[Openswan Users] Pluto dies doing keyexchange with Win2K

Paul Wouters paul at xelerance.com
Mon Mar 14 18:33:16 CET 2005 

On Tue, 15 Mar 2005, Paul Hampson wrote:

>>> #7  0x08059064 in passert_fail (pred_str=0x80c8940 "STATE_IKE_FLOOR <=
>>> from_state && from_state <= STATE_IKE_ROOF", file_str=0x80c7954 "demux.c",
>>> line_no=1799)
>
>> I believe this is fixed in head. We're waiting with releasing a 2.3.1 until
>> another bug (the rekey
>> bug) has been fixed.
>
> OK, I grabbed what I think is current CVS over rsync, un-rcs'd it and
> with a patch, was able to build a Debian package and install it.
>
> However, I got a different problem. Another failed passert, but this one
> gracefully aborts, rather than segfaulting. Which is nice. ^_^

Ewww. Michael, does the trace below help diagnose this problem?

> (gdb) bt
> #0  0xffffe410 in __kernel_vsyscall ()
> #1  0xb7e80805 in raise () from /lib/tls/i686/cmov/libc.so.6
> #2  0xb7e81f82 in abort () from /lib/tls/i686/cmov/libc.so.6
> #3  0x08057cc9 in passert_fail (pred_str=0x80bfda0 "st->st_new_iv_len >= e->enc_blocksize", file_str=0x80bfcf8 "crypto.c", line_no=219) at log.c:598
> #4  0x08054ac0 in crypto_cbc_encrypt (e=0x80ed140, enc=0, buf=0x810eb9c "ÿÿÿÿ, size=1272, st=0x810df80) at crypto.c:219
> #5  0x0807cd0e in process_packet (mdp=0x80f0aec) at demux.c:1950
> #6  0x0807b3d4 in comm_handle (ifp=0x8106b40) at demux.c:1167
> #7  0x0805efe2 in call_server () at server.c:1124
> #8  0x0805babc in main (argc=8, argv=0xbffff844) at plutomain.c:746
> (gdb) frame 4
> #4  0x08054ac0 in crypto_cbc_encrypt (e=0x80ed140, enc=0, buf=0x810eb9c "ÿÿÿÿ, size=1272, st=0x810df80) at crypto.c:219
> 219         passert(st->st_new_iv_len >= e->enc_blocksize);
> (gdb) p st->st_new_iv_len
> $1 = 0
> (gdb) p e->enc_blocksize
> $2 = 8
> (gdb) p st
> $3 = (struct state *) 0x810df80
> (gdb) up
> #5  0x0807cd0e in process_packet (mdp=0x80f0aec) at demux.c:1950
> 1950                crypto_cbc_encrypt(e, FALSE, md->message_pbs.cur,
> (gdb) p new_iv_set
> $4 = 0
> (gdb) p st->st_iv_len
> $5 = 0
> (gdb) p st
> $6 = (struct state *) 0x810df80
> (gdb) p *st
> $7 = {st_serialno = 3, st_clonedfrom = 1, st_usage = 0, st_connection = 0x810cf90, st_whack_sock = -1, st_suspended_md = 0x0, st_oakley = {encrypt = 5,
>    enckeylen = 192, encrypter = 0x80ed140, hash = 2, hasher = 0x80ed1a0, auth = 3, xauth = 0, group = 0x80bfcb8, life_seconds = 28800, life_kilobytes = 0}, st_ah = {
>    present = 0, attrs = {transid = 0 '\0', spi = 0, life_seconds = 0, life_kilobytes = 0, encapsulation = 0, auth = 0, key_len = 0, key_rounds = 0}, our_spi = 0,
>    keymat_len = 0, our_keymat = 0x0, peer_keymat = 0x0}, st_esp = {present = 1, attrs = {transid = 3 '\003', spi = 1799330965, life_seconds = 3600,
>      life_kilobytes = 250000, encapsulation = 2, auth = 1, key_len = 0, key_rounds = 0}, our_spi = 0, keymat_len = 0, our_keymat = 0x0, peer_keymat = 0x0},
>  st_ipcomp = {present = 0, attrs = {transid = 0 '\0', spi = 0, life_seconds = 0, life_kilobytes = 0, encapsulation = 0, auth = 0, key_len = 0, key_rounds = 0},
>    our_spi = 0, keymat_len = 0, our_keymat = 0x0, peer_keymat = 0x0}, st_tunnel_in_spi = 0, st_tunnel_out_spi = 0, st_pfs_group = 0x0, st_doi = 1, st_situation = 1,
>  st_policy = 70, st_remoteaddr = {u = {v4 = {sin_family = 2, sin_port = 62465, sin_addr = {s_addr = 3323859978}, sin_zero = "\000\000\000\000\000\000\000"}, v6 = {
>        sin6_family = 2, sin6_port = 62465, sin6_flowinfo = 3323859978, sin6_addr = {in6_u = {u6_addr8 = '\0' <repeats 15 times>, u6_addr16 = {0, 0, 0, 0, 0, 0, 0, 0},
>            u6_addr32 = {0, 0, 0, 0}}}, sin6_scope_id = 0}}}, st_remoteport = 500, st_localaddr = {u = {v4 = {sin_family = 2, sin_port = 62465, sin_addr = {
>          s_addr = 18748426}, sin_zero = "\000\000\000\000\000\000\000"}, v6 = {sin6_family = 2, sin6_port = 62465, sin6_flowinfo = 18748426, sin6_addr = {in6_u = {
>            u6_addr8 = '\0' <repeats 15 times>, u6_addr16 = {0, 0, 0, 0, 0, 0, 0, 0}, u6_addr32 = {0, 0, 0, 0}}}, sin6_scope_id = 0}}}, st_localport = 500,
>  st_msgid = 2137290500, st_msgid_phase15 = 0, st_msgid_phase15b = 0, st_used_msgids = 0x0, st_gi = {ptr = 0x0, len = 0}, st_icookie = "\231ÿÿu\v= #", st_ni = {
>    ptr = 0x810a4e0 "L\225\203\035\201ÿÿ+\"\nÿÿÿÿÿÿ220Aÿÿv\0041", len = 20}, st_gr = {ptr = 0x0, len = 0}, st_rcookie = "\0004\237\226ÿÿ\237W", st_nr = {ptr = 0x0,
>    len = 0}, st_tpacket = {ptr = 0x0, len = 0}, st_myuserprotoid = 17 '\021', st_myuserport = 1701, st_rpacket = {ptr = 0x0, len = 0}, st_peeruserprotoid = 17 '\021',
>  st_peeruserport = 1701, st_sec_in_use = 0 '\0', st_sec = {_mp_alloc = 0, _mp_size = 0, _mp_d = 0x0}, st_sec_chunk = {ptr = 0x0, len = 0}, st_shared = {ptr = 0x0,
>    len = 0}, st_import = 0, st_peer_pubkey = 0x0, st_state = STATE_QUICK_R0, st_retransmit = 0 '\0', st_try = 0, st_margin = 0, st_outbound_count = 0,
>  st_outbound_time = 0, st_p1isa = {ptr = 0x0, len = 0}, st_skeyid = {ptr = 0x0, len = 0}, st_skeyid_d = {ptr = 0x810aa18 "ÿÿÿÿ\222fZ\033ÿÿ\031qÿÿS\216GÿÿM\023\t\036$ÿÿ,
>    len = 20}, st_skeyid_a = {ptr = 0x810ce70 ",9ÿÿf)@dpÿÿ_U5\223\tzI\vÿÿÿÿ\031", len = 20}, st_skeyid_e = {ptr = 0x810ce88 "3ÿÿ\"\223ÿÿ{,\tÿÿ\026ÿÿ`ÿÿnÿÿL!", len = 20},
>  st_iv = '\0' <repeats 63 times>, st_old_iv = '\0' <repeats 63 times>, st_new_iv = "ÿÿ005rÿÿÿÿ001ÿÿ", '\0' <repeats 55 times>, st_ph1_iv = '\0' <repeats 63 times>,
>  st_iv_len = 0, st_old_iv_len = 0, st_new_iv_len = 0, st_ph1_iv_len = 0, st_enc_key = {ptr = 0x810cea0 "ÿÿ020ÿÿÿÿ0247ÿÿ036\003L${gÿÿÿÿ\003uÿÿ\205=6ÿÿ026\216\003\215H!",
>    len = 24}, st_event = 0x810a528, st_hashchain_next = 0x810a068, st_hashchain_prev = 0x0, hidden_variables = {st_malformed_received = 0, st_malformed_sent = 0,
>    st_xauth_client_done = 0, st_xauth_client_attempt = 0, st_modecfg_server_done = 0, st_modecfg_vars_set = 0, st_got_certrequest = 0, st_modecfg_started = 0,
>    st_skeyid_calculated = 1, st_dpd = 0, st_dpd_local = 0, st_nat_traversal = 0, st_nat_oa = {u = {v4 = {sin_family = 2, sin_port = 0, sin_addr = {s_addr = 0},
>          sin_zero = "\000\000\000\000\000\000\000"}, v6 = {sin6_family = 2, sin6_port = 0, sin6_flowinfo = 0, sin6_addr = {in6_u = {
>              u6_addr8 = '\0' <repeats 15 times>, u6_addr16 = {0, 0, 0, 0, 0, 0, 0, 0}, u6_addr32 = {0, 0, 0, 0}}}, sin6_scope_id = 0}}}, st_natd = {u = {v4 = {
>          sin_family = 2, sin_port = 0, sin_addr = {s_addr = 0}, sin_zero = "\000\000\000\000\000\000\000"}, v6 = {sin6_family = 2, sin6_port = 0, sin6_flowinfo = 0,
>          sin6_addr = {in6_u = {u6_addr8 = '\0' <repeats 15 times>, u6_addr16 = {0, 0, 0, 0, 0, 0, 0, 0}, u6_addr32 = {0, 0, 0, 0}}}, sin6_scope_id = 0}}}},
>  st_xauth_username = 0x0, st_last_dpd = 0, st_dpd_seqno = 0, st_dpd_expectseqno = 0, st_dpd_peerseqno = 0, st_dpd_event = 0x0, st_seen_vendorid = 0, quirks = {
>    xauth_ack_msgid = 0, modecfg_pull_mode = 0, nat_traversal_vid = 0}}
>
> And the end of the debugging log:
> Mar 15 01:53:45 keitarou pluto[3053]: | **parse ISAKMP Message:
> Mar 15 01:53:45 keitarou pluto[3053]: |    initiator cookie:
> Mar 15 01:53:45 keitarou pluto[3053]: |   99 f7 69 75  0b 3d 20 23
> Mar 15 01:53:45 keitarou pluto[3053]: |    responder cookie:
> Mar 15 01:53:45 keitarou pluto[3053]: |   00 34 9f 96  d2 61 9f 57
> Mar 15 01:53:45 keitarou pluto[3053]: |    next payload type: ISAKMP_NEXT_HASH
> Mar 15 01:53:45 keitarou pluto[3053]: |    ISAKMP version: ISAKMP Version 1.0
> Mar 15 01:53:45 keitarou pluto[3053]: |    exchange type: ISAKMP_XCHG_QUICK
> Mar 15 01:53:45 keitarou pluto[3053]: |    flags: ISAKMP_FLAG_ENCRYPTION
> Mar 15 01:53:45 keitarou pluto[3053]: |    message ID:  04 77 64 7f
> Mar 15 01:53:45 keitarou pluto[3053]: |    length: 1300
> Mar 15 01:53:45 keitarou pluto[3053]: | ICOOKIE:  99 f7 69 75  0b 3d 20 23
> Mar 15 01:53:45 keitarou pluto[3053]: | RCOOKIE:  00 34 9f 96  d2 61 9f 57
> Mar 15 01:53:45 keitarou pluto[3053]: | peer:  0a 14 1e c6
> Mar 15 01:53:45 keitarou pluto[3053]: | state hash entry 27
> Mar 15 01:53:45 keitarou pluto[3053]: | peer and cookies match on #3, provided msgid 0477647f vs 0477647f
> Mar 15 01:53:45 keitarou pluto[3053]: | state object #3 found, in STATE_QUICK_R0
> Mar 15 01:53:45 keitarou pluto[3053]: | received encrypted packet from 10.20.30.198:500
> Mar 15 01:53:45 keitarou pluto[3053]: | decrypting 1272 bytes using algorithm OAKLEY_3DES_CBC
>
> Also, is there actual CVS access? I couldn't see any way to actually get
> it, and the whole rsync process was a bit the long way 'round.

Yup, see http://www.openswan.org/development/cvs.php

Paul
-- 

"At best it is a theory, at worst a fantasy" -- Michael Crichton

More information about the Users mailing list