[Openswan dev] Pluto respawns with rightid=%fromcert
Nicolas Bellido Y Ortega
ml at acolin.be
Thu Dec 11 03:32:36 EST 2008
Following a thread on the user list [*], pluto receives a SIGABRT and
respawns itself when rightid=%fromcert is present in ipsec.conf.
The setup is the following (for a more complete description, please
have a look at the thread on the user list):
I want two peers ('Left' and 'Right') to communicate through an IPSec
tunnel:
Left [10.0.5.83] <--------> Right [10.0.5.110]
I want them to authenticate themselves based on their certificate, and
the certs to be validated against each other's CA root cert.
That is, I want Right to authenticate with its cert onto Left, and Left
to validate Right's cert based on Right's CA root cert.
Similarly, Right validates Left's cert against Left's CA root cert.
Left is configured as follows:
version 2.0
config setup
nat_traversal=yes
OE=off
protostack=netkey
dumpdir=/tmp # Only here for debug
conn left-right-vpn
left=10.0.5.83
leftcert=/etc/ipsec.d/certs/leftCert.pem
leftsendcert=always
right=%any
rightca=%any
rightid=%fromcert
auto=add
Right's config has no impact here, but can be found in the thread on
the user list.
Left has its own cert and private key, plus Right's CA root cert in
/etc/ipsec.d/{certs,private,cacerts}. The private key is protected with a
passphrase.
When starting openswan with 'ipsec setup start' *and*
rightid=%fromcert is in ipsec.conf, pluto constantly crashes and
respawns itself.
If rightid=%fromcert is not present, then pluto runs fine.
Right does *not* initiate a connection.
On Left:
$ uname -a
Linux esx01_qa006 2.6.18-92.1.18.el5 #1 SMP Wed Nov 12 09:30:27 EST 2008 i686 i686 i386 GNU/Linux
$ cat /etc/redhat-release
CentOS release 5.2 (Final)
$ ipsec version
Linux Openswan U2.6.19/K2.6.18-92.1.18.el5 (netkey)
Here's gdb's backtrace decoding of the core file when pluto crashes:
$ cd /home/nbo/rpm/BUILD/openswan-2.6.19/OBJ.linux.i386/programs/pluto
$ gdb pluto
GNU gdb Red Hat Linux (6.5-37.el5_2.2rh)
Copyright (C) 2006 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "i386-redhat-linux-gnu"...Using host libthread_db library "/lib/libthread_db.so.1".
(gdb) core /tmp/core.5937
warning: Can't read pathname for load map: Input/output error.
Loaded symbols for /home/nbo/rpm/BUILD/openswan-2.6.19/OBJ.linux.i386/programs/pluto/pluto
Reading symbols from /lib/libcrypt.so.1...done.
Loaded symbols for /lib/libcrypt.so.1
Reading symbols from /usr/lib/sse2/libgmp.so.3...done.
Loaded symbols for /usr/lib/sse2/libgmp.so.3
Reading symbols from /lib/libc.so.6...done.
Loaded symbols for /lib/libc.so.6
Reading symbols from /lib/ld-linux.so.2...done.
Loaded symbols for /lib/ld-linux.so.2
Core was generated by `/usr/libexec/ipsec/pluto --nofork --secretsfile /etc/ipsec.secrets --ipsecdir /'.
Program terminated with signal 6, Aborted.
#0 0x0033f402 in __kernel_vsyscall ()
(gdb) bt full
#0 0x0033f402 in __kernel_vsyscall ()
No symbol table info available.
#1 0x0099fd10 in raise () from /lib/libc.so.6
No symbol table info available.
#2 0x009a1621 in abort () from /lib/libc.so.6
No symbol table info available.
#3 0x007012ac in passert_fail (pred_str=0xbf7f67da "case -3 unexpected", file_str=0x7b9d28 "/home/nbo/rpm/BUILD/openswan-2.6.19/lib/libopenswan/id.c", line_no=337)
at /home/nbo/rpm/BUILD/openswan-2.6.19/programs/pluto/log.c:624
No locals.
#4 0x0070133f in openswan_switch_fail (n=-3, file_str=0x7b9d28 "/home/nbo/rpm/BUILD/openswan-2.6.19/lib/libopenswan/id.c", line_no=337)
at /home/nbo/rpm/BUILD/openswan-2.6.19/programs/pluto/log.c:610
buf = "case -3 unexpected\000{v\000\n\000\000\000 at q�"
#5 0x007684ba in unshare_id_content (id=0x8cdd884) at /home/nbo/rpm/BUILD/openswan-2.6.19/lib/libopenswan/id.c:337
No locals.
#6 0x006f5efe in unshare_connection_end_strings (e=0x0) at /home/nbo/rpm/BUILD/openswan-2.6.19/programs/pluto/connections.c:732
No locals.
#7 0x006f60d3 in unshare_connection_strings (c=0x8cdd728) at /home/nbo/rpm/BUILD/openswan-2.6.19/programs/pluto/connections.c:771
sr = (struct spd_route *) 0x8cdd770
#8 0x006f9d71 in add_connection (wm=0xbf7f7314) at /home/nbo/rpm/BUILD/openswan-2.6.19/programs/pluto/connections.c:1422
same_rightca = <value optimized out>
same_leftca = 0
c = (struct connection *) 0x8cdd728
alg_info_ike = (struct alg_info_ike *) 0x0
ugh = <value optimized out>
buf = "<NULL>", '\0' <repeats 249 times>
#9 0x0073420b in whack_process (whackfd=10, msg=
{magic = 1869114150, whack_status = 0, whack_shutdown = 0, name_len = 0, name = 0xbf7f9d08 "left-right-vpn", whack_options = 0, debugging = 0, whack_connection = 1,
whack_async = 0, policy = 33554534, sa_ike_life_seconds = 3600, sa_ipsec_life_seconds = 28800, sa_rekey_margin = 540, sa_rekey_fuzz = 100, sa_keying_tries = 0, dpd_delay = 0,
dpd_timeout = 0, dpd_action = DPD_ACTION_CLEAR, dpd_count = 0, forceencaps = 0, left = {id = 0xbf7f9d17 "10.0.5.83", cert = 0xbf7f9d21 "/etc/ipsec.d/certs/leftCert.pem", ca =
0x0, groups = 0x0, host_type = KH_IPADDR, host_addr = {u = {v4 = {sin_family = 2, sin_port = 0, sin_addr = {s_addr = 1392836618}, sin_zero = "\000\000\000\000\000\000\000"},
v6 = {sin6_family = 2, sin6_port = 0, sin6_flowinfo = 1392836618, sin6_addr = {in6_u = {u6_addr8 = '\0' <repeats 15 times>, u6_addr16 = {0, 0, 0, 0, 0, 0, 0, 0}, u6_addr32 =
{0, 0, 0, 0}}}, sin6_scope_id = 0}}}, host_nexthop = {u = {v4 = {sin_family = 2, sin_port = 0, sin_addr = {s_addr = 0}, sin_zero = "\000\000\000\000\000\000\000"}, v6 =
{sin6_family = 2, sin6_port = 0, sin6_flowinfo = 0, sin6_addr = {in6_u = {u6_addr8 = '\0' <repeats 15 times>, u6_addr16 = {0, 0, 0, 0, 0, 0, 0, 0}, u6_addr32 = {0, 0, 0, 0}}},
sin6_scope_id = 0}}}, host_srcip = {u = {v4 = {sin_family = 0, sin_port = 0, sin_addr = {s_addr = 0}, sin_zero = "\000\000\000\000\000\000\000"}, v6 = {sin6_family = 0,
sin6_port = 0, sin6_flowinfo = 0, sin6_addr = {in6_u = {u6_addr8 = '\0' <repeats 15 times>, u6_addr16 = {0, 0, 0, 0, 0, 0, 0, 0}, u6_addr32 = {0, 0, 0, 0}}}, sin6_scope_id =
0}}}, client = {addr = {u = {v4 = {sin_family = 2, sin_port = 0, sin_addr = {s_addr = 0}, sin_zero = "\000\000\000\000\000\000\000"}, v6 = {sin6_family = 2, sin6_port = 0,
sin6_flowinfo = 0, sin6_addr = {in6_u = {u6_addr8 = '\0' <repeats 15 times>, u6_addr16 = {0, 0, 0, 0, 0, 0, 0, 0}, u6_addr32 = {0, 0, 0, 0}}}, sin6_scope_id = 0}}}, maskbits =
0}, key_from_DNS_on_demand = 1, has_client = 0, has_client_wildcard = 0, has_port_wildcard = 0, updown = 0x0, host_port = 500, port = 0, protocol = 0 '\0', virt = 0x0,
xauth_server = 0, xauth_client = 0, xauth_name = 0x0, modecfg_server = 0, modecfg_client = 0, tundev = 0, sendcert = cert_alwayssend, certtype = CERT_NONE, host_addr_name =
0xbf7f9d60 "10.0.5.83"}, right = {id = 0xbf7f9d45 "%fromcert", cert = 0x0, ca = 0xbf7f9d50 "%any", groups = 0x0, host_type = KH_ANY, host_addr = {u = {v4 = {sin_family = 2,
sin_port = 0, sin_addr = {s_addr = 0}, sin_zero = "\000\000\000\000\000\000\000"}, v6 = {sin6_family = 2, sin6_port = 0, sin6_flowinfo = 0, sin6_addr = {in6_u = {u6_addr8
= '\0' <repeats 15 times>, u6_addr16 = {0, 0, 0, 0, 0, 0, 0, 0}, u6_addr32 = {0, 0, 0, 0}}}, sin6_scope_id = 0}}}, host_nexthop = {u = {v4 = {sin_family = 2, sin_port = 0,
sin_addr = {s_addr = 0}, sin_zero = "\000\000\000\000\000\000\000"}, v6 = {sin6_family = 2, sin6_port = 0, sin6_flowinfo = 0, sin6_addr = {in6_u = {u6_addr8 = '\0' <repeats 15
times>, u6_addr16 = {0, 0, 0, 0, 0, 0, 0, 0}, u6_addr32 = {0, 0, 0, 0}}}, sin6_scope_id = 0}}}, host_srcip = {u = {v4 = {sin_family = 0, sin_port = 0, sin_addr = {s_addr = 0},
sin_zero = "\000\000\000\000\000\000\000"}, v6 = {sin6_family = 0, sin6_port = 0, sin6_flowinfo = 0, sin6_addr = {in6_u = {u6_addr8 = '\0' <repeats 15 times>, u6_addr16 = {0,
0, 0, 0, 0, 0, 0, 0}, u6_addr32 = {0, 0, 0, 0}}}, sin6_scope_id = 0}}}, client = {addr = {u = {v4 = {sin_family = 2, sin_port = 0, sin_addr = {s_addr = 0}, sin_zero
= "\000\000\000\000\000\000\000"}, v6 = {sin6_family = 2, sin6_port = 0, sin6_flowinfo = 0, sin6_addr = {in6_u = {u6_addr8 = '\0' <repeats 15 times>, u6_addr16 = {0, 0, 0, 0,
0, 0, 0, 0}, u6_addr32 = {0, 0, 0, 0}}}, sin6_scope_id = 0}}}, maskbits = 0}, key_from_DNS_on_demand = 1, has_client = 0, has_client_wildcard = 0, has_port_wildcard = 0,
updown = 0x0, host_port = 500, port = 0, protocol = 0 '\0', virt = 0x0, xauth_server = 0, xauth_client = 0, xauth_name = 0x0, modecfg_server = 0, modecfg_client = 0, tundev =
0, sendcert = cert_alwayssend, certtype = CERT_NONE, host_addr_name = 0x0}, addr_family = 2, tunnel_addr_family = 2, ike = 0x0, pfsgroup = 0x0, esp = 0x0, whack_key = 0,
whack_addkey = 0, keyid = 0x0, pubkey_alg = 0, keyval = {ptr = 0xbf7f9d6f "", len = 0}, whack_myid = 0, myid = 0x0, whack_route = 0, whack_unroute = 0, whack_initiate = 0,
whack_oppo_initiate = 0, oppo_my_client = {u = {v4 = {sin_family = 0, sin_port = 0, sin_addr = {s_addr = 0}, sin_zero = "\000\000\000\000\000\000\000"}, v6 = {sin6_family = 0,
sin6_port = 0, sin6_flowinfo = 0, sin6_addr = {in6_u = {u6_addr8 = '\0' <repeats 15 times>, u6_addr16 = {0, 0, 0, 0, 0, 0, 0, 0}, u6_addr32 = {0, 0, 0, 0}}}, sin6_scope_id =
0}}}, oppo_peer_client = {u = {v4 = {sin_family = 0, sin_port = 0, sin_addr = {s_addr = 0}, sin_zero = "\000\000\000\000\000\000\000"}, v6 = {sin6_family = 0, sin6_port = 0,
sin6_flowinfo = 0, sin6_addr = {in6_u = {u6_addr8 = '\0' <repeats 15 times>, u6_addr16 = {0, 0, 0, 0, 0, 0, 0, 0}, u6_addr32 = {0, 0, 0, 0}}}, sin6_scope_id = 0}}},
whack_terminate = 0, whack_delete = 1, whack_deletestate = 0, whack_deletestateno = 0, whack_listen = 0, whack_unlisten = 0, whack_crash = 0, whack_crash_peer = {u = {v4 =
{sin_family = 0, sin_port = 0, sin_addr = {s_addr = 0}, sin_zero = "\000\000\000\000\000\000\000"}, v6 = {sin6_family = 0, sin6_port = 0, sin6_flowinfo = 0, sin6_addr = {in6_u
= {u6_addr8 = '\0' <repeats 15 times>, u6_addr16 = {0, 0, 0, 0, 0, 0, 0, 0}, u6_addr32 = {0, 0, 0, 0}}}, sin6_scope_id = 0}}}, whack_utc = 0, whack_list = 0, whack_purgeocsp =
0, whack_reread = 0 '\0', tpmeval = 0x0, connalias = 0x0, modecfg_dns1 = {u = {v4 = {sin_family = 0, sin_port = 0, sin_addr = {s_addr = 0}, sin_zero
= "\000\000\000\000\000\000\000"}, v6 = {sin6_family = 0, sin6_port = 0, sin6_flowinfo = 0, sin6_addr = {in6_u = {u6_addr8 = '\0' <repeats 15 times>, u6_addr16 = {0, 0, 0, 0,
0, 0, 0, 0}, u6_addr32 = {0, 0, 0, 0}}}, sin6_scope_id = 0}}}, modecfg_dns2 = {u = {v4 = {si---Type <return> to continue, or q <return> to quit---
n_family = 0, sin_port = 0, sin_addr = {s_addr = 0}, sin_zero = "\000\000\000\000\000\000\000"}, v6 = {sin6_family = 0, sin6_port = 0, sin6_flowinfo = 0, sin6_addr = {in6_u =
{u6_addr8 = '\0' <repeats 15 times>, u6_addr16 = {0, 0, 0, 0, 0, 0, 0, 0}, u6_addr32 = {0, 0, 0, 0}}}, sin6_scope_id = 0}}}, modecfg_wins1 = {u = {v4 = {sin_family = 0,
sin_port = 0, sin_addr = {s_addr = 0}, sin_zero = "\000\000\000\000\000\000\000"}, v6 = {sin6_family = 0, sin6_port = 0, sin6_flowinfo = 0, sin6_addr = {in6_u = {u6_addr8
= '\0' <repeats 15 times>, u6_addr16 = {0, 0, 0, 0, 0, 0, 0, 0}, u6_addr32 = {0, 0, 0, 0}}}, sin6_scope_id = 0}}}, modecfg_wins2 = {u = {v4 = {sin_family = 0, sin_port = 0,
sin_addr = {s_addr = 0}, sin_zero = "\000\000\000\000\000\000\000"}, v6 = {sin6_family = 0, sin6_port = 0, sin6_flowinfo = 0, sin6_addr = {in6_u = {u6_addr8 = '\0' <repeats 15
times>, u6_addr16 = {0, 0, 0, 0, 0, 0, 0, 0}, u6_addr32 = {0, 0, 0, 0}}}, sin6_scope_id = 0}}}, dnshostname = 0x0, opt_set = WHACK_ADJUSTOPTIONS, string1 = 0x0, string2 = 0x0,
string3 = 0x0, str_size = 0, string = "left-right-vpn\00010.0.5.83\000/etc/ipsec.d/certs/leftCert.pem\000\000\000\000\000%fromcert\000\000%any", '\0' <repeats 12
times>, "10.0.5.83", '\0' <repeats 3998 times>}) at /home/nbo/rpm/BUILD/openswan-2.6.19/programs/pluto/rcv_whack.c:418
sr = <value optimized out>
fail = <value optimized out>
c = <value optimized out>
oco = (const struct osw_conf_options *) 0x7e0400
#10 0x00734e64 in whack_handle (whackctlfd=5) at /home/nbo/rpm/BUILD/openswan-2.6.19/programs/pluto/rcv_whack.c:753
ugh = <value optimized out>
wp = {msg = 0xbf7f99c4, str_roof = 0xbf7f9d6f "", str_next = 0xbf7f9d6f "", n = 939}
msg = {magic = 1869114150, whack_status = 0, whack_shutdown = 0, name_len = 0, name = 0xbf7f9d08 "left-right-vpn", whack_options = 0, debugging = 0, whack_connection =
1, whack_async = 0,
policy = 33554534, sa_ike_life_seconds = 3600, sa_ipsec_life_seconds = 28800, sa_rekey_margin = 540, sa_rekey_fuzz = 100, sa_keying_tries = 0, dpd_delay = 0, dpd_timeout =
0,
dpd_action = DPD_ACTION_CLEAR, dpd_count = 0, forceencaps = 0, left = {id = 0xbf7f9d17 "10.0.5.83", cert = 0xbf7f9d21 "/etc/ipsec.d/certs/leftCert.pem", ca = 0x0, groups =
0x0, host_type = KH_IPADDR,
host_addr = {u = {v4 = {sin_family = 2, sin_port = 0, sin_addr = {s_addr = 1392836618}, sin_zero = "\000\000\000\000\000\000\000"}, v6 = {sin6_family = 2, sin6_port = 0,
sin6_flowinfo = 1392836618,
sin6_addr = {in6_u = {u6_addr8 = '\0' <repeats 15 times>, u6_addr16 = {0, 0, 0, 0, 0, 0, 0, 0}, u6_addr32 = {0, 0, 0, 0}}}, sin6_scope_id = 0}}}, host_nexthop = {u =
{v4 = {sin_family = 2,
sin_port = 0, sin_addr = {s_addr = 0}, sin_zero = "\000\000\000\000\000\000\000"}, v6 = {sin6_family = 2, sin6_port = 0, sin6_flowinfo = 0, sin6_addr = {in6_u = {
u6_addr8 = '\0' <repeats 15 times>, u6_addr16 = {0, 0, 0, 0, 0, 0, 0, 0}, u6_addr32 = {0, 0, 0, 0}}}, sin6_scope_id = 0}}}, host_srcip = {u = {v4 = {sin_family =
0, sin_port = 0,
sin_addr = {s_addr = 0}, sin_zero = "\000\000\000\000\000\000\000"}, v6 = {sin6_family = 0, sin6_port = 0, sin6_flowinfo = 0, sin6_addr = {in6_u = {u6_addr8 = '\0'
<repeats 15 times>,
u6_addr16 = {0, 0, 0, 0, 0, 0, 0, 0}, u6_addr32 = {0, 0, 0, 0}}}, sin6_scope_id = 0}}}, client = {addr = {u = {v4 = {sin_family = 2, sin_port = 0, sin_addr =
{s_addr = 0},
sin_zero = "\000\000\000\000\000\000\000"}, v6 = {sin6_family = 2, sin6_port = 0, sin6_flowinfo = 0, sin6_addr = {in6_u = {u6_addr8 = '\0' <repeats 15 times>,
u6_addr16 = {0, 0, 0, 0, 0, 0,
0, 0}, u6_addr32 = {0, 0, 0, 0}}}, sin6_scope_id = 0}}}, maskbits = 0}, key_from_DNS_on_demand = 1, has_client = 0, has_client_wildcard = 0,
has_port_wildcard = 0, updown = 0x0,
host_port = 500, port = 0, protocol = 0 '\0', virt = 0x0, xauth_server = 0, xauth_client = 0, xauth_name = 0x0, modecfg_server = 0, modecfg_client = 0, tundev = 0,
sendcert = cert_alwayssend,
certtype = CERT_NONE, host_addr_name = 0xbf7f9d60 "10.0.5.83"}, right = {id = 0xbf7f9d45 "%fromcert", cert = 0x0, ca = 0xbf7f9d50 "%any", groups = 0x0, host_type = KH_ANY,
host_addr = {u = {v4 = {
sin_family = 2, sin_port = 0, sin_addr = {s_addr = 0}, sin_zero = "\000\000\000\000\000\000\000"}, v6 = {sin6_family = 2, sin6_port = 0, sin6_flowinfo = 0, sin6_addr
= {in6_u = {
u6_addr8 = '\0' <repeats 15 times>, u6_addr16 = {0, 0, 0, 0, 0, 0, 0, 0}, u6_addr32 = {0, 0, 0, 0}}}, sin6_scope_id = 0}}}, host_nexthop = {u = {v4 = {sin_family
= 2, sin_port = 0,
sin_addr = {s_addr = 0}, sin_zero = "\000\000\000\000\000\000\000"}, v6 = {sin6_family = 2, sin6_port = 0, sin6_flowinfo = 0, sin6_addr = {in6_u = {u6_addr8 = '\0'
<repeats 15 times>,
u6_addr16 = {0, 0, 0, 0, 0, 0, 0, 0}, u6_addr32 = {0, 0, 0, 0}}}, sin6_scope_id = 0}}}, host_srcip = {u = {v4 = {sin_family = 0, sin_port = 0, sin_addr = {s_addr
= 0},
sin_zero = "\000\000\000\000\000\000\000"}, v6 = {sin6_family = 0, sin6_port = 0, sin6_flowinfo = 0, sin6_addr = {in6_u = {u6_addr8 = '\0' <repeats 15 times>,
u6_addr16 = {0, 0, 0, 0, 0, 0, 0,
0}, u6_addr32 = {0, 0, 0, 0}}}, sin6_scope_id = 0}}}, client = {addr = {u = {v4 = {sin_family = 2, sin_port = 0, sin_addr = {s_addr = 0}, sin_zero
= "\000\000\000\000\000\000\000"}, v6 = {
sin6_family = 2, sin6_port = 0, sin6_flowinfo = 0, sin6_addr = {in6_u = {u6_addr8 = '\0' <repeats 15 times>, u6_addr16 = {0, 0, 0, 0, 0, 0, 0, 0}, u6_addr32 = {0,
0, 0, 0}}},
sin6_scope_id = 0}}}, maskbits = 0}, key_from_DNS_on_demand = 1, has_client = 0, has_client_wildcard = 0, has_port_wildcard = 0, updown = 0x0, host_port = 500,
port = 0, protocol = 0 '\0',
virt = 0x0, xauth_server = 0, xauth_client = 0, xauth_name = 0x0, modecfg_server = 0, modecfg_client = 0, tundev = 0, sendcert = cert_alwayssend, certtype = CERT_NONE,
host_addr_name = 0x0},
addr_family = 2, tunnel_addr_family = 2, ike = 0x0, pfsgroup = 0x0, esp = 0x0, whack_key = 0, whack_addkey = 0, keyid = 0x0, pubkey_alg = 0, keyval = {ptr = 0xbf7f9d6f "",
len = 0}, whack_myid = 0,
myid = 0x0, whack_route = 0, whack_unroute = 0, whack_initiate = 0, whack_oppo_initiate = 0, oppo_my_client = {u = {v4 = {sin_family = 0, sin_port = 0, sin_addr = {s_addr =
0},
sin_zero = "\000\000\000\000\000\000\000"}, v6 = {sin6_family = 0, sin6_port = 0, sin6_flowinfo = 0, sin6_addr = {in6_u = {u6_addr8 = '\0' <repeats 15 times>,
u6_addr16 = {0, 0, 0, 0, 0, 0, 0,
0}, u6_addr32 = {0, 0, 0, 0}}}, sin6_scope_id = 0}}}, oppo_peer_client = {u = {v4 = {sin_family = 0, sin_port = 0, sin_addr = {s_addr = 0}, sin_zero
= "\000\000\000\000\000\000\000"}, v6 = {
sin6_family = 0, sin6_port = 0, sin6_flowinfo = 0, sin6_addr = {in6_u = {u6_addr8 = '\0' <repeats 15 times>, u6_addr16 = {0, 0, 0, 0, 0, 0, 0, 0}, u6_addr32 = {0, 0,
0, 0}}},
sin6_scope_id = 0}}}, whack_terminate = 0, whack_delete = 1, whack_deletestate = 0, whack_deletestateno = 0, whack_listen = 0, whack_unlisten = 0, whack_crash = 0,
whack_crash_peer = {u = {v4 = {
sin_family = 0, sin_port = 0, sin_addr = {s_addr = 0}, sin_zero = "\000\000\000\000\000\000\000"}, v6 = {sin6_family = 0, sin6_port = 0, sin6_flowinfo = 0, sin6_addr =
{in6_u = {
u6_addr8 = '\0' <repeats 15 times>, u6_addr16 = {0, 0, 0, 0, 0, 0, 0, 0}, u6_addr32 = {0, 0, 0, 0}}}, sin6_scope_id = 0}}}, whack_utc = 0, whack_list = 0,
whack_purgeocsp = 0,
whack_reread = 0 '\0', tpmeval = 0x0, connalias = 0x0, modecfg_dns1 = {u = {v4 = {sin_family = 0, sin_port = 0, sin_addr = {s_addr = 0}, sin_zero
= "\000\000\000\000\000\000\000"}, v6 = {
sin6_family = 0, sin6_port = 0, sin6_flowinfo = 0, sin6_addr = {in6_u = {u6_addr8 = '\0' <repeats 15 times>, u6_addr16 = {0, 0, 0, 0, 0, 0, 0, 0}, u6_addr32 = {0, 0,
0, 0}}},
sin6_scope_id = 0}}}, modecfg_dns2 = {u = {v4 = {sin_family = 0, sin_port = 0, sin_addr = {s_addr = 0}, sin_zero = "\000\000\000\000\000\000\000"}, v6 = {sin6_family =
0, sin6_port = 0,
sin6_flowinfo = 0, sin6_addr = {in6_u = {u6_addr8 = '\0' <repeats 15 times>, u6_addr16 = {0, 0, 0, 0, 0, 0, 0, 0}, u6_addr32 = {0, 0, 0, 0}}}, sin6_scope_id = 0}}},
modecfg_wins1 = {u = {v4 = {
sin_family = 0, sin_port = 0, sin_addr = {s_addr = 0}, sin_zero = "\000\000\000\000\000\000\000"}, v6 = {sin6_family = 0, sin6_port = 0, sin6_flowinfo = 0, sin6_addr =
{in6_u = {
u6_addr8 = '\0' <repeats 15 times>, u6_addr16 = {0, 0, 0, 0, 0, 0, 0, 0}, u6_addr32 = {0, 0, 0, 0}}}, sin6_scope_id = 0}}}, modecfg_wins2 = {u = {v4 = {sin_family
= 0, sin_port = 0,
sin_addr = {s_addr = 0}, sin_zero = "\000\000\000\000\000\000\000"}, v6 = {sin6_family = 0, sin6_port = 0, sin6_flowinfo = 0, sin6_addr = {in6_u = {u6_addr8 = '\0'
<repeats 15 times>,
u6_addr16 = {0, 0, 0, 0, 0, 0, 0, 0}, u6_addr32 = {0, 0, 0, 0}}}, sin6_scope_id = 0}}}, dnshostname = 0x0, opt_set = WHACK_ADJUSTOPTIONS, string1 = 0x0, string2 =
0x0, string3 = 0x0,
str_size = 0, string = "left-right-vpn\00010.0.5.83\000/etc/ipsec.d/certs/leftCert.pem\000\000\000\000\000%fromcert\000\000%any", '\0' <repeats 12 times>, "10.0.5.83", '\0'
<repeats 3998 times>}
msg_saved = {magic = 1869114150, whack_status = 0, whack_shutdown = 0, name_len = 0, name = 0x0, whack_options = 0, debugging = 0, whack_connection = 1, whack_async =
0, policy = 33554534,
---Type <return> to continue, or q <return> to quit---
sa_ike_life_seconds = 3600, sa_ipsec_life_seconds = 28800, sa_rekey_margin = 540, sa_rekey_fuzz = 100, sa_keying_tries = 0, dpd_delay = 0, dpd_timeout = 0, dpd_action =
DPD_ACTION_CLEAR, dpd_count = 0,
forceencaps = 0, left = {id = 0x0, cert = 0x0, ca = 0x0, groups = 0x0, host_type = KH_IPADDR, host_addr = {u = {v4 = {sin_family = 2, sin_port = 0, sin_addr = {s_addr =
1392836618},
sin_zero = "\000\000\000\000\000\000\000"}, v6 = {sin6_family = 2, sin6_port = 0, sin6_flowinfo = 1392836618, sin6_addr = {in6_u = {u6_addr8 = '\0' <repeats 15
times>, u6_addr16 = {0, 0, 0, 0,
0, 0, 0, 0}, u6_addr32 = {0, 0, 0, 0}}}, sin6_scope_id = 0}}}, host_nexthop = {u = {v4 = {sin_family = 2, sin_port = 0, sin_addr = {s_addr = 0},
sin_zero = "\000\000\000\000\000\000\000"}, v6 = {sin6_family = 2, sin6_port = 0, sin6_flowinfo = 0, sin6_addr = {in6_u = {u6_addr8 = '\0' <repeats 15 times>,
u6_addr16 = {0, 0, 0, 0, 0, 0, 0,
0}, u6_addr32 = {0, 0, 0, 0}}}, sin6_scope_id = 0}}}, host_srcip = {u = {v4 = {sin_family = 0, sin_port = 0, sin_addr = {s_addr = 0}, sin_zero
= "\000\000\000\000\000\000\000"}, v6 = {
sin6_family = 0, sin6_port = 0, sin6_flowinfo = 0, sin6_addr = {in6_u = {u6_addr8 = '\0' <repeats 15 times>, u6_addr16 = {0, 0, 0, 0, 0, 0, 0, 0}, u6_addr32 = {0, 0,
0, 0}}},
sin6_scope_id = 0}}}, client = {addr = {u = {v4 = {sin_family = 2, sin_port = 0, sin_addr = {s_addr = 0}, sin_zero = "\000\000\000\000\000\000\000"}, v6 =
{sin6_family = 2, sin6_port = 0,
sin6_flowinfo = 0, sin6_addr = {in6_u = {u6_addr8 = '\0' <repeats 15 times>, u6_addr16 = {0, 0, 0, 0, 0, 0, 0, 0}, u6_addr32 = {0, 0, 0, 0}}}, sin6_scope_id =
0}}}, maskbits = 0},
key_from_DNS_on_demand = 1, has_client = 0, has_client_wildcard = 0, has_port_wildcard = 0, updown = 0x0, host_port = 500, port = 0, protocol = 0 '\0', virt = 0x0,
xauth_server = 0, xauth_client = 0,
xauth_name = 0x0, modecfg_server = 0, modecfg_client = 0, tundev = 0, sendcert = cert_alwayssend, certtype = CERT_NONE, host_addr_name = 0x0}, right = {id = 0x0, cert =
0x0, ca = 0x0, groups = 0x0,
host_type = KH_ANY, host_addr = {u = {v4 = {sin_family = 2, sin_port = 0, sin_addr = {s_addr = 0}, sin_zero = "\000\000\000\000\000\000\000"}, v6 = {sin6_family = 2,
sin6_port = 0, sin6_flowinfo = 0,
sin6_addr = {in6_u = {u6_addr8 = '\0' <repeats 15 times>, u6_addr16 = {0, 0, 0, 0, 0, 0, 0, 0}, u6_addr32 = {0, 0, 0, 0}}}, sin6_scope_id = 0}}}, host_nexthop = {u =
{v4 = {sin_family = 2,
sin_port = 0, sin_addr = {s_addr = 0}, sin_zero = "\000\000\000\000\000\000\000"}, v6 = {sin6_family = 2, sin6_port = 0, sin6_flowinfo = 0, sin6_addr = {in6_u = {
u6_addr8 = '\0' <repeats 15 times>, u6_addr16 = {0, 0, 0, 0, 0, 0, 0, 0}, u6_addr32 = {0, 0, 0, 0}}}, sin6_scope_id = 0}}}, host_srcip = {u = {v4 = {sin_family =
0, sin_port = 0,
sin_addr = {s_addr = 0}, sin_zero = "\000\000\000\000\000\000\000"}, v6 = {sin6_family = 0, sin6_port = 0, sin6_flowinfo = 0, sin6_addr = {in6_u = {u6_addr8 = '\0'
<repeats 15 times>,
u6_addr16 = {0, 0, 0, 0, 0, 0, 0, 0}, u6_addr32 = {0, 0, 0, 0}}}, sin6_scope_id = 0}}}, client = {addr = {u = {v4 = {sin_family = 2, sin_port = 0, sin_addr =
{s_addr = 0},
sin_zero = "\000\000\000\000\000\000\000"}, v6 = {sin6_family = 2, sin6_port = 0, sin6_flowinfo = 0, sin6_addr = {in6_u = {u6_addr8 = '\0' <repeats 15 times>,
u6_addr16 = {0, 0, 0, 0, 0, 0,
0, 0}, u6_addr32 = {0, 0, 0, 0}}}, sin6_scope_id = 0}}}, maskbits = 0}, key_from_DNS_on_demand = 1, has_client = 0, has_client_wildcard = 0,
has_port_wildcard = 0, updown = 0x0,
host_port = 500, port = 0, protocol = 0 '\0', virt = 0x0, xauth_server = 0, xauth_client = 0, xauth_name = 0x0, modecfg_server = 0, modecfg_client = 0, tundev = 0,
sendcert = cert_alwayssend,
certtype = CERT_NONE, host_addr_name = 0x0}, addr_family = 2, tunnel_addr_family = 2, ike = 0x0, pfsgroup = 0x0, esp = 0x0, whack_key = 0, whack_addkey = 0, keyid = 0x0,
pubkey_alg = 0, keyval = {
ptr = 0x0, len = 0}, whack_myid = 0, myid = 0x0, whack_route = 0, whack_unroute = 0, whack_initiate = 0, whack_oppo_initiate = 0, oppo_my_client = {u = {v4 = {sin_family =
0, sin_port = 0,
sin_addr = {s_addr = 0}, sin_zero = "\000\000\000\000\000\000\000"}, v6 = {sin6_family = 0, sin6_port = 0, sin6_flowinfo = 0, sin6_addr = {in6_u = {u6_addr8 = '\0'
<repeats 15 times>,
u6_addr16 = {0, 0, 0, 0, 0, 0, 0, 0}, u6_addr32 = {0, 0, 0, 0}}}, sin6_scope_id = 0}}}, oppo_peer_client = {u = {v4 = {sin_family = 0, sin_port = 0, sin_addr =
{s_addr = 0},
sin_zero = "\000\000\000\000\000\000\000"}, v6 = {sin6_family = 0, sin6_port = 0, sin6_flowinfo = 0, sin6_addr = {in6_u = {u6_addr8 = '\0' <repeats 15 times>,
u6_addr16 = {0, 0, 0, 0, 0, 0, 0,
0}, u6_addr32 = {0, 0, 0, 0}}}, sin6_scope_id = 0}}}, whack_terminate = 0, whack_delete = 1, whack_deletestate = 0, whack_deletestateno = 0, whack_listen = 0,
whack_unlisten = 0,
whack_crash = 0, whack_crash_peer = {u = {v4 = {sin_family = 0, sin_port = 0, sin_addr = {s_addr = 0}, sin_zero = "\000\000\000\000\000\000\000"}, v6 = {sin6_family = 0,
sin6_port = 0,
sin6_flowinfo = 0, sin6_addr = {in6_u = {u6_addr8 = '\0' <repeats 15 times>, u6_addr16 = {0, 0, 0, 0, 0, 0, 0, 0}, u6_addr32 = {0, 0, 0, 0}}}, sin6_scope_id = 0}}},
whack_utc = 0, whack_list = 0,
whack_purgeocsp = 0, whack_reread = 0 '\0', tpmeval = 0x0, connalias = 0x0, modecfg_dns1 = {u = {v4 = {sin_family = 0, sin_port = 0, sin_addr = {s_addr = 0}, sin_zero
= "\000\000\000\000\000\000\000"},
v6 = {sin6_family = 0, sin6_port = 0, sin6_flowinfo = 0, sin6_addr = {in6_u = {u6_addr8 = '\0' <repeats 15 times>, u6_addr16 = {0, 0, 0, 0, 0, 0, 0, 0}, u6_addr32 = {0,
0, 0, 0}}},
sin6_scope_id = 0}}}, modecfg_dns2 = {u = {v4 = {sin_family = 0, sin_port = 0, sin_addr = {s_addr = 0}, sin_zero = "\000\000\000\000\000\000\000"}, v6 = {sin6_family =
0, sin6_port = 0,
sin6_flowinfo = 0, sin6_addr = {in6_u = {u6_addr8 = '\0' <repeats 15 times>, u6_addr16 = {0, 0, 0, 0, 0, 0, 0, 0}, u6_addr32 = {0, 0, 0, 0}}}, sin6_scope_id = 0}}},
modecfg_wins1 = {u = {v4 = {
sin_family = 0, sin_port = 0, sin_addr = {s_addr = 0}, sin_zero = "\000\000\000\000\000\000\000"}, v6 = {sin6_family = 0, sin6_port = 0, sin6_flowinfo = 0, sin6_addr =
{in6_u = {
u6_addr8 = '\0' <repeats 15 times>, u6_addr16 = {0, 0, 0, 0, 0, 0, 0, 0}, u6_addr32 = {0, 0, 0, 0}}}, sin6_scope_id = 0}}}, modecfg_wins2 = {u = {v4 = {sin_family
= 0, sin_port = 0,
sin_addr = {s_addr = 0}, sin_zero = "\000\000\000\000\000\000\000"}, v6 = {sin6_family = 0, sin6_port = 0, sin6_flowinfo = 0, sin6_addr = {in6_u = {u6_addr8 = '\0'
<repeats 15 times>,
u6_addr16 = {0, 0, 0, 0, 0, 0, 0, 0}, u6_addr32 = {0, 0, 0, 0}}}, sin6_scope_id = 0}}}, dnshostname = 0x0, opt_set = WHACK_ADJUSTOPTIONS, string1 = 0x0, string2 =
0x0, string3 = 0x0,
str_size = 0, string = "left-right-vpn\00010.0.5.83\000/etc/ipsec.d/certs/leftCert.pem\000\000\000\000\000%fromcert\000\000%any", '\0' <repeats 12 times>, "10.0.5.83", '\0'
<repeats 3998 times>}
whackaddr = {sun_family = 1, sun_path = '\0' <repeats 40 times>, "6\221\237\000X�\177�3�v", '\0' <repeats 17 times>, "\bx}\000��\177�\210�\177��\234p", '\0' <repeats
21 times>, "`\022p"}
whackaddrlen = 2
whackfd = 10
n = -1082156604
#11 0x00708a2a in call_server () at /home/nbo/rpm/BUILD/openswan-2.6.19/programs/pluto/server.c:774
tm = {tv_sec = 120, tv_usec = 0}
readfds = {__osfds_bits = {32, 0 <repeats 255 times>}}
writefds = {__osfds_bits = {0 <repeats 256 times>}}
ndes = 1
ifp = <value optimized out>
lastn = 0
#12 0x0070573e in main (argc=1902855503, argv=0x50424c48) at /home/nbo/rpm/BUILD/openswan-2.6.19/programs/pluto/plutomain.c:837
v = 0x7e0620 "OEkqHLBPOfMD"
vc = 0x7c2328 "2.6.19"
fork_desired = 0
lockfd = <value optimized out>
ocspuri = 0x0
---Type <return> to continue, or q <return> to quit---
nhelpers = -1
coredir = 0x0
oco = (const struct osw_conf_options *) 0x7e0400
nat_traversal = 1
nat_t_spf = 1
keep_alive = 0
force_keepalive = 0
virtual_private = 0x0
long_opts = {{name = 0x79d1b0 "help", has_arg = 0, flag = 0x0, val = 104}, {name = 0x7c6048 "version", has_arg = 0, flag = 0x0, val = 118}, {name =
0x79d1b5 "optionsfrom", has_arg = 1,
flag = 0x0, val = 43}, {name = 0x79d1c1 "nofork", has_arg = 0, flag = 0x0, val = 100}, {name = 0x79d1c8 "stderrlog", has_arg = 0, flag = 0x0, val = 101}, {name =
0x79d1d2 "noklips", has_arg = 0,
flag = 0x0, val = 110}, {name = 0x79d1da "use-nostack", has_arg = 0, flag = 0x0, val = 110}, {name = 0x79d1e6 "use-none", has_arg = 0, flag = 0x0, val = 110}, {name =
0x79d1ef "force_busy",
has_arg = 0, flag = 0x0, val = 68}, {name = 0x79d1fa "nocrsend", has_arg = 0, flag = 0x0, val = 99}, {name = 0x79d203 "strictcrlpolicy", has_arg = 0, flag = 0x0, val =
114}, {
name = 0x79d213 "crlcheckinterval", has_arg = 1, flag = 0x0, val = 120}, {name = 0x79d224 "ocsprequestcert", has_arg = 1, flag = 0x0, val = 113}, {name =
0x79d234 "ocspuri", has_arg = 1, flag = 0x0,
val = 111}, {name = 0x79d23c "uniqueids", has_arg = 0, flag = 0x0, val = 117}, {name = 0x79d246 "useklips", has_arg = 0, flag = 0x0, val = 107}, {name =
0x79d24f "use-klips", has_arg = 0, flag = 0x0,
val = 107}, {name = 0x79d259 "use-auto", has_arg = 0, flag = 0x0, val = 71}, {name = 0x79d262 "usenetkey", has_arg = 0, flag = 0x0, val = 75}, {name =
0x79d26c "use-netkey", has_arg = 0, flag = 0x0,
val = 75}, {name = 0x79d277 "use-mast", has_arg = 0, flag = 0x0, val = 77}, {name = 0x79d280 "interface", has_arg = 1, flag = 0x0, val = 105}, {name = 0x79d28a "ikeport",
has_arg = 1, flag = 0x0,
val = 112}, {name = 0x79d292 "ctlbase", has_arg = 1, flag = 0x0, val = 98}, {name = 0x79d29a "secretsfile", has_arg = 1, flag = 0x0, val = 115}, {name =
0x79d2a6 "foodgroupsdir", has_arg = 1,
flag = 0x0, val = 102}, {name = 0x79d2b4 "perpeerlogbase", has_arg = 1, flag = 0x0, val = 80}, {name = 0x79d2c3 "perpeerlog", has_arg = 0, flag = 0x0, val = 108}, {name =
0x79d2ce "noretransmits",
has_arg = 0, flag = 0x0, val = 82}, {name = 0x79d0c8 "coredir", has_arg = 1, flag = 0x0, val = 67}, {name = 0x79d2dc "ipsecdir", has_arg = 1, flag = 0x0, val = 102}, {name
= 0x79d2e5 "ipsec_dir",
has_arg = 1, flag = 0x0, val = 102}, {name = 0x7a8496 "lwdnsq", has_arg = 1, flag = 0x0, val = 97}, {name = 0x79d2ef "nat_traversal", has_arg = 0, flag = 0x0, val = 49}, {
name = 0x79d2fd "keep_alive", has_arg = 1, flag = 0x0, val = 50}, {name = 0x79d308 "force_keepalive", has_arg = 0, flag = 0x0, val = 51}, {name =
0x79d318 "disable_port_floating", has_arg = 0,
flag = 0x0, val = 52}, {name = 0x79d32e "debug-nat_t", has_arg = 0, flag = 0x0, val = 53}, {name = 0x79d33a "debug-nattraversal", has_arg = 0, flag = 0x0, val = 53}, {name
= 0x79d34d "debug-nat-t",
has_arg = 0, flag = 0x0, val = 53}, {name = 0x79d359 "virtual_private", has_arg = 1, flag = 0x0, val = 54}, {name = 0x79d369 "nhelpers", has_arg = 1, flag = 0x0, val =
106}, {
name = 0x79d372 "debug-none", has_arg = 0, flag = 0x0, val = 78}, {name = 0x79d37d "debug-all", has_arg = 0, flag = 0x0, val = 65}, {name = 0x79d387 "debug-raw", has_arg =
0, flag = 0x0, val = 257}, {
name = 0x79d391 "debug-crypt", has_arg = 0, flag = 0x0, val = 258}, {name = 0x79d39d "debug-crypto", has_arg = 0, flag = 0x0, val = 258}, {name = 0x79d3aa "debug-parsing",
has_arg = 0, flag = 0x0,
val = 260}, {name = 0x79d3b8 "debug-emitting", has_arg = 0, flag = 0x0, val = 264}, {name = 0x79d3c7 "debug-control", has_arg = 0, flag = 0x0, val = 272}, {name =
0x79d3d5 "debug-lifecycle",
has_arg = 0, flag = 0x0, val = 288}, {name = 0x79d3e5 "debug-klips", has_arg = 0, flag = 0x0, val = 320}, {name = 0x79d3f1 "debug-netkey", has_arg = 0, flag = 0x0, val =
320}, {
name = 0x79d3fe "debug-dns", has_arg = 0, flag = 0x0, val = 384}, {name = 0x79d408 "debug-oppo", has_arg = 0, flag = 0x0, val = 512}, {name = 0x79d413 "debug-oppoinfo",
has_arg = 0, flag = 0x0,
val = 16640}, {name = 0x79d422 "debug-controlmore", has_arg = 0, flag = 0x0, val = 768}, {name = 0x79d434 "debug-dpd", has_arg = 0, flag = 0x0, val = 8448}, {name =
0x79d43e "debug-x509",
has_arg = 0, flag = 0x0, val = 4352}, {name = 0x79d449 "debug-private", has_arg = 0, flag = 0x0, val = 1048832}, {name = 0x79d457 "debug-pfkey", has_arg = 0, flag = 0x0,
val = 1280}, {
name = 0x79d463 "impair-delay-adns-key-answer", has_arg = 0, flag = 0x0, val = 2097408}, {name = 0x79d480 "impair-delay-adns-txt-answer", has_arg = 0, flag = 0x0, val =
4194560}, {
name = 0x79d49d "impair-bust-mi2", has_arg = 0, flag = 0x0, val = 8388864}, {name = 0x79d4ad "impair-bust-mr2", has_arg = 0, flag = 0x0, val = 16777472}, {name =
0x79d4bd "impair-jacob-two-two",
has_arg = 0, flag = 0x0, val = 134217984}, {name = 0x0, has_arg = 0, flag = 0x0, val = 0}}
Thanks,
Nicolas Bellido
[*] http://lists.openswan.org/pipermail/users/2008-December/015856.html
http://lists.openswan.org/pipermail/users/2008-December/015859.html
More information about the Dev
mailing list