archive mirror
 help / color / mirror / Atom feed
From: R W van Schagen <>
Subject: Question: IPSEC ping fails with new crypto driver how to debug?
Date: Sat, 18 Apr 2020 18:19:04 +0800	[thread overview]
Message-ID: <> (raw)

My crypto driver (under development) is passing all the extended test manager test (I’m on Kernel v5.4.31).

For debugging purposes I can either only register “cbc(aes)” or the full “authenc(hmac(256), cbc(aes))”.

For testing purposes I am only using two simple “ip xfrm state” and “ip xfrm policy” plus additional “ip route”.
Without my driver the tunnel works as expected using the generic in-tree software modules.

Whit the driver installed before setting up the tunnel the self-tests are run. (No test for “echainiv(authenc…”)
So incase I am only using the “cbc(aes)” the authenc(hham(sha256-generic), eip-cbc-aes) is created and tested (pass). The echainiv(authenc…) is also created.

Even though all the extended tests were successful I can’t ping from my device.

I’m getting “ping: send to: Out of memory”. 

Pinging to the device works as expected. However: if I’m adding a “size” to the ping, it starts works:

“ping -s1411” works without any problem. Anything less than 1411 fails “out of memory”??

I did hex_dumps of the source and destination scatterlists and well as the IV, authentication TAG. They look the same for both and “inbound - ping” and an “outbound - ping”, with the exception that the encrypt/decrypt calls are reversed (obviously). This also shows that the tunnel works otherwise I would get anything into the driver.
“ip -s x s” also confirms that packets are being send and received.

Again all else the same, except the driver not loaded, it works, so firewall or routing problems can be eliminated.

Any suggestions where to start looking for the “bug” in my driver?

           reply	other threads:[~2020-04-18 10:21 UTC|newest]

Thread overview: expand[flat|nested]  mbox.gz  Atom feed
 [parent not found: <>]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \ \ \ \

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).