[support] Destination unreachable from HA on BU???
Mattias Blomqvist
mattias.blomqvist at gmail.com
Wed Mar 25 19:34:48 JST 2009
Hello again.
I think I'm beginning to find where the BU's are thrown away. I
recompiled the kernel with xfrm statistics.
For every BU received by the HA, XfrmInHdrError (in
/proc/net/xfrm_stat) is increased by 1.
Tcpdump of a received BU:
HA:~# tcpdump -vvv -x -i eth0 -s 200 host xxxx:xxxx::1
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 200 bytes
12:16:42.450564 IP6 (hlim 63, next-header IPv6 (41) payload length:
72) yyyy:yyyy::13 > xxxx:xxxx::1: IP6 (hlim 64, next-header Mobility
(135) payload length: 32) xxxx:xxxx:0:1300::1 > xxxx:xxxx::1:
mobility: BU seq#=18685 AH lifetime=262140(padn)(alt-CoA:
yyyy:yyyy::13)
0x0000: 6000 0000 0048 293f yyyy yyyy 0000 0000
0x0010: 0000 0000 0000 0013 xxxx xxxx 0000 0000
0x0020: 0000 0000 0000 0001 6000 0000 0020 8740
0x0030: xxxx xxxx 0000 1300 0000 0000 0000 0001
0x0040: xxxx xxxx 0000 0000 0000 0000 0000 0001
0x0050: 3b03 0500 020a 48fd c000 ffff 0100 0310
0x0060: yyyy yyyy 0000 0000 0000 0000 0000 0013
Is anyone able to tell whats wrong?
To answer Arnaud's questions.
Yes, UMIP is running on the HA and nothing happens when the HA
receives the BU from the MN. With kernel 2.6.29 there is no reply at
all. See tcpdump above for example of a BU.
ip xfrm monitor shows the following output when mip6d starts:
HA:~# ip xfrm monitor
src ::/0 dst ::/0 proto 135 type 5
dir in priority 9 ptype sub
tmpl src :: dst ::
proto hao reqid 0 mode ro
level use
src :: dst ::
proto hao reqid 0 mode ro
replay-window 0 flag wildrecv
coa ::
sel src ::/0 dst ::/0
src ::/0 dst ::/0 proto 135
dir out priority 12 ptype sub
src ::/0 dst ::/0 proto ipv6-icmp type 135
dir out priority 12 ptype sub
src ::/0 dst ::/0 proto ipv6-icmp type 136
dir out priority 3 ptype sub
src ::/0 dst ::/0 proto ipv6-icmp type 0
dir out priority 12 ptype sub
Async event (0x20) timer expired
src :: dst :: reqid 0x0 protocol ipv6-opts SPI 0x0
But nothing when a BU is received.
BR,
Mattias Blomqvist
On Wed, Mar 25, 2009 at 9:18 AM, manish Jamwal <manish.jamwal at gmail.com> wrote:
> Hi
> Check this one, hope this opens :)
> http://ols.fedoraproject.org/OLS/Reprints-2004/Reprint-Miyazawa-OLS2004.pdf
>
> Regards
> Manish Jamwal
>
> On Wed, Mar 25, 2009 at 1:31 PM, Mattias Blomqvist
> <mattias.blomqvist at gmail.com> wrote:
>>
>> Hi.
>>
>> Nothing about xfrm in that pdf... Maybe you sent the wrong link?
>>
>> /Mattias
>>
>> On Tue, Mar 24, 2009 at 6:22 PM, manish Jamwal <manish.jamwal at gmail.com>
>> wrote:
>> > Hi
>> >
>> > The xfrm policy for BU is set in kernel from mip6d code. You can see the
>> > policy by below command
>> > # ip xfrm policy show
>> > src ::/0 dst ::/0 proto 135 sport 5
>> > dir in priority 9
>> > tmpl src :: dst ::
>> > proto ipv6-opts spi 0x00000000 reqid 0 mode 2
>> > level use
>> >
>> > Read this pdf, it will help u understand xfrm architecture better.
>> >
>> > http://ols.fedoraproject.org/OLS/Reprints-2006/schopp-reprint.pdf
>> >
>> > Regards
>> > Manish Jamwal
>> >
>> > On Tue, Mar 24, 2009 at 10:01 PM, Mattias Blomqvist
>> > <mattias.blomqvist at gmail.com> wrote:
>> >>
>> >> Hi
>> >>
>> >> I've done some more research.
>> >>
>> >> I can't get it to work with either of the mip6d from nautilus6.org or
>> >> from natisbad.org on either debian 4.0 or debian 5.0 with a variety of
>> >> kernels. I'm currently on debian 5.0 and kernel 2.6.29. The kernel is
>> >> before compiling checked with set_mip6_ipsec_fw_kernel_options.sh from
>> >> natisbad.org to make sure all the correct options are set.
>> >> Kernel 2.6.29 doesn't send destination unreachable as a patched 2.6.24
>> >> did.
>> >>
>> >> I'm currently investigating the xfrm setup and I have a question. A HA
>> >> does both xfrm_ha_init() and xfrm_cn_init(). xfrm_ha_init() only sets
>> >> up ipsec which I have turned off. xfrm_cn_init() says in its comments:
>> >> /* Create policy for all BUs with home flag NOT set to
>> >> use home address option */
>> >>
>> >> So where is the xfrm policy for BUs with home flag set ? Or isn't that
>> >> policy needed for the HA?
>> >>
>> >> Just trying to understand things...
>> >>
>> >> Would it be a good or bad idea to cross-post this to usagi-users?
>> >>
>> >> BR,
>> >> Mattias Blomqvist
>> >>
>> >> On Mon, Mar 23, 2009 at 11:44 PM, Romain KUNTZ
>> >> <kuntz at lsiit.u-strasbg.fr>
>> >> wrote:
>> >> > Hi Mattias,
>> >> >
>> >> > On 2009/03/23, at 15:02, Mattias Blomqvist wrote:
>> >> >> libc6 is standard debian 5.0 which is 2.7-18 (afaik).
>> >> >> I also came to think of libc problems so I recompiled from the
>> >> >> source
>> >> >> package from nautilus6 but with exactly the same result.
>> >> >>
>> >> >> I've tracked the issue down to mh_recv() in mh_listen() in mh.c
>> >> >> never
>> >> >> returning any data. This in turn is because recvmsg() in mh_recv()
>> >> >> never returns any data.
>> >> >> This seems to be in line with the destination unreachable being
>> >> >> sent.
>> >> >> It seems like the kernel or some lib doesn't think that any process
>> >> >> is
>> >> >> interested in the BU.
>> >> >
>> >> > I don't have any clue so far, but if you happen to find the cause of
>> >> > the problem and/or a solution, please advertise it on this list and
>> >> > I'll add an entry in the howto FAQ.
>> >> >
>> >> > Cheers,
>> >> > romain
>> >> >
>> >> >
>> >> >> On Mon, Mar 23, 2009 at 2:17 PM, Romain KUNTZ
>> >> >> <kuntz at lsiit.u-strasbg.fr
>> >> >> > wrote:
>> >> >>> Seems also OK to me. That is odd, it's the first time I hear about
>> >> >>> such
>> >> >>> issue.
>> >> >>> I've got the sane configuration here (2.6.24-1 kernel & mip6d from
>> >> >>> nautilus6) running fine.
>> >> >>>
>> >> >>> Which libc6 version are you using? Mine is 2.7-18.
>> >> >>>
>> >> >>> Cheers,
>> >> >>> romain
>> >> >>>
>> >> >>> On 2009/03/23, at 13:18, Mattias Blomqvist wrote:
>> >> >>>
>> >> >>>> Hi,
>> >> >>>>
>> >> >>>> Good question. Missed that one. It says the following with mip6d
>> >> >>>> and
>> >> >>>> radvd running:
>> >> >>>>
>> >> >>>> HA:~# netstat -6 -a
>> >> >>>> Active Internet connections (servers and established)
>> >> >>>> Proto Recv-Q Send-Q Local Address Foreign
>> >> >>>> Address State
>> >> >>>> tcp6 0 0 localhost:7777
>> >> >>>> [::]:* LISTEN
>> >> >>>> tcp6 0 0 [::]:ssh
>> >> >>>> [::]:* LISTEN
>> >> >>>> tcp6 0 0 localhost:6010
>> >> >>>> [::]:* LISTEN
>> >> >>>> raw6 0 0 [::]:ipv6-icmp
>> >> >>>> [::]:* 7
>> >> >>>> raw6 0 0 [::]:ipv6-icmp
>> >> >>>> [::]:* 7
>> >> >>>> raw6 0 0 [::]:135
>> >> >>>> [::]:* 7
>> >> >>>>
>> >> >>>> After stopping mip6d and radvd it says:
>> >> >>>> HA:~# netstat -6 -a
>> >> >>>> Active Internet connections (servers and established)
>> >> >>>> Proto Recv-Q Send-Q Local Address Foreign
>> >> >>>> Address State
>> >> >>>> tcp6 0 0 [::]:ssh
>> >> >>>> [::]:* LISTEN
>> >> >>>> tcp6 0 0 localhost:6010
>> >> >>>> [::]:* LISTEN
>> >> >>>>
>> >> >>>>
>> >> >>>> Looks ok to me. Or?
>> >> >>>>
>> >> >>>> BR,
>> >> >>>> Mattias
>> >> >>>>
>> >> >>>> On Mon, Mar 23, 2009 at 1:06 PM, Romain KUNTZ
>> >> >>>> <kuntz at lsiit.u-strasbg.fr
>> >> >>>> >
>> >> >>>> wrote:
>> >> >>>>>
>> >> >>>>> Hi,
>> >> >>>>>
>> >> >>>>> What does netstat tells you?
>> >> >>>>>
>> >> >>>>> Cheers,
>> >> >>>>> romain
>> >> >>>>>
>> >> >>>>> On 2009/03/23, at 11:26, Mattias Blomqvist wrote:
>> >> >>>>>
>> >> >>>>>> Hello
>> >> >>>>>>
>> >> >>>>>> I'm getting destination unreachable icmp errors with code set to
>> >> >>>>>> "port
>> >> >>>>>> unreachable" (4) from the HA with mip6d running (and without of
>> >> >>>>>> course).
>> >> >>>>>> This is under Debian 5.0 but with the kernel and mip6d from
>> >> >>>>>> nautilus6.org.
>> >> >>>>>>
>> >> >>>>>> HA:~# uname -a
>> >> >>>>>> Linux HA 2.6.24-1-mip6-686 #1 SMP Tue Feb 26 03:20:31 UTC 2008
>> >> >>>>>> i686
>> >> >>>>>> GNU/Linux
>> >> >>>>>>
>> >> >>>>>> If I run mip6d in the foreground it says the following:
>> >> >>>>>> HA:~# mip6d
>> >> >>>>>> mip6d[2497]: MIPL Mobile IPv6 for Linux v2.0.2-umip-0.4 started
>> >> >>>>>> (Home
>> >> >>>>>> Agent)
>> >> >>>>>> Mon Mar 23 11:41:16 main: MIPL Mobile IPv6 for Linux started in
>> >> >>>>>> debug
>> >> >>>>>> mode, not detaching from terminal
>> >> >>>>>> Mon Mar 23 11:41:16 conf_show: config_file = /etc/mip6d.conf
>> >> >>>>>> Mon Mar 23 11:41:16 conf_show: vt_hostname = localhost
>> >> >>>>>> Mon Mar 23 11:41:16 conf_show: vt_service = 7777
>> >> >>>>>> Mon Mar 23 11:41:16 conf_show: mip6_entity = 2
>> >> >>>>>> Mon Mar 23 11:41:16 conf_show: debug_level = 10
>> >> >>>>>> Mon Mar 23 11:41:16 conf_show: debug_log_file = stderr
>> >> >>>>>> Mon Mar 23 11:41:16 conf_show: PolicyModulePath = [internal]
>> >> >>>>>> Mon Mar 23 11:41:16 conf_show: DefaultBindingAclPolicy = 0
>> >> >>>>>> Mon Mar 23 11:41:16 conf_show: NonVolatileBindingCache =
>> >> >>>>>> disabled
>> >> >>>>>> Mon Mar 23 11:41:16 conf_show: KeyMngMobCapability = disabled
>> >> >>>>>> Mon Mar 23 11:41:16 conf_show: UseMnHaIPsec = disabled
>> >> >>>>>> Mon Mar 23 11:41:16 conf_show: MnMaxHaBindingLife = 262140
>> >> >>>>>> Mon Mar 23 11:41:16 conf_show: MnMaxCnBindingLife = 420
>> >> >>>>>> Mon Mar 23 11:41:16 conf_show: MnRouterProbes = 0
>> >> >>>>>> Mon Mar 23 11:41:16 conf_show: MnRouterProbeTimeout = 0.000000
>> >> >>>>>> Mon Mar 23 11:41:16 conf_show: InitialBindackTimeoutFirstReg =
>> >> >>>>>> 1.500000
>> >> >>>>>> Mon Mar 23 11:41:16 conf_show: InitialBindackTimeoutReReg =
>> >> >>>>>> 1.000000
>> >> >>>>>> Mon Mar 23 11:41:16 conf_show: UseCnBuAck = disabled
>> >> >>>>>> Mon Mar 23 11:41:16 conf_show: DoRouteOptimizationMN = enabled
>> >> >>>>>> Mon Mar 23 11:41:16 conf_show: MnUseAllInterfaces = disabled
>> >> >>>>>> Mon Mar 23 11:41:16 conf_show: MnDiscardHaParamProb = disabled
>> >> >>>>>> Mon Mar 23 11:41:16 conf_show: SendMobPfxSols = enabled
>> >> >>>>>> Mon Mar 23 11:41:16 conf_show: OptimisticHandoff = disabled
>> >> >>>>>> Mon Mar 23 11:41:16 conf_show: MobRtrUseExplicitMode = enabled
>> >> >>>>>> Mon Mar 23 11:41:16 conf_show: SendMobPfxAdvs = enabled
>> >> >>>>>> Mon Mar 23 11:41:16 conf_show: SendUnsolMobPfxAdvs = enabled
>> >> >>>>>> Mon Mar 23 11:41:16 conf_show: MaxMobPfxAdvInterval = 86400
>> >> >>>>>> Mon Mar 23 11:41:16 conf_show: MinMobPfxAdvInterval = 600
>> >> >>>>>> Mon Mar 23 11:41:16 conf_show: HaMaxBindingLife = 262140
>> >> >>>>>> Mon Mar 23 11:41:16 conf_show: HaAcceptMobRtr = disabled
>> >> >>>>>> Mon Mar 23 11:41:16 conf_show: DoRouteOptimizationCN = disabled
>> >> >>>>>> Mon Mar 23 11:41:16 xfrm_cn_init: Adding policies and states for
>> >> >>>>>> CN
>> >> >>>>>> Mon Mar 23 11:41:16 xfrm_ha_init: Adding policies and states for
>> >> >>>>>> HA
>> >> >>>>>> Mon Mar 23 11:41:16 ha_if_addr_setup: Joined anycast group
>> >> >>>>>> 2a03:a0a:ffff:ffff:ffff:ffff:ffff:fffe on iface 3
>> >> >>>>>>
>> >> >>>>>>
>> >> >>>>>> iface 3 is correct since:
>> >> >>>>>> HA:~# ip link
>> >> >>>>>> ........
>> >> >>>>>> 3: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc
>> >> >>>>>> pfifo_fast
>> >> >>>>>> state UNKNOWN qlen 1000
>> >> >>>>>> link/ether 08:00:27:99:49:45 brd ff:ff:ff:ff:ff:ff
>> >> >>>>>>
>> >> >>>>>> tcpdump on HA gives:
>> >> >>>>>> HA:~# tcpdump -vvv -i eth0 -s 200 host yyyy:yyyy::1
>> >> >>>>>> tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture
>> >> >>>>>> size
>> >> >>>>>> 200
>> >> >>>>>> bytes
>> >> >>>>>>
>> >> >>>>>> 11:50:33.221717 IP6 (hlim 64, next-header IPv6 (41) payload
>> >> >>>>>> length:
>> >> >>>>>> 72) xxxx:xxxx::13 > yyyy:yyyy::1: IP6 (hlim 64, next-header
>> >> >>>>>> Mobility
>> >> >>>>>> (135) payload length: 32) yyyy:yyyy:0:1300::1 > yyyy:yyyy::1:
>> >> >>>>>> mobility: BU seq#=26817 AH lifetime=262140(padn)(alt-CoA:
>> >> >>>>>> xxxx:xxxx::13)
>> >> >>>>>>
>> >> >>>>>> 11:50:33.319495 IP6 (hlim 64, next-header ICMPv6 (58) payload
>> >> >>>>>> length:
>> >> >>>>>> 120) yyyy:yyyy::1 > xxxx:xxxx::13: [icmp6 sum ok] ICMP6,
>> >> >>>>>> destination
>> >> >>>>>> unreachable, length 120, unreachable port[|icmp6]
>> >> >>>>>>
>> >> >>>>>> radvd is running on HA with the following config:
>> >> >>>>>> interface eth0
>> >> >>>>>> {
>> >> >>>>>> AdvSendAdvert on;
>> >> >>>>>> MinRtrAdvInterval 3;
>> >> >>>>>> MaxRtrAdvInterval 10;
>> >> >>>>>> AdvIntervalOpt on;
>> >> >>>>>> AdvHomeAgentFlag on;
>> >> >>>>>> AdvHomeAgentInfo on;
>> >> >>>>>> HomeAgentLifetime 1800;
>> >> >>>>>> HomeAgentPreference 10;
>> >> >>>>>> AdvMobRtrSupportFlag off;
>> >> >>>>>> prefix xxxx:xxxx::1/32
>> >> >>>>>> {
>> >> >>>>>> AdvRouterAddr on;
>> >> >>>>>> AdvOnLink on;
>> >> >>>>>> AdvAutonomous off;
>> >> >>>>>> };
>> >> >>>>>> };
>> >> >>>>>>
>> >> >>>>>> I have tried with prefix xxxx:xxxx::1/64 and AdvAutonomous on
>> >> >>>>>> but the
>> >> >>>>>> result is still the same. And yes, radvd was restarted after
>> >> >>>>>> mip6d was
>> >> >>>>>> started.
>> >> >>>>>>
>> >> >>>>>> I assume that the BU's reach the HA but doesn't reach mip6d
>> >> >>>>>> running on
>> >> >>>>>> it since the icmp code says "unreachable port". Correct?
>> >> >>>>>> What can cause it?
>> >> >>>>>>
>> >> >>>>>> I've also tried with a recompiled debian 5.0 kernel and mip6d
>> >> >>>>>> from
>> >> >>>>>> natisbad.org with the same result.
>> >> >>>>>>
>> >> >>>>>> BR,
>> >> >>>>>> Mattias
>> >> >>>>>> _______________________________________________
>> >> >>>>>> Support mailing list
>> >> >>>>>> Support at ml.nautilus6.org
>> >> >>>>>> http://ml.nautilus6.org/mailman/listinfo/support
>> >> >>>>>>
>> >> >>>>>
>> >> >>>>> _______________________________________________
>> >> >>>>> Support mailing list
>> >> >>>>> Support at ml.nautilus6.org
>> >> >>>>> http://ml.nautilus6.org/mailman/listinfo/support
>> >> >>>>>
>> >> >>>> _______________________________________________
>> >> >>>> Support mailing list
>> >> >>>> Support at ml.nautilus6.org
>> >> >>>> http://ml.nautilus6.org/mailman/listinfo/support
>> >> >>>>
>> >> >>>
>> >> >>> _______________________________________________
>> >> >>> Support mailing list
>> >> >>> Support at ml.nautilus6.org
>> >> >>> http://ml.nautilus6.org/mailman/listinfo/support
>> >> >>>
>> >> >> _______________________________________________
>> >> >> Support mailing list
>> >> >> Support at ml.nautilus6.org
>> >> >> http://ml.nautilus6.org/mailman/listinfo/support
>> >> >>
>> >> >
>> >> > _______________________________________________
>> >> > Support mailing list
>> >> > Support at ml.nautilus6.org
>> >> > http://ml.nautilus6.org/mailman/listinfo/support
>> >> >
>> >> _______________________________________________
>> >> Support mailing list
>> >> Support at ml.nautilus6.org
>> >> http://ml.nautilus6.org/mailman/listinfo/support
>> >
>> >
>
>
More information about the Support
mailing list