From: Krzysztof O. <ol...@an...> - 2005-12-11 21:17:11
|
On Sun, 11 Dec 2005, VANHULLEBUS Yvan wrote: > (followed up only in devel list for now) > > On Sun, Dec 11, 2005 at 05:00:30PM +0100, Krzysztof Oledzki wrote: > [0.6.4] >> Dec 11 16:52:29 gw1 racoon: WARNING: ignore INITIAL-CONTACT notification= , >> because it is only accepted after phase 1. >> Dec 11 16:52:29 gw1 racoon: INFO: ISAKMP-SA established (...) >> Dec 11 16:52:29 gw1 racoon: INFO: respond new phase 2 negotiation: (...) >> Dec 11 16:52:29 gw1 racoon: INFO: respond new phase 2 negotiation: (...) >> Dec 11 16:52:29 gw1 racoon: INFO: IPsec-SA established: ESP/Tunnel (...) >> Dec 11 16:52:29 gw1 racoon: INFO: caught signal 17 >> Dec 11 16:52:29 gw1 racoon: INFO: IPsec-SA established: ESP/Tunnel (...) >> Dec 11 16:52:29 gw1 racoon: INFO: caught signal 17 >> Dec 11 16:52:29 gw1 racoon: INFO: IPsec-SA established: ESP/Tunnel (...) >> Dec 11 16:52:29 gw1 racoon: INFO: caught signal 17 >> Dec 11 16:52:29 gw1 racoon: INFO: IPsec-SA established: ESP/Tunnel (...) >> Dec 11 16:52:29 gw1 racoon: INFO: caught signal 17 >> Dec 11 16:52:29 gw1 racoon: INFO: unsupported PF_KEY message 0 >> Dec 11 16:52:29 gw1 last message repeated 3 times >> Dec 11 16:52:30 gw1 racoon: INFO: racoon shutdown >> >> I have privsep enabled but 0.6.3 works without any problems. Will try to >> do some debugging later. > > The problem is because you get an USR2 signal (signal 17). No. Sig#17 is SIGCHLD on Linux. > The old code already considered some signals (including USR1 and USR2) > to be "default" in check_sigreq() and then to start a racoon shutdown. > > We'll have to deal with "what should be done when getting some > signals" (I don't consider shutting donw as a "good think to do" when > receiving an USR signal...), but the new patch shouldn't have changed > anything in racoon's reaction. I suspect that child process simply dies with SEGV. Anyway, I compared=20 0.6.3 and 0.6.4 versions: # diff -Nur ipsec-tools-0.6.3 ipsec-tools-0.6.4 |wc -l 30415 It does not look to good, to many changes to guess what is wrong. Need to= =20 setup some testing enviroment. Best regards, =09=09=09Krzysztof Ol=EAdzki |