[Openswan dev] oakley_alg_makedb() failure explained

Paul Wouters paul at xelerance.com
Thu Sep 22 16:27:38 EDT 2011


I still need to dive in deeper, but figured I'd bump this to dev@

It looks like oakley_alg_makedb() is trying to make the gsp, but it
remains NULL, and just before the end of the function we try to
call gsp->parentSA = TRUE; and segfault.

This function is not designed to fail with an error condition, and
it seems odd that i cannot make a single proposal. looking at the
corresponding ike/esp values for that conn I see:

 	aggrmode=yes
         auto=add
         auth=esp
         esp=aes128-sha1-2
         ike=des-md5-2

I guess the parser should have failed on this?

Bastian: I assume you meant "2" as in DiffieHellman group 2? That would be:

         esp=aes128-sha1;modp1024
         ike=des-md5;modp1024

Then I also noticed you wrote "des" and not "3des", which I think is the real
reason for the crasher, as we no longer support single des, and that entry
should not make it into the loaded proposal. You mean:

         esp=aes128-sha1;modp1024
         ike=3des-md5;modp1024

I confirmed using hte modp syntax with single des causes the crash.

I'll try and fix it before we release 2.6.36

Paul

---------- Forwarded message ----------
Date: Thu, 22 Sep 2011 20:38:51 +0200
From: Bastian Lemke <bastian.lemke at gmail.com>
Cc: users at openswan.org
To: Paul Wouters <paul at xelerance.com>
Subject: Re: [Openswan Users] ipsec__plutorun: Segmentation fault

Dear Paul,

I downloaded the openswan sources from openswan.org and modified Makefile.inc:
USE_LEAK_DETECTIVE=true
USERCOMPILE=-g -O0 -m64 ${WERROR} $(GCC_LINT)

That's the new backtrace:

#0  0x000000000046055c in oakley_alg_makedb (ai=0x1cbd848, base=0x6f9508, 
maxtrans=2) at 
/home/lemke/Downloads/openswan/openswan-2.6.35/programs/pluto/spdb_struct.c:316
         gsp = 0x0
         emp_sp = 0x0
         ike_info = 0x1cbd898
         ealg = 1
         halg = 1
         modp = 2
         eklen = 0
         last_modp = 0
         wrong_modp = 0
         enc_desc = 0x1cc1550
         transcnt = 0
         i = -1
#1  0x000000000046291b in init_am_st_oakley (st=0x1cc0de8, policy=2181628005) 
at 
/home/lemke/Downloads/openswan/openswan-2.6.35/programs/pluto/spdb_v1_struct.c:1315
         ta = {encrypt = 0, enckeylen = 0, prf_hash = 0, integ_hash = 0, auth = 
0, xauth = 0, groupnum = 0, life_seconds = 3600, life_kilobytes = 1000000, 
encrypter = 0x0, prf_hasher = 0x0, integ_hasher = 0x0, group = 0x0, ei = 0x0}
         enc = 0x0
         hash = 0x1cc10f8
         auth = 0x1cc03e8
         grp = 0x3ce92e19c
         trans = 0x4037c0
         prop = 0x7fffce92e1a0
         cprop = 0x41501a
         sa = 0x6f9508
         revised_sadb = 0x7fffce92e1a0
         c = 0x1cbe088
         policy_index = 9
#2  0x00000000004740dc in aggr_outI1 (whack_sock=19, c=0x1cbe088, 
predecessor=0x0, policy=2181628005, try=1, importance=pcim_demand_crypto) at 
/home/lemke/Downloads/openswan/openswan-2.6.35/programs/pluto/ikev1_aggr.c:1025
         st = 0x1cc0de8
         sr = 0x0
         __FUNCTION__ = <error reading variable __FUNCTION__ (Cannot access 
memory at address 0x4cae60)>
#3  0x00000000004211da in ipsecdoi_initiate (whack_sock=19, c=0x1cbe088, 
policy=2181628005, try=1, replacing=0, importance=pcim_demand_crypto) at 
/home/lemke/Downloads/openswan/openswan-2.6.35/programs/pluto/ipsec_doi.c:356
         initiator = 0x473f83 <aggr_outI1>
         st = 0x0
#4  0x000000000040c99d in initiate_a_connection (c=0x1cbe088, 
arg=0x7fffce92e2e0) at 
/home/lemke/Downloads/openswan/openswan-2.6.35/programs/pluto/initiate.c:225
         is = 0x7fffce92e2e0
         whackfd = 19
         moredebug = 0
         importance = pcim_demand_crypto
         success = 0
#5  0x000000000040ca1c in initiate_connection (name=0x7fffce931050 "fcp", 
whackfd=18, moredebug=0, importance=pcim_demand_crypto) at 
/home/lemke/Downloads/openswan/openswan-2.6.35/programs/pluto/initiate.c:250
         is = {whackfd = 18, moredebug = 0, importance = pcim_demand_crypto}
         c = 0x1cbe088
         count = 32653
#6  0x0000000000451f88 in whack_process (whackfd=10, msg=...) at 
/home/lemke/Downloads/openswan/openswan-2.6.35/programs/pluto/rcv_whack.c:622
         oco = 0x7014c0
#7  0x0000000000452391 in whack_handle (whackctlfd=5) at 
/home/lemke/Downloads/openswan/openswan-2.6.35/programs/pluto/rcv_whack.c:752
         msg = {magic = 1869114150, whack_status = 0, whack_shutdown = 0, 
name_len = 0, name = 0x7fffce931050 "fcp", whack_options = 0, debugging = 0, 
whack_connection = 0, whack_async = 0, policy = 0, sa_ike_life_seconds = 3600,
           sa_ipsec_life_seconds = 28800, sa_rekey_margin = 540, sa_rekey_fuzz = 
100, sa_keying_tries = 0, dpd_delay = 0, dpd_timeout = 0, dpd_action = 
DPD_ACTION_CLEAR, dpd_count = 0, remotepeertype = NON_CISCO, forceencaps = 0,
           nmconfigured = NO, connmtu = 0, left = {id = 0x0, cert = 0x0, ca = 
0x0, groups = 0x0, host_type = KH_NOTSET, host_addr = {u = {v4 = {sin_family = 
0, sin_port = 0, sin_addr = {s_addr = 0},
                   sin_zero = "\000\000\000\000\000\000\000"}, v6 = {sin6_family 
= 0, sin6_port = 0, sin6_flowinfo = 0, sin6_addr = {__in6_u = {__u6_addr8 = 
'\000' <repeats 15 times>, __u6_addr16 = {0, 0, 0, 0, 0, 0, 0, 0},
                       __u6_addr32 = {0, 0, 0, 0}}}, sin6_scope_id = 0}}}, 
host_nexthop = {u = {v4 = {sin_family = 0, sin_port = 0, sin_addr = {s_addr = 
0}, sin_zero = "\000\000\000\000\000\000\000"}, v6 = {sin6_family = 0,
                   sin6_port = 0, sin6_flowinfo = 0, sin6_addr = {__in6_u = 
{__u6_addr8 = '\000' <repeats 15 times>, __u6_addr16 = {0, 0, 0, 0, 0, 0, 0, 
0}, __u6_addr32 = {0, 0, 0, 0}}}, sin6_scope_id = 0}}}, host_srcip = {u = {v4 = 
{
                   sin_family = 0, sin_port = 0, sin_addr = {s_addr = 0}, 
sin_zero = "\000\000\000\000\000\000\000"}, v6 = {sin6_family = 0, sin6_port = 
0, sin6_flowinfo = 0, sin6_addr = {__in6_u = {
                       __u6_addr8 = '\000' <repeats 15 times>, __u6_addr16 = {0, 
0, 0, 0, 0, 0, 0, 0}, __u6_addr32 = {0, 0, 0, 0}}}, sin6_scope_id = 0}}}, 
client = {addr = {u = {v4 = {sin_family = 0, sin_port = 0, sin_addr = {
                       s_addr = 0}, sin_zero = "\000\000\000\000\000\000\000"}, 
v6 = {sin6_family = 0, sin6_port = 0, sin6_flowinfo = 0, sin6_addr = {__in6_u = 
{__u6_addr8 = '\000' <repeats 15 times>, __u6_addr16 = {0, 0, 0, 0, 0, 0, 0,
                           0}, __u6_addr32 = {0, 0, 0, 0}}}, sin6_scope_id = 
0}}}, maskbits = 0}, key_from_DNS_on_demand = 0, has_client = 0, 
has_client_wildcard = 0, has_port_wildcard = 0, updown = 0x0, host_port = 0, 
port = 0,
             protocol = 0 '\000', virt = 0x0, xauth_server = 0, xauth_client = 
0, xauth_name = 0x0, modecfg_server = 0, modecfg_client = 0, tundev = 0, 
sendcert = 0, certtype = CERT_NONE, host_addr_name = 0x0}, right = {id = 0x0,
             cert = 0x0, ca = 0x0, groups = 0x0, host_type = KH_NOTSET, 
host_addr = {u = {v4 = {sin_family = 0, sin_port = 0, sin_addr = {s_addr = 0}, 
sin_zero = "\000\000\000\000\000\000\000"}, v6 = {sin6_family = 0, sin6_port = 
0,
                   sin6_flowinfo = 0, sin6_addr = {__in6_u = {__u6_addr8 = 
'\000' <repeats 15 times>, __u6_addr16 = {0, 0, 0, 0, 0, 0, 0, 0}, __u6_addr32 
= {0, 0, 0, 0}}}, sin6_scope_id = 0}}}, host_nexthop = {u = {v4 = {sin_family = 
0,
                   sin_port = 0, sin_addr = {s_addr = 0}, sin_zero = 
"\000\000\000\000\000\000\000"}, v6 = {sin6_family = 0, sin6_port = 0, 
sin6_flowinfo = 0, sin6_addr = {__in6_u = {__u6_addr8 = '\000' <repeats 15 
times>,
                       __u6_addr16 = {0, 0, 0, 0, 0, 0, 0, 0}, __u6_addr32 = {0, 
0, 0, 0}}}, sin6_scope_id = 0}}}, host_srcip = {u = {v4 = {sin_family = 0, 
sin_port = 0, sin_addr = {s_addr = 0},
                   sin_zero = "\000\000\000\000\000\000\000"}, v6 = {sin6_family 
= 0, sin6_port = 0, sin6_flowinfo = 0, sin6_addr = {__in6_u = {__u6_addr8 = 
'\000' <repeats 15 times>, __u6_addr16 = {0, 0, 0, 0, 0, 0, 0, 0},
                       __u6_addr32 = {0, 0, 0, 0}}}, sin6_scope_id = 0}}}, 
client = {addr = {u = {v4 = {sin_family = 0, sin_port = 0, sin_addr = {s_addr = 
0}, sin_zero = "\000\000\000\000\000\000\000"}, v6 = {sin6_family = 0,
                     sin6_port = 0, sin6_flowinfo = 0, sin6_addr = {__in6_u = 
{__u6_addr8 = '\000' <repeats 15 times>, __u6_addr16 = {0, 0, 0, 0, 0, 0, 0, 
0}, __u6_addr32 = {0, 0, 0, 0}}}, sin6_scope_id = 0}}}, maskbits = 0},
             key_from_DNS_on_demand = 0, has_client = 0, has_client_wildcard = 
0, has_port_wildcard = 0, updown = 0x0, host_port = 500, port = 0, protocol = 0 
'\000', virt = 0x0, xauth_server = 0, xauth_client = 0, xauth_name = 0x0,
             modecfg_server = 0, modecfg_client = 0, tundev = 0, sendcert = 0, 
certtype = CERT_NONE, host_addr_name = 0x0}, addr_family = 2, 
tunnel_addr_family = 2, ike = 0x0, pfsgroup = 0x0, esp = 0x0, whack_key = 0, 
whack_addkey = 0,
           keyid = 0x0, pubkey_alg = 0, keyval = {ptr = 0x7fffce93106e "", len = 
0}, whack_myid = 0, myid = 0x0, whack_route = 0, whack_unroute = 0, 
whack_initiate = 1, whack_oppo_initiate = 0, oppo_my_client = {u = {v4 = {
                 sin_family = 0, sin_port = 0, sin_addr = {s_addr = 0}, sin_zero 
= "\000\000\000\000\000\000\000"}, v6 = {sin6_family = 0, sin6_port = 0, 
sin6_flowinfo = 0, sin6_addr = {__in6_u = {__u6_addr8 = '\000' <repeats 15 
times>,
                     __u6_addr16 = {0, 0, 0, 0, 0, 0, 0, 0}, __u6_addr32 = {0, 
0, 0, 0}}}, sin6_scope_id = 0}}}, oppo_peer_client = {u = {v4 = {sin_family = 
0, sin_port = 0, sin_addr = {s_addr = 0},
                 sin_zero = "\000\000\000\000\000\000\000"}, v6 = {sin6_family = 
0, sin6_port = 0, sin6_flowinfo = 0, sin6_addr = {__in6_u = {__u6_addr8 = 
'\000' <repeats 15 times>, __u6_addr16 = {0, 0, 0, 0, 0, 0, 0, 0}, __u6_addr32 
= {
                       0, 0, 0, 0}}}, sin6_scope_id = 0}}}, whack_terminate = 0, 
whack_delete = 0, whack_deletestate = 0, whack_deletestateno = 0, whack_listen 
= 0, whack_unlisten = 0, whack_crash = 0, whack_crash_peer = {u = {v4 = {
                 sin_family = 0, sin_port = 0, sin_addr = {s_addr = 0}, sin_zero 
= "\000\000\000\000\000\000\000"}, v6 = {sin6_family = 0, sin6_port = 0, 
sin6_flowinfo = 0, sin6_addr = {__in6_u = {__u6_addr8 = '\000' <repeats 15 
times>,
                     __u6_addr16 = {0, 0, 0, 0, 0, 0, 0, 0}, __u6_addr32 = {0, 
0, 0, 0}}}, sin6_scope_id = 0}}}, whack_utc = 0, whack_list = 0, 
whack_purgeocsp = 0, whack_reread = 0 '\000', tpmeval = 0x0, connalias = 0x0,
           modecfg_dns1 = {u = {v4 = {sin_family = 0, sin_port = 0, sin_addr = 
{s_addr = 0}, sin_zero = "\000\000\000\000\000\000\000"}, v6 = {sin6_family = 
0, sin6_port = 0, sin6_flowinfo = 0, sin6_addr = {__in6_u = {
                     __u6_addr8 = '\000' <repeats 15 times>, __u6_addr16 = {0, 
0, 0, 0, 0, 0, 0, 0}, __u6_addr32 = {0, 0, 0, 0}}}, sin6_scope_id = 0}}}, 
modecfg_dns2 = {u = {v4 = {sin_family = 0, sin_port = 0, sin_addr = {s_addr = 
0},
                 sin_zero = "\000\000\000\000\000\000\000"}, v6 = {sin6_family = 
0, sin6_port = 0, sin6_flowinfo = 0, sin6_addr = {__in6_u = {__u6_addr8 = 
'\000' <repeats 15 times>, __u6_addr16 = {0, 0, 0, 0, 0, 0, 0, 0}, __u6_addr32 
= {
                       0, 0, 0, 0}}}, sin6_scope_id = 0}}}, modecfg_wins1 = {u = 
{v4 = {sin_family = 0, sin_port = 0, sin_addr = {s_addr = 0}, sin_zero = 
"\000\000\000\000\000\000\000"}, v6 = {sin6_family = 0, sin6_port = 0,
                 sin6_flowinfo = 0, sin6_addr = {__in6_u = {__u6_addr8 = '\000' 
<repeats 15 times>, __u6_addr16 = {0, 0, 0, 0, 0, 0, 0, 0}, __u6_addr32 = {0, 
0, 0, 0}}}, sin6_scope_id = 0}}}, modecfg_wins2 = {u = {v4 = {sin_family = 0,
                 sin_port = 0, sin_addr = {s_addr = 0}, sin_zero = 
"\000\000\000\000\000\000\000"}, v6 = {sin6_family = 0, sin6_port = 0, 
sin6_flowinfo = 0, sin6_addr = {__in6_u = {__u6_addr8 = '\000' <repeats 15 
times>, __u6_addr16 = {
                       0, 0, 0, 0, 0, 0, 0, 0}, __u6_addr32 = {0, 0, 0, 0}}}, 
sin6_scope_id = 0}}}, metric = 0, dnshostname = 0x0, opt_set = 
WHACK_ADJUSTOPTIONS, string1 = 0x0, string2 = 0x0, string3 = 0x0, str_size = 0,
           string = "fcp", '\000' <repeats 4092 times>}
         msg_saved = {magic = 1869114150, whack_status = 0, whack_shutdown = 0, 
name_len = 0, name = 0x0, whack_options = 0, debugging = 0, whack_connection = 
0, whack_async = 0, policy = 0, sa_ike_life_seconds = 3600,
           sa_ipsec_life_seconds = 28800, sa_rekey_margin = 540, sa_rekey_fuzz = 
100, sa_keying_tries = 0, dpd_delay = 0, dpd_timeout = 0, dpd_action = 
DPD_ACTION_CLEAR, dpd_count = 0, remotepeertype = NON_CISCO, forceencaps = 0,
           nmconfigured = NO, connmtu = 0, left = {id = 0x0, cert = 0x0, ca = 
0x0, groups = 0x0, host_type = KH_NOTSET, host_addr = {u = {v4 = {sin_family = 
0, sin_port = 0, sin_addr = {s_addr = 0},
                   sin_zero = "\000\000\000\000\000\000\000"}, v6 = {sin6_family 
= 0, sin6_port = 0, sin6_flowinfo = 0, sin6_addr = {__in6_u = {__u6_addr8 = 
'\000' <repeats 15 times>, __u6_addr16 = {0, 0, 0, 0, 0, 0, 0, 0},
                       __u6_addr32 = {0, 0, 0, 0}}}, sin6_scope_id = 0}}}, 
host_nexthop = {u = {v4 = {sin_family = 0, sin_port = 0, sin_addr = {s_addr = 
0}, sin_zero = "\000\000\000\000\000\000\000"}, v6 = {sin6_family = 0,
                   sin6_port = 0, sin6_flowinfo = 0, sin6_addr = {__in6_u = 
{__u6_addr8 = '\000' <repeats 15 times>, __u6_addr16 = {0, 0, 0, 0, 0, 0, 0, 
0}, __u6_addr32 = {0, 0, 0, 0}}}, sin6_scope_id = 0}}}, host_srcip = {u = {v4 = 
{
                   sin_family = 0, sin_port = 0, sin_addr = {s_addr = 0}, 
sin_zero = "\000\000\000\000\000\000\000"}, v6 = {sin6_family = 0, sin6_port = 
0, sin6_flowinfo = 0, sin6_addr = {__in6_u = {
                       __u6_addr8 = '\000' <repeats 15 times>, __u6_addr16 = {0, 
0, 0, 0, 0, 0, 0, 0}, __u6_addr32 = {0, 0, 0, 0}}}, sin6_scope_id = 0}}}, 
client = {addr = {u = {v4 = {sin_family = 0, sin_port = 0, sin_addr = {
                       s_addr = 0}, sin_zero = "\000\000\000\000\000\000\000"}, 
v6 = {sin6_family = 0, sin6_port = 0, sin6_flowinfo = 0, sin6_addr = {__in6_u = 
{__u6_addr8 = '\000' <repeats 15 times>, __u6_addr16 = {0, 0, 0, 0, 0, 0, 0,
                           0}, __u6_addr32 = {0, 0, 0, 0}}}, sin6_scope_id = 
0}}}, maskbits = 0}, key_from_DNS_on_demand = 0, has_client = 0, 
has_client_wildcard = 0, has_port_wildcard = 0, updown = 0x0, host_port = 0, 
port = 0,
             protocol = 0 '\000', virt = 0x0, xauth_server = 0, xauth_client = 
0, xauth_name = 0x0, modecfg_server = 0, modecfg_client = 0, tundev = 0, 
sendcert = 0, certtype = CERT_NONE, host_addr_name = 0x0}, right = {id = 0x0,
             cert = 0x0, ca = 0x0, groups = 0x0, host_type = KH_NOTSET, 
host_addr = {u = {v4 = {sin_family = 0, sin_port = 0, sin_addr = {s_addr = 0}, 
sin_zero = "\000\000\000\000\000\000\000"}, v6 = {sin6_family = 0, sin6_port = 
0,
                   sin6_flowinfo = 0, sin6_addr = {__in6_u = {__u6_addr8 = 
'\000' <repeats 15 times>, __u6_addr16 = {0, 0, 0, 0, 0, 0, 0, 0}, __u6_addr32 
= {0, 0, 0, 0}}}, sin6_scope_id = 0}}}, host_nexthop = {u = {v4 = {sin_family = 
0,
                   sin_port = 0, sin_addr = {s_addr = 0}, sin_zero = 
"\000\000\000\000\000\000\000"}, v6 = {sin6_family = 0, sin6_port = 0, 
sin6_flowinfo = 0, sin6_addr = {__in6_u = {__u6_addr8 = '\000' <repeats 15 
times>,
                       __u6_addr16 = {0, 0, 0, 0, 0, 0, 0, 0}, __u6_addr32 = {0, 
0, 0, 0}}}, sin6_scope_id = 0}}}, host_srcip = {u = {v4 = {sin_family = 0, 
sin_port = 0, sin_addr = {s_addr = 0},
                   sin_zero = "\000\000\000\000\000\000\000"}, v6 = {sin6_family 
= 0, sin6_port = 0, sin6_flowinfo = 0, sin6_addr = {__in6_u = {__u6_addr8 = 
'\000' <repeats 15 times>, __u6_addr16 = {0, 0, 0, 0, 0, 0, 0, 0},
                       __u6_addr32 = {0, 0, 0, 0}}}, sin6_scope_id = 0}}}, 
client = {addr = {u = {v4 = {sin_family = 0, sin_port = 0, sin_addr = {s_addr = 
0}, sin_zero = "\000\000\000\000\000\000\000"}, v6 = {sin6_family = 0,
                     sin6_port = 0, sin6_flowinfo = 0, sin6_addr = {__in6_u = 
{__u6_addr8 = '\000' <repeats 15 times>, __u6_addr16 = {0, 0, 0, 0, 0, 0, 0, 
0}, __u6_addr32 = {0, 0, 0, 0}}}, sin6_scope_id = 0}}}, maskbits = 0},
             key_from_DNS_on_demand = 0, has_client = 0, has_client_wildcard = 
0, has_port_wildcard = 0, updown = 0x0, host_port = 500, port = 0, protocol = 0 
'\000', virt = 0x0, xauth_server = 0, xauth_client = 0, xauth_name = 0x0,
             modecfg_server = 0, modecfg_client = 0, tundev = 0, sendcert = 0, 
certtype = CERT_NONE, host_addr_name = 0x0}, addr_family = 2, 
tunnel_addr_family = 2, ike = 0x0, pfsgroup = 0x0, esp = 0x0, whack_key = 0, 
whack_addkey = 0,
           keyid = 0x0, pubkey_alg = 0, keyval = {ptr = 0x0, len = 0}, 
whack_myid = 0, myid = 0x0, whack_route = 0, whack_unroute = 0, whack_initiate 
= 1, whack_oppo_initiate = 0, oppo_my_client = {u = {v4 = {sin_family = 0,
                 sin_port = 0, sin_addr = {s_addr = 0}, sin_zero = 
"\000\000\000\000\000\000\000"}, v6 = {sin6_family = 0, sin6_port = 0, 
sin6_flowinfo = 0, sin6_addr = {__in6_u = {__u6_addr8 = '\000' <repeats 15 
times>, __u6_addr16 = {
                       0, 0, 0, 0, 0, 0, 0, 0}, __u6_addr32 = {0, 0, 0, 0}}}, 
sin6_scope_id = 0}}}, oppo_peer_client = {u = {v4 = {sin_family = 0, sin_port = 
0, sin_addr = {s_addr = 0}, sin_zero = "\000\000\000\000\000\000\000"}, v6 = {
                 sin6_family = 0, sin6_port = 0, sin6_flowinfo = 0, sin6_addr = 
{__in6_u = {__u6_addr8 = '\000' <repeats 15 times>, __u6_addr16 = {0, 0, 0, 0, 
0, 0, 0, 0}, __u6_addr32 = {0, 0, 0, 0}}}, sin6_scope_id = 0}}},
           whack_terminate = 0, whack_delete = 0, whack_deletestate = 0, 
whack_deletestateno = 0, whack_listen = 0, whack_unlisten = 0, whack_crash = 0, 
whack_crash_peer = {u = {v4 = {sin_family = 0, sin_port = 0, sin_addr = {
                   s_addr = 0}, sin_zero = "\000\000\000\000\000\000\000"}, v6 = 
{sin6_family = 0, sin6_port = 0, sin6_flowinfo = 0, sin6_addr = {__in6_u = 
{__u6_addr8 = '\000' <repeats 15 times>, __u6_addr16 = {0, 0, 0, 0, 0, 0, 0, 
0},
                     __u6_addr32 = {0, 0, 0, 0}}}, sin6_scope_id = 0}}}, 
whack_utc = 0, whack_list = 0, whack_purgeocsp = 0, whack_reread = 0 '\000', 
tpmeval = 0x0, connalias = 0x0, modecfg_dns1 = {u = {v4 = {sin_family = 0,
                 sin_port = 0, sin_addr = {s_addr = 0}, sin_zero = 
"\000\000\000\000\000\000\000"}, v6 = {sin6_family = 0, sin6_port = 0, 
sin6_flowinfo = 0, sin6_addr = {__in6_u = {__u6_addr8 = '\000' <repeats 15 
times>, __u6_addr16 = {
                       0, 0, 0, 0, 0, 0, 0, 0}, __u6_addr32 = {0, 0, 0, 0}}}, 
sin6_scope_id = 0}}}, modecfg_dns2 = {u = {v4 = {sin_family = 0, sin_port = 0, 
sin_addr = {s_addr = 0}, sin_zero = "\000\000\000\000\000\000\000"}, v6 = {
                 sin6_family = 0, sin6_port = 0, sin6_flowinfo = 0, sin6_addr = 
{__in6_u = {__u6_addr8 = '\000' <repeats 15 times>, __u6_addr16 = {0, 0, 0, 0, 
0, 0, 0, 0}, __u6_addr32 = {0, 0, 0, 0}}}, sin6_scope_id = 0}}},
           modecfg_wins1 = {u = {v4 = {sin_family = 0, sin_port = 0, sin_addr = 
{s_addr = 0}, sin_zero = "\000\000\000\000\000\000\000"}, v6 = {sin6_family = 
0, sin6_port = 0, sin6_flowinfo = 0, sin6_addr = {__in6_u = {
                     __u6_addr8 = '\000' <repeats 15 times>, __u6_addr16 = {0, 
0, 0, 0, 0, 0, 0, 0}, __u6_addr32 = {0, 0, 0, 0}}}, sin6_scope_id = 0}}}, 
modecfg_wins2 = {u = {v4 = {sin_family = 0, sin_port = 0, sin_addr = {s_addr = 
0},
                 sin_zero = "\000\000\000\000\000\000\000"}, v6 = {sin6_family = 
0, sin6_port = 0, sin6_flowinfo = 0, sin6_addr = {__in6_u = {__u6_addr8 = 
'\000' <repeats 15 times>, __u6_addr16 = {0, 0, 0, 0, 0, 0, 0, 0}, __u6_addr32 
= {
                       0, 0, 0, 0}}}, sin6_scope_id = 0}}}, metric = 0, 
dnshostname = 0x0, opt_set = WHACK_ADJUSTOPTIONS, string1 = 0x0, string2 = 0x0, 
string3 = 0x0, str_size = 0, string = "fcp", '\000' <repeats 4092 times>}
         whackaddr = {sun_family = 1,
           sun_path = "N", '\000' <repeats 13 times>"\300, 
TN\000\000\000\000\000<\000\000\000\000\000\000\000\240 
\223\316\377\177\000\000\371\300H\000\000\000\000\000\017\000\000\000\000\000\000\000\300TN", 
'\000' <repeats 13 times>, "+TN\000\000\000\000\000\320 
\223\316\377\177\000\000\340$\223\316\377\177\000\000X\327\313\001\000\000\000\000\001|{N\001"}
         whackaddrlen = 2
         whackfd = 10
         n = 1086
#8  0x000000000041ce90 in call_server () at 
/home/lemke/Downloads/openswan/openswan-2.6.35/programs/pluto/server.c:775
         readfds = {__osfds_bits = {32, 0 <repeats 127 times>}}
         writefds = {__osfds_bits = {0 <repeats 128 times>}}
         ndes = 1
         ifp = 0x0
#9  0x0000000000419c92 in main (argc=28, argv=0x7fffce932bc8) at 
/home/lemke/Downloads/openswan/openswan-2.6.35/programs/pluto/plutomain.c:1055
         fork_desired = 0
         lockfd = 4
         ocspuri = 0x0
         nhelpers = -1
         coredir = 0x0
         oco = 0x7014c0
         nat_traversal = 1
         nat_t_spf = 1
         keep_alive = 0
         force_keepalive = 0
         virtual_private = 0x7fffce934ab4 
"%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12"

Regards,
Bastian


Am 22.09.2011 08:48, schrieb Bastian Lemke:
> Dear Paul,
> 
> Am 20.09.2011 15:51, schrieb Paul Wouters:
>>> #0  oakley_alg_makedb (ai=0x7faa572461c0, base=0x0, maxtrans=0)
>>>    at 
>>> /vol/openswan-debs/openswan-2.6.35dr1/programs/pluto/spdb_struct.c:316
>>>        gsp = 0x0
>>>        emp_sp = 0x0
>>>        ike_info = 0x7b6878
>>>        ealg = 1
>>>        halg = 1
>>>        modp = 0
>>>        eklen = 0
>>>        last_modp = 0
>>>        wrong_modp = 0
>>>        transcnt = 0
>>>        i = 0
>> (gdb) bt full
>> 
>> That's in AH mode? Are you really trying a connection with ah= parameters? 
>> If so,
>> why? I recommend using esp=null if you really want no encryption.
> No, I'm not setting ah= parameters. I don't even know this parameter :-) And 
> I don't want to establish an unencrypted connection.
> I'm not a VPN specialist and have only rudimentary knowledge about the VPN 
> technology. I only tried to connect to my firewall at work (which works with 
> OS X and IPSecuritas quite easily) from ubuntu.
> 
>> 
>> If you're not using ah, then things are really weird, and you might need to
>> recompile without -O2 for gdb to make more sense.
>> 
>> Paul
> 
> I'll try to recompile openswan this evening to provide you a more useful 
> stacktrace...
> 
> Regards,
> Bastian


More information about the Dev mailing list