[Bug 236819] [tcpdump] capsicum-related changes broke reading IPsec ESP decryption keys from a file
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Wed Mar 27 03:31:48 UTC 2019
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=236819
Bug ID: 236819
Summary: [tcpdump] capsicum-related changes broke reading IPsec
ESP decryption keys from a file
Product: Base System
Version: 11.2-STABLE
Hardware: Any
OS: Any
Status: New
Severity: Affects Only Me
Priority: ---
Component: bin
Assignee: net at FreeBSD.org
Reporter: eugen at freebsd.org
tcpdump(8) manual page documents command line option -E that may involve
reading keys from a file:
In addition to the above syntax, the syntax ``file name'' may be
used to have tcpdump read the provided file in. The file is
opened upon receiving the first ESP packet, so any special
permissions that tcpdump may have been given should already have
been given up.
This is currently broken in stable/11:
# tcpdump -E 'file /tmp/keys.txt' -s0 -np -i em0 host 1.1.1.1
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on em0, link-type EN10MB (Ethernet), capture size 262144 bytes
tcpdump: print_esp: can't open /tmp/keys.txt: Not permitted in capability mode
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-net
mailing list