hard crash in IPsec

hard crash in IPsec

[Valentijn Sessink]

Hello list,

2.6.0/IPsec crashes, fully reproducable. Verified with 2.6.1.

Details of the crash are on a couple of jpg's,
http://valentijn.sessink.nl/fotoalbum/2004-01-14%20afscheidscollege%20Frits/img_0017.jpg
and img_0018.jpg

IPsec config on the crashing machine:

add $ip1 $ip2 esp 0x202 -m tunnel -E 3des-cbc $passwd1
 -A hmac-md5 $passwd2;
add $ip2 $ip1 esp 0x302 -m tunnel -E 3des-cbc $passwd3
 -A hmac-md5 $passwd4;
spdadd net/24 work/24 any -P out ipsec esp/tunnel/$ip1-$ip2/require;
spdadd net/24 work/24 any -P out ipsec esp/tunnel/$ip2-$ip1/require;

note the wrong config, where the second spdadd has an "out" instead of the
correct "in". The other end has correct configuration.

tcpdumping the network now says:
15:07:07.335105 $ip1 > $ip2: ESP(spi=0x00000202,seq=0x1) (DF)
15:07:07.365947 $ip2 > $ip1: ESP(spi=0x00000302,seq=0x5)
15:07:07.365947 truncated-ip - 16 bytes missing!$ip2 > 69.0.0.84:
$ip1 > 69.0.0.84: (frag 13828:4294967256@29112) [tos 0x4c] (ipip)
15:07:08.331514 $ip1 > $ip2: ESP(spi=0x00000202,seq=0x2) (DF)
15:07:08.361917 $ip2 > $ip1: ESP(spi=0x00000302,seq=0x6)
15:07:08.361917 truncated-ip - 16 bytes missing!$ip2 > 69.0.0.84:
$ip1 > 69.0.0.84: (frag 13828:4294967256@29096) [tos 0x4e,ECT] (ipip)
15:07:09.330341 $ip1 > $ip2: ESP(spi=0x00000202,seq=0x3) (DF)
15:07:09.362973 $ip2 > $ip1: ESP(spi=0x00000302,seq=0x7)
15:07:09.362973 truncated-ip - 16 bytes missing!$ip2 > 69.0.0.84:
$ip1 > 69.0.0.84: (frag 13828:4294967256@29080) [tos 0x50] (ipip)
15:07:10.331186 $ip1 > $ip2: ESP(spi=0x00000202,seq=0x4) (DF)

Once the setup was corrected, everything was fine (no crashes).

This is Debian GNU/Linux 3.0, kernel compiled with GCC 2.95.4, a 32Mb Cyrix
6x86MX machine.

Best regards,

Valentijn
-- 
http://www.openoffice.nl/   Open Office - Linux Office Solutions
Valentijn Sessink  valentyn+sessink@nospam.openoffice.nl

Re: hard crash in IPsec

[James Morris]

On Mon, 19 Jan 2004, Valentijn Sessink wrote:

> 2.6.0/IPsec crashes, fully reproducable. Verified with 2.6.1.

Could you please verify if this still happens with Netfilter and SELinux 
disabled at compile time?


- James
-- 
James Morris
<jmorris@redhat.com>

Re: hard crash in IPsec

[Valentijn Sessink]

Hello James,

At Mon, Jan 19, 2004 at 08:36:57AM -0500, James Morris wrote:
> > 2.6.0/IPsec crashes, fully reproducable. Verified with 2.6.1.
> Could you please verify if this still happens with Netfilter and SELinux 
> disabled at compile time?

It crashes as well, same "Fatal exception in interrupt" behaviour.

I disabled NETFILTER and recompiled (the config_security option was off in
the original setup already):
# CONFIG_NETFILTER is not set
# CONFIG_SECURITY is not set

Crash! I made a picture (sorry, no serial connection here) but unfortunately
the cable to my camera is at home, so if you need the information, you'll
have to wait. However, I guess the problem is easily reproducable. I posted
my .config file at http://valentijn.sessink.nl/temp/config-2.6.1-yangtse-isdn
(this being the config with netfilter, the one that's normally running).

The other end is running 2.6.1 as well, config is config-2.6.1-router

Please note that the config file that causes the crash is wrong, so a
documentation item that says "the Linux kernel is programmed to commit
suicide on brain dead IPsec configurations" will do ;-)

Best regards,

Valentijn
-- 
http://www.openoffice.nl/   Open Office - Linux Office Solutions
Valentijn Sessink  valentyn+sessink@nospam.openoffice.nl

Re: hard crash in IPsec

[James Morris]

On Mon, 19 Jan 2004, Valentijn Sessink wrote:

> Please note that the config file that causes the crash is wrong, so a
> documentation item that says "the Linux kernel is programmed to commit
> suicide on brain dead IPsec configurations" will do ;-)

No, it still shouldn't crash.


- James
-- 
James Morris
<jmorris@redhat.com>