setkey fails to detect invalid use of esp-udp with IPv6

Bug #1094547 reported by Mikael Magnusson on 2012-12-29
This bug affects 1 person
Affects Status Importance Assigned to Milestone
ipsec-tools (Ubuntu)

Bug Description

I guess esp-udp is not supported in IPv6. But when adding a SAD with IPv6 and esp-udp, the error is silently ignored and no SAD is added. I expect the command to fail and an error message to be output when adding an unsupported SAD.

I modified an example from man setkey below:

#!/usr/sbin/setkey -f

add 3ffe:501:4819::1 3ffe:501:481d::1 esp-udp 123457
             -E des-cbc 0x3ffe05014819ffff ;

Ubuntu: 12.04
ipsec-tools: 1:0.8.0-9ubuntu1
linux: 3.2.0-35-generic

ProblemType: Bug
DistroRelease: Ubuntu 12.04
Package: ipsec-tools 1:0.8.0-9ubuntu1
ProcVersionSignature: Ubuntu 3.2.0-35.55-generic 3.2.34
Uname: Linux 3.2.0-35-generic x86_64
ApportVersion: 2.0.1-0ubuntu15.1
Architecture: amd64
Date: Sat Dec 29 22:21:12 2012
InstallationMedia: Ubuntu 12.04 LTS "Precise Pangolin" - Release amd64 (20120425)
MarkForUpload: True
 PATH=(custom, no user)
SourcePackage: ipsec-tools
UpgradeStatus: No upgrade log present (probably fresh install) [modified] 2012-12-29T22:09:29.404383

Mikael Magnusson (mikma) wrote :
Changed in ipsec-tools (Ubuntu):
status: New → Confirmed
importance: Undecided → Wishlist
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers