7/18/2012
Wakoond
I had some serious problems with destination option XFRM processing on newer Linux kernels (3.3 and 3.4). The sent Binding Update (BU) message was corrupt, because the Destination Option header overwrote the beginning of the MH part.
I have done the following tests to find the issue:
First case:
No XFRM policies and states.
Sending MH messages without destopt header.
In this case the message format is OK, I have tested it with tcpdump and wireshark.
Second case:
Adding destopt XFRM policy and state:
ip -6 xfrm policy add src 2001:470:7210:10::11 dst 2001:470:7210:10::1000 proto 135 type 5 dir out priority 2 ptype sub tmpl src 2001:470:7210:10::11 dst 2001:470:7210:10::1000 proto hao reqid 0 mode ro level use
ip -6 xfrm state add src 2001:470:7210:10::11 dst 2001:470:7210:10::1000 proto hao reqid 0 mode ro replay-window 0 coa 2001:470:7210:11:20c:29ff:fe46:a0e3 sel src 2001:470:7210:10::11 dst 2001:470:7210:10::1000
In this case, the message format was corrupted:
As you can see, the IPv6 header is OK. Next, the destination option header is OK. Finally, the following part of the packet isn't OK. If you compare the two dumps carefully, you will see, that the last 8 bytes are identical. The mip6_destopt_output function adds the destination option header correctly, but overwrites the existing MH header, and doesn't shift it after the destopt header.
Third case:
I have created ESP TUNNEL XFRM rules manually
In this case the message format is OK again.
Solution:
I have added a lot of debug messages to the kernel source and finally found the problem. When the kernel creates the skb from iovec (ip6_append_data) it sets the pointer of the network header to a wrong position. It will be shifted with 24 bytes (it is the length of the HAO dest. opt. header with paddings).
After this point, the message will be corrupted, the beginning (the first 24 bytes) of the MH part will be truncated. Later, when the kernel adds the dest. opt. header itself, there isn't any issue.
So, back to the wrong network header pointer. It is shifted by exthdrlen (= 24) by the skb_set_network_header() function. This exthdrlen comes from rt->rt6i_nfheader_len, which comes from the dst_entry chain. (More about dst_entry chain here and here). This nfheader_len value comes from the header_len of the desired xfrm type (in this case hao dest opt):
I have run a fast grep on the kernel tree, and this XFRM_TYPE_NON_FRAGMENT does not have any effect, just sets (or not) nfheader_len here. So, the following patch solves the issue:
My thread on the netdev Linux list:
Posted in: Popular Posts
-
How to clone a git repository over client certificate authenticated https protocol. This guide sets the local git configuration instead of...
-
I would like to setup a VPN server for my home NAS. I would like to connect to it from my MacBook and my Android phone out-of-box. I have d...
-
I have used serial terminal interfaces for communication for a while. For message generation and parsing I have used the previously introduc...
Copyright
37 comments:
AWS Training in Bangalore - Live Online & Classroom
myTectra Amazon Web Services (AWS) certification training helps you to gain real time hands on experience on AWS. myTectra offers AWS training in Bangalore using classroom and AWS Online Training globally. AWS Training at myTectra delivered by the experienced professional who has atleast 4 years of relavent AWS experince and overall 8-15 years of IT experience. myTectra Offers AWS Training since 2013 and retained the positions of Top AWS Training Company in Bangalore and India.
IOT Training in Bangalore - Live Online & Classroom
IOT Training course observes iot as the platform for networking of different devices on the internet and their inter related communication. Reading data through the sensors and processing it with applications sitting in the cloud and thereafter passing the processed data to generate different kind of output is the motive of the complete curricula. Students are made to understand the type of input devices and communications among the devices in a wireless media.
I have picked cheery a lot of useful clothes outdated of this amazing blog. I’d love to return greater than and over again. Thanks!
python training in chennai | python training in bangalore
python online training | python training in pune
python training in chennai
Really great post, I simply unearthed your site and needed to say that I have truly appreciated perusing your blog entries.
java training in omr
java training in annanagar | java training in chennai
java training in marathahalli | java training in btm layout
java training in rajaji nagar | java training in jayanagar
Great content thanks for sharing this informative blog which provided me technical information keep posting.
Data Science Training in Chennai
Data science training in bangalore
Data science online training
Data science training in pune
Data science training in kalyan nagar
selenium training in chennai
This is my 1st visit to your web... But I'm so impressed with your content. Good Job!
Python training in marathahalli
Python training in pune
AWS Training in chennai
Great post! I am actually getting ready to across this information, It’s very helpful for this blog.Also great with all of the valuable information you have Keep up the good work you are doing well.
Devops Training in Chennai
Devops training in sholinganallur
Hmm, it seems like your site ate my first comment (it was extremely long) so I guess I’ll just sum it up what I had written and say, I’m thoroughly enjoying your blog. I as well as an aspiring blog writer, but I’m still new to the whole thing. Do you have any recommendations for newbie blog writers? I’d appreciate it.
Best Selenium Training in Chennai | Selenium Training Institute in Chennai | Besant Technologies
Selenium Training in Bangalore | Best Selenium Training in Bangalore
All the points you described so beautiful. Every time i read your i blog and i am so surprised that how you can write so well.
Java training in Chennai
Java training in Bangalore
I appreciate that you produced this wonderful article to help us get more knowledge about this topic.
I know, it is not an easy task to write such a big article in one day, I've tried that and I've failed. But, here you are, trying the big task and finishing it off and getting good comments and ratings. That is one hell of a job done!
Selenium training in bangalore
Selenium training in Chennai
Selenium training in Bangalore
Selenium training in Pune
Selenium Online training
Amazing Article ! I have bookmarked this article page as i received good information from this. All the best for the upcoming articles. I will be waiting for your new articles. Thank You ! Kindly Visit Us @ Coimbatore Travels | Ooty Travels | Coimbatore Airport Taxi
Thanks for the good words! Really appreciated. Great post. I’ve been commenting a lot on a few blogs recently, but I hadn’t thought about my approach until you brought it up.
angularjs online training
apache spark online training
informatica mdm online training
devops online training
aws online training
Wonderful bloggers like yourself who would positively reply encouraged me to be more open and engaging in commenting.So know it's helpful.
Microsoft Azure online training
Selenium online training
Java online training
Java Script online training
Share Point online training
And indeed, I’m just always astounded concerning the remarkable things served by you. Some four facts on this page are undeniably the most effective I’ve had.
Data science Course Training in Chennai | No.1 Data Science Training in Chennai
RPA Course Training in Chennai | No.1 RPA Training in Chennai
AWS Course Training in Chennai | No.1 AWS Training in Chennai
Devops Course Training in Chennai | Best Devops Training in Chennai
Selenium Course Training in Chennai | Best Selenium Training in Chennai
Java Course Training in Chennai | Best Java Training in Chennai
Great and Nice Blog! I would like to thank for the efforts you have made in writing this great article. Thanks for sharing.
Data Science Bangalore
I have to search sites with relevant information on given topic and provide them to teacher our opinion and the article.
date analytics certification training courses
data science courses training
I just couldn't leave your website before telling you that I truly enjoyed the top quality info you present to your visitors? Will be back again frequently to check up on new posts.
data analytics course malaysia
Your work is very good and I appreciate you and hopping for some more informative posts
Data Science Course in Pune
Pretty good post. I just stumbled upon your blog and wanted to say that I have really enjoyed reading your blog posts. Any way I’ll be subscribing to your feed and I hope you post again soon.
Big Data Course
I was just browsing through the internet looking for some information and came across your blog. I am impressed by the information that you have on this blog. It shows how well you understand this subject. Bookmarked this page, will come back for more.
Data Science Course
Attend The Python training in bangalore From ExcelR. Practical Python training in bangalore Sessions With Assured Placement Support From Experienced Faculty. ExcelR Offers The Python training in bangalore.
python training in bangalore
thanks for sharing this information
python training in bangalore marathahalli
python training institutes in bangalore marathahalli
python training in btm Layout
Artificial Intelligence training in BTM
data science with python training in BTM
Machine Learning training in btm
Qlik Sense Training in BTM
The article is so informative. This is more helpful.
software testing training courses
selenium classes Thanks for sharing
Pretty good post. I just stumbled upon your blog and wanted to say that I have really enjoyed reading your blog posts. Any way I’ll be subscribing to your feed and I hope you post again soon.
Data Science Courses
thanks for sharing this information
data science classroom training in bangalore
best training institute for data science in bangalore
data science with python training in bangalore
best data science training in bangalore
UiPath Training in Bangalore
tableau training in bangalore
tableau training in bangalore marathahalli
tableau classroom training in bangalore
best tableau training institutes in bangalore
The article is so informative. This is more helpful. Thanks for sharing.
Learn best software testing online certification course class in chennai with placement
Best selenium testing online course training in chennai
Best online software testing training course institute in chennai with placement
I have express a few of the articles on your website now, and I really like your style of Python classes in pune blogging. I added it to my favorite’s blog site list and will be checking back soon…
Well, the most on top staying topic is Data Science.Out of all, Data science course in Mumbai is making a huge difference all across the country. Thank you so much for showing your work and thank you so much for this wonderful article.
Excellent Blog! I would like to thank for the efforts you have made in writing this post. I am hoping the same best work from you in the future as well. I wanted to thank you for this websites! Thanks for sharing. Great websites!
iot training in malaysia
thanks for your information really good and very nice web design company in velachery
I learned World's Trending Technology from certified experts for free of cost. I Got a job in decent Top MNC Company with handsome 14 LPA salary, I have learned the World's Trending Technology from Python training in pune experts who know advanced concepts which can help to solve any type of Real-time issues in the field of Python. Really worth trying instant approval blog commenting sites
ba online training india will make us to clear the concepts on business analysis
Nice Post...I have learn some new information.thanks for sharing.
Click here for ExcelR Business Analytics Course
Pretty good post. I just stumbled upon your blog and wanted to say that I have really enjoyed reading your blog posts. Any way I’ll be subscribing to your feed and I hope you post again soon.
ExcelR data science course in mumbai
Awesome blog. I enjoyed reading your articles. This is truly a great read for me. I have bookmarked it and I am looking forward to reading new articles. Keep up the good work!
ExcelR data analytics courses
Security testing is must. Everybody wants security at every level of his working. as explained above failures are happened but if we test time to time then it will improve. So it depend on us how much we are serious about this.
Adversarial Learning for Constrained Image Splicing Detection and Localization based on Atrous Convolution Project For CSE
An Attribute based Controlled Collaborative Access Control Scheme for Public Cloud Storage Project For CSE
Bio Protocol Watermarking on Digital Micro fluidic Bio chips Project For CSE
Bounds for Binary Linear Locally Repairable Codes via a Sphere Packing Approach Project For CSE
CNN based Adversarial Embedding for Image Steganography Project For CSE
Distributed Secure Switch and Stay Combining over Correlated Fading Channels Project For CSE
Really nice and interesting post. I was looking for this kind of information and enjoyed reading this one. Keep posting. Thanks for sharing.
ExcelR data analytics courses
This is an awesome blog. Really very informative and creative contents. This concept is a good way to enhance the knowledge. Thanks for sharing.
ExcelR business analytics course
Post a Comment