On 05/30/2011 05:21 AM, [email protected] wrote: > for certain cases > the responding virtual machine froze completely. >
> the error occurs for fragmented packets only (in my case, the IKE_AUTH Hi Daniel, IP reassembly is done in the Linux kernel, not by user space processes. Also, even if there was a bug in strongSwan, only strongSwan should crash and not the whole machine since strongSwan runs as a daemon in user space. If the Linux kernel had problems w/ IP reassembly, then this would be a severe bug since it would enable DoS attacks i.e. anybody on the Internet could bring down your system by sending these malicious IP packets. Answers to the following questions might help people debugging this issue: - With what version of the Linux kernel are you experiencing this issue? Did you try different versions? - What virtualization platform are you using? KVM, ESXi, etc. - Do you think it's possible that the virtualization infrastructure or some firewall is doing some kind of processing on the packet and that it's the virtualization platform that crashes. - What do you mean by "the machine froze"? Do you have console access to the machine? Is it not responding at all or do you only lose network access? -Daniel _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
