My crypto driver (under development) is passing all the extended test manager test (I’m on Kernel v5.4.31). For debugging purposes I can either only register “cbc(aes)” or the full “authenc(hmac(256), cbc(aes))”. For testing purposes I am only using two simple “ip xfrm state” and “ip xfrm policy” plus additional “ip route”. Without my driver the tunnel works as expected using the generic in-tree software modules. Whit the driver installed before setting up the tunnel the self-tests are run. (No test for “echainiv(authenc…”) So incase I am only using the “cbc(aes)” the authenc(hham(sha256-generic), eip-cbc-aes) is created and tested (pass). The echainiv(authenc…) is also created. Even though all the extended tests were successful I can’t ping from my device. I’m getting “ping: send to: Out of memory”. Pinging to the device works as expected. However: if I’m adding a “size” to the ping, it starts works: “ping 10.0.0.2 -s1411” works without any problem. Anything less than 1411 fails “out of memory”?? I did hex_dumps of the source and destination scatterlists and well as the IV, authentication TAG. They look the same for both and “inbound - ping” and an “outbound - ping”, with the exception that the encrypt/decrypt calls are reversed (obviously). This also shows that the tunnel works otherwise I would get anything into the driver. “ip -s x s” also confirms that packets are being send and received. Again all else the same, except the driver not loaded, it works, so firewall or routing problems can be eliminated. Any suggestions where to start looking for the “bug” in my driver?
