HIPL

  1. Bug #1554072
  2. Comment #4

Comment 4 for bug 1554072

Revision history for this message
Miika Komu (miika-iki) wrote :

If I fix the compilation problem by making the ipq member a pointer in scratch_buffer, it fails as follows:

debug(hipfw/hipfw.c:1980@hipfw_main): received IPv4 packet from iptables queue
debug(hipfw/hipfw.c:1632@fw_handle_packet): Entering netfilter callback for IPv4
debug(hipfw/hipfw.c:1396@fw_init_context): ip_hdr_len is: 20
debug(hipfw/hipfw.c:1397@fw_init_context): total length: 72
debug(hipfw/hipfw.c:1398@fw_init_context): ttl: 64
debug(hipfw/hipfw.c:1399@fw_init_context): packet length (ipq): 72
debug(hipfw/hipfw.c:1405@fw_init_context): packet src: 172.17.0.2
debug(hipfw/hipfw.c:1406@fw_init_context): packet dst: 172.17.0.1
debug(hipfw/hipfw.c:1408@fw_init_context): IPv4 next header protocol number is 17
debug(hipfw/hipfw.c:1510@fw_init_context): UDP header size is 8 (in header: 52)
debug(hipfw/hipfw.c:1511@fw_init_context): UDP src port: 10500
debug(hipfw/hipfw.c:1512@fw_init_context): UDP dst port: 10500
debug(hipfw/hipfw.c:1525@fw_init_context): zero_bytes: 0x00000000
debug(hipfw/hipfw.c:1531@fw_init_context): Zero SPI found
debug(hipfw/hipfw.c:1554@fw_init_context): UDP encapsulated HIP control packet
debug(hipfw/hipfw.c:1640@fw_handle_packet): packet hook=1, packet type=1
debug(hipfw/hipfw.c:902@filter_hip):
debug(hipfw/hipfw.c:907@filter_hip): The list of rules is empty!!!???
debug(hipfw/hipfw.c:910@filter_hip): HIP type number is 1
info(hipfw/hipfw.c:914@filter_hip): received packet type: I1
info(hipfw/hipfw.c:952@filter_hip): src hit: 2001:0017:03b4:b5cc:bad2:26e7:0eb2:8198
info(hipfw/hipfw.c:953@filter_hip): dst hit: 2001:001b:b6ae:fca7:3d97:0ff1:e489:5f83
info(hipfw/hipfw.c:954@filter_hip): src ip: 172.17.0.2
info(hipfw/hipfw.c:955@filter_hip): dst ip: 172.17.0.1
debug(hipfw/hipfw.c:1060@filter_hip): falling back to default HIP/ESP behavior, target 1
debug(hipfw/conntrack.c:2065@get_tuple_by_hits): get_tuple_by_hits: no connection found
debug(hipfw/conntrack.c:294@get_tuple_by_hip): get_tuple_by_hip: no connection found
debug(hipfw/conntrack.c:1736@check_packet): check packet: type 1
debug(hipfw/dlist.c:137@append_to_list): List is empty inserting first node
debug(hipfw/dlist.c:133@append_to_list): List is not empty. Length 1
debug(hipfw/conntrack.c:2059@get_tuple_by_hits): connection found,
debug(hipfw/conntrack.c:1791@check_packet): udp_encap_hdr=0x7fff63f2bb7c tuple=(nil) err=1
debug(hipfw/hipfw.c:1653@fw_handle_packet): === Verdict: allow packet ===
debug(hipfw/hipfw.c:1600@allow_packet): Packet accepted

debug(hipfw/hipfw.c:1980@hipfw_main): received IPv4 packet from iptables queue
debug(hipfw/hipfw.c:1632@fw_handle_packet): Entering netfilter callback for IPv4
debug(hipfw/hipfw.c:1396@fw_init_context): ip_hdr_len is: 20
debug(hipfw/hipfw.c:1397@fw_init_context): total length: 672
debug(hipfw/hipfw.c:1398@fw_init_context): ttl: 64
debug(hipfw/hipfw.c:1399@fw_init_context): packet length (ipq): 672
debug(hipfw/hipfw.c:1405@fw_init_context): packet src: 172.17.0.1
debug(hipfw/hipfw.c:1406@fw_init_context): packet dst: 172.17.0.2
debug(hipfw/hipfw.c:1408@fw_init_context): IPv4 next header protocol number is 17
debug(hipfw/hipfw.c:1510@fw_init_context): UDP header size is 8 (in header: 652)
debug(hipfw/hipfw.c:1511@fw_init_context): UDP src port: 10500
debug(hipfw/hipfw.c:1512@fw_init_context): UDP dst port: 10500
debug(hipfw/hipfw.c:1525@fw_init_context): zero_bytes: 0x00000000
debug(hipfw/hipfw.c:1531@fw_init_context): Zero SPI found
debug(hipfw/hipfw.c:1554@fw_init_context): UDP encapsulated HIP control packet
debug(hipfw/hipfw.c:1640@fw_handle_packet): packet hook=3, packet type=1
debug(hipfw/hipfw.c:902@filter_hip):
debug(hipfw/hipfw.c:907@filter_hip): The list of rules is empty!!!???
debug(hipfw/hipfw.c:910@filter_hip): HIP type number is 2
info(hipfw/hipfw.c:918@filter_hip): received packet type: R1
info(hipfw/hipfw.c:952@filter_hip): src hit: 2001:001b:b6ae:fca7:3d97:0ff1:e489:5f83
info(hipfw/hipfw.c:953@filter_hip): dst hit: 2001:0017:03b4:b5cc:bad2:26e7:0eb2:8198
info(hipfw/hipfw.c:954@filter_hip): src ip: 172.17.0.1
info(hipfw/hipfw.c:955@filter_hip): dst ip: 172.17.0.2
debug(hipfw/hipfw.c:1060@filter_hip): falling back to default HIP/ESP behavior, target 1
debug(hipfw/conntrack.c:2059@get_tuple_by_hits): connection found,
debug(hipfw/conntrack.c:1736@check_packet): check packet: type 2
info(hipfw/conntrack.c:1065@fw_verify_and_store_host_id): HI -> HIT mapping verified
info(hipfw/conntrack.c:1030@fw_verify_packet): Signature successfully verified
debug(hipfw/conntrack.c:1791@check_packet): udp_encap_hdr=0x6adb9c tuple=0xa3ec60 err=1
debug(hipfw/conntrack.c:1797@check_packet): UDP src port 10500
debug(hipfw/conntrack.c:1798@check_packet): UDP dst port 10500
debug(hipfw/hipfw.c:1656@fw_handle_packet): === Verdict: allow modified packet ===
debug(hipfw/rewrite.c:382@allow_modified_packet): Packet accepted with modifications

debug(hipfw/hipfw.c:1980@hipfw_main): received IPv4 packet from iptables queue
debug(hipfw/hipfw.c:1632@fw_handle_packet): Entering netfilter callback for IPv4
debug(hipfw/hipfw.c:1396@fw_init_context): ip_hdr_len is: 20
debug(hipfw/hipfw.c:1397@fw_init_context): total length: 688
debug(hipfw/hipfw.c:1398@fw_init_context): ttl: 64
debug(hipfw/hipfw.c:1399@fw_init_context): packet length (ipq): 688
debug(hipfw/hipfw.c:1405@fw_init_context): packet src: 172.17.0.2
debug(hipfw/hipfw.c:1406@fw_init_context): packet dst: 172.17.0.1
debug(hipfw/hipfw.c:1408@fw_init_context): IPv4 next header protocol number is 17
debug(hipfw/hipfw.c:1510@fw_init_context): UDP header size is 8 (in header: 668)
debug(hipfw/hipfw.c:1511@fw_init_context): UDP src port: 10500
debug(hipfw/hipfw.c:1512@fw_init_context): UDP dst port: 10500
debug(hipfw/hipfw.c:1525@fw_init_context): zero_bytes: 0x00000000
debug(hipfw/hipfw.c:1531@fw_init_context): Zero SPI found
debug(hipfw/hipfw.c:1554@fw_init_context): UDP encapsulated HIP control packet
debug(hipfw/hipfw.c:1640@fw_handle_packet): packet hook=1, packet type=1
debug(hipfw/hipfw.c:902@filter_hip):
debug(hipfw/hipfw.c:907@filter_hip): The list of rules is empty!!!???
debug(hipfw/hipfw.c:910@filter_hip): HIP type number is 3
info(hipfw/hipfw.c:922@filter_hip): received packet type: I2
info(hipfw/hipfw.c:952@filter_hip): src hit: 2001:0017:03b4:b5cc:bad2:26e7:0eb2:8198
info(hipfw/hipfw.c:953@filter_hip): dst hit: 2001:001b:b6ae:fca7:3d97:0ff1:e489:5f83
info(hipfw/hipfw.c:954@filter_hip): src ip: 172.17.0.2
info(hipfw/hipfw.c:955@filter_hip): dst ip: 172.17.0.1
debug(hipfw/hipfw.c:1060@filter_hip): falling back to default HIP/ESP behavior, target 1
debug(hipfw/conntrack.c:2059@get_tuple_by_hits): connection found,
debug(hipfw/conntrack.c:1736@check_packet): check packet: type 3
debug(hipfw/midauth.c:345@hipfw_midauth_verify_challenge): Correct CHALLENGE_RESPONSE found
info(hipfw/conntrack.c:1065@fw_verify_and_store_host_id): HI -> HIT mapping verified
info(hipfw/conntrack.c:1030@fw_verify_packet): Signature successfully verified
debug(hipfw/conntrack.c:310@get_esp_address): Looking for entry with addr: : 172.17.0.2
debug(hipfw/conntrack.c:328@get_esp_address): no matching entry found
debug(hipfw/conntrack.c:508@update_esp_address): address: ::ffff:172.17.0.2
debug(hipfw/dlist.c:137@append_to_list): List is empty inserting first node
die(hipfw/rewrite.c:192@hip_fw_context_enable_write): assertion failed

(Note: it fails on the line that says "// second invocation")