From: Valentijn Sessink <linux-kernel-1074509192@mail.v.sessink.nl>
To: linux-kernel@vger.kernel.org
Subject: hard crash in IPsec
Date: Mon, 19 Jan 2004 11:48:54 +0100 [thread overview]
Message-ID: <20040119104854.GA2991@openoffice.nl> (raw)
Hello list,
2.6.0/IPsec crashes, fully reproducable. Verified with 2.6.1.
Details of the crash are on a couple of jpg's,
http://valentijn.sessink.nl/fotoalbum/2004-01-14%20afscheidscollege%20Frits/img_0017.jpg
and img_0018.jpg
IPsec config on the crashing machine:
add $ip1 $ip2 esp 0x202 -m tunnel -E 3des-cbc $passwd1
-A hmac-md5 $passwd2;
add $ip2 $ip1 esp 0x302 -m tunnel -E 3des-cbc $passwd3
-A hmac-md5 $passwd4;
spdadd net/24 work/24 any -P out ipsec esp/tunnel/$ip1-$ip2/require;
spdadd net/24 work/24 any -P out ipsec esp/tunnel/$ip2-$ip1/require;
note the wrong config, where the second spdadd has an "out" instead of the
correct "in". The other end has correct configuration.
tcpdumping the network now says:
15:07:07.335105 $ip1 > $ip2: ESP(spi=0x00000202,seq=0x1) (DF)
15:07:07.365947 $ip2 > $ip1: ESP(spi=0x00000302,seq=0x5)
15:07:07.365947 truncated-ip - 16 bytes missing!$ip2 > 69.0.0.84:
$ip1 > 69.0.0.84: (frag 13828:4294967256@29112) [tos 0x4c] (ipip)
15:07:08.331514 $ip1 > $ip2: ESP(spi=0x00000202,seq=0x2) (DF)
15:07:08.361917 $ip2 > $ip1: ESP(spi=0x00000302,seq=0x6)
15:07:08.361917 truncated-ip - 16 bytes missing!$ip2 > 69.0.0.84:
$ip1 > 69.0.0.84: (frag 13828:4294967256@29096) [tos 0x4e,ECT] (ipip)
15:07:09.330341 $ip1 > $ip2: ESP(spi=0x00000202,seq=0x3) (DF)
15:07:09.362973 $ip2 > $ip1: ESP(spi=0x00000302,seq=0x7)
15:07:09.362973 truncated-ip - 16 bytes missing!$ip2 > 69.0.0.84:
$ip1 > 69.0.0.84: (frag 13828:4294967256@29080) [tos 0x50] (ipip)
15:07:10.331186 $ip1 > $ip2: ESP(spi=0x00000202,seq=0x4) (DF)
Once the setup was corrected, everything was fine (no crashes).
This is Debian GNU/Linux 3.0, kernel compiled with GCC 2.95.4, a 32Mb Cyrix
6x86MX machine.
Best regards,
Valentijn
--
http://www.openoffice.nl/ Open Office - Linux Office Solutions
Valentijn Sessink valentyn+sessink@nospam.openoffice.nl
next reply other threads:[~2004-01-19 10:49 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-01-19 10:48 Valentijn Sessink [this message]
2004-01-19 13:36 ` hard crash in IPsec James Morris
2004-01-19 14:23 ` Valentijn Sessink
2004-01-19 14:25 ` James Morris
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20040119104854.GA2991@openoffice.nl \
--to=linux-kernel-1074509192@mail.v.sessink.nl \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox