From nobody@FreeBSD.org  Thu Nov 27 03:00:23 2008
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 1F6991065672
	for <freebsd-gnats-submit@FreeBSD.org>; Thu, 27 Nov 2008 03:00:23 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (www.freebsd.org [IPv6:2001:4f8:fff6::21])
	by mx1.freebsd.org (Postfix) with ESMTP id 17ACC8FC19
	for <freebsd-gnats-submit@FreeBSD.org>; Thu, 27 Nov 2008 03:00:23 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.14.3/8.14.3) with ESMTP id mAR30MIC002024
	for <freebsd-gnats-submit@FreeBSD.org>; Thu, 27 Nov 2008 03:00:22 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.14.3/8.14.3/Submit) id mAR30M9V002019;
	Thu, 27 Nov 2008 03:00:22 GMT
	(envelope-from nobody)
Message-Id: <200811270300.mAR30M9V002019@www.freebsd.org>
Date: Thu, 27 Nov 2008 03:00:22 GMT
From: wang jiabo <jiabwang@redhat.com>
To: freebsd-gnats-submit@FreeBSD.org
Subject: freebsd6.2 kernel cannot support ipsec "-E null -A hmac-sha1", FreeBSD7.0 kernel cannot support -A aes-xcbc-mac
X-Send-Pr-Version: www-3.1
X-GNATS-Notify:

>Number:         129218
>Category:       bin
>Synopsis:       [ipsec]: freebsd6.2 kernel cannot support ipsec "-E null -A hmac-sha1", FreeBSD7.0 kernel cannot support -A aes-xcbc-mac
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    freebsd-net
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Nov 27 03:10:01 UTC 2008
>Closed-Date:    Thu Nov 27 09:55:18 UTC 2008
>Last-Modified:  Thu Nov 27 09:55:18 UTC 2008
>Originator:     wang jiabo
>Release:        FreeBSD6.2 and 7.0
>Organization:
redhat
>Environment:
FreeBSD6.2 release
FreeBSD7.0 release
>Description:
on FreeBSD6.2:
I setup setkey file:

flush;
spdflush;
add 3ffe:501:ffff:103:20a:ebff:fe85:9e56 3ffe:501:ffff:104:21d:fff:fe19:59fc esp 0x2000 -m transport -E null -A hmac-sha1 ipv6readylogsha11to2;
spdadd 3ffe:501:ffff:103:20a:ebff:fe85:9e56 3ffe:501:ffff:104:21d:fff:fe19:59fc any -P in ipsec esp/transport//require;
add 3ffe:501:ffff:104:21d:fff:fe19:59fc 3ffe:501:ffff:103:20a:ebff:fe85:9e56 esp 0x1000 -m transport -E null -A hmac-sha1 ipv6readylogsha12to1;
spdadd 3ffe:501:ffff:104:21d:fff:fe19:59fc 3ffe:501:ffff:103:20a:ebff:fe85:9e56 any -P out ipsec esp/transport//require;

system report&#65306;
The result of line 3 : Invalid argument
The result of line 5 : Invalid argument 

on FreeBSD7.0:
 I setup setkey file:
add 3ffe:501:ffff:103:20a:ebff:fe85:9e56 3ffe:501:ffff:104:21d:fff:fe19:59fc esp 0x2000 -m transport -E 3des-cbc 
"ipv6readylogo3descbc1to2" -A aes-xcbc-mac "ipv6readaesx1to2"; 

then run: * setkey -f /etc/ipsec.conf*
system report :  
   line 4 : Not supported at [ipv6readaesx1to2] 
   parse failed, line 4.
 
>How-To-Repeat:
set setkey configuration, and run "setkey -f setkey.conf"
>Fix:


>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-i386->freebsd-net 
Responsible-Changed-By: remko 
Responsible-Changed-When: Thu Nov 27 07:43:48 UTC 2008 
Responsible-Changed-Why:  
reassign to networking team 

http://www.freebsd.org/cgi/query-pr.cgi?pr=129218 

From: wang_jiabo <jiabwang@redhat.com>
To: FreeBSD-gnats-submit@FreeBSD.org, freebsd-i386@FreeBSD.org
Cc:  
Subject: Re: i386/129218: freebsd6.2 kernel cannot support ipsec "-E null
 -A hmac-sha1", FreeBSD7.0 kernel cannot support -A aes-xcbc-mac
Date: Thu, 27 Nov 2008 17:23:58 +0800

 FreeBSD-gnats-submit@FreeBSD.org wrote:
 > Thank you very much for your problem report.
 > It has the internal identification `i386/129218'.
 > The individual assigned to look at your
 > report is: freebsd-i386. 
 >
 > You can access the state of your problem report at any time
 > via this link:
 >
 > http://www.freebsd.org/cgi/query-pr.cgi?pr=129218
 >
 >   
 >> Category:       i386
 >> Responsible:    freebsd-i386
 >> Synopsis:       freebsd6.2 kernel cannot support ipsec "-E null -A hmac-sha1", FreeBSD7.0 kernel cannot support -A aes-xcbc-mac
 >> Arrival-Date:   Thu Nov 27 03:10:01 UTC 2008
 >>     
 How to close the bug, I found that freebsd 6.3 can reslove the problem.
 but i do not know why FreeBSD7.0 can not support ipsec aes-xcbc-mac and 
 null  AH
 Thanks
State-Changed-From-To: open->closed 
State-Changed-By: remko 
State-Changed-When: Thu Nov 27 09:55:17 UTC 2008 
State-Changed-Why:  
Close per request of the submitter. the other question you have should 
be asked on the net@ mailinglist I think since this might be an 
implementation decision but isn't a bug just yet. Thanks for reporting 
and taking the time to make freebsd better. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=129218 
>Unformatted:
