[support] Destination unreachable from HA on BU???

manish Jamwal manish.jamwal at gmail.com
Wed Mar 25 02:22:05 JST 2009 

Hi

The xfrm policy for BU is set in kernel from mip6d code. You can see the
policy by below command
           # ip xfrm policy show
                     src ::/0 dst ::/0 proto 135 sport 5
                     dir in priority 9
                     tmpl    src :: dst ::
                     proto ipv6-opts spi 0x00000000 reqid 0 mode 2
                     level use

Read this pdf, it will help u understand xfrm architecture better.

http://ols.fedoraproject.org/OLS/Reprints-2006/schopp-reprint.pdf

Regards
Manish Jamwal

On Tue, Mar 24, 2009 at 10:01 PM, Mattias Blomqvist <
mattias.blomqvist at gmail.com> wrote:

> Hi
>
> I've done some more research.
>
> I can't get it to work with either of the mip6d from nautilus6.org or
> from natisbad.org on either debian 4.0 or debian 5.0 with a variety of
> kernels. I'm currently on debian 5.0 and kernel 2.6.29. The kernel is
> before compiling checked with set_mip6_ipsec_fw_kernel_options.sh from
> natisbad.org to make sure all the correct options are set.
> Kernel 2.6.29 doesn't send destination unreachable as a patched 2.6.24 did.
>
> I'm currently investigating the xfrm setup and I have a question. A HA
> does both xfrm_ha_init() and xfrm_cn_init(). xfrm_ha_init() only sets
> up ipsec which I have turned off. xfrm_cn_init() says in its comments:
>        /* Create policy for all BUs with home flag NOT set to
>           use home address option */
>
> So where is the xfrm policy for BUs with home flag set ? Or isn't that
> policy needed for the HA?
>
> Just trying to understand things...
>
> Would it be a good or bad idea to cross-post this to usagi-users?
>
> BR,
> Mattias Blomqvist
>
> On Mon, Mar 23, 2009 at 11:44 PM, Romain KUNTZ <kuntz at lsiit.u-strasbg.fr>
> wrote:
> > Hi Mattias,
> >
> > On 2009/03/23, at 15:02, Mattias Blomqvist wrote:
> >> libc6 is standard debian 5.0 which is 2.7-18 (afaik).
> >> I also came to think of libc problems so I recompiled from the source
> >> package from nautilus6 but with exactly the same result.
> >>
> >> I've tracked the issue down to mh_recv() in mh_listen() in mh.c never
> >> returning any data. This in turn is because recvmsg() in mh_recv()
> >> never returns any data.
> >> This seems to be in line with the destination unreachable being sent.
> >> It seems like the kernel or some lib doesn't think that any process is
> >> interested in the BU.
> >
> > I don't have any clue so far, but if you happen to find the cause of
> > the problem and/or a solution, please advertise it on this list and
> > I'll add an entry in the howto FAQ.
> >
> > Cheers,
> > romain
> >
> >
> >> On Mon, Mar 23, 2009 at 2:17 PM, Romain KUNTZ <kuntz at lsiit.u-strasbg.fr
> >> > wrote:
> >>> Seems also OK to me. That is odd, it's the first time I hear about
> >>> such
> >>> issue.
> >>> I've got the sane configuration here (2.6.24-1 kernel & mip6d from
> >>> nautilus6) running fine.
> >>>
> >>> Which libc6 version are you using? Mine is 2.7-18.
> >>>
> >>> Cheers,
> >>> romain
> >>>
> >>> On 2009/03/23, at 13:18, Mattias Blomqvist wrote:
> >>>
> >>>> Hi,
> >>>>
> >>>> Good question. Missed that one. It says the following with mip6d and
> >>>> radvd running:
> >>>>
> >>>> HA:~# netstat -6 -a
> >>>> Active Internet connections (servers and established)
> >>>> Proto Recv-Q Send-Q Local Address           Foreign
> >>>> Address         State
> >>>> tcp6       0      0 localhost:7777
> >>>> [::]:*                  LISTEN
> >>>> tcp6       0      0 [::]:ssh
> >>>> [::]:*                  LISTEN
> >>>> tcp6       0      0 localhost:6010
> >>>> [::]:*                  LISTEN
> >>>> raw6       0      0 [::]:ipv6-icmp
> >>>> [::]:*                  7
> >>>> raw6       0      0 [::]:ipv6-icmp
> >>>> [::]:*                  7
> >>>> raw6       0      0 [::]:135
> >>>> [::]:*                  7
> >>>>
> >>>> After stopping mip6d and radvd it says:
> >>>> HA:~# netstat -6 -a
> >>>> Active Internet connections (servers and established)
> >>>> Proto Recv-Q Send-Q Local Address           Foreign
> >>>> Address         State
> >>>> tcp6       0      0 [::]:ssh
> >>>> [::]:*                  LISTEN
> >>>> tcp6       0      0 localhost:6010
> >>>> [::]:*                  LISTEN
> >>>>
> >>>>
> >>>> Looks ok to me. Or?
> >>>>
> >>>> BR,
> >>>> Mattias
> >>>>
> >>>> On Mon, Mar 23, 2009 at 1:06 PM, Romain KUNTZ <
> kuntz at lsiit.u-strasbg.fr
> >>>> >
> >>>> wrote:
> >>>>>
> >>>>> Hi,
> >>>>>
> >>>>> What does netstat tells you?
> >>>>>
> >>>>> Cheers,
> >>>>> romain
> >>>>>
> >>>>> On 2009/03/23, at 11:26, Mattias Blomqvist wrote:
> >>>>>
> >>>>>> Hello
> >>>>>>
> >>>>>> I'm getting destination unreachable icmp errors with code set to
> >>>>>> "port
> >>>>>> unreachable" (4) from the HA with mip6d running (and without of
> >>>>>> course).
> >>>>>> This is under Debian 5.0 but with the kernel and mip6d from
> >>>>>> nautilus6.org.
> >>>>>>
> >>>>>> HA:~# uname -a
> >>>>>> Linux HA 2.6.24-1-mip6-686 #1 SMP Tue Feb 26 03:20:31 UTC 2008
> >>>>>> i686
> >>>>>> GNU/Linux
> >>>>>>
> >>>>>> If I run mip6d in the foreground it says the following:
> >>>>>> HA:~# mip6d
> >>>>>> mip6d[2497]: MIPL Mobile IPv6 for Linux v2.0.2-umip-0.4 started
> >>>>>> (Home
> >>>>>> Agent)
> >>>>>> Mon Mar 23 11:41:16 main: MIPL Mobile IPv6 for Linux started in
> >>>>>> debug
> >>>>>> mode, not detaching from terminal
> >>>>>> Mon Mar 23 11:41:16 conf_show: config_file = /etc/mip6d.conf
> >>>>>> Mon Mar 23 11:41:16 conf_show: vt_hostname = localhost
> >>>>>> Mon Mar 23 11:41:16 conf_show: vt_service = 7777
> >>>>>> Mon Mar 23 11:41:16 conf_show: mip6_entity = 2
> >>>>>> Mon Mar 23 11:41:16 conf_show: debug_level = 10
> >>>>>> Mon Mar 23 11:41:16 conf_show: debug_log_file = stderr
> >>>>>> Mon Mar 23 11:41:16 conf_show: PolicyModulePath = [internal]
> >>>>>> Mon Mar 23 11:41:16 conf_show: DefaultBindingAclPolicy = 0
> >>>>>> Mon Mar 23 11:41:16 conf_show: NonVolatileBindingCache = disabled
> >>>>>> Mon Mar 23 11:41:16 conf_show: KeyMngMobCapability = disabled
> >>>>>> Mon Mar 23 11:41:16 conf_show: UseMnHaIPsec = disabled
> >>>>>> Mon Mar 23 11:41:16 conf_show: MnMaxHaBindingLife = 262140
> >>>>>> Mon Mar 23 11:41:16 conf_show: MnMaxCnBindingLife = 420
> >>>>>> Mon Mar 23 11:41:16 conf_show: MnRouterProbes = 0
> >>>>>> Mon Mar 23 11:41:16 conf_show: MnRouterProbeTimeout = 0.000000
> >>>>>> Mon Mar 23 11:41:16 conf_show: InitialBindackTimeoutFirstReg =
> >>>>>> 1.500000
> >>>>>> Mon Mar 23 11:41:16 conf_show: InitialBindackTimeoutReReg =
> >>>>>> 1.000000
> >>>>>> Mon Mar 23 11:41:16 conf_show: UseCnBuAck = disabled
> >>>>>> Mon Mar 23 11:41:16 conf_show: DoRouteOptimizationMN = enabled
> >>>>>> Mon Mar 23 11:41:16 conf_show: MnUseAllInterfaces = disabled
> >>>>>> Mon Mar 23 11:41:16 conf_show: MnDiscardHaParamProb = disabled
> >>>>>> Mon Mar 23 11:41:16 conf_show: SendMobPfxSols = enabled
> >>>>>> Mon Mar 23 11:41:16 conf_show: OptimisticHandoff = disabled
> >>>>>> Mon Mar 23 11:41:16 conf_show: MobRtrUseExplicitMode = enabled
> >>>>>> Mon Mar 23 11:41:16 conf_show: SendMobPfxAdvs = enabled
> >>>>>> Mon Mar 23 11:41:16 conf_show: SendUnsolMobPfxAdvs = enabled
> >>>>>> Mon Mar 23 11:41:16 conf_show: MaxMobPfxAdvInterval = 86400
> >>>>>> Mon Mar 23 11:41:16 conf_show: MinMobPfxAdvInterval = 600
> >>>>>> Mon Mar 23 11:41:16 conf_show: HaMaxBindingLife = 262140
> >>>>>> Mon Mar 23 11:41:16 conf_show: HaAcceptMobRtr = disabled
> >>>>>> Mon Mar 23 11:41:16 conf_show: DoRouteOptimizationCN = disabled
> >>>>>> Mon Mar 23 11:41:16 xfrm_cn_init: Adding policies and states for
> >>>>>> CN
> >>>>>> Mon Mar 23 11:41:16 xfrm_ha_init: Adding policies and states for
> >>>>>> HA
> >>>>>> Mon Mar 23 11:41:16 ha_if_addr_setup: Joined anycast group
> >>>>>> 2a03:a0a:ffff:ffff:ffff:ffff:ffff:fffe on iface 3
> >>>>>>
> >>>>>>
> >>>>>> iface 3 is correct since:
> >>>>>> HA:~# ip link
> >>>>>> ........
> >>>>>> 3: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc
> >>>>>> pfifo_fast
> >>>>>> state UNKNOWN qlen 1000
> >>>>>>  link/ether 08:00:27:99:49:45 brd ff:ff:ff:ff:ff:ff
> >>>>>>
> >>>>>> tcpdump on HA gives:
> >>>>>> HA:~# tcpdump -vvv -i eth0 -s 200 host yyyy:yyyy::1
> >>>>>> tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture
> >>>>>> size
> >>>>>> 200
> >>>>>> bytes
> >>>>>>
> >>>>>> 11:50:33.221717 IP6 (hlim 64, next-header IPv6 (41) payload
> >>>>>> length:
> >>>>>> 72) xxxx:xxxx::13 > yyyy:yyyy::1: IP6 (hlim 64, next-header
> >>>>>> Mobility
> >>>>>> (135) payload length: 32) yyyy:yyyy:0:1300::1 > yyyy:yyyy::1:
> >>>>>> mobility: BU seq#=26817 AH lifetime=262140(padn)(alt-CoA:
> >>>>>> xxxx:xxxx::13)
> >>>>>>
> >>>>>> 11:50:33.319495 IP6 (hlim 64, next-header ICMPv6 (58) payload
> >>>>>> length:
> >>>>>> 120) yyyy:yyyy::1 > xxxx:xxxx::13: [icmp6 sum ok] ICMP6,
> >>>>>> destination
> >>>>>> unreachable, length 120, unreachable port[|icmp6]
> >>>>>>
> >>>>>> radvd is running on HA with the following config:
> >>>>>> interface eth0
> >>>>>> {
> >>>>>>  AdvSendAdvert on;
> >>>>>>  MinRtrAdvInterval 3;
> >>>>>>  MaxRtrAdvInterval 10;
> >>>>>>  AdvIntervalOpt on;
> >>>>>>  AdvHomeAgentFlag on;
> >>>>>>  AdvHomeAgentInfo on;
> >>>>>>  HomeAgentLifetime 1800;
> >>>>>>  HomeAgentPreference 10;
> >>>>>>  AdvMobRtrSupportFlag off;
> >>>>>>  prefix xxxx:xxxx::1/32
> >>>>>>  {
> >>>>>>      AdvRouterAddr on;
> >>>>>>      AdvOnLink on;
> >>>>>>      AdvAutonomous off;
> >>>>>>  };
> >>>>>> };
> >>>>>>
> >>>>>> I have tried with prefix xxxx:xxxx::1/64 and AdvAutonomous on
> >>>>>> but the
> >>>>>> result is still the same. And yes, radvd was restarted after
> >>>>>> mip6d was
> >>>>>> started.
> >>>>>>
> >>>>>> I assume that the BU's reach the HA but doesn't reach mip6d
> >>>>>> running on
> >>>>>> it since the icmp code says "unreachable port". Correct?
> >>>>>> What can cause it?
> >>>>>>
> >>>>>> I've also tried with a recompiled debian 5.0 kernel and mip6d from
> >>>>>> natisbad.org with the same result.
> >>>>>>
> >>>>>> BR,
> >>>>>> Mattias
> >>>>>> _______________________________________________
> >>>>>> Support mailing list
> >>>>>> Support at ml.nautilus6.org
> >>>>>> http://ml.nautilus6.org/mailman/listinfo/support
> >>>>>>
> >>>>>
> >>>>> _______________________________________________
> >>>>> Support mailing list
> >>>>> Support at ml.nautilus6.org
> >>>>> http://ml.nautilus6.org/mailman/listinfo/support
> >>>>>
> >>>> _______________________________________________
> >>>> Support mailing list
> >>>> Support at ml.nautilus6.org
> >>>> http://ml.nautilus6.org/mailman/listinfo/support
> >>>>
> >>>
> >>> _______________________________________________
> >>> Support mailing list
> >>> Support at ml.nautilus6.org
> >>> http://ml.nautilus6.org/mailman/listinfo/support
> >>>
> >> _______________________________________________
> >> Support mailing list
> >> Support at ml.nautilus6.org
> >> http://ml.nautilus6.org/mailman/listinfo/support
> >>
> >
> > _______________________________________________
> > Support mailing list
> > Support at ml.nautilus6.org
> > http://ml.nautilus6.org/mailman/listinfo/support
> >
> _______________________________________________
> Support mailing list
> Support at ml.nautilus6.org
> http://ml.nautilus6.org/mailman/listinfo/support
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://ml.nautilus6.org/pipermail/support/attachments/20090324/3ce171a5/attachment-0001.htm

More information about the Support mailing list