Project

General

Profile

Bug #338

Updated by Tobias Brunner over 7 years ago

Hi,
I just upgrade the strongswan from 4.6.4 to 5.0.3. But 5.0.3.But i still have the problem liked i descripted in issue #306. Last #306.last time Martin told me such problem had modified like following:
<pre>
Clean up IKE_SA state if IKE_SA_INIT request does not have message ID 0
author Martin Willi <martin@revosec.ch>

Mon, 11 Mar 2013 10:30:47 +0000 (11:30 +0100)
committer Martin Willi <martin@revosec.ch>

Mon, 11 Mar 2013 10:30:47 +0000 (11:30 +0100)
src/libcharon/sa/ikev2/task_manager_v2.c
patch | blob | history

diff --git a/src/libcharon/sa/ikev2/task_manager_v2.c b/src/libcharon/sa/ikev2/task_manager_v2.c
index 29d8d83..a53c06b 100644 (file)

--- a/src/libcharon/sa/ikev2/task_manager_v2.c
+++ b/src/libcharon/sa/ikev2/task_manager_v2.c
@@ -1175,6 +1175,10 @@ METHOD(task_manager_t, process_message, status_t,
{
DBG1(DBG_IKE, "received message ID %d, expected %d. Ignored",
mid, this->responding.mid);
+ if (msg->get_exchange_type(msg) == IKE_SA_INIT)
+ { /* clean up IKE_SA state if IKE_SA_INIT has invalid msg ID */
+ return DESTROY_ME;
+ }
}
</pre>

I had make sure that strongswan 5.0.3 strongswan5.0.3 have such code, but when I establish 1000 ipsec tunnels per second last 30s then establish 2 ipsec tunnels per second last 10 minutes with an instrument. But about 4 minutes later, the instrument send out the IKE INIT packet with nonzero message ID, then the memory of charon keep rising until charon was restarted.The memory of charon is as following:

<pre>

PID USER STATUS RSS PPID %CPU %MEM COMMAND
2404 root S 788M 2258 58.1 89.1 charon
<pre>

Any can this problem be resolved ?

Back