Re: Fw: [Bugme-new] [Bug 4138] New: ipsec with racoon in transport mode with... | netdev

Fw: [Bugme-new] [Bug 4138] New: ipsec with racoon in transport mode with esp and ah hangs (problem is in xfrm_state_add) · Andrew Morton <hidden> · 2005-01-31
Re: Fw: [Bugme-new] [Bug 4138] New: ipsec with racoon in transport mode with esp and ah hangs (problem is in xfrm_state_add) · Herbert Xu <herbert@gondor.apana.org.au> · 2005-01-31
Re: Fw: [Bugme-new] [Bug 4138] New: ipsec with racoon in transport mode with esp and ah hangs (problem is in xfrm_state_add) · Andreas Unterluggauer <hidden> · 2005-01-31
Re: Fw: [Bugme-new] [Bug 4138] New: ipsec with racoon in transport mode with esp and ah hangs (problem is in xfrm_state_add) · Andreas Unterluggauer <hidden> · 2005-01-31
Re: Fw: [Bugme-new] [Bug 4138] New: ipsec with racoon in transport mode with esp and ah hangs (problem is in xfrm_state_add) · Herbert Xu <herbert@gondor.apana.org.au> · 2005-01-31
Re: Fw: [Bugme-new] [Bug 4138] New: ipsec with racoon in transport mode with esp and ah hangs (problem is in xfrm_state_add) · Andreas Unterluggauer <hidden> · 2005-02-01
Re: Fw: [Bugme-new] [Bug 4138] New: ipsec with racoon in transport mode with esp and ah hangs (problem is in xfrm_state_add) · Patrick McHardy <hidden> · 2005-03-08
Re: Fw: [Bugme-new] [Bug 4138] New: ipsec with racoon in transport mode with esp and ah hangs (problem is in xfrm_state_add) · Herbert Xu <herbert@gondor.apana.org.au> · 2005-03-08
Re: Fw: [Bugme-new] [Bug 4138] New: ipsec with racoon in transport mode with esp and ah hangs (problem is in xfrm_state_add) · "David S. Miller" <davem@davemloft.net> · 2005-01-31
Re: Fw: [Bugme-new] [Bug 4138] New: ipsec with racoon in transport mode with esp and ah hangs (problem is in xfrm_state_add) · Herbert Xu <herbert@gondor.apana.org.au> · 2005-01-31
Re: Fw: [Bugme-new] [Bug 4138] New: ipsec with racoon in transport mode with esp and ah hangs (problem is in xfrm_state_add) · "David S. Miller" <davem@davemloft.net> · 2005-01-31

Re: Fw: [Bugme-new] [Bug 4138] New: ipsec with racoon in transport mode with esp and ah hangs (problem is in xfrm_state_add)

From: Herbert Xu <herbert@gondor.apana.org.au>
Date: 2005-01-31 10:54:33

Andrew Morton [off-list ref] wrote:

 
the SAD entries for ah and esp have the same km.seq!

Sounds like a racoon bug.  The kernel will assign different
sequence numbers to the two SAs.  It will also send SADB_ACQUIRE
messages to racoon with those sequence numbers.  So if racoon is
sending two SADB_ADD commands with the same sequence number back
then it's broken.

Could you get a dump of the messages that racoon has received
and sent? That should tell us exactly what's happening.

Workaround:  
I comment the if (x->km.seq) { ... } out. than it works vor me. but I know  
thats not a solution.

Well without the check we would have silently ignored the sequence
number which is why you wouldn't have noticed the problem with racoon
before.

However, for those who need to use the sequence number this check is
necessary.

Cheers,
-- 
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} [off-list ref]
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help