Hosting Provided By

kernel/3231: option IPSEC_IPV6FWD busted

From: <todd(at)fries.net>
Date: Wed Apr 23 2003 - 17:39:07 EDT

>Number: 3231
>Category: kernel
>Synopsis: forwarding packets within ipsec tunnels code does not compile
>Confidential: yes
Todd Fries .. todd@fries.net
>Environment:

	System      : OpenBSD 3.3
	Architecture: OpenBSD.i386
	Machine     : i386

>Description:

IPSec allows you to setup a vpn that includes an IPv6 tunnel of two IPv6 subnets.

IPv6 gateways (if both ends are OpenBSD) can ping each other fine via IPv6 using the ipsec flow.

IPv6 hosts on each side of the tunnel get routed normally, as if no ipsec flows exist.

>How-To-Repeat:

sysctl -w net.inet6.ip6.forwarding=1
setup an isakmpd connection with a v6 tunnel (I can provide details)
observe normal packets heading out the normal, non-encap paths

Also

	1.
		(
			cat /sys/arch//conf/GENERIC
			echo option IPSEC_IPV6FWD
		) | config -s /sys -b /usr/obj/IPSECFWD_TEST /dev/stdin

	2.
		cd /usr/obj/IPSECFWD_TEST
		make ip6_forward.o

Observe something somilar to:

eclipse$ make ip6_forward.o
cc -Werror -Wall -Wstrict-prototypes -Wmissing-prototypes -Wno-uninitialized - Wno-format -Wno-main -fno-stack-protector -O2 -pipe -nostdinc -I. -I/sys/arch - I/sys -DDDB -DDIAGNOSTIC -DKTRACE -DKMEMSTATS -DPTRACE -DCRYPTO -DSYSVMSG -DSYSV

SEM -DSYSVSHM -DUVM_SWAP_ENCRYPT -DCOMPAT_25 -DCOMPAT_43 -DLKM -DFFS -DFFS_SOFTU
PDATES -DQUOTA -DEXT2FS -DMFS -DTCP_SACK -DTCP_ECN -DNFSCLIENT -DNFSSERVER -DCD9
660 -DMSDOSFS -DFDESC -DFIFO -DKERNFS -DPORTAL -DPROCFS -DINET -DALTQ -DINET6 -D

PULLDOWN_TEST -DIPSEC -DPPP_BSDCOMP -DPPP_DEFLATE -DBOOT_CONFIG -DI386_CPU -DI48 6_CPU -DI586_CPU -DI686_CPU -DGPL_MATH_EMULATE -DUSER_PCICONF -DUSER_LDT -DAPERT URE -DCOMPAT_SVR4 -DCOMPAT_IBCS2 -DCOMPAT_LINUX -DCOMPAT_FREEBSD -DCOMPAT_BSDOS -DPCIVERBOSE -DEISAVERBOSE -DUSBVERBOSE -DWSDISPLAY_COMPAT_USL -DWSDISPLAY_COMPA T_RAWKBD -DWSDISPLAY_DEFAULTSCREENS="6" -DWSDISPLAY_COMPAT_PCVT -DPCIAGP -DXFS -

DNETATALK -DIPSEC_IPV6FWD -D_KERNEL -Di386  -c /sys/netinet6/ip6_forward.c
/sys/netinet6/ip6_forward.c:63: netinet6/ipsec.h: No such file or directory
/sys/netinet6/ip6_forward.c:64: netkey/key.h: No such file or directory
/sys/netinet6/ip6_forward.c:65: netkey/key_debug.h: No such file or directory

cc1: warnings being treated as errors
/sys/netinet6/ip6_forward.c: In function `ip6_forward': /sys/netinet6/ip6_forward.c:108: warning: implicit declaration of function `ipse c6_in_reject'
/sys/netinet6/ip6_forward.c:109: `ipsec6stat' undeclared (first use in this func tion)
/sys/netinet6/ip6_forward.c:109: (Each undeclared identifier is reported only on ce
/sys/netinet6/ip6_forward.c:109: for each function it appears in.) /sys/netinet6/ip6_forward.c:161: warning: implicit declaration of function `ipse c6_getpolicybyaddr'
/sys/netinet6/ip6_forward.c:161: `IPSEC_DIR_OUTBOUND' undeclared (first use in t his function)
/sys/netinet6/ip6_forward.c:161: warning: assignment makes pointer from integer without a cast
/sys/netinet6/ip6_forward.c:179: dereferencing pointer to incomplete type /sys/netinet6/ip6_forward.c:180: `IPSEC_POLICY_DISCARD' undeclared (first use in this function)
/sys/netinet6/ip6_forward.c:186: warning: implicit declaration of function `key_ freesp'
/sys/netinet6/ip6_forward.c:197: `IPSEC_POLICY_BYPASS' undeclared (first use in this function)
/sys/netinet6/ip6_forward.c:198: `IPSEC_POLICY_NONE' undeclared (first use in th is function)
/sys/netinet6/ip6_forward.c:203: `IPSEC_POLICY_IPSEC' undeclared (first use in t his function)
/sys/netinet6/ip6_forward.c:204: dereferencing pointer to incomplete type /sys/netinet6/ip6_forward.c:222: `IPSEC_POLICY_ENTRUST' undeclared (first use in this function)
/sys/netinet6/ip6_forward.c:225: dereferencing pointer to incomplete type /sys/netinet6/ip6_forward.c:185: warning: unreachable code at beginning of switc h statement
/sys/netinet6/ip6_forward.c:231: storage size of `state' isn't known /sys/netinet6/ip6_forward.c:246: warning: implicit declaration of function `ipse c6_output_tunnel'
/sys/netinet6/ip6_forward.c:231: warning: unused variable `state' /sys/netinet6/ip6_forward.c:387: warning: assignment makes pointer from integer without a cast
/sys/netinet6/ip6_forward.c:389: warning: implicit declaration of function `ipse c6_hdrsiz'
*** Error code 1

Do you need help?

Stop in /wd/1/d/ftp/obj/eclipse.GENERIC (line 1836 of Makefile). eclipse$

>Fix:

	need someone who knows network code to fix the code inside the
	#ifdef IPSEC_IPV6FWD so that it works properly

>Release-Note:
Received on Wed Apr 23 18:06:02 2003

This message: [ Message body ]
Next message: Ted Unangst: "Re: user/3228"
Previous message: Christo Butcher: "documentation/3230: Misleading comments in distrib/i386 source"
In reply to rob(at)pickering.org: "library/2928:"
Reply: Timo Sirainen: "kernel/3291: mmap() shared memory isn't updated by write() calls"
Reply: Mathias Gygax: "user/3353: egrep -f fails on sparc64 with bus and segmentation faults"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 13:29:55 EDT