This list is intended for people who want to be involved with the development and design of OpenSWAN. ()

Ruben Laban | 2 Feb 2010 20:03

Picon

[Openswan dev] Failed test for fix of ipsecX tcpdump bug

Using latest git, the following happens when I try to up a conn using KLIPS:

Feb  2 19:47:10 vn-t-fw01 pluto[4669]: packet from 172.16.2.10:500: ignoring unknown Vendor ID payload [4f454a64436d56714e727861]
Feb  2 19:47:10 vn-t-fw01 pluto[4669]: packet from 172.16.2.10:500: received Vendor ID payload [Dead
Peer Detection]
Feb  2 19:47:10 vn-t-fw01 pluto[4669]: "tunnel2" #1: responding to Main Mode
Feb  2 19:47:10 vn-t-fw01 pluto[4669]: "tunnel2" #1: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Feb  2 19:47:10 vn-t-fw01 pluto[4669]: "tunnel2" #1: STATE_MAIN_R1: sent MR1, expecting MI2
Feb  2 19:47:10 vn-t-fw01 pluto[4669]: "tunnel2" #1: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Feb  2 19:47:10 vn-t-fw01 pluto[4669]: "tunnel2" #1: STATE_MAIN_R2: sent MR2, expecting MI3
Feb  2 19:47:10 vn-t-fw01 pluto[4669]: "tunnel2" #1: Main mode peer ID is ID_IPV4_ADDR: '172.16.2.10'
Feb  2 19:47:10 vn-t-fw01 pluto[4669]: "tunnel2" #1: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Feb  2 19:47:10 vn-t-fw01 pluto[4669]: "tunnel2" #1: STATE_MAIN_R3: sent MR3, ISAKMP SA established
{auth=OAKLEY_RSA_SIG cipher=oakley_3des_cbc_192 prf=oakley_md5 group=modp1536}
Feb  2 19:47:10 vn-t-fw01 pluto[4669]: "tunnel2" #1: the peer proposed: 172.16.4.0/24:0/0 -> 172.16.1.0/24:0/0
Feb  2 19:47:10 vn-t-fw01 pluto[4669]: "tunnel2" #2: responding to Quick Mode proposal {msgid:b7cacc21}
Feb  2 19:47:10 vn-t-fw01 pluto[4669]: "tunnel2" #2:     us: 172.16.4.0/24===172.16.3.21<172.16.3.21>[+S=C]---172.16.3.10
Feb  2 19:47:10 vn-t-fw01 pluto[4669]: "tunnel2" #2:   them: 172.16.2.20---172.16.2.10<172.16.2.10>[+S=C]===172.16.1.0/24
Feb  2 19:47:10 vn-t-fw01 pluto[4669]: | NAT-OA: 0 tunnel: 0  
Feb  2 19:47:10 vn-t-fw01 pluto[4669]: "tunnel2" #2: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
Feb  2 19:47:10 vn-t-fw01 pluto[4669]: "tunnel2" #2: STATE_QUICK_R1: sent QR1, inbound IPsec SA
installed, expecting QI2
Feb  2 19:47:10 vn-t-fw01 pluto[4669]: "tunnel2" #2: pfkey_lib_debug:pfkey_msg_hdr_build: satype 104
> max 9 
Feb  2 19:47:10 vn-t-fw01 pluto[4669]: "tunnel2" #2: building of pfkey_msg_hdr flow
tun.1001 <at> 172.16.2.10 failed, code -22
Feb  2 19:47:10 vn-t-fw01 pluto[4669]: | raw_eroute result=0 
Feb  2 19:47:15 vn-t-fw01 pluto[4669]: "tunnel2" #3: initiating Quick Mode
RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEv2ALLOW {using isakmp#1 msgid:4dfa6c49
proposal=3DES(3)_192-MD5(1)_128,

(Continue reading)

hiren joshi | 3 Feb 2010 16:31

Picon

[Openswan dev] openswan-2.6.24 KLIPS compilation fails for kernel-2.6.18-8

Hello,

I was able to compile openswan-2.6.23 for linux-2.6.18-8 (with a minor
modification related to scatterlist interface).
However openswan-2.6.24 KLIPS compilation fails.
Does some code needs to be wrapped under KERNEL_VERSION(2,6,24) or
some other conditional compilation macro?

[hiren <at> fedora linux-2.6.18.8-crl]$ make
  CHK     include/linux/version.h
  CHK     include/linux/utsrelease.h
  CHK     include/linux/compile.h
  CC [M]  net/ipsec/ipsec_tunnel.o
net/ipsec/ipsec_tunnel.c: In function 'klips_header':
net/ipsec/ipsec_tunnel.c:249: error: 'struct net_device' has no member
named 'header_ops'
net/ipsec/ipsec_tunnel.c: In function 'klips_header_parse':
net/ipsec/ipsec_tunnel.c:278: error: 'struct net_device' has no member
named 'header_ops'
net/ipsec/ipsec_tunnel.c: In function 'klips_rebuild_header':
net/ipsec/ipsec_tunnel.c:331: error: 'struct net_device' has no member
named 'header_ops'
net/ipsec/ipsec_tunnel.c: In function 'klips_header_cache':
net/ipsec/ipsec_tunnel.c:339: warning: passing argument 1 of
'netdev_priv' discards qualifiers from pointer target type
net/ipsec/ipsec_tunnel.c:355: error: 'struct net_device' has no member
named 'header_ops'
net/ipsec/ipsec_tunnel.c: In function 'klips_header_cache_update':
net/ipsec/ipsec_tunnel.c:363: warning: passing argument 1 of
'netdev_priv' discards qualifiers from pointer target type

(Continue reading)

David McCullough | 3 Feb 2010 23:02

Re: [Openswan dev] openswan-2.6.24 KLIPS compilation fails for kernel-2.6.18-8


Jivin hiren joshi lays it down ...
> Hello,
> 
> I was able to compile openswan-2.6.23 for linux-2.6.18-8 (with a minor
> modification related to scatterlist interface).
> However openswan-2.6.24 KLIPS compilation fails.
> Does some code needs to be wrapped under KERNEL_VERSION(2,6,24) or
> some other conditional compilation macro?

Yes,  this has been fixed in git and will be in 2.6.25,  if you have access
to git you could look there for a diff or just use the git version.

Cheers,
Davidm

> [hiren <at> fedora linux-2.6.18.8-crl]$ make
>   CHK     include/linux/version.h
>   CHK     include/linux/utsrelease.h
>   CHK     include/linux/compile.h
>   CC [M]  net/ipsec/ipsec_tunnel.o
> net/ipsec/ipsec_tunnel.c: In function 'klips_header':
> net/ipsec/ipsec_tunnel.c:249: error: 'struct net_device' has no member
> named 'header_ops'
> net/ipsec/ipsec_tunnel.c: In function 'klips_header_parse':
> net/ipsec/ipsec_tunnel.c:278: error: 'struct net_device' has no member
> named 'header_ops'
> net/ipsec/ipsec_tunnel.c: In function 'klips_rebuild_header':
> net/ipsec/ipsec_tunnel.c:331: error: 'struct net_device' has no member
> named 'header_ops'

(Continue reading)

Tuomo Soini | 4 Feb 2010 13:11

Picon

[Openswan dev] problem with ASSERTION FAILED

Something has really broken in openswan-2.6. ASSERT doesn't cause core
dump any more. This makes it quite much harder to debug problems.

Anybody know how to fix this?

--

-- 
Tuomo Soini <tis <at> foobar.fi>
Foobar Linux services
+358 40 5240030
Foobar Oy <http://foobar.fi/>

David McCullough | 4 Feb 2010 13:21

Re: [Openswan dev] problem with ASSERTION FAILED


Jivin Tuomo Soini lays it down ...
> Something has really broken in openswan-2.6. ASSERT doesn't cause core
> dump any more. This makes it quite much harder to debug problems.
> 
> Anybody know how to fix this?

Looks to me like ASSERT is not used anywhere in openswan.

There is passert() and some others in openswan/passert.h.  This
needs DEBUG to be defined.

You should be able to call assert().

Have a look around the code for assertions and follow their example,

Cheers,
Davidm.

--

-- 
David McCullough,      david_mccullough <at> mcafee.com,  Ph:+61 734352815
McAfee - SnapGear      http://www.mcafee.com         http://www.uCdot.org

Paul Wouters | 4 Feb 2010 15:26

Re: [Openswan dev] problem with ASSERTION FAILED

On Thu, 4 Feb 2010, David McCullough wrote:

>> Something has really broken in openswan-2.6. ASSERT doesn't cause core
>> dump any more. This makes it quite much harder to debug problems.
>>
>> Anybody know how to fix this?
>
> Looks to me like ASSERT is not used anywhere in openswan.
>
> There is passert() and some others in openswan/passert.h.  This
> needs DEBUG to be defined.
>
> You should be able to call assert().
>
> Have a look around the code for assertions and follow their example,

What Tuomo is saying is that the assert/passert calls seem to cause
openswan to crash now, instead of producing a core dump. I do think
there is a problem now with this mechanism. This is also causing
plutorun issues where plutorun is no longer starting a new pluto
process when it detects pluto has crashed.

Paul

David McCullough | 5 Feb 2010 00:15

Re: [Openswan dev] problem with ASSERTION FAILED


Jivin Paul Wouters lays it down ...
> On Thu, 4 Feb 2010, David McCullough wrote:
> 
> >> Something has really broken in openswan-2.6. ASSERT doesn't cause core
> >> dump any more. This makes it quite much harder to debug problems.
> >>
> >> Anybody know how to fix this?
> >
> > Looks to me like ASSERT is not used anywhere in openswan.
> >
> > There is passert() and some others in openswan/passert.h.  This
> > needs DEBUG to be defined.
> >
> > You should be able to call assert().
> >
> > Have a look around the code for assertions and follow their example,
> 
> What Tuomo is saying is that the assert/passert calls seem to cause
> openswan to crash now, instead of producing a core dump. I do think
> there is a problem now with this mechanism. This is also causing
> plutorun issues where plutorun is no longer starting a new pluto
> process when it detects pluto has crashed.

You should be getting at least a log entry/file/line for any abort that
happens.

It does all it's logging etc and then calls abort (depending on all kinds of
obfuscation of what actually gets called).

(Continue reading)

Paul Wouters | 5 Feb 2010 03:07

Re: [Openswan dev] problem with ASSERTION FAILED

On Fri, 5 Feb 2010, David McCullough wrote:

> You should be getting at least a log entry/file/line for any abort that
> happens.

I think what is happening is that we're getting "aborted" within the
process of the abort/logging routines.

This might have to do with errors in the crypto pluto helpers and
signaling in threads.

> This is a ulimit thing by any chance ?

The issue is not so much no core file appearing, but the fact that no
new pluto is spawned.

Paul

Tuomo Soini | 5 Feb 2010 07:59

Picon

Re: [Openswan dev] problem with ASSERTION FAILED

David McCullough wrote:

> Not sure I follow,  you are crashing while trying to log the abort,
> or crashing in the abort routines is hiding something ?

I think again that log tell us more than thousand words.

https://bugs.openswan.org/issues/1086

--

-- 
Tuomo Soini <tis <at> foobar.fi>
Foobar Linux services
+358 40 5240030
Foobar Oy <http://foobar.fi/>

David McCullough | 5 Feb 2010 04:11

Re: [Openswan dev] problem with ASSERTION FAILED

Jivin Paul Wouters lays it down ...
> On Fri, 5 Feb 2010, David McCullough wrote:
> 
> > You should be getting at least a log entry/file/line for any abort that
> > happens.
> 
> I think what is happening is that we're getting "aborted" within the
> process of the abort/logging routines.

Not sure I follow,  you are crashing while trying to log the abort,
or crashing in the abort routines is hiding something ?

> This might have to do with errors in the crypto pluto helpers and
> signaling in threads.

Well the helpers could abort and pluto would not exit.  But then
I would have throught pluto would detect the dead helper and just start
another,  perhaps that is a the problem ?

> > This is a ulimit thing by any chance ?
> 
> The issue is not so much no core file appearing, but the fact that no
> new pluto is spawned.

Ok,  which is what I would expect if a helper aborted/asserted I guess.
We may just need some smarts on helper death ?

Cheers,
Davidm

(Continue reading)

Group

gmane.network.openswan.devel.

Project Web Page

This list is intended for people who want to be involved with the development and design of OpenSWAN. ()

Search Archive

Page

1 | 2 | 3 | 4 | 5

Articles in period: 41

February 2010

Language

Change language

Options

Current view: Threads only / Showing only 20 lines / Not hiding cited text.
Change to All messages, whole messages, or hide cited text.

Post a message
NNTP Newsgroup
Classic Gmane web interface
XML

XML

RSS Feed
List Information

About Gmane

Recent entries

[Openswan dev] libreswan CVE-2013-205[234] backport patches availabe f (14 May 2013)
[Openswan dev] Git repository configuration (11 Jan 2013)
[Openswan dev] Git repository configuration (7 Jan 2013)
[Openswan dev] Contributing to the project development (30 Dec 2012)
[Openswan dev] My resignation of The Openswan Project (16 Dec 2012)
[Openswan dev] asynchronous event-driven initialization / configuratio (6 Dec 2012)
[Openswan dev] coexistence of RSA connections with and without Xauth (3 Dec 2012)
[Openswan dev] ipsec mutilple ip connection (13 Oct 2012)
[Openswan dev] A query on NAT-T implementation in Openswan (8 Oct 2012)
[Openswan dev] coexistence of RSA connections with and without Xauth (8 Oct 2012)
[Openswan dev] What will happen with OpenSWAN (5 Oct 2012)
[Openswan dev] What will happen with OpenSWAN (1 Oct 2012)
[Openswan dev] What will happen with OpenSWAN (1 Oct 2012)
[Openswan dev] DPD patch (25 Sep 2012)
[Openswan dev] Fwd: Re: fix for sha2_truncbug-option in whack (24 Sep 2012)
[Openswan dev] fix for sha2_truncbug-option in whack (20 Sep 2012)
[Openswan dev] Regarding klips_debug:ipsec_rcv: auth failed on incomin (22 Aug 2012)
[Openswan dev] Trying to bugfix klips issue with kernel 2.6.35 and new (26 Jun 2012)
[Openswan dev] Patches for Openswan reserved fields and traffic select (26 Jun 2012)
[Openswan dev] SHA2 hashes support in Openswan (29 May 2012)
[Openswan dev] AES-GCM for ESP with Openswan (16 May 2012)

Archives

1	May 2013
3	January 2013
4	December 2012
8	October 2012
3	September 2012
4	August 2012
3	June 2012
6	May 2012
8	April 2012
9	March 2012
22	February 2012
12	January 2012
9	December 2011
7	November 2011
10	October 2011
9	September 2011
8	August 2011
29	July 2011
19	June 2011
30	May 2011
11	April 2011
2	March 2011
36	February 2011
15	January 2011
81	December 2010
35	November 2010
198	October 2010
10	September 2010
32	August 2010
20	July 2010
14	June 2010
32	May 2010
39	April 2010
99	March 2010
40	February 2010
45	January 2010
13	December 2009
5	November 2009
18	October 2009
4	September 2009
17	August 2009
15	July 2009
21	June 2009
13	May 2009
10	April 2009
16	March 2009
28	February 2009
12	January 2009
24	December 2008
29	November 2008
17	October 2008
16	September 2008
11	August 2008
19	July 2008
42	June 2008
14	May 2008
5	April 2008
20	March 2008
8	February 2008
19	January 2008
60	December 2007
24	November 2007
32	October 2007
4	September 2007
8	August 2007
45	July 2007
34	June 2007
24	May 2007
17	April 2007
23	March 2007
6	February 2007
9	January 2007
20	December 2006
37	November 2006
9	October 2006
9	September 2006
18	August 2006
16	July 2006
24	June 2006
13	May 2006
34	April 2006
21	March 2006
44	February 2006
47	January 2006
38	December 2005
58	November 2005
34	October 2005
50	September 2005
70	August 2005
37	July 2005
18	June 2005
19	May 2005
65	April 2005
37	March 2005
24	February 2005
21	January 2005
45	December 2004
40	November 2004
33	October 2004
53	September 2004
65	August 2004
69	July 2004
95	June 2004
89	May 2004
57	April 2004

Design

Zawodny | Right Menu | Left Menu

Your Own Design

Paste the URL of your CSS below. Download CSS template