[Openswan Users] klips and setkey

avital sela avitalsela95 at gmail.com
Wed Mar 17 11:49:22 EDT 2010 

Hello,

I recently built KLIPS stack to a 2.6.29.6 based kernel. The module
loads fine but when I tried to use setkey to setup a tunnel manually
(using a configuration that works fine with the native Linux IPSEC) I
get errors.  I turned on debugging and tried
setkey -F and setkey -D.  -F seems to work but with -D i get errors
(and anything else I tried) .
I'm attaching the output of both commands.  Looking at the logs the
error seems to be SA:unk0:0@<invalid> ?
Could this be some version compatibility issue between my setkey
version and the KLIPS (Openswan KLIPS IPsec stack version: 2.6.24 ,
setkey @(#) ipsec-tools 0.7.3 (http://ipsec-tools.sourceforge.net) )?

Thanks for your time.

Avital

# setkey -F
klips_debug:pfkey_create: sock=0p8f42fe20 type:3 state:1 flags:0 protocol:2
klips_debug:pfkey_create: sock->fasync_list=0p(null) sk->sleep=0p8f42fe3c.
klips_debug:pfkey_insert_socket: sk=0p8fb23000
klips_debug:pfkey_list_insert_socket: allocating 8 bytes for socketp=0p8f42fe20
klips_debug:pfkey_create: Socket sock=0p8f42fe20 sk=0p8fb23000 initialised.
klips_debug:pfkey_sendmsg: .
klips_debug:pfkey_sendmsg: allocating 16 bytes for downward message.
klips_debug:pfkey_sendmsg: msg sent for parsing.
klips_debug:pfkey_msg_interp: parsing message ver=2, type=9, errno=0,
satype=0(UNKNOWN), len=2, res=0, seq=0, pid=1105.
ipsec_sa_get: ipsec_sa 8fbc0400 SA:unk0:0@<invalid>, ref:0 reference
count (0++) incremented by ipsec_sa_alloc:448.
klips_debug:pfkey_msg_interp: allocated extr->ips=0p8fbc0400.
klips_debug:pfkey_msg_parse: parsing message ver=2, type=9(flush),
errno=0, satype=0(UNKNOWN), len=2, res=0, seq=0, pid=1105.
klips_debug:pfkey_msg_parse: remain=0
klips_debug:pfkey_msg_interp: parsing message type 9(flush) with
msg_parser 0p80461fac.
klips_debug:pfkey_flush_parse: flushing type 0 SAs
klips_debug:ipsec_sadb_cleanup: cleaning up proto=0.
klips_debug:ipsec_sadb_cleanup: removing SAref entries and
tables.<6>klips_debug:ipsec_sadb_cleanup: cleaning SAref table=0.
klips_debug:ipsec_sadb_cleanup: cleaning SAref table=1.

klips_debug:ipsec_sadb_cleanup: cleaned 1 used refTables.
klips_debug:pfkey_upmsg: allocating 16 bytes...
klips_debug:pfkey_upmsg: ...allocated at 0p8f851ec0.
klips_debug:pfkey_flush_parse: sending up flush reply message for
satype=0(UNKNOWN) to socket=0p8f42fe20 succeeded.
ipsec_sa_put: ipsec_sa 8fbc0400 SA:unk0:0@<invalid>, ref:0 reference
count (1--) decremented by pfkey_msg_interp:3079.
ipsec_sa_put: freeing 8fbc0400
klips_debug:ipsec_sa_wipe: removing SA=unk0:0@<invalid>(0p8fbc0400),
SAref=0, table=0(0pc0003000), entry=0 from the refTable.
klips_debug:pfkey_release: sock=0p8f42fe20 sk=0p8fb23000
klips_debug:pfkey_destroy_socket: 0p8fb23000
klips_debug:pfkey_remove_socket: 0p8fb23000
klips_debug:pfkey_destroy_socket: pfkey_remove_socket called, sk=0p8fb23000
klips_debug:pfkey_destroy_socket:
sk(0p8fb23000)->(&0p8fb2305c)receive_queue.{next=0p8fb2305c,prev=0p8fb2305c}.
klips_debug:pfkey_destroy_socket: destroyed.
klips_debug:pfkey_list_remove_socket: removing sock=0p8f42fe20
klips_debug:pfkey_list_remove_socket: removing sock=0p8f42fe20
klips_debug:pfkey_list_remove_socket: removing sock=0p8f42fe20
klips_debug:pfkey_list_remove_socket: removing sock=0p8f42fe20
klips_debug:pfkey_list_remove_socket: removing sock=0p8f42fe20
klips_debug:pfkey_list_remove_socket: removing sock=0p8f42fe20
klips_debug:pfkey_list_remove_socket: removing sock=0p8f42fe20
klips_debug:pfkey_list_remove_socket: removing sock=0p8f42fe20
klips_debug:pfkey_list_remove_socket: removing sock=0p8f42fe20
klips_debug:pfkey_list_remove_socket: removing sock=0p8f42fe20
klips_debug:pfkey_list_remove_socket: removing sock=0p8f42fe20
klips_debug:pfkey_list_remove_socket: removing sock=0p8f42fe20
klips_debug:pfkey_list_remove_socket: removing sock=0p8f42fe20
klips_debug:pfkey_release: succeeded.

# setkey -D
klips_debug:pfkey_create: sock=0p8f42fe80 type:3 state:1 flags:0 protocol:2
klips_debug:pfkey_create: sock->fasync_list=0p(null) sk->sleep=0p8f42fe9c.
klips_debug:pfkey_insert_socket: sk=0p8fb23000
klips_debug:pfkey_list_insert_socket: allocating 8 bytes for socketp=0p8f42fe80
klips_debug:pfkey_create: Socket sock=0p8f42fe80 sk=0p8fb23000 initialised.
klips_debug:pfkey_sendmsg: .
klips_debug:pfkey_sendmsg: allocating 16 bytes for downward message.
klips_debug:pfkey_sendmsg: msg sent for parsing.
klips_debug:pfkey_msg_interp: parsing message ver=2, type=10, errno=0,
satype=0(UNKNOWN), len=2, res=0, seq=0, pid=1109.
ipsec_sa_get: ipsec_sa 8fbc0400 SA:unk0:0@<invalid>, ref:0 reference
count (0++) incremented by ipsec_sa_alloc:448.
klips_debug:pfkey_msg_interp: allocated extr->ips=0p8fbc0400.
klips_debug:pfkey_msg_parse: parsing message ver=2, type=10(dump),
errno=0, satype=0(UNKNOWN), len=2, res=0, seq=0, pid=1109.
klips_debug:pfkey_msg_parse: remain=0
klips_debug:pfkey_msg_interp: parsing message type 10(dump) with
msg_parser 0p80460874.
klips_debug:pfkey_dump_parse: .
klips_debug:pfkey_msg_interp: message parsing failed with error -89.
ipsec_sa_put: ipsec_sa 8fbc0400 SA:unk0:0@<invalid>, ref:0 reference
count (1--) decremented by pfkey_msg_interp:3079.
ipsec_sa_put: freeing 8fbc0400
klips_debug:ipsec_sa_wipe: removing SA=unk0:0@<invalid>(0p8fbc0400),
SAref=0, table=0(0pc0003000), entry=0 from the refTable.
klips_debug:pfkey_sendmsg: pfkey_msg_parse returns -89.
klips_debug:pfkey_sendmsg: sending up error=-89 message=0p8fbd4200 to
socket=0p8f42fe80.
klips_debug:pfkey_upmsg: allocating 16 bytes...
klips_debug:pfkey_upmsg: ...allocated at 0p8fb189c0.
klips_debug:pfkey_sendmsg: sending up error message to
socket=0p8f42fe80 succeeded.
send: Function nklips_debug:pfkey_release: sock=0p8f42fe80 sk=0p8fb23000
ot implemented
klips_debug:pfkey_destroy_socket: 0p8fb23000
klips_debug:pfkey_remove_socket: 0p8fb23000
klips_debug:pfkey_destroy_socket: pfkey_remove_socket called, sk=0p8fb23000
klips_debug:pfkey_destroy_socket:
sk(0p8fb23000)->(&0p8fb2305c)receive_queue.{next=0p8fb189c0,prev=0p8fb189c0}.
klips_debug:pfkey_destroy_socket: skb=0p8fb189c0 freed.
klips_debug:pfkey_destroy_socket: destroyed.
klips_debug:pfkey_list_remove_socket: removing sock=0p8f42fe80
klips_debug:pfkey_list_remove_socket: removing sock=0p8f42fe80
klips_debug:pfkey_list_remove_socket: removing sock=0p8f42fe80
klips_debug:pfkey_list_remove_socket: removing sock=0p8f42fe80
klips_debug:pfkey_list_remove_socket: removing sock=0p8f42fe80
klips_debug:pfkey_list_remove_socket: removing sock=0p8f42fe80
klips_debug:pfkey_list_remove_socket: removing sock=0p8f42fe80
klips_debug:pfkey_list_remove_socket: removing sock=0p8f42fe80
klips_debug:pfkey_list_remove_socket: removing sock=0p8f42fe80
klips_debug:pfkey_list_remove_socket: removing sock=0p8f42fe80
klips_debug:pfkey_list_remove_socket: removing sock=0p8f42fe80
klips_debug:pfkey_list_remove_socket: removing sock=0p8f42fe80
klips_debug:pfkey_list_remove_socket: removing sock=0p8f42fe80
klips_debug:pfkey_release: succeeded.
#

More information about the Users mailing list