[Openswan Users] 26sec using IPcomp
Marco Berizzi
pupilla at hotmail.com
Mon Jun 27 11:09:35 CEST 2005
Herbert Xu wrote:
> Marco Berizzi <pupilla at hotmail.com> wrote:
> > I have setup two OSW boxes with linux 2.6.12
> > I have established an ESP/IPcomp tunnel. Tunnel
> > is correctly established, but there is no packet
> > flow when these are bigger than 295 bytes.
> >
> > Is there any know problem with IPcomp on
> > Linux 2.6.12 ?
>
> No it's always worked for me. Please show me the tcpdump
> output on both sides when you send a large ping through.
Ok. I'm pinging from the net connected to the 172.16.1.247
host to the net connected to the 172.16.1.226 host.
Here is the tcpdump taken on eth0:
Host 172.16.1.247:
09:50:00.414577 IP 172.16.1.247 > 172.16.1.226:
ESP(spi=0x51c1e897,seq=0x19f)
09:50:01.414435 IP 172.16.1.247 > 172.16.1.226:
ESP(spi=0x51c1e897,seq=0x1a0)
09:50:02.414267 IP 172.16.1.247 > 172.16.1.226:
ESP(spi=0x51c1e897,seq=0x1a1)
09:50:03.414117 IP 172.16.1.247 > 172.16.1.226:
ESP(spi=0x51c1e897,seq=0x1a2)
09:50:04.413967 IP 172.16.1.247 > 172.16.1.226:
ESP(spi=0x51c1e897,seq=0x1a3)
09:50:05.413807 IP 172.16.1.247 > 172.16.1.226:
ESP(spi=0x51c1e897,seq=0x1a4)
09:50:06.413659 IP 172.16.1.247 > 172.16.1.226:
ESP(spi=0x51c1e897,seq=0x1a5)
Host 172.16.1.226:
09:48:59.993986 172.16.1.247 > 172.16.1.226:
ESP(spi=0x51c1e897,seq=0x19c) (DF)
09:49:00.994173 172.16.1.247 > 172.16.1.226:
ESP(spi=0x51c1e897,seq=0x19d) (DF)
09:49:01.994650 172.16.1.247 > 172.16.1.226:
ESP(spi=0x51c1e897,seq=0x19e) (DF)
09:49:02.994510 172.16.1.247 > 172.16.1.226:
ESP(spi=0x51c1e897,seq=0x19f) (DF)
09:49:03.994360 172.16.1.247 > 172.16.1.226:
ESP(spi=0x51c1e897,seq=0x1a0) (DF)
09:49:04.994188 172.16.1.247 > 172.16.1.226:
ESP(spi=0x51c1e897,seq=0x1a1) (DF)
09:49:05.994035 172.16.1.247 > 172.16.1.226:
ESP(spi=0x51c1e897,seq=0x1a2) (DF)
09:49:06.993876 172.16.1.247 > 172.16.1.226:
ESP(spi=0x51c1e897,seq=0x1a3) (DF)
09:49:07.993708 172.16.1.247 > 172.16.1.226:
ESP(spi=0x51c1e897,seq=0x1a4) (DF)
09:49:08.993556 172.16.1.247 > 172.16.1.226:
ESP(spi=0x51c1e897,seq=0x1a5) (DF)
09:49:09.993398 172.16.1.247 > 172.16.1.226:
ESP(spi=0x51c1e897,seq=0x1a6) (DF)
09:49:10.993247 172.16.1.247 > 172.16.1.226:
ESP(spi=0x51c1e897,seq=0x1a7) (DF)
>
> > This is the setket -D output:
>
> BTW you showed us the setkey -PD output.
Sorry.
> Please attach
> the setkey -D (or ip xfrm state) output too.
Just for ask. Is there a way to debug packets like
KLIPS klipsdebug=all with 26sec?
Here is the setket -D output on 172.16.1.247
172.16.1.226 172.16.1.247
esp mode=transport spi=1118015423(0x42a38fbf) reqid=16385(0x00004001)
E: aes-cbc 7ff5d0c4 0cbe1989 b45f2ea7 33b42281
A: hmac-sha1 0c53bcf6 59f55121 a78cb920 5b466091 50a9376d
seq=0x00000000 replay=32 flags=0x00000000 state=mature
created: Jun 27 09:29:05 2005 current: Jun 27 09:45:35 2005
diff: 990(s) hard: 0(s) soft: 0(s)
last: Jun 27 09:31:35 2005 hard: 0(s) soft: 0(s)
current: 3852(bytes) hard: 0(bytes) soft: 0(bytes)
allocated: 17 hard: 0 soft: 0
sadb_seq=9 pid=641 refcnt=0
172.16.1.226 172.16.1.247
ipcomp mode=tunnel spi=27029(0x00006995) reqid=16386(0x00004002)
C: deflate seq=0x00000000 replay=32 flags=0x00000000 state=mature
created: Jun 27 09:29:05 2005 current: Jun 27 09:45:35 2005
diff: 990(s) hard: 0(s) soft: 0(s)
last: hard: 0(s) soft: 0(s)
current: 0(bytes) hard: 0(bytes) soft: 0(bytes)
allocated: 0 hard: 0 soft: 0
sadb_seq=8 pid=641 refcnt=0
172.16.1.226 172.16.1.247
esp mode=transport spi=17974758(0x011245e6) reqid=16385(0x00004001)
E: aes-cbc abc32e9a 7e2ab9a8 18121665 1e7a8138
A: hmac-sha1 3b92f68d 58a0720d 26f551f9 fd010a77 cf68a1da
seq=0x00000000 replay=32 flags=0x00000000 state=mature
created: Jun 27 09:28:57 2005 current: Jun 27 09:45:35 2005
diff: 998(s) hard: 0(s) soft: 0(s)
last: hard: 0(s) soft: 0(s)
current: 0(bytes) hard: 0(bytes) soft: 0(bytes)
allocated: 0 hard: 0 soft: 0
sadb_seq=7 pid=641 refcnt=0
172.16.1.226 172.16.1.247
ipcomp mode=tunnel spi=23525(0x00005be5) reqid=16386(0x00004002)
C: deflate seq=0x00000000 replay=32 flags=0x00000000 state=mature
created: Jun 27 09:28:57 2005 current: Jun 27 09:45:35 2005
diff: 998(s) hard: 0(s) soft: 0(s)
last: hard: 0(s) soft: 0(s)
current: 0(bytes) hard: 0(bytes) soft: 0(bytes)
allocated: 0 hard: 0 soft: 0
sadb_seq=6 pid=641 refcnt=0
172.16.1.226 172.16.1.247
unspec mode=tunnel spi=2886730210(0xac1001e2) reqid=0(0x00000000)
seq=0x00000000 replay=0 flags=0x00000000 state=mature
created: Jun 27 09:28:57 2005 current: Jun 27 09:45:35 2005
diff: 998(s) hard: 0(s) soft: 0(s)
last: Jun 27 09:31:35 2005 hard: 0(s) soft: 0(s)
current: 1332(bytes) hard: 0(bytes) soft: 0(bytes)
allocated: 9 hard: 0 soft: 0
sadb_seq=5 pid=641 refcnt=0
172.16.1.247 172.16.1.226
esp mode=transport spi=1371662487(0x51c1e897) reqid=16385(0x00004001)
E: aes-cbc 2a734c97 02101b90 285b5a37 ef1d3960
A: hmac-sha1 a17dd484 1102cebf d529810b 8081985a 69a39316
seq=0x00000000 replay=32 flags=0x00000000 state=mature
created: Jun 27 09:29:05 2005 current: Jun 27 09:45:35 2005
diff: 990(s) hard: 0(s) soft: 0(s)
last: Jun 27 09:31:35 2005 hard: 0(s) soft: 0(s)
current: 127528(bytes) hard: 0(bytes) soft: 0(bytes)
allocated: 343 hard: 0 soft: 0
sadb_seq=4 pid=641 refcnt=0
172.16.1.247 172.16.1.226
ipcomp mode=tunnel spi=14017(0x000036c1) reqid=16386(0x00004002)
C: deflate seq=0x00000000 replay=32 flags=0x00000000 state=mature
created: Jun 27 09:29:05 2005 current: Jun 27 09:45:35 2005
diff: 990(s) hard: 0(s) soft: 0(s)
last: Jun 27 09:31:35 2005 hard: 0(s) soft: 0(s)
current: 113401(bytes) hard: 0(bytes) soft: 0(bytes)
allocated: 343 hard: 0 soft: 0
sadb_seq=3 pid=641 refcnt=0
172.16.1.247 172.16.1.226
esp mode=transport spi=18555121(0x011b20f1) reqid=16385(0x00004001)
E: aes-cbc feb34bbc 006a0115 842dd44d ac3f5127
A: hmac-sha1 86c46477 dc16c5da 5664837c f8b723d6 cccb0c1e
seq=0x00000000 replay=32 flags=0x00000000 state=mature
created: Jun 27 09:28:57 2005 current: Jun 27 09:45:35 2005
diff: 998(s) hard: 0(s) soft: 0(s)
last: hard: 0(s) soft: 0(s)
current: 0(bytes) hard: 0(bytes) soft: 0(bytes)
allocated: 0 hard: 0 soft: 0
sadb_seq=2 pid=641 refcnt=0
172.16.1.247 172.16.1.226
ipcomp mode=tunnel spi=49713(0x0000c231) reqid=16386(0x00004002)
C: deflate seq=0x00000000 replay=32 flags=0x00000000 state=mature
created: Jun 27 09:28:57 2005 current: Jun 27 09:45:35 2005
diff: 998(s) hard: 0(s) soft: 0(s)
last: hard: 0(s) soft: 0(s)
current: 0(bytes) hard: 0(bytes) soft: 0(bytes)
allocated: 0 hard: 0 soft: 0
sadb_seq=1 pid=641 refcnt=0
172.16.1.247 172.16.1.226
unspec mode=tunnel spi=2886730231(0xac1001f7) reqid=0(0x00000000)
seq=0x00000000 replay=0 flags=0x00000000 state=mature
created: Jun 27 09:28:57 2005 current: Jun 27 09:45:35 2005
diff: 998(s) hard: 0(s) soft: 0(s)
last: hard: 0(s) soft: 0(s)
current: 0(bytes) hard: 0(bytes) soft: 0(bytes)
allocated: 0 hard: 0 soft: 0
sadb_seq=0 pid=641 refcnt=0
Here is the "ip xfrm state" output on 172.16.1.247
src 172.16.1.226 dst 172.16.1.247
proto esp spi 0x42a38fbf reqid 16385 mode transport
replay-window 32
auth sha1 0x0c53bcf659f55121a78cb9205b46609150a9376d
enc aes 0x7ff5d0c40cbe1989b45f2ea733b42281
src 172.16.1.226 dst 172.16.1.247
proto ipcomp spi 0x00006995 reqid 16386 mode tunnel
replay-window 32
comp deflate 0x
src 172.16.1.226 dst 172.16.1.247
proto esp spi 0x011245e6 reqid 16385 mode transport
replay-window 32
auth sha1 0x3b92f68d58a0720d26f551f9fd010a77cf68a1da
enc aes 0xabc32e9a7e2ab9a8181216651e7a8138
src 172.16.1.226 dst 172.16.1.247
proto ipcomp spi 0x00005be5 reqid 16386 mode tunnel
replay-window 32
comp deflate 0x
src 172.16.1.226 dst 172.16.1.247
proto ipencap spi 0xac1001e2 reqid 0 mode tunnel
replay-window 0
src 172.16.1.247 dst 172.16.1.226
proto esp spi 0x51c1e897 reqid 16385 mode transport
replay-window 32
auth sha1 0xa17dd4841102cebfd529810b8081985a69a39316
enc aes 0x2a734c9702101b90285b5a37ef1d3960
src 172.16.1.247 dst 172.16.1.226
proto ipcomp spi 0x000036c1 reqid 16386 mode tunnel
replay-window 32
comp deflate 0x
src 172.16.1.247 dst 172.16.1.226
proto esp spi 0x011b20f1 reqid 16385 mode transport
replay-window 32
auth sha1 0x86c46477dc16c5da5664837cf8b723d6cccb0c1e
enc aes 0xfeb34bbc006a0115842dd44dac3f5127
src 172.16.1.247 dst 172.16.1.226
proto ipcomp spi 0x0000c231 reqid 16386 mode tunnel
replay-window 32
comp deflate 0x
src 172.16.1.247 dst 172.16.1.226
proto ipencap spi 0xac1001f7 reqid 0 mode tunnel
replay-window 0
Here is the setket -D output on 172.16.1.226
172.16.1.226 172.16.1.247
esp mode=transport spi=1118015423(0x42a38fbf) reqid=16385(0x00004001)
E: aes-cbc 7ff5d0c4 0cbe1989 b45f2ea7 33b42281
A: hmac-sha1 0c53bcf6 59f55121 a78cb920 5b466091 50a9376d
seq=0x00000000 replay=32 flags=0x00000000 state=mature
created: Jun 27 09:28:08 2005 current: Jun 27 09:36:47 2005
diff: 519(s) hard: 0(s) soft: 0(s)
last: Jun 27 09:30:38 2005 hard: 0(s) soft: 0(s)
current: 4952(bytes) hard: 0(bytes) soft: 0(bytes)
allocated: 17 hard: 0 soft: 0
sadb_seq=9 pid=339 refcnt=0
172.16.1.226 172.16.1.247
ipcomp mode=tunnel spi=27029(0x00006995) reqid=16386(0x00004002)
C: deflate seq=0x00000000 replay=32 flags=0x00000000 state=mature
created: Jun 27 09:28:08 2005 current: Jun 27 09:36:47 2005
diff: 519(s) hard: 0(s) soft: 0(s)
last: Jun 27 09:30:38 2005 hard: 0(s) soft: 0(s)
current: 4192(bytes) hard: 0(bytes) soft: 0(bytes)
allocated: 17 hard: 0 soft: 0
sadb_seq=8 pid=339 refcnt=0
172.16.1.226 172.16.1.247
esp mode=transport spi=17974758(0x011245e6) reqid=16385(0x00004001)
E: aes-cbc abc32e9a 7e2ab9a8 18121665 1e7a8138
A: hmac-sha1 3b92f68d 58a0720d 26f551f9 fd010a77 cf68a1da
seq=0x00000000 replay=32 flags=0x00000000 state=mature
created: Jun 27 09:28:00 2005 current: Jun 27 09:36:47 2005
diff: 527(s) hard: 0(s) soft: 0(s)
last: hard: 0(s) soft: 0(s)
current: 0(bytes) hard: 0(bytes) soft: 0(bytes)
allocated: 0 hard: 0 soft: 0
sadb_seq=7 pid=339 refcnt=0
172.16.1.226 172.16.1.247
ipcomp mode=tunnel spi=23525(0x00005be5) reqid=16386(0x00004002)
C: deflate seq=0x00000000 replay=32 flags=0x00000000 state=mature
created: Jun 27 09:28:00 2005 current: Jun 27 09:36:47 2005
diff: 527(s) hard: 0(s) soft: 0(s)
last: hard: 0(s) soft: 0(s)
current: 0(bytes) hard: 0(bytes) soft: 0(bytes)
allocated: 0 hard: 0 soft: 0
sadb_seq=6 pid=339 refcnt=0
172.16.1.226 172.16.1.247
unspec mode=tunnel spi=2886730210(0xac1001e2) reqid=0(0x00000000)
seq=0x00000000 replay=0 flags=0x00000000 state=mature
created: Jun 27 09:28:00 2005 current: Jun 27 09:36:47 2005
diff: 527(s) hard: 0(s) soft: 0(s)
last: hard: 0(s) soft: 0(s)
current: 0(bytes) hard: 0(bytes) soft: 0(bytes)
allocated: 0 hard: 0 soft: 0
sadb_seq=5 pid=339 refcnt=0
172.16.1.247 172.16.1.226
esp mode=transport spi=1371662487(0x51c1e897) reqid=16385(0x00004001)
E: aes-cbc 2a734c97 02101b90 285b5a37 ef1d3960
A: hmac-sha1 a17dd484 1102cebf d529810b 8081985a 69a39316
seq=0x00000000 replay=32 flags=0x00000000 state=mature
created: Jun 27 09:28:08 2005 current: Jun 27 09:36:47 2005
diff: 519(s) hard: 0(s) soft: 0(s)
last: Jun 27 09:30:38 2005 hard: 0(s) soft: 0(s)
current: 99611(bytes) hard: 0(bytes) soft: 0(bytes)
allocated: 321 hard: 0 soft: 0
sadb_seq=4 pid=339 refcnt=0
172.16.1.247 172.16.1.226
ipcomp mode=tunnel spi=14017(0x000036c1) reqid=16386(0x00004002)
C: deflate seq=0x00000000 replay=32 flags=0x00000000 state=mature
created: Jun 27 09:28:08 2005 current: Jun 27 09:36:47 2005
diff: 519(s) hard: 0(s) soft: 0(s)
last: hard: 0(s) soft: 0(s)
current: 0(bytes) hard: 0(bytes) soft: 0(bytes)
allocated: 0 hard: 0 soft: 0
sadb_seq=3 pid=339 refcnt=0
172.16.1.247 172.16.1.226
esp mode=transport spi=18555121(0x011b20f1) reqid=16385(0x00004001)
E: aes-cbc feb34bbc 006a0115 842dd44d ac3f5127
A: hmac-sha1 86c46477 dc16c5da 5664837c f8b723d6 cccb0c1e
seq=0x00000000 replay=32 flags=0x00000000 state=mature
created: Jun 27 09:28:00 2005 current: Jun 27 09:36:47 2005
diff: 527(s) hard: 0(s) soft: 0(s)
last: hard: 0(s) soft: 0(s)
current: 0(bytes) hard: 0(bytes) soft: 0(bytes)
allocated: 0 hard: 0 soft: 0
sadb_seq=2 pid=339 refcnt=0
172.16.1.247 172.16.1.226
ipcomp mode=tunnel spi=49713(0x0000c231) reqid=16386(0x00004002)
C: deflate seq=0x00000000 replay=32 flags=0x00000000 state=mature
created: Jun 27 09:28:00 2005 current: Jun 27 09:36:47 2005
diff: 527(s) hard: 0(s) soft: 0(s)
last: hard: 0(s) soft: 0(s)
current: 0(bytes) hard: 0(bytes) soft: 0(bytes)
allocated: 0 hard: 0 soft: 0
sadb_seq=1 pid=339 refcnt=0
172.16.1.247 172.16.1.226
unspec mode=tunnel spi=2886730231(0xac1001f7) reqid=0(0x00000000)
seq=0x00000000 replay=0 flags=0x00000000 state=mature
created: Jun 27 09:28:00 2005 current: Jun 27 09:36:47 2005
diff: 527(s) hard: 0(s) soft: 0(s)
last: Jun 27 09:30:38 2005 hard: 0(s) soft: 0(s)
current: 1332(bytes) hard: 0(bytes) soft: 0(bytes)
allocated: 9 hard: 0 soft: 0
sadb_seq=0 pid=339 refcnt=0
Here is the "ip xfrm state" output on 172.16.1.226
src 172.16.1.226 dst 172.16.1.247
proto esp spi 0x3ebd3f41 reqid 16385 mode transport
replay-window 32
auth sha1 0xdec0fffbf602bb8b87fdb78ff51718ce33fcbe49
enc aes 0x737b9f24e745ed2c0b7f8d080ed28da9
src 172.16.1.226 dst 172.16.1.247
proto ipcomp spi 0x00004fa6 reqid 16386 mode tunnel
replay-window 32
comp deflate 0x
src 172.16.1.226 dst 172.16.1.247
proto esp spi 0x42a38fbf reqid 16385 mode transport
replay-window 32
auth sha1 0x0c53bcf659f55121a78cb9205b46609150a9376d
enc aes 0x7ff5d0c40cbe1989b45f2ea733b42281
src 172.16.1.226 dst 172.16.1.247
proto ipcomp spi 0x00006995 reqid 16386 mode tunnel
replay-window 32
comp deflate 0x
src 172.16.1.226 dst 172.16.1.247
proto esp spi 0x011245e6 reqid 16385 mode transport
replay-window 32
auth sha1 0x3b92f68d58a0720d26f551f9fd010a77cf68a1da
enc aes 0xabc32e9a7e2ab9a8181216651e7a8138
src 172.16.1.226 dst 172.16.1.247
proto ipcomp spi 0x00005be5 reqid 16386 mode tunnel
replay-window 32
comp deflate 0x
src 172.16.1.226 dst 172.16.1.247
proto ipencap spi 0xac1001e2 reqid 0 mode tunnel
replay-window 0
src 172.16.1.247 dst 172.16.1.226
proto esp spi 0xd6a3dfc9 reqid 16385 mode transport
replay-window 32
auth sha1 0x32d3ac7bc834949a9988c5b21ecf745b45f0c9f4
enc aes 0xa5d90510ad4cb594e57062b509967b8b
src 172.16.1.247 dst 172.16.1.226
proto ipcomp spi 0x00005e53 reqid 16386 mode tunnel
replay-window 32
comp deflate 0x
src 172.16.1.247 dst 172.16.1.226
proto esp spi 0x51c1e897 reqid 16385 mode transport
replay-window 32
auth sha1 0xa17dd4841102cebfd529810b8081985a69a39316
enc aes 0x2a734c9702101b90285b5a37ef1d3960
src 172.16.1.247 dst 172.16.1.226
proto ipcomp spi 0x000036c1 reqid 16386 mode tunnel
replay-window 32
comp deflate 0x
src 172.16.1.247 dst 172.16.1.226
proto esp spi 0x011b20f1 reqid 16385 mode transport
replay-window 32
auth sha1 0x86c46477dc16c5da5664837cf8b723d6cccb0c1e
enc aes 0xfeb34bbc006a0115842dd44dac3f5127
src 172.16.1.247 dst 172.16.1.226
proto ipcomp spi 0x0000c231 reqid 16386 mode tunnel
replay-window 32
comp deflate 0x
src 172.16.1.247 dst 172.16.1.226
proto ipencap spi 0xac1001f7 reqid 0 mode tunnel
replay-window 0
More information about the Users
mailing list