[Click] IPsec on Click 1.8 leads system crashes

ahmed A. amego83 at gmail.com
Fri Aug 12 12:57:25 EDT 2011 

Hi Dimitirs,

I tried to use RadixIPsecLookup  to include the required keys as follow :

rt::RadixIPsecLookup(10.0.2.0/24 10.0.2.1 0,
                                10.0.1.0/24 10.0.1.250 1 234
ABCDEFFF001DEFD2354550FE40CD708E 112233EE556677888877665544332211 300 64);

>
>
> pd00 :: PollDevice(eth5, PROMISC true) -> Strip(14) ->
>
> CheckIPHeader(INTERFACES 10.0.1.0/24)
>      -> [0]rt;
>
> rt[1] -> IPsecESPEncap()
>
> -> IPsecAuthHMACSHA1(0)
> -> IPsecAES(1)
> -> IPsecEncap(50)
> -> EtherEncap(0x0800,1:1:1:1:1:1,2:2:2:2:2:2) -> q00 :: CPUQueue(1000) ->
> counte
> r00 :: AverageCounter() -> td00 :: ToDevice(eth4);
> StaticThreadSched(pd00 0, td00 0);
> Idle -> ToDevice(eth5);
> rt[0]-> Discard;

But I got the follwoing error message :
ahmed/aes.click:2: While configuring 'rt :: RadixIPsecLookup':
  argument 2 should be 'ADDR/MASK [GATEWAY] OUTPUT'
Router could not be initialized!

I used the same syntax in the example. Do I miss something here ?

Thanks and Regards,
Ahmed

On Fri, Aug 12, 2011 at 6:52 PM, ahmed A. <amego83 at gmail.com> wrote:

> Hi Dimitirs,
>
> I tried to use RadixIPsecLookup  to include the required keys as follow :
>
> rt::RadixIPsecLookup(10.0.2.0/24 10.0.2.1 0,
> 10.0.1.0/24 10.0.1.250 1 234 ABCDEFF
> F001DEFD2354550FE40CD708E 112233EE556677888877665544332211 300 64);
>
> //pd00 :: FromDevice(eth5, PROMISC true) -> Strip(14) ->
> pd00 :: PollDevice(eth5, PROMISC true) -> Strip(14) ->
> //sisa0 :: SetIPsecAnno(234, ABCDEFFF001DEFD2, 112233EE55667788, 300, 64)
> CheckIPHeader(INTERFACES 10.0.1.0/24)
>      -> [0]rt;
>
> rt[1] -> IPsecESPEncap()
>
> -> IPsecAuthHMACSHA1(0)
> -> IPsecAES(1)
> -> IPsecEncap(50)
> -> EtherEncap(0x0800,1:1:1:1:1:1,2:2:2:2:2:2) -> q00 :: CPUQueue(1000) ->
> counte
> r00 :: AverageCounter() -> td00 :: ToDevice(eth4);
> StaticThreadSched(pd00 0, td00 0);
> Idle -> ToDevice(eth5);
> rt[0]-> Discard;
>
> On Fri, Aug 5, 2011 at 9:01 AM, Dimitris Syrivelis <jsyr at inf.uth.gr>wrote:
>
>> Hi,
>>
>> There is a .click  example file on IPsec:
>>   http://www.read.cs.ucla.edu/click/examples/simple-ipsec.click
>> There is also a small documentation on how it is implemented:
>>   http://www.read.cs.ucla.edu/click/docs/ipsec-doc
>>
>>  In your config I see that your get raw ethernet frames from
>> device and you attempt to directly encrypt them. IPsec implements
>> layer 3 secure tunnels between gateways with agreed keys. You
>> need RadixIPsecLookup in your flow to define keys and tunnel
>> end points.
>> A guess about your crashing is that since in your encryption key
>> tuples do not exist (they are defined in RadixIPsecLookup), the
>> IPsecElements
>> fail to retrieve a valid tuple
>> pointer from the annotation space, and this results in a segfault.
>>
>> Dimitris
>>
>>
>>
>> > You should provide the list with the console output to see where the
>> crash
>> > occurs.  One of the best ways is to setup a serial console and look
>> > at the logs
>> > on another machine to see where the crash occurs.
>> >
>> > Roman
>> >
>> > On Thu, 4 Aug 2011 16:33:15 +0200 "ahmed A." <amego83 at gmail.com> wrote
>> >
>> >> Hi,
>> >>
>> >> I am trying to run IPsec (just the encryption-side) with Click using a
>> >> simple configuration file, but as soon as I install  the configuration
>> file
>> >> and start receiving packets, my system crashes.
>> >> also, when I install the configuration file, I got the the following
>> warning
>> >> :
>> >>
>> >> # click-install ahmed/ipsec.click
>> >> ahmed/ipsec.click:7: While configuring 'IPsecEncap at 6 :: IPsecEncap':
>> >>   warning: IP header unaligned, cannot use fast IP checksum
>> >>   (Try passing the configuration through 'click-align'.)
>> >>
>> >> my configuration file is as follows:
>> >>
>> >> pd00 :: FromDevice(eth5, PROMISC true) -> Strip(14)
>> >> ->  IPsecESPEncap()
>> >> -> IPsecAuthHMACSHA1(0)
>> >> -> IPsecAES(1)
>> >> -> IPsecEncap(50)
>> >>
>> >> -> EtherEncap(0x0800,1:1:1:1:1:1,2:2:2:2:2:2) -> q00 :: CPUQueue(1000)
>> ->
>> >> counter00 :: AverageCounter() -> td00 :: ToDevice(eth4);
>> >>
>> >> StaticThreadSched(pd00 0, td00 0);
>> >>
>> >> Idle -> ToDevice(eth5);
>> >>
>> >>
>> >> I used click-align but I got the same system crashes too.
>> >>
>> >> If anyone can provide an example of how to use Click IPsec, that will
>> be
>> >> very useful for me. And any help or tips would be appreciated.
>> >>
>> >> Regards,
>> >> Ahmed
>> >> _______________________________________________
>> >> click mailing list
>> >> click at amsterdam.lcs.mit.edu
>> >> https://amsterdam.lcs.mit.edu/mailman/listinfo/click
>> >
>> >
>> > _______________________________________________
>> > click mailing list
>> > click at amsterdam.lcs.mit.edu
>> > https://amsterdam.lcs.mit.edu/mailman/listinfo/click
>> >
>>
>>
>> _______________________________________________
>> click mailing list
>> click at amsterdam.lcs.mit.edu
>> https://amsterdam.lcs.mit.edu/mailman/listinfo/click
>>
>
>

More information about the click mailing list