[Openswan dev] openswan 2.6.24rc4 pushed, please test!

Ruben Laban r.laban at ism.nl
Wed Dec 23 11:20:37 EST 2009 

On Wednesday 23 December 2009 at 16:20 (CET), Ruben Laban wrote:
> On Wednesday 23 December 2009 at 15:48 (CET), Ruben Laban wrote:
> > On Wednesday 23 December 2009 at 07:40 (CET), Paul Wouters wrote:
> > > I've just pushed openswan-2.6.24rc4. Please test so we can release
> > > 2.6.24 before Christmas!
> >
> > My findings with 2 Ubuntu virtual machines:
> >
> > - Ubuntu 8.04 using 2.6.24 based kernel:
> >   * Klips compiles and loads fine
> >   * Tcpdump still shows mangled data (missing first 2 bytes of source ip)
> >
> > - Ubuntu 9.04 using 2.6.28 based kernel:
> >   * Klips compiles and loads fine
> >   * Kernel oops when receiving first encrypted packet (ESP)
> >     Tested with and without CryptoAPI (both crash, but different
> > backtrace)
> >
> > I'll try some more (both Ubuntu and vanilla) kernels when I get a chance.
>
> I just now tried 2 Ubuntu Mainline builds (vanilla source with Ubuntu's
> config): 2.6.28.10 and 2.6.32.2. Both work fine except for the tcpdump
> issue (and the known segfault when rmmod'ing ipsec.ko).

Some more "background" info as requested by Paul:

The tcpdump issue seems to be a "cosmetic" one. The output of tcpdump is 
mangled, but the traffic itself seems unaffected, eg: ping does work. 
Furthermore, netfilter seems to see the data just fine (tested with 
iptables -j LOG).


# ping 172.16.1.20 -c 1 -p deadbeefdeadbeef
PATTERN: 0xdeadbeefdeadbeef
PING 172.16.1.20 (172.16.1.20) 56(84) bytes of data.
64 bytes from 172.16.1.20: icmp_seq=1 ttl=64 time=6.36 ms

--- 172.16.1.20 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 6.367/6.367/6.367/0.000 ms


# tail -4 /var/log/syslog
Dec 23 17:12:57 vn-t-fw01 kernel: [29517.933878] IN= OUT=ipsec0 
SRC=172.16.4.11 DST=172.16.1.20 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF 
PROTO=ICMP TYPE=8 CODE=0 ID=60227 SEQ=1 
Dec 23 17:12:57 vn-t-fw01 kernel: [29517.934002] IN= OUT=eth1 SRC=172.16.3.21 
DST=172.16.2.10 LEN=136 TOS=0x00 PREC=0x00 TTL=64 ID=25019 PROTO=ESP 
SPI=0x229c4a79 
Dec 23 17:12:57 vn-t-fw01 kernel: [29517.940239] IN=eth1 OUT= 
MAC=00:0c:29:ff:33:a8:00:0c:29:66:94:fd:08:00 SRC=172.16.2.10 DST=172.16.3.21 
LEN=136 TOS=0x00 PREC=0x00 TTL=63 ID=27001 PROTO=ESP SPI=0x77c2f15 
Dec 23 17:12:57 vn-t-fw01 kernel: [29517.940361] IN=ipsec0 OUT= 
MAC=00:0c:29:ff:33:a8:00:0c:29:66:94:fd:08:00 SRC=172.16.1.20 DST=172.16.4.11 
LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=42375 PROTO=ICMP TYPE=0 CODE=0 ID=60227 
SEQ=1 


# tcpdump -nvi ipsec0 -s0
tcpdump: listening on ipsec0, link-type EN10MB (Ethernet), capture size 65535 
bytes
17:12:57.592313 40:00:40:01:dd:69 > 45:00:00:54:00:00, ethertype Unknown 
(0xac10), length 84: 
        0x0000:  040b ac10 0114 0800 75c1 eb43 0001 8941  ........u..C...A
        0x0010:  324b 6f09 0900 dead beef dead beef dead  2Ko.............
        0x0020:  beef dead beef dead beef dead beef dead  ................
        0x0030:  beef dead beef dead beef dead beef dead  ................
        0x0040:  beef dead beef                           ......
17:12:57.598606 00:00:40:01:77:e2 > 45:00:00:54:a5:87, ethertype Unknown 
(0xac10), length 84: 
        0x0000:  0114 ac10 040b 0000 7dc1 eb43 0001 8941  ........}..C...A
        0x0010:  324b 6f09 0900 dead beef dead beef dead  2Ko.............
        0x0020:  beef dead beef dead beef dead beef dead  ................
        0x0030:  beef dead beef dead beef dead beef dead  ................
        0x0040:  beef dead beef                           ......

-- 
Regards,

Ruben Laban
Systems and Network Administrator
ISM eCompany

More information about the Dev mailing list