Re: IPSec broken in 2.6.18-rc4-mm3

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Patrick McHardy <kaber@trash.net>
To: Gnome42 <gnome42@gmail.com>
Cc: netdev@vger.kernel.org
Subject: Re: IPSec broken in 2.6.18-rc4-mm3
Date: Sat, 09 Sep 2006 18:22:52 +0200	[thread overview]
Message-ID: <4502EA5C.5020101@trash.net> (raw)
In-Reply-To: <fa4052ef0609090735o6e17da23y75bd6f742a8a29be@mail.gmail.com>

Gnome42 wrote:
> src 34.34.36.1 dst 34.34.36.6
>        proto esp spi 0x0dc3aba4(230927268) reqid 0(0x00000000) mode tunnel
>        replay-window 4 seq 0x00000001 flag  (0x00000000)
>        auth hmac(md5) 0xfea9e3e8d324265d8b7e17ec42d69b15 (128 bits)
>        enc cbc(aes) 0x21ca0a9677ff0225acd0d3f4a9bdcf61 (128 bits)
>        lifetime config:
>          limit: soft (INF)(bytes), hard (INF)(bytes)
>          limit: soft (INF)(packets), hard (INF)(packets)
>          expire add: soft 23040(sec), hard 28800(sec)
>          expire use: soft 0(sec), hard 0(sec)
>        lifetime current:
>          4560(bytes), 30(packets)
>          add 2006-09-09 10:21:41 use 2006-09-09 10:21:46
>        stats:
>          replay-window 0 replay 0 failed 0

> src 34.34.36.1 dst 34.34.36.6
>        proto esp spi 0x0dc3aba4(230927268) reqid 0(0x00000000) mode tunnel
>        replay-window 4 seq 0x991250886 flag  (0x00000000)
>        auth md5 0xfea9e3e8d324265d8b7e17ec42d69b15 (128 bits)
>        enc aes 0x21ca0a9677ff0225acd0d3f4a9bdcf61 (128 bits)
>        lifetime config:
>          limit: soft (INF)(bytes), hard (INF)(bytes)
>          limit: soft (INF)(packets), hard (INF)(packets)
>          expire add: soft 23040(sec), hard 28800(sec)
>          expire use: soft 0(sec), hard 0(sec)
>        lifetime current:
>          0(bytes), 0(packets)
>          add 2006-09-09 10:21:41 use 2006-09-09 10:21:46
>        stats:
>          replay-window 0 replay 0 failed 30

                                           ^^
This seems to be the problem, the sequence-numbers are outside the valid
window. I can't find anything that would cause this, please post a
tcpdump of the packets so we can see which values get used.

next prev parent reply	other threads:[~2006-09-09 16:22 UTC|newest]

Thread overview: 9+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2006-09-08 16:26 IPSec broken in 2.6.18-rc4-mm3 Gnome42 Gnome42
2006-09-08 19:52 ` Patrick McHardy
2006-09-08 20:32   ` Gnome42 Gnome42
2006-09-09 13:56     ` Patrick McHardy
2006-09-09 14:35       ` Gnome42
2006-09-09 16:22         ` Patrick McHardy [this message]
2006-09-09 17:39           ` Gnome42
2006-09-10  1:09             ` Gnome42
2006-09-10  1:12               ` Patrick McHardy

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4502EA5C.5020101@trash.net \
    --to=kaber@trash.net \
    --cc=gnome42@gmail.com \
    --cc=netdev@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.