[Openswan Users] Pluto Segmentation fault in 2.4.7

Pompon pompon2 at gmail.com
Mon Mar 5 05:05:55 EST 2007 

Hi list,

Following our last week experiment with Segmentation fault, we moved the
connection to a staging platform, and we've got a backtrace of the bug :

tamerlane:root# gdb /usr/local/libexec/ipsec/pluto /etc/core
GNU gdb 6.3-debian
Core was generated by `/usr/local/libexec/ipsec/pluto --nofork --secretsfile
/etc/ipsec.secrets --ipse'.
Program terminated with signal 11, Segmentation fault.

warning: current_sos: Can't read pathname for load map: Input/output error

Reading symbols from /usr/lib/libgmp.so.3...done.
Loaded symbols for /usr/lib/libgmp.so.3
Reading symbols from /lib/tls/libresolv.so.2...done.
Loaded symbols for /lib/tls/libresolv.so.2
Reading symbols from /lib/tls/libc.so.6...done.
Loaded symbols for /lib/tls/libc.so.6
Reading symbols from /lib/ld-linux.so.2...done.
Loaded symbols for /lib/ld-linux.so.2
#0  fmt_log (buf=0xbfe61780 "", buf_len=1024, fmt=0x80bdf20 "ASSERTION
FAILED at %s:%lu: %s", ap=0x0) at log.c:149
149             snprintf(bp, be - bp, "\"%s\"", c->name);

(gdb) bt
#0  fmt_log (buf=0xbfe61780 "", buf_len=1024, fmt=0x80bdf20 "ASSERTION
FAILED at %s:%lu: %s", ap=0x0) at log.c:149
#1  0x08056cd1 in openswan_loglog (mess_no=135371408, message=0x8119a90
"Hy�\227\021\b", '' <repeats 192 times>...) at log.c:434
#2  0x08057c30 in passert_fail (pred_str=0x8119a90 "Hy�\227\021\b", ''
<repeats 192 times>...,
    file_str=0x8119a90 "Hy�\227\021\b", '' <repeats 192 times>...,
line_no=135371408) at log.c:606
#3  0x0807b3c4 in complete_state_transition (mdp=0x80edd6c,
result=STF_INLINE) at demux.c:2738
#4  0x080795f5 in process_packet (mdp=0x80edd6c) at demux.c:2352
#5  0x0807bcbc in comm_handle (ifp=0x8116500) at demux.c:1223
#6  0x0805d070 in call_server () at server.c:1166
#7  0x0805b0d1 in main (argc=12, argv=0xbfe62264) at plutomain.c:787


The PFS is declared on both side, and our partner use a linksys VPN (and not
openswan as I first thought). Applying the Matthias's patch make pluto not
crashing even if the tunnels don't go up. In this case, here is the related
auth-log :

 Mar 5 10:12:52 tamerlane pluto[12459]: "faulty_connection" #10: responding
to Main Mode
Mar 5 10:12:52 tamerlane pluto[12459]: "faulty_connection" #10:
OAKLEY_DES_CBC is not supported. Attribute OAKLEY_ENCRYPTION_ALGORITHM
Mar 5 10:12:52 tamerlane pluto[12459]: "faulty_connection" #10:
OAKLEY_DES_CBC is not supported. Attribute OAKLEY_ENCRYPTION_ALGORITHM
Mar 5 10:12:52 tamerlane pluto[12459]: "faulty_connection" #10: transition
from state STATE_MAIN_R0 to state STATE_MAIN_R1
Mar 5 10:12:52 tamerlane pluto[12459]: "faulty_connection" #10:
STATE_MAIN_R1: sent MR1, expecting MI2
Mar 5 10:12:55 tamerlane pluto[12459]: "faulty_connection" #10: transition
from state STATE_MAIN_R1 to state STATE_MAIN_R2
Mar 5 10:12:55 tamerlane pluto[12459]: "faulty_connection" #10:
STATE_MAIN_R2: sent MR2, expecting MI3
Mar 5 10:13:10 tamerlane pluto[12459]: "faulty_connection" #10: Main mode
peer ID is ID_IPV4_ADDR: '222.126.123.139'
Mar 5 10:13:10 tamerlane pluto[12459]: "faulty_connection" #10: I did not
send a certificate because I do not have one.
Mar 5 10:13:10 tamerlane pluto[12459]: "faulty_connection" #10: transition
from state STATE_MAIN_R2 to state STATE_MAIN_R3
Mar 5 10:13:10 tamerlane pluto[12459]: "faulty_connection" #10:
STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY
cipher=oakley_3des_cbc_192 prf=oakley_sha group=modp1024}
Mar 5 10:13:10 tamerlane pluto[12459]: "faulty_connection" #10: Dead Peer
Detection (RFC 3706): not enabled because peer did not advertise it
Mar 5 10:13:11 tamerlane pluto[12459]: "faulty_connection" #11: only
OAKLEY_GROUP_MODP1024 and OAKLEY_GROUP_MODP1536 supported for PFS
Mar 5 10:13:11 tamerlane pluto[12459]: "faulty_connection" #11: sending
encrypted notification BAD_PROPOSAL_SYNTAX to 222.126.123.139:500
Mar 5 10:13:33 tamerlane pluto[12459]: "faulty_connection" #12: responding
to Main Mode
Mar 5 10:13:33 tamerlane pluto[12459]: "faulty_connection" #12:
OAKLEY_DES_CBC is not supported. Attribute OAKLEY_ENCRYPTION_ALGORITHM
Mar 5 10:13:33 tamerlane pluto[12459]: "faulty_connection" #12:
OAKLEY_DES_CBC is not supported. Attribute OAKLEY_ENCRYPTION_ALGORITHM
Mar 5 10:13:33 tamerlane pluto[12459]: "faulty_connection" #12: transition
from state STATE_MAIN_R0 to state STATE_MAIN_R1
Mar 5 10:13:33 tamerlane pluto[12459]: "faulty_connection" #12:
STATE_MAIN_R1: sent MR1, expecting MI2
Mar 5 10:13:35 tamerlane pluto[12459]: "faulty_connection" #12: transition
from state STATE_MAIN_R1 to state STATE_MAIN_R2
Mar 5 10:13:35 tamerlane pluto[12459]: "faulty_connection" #12:
STATE_MAIN_R2: sent MR2, expecting MI3


Switching off the PFS on both side make the tunnel works using either the
patched or not patched pluto binary.

Jean-Michel.



2007/3/2, Paul Wouters <paul at xelerance.com>:
>
> On Fri, 2 Mar 2007, Pompon wrote:
>
> > We encountered a bug in openswan 2.4.7 running on debian kernel 2.6.8with
> > Klips stack that crashes our entire production platform tunnels !!
> >
> > After investigations, this is due to a new connection we have just
> declared
> > that seems perfectly normal compared to our hundred others. When this
> > connections goes up, pluto end with a "Segmentation fault", then pluto
> is
> > endless restarted and faulting every 30 seconds making all other tunnels
> > unusable !
>
> Please enable dumpdir=/tmp in config setup, crash openswan, and use the
> source and core dump in /tmp/ to give us a full backtrace.
>
> > --- openswan-2.4.7/programs/pluto/demux.c Fri Jan 12 11:35:21 2007
> > +++ openswan-2.4.7-debug/programs/pluto/demux.c Fri Jan 12 12:16:07 2007
> > @@ -2411,7 +2411,7 @@
> >      * we can only be in calculating state if state is ignore,
> >      * or suspended.
> >      */
> > -    passert(result == STF_IGNORE || result == STF_SUSPEND ||
> > st->st_calculating==FALSE);
> > +    passert(result == STF_INLINE || result == STF_IGNORE || result ==
> > STF_SUSPEND || st->st_calculating==FALSE);
>
> This is already incorporated into 2.4.8rc1.
>
> Paul
> --
> Building and integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20070305/7b798de5/attachment-0001.html

More information about the Users mailing list