[Openswan Users] ASSERTION FAILED at %s:%lu: %s

Marco Berizzi pupilla at hotmail.com
Wed May 9 08:23:06 EDT 2007


Hi. I think I have found a pluto bug
while doing some testing with vista.
When vista (the initiator) talk to
openswan with pfs=no pluto crash with:

GNU gdb 6.5
Copyright (C) 2006 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you
are
welcome to change it and/or distribute copies of it under certain
conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for
details.
This GDB was configured as "i486-slackware-linux"...Using host
libthread_db library "/lib/tls/libthread_db.so.1".


warning: Can't read pathname for load map: Input/output error.
Reading symbols from /usr/lib/libgmp.so.3...done.
Loaded symbols for /usr/lib/libgmp.so.3
Reading symbols from /lib/tls/libresolv.so.2...done.
Loaded symbols for /lib/tls/libresolv.so.2
Reading symbols from /lib/tls/libc.so.6...done.
Loaded symbols for /lib/tls/libc.so.6
Reading symbols from /lib/ld-linux.so.2...done.
Loaded symbols for /lib/ld-linux.so.2
Core was generated by
`/usr/local/libexec/ipsec/pluto --nofork --secretsfile
/etc/ipsec.secrets --ipse'.
Program terminated with signal 11, Segmentation fault.
#0  fmt_log (buf=0xbfc6cee0 "", buf_len=1024,
    fmt=0x80c8c30 "ASSERTION FAILED at %s:%lu: %s", ap=0xbfc6d2f8
"Ã\023\r\bn\t")
    at log.c:149
149             snprintf(bp, be - bp, "\"%s\"", c->name);
(gdb) where
#0  fmt_log (buf=0xbfc6cee0 "", buf_len=1024,
    fmt=0x80c8c30 "ASSERTION FAILED at %s:%lu: %s", ap=0xbfc6d2f8
"Ã\023\r\bn\t")
    at log.c:149
#1  0x08056b75 in openswan_loglog (mess_no=3,
    message=0x80c8c30 "ASSERTION FAILED at %s:%lu: %s") at log.c:434
#2  0x0805747e in passert_fail (
    pred_str=0x80d1a90 "result == STF_IGNORE || result == STF_SUSPEND ||
st->st_calculating==FALSE", file_str=0x80d13c3 "demux.c", line_no=2414)
at log.c:606
#3  0x08075fbf in complete_state_transition (mdp=0x80f5b4c,
result=STF_INLINE)
    at demux.c:2728
#4  0x08077f9e in process_packet (mdp=0x80f5b4c) at demux.c:2352
#5  0x08078c95 in comm_handle (ifp=0x810a478) at demux.c:1223
#6  0x0805d92b in call_server () at server.c:1166
#7  0x0805a7ea in main (argc=11, argv=0xbfc7d9f4) at plutomain.c:787

Here is /var/log/secure

May  9 14:01:52 Calimero pluto[2418]: Starting Pluto (Openswan Version
2.4.8rc1 PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR; Vendor ID
OE_\134Pgj}uHpe)
May  9 14:01:52 Calimero pluto[2418]: Setting NAT-Traversal port-4500
floating to off
May  9 14:01:52 Calimero pluto[2418]:    port floating activation
criteria nat_t=0/port_fload=1
May  9 14:01:52 Calimero pluto[2418]:   including NAT-Traversal patch
(Version 0.6c) [disabled]
May  9 14:01:52 Calimero pluto[2418]: ike_alg_register_enc(): Activating
OAKLEY_TWOFISH_CBC_SSH: Ok (ret=0)
May  9 14:01:52 Calimero pluto[2418]: ike_alg_register_enc(): Activating
OAKLEY_TWOFISH_CBC: Ok (ret=0)
May  9 14:01:52 Calimero pluto[2418]: ike_alg_register_enc(): Activating
OAKLEY_SERPENT_CBC: Ok (ret=0)
May  9 14:01:52 Calimero pluto[2418]: ike_alg_register_enc(): Activating
OAKLEY_AES_CBC: Ok (ret=0)
May  9 14:01:52 Calimero pluto[2418]: ike_alg_register_enc(): Activating
OAKLEY_BLOWFISH_CBC: Ok (ret=0)
May  9 14:01:52 Calimero pluto[2418]: ike_alg_register_hash():
Activating OAKLEY_SHA2_512: Ok (ret=0)
May  9 14:01:52 Calimero pluto[2418]: ike_alg_register_hash():
Activating OAKLEY_SHA2_256: Ok (ret=0)
May  9 14:01:52 Calimero pluto[2418]: no helpers will be started, all
cryptographic operations will be done inline
May  9 14:01:52 Calimero pluto[2418]: Using NETKEY IPsec interface code
on 2.6.21
May  9 14:01:52 Calimero pluto[2418]: Changing to directory
'/etc/ipsec.d/cacerts'
May  9 14:01:52 Calimero pluto[2418]:   loaded CA cert file
'cacert-consultant.pem' (1586 bytes)
May  9 14:01:52 Calimero pluto[2418]: Changing to directory
'/etc/ipsec.d/aacerts'
May  9 14:01:52 Calimero pluto[2418]: Changing to directory
'/etc/ipsec.d/ocspcerts'
May  9 14:01:52 Calimero pluto[2418]: Changing to directory
'/etc/ipsec.d/crls'
May  9 14:01:52 Calimero pluto[2418]:   Warning: empty directory
May  9 14:01:52 Calimero pluto[2418]: added connection description "rw"
May  9 14:01:52 Calimero pluto[2418]: listening for IKE messages
May  9 14:01:52 Calimero pluto[2418]: adding interface eth1/eth1
192.168.5.10:500
May  9 14:01:52 Calimero pluto[2418]: adding interface eth0/eth0
172.16.1.247:500
May  9 14:01:52 Calimero pluto[2418]: adding interface lo/lo
127.0.0.1:500
May  9 14:01:52 Calimero pluto[2418]: loading secrets from
"/etc/ipsec.secrets"
May  9 14:01:59 Calimero pluto[2418]: packet from 172.16.0.121:500:
Informational Exchange is for an unknown (expired?) SA
May  9 14:02:04 Calimero pluto[2418]: packet from 172.16.0.121:500:
ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000005]
May  9 14:02:04 Calimero pluto[2418]: packet from 172.16.0.121:500:
received Vendor ID payload [RFC 3947] meth=110, but port floating is off
May  9 14:02:04 Calimero pluto[2418]: packet from 172.16.0.121:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106,
but port floating is off
May  9 14:02:04 Calimero pluto[2418]: packet from 172.16.0.121:500:
ignoring Vendor ID payload [FRAGMENTATION]
May  9 14:02:04 Calimero pluto[2418]: packet from 172.16.0.121:500:
ignoring unknown Vendor ID payload [fb1de3cdf341b7ea16b7e5be0855f120]
May  9 14:02:04 Calimero pluto[2418]: packet from 172.16.0.121:500:
ignoring Vendor ID payload [Vid-Initial-Contact]
May  9 14:02:04 Calimero pluto[2418]: packet from 172.16.0.121:500:
ignoring unknown Vendor ID payload [e3a5966a76379fe707228231e5ce8652]
May  9 14:02:04 Calimero pluto[2418]: "rw" #1: responding to Main Mode
May  9 14:02:04 Calimero pluto[2418]: "rw" #1: transition from state
STATE_MAIN_R0 to state STATE_MAIN_R1
May  9 14:02:04 Calimero pluto[2418]: "rw" #1: STATE_MAIN_R1: sent MR1,
expecting MI2
May  9 14:02:04 Calimero pluto[2418]: "rw" #1: transition from state
STATE_MAIN_R1 to state STATE_MAIN_R2
May  9 14:02:04 Calimero pluto[2418]: "rw" #1: STATE_MAIN_R2: sent MR2,
expecting MI3
May  9 14:02:04 Calimero pluto[2418]: "rw" #1: Main mode peer ID is
ID_IPV4_ADDR: '172.16.0.121'
May  9 14:02:04 Calimero pluto[2418]: "rw" #1: I did not send a
certificate because I do not have one.
May  9 14:02:04 Calimero pluto[2418]: "rw" #1: transition from state
STATE_MAIN_R2 to state STATE_MAIN_R3
May  9 14:02:04 Calimero pluto[2418]: "rw" #1: STATE_MAIN_R3: sent MR3,
ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=aes_128
prf=oakley_sha group=modp1024}
May  9 14:02:04 Calimero pluto[2418]: "rw" #2: we require PFS but Quick
I1 SA specifies no GROUP_DESCRIPTION
May  9 14:02:04 Calimero pluto[2418]: "rw" #2: sending encrypted
notification NO_PROPOSAL_CHOSEN to 172.16.0.121:500
May  9 14:02:15 Calimero ipsec__plutorun: Unknown default RSA hostkey
scheme, not generating a default hostkey
May  9 14:02:15 Calimero ipsec__plutorun: Restarting Pluto subsystem...
May  9 14:02:15 Calimero pluto[2603]: Starting Pluto (Openswan Version
2.4.8rc1 PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR; Vendor ID
OE_\134Pgj}uHpe)

and /etc/ipsec.conf

conn rw
        right=172.16.0.121 <== vista ip address
        auto=add
        pfs=yes            <== vista has pfs=no
        compress=yes
        authby=secret
        leftsubnet=192.168.5.0/24

As you may see this error happens with
2.4.8-rc1 running on Slackware 11.0 +
linux vanilla 2.6.21

TIA




More information about the Users mailing list