[Full-Disclosure] IPSEC on arm-linux board

From: Pritesh Harivadan Shah (priteshshah_at_tataelxsi.co.in)
Date: 05/04/04

  • Next message: Aditya, ALD [Aditya Lalit Deshmukh]: "RE: [Full-Disclosure] Required SMTP Engine in VBS"
    To: <full-disclosure@lists.netsys.com>
    Date: Tue, 4 May 2004 12:14:13 +0530

    Dear All,

    We have tested IPSEC on regular linux gateways.

    Now we are testing it on arm-linux board.

    We are able to establish IPSEC SA. But on arm-linux, ping from one end to
    other end does not work.

    By tracing, it looks that, ipsec interface takes the packet but does not
    through out.

    The moment we stop IPSEC, it starts pinging through interface, which is
    attached to IPSEC. Basically packets are dropped by IPSEC interface, as per
    log enclsoed and our observation.

    Enclosed below log file with KLIPSDEbug on. Any help is appreciated.. I
    suspect some problem either kernel level, or with
    freeswan version. We are using freeswan 1.99 cross compiled one for arm

    ******************************** LOG FILE START

    klips_debug:ipsec_tunnel_hard_header: skb->dev=ipsec0 dev=ipsec0.
    klips_debug:ipsec_tunnel_hard_header: Revectored 0x00000000->0xc0b201c8
    len=60 t
    ype=2048 dev=ipsec0->wan dev_addr=00:01:03:13:96:ef ip=1e1e1e01->28282801
    klips_debug:ipsec_tunnel_start_xmit: >>> skb->len=74
    debug: IP: ihl:20 ver:4 tos:0 tlen:60 id:35719 frag_off:0 ttl:127 proto:1
    P) chk:9202 saddr: daddr: type:code=8:0
    klips_debug:rj_match: * See if we match exactly as a host destination
    klips_debug:rj_match: ** try to match a leaf, t=0xc09a4580
    klips_debug:ipsec_findroute: found, points to proto=4, spi=1004,
    klips_debug:ipsec_tunnel_start_xmit: checking for local udp/500 IKE packet
    =1e1e1e01, er=c09a4580, daddr=28282801, er_dst=c0a80a3c, proto=1 sport=0

    klips_debug:ipsec_tunnel_start_xmit: Original head,tailroom: 18,1988
    klips_debug:gettdb: linked entry in tdb table for hash=18 of
    8.10.60 requested.
    klips_debug:ipsec_tunnel_start_xmit: found Tunnel Descriptor Block --
    klips_debug:ipsec_tunnel_start_xmit: calling room for <IPIP>,
    klips_debug:ipsec_tunnel_start_xmit: Required head,tailroom: 20,0
    klips_debug:ipsec_tunnel_start_xmit: TDB in dead state for
    esp0xe42b83e@, can no longer be used, dropping packet.

    ************************************* LOG FILE END



    "As a well spent day brings happy sleep, so life well used brings happy
    death." - Leonardo da Vinci

    The information contained in this message may be CONFIDENTIAL and is for the intended addressee only. Any unauthorized use, dissemination of the information, or copying of this message is prohibited. If you are not the intended addressed, please notify the sender immediately and delete this message.

    Tata Elxsi Ltd, Bangalore, India

    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html

  • Next message: Aditya, ALD [Aditya Lalit Deshmukh]: "RE: [Full-Disclosure] Required SMTP Engine in VBS"