[strongSwan] IP reassembly bug with strongSwan?
Daniel.Merget at rohde-schwarz.com
Daniel.Merget at rohde-schwarz.com
Tue May 31 10:48:49 CEST 2011
First of all thanks for your time and help!
> What virtualization platform are you using? KVM, ESXi, etc.
I am using VMware Workstation 6.5.5 on a Windows XP host system.
> With what version of the Linux kernel are you experiencing this issue?
> Did you try different versions?
The virtual machines run on Ubuntu 10.0 with kernel 2.6.35-22-generic. I
have not yet tried to compile a newer kernel version, but I noticed there
have been some changes commited to the working tree concerning IPv4
fragmentation and reassembly. Thus in the next step, I want to test my
setup using net-next kernel (2.6.39) which provides a lot of network
changes.
> What do you mean by "the machine froze"?
> Do you have console access to the machine?
> Is it not responding at all or do you only lose network access?
The whole Linux GUI freezes, I can move the mouse around, but cannot
trigger any actions. Network loses connection to the machine. VMware
Workstation rests completely stable. After rebooting the machine
(power-off), I also inspected the kernel logs: there are no hints or any
suspicious notifications at all. In /var/log/messages the logger actually
stopped in the middle of the line (some event long before the triggered
power-off).
> Do you think it's possible that the virtualization infrastructure or
some firewall is doing some kindof processing on the packet and that it's
the virtualization platform that crashes.
I think I can definitely eliminate the firewall as a cause because I
configured iptables to simply accept all packets and no further filtering
is done (it's all virtual, so there is no malicious packets from outside).
For the virtualization platform, I am actually not 100% sure but there is
no fail-proof way I can test it. Regardless, I set up a third virtual
machine to forward all incoming packets to the corresponding target
without modifying the contents (except for TTL). The fact that this
machine keeps on running perfectly, however, seems to condradict the
conjecture that VMware Workstation is the cause.
As noted above, I will test the setup with a new kernel version. I am
convinced now that it is very likely a kernel issue (and maybe it is
already fixed).
As soon as I have finished testing I will share my results and keep you up
to date.
Best regards,
Daniel Merget
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20110531/80a25c99/attachment.html>
More information about the Users
mailing list