Hello,
After Spending some time in debugging I have found that XfrmInStateModeError is happening i my case. Can anyone Guide to solve this issue in which case it might happen, from xfrm_input function I have seen that from
i> inner_mode->input(x, skb)
ii> xfrm_tunnel_check(skb, x, family)
these are returning XfrmInStateModeError .
Since I have ipv6 as original packet i.e. inner packet and outer packet is ipv4 then is there any address family causing any problem?
The rules are given below :
src 2100::1:abcd:0:0:1/128 dst ::/0 uid 0
dir fwd action allow index 5354 priority 0 ptype main share any flag (0x00000000)
lifetime config:
limit: soft (INF)(bytes), hard (INF)(bytes)
limit: soft (INF)(packets), hard (INF)(packets)
expire add: soft 0(sec), hard 0(sec)
expire use: soft 0(sec), hard 0(sec)
lifetime current:
0(bytes), 0(packets)
add 2015-06-08 20:19:11 use -
tmpl src 192.168.211.15 dst 192.168.211.173
proto esp spi 0x3716e81e(924248094) reqid 0(0x00000000) mode tunnel
level required share any
enc-mask ffffffff auth-mask ffffffff comp-mask ffffffff
src ::/0 dst 2100::1:abcd:0:0:1/128 uid 0
dir out action allow index 5361 priority 0 ptype main share any flag (0x00000000)
lifetime config:
limit: soft (INF)(bytes), hard (INF)(bytes)
limit: soft (INF)(packets), hard (INF)(packets)
expire add: soft 0(sec), hard 0(sec)
expire use: soft 0(sec), hard 0(sec)
lifetime current:
0(bytes), 0(packets)
add 2015-06-08 20:19:11 use -
tmpl src 192.168.211.173 dst 192.168.211.15
proto esp spi 0x1ac3b45d(449033309) reqid 0(0x00000000) mode tunnel
level required share any
enc-mask ffffffff auth-mask ffffffff comp-mask ffffffff
src 192.168.211.173 dst 192.168.211.15
proto esp spi 0x1ac3b45d(449033309) reqid 0(0x00000000) mode tunnel
replay-window 32 seq 0x00000000 flag (0x00000000)
auth-trunc hmac(sha1) 0x8e529e491be5a1aa2667c950ab3d4c3ef9f6002b (160 bits) 96
enc cbc(aes) 0x3f4fbdebe5a7e5e8185d9e16bd74125e (128 bits)
sel src 0.0.0.0/0 dst 0.0.0.0/0 uid 0
lifetime config:
limit: soft (INF)(bytes), hard (INF)(bytes)
limit: soft (INF)(packets), hard (INF)(packets)
expire add: soft 0(sec), hard 0(sec)
expire use: soft 0(sec), hard 0(sec)
lifetime current:
0(bytes), 0(packets)
add 2015-06-08 20:19:11 use -
stats:
replay-window 0 replay 0 failed 0
src 192.168.211.15 dst 192.168.211.173
proto esp spi 0x3716e81e(924248094) reqid 0(0x00000000) mode tunnel
replay-window 32 seq 0x00000000 flag (0x00000000)
auth-trunc hmac(sha1) 0x14b9396d63f06a18eebb0590323e434a056d3794 (160 bits) 96
enc cbc(aes) 0x3b953b629b55b47753cf6894f75bda6f (128 bits)
sel src 0.0.0.0/0 dst 0.0.0.0/0 uid 0
lifetime config:
limit: soft (INF)(bytes), hard (INF)(bytes)
limit: soft (INF)(packets), hard (INF)(packets)
expire add: soft 0(sec), hard 0(sec)
expire use: soft 0(sec), hard 0(sec)
lifetime current:
0(bytes), 0(packets)
add 2015-06-08 20:19:11 use -
stats:
replay-window 0 replay 0 failed 0
|