#65 racoon closes all listening sockets

0.6 branch
closed
nobody
None
5
2009-01-16
2007-09-23
Anonymous
No

On a Linux/x86 system, about once every 2~4 weeks, racoon suddenly closes all listening sockets. There is no entry in the output of:

netstat -antup | grep racoon

when run as root.

There doesn't seem to be any unusual entry in the logs, other than SA expirations right before the sockets go away:

racoon: INFO: ISAKMP-SA expired 192.168.1.66[500]-192.168.1.65[500] spi:1632fa5392c56738:2bf6d5a458859012
racoon: INFO: ISAKMP-SA deleted 192.168.1.66[500]-192.168.1.65[500] spi:1632fa5392c56738:2bf6d5a458859012
racoon: INFO: IPsec-SA expired: AH/Transport 192.168.1.65[0]->192.168.1.66[0] spi=99907246(0x5f476ae)
racoon: INFO: IPsec-SA expired: ESP/Transport 192.168.1.65[0]->192.168.1.66[0] spi=18640305(0x11c6db1)
racoon: INFO: IPsec-SA expired: AH/Transport 192.168.1.66[0]->192.168.1.65[0] spi=229707431(0xdb10ea7)
racoon: INFO: IPsec-SA expired: ESP/Transport 192.168.1.66[0]->192.168.1.65[0] spi=176902503(0xa8b5167)

Immediately after that, racoon stops listening and can no longer be reached from other hosts. netstat shows no listening sockets for racoon. However, ps shows racoon is still running.

I'm not sure how to go about debugging this, so any suggestions on how more information can be extracted to track down the cause would be appreciated.

The system is on Linux kernel 2.6.22.6, running Debian/etch for i386.

ipsec-tools and racoon are both 0.6.6-3.1etch1

No sf.net account, so I can be reached at ramune@net-ronin.org

Discussion

  • Logged In: NO

    I also use the same racoon version, but my kernel version is 2.6.16-2-686 (really old). Maybe I have similar problems. Once a week racoon stops responding to ISAKMP packets. I made a "strace -p `cat /var/run/racoon.pid` -tt -o /tmp/strace-racoon.log" to generate a system-calls log file. My racoon does'nt close listening sockets, but hangs in a read system call at filedescriptor 4. Sometimes the read call finishes after some minutes, an hour or never. Next time I catch my racoon in such a state, i will do "netstat -antup | grep racoon" to verify, if this is the same or a differerent problem.

    uwe.hermann@gmx.net

     
  • Logged In: NO

    Just I catched my racoon in the "frozen" state. I did "netstat -antup | grep racoon" but racoon is still listening on port 500. So my problem must be different. Sorry.

    uwe.hermann@gmx.net

     
  • Timo Teras
    Timo Teras
    2009-01-16

    • status: open --> closed
     
  • Timo Teras
    Timo Teras
    2009-01-16

    Closing all sourceforge.net bugs. If this issue has not been cared for please submit a new bug report to https://trac.ipsec-tools.net/ issue tracker. Thank you.