Re: [strongSwan] received netlink error: No such file or directory (2) -- 96-bit truncation issue?

Fri, 17 Jan 2014 08:55:39 -0800 

On Fri, Jan 17, 2014 at 3:48 PM, Aaron Wood <[email protected]> wrote:

> Martin,
>
> The modules list and configuration check script all pass.  I stepped up
> the debug logging in charon to knl=4, to help narrow down the call in
> question:
>
> Jan 17 15:38:27 16[KNL] adding SAD entry with SPI c5d8c211 and reqid {1}
> Jan 17 15:38:27 16[KNL]   using encryption algorithm AES_CBC with key size
> 128
> Jan 17 15:38:27 16[KNL]   using integrity algorithm HMAC_SHA1_96 with key
> size 160
> Jan 17 15:38:27 16[KNL] sending XFRM_MSG_UPDSA: => 448 bytes @ 0x2ceab7f0
>
...

> Jan 17 15:38:27 16[KNL]  320: A3 72 22 BA CB 6C 27 83 00 5C 00 01 73 68 61
> 31  .r"..l'..\..sha1
> Jan 17 15:38:27 16[KNL]  336: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> 00  ................
>
...

> Jan 17 15:38:27 16[KNL] received netlink error: No such file or directory
> (2)
>

Martin,

Something I just realized:  it's passing "sha1" to the kernel, not
"hmac(sha1)", like I saw in previous logs that have been posted:

> 07[KNL]   using integrity algorithm HMAC_SHA2_256_128 with key size 256
> 07[KNL] sending XFRM_MSG_UPDSA: => 436 bytes @ 0x4b82f43c
...
> 07[KNL]  320: 4B 28 E9 8B D3 76 70 D4 00 6C 00 14 68 6D 61 63
 K(...vp..l..hmac
> 07[KNL]  336: 28 73 68 61 32 35 36 29 00 00 00 00 00 00 00 00
 (sha256)........

Just a difference, which seemed suspicious.

Looking further into the xfrm modules, I've dug into the kernel config
further, these are all the xfrm_* modules, and their compilation state:

linux-2.6.31]$ grep -i xfrm .config
CONFIG_XFRM=y
CONFIG_XFRM_USER=m
# CONFIG_XFRM_SUB_POLICY is not set
# CONFIG_XFRM_MIGRATE is not set
# CONFIG_XFRM_STATISTICS is not set
CONFIG_XFRM_IPCOMP=m
CONFIG_INET_XFRM_TUNNEL=m
CONFIG_INET_XFRM_MODE_TRANSPORT=m
CONFIG_INET_XFRM_MODE_TUNNEL=m
CONFIG_INET_XFRM_MODE_BEET=m
CONFIG_INET6_XFRM_TUNNEL=m
CONFIG_INET6_XFRM_MODE_TRANSPORT=m
CONFIG_INET6_XFRM_MODE_TUNNEL=m
CONFIG_INET6_XFRM_MODE_BEET=m
# CONFIG_INET6_XFRM_MODE_ROUTEOPTIMIZATION is not set

I'm going to recompile the missing modules, and see if that changes
anything after installing them (although I'm not using ipv6, it is compiled
into this kernel).

-Aaron

_______________________________________________
Users mailing list
[email protected]
https://lists.strongswan.org/mailman/listinfo/users

Reply via email to