The setkey manual says that the null encryption mode is supported, but when trying to create a SA with -E null it will result in a Invalid Argument. This is because the SADB_EXT_KEY_ENCRYPT is not included in to the PF_KEY message, if the null is defined. Although it should be included in case the mode is ESP because the kernel expects to receive it whenever the SA type is ESP even if the null encryption is to be used. Fix: /* set encryption algorithm, if present. */ - if (satype != SADB_X_SATYPE_IPCOMP && p_key_enc) { + if (satype != SADB_X_SATYPE_IPCOMP && + (p_key_enc || satype == SADB_SATYPE_ESP)) { struct sadb_key m_key; m_key.sadb_key_len =--KloQauqE7jntzfl9CaGVn236DwcNX84HFPhfZ0mHDrbbyoUi Content-Type: text/plain; name="file.diff" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="file.diff" Index: parse.y =================================================================== RCS file: /opt/beet/src/sbin/setkey/parse.y,v retrieving revision 1.3 diff -u -r1.3 parse.y --- parse.y 14 Nov 2006 13:10:24 -0000 1.3 +++ parse.y 16 Nov 2006 11:28:28 -0000 @@ -1029,7 +1029,8 @@ l = sizeof(struct sadb_msg); How-To-Repeat: # ./setkey -c add 10.10.19.50 10.10.19.100 esp 1680464666 -m transport -E null -A hmac-md5 "authentication!!" ; The result of line 1: Invalid argument.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I found today that this bug still exists in 9.1-STABLE r245089, and that the suggested patch appears to fix it. If any further testing or analysis is needed prior to committing a fix, I would be glad to help. CC: freebsd-net@ in the hopes of being noticed and adopted -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with undefined - http://www.enigmail.net/ iQEcBAEBAgAGBQJRCb3gAAoJEEdKvTwaez9w4k8H/3sX3Z4UXcDxDGxFr7Mkhruf tpye1L8L6RM1ojatg+sPNnHKfasTULU7YDvgULDcDQfUXZ9UsSGXO+rWbyWpsWpq l2mLl5oxxQf5lcazshxuApkmhsvKKOBI6wAtXz0y/i88wpCREiqVIGRLL30KK+yh ENOkDz08iFtaKpK7+fIFmlJjSc4e8uXnA6Lnr0rjcDXW77KkmA+nFcw0x0FhZDKn pRSzX2hRaGLak6U5Bj03/lsxnsZSVIHg7ztqJSEvp+YQfmeA1ENxlnCdeAP0Polk HFO4ROPHW0sWvjfJypcohxbWgyIkJbYcPeqnBfoKyUUpEATFuXNX4dLtAIVjOqA= =3N3O -----END PGP SIGNATURE-----
On 30 January 2013 19:42, John W. O'Brien <john@saltant.com> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > I found today that this bug still exists in 9.1-STABLE r245089, and > that the suggested patch appears to fix it. > > If any further testing or analysis is needed prior to committing a > fix, I would be glad to help. > > CC: freebsd-net@ in the hopes of being noticed and adopted The patch is maleformed in the PR. Perhaps you could attach and resend? -- Eitan Adler
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 01/30/2013 11:31 PM, Eitan Adler wrote: > The patch is maleformed in the PR. Perhaps you could attach and > resend? Gladly. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with undefined - http://www.enigmail.net/ iQEcBAEBAgAGBQJRCmbyAAoJEEdKvTwaez9woYkH/0Wm/KjM+6ggRfDs6hcHDE0X J1KCr3+Y2NAkCXk76uQB2S0K4g1NMF6oIP3JWAMaRKww9m9kaWTHz9wZAqeaVa8c DriGjePFLUs+ukjRWuYKwYbTHzF/21DTxzOvkqAXOnprZiwY4T4a+WtF0SPAL5lO FyZTtH0XV+jW3o5sZ5XFQeNhAwbREvvv9VUp6mw6IoUi0dDcfeF3GVE/a63d2YDy A4UKqsQOIC/hzQqtQBrSOfXTPylb0C4mjflzX50lMLfNI3Xi7NA/NnyGG2p1FSW1 XHngu2TSULx6OQOenX/xUh2Kag1yBxOv32UKNuR2/zX4CO5q8+CVZx7tQS9lkY0= =irDK -----END PGP SIGNATURE-----
For bugs matching the following criteria: Status: In Progress Changed: (is less than) 2014-06-01 Reset to default assignee and clear in-progress tags. Mail being skipped
Keyword: patch or patch-ready – in lieu of summary line prefix: [patch] * bulk change for the keyword * summary lines may be edited manually (not in bulk). Keyword descriptions and search interface: <https://bugs.freebsd.org/bugzilla/describekeywords.cgi>