OpenWrt/LEDE Project

  • Status Unconfirmed
  • Percent Complete
    0%
  • Task Type Bug Report
  • Category Base system
  • Assigned To No-one
  • Operating System All
  • Severity Critical
  • Priority Very Low
  • Reported Version All
  • Due in Version Undecided
  • Due Date Undecided
  • Votes 1
    • FC7 (07.01.2018)
  • Private
Attached to Project: OpenWrt/LEDE Project
Opened by FC7 - 07.01.2018

FS#1262 - CAAM breaking strongswan on WDR4900v1

Strongswan seems to be trying to use CAAM crypto hardware device on this router through the kernel but the device doesn’t seem to be present or available causing strongswan to fail while trying to add a SA to the kernel.
Everytime strongswan is trying to add a SA to the kernel the following error messages are logged in strongswan and the kernel log. The kernel log error message seems to be generated by the CAAM code (I checked the kernel source to confirm this).

Strongswan log:

12[KNL] received netlink error: No such device (19)
12[KNL] unable to add SAD entry with SPI c88d8084 (FAILED)
12[KNL] received netlink error: No such device (19)
12[KNL] unable to add SAD entry with SPI 0e9ded44 (FAILED)
12[IKE] unable to install inbound and outbound IPsec SA (SAD) in kernel

Linux kernel log:

[6311485.194242] Job Ring Device allocation for transform failed
[6311485.201338] Job Ring Device allocation for transform failed
[6311497.457066] Job Ring Device allocation for transform failed
[6311497.464231] Job Ring Device allocation for transform failed

CAAM must either be disabled or built as a kernel module for this specific router since hardware support is not there and it can only cause potential problems like in this case with Strongswan.

I’m tagging the bug as critical since as reported above Strongswan is not usable on this router due to this bug in the kernel configuration.


FC7 commented on 07.01.2018 11:01

As commented by Yousong Zhou in this bug report the issue was probably caused by commit c00e5a4 "mpc85xx: enable the crypto acceleration driver in the kernel config instead of packaging it".

I can confirm that reverting this commit solves the problem.

Project Manager
Yousong Zhou commented on 26.01.2018 03:24

Hi, FC7, please consider posting the tested patch to the mailing list. Thank you.

Loading...

Available keyboard shortcuts

Tasklist

Task Details

Task Editing