lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <33236489.1083652956078.JavaMail.Administrator@mailserver>
From: priteshshah at tataelxsi.co.in (Pritesh Harivadan Shah)
Subject: IPSEC on arm-linux board

Dear All,

We have tested IPSEC on regular linux gateways.

Now we are testing it on arm-linux board.

We are able to establish IPSEC SA. But on arm-linux, ping from one end to
other end does not work.

By tracing, it looks that, ipsec interface takes the packet but does not
through out.

The moment we stop IPSEC, it starts pinging through interface, which is
attached to IPSEC. Basically packets are dropped by IPSEC interface, as per
log enclsoed and our observation.

Enclosed below log file with KLIPSDEbug on. Any help is appreciated.. I
suspect some problem either kernel level, or with
freeswan version. We are using freeswan 1.99 cross compiled one for arm
board.

******************************** LOG FILE  START

klips_debug:ipsec_tunnel_hard_header: skb->dev=ipsec0 dev=ipsec0.
klips_debug:ipsec_tunnel_hard_header: Revectored 0x00000000->0xc0b201c8
len=60 t
ype=2048 dev=ipsec0->wan dev_addr=00:01:03:13:96:ef ip=1e1e1e01->28282801
klips_debug:ipsec_tunnel_start_xmit: >>> skb->len=74
hard_header_len:14<6>klips_
debug:   IP: ihl:20 ver:4 tos:0 tlen:60 id:35719 frag_off:0 ttl:127 proto:1
(ICM
P) chk:9202 saddr:30.30.30.1 daddr:40.40.40.1 type:code=8:0
klips_debug:ipsec_findroute: 30.30.30.1->40.40.40.1
klips_debug:rj_match: * See if we match exactly as a host destination
klips_debug:rj_match: ** try to match a leaf, t=0xc09a4580
klips_debug:ipsec_findroute: found, points to proto=4, spi=1004,
dst=c0a80a3c.
klips_debug:ipsec_tunnel_start_xmit: checking for local udp/500 IKE packet
saddr
=1e1e1e01, er=c09a4580, daddr=28282801, er_dst=c0a80a3c, proto=1 sport=0
dport=0

klips_debug:ipsec_tunnel_start_xmit: Original head,tailroom: 18,1988
klips_debug:gettdb: linked entry in tdb table for hash=18 of
SA:tun0x1004@....16
8.10.60 requested.
klips_debug:ipsec_tunnel_start_xmit: found Tunnel Descriptor Block --
SA:<IPIP>
tun0x1004@....168.10.60
klips_debug:ipsec_tunnel_start_xmit: calling room for <IPIP>,
SA:tun0x1004@....1
68.10.60
klips_debug:ipsec_tunnel_start_xmit: Required head,tailroom: 20,0
klips_debug:ipsec_tunnel_start_xmit: TDB in dead state for
SA:<ESP_3DES_HMAC_MD5
?	esp0xe42b83e@....168.10.60, can no longer be used, dropping packet.

************************************* LOG FILE END

Regards

Pritesh

"As a well spent day brings happy sleep, so life well used brings happy
death."  -   Leonardo da Vinci

 TATA ELXSI DISCLAIMER:
The information contained in this message may be CONFIDENTIAL and is for the intended addressee only. Any unauthorized use, dissemination of the information, or copying of this message is prohibited. If you are not the intended addressed, please notify the sender immediately and delete this message. 

--------------------------------
Tata Elxsi Ltd, Bangalore, India


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ