From kazuaki@aliceblue.jp  Sun Feb 17 10:22:08 2008
Return-Path: <kazuaki@aliceblue.jp>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 1BEA416A41B
	for <FreeBSD-gnats-submit@freebsd.org>; Sun, 17 Feb 2008 10:22:08 +0000 (UTC)
	(envelope-from kazuaki@aliceblue.jp)
Received: from pd5f7be.tokyff01.ap.so-net.ne.jp (pd5f7be.tokyff01.ap.so-net.ne.jp [202.213.247.190])
	by mx1.freebsd.org (Postfix) with ESMTP id 0439213C45B
	for <FreeBSD-gnats-submit@freebsd.org>; Sun, 17 Feb 2008 10:22:07 +0000 (UTC)
	(envelope-from kazuaki@aliceblue.jp)
Received: from router.aliceblue.jp (localhost.aliceblue.jp [127.0.0.1])
	by pd5f7be.tokyff01.ap.so-net.ne.jp (Postfix) with ESMTP id 87DC5597C72
	for <FreeBSD-gnats-submit@freebsd.org>; Sun, 17 Feb 2008 19:11:14 +0900 (JST)
Received: (from kazuaki@localhost)
	by router.aliceblue.jp (8.14.2/8.14.2/Submit) id m1HABEDO003744;
	Sun, 17 Feb 2008 19:11:14 +0900 (JST)
	(envelope-from kazuaki@aliceblue.jp)
Message-Id: <200802171011.m1HABEDO003744@router.aliceblue.jp>
Date: Sun, 17 Feb 2008 19:11:14 +0900 (JST)
From: Kazuaki ODA <kazuaki@aliceblue.jp>
Reply-To: Kazuaki ODA <kazuaki@aliceblue.jp>
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: [PATCH] IPsec: kernel sends wrong pfkey expire message
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         120751
>Category:       kern
>Synopsis:       [netipsec] [patch] IPsec: kernel sends wrong pfkey expire message
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    bz
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sun Feb 17 10:30:01 UTC 2008
>Closed-Date:    Sat Mar 08 17:39:06 UTC 2008
>Last-Modified:  Sat Mar 08 17:39:06 UTC 2008
>Originator:     Kazuaki ODA
>Release:        FreeBSD 7.0-RC2 i386
>Organization:
>Environment:
System: FreeBSD router.aliceblue.jp 7.0-RC2 FreeBSD 7.0-RC2 #1: Sun Feb 17 15:41:35 JST 2008 kazuaki@router.aliceblue.jp:/usr/src/sys/i386/compile/ROUTER i386


	
>Description:
	The type of members, lft_c, lft_h and lft_s, in struct secasvar have
	been changed from struct sadb_lifetime* to struct seclifetime* at
	netipsec/keydb.h rev. 1.6.  But, key_expire() in netipsec/key.c is
	not aware of the change.  The following code in key_expire() is on
	the assumption that the type of sav->lft_s is struct sadb_lifetime*,
	not struct seclifetime*.

	bcopy(sav->lft_s, lt, sizeof(*lt));

	struct seclifetime does not have the members, len and exttype.  So,
	as the result, kernel sends wrong pfkey expire message to IKE daemon.
>How-To-Repeat:
	Install security/ipsec-tools from the ports, and setup IPsec tunnel.
	racoon outputs the following message:

	libipsec failed pfkey align (Invalid sadb message)

	and, it fails to create new IPsec-SAs before old ones expire.
>Fix:

	It seems the attached patch fixes the problem.  But I am not familiar
	with IPsec code.  Other changes may be needed.  For example, the
	following code in key_setsaval() may have to be modified.

	sav->lft_c = malloc(sizeof(struct sadb_lifetime), M_IPSEC_MISC, M_NOWAIT);

--- key.c.patch begins here ---
--- sys/netipsec/key.c.orig	2007-07-01 20:38:29.000000000 +0900
+++ sys/netipsec/key.c	2008-02-17 15:39:47.000000000 +0900
@@ -6323,7 +6323,12 @@
 	lt->sadb_lifetime_addtime = sav->lft_c->addtime;
 	lt->sadb_lifetime_usetime = sav->lft_c->usetime;
 	lt = (struct sadb_lifetime *)(mtod(m, caddr_t) + len / 2);
-	bcopy(sav->lft_s, lt, sizeof(*lt));
+	lt->sadb_lifetime_len = PFKEY_UNIT64(sizeof(struct sadb_lifetime));
+	lt->sadb_lifetime_exttype = SADB_EXT_LIFETIME_SOFT;
+	lt->sadb_lifetime_allocations = sav->lft_s->allocations;
+	lt->sadb_lifetime_bytes = sav->lft_s->bytes;
+	lt->sadb_lifetime_addtime = sav->lft_s->addtime;
+	lt->sadb_lifetime_usetime = sav->lft_s->usetime;
 	m_cat(result, m);
 
 	/* set sadb_address for source */
--- key.c.patch ends here ---


>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->freebsd-net 
Responsible-Changed-By: linimon 
Responsible-Changed-When: Sun Feb 17 11:11:05 UTC 2008 
Responsible-Changed-Why:  
Over to maintainer(s). 

http://www.freebsd.org/cgi/query-pr.cgi?pr=120751 
Responsible-Changed-From-To: freebsd-net->bz 
Responsible-Changed-By: bz 
Responsible-Changed-When: Sun Feb 17 12:28:30 UTC 2008 
Responsible-Changed-Why:  
I'll take a look 

http://www.freebsd.org/cgi/query-pr.cgi?pr=120751 

From: "Bjoern A. Zeeb" <bz@FreeBSD.org>
To: bug-followup@FreeBSD.org, kazuaki@aliceblue.jp
Cc:  
Subject: Re: kern/120751: [netipsec] [patch] IPsec: kernel sends wrong pfkey
 expire message
Date: Sat, 1 Mar 2008 10:13:17 +0000 (UTC)

 Hi,
 
 can you try this patch and let me know if it works for you?
 
 You can also fetch it from
 http://sources.zabbadoz.net/freebsd/patchset/20080229-01-netipsec-key.c-pr120751.diff
 
 In addition to your patches this should as well fix key_debug.
 I could not find more places missed in the initial commit but
 that doesn't mean they don't exist;-)
 
 
 ! 
 ! Fix bugs for allocation of current lifetime and soft lifetime
 ! handling [1] introduced in rev. 1.21.
 ! Also work around the type problem in key_debug.
 ! 
 ! Submitted by:	Kazuaki ODA (kazuaki aliceblue.jp) [1]
 ! PR:		120751
 ! MFC:		2 weeks
 ! 
 Index: sys/netipsec/key.c
 ===================================================================
 RCS file: /shared/mirror/FreeBSD/r/ncvs/src/sys/netipsec/key.c,v
 retrieving revision 1.28
 diff -u -p -r1.28 key.c
 --- sys/netipsec/key.c	1 Jul 2007 11:38:29 -0000	1.28
 +++ sys/netipsec/key.c	1 Mar 2008 10:05:16 -0000
 @@ -3137,7 +3137,7 @@ key_setsaval(sav, m, mhp)
   	sav->created = time_second;
 
   	/* make lifetime for CURRENT */
 -	sav->lft_c = malloc(sizeof(struct sadb_lifetime), M_IPSEC_MISC, M_NOWAIT);
 +	sav->lft_c = malloc(sizeof(struct seclifetime), M_IPSEC_MISC, M_NOWAIT);
   	if (sav->lft_c == NULL) {
   		ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__));
   		error = ENOBUFS;
 @@ -6323,7 +6323,12 @@ key_expire(struct secasvar *sav)
   	lt->sadb_lifetime_addtime = sav->lft_c->addtime;
   	lt->sadb_lifetime_usetime = sav->lft_c->usetime;
   	lt = (struct sadb_lifetime *)(mtod(m, caddr_t) + len / 2);
 -	bcopy(sav->lft_s, lt, sizeof(*lt));
 +	lt->sadb_lifetime_len = PFKEY_UNIT64(sizeof(struct sadb_lifetime));
 +	lt->sadb_lifetime_exttype = SADB_EXT_LIFETIME_SOFT;
 +	lt->sadb_lifetime_allocations = sav->lft_s->allocations;
 +	lt->sadb_lifetime_bytes = sav->lft_s->bytes;
 +	lt->sadb_lifetime_addtime = sav->lft_s->addtime;
 +	lt->sadb_lifetime_usetime = sav->lft_s->usetime;
   	m_cat(result, m);
 
   	/* set sadb_address for source */
 Index: sys/netipsec/key_debug.c
 ===================================================================
 RCS file: /shared/mirror/FreeBSD/r/ncvs/src/sys/netipsec/key_debug.c,v
 retrieving revision 1.5
 diff -u -p -r1.5 key_debug.c
 --- sys/netipsec/key_debug.c	1 Jul 2007 11:38:29 -0000	1.5
 +++ sys/netipsec/key_debug.c	1 Mar 2008 10:05:16 -0000
 @@ -52,6 +52,9 @@
 
   #include <netinet/in.h>
   #include <netipsec/ipsec.h>
 +#ifdef _KERNEL
 +#include <netipsec/keydb.h>
 +#endif
 
   #ifndef _KERNEL
   #include <ctype.h>
 @@ -581,12 +584,28 @@ kdebug_secasv(sav)
 
   	if (sav->replay != NULL)
   		kdebug_secreplay(sav->replay);
 -	if (sav->lft_c != NULL)
 -		kdebug_sadb_lifetime((struct sadb_ext *)sav->lft_c);
 -	if (sav->lft_h != NULL)
 -		kdebug_sadb_lifetime((struct sadb_ext *)sav->lft_h);
 -	if (sav->lft_s != NULL)
 -		kdebug_sadb_lifetime((struct sadb_ext *)sav->lft_s);
 +
 +#define	SECLT_TO_SADBLT(s, d)					\
 +	(d)->sadb_lifetime_allocations	= (s)->allocations;	\
 +	(d)->sadb_lifetime_bytes	= (s)->bytes;		\
 +	(d)->sadb_lifetime_addtime	= (s)->addtime;		\
 +	(d)->sadb_lifetime_usetime	= (s)->usetime
 +	if (sav->lft_c != NULL) {
 +		struct sadb_lifetime lt;
 +		SECLT_TO_SADBLT(sav->lft_c, &lt);
 +		kdebug_sadb_lifetime((struct sadb_ext *)&lt);
 +	}
 +	if (sav->lft_h != NULL) {
 +		struct sadb_lifetime lt;
 +		SECLT_TO_SADBLT(sav->lft_h, &lt);
 +		kdebug_sadb_lifetime((struct sadb_ext *)&lt);
 +	}
 +	if (sav->lft_s != NULL) {
 +		struct sadb_lifetime lt;
 +		SECLT_TO_SADBLT(sav->lft_s, &lt);
 +		kdebug_sadb_lifetime((struct sadb_ext *)&lt);
 +	}
 +#undef SECLT_TO_SADBLT
 
   #ifdef notyet
   	/* XXX: misc[123] ? */
 
 
 -- 
 Bjoern A. Zeeb                                 bzeeb at Zabbadoz dot NeT
 Software is harder than hardware  so better get it right the first time.
State-Changed-From-To: open->feedback 
State-Changed-By: bz 
State-Changed-When: Sat Mar 1 11:38:10 UTC 2008 
State-Changed-Why:  
Awaiting feedback on the patch proposed. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=120751 

From: Kazuaki ODA <kazuaki@aliceblue.jp>
To: "Bjoern A. Zeeb" <bz@FreeBSD.org>
Cc: bug-followup@FreeBSD.org
Subject: Re: kern/120751: [netipsec] [patch] IPsec: kernel sends wrong pfkey
 expire message
Date: Sun, 02 Mar 2008 22:43:36 +0900

 Bjoern A. Zeeb wrote:
 > Hi,
 > 
 > can you try this patch and let me know if it works for you?
 > 
 > You can also fetch it from
 > http://sources.zabbadoz.net/freebsd/patchset/20080229-01-netipsec-key.c-pr120751.diff 
 > 
 > 
 > In addition to your patches this should as well fix key_debug.
 > I could not find more places missed in the initial commit but
 > that doesn't mean they don't exist;-)
 
 Hi,
 
 I've upgraded my box from 7.0-RC2 to 7.0-RELEASE and applied your patch. 
   It all works fine for me, thanks.
 
 
 -- 
 Kazuaki ODA
State-Changed-From-To: feedback->patched 
State-Changed-By: bz 
State-Changed-When: Sun Mar 2 17:18:09 UTC 2008 
State-Changed-Why:  
key.c changes commited as proposed, key_debug were changed. 
Will MFC next week. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=120751 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: kern/120751: commit references a PR
Date: Sun,  2 Mar 2008 17:12:33 +0000 (UTC)

 bz          2008-03-02 17:12:29 UTC
 
   FreeBSD src repository
 
   Modified files:
     sys/netipsec         key.c key_debug.c 
   Log:
   Fix bugs when allocating and passing information of current lifetime and
   soft lifetime [1] introduced in rev. 1.21 of key.c.
   
   Along with that, fix a related problem in key_debug
   printing the correct data.
   While there replace a printf by panic in a sanity check.
   
   PR:             120751
   Submitted by:   Kazuaki ODA (kazuaki aliceblue.jp) [1]
   MFC after:      5 days
   
   Revision  Changes    Path
   1.29      +7 -2      src/sys/netipsec/key.c
   1.6       +22 -4     src/sys/netipsec/key_debug.c
 _______________________________________________
 cvs-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/cvs-all
 To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: kern/120751: commit references a PR
Date: Sat,  8 Mar 2008 16:58:27 +0000 (UTC)

 bz          2008-03-08 16:58:21 UTC
 
   FreeBSD src repository
 
   Modified files:        (Branch: RELENG_7)
     sys/netipsec         key.c key_debug.c 
   Log:
   MFC: rev. 1.29 key.c, 1.6 key_debug.c
   
    Fix bugs when allocating and passing information of current lifetime and
    soft lifetime [1] introduced in rev. 1.21 of key.c.
   
    Along with that, fix a related problem in key_debug
    printing the correct data.
    While there replace a printf by panic in a sanity check.
   
   PR:             120751
   Submitted by:   Kazuaki ODA (kazuaki aliceblue.jp) [1]
   
   Revision  Changes    Path
   1.28.2.1  +7 -2      src/sys/netipsec/key.c
   1.5.2.1   +22 -4     src/sys/netipsec/key_debug.c
 _______________________________________________
 cvs-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/cvs-all
 To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
 
State-Changed-From-To: patched->closed 
State-Changed-By: bz 
State-Changed-When: Sat Mar 8 17:38:32 UTC 2008 
State-Changed-Why:  
Changes were MFCed to RELENG_7. Thanks for reporting. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=120751 
>Unformatted:
