kern/56833: SADB_UPDATE doesn't update the mode

To: kern-bug-people%netbsd.org@localhost,gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost
Subject: kern/56833: SADB_UPDATE doesn't update the mode
From: andrew.cagney%gmail.com@localhost
Date: Sat, 14 May 2022 13:20:00 +0000 (UTC)

>Number:         56833
>Category:       kern
>Synopsis:       SADB_UPDATE doesn't update the mode
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sat May 14 13:20:00 +0000 2022
>Originator:     Andrew Cagney
>Release:        9.2
>Organization:
>Environment:
NetBSD netbsdw 9.2 NetBSD 9.2 (GENERIC) #0: Wed May 12 13:15:55 UTC 2021  mkrepro%mkrepro.NetBSD.org@localhost:/usr/src/sys/arch/i386/compile/GENERIC i386
>Description:
Given a kernel state (SPDB) entry allocated using SPDB_GETSPI updating it doesn't update the mode.

But why would the mode change?

Initiator proposes:
   IPcomp+ESP+tunnel
which means it could tentatively allocate (using SPDB_GETSPI):
   IPcomp SPI + tunnel
   ESP SPI + transport
(it could also ask for +any) and sends that to the responder.
The respoonder then rejects IPcomp and instead establishes just:
   ESP+tunnel
so now the initiator, gets to delete the IPcomp entry (or let it expire) and update the ESP entry to tunnel mode.

I should note that it looks like NetBSD ignores the mode on SPDB entries.  For instance, using IPv4, I found when the code asks for:
   IPcomp SPI + tunnel
   ESP SPI + tunnel
and then tries to update things to:
   IPcomp SPI + tunnel
   ESP SPI + transport
the ESP entries' mode is left as tunnel yet (small) packets still interop.

>How-To-Repeat:
Below is with IPv6, it also applies to IPv4

getspi  2001:db8:1:2::23 2001:db8:1:2::45 esp 0 ; dump ;
2001:db8:1:2::23 2001:db8:1:2::45 
        esp mode=any spi=182168845(0x0adbad0d) reqid=0(0x00000000)
        seq=0x00000000 replay=0 flags=0x00000000 state=larval 
        sadb_seq=0 pid=1486 refcnt=0
update 2001:db8:1:2::23 2001:db8:1:2::45 esp 182168845  -m transport -E rijndael-cbc "aaaaaaaaaaaaaaaa"; dump;
2001:db8:1:2::23 2001:db8:1:2::45 
        esp mode=any spi=182168845(0x0adbad0d) reqid=0(0x00000000)
        E: aes-cbc  61616161 61616161 61616161 61616161
        seq=0x00000000 replay=0 flags=0x00000040 state=mature 
        created: May 14 12:45:40 2022   current: May 14 12:45:40 2022
        diff: 0(s)      hard: 0(s)      soft: 0(s)
        last: May 14 02:59:20 2022      hard: 0(s)      soft: 0(s)
        current: 0(bytes)       hard: 0(bytes)  soft: 0(bytes)
        allocated: 0    hard: 0 soft: 0
        sadb_seq=0 pid=1486 refcnt=0

>Fix:
Workaround is to just leave the mode=any

(bigger problem is a lack of a pointer (ID) from the SPD's rule to the SADB)

Prev by Date: Re: port-sparc64/56829 (miniroot.fs no longer boots)
Next by Date: kern/56834: add aes-sha1 (say) to t_ipsec_tunnel_ipcomp
Previous by Thread: Re: port-sparc64/56829 (miniroot.fs no longer boots)
Next by Thread: kern/56834: add aes-sha1 (say) to t_ipsec_tunnel_ipcomp
Indexes:

Home | Main Index | Thread Index | Old Index