when an acquire triggers a ph2 and that in turn fires a ph1 creation no flags are set in the ph2 entry that makes it look pending

 

this means that if another acquire arrives very quickly then the waiting ph2 get killed as a zombie in getph2byid call in pk_recvacquire

 

                                                if(p->status < PHASE2ST_ESTABLISHED &&

                                                   p->retry_counter == 0

                                                   && p->sce == NULL && p->scr == NULL){

                                                                plog(LLV_DEBUG, LOCATION, NULL,

                                                                                 "Zombie ph2 found, expiring it\n");

                                                                isakmp_ph2expire(p);

 

status = PHASE2ST_STATUS2

sce,scr,retyr_count = 0

 

I suspect that this has not been a problem in the past because Linux seems to retry its acquires fairly slowly, solaris is very impatient (~1 second between acquires)

 

simple fix is to do

                                                if(p->status < PHASE2ST_ESTABLISHED &&

                                                   p->retry_counter == 0 && p->retry_checkph1 == 0

                                                   && p->sce == NULL && p->scr == NULL){

                                                                plog(LLV_DEBUG, LOCATION, NULL,

                                                                                 "Zombie ph2 found, expiring it\n");

                                                                isakmp_ph2expire(p);

 

and add retry_checkph1 = 0 in isakmp_chkph1there

although I think an explicit 'waiting for phase1' state would be better