OpenSolaris

Printable Version Enter a New Search
Bug ID 6595877
Synopsis ipseckey(1M) can produce output it can't read back in (line-too-big)
State 10-Fix Delivered (Fix available in build)
Category:Subcategory network:ipsec
Keywords
Responsible Engineer Dan Mcdonald
Reported Against
Duplicate Of
Introduced In solaris_nevada
Commit to Fix snv_73
Fixed In snv_73
Release Fixed solaris_nevada(snv_73) , solaris_10u7(s10u7_02) (Bug ID:2168190)
Related Bugs 6558864
Submit Date 22-August-2007
Last Update Date 15-September-2007
Description 
With both NAT-T and tunnel mode present, a single saved SA may exceed an input-buffer limit
that's in ipsec_util.h.

E.g.:

add esp  \
    spi 0x3ba8fd61 encr_alg 3des-cbc auth_alg hmac-md5 replay 32 encap udp \
        hard_addtime 28800  \
        soft_addtime 25906  \
    proto 4 \
    src 129.148.174.138 \
    dst 129.148.174.10 \
    nat_loc  129.148.174.252 nat_lport 4200 \
    nat_rem  129.148.174.10 nat_rport 4200 \
    isrc 10.1.1.1 \
    idst 10.2.2.2 \
        authkey 3895bbdfb11b40df4c3eda0bc770925e/128 \
        encrkey 86e0d549e0e020e037c41fab8a6268948abacdfe262532e0/192 \
        srcidtype der_dn print \
        dstidtype der_dn print \
Work Around 
N/A
Comments 
N/A