[Openswan Users] klips_error:ipsec_xmit_encap_once: tried to skb_put 20, 16 available. This should never happen, please report.

Danilo Godec danilo.godec at agenda.si
Sat Oct 9 14:35:49 EDT 2010

 Does the fact that everything works without these issues if I use
NETKEY mean anything?

I just managed to get NETKEY working (still don't like it much) just to
find out if there's the same problem...

If the problem really is in Xen, wouldn't I get the same sort of issues
with NETKEY?


On 2.10.2010 19:52, Danilo Godec wrote:
>  On 2.10.2010 18:24, Paul Wouters wrote:
>> On Sat, 2 Oct 2010, Danilo Godec wrote:
>>> I have a server running OpenSwan 2.6.29, using MAST stack. The server
>>> has three Xen VM's and currently 4 active LAN's behind. There is not a
>>> lot of traffic yet, as the building is not quite finished...
>>> If I connect to a VM and run a simple 'ls -lR /' it will sometimes get
>>> 'stuck'. At that moment, a lot of these messages appear on the IPSEC
>>> server:
>>>> Oct  2 14:04:34 lmqxen1 kernel: [59061.763064]
>>>> klips_error:ipsec_xmit_encap_once: tried to skb_put 21, 17 available.
>>>> This should never happen, please report.
>> Are you running tight on memory?
> Not really - the server has 4 GB and there are three VM's with 512MB each...
>>> I also see these messages when 'cfagent' (a part of 'cfengine') on a VM
>>> copies files from the server and gets stuck...
>> Yeah, this does not seem to be an openswan bug. The code in question is:
>> (one instance of it):
>>         /* Set the data pointer */
>>         skb_reserve(n,skb->data-skb->head+headroom);
>>         /* Set the tail pointer and length */
>>         if(skb_tailroom(n) < skb->len) {
>>                 printk(KERN_WARNING "klips_error:skb_copy_expand: "
>>                        "tried to skb_put %ld, %d available.  This
>> should never happen, please report.\n",
>>                        (unsigned long int)skb->len,
>>                        skb_tailroom(n));
>>                 ipsec_kfree_skb(n);
>>                 return NULL;
>>         }
>> I would check with the xen people to see what might be going on.
> Is it OK if I forward your message to the Xen list?
>   Danilo
> _______________________________________________
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
> Building and Integrating Virtual Private Networks with Openswan: 
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155

More information about the Users mailing list