archive mirror
 help / color / mirror / Atom feed
* Question: IPSEC ping fails with new crypto driver how to debug?
       [not found] <>
@ 2020-04-18 10:19 ` R W van Schagen
  0 siblings, 0 replies; only message in thread
From: R W van Schagen @ 2020-04-18 10:19 UTC (permalink / raw)
  To: linux-crypto

My crypto driver (under development) is passing all the extended test manager test (I’m on Kernel v5.4.31).

For debugging purposes I can either only register “cbc(aes)” or the full “authenc(hmac(256), cbc(aes))”.

For testing purposes I am only using two simple “ip xfrm state” and “ip xfrm policy” plus additional “ip route”.
Without my driver the tunnel works as expected using the generic in-tree software modules.

Whit the driver installed before setting up the tunnel the self-tests are run. (No test for “echainiv(authenc…”)
So incase I am only using the “cbc(aes)” the authenc(hham(sha256-generic), eip-cbc-aes) is created and tested (pass). The echainiv(authenc…) is also created.

Even though all the extended tests were successful I can’t ping from my device.

I’m getting “ping: send to: Out of memory”. 

Pinging to the device works as expected. However: if I’m adding a “size” to the ping, it starts works:

“ping -s1411” works without any problem. Anything less than 1411 fails “out of memory”??

I did hex_dumps of the source and destination scatterlists and well as the IV, authentication TAG. They look the same for both and “inbound - ping” and an “outbound - ping”, with the exception that the encrypt/decrypt calls are reversed (obviously). This also shows that the tunnel works otherwise I would get anything into the driver.
“ip -s x s” also confirms that packets are being send and received.

Again all else the same, except the driver not loaded, it works, so firewall or routing problems can be eliminated.

Any suggestions where to start looking for the “bug” in my driver?

^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2020-04-18 10:21 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
     [not found] <>
2020-04-18 10:19 ` Question: IPSEC ping fails with new crypto driver how to debug? R W van Schagen

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).