I have two machines which are set up to use Ip-Security and machine A (lets call them A and B) has a socket which is bound to a particular UDP port on the local machine and it polls it frequently to see if anything is received on it.
When I disable Ip-security, the data between the two machines goes through fine and I send and receive the packets fine. But when Ip-Security is enabled, the packet doesn't get to that socket on machine A sent by machine B.
I do a tcpdump on both the machines and I can see the (encrypted) packet being sent out from machine B and being received on machine A. But after that, the packet goes to the kernel and somewhere either in the decryption of the packet or at some other phase, the packet is dropped.
I want to be able to trace the packet as it goes through the kernel and to see where it is dropped. Is there some /proc that I can use for this purpose? The other method I can think of is to insert debug statements all over the kernel and recompile it and then try sending the packet again and going through the debug.
Thanks and sorry for the long message but it was necessary.
Please refer to the project named SystemTap. It allows you to insert user-friendly scripts hooking into any kernel code, without recompiling the kernel. For example:
probe function("ip_rcv").call {
printf("%d: ->ip_rcv()\n", gettimeofday_ms())
}
It will emit a kernel print for every received packet in the network layer. Of course, you would need to read the sources to follow from there deeper into the network stack.
SystemTap is very capable and quite documented about the various hooks that can be inserted.