> 在 2016年7月19日,23:03,Ilan Tayari <il...@mellanox.com> 写道:
> 
>> On the receiving side (e.g. fd01:1b10:1000::1) I see the decrypted packets 
>> with
>> the 2.6.23 kernel:
>> but NOT with the newer kernel:
> 
> Hi Joerg,
> 
> First steps to debug this would be:
> cat /proc/net/xfrm_stat
> ip -s xfrm state
> ip -s xfrm policy
> 
> First command will show some error accounting, which can point to the culprit 
> code.
> Second and third command will show existing objects, and some statistics like 
> when the last packet was used with them.
> 
> Last thing - for your safety you should keep those session keys private.
> 
> Ilan.

Hi Joerg,

I think maybe you can try tcpdump -w to write the captured packets into a file
and use tools like Wireshark to analyze and see what is going wrong.   

Reply via email to