[Openswan Users] version 2.6.16 on FC9 2.6.25.14-108 panic in .des_ncbc_encrypt_end

nospam2craig at remex.com.au nospam2craig at remex.com.au
Fri Aug 22 02:27:13 EDT 2008 

Hi folks,

has anyone got KLIPS working on with 2.6.16 on FC9?

I have installed (both userland and KLIPS modules) from source and use a 
known good config (config works and is tested on 2.4.22 kernel with 
KLIPS/Openswan 2.1.5 and with kernel 2.6.18-53 with KLIPS/Openswan 2.4.11) 
. 

I can bring up the tunnels, however, as soon as I send data through (even 
1 ping packet), it panics in .des_ncbc_encrypt_end.

startup goes like this
<snip>
ipsec_setup: Starting Openswan IPsec 2.6.16...
ipsec_setup: /usr/local/libexec/ipsec/eroute: pfkey write failed, 
returning -1 with errno=96.
ipsec_setup: Unknown socket write error 96.  Please report as much detail 
as possible to development team.
<snip>

and this appears in dmesg
<snip>
klips_info:ipsec_init: KLIPS startup, Openswan KLIPS IPsec stack version: 
2.6.16
NET: Registered protocol family 15
klips_info:ipsec_alg_init: KLIPS alg v=0.8.1-0 (EALG_MAX=255, 
AALG_MAX=251)
klips_info:ipsec_alg_init: calling ipsec_alg_static_init()
ipsec_aes_init(alg_type=15 alg_id=12 name=aes): ret=0
klips_debug: experimental ipsec_alg_AES_MAC not registered [Ok] 
(auth_id=0)
ipsec_3des_init(alg_type=15 alg_id=3 name=3des): ret=0
klips:pfkey_address_build: address->sa_family=0 not supported.
<snip>

I have seen also that bug tracker id 975 is open for the startup error
http://bugs.xelerance.com/view.php?id=975

looking at the source code in pfkey_build, it would appear that something 
is wrong in the assignment of the sa_family as it is AF_UNSPEC instead of 
AF_INET or AF_INET6 (the only two valid options).

I am not sure, however I don't think that this is the actual problem 
because when the tunnels come up with KLIPS debugging on, there are plenty 
of instances where pfkey_address_build is successful.

Should this be added as a separate bug or is it something related to 975?

I guess I need to know what further information it important to send 
through.

I am having a little difficulty getting the full oops message, however I 
am happy to post up anything that is of use. 
(As an aside, could someone please point me to somewhere to get the oops 
message so I can assist better?)

Any guidance as to how I can assist getting this fixed would be 
appreciated

Cheers and Thanks

---------------------------------------------
Craig O'Toole
Remex Consulting

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20080822/9731f158/attachment.html

More information about the Users mailing list