current-users: Re: IPSEC still fails on BETA2/vax

Subject: Re: IPSEC still fails on BETA2/vax
To: None <itojun@iijlab.net>
From: Olaf Seibert <rhialto@polderland.nl>
List: current-users
Date: 07/11/2002 00:08:37
On Wed 10 Jul 2002 at 08:16:10 +0900, itojun@iijlab.net wrote:
> 	try raising net.key.larval_lifetime to 120 (or 300?) and see if it
> 	makes a difference.

Yes, it does make a difference: the keys seem to get set now and the
crash I was experiencing happens now without explcit "setkey" command
but when I start pinging.

2002-07-10 23:58:24: DEBUG: sockmisc.c:570:sendfromto(): 1 times of 60 bytes message will be sent to 10.0.0.7[500]
2002-07-10 23:58:24: DEBUG: plog.c:193:plogdump(): 
a4cebac3 85bf7c77 3e4b367a 87122373 08102001 4d1e231e 0000003c c53d4e85
ff651d28 ec4b6d5c ba7ed809 1a1a812d d09480eb 18c311be d03479e6
2002-07-10 23:58:25: NOTIFY: isakmp.c:252:isakmp_handler(): the packet is retransmitted by 10.0.0.5[500].

bash-2.04# setkey -D
10.0.0.7 10.0.0.5 
        esp mode=transport spi=151932733(0x090e4f3d) reqid=0(0x00000000)
        E: 3des-cbc  34f38daf a46a695b 8311c261 7e4f95f6 5f8bf96e 45f04ded
        A: hmac-sha1  5ab502e8 5746bb64 97e90a99 b090214b dccf1b1e
        seq=0x00000000 replay=4 flags=0x00000000 state=mature 
        created: Jul 10 23:58:20 2002   current: Jul 10 23:58:56 2002
        diff: 36(s)     hard: 43200(s)  soft: 34560(s)
        last:                           hard: 0(s)      soft: 0(s)
        current: 0(bytes)       hard: 0(bytes)  soft: 0(bytes)
        allocated: 0    hard: 0 soft: 0
        sadb_seq=1 pid=169 refcnt=1
10.0.0.5 10.0.0.7 
        esp mode=transport spi=108646114(0x0679cee2) reqid=0(0x00000000)
        E: 3des-cbc  8aff8cbd a77277fd acf9b950 a94954b8 113c1df5 95e7eb65
        A: hmac-sha1  f891ded0 f38914ab 674c6972 4e648c72 f3a6aaa1
        seq=0x00000000 replay=4 flags=0x00000000 state=mature 
        created: Jul 10 23:58:19 2002   current: Jul 10 23:58:56 2002
        diff: 37(s)     hard: 43200(s)  soft: 34560(s)
        last:                           hard: 0(s)      soft: 0(s)
        current: 0(bytes)       hard: 0(bytes)  soft: 0(bytes)
        allocated: 0    hard: 0 soft: 0
        sadb_seq=0 pid=169 refcnt=1
bash-2.04# ping azenomei
p
 85 RESTART SYS
p84 FAIL

 83 BOOT SYS
-DKB0
>> NetBSD/vax boot [1.11 Sat Jun 15 18:30:21 UTC 2002] <<

tcpdump as seen from azenomei:

23:59:13.535207 xzan.falu.nl > azenomei.falu.nl: ESP(spi=151932733,seq=0x1)
23:59:13.536184 azenomei.falu.nl > xzan.falu.nl: ESP(spi=108646114,seq=0x1)

so it seems that it is the reception of the ESP packet which crashes
xzan (not the sending because it has been doing that a lot already in
the past without crashing).

I suppose I will add printf()s to the IPsec input path.

> itojun
-Olaf.
-- 
___ Olaf 'Rhialto' Seibert - rhialto@       -- Woe betide the one who feels
\X/ polderland.nl  -- remorse without sin - Tom Poes, "Het boze oog", 4444.