Shanker, as you suggested I have captured the ESP packets for 2.6.23, 3.6.18 and 4.6.4. The capture took place on the sending interface. I can't see anything suspicious in any of the three captures.
Regards Joerg > -----Ursprüngliche Nachricht----- > Von: Shanker Wang [mailto:shankerwangm...@gmail.com] > Gesendet: Mittwoch, 20. Juli 2016 09:28 > An: Pommnitz Jörg > Cc: Ilan Tayari; netdev@vger.kernel.org > Betreff: Re: IPv6 IPSec incompatibilities between 2.6.23 and 3.6.18 (and > probably later) > > > > 在 2016年7月19日,23:03,Ilan Tayari <il...@mellanox.com> 写道: > > > >> On the receiving side (e.g. fd01:1b10:1000::1) I see the decrypted > >> packets with the 2.6.23 kernel: > >> but NOT with the newer kernel: > > > > Hi Joerg, > > > > First steps to debug this would be: > > cat /proc/net/xfrm_stat > > ip -s xfrm state > > ip -s xfrm policy > > > > First command will show some error accounting, which can point to the > culprit code. > > Second and third command will show existing objects, and some statistics > like when the last packet was used with them. > > > > Last thing - for your safety you should keep those session keys private. > > > > Ilan. > > Hi Joerg, > > I think maybe you can try tcpdump -w to write the captured packets into a > file > and use tools like Wireshark to analyze and see what is going wrong. ________________________________ Industrieanlagen-Betriebsgesellschaft mbH Sitz der Gesellschaft: Ottobrunn, Registergericht: Amtsgericht München, HRB 5499 Geschäftsführung: Prof. Dr.-Ing. Rudolf F. Schwarz Vorsitzender des Aufsichtsrats: RA Engelbert Kupka MdL a.D.
outgoing-lan1-4.6.4.pcap
Description: outgoing-lan1-4.6.4.pcap
outgoing-lan1-2.6.23.pcap
Description: outgoing-lan1-2.6.23.pcap
outgoing-lan1-3.6.18.pcap
Description: outgoing-lan1-3.6.18.pcap
