Full Disclosure mailing list archives
Re: IPSEC on arm-linux board
From: xbud <xbud () g0thead com>
Date: Tue, 4 May 2004 14:56:04 -0500
Speaking of arm anyone have jblend's arm-API's handy? I tried everything legally possible to buy a copy of it from them to play with the jvm on my phone... But no go :< anyone had any success access? On Tuesday 04 May 2004 01:44 am, Pritesh Harivadan Shah wrote:
Dear All, We have tested IPSEC on regular linux gateways. Now we are testing it on arm-linux board. We are able to establish IPSEC SA. But on arm-linux, ping from one end to other end does not work. By tracing, it looks that, ipsec interface takes the packet but does not through out. The moment we stop IPSEC, it starts pinging through interface, which is attached to IPSEC. Basically packets are dropped by IPSEC interface, as per log enclsoed and our observation. Enclosed below log file with KLIPSDEbug on. Any help is appreciated.. I suspect some problem either kernel level, or with freeswan version. We are using freeswan 1.99 cross compiled one for arm board. ******************************** LOG FILE START klips_debug:ipsec_tunnel_hard_header: skb->dev=ipsec0 dev=ipsec0. klips_debug:ipsec_tunnel_hard_header: Revectored 0x00000000->0xc0b201c8 len=60 t ype=2048 dev=ipsec0->wan dev_addr=00:01:03:13:96:ef ip=1e1e1e01->28282801 klips_debug:ipsec_tunnel_start_xmit: >>> skb->len=74 hard_header_len:14<6>klips_ debug: IP: ihl:20 ver:4 tos:0 tlen:60 id:35719 frag_off:0 ttl:127 proto:1 (ICM P) chk:9202 saddr:30.30.30.1 daddr:40.40.40.1 type:code=8:0 klips_debug:ipsec_findroute: 30.30.30.1->40.40.40.1 klips_debug:rj_match: * See if we match exactly as a host destination klips_debug:rj_match: ** try to match a leaf, t=0xc09a4580 klips_debug:ipsec_findroute: found, points to proto=4, spi=1004, dst=c0a80a3c. klips_debug:ipsec_tunnel_start_xmit: checking for local udp/500 IKE packet saddr =1e1e1e01, er=c09a4580, daddr=28282801, er_dst=c0a80a3c, proto=1 sport=0 dport=0 klips_debug:ipsec_tunnel_start_xmit: Original head,tailroom: 18,1988 klips_debug:gettdb: linked entry in tdb table for hash=18 of SA:tun0x1004@192.16 8.10.60 requested. klips_debug:ipsec_tunnel_start_xmit: found Tunnel Descriptor Block -- SA:<IPIP> tun0x1004@192.168.10.60 klips_debug:ipsec_tunnel_start_xmit: calling room for <IPIP>, SA:tun0x1004@192.1 68.10.60 klips_debug:ipsec_tunnel_start_xmit: Required head,tailroom: 20,0 klips_debug:ipsec_tunnel_start_xmit: TDB in dead state for SA:<ESP_3DES_HMAC_MD5 Ø esp0xe42b83e@192.168.10.60, can no longer be used, dropping packet. ************************************* LOG FILE END Regards Pritesh "As a well spent day brings happy sleep, so life well used brings happy death." - Leonardo da Vinci TATA ELXSI DISCLAIMER: The information contained in this message may be CONFIDENTIAL and is for the intended addressee only. Any unauthorized use, dissemination of the information, or copying of this message is prohibited. If you are not the intended addressed, please notify the sender immediately and delete this message. -------------------------------- Tata Elxsi Ltd, Bangalore, India _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- IPSEC on arm-linux board Pritesh Harivadan Shah (May 04)
- Re: IPSEC on arm-linux board xbud (May 04)