[Openswan dev] OpenSwan 2.6.10-1 on OpenWrt 7.09 consistently hangs on large HTTP file transfer
starlight at binnacle.cx
starlight at binnacle.cx
Thu Dec 6 18:19:12 EST 2007
>What is supposed to happen, which isn't, is that you are suppose to
>start the rekey around 2M bytes (or 2M packets), so that you've
>completed it by 4M bytes (or 4M packets).
If you're talking billions instead of millions, I should
think it would be no trouble for the rekey to complete
before 4G is hit, even on an Internet2 superfast link.
>Likely, it does hit 4M, and the SA gets killed, just that
>you can't catch it at that point.
It's pretty clear in the 'ipsec spi' log you had me run, and
that I forwarded to you and the group. T he byte count is close
to five billion when the rekey happens.
life(c,s,h)=bytes(4710965551,0,0)
life(c,s,h)=bytes(703024,0,0)
I don't know about the SA getting killed, but whatever happens
it stops working. Clearly some corrupt packets are sent as is
evidenced by the log message
router kernel: eth0.1: unable to resolve type 3800 addresses.
Which indicates that garbage is appearing in the protocol bytes
of the Ethernet MAC header.
More information about the Dev
mailing list