[Bug 234008] New: Package Capture doesn't capture packages sent thru IPSec tunnel.
https://bugzilla.novell.com/show_bug.cgi?id=234008 Summary: Package Capture doesn't capture packages sent thru IPSec tunnel. Product: openSUSE 10.2 Version: RC 5 Platform: i686 OS/Version: Linux Status: NEW Severity: Normal Priority: P5 - None Component: Kernel AssignedTo: kernel-maintainers@forge.provo.novell.com ReportedBy: eich@novell.com QAContact: qa@suse.de [This may not be a bug but it is sure annoying and complicates debugging network problems] Package capture (using tcpdump, wireshark (used to be ethereal)) doesn't capture packages when sent from the machine where IPSec tunnel is running before they are encrypted. Only the decrypted packages sent from the remote side are captured. For example a ping to shannon.suse.de prints only the 'echo reply' not the 'echo request': 12:45:31.162494 IP wlan-hermes.ipsec-nat-t > 195.135.221.4.ipsec-nat-t: UDP-enca p: ESP(spi=0xfe06d7a7,seq=0x59), length 132 12:45:31.220697 IP 195.135.221.4.ipsec-nat-t > wlan-hermes.ipsec-nat-t: UDP-enca p: ESP(spi=0xedd83a00,seq=0x5c), length 132 12:45:31.220697 IP 10.10.0.79 > 10.204.0.41: ICMP echo reply, id 16988, seq 50, length 64 12:45:32.162546 IP wlan-hermes.ipsec-nat-t > 195.135.221.4.ipsec-nat-t: UDP-enca p: ESP(spi=0xfe06d7a7,seq=0x5a), length 132 12:45:32.219746 IP 195.135.221.4.ipsec-nat-t > wlan-hermes.ipsec-nat-t: UDP-enca p: ESP(spi=0xedd83a00,seq=0x5d), length 132 12:45:32.219746 IP 10.10.0.79 > 10.204.0.41: ICMP echo reply, id 16988, seq 51, length 64 ... -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=234008 gregkh@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- AssignedTo|kernel- |perex@novell.com |maintainers@forge.provo.nove| |ll.com | -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=234008 perex@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- Severity|Normal |Enhancement ------- Comment #1 from perex@novell.com 2007-01-23 07:05 MST ------- See http://www.tcpdump.org/lists/workers/2004/10/msg00008.html or http://www.xelerance.com/talks/linuxtag2004/IPseconLinux.pdf . It's 2.6 kernel "design" bug. I just tried to setup a manual keyed communication with with two SL10.2 virtual machines (using xen) - 2.6.18.2-34 kernel. Only encrypted packets are visible using the pcap interface as expected: 14:52:26.968620 IP 192.168.222.1 > 192.168.222.2: AH(spi=0x00000200,seq=0x34c): ESP(spi=0x00000201,seq=0x34c), length 88 14:52:27.007593 IP 192.168.222.2 > 192.168.222.1: AH(spi=0x00000300,seq=0x2ee): ESP(spi=0x00000301,seq=0x2ee), length 88 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=234008 sndirsch@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |mhopf@novell.com, sndirsch@novell.com ------- Comment #2 from sndirsch@novell.com 2007-05-12 04:42 MST ------- JFYI, Matthias. This is a bugreport, which is assigned to Egbert/me or with Egbert/me in CC or reported by Egbert/me. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=234008 Jiri Kosina <jkosina@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- AssignedTo|jkosina@novell.com |jbohac@novell.com -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=234008 User jbohac@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=234008#c4 Jiri Bohac <jbohac@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |WONTFIX --- Comment #4 from Jiri Bohac <jbohac@novell.com> 2008-01-02 09:51:46 MST --- The ipsec stack was designed this way. I currently don't have time to investigate what would have to be changed to see both the encrypted and decrypted packets. WONTFIX, sorry. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com