[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#257120: bug 257120 (IPSEC with AES + Conntrack + UDP -> Panic)

On Mon, Jul 12, 2004 at 06:14:25AM +0200, Fabio Massimo Di Nitto wrote:
> On Mon, 12 Jul 2004, Horms wrote:
> 
> > On Thu, Jul 08, 2004 at 09:58:21AM +0200, Fabio Massimo Di Nitto wrote:
> > >
> > > Hi guys,
> > >
> > > 	I did quite a bit of work on this bug, but i had stop there since
> > > it is an upstream bug and i houneslty i don't know how to go further.
> > >
> > > Please can you kindly take care, as debian kernel maintainers, take care
> > > of it.
> >
> > Thanks. Are you aware of an upstream fix for this (for any version) ?
> 
> No i am sorry. I have been poking around with diff linux-2.4.26/crypto and
> kernel-source-2.4.26/crypto but the aes module is exactly the same.
> 
> I think you can safely forward this bug to LKML.

Thanks,

[I have taken the liberty of adding to the title of this message
 to make it easier (for me) to track]

I have done some additional research into this.
I have found that it is independant of NFS. In my setup,
2.4.26-2 kernel using IPSEC with AES and insmoding ip_conntrack.
Using netcat, I found that transfering 16384bytes (16k) is ok but 
16385bytes (16k+1byte) is not.

It seems that fragmented packets are being sent.
On reciept of the first fragment of the 3rd packet
the kernel panic occurs. This is in contrast to doing
a transfer over TCP, where 1492 byte packets are sent
(the MTU is 1500 bytes).

I will investigate further. Here is a tcpdump.

16384bytes (16k) transfer -> ok!

16:34:52.607759 IP (tos 0x0, ttl  64, id 36941, offset 0, flags [DF], length: 84) 172.17.60.210 > 172.17.60.207: AH(spi=0x00005fb4,sumlen=16,seq=0x5): ESP(spi=0x00005fb5,seq=0x5)
16:34:52.616161 IP (tos 0x0, ttl  64, id 58649, offset 0, flags [+], length: 1500) 172.17.60.207 > 172.17.60.210: AH(spi=0x00003d54,sumlen=16,seq=0x3e05c): ESP(spi=0x00003d55,seq=0x3e05c)
16:34:52.616336 IP (tos 0x0, ttl  64, id 58649, offset 1480, flags [+], length: 1500) 172.17.60.207 > 172.17.60.210: ah
16:34:52.616433 IP (tos 0x0, ttl  64, id 58649, offset 2960, flags [+], length: 1500) 172.17.60.207 > 172.17.60.210: ah
16:34:52.616494 IP (tos 0x0, ttl  64, id 58649, offset 4440, flags [+], length: 1500) 172.17.60.207 > 172.17.60.210: ah
16:34:52.616576 IP (tos 0x0, ttl  64, id 58649, offset 5920, flags [+], length: 1500) 172.17.60.207 > 172.17.60.210: ah
16:34:52.616637 IP (tos 0x0, ttl  64, id 58649, offset 7400, flags [none], length: 876) 172.17.60.207 > 172.17.60.210: ah
16:34:52.619493 IP (tos 0x0, ttl  64, id 58650, offset 0, flags [+], length: 1500) 172.17.60.207 > 172.17.60.210: AH(spi=0x00003d54,sumlen=16,seq=0x3e05d): ESP(spi=0x00003d55,seq=0x3e05d)
16:34:52.619710 IP (tos 0x0, ttl  64, id 58650, offset 1480, flags [+], length: 1500) 172.17.60.207 > 172.17.60.210: ah
16:34:52.619774 IP (tos 0x0, ttl  64, id 58650, offset 2960, flags [+], length: 1500) 172.17.60.207 > 172.17.60.210: ah
16:34:52.619881 IP (tos 0x0, ttl  64, id 58650, offset 4440, flags [+], length: 1500) 172.17.60.207 > 172.17.60.210: ah
16:34:52.619946 IP (tos 0x0, ttl  64, id 58650, offset 5920, flags [+], length: 1500) 172.17.60.207 > 172.17.60.210: ah
16:34:52.620032 IP (tos 0x0, ttl  64, id 58650, offset 7400, flags [none], length: 876) 172.17.60.207 > 172.17.60.210: ah

16385bytes (16k+1byte) transfer -> not ok!

16:35:24.435670 IP (tos 0x0, ttl  64, id 43558, offset 0, flags [DF], length: 84) 172.17.60.210 > 172.17.60.207: AH(spi=0x00005fb4,sumlen=16,seq=0x6): ESP(spi=0x00005fb5,seq=0x6)
16:35:24.446513 IP (tos 0x0, ttl  64, id 58651, offset 0, flags [+], length: 1500) 172.17.60.207 > 172.17.60.210: AH(spi=0x00003d54,sumlen=16,seq=0x3e05e): ESP(spi=0x00003d55,seq=0x3e05e)
16:35:24.446621 IP (tos 0x0, ttl  64, id 58651, offset 1480, flags [+], length: 1500) 172.17.60.207 > 172.17.60.210: ah
16:35:24.446718 IP (tos 0x0, ttl  64, id 58651, offset 2960, flags [+], length: 1500) 172.17.60.207 > 172.17.60.210: ah
16:35:24.446784 IP (tos 0x0, ttl  64, id 58651, offset 4440, flags [+], length: 1500) 172.17.60.207 > 172.17.60.210: ah
16:35:24.446865 IP (tos 0x0, ttl  64, id 58651, offset 5920, flags [+], length: 1500) 172.17.60.207 > 172.17.60.210: ah
16:35:24.446928 IP (tos 0x0, ttl  64, id 58651, offset 7400, flags [none], length: 876) 172.17.60.207 > 172.17.60.210: ah
16:35:24.449951 IP (tos 0x0, ttl  64, id 58652, offset 0, flags [+], length: 1500) 172.17.60.207 > 172.17.60.210: AH(spi=0x00003d54,sumlen=16,seq=0x3e05f): ESP(spi=0x00003d55,seq=0x3e05f)
16:35:24.450079 IP (tos 0x0, ttl  64, id 58652, offset 1480, flags [+], length: 1500) 172.17.60.207 > 172.17.60.210: ah
16:35:24.450140 IP (tos 0x0, ttl  64, id 58652, offset 2960, flags [+], length: 1500) 172.17.60.207 > 172.17.60.210: ah
16:35:24.450224 IP (tos 0x0, ttl  64, id 58652, offset 4440, flags [+], length: 1500) 172.17.60.207 > 172.17.60.210: ah
16:35:24.450292 IP (tos 0x0, ttl  64, id 58652, offset 5920, flags [+], length: 1500) 172.17.60.207 > 172.17.60.210: ah
16:35:24.450355 IP (tos 0x0, ttl  64, id 58652, offset 7400, flags [none], length: 876) 172.17.60.207 > 172.17.60.210: ah
16:35:24.454251 IP (tos 0x0, ttl  64, id 24035, offset 0, flags [DF], length: 84) 172.17.60.207 > 172.17.60.210: AH(spi=0x00003d54,sumlen=16,seq=0x3e060): ESP(spi=0x00003d55,seq=0x3e060)


-- 
Horms
Reply to: