NetBSD-Bugs archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: bin/47894: racoon w/NAT-T - pfkey update: wrong ports

The following reply was made to PR bin/47894; it has been noted by GNATS.

From: (Christos Zoulas)
Subject: Re: bin/47894: racoon w/NAT-T - pfkey update: wrong ports
Date: Wed, 5 Jun 2013 09:29:55 -0400

 On Jun 5, 12:35pm, 
( wrote:
 -- Subject: bin/47894: racoon w/NAT-T - pfkey update: wrong ports
 Good debugging. Please see:
 PR/47886: Dr. Wolfgang Stukenbrock: IPSEC_NAT_T enabled kernels may access
 outdated pointers and pass ESP data to UPD-sockets.
 While here, simplify the code and remove the IPSEC_NAT_T option; always
 compile nat-traversal in so that it does not bitrot.
 To generate a diff of this commit:
 cvs rdiff -u -r1.218 -r1.219 src/sys/netinet/ip_output.c
 cvs rdiff -u -r1.187 -r1.188 src/sys/netinet/udp_usrreq.c
 cvs rdiff -u -r1.10 -r1.11 src/sys/netipsec/files.netipsec
 cvs rdiff -u -r1.57 -r1.58 src/sys/netipsec/ipsec.c
 cvs rdiff -u -r1.31 -r1.32 src/sys/netipsec/ipsec.h
 cvs rdiff -u -r1.29 -r1.30 src/sys/netipsec/ipsec_input.c \
 cvs rdiff -u -r1.38 -r1.39 src/sys/netipsec/ipsec_output.c \
 cvs rdiff -u -r1.79 -r1.80 src/sys/netipsec/key.c
 cvs rdiff -u -r1.11 -r1.12 src/sys/netipsec/key.h
 cvs rdiff -u -r1.12 -r1.13 src/sys/netipsec/keydb.h
 cvs rdiff -u -r1.41 -r1.42 src/sys/netipsec/xform_esp.c
 And the following commit.

Home | Main Index | Thread Index | Old Index