Hi all,
I'm running the most recent 2.6.12-rc1-bk with ipsec-tools 0.5.1,
setting up tunnel mode between networks 192.168.0.0/24 (gateway K.L.M.N)
and 192.168.157.0/24 (gw A.B.C.D/192.168.157.1).
When pinging from the gateway 192.168.157.1 (i.e. locally generated
packets) the ESP packets have correct SPI/SEQ number:
13:47:14.334879 A.B.C.D > K.L.M.N: ESP(spi=0xebfb16c9,seq=0x1) (DF)
13:47:25.988419 A.B.C.D > K.L.M.N:
ESP(spi=0xebfb16c9,seq=0x2) (DF)
13:47:49.190173 A.B.C.D > K.L.M.N: ESP(spi=0xebfb16c9,seq=0x3) (DF)
However when pinging from the host in the internal net (e.g.
192.168.157.21, i.e. forwarded packets) the lower half of SPI is wrong
as is the upper half of SEQ:
13:48:28.373633 A.B.C.D > K.L.M.N: ESP(spi=0xebfbd458,seq=0x42700004) (DF)
13:49:13.934759 A.B.C.D > K.L.M.N: ESP(spi=0xebfbd358,seq=0x43700005) (DF)
13:49:19.929667 A.B.C.D > K.L.M.N: ESP(spi=0xebfbd258,seq=0x44700006) (DF)
Note that the lower half of SEQ grows as expected...
Now pinging from the gateway again and it works again:
13:49:27.529796 A.B.C.D > K.L.M.N: ESP(spi=0xebfb16c9,seq=0x7) (DF)
Have anyone else seen a similar behaviour? Any ideas what is wrong?
Looks like the kernel isn't clearing some buffers when forwarding
packets to IPSec tunnel...
Michal Ludvig
|