[Openswan Users] ipsec hanging machine
Paul Wouters
paul at xelerance.com
Sat May 15 12:10:37 EDT 2010
On Fri, 14 May 2010, Matthew L. Bowman wrote:
> Occasionally ipsec causes the machine to lock up and a reboot is the only option. It works fine for connections, for the
> most part this behavior happened from restarting the ipsec service. But, recently someone attempted to vpn in, a hacker
> by the looks of things, not someone with a valid certificate.
That is extremely unlikely. Perhaps a single packet on port 500 could cause a log entry, but hacking in via
openswan is not possible. There is a lot of marshalling happening before packets can flow.
> Seems to have caused the following..
the below trace looks like a kernel panic in NETKEY. I suggest updating the kernel to whatever the latest of
that distribution is.
Paul
> May 14 12:29:05 imryrr kernel: [1463985.774987] Modules linked in: tcp_diag inet_diag xfrm4_mode_tunnel ppp_deflate
> bsd_comp ppp_async crc_ccitt authenc xfrm
>
> 4_mode_transport pppoe pppox ppp_generic slhc act_police sch_ingress sch_sfq sch_cbq cls_u32 sch_htb ipt_REJECT xt_state
> xt_limit xt_mark iptable_filter ipt_
>
> LOG iptable_nat xt_tcpudp xt_MARK iptable_mangle ip_tables x_tables tun xfrm_user xfrm4_tunnel tunnel4 ipcomp esp4 aead
> ah4 ipv6 deflate zlib_deflate zlib_in
>
> flate ctr twofish twofish_common camellia serpent blowfish des_generic cbc aes_i586 aes_generic xcbc sha256_generic
> sha1_generic crypto_null crypto_blkcipher
>
> af_key ext2 reiserfs dm_snapshot dm_mirror dm_log dm_mod nf_nat_ftp nf_nat nf_conntrack_ipv4 nf_conntrack_ftp
> nf_conntrack 8021q ide_disk video output psmou
>
> se snd_pcsp snd_pcm snd_timer snd soundcore snd_page_alloc serio_raw button rng_core iTCO_wdt e752x_edac edac_core
> shpchp pci_hotplug dcdbas evdev ext3 jbd m
>
> bcache sg sd_mod ide_cd_mod cdrom ata_generic libata dock piix floppy ide_pci_generi
>
> May 14 12:29:05 imryrr kernel: ide_core megaraid_mbox scsi_mod megaraid_mm ehci_hcd e1000 uhci_hcd usbcore thermal
> processor fan thermal_sys
>
> May 14 12:29:05 imryrr kernel: [1463985.774987]
>
> May 14 12:29:05 imryrr kernel: [1463985.774987] Pid: 4917, comm: pluto Tainted: G W (2.6.26-1-686 #1)
>
> May 14 12:29:05 imryrr kernel: [1463985.774987] EIP: 0060:[ipv6:_spin_lock+0x10/0x15] EFLAGS: 00000202 CPU: 2
>
> May 14 12:29:05 imryrr kernel: [1463985.774987] EIP is at _spin_lock+0x10/0x15
>
> May 14 12:29:05 imryrr kernel: [1463985.774987] EAX: f2279d2c EBX: f2279d2c ECX: 000001e0 EDX: 00007576
>
> May 14 12:29:05 imryrr kernel: [1463985.774987] ESI: f2279d00 EDI: f2cf0680 EBP: 00000001 ESP: f7d2fd28
>
> May 14 12:29:05 imryrr kernel: [1463985.774987] DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068
>
> May 14 12:29:05 imryrr kernel: [1463985.774987] CR0: 8005003b CR2: b768a000 CR3: 34cdc000 CR4: 000006d0
>
> May 14 12:29:05 imryrr kernel: [1463985.774987] DR0: 00000000 DR1: 00000000 DR2: 00000000 DR3: 00000000
>
> May 14 12:29:05 imryrr kernel: [1463985.774987] DR6: ffff0ff0 DR7: 00000400
>
> May 14 12:29:05 imryrr kernel: [1463985.774987] [udp_queue_rcv_skb+0xd1/0x229] ? udp_queue_rcv_skb+0xd1/0x229
>
> May 14 12:29:05 imryrr kernel: [1463985.774987] [ipv6:release_sock+0x3a/0x85] ? release_sock+0x3a/0x85
>
> May 14 12:29:05 imryrr kernel: [1463985.774987] [udp_recvmsg+0x1c9/0x233] ? udp_recvmsg+0x1c9/0x233
>
> May 14 12:29:05 imryrr kernel: [1463985.774987] [ipv6:sock_common_recvmsg+0x2f/0x45] ? sock_common_recvmsg+0x2f/0x45
>
> May 14 12:29:05 imryrr kernel: [1463985.774987] [sock_recvmsg+0xde/0xf9] ? sock_recvmsg+0xde/0xf9
>
> May 14 12:29:05 imryrr kernel: [1463985.774987] [<c011b61d>] ? default_wake_function+0x0/0x8
>
> May 14 12:29:05 imryrr kernel: [1463985.774987] [<c013177c>] ? autoremove_wake_function+0x0/0x2d
>
> May 14 12:29:05 imryrr kernel: [1463985.774987] [<c011b61d>] ? default_wake_function+0x0/0x8
>
> May 14 12:29:05 imryrr kernel: [1463985.774987] [sys_recvmsg+0x117/0x1c8] ? sys_recvmsg+0x117/0x1c8
>
> May 14 12:29:05 imryrr kernel: [1463985.774987] [sys_sendto+0xfc/0x127] ? sys_sendto+0xfc/0x127
>
> May 14 12:29:05 imryrr kernel: [1463985.774987] [move_addr_to_user+0x50/0x68] ? move_addr_to_user+0x50/0x68
>
> May 14 12:29:05 imryrr kernel: [1463985.774987] [sys_getsockname+0x76/0xa1] ? sys_getsockname+0x76/0xa1
>
> May 14 12:29:05 imryrr kernel: [1463985.774987] [sys_socketcall+0x190/0x19e] ? sys_socketcall+0x190/0x19e
>
> May 14 12:29:05 imryrr kernel: [1463985.774987] [sys_poll+0x3b/0x6e] ? sys_poll+0x3b/0x6e
>
> May 14 12:29:05 imryrr kernel: [1463985.774987] [sysenter_past_esp+0x78/0xb1] ? sysenter_past_esp+0x78/0xb1
>
> May 14 12:29:05 imryrr kernel: [1463985.774987] [virtcons_probe+0xd6/0xdd] ? virtcons_probe+0xd6/0xdd
>
> May 14 12:29:05 imryrr kernel: [1463985.774987] =======================
>
> May 14 12:29:07 imryrr kernel: [1463987.408107] NETDEV WATCHDOG: eth0: transmit timed out
>
>
>
More information about the Users
mailing list