[Openswan Users] Pluto segfault on openswan-2.6.23

Giovani Moda giovani at mrinformatica.com.br
Wed Oct 7 17:37:56 EDT 2009 

>That's a kernel bug, so tracing the userland process won't help. As
>a workaround, you can try esp=3des and ike=3des-sha1 to avoid the aes
>code.

Still crashes:

/etc/ipsec.conf

config setup
        dumpdir=/var/run/pluto/
        nat_traversal=yes
 
virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12
        oe=off
        protostack=klips
        klipsdebug=none
        plutodebug=none
        interfaces="ipsec0=eth0"
        plutorestartoncrash=no

conn %default
        compress=yes
        disablearrivalcheck=no
        esp=3des
        ike=3des-sha1

conn MR-Empresa
        authby=rsasig
        rightcert=mr.pem
        rightid="C=BR, ST=Sao Paulo, L=Piracicaba, O=Teste,
CN=mr.testdomain.com.br"
        auto=add
        also=l2tp-ipsec

conn l2tp-ipsec
        type=transport
        pfs=no
        left=192.168.1.2
        leftcert=inet.pem
        leftrsasigkey=%cert
        leftprotoport=17/1701
        right=%any
        rightca=%same
        rightprotoport=17/1701
        rightrsasigkey=%cert
        rightsubnet=vhost:%no,%priv
        rekey=no


/var/log/secure

Oct  7 15:27:33 inet pluto[3773]: packet from 192.168.1.5:500: ignoring
Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000006]
Oct  7 15:27:33 inet pluto[3773]: packet from 192.168.1.5:500: received
Vendor ID payload [RFC 3947] method set to=109
Oct  7 15:27:33 inet pluto[3773]: packet from 192.168.1.5:500: received
Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but
already using method 109
Oct  7 15:27:33 inet pluto[3773]: packet from 192.168.1.5:500: ignoring
Vendor ID payload [FRAGMENTATION]
Oct  7 15:27:33 inet pluto[3773]: packet from 192.168.1.5:500: ignoring
Vendor ID payload [MS-Negotiation Discovery Capable]
Oct  7 15:27:33 inet pluto[3773]: packet from 192.168.1.5:500: ignoring
Vendor ID payload [Vid-Initial-Contact]
Oct  7 15:27:33 inet pluto[3773]: packet from 192.168.1.5:500: ignoring
Vendor ID payload [IKE CGA version 1]
Oct  7 15:27:33 inet pluto[3773]: "MR-Empresa"[1] 192.168.1.5 #1:
responding to Main Mode from unknown peer 192.168.1.5
Oct  7 15:27:33 inet pluto[3773]: "MR-Empresa"[1] 192.168.1.5 #1:
OAKLEY_GROUP 20 not supported.  Attribute OAKLEY_GROUP_DESCRIPTION
Oct  7 15:27:33 inet pluto[3773]: "MR-Empresa"[1] 192.168.1.5 #1:
OAKLEY_GROUP 19 not supported.  Attribute OAKLEY_GROUP_DESCRIPTION
Oct  7 15:27:33 inet pluto[3773]: "MR-Empresa"[1] 192.168.1.5 #1:
transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Oct  7 15:27:33 inet pluto[3773]: "MR-Empresa"[1] 192.168.1.5 #1:
STATE_MAIN_R1: sent MR1, expecting MI2
Oct  7 15:27:33 inet pluto[3773]: "MR-Empresa"[1] 192.168.1.5 #1:
NAT-Traversal: Result using RFC 3947 (NAT-Traversal): peer is NATed
Oct  7 15:27:33 inet pluto[3773]: "MR-Empresa"[1] 192.168.1.5 #1:
transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Oct  7 15:27:33 inet pluto[3773]: "MR-Empresa"[1] 192.168.1.5 #1:
STATE_MAIN_R2: sent MR2, expecting MI3
Oct  7 15:27:33 inet pluto[3773]: "MR-Empresa"[1] 192.168.1.5 #1: Main
mode peer ID is ID_DER_ASN1_DN: 'C=BR, ST=Sao Paulo, L=Piracicaba,
O=Teste, CN=mr.testdomain.com.br'
Oct  7 15:27:33 inet pluto[3773]: "MR-Empresa"[1] 192.168.1.5 #1: I am
sending my cert
Oct  7 15:27:33 inet pluto[3773]: "MR-Empresa"[1] 192.168.1.5 #1:
transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Oct  7 15:27:33 inet pluto[3773]: "MR-Empresa"[1] 192.168.1.5 #1: new
NAT mapping for #1, was 192.168.1.5:500, now 192.168.1.5:4500
Oct  7 15:27:33 inet pluto[3773]: "MR-Empresa"[1] 192.168.1.5 #1:
STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_RSA_SIG
cipher=oakley_3des_cbc_192 prf=oakley_sha group=modp2048}
Oct  7 15:27:33 inet pluto[3773]: "MR-Empresa"[1] 192.168.1.5 #1: the
peer proposed: 192.168.1.2/32:17/1701 -> 192.168.2.10/32:17/1701
Oct  7 15:27:33 inet pluto[3773]: "MR-Empresa"[1] 192.168.1.5 #1:
NAT-Traversal: received 2 NAT-OA. using first, ignoring others
Oct  7 15:27:33 inet pluto[3773]: "MR-Empresa"[1] 192.168.1.5 #2:
responding to Quick Mode proposal {msgid:01000000}
Oct  7 15:27:33 inet pluto[3773]: "MR-Empresa"[1] 192.168.1.5 #2:
us: 192.168.1.2<192.168.1.2>[+S=C]:17/1701
Oct  7 15:27:33 inet pluto[3773]: "MR-Empresa"[1] 192.168.1.5 #2:
them: 192.168.1.5[C=BR, ST=Sao Paulo, L=Piracicaba, O=Teste,
CN=mr.testdomain.com.br,+S=C]:17/1701===192.168.2.10/32
Oct  7 15:27:33 inet pluto[3776]: pluto_crypto_helper: helper (0) is
normal exiting



dmesg

BUG: unable to handle kernel NULL pointer dereference at 00000000
IP: [<f915c32d>] :ipsec:aes_32+0x3/0x496
*pde = 00000000
Oops: 0002 [#1] SMP
Modules linked in: bridge stp bnep rfcomm l2cap bluetooth ipsec ccm aead
serpent blowfish twofish twofish_common ecb xcbc cbc crypto_blkcipher
sha256_generic sha512_generic des_generic aes_i586 aes_generic sunrpc
ipv6 dm_mirror dm_log dm_multipath scsi_dh dm_mod 8139too i915 drm
i2c_i801 usb_storage iTCO_wdt 8139cp skge mii sr_mod i2c_algo_bit
iTCO_vendor_support i2c_core cdrom pcspkr sg pata_acpi ata_generic
ata_piix libata sd_mod scsi_mod crc_t10dif ext3 jbd mbcache uhci_hcd
ohci_hcd ehci_hcd [last unloaded: microcode]

Pid: 1819, comm: pluto Not tainted (2.6.27.35-79.2.56.fc9_mr.i686 #1)
EMAX 945GC-M2
EIP: 0060:[<f915c32d>] EFLAGS: 00010202 CPU: 1
EIP is at aes_32+0x3/0x496 [ipsec]
EAX: f56cd800 EBX: 00000208 ECX: 00000004 EDX: 00000000
ESI: f56cd000 EDI: f56cda08 EBP: f561ab28 ESP: f561ab14
 DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068
Process pluto (pid: 1819, ti=f561a000 task=f5657230 task.ti=f561a000)
Stack: f56cda08 f56cd000 00000208 fffffff4 f561ab44 f561ab38 00000202
f915abbf
       00000000 f561ab40 f915a8f6 f561ab64 f9157968 00000010 f561ab60
f56cd800
       f9186144 00000003 f56cd000 f914ed14 f561ac5c f913cd3e 00002000
00000000
Call Trace:
 [<f915abbf>] ? AES_set_key+0xa/0x2b [ipsec]
 [<f915a8f6>] ? _aes_set_key+0xf/0x19 [ipsec]
 [<f9157968>] ? ipsec_alg_enc_key_create+0x1cf/0x284 [ipsec]
 [<f914ed14>] ? pfkey_address_process+0x0/0x4b9 [ipsec]
 [<f913cd3e>] ? ipsec_sa_init+0x4ee/0x8c5 [ipsec]
 [<c049c211>] ? do_select+0x492/0x4bb
 [<c061c4c5>] ? fn_hash_lookup+0x38/0x87
 [<c06186ba>] ? __inet_dev_addr_type+0x70/0xa7
 [<f914ed14>] ? pfkey_address_process+0x0/0x4b9 [ipsec]
 [<f914bec1>] ? pfkey_add_parse+0x1c2/0x6eb [ipsec]
 [<c042068b>] ? __wake_up_common+0x35/0x5b
 [<f9151884>] ? pfkey_msg_parse+0x466/0x5fe [ipsec]
 [<f914ec82>] ? pfkey_key_process+0x10d/0x19f [ipsec]
 [<f914ed14>] ? pfkey_address_process+0x0/0x4b9 [ipsec]
 [<f9149dda>] ? pfkey_msg_interp+0x236/0x29c [ipsec]
 [<c046e395>] ? unlock_page+0x4b/0x4e
 [<f914995e>] ? pfkey_sendmsg+0x2b1/0x3bf [ipsec]
 [<c05cd968>] ? __sock_sendmsg+0x45/0x4e
 [<c05cda3b>] ? sock_aio_write+0xca/0xde
 [<c0491075>] ? do_sync_write+0xab/0xe9
 [<c043d342>] ? autoremove_wake_function+0x0/0x33
 [<c04de4d6>] ? security_file_permission+0xf/0x11
 [<c049188b>] ? vfs_write+0x95/0xdf
 [<c049196e>] ? sys_write+0x3b/0x60
 [<c0404c8a>] ? syscall_call+0x7/0xb
 =======================
Code: 89 e5 83 ec 08 53 56 57 8b 55 0c 8b 4d 14 81 f9 80 00 00 00 72 03
c1 e9 03 83 f9 20 74 0a 83 f9 18 74 05 b9 10 00 00 00 c1 e9 02 <89> 0a
8d 41 06 89 42 04 8b 75 10 8d 7a 08 fc 55 89 c8 f3 a5 8b
EIP: [<f915c32d>] aes_32+0x3/0x496 [ipsec] SS:ESP 0068:f561ab14
---[ end trace 081a5b02166310e2 ]---

I'll try to get Oops on kernel 2.6.18 and 2.6.23 to see if it matches
this one.

Giovani

More information about the Users mailing list