lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Wed, 20 Jul 2016 15:28:22 +0800
From:	Shanker Wang <shankerwangmiao@...il.com>
To:	Pommnitz Jörg <Pommnitz@...g.de>
Cc:	Ilan Tayari <ilant@...lanox.com>,
	"netdev@...r.kernel.org" <netdev@...r.kernel.org>
Subject: Re: IPv6 IPSec incompatibilities between 2.6.23 and 3.6.18 (and probably later)


> 在 2016年7月19日,23:03,Ilan Tayari <ilant@...lanox.com> 写道:
> 
>> On the receiving side (e.g. fd01:1b10:1000::1) I see the decrypted packets with
>> the 2.6.23 kernel:
>> but NOT with the newer kernel:
> 
> Hi Joerg,
> 
> First steps to debug this would be:
> cat /proc/net/xfrm_stat
> ip -s xfrm state
> ip -s xfrm policy
> 
> First command will show some error accounting, which can point to the culprit code.
> Second and third command will show existing objects, and some statistics like when the last packet was used with them.
> 
> Last thing - for your safety you should keep those session keys private.
> 
> Ilan.

Hi Joerg,

I think maybe you can try tcpdump -w to write the captured packets into a file
and use tools like Wireshark to analyze and see what is going wrong.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ