Project

General

Profile

Bug #346

(strongSwan 5.0.4, FreeBSD 8.0-RELEASE, i386) with racoon2 crashes at PKI authentication

Added by Sergey Smirnov over 7 years ago. Updated over 7 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
-
Target version:
-
Start date:
14.06.2013
Due date:
Estimated time:
Affected version:
5.0.4
Resolution:
Invalid

Description

There is strongSwan 5.0.4 installed on FreeBSD 8.0-RELEASE, i386 on one side (left). And racoon on the right (I call it CBM).

ipsec.conf

config setup
    charondebug=all

conn cbm-pki
    left=10.10.10.254
    leftid=NetBSD
    right=10.10.10.130
    rightid=CBM
    authby=psk
    auto=start
    keyexchange=ikev2
    type=tunnel

ipsec.secrets

NetBSD CBM : PSK "abcdefghijklmnop" 
NetBSD %any : PSK "abcdefghijklmnop" 

strongswan.conf

charon 
{
#    load = aes des sha1 sha2 md5 gmp random nonce hmac stroke kernel-netlink socket-default updown
    multiple_authentication = no

    # File logger. 
    filelog 
    {
        /var/log/charon.log 
        {
            # add a timestamp prefix
            time_format = %b %e %T
            # loggers to files also accept the append option to open files in
            # append mode at startup (default is yes)
            append = yes
            # the default loglevel for all daemon subsystems (defaults to 1).
            default = 4
            # flush each line to disk
            flush_line = yes
        }
        stdout 
        {
            # more detailed loglevel for a specific subsystem, overriding the
            # default loglevel.
#            ike = 1
#            mgr = 1
#            chd = 1
            # prepend connection name, simplifies grepping
            ike_name = yes
        }
    }
}

CBM (racoon2) initiates SA:

[2013-06-14 06:22:29.336] ikev2_proc md_rand.c:402 TRACE3:In rand_bytes: init=1
[2013-06-14 06:22:34.172] ikev2_proc md_rand.c:402 TRACE3:In rand_bytes: init=1
[2013-06-14 06:22:37.916] ikev2_proc plog.c:212 TRACE6:[DEBUG]: isakmp.c:906:isakmp_force_initiate(): force initiating 1
[2013-06-14 06:22:37.916] ikev2_proc plog.c:212 TRACE6:[DEBUG]: ikev2.c:897:ikev2_initiate(): creating new ike_sa
[2013-06-14 06:22:37.916] ikev2_proc plog.c:212 TRACE6:[DEBUG]: ike_sa.c:401:ikev2_allocate_sa(): ikev2_create_sa(10.10.10.130[500], 10.10.10.254[500], bd0f7570)
[2013-06-14 06:22:37.916] ikev2_proc plog.c:212 TRACE6:[DEBUG]: ike_sa.c:404:ikev2_allocate_sa(): sa: bd0fa800
[2013-06-14 06:22:37.916] ikev2_proc md_rand.c:402 TRACE3:In rand_bytes: init=1
[2013-06-14 06:22:37.916] ikev2_proc plog.c:212 TRACE6:[DEBUG]: ikev2.c:932:ikev2_initiate(): child_sa: bd0fe7d0
[2013-06-14 06:22:37.916] ikev2_proc plog.c:218 STATE CHANGE:[STATE]: ikev2_child.c:153:ikev2_child_state_set(): 1:10.10.10.130[500] - 10.10.10.254[500]:0:child_sa bd0fe7d0 state IDLING -> GETSPI
[2013-06-14 06:22:37.916] ikev2_proc plog.c:212 TRACE6:[DEBUG]: ike_pfkey.c:279:sadb_getspi(): sadb_getspi: seq=1, satype=97
[2013-06-14 06:22:37.916] ikev2_proc plog.c:197 TRACE5:[INFO]: ike_adpfkey.c:692:rcpfk_send_getspi(): GETSPI seq=1 spi=0x6ff32eaf
[2013-06-14 06:22:37.916] ikev2_proc plog.c:212 TRACE6:[DEBUG]: isakmp.c:927:isakmp_force_initiate(): done.
[2013-06-14 06:22:37.916] ikev2_proc md_rand.c:402 TRACE3:In rand_bytes: init=1
[2013-06-14 06:22:38.072] ikev2_proc plog.c:212 TRACE6:[DEBUG]: ike_pfkey.c:488:sadb_getspi_callback(): sadb_getspi_callback: seq=1, spi=0x6ff32eaf, satype=97, sa_src=10.10.10.254[500], sa_dst=10.10.10.130[500]
[2013-06-14 06:22:38.072] ikev2_proc plog.c:218 STATE CHANGE:[STATE]: ikev2_child.c:153:ikev2_child_state_set(): 1:10.10.10.130[500] - 10.10.10.254[500]:0:child_sa bd0fe7d0 state GETSPI -> GETSPI_DONE
[2013-06-14 06:22:38.072] ikev2_proc plog.c:212 TRACE6:[DEBUG]: ikev2_proposal.c:564:ikev2_pack_proposal_sub(): ikev2_pack_proposal_sub:
[2013-06-14 06:22:38.072] ikev2_proc plog.c:212 TRACE6:[DEBUG]: ikev2_proposal.c:572:ikev2_pack_proposal_sub():   proposal #1:
[2013-06-14 06:22:38.072] ikev2_proc plog.c:212 TRACE6:[DEBUG]: ikev2_proposal.c:564:ikev2_pack_proposal_sub(): ikev2_pack_proposal_sub:
[2013-06-14 06:22:38.072] ikev2_proc plog.c:212 TRACE6:[DEBUG]: ikev2_proposal.c:572:ikev2_pack_proposal_sub():   proposal #1:
[2013-06-14 06:22:38.072] ikev2_proc plog.c:212 TRACE6:[DEBUG]: ikev2_proposal.c:587:ikev2_pack_proposal_sub():   protocol 1 spi_size 0
[2013-06-14 06:22:38.072] ikev2_proc md_rand.c:402 TRACE3:In rand_bytes: init=1
[2013-06-14 06:22:38.112] ikev2_proc plog.c:212 TRACE6:[DEBUG]: dh.c:227:oakley_dh_generate(): compute DH's private.
[2013-06-14 06:22:38.112] ikev2_proc plog.c:212 TRACE6:[DEBUG]: dh.c:227:oakley_dh_generate(): compute DH's public.
[2013-06-14 06:22:38.112] ikev2_proc md_rand.c:402 TRACE3:In rand_bytes: init=1
[2013-06-14 06:22:38.112] ikev2_proc plog.c:212 TRACE6:[DEBUG]: ikev2_packet.c:162:ikev2_packet_construct(): ikev2_packet_construct(34, 0x8, 0x0, bd0fa800, [bd0fd9e0, 3])
[2013-06-14 06:22:38.112] ikev2_proc plog.c:212 TRACE6:[DEBUG]: ikev2_packet.c:171:ikev2_packet_construct(): payload 0 type 33 (SA) data bd0ff1f0 len 44
[2013-06-14 06:22:38.112] ikev2_proc plog.c:212 TRACE6:[DEBUG]: ikev2_packet.c:171:ikev2_packet_construct(): payload 1 type 34 (KE) data bd0fdd80 len 132
[2013-06-14 06:22:38.112] ikev2_proc plog.c:212 TRACE6:[DEBUG]: ikev2_packet.c:171:ikev2_packet_construct(): payload 2 type 40 (NONCE) data bd0ff0d0 len 32
[2013-06-14 06:22:38.112] ikev2_proc plog.c:218 STATE CHANGE:[STATE]: ikev2.c:767:ikev2_set_state(): 1:10.10.10.130[500] - 10.10.10.254[500]:0:ike_sa bd0fa800 state IDLING -> INI_IKE_SA_INIT_SENT
[2013-06-14 06:22:38.112] ikev2_proc plog.c:212 TRACE6:[DEBUG]: ikev2.c:661:ikev2_transmit(): ikev2_transmit(bd0fa800, bd0ffaf0) len 248
[2013-06-14 06:22:38.112] ikev2_proc plog.c:212 TRACE6:[DEBUG]: isakmp.c:1656:isakmp_transmit_noretry(): transmit bd0fa8d0
[2013-06-14 06:22:38.112] ikev2_proc plog.c:212 TRACE6:[DEBUG]: sockmisc.c:324:sendfromto(): sockname 10.10.10.130[500]
[2013-06-14 06:22:38.112] ikev2_proc plog.c:212 TRACE6:[DEBUG]: sockmisc.c:326:sendfromto(): send packet from 10.10.10.130[500]
[2013-06-14 06:22:38.112] ikev2_proc plog.c:212 TRACE6:[DEBUG]: sockmisc.c:328:sendfromto(): send packet to 10.10.10.254[500]
[2013-06-14 06:22:38.112] ikev2_proc plog.c:212 TRACE6:[DEBUG]: sockmisc.c:508:sendfromto(): 1 times of 248 bytes message will be sent to 10.10.10.254[500]
[2013-06-14 06:22:38.112] ikev2_proc plog.c:212 TRACE6:[DEBUG]: isakmp.c:1634:isakmp_transmit(): sched bd0ffac0

But there is no reply from NetBSD (strongSwan).
When I check the log, I see that strongSwan crashes at startup and during parsing the packet (see attached charon.log for more details):

At startup:

Jun 14 07:53:51 00[DMN] Starting IKE charon daemon (strongSwan 5.0.4, FreeBSD 8.0-RELEASE, i386)
Jun 14 07:53:51 00[LIB] plugin 'aes': loaded successfully
Jun 14 07:53:51 00[LIB] plugin 'des': loaded successfully
Jun 14 07:53:51 00[LIB] plugin 'sha1': loaded successfully
Jun 14 07:53:51 00[LIB] plugin 'sha2': loaded successfully
Jun 14 07:53:51 00[LIB] plugin 'md5': loaded successfully
Jun 14 07:53:51 00[LIB] plugin 'random': loaded successfully
Jun 14 07:53:51 00[LIB] plugin 'nonce': loaded successfully
Jun 14 07:53:51 00[LIB] plugin 'x509': loaded successfully
Jun 14 07:53:51 00[LIB] plugin 'revocation': loaded successfully
Jun 14 07:53:51 00[LIB] plugin 'constraints': loaded successfully
Jun 14 07:53:51 00[LIB] plugin 'pubkey': loaded successfully
Jun 14 07:53:51 00[LIB] plugin 'pkcs1': loaded successfully
Jun 14 07:53:51 00[LIB] plugin 'pkcs8': loaded successfully
Jun 14 07:53:51 00[LIB] plugin 'pgp': loaded successfully
Jun 14 07:53:51 00[LIB] plugin 'dnskey': loaded successfully
Jun 14 07:53:51 00[LIB] plugin 'pem': loaded successfully
Jun 14 07:53:51 00[LIB] plugin 'fips-prf': loaded successfully
Jun 14 07:53:51 00[LIB] plugin 'gmp': loaded successfully
Jun 14 07:53:51 00[LIB] plugin 'xcbc': loaded successfully
Jun 14 07:53:51 00[LIB] plugin 'cmac': loaded successfully
Jun 14 07:53:51 00[LIB] plugin 'hmac': loaded successfully
Jun 14 07:53:51 00[LIB] plugin 'attr': loaded successfully
Jun 14 07:53:51 00[LIB] plugin 'kernel-pfkey': loaded successfully
Jun 14 07:53:51 00[LIB] plugin 'kernel-pfroute': loaded successfully
Jun 14 07:53:51 00[KNL] known interfaces and IP addresses:
Jun 14 07:53:51 00[KNL]   em0
Jun 14 07:53:51 00[KNL]     10.67.16.84
Jun 14 07:53:51 00[KNL]     fe80:1::213:72ff:fe3f:db01
Jun 14 07:53:51 00[KNL]   em1
Jun 14 07:53:51 00[KNL]     10.10.10.126
Jun 14 07:53:51 00[KNL]     fe80:2::204:23ff:fecb:bdf0
Jun 14 07:53:51 00[KNL]     3001:1:1:1::1
Jun 14 07:53:51 00[KNL]   em2
Jun 14 07:53:51 00[KNL]     fe80:3::204:23ff:fecb:bdf1
Jun 14 07:53:51 00[KNL]     3001:1:1:2::1
Jun 14 07:53:51 00[KNL]   em3
Jun 14 07:53:51 00[KNL]     fe80:4::213:72ff:fe3f:db02
Jun 14 07:53:51 00[KNL]   lo0
Jun 14 07:53:51 00[KNL]     127.0.0.1
Jun 14 07:53:51 00[KNL]     ::1
Jun 14 07:53:51 00[KNL]     fe80:5::1
Jun 14 07:53:51 00[KNL]   vlan1
Jun 14 07:53:51 00[KNL]     fe80:6::213:72ff:fe3f:db01
Jun 14 07:53:51 00[KNL]     3001:1:1:11::1
Jun 14 07:53:51 00[KNL]   vlan2
Jun 14 07:53:51 00[KNL]     10.10.10.254
Jun 14 07:53:51 00[KNL]     fe80:7::213:72ff:fe3f:db01
Jun 14 07:53:51 00[KNL]     3001:1:1:22::1
Jun 14 07:53:51 00[LIB] plugin 'resolve': loaded successfully
Jun 14 07:53:51 00[LIB] plugin 'socket-default': loaded successfully
Jun 14 07:53:51 00[KNL] unable to set UDP_ENCAP: Invalid argument
Jun 14 07:53:51 00[NET] enabling UDP decapsulation for IPv6 on port 4500 failed
Jun 14 07:53:51 00[LIB] plugin 'stroke': loaded successfully
Jun 14 07:53:51 00[LIB] plugin 'updown': loaded successfully
Jun 14 07:53:51 00[LIB] plugin 'xauth-generic': loaded successfully
Jun 14 07:53:51 00[CFG] loading ca certificates from '/usr/local/etc/ipsec.d/cacerts'
Jun 14 07:53:51 00[CFG] loading aa certificates from '/usr/local/etc/ipsec.d/aacerts'
Jun 14 07:53:51 00[CFG] loading ocsp signer certificates from '/usr/local/etc/ipsec.d/ocspcerts'
Jun 14 07:53:51 00[CFG] loading attribute certificates from '/usr/local/etc/ipsec.d/acerts'
Jun 14 07:53:51 00[CFG] loading crls from '/usr/local/etc/ipsec.d/crls'
Jun 14 07:53:51 00[CFG] loading secrets from '/usr/local/etc/ipsec.secrets'
Jun 14 07:53:51 00[CFG]   loaded IKE secret for NetBSD CBM
Jun 14 07:53:51 00[CFG]   secret: 61:62:63:64:65:66:67:68:69:6a:6b:6c:6d:6e:6f:70
Jun 14 07:53:51 00[CFG]   loaded IKE secret for NetBSD %any
Jun 14 07:53:51 00[CFG]   secret: 61:62:63:64:65:66:67:68:69:6a:6b:6c:6d:6e:6f:70
Jun 14 07:53:51 00[LIB] feature PRIVKEY:DSA in 'pem' plugin has unsatisfied dependency: PRIVKEY:DSA
Jun 14 07:53:51 00[LIB] feature PUBKEY:ECDSA in 'pem' plugin has unsatisfied dependency: PUBKEY:ECDSA
Jun 14 07:53:51 00[LIB] feature PUBKEY:DSA in 'pem' plugin has unsatisfied dependency: PUBKEY:DSA
Jun 14 07:53:51 00[LIB] feature CERT_DECODE:X509_OCSP_REQUEST in 'pem' plugin has unsatisfied dependency: CERT_DECODE:X509_OCSP_REQUEST
Jun 14 07:53:51 00[LIB] feature PRF:PRF_CAMELLIA128_XCBC in 'xcbc' plugin has unsatisfied dependency: CRYPTER:CAMELLIA_CBC-16
Jun 14 07:53:51 00[LIB] feature SIGNER:CAMELLIA_XCBC_96 in 'xcbc' plugin has unsatisfied dependency: CRYPTER:CAMELLIA_CBC-16
Jun 14 07:53:51 00[DMN] loaded plugins: charon aes des sha1 sha2 md5 random nonce x509 revocation constraints pubkey pkcs1 pkcs8 pgp dnskey pem fips-prf gmp xcbc cmac hmac attr kernel-pfkey kernel-pfroute resolve socket-default stroke updown xauth-generic
Jun 14 07:53:51 00[JOB] spawning 16 worker threads
Jun 14 07:53:51 01[LIB] created thread 01 [283653c0]
Jun 14 07:53:51 01[JOB] started worker thread 01
Jun 14 07:53:51 02[LIB] created thread 02 [28365280]
Jun 14 07:53:51 02[JOB] started worker thread 02
Jun 14 07:53:51 03[LIB] created thread 03 [28365140]
Jun 14 07:53:51 03[JOB] started worker thread 03
Jun 14 07:53:51 05[LIB] created thread 05 [28364d80]
Jun 14 07:53:51 05[JOB] started worker thread 05
Jun 14 07:53:51 04[LIB] created thread 04 [28364ec0]
Jun 14 07:53:51 04[JOB] started worker thread 04
Jun 14 07:53:51 06[LIB] created thread 06 [28364c40]
Jun 14 07:53:51 06[JOB] started worker thread 06
Jun 14 07:53:51 07[LIB] created thread 07 [28364b00]
Jun 14 07:53:51 07[JOB] started worker thread 07
Jun 14 07:53:51 08[LIB] created thread 08 [283649c0]
Jun 14 07:53:51 08[JOB] started worker thread 08
Jun 14 07:53:51 09[LIB] created thread 09 [28364880]
Jun 14 07:53:51 09[JOB] started worker thread 09
Jun 14 07:53:51 10[LIB] created thread 10 [28364740]
Jun 14 07:53:51 10[JOB] started worker thread 10
Jun 14 07:53:51 11[LIB] created thread 11 [28364600]
Jun 14 07:53:51 11[JOB] started worker thread 11
Jun 14 07:53:51 12[LIB] created thread 12 [283644c0]
Jun 14 07:53:51 12[JOB] started worker thread 12
Jun 14 07:53:51 13[LIB] created thread 13 [28364380]
Jun 14 07:53:51 13[JOB] started worker thread 13
Jun 14 07:53:51 14[LIB] created thread 14 [28364240]
Jun 14 07:53:51 14[JOB] started worker thread 14
Jun 14 07:53:51 14[JOB] no events, waiting
Jun 14 07:53:51 16[LIB] created thread 16 [28363fc0]
Jun 14 07:53:51 16[JOB] started worker thread 16
Jun 14 07:53:51 15[LIB] created thread 15 [28364100]
Jun 14 07:53:51 15[JOB] started worker thread 15
Jun 14 07:53:51 16[NET] waiting for data on sockets
Jun 14 07:53:51 05[CFG] stroke message => 511 bytes @ 0xbf5fac30
Jun 14 07:53:51 05[CFG]    0: FF 01 00 00 03 00 00 00 FF FF FF FF 8C 01 00 00  ................
Jun 14 07:53:51 05[CFG]   16: 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
Jun 14 07:53:51 05[CFG]   32: 02 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00  ....@...........
Jun 14 07:53:51 05[CFG]   48: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
Jun 14 07:53:51 05[CFG]   64: 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
Jun 14 07:53:51 05[CFG]   80: 00 00 00 00 00 00 00 00 01 00 00 00 94 01 00 00  ................
Jun 14 07:53:51 05[CFG]   96: BC 01 00 00 01 00 00 00 10 0E 00 00 30 2A 00 00  ............0*..
Jun 14 07:53:51 05[CFG]  112: 1C 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
Jun 14 07:53:51 05[CFG]  128: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
Jun 14 07:53:51 05[CFG]  144: 00 00 00 00 03 00 00 00 64 00 00 00 1E 00 00 00  ........d.......
Jun 14 07:53:51 05[CFG]  160: 96 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
Jun 14 07:53:51 05[CFG]  176: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
Jun 14 07:53:51 05[CFG]  192: 00 00 00 00 F7 01 00 00 00 00 00 00 D2 01 00 00  ................
Jun 14 07:53:51 05[CFG]  208: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
Jun 14 07:53:51 05[CFG]  224: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
Jun 14 07:53:51 05[CFG]  240: 00 00 00 00 00 00 00 00 00 00 00 00 D9 01 00 00  ................
Jun 14 07:53:51 05[CFG]  256: F4 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
Jun 14 07:53:51 05[CFG]  272: 01 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00  ................
Jun 14 07:53:51 05[CFG]  288: 00 00 00 00 FF FF 00 00 FB 01 00 00 00 00 00 00  ................
Jun 14 07:53:51 05[CFG]  304: E6 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
Jun 14 07:53:51 05[CFG]  320: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
Jun 14 07:53:51 05[CFG]  336: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
Jun 14 07:53:51 05[CFG]  352: EA 01 00 00 F4 01 00 00 00 00 00 00 00 00 00 00  ................
Jun 14 07:53:51 05[CFG]  368: 00 00 00 00 01 00 00 00 00 00 00 00 01 00 00 00  ................
Jun 14 07:53:51 05[CFG]  384: 00 00 00 00 00 00 00 00 FF FF 00 00 63 62 6D 2D  ............cbm-
Jun 14 07:53:51 05[CFG]  400: 70 6B 69 00 61 65 73 31 32 38 2D 73 68 61 31 2D  pki.aes128-sha1-
Jun 14 07:53:51 05[CFG]  416: 6D 6F 64 70 32 30 34 38 2C 33 64 65 73 2D 73 68  modp2048,3des-sh
Jun 14 07:53:51 05[CFG]  432: 61 31 2D 6D 6F 64 70 31 35 33 36 00 61 65 73 31  a1-modp1536.aes1
Jun 14 07:53:51 05[CFG]  448: 32 38 2D 73 68 61 31 2C 33 64 65 73 2D 73 68 61  28-sha1,3des-sha
Jun 14 07:53:51 05[CFG]  464: 31 00 4E 65 74 42 53 44 00 31 30 2E 31 30 2E 31  1.NetBSD.10.10.1
Jun 14 07:53:51 05[CFG]  480: 30 2E 32 35 34 00 43 42 4D 00 31 30 2E 31 30 2E  0.254.CBM.10.10.
Jun 14 07:53:51 05[CFG]  496: 31 30 2E 31 33 30 00 70 73 6B 00 70 73 6B 00     10.130.psk.psk.
Jun 14 07:53:51 05[CFG] received stroke: add connection 'cbm-pki'
Jun 14 07:53:51 05[CFG] conn cbm-pki
Jun 14 07:53:51 05[CFG]   left=10.10.10.254
Jun 14 07:53:51 05[CFG]   leftsubnet=(null)
Jun 14 07:53:51 05[CFG]   leftsourceip=(null)
Jun 14 07:53:51 05[CFG]   leftdns=(null)
Jun 14 07:53:51 05[CFG]   leftauth=psk
Jun 14 07:53:51 05[CFG]   leftauth2=(null)
Jun 14 07:53:51 05[CFG]   leftid=NetBSD
Jun 14 07:53:51 05[CFG]   leftid2=(null)
Jun 14 07:53:51 05[CFG]   leftrsakey=(null)
Jun 14 07:53:51 05[CFG]   leftcert=(null)
Jun 14 07:53:51 05[CFG]   leftcert2=(null)
Jun 14 07:53:51 05[CFG]   leftca=(null)
Jun 14 07:53:51 05[CFG]   leftca2=(null)
Jun 14 07:53:51 05[CFG]   leftgroups=(null)
Jun 14 07:53:51 05[CFG]   leftgroups2=(null)
Jun 14 07:53:51 05[CFG]   leftupdown=(null)
Jun 14 07:53:51 05[CFG]   right=10.10.10.130
Jun 14 07:53:51 05[CFG]   rightsubnet=(null)
Jun 14 07:53:51 05[CFG]   rightsourceip=(null)
Jun 14 07:53:51 05[CFG]   rightdns=(null)
Jun 14 07:53:51 05[CFG]   rightauth=psk
Jun 14 07:53:51 05[CFG]   rightauth2=(null)
Jun 14 07:53:51 05[CFG]   rightid=CBM
Jun 14 07:53:51 05[CFG]   rightid2=(null)
Jun 14 07:53:51 05[CFG]   rightrsakey=(null)
Jun 14 07:53:51 05[CFG]   rightcert=(null)
Jun 14 07:53:51 05[CFG]   rightcert2=(null)
Jun 14 07:53:51 05[CFG]   rightca=(null)
Jun 14 07:53:51 05[CFG]   rightca2=(null)
Jun 14 07:53:51 05[CFG]   rightgroups=(null)
Jun 14 07:53:51 05[CFG]   rightgroups2=(null)
Jun 14 07:53:51 05[CFG]   rightupdown=(null)
Jun 14 07:53:51 05[CFG]   eap_identity=(null)
Jun 14 07:53:51 05[CFG]   aaa_identity=(null)
Jun 14 07:53:51 05[CFG]   xauth_identity=(null)
Jun 14 07:53:51 05[CFG]   ike=aes128-sha1-modp2048,3des-sha1-modp1536
Jun 14 07:53:51 05[CFG]   esp=aes128-sha1,3des-sha1
Jun 14 07:53:51 05[CFG]   dpddelay=30
Jun 14 07:53:51 05[CFG]   dpdtimeout=150
Jun 14 07:53:51 05[CFG]   dpdaction=0
Jun 14 07:53:51 05[CFG]   closeaction=0
Jun 14 07:53:51 05[CFG]   mediation=no
Jun 14 07:53:51 05[CFG]   mediated_by=(null)
Jun 14 07:53:51 05[CFG]   me_peerid=(null)
Jun 14 07:53:51 05[CFG]   keyexchange=ikev2
Jun 14 07:53:51 05[KNL] 10.10.10.130 is not a local address or the interface is down
Jun 14 07:53:51 05[CFG] added configuration 'cbm-pki'
Jun 14 07:53:51 09[CFG] stroke message => 404 bytes @ 0xbf1f6c90
Jun 14 07:53:51 09[CFG]    0: 94 01 FF FF 00 00 00 00 FF FF FF FF 8C 01 00 00  ................
Jun 14 07:53:51 09[CFG]   16: 00 00 00 00 00 00 00 00 02 00 00 00 40 00 00 00  ............@...
Jun 14 07:53:51 09[CFG]   32: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
Jun 14 07:53:51 09[CFG]   48: 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00  ................
Jun 14 07:53:51 09[CFG]   64: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
Jun 14 07:53:51 09[CFG]   80: 01 00 00 00 94 01 00 00 BC 01 00 00 01 00 00 00  ................
Jun 14 07:53:51 09[CFG]   96: 10 0E 00 00 30 2A 00 00 1C 02 00 00 00 00 00 00  ....0*..........
Jun 14 07:53:51 09[CFG]  112: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
Jun 14 07:53:51 09[CFG]  128: 00 00 00 00 00 00 00 00 00 00 00 00 03 00 00 00  ................
Jun 14 07:53:51 09[CFG]  144: 64 00 00 00 1E 00 00 00 96 00 00 00 00 00 00 00  d...............
Jun 14 07:53:51 09[CFG]  160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
Jun 14 07:53:51 09[CFG]  176: 00 00 00 00 00 00 00 00 00 00 00 00 F7 01 00 00  ................
Jun 14 07:53:51 09[CFG]  192: 00 00 00 00 D2 01 00 00 00 00 00 00 00 00 00 00  ................
Jun 14 07:53:51 09[CFG]  208: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
Jun 14 07:53:51 09[CFG]  224: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
Jun 14 07:53:51 09[CFG]  240: 00 00 00 00 D9 01 00 00 F4 01 00 00 00 00 00 00  ................
Jun 14 07:53:51 09[CFG]  256: 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00  ................
Jun 14 07:53:51 09[CFG]  272: 01 00 00 00 00 00 00 00 00 00 00 00 FF FF 00 00  ................
Jun 14 07:53:51 09[CFG]  288: FB 01 00 00 00 00 00 00 E6 01 00 00 00 00 00 00  ................
Jun 14 07:53:51 09[CFG]  304: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
Jun 14 07:53:51 09[CFG]  320: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
Jun 14 07:53:51 09[CFG]  336: 00 00 00 00 00 00 00 00 EA 01 00 00 F4 01 00 00  ................
Jun 14 07:53:51 09[CFG]  352: 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00  ................
Jun 14 07:53:51 09[CFG]  368: 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00  ................
Jun 14 07:53:51 09[CFG]  384: FF FF 00 00 63 62 6D 2D 70 6B 69 00 63 62 6D 2D  ....cbm-pki.cbm-
Jun 14 07:53:51 09[CFG]  400: 70 6B 69 00                                      pki.
Jun 14 07:53:51 09[CFG] received stroke: initiate 'cbm-pki'
Jun 14 07:53:51 09[MGR] checkout IKE_SA by config
Jun 14 07:53:51 09[MGR] created IKE_SA (unnamed)[1]
Jun 14 07:53:51 09[IKE] queueing IKE_VENDOR task
Jun 14 07:53:51 09[IKE] queueing IKE_INIT task
Jun 14 07:53:51 09[IKE] queueing IKE_NATD task
Jun 14 07:53:51 09[IKE] queueing IKE_CERT_PRE task
Jun 14 07:53:51 09[IKE] queueing IKE_AUTH task
Jun 14 07:53:51 09[IKE] queueing IKE_CERT_POST task
Jun 14 07:53:51 09[IKE] queueing IKE_CONFIG task
Jun 14 07:53:51 09[IKE] queueing IKE_AUTH_LIFETIME task
Jun 14 07:53:51 09[IKE] queueing IKE_MOBIKE task
Jun 14 07:53:51 09[DMN] thread 9 received 11
Jun 14 07:53:51 09[LIB]  dumping 22 stack frame addresses:
Jun 14 07:53:51 09[LIB]   /lib/libc.so.7 @ 0x28164000 (flockfile+0x34) [0x2824f6e4]


When receiving the packet:
Jun 14 07:57:41 03[NET] received packet => 248 bytes @ 0xbf7fa4f0
Jun 14 07:57:41 03[NET]    0: FE 9D 73 DC DC C0 14 48 00 00 00 00 00 00 00 00  ..s....H........
Jun 14 07:57:41 03[NET]   16: 21 20 22 08 00 00 00 00 00 00 00 F8 22 00 00 30  ! "........."..0
Jun 14 07:57:41 03[NET]   32: 00 00 00 2C 01 01 00 04 03 00 00 0C 01 00 00 0C  ...,............
Jun 14 07:57:41 03[NET]   48: 80 0E 00 80 03 00 00 08 02 00 00 02 03 00 00 08  ................
Jun 14 07:57:41 03[NET]   64: 03 00 00 02 00 00 00 08 04 00 00 02 28 00 00 88  ............(...
Jun 14 07:57:41 03[NET]   80: 00 02 00 00 D7 EE 4B 05 17 B7 5D DE 89 1E 10 DD  ......K...].....
Jun 14 07:57:41 03[NET]   96: 5F C9 B5 6F 78 E7 1B 18 5D D1 D5 97 49 73 3E 79  _..ox...]...Is>y
Jun 14 07:57:41 03[NET]  112: 79 84 2E F2 B9 51 09 B3 ED 86 F0 AE 20 A2 82 3B  y....Q...... ..;
Jun 14 07:57:41 03[NET]  128: 76 92 1B 47 E2 69 B4 29 37 D3 7F D0 A0 3A E3 F1  v..G.i.)7....:..
Jun 14 07:57:41 03[NET]  144: 14 29 16 3D 01 51 1B 85 E9 80 88 9D FF 6C 3B 7C  .).=.Q.......l;|
Jun 14 07:57:41 03[NET]  160: 5D D9 FE 6B 28 68 7B 91 22 99 71 44 18 74 E1 14  ]..k(h{.".qD.t..
Jun 14 07:57:41 03[NET]  176: D8 0A A8 35 FF F2 7D DB BB E5 1B 9E C9 B6 A2 5E  ...5..}........^
Jun 14 07:57:41 03[NET]  192: 81 36 DF 6A 88 C6 58 01 AC DC 24 DE 68 B7 42 0D  .6.j..X...$.h.B.
Jun 14 07:57:41 03[NET]  208: 55 34 06 77 00 00 00 24 8B CE DF 1F 79 03 04 E6  U4.w...$....y...
Jun 14 07:57:41 03[NET]  224: CB 51 98 3B 0F 6F F2 10 CB E2 4F 31 CA 9B CE 00  .Q.;.o....O1....
Jun 14 07:57:41 03[NET]  240: 0B EA 0B C6 F9 EA D2 C6                          ........
Jun 14 07:57:41 03[NET] received packet: from 10.10.10.130[500] to 10.10.10.254[500]
Jun 14 07:57:41 03[ENC] parsing header of message
Jun 14 07:57:41 03[ENC] parsing HEADER payload, 248 bytes left
Jun 14 07:57:41 03[ENC] parsing payload from => 248 bytes @ 0x28b1e000
Jun 14 07:57:41 03[ENC]    0: FE 9D 73 DC DC C0 14 48 00 00 00 00 00 00 00 00  ..s....H........
Jun 14 07:57:41 03[ENC]   16: 21 20 22 08 00 00 00 00 00 00 00 F8 22 00 00 30  ! "........."..0
Jun 14 07:57:41 03[ENC]   32: 00 00 00 2C 01 01 00 04 03 00 00 0C 01 00 00 0C  ...,............
Jun 14 07:57:41 03[ENC]   48: 80 0E 00 80 03 00 00 08 02 00 00 02 03 00 00 08  ................
Jun 14 07:57:41 03[ENC]   64: 03 00 00 02 00 00 00 08 04 00 00 02 28 00 00 88  ............(...
Jun 14 07:57:41 03[ENC]   80: 00 02 00 00 D7 EE 4B 05 17 B7 5D DE 89 1E 10 DD  ......K...].....
Jun 14 07:57:41 03[ENC]   96: 5F C9 B5 6F 78 E7 1B 18 5D D1 D5 97 49 73 3E 79  _..ox...]...Is>y
Jun 14 07:57:41 03[ENC]  112: 79 84 2E F2 B9 51 09 B3 ED 86 F0 AE 20 A2 82 3B  y....Q...... ..;
Jun 14 07:57:41 03[ENC]  128: 76 92 1B 47 E2 69 B4 29 37 D3 7F D0 A0 3A E3 F1  v..G.i.)7....:..
Jun 14 07:57:41 03[ENC]  144: 14 29 16 3D 01 51 1B 85 E9 80 88 9D FF 6C 3B 7C  .).=.Q.......l;|
Jun 14 07:57:41 03[ENC]  160: 5D D9 FE 6B 28 68 7B 91 22 99 71 44 18 74 E1 14  ]..k(h{.".qD.t..
Jun 14 07:57:41 03[ENC]  176: D8 0A A8 35 FF F2 7D DB BB E5 1B 9E C9 B6 A2 5E  ...5..}........^
Jun 14 07:57:41 03[ENC]  192: 81 36 DF 6A 88 C6 58 01 AC DC 24 DE 68 B7 42 0D  .6.j..X...$.h.B.
Jun 14 07:57:41 03[ENC]  208: 55 34 06 77 00 00 00 24 8B CE DF 1F 79 03 04 E6  U4.w...$....y...
Jun 14 07:57:41 03[ENC]  224: CB 51 98 3B 0F 6F F2 10 CB E2 4F 31 CA 9B CE 00  .Q.;.o....O1....
Jun 14 07:57:41 03[ENC]  240: 0B EA 0B C6 F9 EA D2 C6                          ........
Jun 14 07:57:41 03[ENC]   parsing rule 0 IKE_SPI
Jun 14 07:57:41 03[ENC]    => 8 bytes @ 0x28afbd84
Jun 14 07:57:41 03[ENC]    0: FE 9D 73 DC DC C0 14 48                          ..s....H
Jun 14 07:57:41 03[ENC]   parsing rule 1 IKE_SPI
Jun 14 07:57:41 03[ENC]    => 8 bytes @ 0x28afbd8c
Jun 14 07:57:41 03[ENC]    0: 00 00 00 00 00 00 00 00                          ........
Jun 14 07:57:41 03[ENC]   parsing rule 2 U_INT_8
Jun 14 07:57:41 03[ENC]    => 33
Jun 14 07:57:41 03[DMN] thread 3 received 11
Jun 14 07:57:41 03[LIB]  dumping 18 stack frame addresses:

What is wrong with it?

charon.log (2.01 MB) charon.log charon log Sergey Smirnov, 14.06.2013 09:00

History

#1 Updated by Martin Willi over 7 years ago

  • Status changed from New to Closed
  • Assignee set to Martin Willi
  • Priority changed from Immediate to Normal
  • Resolution set to Invalid

Sergey,

thread 10 received 11
dumping 22 stack frame addresses:
/lib/libc.so.7 0x28164000 (flockfile+0x34) [0x2824f6e4]
/lib/libc.so.7
0x28164000 (vfprintf+0x90) [0x28245120]
/lib/libc.so.7 @ 0x28164000 (fprintf+0x2e) [0x28233f1e]

charon crashes while getting the lock during vfprintf. Looks like that libc bug in FreeBSD:

http://www.freebsd.org/cgi/query-pr.cgi?pr=133776

You may try to apply that patch, or upgrade to a newer FreeBSD release containing the fix. I'm closing that bug for now, feel free to reopen if required.

Regards
Martin

Also available in: Atom PDF