Cart

/ Domain name

/ Hosting & Email

/ Your .CO.UK domain
for only £ 4.99**

Get started with your own domain names

Register now

/ Virtual Servers

/ Software

/ Networking

/ Storage

/ TransIP

/ Other

/ Latest news

Launch of new Big Storage platform

Read more
Need help?
Cart Control panel

    Sorry, we could not find any results for your search querry.

    Home VPS Configure your VPS Security Checking if your Linux VPS uses IPsec/ESP, xfrm of RxRPC/AFS

    Checking if your Linux VPS uses IPsec/ESP, xfrm of RxRPC/AFS

    To implement a temporary mitigation for the Dirty Frag and Copy Fail 2 Linux Kernel vulnerabilities, it is important to check whether you are using IPsec/ESP, xfrm, or RxRPC/AFS. In this article, we explain how to do this.

     

    Explanation of terminology

     

    IPsec/ESP

    IPsec is a set of network protocols to secure IP traffic, often used for VPN connections between servers, offices, or networks. ESP stands for Encapsulating Security Payload and is the part of IPsec that encrypts traffic and/or checks its integrity.

    xfrm

    xfrm is the Linux kernel component that handles IPsec traffic. Tools and daemons such as strongSwan or Libreswan use xfrm to configure IPsec rules, encryption, and secure network connections in the kernel.

    RxRPC

    RxRPC is a kernel protocol for remote procedure calls. It is primarily used as a transport layer for AFS functionality. On most VPSs, this is not consciously used.

    AFS

    AFS stands for Andrew File System. This is a distributed file system that allows files to be made available across multiple systems or networks. In Linux, AFS can use RxRPC. For standard web servers, databases, or regular VPS workloads, AFS is usually not in use.

     

    Check if your VPS uses IPsec/ESP, xfrm, or RxRPC/AFS

     

    Checks for xfrm/IPsec

    First check if there are active xfrm/IPsec state policies running:

    sudo ip xfrm state
sudo ip xfrm policy

    If both commands show no entries, the system is likely not using a kernel IPsec/xfrm configuration at that moment. If there are entries, IPsec/xfrm is active and can break the blocking of esp4/esp6 traffic.

    Additional checks for IPsec/ESP:

    # Check if relevant kernel modules are loaded
lsmod | egrep '^(esp4|esp6|xfrm_user|xfrm_algo|af_key)'

# Check for known IPsec daemons
systemctl --type=service | egrep 'strongswan|libreswan|ipsec|racoon'

# Check if IKE/NAT-T ports are in use
sudo ss -lunp | egrep ':(500|4500)\b'

    Checks for RxRPC/AFS:

    # Check if RxRPC/AFS kernel modules are loaded
lsmod | egrep '^(rxrpc|kafs|openafs)'

# Check for AFS processes or services
ps aux | egrep 'afs|openafs|kafs' | grep -v grep
systemctl --type=service | egrep 'afs|openafs'

     

    Interpreting the output

    • If you see esp4, esp6, xfrm_* or a daemon such as strongSwan/Libreswan, first check your VPN/IPsec configuration before applying any mitigations.
    • If you see rxrpc, kafs or openafs, blocking rxrpc may affect AFS functionality.
    • If you do not receive any relevant output, the chance that the temporary mitigation for Dirt Frag or Copy Fail 2 has a functional impact is smaller, but testing remains advisable.

     

    Was this article helpful?


    Provide feedback about this article

    Index

    Need help?

    Receive personal support from our supporters

    Contact us