NetBSD-Bugs archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: kern/56836: IPv6 ESN tunneling IPcomp has corrupt header
The following reply was made to PR kern/56836; it has been noted by GNATS.
From: Andrew Cagney <andrew.cagney%gmail.com@localhost>
To: gnats-bugs%netbsd.org@localhost
Cc:
Subject: Re: kern/56836: IPv6 ESN tunneling IPcomp has corrupt header
Date: Sat, 14 May 2022 21:34:35 -0400
(yes ESP, not ESN)
I suspect something to do with code testing for SADB_X_EXT_RAWCPI,
note this contradiction:
in key.c RAWCPI==0 means use ->spi:
case IPPROTO_IPCOMP:
if ((sav->flags & SADB_X_EXT_RAWCPI) == 0
&& ntohl(sav->spi) >= 0x10000) {
IPSECLOG(LOG_DEBUG, "invalid cpi for IPComp.\n");
return(EINVAL);
}
but in xform_ipcomp.c RAWCPI != 0 means use ->spi vis:
if ((sav->flags & SADB_X_EXT_RAWCPI) == 0)
cpi = sav->alg_enc;
else
cpi = ntohl(sav->spi) & 0xffff;
setting the flag seems to fix packets from NetBSD->linux, but not the reverse.
Home |
Main Index |
Thread Index |
Old Index