NetBSD-Bugs archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

PR/56836 CVS commit: src/sys/netipsec



The following reply was made to PR kern/56836; it has been noted by GNATS.

From: "Christos Zoulas" <christos%netbsd.org@localhost>
To: gnats-bugs%gnats.NetBSD.org@localhost
Cc: 
Subject: PR/56836 CVS commit: src/sys/netipsec
Date: Wed, 19 Oct 2022 17:28:03 -0400

 Module Name:	src
 Committed By:	christos
 Date:		Wed Oct 19 21:28:03 UTC 2022
 
 Modified Files:
 	src/sys/netipsec: key.c xform_ipcomp.c
 
 Log Message:
 PR/56836: Andrew Cagney: IPv6 ESN tunneling IPcomp has corrupt header
 
 Always always send / expect CPI in IPcomp header
 
 Fixes kern/56836 where an IPsec interop combining compression and
 ESP|AH would fail.
 
 Since fast ipsec, the outgoing IPcomp header has contained the
 compression algorithm instead of the CPI.  Adding the
 SADB_X_EXT_RAWCPI flag worked around this but ...
 
 The IPcomp's SADB was unconditionally hashed using the compression
 algorithm instead of the CPI.  This meant that an incoming packet with
 a valid CPI could never match its SADB.
 
 
 To generate a diff of this commit:
 cvs rdiff -u -r1.277 -r1.278 src/sys/netipsec/key.c
 cvs rdiff -u -r1.74 -r1.75 src/sys/netipsec/xform_ipcomp.c
 
 Please note that diffs are not public domain; they are subject to the
 copyright notices on the relevant files.
 


Home | Main Index | Thread Index | Old Index