strange behaviour with direct protocol if two interface has the same ip address

23 Jul 2011

      Hello!

Openswan with klips stack use ipsec* interface which is configured to
the same ip address as the physical interface.

If i use the direct protocol and starting ipsec daemon the physical
interface's connected route disappears.
If i stopping ipsec daemon any connected route is missing from direct protocol.

Simple test:

bird.conf:

debug protocols all;

protocol direct {
}

protocol kernel {
	learn;
	persist;
	scan time 20;
	export all;
}

protocol device {
	scan time 10;
}

protocol static {
}

Ipsec stopped and after that bird started:

BIRD 1.3.2 ready.
bird> show interfaces
lo up (index=1)
	MultiAccess AdminUp LinkUp Loopback Ignored MTU=16436
	127.0.0.1/8 (Primary, scope host)
eth0 up (index=2)
	MultiAccess Broadcast Multicast AdminUp LinkUp MTU=1500
	10.0.2.15/24 (Primary, scope site)
eth1 up (index=3)
	MultiAccess Broadcast Multicast AdminUp LinkUp MTU=1500
	192.168.56.3/24 (Primary, scope site)
ipsec0 DOWN (index=7)
	MultiAccess AdminDown LinkDown MTU=16260
ipsec1 DOWN (index=8)
	MultiAccess AdminDown LinkDown MTU=0
mast0 DOWN (index=9)
	MultiAccess AdminDown LinkDown MTU=0

bird> sho route
0.0.0.0/0          via 10.0.2.2 on eth0 [kernel1 16:16] * (10)
10.0.2.0/24        dev eth0 [direct1 16:16] * (240)
192.168.56.0/24    dev eth1 [direct1 16:16] * (240)

Ipsec started:

bird> show interfaces
lo up (index=1)
	MultiAccess AdminUp LinkUp Loopback Ignored MTU=16436
	127.0.0.1/8 (Primary, scope host)
eth0 up (index=2)
	MultiAccess Broadcast Multicast AdminUp LinkUp MTU=1500
	10.0.2.15/24 (Primary, scope site)
eth1 up (index=3)
	MultiAccess Broadcast Multicast AdminUp LinkUp MTU=1500
	192.168.56.3/24 (Primary, scope site)
ipsec0 up (index=7)
	MultiAccess AdminUp LinkUp MTU=16260
	10.0.2.15/24 (Primary, scope site)
ipsec1 DOWN (index=8)
	MultiAccess AdminDown LinkDown MTU=0
mast0 DOWN (index=9)
	MultiAccess AdminDown LinkDown MTU=0

bird> sho route
0.0.0.0/0          via 10.0.2.2 on eth0 [kernel1 16:16] * (10)
10.0.2.0/24        dev ipsec0 [direct1 16:19] * (240)
<-------- connected route changed to ipsec0
192.168.56.0/24    dev eth1 [direct1 16:16] * (240)

Ipsec stopped again:

bird> show interfaces
lo up (index=1)
	MultiAccess AdminUp LinkUp Loopback Ignored MTU=16436
	127.0.0.1/8 (Primary, scope host)
eth0 up (index=2)
	MultiAccess Broadcast Multicast AdminUp LinkUp MTU=1500
	10.0.2.15/24 (Primary, scope site)
eth1 up (index=3)
	MultiAccess Broadcast Multicast AdminUp LinkUp MTU=1500
	192.168.56.3/24 (Primary, scope site)
ipsec0 DOWN (index=7)
	MultiAccess AdminDown LinkDown MTU=16260
ipsec1 DOWN (index=8)
	MultiAccess AdminDown LinkDown MTU=0
mast0 DOWN (index=9)

bird> show route
0.0.0.0/0          via 10.0.2.2 on eth0 [kernel1 16:16] * (10)
192.168.56.0/24    dev eth1 [direct1 16:16] * (240)

Connected route from eth0 is missing.

Log:

Jul 23 16:31:19 debianvm1 ipsec_setup: Starting Openswan IPsec 2.6.28...
Jul 23 16:31:19 debianvm1 ipsec_setup: Using KLIPS/legacy stack
Jul 23 16:31:20 debianvm1 ipsec_setup: KLIPS debug `none'
Jul 23 16:31:20 debianvm1 ipsec_setup: KLIPS ipsec0 on eth0
10.0.2.15/255.255.255.0 broadcast 10.0.2.255
Jul 23 16:31:20 debianvm1 bird: static1 < interface ipsec0 goes up
Jul 23 16:31:20 debianvm1 bird: direct1 < primary address 10.0.0.0/8
on interface ipsec0 added
Jul 23 16:31:20 debianvm1 bird: direct1 > added [best] 10.0.0.0/8 dev ipsec0
Jul 23 16:31:20 debianvm1 bird: kernel1 < rejected by protocol
10.0.0.0/8 dev ipsec0
Jul 23 16:31:20 debianvm1 bird: direct1 < primary address 10.0.0.0/8
on interface ipsec0 removed
Jul 23 16:31:20 debianvm1 bird: direct1 > removed [sole] 10.0.0.0/8 dev ipsec0
Jul 23 16:31:20 debianvm1 bird: static1 < interface ipsec0 goes down
Jul 23 16:31:20 debianvm1 ipsec_setup: ...Openswan IPsec started
Jul 23 16:31:20 debianvm1 ipsec__plutorun: adjusting ipsec.d to /etc/ipsec.d
Jul 23 16:31:20 debianvm1 ipsec__plutorun: 003 NAT-Traversal: Trying
new style NAT-T
Jul 23 16:31:22 debianvm1 bird: device1: Scanning interfaces
Jul 23 16:31:22 debianvm1 bird: static1 < interface ipsec0 goes up
Jul 23 16:31:22 debianvm1 bird: direct1 < primary address 10.0.2.0/24
on interface ipsec0 added
Jul 23 16:31:22 debianvm1 bird: direct1 > added 10.0.2.0/24 dev ipsec0
Jul 23 16:31:22 debianvm1 bird: kernel1 < rejected by protocol
10.0.2.0/24 dev ipsec0
Jul 23 16:31:32 debianvm1 bird: device1: Scanning interfaces
Jul 23 16:31:32 debianvm1 bird: kernel1: Scanning routing table
Jul 23 16:31:32 debianvm1 bird: kernel1: 0.0.0.0/0: [alien] seen
Jul 23 16:31:32 debianvm1 bird: kernel1: Pruning table master
Jul 23 16:31:32 debianvm1 bird: kernel1: Pruning inherited routes
Jul 23 16:31:35 debianvm1 ipsec_setup: Stopping Openswan IPsec...
Jul 23 16:31:37 debianvm1 bird: direct1 < primary address 10.0.2.0/24
on interface ipsec0 removed
Jul 23 16:31:37 debianvm1 bird: direct1 > removed [sole] 10.0.2.0/24 dev ipsec0
Jul 23 16:31:37 debianvm1 bird: static1 < interface ipsec0 goes down
Jul 23 16:31:37 debianvm1 ipsec_setup: ...Openswan IPsec stopped
Jul 23 16:31:41 debianvm1 bird: device1: Scanning interfaces
Jul 23 16:31:51 debianvm1 bird: device1: Scanning interfaces
Jul 23 16:31:51 debianvm1 bird: kernel1: Scanning routing table
Jul 23 16:31:51 debianvm1 bird: kernel1: 0.0.0.0/0: [alien] seen
Jul 23 16:31:51 debianvm1 bird: kernel1: Pruning table master
Jul 23 16:31:51 debianvm1 bird: kernel1: Pruning inherited routes

thx
Csszep

strange behaviour with direct protocol if two interface has the same ip address

csszep