[Openswan dev] [Openswan Users] pluto traps in aggressive mode with 2.6.24rc4
Paul Wouters
paul at xelerance.com
Fri Oct 15 14:15:31 EDT 2010
On Fri, 15 Oct 2010, Murat Sezgin wrote:
> We are running this version of openswan on our 2 ubicom32 based routers
> to establish site-to-site VPN. Main mode works fine, but if we switch to
> aggressive mode. pluto crashes on the responder side router. Because of
> some limitations of our processor (no-MMU), we are passing the pluto
> options a little different. We are not using a ipsec.conf file. So I
> cannot send you a conf file now. The pluto and whack options are as below
> that we passed.
>
> PLUTO_OPTIONS=--nofork --ikeport 500 --secretsfile
> /etc/ipsec/ipsec.secrets --ctlbase /var/run/pluto/pluto --interface
> eth0.1 --nat_traversal --force_keepalive --debug-all --stderrlog
> --virtual_private
> %v4:192.168.0.0/16,%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:!192.168.1.0/24
You should add --nhelpers=0 since you probably also don't have a real
fork() but an alias to vfork()
> (gdb) bt
> #0 0x42a276a0 in complete_v1_state_transition (mdp=0x427492a0,
> result=STF_INLINE)
> at/scratch2/twu/openwrt_vpnrouter/ubicom-linux-dist-1.2.1/openwrt/build_dir/linux-
> ubicom32_IP7160RGW/openswan-2.6.24rc4/programs/pluto/ikev1.c:1886
That corresponds to:
/* If state has DPD support, import it */
if( st && md->dpd && st->hidden_variables.st_dpd != md->dpd) {
DBG(DBG_DPD, DBG_log("peer supports dpd"));
st->hidden_variables.st_dpd = md->dpd;
Can you tell us what's in those variables for you? Specifically st, md->dpd
and st->hidden_variables.st_dpd?
> It seems, in the complete_v1_state_transition() functions the *mdp comes
> corrupted. Because we are assigning its value to "struct msg_digest *md"
> and md->st always shows an invalid memory address which is not in the
> address range of our memory.
>
> I wonder, if somebody has seen this crash. And our config options are
> true on above?
I have not seen this before. But of course it would not hurt upgrading
to 2.6.30rc1.
Paul
More information about the Dev
mailing list