NetBSD Problem Report #39056
From www@NetBSD.org Fri Jun 27 23:24:18 2008
Return-Path: <www@NetBSD.org>
Received: from mail.netbsd.org (mail.netbsd.org [204.152.190.11])
by narn.NetBSD.org (Postfix) with ESMTP id 80B7763B89F
for <gnats-bugs@gnats.netbsd.org>; Fri, 27 Jun 2008 23:24:18 +0000 (UTC)
Message-Id: <20080627232418.5249B63B880@narn.NetBSD.org>
Date: Fri, 27 Jun 2008 23:24:18 +0000 (UTC)
From: degroote@netbsd.org
Reply-To: degroote@netbsd.org
To: gnats-bugs@NetBSD.org
Subject: setkey doesn't support correctly icmp
X-Send-Pr-Version: www-1.0
>Number: 39056
>Category: bin
>Synopsis: setkey doesn't support correctly icmp
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: bin-bug-people
>State: closed
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Fri Jun 27 23:25:00 +0000 2008
>Closed-Date: Sun Feb 08 06:04:04 +0000 2009
>Last-Modified: Sun Feb 08 06:04:04 +0000 2009
>Originator: Arnaud Degroote
>Release: 4.99.66
>Organization:
TNF
>Environment:
NetBSD Amilo.at.home 4.99.66 NetBSD 4.99.66 (GENERIC) #0: Sat Jun 21 14:13:46 CEST 2008 zul@Amilo.at.home:/home/zul/netbsd-dev/build_temp/objdir/sys/arch/i386/compile/GENERIC i386
>Description:
Something like that
spdadd $A $B icmp 8 -P in ipsec esp/tunnel/$A-$B/require;
failed with the error
line 0: syntax error at [8]
If I understand correctly rfc 4301, we probably need to support it. (4.4.1.1).
>How-To-Repeat:
spdadd $A $B icmp 8 -P in ipsec esp/tunnel/$A-$B/require;
>Fix:
the current code of spdadd_command in parse.y
/* fixed port fields if ulp is icmpv6 */
if ($10.buf != NULL) {
if ( ($9 != IPPROTO_ICMPV6) &&
($9 != IPPROTO_MH))
return -1;
free($5.buf);
free($8.buf);
if (fix_portstr(&$10, &$5, &$8))
return -1;
}
I suspect that just adding the test case for IPPROTO_ICMP is probably enough. The same thing will be necessary in spddelete_command.
I don't test it atm, so it may be completly wrong. We need to be sure that fix_portstr will be ok too in IPPROTO_ICMP case (if the problem come from here).
>Release-Note:
>Audit-Trail:
From: Michael van Elst <mlelstv@henery.1st.de>
To: gnats-bugs@gnats.netbsd.org
Cc:
Subject: Re: bin/39056: setkey doesn't support correctly icmp
Date: Sun, 26 Oct 2008 13:04:08 +0100
Here is a patch that works for me, also under netbsd-4:
Index: parse.y
===================================================================
RCS file: /cvsroot/src/crypto/dist/ipsec-tools/src/setkey/parse.y,v
retrieving revision 1.10
diff -u -r1.10 parse.y
--- parse.y 18 Jul 2007 12:07:52 -0000 1.10
+++ parse.y 26 Oct 2008 12:01:51 -0000
@@ -565,10 +565,11 @@
last_msg_type = SADB_X_SPDADD;
#endif
- /* fixed port fields if ulp is icmpv6 */
+ /* fixed port fields if ulp is icmp */
if ($10.buf != NULL) {
- if ( ($9 != IPPROTO_ICMPV6) &&
- ($9 != IPPROTO_MH))
+ if (($9 != IPPROTO_ICMPV6) &&
+ ($9 != IPPROTO_ICMP) &&
+ ($9 != IPPROTO_MH))
return -1;
free($5.buf);
free($8.buf);
@@ -613,9 +614,10 @@
int status;
struct addrinfo *src, *dst;
- /* fixed port fields if ulp is icmpv6 */
+ /* fixed port fields if ulp is icmp */
if ($10.buf != NULL) {
if (($9 != IPPROTO_ICMPV6) &&
+ ($9 != IPPROTO_ICMP) &&
($9 != IPPROTO_MH))
return -1;
free($5.buf);
--
Michael van Elst
Internet: mlelstv@serpens.de
"A potential Snark may lurk in every tree."
From: Michael van Elst <mlelstv@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/39056 CVS commit: src/crypto/dist/ipsec-tools/src/setkey
Date: Mon, 29 Dec 2008 12:54:34 +0000 (UTC)
Module Name: src
Committed By: mlelstv
Date: Mon Dec 29 12:54:33 UTC 2008
Modified Files:
src/crypto/dist/ipsec-tools/src/setkey: parse.y
Log Message:
support icmp codes. Fixes PR 39056.
To generate a diff of this commit:
cvs rdiff -r1.10 -r1.11 src/crypto/dist/ipsec-tools/src/setkey/parse.y
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
State-Changed-From-To: open->pending-pullups
State-Changed-By: mlelstv@NetBSD.org
State-Changed-When: Mon, 29 Dec 2008 13:01:19 +0000
State-Changed-Why:
the diff was committd, pullups for netbsd-4/netbsd-5 requested.
From: Julian Coleman <jdc@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/39056 CVS commit: [netbsd-4] src/crypto/dist/ipsec-tools/src/setkey
Date: Fri, 2 Jan 2009 12:16:24 +0000 (UTC)
Module Name: src
Committed By: jdc
Date: Fri Jan 2 12:16:24 UTC 2009
Modified Files:
src/crypto/dist/ipsec-tools/src/setkey [netbsd-4]: parse.y
Log Message:
Pull up revision 1.11 (requested by mlelstv in ticket #1250).
support icmp codes. Fixes PR 39056.
To generate a diff of this commit:
cvs rdiff -r1.9.2.1 -r1.9.2.2 src/crypto/dist/ipsec-tools/src/setkey/parse.y
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
From: Soren Jacobsen <snj@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/39056 CVS commit: [netbsd-5] src/crypto/dist/ipsec-tools/src/setkey
Date: Tue, 6 Jan 2009 23:16:11 +0000 (UTC)
Module Name: src
Committed By: snj
Date: Tue Jan 6 23:16:11 UTC 2009
Modified Files:
src/crypto/dist/ipsec-tools/src/setkey [netbsd-5]: parse.y
Log Message:
Pull up following revision(s) (requested by mlelstv in ticket #214):
crypto/dist/ipsec-tools/src/setkey/parse.y: revision 1.11
support icmp codes. Fixes PR 39056.
To generate a diff of this commit:
cvs rdiff -r1.10 -r1.10.18.1 src/crypto/dist/ipsec-tools/src/setkey/parse.y
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
State-Changed-From-To: pending-pullups->closed
State-Changed-By: dholland@NetBSD.org
State-Changed-When: Sun, 08 Feb 2009 06:04:04 +0000
State-Changed-Why:
Pullups completed a month ago.
>Unformatted:
(Contact us)
$NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2007
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.
Home