libnl-xfrm收不到客户端到服务器IKE阶段的信息

Question

libnl-xfrm收不到客户端到服务器IKE阶段的信息

yinyue123 opened this issue 5 years ago · comments

在你的xfrm_listen.c例子中，libnl-xfrm建立连接时仅能监听到服务器到客户端IKE阶段的信息，收不到客户端到服务器IKE阶段的信息，而断开连接时既能收到服务器到客户端IKE阶段的信息，也能收到客户端到服务器IKE阶段的信息，请问这是什么原因呢？我的邮箱：798523593@qq.com

YinYue · Answer 1 · Mon Jan 28 2019 15:47:12 GMT+0800 (China Standard Time)

这是我的运行结果
[root@VM_21_212_centos xfrm-listen]# gdb a.out
GNU gdb (GDB) Red Hat Enterprise Linux 7.6.1-100.el7_4.1
Copyright (C) 2013 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later http://gnu.org/licenses/gpl.html
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-redhat-linux-gnu".
For bug reporting instructions, please see:
http://www.gnu.org/software/gdb/bugs/...
Reading symbols from /root/ipsec/xfrm-listen/a.out...done.
(gdb) run
Starting program: /root/ipsec/xfrm-listen/a.out
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
[+parse_nlmsg]
[+parse_nlmsg]
XFRM_MSG_NEWSA runs
[+parse_sa]
src : 10.105.21.212 dst : 117.136.86.10
proto : 50(esp:50 ah:51) spi : 0xd0853cc
repid : 7 mode : tunnel
replay window : 0
hmac(sha1) 0x8568d3327dd6634847748954a2cfbc3cdffa41d6
cbc(aes) 0x2e60b46039522d4e4baf34d1f2d6e7c2cd0596f3171ad08a0e6cd4d08384708e
sel src : 00:00:00:00:00: dst : 00:00:00:00:00:
[+parse_nlmsg]
XFRM_MSG_NEWPOLICY runs
[+parse_sp]
[+parse_nlmsg]
XFRM_MSG_NEWPOLICY runs
[+parse_sp]
[+parse_nlmsg]
XFRM_MSG_NEWPOLICY runs
[+parse_sp]
[+parse_nlmsg]
XFRM_MSG_DELPOLICY runs
[+parse_sp]
[+parse_nlmsg]
XFRM_MSG_DELPOLICY runs
[+parse_sp]
[+parse_nlmsg]
XFRM_MSG_DELPOLICY runs
[+parse_sp]
[+parse_nlmsg]
XFRM_MSG_DELSA runs
[+parse_sa]
src : 117.136.86.10 dst : 10.105.21.212
proto : 50(esp:50 ah:51) spi : 0xcedd83e0
repid : 7 mode : tunnel
replay window : 32
0x8568d3327dd6634847748954a2cfbc3cdffa41d6
0x2e60b46039522d4e4baf34d1f2d6e7c2cd0596f3171ad08a0e6cd4d08384708e
sel src : 00:00:00:00:00: dst : 00:00:00:00:00:
[+parse_nlmsg]
XFRM_MSG_DELSA runs
[+parse_sa]
src : 10.105.21.212 dst : 117.136.86.10
proto : 50(esp:50 ah:51) spi : 0xd0853cc
repid : 7 mode : tunnel
replay window : 0
0x8568d3327dd6634847748954a2cfbc3cdffa41d6
0x2e60b46039522d4e4baf34d1f2d6e7c2cd0596f3171ad08a0e6cd4d08384708e
sel src : 00:00:00:00:00: dst : 00:00:00:00:00:
[+parse_nlmsg]
[+parse_nlmsg]

YinYue · Answer 2 · Mon Jan 28 2019 15:48:07 GMT+0800 (China Standard Time)

建立连接时理应能收到
XFRM_MSG_NEWSA runs
[+parse_sa]
src : 117.136.86.10 dst : 10.105.21.212
proto : 50(esp:50 ah:51) spi : 0xcedd83e0
repid : 7 mode : tunnel
replay window : 32
0x8568d3327dd6634847748954a2cfbc3cdffa41d6
0x2e60b46039522d4e4baf34d1f2d6e7c2cd0596f3171ad08a0e6cd4d08384708e
sel src : 00:00:00:00:00: dst : 00:00:00:00:00:

Larry He · Answer 3 · Tue Jan 29 2019 11:18:02 GMT+0800 (China Standard Time)

这块不太熟了，建议你查看下所有的XFRM消息类型，和以及IKE阶段应该产生的类型

YinYue · Answer 4 · Wed Jan 30 2019 13:42:33 GMT+0800 (China Standard Time)

好的，谢谢你啦，我解决了，我发现第一次接收到的nlmsg_type不是XFRM_MSG_NEWSA，而是29，我不知道29代表什么含义，但是在case XFRM_MSG_NEWSA: 下面添加case 29:即可收到第一次的xfrm包，你可以试试，然后添加到你的代码中。