| To: | netdev@xxxxxxxxxxx |
|---|---|
| Subject: | Re: IPsec tunnel mode bug - malformed, misaddressed packets |
| From: | "Christopher K. Johnson" <ckjohnson@xxxxxxx> |
| Date: | Mon, 18 Oct 2004 19:17:50 -0400 |
| In-reply-to: | <20041018010816.GA30059@xxxxxxxxxxxxxxxxxxx> |
| References: | <41725CF5.2010606@xxxxxxx> <20041018010816.GA30059@xxxxxxxxxxxxxxxxxxx> |
| Sender: | netdev-bounce@xxxxxxxxxxx |
| User-agent: | Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.3) Gecko/20040922 |
Herbert Xu wrote: I updated the vpn peers to ipsec-tools-0.3.3-1 from fedora core development and the problem is the same. I captured a packet trace to verify. Any takers for an ipsec-tools bug? I'll gladly provide more details off-list.On Sun, Oct 17, 2004 at 11:52:21AM +0000, Christopher K. Johnson wrote:There is an ipsec bug in FC2 kernel 2.6.8-1.521 for ipsec tunnel mode. I have proven with a packet trace that some packets are misaddressed. Specifically it constructs a packet of the form: IP header1 | AH header | IP header2 | ESPIn this case, racoon needs to be taught that only the inner SA should be marked as tunnel mode. Thanks. |
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| ||
| Previous by Date: | [PATCH 2.6.9-rc4-bk3-netdev3 3/3] r8169: netconsole support, Francois Romieu |
|---|---|
| Next by Date: | Re: [PATCH 2.6]: Fix policy update bug when increasing priority of last policy, Herbert Xu |
| Previous by Thread: | Re: IPsec tunnel mode bug - malformed, misaddressed packets, Herbert Xu |
| Next by Thread: | Re: IPsec tunnel mode bug - malformed, misaddressed packets, Herbert Xu |
| Indexes: | [Date] [Thread] [Top] [All Lists] |