[Openswan Users] KLIPS crashes on kernel 2.6.25>
David McCullough
David_Mccullough at securecomputing.com
Wed Oct 28 18:44:11 EDT 2009
Jivin Giovani Moda lays it down ...
> > I tend to run Linus kernels, beats me what could cause problems with
> > Ubuntu and NAT-T, but again, and oops may help
>
> The last kernel I could compile and use KLIPS module was 2.6.24.7. The
> kernel immediately after that was 2.6.25 and it crashed on
> aes_32+0x3/0x496, as it did on 2.6.26, 2.6.28 and 2.6.30. So I guess the
> changes made on 2.6.25 broke de encrypt/decrypt portion of KLIPS
> somehow. A quick search for "crypto" in
> http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25 shows a LOT of
> changes on the crypto portion of the kernel, including a few that are
> related to ipsec.
>
> The crash occurs immediately after the tunnel is established. On Ubuntu
> 9.04 it crashes the kernel and leads the system to an unresponsive
> state, while on fedora 9 and above it oopses the kernel and segfaults
> pluto, but the system remains accessible.
>
> How is KLIPS integrated into kernel's crypto API? Could some of the
> changes that were made on 2.6.25 be causing those crashes?
>
> It's really over my head to analyze what change is causing the crash,
> but at least I can point you guys to where it started breaking.
>
> Let me know if I can provide more info.
That looks like a good start, I hadn't considered the crypto stuff
as I tend to use OCF for that.
Were you using the klips ALG stuff or the openswan native crypto ?
In other words what is your KLIPS config for the kernel:
grep KLIPS linux-2.6.*/.config
Thanks,
Davidm
--
David McCullough, david_mccullough at securecomputing.com, Ph:+61 734352815
McAfee - SnapGear http://www.snapgear.com http://www.uCdot.org
More information about the Users
mailing list