OpenWrt/LEDE Project

  • Status Unconfirmed
  • Percent Complete
    0%
  • Task Type Bug Report
  • Category Kernel
  • Assigned To No-one
  • Operating System All
  • Severity High
  • Priority Very Low
  • Reported Version openwrt-19.07
  • Due in Version Undecided
  • Due Date Undecided
  • Private
Attached to Project: OpenWrt/LEDE Project
Opened by Thermi - 06.06.2020

FS#3154 - XFRM state insert failure with AES-GCM

Supply the following if possible:
- Device problem occurs on
- Software versions of OpenWrt/LEDE release, packages, etc.
- Steps to reproduce

 

X86_64 arch, kernel fails to insert XFRM states with AES-GCM as transform.
Testable with
ip x s add proto esp dst 14.0.0.70 src 14.0.0.52 spi 0×07 mode transport reqid 0×07 replay-window 32 aead ‘rfc4106(gcm(aes))’ 0x44434241343332312423222114131211f4f3f2f1 128 sel src 14.0.0.52/24 dst 14.0.0.70/24 proto tcp

Works on Arch.
Result on X86_64 OpenWRT 19.07.3:
RTNETLINK answers: No such file or directory

On Arch 5.6.15-arch1-1, works (no output, ip x s shows the state).
Also fails 100% of the time when tested using an IKE keying daemon, e.g. strongSwan

Thermi commented on 06.06.2020 12:50

I received confirmation that this also pertains trunk, kernel 5.4.43

John Marrett commented on 08.06.2020 13:29

I have tested with the mips architecture on a TP-LINK TL-WR842N/ND v2 and I can insert the xfrm, the issue appears to be x86 specific.

Loading...

Available keyboard shortcuts

Tasklist

Task Details

Task Editing