Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[VPP-1720] Policy based ipsec failing. #245

Open
vvalderrv opened this issue Jan 6, 2025 · 0 comments
Open

[VPP-1720] Policy based ipsec failing. #245

vvalderrv opened this issue Jan 6, 2025 · 0 comments

Comments

@vvalderrv
Copy link
Contributor

Recent changes on master to ipsec (post stable/1904) seem to have broken policy based ipsec. This configuration/test-case works in 1904.

A ping is done from node1 (host: src 192.168.30.166) to node2 (vpp 192.168.32.67) which should be encapsulated in ipsec based on the policy attached to the interface.

Below is a backtrace which also includes some clib_warning output I added to the source. It seems like the packet maybe is getting looped back into the ipsec encap path multiple times until it runs out of pre-buffer space.

 

Jul 09 13:46:02 dpdk2 vnet[2968]: ipsec_output_inline:223: ipsec_output_inline: START: packet received current_data 0 -pre_data_size -128
Jul 09 13:46:02 dpdk2 vnet[2968]: ipsec_output_inline:231: ipsec_output_inline: packet received from 192.168.30.166 to 192.168.32.67
Jul 09 13:46:02 dpdk2 vnet[2968]: ipsec_output_inline:234: ipsec_output_inline: last_sw_if_index 4294967295 sw_if_index0 4
Jul 09 13:46:02 dpdk2 vnet[2968]: ipsec_output_inline:245: ipsec_output_inline: p 0
Jul 09 13:46:02 dpdk2 vnet[2968]: ipsec_output_inline:281: packet received from 192.168.30.166 to 192.168.32.67 port 33505
Jul 09 13:46:02 dpdk2 vnet[2968]: ipsec_output_inline:283: sw_if_index0 4 spd_index0 0 spd_id 1
Jul 09 13:46:02 dpdk2 vnet[2968]: ipsec_output_inline:399: ipsec_output_inline: END next_node_index dpdk-esp4-encrypt (197)
Jul 09 13:46:02 dpdk2 vnet[2968]: ipsec_output_inline:223: ipsec_output_inline: START: packet received current_data -44 -pre_data_size -128
Jul 09 13:46:02 dpdk2 vnet[2968]: ipsec_output_inline:231: ipsec_output_inline: packet received from 192.168.25.66 to 192.168.25.67
Jul 09 13:46:02 dpdk2 vnet[2968]: ipsec_output_inline:234: ipsec_output_inline: last_sw_if_index 4294967295 sw_if_index0 4
Jul 09 13:46:02 dpdk2 vnet[2968]: ipsec_output_inline:245: ipsec_output_inline: p 0
Jul 09 13:46:02 dpdk2 vnet[2968]: ipsec_output_inline:281: packet received from 192.168.25.66 to 192.168.25.67 port 2030
Jul 09 13:46:02 dpdk2 vnet[2968]: ipsec_output_inline:283: sw_if_index0 4 spd_index0 0 spd_id 1
Jul 09 13:46:02 dpdk2 vnet[2968]: ipsec_output_inline:399: ipsec_output_inline: END next_node_index dpdk-esp4-encrypt (197)
Jul 09 13:46:02 dpdk2 vnet[2968]: ipsec_output_inline:223: ipsec_output_inline: START: packet received current_data -88 -pre_data_size -128
Jul 09 13:46:02 dpdk2 vnet[2968]: ipsec_output_inline:231: ipsec_output_inline: packet received from 192.168.25.66 to 192.168.25.67
Jul 09 13:46:02 dpdk2 vnet[2968]: ipsec_output_inline:234: ipsec_output_inline: last_sw_if_index 4294967295 sw_if_index0 4
Jul 09 13:46:02 dpdk2 vnet[2968]: ipsec_output_inline:245: ipsec_output_inline: p 0
Jul 09 13:46:02 dpdk2 vnet[2968]: ipsec_output_inline:281: packet received from 192.168.25.66 to 192.168.25.67 port 2030
Jul 09 13:46:02 dpdk2 vnet[2968]: ipsec_output_inline:283: sw_if_index0 4 spd_index0 0 spd_id 1
Jul 09 13:46:02 dpdk2 vnet[2968]: ipsec_output_inline:399: ipsec_output_inline: END next_node_index dpdk-esp4-encrypt (197)
Jul 09 13:46:02 dpdk2 vnet[2968]: ipsec_output_inline:223: ipsec_output_inline: START: packet received current_data -132 -pre_data_size -128
Jul 09 13:46:02 dpdk2 vnet[2968]: /home/chopps/net/w/vpp/src/vlib/buffer.h:232 (vlib_buffer_get_current) assertion `(signed) b->current_data >= (signed) -VLIB_BUFFER_PRE_DATA_SIZE' fails
Jul 09 13:46:02 dpdk2 vnet[2968]: received signal SIGABRT, PC 0x7fcaf32cee97
Jul 09 13:46:02 dpdk2 vnet[2968]: #0 0x00007fcaf3c98c73 unix_signal_handler + 0x25b
Jul 09 13:46:02 dpdk2 vnet[2968]: #1 0x00007fcaf39a6890 0x7fcaf39a6890
Jul 09 13:46:02 dpdk2 vnet[2968]: #2 0x00007fcaf32cee97 gsignal + 0xc7
Jul 09 13:46:02 dpdk2 vnet[2968]: #3 0x00007fcaf32d0801 abort + 0x141
Jul 09 13:46:02 dpdk2 vnet[2968]: #4 0x00005647559dd05d 0x5647559dd05d
Jul 09 13:46:02 dpdk2 vnet[2968]: #5 0x00007fcaf36b4d53 debugger + 0x9
Jul 09 13:46:02 dpdk2 vnet[2968]: #6 0x00007fcaf36b5122 _clib_error + 0x2c0
Jul 09 13:46:02 dpdk2 vnet[2968]: #7 0x00007fcaf48ad611 vlib_buffer_get_current + 0x56
Jul 09 13:46:02 dpdk2 vnet[2968]: #8 0x00007fcaf48aec70 ipsec_output_inline + 0x221
Jul 09 13:46:02 dpdk2 vnet[2968]: #9 0x00007fcaf48af995 ipsec4_output_node_fn + 0x2d
Jul 09 13:46:02 dpdk2 vnet[2968]: #10 0x00007fcaf3c3138c dispatch_node + 0x328
Jul 09 13:46:02 dpdk2 vnet[2968]: #11 0x00007fcaf3c31b44 dispatch_pending_node + 0x363
Jul 09 13:46:02 dpdk2 vnet[2968]: #12 0x00007fcaf3c337c4 vlib_main_or_worker_loop + 0xa31
Jul 09 13:46:02 dpdk2 vnet[2968]: #13 0x00007fcaf3c34027 vlib_main_loop + 0x1d
Jul 09 13:46:02 dpdk2 vnet[2968]: #14 0x00007fcaf3c34c3e vlib_main + 0x931

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant