From ler@lerlaptop-red.iadfw.net  Mon Mar  1 13:20:04 2004
Return-Path: <ler@lerlaptop-red.iadfw.net>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 3B09D16A4CF
	for <FreeBSD-gnats-submit@freebsd.org>; Mon,  1 Mar 2004 13:20:04 -0800 (PST)
Received: from lerlaptop-red.iadfw.net (lerlaptop-red.iadfw.net [207.136.3.72])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 1078143D53
	for <FreeBSD-gnats-submit@freebsd.org>; Mon,  1 Mar 2004 13:20:04 -0800 (PST)
	(envelope-from ler@lerlaptop-red.iadfw.net)
Received: from lerlaptop-red.iadfw.net (localhost [127.0.0.1])
	by lerlaptop-red.iadfw.net (8.12.11/8.12.10) with ESMTP id i21LK309000964
	for <FreeBSD-gnats-submit@freebsd.org>; Mon, 1 Mar 2004 15:20:03 -0600 (CST)
	(envelope-from ler@lerlaptop-red.iadfw.net)
Received: (from ler@localhost)
	by lerlaptop-red.iadfw.net (8.12.11/8.12.10/Submit) id i21LK3lM000959;
	Mon, 1 Mar 2004 15:20:03 -0600 (CST)
	(envelope-from ler)
Message-Id: <200403012120.i21LK3lM000959@lerlaptop-red.iadfw.net>
Date: Mon, 1 Mar 2004 15:20:03 -0600 (CST)
From: Larry Rosenman <ler@lerctr.org>
Reply-To: Larry Rosenman <ler@lerctr.org>
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: setkey no longer recognizes tcp in an spdadd line
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         63616
>Category:       bin
>Synopsis:       setkey no longer recognizes tcp in an spdadd line
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon Mar 01 13:20:11 PST 2004
>Closed-Date:    Tue Apr 06 03:02:34 PDT 2004
>Last-Modified:  Tue Apr 06 03:02:34 PDT 2004
>Originator:     Larry Rosenman
>Release:        FreeBSD 5.2-CURRENT i386
>Organization:
LERCTR Consulting
>Environment:
System: FreeBSD lerlaptop-red.iadfw.net 5.2-CURRENT FreeBSD 5.2-CURRENT #96: Mon Mar 1 12:13:00 CST 2004 ler@lerlaptop-red.iadfw.net:/usr/obj/usr/src/sys/LERLAPTOP i386


	
>Description:
I have the following /etc/ipsec.conf:

spdflush;
#spdadd 207.158.72.14[any] 207.158.72.11[53] udp -P out none;
#spdadd 207.158.72.14[any] 192.147.25.11[53] udp -P out none;
#spdadd 207.158.72.11[53] 207.158.72.14[any] udp -P in none;
#spdadd 192.147.25.11[53] 207.158.72.14[any] udp -P in none;
#spdadd 207.158.72.14[any] 207.158.72.45[53] udp -P out none;
#spdadd 207.158.72.14[any] 192.147.25.45[53] udp -P out none;
#spdadd 207.158.72.45[53] 207.158.72.14[any] udp -P in none;
#spdadd 192.147.25.45[53] 207.158.72.14[any] udp -P in none;
#spdadd 207.158.72.14[any] 207.159.72.11[500] any -P out ipsec
#	esp/transport//use;
#spdadd 207.158.72.14[any] 192.147.25.11[500] any -P out ipsec
#	esp/transport//use;
#spdadd 207.158.72.11[500] 207.158.72.14[any] any -P in ipsec
#	esp/transport//use;
#spdadd 192.147.25.11[500] 207.158.72.14[any] any -P in ipsec
#	esp/transport//use;
#spdadd 207.158.72.14[any] 207.159.72.45[500] any -P out ipsec
#	esp/transport//use;
#spdadd 207.158.72.14[any] 192.147.25.45[500] any -P out ipsec
#	esp/transport//use;
#spdadd 207.158.72.45[500] 207.158.72.14[any] any -P in ipsec
#	esp/transport//use;
#spdadd 192.147.25.45[500] 207.158.72.14[any] any -P in ipsec
#	esp/transport//use;
spdadd 207.158.72.14[any] 207.158.72.11[any] tcp -P out ipsec 
       esp/transport//require ;
spdadd 207.158.72.14[any] 192.147.25.11[any] tcp -P out ipsec 
       esp/transport//require ;
spdadd 207.158.72.11[any] 207.158.72.14[any] tcp -P in ipsec 
       esp/transport//require ;
spdadd 192.147.25.11[any] 207.158.72.14[any] tcp -P in ipsec 
       esp/transport//require ;
#spdadd 207.158.72.14[any] 207.158.72.45[any] any -P out ipsec 
#       esp/transport//require ;
#spdadd 207.158.72.14[any] 192.147.25.45[any] any -P out ipsec 
#       esp/transport//require ;
#spdadd 207.158.72.45[any] 207.158.72.14[any] any -P in ipsec 
#       esp/transport//require ;
#spdadd 192.147.25.45[any] 207.158.72.14[any] any -P in ipsec 
#       esp/transport//require ;
#######
#spdadd 207.136.3.72[any] 207.158.72.11[53] udp -P out none;
#spdadd 207.158.72.11[53] 207.136.3.72[any] udp -P in none;
#spdadd 207.136.3.72[any] 192.147.25.11[53] udp -P out none;
#spdadd 192.147.25.11[53] 207.136.3.72[any] udp -P in none;
#spdadd 207.136.3.72[any] 207.158.72.11[500] udp -P out ipsec
#	esp/transport//use;
#spdadd 207.158.72.11[500] 207.136.3.72[any] any -P in ipsec
#	esp/transport//use;
#spdadd 207.136.3.72[any] 192.147.25.11[500] any -P out ipsec
#	esp/transport//use;
#spdadd 192.147.25.11[500] 207.136.3.72[any] any -P in ipsec
#	esp/transport//use;
spdadd 207.136.3.72[any] 207.158.72.11[any] tcp -P out ipsec 
       esp/transport//require ;
spdadd 207.136.3.72[any] 192.147.25.11[any] tcp -P out ipsec 
       esp/transport//require ;
spdadd 207.158.72.11[any] 207.136.3.72[any] tcp -P in ipsec 
       esp/transport//require ;
spdadd 192.147.25.11[any] 207.136.3.72[any] tcp -P in ipsec 
       esp/transport//require ;
#spdadd 207.136.3.72[any] 207.158.72.45[any] any -P out ipsec 
#       esp/transport//require ;
#spdadd 207.136.3.72[any] 192.147.25.45[any] any -P out ipsec 
#       esp/transport//require ;
#spdadd 207.158.72.45[any] 207.136.3.72[any] any -P in ipsec 
#       esp/transport//require ;
#spdadd 192.147.25.45[any] 207.136.3.72[any] any -P in ipsec 
#       esp/transport//require ;
#######

and when I booted today's -CURRENT, it complained about [tcp] on line 26. 

This had been working with a kernel / world from ~1 month ago. 

I changed all the uncommented lines to have any in that field, and it parses, 
but this is BROKEN. 


>How-To-Repeat:
See above
>Fix:
>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->feedback 
State-Changed-By: bms 
State-Changed-When: Wed Mar 31 10:39:43 PST 2004 
State-Changed-Why:  
I committed a fix from ume-san for this, does this solve the problem for you? 
Awaiting test results on -STABLE before MFCing. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=63616 
State-Changed-From-To: feedback->closed 
State-Changed-By: bms 
State-Changed-When: Tue Apr 6 03:02:13 PDT 2004 
State-Changed-Why:  
Fix from ume@ committed on HEAD and RELENG_4. thanks! 

http://www.freebsd.org/cgi/query-pr.cgi?pr=63616 
>Unformatted:
