Aren/NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
183e04eb84
NetBSD/crypto/dist/ipsec-tools
History
christos aabb31871d PR/42363: Yasuoka Masahiko: 
racoon uses a wrong IPsec-SA handle that is for other peer in case it
receives a ISAKMP message for IPsec-SA that has the same message-id as
the message-id that is received before.

racoon uses message-id to find the handle of IPsec-SA.  The message-id
is a unique number for each peer, but different peers may use the same
value.

Different Windows Vista or Windows 7 peers seem to use the same
message-id.  racoon can handle the first Windows's Phase-2, but it
cannot handle the second Windows.  Because racoon misunderstands the
message for the second Windows as the message for the first Windows.

>Category:       bin
>Synopsis:       racoon uses a wrong IPsec-SA that is for different peer
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    bin-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sun Nov 22 18:25:00 +0000 2009
>Originator:     yasuoka@iij.ad.jp
2009-11-22 19:34:55 +00:00
..
misc Autogenerate ChangeLog from NetBSD CVS. Put sourceforge.net changes to 2009-01-20 14:36:07 +00:00
rpm
src PR/42363: Yasuoka Masahiko: 2009-11-22 19:34:55 +00:00
.cvsignore
acracoon.m4
bootstrap
ChangeLog.old Autogenerate ChangeLog from NetBSD CVS. Put sourceforge.net changes to 2009-01-20 14:36:07 +00:00
configure.ac Detect if monotonic system clock is available, and use it for relative 2009-01-23 08:25:06 +00:00
Makefile.am Autogenerate ChangeLog from NetBSD CVS. Put sourceforge.net changes to 2009-01-20 14:36:07 +00:00
netbsd-import.sh
NEWS Update NEWS with major changes since 0.7 release. 2009-01-23 09:40:56 +00:00
package_version.h.in
README Update README 2008-12-16 06:48:38 +00:00

README 

IPsec-tools
===========

This package provides a way to use the native IPsec functionality 
in the Linux 2.6+ kernel. It works as well on NetBSD and FreeBSD.

	- libipsec, a PF_KEYv2 library
	- setkey, a tool to directly manipulate policies and SAs
	- racoon, an IKEv1 keying daemon

IPsec-tools were ported to Linux from the KAME project 
(http://www.kame.net) by Derek Atkins  <derek@ihtfp.com>.

Currently the package is actively maintained and developed by: 
	Emmanuel Dreyfus <manu@netbsd.org>
	VANHULLEBUS Yvan <vanhu@free.fr>
	Matthew Grooms <mgrooms@shrew.net>
	Timo Teräs <timo.teras@iki.fi>

Sources can be found at the IPsec-Tools home page at:
	http://ipsec-tools.sourceforge.net/

And CVS repository is hosted at NetBSD tree:
	cvs -danoncvs@anoncvs.netbsd.org:/cvsroot co ipsec-tools

Bug reports and project wiki is located at:
	https://trac.ipsec-tools.net/

Please report any problems to the mailing list:
	ipsec-tools-devel@lists.sourceforge.net
	ipsec-tools-users@lists.sourceforge.net

You can also browse the list archive:
	http://sf.net/mailarchive/forum.php?forum_name=ipsec-tools-devel

Credits:
	IHTFP Consulting, see http://www.ihtfp.com/
	SUSE Linux AG, see http://www.suse.com/