Eclipse Community Forums: Eclipse Titan » TCCIPsec handling functions

Home » Eclipse Projects » Eclipse Titan » TCCIPsec handling functions(The TCCIPsec handling functions work fine on OpenSuse but seem not to work on Ubuntu)

TCCIPsec handling functions [message #1841382]

Thu, 13 May 2021 16:52

Eclipse User

Hi Titan / IPsec experts.

I am woking on an IMS/MCPTT testing component which works fine on OpenSuse and CentOS, and now we are trying to port it to Ubuntu.

It seems that the TCCIPsec handling functions for the complex IPsec configurations, in particular TCCIPsec.cc, does not work for Ubuntu. The module TCCIPsec.cc assumes KAME IPsec kernel support.

Has some of you experience with the TCCIPsec functions on Ubuntu and can give me a hint?

Attached my simple project containing 2 test cases: TC_Server and TC_Client which should run on different workstations exchanging simple UDP packets for verifying the IPsec functionality. Again, it works fine if both sides are OpenSuse or CentOS but not under Ubuntu.

Thanks for any hint,
Olaf

Attachment: IPsecUDPTest.zip
(Size: 136.21KB, Downloaded 119 times)

Re: TCCIPsec handling functions [message #1841391 is a reply to message #1841382]

Fri, 14 May 2021 02:55

Eclipse User

What is the problem exactly. We're using Ubuntu to run test over IPSec.

Re: TCCIPsec handling functions [message #1841392 is a reply to message #1841391]

Fri, 14 May 2021 03:26

Eclipse User

That's great news, Gábor, so it works on Ubuntu !

The problem is that the other side gets the ESP packets but the IPsec layer doesn't deliver it, i.e. the authentication or decryption did not work
The keys or policies may not be identical on both sides .
Again, my test which I attached works on fine on Opensuse.
Which tool may I use in Ubuntu to display IPsec configuration (I use setkey -DP in Opensuse, but does not work on Ubuntu)?

I have 2 questions:

- And you using the IPsec module in the repository, in particular the TCCIPsec.cc ?
https://gitlab.eclipse.org/eclipse/titan/titan.Libraries.TCCUsefulFunctions.git

- Did you add some kernel extensions to your Ubuntu to get KAME support as stated in the documentation of TCCIPsec handling functions?

Thanks,
Olaf

Re: TCCIPsec handling functions [message #1841401 is a reply to message #1841392]

Fri, 14 May 2021 09:18

Eclipse User

Hi Gábor,

I think we found the issue: It is a casting bug in module TCCIPsec.cc, attached the corrected version. The change is marked with @Olaf.
With this change IPsec works between Opensuse and Ubuntu workstations.

Regards,
Olaf

Attachment: TCCIPsec.cc
(Size: 34.98KB, Downloaded 103 times)

Re: TCCIPsec handling functions [message #1841402 is a reply to message #1841401]

Fri, 14 May 2021 09:36

Eclipse User

I think not the cast was the problem. (const unsigned char*) calls the defined operator of the OCTETSTRING.
But the returned pointer valid until the object is valid. And the in the original code the object was a temporary object.

I think this is better. No need to cast to non const pointer

OCTETSTRING v_Oct = hex2oct(keyIn.hex());
len = keyIn.hex().lengthof()/2;
memcpy(key, (const unsigned char*)v_Oct, len);

Re: TCCIPsec handling functions [message #1841404 is a reply to message #1841402]

Fri, 14 May 2021 10:52

Eclipse User

I confirmed that the original code used memory after freed.

The corrected code is available in the repository

Re: TCCIPsec handling functions [message #1841448 is a reply to message #1841404]

Mon, 17 May 2021 05:33

Eclipse User

Thanks, Gábor,
I re-tested the code, it works fine :-)
Quite tricky is the memory management, good to know this.
Olaf

Previous Topic:	ANTLR version will be upgraded for Eclipse Titan Executor plugin
Next Topic:	Eclipse Titan repositories will migrate to GitLab

Goto Forum:

-=] Back to Top [=-

Current Time: Tue Jul 15 15:56:38 EDT 2025

.:: Contact :: Home ::.

Breadcrumbs

Sign up to our Newsletter