On Fri, Sep 22, 2006 at 03:29:48PM +0400, Evgeniy Polyakov ([EMAIL PROTECTED])
wrote:
> Hello.
>
> I've found strange behaviour of transport mode IPsec in 2.6.18 tree.
> After key daemons exchanged keys (I use racoon) I try following command
> on 2.6.18 machine: telnet 192.168.4.79 22 (telnet from 2.6.18 to 2.6.17 based
> one)
> and get very slow response, here is related tcpdump output:
>
> 15:15:47.396925 IP 192.168.4.78 > 192.168.4.79: ESP(spi=0x027181f9,seq=0x21),
> length 84
> 15:15:47.397391 IP 192.168.4.79 > 192.168.4.78: ESP(spi=0x0961a360,seq=0x18),
> length 84
> 15:15:47.397025 IP 192.168.4.78 > 192.168.4.79: ESP(spi=0x027181f9,seq=0x22),
> length 84
> 15:15:47.404166 IP 192.168.4.79.ssh > 192.168.4.78.47256: P
> 2541002438:2541002458(20) ack 1601271418 win 91
> 15:15:48.279375 IP 192.168.4.79.ssh > 192.168.4.78.47256: P 0:20(20) ack 1
> win 91
> 15:15:50.031487 IP 192.168.4.79.ssh > 192.168.4.78.47256: P 0:20(20) ack 1
> win 91
> 15:15:53.535710 IP 192.168.4.79.ssh > 192.168.4.78.47256: P 0:20(20) ack 1
> win 91
> 15:16:00.544154 IP 192.168.4.79.ssh > 192.168.4.78.47256: P 0:20(20) ack 1
> win 91
> 15:16:14.561064 IP 192.168.4.79 > 192.168.4.78: ESP(spi=0x0961a360,seq=0x19),
> length 100
> 15:16:14.561218 IP 192.168.4.78 > 192.168.4.79: ESP(spi=0x027181f9,seq=0x23),
> length 84
Here is setkey script used to setup communication:
#!/sbin/setkey -f
flush;
spdflush;
spdadd 192.168.4.79 192.168.4.78 any -P out ipsec
esp/transport//require;
spdadd 192.168.4.78 192.168.4.79 any -P in ipsec
esp/transport//require;
It has reverted addresses on second machine.
--
Evgeniy Polyakov
-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
