Support Center > Search Results > SecureKnowledge Details
Security Gateway / Cluster Member on Gaia OS with configured BGP that uses MD5 Authentication might randomly crash
Symptoms
  • Security Gateway / Cluster Member with configured BGP that uses MD5 Authentication might randomly crash with the following stacks:

    1.  #0 [...] machine_kexec at ...
       #1 [...] crash_kexec at ...
       #2 [...] kdb_main_loop at ...
       #3 [...] kdba_main_loop at ...
       #4 [...] kdb at ...
       #5 [...] kdba_entry at ...
       #6 [...] notifier_call_chain at ...
       #7 [...] __die at ...
       #8 [...] do_page_fault at ...
       #9 [...] error_exit at ...
      #10 [...] update(...) at mm.h
      #11 [...] tcp_v4_calc_md5_hash(...) at crypto.h
      #12 [...] tcp_transmit_skb(...) at tcp_output.c
      #13 [...] __tcp_push_pending_frames(...) at tcp_output.c
      #14 [...] tcp_sendmsg(...) at tcp.c
      #15 [...] do_sock_write(...) at socket.c
      #16 [...] sock_aio_write(...) at ...
      #17 [...] do_sync_write(...) at read_write.c
      #18 [...] vfs_write(...) at ... 
      #19 [...] sys_write(...) at read_write.c
      #20 [...] sysenter_do_call() at ...
      
    2.  #0 [...] machine_kexec at ...
       #1 [...] crash_kexec at ...
       #2 [...] kdb_main_loop at ...
       #3 [...] kdba_main_loop at ...
       #4 [...] kdb at ...
       #5 [...] kdba_entry at ...
       #6 [...] notifier_call_chain at ...
       #7 [...] __die at ...
       #8 [...] do_page_fault at ...
       #9 [...] error_exit at ...
          [... RIP: tcp_v4_calc_md5_hash+...]
          ... ... ...
      #10 [...] tcp_v4_calc_md5_hash(...) at tcp_ipv4.c
      #11 [...] tcp_v4_send_ack(...) at tcp_ipv4.c
      #12 [...] tcp_v4_rcv(...) at tcp_ipv4.c
      #13 [...] ip_local_deliver(...) at ip_input.c
      #14 [...] ip_rcv_finish(...) at dst.h
      #15 [...] fwlinux_filter_finish() at ...
      ... ... ...
      
Cause

In some cases, kernel might crash due to incorrect processing of MD5 hash in BGP packets.


Solution
Note: To view this solution you need to Sign In .