[Openswan Users] ipsec hanging machine

Paul Wouters paul at xelerance.com
Sat May 15 12:10:37 EDT 2010


On Fri, 14 May 2010, Matthew L. Bowman wrote:

> Occasionally ipsec causes the machine to lock up and a reboot is the only option. It works fine for connections, for the
> most part this behavior happened from restarting the ipsec service. But, recently someone attempted to vpn in, a hacker
> by the looks of things,  not someone with a valid certificate.

That is extremely unlikely. Perhaps a single packet on port 500 could cause a log entry, but hacking in via
openswan is not possible. There is a lot of marshalling happening before packets can flow.

> Seems to have caused the following..

the below trace looks like a kernel panic in NETKEY. I suggest updating the kernel to whatever the latest of
that distribution is.

Paul


> May 14 12:29:05 imryrr kernel: [1463985.774987] Modules linked in: tcp_diag inet_diag xfrm4_mode_tunnel ppp_deflate
> bsd_comp ppp_async crc_ccitt authenc xfrm
> 
> 4_mode_transport pppoe pppox ppp_generic slhc act_police sch_ingress sch_sfq sch_cbq cls_u32 sch_htb ipt_REJECT xt_state
> xt_limit xt_mark iptable_filter ipt_
> 
> LOG iptable_nat xt_tcpudp xt_MARK iptable_mangle ip_tables x_tables tun xfrm_user xfrm4_tunnel tunnel4 ipcomp esp4 aead
> ah4 ipv6 deflate zlib_deflate zlib_in
> 
> flate ctr twofish twofish_common camellia serpent blowfish des_generic cbc aes_i586 aes_generic xcbc sha256_generic
> sha1_generic crypto_null crypto_blkcipher
> 
>  af_key ext2 reiserfs dm_snapshot dm_mirror dm_log dm_mod nf_nat_ftp nf_nat nf_conntrack_ipv4 nf_conntrack_ftp
> nf_conntrack 8021q ide_disk video output psmou
> 
> se snd_pcsp snd_pcm snd_timer snd soundcore snd_page_alloc serio_raw button rng_core iTCO_wdt e752x_edac edac_core
> shpchp pci_hotplug dcdbas evdev ext3 jbd m
> 
> bcache sg sd_mod ide_cd_mod cdrom ata_generic libata dock piix floppy ide_pci_generi
> 
> May 14 12:29:05 imryrr kernel:  ide_core megaraid_mbox scsi_mod megaraid_mm ehci_hcd e1000 uhci_hcd usbcore thermal
> processor fan thermal_sys
> 
> May 14 12:29:05 imryrr kernel: [1463985.774987]
> 
> May 14 12:29:05 imryrr kernel: [1463985.774987] Pid: 4917, comm: pluto Tainted: G        W (2.6.26-1-686 #1)
> 
> May 14 12:29:05 imryrr kernel: [1463985.774987] EIP: 0060:[ipv6:_spin_lock+0x10/0x15] EFLAGS: 00000202 CPU: 2
> 
> May 14 12:29:05 imryrr kernel: [1463985.774987] EIP is at _spin_lock+0x10/0x15
> 
> May 14 12:29:05 imryrr kernel: [1463985.774987] EAX: f2279d2c EBX: f2279d2c ECX: 000001e0 EDX: 00007576
> 
> May 14 12:29:05 imryrr kernel: [1463985.774987] ESI: f2279d00 EDI: f2cf0680 EBP: 00000001 ESP: f7d2fd28
> 
> May 14 12:29:05 imryrr kernel: [1463985.774987]  DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068
> 
> May 14 12:29:05 imryrr kernel: [1463985.774987] CR0: 8005003b CR2: b768a000 CR3: 34cdc000 CR4: 000006d0
> 
> May 14 12:29:05 imryrr kernel: [1463985.774987] DR0: 00000000 DR1: 00000000 DR2: 00000000 DR3: 00000000
> 
> May 14 12:29:05 imryrr kernel: [1463985.774987] DR6: ffff0ff0 DR7: 00000400
> 
> May 14 12:29:05 imryrr kernel: [1463985.774987]  [udp_queue_rcv_skb+0xd1/0x229] ? udp_queue_rcv_skb+0xd1/0x229
> 
> May 14 12:29:05 imryrr kernel: [1463985.774987]  [ipv6:release_sock+0x3a/0x85] ? release_sock+0x3a/0x85
> 
> May 14 12:29:05 imryrr kernel: [1463985.774987]  [udp_recvmsg+0x1c9/0x233] ? udp_recvmsg+0x1c9/0x233
> 
> May 14 12:29:05 imryrr kernel: [1463985.774987]  [ipv6:sock_common_recvmsg+0x2f/0x45] ? sock_common_recvmsg+0x2f/0x45
> 
> May 14 12:29:05 imryrr kernel: [1463985.774987]  [sock_recvmsg+0xde/0xf9] ? sock_recvmsg+0xde/0xf9
> 
> May 14 12:29:05 imryrr kernel: [1463985.774987]  [<c011b61d>] ? default_wake_function+0x0/0x8
> 
> May 14 12:29:05 imryrr kernel: [1463985.774987]  [<c013177c>] ? autoremove_wake_function+0x0/0x2d
> 
> May 14 12:29:05 imryrr kernel: [1463985.774987]  [<c011b61d>] ? default_wake_function+0x0/0x8
> 
> May 14 12:29:05 imryrr kernel: [1463985.774987]  [sys_recvmsg+0x117/0x1c8] ? sys_recvmsg+0x117/0x1c8
> 
> May 14 12:29:05 imryrr kernel: [1463985.774987]  [sys_sendto+0xfc/0x127] ? sys_sendto+0xfc/0x127
> 
> May 14 12:29:05 imryrr kernel: [1463985.774987]  [move_addr_to_user+0x50/0x68] ? move_addr_to_user+0x50/0x68
> 
> May 14 12:29:05 imryrr kernel: [1463985.774987]  [sys_getsockname+0x76/0xa1] ? sys_getsockname+0x76/0xa1
> 
> May 14 12:29:05 imryrr kernel: [1463985.774987]  [sys_socketcall+0x190/0x19e] ? sys_socketcall+0x190/0x19e
> 
> May 14 12:29:05 imryrr kernel: [1463985.774987]  [sys_poll+0x3b/0x6e] ? sys_poll+0x3b/0x6e
> 
> May 14 12:29:05 imryrr kernel: [1463985.774987]  [sysenter_past_esp+0x78/0xb1] ? sysenter_past_esp+0x78/0xb1
> 
> May 14 12:29:05 imryrr kernel: [1463985.774987]  [virtcons_probe+0xd6/0xdd] ? virtcons_probe+0xd6/0xdd
> 
> May 14 12:29:05 imryrr kernel: [1463985.774987]  =======================
> 
> May 14 12:29:07 imryrr kernel: [1463987.408107] NETDEV WATCHDOG: eth0: transmit timed out
> 
> 
>


More information about the Users mailing list