[Openswan Users] Still server crash
David McCullough
david_mccullough at mcafee.com
Fri Apr 2 08:25:19 EDT 2010
Jivin Dennis van der Meer lays it down ...
> Hi David,
>
> It seems that your suggestion did the trick. I needed a few days to
> build a new kernel.
> For some reason I had a lot of problems with it but it had nothing to do
> with openswan.
> Now I need to get my roadwarrior setup working, together with l2tp but I
> am sure it will
> work eventually.
> Thanks for all the help.
Great, we let us know if you hit problems,
Cheers,
Davidm
> -----Original Message-----
> From: David McCullough [mailto:david_mccullough at mcafee.com]
> Sent: dinsdag 30 maart 2010 6:27
> To: Dennis van der Meer
> Cc: users at openswan.org
> Subject: Re: [Openswan Users] Still server crash
>
>
> Jivin Dennis van der Meer lays it down ...
> > Hi,
> >
> > Last week I have been trying to see if I can get a stable version of
> KLIPS working but I seem to crash my entire server
> >
> > whenever I try this. I??ve been able to crash my VMWare test system
> but also a production server that is not using VMWare.
> >
> > As soon as I try to make a connection using ipsec from another
> location the whole system crashes. I was able to change
> >
> > the number of screen lines to 60 so I could see a little bit more (see
> partial info below). Maybe someone can help me track
> >
> > down the problem. So far I have tried a recent GIT build, 2 different
> kernel versions and the latest official openswan version;
> >
> > all have the same problems with the crash.
>
>
> We have been seeing problems with the builtin crypto for openswan. I
> haven't had a chance to look at it yet but the workaround is fairly
> simple.
> We just switch to using the kernel crypto API and not the openswan
> included
> versions of des etc.
>
> Setup for kernel .config as follows (or similar depending on kernel
> version):
>
> CONFIG_KLIPS=y
> #
> # KLIPS options
> #
> CONFIG_KLIPS_ESP=y
> # CONFIG_KLIPS_AH is not set
> CONFIG_KLIPS_AUTH_HMAC_MD5=y
> CONFIG_KLIPS_AUTH_HMAC_SHA1=y
> CONFIG_KLIPS_ALG=y
> CONFIG_KLIPS_ENC_CRYPTOAPI=y
> # CONFIG_KLIPS_ENC_1DES is not set
> # CONFIG_KLIPS_ENC_3DES is not set
> # CONFIG_KLIPS_ENC_AES is not set
> CONFIG_KLIPS_IPCOMP=y
> # CONFIG_KLIPS_OCF is not set
> CONFIG_KLIPS_DEBUG=y
> CONFIG_KLIPS_IF_MAX=4
>
> CONFIG_CRYPTO=y
> #
> # Crypto core or helper
> #
> CONFIG_CRYPTO_ALGAPI=y
> CONFIG_CRYPTO_ALGAPI2=y
> CONFIG_CRYPTO_AEAD2=y
> CONFIG_CRYPTO_BLKCIPHER=y
> CONFIG_CRYPTO_BLKCIPHER2=y
> CONFIG_CRYPTO_HASH=y
> CONFIG_CRYPTO_HASH2=y
> CONFIG_CRYPTO_RNG2=y
> CONFIG_CRYPTO_PCOMP=y
> CONFIG_CRYPTO_MANAGER=y
> CONFIG_CRYPTO_MANAGER2=y
> CONFIG_CRYPTO_WORKQUEUE=y
> CONFIG_CRYPTO_CBC=y
> CONFIG_CRYPTO_ECB=y
> CONFIG_CRYPTO_HMAC=y
> CONFIG_CRYPTO_MD5=y
> CONFIG_CRYPTO_SHA1=y
> CONFIG_CRYPTO_SHA256=y
> CONFIG_CRYPTO_SHA512=y
> CONFIG_CRYPTO_AES=y
> CONFIG_CRYPTO_ARC4=y
> CONFIG_CRYPTO_DES=y
>
> That should see you working I think,
>
> Cheers,
> Davidm
>
>
> > Partial crash info:
> >
> >
> >
> > Code: 00 00 00 23 1f a3 e0 20 1f a3 e0 17 1f a3 e0 13 1f a3 e0 10 1f
> a3 e0 0d 1f
> >
> > a3 e0 04 1f a3 e0 55 53 56 57 8b 6c 24 1c 8b 5c 24 2c (8b) 33 8b 7b
> 04 57 56 57
> >
> > 56 89 e3 8b 74 24 24 8b 7c 24 28 8b 4c
> >
> > EIP: [(e0a31f9c)] .des_ncbc_encrypt_end+0xc/0x1e0 [ipsec] SS:ESP
> 0068:de775af0
> >
> > CR2: 000000006a5a85a4
> >
> > ---[ end trace 33b374d09a6bcf21 ]---
> >
> > Kernel panic ?? not syncing: Fatal exception in interrupt
> >
> > Pid: 2043, comm.: sh Tainted: G D 2.6.33 #4
> >
> > Call Trace:
> >
> > [<c148fd84>] ? printk+0x18/0x1a
> >
> > [<c148fcb2>] panic+0x43/0xfd
> >
> > [<c100d3c3>] oops_end+0x83/0x90
> >
> > [<c101f4be>] no_context+0xbe/0x160
> >
> > [<c101f5af>] __bad_area_nosemaphone+0x4f/0x180
> >
> > [<c104efd2>] ? sched_clock_local+0xd2/0x170
> >
> > [<c1031423>] ? task_tick_fair+0x33/0x110
> >
> > [<c103108b>] ? scheduler_tick+0xeb/0x150
> >
> > [<c101f6f2>] bad_area_nosemaphone+0x12/0x20
> >
> > [<c101fadc>] do_page_fault+0x25c/0x300
> >
> > [<c10559e5>] ? tick_periodic+0x25/0x70
> >
> > [<c1055a49>] ? tick_handle_periodic+0x19/0x90
> >
> > [<c101f880>] ? do_page_fault+0x0/0x300
> >
> > [<c1492ace>] error_code+0x66/0x6c
> >
> > [<c101f880>] ? do_page_fault+0x0/0x300
> >
> > [<e0a31f9c>] ? .des_ncbc_encrypt_end+0xc/0x1e0 [ipsec]
> >
> > [<e0a2f279>] ? _3des_cbc_encrypt+0x49/0x60 [ipsec]
> >
> > [<e0a2f15d>] ? ipsec_alg_esp_encrypt+0x5d/0x130 [ipsec]
> >
> > [<e0a2a5f5>] ? ipsec_rcv_esp_decrypt+0x75/0x110 [ipsec]
> >
> > [<e0a17cc5>] ? ipsec_rcv_decrypt+0x25/0x60 [ipsec]
> >
> > [<e0a19649>] ? ipsec_rsm+0x49/0x2a0 [ipsec]
> >
> > [<e0a1955b>] ? ipsec_rcv_state_new+0x4b/0xb0 [ipsec]
> >
> > [<e0a199d7>] ? ipsec_rcv+0x27/0x90 [ipsec]
> >
> > [<c14065a6>] ? ip_local_deliver_finish+0x86/0x170
> >
> > [<c140671f>] ? ip_local_deliver+0x8f/0xa0
> >
> > [<c1406520>] ? ip_local_deliver_finish+0x0/0x170
> >
> > [<c1405fbb>] ? ip_rcv_finish+0x14b/0x310
> >
> > [<c1405e70>] ? ip_rcv_finish+0x0/0x310
> >
> > [<c14063b5>] ? ip_rcv+0x235/0x290
> >
> > [<c1405e70>] ? ip_rcv_finish+0x0/0x310
> >
> > [<c13af3ec>] ? netif_receive_skb+0x1bc/0x450
> >
> > [<e08304f4>] ? e1000_clean_rx_irq+0x2d4/0x420 [e1000]
> >
> > [<e082fbdd>] ? e1000_clean+0x1cd/0x500 [e1000]
> >
> > [<c106c46e>] ? handle_fasteoi_irq+0x7e/0xc0
> >
> > [<c10053ca>] ? handle_irq+0x1a/0x30
> >
> > [<c13afd2d>] ? net_rx_action+0x7d/0x100
> >
> > [<c103af45>] ? __do_softirq+0x85/0x110
> >
> > [<c1040054>] ? update_process_times+0x54/0x70
> >
> > [<c103affd>] ? do_softirq+0x2d/0x40
> >
> > [<c103b15d>] ? irq_exit+0x2d/0x40
> >
> > [<c1017b17>] ? smp_apic_time_interrupt+0x57/0x90
> >
> > [<c14928a2>] ? apic_timer_interrupt+0x2a/0x30
> >
> > [<c125e0a2>] ? prio_tree_remove+0x32/0xe0
> >
> > [<c1088122>] ? vma_prio_tree_remove+0x72/0xf0
> >
> > [<c10917dd>] ? vma_adjust+0xfd/0x470
> >
> > [<c1091c3a>] ? __split_vma+0xea/0x140
> >
> > [<c1091fbf>] ? split_vma+0x2f/0x40
> >
> > [<c1093596>] ? mprotect_fixup+0x306/0x360
> >
> > [<c109376e>] ? sys_mprotect+0x17e/0x220
> >
> > [<c14924b5>] ? syscall_call+0x7/0xb
> >
> >
> >
> > Thanks,
> >
> >
> >
> > Dennis
> >
> >
>
> > _______________________________________________
> > Users at openswan.org
> > http://lists.openswan.org/mailman/listinfo/users
> > Building and Integrating Virtual Private Networks with Openswan:
> >
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>
>
> --
> David McCullough, david_mccullough at mcafee.com, Ph:+61 734352815
> McAfee - SnapGear http://www.mcafee.com
> http://www.uCdot.org
>
>
--
David McCullough, david_mccullough at mcafee.com, Ph:+61 734352815
McAfee - SnapGear http://www.mcafee.com http://www.uCdot.org
More information about the Users
mailing list