NetBSD-Bugs archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: bin/47894: racoon w/NAT-T - pfkey update: wrong ports

The following reply was made to PR bin/47894; it has been noted by GNATS.

From: SUENAGA Hiroki <hsuenaga%iij.ad.jp@localhost>
To: gnats-bugs%NetBSD.org@localhost, gnats-admin%netbsd.org@localhost, 
netbsd-bugs%netbsd.org@localhost,
        gergely%egervary.hu@localhost
Cc: hsuenaga%iij.ad.jp@localhost
Subject: Re: bin/47894: racoon w/NAT-T - pfkey update: wrong ports
Date: Mon, 16 Jun 2014 11:36:19 +0900

 Hi Gergely, thank you for your test.
 
 (2014/06/13 23:45), Egerváry Gergely wrote:
 
 >  193.225.174.14[4500] 193.225.174.1[21230]
 >          esp-udp mode=transport spi=17298023(0x0107f267) reqid=0(0x00000000)
 >  ...
 >  193.225.174.1[21230] 193.225.174.14[4500]
 >          esp-udp mode=transport spi=214723282(0x0ccc6ad2) reqid=0(0x00000000)
 >  
 >  and on the client side:
 >  10.0.0.20[4500] 193.225.174.14[4500]
 >          esp-udp mode=transport spi=214723282(0x0ccc6ad2) reqid=0(0x00000000)
 >  193.225.174.14[4500] 10.0.0.20[4500]
 >          esp-udp mode=transport spi=17298023(0x0107f267) reqid=0(0x00000000)
 
 OK, the SA is correct.
 
 I found a BUG that there was no ESP header in UDP encapsulated ESP packet
 on my local environment.
 
 setkey says:
 
   # setkey -D
 
   192.168.187.11[4500] 192.168.187.1[4500]
         esp-udp mode=transport spi=262330893(0x0fa2da0d) reqid=0(0x00000000)
         E: null  01020304 05060708
         seq=0x00000000 replay=4 flags=0x00000000 state=mature
         created: Jun 16 11:23:29 2014   current: Jun 16 11:24:27 2014
         diff: 58(s)     hard: 1402885409(s)     soft: 5616830(s)
         last: Jun 13 17:12:07 2014      hard: 0(s)      soft: 0(s)
         current: 0(bytes)       hard: 0(bytes)  soft: 0(bytes)
         allocated: 0    hard: 0 soft: 0
         sadb_seq=0 pid=10078 refcnt=1
 
 => SPI is 0x0fa2da0d.
 
 but tcpdump says:
 
   # tcpdump -n -i wm0 -s 1500 -x -vvvv udp port 4500
 
   tcpdump: listening on wm0, link-type EN10MB (Ethernet), capture size 1500 
bytes
   11:23:29.569166 IP (tos 0x0, ttl 64, id 0, offset 0, flags [none], proto UDP 
(17), length 60)
       192.168.187.11.4500 > 192.168.187.1.4500: [udp sum ok] UDP-encap: 
ESP(spi=0x01020304,seq=0x5060708), length 32
 
 => SPI and SEQ seem head of payload. It's wrong.
 
 I'm analyzing the problem now.
 
 How about your application?
 
 For your interest, I put my test code on ftp.netbsd.org.
 
   ftp://ftp.netbsd.org/pub/NetBSD/misc/hsuenaga/pfkey_test.tar.gz
 
 The program creates dummy NAT-T SA and send UDP packet. Your application and
 SP settings may cause other problems.
 
 >  IP reference:
 >    Client internal (NAT) address: 10.0.0.20
 >    NAT box external address: 193.225.174.1
 >    Server external address: 193.115.174.14
 >  
 >  btw, I do not see endianness issues here.
 
 Oops, my test code itself had a endianness issue... thank you.
 
 -- 
 Internet Initiative Japan Inc.
 
 Device Engineering Section,
 Core Product Development Department,
 Product Division,
 Technology Unit
 
 SUENAGA Hiroki <hsuenaga%iij.ad.jp@localhost>
 
 PGP: 66B3 8939 6758 20BA F243  89EC 557A 8CFB ABA9 5E92
Home | Main Index | Thread Index | Old Index