NetBSD Problem Report #13905
Received: (qmail 390 invoked from network); 9 Sep 2001 07:15:56 -0000
Message-Id: <200109090716.f897G0501913@rekusant.sr.tjls.com>
Date: Sun, 9 Sep 2001 03:16:00 -0400 (EDT)
From: tls@rek.tjls.com
Reply-To: tls@rek.tjls.com
To: gnats-bugs@gnats.netbsd.org
Subject: Our ESP "NULL" cipher does not interoperate with microsoft's
X-Send-Pr-Version: 3.95
>Number: 13905
>Category: kern
>Synopsis: IPsec: Our ESP "NULL" cipher doesn't interoperate with the one in Win2K even in configurations where DES and 3DES do.
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: kern-bug-people
>State: closed
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Sun Sep 09 07:16:00 +0000 2001
>Closed-Date: Mon Feb 26 06:26:13 +0000 2018
>Last-Modified: Mon Feb 26 06:26:13 +0000 2018
>Originator: Thor Lancelot Simon
>Release: 2001-09-08
>Organization:
The NetBSD Foundation
>Environment:
System: NetBSD rekusant.sr.tjls.com 1.5X NetBSD 1.5X (REKUSANT) #44: Fri Sep 7 14:50:57 EDT 2001 root@rekusant.sr.tjls.com:/lfs/src/sys/arch/i386/compile/REKUSANT i386
Architecture: i386
Machine: i386
>Description:
We can't decrypt packets sent by a Win2K host using the NULL cipher in IPsec
ESP, and they can't decrypt what we send.
>How-To-Repeat:
Set up IPsec in transport mode with a Win2K host, using DES or 3DES (test to
be sure it works!). Then adjust the racoon configuration to offer only the
null_enc cipher, and in "mmc" on the win2k side, enable the NULL cipher in
the settings for the "Require Security" filter like this:
Right-click IP Security Policies->your policy name; select "properties". On
the window that then appears, click "edit". Select the "filter action" tab,
then "Require Security", then "Edit". In the "Security Methods" tab, select
"add" and add an entry with "None" for AH, "None" for ESP confidentiality,
and "MD5" or "SHA1" for ESP integrity
Try to ping one host from the other. You'll see IKE go, ESP SAs will be
negotiated correctly on each end (use "ipsecmon" on the win2k host to see
this) but the ESP packets won't be correctly parsed on either end.
>Fix:
I have absolutely no idea.
>Release-Note:
>Audit-Trail:
From: itojun@iijlab.net
To: tls@rek.tjls.com
Cc: gnats-bugs@gnats.netbsd.org
Subject: Re: kern/13905: Our ESP "NULL" cipher does not interoperate with microsoft's
Date: Sun, 09 Sep 2001 18:00:00 +0900
>>Synopsis: Our ESP "NULL" cipher doesn't interoperate with the one in Win2K even in configurations where DES and 3DES do.
please attach tcpdump output for the whole session to the PR,
captured by "tcpdump -s 2000 -w foo" (then uuencode foo).
itojun
From: Thor Lancelot Simon <tls@rek.tjls.com>
To: itojun@iijlab.net
Cc: gnats-bugs@gnats.netbsd.org
Subject: Re: kern/13905: Our ESP "NULL" cipher does not interoperate with microsoft's
Date: Sun, 9 Sep 2001 07:21:24 -0400
Here is a tcpdump of such a session. The NetBSD/i386 host is 192.168.100.33;
the Win2K host (which has SP2 applied) is 192.168.100.34. There are packets
from a ping in each direction and then an attempt to telnet in each direction.
begin 644 null-esp
MU,.RH0(`!````````````-`'```!````GT^;.QU*#@">````G@```/______
M_P`"+2<'#0@`10``D"WG``"`$>>KP*AD(O____\$#`#``'S47P$`````````
M````````````````````````````````````````````````````````````
M````````````````````````````````````````````````````````````
M````````````````````````HD^;.TAB#@">````G@```/_______P`"+2<'
M#0@`10``D"WH``"`$>>JP*AD(O____\$#`#``'S47P$`````````````````
M````````````````````````````````````````````````````````````
M````````````````````````````````````````````````````````````
M````````````````I4^;.Y%N#@">````G@```/_______P`"+2<'#0@`10``
MD"WI``"`$>>IP*AD(O____\$#`#``'S47P$`````````````````````````
M````````````````````````````````````````````````````````````
M````````````````````````````````````````````````````````````
M````````J$^;.PF!#@">````G@```/_______P`"+2<'#0@`10``D"WJ``"`
M$>>HP*AD(O____\$#`#``'S47P$`````````````````````````````````
M````````````````````````````````````````````````````````````
M````````````````````````````````````````````````````````````
MJD^;.T%O"P!B````8@`````"+2<'#0!0!!NU:@@`10``5`IR``#_`6>BP*AD
M(<"H9"((`&TD4]X``*I/FSO[;@L`"`D*"PP-#@\0$1(3%!46%Q@9&AL<'1X?
M("$B(R0E)B<H*2HK+"TN+S`Q,C,T-38WJD^;.X-W"P!^````?@`````"+2<'
M#0!0!!NU:@@`10``<`IS``!`$29VP*AD(<"H9"(!]`'T`%S-_V)BHZM"(,/G
M```````````!$`(``````````%0````X`````0````$````L`0$``0```"0!
M`0``@`L``0`,``0``5&`@`$`!8`#``&``@`!@`0``JI/FSO9DPL`N@```+H`
M````4`0;M6H``BTG!PT(`$4``*PM[```@!'"P,"H9"+`J&0A`?0!]`"8`&*`
MLO5FI13VK````````````1`"``````````"0#0``7`````$````!````4`$!
M``(#```D`0$``(`!``6``@`"@`0``H`#``&`"P`!``P`!```<(`````D`@$`
M`(`!``6``@`!@`0``H`#``&`"P`!``P`!```<(`````8'BM1:069''U\EOR_
MM8?D80````*J3YL[;)<+`)(```"2``````(M)P<-`%`$&[5J"`!%``"$"G0`
M`$`1)F'`J&0AP*AD(@'T`?0`<!RS@++U9J44]JQVP16183:==`$0`@``````
M````:`T``#@````!`````0```"P!`0`!````)`(!``"``0`%@`(``8`$``*`
M`P`!@`L``0`,``0``'"`````%'`#R\$)?;Z<)@"Z:8.\BS6J3YL[4CX-`)8`
M``"6`````%`$&[5J``(M)P<-"`!%``"(+>T``(`1PN/`J&0BP*AD(0'T`?0`
M=-=_8F*CJT(@P^?!*_/>S<O!7`$0`@``````````;`T``#@````!`````0``
M`"P!`0`!````)`$!``"``0`%@`(``8`$``*``P`!@`L``0`,``0``5&`````
M&!XK46D%F1Q]?);\O[6'Y&$````"JD^;.P!M#0#R````\@`````"+2<'#0!0
M!!NU:@@`10``Y`IU``!`$28`P*AD(<"H9"(!]`'T`-`(2V)BHZM"(,/GP2OS
MWLW+P5P$$`(``````````,@*``"$]$-Z[$\]@`=X/J$.;VV8>2CB[E'!9D#B
M?->">:=M%MM4[($#103&JNCT8N$)JOM/PL!QVW;':TE[U$2[P\(S;W-6NM.V
MIN6F[31(6%<"%F<5_G=*JRY,BQK6S"_AY1L<=4X9*+"ZHJ04P)01Z\E??E=K
MS%$)8D-]XJX32EA4O.T-```4A[);-Y<$/$J)AN.)*WN7VP```!1P`\O!"7V^
MG"8`NFF#O(LUJD^;.[8<#P#B````X@````!0!!NU:@`"+2<'#0@`10``U"WN
M``"`$<*6P*AD(L"H9"$!]`'T`,"FQH"R]6:E%/:L=L$5D6$VG70$$`(`````
M`````+@*``"$B9K@^T[)/LK'_';!R"KI$%R_'?"_,9L8M>7_`)]&4U/+],V`
M&YS6YD85AONF-J.C4,J1@E8K(`^,85,LIK?P3B:_[ECG!6&9"@2\6^E3=#H[
M#!H'S\T:=D;FKB`4L%31F4+/9XR&'?/?/R2YM81NE5EH_9J)-P:YQJ27?V_/
M9YP````8G$+0]#*_)&`1.SH!OOR@;9ZO`&.K3YL[30<``/(```#R``````(M
M)P<-`%`$&[5J"`!%``#D"G8``$`1)?_`J&0AP*AD(@'T`?0`T,8P@++U9J44
M]JQVP16183:==`00`@``````````R`H``(36=*&HADV@;H&R$A1VGP_Q0ED[
MB>WG,3_G1[BK>J*FU-R?=&,IH:C'_TH(23ZKX1Y1OL(UZ<CRCU.XIO%C&+F#
MDFO;DLKYGY02WL-L<J8A&+X-<-*J*KQ]WHC7>B/<`Y6KZZ"0_W?J136Q`8Y0
M_2[$+CL'<7@R_5I=[PQLMYP[K0T``!2XPVW1DDZ.=67#_5T?`ES<````%'`#
MR\$)?;Z<)@"Z:8.\BS6K3YL[9&T``.(```#B`````%`$&[5J``(M)P<-"`!%
M``#4+>\``(`1PI7`J&0BP*AD(0'T`?0`P/NF8F*CJT(@P^?!*_/>S<O!7`00
M`@``````````N`H``(0MH=GO7W)N*+*+M\U$&"L"B#X#=#\!B)01?I7N*>BM
M.XO:!>\%>UAD"I)6`8ZK.ZJ6'4V_']@;+L7IE$87A"W8A#'#\\D9)O36"QV*
MXNVDN*HUE5T#T%TCX0L&B&AB()#&A4"3E12V)`_L6Y041>>G'*HEOV</^!R=
M&N??&!1^MP```!C&-8U`PB4*D:HSD3$&&1BMO_"$0:M/FSO`H0``;@```&X`
M`````BTG!PT`4`0;M6H(`$4``&`*=P``0!$F@L"H9"'`J&0B`?0!]`!,T,]B
M8J.K0B##Y\$K\][-R\%<!1`"`0````````!$(ZZ@'<<U1%.$^0Y;;EE<+2%3
M.[-]+K!RF[C.%SB.7K2BLPA<\$LU):M/FSOD"`$`9@```&8`````4`0;M6H`
M`BTG!PT(`$4``%@M\```@!'#$,"H9"+`J&0A`?0!]`!$=\^`LO5FI13VK';!
M%9%A-IUT!1`"`0`````````\34^[1A[LG;:F,GM`,6>'[I.BK6E!V-)+*9F(
M!,"?+H6K3YL[N0H!`&X```!N``````(M)P<-`%`$&[5J"`!%``!@"G@``$`1
M)H'`J&0AP*AD(@'T`?0`3"S8@++U9J44]JQVP16183:==`40`@$`````````
M1'YB8GW$7689#0^S]W`#._(W2>('=3.S2GUFL^=+F+D2*7@S_YX']3BK3YL[
M&PP!`'X```!^``````(M)P<-`%`$&[5J"`!%``!P"GD``$`1)G#`J&0AP*AD
M(@'T`?0`7%F"@++U9J44]JQVP16183:==`@0!0%;L3T1````5.>GLPFT`BAW
M?AKYWG6DIEOQ`/#S8F*7^X^8_QJA`D("MF<"1G+N[#.`LY;-"9UMT\9ZJ%NO
MZ?:$JT^;.]L.`0!F````9@````!0!!NU:@`"+2<'#0@`10``6"WQ``"`$<,/
MP*AD(L"H9"$!]`'T`$3MR&)BHZM"(,/GP2OSWLW+P5P%$`(!`````````#SB
MV[TH2?NV"Y`-ER_G3CKUCU(YZ9ZQTYIZ2^<I:E-[K*M/FSN;.@$`5@$``%8!
M````4`0;M6H``BTG!PT(`$4``4@M\@``@!'"'L"H9"+`J&0A`?0!]`$T/YJ`
MLO5FI13VK';!%9%A-IUT"!`@`5$>^0\```$L)P@:'?.1G75P2<06#)AVEVP?
M\]5KJPCFX<3@-1XZND-[%PH<*3'<LT[`J;F)&DQ;=D+*660.K[MZPL<.?G*?
ME?#`RH&=]\3HNG0I$U'K+$XQ&MO&:]<5[GQ(\@0G#//H4EE>MJL[*('T*,2Q
M&N1`#?#',_[\RZ'(=4=/W2G*D4`F2$)D(C*65&;?G%-V)S'1TJEA8BOXUV6%
M:4'S2FX:];N4S#$)8P9/E?W%?&1#E1,BZ*)G$#!R-1MK,1(RVU$HVQ?-#H"L
MBYF=.CY7"3@W;CYA?"(+;R.7.R\T#,%+)6Z_ZF<CONNL.7P.UR7L*]G=HIEF
MD<[G3U%6,1P;&B8_SYI!2N=Q_,0D(GLJ91]'>H"K3YL[DD(!`+8```"V````
M``(M)P<-`%`$&[5J"`!%``"H"GH``$`1)C?`J&0AP*AD(@'T`?0`E"4)@++U
M9J44]JQVP16183:==`@0(`%1'OD/````C)<X*FZJAE$R@1,"=F^*GUIL@T67
MCS+,-(.2B&FP"]WF";:F=PEULE"O!MP3HEMMZ#Z'.E"!TAKT%9FK><)`SF$R
MH_\%.2;JT-W*[@V4]FZB(PS:UE\8K#_O&2:M^*>A=CQ<GTLU"^=3"&I7GT.N
MG,:K3YL[,50!`'X```!^`````%`$&[5J``(M)P<-"`!%``!P+>L``(`RPMS`
MJ&0BP*AD(0NT,NL````!``!U)%/>``"J3YL[^VX+``@)"@L,#0X/$!$2$Q05
M%A<8&1H;'!T>'R`A(B,D)28G*"DJ*RPM+B\P,3(S-#4V-P$"`P0%!@8!\%[\
M*7F>86_2GM,_JT^;.[17`0!>````7@````!0!!NU:@`"+2<'#0@`10``4"WS
M``"`$<,5P*AD(L"H9"$!]`'T`#SQ]X"R]6:E%/:L=L$5D6$VG70($"`!41[Y
M#P```#2PN#G4QV-5A%(L=!?V#^_-4WR#"LPD6G.K3YL[.)D+`'H```!Z````
M``(M)P<-`%`$&[5J"`!%``!L"GP``/\R9T_`J&0AP*AD(I#C=O$````!"`"4
M^5/>``&K3YL[TI@+``@)"@L,#0X/$!$2$Q05%A<8&1H;'!T>'R`A(B,D)28G
M*"DJ*RPM+B\P,3(S-#4V-P$"`@%@>9_NGY;4Q+$LEQBK3YL[C_(.`)X```">
M````________``(M)P<-"`!%``"0+?0``(`1YY[`J&0B_____P0,`,``?-1?
M`0``````````````````````````````````````````````````````````
M````````````````````````````````````````````````````````````
M``````````````````````````````````"L3YL[)A@!`&8```!F`````%`$
M&[5J``(M)P<-"`!%``!8+?4``(`1PPO`J&0BP*AD(0'T`?0`1.W(8F*CJT(@
MP^?!*_/>S<O!7`40`@$`````````/.+;O2A)^[8+D`V7+^=..O6/4CGIGK'3
MFGI+YREJ4WNLK$^;.X5'`0`N`0``+@$````"+2<'#0!0!!NU:@@`10`!(`I]
M``!`$26\P*AD(<"H9"(!]`'T`0STBX"R]6:E%/:L=L$5D6$VG70($"`!>3)A
M+````036N]@F0+RL==Z)B*`K=[9BZG%D`0.B"8:'['?F)OSP[>F+&^R#2"R#
M^:,C<_;DGR@R4AY%?\U'QR_8^"<P:EIA8'W&#@5GY7E'HY?D_8R7W2\3]=LQ
M&F(;_T4=?:,PS>*@"./$`:M_2%/\8EO:NE'`R$UT8N%(FFR!L;&]8114.6XS
M4_X$A()_"9D>5&\X4'N$!/#].+#<_&]$M5=45J&;6F$+D.][TC4%(8D85HV/
M+KH=-B8S(99#W*34\O0%HQPWX9.XX*!=\?K8ZJY#]#D-@DX;\XDBBH67*D&`
M$B[UGY`>L7@!S802K$^;.^%<`0!V````=@````!0!!NU:@`"+2<'#0@`10``
M:"WV``"`$<+ZP*AD(L"H9"$!]`'T`%2UP8"R]6:E%/:L=L$5D6$VG70($`4!
M<L:`4````$P:>E/&E7^<\JS)B0%^UR^W7FI,$WTGQ:47_FZ?L4C3"P/KOM;E
M=B(7??MEVTW4Y7:L3YL[U&(!`'8```!V`````%`$&[5J``(M)P<-"`!%``!H
M+?<``(`1POG`J&0BP*AD(0'T`?0`5`[>@++U9J44]JQVP16183:==`@0!0$$
M;Q*-````3$%<[2$>3J[1=BF$#VA@?MV\.%2L`9QI775EV,1Z,C%8S6J[C[S\
M`?H#NRZOE6M_2JQ/FSN3:`$`;@```&X`````4`0;M6H``BTG!PT(`$4``&`M
M^```@!'#`,"H9"+`J&0A`?0!]`!,0HJ`LO5FI13VK';!%9%A-IUT"!`%`6A[
M]I<```!$P4-7MI4C!X4LAE+++RP>E^XO7O02:=O$(;!<9VB*,EP;K`/%=6GZ
M*ZQ/FSLSF0L`>@```'H``````BTG!PT`4`0;M6H(`$4``&P*?P``_S)G3,"H
M9"'`J&0BD.-V\0````((`)/X4]X``JQ/FSO2F`L`"`D*"PP-#@\0$1(3%!46
M%Q@9&AL<'1X?("$B(R0E)B<H*2HK+"TN+S`Q,C,T-38W`0("`2OVGHI5I;0R
M8[&)1ZU/FSL%F0L`>@```'H``````BTG!PT`4`0;M6H(`$4``&P*@0``_S)G
M2L"H9"'`J&0BD.-V\0````,(`);W4]X``ZU/FSO.F`L`"`D*"PP-#@\0$1(3
M%!46%Q@9&AL<'1X?("$B(R0E)B<H*2HK+"TN+S`Q,C,T-38W`0("`=>"R&G$
M`RUOUTX\G:Y/FSL!(P$`9@```&8`````4`0;M6H``BTG!PT(`$4``%@M^0``
M@!'#!\"H9"+`J&0A`?0!]`!$[<AB8J.K0B##Y\$K\][-R\%<!1`"`0``````
M```\XMN]*$G[M@N0#9<OYTXZ]8]2.>F>L=.:>DOG*6I3>ZRN3YL[")D+`'H`
M``!Z``````(M)P<-`%`$&[5J"`!%``!L"H,``/\R9TC`J&0AP*AD(I#C=O$`
M```$"`"5]E/>``2N3YL[SI@+``@)"@L,#0X/$!$2$Q05%A<8&1H;'!T>'R`A
M(B,D)28G*"DJ*RPM+B\P,3(S-#4V-P$"`@%KSPMODHO\RO9;.]BN3YL[]/0.
M`)X```">````________``(M)P<-"`!%``"0+?H``(`1YYC`J&0B_____P0,
M`,``?-1?`0``````````````````````````````````````````````````
M````````````````````````````````````````````````````````````
M``````````````````````````````````````````"O3YL["ID+`'H```!Z
M``````(M)P<-`%`$&[5J"`!%``!L"H4``/\R9T;`J&0AP*AD(I#C=O$````%
M"`"3]5/>``6O3YL[SY@+``@)"@L,#0X/$!$2$Q05%A<8&1H;'!T>'R`A(B,D
M)28G*"DJ*RPM+B\P,3(S-#4V-P$"`@&;1X]L6U('X#X98(*P3YL[5ID+`'H`
M``!Z``````(M)P<-`%`$&[5J"`!%``!L"H<``/\R9T3`J&0AP*AD(I#C=O$`
M```&"`",]%/>``:P3YL[U9@+``@)"@L,#0X/$!$2$Q05%A<8&1H;'!T>'R`A
M(B,D)28G*"DJ*RPM+B\P,3(S-#4V-P$"`@'X4@XCIK]*90IK"I>Q3YL[#)D+
M`'H```!Z``````(M)P<-`%`$&[5J"`!%``!L"HD``/\R9T+`J&0AP*AD(I#C
M=O$````'"`"2\U/>``>Q3YL[SI@+``@)"@L,#0X/$!$2$Q05%A<8&1H;'!T>
M'R`A(B,D)28G*"DJ*RPM+B\P,3(S-#4V-P$"`@$Q/4_R'/C+_AX3*R.Q3YL[
MH0@/`)X```">````________``(M)P<-"`!%``"0+?L``(`1YY?`J&0B____
M_P0,`,``?-1?`0``````````````````````````````````````````````
M````````````````````````````````````````````````````````````
M``````````````````````````````````````````````"R3YL[1#P!`&8`
M``!F`````%`$&[5J``(M)P<-"`!%``!8+?P``(`1PP3`J&0BP*AD(0'T`?0`
M1.W(8F*CJT(@P^?!*_/>S<O!7`40`@$`````````/.+;O2A)^[8+D`V7+^=.
M.O6/4CGIGK'3FGI+YREJ4WNLLD^;.W&9"P!Z````>@`````"+2<'#0!0!!NU
M:@@`10``;`J,``#_,F<_P*AD(<"H9"*0XW;Q````"`@`B/)3W@`(LD^;.]>8
M"P`("0H+#`T.#Q`1$A,4%187&!D:&QP='A\@(2(C)"4F)R@I*BLL+2XO,#$R
M,S0U-C<!`@(!3/;4V+B'M+HO*",RLT^;.P:9"P!Z````>@`````"+2<'#0!0
M!!NU:@@`10``;`J.``#_,F<]P*AD(<"H9"*0XW;Q````"0@`D/%3W@`)LT^;
M.\Z8"P`("0H+#`T.#Q`1$A,4%187&!D:&QP='A\@(2(C)"4F)R@I*BLL+2XO
M,#$R,S0U-C<!`@(!\R9\A`MU$X&C#@Q4M$^;.P29"P!Z````>@`````"+2<'
M#0!0!!NU:@@`10``;`J0``#_,F<[P*AD(<"H9"*0XW;Q````"@@`C_!3W@`*
MM$^;.\Z8"P`("0H+#`T.#Q`1$A,4%187&!D:&QP='A\@(2(C)"4F)R@I*BLL
M+2XO,#$R,S0U-C<!`@(!?65(3$?=W^8ZS^>_M$^;.X(9#P">````G@```/__
M_____P`"+2<'#0@`10``D"W]``"`$>>5P*AD(O____\$#`#``'S47P$`````
M````````````````````````````````````````````````````````````
M````````````````````````````````````````````````````````````
M````````````````````````````M4^;.PN9"P!Z````>@`````"+2<'#0!0
M!!NU:@@`10``;`J2``#_,F<YP*AD(<"H9"*0XW;Q````"P@`CN]3W@`+M4^;
M.\Z8"P`("0H+#`T.#Q`1$A,4%187&!D:&QP='A\@(2(C)"4F)R@I*BLL+2XO
M,#$R,S0U-C<!`@(!1#J??]32.RR`4%!:MD^;.SN9"P!Z````>@`````"+2<'
M#0!0!!NU:@@`10``;`J4``#_,F<WP*AD(<"H9"*0XW;Q````#`@`B^Y3W@`,
MMD^;.]"8"P`("0H+#`T.#Q`1$A,4%187&!D:&QP='A\@(2(C)"4F)R@I*BLL
M+2XO,#$R,S0U-C<!`@(!""0NSK.('=)P)`!PMT^;.P>9"P!Z````>@`````"
M+2<'#0!0!!NU:@@`10``;`J6``#_,F<UP*AD(<"H9"*0XW;Q````#0@`C.U3
MW@`-MT^;.\Z8"P`("0H+#`T.#Q`1$A,4%187&!D:&QP='A\@(2(C)"4F)R@I
M*BLL+2XO,#$R,S0U-C<!`@(!,`=FC$"WR.=5<WB5MT^;.[DK#P">````G@``
M`/_______P`"+2<'#0@`10``D"W^``"`$>>4P*AD(O____\$#`#``'S47P$`
M````````````````````````````````````````````````````````````
M````````````````````````````````````````````````````````````
M````````````````````````````````ND^;.T5&`0!F````9@````!0!!NU
M:@`"+2<'#0@`10``6"W_``"`$<,!P*AD(L"H9"$!]`'T`$3MR&)BHZM"(,/G
MP2OSWLW+P5P%$`(!`````````#SBV[TH2?NV"Y`-ER_G3CKUCU(YZ9ZQTYIZ
M2^<I:E-[K+I/FSL?/@\`G@```)X```#_______\``BTG!PT(`$4``)`N````
M@!'GDL"H9"+_____!`P`P`!\U%\!````````````````````````````````
M````````````````````````````````````````````````````````````
M````````````````````````````````````````````````````````````
M`+U/FSO@:08`_P```/\```#_______\``BTG!PT(`$4``/$N`0``@!'!B,"H
M9"+`J&3_`(H`B@#=[941#H39P*AD(@"*`,<``"!&045)149&14-.14Y%0D5,
M0TY%3D5"14Q#04-!0T%!00`@04)!0T901E!%3D9$14-&0T501DA&1$5&1E!&
M4$%#04(`_U--0B4````````````````````````````````````1```M````
M````````Z`,``````````"T`5@`#``$``0`"`#X`7$U!24Q33$]47$)23U=3
M10`,`&#J``!73U)+1U)/55``4`0``#S_`PH`$`"`M`,/`%!(150M34%++4U!
M2P"^3YL[(0X``)X```">````________``(M)P<-"`!%``"0+@(``(`1YY#`
MJ&0B_____P0,`,``?-1?`0``````````````````````````````````````
M````````````````````````````````````````````````````````````
M``````````````````````````````````````````````````````#`3YL[
M4ED``&8```!F`````%`$&[5J``(M)P<-"`!%``!8+@,``(`RPMS`J&0BP*AD
M(0NT,NL````""`!06P,`^@!A8F-D969G:&EJ:VQM;F]P<7)S='5V=V%B8V1E
M9F=H:0$"`P0%!@8!,LNF&'$N5GT`5]?.P4^;.X0@``">````G@```/______
M_P`"+2<'#0@`10``D"X$``"`$>>.P*AD(O____\$#`#``'S47P$`````````
M````````````````````````````````````````````````````````````
M````````````````````````````````````````````````````````````
M````````````````````````P4^;.SQ*"`!F````9@````!0!!NU:@`"+2<'
M#0@`10``6"X%``"`,L+:P*AD(L"H9"$+M#+K`````P@`3UL#`/L`86)C9&5F
M9VAI:FML;6YO<'%R<W1U=G=A8F-D969G:&D!`@,$!08&`0/=X$).*CD3>UI`
M$\)/FSL0Q`<`9@```&8`````4`0;M6H``BTG!PT(`$4``%@N!@``@#+"V<"H
M9"+`J&0A"[0RZP````0(`$Y;`P#\`&%B8V1E9F=H:6IK;&UN;W!Q<G-T=79W
M86)C9&5F9VAI`0(#!`4&!@%Z`&QI+CE**$S@K/W#3YL[U\<'`&8```!F````
M`%`$&[5J``(M)P<-"`!%``!8+@<``(`RPMC`J&0BP*AD(0NT,NL````%"`!-
M6P,`_0!A8F-D969G:&EJ:VQM;F]P<7)S='5V=V%B8V1E9F=H:0$"`P0%!@8!
MZ)2-$/6X8Q.%%*'<Q$^;.X0R``">````G@```/_______P`"+2<'#0@`10``
MD"X(``"`$>>*P*AD(O____\$#`#``'S47P$`````````````````````````
M````````````````````````````````````````````````````````````
M````````````````````````````````````````````````````````````
M````````QT^;.\]$``">````G@```/_______P`"+2<'#0@`10``D"X)``"`
M$>>)P*AD(O____\$#`#``'S47P$`````````````````````````````````
M````````````````````````````````````````````````````````````
M````````````````````````````````````````````````````````````
MRD^;.X17``">````G@```/_______P`"+2<'#0@`10``D"X*``"`$>>(P*AD
M(O____\$#`#``'S47P$`````````````````````````````````````````
M````````````````````````````````````````````````````````````
M````````````````````````````````````````````````````RD^;.P^X
M`0!F````9@````!0!!NU:@`"+2<'#0@`10``6"X+``"`$<+UP*AD(L"H9"$!
M]`'T`$3MR&)BHZM"(,/GP2OSWLW+P5P%$`(!`````````#SBV[TH2?NV"Y`-
MER_G3CKUCU(YZ9ZQTYIZ2^<I:E-[K,U/FSLQ:0``G@```)X```#_______\`
M`BTG!PT(`$4``)`N#```@!'GAL"H9"+_____!`P`P`!\U%\!````````````
M````````````````````````````````````````````````````````````
M````````````````````````````````````````````````````````````
M`````````````````````,U/FSNDAP$`5@```%8``````BTG!PT`4`0;M6H(
M`$4``$@*F```0#(F6,"H9"'`J&0BD.-V\0````[_YP`7%VD'5`````!P`D``
MV\X```($!;0!`P,``0("!M%1Y';JO$7A.54>I]!/FSMWB```G@```)X```#_
M______\``BTG!PT(`$4``)`N#0``@!'GA<"H9"+_____!`P`P`!\U%\!````
M````````````````````````````````````````````````````````````
M````````````````````````````````````````````````````````````
M`````````````````````````````-)/FSL]6`X`5@```%8``````BTG!PT`
M4`0;M6H(`$4``$@*F0``0#(F5\"H9"'`J&0BD.-V\0````__YP`7%VD'5```
M``!P`D``V\X```($!;0!`P,``0("!GLEVW."J!HG#_3J=--/FSL(M0``G@``
M`)X```#_______\``BTG!PT(`$4``)`N#@``@!'GA,"H9"+_____!`P`P`!\
MU%\!````````````````````````````````````````````````````````
M````````````````````````````````````````````````````````````
M`````````````````````````````````````-9/FSL5H```G@```)X```#_
M______\``BTG!PT(`$4``)`N#P``@!'G@\"H9"+_____!`P`P`!\U%\!````
M````````````````````````````````````````````````````````````
M````````````````````````````````````````````````````````````
M`````````````````````````````-E/FSM8L@``G@```)X```#_______\`
M`BTG!PT(`$4``)`N$```@!'G@L"H9"+_____!`P`P`!\U%\!````````````
M````````````````````````````````````````````````````````````
M````````````````````````````````````````````````````````````
M`````````````````````-Q/FSN]Q```G@```)X```#_______\``BTG!PT(
M`$4``)`N$0``@!'G@<"H9"+_____!`P`P`!\U%\!````````````````````
M````````````````````````````````````````````````````````````
M````````````````````````````````````````````````````````````
M`````````````-Q/FSM1C`@`5@```%8`````4`0;M6H``BTG!PT(`$4``$@N
M$D``@#*"W<"H9"+`J&0A"[0RZP````8$6``7*:-^>0````!P`D``3/\```($
M!;0!`00"`0("!IPF)8?_M?4'^!90D]]/FSNIU@``G@```)X```#_______\`
M`BTG!PT(`$4``)`N$P``@!'G?\"H9"+_____!`P`P`!\U%\!````````````
M````````````````````````````````````````````````````````````
M````````````````````````````````````````````````````````````
M`````````````````````-]/FSL?R`<`5@```%8`````4`0;M6H``BTG!PT(
M`$4``$@N%$``@#*"V\"H9"+`J&0A"[0RZP````<$6``7*:-^>0````!P`D``
M3/\```($!;0!`00"`0("!N#M_>VM%/^?864>@N)/FSORZ```G@```)X```#_
M______\``BTG!PT(`$4``)`N%P``@!'G>\"H9"+_____!`P`P`!\U%\!````
M````````````````````````````````````````````````````````````
M````````````````````````````````````````````````````````````
M`````````````````````````````.5/FSOH!`$`G@```)X```#_______\`
M`BTG!PT(`$4``)`N&```@!'G>L"H9"+_____!`P`P`!\U%\!````````````
M````````````````````````````````````````````````````````````
M````````````````````````````````````````````````````````````
M`````````````````````.5/FSM>TP<`5@```%8`````4`0;M6H``BTG!PT(
M`$4``$@N&4``@#*"UL"H9"+`J&0A"[0RZP````@$6``7*:-^>0````!P`D``
M3/\```($!;0!`00"`0("!OFM[M2NR:P5\%<!B.A/FSN/#0$`G@```)X```#_
M______\``BTG!PT(`$4``)`N&@``@!'G>,"H9"+_____!`P`P`!\U%\!````
M````````````````````````````````````````````````````````````
M````````````````````````````````````````````````````````````
6````````````````````````````````
`
end
From: itojun@iijlab.net
To: tls@rek.tjls.com
Cc: gnats-bugs@gnats.netbsd.org
Subject: Re: kern/13905: Our ESP "NULL" cipher does not interoperate with microsoft's
Date: Mon, 10 Sep 2001 11:46:41 +0900
>Here is a tcpdump of such a session. The NetBSD/i386 host is 192.168.100.33;
>the Win2K host (which has SP2 applied) is 192.168.100.34. There are packets
>from a ping in each direction and then an attempt to telnet in each direction.
as far as I can tell, they are using the same kind of encapsulation.
if NetBSD box and Win2k box cannot communicate with each other,
this must be due to some difference in ESP authentication (checksum)
key difference. could you check if both end agrees about the
ESP authentication secret?
itojun
From: Thor Lancelot Simon <tls@rek.tjls.com>
To: itojun@iijlab.net
Cc: gnats-bugs@gnats.netbsd.org
Subject: Re: kern/13905: Our ESP "NULL" cipher does not interoperate with microsoft's
Date: Sun, 9 Sep 2001 23:02:58 -0400
On Mon, Sep 10, 2001 at 11:46:41AM +0900, itojun@iijlab.net wrote:
> >Here is a tcpdump of such a session. The NetBSD/i386 host is 192.168.100.33;
> >the Win2K host (which has SP2 applied) is 192.168.100.34. There are packets
> >from a ping in each direction and then an attempt to telnet in each direction.
>
> as far as I can tell, they are using the same kind of encapsulation.
> if NetBSD box and Win2k box cannot communicate with each other,
> this must be due to some difference in ESP authentication (checksum)
> key difference. could you check if both end agrees about the
> ESP authentication secret?
Unfortunately, I don't know how to get at the raw SA data under Win2K, so
I can't really check this. :-(
Thor
State-Changed-From-To: open->feedback
State-Changed-By: maxv@NetBSD.org
State-Changed-When: Sun, 25 Feb 2018 18:02:54 +0000
State-Changed-Why:
The IPsec code has been fixed many times since. Does the issue still
occur? (While here I put "IPsec" in the title for clarity.)
From: Thor Lancelot Simon <tls@panix.com>
To: gnats-bugs@NetBSD.org
Cc: kern-bug-people@netbsd.org, netbsd-bugs@netbsd.org,
gnats-admin@netbsd.org, maxv@NetBSD.org, tls@rek.tjls.com
Subject: Re: kern/13905 (IPsec: Our ESP "NULL" cipher doesn't interoperate
with the one in Win2K even in configurations where DES and 3DES do.)
Date: Sun, 25 Feb 2018 16:39:45 -0500
Beats me. I thankfully don't have Win2k available any longer to test.
On Sun, Feb 25, 2018 at 06:02:54PM +0000, maxv@NetBSD.org wrote:
> Synopsis: IPsec: Our ESP "NULL" cipher doesn't interoperate with the one in Win2K even in configurations where DES and 3DES do.
>
> State-Changed-From-To: open->feedback
> State-Changed-By: maxv@NetBSD.org
> State-Changed-When: Sun, 25 Feb 2018 18:02:54 +0000
> State-Changed-Why:
> The IPsec code has been fixed many times since. Does the issue still
> occur? (While here I put "IPsec" in the title for clarity.)
>
>
--
Thor Lancelot Simon tls@panix.com
"The two most common variations translate as follows:
illegitimi non carborundum = the unlawful are not silicon carbide
illegitimis non carborundum = the unlawful don't have silicon carbide."
State-Changed-From-To: feedback->closed
State-Changed-By: maxv@NetBSD.org
State-Changed-When: Mon, 26 Feb 2018 06:26:13 +0000
State-Changed-Why:
Close this PR, it's not relevant anymore, the code has drastically
changed since.
>Unformatted:
(Contact us)
$NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.9 2014/08/02 14:16:04 spz Exp $
Copyright © 1994-2007
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.