Re: IPsec tunnel mode bug - malformed, misaddressed packets

netdev

Re: IPsec tunnel mode bug - malformed, misaddressed packets

To:	netdev@xxxxxxxxxxx
Subject:	Re: IPsec tunnel mode bug - malformed, misaddressed packets
From:	"Christopher K. Johnson" <ckjohnson@xxxxxxx>
Date:	Mon, 18 Oct 2004 19:17:50 -0400
In-reply-to:	<20041018010816.GA30059@gondor.apana.org.au>
References:	<41725CF5.2010606@gwi.net> <20041018010816.GA30059@gondor.apana.org.au>
Sender:	netdev-bounce@xxxxxxxxxxx
User-agent:	Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.3) Gecko/20040922

Herbert Xu wrote:

On Sun, Oct 17, 2004 at 11:52:21AM +0000, Christopher K. Johnson wrote:

There is an ipsec bug in FC2 kernel 2.6.8-1.521 for ipsec tunnel mode. I have proven with a packet trace that some packets are misaddressed. Specifically it constructs a packet of the form: IP header1 | AH header | IP header2 | ESP

In this case, racoon needs to be taught that only the inner SA should be marked as tunnel mode.

I updated the vpn peers to ipsec-tools-0.3.3-1 from fedora core development and the problem is the same. I captured a packet trace to verify. Any takers for an ipsec-tools bug? I'll gladly provide more details off-list.

Thanks.

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
IPsec tunnel mode bug - malformed, misaddressed packets, Christopher K. Johnson Re: IPsec tunnel mode bug - malformed, misaddressed packets, Herbert Xu Re: IPsec tunnel mode bug - malformed, misaddressed packets, Christopher K. Johnson <= Re: IPsec tunnel mode bug - malformed, misaddressed packets, Herbert Xu

Previous by Date:	[PATCH 2.6.9-rc4-bk3-netdev3 3/3] r8169: netconsole support, Francois Romieu
Next by Date:	Re: [PATCH 2.6]: Fix policy update bug when increasing priority of last policy, Herbert Xu
Previous by Thread:	Re: IPsec tunnel mode bug - malformed, misaddressed packets, Herbert Xu
Next by Thread:	Re: IPsec tunnel mode bug - malformed, misaddressed packets, Herbert Xu
Indexes:	[Date] [Thread] [Top] [All Lists]