NetBSD-Bugs archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: kern/56836: IPv6 ESN tunneling IPcomp has corrupt header

The following reply was made to PR kern/56836; it has been noted by GNATS.

From: Andrew Cagney <andrew.cagney%gmail.com@localhost>
To: gnats-bugs%netbsd.org@localhost
Cc: 
Subject: Re: kern/56836: IPv6 ESN tunneling IPcomp has corrupt header
Date: Sat, 14 May 2022 21:34:35 -0400

 (yes ESP, not ESN)
 
 I suspect something to do with code testing for SADB_X_EXT_RAWCPI,
 note this contradiction:
 
 in key.c RAWCPI==0 means use ->spi:
     case IPPROTO_IPCOMP:
     if ((sav->flags & SADB_X_EXT_RAWCPI) == 0
         && ntohl(sav->spi) >= 0x10000) {
             IPSECLOG(LOG_DEBUG, "invalid cpi for IPComp.\n");
             return(EINVAL);
   }
 but in xform_ipcomp.c RAWCPI != 0 means use ->spi vis:
     if ((sav->flags & SADB_X_EXT_RAWCPI) == 0)
             cpi = sav->alg_enc;
     else
             cpi = ntohl(sav->spi) & 0xffff;
 
 setting the flag seems to fix packets from NetBSD->linux, but not the reverse.
Home | Main Index | Thread Index | Old Index