[Openswan dev] pluto uses states after interfaces are shut down

Tilman Baumann tilman.baumann at collax.com
Wed Sep 12 11:26:25 EDT 2007 

Hi all,

last days i discovered a very interesting problem. Pluto often 
segfaulted when devices (ppp) went down and pluto was whacked afterwards.
Further investigation showed it died at send_packet() invoked by 
dpd_event(). It either segfaulted or it got stuck in poll both in 
check_msg_errqueue().

After some debugging, i fond out that st->st_interface was a dead 
pointer and check_msg_errqueue either derefenced bad memory in 
log_errno(... ifp->ip_dev->id_rname) or poll run amok using random 
filedescriptors.
(Sometimes pluto survived all this and got into some awkward random 
state and was unresponsive on the control socket)

My first idea was that not all connections got released in 
release_dead_interfaces() this would be a problem because 
free_dead_ifaces() deletes the interface directly afterwards and closes 
the filedescriptor.
This kept me occupied with gdb for a while. Until i found out that in 
all connections (in the connection list) which used the interface which 
was going down where in fact shut down.

Then i found out that entries in the states hash could still refer to 
the deleted interface (st->st_interfac) after deleting all connections 
which used the interface.
It seems they don't get deleted when the connections gets down.

I'm not sure if i understood this situation right.
But this was the point where i made a little workaround which just 
checks all states of using interfaces that are flagged with (change == 
IFN_DELETE) and deletes them all with delete_state().
See attached patch.

I'm absolutely not sure if this is the right way do do it. But it worked 
for me so far.
I think it all comes down to the question if it is intended that states 
stay alive after deleting the connections.
If this is intended behaviour i think my approach to delete all invalid 
states is right. If not, we should find the reason why states survive.

Pluto is version Openswan 2.4.9

Regards
-- 
Tilman Baumann
Software Developer
Collax GmbH . Boetzinger Strasse 60 . 79111 Freiburg . Germany

p: +49 (0) 89-990157-0
f: +49 (0) 89-990157-11

Geschaeftsfuehrer: William K. Hite / Boris Nalbach
AG Muenchen HRB 158898, Ust.-IdNr: DE 814464942
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 06-delete_states_dead_interfaces.diff
Type: text/x-patch
Size: 2084 bytes
Desc: not available
Url : http://lists.openswan.org/pipermail/dev/attachments/20070912/ba72995a/attachment.bin

More information about the Dev mailing list