IPSEC-TUNNEL gives error messages: ip_finish_output: bad unowned skb = c5b619e0: PRE_ROUTING LOCAL_IN FORWARD POST_ROUTING

IPSEC-TUNNEL gives error messages: ip_finish_output: bad unowned skb = c5b619e0: PRE_ROUTING LOCAL_IN FORWARD POST_ROUTING

[philippe.vivarelli]

Hi,

Does someone has already seen thes messages ?.

Distribution:Redhat 8.0 / kernel 2.6-test5
Hardware Environment:Pentium III / Intel eepro100 NIC
Software Environment:
Problem Description: IPSEC-TUNNEL Error messages in the system log and
tcpdump.

Steps to reproduce:

The network setup follow this scheme:

PC 1(192.168.33.2)<-->(192.168.33.1)PC VPN Gateway 1(192.168.31.66)<-->
(192.168.31.50) PC Router (192.168.32.50)<--->(192.168.32.67)PC VPN Gateway
2
(192.168.34.1)<-->(192.168.34.2)PC 2

Setting up a tunnel using ipsec-tools beetwen Gateway 1 and Gateway 2,
using
this setkey config file:
#!/usr/sbin/setkey -f

# Flush the SAD and SPD
flush;
spdflush;

# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity)
# and authentication using 128 bit long keys
add 192.168.32.67 192.168.31.66 esp 0x201 -m tunnel -E 3des-cbc
0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831 -A hmac-md5
0xc0291ff014dccdd03874d9e8e4cdf3e6;

add 192.168.31.66 192.168.32.67 esp 0x301 -m tunnel -E 3des-cbc
0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df -A hmac-md5
0x96358c90783bbfa3d7b196ceabe0536b;

# Security policies
spdadd 192.168.34.0/24 192.168.33.0/24 any -P in ipsec
           esp/tunnel/192.168.32.67-192.168.31.66/require;

spdadd 192.168.33.0/24 192.168.34.0/24 any -P out ipsec
           esp/tunnel/192.168.31.66-192.168.32.67/require;

When I ping 192.168.34.2 from 192.168.33.2 I get this messages
in /var/log/messages:

Sep 18 11:03:07 Linux8 kernel: PROTO=1 192.168.33.2:0 192.168.34.2:0 L=84
S=0x00 I=0 F=0x4000 T=63
Sep 18 11:03:07 Linux8 kernel: ip_finish_output: bad unowned skb =
c5b61c20:
PRE_ROUTING LOCAL_IN FORWARD POST_ROUTING
Sep 18 11:03:07 Linux8 kernel: skb: pf=2 (unowned) dev=eth1 len=84
Sep 18 11:03:07 Linux8 kernel: PROTO=1 192.168.33.2:0 192.168.34.2:0 L=84
S=0x00 I=0 F=0x4000 T=62
Sep 18 11:03:08 Linux8 kernel: nf_hook: hook 0 already set.
Sep 18 11:03:08 Linux8 kernel: skb: pf=2 (unowned) dev=eth0 len=84
Sep 18 11:03:08 Linux8 kernel: PROTO=1 192.168.33.2:0 192.168.34.2:0 L=84
S=0x00 I=0 F=0x4000 T=63
Sep 18 11:03:08 Linux8 kernel: ip_finish_output: bad unowned skb =
c5b619e0:
PRE_ROUTING LOCAL_IN FORWARD POST_ROUTING
Sep 18 11:03:08 Linux8 kernel: skb: pf=2 (unowned) dev=eth1 len=84
Sep 18 11:03:08 Linux8 kernel: PROTO=1 192.168.33.2:0 192.168.34.2:0 L=84
S=0x00 I=0 F=0x4000 T=62
Sep 18 11:03:09 Linux8 kernel: nf_hook: hook 0 already set.
Sep 18 11:03:09 Linux8 kernel: skb: pf=2 (unowned) dev=eth0 len=84

And tcpdump gives:
11:03:07.105055 192.168.31.66 > 192.168.32.67: ESP(spi=0x00000301,seq=0x6)
(DF)
11:03:07.105055 truncated-ip - 16 bytes missing!192.168.31.66 > 69.0.0.84:
truncated-ip - 16268 bytes missing!192.168.32.67 > 69.0.0.84: (frag
15876:16364@13040) [tos 0x10]  (ipip)
11:03:07.105519 192.168.32.67 > 192.168.31.66: ESP(spi=0x00000201,seq=0x6)
11:03:08.096943 192.168.31.66 > 192.168.32.67: ESP(spi=0x00000301,seq=0x7)
(DF)
11:03:08.096943 truncated-ip - 16 bytes missing!192.168.31.66 > 69.0.0.84:
truncated-ip - 16268 bytes missing!192.168.32.67 > 69.0.0.84: (frag
15876:16364@13040) [tos 0x10]  (ipip)

Re: IPSEC-TUNNEL gives error messages: ip_finish_output: bad unowned skb = c5b619e0: PRE_ROUTING LOCAL_IN FORWARD POST_ROUTING

[Patrick McHardy]

Hi Philippe,

philippe.vivarelli@mindspeed.com wrote:

>Does someone has already seen thes messages ?.
>

Please try the latest -bk or apply these two patches, there have been recent
changes which affect these messages:

ChangeSet 1.1283.2.5, 2003/09/11 16:46:44-07:00, laforge@netfilter.org

	[NETFILTER]: Clear nf_debug in ipsec tunnel case.

ChangeSet 1.1315.1.2, 2003/09/12 17:14:53-07:00, acme@conectiva.com.br

	[NETFILTER]: Fix typo in recent ip_input.c changes.

or just disable CONFIG_NETFILTER_DEBUG.


Regards,
Patrick