[Openswan Users] - Building module saga (was: kernel panic )

mario.lobo at ipad.com.br mario.lobo at ipad.com.br
Thu Mar 10 08:12:54 CET 2005 

Hi Paul;

Here I am again. Like I said last time, ipsec.ko compiled with no errors.

it loads fine (I think by the "ret=0")

Mar 10 07:41:16 Spyket kernel: klips_info:ipsec_alg_init: KLIPS alg v=0.8.1-0 (EALG_MAX=255, 
AALG_MAX=251)
Mar 10 07:41:16 Spyket kernel: klips_info:ipsec_alg_init: calling ipsec_alg_static_init()
Mar 10 07:41:16 Spyket kernel: ipsec_aes_init(alg_type=15 alg_id=12 name=aes): ret=0

Both machines have exactly the same EVERYTHING (hard AND soft).

Machine 10.2.1.98 is auto=add
Machine 10.2.1.99 is auto=start

When negociations start, I get what you see bellow:

========================================

[ /var/log/secure ]

Mar 10 07:41:13 Spyket ipsec__plutorun: Starting Pluto subsystem...
Mar 10 07:41:14 Spyket pluto[2595]: Starting Pluto (Openswan Version 2.CVSHEAD X.509-1.5.4 
PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR; Vendor ID OEEFBy\177du|_[)
Mar 10 07:41:14 Spyket pluto[2595]: Setting port floating to off
Mar 10 07:41:14 Spyket pluto[2595]: port floating activate 0/1
Mar 10 07:41:14 Spyket pluto[2595]:   including NAT-Traversal patch (Version 0.6c) [disabled]
Mar 10 07:41:14 Spyket pluto[2595]: ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok (ret=0)
Mar 10 07:41:15 Spyket pluto[2595]: starting up 1 cryptographic helpers
Mar 10 07:41:15 Spyket pluto[2595]: started helper pid=2708 (fd:6)
Mar 10 07:41:15 Spyket pluto[2595]: Using KLIPS IPsec interface code
Mar 10 07:41:15 Spyket pluto[2595]: Changing to directory '/etc/ipsec.d/cacerts'
Mar 10 07:41:15 Spyket pluto[2595]: Changing to directory '/etc/ipsec.d/aacerts'
Mar 10 07:41:15 Spyket pluto[2595]: Changing to directory '/etc/ipsec.d/ocspcerts'
Mar 10 07:41:15 Spyket pluto[2595]: Changing to directory '/etc/ipsec.d/crls'
Mar 10 07:41:15 Spyket pluto[2595]:   Warning: empty directory
Mar 10 07:41:15 Spyket pluto[2595]: added connection description "centro"
Mar 10 07:41:15 Spyket pluto[2595]: listening for IKE messages
Mar 10 07:41:15 Spyket pluto[2595]: adding interface ipsec0/eth0 10.2.1.98:500
Mar 10 07:41:15 Spyket pluto[2595]: loading secrets from "/etc/ipsec.secrets"
Mar 10 07:41:16 Spyket pluto[2595]: loading secrets from "/etc/spyket/conf/vpn/SECRETSControl"
Mar 10 07:41:16 Spyket pluto[2595]: loading secrets from 
"/etc/spyket/conf/vpn/secrets/centro.secrets"
Mar 10 07:43:37 Spyket pluto[2595]: packet from 10.2.1.99:500: received Vendor ID payload [Openswan 
(this version) 2.CVSHEAD  X.509-1.5.4 PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR]
Mar 10 07:43:37 Spyket pluto[2595]: packet from 10.2.1.99:500: received Vendor ID payload [Dead 
Peer Detection]
Mar 10 07:43:37 Spyket pluto[2595]: "centro" #1: responding to Main Mode
Mar 10 07:43:37 Spyket pluto[2595]: "centro" #1: transition from state STATE_MAIN_R0 to state 
STATE_MAIN_R1
Mar 10 07:43:37 Spyket pluto[2595]: "centro" #1: transition from state STATE_MAIN_R1 to state 
STATE_MAIN_R2
Mar 10 07:43:37 Spyket pluto[2595]: "centro" #1: Main mode peer ID is ID_FQDN: '@ponta1-right'
Mar 10 07:43:37 Spyket pluto[2595]: "centro" #1: I did not send a certificate because I do not have 
one.
Mar 10 07:43:37 Spyket pluto[2595]: "centro" #1: transition from state STATE_MAIN_R2 to state 
STATE_MAIN_R3
Mar 10 07:43:37 Spyket pluto[2595]: "centro" #1: sent MR3, ISAKMP SA established
Mar 10 07:43:38 Spyket pluto[2595]: "centro" #2: responding to Quick Mode {msgid:30366b6f}

===> Here is when I get the kernel messages bellow

Mar 10 07:43:48 Spyket ipsec__plutorun: Restarting Pluto subsystem...


[ Kernel Messages: ]

Mar 10 07:43:38 Spyket kernel: Unable to handle kernel NULL pointer dereference at virtual address 00000000
Mar 10 07:43:38 Spyket kernel:  printing eip:
Mar 10 07:43:38 Spyket kernel: ce9e7aed
Mar 10 07:43:38 Spyket kernel: *pde = 00000000
Mar 10 07:43:38 Spyket kernel: Oops: 0002 [#1]
Mar 10 07:43:38 Spyket kernel: Modules linked in: ipsec autofs4 ipv6 sunrpc ipt_REJECT ipt_limit ipt_state iptable_filter ip_nat_ftp iptable_nat ip_tables ip_conntrack_ftp ip_conntrack dm_mod video button battery ac i2c_sis96x i2c_core sis900 via_rhine mii floppy ext3 jbd
Mar 10 07:43:38 Spyket kernel: CPU:    0
Mar 10 07:43:38 Spyket kernel: EIP:    0060:[<ce9e7aed>]    Not tainted VLI
Mar 10 07:43:38 Spyket kernel: EFLAGS: 00010212   (2.6.11)
Mar 10 07:43:38 Spyket kernel: EIP is at aes_32+0x3/0x499 [ipsec]
Mar 10 07:43:38 Spyket kernel: eax: cc142000   ebx: cea0d680   ecx: 00000004   edx: 00000000
Mar 10 07:43:38 Spyket kernel: esi: ccf3ea80   edi: cc142000   ebp: cce09ac0   esp: cce09aac
Mar 10 07:43:38 Spyket ipsec__plutorun: /usr/lib/ipsec/_plutorun: line 221:  2595 Segmentation fault      /usr/libexec/ipsec/pluto --nofork --secretsfile /etc/ipsec.secrets --ipsecdir /etc/ipsec.d --debug-none --uniqueids
Mar 10 07:43:38 Spyket kernel: ds: 007b   es: 007b   ss: 0068
Mar 10 07:43:38 Spyket kernel: Process pluto (pid: 2595, threadinfo=cce08000 task=cd8b1200)
Mar 10 07:43:38 Spyket ipsec__plutorun: !pluto failure!:  exited with error status 139 (signal 11)
Mar 10 07:43:38 Spyket kernel: Stack: cc142000 ccf3ea80 cea0d680 64333064 2e303140 00000010 00000296 ce9e629f
Mar 10 07:43:38 Spyket ipsec__plutorun: restarting IPsec after pause...
Mar 10 07:43:38 Spyket kernel:        00000000 ce9e5dc6 00000000 00000000 00000000 00000000 00000000 cea0d680
Mar 10 07:43:38 Spyket kernel:        cc142400 00000000 00000208 ce9e1dae 00000010 00000000 00000000 00000000
Mar 10 07:43:38 Spyket kernel: Call Trace:
Mar 10 07:43:38 Spyket kernel:  [<ce9e629f>] AES_set_key+0xf/0x20 [ipsec]
Mar 10 07:43:38 Spyket kernel:  [<ce9e5dc6>] .des_ede3_cbc_encrypt_end+0x26/0x70 [ipsec]
Mar 10 07:43:38 Spyket kernel:  [<ce9e1dae>] ipsec_alg_enc_key_create+0x12e/0x230 [ipsec]
Mar 10 07:43:38 Spyket kernel:  [<ce9c9280>] pfkey_ipsec_sa_init+0x1f0/0xc50 [ipsec]
Mar 10 07:43:38 Spyket kernel:  [<c0368798>] fn_hash_lookup+0x98/0xb0
Mar 10 07:43:38 Spyket kernel:  [<c020a579>] vsnprintf+0x319/0x550
Mar 10 07:43:38 Spyket kernel:  [<ce9cb0ea>] pfkey_add_parse+0x1da/0x690 [ipsec]
Mar 10 07:43:38 Spyket kernel:  [<ce9d3bb2>] pfkey_msg_parse+0x1b2/0x900 [ipsec]
Mar 10 07:43:38 Spyket kernel:  [<ce9d04cf>] pfkey_key_process+0xbf/0x1e0 [ipsec]
Mar 10 07:43:38 Spyket kernel:  [<ce9c0038>] ipsec_tunnel_hard_header+0x38/0x2c0 [ipsec]
Mar 10 07:43:38 Spyket kernel:  [<ce9cfa6b>] pfkey_msg_interp+0x27b/0x360 [ipsec]
Mar 10 07:43:38 Spyket kernel:  [<c0311079>] memcpy_fromiovec+0x29/0x50
Mar 10 07:43:38 Spyket kernel:  [<ce9c82e2>] pfkey_sendmsg+0x2c2/0x4e0 [ipsec]
Mar 10 07:43:38 Spyket kernel:  [<c030a6d5>] sock_aio_write+0x135/0x150
Mar 10 07:43:38 Spyket kernel:  [<c0160179>] pte_alloc_map+0x119/0x1d0
Mar 10 07:43:38 Spyket kernel:  [<c0194515>] do_select+0x395/0x440
Mar 10 07:43:38 Spyket kernel:  [<c017a2c2>] do_sync_write+0xb2/0x100
Mar 10 07:43:38 Spyket kernel:  [<c013fa50>] autoremove_wake_function+0x0/0x50
Mar 10 07:43:38 Spyket kernel:  [<c017a3e7>] vfs_write+0xd7/0x130
Mar 10 07:43:38 Spyket kernel:  [<c017a4f1>] sys_write+0x41/0x70
Mar 10 07:43:38 Spyket kernel:  [<c010397d>] sysenter_past_esp+0x52/0x75
Mar 10 07:43:38 Spyket kernel: Code: 89 e5 83 ec 08 53 56 57 8b 55 0c 8b 4d 14 81 f9 80 00 00 00 72 03 c1 e9 03 83 f9 20 74 0a 83 f9 18 74 05 b9 10 00 00 00 c1 e9 02 <89> 4a 00 8d 41 06 89 42 04 8b 75 10 8d 7a 08 fc 55 89 c8 f3 a5
Mar 10 07:43:48 Spyket kernel:  <2>IPSEC EVENT: KLIPS device ipsec0 shut down.
Mar 10 07:43:48 Spyket kernel:
Mar 10 07:43:48 Spyket ipsec_setup: ...Openswan IPsec stopped
Mar 10 07:43:48 Spyket ipsec_setup: Stopping Openswan IPsec...
Mar 10 07:43:48 Spyket ipsec_setup: Removing orphaned /var/run/pluto/pluto.pid:
Mar 10 07:43:48 Spyket ipsec_setup: KLIPS debug `none'
Mar 10 07:43:48 Spyket kernel:
Mar 10 07:43:48 Spyket ipsec_setup: KLIPS ipsec0 on eth0 10.2.1.98/255.255.255.0 broadcast 10.2.1.255
Mar 10 07:43:48 Spyket ipsec_setup: ...Openswan IPsec started
Mar 10 07:43:48 Spyket ipsec_setup: Restarting Openswan IPsec 2.CVSHEAD...

========================================

This keeps happening everytime. 

Can this info help in finding the cause for this?

-- 
   //|  //||
  // | // ||
-//--//---|| ARIO LOBO
//  //    ||
---------------------------------
mario.lobo at ipad.com.br
http://www.ipad.com.br

More information about the Users mailing list