[prev in list] [next in list] [prev in thread] [next in thread]
List: openswan-users
Subject: [Openswan Users] version 2.6.16 on FC9 2.6.25.14-108 panic in .des_ncbc_encrypt_end
From: nospam2craig () remex ! com ! au
Date: 2008-08-22 6:27:13
Message-ID: OFBE0DC465.F15EBAE2-ONCA2574AD.001D2376-CA2574AD.002368D4 () remex ! com ! au
[Download RAW message or body]
This is a multipart message in MIME format.
--=_alternative 002368D4CA2574AD_=
Content-Type: text/plain; charset="US-ASCII"
Hi folks,
has anyone got KLIPS working on with 2.6.16 on FC9?
I have installed (both userland and KLIPS modules) from source and use a
known good config (config works and is tested on 2.4.22 kernel with
KLIPS/Openswan 2.1.5 and with kernel 2.6.18-53 with KLIPS/Openswan 2.4.11)
.
I can bring up the tunnels, however, as soon as I send data through (even
1 ping packet), it panics in .des_ncbc_encrypt_end.
startup goes like this
<snip>
ipsec_setup: Starting Openswan IPsec 2.6.16...
ipsec_setup: /usr/local/libexec/ipsec/eroute: pfkey write failed,
returning -1 with errno=96.
ipsec_setup: Unknown socket write error 96. Please report as much detail
as possible to development team.
<snip>
and this appears in dmesg
<snip>
klips_info:ipsec_init: KLIPS startup, Openswan KLIPS IPsec stack version:
2.6.16
NET: Registered protocol family 15
klips_info:ipsec_alg_init: KLIPS alg v=0.8.1-0 (EALG_MAX=255,
AALG_MAX=251)
klips_info:ipsec_alg_init: calling ipsec_alg_static_init()
ipsec_aes_init(alg_type=15 alg_id=12 name=aes): ret=0
klips_debug: experimental ipsec_alg_AES_MAC not registered [Ok]
(auth_id=0)
ipsec_3des_init(alg_type=15 alg_id=3 name=3des): ret=0
klips:pfkey_address_build: address->sa_family=0 not supported.
<snip>
I have seen also that bug tracker id 975 is open for the startup error
http://bugs.xelerance.com/view.php?id=975
looking at the source code in pfkey_build, it would appear that something
is wrong in the assignment of the sa_family as it is AF_UNSPEC instead of
AF_INET or AF_INET6 (the only two valid options).
I am not sure, however I don't think that this is the actual problem
because when the tunnels come up with KLIPS debugging on, there are plenty
of instances where pfkey_address_build is successful.
Should this be added as a separate bug or is it something related to 975?
I guess I need to know what further information it important to send
through.
I am having a little difficulty getting the full oops message, however I
am happy to post up anything that is of use.
(As an aside, could someone please point me to somewhere to get the oops
message so I can assist better?)
Any guidance as to how I can assist getting this fixed would be
appreciated
Cheers and Thanks
---------------------------------------------
Craig O'Toole
Remex Consulting
--=_alternative 002368D4CA2574AD_=
Content-Type: text/html; charset="US-ASCII"
<br><font size=2 face="sans-serif">Hi folks,</font>
<br>
<br><font size=2 face="sans-serif">has anyone got KLIPS working on with
2.6.16 on FC9?</font>
<br>
<br><font size=2 face="sans-serif">I have installed (both userland and
KLIPS modules) from source and use a known good config (config works and
is tested on 2.4.22 kernel with KLIPS/Openswan 2.1.5 and with kernel 2.6.18-53
with KLIPS/Openswan 2.4.11) . </font>
<br>
<br><font size=2 face="sans-serif">I can bring up the tunnels, however,
as soon as I send data through (even 1 ping packet), it panics in .des_ncbc_encrypt_end.</font>
<br>
<br><font size=2 face="sans-serif">startup goes like this</font>
<br><font size=2 face="sans-serif"><snip></font>
<br><tt><font size=2>ipsec_setup: Starting Openswan IPsec 2.6.16...<br>
ipsec_setup: /usr/local/libexec/ipsec/eroute: pfkey write failed, returning
-1 with errno=96.<br>
ipsec_setup: <b>Unknown socket write error 96. Please report as much
detail as possible to development team.</b></font></tt>
<br><font size=2 face="sans-serif"><snip></font>
<br>
<br><font size=2 face="sans-serif">and this appears in dmesg</font>
<br><font size=2 face="sans-serif"><snip></font>
<br><tt><font size=2>klips_info:ipsec_init: KLIPS startup, Openswan KLIPS
IPsec stack version: 2.6.16<br>
NET: Registered protocol family 15<br>
klips_info:ipsec_alg_init: KLIPS alg v=0.8.1-0 (EALG_MAX=255, AALG_MAX=251)<br>
klips_info:ipsec_alg_init: calling ipsec_alg_static_init()<br>
ipsec_aes_init(alg_type=15 alg_id=12 name=aes): ret=0<br>
klips_debug: experimental ipsec_alg_AES_MAC not registered [Ok] (auth_id=0)<br>
ipsec_3des_init(alg_type=15 alg_id=3 name=3des): ret=0<br>
<b>klips:pfkey_address_build: address->sa_family=0 not supported.</b></font></tt>
<br><font size=2 face="sans-serif"><snip></font>
<br>
<br><font size=2 face="sans-serif">I have seen also that bug tracker id
975 is open for the startup error</font>
<br><font size=2 face="sans-serif">http://bugs.xelerance.com/view.php?id=975</font>
<br>
<br><font size=2 face="sans-serif">looking at the source code in pfkey_build,
it would appear that something is wrong in the assignment of the sa_family
as it is AF_UNSPEC instead of AF_INET or AF_INET6 (the only two valid options).</font>
<br>
<br><font size=2 face="sans-serif">I am not sure, however I don't think
that this is the actual problem because when the tunnels come up with KLIPS
debugging on, there are plenty of instances where pfkey_address_build is
successful.</font>
<br>
<br><font size=2 face="sans-serif">Should this be added as a separate bug
or is it something related to 975?</font>
<br>
<br><font size=2 face="sans-serif">I guess I need to know what further
information it important to send through.</font>
<br>
<br><font size=2 face="sans-serif">I am having a little difficulty getting
the full oops message, however I am happy to post up anything that is of
use. </font>
<br><font size=2 face="sans-serif">(As an aside, could someone please point
me to somewhere to get the oops message so I can assist better?)</font>
<br>
<br><font size=2 face="sans-serif">Any guidance as to how I can assist
getting this fixed would be appreciated</font>
<br>
<br><font size=2 face="sans-serif">Cheers and Thanks</font>
<br><font size=2 face="sans-serif"><br>
---------------------------------------------<br>
Craig O'Toole<br>
Remex Consulting<br>
<br>
</font>
--=_alternative 002368D4CA2574AD_=--
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic