Skip to main content


Eclipse Community Forums
Forum Search:

Search      Help    Register    Login    Home
Home » Eclipse Projects » Eclipse Titan » TCCIPsec handling functions(The TCCIPsec handling functions work fine on OpenSuse but seem not to work on Ubuntu)
TCCIPsec handling functions [message #1841382] Thu, 13 May 2021 20:52 Go to next message
Olaf Bergengruen is currently offline Olaf BergengruenFriend
Messages: 122
Registered: November 2018
Senior Member
Hi Titan / IPsec experts.

I am woking on an IMS/MCPTT testing component which works fine on OpenSuse and CentOS, and now we are trying to port it to Ubuntu.

It seems that the TCCIPsec handling functions for the complex IPsec configurations, in particular TCCIPsec.cc, does not work for Ubuntu. The module TCCIPsec.cc assumes KAME IPsec kernel support.

Has some of you experience with the TCCIPsec functions on Ubuntu and can give me a hint?

Attached my simple project containing 2 test cases: TC_Server and TC_Client which should run on different workstations exchanging simple UDP packets for verifying the IPsec functionality. Again, it works fine if both sides are OpenSuse or CentOS but not under Ubuntu.


Thanks for any hint,
Olaf

Report message to a moderator

Re: TCCIPsec handling functions [message #1841391 is a reply to message #1841382] Fri, 14 May 2021 06:55 Go to previous messageGo to next message
Gábor Szalai is currently offline Gábor SzalaiFriend
Messages: 133
Registered: December 2015
Senior Member
What is the problem exactly. We're using Ubuntu to run test over IPSec.

Report message to a moderator

Re: TCCIPsec handling functions [message #1841392 is a reply to message #1841391] Fri, 14 May 2021 07:26 Go to previous messageGo to next message
Olaf Bergengruen is currently offline Olaf BergengruenFriend
Messages: 122
Registered: November 2018
Senior Member
That's great news, Gábor, so it works on Ubuntu !

The problem is that the other side gets the ESP packets but the IPsec layer doesn't deliver it, i.e. the authentication or decryption did not work
The keys or policies may not be identical on both sides .
Again, my test which I attached works on fine on Opensuse.
Which tool may I use in Ubuntu to display IPsec configuration (I use setkey -DP in Opensuse, but does not work on Ubuntu)?

I have 2 questions:

- And you using the IPsec module in the repository, in particular the TCCIPsec.cc ?
https://gitlab.eclipse.org/eclipse/titan/titan.Libraries.TCCUsefulFunctions.git

- Did you add some kernel extensions to your Ubuntu to get KAME support as stated in the documentation of TCCIPsec handling functions?

Thanks,
Olaf

Report message to a moderator

Re: TCCIPsec handling functions [message #1841401 is a reply to message #1841392] Fri, 14 May 2021 13:18 Go to previous messageGo to next message
Olaf Bergengruen is currently offline Olaf BergengruenFriend
Messages: 122
Registered: November 2018
Senior Member
Hi Gábor,

I think we found the issue: It is a casting bug in module TCCIPsec.cc, attached the corrected version. The change is marked with @Olaf.
With this change IPsec works between Opensuse and Ubuntu workstations.

Regards,
Olaf
  • Attachment: TCCIPsec.cc
    (Size: 34.98KB, Downloaded 57 times)

Report message to a moderator

Re: TCCIPsec handling functions [message #1841402 is a reply to message #1841401] Fri, 14 May 2021 13:36 Go to previous messageGo to next message
Gábor Szalai is currently offline Gábor SzalaiFriend
Messages: 133
Registered: December 2015
Senior Member
I think not the cast was the problem. (const unsigned char*) calls the defined operator of the OCTETSTRING.
But the returned pointer valid until the object is valid. And the in the original code the object was a temporary object.

I think this is better. No need to cast to non const pointer
OCTETSTRING v_Oct = hex2oct(keyIn.hex());
len = keyIn.hex().lengthof()/2;
memcpy(key, (const unsigned char*)v_Oct, len);

Report message to a moderator

Re: TCCIPsec handling functions [message #1841404 is a reply to message #1841402] Fri, 14 May 2021 14:52 Go to previous messageGo to next message
Gábor Szalai is currently offline Gábor SzalaiFriend
Messages: 133
Registered: December 2015
Senior Member
I confirmed that the original code used memory after freed.

The corrected code is available in the repository

Report message to a moderator

Re: TCCIPsec handling functions [message #1841448 is a reply to message #1841404] Mon, 17 May 2021 09:33 Go to previous message
Olaf Bergengruen is currently offline Olaf BergengruenFriend
Messages: 122
Registered: November 2018
Senior Member
Thanks, Gábor,
I re-tested the code, it works fine :-)
Quite tricky is the memory management, good to know this.
Olaf

Report message to a moderator

Previous Topic:ANTLR version will be upgraded for Eclipse Titan Executor plugin
Next Topic:Eclipse Titan repositories will migrate to GitLab
Goto Forum:
  

[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Fri Apr 26 13:58:56 GMT 2024

Powered by FUDForum. Page generated in 0.04410 seconds
.:: Contact :: Home ::.

Powered by: FUDforum 3.0.2.
Copyright ©2001-2010 FUDforum Bulletin Board Software

Back to the top

Sign up to our Newsletter

A fresh new issue delivered monthly