<< | Thread Index | >> ]    [ << | Date Index | >> ]

Subject: Re: CIPE-Win32 transfer hangs
From: Sandino Araico Sánchez <sandino,AT,sandino,DOT,net>
Date: Sat, 9 Mar 2002 05:45:25 +0100
In-reply-to: <9A9C83C019F35D47A570460E87D5D8AB01C5BF5A@racerx.ixiacom.com>

Jan Olderdissen wrote:

> Damion,
>
> I think I have a clue to what "failed on pending read attempt" means.
> Comparing Windump's output with the service's output, I would invariably see
> "failed on pending read attempt" after getting a "port unreachable" ICMP
> message because the other side was down:

I haven't checked if the Linux side is dying every five minutes and thus 
killing
the Windows side. I have cipe 1.5.2 on the Linux side.

I have just added a line to the cipe rc file to make it log to /var/log/cipe
every time a cipe device is found dead and is restarted so Juan Antonio can 
check
into the log file whenever his cipe daemon hangs.

I suspect the windows side sends a small packet to the Linux side, the Linux 
side
dies, the Windows side notices the Linux side died and then it hangs. Am I
correct?

In this case, applyng the short packet patch to the cipe on the linux side 
should
be the fix.

> 11:19:11.259599 10.105.1.6 > 10.105.1.2: icmp: 10.105.1.6 udp port 50
> unreachable [tos 0xc0]
>
> Perhaps your systems block ICMP messages so you never see the error.

The iptables firewall is not blocking any packet between local subnets, it 
just
forwards them.

>
>
> After "failed on pending read attempt" the service seems to remain alive, it
> even sends out pings. I suspect, however, that its incoming socket is dead
> from that point on due to the "port unreachable" not having been handled
> properly. Perhaps the error wants to be read, or something, before more
> packets can be read from the socket.
>
>

This is the rc file my gateway runs every minute.

#!/bin/sh
#
# ciped           This shell script takes care of starting and stopping
#    the cipe daemon for each configured tunnel
#
# chkconfig: - 55 45
# description: ciped stands for Crypto IP Encapsulation Daemon
#   cipe encapsulates encrypted IP packets inside regular UDP packets
#   this scripts starts the various cipe daemons for each cipe interface

CIPED=/usr/local/sbin/ciped-cb
IFCONFIG=/sbin/ifconfig
# Source system profile
. /etc/profile

# Source function library.
. /etc/rc.d/init.d/functions

# Source networking configuration.
. /etc/sysconfig/network

# Check that networking is up.
[ ${NETWORKING} = "no" ] && exit 0

[ -f $CIPED ] || exit 0

[ -f /etc/cipe/options ] || exit 0

RETVAL=0

for i in `cat /etc/sysconfig/cipe` ; do
 dev=`echo $i | cut -d ':' -f 1`
 conf=`echo $i | cut -d ':' -f 2`
 options=/etc/cipe/options.$conf
 running=`$IFCONFIG | grep $dev | cut -d ' ' -f 1`
 # See how we were called.
 case "$1" in
   start)
  # Start tunnels.
  if [ -f $options ] ; then
   if [ ! "$running" ] ; then
    DATE=`date`
    echo "$DATE - $dev - restart" >> /var/log/cipe
    action  "CIPE tunnel from $dev to $conf" $CIPED -o $options
    sleep 2
   fi
  fi
  #echo
      ;;
   stop)
     # Stop tunnels.
     if [ "$running" ] ; then
      action "Shutting down $dev: " $IFCONFIG $dev down
      #echo
     fi
     ;;
   status)
    $IFCONFIG | grep -A 6 $dev
  ;;
   restart)
  $0 stop
  $0 start
  exit 0
  ;;
   *)
     echo "Usage: named {start|stop|status|restart}"
     exit 1
 esac
done

exit 0

--
Sandino Araico Sánchez
>drop table internet;
OK, 135454265363565609860398636678346496 rows affected.
"oh fuck" --fluxrad





<< | Thread Index | >> ]    [ << | Date Index | >> ]