Security Gateway / Cluster Member on Gaia OS with configured BGP that uses MD5 Authentication might randomly crash

Support Center > Search Results > SecureKnowledge Details

Solution ID	sk101976
Product	Security Gateway, ClusterXL, Cluster - 3rd party, VSX
Version	R77, R77.10, R77.20, R77.30, R76SP
OS	Gaia
Platform / Model	All
Date Created	07-Aug-2014
Last Modified	18-Jul-2019

Symptoms

Security Gateway / Cluster Member with configured BGP that uses MD5 Authentication might randomly crash with the following stacks:

 #0 [...] machine_kexec at ...
 #1 [...] crash_kexec at ...
 #2 [...] kdb_main_loop at ...
 #3 [...] kdba_main_loop at ...
 #4 [...] kdb at ...
 #5 [...] kdba_entry at ...
 #6 [...] notifier_call_chain at ...
 #7 [...] __die at ...
 #8 [...] do_page_fault at ...
 #9 [...] error_exit at ...
#10 [...] update(...) at mm.h
#11 [...] tcp_v4_calc_md5_hash(...) at crypto.h
#12 [...] tcp_transmit_skb(...) at tcp_output.c
#13 [...] __tcp_push_pending_frames(...) at tcp_output.c
#14 [...] tcp_sendmsg(...) at tcp.c
#15 [...] do_sock_write(...) at socket.c
#16 [...] sock_aio_write(...) at ...
#17 [...] do_sync_write(...) at read_write.c
#18 [...] vfs_write(...) at ... 
#19 [...] sys_write(...) at read_write.c
#20 [...] sysenter_do_call() at ...

 #0 [...] machine_kexec at ...
 #1 [...] crash_kexec at ...
 #2 [...] kdb_main_loop at ...
 #3 [...] kdba_main_loop at ...
 #4 [...] kdb at ...
 #5 [...] kdba_entry at ...
 #6 [...] notifier_call_chain at ...
 #7 [...] __die at ...
 #8 [...] do_page_fault at ...
 #9 [...] error_exit at ...
    [... RIP: tcp_v4_calc_md5_hash+...]
    ... ... ...
#10 [...] tcp_v4_calc_md5_hash(...) at tcp_ipv4.c
#11 [...] tcp_v4_send_ack(...) at tcp_ipv4.c
#12 [...] tcp_v4_rcv(...) at tcp_ipv4.c
#13 [...] ip_local_deliver(...) at ip_input.c
#14 [...] ip_rcv_finish(...) at dst.h
#15 [...] fwlinux_filter_finish() at ...
... ... ...

Cause

In some cases, kernel might crash due to incorrect processing of MD5 hash in BGP packets.

Solution

Note: To view this solution you need to Sign In .