[Swan-dev] KLIPS crashes after kernel update
Roel van Meer
roel.vanmeer at bokxing-it.nl
Fri Nov 1 16:33:16 EET 2013
Thomas Geulig writes:
> after upgrading from kernel 3.4.65 to 3.4.66 I experienced
> crashes in the KLIPS function ipsec_xmit_ipip().
>
> I narrowed the problem down to an API change in the function
> ip_select_ident().
>
> Before:
> static inline void ip_select_ident(struct iphdr *iph, struct dst_entry *dst,
> struct sock *sk)
>
> After:
> static inline void ip_select_ident(struct sk_buff *skb, struct dst_entry
> *dst,
> struct sock *sk)
>
> This function is referencd in linux/include/libreswan/ipsec_param2.h.
>
> After I changed the first parameter there, the crashes were gone.
Thomas, does your setup work with the 3.4.66 kernel?
I am seeing the problem that, while your fix makes my kernel not crash
anymore, packets get an incorrect checksum so they are dropped at the other
end.
Verified as working ok:
kernel 3.4.65 w libreswan 3.6
kernel 3.4.62 w libreswan 3.3
Problems with:
kernel 3.4.67 w libreswan 3.3, 3.4, 3.5 or 3.6
kernel 3.10.17 w libreswan 3.6
At first I thought the problem was caused by my libreswan upgrade, but it
turns out to be caused by the kernel update.
Symptoms are: tunnel comes up correctly, packets traverse the tunnel, but at
the receiving end they are dropped by the kernel. A 'tcpdump -v' shows this:
14:46:02.361288 IP (tos 0x0, ttl 64, id 57076, offset 0, flags [DF], proto ICMP (1), length 84, bad cksum 3738 (->cc61)!)
192.168.1.1 > 192.168.13.1: ICMP echo request, id 10819, seq 6, length 64
This happens at the receiving end of the tunnel. The affected kernel version
is at the transmitting end.
Best regards,
Roel
More information about the Swan-dev
mailing list