StrongSwan with GCM and large packet sizes produces unstable behavior
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Ubuntu on IBM z Systems |
Fix Released
|
High
|
Canonical Server | ||
linux (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
strongswan (Ubuntu) |
Invalid
|
Undecided
|
Skipper Bug Screeners |
Bug Description
StrongSwan with GCM and large packet sizes produces unstable behavior when used in Linux native environment.
---uname output---
Linux ubu01 4.15.0-42-generic #45-Ubuntu SMP Thu Nov 15 19:29:11 UTC 2018 s390x s390x s390x GNU/Linux
Machine Type = 3906 / M04 (z14), LPAR (dedicated)
---Debugger---
A debugger is not configured
---Steps to Reproduce---
On two separate machines (Linux native), install StrongSwan and on both machines, configure the encryption with aes128gcm8 for IPsec.
Then run the following command from one of the machine:
```
$# ping <other_machine_ip> -s 1024
```
Small packet sizes are working as expected. However, anything large (around 1024 bytes or more) are sometimes returning wrong values, or the packets are getting lost. This problem does not occur for ciphers not involving GCM.
Userspace tool common name: StrongSwan
The userspace tool has the following bit modes: both
Userspace package: StrongSwan
Userspace tool obtained from project website: na
-Attach ltrace and strace of userspace application.
Changed in ubuntu-z-systems: | |
importance: | Undecided → High |
assignee: | nobody → Canonical Server Team (canonical-server) |
status: | New → Triaged |
Changed in ubuntu-z-systems: | |
status: | Triaged → Confirmed |
Changed in ubuntu-z-systems: | |
status: | Confirmed → Incomplete |
Changed in strongswan (Ubuntu): | |
status: | Incomplete → Invalid |
Default Comment by Bridge