Thread: [Ipsec-tools-commits] [ ipsec-tools-Bugs-1308665 ] racoon crash/core dump when using NAT-T
Brought to you by:
mit_warlord,
netbsd
From: SourceForge.net <no...@so...> - 2007-03-20 18:25:28
|
Bugs item #1308665, was opened at 2005-09-29 20:32 Message generated for change (Comment added) made by hmbgr You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=541482&aid=1308665&group_id=74601 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: None Group: 0.6 branch Status: Open Resolution: None Priority: 5 Private: No Submitted By: Dave Huang (dahanc) Assigned to: Nobody/Anonymous (nobody) Summary: racoon crash/core dump when using NAT-T Initial Comment: I'm trying to get an IPsec tunnel set up between a Linux box (kernel 2.6.9-1.681_FC3, ipsec-tools 0.6.1) and a D-Link DI-804HV (firmware 1.41). The D-Link is behind a NAT, but both it and ipsec-tools support NAT-T, so it should work, right? racoon is crashing trying to dereference a null pointer. Running racoon -F -v under gdb gives: 2005-09-21 13:02:05: INFO: @(#)ipsec-tools 0.6.1 (http://ipsec-tools.sourceforge.net) 2005-09-21 13:02:05: INFO: @(#)This product linked OpenSSL 0.9.7a Feb 19 2003 (http://www.openssl.org/) 2005-09-21 13:02:06: DEBUG: compression algorithm can not be checked because sadb message doesn't support it. 2005-09-21 13:02:06: DEBUG: compression algorithm can not be checked because sadb message doesn't support it. 2005-09-21 13:02:06: INFO: 69.15.146.2[500] used as isakmp port (fd=8) 2005-09-21 13:02:06: INFO: 69.15.146.2[500] used for NAT-T 2005-09-21 13:02:06: DEBUG: get pfkey X_SPDDUMP message 2005-09-21 13:02:06: DEBUG: get pfkey X_SPDDUMP message 2005-09-21 13:02:06: DEBUG: sub:0xfefed0a0: 10.2.1.0/24[0] 10.1.1.0/24[0] proto=any dir=out 2005-09-21 13:02:06: DEBUG: db :0x888aba0: 10.1.1.0/24[0] 10.2.1.0/24[0] proto=any dir=in 2005-09-21 13:02:06: DEBUG: get pfkey X_SPDDUMP message 2005-09-21 13:02:06: DEBUG: sub:0xfefed0a0: 10.1.1.0/24[0] 10.2.1.0/24[0] proto=any dir=fwd 2005-09-21 13:02:06: DEBUG: db :0x888aba0: 10.1.1.0/24[0] 10.2.1.0/24[0] proto=any dir=in 2005-09-21 13:02:06: DEBUG: sub:0xfefed0a0: 10.1.1.0/24[0] 10.2.1.0/24[0] proto=any dir=fwd 2005-09-21 13:02:06: DEBUG: db :0x888c348: 10.2.1.0/24[0] 10.1.1.0/24[0] proto=any dir=out 2005-09-21 13:02:08: DEBUG: === 2005-09-21 13:02:08: DEBUG: 108 bytes message received from 24.242.176.90[500] to 69.15.146.2[500] 2005-09-21 13:02:08: DEBUG: 7e168701 6d967aa9 00000000 00000000 01100200 00000000 0000006c 0d00003c 00000001 00000001 00000030 01010401 03000010 00000024 01010000 80010005 80020002 80030001 80040002 800b0001 000c0004 00000e10 00000014 7d9419a6 5310ca6f 2c179d92 15529d56 2005-09-21 13:02:08: DEBUG: configuration found for 24.242.176.90. 2005-09-21 13:02:08: DEBUG: === 2005-09-21 13:02:08: INFO: respond new phase 1 negotiation: 69.15.146.2[500]<=>24.242.176.90[500] 2005-09-21 13:02:08: INFO: begin Identity Protection mode. 2005-09-21 13:02:08: DEBUG: begin. 2005-09-21 13:02:08: DEBUG: seen nptype=1(sa) 2005-09-21 13:02:08: DEBUG: seen nptype=13(vid) 2005-09-21 13:02:08: DEBUG: succeed. 2005-09-21 13:02:08: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-03 2005-09-21 13:02:08: DEBUG: total SA len=56 2005-09-21 13:02:08: DEBUG: 00000001 00000001 00000030 01010401 03000010 00000024 01010000 80010005 80020002 80030001 80040002 800b0001 000c0004 00000e10 2005-09-21 13:02:08: DEBUG: begin. 2005-09-21 13:02:08: DEBUG: seen nptype=2(prop) 2005-09-21 13:02:08: DEBUG: succeed. 2005-09-21 13:02:08: DEBUG: proposal #1 len=48 2005-09-21 13:02:08: WARNING: SPI size isn't zero, but IKE proposal. 2005-09-21 13:02:08: DEBUG: begin. 2005-09-21 13:02:08: DEBUG: seen nptype=3(trns) 2005-09-21 13:02:08: DEBUG: succeed. 2005-09-21 13:02:08: DEBUG: transform #1 len=36 2005-09-21 13:02:09: DEBUG: type=Encryption Algorithm, flag=0x8000, lorv=3DES-CBC 2005-09-21 13:02:09: DEBUG: encryption(3des) 2005-09-21 13:02:09: DEBUG: type=Hash Algorithm, flag=0x8000, lorv=SHA 2005-09-21 13:02:09: DEBUG: hash(sha1) 2005-09-21 13:02:09: DEBUG: type=Authentication Method, flag=0x8000, lorv=pre-shared key 2005-09-21 13:02:09: DEBUG: type=Group Description, flag=0x8000, lorv=1024-bit MODP group 2005-09-21 13:02:09: DEBUG: hmac(modp1024) 2005-09-21 13:02:09: DEBUG: type=Life Type, flag=0x8000, lorv=seconds 2005-09-21 13:02:09: DEBUG: type=Life Duration, flag=0x0000, lorv=4 2005-09-21 13:02:09: DEBUG: pair 1: 2005-09-21 13:02:09: DEBUG: 0x888b820: next=(nil) tnext=(nil) 2005-09-21 13:02:09: DEBUG: proposal #1: 1 transform 2005-09-21 13:02:09: DEBUG: prop#=1, prot-id=ISAKMP, spi-size=4, #trns=1 2005-09-21 13:02:09: DEBUG: trns#=1, trns-id=IKE 2005-09-21 13:02:09: DEBUG: type=Encryption Algorithm, flag=0x8000, lorv=3DES-CBC 2005-09-21 13:02:09: DEBUG: type=Hash Algorithm, flag=0x8000, lorv=SHA 2005-09-21 13:02:09: DEBUG: type=Authentication Method, flag=0x8000, lorv=pre-shared key 2005-09-21 13:02:09: DEBUG: type=Group Description, flag=0x8000, lorv=1024-bit MODP group 2005-09-21 13:02:09: DEBUG: type=Life Type, flag=0x8000, lorv=seconds 2005-09-21 13:02:09: DEBUG: type=Life Duration, flag=0x0000, lorv=4 2005-09-21 13:02:09: DEBUG: Compared: DB:Peer 2005-09-21 13:02:09: DEBUG: (lifetime = 28800:3600) 2005-09-21 13:02:09: DEBUG: (lifebyte = 0:0) 2005-09-21 13:02:09: DEBUG: enctype = 3DES-CBC:3DES-CBC 2005-09-21 13:02:09: DEBUG: (encklen = 0:0) 2005-09-21 13:02:09: DEBUG: hashtype = SHA:SHA 2005-09-21 13:02:09: DEBUG: authmethod = pre-shared key:pre-shared key 2005-09-21 13:02:09: DEBUG: dh_group = 1024-bit MODP group:1024-bit MODP group 2005-09-21 13:02:09: DEBUG: an acceptable proposal found. 2005-09-21 13:02:09: DEBUG: hmac(modp1024) 2005-09-21 13:02:09: DEBUG: new cookie: e3134e604669c155 2005-09-21 13:02:09: DEBUG: add payload of len 56, next type 0 2005-09-21 13:02:09: DEBUG: 88 bytes from 69.15.146.2[500] to 24.242.176.90[500] 2005-09-21 13:02:09: DEBUG: sockname 69.15.146.2[500] 2005-09-21 13:02:09: DEBUG: send packet from 69.15.146.2[500] 2005-09-21 13:02:09: DEBUG: send packet to 24.242.176.90[500] 2005-09-21 13:02:09: DEBUG: src4 69.15.146.2[500] 2005-09-21 13:02:09: DEBUG: dst4 24.242.176.90[500] 2005-09-21 13:02:09: DEBUG: 1 times of 88 bytes message will be sent to 24.242.176.90[500] 2005-09-21 13:02:09: DEBUG: 7e168701 6d967aa9 e3134e60 4669c155 01100200 00000000 00000058 0000003c 00000001 00000001 00000030 01010401 00000000 00000024 01010000 80010005 80020002 80030001 80040002 800b0001 000c0004 00000e10 2005-09-21 13:02:09: DEBUG: resend phase1 packet 7e1687016d967aa9:e3134e604669c155 2005-09-21 13:02:09: DEBUG: === 2005-09-21 13:02:09: DEBUG: 232 bytes message received from 24.242.176.90[500] to 69.15.146.2[500] 2005-09-21 13:02:09: DEBUG: 7e168701 6d967aa9 e3134e60 4669c155 04100200 00000000 000000e8 0a000084 5ea03af2 5d82075d 869dab65 708d75e1 a8cca76d 85bdfd18 07e74f86 6622a74a 167ac92d 1087ecbb 5bed0552 eb72287d c3770519 d9375fd3 f7dddc31 1e44928a 154ad511 e10fcb51 e53b7cb5 f76954c9 f5a894cd a23e1444 1261e9b1 21226db8 694b5102 907a8758 53b678d6 35c09010 f89154b1 db5a3e7c 94b8225a c7539f66 82000018 5c89b298 14c70bd2 a195d215 69a9003c f503adcd 82000018 84523d42 5f6e9638 a1b30b39 1a141491 7cfce516 00000018 d5f8dc8f 18619ca2 333b2400 bed8890f 36e19e6e 2005-09-21 13:02:09: DEBUG: begin. 2005-09-21 13:02:09: DEBUG: seen nptype=4(ke) 2005-09-21 13:02:09: DEBUG: seen nptype=10(nonce) 2005-09-21 13:02:09: DEBUG: seen nptype=130(nat-d) 2005-09-21 13:02:09: DEBUG: seen nptype=130(nat-d) 2005-09-21 13:02:09: DEBUG: succeed. Program received signal SIGSEGV, Segmentation fault. 0x08052e56 in ident_r2recv (iph1=0x888c7c0, msg=0x888cb60) at isakmp_ident.c:1066 1066 if (pa->type == iph1->natt_options->payload_nat_d) (gdb) print iph1 $1 = (struct ph1handle *) 0x888c7c0 (gdb) print iph1->natt_options $2 = (struct ph1natt_options *) 0x0 (gdb) where #0 0x08052e56 in ident_r2recv (iph1=0x888c7c0, msg=0x888cb60) at isakmp_ident.c:1066 #1 0x0804eb47 in isakmp_main (msg=0x888cb60, remote=0xfefed180, local=0xfefed100) at isakmp.c:754 #2 0x0804fc27 in isakmp_handler (so_isakmp=8) at isakmp.c:359 #3 0x0804befe in session () at session.c:178 #4 0x0804b93f in main (ac=0, av=0xfefed454) at main.c:266 ---------------------------------------------------------------------- Comment By: Hugo Mildenberger (hmbgr) Date: 2007-03-20 19:25 Message: Logged In: YES user_id=1745718 Originator: NO See my comment #1385632. racoon mallocs are messy. ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=541482&aid=1308665&group_id=74601 |
From: SourceForge.net <no...@so...> - 2009-01-16 11:04:14
|
Bugs item #1308665, was opened at 2005-09-29 21:32 Message generated for change (Comment added) made by fabled80 You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=541482&aid=1308665&group_id=74601 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: None Group: 0.6 branch >Status: Closed Resolution: None Priority: 5 Private: No Submitted By: Dave Huang (dahanc) Assigned to: Nobody/Anonymous (nobody) Summary: racoon crash/core dump when using NAT-T Initial Comment: I'm trying to get an IPsec tunnel set up between a Linux box (kernel 2.6.9-1.681_FC3, ipsec-tools 0.6.1) and a D-Link DI-804HV (firmware 1.41). The D-Link is behind a NAT, but both it and ipsec-tools support NAT-T, so it should work, right? racoon is crashing trying to dereference a null pointer. Running racoon -F -v under gdb gives: 2005-09-21 13:02:05: INFO: @(#)ipsec-tools 0.6.1 (http://ipsec-tools.sourceforge.net) 2005-09-21 13:02:05: INFO: @(#)This product linked OpenSSL 0.9.7a Feb 19 2003 (http://www.openssl.org/) 2005-09-21 13:02:06: DEBUG: compression algorithm can not be checked because sadb message doesn't support it. 2005-09-21 13:02:06: DEBUG: compression algorithm can not be checked because sadb message doesn't support it. 2005-09-21 13:02:06: INFO: 69.15.146.2[500] used as isakmp port (fd=8) 2005-09-21 13:02:06: INFO: 69.15.146.2[500] used for NAT-T 2005-09-21 13:02:06: DEBUG: get pfkey X_SPDDUMP message 2005-09-21 13:02:06: DEBUG: get pfkey X_SPDDUMP message 2005-09-21 13:02:06: DEBUG: sub:0xfefed0a0: 10.2.1.0/24[0] 10.1.1.0/24[0] proto=any dir=out 2005-09-21 13:02:06: DEBUG: db :0x888aba0: 10.1.1.0/24[0] 10.2.1.0/24[0] proto=any dir=in 2005-09-21 13:02:06: DEBUG: get pfkey X_SPDDUMP message 2005-09-21 13:02:06: DEBUG: sub:0xfefed0a0: 10.1.1.0/24[0] 10.2.1.0/24[0] proto=any dir=fwd 2005-09-21 13:02:06: DEBUG: db :0x888aba0: 10.1.1.0/24[0] 10.2.1.0/24[0] proto=any dir=in 2005-09-21 13:02:06: DEBUG: sub:0xfefed0a0: 10.1.1.0/24[0] 10.2.1.0/24[0] proto=any dir=fwd 2005-09-21 13:02:06: DEBUG: db :0x888c348: 10.2.1.0/24[0] 10.1.1.0/24[0] proto=any dir=out 2005-09-21 13:02:08: DEBUG: === 2005-09-21 13:02:08: DEBUG: 108 bytes message received from 24.242.176.90[500] to 69.15.146.2[500] 2005-09-21 13:02:08: DEBUG: 7e168701 6d967aa9 00000000 00000000 01100200 00000000 0000006c 0d00003c 00000001 00000001 00000030 01010401 03000010 00000024 01010000 80010005 80020002 80030001 80040002 800b0001 000c0004 00000e10 00000014 7d9419a6 5310ca6f 2c179d92 15529d56 2005-09-21 13:02:08: DEBUG: configuration found for 24.242.176.90. 2005-09-21 13:02:08: DEBUG: === 2005-09-21 13:02:08: INFO: respond new phase 1 negotiation: 69.15.146.2[500]<=>24.242.176.90[500] 2005-09-21 13:02:08: INFO: begin Identity Protection mode. 2005-09-21 13:02:08: DEBUG: begin. 2005-09-21 13:02:08: DEBUG: seen nptype=1(sa) 2005-09-21 13:02:08: DEBUG: seen nptype=13(vid) 2005-09-21 13:02:08: DEBUG: succeed. 2005-09-21 13:02:08: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-03 2005-09-21 13:02:08: DEBUG: total SA len=56 2005-09-21 13:02:08: DEBUG: 00000001 00000001 00000030 01010401 03000010 00000024 01010000 80010005 80020002 80030001 80040002 800b0001 000c0004 00000e10 2005-09-21 13:02:08: DEBUG: begin. 2005-09-21 13:02:08: DEBUG: seen nptype=2(prop) 2005-09-21 13:02:08: DEBUG: succeed. 2005-09-21 13:02:08: DEBUG: proposal #1 len=48 2005-09-21 13:02:08: WARNING: SPI size isn't zero, but IKE proposal. 2005-09-21 13:02:08: DEBUG: begin. 2005-09-21 13:02:08: DEBUG: seen nptype=3(trns) 2005-09-21 13:02:08: DEBUG: succeed. 2005-09-21 13:02:08: DEBUG: transform #1 len=36 2005-09-21 13:02:09: DEBUG: type=Encryption Algorithm, flag=0x8000, lorv=3DES-CBC 2005-09-21 13:02:09: DEBUG: encryption(3des) 2005-09-21 13:02:09: DEBUG: type=Hash Algorithm, flag=0x8000, lorv=SHA 2005-09-21 13:02:09: DEBUG: hash(sha1) 2005-09-21 13:02:09: DEBUG: type=Authentication Method, flag=0x8000, lorv=pre-shared key 2005-09-21 13:02:09: DEBUG: type=Group Description, flag=0x8000, lorv=1024-bit MODP group 2005-09-21 13:02:09: DEBUG: hmac(modp1024) 2005-09-21 13:02:09: DEBUG: type=Life Type, flag=0x8000, lorv=seconds 2005-09-21 13:02:09: DEBUG: type=Life Duration, flag=0x0000, lorv=4 2005-09-21 13:02:09: DEBUG: pair 1: 2005-09-21 13:02:09: DEBUG: 0x888b820: next=(nil) tnext=(nil) 2005-09-21 13:02:09: DEBUG: proposal #1: 1 transform 2005-09-21 13:02:09: DEBUG: prop#=1, prot-id=ISAKMP, spi-size=4, #trns=1 2005-09-21 13:02:09: DEBUG: trns#=1, trns-id=IKE 2005-09-21 13:02:09: DEBUG: type=Encryption Algorithm, flag=0x8000, lorv=3DES-CBC 2005-09-21 13:02:09: DEBUG: type=Hash Algorithm, flag=0x8000, lorv=SHA 2005-09-21 13:02:09: DEBUG: type=Authentication Method, flag=0x8000, lorv=pre-shared key 2005-09-21 13:02:09: DEBUG: type=Group Description, flag=0x8000, lorv=1024-bit MODP group 2005-09-21 13:02:09: DEBUG: type=Life Type, flag=0x8000, lorv=seconds 2005-09-21 13:02:09: DEBUG: type=Life Duration, flag=0x0000, lorv=4 2005-09-21 13:02:09: DEBUG: Compared: DB:Peer 2005-09-21 13:02:09: DEBUG: (lifetime = 28800:3600) 2005-09-21 13:02:09: DEBUG: (lifebyte = 0:0) 2005-09-21 13:02:09: DEBUG: enctype = 3DES-CBC:3DES-CBC 2005-09-21 13:02:09: DEBUG: (encklen = 0:0) 2005-09-21 13:02:09: DEBUG: hashtype = SHA:SHA 2005-09-21 13:02:09: DEBUG: authmethod = pre-shared key:pre-shared key 2005-09-21 13:02:09: DEBUG: dh_group = 1024-bit MODP group:1024-bit MODP group 2005-09-21 13:02:09: DEBUG: an acceptable proposal found. 2005-09-21 13:02:09: DEBUG: hmac(modp1024) 2005-09-21 13:02:09: DEBUG: new cookie: e3134e604669c155 2005-09-21 13:02:09: DEBUG: add payload of len 56, next type 0 2005-09-21 13:02:09: DEBUG: 88 bytes from 69.15.146.2[500] to 24.242.176.90[500] 2005-09-21 13:02:09: DEBUG: sockname 69.15.146.2[500] 2005-09-21 13:02:09: DEBUG: send packet from 69.15.146.2[500] 2005-09-21 13:02:09: DEBUG: send packet to 24.242.176.90[500] 2005-09-21 13:02:09: DEBUG: src4 69.15.146.2[500] 2005-09-21 13:02:09: DEBUG: dst4 24.242.176.90[500] 2005-09-21 13:02:09: DEBUG: 1 times of 88 bytes message will be sent to 24.242.176.90[500] 2005-09-21 13:02:09: DEBUG: 7e168701 6d967aa9 e3134e60 4669c155 01100200 00000000 00000058 0000003c 00000001 00000001 00000030 01010401 00000000 00000024 01010000 80010005 80020002 80030001 80040002 800b0001 000c0004 00000e10 2005-09-21 13:02:09: DEBUG: resend phase1 packet 7e1687016d967aa9:e3134e604669c155 2005-09-21 13:02:09: DEBUG: === 2005-09-21 13:02:09: DEBUG: 232 bytes message received from 24.242.176.90[500] to 69.15.146.2[500] 2005-09-21 13:02:09: DEBUG: 7e168701 6d967aa9 e3134e60 4669c155 04100200 00000000 000000e8 0a000084 5ea03af2 5d82075d 869dab65 708d75e1 a8cca76d 85bdfd18 07e74f86 6622a74a 167ac92d 1087ecbb 5bed0552 eb72287d c3770519 d9375fd3 f7dddc31 1e44928a 154ad511 e10fcb51 e53b7cb5 f76954c9 f5a894cd a23e1444 1261e9b1 21226db8 694b5102 907a8758 53b678d6 35c09010 f89154b1 db5a3e7c 94b8225a c7539f66 82000018 5c89b298 14c70bd2 a195d215 69a9003c f503adcd 82000018 84523d42 5f6e9638 a1b30b39 1a141491 7cfce516 00000018 d5f8dc8f 18619ca2 333b2400 bed8890f 36e19e6e 2005-09-21 13:02:09: DEBUG: begin. 2005-09-21 13:02:09: DEBUG: seen nptype=4(ke) 2005-09-21 13:02:09: DEBUG: seen nptype=10(nonce) 2005-09-21 13:02:09: DEBUG: seen nptype=130(nat-d) 2005-09-21 13:02:09: DEBUG: seen nptype=130(nat-d) 2005-09-21 13:02:09: DEBUG: succeed. Program received signal SIGSEGV, Segmentation fault. 0x08052e56 in ident_r2recv (iph1=0x888c7c0, msg=0x888cb60) at isakmp_ident.c:1066 1066 if (pa->type == iph1->natt_options->payload_nat_d) (gdb) print iph1 $1 = (struct ph1handle *) 0x888c7c0 (gdb) print iph1->natt_options $2 = (struct ph1natt_options *) 0x0 (gdb) where #0 0x08052e56 in ident_r2recv (iph1=0x888c7c0, msg=0x888cb60) at isakmp_ident.c:1066 #1 0x0804eb47 in isakmp_main (msg=0x888cb60, remote=0xfefed180, local=0xfefed100) at isakmp.c:754 #2 0x0804fc27 in isakmp_handler (so_isakmp=8) at isakmp.c:359 #3 0x0804befe in session () at session.c:178 #4 0x0804b93f in main (ac=0, av=0xfefed454) at main.c:266 ---------------------------------------------------------------------- Comment By: Timo Teräs (fabled80) Date: 2009-01-16 13:04 Message: Closing all sourceforge.net bugs. If this issue has not been cared for please submit a new bug report to https://trac.ipsec-tools.net/ issue tracker. Thank you. ---------------------------------------------------------------------- Comment By: Hugo Mildenberger (hmbgr) Date: 2007-03-20 20:25 Message: Logged In: YES user_id=1745718 Originator: NO See my comment #1385632. racoon mallocs are messy. ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=541482&aid=1308665&group_id=74601 |