[Click] IPsec on Click 1.8 leads system crashes

Dimitris Syrivelis jsyr at inf.uth.gr
Fri Aug 5 03:01:42 EDT 2011 

Hi,

There is a .click  example file on IPsec:
   http://www.read.cs.ucla.edu/click/examples/simple-ipsec.click
There is also a small documentation on how it is implemented:
   http://www.read.cs.ucla.edu/click/docs/ipsec-doc

  In your config I see that your get raw ethernet frames from
device and you attempt to directly encrypt them. IPsec implements
layer 3 secure tunnels between gateways with agreed keys. You
need RadixIPsecLookup in your flow to define keys and tunnel
end points.
A guess about your crashing is that since in your encryption key
tuples do not exist (they are defined in RadixIPsecLookup), the IPsecElements
fail to retrieve a valid tuple
pointer from the annotation space, and this results in a segfault.

Dimitris



> You should provide the list with the console output to see where the crash
> occurs.  One of the best ways is to setup a serial console and look 
> at the logs
> on another machine to see where the crash occurs.
>
> Roman
>
> On Thu, 4 Aug 2011 16:33:15 +0200 "ahmed A." <amego83 at gmail.com> wrote
>
>> Hi,
>>
>> I am trying to run IPsec (just the encryption-side) with Click using a
>> simple configuration file, but as soon as I install  the configuration file
>> and start receiving packets, my system crashes.
>> also, when I install the configuration file, I got the the following warning
>> :
>>
>> # click-install ahmed/ipsec.click
>> ahmed/ipsec.click:7: While configuring 'IPsecEncap at 6 :: IPsecEncap':
>>   warning: IP header unaligned, cannot use fast IP checksum
>>   (Try passing the configuration through 'click-align'.)
>>
>> my configuration file is as follows:
>>
>> pd00 :: FromDevice(eth5, PROMISC true) -> Strip(14)
>> ->  IPsecESPEncap()
>> -> IPsecAuthHMACSHA1(0)
>> -> IPsecAES(1)
>> -> IPsecEncap(50)
>>
>> -> EtherEncap(0x0800,1:1:1:1:1:1,2:2:2:2:2:2) -> q00 :: CPUQueue(1000) ->
>> counter00 :: AverageCounter() -> td00 :: ToDevice(eth4);
>>
>> StaticThreadSched(pd00 0, td00 0);
>>
>> Idle -> ToDevice(eth5);
>>
>>
>> I used click-align but I got the same system crashes too.
>>
>> If anyone can provide an example of how to use Click IPsec, that will be
>> very useful for me. And any help or tips would be appreciated.
>>
>> Regards,
>> Ahmed
>> _______________________________________________
>> click mailing list
>> click at amsterdam.lcs.mit.edu
>> https://amsterdam.lcs.mit.edu/mailman/listinfo/click
>
>
> _______________________________________________
> click mailing list
> click at amsterdam.lcs.mit.edu
> https://amsterdam.lcs.mit.edu/mailman/listinfo/click
>

More information about the click mailing list