Security Gateway / Cluster Member with configured BGP that uses MD5 Authentication might randomly crash with the following stacks:
#0 [...] machine_kexec at ...
#1 [...] crash_kexec at ...
#2 [...] kdb_main_loop at ...
#3 [...] kdba_main_loop at ...
#4 [...] kdb at ...
#5 [...] kdba_entry at ...
#6 [...] notifier_call_chain at ...
#7 [...] __die at ...
#8 [...] do_page_fault at ...
#9 [...] error_exit at ...
#10 [...] update(...) at mm.h
#11 [...] tcp_v4_calc_md5_hash(...) at crypto.h
#12 [...] tcp_transmit_skb(...) at tcp_output.c
#13 [...] __tcp_push_pending_frames(...) at tcp_output.c
#14 [...] tcp_sendmsg(...) at tcp.c
#15 [...] do_sock_write(...) at socket.c
#16 [...] sock_aio_write(...) at ...
#17 [...] do_sync_write(...) at read_write.c
#18 [...] vfs_write(...) at ...
#19 [...] sys_write(...) at read_write.c
#20 [...] sysenter_do_call() at ...
#0 [...] machine_kexec at ...
#1 [...] crash_kexec at ...
#2 [...] kdb_main_loop at ...
#3 [...] kdba_main_loop at ...
#4 [...] kdb at ...
#5 [...] kdba_entry at ...
#6 [...] notifier_call_chain at ...
#7 [...] __die at ...
#8 [...] do_page_fault at ...
#9 [...] error_exit at ...
[... RIP: tcp_v4_calc_md5_hash+...]
... ... ...
#10 [...] tcp_v4_calc_md5_hash(...) at tcp_ipv4.c
#11 [...] tcp_v4_send_ack(...) at tcp_ipv4.c
#12 [...] tcp_v4_rcv(...) at tcp_ipv4.c
#13 [...] ip_local_deliver(...) at ip_input.c
#14 [...] ip_rcv_finish(...) at dst.h
#15 [...] fwlinux_filter_finish() at ...
... ... ...
Cause
In some cases, kernel might crash due to incorrect processing of MD5 hash in BGP packets.
