NetBSD-Bugs archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
PR/56836 CVS commit: src/sys/netipsec
The following reply was made to PR kern/56836; it has been noted by GNATS.
From: "Christos Zoulas" <christos%netbsd.org@localhost>
To: gnats-bugs%gnats.NetBSD.org@localhost
Cc:
Subject: PR/56836 CVS commit: src/sys/netipsec
Date: Wed, 19 Oct 2022 17:28:03 -0400
Module Name: src
Committed By: christos
Date: Wed Oct 19 21:28:03 UTC 2022
Modified Files:
src/sys/netipsec: key.c xform_ipcomp.c
Log Message:
PR/56836: Andrew Cagney: IPv6 ESN tunneling IPcomp has corrupt header
Always always send / expect CPI in IPcomp header
Fixes kern/56836 where an IPsec interop combining compression and
ESP|AH would fail.
Since fast ipsec, the outgoing IPcomp header has contained the
compression algorithm instead of the CPI. Adding the
SADB_X_EXT_RAWCPI flag worked around this but ...
The IPcomp's SADB was unconditionally hashed using the compression
algorithm instead of the CPI. This meant that an incoming packet with
a valid CPI could never match its SADB.
To generate a diff of this commit:
cvs rdiff -u -r1.277 -r1.278 src/sys/netipsec/key.c
cvs rdiff -u -r1.74 -r1.75 src/sys/netipsec/xform_ipcomp.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Home |
Main Index |
Thread Index |
Old Index