kern/52161: ipsec: tunnel mode with AH over IPv6 doesn't work

To: kern-bug-people%netbsd.org@localhost,gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost
Subject: kern/52161: ipsec: tunnel mode with AH over IPv6 doesn't work
From: ozaki-r%netbsd.org@localhost
Date: Fri, 14 Apr 2017 03:25:00 +0000 (UTC)

>Number:         52161
>Category:       kern
>Synopsis:       ipsec: tunnel mode with AH over IPv6 doesn't work
>Confidential:   no
>Severity:       critical
>Priority:       medium
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Fri Apr 14 03:25:00 +0000 2017
>Originator:     Ryota Ozaki
>Release:        -current
>Organization:
IIJ
>Environment:
NetBSD 7.99.69 (RUMP-ROAST)
on
NetBSD rangeley 7.99.66 NetBSD 7.99.66 (RANGELEY) #68: Thu Mar 16 12:44:31 JST 2017  ozaki-r@rangeley:(hidden) amd64
>Description:
IPsec doesn't work with the tunnel mode with AH over IPv6. The Tx side of
a tunnel successfully sends a packet with AH header however the Rx side
of the tunnel fails to receive the packet:
  ah_input: authentication hash mismatch over 20 bytes for packet in SA fc00::2/00002710:
  4940:a796:6f38:752b:8602:f2fa, 6523:ec6b:c941:bcf1:1ae2:3460

Only null algorithm on the setups works so something goes wrong on
hash calculations of the Tx or Rx (or both).

Note that the tunnel mode with AH over IPv4 works,
the tunnel mode with ESP over IPv6 works and
the transport mode with AH over IPv6 works.

>How-To-Repeat:
Run t_ipsec_tunnel (tests/net/ipsec/t_ipsec_tunnel.sh)
>Fix:
n/a

Prev by Date: PR/52098 CVS commit: src/sys/dev
Next by Date: PR/52161 CVS commit: src/tests/net/ipsec
Previous by Thread: PR/52154 CVS commit: src/sys/dev/usb
Next by Thread: PR/52161 CVS commit: src/tests/net/ipsec
Indexes:

Home | Main Index | Thread Index | Old Index