NetBSD-Bugs archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: bin/47894: racoon w/NAT-T - pfkey update: wrong ports

The following reply was made to PR bin/47894; it has been noted by GNATS.

From: SUENAGA Hiroki <hsuenaga%openbsd.org@localhost>
To: gnats-bugs%NetBSD.org@localhost, gnats-admin%netbsd.org@localhost, 
 netbsd-bugs%netbsd.org@localhost, gergely%egervary.hu@localhost
Cc: 
Subject: Re: bin/47894: racoon w/NAT-T - pfkey update: wrong ports
Date: Fri, 13 Jun 2014 21:13:09 +0900

 Hi Gergely, thank you for your report.
 
 (2014/06/06 19:35), Egerváry Gergely wrote:
 >  Now I'm testing on NetBSD-6.99.43 (Tue Jun  3 23:27:56 CEST 2014) and
 >  still does not work when client is behind NAT, get udp/500 instead of
 >  udp/4500:
 
 I think your kernel receive the NAT-T port information correctly.
 But your kernel doen't respond to racoon with the received NAT-T
 information, so the racoon's log is broken.
 
 Please check your SAD using setkey command:
 
  # setkey -D
 
 You can find UDP information like:
 
   10.0.0.1[37905] 10.255.255.1[37905]
           esp-udp mode=transport spi=264954840(0x0fcae3d8) reqid=0(0x00000000)
 
 Soooo sorry, there is a byte-order bug... ntohs(37905) = 4500.
 I think there are more BUGs. I will continue to debug, please wait.
 
 
 Hi Christos, here is my patch. please check.
 
 cvs diff: Diffing netipsec
 Index: netipsec/key.c
 ===================================================================
 RCS file: /cvs/cvsroot/src/sys/netipsec/key.c,v
 retrieving revision 1.90
 diff -u -w -p -r1.90 key.c
 --- netipsec/key.c      5 Jun 2014 17:18:19 -0000       1.90
 +++ netipsec/key.c      13 Jun 2014 11:54:57 -0000
 @@ -5612,11 +5612,14 @@ key_getmsgbuf_x1(struct mbuf *m, const s
                 panic("key_getmsgbuf_x1: NULL pointer is passed");
 
         /* create new sadb_msg to reply. */
 -       n = key_gather_mbuf(m, mhp, 1, 9, SADB_EXT_RESERVED,
 +       n = key_gather_mbuf(m, mhp, 1, 15, SADB_EXT_RESERVED,
             SADB_EXT_SA, SADB_X_EXT_SA2,
             SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST,
             SADB_EXT_LIFETIME_HARD, SADB_EXT_LIFETIME_SOFT,
 -           SADB_EXT_IDENTITY_SRC, SADB_EXT_IDENTITY_DST);
 +           SADB_EXT_IDENTITY_SRC, SADB_EXT_IDENTITY_DST,
 +           SADB_X_EXT_NAT_T_TYPE, SADB_X_EXT_NAT_T_SPORT,
 +           SADB_X_EXT_NAT_T_DPORT, SADB_X_EXT_NAT_T_OAI,
 +           SADB_X_EXT_NAT_T_OAR, SADB_X_EXT_NAT_T_FRAG);
         if (!n)
                 return NULL;
 
 
 -- 
 SUENAGA Hiroki <hsuenaga%netbsd.org@localhost>
 facebook.com/hiroki.suenaga
 
 PGP: 66B3 8939 6758 20BA F243  89EC 557A 8CFB ABA9 5E92
Home | Main Index | Thread Index | Old Index