03-24-2011 03:53 AM
We have noticed problem with IPSEC ESP tunnel between two ML507.
They are connected in one network and each has it's own "safe" network.
IPSEC is encapsulating data from one "safe" network to another in ESP mode.
While sending bigger packets (like ping -n 2000) from host in one "safe" network to another, fragmentation error occurs.
Packet is well fragmented on 1st host to meet it's MTU requrement (2008B ICMP into 1514B and 562B).
First packet (1514B) is encapsulated in two ESP packets (1514B and 114B). Second goes in one ESP packet (650B).
Probably two fragments of first packet are done wrong (they have different sequence id) and during de-capsulation the second one is dropped. Last ESP packet (650B) is recevied properly.
Problem can also be on the other ML507 device doing de-capsulation.
They both are PowerPC (big-endian) and we already found many bugs in Xilinx embedded Linux code involving big-endian architecture. It looks like, the main kernel testing area is little-endian.
We use Linux 2.6.37 from git.xilinx.com.
The problem does not affect PC (x86/x86_64) little-endian.
So, this can be Xilinx kernel problem or network big-endian problem.
03-25-2011 04:29 PM
I don't really understand what you mean as PowerPC we support is big endian and that's what we tested on.
Little endian is on MicroBlaze only.
I don't know how well fragmentation is tested.