Bug 202091

Summary: IPsec aes-gcm does not support ICV8 or ICV12
Product: Base System Reporter: John-Mark Gurney <jmg>
Component: kernAssignee: George V. Neville-Neil <gnn>
Status: New ---    
Severity: Affects Some People    
Priority: ---    
Version: CURRENT   
Hardware: Any   
OS: Any   

Description John-Mark Gurney freebsd_committer freebsd_triage 2015-08-04 20:03:51 UTC 
setkey does not support ICV8 or ICV12.

With the recent changes I made, I know the kernel support ICV16, but it will break if ICV8 or ICV12 is used.  This could be panics or corrupted packets.

Test and verify that ICV8 and ICV12 cannot be set in the kernel on an SA, or fix them, though this may be harder to do.