Bug 137309

Summary: [ipsec] sequence number in a SADB_X_SPDGET response is set to zero
Product: Base System Reporter: Tobias Brunner <tobias.brunner>
Component: kernAssignee: Andrey V. Elsukov <ae>
Status: Closed FIXED    
Severity: Affects Only Me CC: ae
Priority: Normal    
Version: 7.2-RELEASE   
Hardware: Any   
OS: Any   

Description Tobias Brunner 2009-07-31 17:00:09 UTC 
A user-land keying daemon can query an IPsec policy by using SADB_X_SPDGET. This request is handled in the function 'key_spdget' in /usr/src/sys/netipsec/key.c. There the function 'key_setdumpsp' is called to generate the actual response. The third parameter of that function specifies the sequence number of the message. It is currently set to zero. In order to be consistent with the behavior of SADB_GET (see function 'key_get', in particular line 5790, in key.c) the third parameter should be changed to the sequence number of the request.

Fix: 

The third parameter of the call to 'key_setdumpsp' (line 2242 in key.c) should be changed to mhp->msg->sadb_msg_seq (i.e. the sequence number of the request).
How-To-Repeat: As described above.
Comment 1 Mark Linimon freebsd_committer freebsd_triage 2009-07-31 17:08:55 UTC 
Responsible Changed
From-To: freebsd-bugs->freebsd-net


Over to maintainer(s).
Comment 2 Bjoern A. Zeeb freebsd_committer freebsd_triage 2009-08-01 09:51:39 UTC 
Responsible Changed
From-To: freebsd-net->bz

Take this one.
Comment 3 Bjoern A. Zeeb freebsd_committer freebsd_triage 2014-05-18 06:01:29 UTC 
Responsible Changed
From-To: bz->gnn

I shall not use bugzilla (at least until we will have a CLI).
Comment 4 Andrey V. Elsukov freebsd_committer freebsd_triage 2015-05-20 10:39:54 UTC 
I touched this code recently, so I'll take this PR.
Comment 5 commit-hook freebsd_committer freebsd_triage 2015-05-20 12:00:14 UTC 
A commit references this bug:

Author: ae
Date: Wed May 20 11:59:53 UTC 2015
New revision: 283146
URL: https://svnweb.freebsd.org/changeset/base/283146

Log:
  In the reply to SADB_X_SPDGET message use the same sequence number that
  was in the request. Some IKE deamons expect it will the same. Linux and
  NetBSD also follow this behaviour.

  PR:		137309
  MFC after:	2 weeks

Changes:
  head/sys/netipsec/key.c
Comment 6 commit-hook freebsd_committer freebsd_triage 2015-06-03 02:51:36 UTC 
A commit references this bug:

Author: ae
Date: Wed Jun  3 02:50:59 UTC 2015
New revision: 283937
URL: https://svnweb.freebsd.org/changeset/base/283937

Log:
  MFC r283146:
    In the reply to SADB_X_SPDGET message use the same sequence number that
    was in the request. Some IKE deamons expect it will the same. Linux and
    NetBSD also follow this behaviour.

    PR:		137309

Changes:
_U  stable/10/
  stable/10/sys/netipsec/key.c
Comment 7 Andrey V. Elsukov freebsd_committer freebsd_triage 2015-06-03 03:00:45 UTC 
Fixed in head/ and stable/10. Thanks!