Re: Bug in freeswan-0.8's replay is on for hand keyed SA's

-----BEGIN PGP SIGNED MESSAGE-----
> Well the subject line says it all really. I had noticed that the
> MANUAL flag had stopped showing up in /proc/net/ipsec-spi a while back
> but thought it did not matter much, turns out it does.

It should also be setting the (i)nitiator flag (obsolete, will be removed) but I noticed from your previous output that it was not getting set either, so it sounds like the whole flag field is not being transmitted from user space, or is being trampled afterwards. For this, I assume that the (i)nitiator flag is being set in your 'spi' commands, just like the examples say.

> I am running some more tests to be sure, so far I find that I have
> to reboot both my testing machines at the same time or else I have to
> wait for the packets to catch up to the replay counter.

As expected if the manual flag is not being set or is being cleared.

> I am using "esp 3des-md5-96" with freeswan-0.8 currently.

Do you have the same problems with des-md5-96 or des-cbc (or for that matter, 3des-md5[-128] or des-md5[-128] )?

> I think this is a real bug that keeps the 0.8 from being all that
> useful.

Agreed. I have never seen that problem but will try to reproduce it here, but need more information.

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related lists.freeswan.org Links 1998-fall 1998-spring 1998-summer 1998-winter 1999-winter announce briefs bugs design freeswan-list hipsec ietf-sectest users users-admin Request more information about Pantek

In the meantime, I would suggest deleting ALL copies of objects/binaries of the utils and module in the source directories and system space and recompile. It may be that a data structure is misaligned from user/kernel space from different versions of the header files.

> ||ugh Daniel

        Slainte Mhath, rgb

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv

iQCVAwUBNWwj/d+sBuIhFagtAQGKTwQAtu3U01lRBZPCwM/x45mfj3zCze0IrDh+ OHhUgHAickVttJmE/EvaN0eoXcsF+13tkZDWSLLQBJNcc1FLVK242E5WgOc0TzWC OtOSGFFvPNV5T6JsP+uhjUvlVIMy5bOcXrsjKjMENeKmelb5+KlFUAvvoVdKk74n 0MMZIgzvmnA=
=ueCW
-----END PGP SIGNATURE----- Received on Wed May 27 10:32:34 1998