From: Patrick McHardy <kaber@trash.net>
To: Gnome42 <gnome42@gmail.com>
Cc: netdev@vger.kernel.org
Subject: Re: IPSec broken in 2.6.18-rc4-mm3
Date: Sat, 09 Sep 2006 18:22:52 +0200 [thread overview]
Message-ID: <4502EA5C.5020101@trash.net> (raw)
In-Reply-To: <fa4052ef0609090735o6e17da23y75bd6f742a8a29be@mail.gmail.com>
Gnome42 wrote:
> src 34.34.36.1 dst 34.34.36.6
> proto esp spi 0x0dc3aba4(230927268) reqid 0(0x00000000) mode tunnel
> replay-window 4 seq 0x00000001 flag (0x00000000)
> auth hmac(md5) 0xfea9e3e8d324265d8b7e17ec42d69b15 (128 bits)
> enc cbc(aes) 0x21ca0a9677ff0225acd0d3f4a9bdcf61 (128 bits)
> lifetime config:
> limit: soft (INF)(bytes), hard (INF)(bytes)
> limit: soft (INF)(packets), hard (INF)(packets)
> expire add: soft 23040(sec), hard 28800(sec)
> expire use: soft 0(sec), hard 0(sec)
> lifetime current:
> 4560(bytes), 30(packets)
> add 2006-09-09 10:21:41 use 2006-09-09 10:21:46
> stats:
> replay-window 0 replay 0 failed 0
> src 34.34.36.1 dst 34.34.36.6
> proto esp spi 0x0dc3aba4(230927268) reqid 0(0x00000000) mode tunnel
> replay-window 4 seq 0x991250886 flag (0x00000000)
> auth md5 0xfea9e3e8d324265d8b7e17ec42d69b15 (128 bits)
> enc aes 0x21ca0a9677ff0225acd0d3f4a9bdcf61 (128 bits)
> lifetime config:
> limit: soft (INF)(bytes), hard (INF)(bytes)
> limit: soft (INF)(packets), hard (INF)(packets)
> expire add: soft 23040(sec), hard 28800(sec)
> expire use: soft 0(sec), hard 0(sec)
> lifetime current:
> 0(bytes), 0(packets)
> add 2006-09-09 10:21:41 use 2006-09-09 10:21:46
> stats:
> replay-window 0 replay 0 failed 30
^^
This seems to be the problem, the sequence-numbers are outside the valid
window. I can't find anything that would cause this, please post a
tcpdump of the packets so we can see which values get used.
next prev parent reply other threads:[~2006-09-09 16:22 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-09-08 16:26 IPSec broken in 2.6.18-rc4-mm3 Gnome42 Gnome42
2006-09-08 19:52 ` Patrick McHardy
2006-09-08 20:32 ` Gnome42 Gnome42
2006-09-09 13:56 ` Patrick McHardy
2006-09-09 14:35 ` Gnome42
2006-09-09 16:22 ` Patrick McHardy [this message]
2006-09-09 17:39 ` Gnome42
2006-09-10 1:09 ` Gnome42
2006-09-10 1:12 ` Patrick McHardy
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4502EA5C.5020101@trash.net \
--to=kaber@trash.net \
--cc=gnome42@gmail.com \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).