Ubuntu
ipsec-tools package

setkey fails to detect invalid use of esp-udp with IPv6

Bug #1094547 reported by Mikael Magnusson on 2012-12-29

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	ipsec-tools (Ubuntu)	Confirmed	Wishlist	Unassigned

Bug Description

I guess esp-udp is not supported in IPv6. But when adding a SAD with IPv6 and esp-udp, the error is silently ignored and no SAD is added. I expect the command to fail and an error message to be output when adding an unsupported SAD.

I modified an example from man setkey below:

#!/usr/sbin/setkey -f

add 3ffe:501:4819::1 3ffe:501:481d::1 esp-udp 123457
-E des-cbc 0x3ffe05014819ffff ;

Versions:
Ubuntu: 12.04
ipsec-tools: 1:0.8.0-9ubuntu1
linux: 3.2.0-35-generic

ProblemType: Bug
DistroRelease: Ubuntu 12.04
Package: ipsec-tools 1:0.8.0-9ubuntu1
ProcVersionSignature: Ubuntu 3.2.0-35.55-generic 3.2.34
Uname: Linux 3.2.0-35-generic x86_64
ApportVersion: 2.0.1-0ubuntu15.1
Architecture: amd64
Date: Sat Dec 29 22:21:12 2012
InstallationMedia: Ubuntu 12.04 LTS "Precise Pangolin" - Release amd64 (20120425)
MarkForUpload: True
ProcEnviron:
TERM=xterm
PATH=(custom, no user)
LANG=en_US.UTF-8
SHELL=/bin/bash
SourcePackage: ipsec-tools
UpgradeStatus: No upgrade log present (probably fresh install)
modified.conffile..etc.ipsec.tools.conf: [modified]
mtime.conffile..etc.ipsec.tools.conf: 2012-12-29T22:09:29.404383

Tags:

Revision history for this message

Mikael Magnusson (mikma) wrote on 2012-12-29:

Dependencies.txt Edit (544 bytes, text/plain; charset="utf-8")

Yolanda Robla (yolanda.robla) on 2013-01-03

Changed in ipsec-tools (Ubuntu):
status:	New → Confirmed
importance:	Undecided → Wishlist

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Bug attachments

Dependencies.txt Edit

Add attachment

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntuipsec-tools package