https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=236819
Bug ID: 236819
Summary: [tcpdump] capsicum-related changes broke reading IPsec
ESP decryption keys from a file
Product: Base System
Version: 11.2-STABLE
Hardware: Any
OS: Any
Status: New
Severity: Affects Only Me
Priority: ---
Component: bin
Assignee: n...@freebsd.org
Reporter: eu...@freebsd.org
tcpdump(8) manual page documents command line option -E that may involve
reading keys from a file:
In addition to the above syntax, the syntax ``file name'' may be
used to have tcpdump read the provided file in. The file is
opened upon receiving the first ESP packet, so any special
permissions that tcpdump may have been given should already have
been given up.
This is currently broken in stable/11:
# tcpdump -E 'file /tmp/keys.txt' -s0 -np -i em0 host 1.1.1.1
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on em0, link-type EN10MB (Ethernet), capture size 262144 bytes
tcpdump: print_esp: can't open /tmp/keys.txt: Not permitted in capability mode
--
You are receiving this mail because:
You are the assignee for the bug.
_______________________________________________
freebsd-net@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
