RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 1664101 - system wide crypto policies causing IKE_INIT packet fragmentation
Summary: system wide crypto policies causing IKE_INIT packet fragmentation
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat Enterprise Linux 8
Classification: Red Hat
Component: libreswan
Version: 8.0
Hardware: All
OS: Linux
high
high
Target Milestone: rc
: 8.0
Assignee: Paul Wouters
QA Contact: Ondrej Moriš
URL:
Whiteboard:
Depends On:
Blocks: 1676590
TreeView+ depends on / blocked
 
Reported: 2019-01-07 17:12 UTC by Paul Wouters
Modified: 2019-06-14 01:52 UTC (History)
6 users (show)

Fixed In Version: libreswan-3.27-9.el8
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
: 1676590 (view as bug list)
Environment:
Last Closed: 2019-06-14 01:52:51 UTC
Type: Bug
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)
Extend parser to allow specifying condensed proposals (221.93 KB, patch)
2019-02-12 16:00 UTC, Paul Wouters 		no flags Details | Diff
View All

Description Paul Wouters 2019-01-07 17:12:24 UTC 
Due to the many proposals in the system wide crypto policy for libreswan, and the way libreswan creates a proposal for each one of them, instead of bundling them into one AEAD and one non-AEAD proposal, the IKE_INIT packet size ends up being more than 1500 bytes, causing network fragmentation.

This has to be fixed, as fragmentation issues too common.

The ideal fix is for libreswan to improve the proposal generator. It would also be good if the "default" policy would not need to specify an ike= line at all, resulting in a proper default concise proposal set.
Comment 1 Tomas Mraz 2019-02-04 12:28:18 UTC 
How would we keep in sync the definition of DEFAULT policy in crypto-policies and the libreswan built-in default?

Also would it mean that for DEFAULT we would not generate fragments but for LEGACY we would generate them?

Frankly, I do not see how it would be possible to not specify ike in policies.

The only other option for solving this via crypto-policies change I can see is if you could go through the current configuration profiles for libreswan in all the levels and see whether there are some algorithm proposals which are not really used and so we could drop them from the configs to make the packet size below 1500 bytes.
Comment 2 Paul Wouters 2019-02-04 13:58:26 UTC 
I think this needs to be solved in libreswan. It should create two proposals with all elements (one AEAD and one non-AEAD). Having a proposal for each ike transform combinations is too much as we can see.
Comment 3 Paul Wouters 2019-02-04 14:08:49 UTC 
The issue is that the crypto policies load a large number of proposals based on sets, and not based on transforms. This causes a packet of > 1500 bytes, which can get fragmented. Fragmented packets often don't make it on the network, so then IKE negotiation fails. IKE fragmentation of IKE_INIT is not possible in the IKE protocol, only from the 2nd packet on (IKE_AUTH) can we fragment (and we do if needed)
Comment 4 Paul Wouters 2019-02-04 14:24:56 UTC 
possible workaround for those affected by IKE packet fragment dropping, would be to comment out the crypto-policy include line in /etc/ipsec.conf
Comment 10 Paul Wouters 2019-02-12 16:00:42 UTC 
Created attachment 1534122 [details]
Extend parser to allow specifying condensed proposals

This patch is needed so we can accept proposals specifying transforms, so that crypto-policies can be specified without a combinatory explosion causing IKE_INIT fragmentation
Comment 15 Ondrej Moriš 2019-02-26 08:48:57 UTC 
Successfully verified, for all the details including IKE_SA_INIT packet sizes in various policies and scenarios see verification [1] of the corresponding crypto-policies bug.

[1]  https://bugzilla.redhat.com/show_bug.cgi?id=1676590#c17
Note You need to log in before you can comment on or make changes to this bug.