[Openswan Users] Pluto dies doing keyexchange with Win2K

Paul Hampson Paul.Hampson at PObox.com
Tue Mar 15 02:33:22 CET 2005 

On Mon, Mar 14, 2005 at 09:52:31AM +0100, Paul Wouters wrote:
> On Mon, 14 Mar 2005, Paul Hampson wrote:

> >The setup is using X.509 certificates, and the server is using openswan
> >2.3.0-2 from Debian with the Linux 2.6 built-in IPSec.

> >#7  0x08059064 in passert_fail (pred_str=0x80c8940 "STATE_IKE_FLOOR <= 
> >from_state && from_state <= STATE_IKE_ROOF", file_str=0x80c7954 "demux.c", 
> >line_no=1799)

> I believe this is fixed in head. We're waiting with releasing a 2.3.1 until 
> another bug (the rekey
> bug) has been fixed.

OK, I grabbed what I think is current CVS over rsync, un-rcs'd it and
with a patch, was able to build a Debian package and install it.

However, I got a different problem. Another failed passert, but this one
gracefully aborts, rather than segfaulting. Which is nice. ^_^

(Some Win2K client as before. I haven't tested that the Linux client
still works.)

(gdb) bt
#0  0xffffe410 in __kernel_vsyscall ()
#1  0xb7e80805 in raise () from /lib/tls/i686/cmov/libc.so.6
#2  0xb7e81f82 in abort () from /lib/tls/i686/cmov/libc.so.6
#3  0x08057cc9 in passert_fail (pred_str=0x80bfda0 "st->st_new_iv_len >= e->enc_blocksize", file_str=0x80bfcf8 "crypto.c", line_no=219) at log.c:598
#4  0x08054ac0 in crypto_cbc_encrypt (e=0x80ed140, enc=0, buf=0x810eb9c "��, size=1272, st=0x810df80) at crypto.c:219
#5  0x0807cd0e in process_packet (mdp=0x80f0aec) at demux.c:1950
#6  0x0807b3d4 in comm_handle (ifp=0x8106b40) at demux.c:1167
#7  0x0805efe2 in call_server () at server.c:1124
#8  0x0805babc in main (argc=8, argv=0xbffff844) at plutomain.c:746
(gdb) frame 4
#4  0x08054ac0 in crypto_cbc_encrypt (e=0x80ed140, enc=0, buf=0x810eb9c "��, size=1272, st=0x810df80) at crypto.c:219
219         passert(st->st_new_iv_len >= e->enc_blocksize);
(gdb) p st->st_new_iv_len
$1 = 0
(gdb) p e->enc_blocksize
$2 = 8
(gdb) p st
$3 = (struct state *) 0x810df80
(gdb) up
#5  0x0807cd0e in process_packet (mdp=0x80f0aec) at demux.c:1950
1950                crypto_cbc_encrypt(e, FALSE, md->message_pbs.cur, 
(gdb) p new_iv_set
$4 = 0
(gdb) p st->st_iv_len 
$5 = 0
(gdb) p st
$6 = (struct state *) 0x810df80
(gdb) p *st
$7 = {st_serialno = 3, st_clonedfrom = 1, st_usage = 0, st_connection = 0x810cf90, st_whack_sock = -1, st_suspended_md = 0x0, st_oakley = {encrypt = 5, 
    enckeylen = 192, encrypter = 0x80ed140, hash = 2, hasher = 0x80ed1a0, auth = 3, xauth = 0, group = 0x80bfcb8, life_seconds = 28800, life_kilobytes = 0}, st_ah = {
    present = 0, attrs = {transid = 0 '\0', spi = 0, life_seconds = 0, life_kilobytes = 0, encapsulation = 0, auth = 0, key_len = 0, key_rounds = 0}, our_spi = 0, 
    keymat_len = 0, our_keymat = 0x0, peer_keymat = 0x0}, st_esp = {present = 1, attrs = {transid = 3 '\003', spi = 1799330965, life_seconds = 3600, 
      life_kilobytes = 250000, encapsulation = 2, auth = 1, key_len = 0, key_rounds = 0}, our_spi = 0, keymat_len = 0, our_keymat = 0x0, peer_keymat = 0x0}, 
  st_ipcomp = {present = 0, attrs = {transid = 0 '\0', spi = 0, life_seconds = 0, life_kilobytes = 0, encapsulation = 0, auth = 0, key_len = 0, key_rounds = 0}, 
    our_spi = 0, keymat_len = 0, our_keymat = 0x0, peer_keymat = 0x0}, st_tunnel_in_spi = 0, st_tunnel_out_spi = 0, st_pfs_group = 0x0, st_doi = 1, st_situation = 1, 
  st_policy = 70, st_remoteaddr = {u = {v4 = {sin_family = 2, sin_port = 62465, sin_addr = {s_addr = 3323859978}, sin_zero = "\000\000\000\000\000\000\000"}, v6 = {
        sin6_family = 2, sin6_port = 62465, sin6_flowinfo = 3323859978, sin6_addr = {in6_u = {u6_addr8 = '\0' <repeats 15 times>, u6_addr16 = {0, 0, 0, 0, 0, 0, 0, 0}, 
            u6_addr32 = {0, 0, 0, 0}}}, sin6_scope_id = 0}}}, st_remoteport = 500, st_localaddr = {u = {v4 = {sin_family = 2, sin_port = 62465, sin_addr = {
          s_addr = 18748426}, sin_zero = "\000\000\000\000\000\000\000"}, v6 = {sin6_family = 2, sin6_port = 62465, sin6_flowinfo = 18748426, sin6_addr = {in6_u = {
            u6_addr8 = '\0' <repeats 15 times>, u6_addr16 = {0, 0, 0, 0, 0, 0, 0, 0}, u6_addr32 = {0, 0, 0, 0}}}, sin6_scope_id = 0}}}, st_localport = 500, 
  st_msgid = 2137290500, st_msgid_phase15 = 0, st_msgid_phase15b = 0, st_used_msgids = 0x0, st_gi = {ptr = 0x0, len = 0}, st_icookie = "\231�u\v= #", st_ni = {
    ptr = 0x810a4e0 "L\225\203\035\201�+\"\n���220A�v\0041", len = 20}, st_gr = {ptr = 0x0, len = 0}, st_rcookie = "\0004\237\226�\237W", st_nr = {ptr = 0x0, 
    len = 0}, st_tpacket = {ptr = 0x0, len = 0}, st_myuserprotoid = 17 '\021', st_myuserport = 1701, st_rpacket = {ptr = 0x0, len = 0}, st_peeruserprotoid = 17 '\021', 
  st_peeruserport = 1701, st_sec_in_use = 0 '\0', st_sec = {_mp_alloc = 0, _mp_size = 0, _mp_d = 0x0}, st_sec_chunk = {ptr = 0x0, len = 0}, st_shared = {ptr = 0x0, 
    len = 0}, st_import = 0, st_peer_pubkey = 0x0, st_state = STATE_QUICK_R0, st_retransmit = 0 '\0', st_try = 0, st_margin = 0, st_outbound_count = 0, 
  st_outbound_time = 0, st_p1isa = {ptr = 0x0, len = 0}, st_skeyid = {ptr = 0x0, len = 0}, st_skeyid_d = {ptr = 0x810aa18 "��\222fZ\033�\031q�S\216G�M\023\t\036$�, 
    len = 20}, st_skeyid_a = {ptr = 0x810ce70 ",9�f)@dp�_U5\223\tzI\v��\031", len = 20}, st_skeyid_e = {ptr = 0x810ce88 "3�\"\223�{,\t�\026�`�n�L!", len = 20}, 
  st_iv = '\0' <repeats 63 times>, st_old_iv = '\0' <repeats 63 times>, st_new_iv = "�005r��001�", '\0' <repeats 55 times>, st_ph1_iv = '\0' <repeats 63 times>, 
  st_iv_len = 0, st_old_iv_len = 0, st_new_iv_len = 0, st_ph1_iv_len = 0, st_enc_key = {ptr = 0x810cea0 "�020��0247�036\003L${g��\003u�\205=6�026\216\003\215H!", 
    len = 24}, st_event = 0x810a528, st_hashchain_next = 0x810a068, st_hashchain_prev = 0x0, hidden_variables = {st_malformed_received = 0, st_malformed_sent = 0, 
    st_xauth_client_done = 0, st_xauth_client_attempt = 0, st_modecfg_server_done = 0, st_modecfg_vars_set = 0, st_got_certrequest = 0, st_modecfg_started = 0, 
    st_skeyid_calculated = 1, st_dpd = 0, st_dpd_local = 0, st_nat_traversal = 0, st_nat_oa = {u = {v4 = {sin_family = 2, sin_port = 0, sin_addr = {s_addr = 0}, 
          sin_zero = "\000\000\000\000\000\000\000"}, v6 = {sin6_family = 2, sin6_port = 0, sin6_flowinfo = 0, sin6_addr = {in6_u = {
              u6_addr8 = '\0' <repeats 15 times>, u6_addr16 = {0, 0, 0, 0, 0, 0, 0, 0}, u6_addr32 = {0, 0, 0, 0}}}, sin6_scope_id = 0}}}, st_natd = {u = {v4 = {
          sin_family = 2, sin_port = 0, sin_addr = {s_addr = 0}, sin_zero = "\000\000\000\000\000\000\000"}, v6 = {sin6_family = 2, sin6_port = 0, sin6_flowinfo = 0, 
          sin6_addr = {in6_u = {u6_addr8 = '\0' <repeats 15 times>, u6_addr16 = {0, 0, 0, 0, 0, 0, 0, 0}, u6_addr32 = {0, 0, 0, 0}}}, sin6_scope_id = 0}}}}, 
  st_xauth_username = 0x0, st_last_dpd = 0, st_dpd_seqno = 0, st_dpd_expectseqno = 0, st_dpd_peerseqno = 0, st_dpd_event = 0x0, st_seen_vendorid = 0, quirks = {
    xauth_ack_msgid = 0, modecfg_pull_mode = 0, nat_traversal_vid = 0}}

And the end of the debugging log:
Mar 15 01:53:45 keitarou pluto[3053]: | **parse ISAKMP Message:
Mar 15 01:53:45 keitarou pluto[3053]: |    initiator cookie:
Mar 15 01:53:45 keitarou pluto[3053]: |   99 f7 69 75  0b 3d 20 23
Mar 15 01:53:45 keitarou pluto[3053]: |    responder cookie:
Mar 15 01:53:45 keitarou pluto[3053]: |   00 34 9f 96  d2 61 9f 57
Mar 15 01:53:45 keitarou pluto[3053]: |    next payload type: ISAKMP_NEXT_HASH
Mar 15 01:53:45 keitarou pluto[3053]: |    ISAKMP version: ISAKMP Version 1.0
Mar 15 01:53:45 keitarou pluto[3053]: |    exchange type: ISAKMP_XCHG_QUICK
Mar 15 01:53:45 keitarou pluto[3053]: |    flags: ISAKMP_FLAG_ENCRYPTION
Mar 15 01:53:45 keitarou pluto[3053]: |    message ID:  04 77 64 7f
Mar 15 01:53:45 keitarou pluto[3053]: |    length: 1300
Mar 15 01:53:45 keitarou pluto[3053]: | ICOOKIE:  99 f7 69 75  0b 3d 20 23
Mar 15 01:53:45 keitarou pluto[3053]: | RCOOKIE:  00 34 9f 96  d2 61 9f 57
Mar 15 01:53:45 keitarou pluto[3053]: | peer:  0a 14 1e c6
Mar 15 01:53:45 keitarou pluto[3053]: | state hash entry 27
Mar 15 01:53:45 keitarou pluto[3053]: | peer and cookies match on #3, provided msgid 0477647f vs 0477647f
Mar 15 01:53:45 keitarou pluto[3053]: | state object #3 found, in STATE_QUICK_R0
Mar 15 01:53:45 keitarou pluto[3053]: | received encrypted packet from 10.20.30.198:500
Mar 15 01:53:45 keitarou pluto[3053]: | decrypting 1272 bytes using algorithm OAKLEY_3DES_CBC

Also, is there actual CVS access? I couldn't see any way to actually get
it, and the whole rsync process was a bit the long way 'round.

-- 
Paul "TBBle" Hampson, on an alternate email client.

More information about the Users mailing list