[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

(usagi-users 02017) Maybe the bugs of USGAI ipv6 stack.

To: usagi-users@xxxxxxxxxxxxxx
Subject: (usagi-users 02017) Maybe the bugs of USGAI ipv6 stack.
From: "Guo, Min" <min.guo@xxxxxxxxx>
Date: Mon, 9 Dec 2002 15:21:54 +0800
Reply-to: usagi-users@xxxxxxxxxxxxxx

Hi

	I encountered two problem when I do some validaton work on USAGI
IPv6 stacks with TAHI test suites, and 
Yukiyo Akisada confirmed them,and the detailed information are as follows.
So could anyone tell me whether there are
such bugs in the latest version.

------------------------------------------------------------

> Hi, this is one of my test log. and IBM developer said that case 4 and
case
> 60 are designed for KAME ipv6 stacks,
> not for USAGI ipv6 cases, so could you please take a look at them.

About #60 test case, it's not our bug.

RFC 2401 says,

    RFC 2401 4.4.3 Security Association Database (SAD)
    ----------------------------------------------------------------
       1155    For inbound processing: The following packet fields are used
to look
       1156    up the SA in the SAD:
       1157 
       1158          o Outer Header's Destination IP address: the IPv4 or
IPv6
       1159            Destination address.
       1160            [REQUIRED for all implementations]
       1161          o IPsec Protocol: AH or ESP, used as an index for SA
lookup
       1162            in this database.  Specifies the IPsec protocol to be
       1163            applied to the traffic on this SA.
       1164            [REQUIRED for all implementations]
       1165          o SPI: the 32-bit value used to distinguish among
different
       1166            SAs terminating at the same destination and using the
same
       1167            IPsec protocol.
       1168            [REQUIRED for all implementations]
    ----------------------------------------------------------------

And #60 test case verify 2nd case of above.

I talked with USAGI IPsec implementer,
and he said me that USAGI can't distinguish 2nd case.

So, it's not our bug.
And It's not for only KAME. It's for general situation.

FYI, KAME also can't distinguish it.
----------------------------------------------------------------------------
----
No. 4 test case, it's not bug of TAHI.

We expect to recieve fragmented packet.
Original packet is [IP][AH][ICMPv6] .

When this packet is fragmented,
packets will be like this.

    1st packet: [IP][Fragment Header][payload]
    2nd packet: [IP][Fragment Header][payload]

In this case,
Next Header values of Fragment Header will be like this.

    1st packet: Next Header in FH = AH
    2nd packet: Next Header in FH = AH

But, your result is

    1st packet: Next Header in FH = AH
    2nd packet: Next Header in FH = ICMPv6

So, it's your bug, not us.

___________________________________________

 <<ipsec.zip>> 
Best Regards
Guo Min 
Intel China Software Lab
iNet: 8-752-1325
External: 86-21-52574545  Ext. 1325
Home: (86) 21 - 62088661  (Pacific Standard time + 16 hours)

The content of this email message solely contains my own personal views,
and not those of my employer.

Attachment: ipsec.zip
Description: Binary data

Prev by Date: (usagi-users 02016) [usagi-announce] [SECURITY] Memory Leak in Libinet6
Next by Date: (usagi-users 02018) [usagi-announce] 2002/12/09 snapshot
Previous by thread: (usagi-users 02016) [usagi-announce] [SECURITY] Memory Leak in Libinet6
Next by thread: (usagi-users 02018) [usagi-announce] 2002/12/09 snapshot
Index(es):
- Date
- Thread