
 M:4'S2FX:];N4S#$)8P9/E?W%?&1#E1,BZ*)G$#!R-1MK,1(RVU$HVQ?-#H"L
 MBYF=.CY7"3@W;CYA?"(+;R.7.R\T#,%+)6Z_ZF<CONNL.7P.UR7L*]G=HIEF
 MD<[G3U%6,1P;&B8_SYI!2N=Q_,0D(GLJ91]'>H"K3YL[DD(!`+8```"V````
 M``(M)P<-`%`$&[5J"`!%``"H"GH``$`1)C?`J&0AP*AD(@'T`?0`E"4)@++U
 M9J44]JQVP16183:==`@0(`%1'OD/````C)<X*FZJAE$R@1,"=F^*GUIL@T67
 MCS+,-(.2B&FP"]WF";:F=PEULE"O!MP3HEMMZ#Z'.E"!TAKT%9FK><)`SF$R
 MH_\%.2;JT-W*[@V4]FZB(PS:UE\8K#_O&2:M^*>A=CQ<GTLU"^=3"&I7GT.N
 MG,:K3YL[,50!`'X```!^`````%`$&[5J``(M)P<-"`!%``!P+>L``(`RPMS`
 MJ&0BP*AD(0NT,NL````!``!U)%/>``"J3YL[^VX+``@)"@L,#0X/$!$2$Q05
 M%A<8&1H;'!T>'R`A(B,D)28G*"DJ*RPM+B\P,3(S-#4V-P$"`P0%!@8!\%[\
 M*7F>86_2GM,_JT^;.[17`0!>````7@````!0!!NU:@`"+2<'#0@`10``4"WS
 M``"`$<,5P*AD(L"H9"$!]`'T`#SQ]X"R]6:E%/:L=L$5D6$VG70($"`!41[Y
 M#P```#2PN#G4QV-5A%(L=!?V#^_-4WR#"LPD6G.K3YL[.)D+`'H```!Z````
 M``(M)P<-`%`$&[5J"`!%``!L"GP``/\R9T_`J&0AP*AD(I#C=O$````!"`"4
 M^5/>``&K3YL[TI@+``@)"@L,#0X/$!$2$Q05%A<8&1H;'!T>'R`A(B,D)28G
 M*"DJ*RPM+B\P,3(S-#4V-P$"`@%@>9_NGY;4Q+$LEQBK3YL[C_(.`)X```">
 M````________``(M)P<-"`!%``"0+?0``(`1YY[`J&0B_____P0,`,``?-1?
 M`0``````````````````````````````````````````````````````````
 M````````````````````````````````````````````````````````````
 M``````````````````````````````````"L3YL[)A@!`&8```!F`````%`$
 M&[5J``(M)P<-"`!%``!8+?4``(`1PPO`J&0BP*AD(0'T`?0`1.W(8F*CJT(@
 MP^?!*_/>S<O!7`40`@$`````````/.+;O2A)^[8+D`V7+^=..O6/4CGIGK'3
 MFGI+YREJ4WNLK$^;.X5'`0`N`0``+@$````"+2<'#0!0!!NU:@@`10`!(`I]
 M``!`$26\P*AD(<"H9"(!]`'T`0STBX"R]6:E%/:L=L$5D6$VG70($"`!>3)A
 M+````036N]@F0+RL==Z)B*`K=[9BZG%D`0.B"8:'['?F)OSP[>F+&^R#2"R#
 M^:,C<_;DGR@R4AY%?\U'QR_8^"<P:EIA8'W&#@5GY7E'HY?D_8R7W2\3]=LQ
 M&F(;_T4=?:,PS>*@"./$`:M_2%/\8EO:NE'`R$UT8N%(FFR!L;&]8114.6XS
 M4_X$A()_"9D>5&\X4'N$!/#].+#<_&]$M5=45J&;6F$+D.][TC4%(8D85HV/
 M+KH=-B8S(99#W*34\O0%HQPWX9.XX*!=\?K8ZJY#]#D-@DX;\XDBBH67*D&`
 M$B[UGY`>L7@!S802K$^;.^%<`0!V````=@````!0!!NU:@`"+2<'#0@`10``
 M:"WV``"`$<+ZP*AD(L"H9"$!]`'T`%2UP8"R]6:E%/:L=L$5D6$VG70($`4!
 M<L:`4````$P:>E/&E7^<\JS)B0%^UR^W7FI,$WTGQ:47_FZ?L4C3"P/KOM;E
 M=B(7??MEVTW4Y7:L3YL[U&(!`'8```!V`````%`$&[5J``(M)P<-"`!%``!H
 M+?<``(`1POG`J&0BP*AD(0'T`?0`5`[>@++U9J44]JQVP16183:==`@0!0$$
 M;Q*-````3$%<[2$>3J[1=BF$#VA@?MV\.%2L`9QI775EV,1Z,C%8S6J[C[S\
 M`?H#NRZOE6M_2JQ/FSN3:`$`;@```&X`````4`0;M6H``BTG!PT(`$4``&`M
 M^```@!'#`,"H9"+`J&0A`?0!]`!,0HJ`LO5FI13VK';!%9%A-IUT"!`%`6A[
 M]I<```!$P4-7MI4C!X4LAE+++RP>E^XO7O02:=O$(;!<9VB*,EP;K`/%=6GZ
 M*ZQ/FSLSF0L`>@```'H``````BTG!PT`4`0;M6H(`$4``&P*?P``_S)G3,"H
 M9"'`J&0BD.-V\0````((`)/X4]X``JQ/FSO2F`L`"`D*"PP-#@\0$1(3%!46
 M%Q@9&AL<'1X?("$B(R0E)B<H*2HK+"TN+S`Q,C,T-38W`0("`2OVGHI5I;0R
 M8[&)1ZU/FSL%F0L`>@```'H``````BTG!PT`4`0;M6H(`$4``&P*@0``_S)G
 M2L"H9"'`J&0BD.-V\0````,(`);W4]X``ZU/FSO.F`L`"`D*"PP-#@\0$1(3
 M%!46%Q@9&AL<'1X?("$B(R0E)B<H*2HK+"TN+S`Q,C,T-38W`0("`=>"R&G$
 M`RUOUTX\G:Y/FSL!(P$`9@```&8`````4`0;M6H``BTG!PT(`$4``%@M^0``
 M@!'#!\"H9"+`J&0A`?0!]`!$[<AB8J.K0B##Y\$K\][-R\%<!1`"`0``````
 M```\XMN]*$G[M@N0#9<OYTXZ]8]2.>F>L=.:>DOG*6I3>ZRN3YL[")D+`'H`
 M``!Z``````(M)P<-`%`$&[5J"`!%``!L"H,``/\R9TC`J&0AP*AD(I#C=O$`
 M```$"`"5]E/>``2N3YL[SI@+``@)"@L,#0X/$!$2$Q05%A<8&1H;'!T>'R`A
 M(B,D)28G*"DJ*RPM+B\P,3(S-#4V-P$"`@%KSPMODHO\RO9;.]BN3YL[]/0.
 M`)X```">````________``(M)P<-"`!%``"0+?H``(`1YYC`J&0B_____P0,
 M`,``?-1?`0``````````````````````````````````````````````````
 M````````````````````````````````````````````````````````````
 M``````````````````````````````````````````"O3YL["ID+`'H```!Z
 M``````(M)P<-`%`$&[5J"`!%``!L"H4``/\R9T;`J&0AP*AD(I#C=O$````%
 M"`"3]5/>``6O3YL[SY@+``@)"@L,#0X/$!$2$Q05%A<8&1H;'!T>'R`A(B,D
 M)28G*"DJ*RPM+B\P,3(S-#4V-P$"`@&;1X]L6U('X#X98(*P3YL[5ID+`'H`
 M``!Z``````(M)P<-`%`$&[5J"`!%``!L"H<``/\R9T3`J&0AP*AD(I#C=O$`
 M```&"`",]%/>``:P3YL[U9@+``@)"@L,#0X/$!$2$Q05%A<8&1H;'!T>'R`A
 M(B,D)28G*"DJ*RPM+B\P,3(S-#4V-P$"`@'X4@XCIK]*90IK"I>Q3YL[#)D+
 M`'H```!Z``````(M)P<-`%`$&[5J"`!%``!L"HD``/\R9T+`J&0AP*AD(I#C
 M=O$````'"`"2\U/>``>Q3YL[SI@+``@)"@L,#0X/$!$2$Q05%A<8&1H;'!T>
 M'R`A(B,D)28G*"DJ*RPM+B\P,3(S-#4V-P$"`@$Q/4_R'/C+_AX3*R.Q3YL[
 MH0@/`)X```">````________``(M)P<-"`!%``"0+?L``(`1YY?`J&0B____
 M_P0,`,``?-1?`0``````````````````````````````````````````````
 M````````````````````````````````````````````````````````````
 M``````````````````````````````````````````````"R3YL[1#P!`&8`
 M``!F`````%`$&[5J``(M)P<-"`!%``!8+?P``(`1PP3`J&0BP*AD(0'T`?0`
 M1.W(8F*CJT(@P^?!*_/>S<O!7`40`@$`````````/.+;O2A)^[8+D`V7+^=.
 M.O6/4CGIGK'3FGI+YREJ4WNLLD^;.W&9"P!Z````>@`````"+2<'#0!0!!NU
 M:@@`10``;`J,``#_,F<_P*AD(<"H9"*0XW;Q````"`@`B/)3W@`(LD^;.]>8
 M"P`("0H+#`T.#Q`1$A,4%187&!D:&QP='A\@(2(C)"4F)R@I*BLL+2XO,#$R
 M,S0U-C<!`@(!3/;4V+B'M+HO*",RLT^;.P:9"P!Z````>@`````"+2<'#0!0
 M!!NU:@@`10``;`J.``#_,F<]P*AD(<"H9"*0XW;Q````"0@`D/%3W@`)LT^;
 M.\Z8"P`("0H+#`T.#Q`1$A,4%187&!D:&QP='A\@(2(C)"4F)R@I*BLL+2XO
 M,#$R,S0U-C<!`@(!\R9\A`MU$X&C#@Q4M$^;.P29"P!Z````>@`````"+2<'
 M#0!0!!NU:@@`10``;`J0``#_,F<[P*AD(<"H9"*0XW;Q````"@@`C_!3W@`*
 MM$^;.\Z8"P`("0H+#`T.#Q`1$A,4%187&!D:&QP='A\@(2(C)"4F)R@I*BLL
 M+2XO,#$R,S0U-C<!`@(!?65(3$?=W^8ZS^>_M$^;.X(9#P">````G@```/__
 M_____P`"+2<'#0@`10``D"W]``"`$>>5P*AD(O____\$#`#``'S47P$`````
 M````````````````````````````````````````````````````````````
 M````````````````````````````````````````````````````````````
 M````````````````````````````M4^;.PN9"P!Z````>@`````"+2<'#0!0
 M!!NU:@@`10``;`J2``#_,F<YP*AD(<"H9"*0XW;Q````"P@`CN]3W@`+M4^;
 M.\Z8"P`("0H+#`T.#Q`1$A,4%187&!D:&QP='A\@(2(C)"4F)R@I*BLL+2XO
 M,#$R,S0U-C<!`@(!1#J??]32.RR`4%!:MD^;.SN9"P!Z````>@`````"+2<'
 M#0!0!!NU:@@`10``;`J4``#_,F<WP*AD(<"H9"*0XW;Q````#`@`B^Y3W@`,
 MMD^;.]"8"P`("0H+#`T.#Q`1$A,4%187&!D:&QP='A\@(2(C)"4F)R@I*BLL
 M+2XO,#$R,S0U-C<!`@(!""0NSK.('=)P)`!PMT^;.P>9"P!Z````>@`````"
 M+2<'#0!0!!NU:@@`10``;`J6``#_,F<UP*AD(<"H9"*0XW;Q````#0@`C.U3
 MW@`-MT^;.\Z8"P`("0H+#`T.#Q`1$A,4%187&!D:&QP='A\@(2(C)"4F)R@I
 M*BLL+2XO,#$R,S0U-C<!`@(!,`=FC$"WR.=5<WB5MT^;.[DK#P">````G@``
 M`/_______P`"+2<'#0@`10``D"W^``"`$>>4P*AD(O____\$#`#``'S47P$`
 M````````````````````````````````````````````````````````````
 M````````````````````````````````````````````````````````````
 M````````````````````````````````ND^;.T5&`0!F````9@````!0!!NU
 M:@`"+2<'#0@`10``6"W_``"`$<,!P*AD(L"H9"$!]`'T`$3MR&)BHZM"(,/G
 MP2OSWLW+P5P%$`(!`````````#SBV[TH2?NV"Y`-ER_G3CKUCU(YZ9ZQTYIZ
 M2^<I:E-[K+I/FSL?/@\`G@```)X```#_______\``BTG!PT(`$4``)`N````
 M@!'GDL"H9"+_____!`P`P`!\U%\!````````````````````````````````
 M````````````````````````````````````````````````````````````
 M````````````````````````````````````````````````````````````
 M`+U/FSO@:08`_P```/\```#_______\``BTG!PT(`$4``/$N`0``@!'!B,"H
 M9"+`J&3_`(H`B@#=[941#H39P*AD(@"*`,<``"!&045)149&14-.14Y%0D5,
 M0TY%3D5"14Q#04-!0T%!00`@04)!0T901E!%3D9$14-&0T501DA&1$5&1E!&
 M4$%#04(`_U--0B4````````````````````````````````````1```M````
 M````````Z`,``````````"T`5@`#``$``0`"`#X`7$U!24Q33$]47$)23U=3
 M10`,`&#J``!73U)+1U)/55``4`0``#S_`PH`$`"`M`,/`%!(150M34%++4U!
 M2P"^3YL[(0X``)X```">````________``(M)P<-"`!%``"0+@(``(`1YY#`
 MJ&0B_____P0,`,``?-1?`0``````````````````````````````````````
 M````````````````````````````````````````````````````````````
 M``````````````````````````````````````````````````````#`3YL[
 M4ED``&8```!F`````%`$&[5J``(M)P<-"`!%``!8+@,``(`RPMS`J&0BP*AD
 M(0NT,NL````""`!06P,`^@!A8F-D969G:&EJ:VQM;F]P<7)S='5V=V%B8V1E
 M9F=H:0$"`P0%!@8!,LNF&'$N5GT`5]?.P4^;.X0@``">````G@```/______
 M_P`"+2<'#0@`10``D"X$``"`$>>.P*AD(O____\$#`#``'S47P$`````````
 M````````````````````````````````````````````````````````````
 M````````````````````````````````````````````````````````````
 M````````````````````````P4^;.SQ*"`!F````9@````!0!!NU:@`"+2<'
 M#0@`10``6"X%``"`,L+:P*AD(L"H9"$+M#+K`````P@`3UL#`/L`86)C9&5F
 M9VAI:FML;6YO<'%R<W1U=G=A8F-D969G:&D!`@,$!08&`0/=X$).*CD3>UI`
 M$\)/FSL0Q`<`9@```&8`````4`0;M6H``BTG!PT(`$4``%@N!@``@#+"V<"H
 M9"+`J&0A"[0RZP````0(`$Y;`P#\`&%B8V1E9F=H:6IK;&UN;W!Q<G-T=79W
 M86)C9&5F9VAI`0(#!`4&!@%Z`&QI+CE**$S@K/W#3YL[U\<'`&8```!F````
 M`%`$&[5J``(M)P<-"`!%``!8+@<``(`RPMC`J&0BP*AD(0NT,NL````%"`!-
 M6P,`_0!A8F-D969G:&EJ:VQM;F]P<7)S='5V=V%B8V1E9F=H:0$"`P0%!@8!
 MZ)2-$/6X8Q.%%*'<Q$^;.X0R``">````G@```/_______P`"+2<'#0@`10``
 MD"X(``"`$>>*P*AD(O____\$#`#``'S47P$`````````````````````````
 M````````````````````````````````````````````````````````````
 M````````````````````````````````````````````````````````````
 M````````QT^;.\]$``">````G@```/_______P`"+2<'#0@`10``D"X)``"`
 M$>>)P*AD(O____\$#`#``'S47P$`````````````````````````````````
 M````````````````````````````````````````````````````````````
 M````````````````````````````````````````````````````````````
 MRD^;.X17``">````G@```/_______P`"+2<'#0@`10``D"X*``"`$>>(P*AD
 M(O____\$#`#``'S47P$`````````````````````````````````````````
 M````````````````````````````````````````````````````````````
 M````````````````````````````````````````````````````RD^;.P^X
 M`0!F````9@````!0!!NU:@`"+2<'#0@`10``6"X+``"`$<+UP*AD(L"H9"$!
 M]`'T`$3MR&)BHZM"(,/GP2OSWLW+P5P%$`(!`````````#SBV[TH2?NV"Y`-
 MER_G3CKUCU(YZ9ZQTYIZ2^<I:E-[K,U/FSLQ:0``G@```)X```#_______\`
 M`BTG!PT(`$4``)`N#```@!'GAL"H9"+_____!`P`P`!\U%\!````````````
 M````````````````````````````````````````````````````````````
 M````````````````````````````````````````````````````````````
 M`````````````````````,U/FSNDAP$`5@```%8``````BTG!PT`4`0;M6H(
 M`$4``$@*F```0#(F6,"H9"'`J&0BD.-V\0````[_YP`7%VD'5`````!P`D``
 MV\X```($!;0!`P,``0("!M%1Y';JO$7A.54>I]!/FSMWB```G@```)X```#_
 M______\``BTG!PT(`$4``)`N#0``@!'GA<"H9"+_____!`P`P`!\U%\!````
 M````````````````````````````````````````````````````````````
 M````````````````````````````````````````````````````````````
 M`````````````````````````````-)/FSL]6`X`5@```%8``````BTG!PT`
 M4`0;M6H(`$4``$@*F0``0#(F5\"H9"'`J&0BD.-V\0````__YP`7%VD'5```
 M``!P`D``V\X```($!;0!`P,``0("!GLEVW."J!HG#_3J=--/FSL(M0``G@``
 M`)X```#_______\``BTG!PT(`$4``)`N#@``@!'GA,"H9"+_____!`P`P`!\
 MU%\!````````````````````````````````````````````````````````
 M````````````````````````````````````````````````````````````
 M`````````````````````````````````````-9/FSL5H```G@```)X```#_
 M______\``BTG!PT(`$4``)`N#P``@!'G@\"H9"+_____!`P`P`!\U%\!````
 M````````````````````````````````````````````````````````````
 M````````````````````````````````````````````````````````````
 M`````````````````````````````-E/FSM8L@``G@```)X```#_______\`
 M`BTG!PT(`$4``)`N$```@!'G@L"H9"+_____!`P`P`!\U%\!````````````
 M````````````````````````````````````````````````````````````
 M````````````````````````````````````````````````````````````
 M`````````````````````-Q/FSN]Q```G@```)X```#_______\``BTG!PT(
 M`$4``)`N$0``@!'G@<"H9"+_____!`P`P`!\U%\!````````````````````
 M````````````````````````````````````````````````````````````
 M````````````````````````````````````````````````````````````
 M`````````````-Q/FSM1C`@`5@```%8`````4`0;M6H``BTG!PT(`$4``$@N
 M$D``@#*"W<"H9"+`J&0A"[0RZP````8$6``7*:-^>0````!P`D``3/\```($
 M!;0!`00"`0("!IPF)8?_M?4'^!90D]]/FSNIU@``G@```)X```#_______\`
 M`BTG!PT(`$4``)`N$P``@!'G?\"H9"+_____!`P`P`!\U%\!````````````
 M````````````````````````````````````````````````````````````
 M````````````````````````````````````````````````````````````
 M`````````````````````-]/FSL?R`<`5@```%8`````4`0;M6H``BTG!PT(
 M`$4``$@N%$``@#*"V\"H9"+`J&0A"[0RZP````<$6``7*:-^>0````!P`D``
 M3/\```($!;0!`00"`0("!N#M_>VM%/^?864>@N)/FSORZ```G@```)X```#_
 M______\``BTG!PT(`$4``)`N%P``@!'G>\"H9"+_____!`P`P`!\U%\!````
 M````````````````````````````````````````````````````````````
 M````````````````````````````````````````````````````````````
 M`````````````````````````````.5/FSOH!`$`G@```)X```#_______\`
 M`BTG!PT(`$4``)`N&```@!'G>L"H9"+_____!`P`P`!\U%\!````````````
 M````````````````````````````````````````````````````````````
 M````````````````````````````````````````````````````````````
 M`````````````````````.5/FSM>TP<`5@```%8`````4`0;M6H``BTG!PT(
 M`$4``$@N&4``@#*"UL"H9"+`J&0A"[0RZP````@$6``7*:-^>0````!P`D``
 M3/\```($!;0!`00"`0("!OFM[M2NR:P5\%<!B.A/FSN/#0$`G@```)X```#_
 M______\``BTG!PT(`$4``)`N&@``@!'G>,"H9"+_____!`P`P`!\U%\!````
 M````````````````````````````````````````````````````````````
 M````````````````````````````````````````````````````````````
 6````````````````````````````````
 `
 end

From: itojun@iijlab.net
To: tls@rek.tjls.com
Cc: gnats-bugs@gnats.netbsd.org
Subject: Re: kern/13905: Our ESP "NULL" cipher does not interoperate with microsoft's 
Date: Mon, 10 Sep 2001 11:46:41 +0900

 >Here is a tcpdump of such a session.  The NetBSD/i386 host is 192.168.100.33;
 >the Win2K host (which has SP2 applied) is 192.168.100.34.  There are packets
 >from a ping in each direction and then an attempt to telnet in each direction.

 	as far as I can tell, they are using the same kind of encapsulation.
 	if NetBSD box and Win2k box cannot communicate with each other,
 	this must be due to some difference in ESP authentication (checksum)
 	key difference.  could you check if both end agrees about the
 	ESP authentication secret?

 itojun

From: Thor Lancelot Simon <tls@rek.tjls.com>
To: itojun@iijlab.net
Cc: gnats-bugs@gnats.netbsd.org
Subject: Re: kern/13905: Our ESP "NULL" cipher does not interoperate with microsoft's
Date: Sun, 9 Sep 2001 23:02:58 -0400

 On Mon, Sep 10, 2001 at 11:46:41AM +0900, itojun@iijlab.net wrote:
 > >Here is a tcpdump of such a session.  The NetBSD/i386 host is 192.168.100.33;
 > >the Win2K host (which has SP2 applied) is 192.168.100.34.  There are packets
 > >from a ping in each direction and then an attempt to telnet in each direction.
 > 
 > 	as far as I can tell, they are using the same kind of encapsulation.
 > 	if NetBSD box and Win2k box cannot communicate with each other,
 > 	this must be due to some difference in ESP authentication (checksum)
 > 	key difference.  could you check if both end agrees about the
 > 	ESP authentication secret?

 Unfortunately, I don't know how to get at the raw SA data under Win2K, so
 I can't really check this.  :-(

 Thor
State-Changed-From-To: open->feedback
State-Changed-By: maxv@NetBSD.org
State-Changed-When: Sun, 25 Feb 2018 18:02:54 +0000
State-Changed-Why:
The IPsec code has been fixed many times since. Does the issue still
occur? (While here I put "IPsec" in the title for clarity.)


From: Thor Lancelot Simon <tls@panix.com>
To: gnats-bugs@NetBSD.org
Cc: kern-bug-people@netbsd.org, netbsd-bugs@netbsd.org,
	gnats-admin@netbsd.org, maxv@NetBSD.org, tls@rek.tjls.com
Subject: Re: kern/13905 (IPsec: Our ESP "NULL" cipher doesn't interoperate
 with the one in Win2K even in configurations where DES and 3DES do.)
Date: Sun, 25 Feb 2018 16:39:45 -0500

 Beats me.  I thankfully don't have Win2k available any longer to test.

 On Sun, Feb 25, 2018 at 06:02:54PM +0000, maxv@NetBSD.org wrote:
 > Synopsis: IPsec: Our ESP "NULL" cipher doesn't interoperate with the one in Win2K even in configurations where DES and 3DES do.
 > 
 > State-Changed-From-To: open->feedback
 > State-Changed-By: maxv@NetBSD.org
 > State-Changed-When: Sun, 25 Feb 2018 18:02:54 +0000
 > State-Changed-Why:
 > The IPsec code has been fixed many times since. Does the issue still
 > occur? (While here I put "IPsec" in the title for clarity.)
 > 
 > 

 -- 
   Thor Lancelot Simon	                                     tls@panix.com
  "The two most common variations translate as follows:
 	illegitimi non carborundum = the unlawful are not silicon carbide
 	illegitimis non carborundum = the unlawful don't have silicon carbide."

State-Changed-From-To: feedback->closed
State-Changed-By: maxv@NetBSD.org
State-Changed-When: Mon, 26 Feb 2018 06:26:13 +0000
State-Changed-Why:
Close this PR, it's not relevant anymore, the code has drastically
changed since.


>Unformatted:

NetBSD Home
NetBSD PR Database Search

(Contact us) $NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.9 2014/08/02 14:16:04 spz Exp $
Copyright © 1994-2007 The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.