Subject: racoon: There is a difference between the in/out bound policies in SPD.
To: None <current-users@netbsd.org>
From: Wolfgang Rupprecht <wolfgang@wsrcc.com>
List: current-users
Date: 06/28/2001 23:13:50
What is racoon objecting to when it says: "There is a difference
between the in/out bound policies in SPD"?
The policies of packets between "192.168.197.8[any]"
"192.83.197.1[any] any" sure look symmetrical.
$ setkey -c
spddump;
192.83.197.1[any] 192.83.197.1[any] any
in none
spid=78 seq=11 pid=10417
refcnt=1
0.0.0.0/0[any] 0.0.0.0/0[500] udp
in none
spid=80 seq=10 pid=10417
refcnt=1
0.0.0.0/0[22] 0.0.0.0/0[any] tcp
in none
spid=82 seq=9 pid=10417
refcnt=1
0.0.0.0/0[any] 0.0.0.0/0[22] tcp
in none
spid=84 seq=8 pid=10417
refcnt=1
0.0.0.0/0[any] 0.0.0.0/0[53] any
in none
spid=86 seq=7 pid=10417
refcnt=1
192.168.197.8[any] 192.83.197.1[any] any
in ipsec
esp/transport//require
ah/transport//require
spid=88 seq=6 pid=10417
refcnt=1
192.83.197.1[any] 192.83.197.1[any] any
out none
spid=77 seq=5 pid=10417
refcnt=1
0.0.0.0/0[500] 0.0.0.0/0[any] udp
out none
spid=79 seq=4 pid=10417
refcnt=1
0.0.0.0/0[any] 0.0.0.0/0[22] tcp
out none
spid=81 seq=3 pid=10417
refcnt=1
0.0.0.0/0[22] 0.0.0.0/0[any] tcp
out none
spid=83 seq=2 pid=10417
refcnt=1
0.0.0.0/0[53] 0.0.0.0/0[any] any
out none
spid=85 seq=1 pid=10417
refcnt=1
192.83.197.1[any] 192.168.197.8[any] any
out ipsec
esp/transport//require
ah/transport//require
spid=87 seq=0 pid=10417
refcnt=1
2001-06-28 21:50:24: DEBUG: policy.c:245:cmpspidxwild(): sub:0xbfbfd228: 192.168.197.8/32[0] 192.83.197.1/32[0] proto=any dir=in
2001-06-28 21:50:24: DEBUG: policy.c:246:cmpspidxwild(): db: 0x80c0408: 192.83.197.1/32[0] 192.83.197.1/32[0] proto=any dir=out
2001-06-28 21:50:24: DEBUG: policy.c:245:cmpspidxwild(): sub:0xbfbfd228: 192.168.197.8/32[0] 192.83.197.1/32[0] proto=any dir=in
2001-06-28 21:50:24: DEBUG: policy.c:246:cmpspidxwild(): db: 0x80c0608: 192.83.197.1/32[0] 192.83.197.1/32[0] proto=any dir=in
2001-06-28 21:50:24: DEBUG: policy.c:274:cmpspidxwild(): 0xbfbfd228 masked with /32: 192.168.197.8[0]
2001-06-28 21:50:24: DEBUG: policy.c:276:cmpspidxwild(): 0x80c0608 masked with /32: 192.83.197.1[0]
2001-06-28 21:50:24: DEBUG: policy.c:245:cmpspidxwild(): sub:0xbfbfd228: 192.168.197.8/32[0] 192.83.197.1/32[0] proto=any dir=in
2001-06-28 21:50:24: DEBUG: policy.c:246:cmpspidxwild(): db: 0x80c0808: 0.0.0.0/0[500] 0.0.0.0/0[0] proto=udp dir=out
2001-06-28 21:50:24: DEBUG: policy.c:245:cmpspidxwild(): sub:0xbfbfd228: 192.168.197.8/32[0] 192.83.197.1/32[0] proto=any dir=in
2001-06-28 21:50:24: DEBUG: policy.c:246:cmpspidxwild(): db: 0x80c0a08: 0.0.0.0/0[0] 0.0.0.0/0[500] proto=udp dir=in
2001-06-28 21:50:24: DEBUG: policy.c:245:cmpspidxwild(): sub:0xbfbfd228: 192.168.197.8/32[0] 192.83.197.1/32[0] proto=any dir=in
2001-06-28 21:50:24: DEBUG: policy.c:246:cmpspidxwild(): db: 0x80c0c08: 0.0.0.0/0[0] 0.0.0.0/0[22] proto=tcp dir=out
2001-06-28 21:50:24: DEBUG: policy.c:245:cmpspidxwild(): sub:0xbfbfd228: 192.168.197.8/32[0] 192.83.197.1/32[0] proto=any dir=in
2001-06-28 21:50:24: DEBUG: policy.c:246:cmpspidxwild(): db: 0x80c0e08: 0.0.0.0/0[22] 0.0.0.0/0[0] proto=tcp dir=in
2001-06-28 21:50:24: DEBUG: policy.c:245:cmpspidxwild(): sub:0xbfbfd228: 192.168.197.8/32[0] 192.83.197.1/32[0] proto=any dir=in
2001-06-28 21:50:24: DEBUG: policy.c:246:cmpspidxwild(): db: 0x80c8008: 0.0.0.0/0[22] 0.0.0.0/0[0] proto=tcp dir=out
2001-06-28 21:50:24: DEBUG: policy.c:245:cmpspidxwild(): sub:0xbfbfd228: 192.168.197.8/32[0] 192.83.197.1/32[0] proto=any dir=in
2001-06-28 21:50:24: DEBUG: policy.c:246:cmpspidxwild(): db: 0x80c8208: 0.0.0.0/0[0] 0.0.0.0/0[22] proto=tcp dir=in
2001-06-28 21:50:24: DEBUG: policy.c:245:cmpspidxwild(): sub:0xbfbfd228: 192.168.197.8/32[0] 192.83.197.1/32[0] proto=any dir=in
2001-06-28 21:50:24: DEBUG: policy.c:246:cmpspidxwild(): db: 0x80c8408: 0.0.0.0/0[53] 0.0.0.0/0[0] proto=any dir=out
2001-06-28 21:50:24: DEBUG: policy.c:245:cmpspidxwild(): sub:0xbfbfd228: 192.168.197.8/32[0] 192.83.197.1/32[0] proto=any dir=in
2001-06-28 21:50:24: DEBUG: policy.c:246:cmpspidxwild(): db: 0x80c8608: 0.0.0.0/0[0] 0.0.0.0/0[53] proto=any dir=in
2001-06-28 21:50:24: DEBUG: policy.c:274:cmpspidxwild(): 0xbfbfd228 masked with /0: 0.0.0.0[0]
2001-06-28 21:50:24: DEBUG: policy.c:276:cmpspidxwild(): 0x80c8608 masked with /0: 0.0.0.0[0]
2001-06-28 21:50:24: DEBUG: policy.c:290:cmpspidxwild(): 0xbfbfd228 masked with /0: 0.0.0.0[0]
2001-06-28 21:50:24: DEBUG: policy.c:292:cmpspidxwild(): 0x80c8608 masked with /0: 0.0.0.0[53]
2001-06-28 21:50:24: DEBUG: pfkey.c:1534:pk_recvacquire(): suitable SP found: 192.83.197.1/32[0] 192.168.197.8/32[0] proto=any dir=out.
2001-06-28 21:50:24: DEBUG: pfkey.c:1566:pk_recvacquire(): new acquire 192.83.197.1/32[0] 192.168.197.8/32[0] proto=any dir=out
2001-06-28 21:50:24: DEBUG: sainfo.c:99:getsainfo(): anonymous sainfo selected.
2001-06-28 21:50:24: ERROR: proposal.c:1000:set_proposal_from_policy(): There is a difference between the in/out bound policies in SPD.
2001-06-28 21:50:24: ERROR: pfkey.c:1605:pk_recvacquire(): failed to create saprop.
--
Wolfgang Rupprecht <wolfgang+gnus@dailyplanet.wsrcc.com>
http://www.wsrcc.com/wolfgang/
Coming soon: GPS mapping tools for Open Systems. http://www.gnomad-mapping.com/